Bahir Dar University

College of Business and Economics

Department of Accounting and Finance
Course outline for Auditing principles & Practice I
Cr Hours: 3hr
Course Number AcFn4061
Course Teacher: Agumas Alamirew(PhD)
agumas.2001@yahoo.com
+251 910102417
Course Contents
Chapter 1.An overview of auditing
1.1.Meaning of Audit
1.3.Why Audits are conducted
1.4.Types of Audit and Auditors
Chapter 2. The Auditing Profession
2.1.The Regulatory Framework Governing Auditing
2.2.International Standards on Auditing (ISA)
2.3.Professional Ethics: Fundamental Principles, Threats and Safeguards
2.4.Legal Liability of Auditors
2.5.Rights and Duties
Chapter 3: Materiality and Risk Assessment
3.1. Introduction
3.2. Defining Materiality
3.3. Risk Assessment Overview
3.4. Types of Risks Relevant to Auditing
3.5. Applying Materiality and Risk Assessment in Practice
3.6. Challenges in Materiality and Risk Assessment
3.7. Best Practices for Effective Materiality and Risk Assessment
Chapter 4: Client Acceptance and Planning the Audit
4.1. Client Acceptance and Continuance
4.2. Planning the Audit
Chapter 5. Internal Control
5.1. Meaning and Objectives of internal controls
5.2. The Basic Elements of internal controls
5.3. Recording Internal Control System
5.4. Internal Control and External Auditor
5.5. Internal Control and Internal Auditor
5.6. Inherent Limitations
Chapter6.Audit Evidence
6.1. Audit Responsibility
6.2. Management Assertions
6.3. Audit Objectives
6.4. Audit Evidence
6.5. Audit Documentation
Chapter 7. Audit Reports
7.1.Types of Audit Reports
7.2.Basic Contents of a Standard Audit Report
7.3. Audit Opinion
References
Arens, Elder and Beasley, Auditing and Assurance Service, Global Edition, 16th Edition, 2016
Assessment/Evaluation
Assignment (Group) -----------------------------------------------------------------20%
Mid Exam-----------------------------------------------------------------------------30%
Final Exam----------------------------------------------------------------------------50%
Total-----------------------------------------------------------------------------------100%

11/3/2024
 Chapter one
An overview of
auditing

11/3/2024
1.1. Definition and Nature of Auditing

Auditing is the accumulation and evaluation

of evidence about information to determine
and report on the degree of correspondence
between the information and established
criteria. Auditing should be done by a
competent, independent person.

11/3/2024
 TERMINOLOGIES
1. Information and Established Criteria
 To do an audit, there must be information in a verifiable
form and some standards (criteria) by which the auditor
can evaluate the information. Information can and does
take many forms. Auditors routinely perform audits of
quantifiable information, including companies’ financial
statements and individuals’ federal income tax returns.
 Auditors also audit more subjective information, such as
the effectiveness of computer systems and the efficiency of
manufacturing operations.
 The criteria for evaluating information also vary depending
on the information being audited. In the audit of historical
financial statements by Audit firms, the criteria may be U.S.
generally accepted accounting principles (GAAP) or Inter -
national Financial Reporting Standards (IFRS).

11/3/2024
 2. Accumulating and Evaluating Evidence
 Evidence is any information used by the auditor
to determine whether the information being
audited is stated in accordance with the
established criteria. Evidence takes many
different forms, including:
A. Electronic and documentary data about transactions
B. Written and electronic communication with outsiders
C. Observations by the auditor
D. Oral testimony of the auditee (client)
 To satisfy the purpose of the audit, auditors must
obtain a sufficient quality and volume of
evidence.
11/3/2024
 3. Competent, Independent Person
 The auditor must be qualified to understand the
criteria used and must be competent to know the
types and amount of evidence to accumulate to
reach the proper conclusion after examining the
evidence.
 The auditor must also have an independent
mental attitude. The competence of those
performing the audit is of little value if they are
biased in the accumulation and evaluation of
evidence.

11/3/2024
 4. Reporting
 The final stage in the auditing process is preparing
the audit report, which communicates the
auditor’s findings to users.
 Reports differ in nature, but all must inform
readers of the degree of correspondence between
the information audited and established criteria.
 Reports also differ in form and can vary from the
highly technical type usually associated with
financial statement audits to a simple oral report
in the case of an operational audit of a small
department’s effectiveness.

11/3/2024
 Audit of a Tax Return Example
1.Information
3. Competent, Federal tax
independent returns filed
person by taxpayer

Internal 4. Report on results

Revenue
agent Determines Report on tax
correspondence deficiencies
2. Accumulates and
evaluates evidence Established criteria

Examines cancelled Internal Revenue

checks and other Code and all
supporting records interpretations

11/3/2024
 2. Distinction between auditing and
accounting
 Accounting is the collecting (recording, classifying),
summarizing, reporting and interpreting of financial data.
 Auditing is the testing of those accounting records for
fairness, appropriateness. An accountant only needs to
know generally accepted accounting principles (GAAP).
The auditor needs to know GAAP, plus how to select and
evaluate evidence related to the assertions of financial
statements.
 Accounting is constructive. It starts with the raw financial
data to process and produce financial statements.
 Auditing on the other hand is analytical work that starts
with financial statement to lend credibility and fairness of
the measurements.

11/3/2024
Points of difference Accounting Auditing

1. Meaning It is recording of all the day to It is the critical examination of

day transactions in the books of the transactions recorded
accounts leading to preparation in the books of accounts.
of financial statements.

2. Nature It is concerned with It is concerned with

finalisation of accounts. establishment of reliability of
financial statements.

3. Objects The object is to ascertain the The object is to certify

trading results. the correctness of financial
statements.
4. Commencement Accounting commences when Auditing begins when
book keeping ends. Accounting ends.

5. Scope It involves various financial It depends upon the

statements. It involves agreement or upon the
maintenance of books of provisions of law. It goes
accounts. It does not go beyond beyond books of accounts.
11/3/2024
books of accounts.
 3. TYPES OF AUDITOR’s AND AUDIT
A. Types of Auditors
The most known types of auditors are
–Independent
auditors,
–Internal auditors,
–Government
auditors.
11/3/2024
 CONT’D
1. Independent (external auditors): - Independent
auditors have no connection to the firm as an owner or
employee/manager. The basic task of independent
auditor is to confirm to the owners that the employees
are correctly reporting on their financial position and
performance on fee basis.
2. . Internal auditor: - An internal auditor is paid salary as
employee on the organization that is being audits.
He/she is responsible to appraise and investigation the
performance of unit and/or units within the
organization and give recommendation to top
management.
3. Government audit: - The government auditor is paid a
salary by the government. He/she is responsible to the
legislature or executive.
11/3/2024
 How do internal and
external auditing differ?
Internal auditors usually focus on
improving the efficiency and
effectiveness of their employer.
External auditors (public accounting
firms) usually focus on the fairness of
the financial statements of their
clients.
11/3/2024
 CONT’D
 The responsibilities and conduct of audits by internal and external
auditors differ in one important way. Internal auditors are responsible
to management and the board, while external auditors are
responsible to financial statement users who rely on the auditor to
add credibility to financial statements.
 Nevertheless, internal and external auditors share many similarities:
1. Both must be competent as auditors and remain objective in
performing their work and reporting their results.
2. Both follow a similar methodology in performing their audits,
including planning and performing tests of controls and substantive
tests.
3. Both consider risk and materiality in deciding the extent of their
tests and evaluating results. However, their decisions about
materiality and risks may differ because external users may have
different needs than management or the board

11/3/2024
 3. TYPES OF AUDITOR’s AND AUDIT
B. Types of Audits
Auditor perform three primary types of audits,
these are:
1. Financial statement audit
2. Operational audit
3. Compliance audit

11/3/2024
 Cont’d
1. Financial statement audit: - The goal is to determine whether the
financial statements have been prepared in conformity with
generally accepted accounting principles (GAAP).
 Conducted by independent (external) auditors
2. Operational audits: - An operational audit is study of some specific
unit of an organization for the purpose of measuring its
performance. The operation of a unit can be evaluated for its
effectiveness and efficiency.
 Usually conducted by internal auditors,
independent (external) auditors and government
auditors
3. Compliance audits: - Compliance audit determines whether the
specified rules, regulations, or procedures are being carried out or
followed.
 May be conducted by government auditors

11/3/2024
 Important Characteristics of a Financial
Audit
1. auditors are independent of client management
2. auditors base their opinions on the results of
selective testing
3. an audit is directed toward the discovery of
material misstatements regardless of their cause
4. auditors form opinions regarding the fairness of
financial statements - auditors are never
absolutely certain
5. auditors report on financial statements as a
whole - not on individual items
6. auditors are concerned with financial presentation - NOT
the client’s financial stability or the wisdom of client
management
11/3/2024
 Audit of Historical Financial
Statements
Annual audit of Ethiopian air line’s financial
Example
statements

Information Ethiopian air line’s financial statements

Established Generally accepted accounting

Criteria Principles GAPP OR (IFRS)
Available Documents, records, and outside
Evidence sources of evidence
11/3/2024
 Operational Audit

Evaluate computerized payroll system

Example
for efficiency and effectiveness
Number of records processed, costs of
Information
the department, and number of errors
Established Company standards for efficiency and
Criteria effectiveness in payroll department
Available Error reports, payroll records, and
Evidence payroll processing costs
11/3/2024
 Compliance Audit

Determine whether bank requirements

Example
for loan continuation have been met

Information Company records

Established
Loan agreement provisions
Criteria
Available Financial statements and
Evidence calculations by the auditor
11/3/2024
Differences Between Operational and Financial Auditing

The three major differences between

Operational and financial auditing are the
purpose of the audit, distribution of the
report, and inclusion of nonfinancial areas.
 Purpose of the audit

 Distribution of the reports

 Inclusion of nonfinancial areas

11/3/2024
 CONT’D
1. Purpose of the Audit This is the most important
difference.
 Financial auditing emphasizes whether historical
information was correctly recorded, while operational
auditing emphasizes effectiveness and efficiency.
 Financial auditing is oriented to the past, while
operational auditing focuses on improving future
performance. An operational auditor, for example, may
evaluate whether a type of new material is being
purchased at the lowest cost to save money on future raw
material purchases.

11/3/2024
 CONT’D
2. Distribution of the Reports
 Financial auditing reports are typically distributed to
external users of financial statements, such as
stockholders and bankers, while operational audit reports
are intended primarily for management.
 The widespread distribution of financial auditing reports
requires a well-defined structure and
wording, the limited distribution of operational
reports and the diverse nature of audits for efficiency and
effectiveness allow operational audit reports to vary
considerably from audit to audit.

11/3/2024
 Cont’d
3. Inclusion of Nonfinancial Areas
 Financial audits are limited to matters that
directly affect the fairness of financial
statement presentation, while operational
audits cover any aspect of efficiency and
effectiveness in an organization. For example,
an operational audit might address the
effectiveness of an advertising program or
efficiency of factory employees.

11/3/2024
 Types of Operational Audits
Operational audits fall into three broad
categories: functional, organizational, and
special assignments. In each case, part of the
audit is likely to concern evaluating
internal controls for efficiency and
effectiveness.

 Organizational

11/3/2024
 Cont’d
.1. Functional Audits
 Functions are a means of categorizing the activities of a business, such as
the billing function or production function. Functions may be categorized
and subdivided many different ways. For example, the accounting function
may be sub divided into cash disbursement, cash receipt, and payroll
disbursement functions. The payroll function may be subdivided into
hiring, timekeeping, and payroll disbursement functions.

 A functional audit deals with one or more functions in an organization,

concerning, for example, the efficiency and effectiveness of the payroll
function for a division or for the company as a whole.
 A functional audit has the advantage of permitting specialization by
auditors. Certain auditors within an internal audit staff can develop
considerable expertise in an area, such as production engineering. They
can be more efficient and effective by spending all their time auditing in
that area. A disadvantage of functional auditing is the failure to evaluate
interrelated functions. For example, the production engineering function
interacts with manufacturing and other functions in an organization

11/3/2024
 Cont’d
2. Organizational Audits
 An operational audit of an organization deals with an entire
organizational unit, such as a department, branch, or
subsidiary.
 An organizational audit emphasizes how efficiently and
effectively functions interact. The plan of organization and the
methods to coordinate activities are important in this type of
audit.
3. Special Assignments
 In operational auditing, special assignments arise at the
request of management for a wide variety of audits, such as
determining the cause of an ineffective IT system, investigating
the possibility of fraud in a division, and making
recommendations for reducing the cost of a manufactured
product

11/3/2024
 4. Demand for Audit
 There is a need for auditing when ownership is
separated from control.
 At a practical level, it helps prevent or detect
misstatements-errors or fraud. It may prevent or detect
misstatements on the part of
1) the employees who actually handle the money, or
2) management.
 Auditing is needed to enhance the credibility of
financial information prepared by an entity. The
independent audit requirement fulfils the need to
ensure that those financial statements are objective,
free from bias and manipulation and relevant to the
needs of users.

11/3/2024
 Major reasons for auditing
A. Control Mechanism
 Audits whether internally or externally
performed are valued as important control
mechanisms for accountability the overall
need for monitoring activities, especially
financial activity includes the need for
auditing to provide credibility for reported
and unreported information.

11/3/2024
 B. Conflict of Interest
 The agency relationship that exists between an
owner and manager produces a natural conflict
of interest because of the information asymmetry
that exists between the manager and the
absentee owner.
 Information asymmetry means that the manager
generally has more information about the "true"
financial position and results of operations of the
entity than the absentee owner does.
 If both parties seek to maximize their own self-
interest, it is likely that the manager will not act
in the best interest of the owner.

11/3/2024
 C. Consequences
The ultimate objective and function of
accounting is to provide information for
economic decision making. Information is
used for decisions that have serious and
substantial economic consequences. Thus the
need for an audit for verifying the accuracy of
information before they are used in decisions
that may bring damaging consequences.

11/3/2024
 D. Remoteness
Because of the separateness of the management
from the owners; information is prepared in a
place far from the user. The user is prevented
from directly assessing the quality of
information he obtains. Thus the need for
auditor services to assess the information on the
users' behalf.

11/3/2024
 E. Regulatory Requirements
 Many business laws, memorandum of association and
regulatory agencies acts make audits annual
requirements to be complied with for renewal of
license or permit.
 For example the security exchange commission (SEC)
in the US; the Commercial Code of Ethiopia (1966),
and latter the Public Financial Regulation of Procl
163/1999 in Ethiopia make the filing of audited
financial statements annually. Disaster Prevention and
Preparedness Commission (DPPC) requires NGOs to
prepare and submit their annual financial statements.
Thus compliance requirements create a very large
demand for auditing services.
The end of chapter one
11/3/2024
 Chapter 2
The Auditing Profession

11/3/2024
 Introduction
 Auditing standards are general guidelines to aid auditors
in fulfilling their professional responsibilities in the audit
of historical financial statements.
 They include consideration of professional qualities such
as competence and independence, reporting
requirements, and evidence.
 The three main sets of auditing standards are:
1. International Standards on Auditing,
2. U.S. Generally Accepted Auditing Standards
(AICPA auditing standards) for entities other than public
companies, and
3. PCAOB Auditing Standards

11/3/2024
 Cont’d

The overlapping ovals illustrate that there are more similarities than differences
in the three sets of standards. The auditing concepts illustrated throughout this book
are generally applicable to all audits. When we refer to “auditing standards,” the term
applies to all audits unless otherwise noted

11/3/2024
 Cont’d

11/3/2024
 2.1.Generally Accepted Auditing
Standards
Standards are authoritative rules for measuring
the quality of performance. The existence of
generally accepted auditing standards is evidence
that auditors are very concerned with the
maintenance of a uniformly high quality of audit
work by all independent auditors
There Are 10 Standards, Which Fall Into Three
Categories:
1.GENERAL STANDARDS
2.STANDARDS OF FIELDWORK
3.STANDARDS OF REPORTING

11/3/2024
 Cont’d
Generally Accepted
Auditing Standards

General Field Work Reporting

qualificatio performanc results
ns and e of the
conduct audit
1. Whether statements were
1. Proper planning and prepared in accordance with
supervision GAAP
1. Adequate training 2. Circumstances when GAAP not
2. Sufficient
and proficiency consistently followed
understanding of the
2. Independence in entity, its environment, 3. Adequacy of informative
mental attitude and its internal control disclosures
3. Due professional 3. Sufficient appropriate 4. Expression of opinion on
care evidence financial statements

11/3/2024
 Generally Accepted Auditing Standards
(GAAS) - General Standard
 The General Standard
"The examination should be performed and the
report prepared by a person or persons having
adequate technical training and proficiency in
auditing, with due care and with an objective state
of mind“
The general standards stress the important personal
qualities that the auditor should possess.
General Standard therefore emphasizes:
1. Adequate technical training and proficiency as an
auditor. ==Competence
2. Independence in mental attitude is to be maintained
by the auditor. ===Objectivity
3. Due professional care is to be exercised===Due
Professional Care
11/3/2024
 1. Adequate technical training and
proficiency as an auditor
 The first general standard is normally interpreted
as requiring the auditor to have formal education
in auditing and accounting, adequate practical
experience for the work being performed, and
continuing professional education.
 Recent court cases clearly demonstrate that
auditors must be technically qualified and
experienced in those industries in which their
audit clients are engaged.

11/3/2024
 2. Independence in Mental Attitude
 audit firms are required to follow several practices to
increase the likelihood of independence of all personnel.
 For example, there are established procedures on larger
audits when there is a dispute between management
and the auditors.
3. Due Professional Care
 This means that auditors are professionals responsible for
fulfilling their duties diligently and carefully.
 Due care includes consideration of the completeness of
the audit documentation, the sufficiency of the audit
evidence, and the appropriateness of the audit report. As
professionals, auditors must not act negligently or in bad
faith, but they are not expected to be infallible.

11/3/2024
 Generally Accepted Auditing Standards---
Standards of Fieldwork

 The standards of field work concern

evidence accumulation and other
activities during the actual conduct of the
audit.
1. Work is to be adequately planned and
properly supervised
2. Sufficient understanding of internal
control is to be obtained
3. Sufficient competent evidential matter
is to be obtained to afford a reasonable
basis for the opinion

11/3/2024
 1. Adequate Planning and
Supervision
 The first standard requires that the audit be sufficiently planned to ensure an
adequate audit and proper supervision of assistants.
 Supervision is essential in auditing because a considerable portion of the field
work is done by less experienced staff members.
2. Understand the Entity and its Environment, Including Internal Control
 To adequately perform an audit, the auditor must have an understanding of the
client’s business and industry.
 This understanding helps the auditor identify significant client business risks and
the risk of significant misstatements in the financial statements.
 For example, to audit a bank, an auditor must understand the nature of the
bank’s operations, federal and state regulations applicable to banks, and risks
affecting significant accounts such as loan loss reserves.
3. Sufficient Appropriate Evidence
 Decisions about how much and what types of evidence to accumulate for a given
set of circumstances require professional judgment.

11/3/2024
 Generally Accepted Auditing Standards=Standards of
Reporting
 The reporting standards require the auditor to prepare a report on the
financial statements taken as a whole, including informative disclosures.
 The reporting standards also require that the report state whether the
statements are presented in accordance with GAAP and also identify any
circumstances in which GAAP have not been consistently applied in the
current year compared with the previous one.
 The following are the standards:
1. State whether the financial statements are presented in accordance with
GAAP
2. Identify circumstances in which such principles have not been consistently
applied
3. Informative disclosures are adequate unless otherwise stated in the report
4. Report should clearly state the degree of responsibility being assumed by
the auditors by expressing an opinion or stating that one cannot be
expressed, and the reason therefor

11/3/2024
 Cont’d
1. The auditor must state in the auditor’s report whether the
financial statements are presented in accordance with
generally accepted accounting principles (GAAP).
2. The auditor must identify in the auditor’s report those
circumstances in which such principles have not been
consistently observed in the current period in relation to the
preceding period.
3. When the auditor determines that informative disclosures are
not reasonably adequate, the auditor must so state in the
auditor’s report.
4. The auditor must either express an opinion regarding the
financial statements, taken as a whole, or state that an
opinion cannot be expressed, in the auditor’s report. When
the auditor cannot express an overall opinion, the auditor
should state the reasons there for in the auditor’s report.

11/3/2024
 2.2. International Standards
on Auditing(ISA)
IFAC is the worldwide organization
for the accountancy profession.

The IFAC works to improve the

uniformity of auditing practices and
related services throughout the world.

11/3/2024
 International Standards
on Auditing=cont’d

International Standards on Auditing (ISAs)

are issued by the International Auditing and
Assurance Standards Board (IAASB) of the
International Federation of Accountants (IFAC).

11/3/2024
 2.3. Auditing Professional
Ethics and legal liability of
Auditors

11/3/2024
 Cont’d
 All recognized professions have developed codes
of professional ethics.
 Professional ethics refer to the basic principles
of right action for the member of a profession.
 Professional ethics may be regarded as a mixture
of moral and practical concepts.
 Thus the professional ethics of an accountant
would signify his behavior towards his fellows in
the profession and other professions and
towards members of the public.

• .
11/3/2024
 Professional Conduct
The fundamental purpose of such codes is to
provide members with guidelines for
maintaining a professional attitude and
conducting themselves in a manner that will
enhance the professional stature of their
discipline.
The AICPA code of professional conduct
considers the following to be followed by
auditors (accountants) in the conduct of
professional relations with others.

11/3/2024
 Cont’d
1. Integrity: - An accountant should be straightforward,
honest and sincere in his approach to his professional
work.
2. Objectivity: - An accountant should be fair and should
not allow bias to override his objectivity. When
reporting on financial statements, which come his
review, he should maintain an impartial attitude.
3. Independence: - When in public practice, an
accountant should both be and appear to be free of
any interest which might be regarded, whatever its
actual effect, as being incompatible with integrity and
objectivity.

11/3/2024
 Con’d
4. Confidentiality: - A professional accountant should
respect the confidentiality of information acquired in
the course of his work and should not disclose any such
information to a third party without specific authority
or unless there is a legal or professional duty to
disclose.
5. Technical standards: - An accountant should carry out
his professional work in accordance with the technical
and professional standards relevant to that work.
6. Professional competence: - An accountant has a duty
to maintain his level of competence throughout his
professional career. He should only undertake works,
which he or his firm can expect to complete with
professional competence.

11/3/2024
 Cont’d
7. Ethical behavior: - An accountant should conduct himself
with a good reputation of the profession and refrain from any
conduct, which might bring discredit to the profession.
8. Contingent fees: - The AICPA code of professional conduct
prohibits a CPA firm from rendering any professional services
on a contingent fee basis.
9. Responsibilities to colleagues: - The auditor should promote
cooperation and good relations with other members of the
profession.
10. Advertising: - The advertising should not be false or
misleading,” should not contravene “professional good
taste,” should not make “unfavorable reflection on the
competence or integrity of the profession,” and should not”
involve a statement the contents of which” cannot be
substantiated.

11/3/2024
 Legal responsibility and liability of
auditors
 The auditor is responsible for his report. The auditor then
has certain duties to fulfill to the users of the financial
statements that he reports on.
 Responsibilities impose liabilities if things go wrong.
 The auditor can be sued under the following legal
concepts.
1. Prudent man concept: - The auditor is responsible for
exercising due professional care, and he is subject to
lawsuit if he fails to do so.
2. Liable for acts of others: - The partners are jointly liable
for civil actions against a partner.
3. Lack of privileged communication: - CPAS do not have the
right under common law to withhold information from
the courts on the grounds that the information is
privileged.

11/3/2024
 A. Auditors’ liability to their
clients
 When auditor’s take on any type of engagement,
they are obliged to render due professional care.
 This obligation exists whether or not it is
specifically set forth in the written contract with
the client.
 Thus, auditor’s are liable to their clients for any
losses proximately caused by the auditor’s failure
to exercise due professional care.
 That is to recover its losses, an injured client need
only prove that the auditors were guilty of
negligence and that the auditors’ negligence was
the proximate cause of the client’s losses.

11/3/2024
 B. Auditors’ liability to third parties
 Bankers and other creditors or investors who utilize financial
statements covered by an audit report can recover damages
from the auditors if it can be shown that the auditors were
guilty of fraud or gross negligence in the performance of
their professional duties.
 Moreover, the auditors can be held liable for negligence to a
limited class of third parties if the auditors have actual
knowledge of such third parties or if there exists a special
relationship between the auditors and the third parties.
 The clients (plaintiffs) must prove that they sustained losses
that they relied on the audited financial statements, which
were misleading, that this reliance was the primate cause of
their losses, and that the auditors were negligent.

11/3/2024
 C. Auditors’ responsibility for the
detection of fraud and error
 The detection and prevention of error and fraud is
the management’s responsibility by designing and
implementing appropriate internal control systems.
 The auditor is not responsible for the prevention and
detection of error and fraud.
 The auditor is responsible to design audit procedures
to reduce the risk of not detecting a material error or
fraud, to an appropriate level to provide reasonable
assurance.
 Accordingly, the auditor must exercise due care in
planning, performing, and evaluating the results of
audit procedures.

11/3/2024
 Auditor’s Defenses Against
Client Suits
 Lack of duty to perform

 Nonnegligent performance

 Contributory negligence

 Absence of causal connection

11/3/2024
 Auditor Defenses Against
Third-Party Suits
The preferred defense is
nonnegligent performance.

11/3/2024
 The Profession’s Response
to Legal Liability
 Research in auditing

 Standard and rule setting

 Set requirements to protect auditors

 Establish peer review requirements

11/3/2024
 The Profession’s Response
to Legal Liability
 Oppose lawsuits

 Education of users

 Sanction members for improper conduct

and performance

 Lobby for changes in laws

11/3/2024
 Protecting Individual auditor’s
from Legal Liability
 Deal only with clients possessing integrity

 Hire qualified personnel

 Follow the standards of the profession

 Maintain independence

11/3/2024
 Protecting Individual auditor’s
from Legal Liability
 Understand the client’s business

 Perform quality audits

 Document the work properly

 Obtain an engagement and a representation letter

 Maintain confidential relations

11/3/2024
 Protecting Individual
auditor’s
from Legal Liability
 Carry adequate insurance

 Seek legal counsel

 Choose a form of organization with limited liability

 Exercise professional skepticism/uncertainity

11/3/2024
 Chapter 3
Materiality and Risk
Assessment

Audit
Risk

CPA

11/3/2024
 1. Introduction
 Materiality and Risk Assessment are two
fundamental aspects of auditing and financial
reporting, providing a basis for decisions regarding
the scope, depth, and focus of an audit.
 Materiality determines what level of information
is essential to influence the decisions of financial
statement users.
 Risk Assessment involves identifying and
evaluating risks that could lead to significant
errors or misstatements in financial reporting.

11/3/2024
 2. Defining Materiality
 Materiality refers to the threshold at which
information becomes significant enough to impact the
decision-making of financial statement users.
 It’s based on the idea that not all information has
equal importance. Some items may have a greater
impact on financial decisions than others.
 Materiality has both quantitative (numerical) and
qualitative (non-numerical) aspects, and both must be
considered for an accurate evaluation.

11/3/2024
 2.1 Quantitative Materiality
 The quantitative aspect of materiality is generally
a percentage of a financial benchmark, such as
revenue, total assets, or net income.
For example:
 5% of net income might be used as a threshold
for materiality in financial statement auditing.
 Amounts that fall below this level may not
impact the overall understanding of financial
health but might still be reviewed if there are
qualitative concerns.
11/3/2024
 2.2 Qualitative Materiality
Certain items are material not because of their
size but because of their nature or
circumstance.
Examples include:
Fraud or illegal acts, regardless of the
amount.
Misstatements that alter profit/loss or
compliance with regulatory requirements.
Information that impacts reputation or
relationships with stakeholders, such as
related-party transactions.
11/3/2024
 2.3 Factors Influencing Materiality
 Industry and Company-Specific Factors:
Different industries have different expectations
for materiality, particularly regulated industries
like banking or healthcare.
 Regulatory Requirements: Public companies
often follow stricter guidelines to comply with
laws like the Sarbanes-Oxley Act.
 Financial Statement Users: The users of
financial statements, such as investors,
creditors, and regulators, determine the level of
detail needed.
11/3/2024
 3. Risk Assessment Overview
 Risk assessment is crucial for focusing auditing
efforts on areas where the risk of
misstatement is high.
 The goal is to evaluate risks that could lead to
material misstatements, ensuring that
auditors allocate resources effectively.

11/3/2024
 3.1 Key Types of Risk in Auditing
1. Inherent Risk:
The risk that an assertion (e.g., revenue or expense) could be misstated without
considering internal controls.
It depends on factors such as business complexity, industry volatility, and transaction
volume.
2. Control Risk:
The risk that the company’s internal controls will not prevent or detect a material
misstatement.
Higher control risk indicates a need for more detailed testing or alternative
procedures.
3. Detection Risk:
The risk that an auditor’s procedures will not detect a material misstatement.
Detection risk is managed through the design of audit procedures and is adjusted
based on the levels of inherent and control risks.

11/3/2024
 3.2 Risk Assessment Process
1. Identify Risks:
Conduct preliminary reviews of business operations, industry
conditions, and regulatory changes.
2. Assess Risks:
Rank risks based on likelihood and potential impact. High-
likelihood, high-impact risks receive more attention.
3. Respond to Risks:
Develop audit responses proportionate to the level of risk. High-
risk areas may require more rigorous testing or in-depth
procedures.
4. Monitor and Update:
The risk assessment should be updated regularly to reflect
changes in the business, industry, or external environment.

11/3/2024
 4. Types of Risks Relevant to Auditing
 Financial Risk: Risk of misstatement due to financial
error, such as incorrect revenue recognition or improper
valuation of assets.
 Operational Risk: Risks from internal processes or
systems, including supply chain issues or process
inefficiencies.
 Compliance Risk: Risks arising from failing to comply
with regulatory requirements, which could lead to fines
or legal consequences.
 Reputational Risk: Risks that could harm the company’s
brand or customer trust, such as ethical breaches.
 Technology/IT Risk: Risks from cybersecurity threats,
system failures, or data breaches.
11/3/2024
 5. Applying Materiality and Risk Assessment in
Practice
5.1 Materiality in Audit Planning
 Materiality influences the scope of the audit. By determining what is
“material,” auditors can focus efforts on areas of financial
statements most likely to impact stakeholders.
 This focus includes setting thresholds for trivial misstatements that
do not need extensive testing and for significant areas that require
detailed attention.
5.2 Risk Assessment in Audit Execution
 Risk assessment informs the audit approach, tailoring procedures to areas with
higher risk of misstatement.
For example:
 A company with high control risk in cash handling might require extended
testing of cash transactions.
 Detection risk in a complex financial product could lead to the use of data
analytics to uncover irregularities.
11/3/2024
6. Challenges in Materiality and Risk Assessment

 Subjectivity and Judgment: Determining materiality and

assessing risk levels often involve judgment, which can
vary among auditors.
 Dynamic Regulatory Standards: Constantly evolving
regulations require auditors to stay updated and adapt
their assessment processes.
 Information Quality: Poor data or inaccessible records
can hinder accurate assessment.
 Complex Corporate Structures: Multinational or diverse
operations add complexity to risk assessment and
materiality decisions.
11/3/2024
 7. Best Practices for Effective Materiality
and Risk Assessment
 Regular Training: Ensure auditors understand the latest risk
assessment techniques, technology, and industry standards.
 Technology and Data Analytics: Use data analytics tools to
streamline the identification of patterns, outliers, or unusual
transactions that might indicate risk.
 Engage with Stakeholders: Consult with internal management,
investors, and external auditors to understand and identify key
risks.
 Continuous Monitoring: Review and update risk assessment
processes regularly to respond to changing market and regulatory
conditions.

The end of chapter 3

11/3/2024
 CHAPTER Four
Client Acceptance and Planning the
Audit

11/3/2024
 4.1. Reasons for Audit planning
The first generally accepted auditing standard of
field work requires adequate planning.
 It asserts that the auditor must adequately plan
the work and must properly supervise any
assistants.
Three Main Reasons for Planning
1. To obtain sufficient appropriate evidence
for the circumstances
2. To help keep audit costs reasonable, and
3. To avoid misunderstandings with the client.
11/3/2024
 Cont’d
N.B:-
Obtaining sufficient appropriate evidence is
essential if the Audit firm is to minimize legal
liability and maintain a good reputation in the
business community.
Keeping costs reasonable helps the firm remain
competitive.
Avoiding misunderstandings with the client is
necessary for good client relations and for
facilitating high quality work at reasonable cost.

11/3/2024
 4.2 Planning procedures
Obtaining Clients
1. Submit a proposal
 The starting point for audit procedures are obtaining clients.
 To obtain the audit, the auditor may be asked to submit a competitive proposal that will include information on
the nature of service that the firm offers, the qualifications of the firm’s personnel, anticipated fees and other
information to convince the prospective client to select the firm.
 The audit firm also may be asked to make an oral presentation to the prospective client’s audit committee and
management to provide a basis of for the selection.
2. Communicate with the predecessor auditor-
 Statement on Auditing Standards No.84 states that “communication between predecessor and successor auditors”,
requires the successor auditors attempts to communicate with predecessor before accepting the engagement.
 Topics
 Integrity of management
 Disagreements over accounting principles
 Communications to those charged with governance regarding fraud and noncompliance with laws
 Communication to management and those charged with governance concerning internal control significant
deficiencies and material weaknesses.
 Predecessor’s understanding of reason for change of auditors
 Other

11/3/2024
 Cont’d.
After obtaining a client, the audit process includes:
1. Plan the audit
. 2. Obtain an understanding of the client and its
environment, including internal control
3. Assess the risks of material misstatement and design
further audit procedures
4. Perform further audit procedures
5. Complete the audit
6. Form an opinion and issue the audit report

11/3/2024
 .
Stages of an Audit—Diagram(insert)

11/3/2024
 Plan the Audit.

. The auditors must adequately plan the work and
must properly supervise any assistants.
 Audit planning involves developing an over all
audit strategy for the conduct, organization, and
staffing the audit.
Establishing an understanding with the client
This is ordinarily accomplished through use of an
engagement letter
The auditors will perform procedures to determine
that:
The firm meets professional independence requirements
There are no issues relating to management integrity
There is no misunderstanding with the client as to the
terms of the engagement

11/3/2024
 Items Included in
.
Engagement Letters
 Name of the entity(insert sample letter)
. Management responsibilities
 Financial statements
 Establishing effective internal control over financial reporting
 Compliance with laws and regulations
 Making records available to the auditors
 Providing written representations at end of the audit, including that
adjustments discovered by the auditors and not recorded
to the financials are not material
 Auditor responsibilities
 Conducting an audit in accordance with GAAS
 Obtaining an understanding of internal control to plan audit
and to determine the nature, timing and extent of procedures
 Making communications required by GAAS

11/3/2024
 .
Engagement Letters--Optional Items
 Arrangements regarding
. Conduct of the audit (e.g., timing, client assistance)
Use of specialists or internal auditors
Obtaining information from predecessor auditors
Fees and billing
 Other services to be provided, such as examination of
internal control over financial reporting
 Limitation of or other arrangements regarding liability of
auditors or client
 Conditions under which access to the auditors’ working
papers may be granted to others

11/3/2024
 Audit Risk
 An auditor should understand two risk terms before
starting audit planning activities.
 These are:
A. Acceptable audit risk and
B. Inherent risk.
 These two risks significantly influence the conduct and cost
of audits.
 The first four steps of audit planning deals with obtaining
information to help auditors assess these two type of risks.
 Once an auditor go through the first four steps of audit
planning it is easy to asses acceptable audit risk and
inherent risk and set materiality which is the fifth step of
audit planning process.
11/3/2024
 A. Acceptable audit risk
 Acceptable audit risk is a measure of how willing
the auditor is to accept that the financial
statements may be materially misstated after the
audit is completed and an unqualified opinion (the
best) has been issued.
 When the auditor decides on a lower acceptable
audit risk, it means that the auditor wants to be
more certain that the financial statements are not
materially misstated.
 Zero risk is certainty, and a 100 percent risk is
complete uncertainty.

11/3/2024
 B. Inherent risk
 Inherent risk is a measure of the auditor’s
assessment of the likelihood that there are
material misstatements in an account balance
before considering the effectiveness of internal
control.
 If, for example, the auditor concludes that there
is a high likelihood of material misstatement in
accounts receivable due to changing economic
conditions, the auditor concludes that inherent
risk for accounts receivable is high.
11/3/2024
 Cont’d
 Assessing acceptable audit risk and inherent risk
is an important part of audit planning because it
helps determine the amount of evidence that
will need to be accumulated and staff assigned
to the engagement.
 For example, if inherent risk for inventory is high
because of complex valuation issues, more
evidence will be accumulated in the audit of
inventory, and more experienced staff will be
assigned to perform testing in this area.

11/3/2024
 Determining
. Materiality
. Use professional judgment and based on
reasonable person
Considers both
– Quantitative and qualitative factors
Materiality used in
– Planning the audit
• At the overall financial statement level
• Allocate to individual accounts
– Evaluating audit findings

11/3/2024
 Materiality. Definitions
.  FASB (included in SASs)—The magnitude of an
omission or misstatement of financial information that,
in the light of surrounding circumstances, makes it
probable that he judgment of a reasonable person
relying on the information could have been changed or
influenced by the omission or misstatement.
 PCAOB interpretation of federal securities laws—A fact
is material if there is a substantial likelihood that the…
fact would have been viewed by the reasonable
investor as having significantly altered the “total mix”
of information made available.
THE END OF CHAPTER 4

11/3/2024
 CHPTER FIVE
INTERNAL CONTROL
 5.1 THE MEANING OF INTERNAL CONTROL
 The definition of internal control is comprehensive in
that it addresses the achievement of objectives in the
areas of operations, financial reporting, and
compliance with laws and regulations.
 It includes the methods by which top management
delegates authority and assigns responsibility for
such functions as selling, purchasing, accounting,
and production.
 Internal control also includes the program for
preparing, verifying, and distributing to various levels
of management those current reports and analyses
that enable executives to maintain control over the
variety of activities and functions that are used by a
large organization.
 MEANS OF ACHIEVING INTERNAL
CONTROL
 For purposes of financial statement audits, the
policies and procedures used by an entity to
achieve internal control are referred to as the
entity's internal control structure.
Internal control structures vary significantly from
one organization to the next.
Depending on such factors as the size, nature of
operations, and objectives of the organization for
which the structure was designed.
 CONT’D
 The internal control structures of all large
organizations include five components:
1. the control environment
2. risk assessment
3. the accounting information and
communication system
4. control activities; and
5. monitoring.
 Five Components .of Internal Control
.

3.Information
2. Risk 4.Control and 5. Monitoring
assessment activities communication
 1. THE CONTROL ENVIRONMENT
 The control environment sets the tone of an
organization by influencing the control
consciousness of people.
 Control environment factors include
A. integrity and ethical values
B. commitment to competence
C. board of directors or audit committee;
D. management's philosophy and operating style
E. organizational structure
F. human resource policies and practices, and
G. assignment of authority and responsibility.
 2. RISK ASSESSMENT
 Management should carefully consider the factors that affect the risk
that the organization's objectives will not be achieved.
 When considering the financial reporting objective, these risks include
the threats to preparing financial statements in accordance with
generally accepted accounting principles.
 For example, the following factors might be indicative of increased
financial reporting risk:
A. Changes in the organization's regulatory or operating environment
B. Changes in personnel.
C. Implementation of a new modified information system.
D. Rapid growth of the organization
E. Changes in technology affecting production process or
information systems.
F. Introduction of new lines of business, products, or processes.
 3. The Accounting Information and
Communication System
 Information and communication systems
capture, process, and report information to be
used by parties both within and outside the
organization.
An organization's accounting information
system consists of the methods and records
established to identify, assemble, analyze,
classify, record, and report an entity's
transactions and to maintain accountability for
the related assets.
 CONT’D
 Accordingly, an accounting information system should:
A. Identify and record all valid transactions.
B. Describe on a timely basis the transactions in
sufficient detail to permit proper classification of
transactions for financial reporting.
C. Measure the value of transactions in a manner that
permits recording their proper monetary value in the
financial statements.
D. Determine the time period in which transactions
occurred to permit recording of transactions in the
proper accounting period.
E. Present properly the transactions and related
disclosures in the financial statements.
 4. CONTROL ACTIVITIES
 Control activities are policies and procedures that help
ensure that management directives are carried out.
 Those policies and procedures help ensure that actions
are taken to address the risks that face the organization.
 While there are many different types control activities
performed in an organization, only the following type are
generally relevant to an audit of the organization's
financial statements:
A. Performance reviews.
B.Information processing.
C.Physical controls.
D.Segregation of duties.
 Adequate Separation
. of Duties
.Custody of assets from Accounting

The custody of
from
related assets

Operational Record-keeping
from
responsibility responsibility

IT duties from User departments

 5. Monitoring
.

Monitoring activities deal with management’s

ongoing and periodic assessment of the
quality of internal control performance to
determine whether controls are operating
as intended and modified when needed.
 LIMITATIONS OF INTERNAL CONTROL
 Internal control can do much to protect against both errors and
irregularities and ensure the reliability of accounting data.
 Still, it is important to recognize the existence of inherent
limitations in any internal control structures, such as:
A. Mistakes may be made in the performance of internal control
policies and procedures as a result of misunderstanding of
instructions,
B. Mistakes of Judgment, carelessness, distraction, or fatigue,
C. without active participation by the board of directors and an
effective internal audit department, top management can
easily override the internal control structure.
D. Finally, control activities dependent upon separation of duties
may be circumvented by collusion among employees.
 Internal control and internal Audit
Duties and Responsibilities of an Internal
Auditor
 The duty of an internal auditor is to independently,
impartially, and systematically appraise the operating
units and internal controls of an organization.
 He or she should have a sound understanding of the
systems and procedures of the organization as a whole,
as well as the specific roles and activities of each unit
within it, and must be freely able to communicate with
anyone in the organization to obtain information.
 THE AUDITORS' CONSIDERATION OF INTERNAL
CONTROL
 The second standard of fieldwork states that a
sufficient understanding of the internal control
structure is to be obtained to plan the audit and to
determine the nature, timing, and extent of the tests
to be performed.
 The auditors' understanding of their clients' internal
control provides a basis both to :
(1) Plan the audit, and (2) assess control risk
 Cont’d
 The auditors' consideration of the internal control also
provides a basis for their assessment of Control Risk - the
risk that material misstatements will not be prevented or
detected by the client's internal control structure.
 If the auditors determine that the client's internal control
is effective, they will assess control risk to be low.
 They can then accept a higher level of detection risk, and
substantive testing can be decreased.
 Conversely, If internal controls are weak, control risk is
high and the auditors must increase the scope of their
substantive tests to limit the level of detection risk.
 Therefore, the auditors' understanding of internal control
is a major factor in determining the nature, timing, and
extent of substantive testing necessary to verify the
financial statement assertion.
 Cont’d
 To assess control risk at less than the maximum level for a
particular assertion, the auditors must:
A. Identify those internal control structure policies and
procedures that are likely to prevent or detect material
misstatements of the assertion.
B. Perform tests of controls to evaluate the effectiveness of
such policies and procedures.
Internal Control in the Small Company
 Because of the absence of strong internal control
in small concerns, the independent auditors must
rely much more on substantive tests of account
balances and transactions than is required in
larger organizations.
 Although it is well to recognize that internal
control can seldom be strong in a small business,
this limitation is no justification for ignoring
available forms of control.
 Auditors can make a valuable contribution to
small client companies by encouraging the
installation of such control procedures as are
practicable in the circumstances.
 Cont’d
 The following specific practices are almost always capable of use in even
the smallest business
1. Record all cash receipts immediately.
 For over- the- counter collections, use cash registers easily visible to
customers. Records register readings daily.
 Prepare a list of all mail remittances immediately upon opening the mail and
retain this list for subsequent comparison with bank deposit tickets and
entries in the cash receipts journal.
2. Deposit all cash receipts intact daily.
3. Make all payments by serially numbered checks, with the exception of small
disbursements from petty cash.
4. Reconcile bank accounts monthly and retain copies of the reconciliation's in
the files.
5. Use serially numbered sales invoices, purchase orders, and receiving reports.
6. Issue checks to vendors only in payment of approved invoices that have been
matched with purchase orders and receiving reports.
7. Balance subsidiary ledger with control accounts at regular intervals, and
prepare and mail customers' statements monthly.
8. Prepare comparative financial statements monthly in sufficient detail to
disclose significant variations in any category of revenue or expense.
 Cont’d
 Adherence to these basic control practices significantly reduces the risk
of material error or major defalcation going undetected.
 If the size of the business permits a segregation of the duties of cash
handling and record keeping, a fair degree of control can be achieved.
 If it is necessary that one employee serve as both accounting clerk and
cashier, then active participation by the owner in certain key functions is
necessary to guard against the concealment of fraud or errors.
 In a few minutes each day the owner, even though not trained in
accounting, can create a significant amount of internal control by
personally :
(1) reading daily cash register totals,
(2) reconciling the bank account monthly,
(3) signing all checks and canceling the supporting documents,
(4) approving all general journal entries, and
(5) critically reviewing comparative monthly statements of revenue and
expense.
THE END OF CHAPTER 5
 CHAPTER 6
AUDIT EVIDENCE
 6. 1. Definition of Audit evidence
 Audit evidence can be defined as any information
used by the auditor to determine whether the
information being audited is stated in accordance
with the established criteria.
 The information varies greatly in the extent to
which it persuades the auditor whether financial
statements are fairly stated.
 Evidence includes information that is highly
persuasive/convincing, such as the auditor’s count
of marketable securities, and less persuasive
information, such as responses to questions of
client employees.
 Audit Evidence Decisions
 A major decision facing every auditor is determining the
appropriate types and amounts of evidence needed to
be satisfied that the client’s financial statements are
fairly stated.
 There are four decisions about what evidence to gather
and how much of it to accumulate:
1. Which audit procedures to use?
2. What sample size to select for a given procedure?
3. Which items to select from the population?
4. When to perform the procedures (Timing )?
 Cont’d
If an auditor is able to address the above four
questions he/she will definitely end up with
sufficient appropriate audit evidence, which is
the very objective of every auditors.
 Therefore, an auditor should be careful while
considering those points in the audit process.
 RELATIONSHIP OF EVIDENCE TO AUDIT RISK

The term audit risk refers to the possibility

that the auditors may unknowingly fail to
appropriately modify their opinion on
financial statements that are materially
misstated.
Audit risk is reduced by gathering evidence,
the more competent evidence gathered the
less audit risk assumed.
 FINANCIAL STATEMENT ASSERTIONS
 Audit procedures are designed to obtain evidence about the
assertions of management that are embodied in the
financial statements.
 When the auditors have gathered sufficient audit evidence
about each material financial statement assertion, they have
gathered sufficient evidence to support their opinion.
 Relationship Between Evidence Gathering Procedures

 Auditor has to obtain sufficient appropriate evidence to

support the audit opinion.
 Tests of controls, and substantive tests of transactions and
balances are the main evidence-gathering procedures.
 Auditor selects most efficient and effective combination of
audit procedures that allows them to achieve audit objective.
 Assertions are used to help them in their risk assessment of
material misstatement, and to direct their audit procedures to
the assessment of these risks.

10-141
Relationship Between Tests of Controls and Substantive Tests of
Transactions

 Most controls are built around transaction flows.

 Tests of controls: transactions selected to test whether
related controls are working.
 Does not directly measure monetary error in accounting records.
 Substantive test of transactions: transactions selected to
determine whether monetary errors have occurred.

10-142
 Dual Purpose Tests

 These are tests of transactions that address both

control and substantive matters simultaneously.
 Very common in practice since both tests of controls
and substantive tests of transactions involve
inspection of documents.
 It is efficient to perform tests of control and
substantive tests on transactions selected
simultaneously, e.g. select document and check
evidence of authorisation (test of control) and
recompute amount (substantive test of transaction).
10-143
 Relationship Between Substantive Tests of
Transactions and Balances

 Objective of substantive tests is to reduce detection

risk.
 Substantive tests of transactions focus on the
individual transactions that make up the balance.
 Substantive tests of balances substantiate the ending
balance of an account (which is comprised of
multiple transactions).

10-144
 Financial Report Assertions and Substantive Audit
Procedures

 The auditor develops specific audit procedures to

evaluate and address the risk of material
misstatement for both classes of transactions and
events, and account balances.
 The risk associated with each assertion is assessed,
and substantive audit procedures are directed at
specific assertions based on this assessment.

10-145
 Assertions about Transactions and Events (Income
Statement Accounts)

 Occurrence: in testing whether transactions that generated

financial report accounts actually occurred.
 Completeness: the auditor identifies evidence indicating items
that should be included in the class of transactions and
investigates whether they are, in fact, included.
 Accuracy: relates to determining the appropriate recording of the
dollar value and other information of transactions.
 Cutoff: involves checking that transactions are recorded in the
correct period.
 Classification: in designing substantive tests for the assertion of
classification, the auditor considers the appropriate classification
of the item in the financial report.
10-146
 Assertions about Account Balances at Period End
(Balance Sheet Accounts)

 Existence: the auditor selects from items contained in the

accounting records and obtains evidence that supports them.
 Rights and obligations: the auditor must ascertain that the
assets are owned/controlled by the client and that the
liabilities are those of the client.
 Completeness: the auditor identifies evidence indicating
items that should be included in the account balance and
investigates whether they are in fact included.
 Valuation and allocation: the auditor considers the
appropriateness of the basis of valuation of the asset or
liability and the basis of any allocation of this valuation across
accounting periods.

10-147
 Audit Risk at the Assertion Level
 Since an audit involves gathering evidence for each
material financial statement assertion, audit risk can also
be examined at that level.
 For each financial statement account, audit risk consists of
the possibility that:
A. a material misstatement in an assertion about the
account has occurred, and
B. the auditors do not detect the misstatement.
 The risk of occurrence of a material misstatement may be
separated into two components inherent risk and control
risk.
 The risk that auditors will not detect the misstatement is
called detection risk.
 Inherent Risk
 Inherent risk refers to the possibility of a material misstatement of an
assertion before considering internal control.
 Certain characteristics of the client and its industry affect the inherent
risk of a number of financial statement accounts.
 For example factors such as the following are indicative of high
inherent risk for the assertions about many accounts in the client's
financial statements:
A. Inconsistent profitability relative to the industry
B. Operating results that are highly sensitive to economic factors
C. Going concern problems
D. Large known and likely misstatements detected in prior audits
E. Substantial turnover, questionable reputation, or inadequate
accounting skills of management
 Cont’d
 Assertions with high inherent risk often
involve:
A.Difficult to audit transactions or balances,
B.Complex calculations,
C.Difficult accounting issues,
D.Significant judgment, or
E.Valuations that vary significantly based on
economic factors.
 Control Risk
 The risk that a material misstatement will not
be prevented or detected on a timely basis by
the company's internal control structure is
referred to as control risk.
This risk is entirely based on the effectiveness
of the internal control structure.
 Detection Risk
 The risk that the auditors will fail to detect the
misstatement with their audit procedures is called
detection risk.
 That is the risk that the auditors' procedures will lead
them to conclude that material misstatement does
not exist in an account or assertion when in fact such
misstatement does exist.
 Detection risk is restricted by performing substantive
tests.
 For each account, the scope of substantive tests,
including their nature, timing, and extent, determines
the level of detection risk.
 Measuring Audit Risk
 In practice the various components of audit risk are not typically
quantified.
 Instead, the auditors usually use qualitative categories, such as low,
medium, and high risk.
 SAS 47 (AU 312), '' Audit Risk and Materiality in Conducting an
Audit, '' allows either a quantified or a no quantitative approach,
but includes the following formula to illustrate the relationship
between audit risk, inherent risk, control risk, and detection risk:
AR= IR X CR X DR
Where:
AR= Audit risk
IR = Inherent risk
CR= Control risk
DR= Detection risk
 Cont’d
To illustrate the measurement of audit risk, assume that
the auditors have assessed inherent risk for a particular
assertion at 50 percent and control risk at 40 percent.
In addition, they have performed audit procedures that
they believe have a 20 percent risk of failing to detect a
material misstatement in the assertion. The audit risk
for the assertion may be computed as follows:
AR= IR X CR X DR
= .50 X .40 X .20
= .04
Thus, the auditors face a 4 percent audit risk that material
misstatement has evaded both the client's internal
controls and the auditors' procedures.
 Cont’d
 It is important to realize that while auditors gather evidence to
assess inherent risk and control risk, they gather evidence to
restrict detection risk at the appropriate level.
 Inherent risk and control risk are a function of the client and its
operating environment. Regardless of how much evidence the
auditors gather, they cannot change these risks.
 Therefore, evidence gathered by the auditors is used to assess
the levels of inherent and control risk.
 Detection risk, on the other hand, is a function of the
effectiveness of the audit procedures performed.
 The more evidence that is gathered, the lower the level of
detection risk.
 As a result, detection risk is the only risk that is a function of
the sufficiency of the evidence gathered by the auditors'
procedures.
Nature and types of audit evidence
 Auditors mostly uses various types of audit evidence
generated by the auditor, third parties, and the client;
which is a bases (the evidence) to issue one of several
alternative types of audit reports.
 The nature and the type of the evidence must be
persuasive which means, as per the third standard of
field work, the evidence should be sufficient
appropriate evidence.
 Persuasiveness of evidence
(appropriateness and sufficiency)
 Audit standards require the auditor to accumulate
sufficient appropriate evidence to support the opinion
(audit report) issued. Because of the nature of audit
evidence and the cost considerations of doing an audit,
it is unlikely that the auditor will be completely
convinced that the opinion is correct.
 However, the auditor must be persuaded that the
opinion is correct with a high level of assurance.
 By combining all evidence from the entire audit, the
auditor is able to decide when he or she is
persuaded/convinced to issue an audit report (an
opinion).
 Determinants of persuasiveness of audit evidence

 There are two determinants of the persuasiveness

of audit evidence those are appropriateness and
sufficiency of audit evidence.
1. Appropriateness: Relevance and Reliability
 Appropriateness of evidence is a measure of the quality of evidence,
meaning its relevance and reliability in meeting audit objectives for
classes of transactions, account balances, and related disclosures.
 If evidence is considered highly appropriate, it is a great help in
persuading the auditor that financial statements are fairly stated.
N.B:- appropriateness of evidence deals only with the audit procedures
selected. Appropriateness cannot be improved by selecting a larger
sample size or different population items.
It can be improved only by selecting audit procedures that are more
relevant or provide more reliable evidence.
 Relevance of Evidence
Relevance of Evidence:
 Evidence must pertain to or be relevant to the audit objective that the
auditor is testing before it can be appropriate. For example, assume that
the auditor is concerned that a client is failing to bill customers for
shipments (completeness transaction objective).
 If the auditor selects a sample of duplicate sales invoices and traces each
to related shipping documents, the evidence is not relevant for the
completeness objective and therefore is not appropriate evidence for that
objective.
 A relevant procedure is to trace a sample of shipping documents to related
duplicate sales invoices to determine whether each shipment was billed.
 The second audit procedure is relevant because the shipment of goods is
the normal criterion used for determining whether a sale has occurred
and should have been billed.
 By tracing from shipping documents to duplicate sales invoices, the
auditor can determine whether shipments have been billed to customers.
 In the first procedure, when the auditor traces from duplicate sales
invoices to shipping documents, it is impossible to find unbilled shipments.
 CONT’D
 Relevance can be considered only in terms of
specific audit objectives, because evidence may
be relevant for one audit objective but not for a
different one.
 In the previous shipping example, when the
auditor traced from the duplicate sales invoices
to related shipping documents, the evidence was
relevant for the occurrence transaction
objective.
 Most evidence is relevant for more than one, but
not all, audit objectives.
 Reliability of Evidence
 Reliability of evidence refers to the degree to
which evidence can be believable or worthy of
trust.
 Like relevance, if evidence is considered reliable
it is a great help in persuading the auditor that
financial statements are fairly stated.
 For example, if an auditor counts inventory,
that evidence is more reliable than if
management gives the auditor its own count
amounts.
 CONT’D
 Reliability, and appropriateness, depends on the following six characteristics
of reliable evidence:
1. Independence of provider
 Evidence obtained from a source outside the entity is more reliable than that
obtained from within.
 Communications from banks, attorneys, or customers is generally considered more
reliable than answers obtained from inquiries of the client.
 Similarly, documents that originate from outside the client’s organization, such as an
insurance policy, are considered more reliable than are those that originate within
the company and have never left the client’s organization, such as a purchase
requisition.
2. Effectiveness of client’s internal control
 When a client’s internal controls are effective, evidence obtained is more reliable
than when they are weak.
 For example, if internal controls over sales and billing are effective, the auditor can
obtain more reliable evidence from sales invoices and shipping documents than if the
controls were inadequate.
 CONT’D
3. Auditor’s direct knowledge
 Evidence obtained directly by the auditor
through physical examination, observation,
recalculation, and inspection is more reliable
than information obtained indirectly.
 For example, if the auditor calculates the
gross margin as a percentage of sales and
compares it with previous periods, the
evidence is more reliable than if the auditor
relies on the calculations of the controller.
 CONT’D
4.Qualifications of individuals providing the information
 Although the source of information is independent, the evidence will not
be reliable unless the individual providing it is qualified to do so.
 Therefore, communications from attorneys and bank confirmations are
typically more highly regarded than accounts receivable confirmations
from persons not familiar with the business world.
5. Degree of objectivity
 Objective evidence is more reliable than evidence that requires
considerable judgment to determine whether it is correct.
 Examples of objective evidence include confirmation of accounts
receivable and bank balances, the physical count of securities and cash,
and adding (footing) a list of accounts payable to determine whether it
agrees with the balance in the general ledger.
 Cont’d
6. Timeliness
 The timeliness of audit evidence can refer either to when it
is accumulated or to the period covered by the audit.
 Evidence is usually more reliable for balance sheet accounts
when it is obtained as close to the balance sheet date as
possible.
 For example, the auditor’s count of marketable securities
on the balance sheet date is more reliable than a count 2
months earlier.
 For income statement accounts, evidence is more reliable if
there is a sample from the entire period under audit, such
as a random sample of sales transactions for the entire
year, rather than from only a part of the period, such as a
sample limited to only the first 6 months.
 Sufficiency
Sufficiency
 The quantity of evidence obtained determines its sufficiency.
Sufficiency of evidence is measured primarily by the sample size the
auditor selects. For a given audit procedure, the evidence obtained
from a sample of 100 is ordinarily more sufficient than from a
sample of 50.
 Several factors determine the appropriate sample size in audits.
 The two most important ones are the auditor’s expectation of
misstatements and the effectiveness of the client’s internal
controls.
 To illustrate, assume in the audit of ABC Computer Parts Co. that
the auditor concludes that there is a high likelihood of obsolete
inventory because of the nature of the client’s industry. The auditor
will sample more inventory items for obsolescence in this audit
than one where the likelihood of obsolescence is low. Similarly, if
the auditor concludes that a client has effective rather than
ineffective internal controls over recording fixed assets, a smaller
sample size in the audit of acquisitions of fixed assets may be
warranted.
 Cont’d
 In addition to sample size, the individual items
tested affect the sufficiency of evidence.
 Samples containing population items with large
monetary values, items with a high likelihood of
misstatement, and items that are representative of
the population are usually considered sufficient.
 In contrast, most auditors usually consider samples
insufficient that contain only the largest dollar
items from the population unless these items make
up a large portion of the total population amount.
 Cont’d
Combined Effect
 The persuasiveness of evidence can be evaluated only after
considering the combination of appropriateness and
sufficiency, including the effects of the factors influencing
appropriateness and sufficiency.
 A large sample of evidence provided by an independent
party is not persuasive unless it is relevant to the audit
objective being tested. A large sample of evidence that is
relevant but not objective is also not persuasive.
 Similarly, a small sample of only one or two pieces of
highly appropriate evidence also typically lacks
persuasiveness. When determining the persuasiveness of
evidence, the auditor must evaluate the degree to which
both appropriateness and sufficiency, including all factors
influencing them, have been met.
 TYPES OF AUDIT EVIDENCE
 In deciding which audit procedures to use, the auditor can choose
from eight broad categories of evidence, which are called types of
evidence.
 Every audit procedure obtains one or more of the following 8
types of evidence:
1. Physical examination
2. Confirmation
3. Documentation
4. Analytical procedures
5. Inquiries of the client
6. Recalculation
7. Re-performance
8. Observation

1. Physical examination
It is the inspection or count by the auditor of a tangible asset.
 This type of evidence is most often associated with inventory and
cash, but it is also applicable to the verification of securities, notes
receivable, and tangible fixed assets.
 There is a distinction in auditing between the physical examination
of assets, such as marketable securities and cash, and the
examination of documents, such as cancelled checks and sales
documents.
 If the object being examined, such as a sales invoice, has no inherent
value, the evidence is called documentation.
 For example, before a check is signed, it is a document; after it is
signed, it becomes an asset; and when it is cancelled, it becomes a
document again.
 For correct auditing terminology, physical examination of the check
can occur only while the check is an asset.
.
 2. Confirmation
 It describes the receipt of a direct written response from
a third party verifying the accuracy of information that
was requested by the auditor.
 The response may be in electronic or paper form.
 The request is made to the client, and the client asks the
third party to respond directly to the auditor.
 Because confirmations come from sources independent
of the client, they are a highly regarded and often-used
type of evidence.
 However, confirmations are relatively costly to obtain
and may cause some inconvenience to those asked to
supply them.
 Therefore, they are not used in every instance in which
they are applicable.
 3. Documentation
 It is the auditor’s inspection of the client’s documents
and records to substantiate the information that is, or
should be, included in the financial statements.
 The documents examined by the auditor are the records
used by the client to provide information for conducting
its business in an organized manner, and may be in paper
form, electronic form, or other media.
 Because each transaction in the client’s organization is
normally supported by at least one document, a large
volume of this type of evidence is usually available.
 For example, the client often retains a customer order, a
shipping document, and a duplicate sales invoice for each
sales transaction.
 4. Analytical procedures
It is used for comparisons and relationships to
assess whether account balances or other data
appear reasonable compared to the auditor’s
expectations.
For example, an auditor may compare the gross
margin percent in the current year with the
preceding year’s.
Analytical procedures are used extensively in
practice, and are required during the planning
and completion phases on all audits.
 5. Inquiry
 It is the obtaining of written or oral information
from the client in response to questions from the
auditor.
 Although considerable evidence is obtained from
the client through inquiry, it usually cannot be
regarded as conclusive because it is not from an
independent source and may be biased in the
client’s favor.
 Therefore, when the auditor obtains evidence
through inquiry, it is normally necessary to obtain
corroborating evidence through other procedures.
 6. Recalculation
 It involves rechecking a sample of calculations
made by the client.
 Rechecking client calculations consists of testing
the client’s arithmetical accuracy and includes
such procedures as extending sales invoices and
inventory, adding journals and subsidiary
records, and checking the calculation of
depreciation expense and prepaid expenses.
 A considerable portion of auditors’ recalculation
is done by computer assisted audit software.
 7. Re-performance:
It is the auditor’s independent tests of client
accounting procedures or controls that were
originally done as part of the entity’s
accounting and internal control system.
 Whereas recalculation involves rechecking a
computation, re-performance involves checking
other procedures.
 For example, the auditor may compare the
price on an invoice to an approved price list, or
may re-perform the aging of accounts
receivable.
 8. Observation
 It is the use of the senses to assess client activities.
 Throughout the engagement with a client, auditors have many
opportunities to use their senses sight, hearing, touch, and smell to
evaluate a wide range of items.
 The auditor may tour the plant to obtain a general impression of the
client’s facilities, or watch individuals perform accounting tasks to
determine whether the person assigned a responsibility is performing
it properly.
 Observation is rarely sufficient by itself because of the risk of client
personnel changing their behavior because of the auditor’s
presence.
 They may perform their responsibilities in accordance with company
policy but resume normal activities once the auditor is not in sight.
 Therefore, it is necessary to follow up initial impressions with other
kinds of corroborative evidence.
 Nevertheless, observation is useful in most parts of the audit.
 CHAPTER 7
AUDIT REPORTS
 7.1 Introduction
 Expressing an independent and expert opinion on the fairness
of financial statements is the most frequently performed
attestation service rendered by the public accounting
profession.
 The fourth standard of reporting states:
 The (auditors') report shall either contain an expression of
opinion regarding the financial statements, taken as a
whole, or an assertion to the effect that an opinion cannot
be expressed.
 When an overall opinion cannot be expressed, the reasons
therefore should be stated.
 In all cases where an auditor's name is associated with
financial statements, the report should contain a clear-cut
indication of the character of the auditor's work, if any, and
the degree of responsibility the auditor is taking.
 7.2. TYPES OF AUDIT REPORT
The end product of a financial statement audit
is an auditor’s report through which the auditor
expresses his/her opinion.
There are five types of audit reports; namely,
1. Unqualified
2. Modified Unqualified
3. Qualified
4. Adverse, and
5. Disclaimer
1. Standard unqualified Audit report
The standard unqualified audit report is
sometimes called a clean opinion because there
are no circumstances requiring a qualification or
modification of the auditor’s opinion.
The standard unqualified report is the most
common audit opinion.
Sometimes circumstances beyond the client’s or
auditor’s control prevent the issuance of a clean
opinion.
However, in most cases, companies make the
appropriate changes to their accounting records
to avoid a qualification or modification by the
auditor.
Conditions for Standard Unqualified Audit Report

1. All financial statements are included.

2. The three general standards have been followed in all
respects on the engagement.
3. Sufficient evidence has been accumulated to
conclude that the three standards of field work have
been met.
4. The financial statements are presented in
accordance with generally accepted accounting
principles.
5. There are no circumstances requiring the addition of
an explanatory paragraph or modification of the
wording of the report.
 Cont’d
If any of the five requirements for the standard
unqualified audit report are not met, the
standard unqualified report cannot be issued.
Financial statement users are normally much
more concerned about a disclaimer or adverse
opinion than an unqualified report with an
explanatory paragraph.
 Departure from unqualified audit report
 It is essential that auditors and readers of audit reports
understand the circumstances when an unqualified
report is inappropriate and the type of audit report
issued in each circumstance.
 The following are conditions requiring a departure from
an unqualified opinion:
I. The Scope of the Audit Has Been Restricted (Scope
Limitation)
II. The Financial Statements Have Not Been Prepared in
Accordance with Generally Accepted Accounting
Principles
III (GAAP Departure)
III. The. Auditor Is Not Independent
2. Unqualified with Explanatory paragraph or modified
wordings
In certain situations, an unqualified audit
report on the financial statements is issued,
but the wording deviates from the standard
unqualified report.
The unqualified audit report with
explanatory paragraph or modified wording
meets the criteria of a complete audit with
satisfactory results and financial statements
that are fairly presented, but the auditor
believes it is important or is required to
provide additional information.
 Causes of the addition of an
explanatory paragraph
 The following are the most important causes of
the Addition of modification an explanatory paragraph or a
in the wording of the standard unqualified report:
1. Lack of consistent application of generally accepted accounting
principles
2. Substantial doubt about going concern
3. Auditor agrees with a departure from promulgated
accounting principles
4. Emphasis of a matter
5. Reports involving other auditors
 Reports Involving Other Auditors
(three types. of reports)
 When the CPA relies on a different CPA firm to perform part of
the audit, which is common when the client has several
widespread branches or subdivisions, the principal CPA firm has
three alternatives.
1. Make no reference in the audit report
2.Make reference in the report (modified wording
report-is also called a shared opinion or report.)
3.Qualify the opinion-is required if the principal
auditor is not willing to assume any responsibility
for the work of the other auditor.
 3. Qualified opinion
A qualified opinion report can result from a
limitation on the scope of the audit or failure to
follow generally accepted accounting principles.
When an auditor issues a qualified report, he or
she must use the term except for in the opinion
paragraph.
The implication is that the auditor is satisfied that
the overall financial statements are correctly
stated “except for” a specific aspect of them.
It is unacceptable to use the phrase except for
with any other type of audit opinion.
 4. Adverse Opinion
An adverse opinion is used only when the auditor
believes that the overall financial statements are
so materially misstated or misleading that they
do not present fairly the financial position or
results of operations and cash flows in conformity
with GAAP.
The adverse opinion report can arise only when
the auditor has knowledge, after an adequate
investigation of the absence of conformity.
 5. Disclaimer opinion .
 A disclaimer of opinion is issued when the auditor has been unable
to satisfy himself or herself that the overall financial statements are
fairly presented.
 The necessity for disclaiming an opinion may arise because of a severe
limitation on the scope of the audit or a non independent relationship
under the Code of Professional Conduct between the auditor and the
client.
 Either of these situations prevents the auditor from expressing an
opinion on the financial statements as a whole.
 The auditor also has the option to issue a disclaimer of opinion for a
going concern problem.
 The disclaimer is distinguished from an adverse opinion in that it can
arise only from a lack of knowledge by the auditor, whereas to express an
adverse opinion, the auditor must have knowledge that the financial
statements are not fairly stated.
 Both disclaimers and adverse opinions are used only when the condition
is highly material.
 Relationship of Materiality to
Type of .Opinion
Materiality
. Significance in Terms of Type of
Level Reasonable Users’ Decisions Opinion
Users’ decisions are
Immaterial unlikely to be affected. Unqualified

Users’ decisions are

Material likely to be affected. Qualified

Highly Users’ decisions are Disclaimer

material likely to be significantly or adverse
affected.
 7.3. Elements of audit report
The elements of Audit reports are:
1. Report title
2. Audit report address
3. Introductory paragraph
4. Scope paragraph
5. Opinion paragraph
6. Name of CPA firm
7. Audit report date
 1. Report title.
Auditing standards require that the report be
titled and that the title include the word
independent.
For example, appropriate titles include
A. “independent auditor’s report,”
B. “report of independent auditor,” or
C. “independent accountant’s opinion.”
 The requirement that the title include the word
independent conveys to users that the audit
was unbiased in all aspects.
 2. Audit report address
The report is usually addressed to the
company, its stockholders, or the board of
directors.
In recent years, it has become customary to
address the report to the board of directors and
stockholders to indicate that the auditor is
independent of the company.
 3. Introductory paragraph
 The first paragraph of the report does three things:
1. First, it makes the simple statement that the CPA firm has done an audit.
 This is intended to distinguish the report from a compilation or review report.
 The scope paragraph clarifies what is meant by an audit.
2. Second, it lists the financial statements that were audited, including the
balance sheet dates and the accounting periods for the income statement
and statement of cash flows.
 The wording of the financial statements in the report should be identical to
those used by management on the financial statements.
3. Third, the introductory paragraph states that the statements are the
responsibility of management and that the auditor’s responsibility is to
express an opinion on the statements based on an audit.
 The purpose of these statements is to communicate that management is
responsible for selecting the appropriate accounting principles and making the
measurement decisions and disclosures in applying those principles and to
clarify the respective roles of management and the auditor.
 4. Scope paragraph.
 The scope paragraph is a factual statement about what the auditor
did in the audit.
 This paragraph first states that the auditor followed the generally
accepted auditing standards.
 For an audit of a public company, the paragraph will indicate that
the auditor followed standards of the Public Company
Accounting Oversight Board(PCAOB).
 Because financial statements prepared in accordance with U.S.
accounting principles and audited in accordance with U.S. auditing
standards are available throughout the world on the Internet, the
country of origin of the accounting principles used in preparing the
financial statements and auditing standards followed by the auditor
are identified in the audit report.
 The scope paragraph states that the auditor evaluates the
appropriateness of those accounting principles, estimates, and
financial statement disclosures and presentations given.
 5. Opinion paragraph.
The final paragraph in the standard report states the
auditor’s conclusions based on the results of the audit.
This part of the report is so important that often the entire
audit report is referred to simply as the auditor’s opinion.
The opinion paragraph is stated as an opinion rather
than as a statement of absolute fact or a guarantee.
The intent is to indicate that the conclusions are based on
professional judgment.
The phrase in our opinion indicates that there may be
some information risk associated with the financial
statements, even though the statements have been
audited.
 6. Name of CPA firm.
The name identifies the CPA firm or
practitioner who performed the audit.
Typically, the firm’s name is used because the
entire CPA firm has the legal and professional
responsibility to ensure that the quality of the
audit meets professional standards.
 7. Audit report date
The appropriate date for the report is the one on
which the auditor completed the auditing
procedures in the field.
This date is important to users because it
indicates the last day of the auditor’s
responsibility for the review of significant
events that occurred after the date of the
financial statements.
11/3/2024
Examples
1. Unqualified
2. Modified Unqualified
3. Qualified
4. Adverse, and
5. Disclaimer

THE END OF CHPTER 7