Lecture Principles of auditing will cover the following: introduction to auditing and assurance services; professional ethics and auditor legal liability; client acceptance and management assertions; internal control and control risk; audit planning; audit evidence and audit procedures; completing the audit; audit reports;... Please refer to content this lecture!
8/29/2022 PRINCIPLES OF AUDITING Textbook(s) • Arens, A.A, Elder, R.J and Beasley, M.S (2012) Auditing and Assurance Services, An Integrated Approach, 14th edition, Prentice Hall • Messier Jr, W.F., Glover, S.M and Prawitt, D.F (2008) Auditing and Assurance services: A Systematic Approach, 6th edition, McGraw Hill • International Auditing Standards (ISAs) Contents Chapter 1: Introduction to Auditing and Assurance Services Chapter 2: Professional Ethics and Auditor Legal Liability Chapter 3: Client Acceptance and Management Assertions Chapter 4: Internal Control and Control Risk Chapter 5: Audit Planning Chapter 6: Audit Evidence and Audit Procedures Chapter 7: Completing the Audit Chapter 8: Audit Reports 8/29/2022 CHAPTER Introduction to Auditing and Assurance Services Chapter 1.1 Auditing 1.2 Assurance Audit Definition “Auditing is the accumulation and evaluation of evidence about information to determine and report on the degree of correspondence between the information and established criteria Auditing should be done by a competent, independent person” (Arens, A.A, Elder, R.J and Beasley, M.S.,2012) 8/29/2022 Types of Audits Operational Audit Compliance Audit Financial Statement Audit Types of Audits Operational audit • An operational audit evaluates the economy, efficiency and effectiveness of any part of an organization’s operating procedures and methods in order to improve the operation of auditee Types of Audits Compliance audit • A compliance audit is conducted to determine whether the auditee is following specific procedures, rules, or regulations set by some higher authority 8/29/2022 Types of Audits Financial statement audit • A financial statement audit is conducted to determine whether the financial statements (the information being verified) are stated in accordance with specified criteria 10 Types of Auditors * Internal Auditor (IA) => O.A * State Auditor (SA) => C.A * External Auditor / Independent Auditor (CPA) => F.A 11 International Public Accountancy Firms • • • • Big Four international firms National firms Regional and large local firms Small local firms 12 8/29/2022 Assurance Engagement An assurance engagement is one in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria International Framework for Assurance Engagements, 2005, para.7 13 Levels of Assurance The International Framework for Assurance Engagements identifies two types of assurance engagement: Reasonable assurance engagement Limited assurance engagement 14 CHAPTER Professional Ethics and Auditor Legal Liability 15 8/29/2022 Chapter 2.1 What Are Ethics? 2.2.The IFAC Code of Ethics for Professional Accountants 2.3 Auditor’s Legal liability 16 2.1 What Are Ethics? • Ethics can be defined broadly as a set of moral principles or values 17 18 8/29/2022 2.2.The IFAC Code of Ethics for Professional Accountants 2.2.1 IFAC code of conduct (Fundamental principle of ethics) 2.2.2 Threats to compliance with fundamental ethical principles and the safeguards 19 2.2.The IFAC Code of Ethics for Professional Accountants 2.2.1 IFAC code of conduct (Fundamental principle of ethics) (a) Integrity (b) Objectivity (c) Professional Competence and Due Care (d) Confidentiality (e) Professional Behavior 20 2.2.The IFAC Code of Ethics for Professional Accountants 2.2.2 Threats to compliance with fundamental ethical principles and the safeguards (a) Self-interest threats (b) Self-review threats (c) Advocacy threats (d) Familiarity threats (e) Intimidation threats 21 8/29/2022 2.2.The IFAC Code of Ethics for Professional Accountants 2.2.2 Threats to compliance with fundamental ethical principles and the safeguards Safeguards that may eliminate or reduce such threats to an acceptable level fall into two broad categories: (a) Safeguards created by the profession, legislation or regulation; (b) Safeguards in the work environment 22 2.2.The IFAC Code of Ethics for Professional Accountants 2.2.3 Independence-Assurance Engagements • Independence of Mind • Independence in Appearance 23 2.3 Auditor’s Legal liability 2.3.1 What is Legal Liability of Auditors? 2.3.2 Sources of Legal Liability for an Auditor 2.3.3 The Legal Liability of Auditors to Third Parties 24 8/29/2022 CHAPTER Client Acceptance and Management Assertions 25 3.1 Evaluate the Client’s Background The auditor decides whether to accept a new client or continue serving an existing one The auditor identifies why the client wants or needs an audit This information is likely to affect the remaining parts of the planning process 26 3.2 Management assertion and assertion classification • Management assertion: are implied or expressed representations by management about classes of transactions and the related accounts and disclosures in the financial statements • International auditing standards classify assertions into three categories: – Assertions about classes of transactions and events for the period under audit – Assertions about account balances at period end – Assertions about presentation and disclosure 27 8/29/2022 28 Connect between management assertion and audit objective • Transaction-related audit objectives • Balance-related audit objectives • Presentation and disclosure-related audit objectives (Chapter – Arens, 6.7-6.9) 29 30 10 8/29/2022 34 Audit Risk Model • Auditors consider these risks in planning procedures to obtain audit evidence primarily by applying the audit risk model 35 Audit Risk Model 𝑨𝑨𝑹 PDR = ì ã Where: PDR = planned detection risk AAR = acceptable audit risk IR = inherent risk CR = control risk 36 12 8/29/2022 37 MATERIALITY • FASB Concept Statement defines materiality as: The magnitude of an omission or misstatement of accounting information that, in the light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the omission or misstatement (Chapter 9, Arens) 38 MATERIALITY 39 13 8/29/2022 CHAPTER Internal Control and Control Risk 40 Chapter 4.1 Definition of Internal Control and purpose of designing Internal Control 4.2 Management responsibility and CPA responsibility regarding Internal Control 4.3 Components of Internal Control 4.4 Internal Control limitation and Internal Control in SME 41 4.1 Definition of IC and purpose of designing IC Internal control: The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity's objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations The term "controls" refers to any aspects of one or more of the components of internal control.’ =>Purpose of designing IC 42 14 8/29/2022 4.2 Management responsibility and CPA responsibility regarding IC • Management responsibility about IC • CPA responsibility 43 The COSO internal control components Control environment Risk assessment Control activities Information and communication Monitoring 44 COSO Components of Internal Control INTERNAL CONTROL Component Description of Component Further Subdivision (if applicable) Control environment Actions, policies, and procedures that reflect the overall attitude of top directors, and owners of an entity about internal control and its importance Subcomponents of the control environment: • Integrity and ethical values • Commitment to competence • Board of director and audit committee participation • Management’s philosophy and operating style • Organizational structure • Human resource policies and practices Risk assessment Management’s identification and analysis of risks relevant to the preparation of financial statements in accordance with appropriate accounting frameworks such as GAAP or IFRS Risk assessment processes: • Identify factors affecting risks • Assess significance of risks and likelihood of occurrence • Determine actions necessary to manage risks Categories of management assertions that must be satisfied: • Assertions about classes of transactions and other events • Assertions about account balances • Assertions about presentation and disclosure 45 15 8/29/2022 COSO Components of Internal Control INTERNAL CONTROL Component Description of Component Further Subdivision (if applicable) Control activities Policies and procedures that management has established to meet its objectives for financial reporting Types of specific control activities: • Adequate separation of duties • Proper authorization of transactions and activities • Adequate documents and records • Physical control over assets and records • Independent checks on performance Information and communication Methods used to initiate, record, process, and report an entity’s transactions and to maintain accountability for related assets Transaction-related audit objectives that must be satisfied: • Occurrence • Completeness • Accuracy • Posting and summarization • Classification • Timing Monitoring Management’s ongoing and periodic assessment of the quality of internal control performance to determine whether controls are operating as intended and are modified when needed Not applicable 46 4.4 Internal Control limitation and Internal Control in SME • Internal Control limitation • IC in SME 47 CHAPTER Audit planning 16 8/29/2022 Chapter 5.1 The Overview of Audit Process 5.2 Planning the Audit 5.3 Audit Strategy and Approaches 5.4 The Audit Program • • • • The Overview of Audit Process Client Acceptance/Continuance Preliminary Engagement Planning the Audit Performing the Audit (Evidence collection and evaluation) o Perform Tests of Controls o Perform Substantive Procedures Completion the Audit Audit Report Planning the AUDIT Audit strategy: The formulation of the general strategy for the audit, which sets the scope, timing and direction of the audit and guides the development of the audit plan Audit plan: An audit plan is more detailed than the strategy and sets out the nature, timing and extent of audit procedures 17 8/29/2022 Audit Strategy and Approaches Substantive strategy/approach Reliance strategy/approach • The Audit Program Audit programs containing specific audit procedures are also prepared Exhibit 3–2 presents a partial audit program for substantive tests of accounts receivable AUDIT EVIDENCE AND AUDIT PROCEDURE Chapter 18 8/29/2022 Chapter 6.1 Audit Evidence 6.2 Two categories of Audit Procedures 6.3 Audit Documentation 6.1 Audit evidence 6.1.1 The Concept of Audit evidence 6.1.2 The Appropriateness of audit evidence 6.1.3 The Sufficiency of Audit evidence Concept of audit evidence Audit evidence is the information used by the auditor in arriving at the conclusions on which the audit opinion is based, and it includes the information contained in the accounting records underlying the financial statements and other information 19 8/29/2022 The Appropriateness of audit evidence The appropriateness means the quality of evidence obtained when the evidence is relevant and reliable (relevance and reliability) The Sufficiency of Audit evidence • The sufficiency is the quantity of audit evidence needed depending on the risk of material misstatement and the quality of the audit evidence gathered Types of Audit Procedures for Obtaining Audit Evidence ∙ Inspection of records or documents ∙ Observation ∙ Physical examination of tangible assets ∙ Inquiry ∙ Re-performance ∙ Recalculation ∙ Confirmation ∙ Analytical procedures 20 8/29/2022 6.2 Two categories of Audit Procedures 6.2.1 Tests of Controls 6.2.2 Substantive Procedures 61 Tests of Controls Tests of controls: Audit procedures designed to evaluate the operating effectiveness of the entity's internal controls in preventing, or detecting and correcting, material misstatements Substantive Audit Procedures • Substantive procedures are tests performed to obtain audit evidence to detect material misstatements in the financial statements 21 8/29/2022 6.3 Audit Documentation 64 6.3 Audit Documentation • Audit documentation (working papers) is the record of procedures performed, relevant evidence obtained and conclusions reached 65 Completing the audit Chapter 22 8/29/2022 Chapter 7.1 Overview of Completing the audit 7.2 Review for Contingent Liabilities 7.3 Review for Discovery of Subsequent Events 67 Overview of Completing the audit • • • • • • • Design and perform audit tests related to presentation and disclosure audit objectives Review for contingent liabilities Review for subsequent events Final evidence accumulation Evaluate results Issue the audit report Communicate with the audit committee and management Review for contingent liabilities A contingent liability is a potential future obligation to an outside party for an unknown amount resulting from activities that have already taken place Material contingent liabilities must be disclosed in the footnotes 23 8/29/2022 Review for Subsequent Events The third part of completing the audit is the review for subsequent events The auditor’s responsibility for reviewing subsequent events is normally limited to the period beginning on the balance sheet date and ending with the date of the auditor’s report Review for Subsequent Events Two types of subsequent events require consideration by management and evaluation by the auditor: – Those that have a direct effect on the financial statements and require adjustment – Those that not have a direct effect on the financial statements but for which disclosure may be required Audit reports CHAPTER 24 8/29/2022 Chapter Basic Elements of the Auditor’s Report Types of Reports Expressing Audit Opinions The conditions required to issue the standard unmodified opinion audit report Five circumstances when an emphasis-of-matter explanatory paragraph or nonstandard wording is appropriate to include in an unmodified opinion audit report The types of audit reports that can be issued when an unmodified opinion is not justified Basic Elements of the Auditor’s Report Report title Audit report address Introductory paragraph Management’s responsibility Auditor’s responsibility Opinion paragraph Name and address of CPA firm Audit report date TYPES OF REPORTS EXPRESSING AUDIT OPINIONS 25 8/29/2022 Conditions for standard unmodified opinion audit report Includes all financial statements Sufficient appropriate evidence accumulated Financial statements are presented fairly in accordance with GAAP or other framework No circumstances requiring the addition of an emphasis-ofmatter paragraph or modification Modifications to the opinion in the audit report Three conditions requiring a modification to the audit opinion: The scope of the audit has been restricted (scope limitation) The financial statements have not been prepared in accordance with generally accepted accounting principles (GAAP departure) The auditor is not independent Modifications to the opinion in the audit report Three types of reports may be appropriate: Qualified opinion Adverse opinion Disclaimer of opinion 26 ... 8/29/2022 2.2.The IFAC Code of Ethics for Professional Accountants 2.2.1 IFAC code of conduct (Fundamental principle of ethics) 2.2.2 Threats to compliance with fundamental ethical principles and the... safeguards 19 2.2.The IFAC Code of Ethics for Professional Accountants 2.2.1 IFAC code of conduct (Fundamental principle of ethics) (a) Integrity (b) Objectivity (c) Professional Competence and Due... quantity of audit evidence needed depending on the risk of material misstatement and the quality of the audit evidence gathered Types of Audit Procedures for Obtaining Audit Evidence ∙ Inspection of