An International Approach Bahram Soltani The business world is changing rapidly, but recent corporate failures and scandals have demonstrated, in dramatic fashion, that auditing is lagging behind Financial markets need, now more than ever, reliable auditing that delivers high quality information For economies to operate effectively, investors need control over company executives Auditing: An International Approach treats auditing as a whole discipline – the theory and the practice – rather than discussing only auditing techniques This approach raises the essential question of what auditing ‘ought to be’ and how it should keep pace with change The book discusses auditing concepts for a changing environment and how auditing is responding to public expectations It analyzes the role of external auditors today as a vital part of decision making in the market economy and the need to expand their role beyond traditional financial statement audits Features The major feature of the book is its coverage of four fundamental areas in auditing: international issues including international standards, theoretical as well as practical aspects of auditing, major research work in auditing, and multidisciplinary topics Unique in its extensive coverage of international, theoretical and multidisciplinary topics, the book aims at providing a clear understanding of the evolution of auditing in a changing environment Each chapter includes: ● ● ● ● ● ● Learning objectives, end-of-chapter summaries and explanations of key terms to reinforce learning Summaries of key topics on almost every page Extensive references to guide further reading, research work and advanced studies End-of-chapter review and discussion questions to allow the students and other users to test their learning and to facilitate classroom discussion An extensive glossary Up-to-date citations of key regulators and scholars who specialize in different areas of auditing Audience The book has been created for advanced auditing and accounting courses (and businessrelated degrees) at upper undergraduate and post-graduate levels With its extensive coverage of auditing and assurance services in today’s uncertain business environment, the book should also be of interest to audit professionals, corporate managers, regulatory bodies and researchers Bahram Soltani is Associate Professor of Accounting and Finance at the University of Paris I-Panthéon Sorbonne An International Approach Most importantly, the book presents external auditing in a new way, with a focus on fundamental, theoretical issues pertaining to the framework and conceptual structure of auditing on a global scale This is balanced with a thorough and careful consideration of audit practices in the new millennium Auditing Auditing Soltani Bahram Soltani Auditing An International Approach an imprint of 9780273657736_COVER.indd www.pearson-books.com 14/2/07 15:46:53 AUDA_A01.qxd 09/02/2007 16:04 Page i AUDITING AUDA_A01.qxd 09/02/2007 16:04 Page ii We work with leading authors to develop the strongest educational materials in business and finance, bringing cutting-edge thinking and best learning practice to a global market Under a range of well-known imprints, including Financial Times Prentice Hall, we craft high-quality print and electronic publications that help readers to understand and apply their content, whether studying or at work To find out more about the complete range of our publishing, please visit us on the World Wide Web at: www.pearsoned.co.uk AUDA_A01.qxd 09/02/2007 16:04 Page iii AUDITING: An International Approach Bahram Soltani AUDA_A01.qxd 09/02/2007 16:04 Page iv Pearson Education Limited Edinburgh Gate Harlow Essex CM20 2JE England and Associated Companies throughout the world Visit us on the World Wide Web at: www.pearsoned.co.uk First published 2007 © Pearson Education Limited 2007 The right of Bahram Soltani to be identified as author of this work have been asserted by him in accordance with the Copyright, Designs and Patents Act 1988 All rights reserved No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without either the prior written permission of the publisher or a licence permitting restricted copying in the United Kingdom issued by the Copyright Licensing Agency Ltd, Saffron House, 6-10 Kirby Street, London EC1N 8TS ISBN 978-0-273-65773-6 British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library Library of Congress Cataloging-in-Publication Data A catalog record for this book is available from the Library of Congress 10 11 10 09 08 07 06 Typeset in 10.5/12.5pt Minion by 35 Printed by Ashford Colour Press Ltd., Gosport The publisher’s policy is to use paper manufactured from sustainable forests AUDA_A01.qxd 09/02/2007 16:04 Page v This book is dedicated to my wife Flora and my son Arshan AUDA_A01.qxd 09/02/2007 16:04 Page vi AUDA_A01.qxd 09/02/2007 16:04 Page vii CONTENTS Brief Contents List of Figures Preface Acknowledgements About the Author xix xxii xxv xxviii 10 11 12 13 14 15 28 66 92 126 159 184 215 242 279 301 336 387 416 16 17 18 19 An Introduction to Auditing and Assurance Demand for and Supply of External Audit Services Auditing, Organization and Governance The Audit Committee, Internal and External Auditing International Auditing and Assurance Services Auditing in the European Context Auditor Independence and Professional Ethics: International Issues Audit Risk, Materiality and Business Risk Management Audit Sampling Techniques Evidence and Decision Making in Auditing Internal Control over Financial Reporting and IT Environment Audit Reporting Information Technology and Auditing Continuous Auditing and Continuous Reporting Quality Control and Oversight Systems in Auditing: International Issues Auditor Liability in a Changing Environment The Independent Auditor, Stock Markets and Lending Decisions Corporate Fraud, Corporate Scandals and External Auditing Auditing: Looking Ahead Glossary Index 442 471 496 532 577 609 634 vii AUDA_A01.qxd 09/02/2007 16:04 Page viii AUDA_A01.qxd 09/02/2007 16:04 Page ix Contents List of Figures Preface Acknowledgements About the Author An Introduction to Auditing and Assurance Learning objectives Introduction Questions about the critical role of auditors The nature and objectives of auditing Recent changes in the audit environment A theoretical approach to auditing Debating the historical perspective of auditing concepts The demand for assurance services: an economic explanation Attestation services Concluding remarks Bibliography and references Notes Review questions Discussion questions Demand for and Supply of External Audit Services Learning objectives Introduction Debating audit expectations Demand and supply of audit Parties demanding financial statement information The problem of ‘information asymmetry’ The economics of information Supply of financial statement information (mandatory and voluntary disclosures) Factors affecting corporate financial disclosure External auditors and supply and demand of financial information Demand for auditing xix xxii xxv xxviii 1 2 14 18 23 23 24 26 26 28 28 29 30 33 33 37 39 39 41 44 45 ix AUDA_Z02.qxd 06/02/2007 17:39 Page 646 INDEX financial statements (continued) errors 533–5 fraud 533–5 historical 19–20, 612 information demand 44–5 parties demanding 33–7 roles 29, 498 supply 39– 41, 44 –5 interim, reports 363–5 management manipulation 6–7 management responsibilities 46, 83 mandatory disclosures 39–41, 42–3 prospective 20 reviews, objectives 138 statements included 4–5 uncertainties in, loan decisions influenced by 35– users see users voluntary disclosures 39–41, 43–4 XBRL 428 –9, 432 financing needs, fraud and 538 firewalls 329, 619 firms see audit firms; organizations Flint, David 12 FoF (Forum of Firms) 130, 172 footnotes 619 forecast financial statements, agreed-upon procedures engagements 23 forms, SEC 37, 43, 363, 619 Forum of Firms (FoF) 130, 172 France, liability 480 frauds 32, 532–3 audit profession and corporate scandals 555–70 corporate 615 definition 533, 619 detection 407, 542–3 earnings management 550–5, 570 financial reporting see financial reporting financial statements 533–5 importance of concept in reporting and auditing 535–42 material misstatements resulting from 292, 542– risk factors 543–4 SEC actions against auditors 464–5 warning signals 547–50 FRC (Financial Reporting Council) 459 frequency distributions 619 GAAP see generally accepted accounting principles 646 GAAS (generally accepted auditing standards) 127–9, 620 GAS (generalized audit software) 406, 619–20 general controls 325 computer information systems 619 IT environments 402, 418–19, 421–2 general ledgers, XBRL 426 general principles of audits 139–40 generalized audit software (GAS) 406, 619–20 generally accepted accounting principles (GAAP) definition 620 departure from 350, 352, 616 non-conformity with, audit reports effects 347–8 reference to, reporting standard 338 generally accepted auditing standards (GAAS) 127–9, 620 Germany, liability 480, 481, 482 globalization 127, 417, 523, 599–600 goal (in)congruity 620 going concern assumptions 620 audit reports 352–8, 361 management 353, 357–8 IT risks 400 opinions 513, 516–17 reports, auditor dismissal and 113 governance bodies 620 corporate see corporate governance definition 620 risks 234 governments demand for financial statements information 36 interests, financial reporting and 42–3 grey directors 101 growth opportunities 99 haphazard selection 256, 270, 620 harmonization accounting standards 151–4 EU see European Union of standards 599–600 heuristics 294–8, 610, 613, 620 historical financial statements 19–20, 612 holistic approach to education 593 home country control, EU 165 human factors 313 human resources policies and practices 312 quality controls and 452–3 risks 234 AUDA_Z02.qxd 06/02/2007 17:39 Page 647 INDEX IA (incremental allowance for sampling risk) 266 –7 IAASB see International Auditing and Assurance Standards Board IAEPS (International Assurance Engagement Practice Statements) 137 IAPS (International Auditing Practice Statements) 133, 136, 137 IAS (International Accounting Standards) 152, 153 IASB see International Accounting Standards Board IASC (International Accounting Standards Committee) 151 ICAEW (Institute of Chartered Accountants in England and Wales) 490 ICAS (Institute of Chartered Accountants of Scotland) 490 ICQ (internal control questionnaires) 408 IFAC see International Federation of Accountants IFRS see International Financial Reporting Standards IIA (Institute of Internal Auditors) 106 impaired assets 620 importance of auditing 600–1 inalterability, accounting information processing 395– incentives 198–9, 538–41 income smoothing see earnings: smoothing income statements 4, 40 incorrect acceptance risks 268 incorrect rejection risks 264 incremental allowance for sampling risk (IA) 266 –7 independence in appearance 192–3, 206, 621 audit committees 97–100 auditors see auditors boards of directors 98–9 in fact 192, 206 of mind 192–3, 621 risks 578, 621 threats 621 Independence Standards Board (ISB) 206–7, 446, 460 independent auditors see auditors independent directors 98, 101, 625 independent services 15 indirect mass fraud 547 inductive reasoning 289, 621 inefficient capital markets 502–3 information accounting see accounting information analysis, CAATs 407 asymmetry 37–9, 497, 621 agency theory 55, 57 auditors’ independence and 197–8 auditors’ roles 58–9 consequences of audits 48 costs 52 stewardship (monitoring) hypothesis 50–1 biased 47 concurrent 511 confidentiality loss, IT environments 398–9 content audit reports and investment decisions 505 qualified audit opinions 512 tests see event studies costs 57 credibility 29 economics of 29, 39 errors in 49 financial statements see financial statements hypothesis 51–2, 621 inside 621, 627 internal control 307–8, 326 as power 29 private 57, 501, 627 problem 38, 43–4, 621 publicly-available 501 quality 6, 15, 29, 80, 473–4, 498 rapid and regular production of 602 relevance 81–2 retrieval, CAATs 407 risks 234, 235 sources as evidence 281 timeliness 81–2 user-chosen see also data; disclosures information systems (IS) auditors 436 information technology (IT) 5, 29, 387–9, 416–17, 499, 595 assurance services 423–4 audit risks 396–9 challenges facing auditors 389–90, 602–3 COBIT 420–3, 614 computer-assisted audit techniques (CAAT) 402–11 continuous auditing see continuous auditing continuous monitoring see continuous monitoring continuous reporting 424–5, 426–7 controls and auditors 420 COSO report 324–6 definition 621 e-business 390–2 e-commerce 390–1, 392, 396–9 647 AUDA_Z02.qxd 06/02/2007 17:39 Page 648 INDEX information technology (IT) (continued) environment 621 internal control see internal control in organizations 417–19 planning audits 400 reliability of accounting information and IT risks 392– risk assessments 389, 400 –2 risk management 399–400 XBRL see XBRL see also software Information Technology Governance Institute (ITGI) 324, 420–2 informational efficiency 500, 501, 504 informationally efficient markets 621 informative role of auditing 51 infrastructure risks 400 inherent limitations in audits 140 inherent risks (IR) 218–19, 221–7, 401, 621 initial public offerings 621 innovative approaches xx inquiries in obtaining evidence 286 insensitivity to base rates and sample size biases 297 inside directors 99, 101 inside information 621, 627 inspection in obtaining evidence 285–6 inspired confidence theory 8–10, 12, 31 instance documents, XBRL 426, 427–8, 441 instant auditing 430 Institute of Chartered Accountants in England and Wales (ICAEW) 490 Institute of Chartered Accountants of Scotland (ICAS) 490 Institute of Internal Auditors (IIA) 106 institutional basis, organizations 71 institutional environments 72 institutional interests, financial reporting and 42–3 insurance catastrophic risk coverage 472 directors 482–3 hypothesis 52–4, 621 problem 57 professional indemnity 473 property and equipment analyses 23 integrated test facilities (ITF) 406–7, 621–2 integrity AICPA ethical principles 190 auditors 45, 186–7 electronic evidence 289–90 IT systems 394 organizations 312 648 risks 234 transactions 330 intellectual property, stealing 535 intended users, assurance engagements 141–2 intentional misstatements 216 intentional omissions 534 interests conflicts see conflicts of interest financial 618 institutional, financial reporting and 42–3 public see public interests interim financial statements, reports 363–5 internal audits 622 audit committees and 105–8 continuous auditing 433 effectiveness 312–13 European Union 173 reporting responsibilities 108 reports on internal control 318–19 internal control 301–2 activities 307, 325 audit committee and 108–11, 173 audit reports 523 auditors’ assessments 219–20 audits and, EU 173 compliance road map 422–3 components 305, 309 control environment 305–6 auditors’ understanding 310–13 IT 324 ‘tone at the top’ 309–10, 569–70 corporate governance and 76–7, 173 deficiencies 315 definitions 303, 315, 622 effectiveness 79, 313, 323–6 Enterprise Risk Management (ERM) 320–2 external environments 314 over financial reporting 19, 20–2, 315–20 framework 303–8 inadequate, assets misappropriation 541 IT environments 389, 401–2, 418–19 audit developments 323 COBIT 420–3, 614 effectiveness of control 323–6 IFAC 329–31 Sarbanes-Oxley Act 326–9 knowledge for audits 22 limitations on effectiveness 313 management responsibilities see management need for 302–3 objectives 309 opinions 367 questionnaires (ICQ) 408 AUDA_Z02.qxd 06/02/2007 17:39 Page 649 INDEX internal control (continued) reliability 316 reporting on 316–20, 365–7 ‘top-down’ approach to audits of 319–20 systems, definition 622 weaknesses 546 internal market for audit services, EU 175–6 internal rotation of auditors 205 International Accounting Standards (IAS) 152, 153 International Accounting Standards Board (IASB) 4, 130, 151, 152, 154, 622 International Accounting Standards Committee (IASC) 151 international aspects xx International Assurance Engagement Practice Statements (IAEPS) 137 International Auditing and Assurance Standards Board (IAASB) 622 composition 133–4 International Auditing Practice Statements 133, 136, 137 International Standards on Assurance Engagements see International Standards on Assurance Engagements International Standards on Quality Control see International Standards on Quality Control International Standards on Related Services (ISRS) 133, 134, 137 ISA development 131 objectives 132–3 quality control 445, 449 role 132–3 International Auditing Practice Statements (IAPS) 133, 136, 137 International Auditing Practices Committee (IPAC) 130, 132 International Education Standards 130 International Federation of Accountants (IFAC) 622 assurance services 14 auditor independence 191–2 Code of Ethics for Professional Accountants 22, 130, 139, 329–31, 446–7, 451 Information Technology Committee 399–400 internal control and IT 329–31 International Auditing Practices Committee (IPAC) 130, 132 international harmonization of auditing standards 129–30 Leadership Group 456 materiality 229 mission 130 monitoring 331 Monitoring Group 456 Public Interest Oversight Board (PIOB) 31, 456 quality control 444–5, 448–56 International Financial Reporting Standards (IFRS) 4, 152–4, 622 International Framework for Assurance Engagements 17, 145, 146 International Public Sector Accounting Standards (IPSAS) 130 International Standards on Assurance Engagements (ISAE) 133, 134, 137, 140–3, 145, 149, 622 International Standards on Auditing (ISA) 130, 622–3 application 134 development 131–2 European Union and 160, 162, 167, 171–2 framework 138–9 ISA 200 ‘Objective and general principles governing an audit of financial statements’ 138, 342 ISA 220 ‘Quality control for audit work’ 445, 448 ISA 220 (revised) ‘Quality control for audits of historical financial information’ 148–9, 445, 453–5 ISA 240 ‘The auditor’s responsibility to consider fraud in an audit of financial statements’ 533–4, 537, 538 ISA 400 ‘Risk assessments and internal control’ 216–17 ISA 570 ‘Going concern’ 352, 353–4 ISA 620 ‘Using the work of an expert’ 148–9 ISA 700 ‘The auditor’s report on financial statements’ 343, 345, 346, 363, 382–6 list 134–6 quality control 445, 449–50 International Standards on Quality Control (ISQC) 133 application 134, 146, 449–56 International Standards on Related Services (ISRS) 133, 134, 137 International Standards on Review Engagements (ISRE) 137 internet security 408 internet service providers (ISP) 398 interval sampling 254 intimidation threats 201, 623 introduction to auditing and assurance 1–27 introductory paragraphs 623 investment decisions 505 649 AUDA_Z02.qxd 06/02/2007 17:39 Page 650 INDEX investment focus 34, 623 investment securities, management representations 23 investor-orientation approach 37 investor protection IPAC (International Auditing Practices Committee) 130, 132 IPSAS (International Public Sector Accounting Standards) 130 IR see inherent risks irregularities 216, 401 IS auditors 436 ISA see International Standards on Auditing ISAE see International Standards on Assurance Engagements ISB see Independence Standards Board ISP (internet service providers) 398 ISQC see International Standards on Quality Control ISRE (International Standards on Review Engagements) 137 ISRS (International Standards on Related Services) 133, 134, 137 IT see information technology ITF (integrated test facilities) 406–7, 621–2 ITGI (Information Technology Governance Institute) 324, 420–2 JMU (Joint Monitoring Unit) 459 joint and several liability 476–8, 479–80, 489, 623 Joint Monitoring Unit (JMU) 459 judgemental sampling 270 see also non-statistical sampling judgements 140 auditor independence and 196 biases 296 decision-making 292–4 errors 292 justification hypothesis 54–5 key management positions 623 knowledge audit committees 104–5 audit staff 165 auditing as field of 11–12 auditors see auditors experts 148 internal control audits 22 IT, audit teams 410 laws, compliance with see legal compliance Leadership Group, IFAC 456 leadership quality, responsibilities for 450–1 650 legal compliance 82, 113–14, 314 legal environment changes 475–6 legal fictions 71 legal liability 53–4, 472, 556, 623 ‘lemon’ problem 38, 43–4, 621 lending decisions 497 accounting information and auditors 518–22 audit opinions and, research on relationships 521–2 demand for financial statements information 35–6 liabilities fair-value-based measurements 581 fraud and 535, 539, 554 marking to market 580–1 liability 53–4, 471–2 analysis of auditor independence beyond system 198–9 assurance services 483–4 caps 477, 480–1, 487, 490, 632 common law 484–5 for company accounts 472–3 economic analysis 473–4 European Union 176, 486–8 Germany 480, 481, 482 joint and several 476–8, 479–80, 489, 623 legal environment changes 475–6 limited 476 limits 472, 478 litigation risks against auditors 474–5 proportionate 477, 478–80, 486, 490 United Kingdom 489–91 United States 479–80, 485–6 unlimited 483, 485 statutory law 484–5 types 476–81 see also legal liability likelihood 623 limitations audit risk-based approach 223–6 audits 140 internal control effectiveness 313 scope see scope: limitations limited assurance see assurance limited liability 476 limits on liability 472, 478 Limpberg, Theodore 8–10, 12, 31 Lincoln Savings and Loan 562–3 litigation assurance services, threatened 483–4 costs 623 crisis 599 risks against auditors 474–5 AUDA_Z02.qxd 06/02/2007 17:39 Page 651 INDEX loan decisions see lending decisions long-form reports 149 long-horizon post-event performance studies 504 losses agency 198 operating, fraud and 538 residual 628 ‘low-balling’ 194, 597, 598–9, 623 malpractice 472, 475–6 see also frauds management accountability misunderstandings 79 for performance 76 to shareholders 73, 76–7 accounting methods choices 581 agency problem 55 assertions 284–5 auditor inquiries of 543 auditor relationships 68–9, 95, 163, 540 compensation 312 demand for financial statements information 35 disagreements with 345 domination of, fraud and 539 earnings excessive interest in maintaining or increasing, fraud and 540 management see earnings: management financial reporting responsibilities 46, 83–4, 102 financial statements delays in signing 358 manipulation 6–7 responsibilities 46, 83 fraud auditors’ communication of 546 committed by management 549 responsibilities 533, 536–7 going concern assumptions 353, 357–8 information asymmetry 38, 198 internal control responsibilities 21, 110–11, 316, 317–18 IT responsibilities 418–19 key positions 623 monitoring controls 436 non-financial, excessive participation in selection of accounting principles, fraud and 540 opportunism 74 organizational philosophy 311 owners and, conflicts of interest 6–7 ownership and conflicts of interest 56–8 separation 49 planning, effective 79 risk management responsibilities 108–9 self-serving behaviour 198 shareholder relationships 34–5, 56–8, 68–9, 76 stock prices, excessive interest in maintaining or increasing, fraud and 540 written representations to auditors 542–3, 545–6, 554 management consulting 17 management threats to auditor independence 201 managing functions, boards of directors 99 mandatory disclosures 39–41, 42–3, 623 manual tests, impracticability 410 mapping, application software 610 market-based research 624 market efficiency 500–3, 623 market expectations 550–1 market forces 43–4, 497 market-related risks 52 market risk premiums 623 market saturation, fraud and 538 markets for audits 5, 499, 597 marking to market, assets and liabilities 580–1 material deficiencies, internal control 315 material errors 218–19 material misstatements see misstatements material uncertainties 355–8 material weaknesses 624 materiality acceptable levels 229 assessments 228–9 audit opinions and 359 audit risks and, relationship between 229–30 definitions 228–9, 624 Mautz and Sharaf 10–13, 579, 582 maximum population deviation rate 272 mean 624 mean-per-unit (MPU) estimation sampling 261 Means, G C (Berle and Means) 69–71 measurement criteria, attestation services 19 measuring and monitoring 235, 241, 624 medians 624 MG (Monitoring Group), IFAC 456 mid-tier firms 590 mind, independence of 192–3, 621 minutes, corporate 615 misappropriation of assets 533, 535, 540–2 misconceptions of chance biases 297 misrepresentation 534 651 AUDA_Z02.qxd 06/02/2007 17:39 Page 652 INDEX misstatements 216 definition 624 expected 618 fraudulent financial reporting and 538–40 material 220, 227, 229, 232–3, 292, 542–7, 624 most likely (MLM) 625 sampling 262–6 upper limit on 633 mitigation of risks 321, 325 MLM (most likely misstatements) 625 mode 624 modelling programs 406 moderate assurance 18, 20 modified auditors’ reports 344–5, 358, 624 monitoring 624 audit markets by regulators 499 auditing profession 448 boards of directors’ functions 99 business risks 235 concept 50 continuous see continuous monitoring controls, management 436 costs 57, 59, 625 demand for audits 45–6 hypothesis 55, 59–60 information, auditors’ roles 58–9 internal control 308, 326, 331 quality assurance mechanism, EU 175 quality controls and 449, 455–6 SEC role 463–4 see also oversight Monitoring Group, IFAC 456 moral hazard 57 most likely misstatements (MLM) 625 MPU (mean-per-unit) estimation sampling 261 multidisciplinary approach xxi, 84–7 multinational organizations 127 multistage sampling 255 nature of accounting entries 395 nature of auditing 4–5 negative assurance 18 negative cash flows, fraud and 538 Netherlands, liability 481 network security software and performance, CAATs 407–8 networks 625 neutrality 15 nexus of contracts 71, 625 non-attestation services, assurance 16 non-audit services 6, 199–200, 205–6, 579, 582–4 noncompliance 625 non-contaminated qualified audit reports 515 652 non-executive directors 98 non-executive shareholders 100 non-financial performance or conditions assurance engagements 14, 142 non-outside directors 625 non-recurring items 625 non-repudiation, IT systems 394 non-sampling risks 246–7, 625 non-statistical sampling 247, 248–9, 256–7, 625 notes to financial statements 41 objectives assurance engagements 15–16, 141 audits 4–5, 138, 612 Enterprise Risk Management 321 financial reporting 40–1 internal control 309 International Auditing and Assurance Standards Board (IAASB) 132–3 PCAOB Auditing Standard No 2: 327–9 reviews of financial statements 138 objectivity 625 auditors see auditors observation in obtaining evidence 286 observed deviation rate (ODR) 271 occurrence risks 221–3 ODR (observed deviation rate) 271 omissions, intentional 534 opening paragraphs 623 operating earnings 580 operating losses, fraud and 538 operating styles of organizations 311 operation deficiencies, internal control 315 operational effectiveness evaluation, COBIT objectives 423 operational risks 234 operations conducted across international borders, fraud and 539 opinion shopping 521, 598–9, 625 opinions 497 adverse 341, 345, 347–8, 351–2, 356, 358–60, 609 definition 612 disclaimers 341, 345, 347, 348–9, 356, 361–2, 505, 616 evidence 281 expression of, reporting standard 339 forming 343 going-concern 354–8, 513, 516–17 internal control 367 lending decisions and, research on relationships 521–2 material uncertainties 355–8 AUDA_Z02.qxd 06/02/2007 17:39 Page 653 INDEX opinions (continued) non-conformity with GAAP effects 347–8 outcomes 506 paragraphs 625 public announcement dates 511–12 qualified 341, 345, 347–8, 349, 351–2, 356, 359, 362, 511–15, 627–8 scope limitation effects 346–7, 361 stock prices and, relationship between 506–11 unqualified 341–3, 344–5, 357, 505, 633 see also audit reports opportunism 74 opportunities for fraud 538, 539, 541, 548–9 optimizing risks 235, 241, 629 options, decision-making and 291 oral evidence 288 organization philosophy 311 organizational anomalies, fraud warning signals 547 organizational culture assessments of 310–11 corporate governance and 78 organizational theory 74 organizations 67 auditing and 67–72 auditor relationships 85 auditors’ understanding of 231 communications 81 contractual basis 71 control mechanisms 71–2 corporate governance see corporate governance external environments 69 financial reporting process responsibilities 82–3 institutional basis 71 institutional environments 72 IT environments 417–19 multinational 127 relationships 68–9 structures 78, 311 complex, fraud and 539 theory of business organizations 70 theory of the firm 67, 74–5 OTC (over-the-counter) markets 626 other auditors 625 outside directors 98–9, 101, 625 over-the-counter (OTC) markets 626 overconfidence biases 298 overreliance risks 268–9 oversight AICPA role 463 audit committees’ oversight relationships 106 – 8, 110 –11, 463 FASB role 463 PCAOB see Public Company Accounting Oversight Board PIOB (Public Interest Oversight Board) 31, 456 Professional Oversight Board 460 SEC roles 463, 465 see also monitoring overstatements, reliability factors for 265 overvalued share prices 38–9 ownership control separation from 6, 69–71, 78 management and conflicts of interest 6–7, 56–8 separation 49 shareholders’ function, failure to discharge 76 P/E (Price/Earnings) ratios 626 parallel simulation 407, 626 Parmalat 563–5 partners 626 audit 208, 612 engagement 453–4, 617 PCAOB see Public Company Accounting Oversight Board PEEC (Professional Ethics Executive Committee) 446, 460–1 peer reviews 175, 626 performance abnormal 609 engagements, quality controls and 453–4 long-horizon post-event studies 504 management accountability 76 personal characteristics fraud warning signals 549 personal observations as evidence 288 persuasiveness of evidence 140, 283 pervasive, definition 626 pervasive risks 626 philosophy of auditing 10–13 physical characteristics, assurance engagements 14, 142 pilot samples 626 PIOB (Public Interest Oversight Board) 31, 456 planning assurance engagements 146–7 COBIT objectives 423 computer-assisted audit techniques 409–10 evidence 281 IT 400 management 79 organizational systems 311 policies 79 POB (Public Oversight Board) 460, 627 point-in-time reviews 431 653 AUDA_Z02.qxd 06/02/2007 17:39 Page 654 INDEX populations 251–2, 267, 626 portfolios, risks 241, 321–2, 629 positive theory of agency 626 postulates 11, 13–14 power information as 29 use of 78 PPS see probability-proportional-to-size sampling practical applications 11 practice statements 133, 136, 137 practitioners, assurance engagements 141 precepts 11 precision 626 achieved 609 predecessor auditors 540, 626 predictions 7–8 predictive analyses, CAATs 409 predictive value 15 pressures 163, 538–9, 540–1, 549 presumed associations biases 296 preventive effect 226 Price/Earnings (P/E) ratios 626 pricing 597–9 principal auditors 627 principals 626 principle-based accounting standards 581 prior period adjustments 627 prioritization of risks 630 private information 57, 501, 627 probabilities 627 probability-proportional-to-size (PPS) sampling 259, 262–7, 627 procedures, assurance engagements 145–50 process alignment, IT systems 330 processes assurance engagements 14, 142, 143 documenting, COBIT objectives 423 professional behaviour, auditors 189 professional competence 187 Professional Ethics Executive Committee (PEEC) 446, 460 –1 professional indemnity insurance 473 professional integrity, auditors 190, 196–7 professional liability see liability Professional Oversight Board 460 professional requirements 448 professional scepticism 139, 292, 540, 542, 554 professional services 627 proficiency, experts 148 profit and loss accounts see income statements profitability, fraud and 538 program code analysis 407 programming errors 401 654 prohibited ethical conflicts 187–8 prohibited non-audit services 200 projected misstatements 266 projecting errors 258 property analyses for insurance purposes 23 proportionate liability 477, 478–80, 486, 490, 627 prospective financial statements 20 protective covenants 627 proxies 627 proxy contests 627 public announcement dates 511–12 Public Company Accounting Oversight Board (PCAOB) 461, 627 aims 31 auditing standards setting 128–9, 337 Auditing Standard No ‘References in auditors’ reports to the standards of the PCAOB’ 129 Auditing Standard No ‘An audit of internal control over financial reporting performed in conjunction with an audit of financial statements’ 21–2, 129, 316, 326–9, 365–7, 523 Auditing Standard No ‘Audit documentation’ 129 creation 31 European Commission actions regarding requirements of 177–8 fraud 534, 544 oversight roles 461–2 standards 446 public interest entities, 162, 627 Public Interest Oversight Board (PIOB) 31, 456 public interests AICPA ethical principles 190 financial reporting and 42–3 public oversight systems for auditors, EU 171 public sector International Public Sector Accounting Standards (IPSAS) 130 public supervision of auditing profession 447, 458 Public Oversight Board (POB) 460, 627 publicly-available information 501 QCIC (Quality Control Inquiry Committee) 460, 461 qualified audit reports see audit reports qualified opinions see opinions qualitative evaluation of exceptions 628 qualitative misstatements 229 AUDA_Z02.qxd 06/02/2007 17:39 Page 655 INDEX quality 442–3 assurance 628 disciplinary sanctions and 448 European Union 166, 170, 174–5, 203–4 audit concentration impact on 591 auditor independence 197 change of auditors and 598 controls 443, 628 assurance engagements 146 engagement level 449–50, 454–5 European Union 456–8 firm level 449–50, 450–6 framework 444 IFAC position 448–56 International Standards see International Standards on Quality Control overview 443–5 standards in auditing 446 United Kingdom 458–60 United States 460–5 earnings see earnings evidence 282 of information see information internal control 304, 318 leadership responsibilities for 450–1 raising, EU 164 Quality Control Inquiry Committee (QCIC) 460, 461 quantitatively material misstatements 229 random number selection 253, 628 random number tables 253–4 random sampling 253, 270 ranking risks 630 rapid production of information 602 rates of return abnormal 609 expected 618 rating agencies 58 ratio estimation sampling 261 rational expectations theory 8–10, 12, 31 rationality, bounded 74, 294, 613 rationalizations of fraud 538–42 real-time accounting (RTA) systems 417, 432, 522–3, 628 real-time financial reporting 417 real-time reporting 424–5, 429, 603 reasonable assurance see assurance reasoning deductive 289, 616 inductive 289, 621 recalculation in obtaining evidence 286 recognition, fraud 535 records accounting 280–1, 534 discrepancies in, fraud warning signals 549 examining for evidence 285 regression to mean biases 297 regular production of information 602 regulators audit concentration, reaction to 589–91 audit pricing challenges 597–9 demand for financial statements information 36 monitoring audit markets 499 roles regulatory compliance 113–14, 314 regulatory regimes company accounts 473 European Union 164–5 financial statement information 42–3 international 130 see also self-regulation related-party transactions, fraud and 539 related services 628 International Standards on 133, 134, 137 see also agreed-upon procedures; compilation; reviews relationships of accountability 12 agency 44–5, 610 audit committees see audit committees auditors see auditors contracting 71 internal auditors 105–8 management see management organizations 68–9 shareholders 68–9, 76 unusual or unexpected, fraud and 544–5 relevance 15, 80, 81–2, 628 reliability 15, 628 accounting information 29, 80, 392–6 electronic evidence 289–90 emphasising over independence 587–8 evidence 282 factors for overstatements 265 internal controls 316 remoteness, demand for auditing condition 46, 49 remuneration see compensation; fees re-performance in obtaining evidence 286 replacement cost accounting theory reported earnings 580 reporting assurance engagements 149–50 continuous 424–5, 426–7 655 AUDA_Z02.qxd 06/02/2007 17:39 Page 656 INDEX reporting (continued) data, informational roles 29 fraud concept importance in 535–42 internal audit responsibilities 108 on internal control 316–20 organizational systems 311 real-time 424 –5, 429, 603 reports attestation services 19 to audit committees 367 audits see audit reports interim financial statements 363–5 internal controls 317–18, 365–7 on prospective financial statements, attestation 20 XBRL preparation procedures 427–8 representational faithfulness 15 representativeness heuristic 294, 295, 296–7, 628 reputation, auditors 197–9, 588 research 3–4 audit reports 513–18 capital markets see capital markets event studies 501, 503–6, 511–13 future directions 522–4 imperative of 594 market-based 624 reserves, generous accounting 554 residual losses 628 residual risks 70 resources allocation 72 lack of sufficient 313 responsible parties, assurance engagements 141 restrictions on auditors 540 restrictive covenants 628 results documenting, COBIT objectives 423 retrievability biases 296 revenues fraud and 536, 539 recognition, unsuitable 554 reviews attestation 19, 20 engagements 18, 137, 629 historic financial statements 20 responsibilities, quality controls and 452–3 scope of 630 risk assessments 629 COBIT objectives 423 continuous 429, 434 e-commerce effects on 392 fraud detection 543 internal control 306–7, 324–5 656 IT environments 389, 400–2 of lending decisions, auditors’ roles 520–1 procedures 228–33, 235 risk environment, internal control 306–7 risk management 2, 78 audit committees 108–9 business risks 235 CAATs to evaluate procedures 406 Enterprise Risk Management see Enterprise Risk Management evolution 322 function 629 information technology 399–400 management responsibilities 108–9 modern view 629 process 629 strategies 629 systems 629 traditional view 629 risks analysis 629 assessments see risk assessments to auditor independence 201–2 aversion 629 definition 630 fraud 543–4 human factors 313 incorrect acceptance 268–9 incorrect rejection 264 management see risk management material misstatements 227 measurement 629 mitigation 321, 325 models 629 non-sampling 246–7 optimization 235, 241, 629 overreliance see acceptable risk of overreliance portfolios 241, 321–2, 629 premiums 630 prioritization 630 ranking 630 sampling 244–6, 247 scenarios 630 sharing 57 significant 232 strategies 235, 241, 630 structures 235, 241, 630 tolerance for 322 see also audit risks; business risks; controls: risks; detection risks; financial risks; inherent risks rotation of auditors see auditors Royal Ahold 568–70 AUDA_Z02.qxd 06/02/2007 17:39 Page 657 INDEX RTA see real-time accounting systems rules of thumb see heuristics safeguards, systems of 632 sampling 242–3, 288 continuous auditing 431 evidence 244 general discussions on 249–59 non-sampling risks 246–7 non-statistical 247, 248–9, 256–7, 625 risks 244 – 6, 247 allowance for 610 definition 630 statistical 247–8, 249, 253–6 steps involved 267–75 techniques 259–67 uncertainties 243–4 sanctions see disciplinary sanctions Sarbanes-Oxley Act 21, 31, 127, 128, 191, 207, 316, 326 –9, 461, 534 satisfaction, users of financial statements 10 satisficing 294–5 scandals, corporate see corporate scandals scepticism, professional see professional scepticism science, auditing as 11 scientific disciplines differences between auditing and 13–14 scope of audits 112, 140, 630 limitations 345, 346–7, 350, 361, 630 paragraphs 630 of reviews 630 scoping, COBIT objectives 423 screening model 39 SEC see Securities and Exchange Commission SECPS (SEC Practice Section), AICPA 460 securities laws violations, fraud and 540 markets see capital markets returns, uncertainty qualifications and 509 Securities and Exchange Commission (SEC) 631 actions against auditors 464–5 audit requirements 31 auditor independence 191, 207–9 filings 43 forms 37, 43, 363, 619 IFRS and 154 improving oversight and accountability of auditors 465 information requirements 37 interim financial statements, reports on 363 monitoring role 463–4 non-audit services 206 quality controls and 460 security accounting information 393–4 internal control in IT environments 329–30 internet 408 network software and performance, CAATs 407–8 technologies 397–8 segregation of functions, lack of 401 selection methods, sampling 252–7 self-insurance 483 self-interest threats 201, 631 self-regulation 447–8, 485, 591 self-review threats 201, 631 semi-strong form of efficient market hypothesis 501–2, 631 separate evaluations 326 services assurance see assurance attestation see attestation consulting see consulting services non-audit see non-audit services professional 627 scope and nature, AICPA ethical principles 190 tax 16, 17 Sharaf, H A see Mautz and Sharaf share prices see stock prices shareholders 632 auditor relationships 68–9 decision-making 34 demand for financial statements information 34–5 management accountability to 73, 76–7 management relationships 34–5, 56–8, 68–9, 76 non-executive, audit committees and 100 ownership function, failure to discharge 76 relationships 68–9, 76 shareholdings, directors 100 shirking 631 short-form reports, assurance engagements 149 short-window event studies 504 signalling problem 38–9, 631 significant accounts identification, COBIT objectives 423 significant risks 232 simple random sampling 253 situational pressure fraud warning signals 549 size of audit firms 591 size of boards of directors 98–9 size of samples 251, 252, 253, 268–71, 297 657 AUDA_Z02.qxd 06/02/2007 17:39 Page 658 INDEX skills auditors, IT environments 390 directors 473 quality controls and 449 skip intervals 254 smoothing earnings see earnings: smoothing snapshots 406, 631 social factors 86 social phenomenon, auditing as 12 sociological theory 74 software application, tracing and mapping 610 audit interrogation 431 CAATs 405–7 generalized audit software (GAS) 406, 619–20 system controls 325 utility 405, 633 virus protection 329 SOX Act see Sarbanes-Oxley Act special purpose audit reports 631 standard deviation 631 standard unqualified audit reports see audit reports standards ethics 446–7 related services 133, 134, 137 review engagements 137 see also accounting standards; auditing standards; generally accepted auditing standards; International Standards on Assurance Engagements; International Standards on Auditing; International Standards on Quality Control Statement of Basic Auditing Concepts 46 statements of cash flows 4, 40 statements of financial position statistical anomalies, fraud warning signals 547 statistical estimation 249–50 statistical sampling 247–8, 249, 253–6 statistical testing 249, 250 statutory auditors 632 statutory audits, EU 160–5, 166–9, 204, 368, 445 statutory caps 480–1, 632 statutory law 484–5 stewardship 68 concept 50 corporate governance role 72, 76 focus 34, 632 hypothesis 50–1, 55, 632 stock prices audit opinions and, relationship between 506 –11 658 management excessive interest in maintaining or increasing, fraud and 540 overvalued 38–9 qualified audit reports and, relationship between 497, 513–14 tests of information content of qualified audit opinions 511–13 undervalued 38 stockholders see shareholders stopping rules see heuristics stratification 632 stratified sampling 254–5 ‘strong form’ of efficiency 501, 632 structural challenges to audit profession 589 structures conceptual 11 corporate governance 79 organizations 78, 539 risks 235, 241, 630 style sheets, XBRL 426, 441 subject matter, assurance engagements 142 ‘subject to’ qualified audit reports 509–10, 513–17 subsequent events, assurance engagements 148 substantive procedures 632 substantive tests 245–6, 247, 251, 281, 389, 409, 603 sufficiency of evidence 147, 282–3, 632 supervision assurance engagements 146–7 of audit profession 591 IT environments 402 public supervision of auditing profession 447, 458 suppliers, multiple, e-business 391 supply of audit services 33 sustainability, COBIT objectives 423 switch threat case 599 system controls 403–4, 406 system management programs 405 system software controls 325 systematic risks 52 systematic selection 254, 270, 632 systems assurance engagements 14, 142 systems of safeguards 632 tainting 266, 632 takeovers 632 tangible assets, examining for evidence 285 tax services 16, 17 tax havens, fraud and 539 taxonomies, XBRL 426 TD (test of details) risks 243–4, 633 AUDA_Z02.qxd 06/02/2007 17:39 Page 659 INDEX TDR (tolerable deviation rate) 268, 272 TEL (tolerable error level) 259, 268 test data 406, 632 test of details (TD) risks 243–4, 633 testing 140, 216 integrated test facilities (ITF) 406–7, 621–2 selection of items for 287–8 statistical 249, 250 tests for private information 501 tests of controls 244, 245, 247, 250–2, 257, 270–1, 281, 389, 603 tests of informational content see event studies theft 535 theoretical approach to auditing accounting, auditing a separate discipline from 12–13 debating historical perspective of auditing concepts 8–14 explanation of audit practices 7–8 field of knowledge, auditing as 11–12 need for 7–8 philosophy of auditing 10–13 prediction of audit practices 7–8 rational expectations theory 8–10, 12 scientific disciplines, differences between auditing and 13–14 social phenomenon, auditing as 12 understanding audit practices theoretical foundations xx, 3–4 theory of the firm 67, 74–5 third parties, IT environments 398–9 threats to auditor independence 201–2 three-party relationships, assurance engagements 141–2 time tracking, CAATs 408 timeliness 15 accounting information processing 395 information 81–2 timing constraints, CAAT 411 TM (tolerable misstatements) 264–5 tolerable deviation rate (TDR) 268, 272 tolerable error level (TEL) 259, 268 tolerable level comparison 633 tolerable level of exceptions 633 tolerable misstatements (TM) 264–5 tolerance for risks 322 ‘tone at the top’ 309–10, 569–70, 633 ‘top-down’ approach to audits of internal control 319–20 top strata 633 tort, law of 484–5 total systems dependence 397 tracing, application software 610 training 175, 408 see also education transaction cost economics 73–4 transactions complex, fraud using 535, 539 errors 267 false 552, 553 flows 432 initiation or execution 402 integrity 330 processing 401 trails 397–8, 401 transparency 80–1, 97, 164, 166, 172 Treadway Commission, Committee of Sponsoring Organizations of see Committee of Sponsoring Organizations of the Treadway Commission true and fair view 4–5, 341–2, 359 trust threats to auditor independence 201 UDR (upper deviation rate) 271–2, 274 UK see United Kingdom UML (upper misstatement limits) 265, 633 uncertainties 6, 633 decision-making 473 in financial statements, loan decisions influenced by 35–6 material 355–8 qualified audit reports 503, 509 sampling 243–4 understanding audit practices auditors see auditors undervalued share prices 38 unexpected earnings 510 unintentional misstatements 216 United Kingdom liability 489–91 quality controls 458–60 United States auditor independence 206–8 corporate governance codes and rules in 87 IFRS use 154 liability 479–80, 485–6 quality controls 460–5 regulations, EU strategy regarding 177–8 unlimited liabilities 483, 485 unqualified audit reports see audit reports unqualified opinions see opinions unreasonable demands on auditors 540 upper deviation rate (UDR) 271–2, 274 upper misstatement limits (UML) 265, 633 659 AUDA_Z02.qxd 06/02/2007 17:39 Page 660 INDEX USA see United States users of financial statements external outside 81–2 satisfaction 10 value of audit reports 555 XBRL 432 information chosen by intended, assurance engagements 141–2 utility software 405, 633 value-added networks (VAN) 633 value of audit reports to users 555 value-weighted selection 255–6 VAN (value-added networks) 633 variability 633 variable sampling 259, 261 660 variables 52, 634 variance 634 verifiableness 15, 82 virus protection software 329 voluntary disclosures 39–41, 43–4, 634 walkthroughs 328–9 warning signals, fraud 547–50 ‘weak form’ of efficiency 501, 634 weaknesses, material 624 working papers, electronic 406, 407 WorldCom 560–2 written evidence 288–9 written representations by management to auditors 542–3, 545–6, 554 XBRL 408, 424, 425–9, 432, 441, 618 XML 408, 425, 426, 618 ... 18 19 An Introduction to Auditing and Assurance Demand for and Supply of External Audit Services Auditing, Organization and Governance The Audit Committee, Internal and External Auditing International. .. corporate governance (and audit committee), auditing and financial market, auditing and corporate financial reporting, and auditing and information technology systems Through this analysis we can better... information and greater control and accountability over corporate executives and auditing firms Auditing: An International Approach analyses the role of external auditors today and the need to expand