New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here

Auditing Exam 2

by: Victoria Andreski

Auditing Exam 2 ACCT 4150

Victoria Andreski

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

Auditing Chapters 4-8
Nancy Harp
Study Guide
50 ?




Popular in Auditing

Popular in Accounting

This 33 page Study Guide was uploaded by Victoria Andreski on Saturday March 5, 2016. The Study Guide belongs to ACCT 4150 at Clemson University taught by Nancy Harp in Spring 2016. Since its upload, it has received 213 views. For similar materials see Auditing in Accounting at Clemson University.


Reviews for Auditing Exam 2


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 03/05/16
Exam 2—Auditing Chapters 4-8 CHAPTER 4—Risk Assessment Audit Risk—risk that an auditor expresses an unqualified opinion on materially misstated financial statements • Can control the risk by testing everything, but clients won’t pay for thatàthey must accept audit risk • 2 levels: o Financial statement level § Relates to risk of entire financial statements—qualitatively stated • Always want it “low” or “very low” • Look at each individual assertion o Example: inventory existence (go & physically count) o Individual account balance or class of transactions level • Auditing standards do not provide specific guidance on what is an acceptable level of audit risk • Determination of audit risk involves considerable judgment on the part of the auditor • Auditor CHOOSES (specifies) an ACCEPTABLE (maximum) level of audit risk o You control the audit risk—can get it low by doing a lot of work • Level of Assurance = 1 – Audit Risk o Inverse of audit risk o Example: 5% risk = 95% assurance Audit Risk Model AR = IR x CR x DR • Inherent Risk—susceptibility of an assertion to a material misstatement, assuming there were no related internal controls o Depends on specific assertion being tested o Not considering internal controls o Examples: § Integrity of management—do they do the right thing? § Client motivation § Accounting estimates & complex transactions § Initial vs. repeat engagement—inherent risk higher for 1 time § Results of prior audits § Other business risks • Control Risk—risk that a material misstatement would not be prevented or detected by the internal controlsà controlled by client o The riskier, the more difficult the audit will be § Want risk to be low o Examples: § Active board of directors/audit committee § Effective internal audit department § Proper computer controls § Proper segregation of duties • Detection Risk—risk that the auditor will not detect a material misstatement in an assertion o Maybe the person trusts the #s on the box of inventory and doesn’t actually open it or just checks the inventory that is the most accessible (don’t check boxes on very top shelves) o Do the wrong test or do the right test in an inappropriate way § Depends on how much work/testing you do & how effective it is o 2 types: § Sampling Risk—may not detect a material problem b/c we aren’t going to count every single piece of inventory—something you simply accept • Reduce by counting more § Nonsampling Risk • Inappropriate audit procedure • Fail to detect when using appropriate audit procedure • Misinterpreting audit results o Assumption: completeness (did everything get recorded?) § Pick the wrong test § Misinterpret audit results • Inherent & Control Risk are INDEPENDENT of the audità can’t control o Risk of material misstatement Engagement Risk—an auditor’s exposure to financial loss & damage to professional reputation rd • Client & 3 party lawsuits • Negative publicity • Even if we do everything perfect, someone can still come & sue you • Can’t control • Certain industries are riskier • Very carefully screen & choose clients to reduce risk • Always present whether or not audit is in accordance with GAAS • Auditors may gather more evidence than implied by GAAS if there is high engagement risk, but CANNOT gather less evidence than implied by GAAS if there is minimal risk • Cannot be directly controlled by auditor, although some control can be exercised through the client acceptance & continuance process Using the Audit Risk Model 1. Set a planned level of AR such that an opinion can be issued on the financial statements a. Figure out nature, timing, & extent of your audit 2. Assess the risk of material misstatement (IR x CR) 3. Use the AR equation to solve for the appropriate level of detection risk: AR = IR x CR x DR DR = AR   IR x CR • Auditors   use  this  level  of  DR  to   design  audit  procedures   that  will  reduce  AR  to  an  acceptable  level   o When  denominator  gets  big,  result  gets  smallà  that’s  bad   o The  smaller  the  DR,  the  more  work  the  auditor  has  (more   testing)       Case   AR   IR   CR   DR   1   0.05   1.00   1.00   0.05   2   0.05   1.00   0.50   0.10   3   0.01   1.00   1.00   0.01     • Qualitative  terms     Case   AR   RMM   DR   1   Very  low   High   Low   2   Low   Moderate   Moderate   3   Very  low   Low   High     • Can’t  control  RMMà  can  ONLY  assess     Limitations  of  the  AR  Model   • AR  model  is  a  planning  tool,  but  has  some  limitations  that  must  be   considered  when  the  model  is  used  to  revise  an  audit  plan  or  to   evaluate  audit  resultsà  just  a  guide   • Desired  level  of  audit  risk  may  not  actually  be  achieved   • It  does  not  consider  potential  auditor  error   • There  is  no  way  of  knowing  what  the  preliminary  level  of  risk  actually   was       Preliminary Actual or Assessment + / - Achieved Level of Risk Level of Risk     The Auditor’s Risk Assessment Process • Auditors need to identify business risks & understand the potential misstatements that may result • Business Risks—risks that result from significant conditions, events, circumstances, or actions that impair management’s ability to execute strategies • Procedures (How do we gather this evidence?): o Inquiries of management, other entity personnel, & others outside the entity o Talk to client’s executives, key customers, board of directors, lawyers, etc. § Analytical Procedures—relationships that should be there • Ex: interest expense & long-term debt § Observation & Inspection • Look at board minutes, industry reports, & just anything they can • Understanding the Entity & its Environment o Nature of the entity § Entity’s organizational structure & management personnel • The more complex the structure, the more risk § Sources of funding of the entity’s operations & investment activities (capital structure, noncapital funding, & other debt instruments) § Entity’s investments § Entity’s operating characteristics (size & complexity)à major source of risk § Sources of entity’s earnings (relative profitability of key products & services) § Key supplier & customer relationships • A lot of smaller companies rely on just 1 supplier which puts a lot of pressure & risk on them o Industry, regulatory, & external factors § Industry Conditions • Market & competition (demand, capacity, & price) • Cyclical or seasonal activity • Product technology relating to entity’s products • Supply availability & cost § Regulatory Environment • Accounting principles & industry specific practices • Regulatory framework for a regulated industry • Legislation & regulation that significantly affect operations • Taxation • Government policies currently affecting conduct of business • Environmental requirements affecting industry & business § Other external factors • General level of economic activity (recession, growth) • Interest rates & availability of financing • Inflation & currency revaluation o Internal control o Objectives, strategies, & business risks o Entity performance measures     Assessing the Risk of Material Misstatement Due to Error or Fraud • Errors are unintentional misstatements o Human error o Mistakes in gathering/processing financial data used to prepare financial statements o Unreasonable accounting estimates arising from oversight or misinterpretation of facts o Mistakes in the application of accounting principles relating to amount, classification, manner of presentation, or disclosure • Fraud involves intentional misstatements o Fraud risk identification process includes: § Sources of information about possible fraud • Communications among audit team • Inquiries of management & others • Analytical procedures—look at ratios • Unexpected period-end adjustments o Fraud Triangle 3 conditions usually exist when fraud occurs Opportunity to carry Attitude or Incentive or pressure out the fraud (Internal rationalization to to perpetrate fraud Controls) justify fraud • Fraudulent Financial Reporting o Risk factors relating to incentive/pressure include: § Excessive pressure for management to meet 3 party expectations § Financial stability or profitability is threatened § Management’s personal financial situation is threatened o Risk factors relating to opportunities include: § Nature of the industry or entity’s operations § Complex or unstable organizational structure § Ineffective monitoring of management • If you have a lazy board of directors or audit committee is inefficient § Deficient internal control • Segregation of duties are important o Risks factors relating to attitudes/rationalizations: § Nonfinancial management’s excessive participation in selection of accounting principles & estimates § Excess interest by management in stock prices & earning trends § Committing to aggressive or unrealistic forecasts • Get their budgets & forecasts to see how aggressive they are § Ineffective communication of ethical standards or selection of inappropriate ethical standards § Recurring attempts to justify marginal or inappropriate accounting based on materiality • If they say that “No, it’s okay, it’s only small. Quit looking at that.”à red flag § History of violations of securities laws or allegations of fraud • If client has a history of being investigated   Fraud involves intentional misstatements Fraudulent Misappropriation financial of assets (aka reporting stealing)       Fraudulent  financial  reporting  includes:   • Manipulation,  falsification,  or  alteration  of  accounting  records  or  supporting   documents  used  to  prepare  financial  statements   • Misrepresentation  in,  or  intentional  omission  from,  the  financial  statements   of  events,  transactions,  or  significant  information   • Intentional  misapplication  of  accounting  principles  relating  to  amount,   classification,  manner  of  presentation,  or  disclosure       Misappropriation  of  assets:   • Theft  of  an  entity’s  assets  to  the  extent  that  financial  statements  are   misstated   • Examples:   o Stealing  assets   o Paying  for  goods  &  services  not  received  by  the  company   § Could  set  up  a  fake  vendor  that  company  pays  that  is  actually   the  employee  receiving  money  for  fake  services   o Embezzling  cash  received     • Risk  Factors   o Incentives/pressures   o Opportunities   o Attitudes/rationalization       Auditor’s  response  to  the  risk  assessment     • To  respond  appropriately  to  financial  statement  level  risks,  the  auditor  may   do  the  following:     o Emphasize  to  the  audit  team  the  need  to  maintain  professional   skepticism   § When  client  tells  you  something,  be  skepticalà  don’t  just   believe  everything  you  hear   o Assign  more  experienced  staff  or  those  with  specialized  skills   § If  working  w/  client  that  has  more  fraud  risk,  put  more   experienced  worker  on  it  instead  of  an  intern  or  new  staff   o Provide  more  supervision   o Incorporate  additional  elements  of  unpredictability  in  the  selection  of   audit  procedures   § Sometimes  do  a  surprise  count  of  inventory  so  they  can’t  hide   things  or  rearrange  certain  things   § Maybe  ask  lower  level  people  who  don’t  know  to  hide  certain   things     Evaluation  of  Audit  Test  Results   • At  the  completion  of  the  audit,  auditor  should  consider:   1. Whether  the  accumulated  results  of  audit  procedures  affect  the   In total, assessments  of  the  entity’s  business  risk  &  the  risk  of  material   did we do misstatement,  and   enough to 2. Whether  the  total  misstatements  cause  the  financial  statements  to  be   find a materially  misstated   THEN….   clean opinion? • If  the  financial  statements  are  materially  misstated,  the  auditor  should:   1. Request  management  to  eliminate  the  material  misstatement,  or   2. If  management  does  not  make  needed  adjustments,  the  auditor  should   issue  a  qualified  or  adverse  opinion   • If  the  auditor  determines  that  the  misstatement  is  or  may  be  the  result  of   fraud,  &  has  determined  that  the  effect  could  be  material,  the  auditor  should:   o Attempt  to  obtain  audit  evidence  to  determine  whether,  in  fact,   material  fraud  has  occurred  and,  if  so,  its  effect   § Get  a  sense  of  how  big  the  situation  is   o Consider  the  implications  for  other  aspects  of  the  audit   § May  have  to  go  back  into  already  completed  work  to  see  if   there  are  any  connections   o Discuss  the  matter  &  the  approach  to  further  investigation  w/  an   appropriate  level  of  management  that  is  at  least  one  level  above  those   involved  in  committing  the  fraud  &  w/  senior  management   o If  appropriate,  suggest  that  the  client  consult  w/  legal  counsel   o Consider  withdrawing  from  the  engagement     Documentation   • Auditor  should  document:   o Discussions  among  engagement  personnel   o Procedures  performed  to  identify  &  assess  the  risks  of  material   misstatement  due  to  error  or  fraud   o Fraud  risks  or  other  conditions  that  result  in  additional  audit   procedures   o The  nature,  timing,  &  extent  of  procedures  performed  in  response  to   fraud  risks  identified  &  the  results  of  that  work   o Nature  of  the  communications  about  error  or  fraud  made  to   management,  the  audit  committee,  &  others     Communications  about  Fraud   • When  the  auditor  finds  evidence  that  a  fraud  may  exist,  that  matter  should  be   brought  to  the  attention  of  an  appropriate  level  of  management.  Fraud   involving  senior  management  &  fraud  that  causes  a  material  misstatement  if   the  financial  statement  should  be  reported  directly  to  the  audit  committee  of   the  board  of  directors   • Auditor  should  reach  an  understanding  w/  the  audit  committee  regarding   the  expected  nature  &  extent  of  communications  about  misappropriations   perpetrated  by  lower-­‐level  employees   • The  disclosure  of  fraud  to  parties  other  than  the  client’s  senior  management   &  its  audit  committee  ordinarily  is  not  part  of  the  auditor’s  responsibility  &   ordinarily  would  be  precluded  by  the  auditor’s  ethical  &  legal  obligations  of   confidentiality,  EXCEPT  when  the  following  conditions  are  met:   o To  comply  w/  certain  legal  &  regulatory  requirements   o To  a  successor  auditor  when  the  successor  makes  inquiries  of  the   When  you  can   report  to  3   predecessor  auditor  about  the  client   parties     o In  response  to  a  subpoena     o To  a  funding  agency  or  other  specified  agency  in  accordance   w/  requirements  for  the  audits  of  entities  that  receive   governmental  financial  assistance   CHAPTER 5—Evidence & Documentation Management Assertions • Assertions about classes of transactions & events for the period under audit o Occurrence o Completeness o Classification o Cutoff (Is it completed in the correct period?) o Authorization o Accuracy • Assertions about end-of-the-period account balances o Existence o Completeness o Rights & obligations o Valuation & allocation • Assertions about presentation & disclosure o Classification (current or long-term?) & understandability (easy to understand instead of just using company jargon) o Accuracy & valuation o Completeness o Occurrence & rights & obligations ID Management Assertions 1. Existence or Occurrence a. Assets & liabilities exist & recorded transactions occurred b. Existence—end-of-period balanceà test by sending company a letter for them to validate i. Does the amount reported on the balance sheet actually exist? c. Occurrence—transaction sideà take samples i. Did they actually occur? d. Can either look at each transaction or just the ending balance e. Example: i. Supplies on the balance sheet physically exist 11/15 A/R 1500 Sales Revenue 1500 ii. Is the sale real? à Pull purchase orders, invoices, shipping documents, etc. iii. Test VALIDITY 1. Is it valid? 2. Is it real? 2. Completeness a. ALL transactions & accounts that should have been recorded in the F/S were recorded b. Did something not get recorded? c. Example: i. All payroll expenses that should have been recorded were recorded ii. Accounts payableà subsequent payments iii. How do we find debt that isn’t recorded b/c they want to hide it? 1. Write letters/communicate w/ banks the company uses & see how much debt they actually owe iv. Test COMPLETENESS 3. Rights & Obligations a. Assets are actually rights of the client & recorded liabilities are actually owed by the entity b. Something can exist but we may not have the right to it i. Sometimes inventory is owned on consignment c. Example: i. The client has legal title or similar rights to inventory ii. Test OWNERSHIP 4. Valuation or Allocation a. Assets, liabilities, revenues, & expenses are appropriately valued & allocated to the proper accounting period i. Related to depreciation expense b. Inventory has to be lower of cost or market—Is it valued correctly? c. Example: i. Net A/R is valued at an amount that reasonably reflects collectability ii. Taking into account the allowance for doubtful accounts iii. Test VALUATION 5. Classification & Understandability a. Financial information is appropriately presented & described, & disclosures are clearly expressed b. Example: i. Notes Payable due in less than 1 year are classified as Current Liabilities 1. Test CLASSIFICATION 2. Check to make sure that contingent liabilities are disclosed in the footnotes a. Test DISCLOSURE 6. Accuracy a. Amounts & other data relating to recorded transactions & events have been recorded appropriately b. Properly record @ correct dollar amount—is the total correct? c. Look for inaccuracies on how things are recorded d. Example: i. Foot sales journal to see if the total sales # is added correctly & matches the G/L entry ii. Test MECHANICAL ACCURACY 7. Cutoff a. Transactions & events have been recorded in the correct accounting period i. Things are being put in the right period 1. Very important for revenue b. Example: i. Check to make sure that sales are recorded in the proper period ii. Test CUTOFF iii. Examine shipments made on 12/31 & on 1/1 to see if they were recorded in the right year 1. Look @ the invoice & see if the date it was recorded on in the system matches the date goods were actually shipped Audit Evidence • All the information, from whatever source, used by the auditor in arriving at the conclusions on which the audit opinion is based o Schedules, bank statements, inventory counts, checks, letters, ratio analysis, etc. • Concepts of Audit Evidence o 1) Nature of the Audit Evidence § Form or type of evidence • Records of initial entries & supporting records • Spreadsheets supporting cost allocations • Invoices • General & subsidiary ledgers • Contracts • Adjustments to financial statements • Worksheets • Other computations, reconciliations, & disclosures o 2) Sufficiency & Appropriateness of Audit Evidence § Sufficiency—measure of the QUANTITY of audit evidence • Is it enough? • Relative to the amount of risk • Greater risk of misstatements requires a higher quantity of audit evidence (IR x CR) • Higher quality audit evidence results in a lower quantity of audit evidence (don’t need as much) o Ex: information from a 3 party • Inverse relationship of sufficiency & appropriateness § Appropriateness—measure of the QUALITY of audit evidence • Relevance—not all evidence makes sense for the assertion being test • Reliability—how much the evidence gathered can be depended on o Independent source of the evidence § Confirmation letter form 3 party (independent of client) is very reliable o Effectiveness of internal control § Outputs from client isn’t very reliable if internal controls are weak o Auditor’s direct personal knowledge § Based on what auditor personally examines & tests • High quality • Less reliable if auditor simply calls company & gets information over the phone—you should physically see/test it yourself o Documentary evidence o Original documents—best kind o 3) Evaluation of Audit Evidence § Proper evaluation of evidence requires an understanding of the: • Types of evidence available • Relative reliability of available evidence § An auditor should be thorough in searching for evidence & unbiased in its evaluation • Ex: In a sample of 50, something is weird w/ 5 of themà evaluate ALL 50, not just most or some of them • Bias is an issue when you are friends w/ or have gotten close to your clients—be skeptical Audit Procedures • A set of audit procedures prepared to test assertions for a component of the financial statements—audit program • Audit procedures for obtaining audit evidence o Inspection of records & documents § Evidence obtained from external documents is more reliable than evidence obtained from internal documents Vouching (Occurrence) Source Journal or Documents Ledger Tracing (Completeness) § Direction of testing is very important • Tracing—start from document & see if it is in the books • Vouching—start w/ books & see if what is recorded & see if there’s a valid source document showing that it actually happened o Inspection of tangible assets § Physical examination of a tangible asset • Personal knowledge—you actually go & look at it o Observation § Process of watching a process or procedure being performed by others • Watching someone else do it • You aren’t the one physically examining it o Inquiry § Consider the knowledge, objectivity, experience, responsibility, & qualifications of the individual to be questioned • Am I asking the right person? § Ask clear, concise, & relevant questions appropriately § Use open or closed questions appropriately • Open—gives them a chance to give a lot of info • Closed—yes/no answer § Listen actively & effectively § Consider the reactions & responses, then ask follow-up questions § Evaluate the response o External Confirmation § Process of obtaining a representation of information or of an existing condition directly from a 3 party § The reliability of evidence obtained through confirmations is directly affected by factors such as: • The form of the confirmation • Prior experience w/ entity • Nature of information being confirmed • Intended respondentà who is supposed to be responding? o Recalculation § Determining the mathematical accuracy of documents or records § Example: foot the journal o Reperformance § The auditor’s independent execution of procedures or controls that were originally performed as part of the internal control system o Analytical Procedures § Evaluations of financial information made by a study of plausible relationships among both financial & nonfinancial data • Get a sense to see if it’s reasonable o Scanning § Review of accounting data to identify significant or unusual items • Skim to see if there is something wrong § Example: look for weird journal entries—JE done at 4am § CAATS—helps determine red flags w/ computer system Reliability of Types of Evidence Higher Inspection of tangible assets, reperformance, recalculation (You actually doing something) Inspection of records & documents, confirmation, analytical procedures, scanning Lower Observation, inquiry (Watching someone do something or asking them about it)     Audit Documentation • The auditor’s principal record of the audit procedures performed, evidence obtained, & conclusions reached • Working papers • 3 functions: o 1. To provide support for the audit report o 2. To aid in the planning, performance, & supervision of the audit o 3. To provide basis for quality reviews & evidence supporting the auditor’s significant conclusions • Should be organized so that audit team members & others can find evidence supporting financial statement accounts • Property of the auditor, including documents prepared by the client at the auditor’s request • SOX of 2002 requires audit documentation to be retained for 7 years from the completion date of the engagement Content of Audit Documentation • Demonstrate how the audit complied w/ auditing & related professional practice standards o Work must be properly planned • Support the basis for the auditor’s conclusions concerning each material financial statement assertion • Demonstrate that the underlying accounting records agreed or reconciled w/ the financial statements o Make sure the #s you audited actually shows up on the financial statements • Include a written audit program detailing audit procedures necessary to accomplish audit objectives • Enable a knowledgeable & experienced reviewer to: o Understand the nature, timing, extent, & results of audit procedures, evidence obtained, & conclusions reached o Determine who performed & reviewed the work & the dates of the work & reviews • Audit Program—set of procedures that an auditor believes are necessary to perform to express an opinion o Basis for coordinating/supervising audit o Means to control time spent on audit o Guide for entry-level employees o Evidence of proper planning o Record of work done § Sign off on work papers & initial the audit program • Most public accounting firms maintain audit documentation in 2 types of files: o Permanent files—something needed year to yearà use it ongoing § Corporate charter § Chart of accounts § Organization chart § Accounting manual § Important contracts § Internal control documentation § Terms of stock & bond issues § Prior years’ analytical procedures o Current files—more specific for THIS year’s audit § Audit plan/audit report § Audit programs § Working trial balance § Minutes of meetings § Adjusting journal entries § Reclassification journal entries § Current financial statements § Working papers supporting accounts Format of Audit Documentation • Heading o Client name o Title of the working paper o Client’s year-end date • Indexing & cross-referencing o Notations that provide a trail from financial statements to audit documents • Tick marks o Notations made next to work paper items indicating auditor/reviewer actions o Talks about things you didà descriptions Analytics • Evaluations of financial information made by a study of plausible relationships among financial & nonfinancial data • Involve comparisons of recorded amounts, or ratios developed from recorded amounts, to expectations developed by the auditor o Comparisons w/: § Industry averages § Similar businesses § Client budget, projections, forecasts § Prior periods (reasonable?) § Nonfinancial data (logical?) • Purpose o Helps auditor understand client in general o Helps evaluation of client as a going-concern o Helps identify areas for audit work o Can reduce detail testing o **Can reduce costs • Preliminary—used to assist the auditor to better understand the business & to plan the nature, timing, & extent of audit procedures • Substantive—used to obtain evidential matter about particular assertions related to account balances or classes of transactions • Final—used as an overall review of the financial information in the final review stage of the audit • Types o Trend Analysis—least precise; trends over time o Ratio Analysis—compare to industry benchmark o Reasonableness Analysis—most precise § Predict a # based on a model used—come up w/ your best guess & compare to # they report Develop an Expectation • Auditing standards require the auditor to have an expectation whenever analytical procedures are used • An expectation can be developed by using a variety of information sources: o Financial & operating data o Budgets & forecasts o Industry publications o Competitor information o Management’s analyses o Analyst’s reports Tolerable Difference • Size of difference depends on: o Significance of account o Desired degree of reliance on the substantive analytical procedures o Level of disaggregation (broken up into smaller pieces) in the amount being tested o Precision of the expectation • Amount is always less than planning materiality o Materiality of entire audit • The more confident you are in the expectation/estimate, the smaller the tolerable difference Compare & Investigate • Compare the expectation to the recorded amount & investigate any differences greater than the tolerable difference • Preliminary analytical procedures differencesà corroborating evidence is NOT required • Final analytical procedures differences—very end of audit when you look at all the ratiosà corroborating evidence is required Ratios • Short-Term Liquidity Ratios o Current ratio o Quick ratio o Operating Cash Flow ratio • Activity Ratios o Receivables Turnoverà Days outstanding in accounts receivable o Inventory Turnoverà Days of inventory on hand • Profitability Ratios o Gross Profit Percentage o Profit Margin o Return on Assets o Return on Equity • Coverage Ratios o Debt to Equity o Times Interest Earned CHAPTER 6—Internal Control in a Financial Statement Audit Internal Control • Process effected by an entity’s Board of Directors, management, & other personnel; designed to provide reasonable assurance regarding the achievement of objectives in: o Reliability of financial reporting o Effectiveness & efficiency of operations o Compliance w/ applicable laws & regulations • Management has the responsibility to maintain controls that provide reasonable assurance that adequate control exist over the entity’s assets & records • Internal Control System should: o Ensure that assets & records are safeguarded § Cash or inventory—make sure they aren’t stolen or records aren’t destroyed o Generate reliable information for decision making • Auditor needs assurance about the reliability of the data generated by the information systems • Auditor uses risk assessment procedures to: o Obtain an understanding of the entity’s internal control o Identify the types of potential misstatements o Ascertain factors that affect the risk of material misstatements o Design tests of controls & substantive procedures • Auditor’s understanding of the internal control is a major factor in determining the overall audit strategy o Has responsibility to: § Obtain an understanding of internal control AND § Assess control risk COSO Internal Control—Integrated Framework • Reliability of Financial Reporting o Generally, internal controls pertaining to the preparation of financial statements for external purposes are relevant to an audit • Effectiveness & Efficiency of Operations • Compliance w/ Laws & Regulations o Controls relating to operations & compliance objectives may be relevant when they relate to data the auditor uses to apply auditing procedures Components of Internal Control o Control Environment § Sets the tone of an organization, influencing the control consciousness of its people § Foundation of effective internal control, providing discipline & structure § Includes: attitudes, awareness, policies, & actions of management & BOD concerning the entity’s internal control & its importance in the entity § Principle 1—organization demonstrates a commitment to integrity & ethical values § Principle 2—BOD demonstrates independence from management &e exercises oversight of the development & performance of internal control § Principal 3—management establishes, w/ board oversight, structures, reporting lines, & appropriate authorities & responsibilities in the pursuit of objectives § Principal 4—organization demonstrates a commitment to attract, develop, & retain competent individuals in alignment w/ objectives § Principal 5—organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives o Entity’s Risk Assessment Process § Process for identifying & responding to business risks & the results thereof § For financial reporting purposes—how management identifies risks relevant to the preparation of financial statements that are fairly presented in conformity w/ GAAP, estimates their significance, assesses the likelihood of their occurrence, & decides upon actions to manage them § Should consider external &internal events & circumstances that may arise & adversely affect the entity’s ability to initiate, record process, & report financial data consistent w/ the assertions of management in the financial statements § Client business risk can arise or change due to the following circumstances: • Changes in the operating environment • Corporate restructuring • New personnel • New technology • International growth • Rapid growth • New accounting pronouncements • New or revamped information systems • New business models, products, or activities § Principal 6—organization specifies objectives w/ sufficient clarity to enable the identification & assessment of risks relating to objectives § Principal 7—organization identifies risks to the achievement of its objectives across the entity & analyzes risks as a basis for determining how the risks should be managed § Principal 8—organization considers thee potential for fraud in assessing risks to the achievement of objectives § Principal 9—organization identifies & assesses changes that could significantly impact the system of internal control o Control Activities § Policies & procedures that help ensure that management directives are carried out • Example: the necessary actions are taken to address risks to achievement of entity’s objectives § Control activities (automated or manual) have various objectives & are applied at various organizational & functional levels § Principal 10—organization selects & develops control activities that contribute to the mitigation of risks to the achievement of objectives to acceptable levels • Performance reviews • Physical controls • Segregation of duties • Information processing controls • Example: putting initials next to things you complete § Principal 11—organization selects & develops general control activities over technology to support the achievement od objectives § Principal 12—organization deploys control activities through policies that establish what is expected & procedures that put policies into action o Information System & Related Business Processes Relevant to Financial Reporting & Communication § The information system relevant to financial reporting objectives (including the accounting system) consists of the procedures (automated or manual), & records established to initiate, record, process, & report entity transactions & to maintain accountability for the related assets, liabilities, & equity § Communication involves providing an understanding of individual roles & responsibilities pertaining to internal control over financial reporting § *Principal 13—organization obtains or generates & uses relevant, quality information to support the functioning of internal controls • Identify & records all valid transactions • Classify transactions properly • Measure the value of transactions properly • Record transactions in the proper period • Properly present transactions & disclosures § Principal 14—organization internally communicates information (objectives & responsibilities for internal control) necessary to support the functioning of internal control § Principal 15—organization communicates w/ external parties regarding matters affecting the functioning of internal control o Monitoring of Controls § Process to assess the quality of internal control performance over time § Assess the design & operation of controls on a timely basis & taking necessary corrective actions § Principal 16—organization selects, develops, & performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present & functioning § Principal 17—organization evaluates & communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action (including senior management & BOD, as appropriate) Planning an Audit Strategy • Audit Risk Model AR = IR x CR x DR • In applying AR Model, the auditor must assess control risk • If we can get CR low, it allows DR to be highà meaning we don’t have to plan as many or a detailed tests o Audit Risk (AR) is a set risk Substantive Strategy • After obtaining an understanding of internal control, an auditor may choose to follow a substantive strategy & set control risk at the maximum for some or all assertions because of one or all of the factors: o Controls do not perform to an assertion o Controls are assessed as ineffective o Testing the effectiveness of controls is inefficient § Takes more time trying to make risk low instead of just taking the risk Reliance Strategy • Obtain an understanding of internal control o Auditor should obtain an understanding if each of the 5 components of internal control to plan the audit, Knowledge is used to: § Identify types of potential misstatement § Pinpoint the factors that affect the risk of material misstatement § Design tests of controls & substantive procedures o 1. Understand the control environment o 2. Understand the entity’s risk assessment process o 3. Understand the information system & communications o 4. Understand control activities o 5. Understand monitoring of controls o Documenting § Procedure manuals & organizational charts • How is the company organized? § Flowcharts • Better for big picture § Internal control questionnaires § Narrative description • Have more details o 5 components are likely to be less formal in a small or midsize entity than in a large entity o Limitations of en entity’s internal control § Override of internal control by management § Human errors or mistakes § Collusion—several people working together to commit fraud • Plan to rely on internal control & assess control risk below maximum o Try to get CR low Assessing Control Risk • Identify specific controls that will be relied uponà perform test of controlsà conclude on the achieved level of control risk o There will be errors—control doesn’t have to be perfect to operate effectively o Required to test internal controls for public companies § Same auditor must audit F/S & internal controls Performing tests of controls • Inquiry of appropriate personnel o Talking to someone • Inspection of documents indicating the performance of the control o Very common o Look for sign offs § Look through huge stack of papers o Could cost the company lots of $ if not done properly • Observation of the application of control • Reperformance of the application of the control by the auditor • Documenting the achieved level of control risk o Auditor’s assessment of control risk & the basis for the achieved level can be documented using a structured working paper, an internal control questionnaire, or a memorandum Timing of Audit Procedures • Interim—anything before 12/31 o Audit procedures § Tests of controls • 1. Assertion being tested not significant • 2. Control has been effective in prior audits • 3. Efficient use of staff time § Substantive procedures • 1. Control environment • 2. Availability of information at a later date • 3. The purpose of the substantive procedure • 4. The assessed risk of material misstatement • 5. The nature of the transactions or balances & relevant assertions • 6. The ability of the auditor to perform appropriate procedures to cover the remaining period § The more significant/risky it is, the more you’ll push it to year end • Year End—when final work is completed Auditing accounting applications processed by service organizations • A client may have some or all of its accounting transactions processed by an outside service organization • Because the client’s transactions are subjected to the controls of the service organization, one of the auditor’s concerns is the internal control system in pace at the service organization • It isn’t uncommon for service organizations to have an auditor issue 1 or 2 types of reports on their operations • Example: Payroll—many companies outsource payroll to service providers o Must make sure service providers have good internal controls too • Type 1 Report o Describes the service organization’s controls & assesses whether they are suitably designed to achieve specified internal control objectives • Type 2 Report o Goes further by testing whether the controls provide reasonable assurance that the related control objectives were achieved during the period o Auditor wants to see Type 2 § Goes farther than Type 1 • An auditor may reduce CR below the maximum only on the basis of a service auditor’s Type 2 Report Communication of Internal Control-Related Matters • Material Weakness o A deficiency or combination of deficiencies in internal control where there’s a reasonable possibility that a material misstatement of the financial statements will not be prevented or detected & corrected o Issue w/ a control o Example: problem w/ segregation of duties w/ cash • Significant Deficiency o A deficiency or combination of deficiencies in internal control that is less severe than a material weakness, yet important enough to merit attention by those charged w/ governance o Less severe Types of Controls in an IT Environment • General Controls o More pervasive issues to entire company—big picture things o 1. Data center & network operations o 2. System software acquisition, change, & maintenance o 3. Access security o 4. Application system acquisition, development, & maintenance • Application Controls o Specific to an application o 1. Data capture controls o 4. Data validation controls o 3. Processing controls o 4. Output controls o 5. Error controls • Common Data Validation Controls—make sure the data coming in is valid o Limit test o Range test o Sequence check o Existence (validity) test o Field test o Sign test o Check-digit verification CHAPTER 7 —Auditing Internal Control Over Financial Reporting Management Responsibilities (Section 404) • Requires management of publicly traded companies to issue an internal control report, explicitly accepting responsibility for establishing & maintaining “adequate” internal control over financial reporting (ICFR) • 1. Accept responsibility for the effectiveness of the entity’s ICFR o Management’s responsibility to make internal controls effective • 2. Evaluate the effectiveness of the entity’s ICFR using suitable control criteria— COSOà framework of internal controls • 3. Support the evaluation w/ sufficient evidence (includes documentation) • 4. Present a written assessment regarding the effectiveness if the entity’s ICFR AS OF the end of the entity’s most recent fiscal year o Don’t necessarily need to be operating well for the entire year—must be fixed by 12/31 Auditor’s Responsibilities (Section 404 & AS5) • Entity’s independent auditor must audit & report on the effectiveness of ICFR • Auditor required to conduct an integrated audit of entity’s ICFR & its financial statements • ICFR o Process designed to provide reasonable assurance regarding the reliability of financial reporting & preparation of financial statements in accordance


Buy Material

Are you sure you want to buy this material for

50 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Jim McGreen Ohio University

"Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."

Jennifer McGill UCSF Med School

"Selling my MCAT study guides and notes has been a great source of side revenue while I'm in school. Some months I'm making over $500! Plus, it makes me happy knowing that I'm helping future med students with their MCAT."

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."


"Their 'Elite Notetakers' are making over $1,200/month in sales by creating high quality content that helps their classmates in a time of need."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.