Chapter 7 Audit Notes
Chapter 7 Audit Notes ACCT 4150
Popular in Auditing
verified elite notetaker
Popular in Accounting
This 5 page Class Notes was uploaded by Victoria Andreski on Saturday March 5, 2016. The Class Notes belongs to ACCT 4150 at Clemson University taught by Nancy Harp in Spring 2016. Since its upload, it has received 36 views. For similar materials see Auditing in Accounting at Clemson University.
Reviews for Chapter 7 Audit Notes
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 03/05/16
CHAPTER 7 —Auditing Internal Control Over Financial Reporting Management Responsibilities (Section 404) • Requires management of publicly traded companies to issue an internal control report, explicitly accepting responsibility for establishing & maintaining “adequate” internal control over financial reporting (ICFR) • 1. Accept responsibility for the effectiveness of the entity’s ICFR o Management’s responsibility to make internal controls effective • 2. Evaluate the effectiveness of the entity’s ICFR using suitable control criteria— COSOà framework of internal controls • 3. Support the evaluation w/ sufficient evidence (includes documentation) • 4. Present a written assessment regarding the effectiveness if the entity’s ICFR AS OF the end of the entity’s most recent fiscal year o Don’t necessarily need to be operating well for the entire year—must be fixed by 12/31 Auditor’s Responsibilities (Section 404 & AS5) • Entity’s independent auditor must audit & report on the effectiveness of ICFR • Auditor required to conduct an integrated audit of entity’s ICFR & its financial statements • ICFR o Process designed to provide reasonable assurance regarding the reliability of financial reporting & preparation of financial statements in accordance w/ GAAP o Controls include procedures that: § 1. Pertain to the maintenance of records that fairly reflect the transactions & dispositions of the assets of the company § 2. Provide reasonable assurance that transactions are recorded in accordance w/ GAAP § 3. Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets • Internal Controls Deficiencies o A control deficiency exists when the design or operation of a control does not allow management or employees, in a normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis § Control doesn’t properly do what it’s supposed to do § Design, operation, or both o A significant deficiency is a deficiency or combination of deficiencies, in internal control over financial reporting that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight of the company’s financial reporting § Bigger error § Size of misstatement due to problem w/ internal controls o Control deficiency may be serious enough that it’s considered not only a significant deficiency but also a material weakness in the system of internal control § Material weakness is a deficiency (or combination) in ICFR where there’s a reasonable possibility that a material misstatement of the annual or interim financial statements will not be prevented or detected on a timely basis § Auditor must consider likelihood (reasonably possible) & magnitude (material, consequential, or inconsequential) Management’s Assessment Process • Management must follow a top-down, risk-based approach: o 1) Identify financial reporting risks & controls o 2) Evaluate evidence about the operating effectiveness of ICFR o 3) Consider which locations to include in the evaluation § Choose locations based on risk of each • Framework used o Most entities use framework developed by COSO § 1. Reliable financial reporting § 2. Efficiency & effectiveness of operations § 3. Compliance w/ laws & regulations • Management’s documentation o Management must develop sufficient documentation to support its assessment of the effectiveness of internal control o Documentation may take many forms—paper, electronic files, or other media § Policy manuals, process models, flowcharts, job descriptions, documents, & forms • Integration of Audits o Composed of audits of internal control & F/S o Control testing impacts the planned substantive procedures o Results of substantive procedures are considered in the evaluation of internal control Tests of Substantive Internal Audit Control Procedures • Effects o When the auditor performs an integrated audit, they will have access to a large amount of information about the client’s controls § This info can make the financial statement audit more efficient & result in reduced substantive procedures o Regardless of the level of CR, in connection w/ the audit of the F/S, auditing standards require the auditor to perform some substantive procedures for all significant accounts & disclosures o Auditor should evaluate the implications of the F/S for the effectiveness of internal control over financial reporting § Evaluation should include: • 1. Misstatements detected • 2. Auditor’s risk evaluations in connection w/ the selection & application of substantive procedures, especially those related to fraud • 3. Findings w/ respect to illegal acts & related party transactions • 4. Indications of management bias in making accounting estimates & in selecting accounting principles Planning the Audit of ICFR • The planning process is similar to the process used for the audit of financial statements • Consider: o Risk assessment & the risk of fraud o Scaling the audit § Complexity of client/different locations o Using the work of others § Use some of management’s work • Think about the nature of the controls • Look at competence of the person doing the work • Are they objective? § A major consideration for the external auditor is how much work is to be performed by others § In determining the extent to which the auditor may use the work of others, the auditor should: • 1) Evaluate the nature of the controls subjected to the work of others • 2) Evaluate the competence & objectivity of the individuals who performed the work • 3) Test some of the work performed by others to evaluate the quality & effectiveness of their work o May save a lot of time § As the risk associated w/ the control being tested increases, the external auditor should do more of the work • Client wants us to rely on their work b/c they want to reduce their bill Identifying Significant Accounts • Size & composition of account • Susceptibility to misstatement due to errors or fraud • Volume of activity, complexity, & homogeneity of the individual transactions processed through the account or reflected in the disclosure • Nature of the account or disclosure • Accounting & reporting complexities associated w/ the account or disclosure • Exposure to losses in the account • Possibility of significant contingent liabilities arising from the activities reflected in the account or disclosure • Existence of related-party transactions in account • Changes from the prior period in account or disclosure characteristics Sources of Misstatements • Understand the flow of transactions related to the relevant assertions • Identify the points within the entity’s processes at which a misstatement could arise that would be material • Identify the controls that management has implemented to address these potential misstatements • Identify the controls that management has implemented over the prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could result in a material misstatement of the F/S Test the design & operating effectiveness of controls • Evaluate design • Test & evaluate operating effectiveness o Nature—inquiry, inspection of documents, observation, & reperformance o Timing—interim vs. “as of” date o Extent—consider 1) nature of the control, 2) frequency of operation, and 3) importance of the control § The more important/frequent, the more testing you’ll do Evaluate Identified Control Deficiencies • Auditor must consider the likelihood & magnitude of the control deficiency • Risk factors: o Nature of F/S accounts, disclosures, & assertions involved o Susceptibility of the related asset or liability to loss or fraud o Subjectivity, complexity, or extent of judgment required to determine the amount involved o Interaction or relationship of the control w. other controls, including whether they are interdependent or redundant o Interaction of the deficiencies o Possible future consequences of the deficiency • If a deficiency (or combination) prevents the auditor from having reasonable assurance that transactions are recorded properly, the auditor should treat the deficiency as an indicator of a material weakness Remediation of a material weakness • Remediation—process of correcting a material weakness in the ICFR o If a material weakness is corrected before the “as of” date, there must be sufficient time for both management & the auditor to test the operating effectiveness of the control—if not, an adverse opinion is still issued Written Representations • Auditor must obtain written representations from management related to the audit of ICFR • Failure to obtain written representations from management, including managements’ refusal to furnish them, constitutes a limitation on the scope of the audit sufficient to preclude an unqualified opinion Auditor’s Documentation Requirements • Auditor must properly document the processes, procedures, judgments, & results relating to the audit of internal control • When an entity has effective ICFR, the auditor should be able to perform sufficient testing of controls to assess CR for all relevant assertions at a low level • Should include: o 1. Auditor’s understanding & evaluation of the design of each of the components of ICFR o 2. Process used to determine the points at which misstatements could occur o 3. Extent to which the auditor relied upon the work of others o 4. Evaluation of any deficiencies discovered or other findings which could result in a report modification Auditor’s Report on ICFR • Once auditor has completed the audit of internal control, they must issue an appropriate report to accompany management’s assessment, published in the company’s annual report o Auditor’s report contains an opinion of the effectiveness of ICFR based on the auditor’s independent audit work • Types of Reports: o Unqualified opinion—client’s internal control is designed & operating effectively (no material weaknesses) § Control deficiency or significant deficiency • As long as combo isn’t greater than material weakness § Minor effect o Disclaim an opinion—serious scope limitation § Rare o Adverse opinion—when a material weakness is identified § If there’s even ONE material misstatement § Severe limitation
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'