• Principal is the absentee owner - hires the agent
• Agent is the manager - hires the auditor
• Auditor is independent - adds credibility to financials
• Information asymmetry and conflicts of interest lead to information risk for the principal

• Competent
• Objective
• Honest
• Skeptical
• Responsible and/or liable

• Timely
• Reasonably priced
• Complete
• Effective
• Systematic and reliable
• Informative

• Auditing - systematic process of obtaining and evaluating evidence regarding assertions
• Attest - Services occur when a person needs to issue a report on subject matter that is the responsibility of another party
• Assurance - Independent services that improve the quality of information

• Management and Auditor discuss the terms of engagement
• Management implements internal controls, conducts transactions, and accumulates them into account balances for which the auditor obtains evidence
• Management prepares financial statements (makes assertions) and the Auditor tests management assertions against criteria (GAAP)
• The auditor determines the overall fairness of the financial statements
• The auditor issues an audit report to accompany the financial statements (communication) and Management issues the financial statements to users

• Client acceptance / continuance and establishing an understanding with the client
• Preliminary engagement activities
• Plan the audit
• Consider and audit internal controls
• Audit business processes and related accounts
• Complete the audit
• Evaluate results and issue audit report

• Industry, regulatory, and other external factors
• Nature of the entity
• Objectives, strategies and related business risks
• Measurement and review of the entity's financial performance
• Internal control

• Title
• Addressee
• Introductory paragraph
• Scope paragraph
• Opinion paragraph
• Explanatory paragraph referring to the audit of internal control
• Name of auditor
• Date of report

• Financing
• Purchasing
• Human resource management
• Inventory management
• Revenue

• Classes of transactions and events for the period under audit
• Account balances at the period end
• Presentation and disclosure

• Occurrence
• Completeness
• Authorization
• Accuracy
• Cutoff
• Classification

• Existence
• Rights and obligations
• Completeness
• Valuation and allocation

• Occurrence and rights and obligations
• Completeness
• Classification and understandability
• Accuracy and valuation

• General Standards
• Standards of Field Work
• Standards of Reporting

• Adequate technical training and proficiency
• Maintain independence in mental attitude
• Exercise due professional care

• Adequately plan the work and must properly supervise any assistants
• Obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of material misstatement of the financial statements
• Obtain sufficient appropriate audit evidence

• State whether the financials are presented in accordance with GAAP
• Identify in the auditor's report those circumstances in which such principles have not been consistently observed in the current period in relation to the preceding period
• State if the informative disclosures are not reasonably adequate
• Must express an opinion or state that an opinion cannot be expressed

10 GAAS Standards

GoFoR

TIP PIE ACDO

• Training
• Independence
• Professional Care

• Determine a materiality level for the overall financial statements (planning materiality)
• Determine tolerable misstatement
• Evaluate audit findings

• Prior misstatements
• Potential for fraud or illegal acts
• Small amounts may violate covenants in a loan agreement
• Small amounts may affect the trend in earnings
• Small amounts may cause entity to miss forecasted revenue or earnings

• Masks a change in earnings or trends
• Hides a failure to meet analysts' expectations
• Changes a loss into income or vice versa
• Concerns a significant segment of the business
• affects compliance with regulatory requirements
• Affects compliance with loan covenants
• increases management's compensation
• involves the concealment of an unlawful transaction
• may result in a significant positive or negative market reaction
• Intentional misstatements part of earnings management?

• Profit-oriented entity: 3% - 5% of profit before tax from continuing operations, or 0.5% of total revenues
• Not-for-profit entity: 0.5% of total expenses or total revenues
• Mutual fund industry: 0.5% of net asset value

• Not all accounts will be misstated by the full amount of their tolerable misstatement allocation
• Audits of the individual accounts are conducted simultaneously
• Materiality as a percentage of large accounts is often a very small fraction of the account and significant misstatements would be identified
• When errors are identified, the auditors typically perform additional procedures in that, and related accounts
• Overall financial statement materiality serves as a "safety net."

• Preliminary: to better understand the business and to plan the nature, timing, and extent of audit procedures
• Substantive: to obtain evidential matter about particular assertions related to account balances or classes of transactions
• Final: an overall review of the financial information in the final review stage of the audit

• Trend analysis: examination of changes in an account over time
• Ratio analysis: comparison across time of relationships between financial statement accounts or between an account and nonfinancial data
• Reasonableness analysis: development of a model to form an expectation using financial data, nonfinancial data, or both, to test account balances or changes in account balances between accounting periods

• Current Ratio
• Quick Ratio
• Operating Cash Flow Ratio

• Receivables turnover
• Days outstanding in accounts receivable
• Inventory Turnover
• Days of inventory on hand

• Gross profit percentage
• profit margin
• return on assets
• return on equity

• Debt to equity
• Times interest earned

AR = RMM X DR

(Expanded): AR = (IR X CR) X DR

Solve for appropriate level of detection risk:

DR = AR / RMM

INHERENT RISK

The susceptibility of an assertion to material misstatement, assuming no related controls.

• Level of reliance by external users
• Probability of financial failure
• Character or integrity of key personnel

CONTROL RISK

The risk that material misstatements that could occur will not be prevented, or detected and corrected, by internal controls.

The risk that the auditor will not detect a material misstatement that exists in the financial statements.

RISK OF MATERIAL MISSTATEMENT

The auditor’s combined assessment of inherent risk and control risk.

ENGAGEMENT RISK

The risk that the auditor is exposed to financial loss or damage to his or her professional reputation from litigation, adverse publicity, or other events arising in connection with financial statements audited and reported on.

BUSINESS RISK

Risks resulting from significant conditions, events, circumstances, and actions or inactions that could adversely affect management’s ability to execute its strategies and to achieve its objectives, or through the setting of inappropriate objectives or strategies.

• Effectiveness of internal controls
• Planned reliance on internal controls

• Nature of industry/business
• Character or integrity of key personnel
• Results of prior audits
• Amount and types of related party relationships and transactions
• Client motivation and incentives
• Complexity and routineness of transactions
• Level of subjective judgment required by account standards
• Degree to which assets are susceptible to theft

• Mathematical Recalculation
• Inquiry
• Reperformance
• Analytical Procedures
• Documents - Inspection of
• Confirmation
• Observation
• Physical Assets - Inspection of
• Scanning

• Tracing Checks for completeness by going bottom to top (Source document to Journal)
• Vouching Checks for occurrence by going top to bottom (Journal to source document)

• Evaluate the design of controls
• Determine if the controls have been implemented

• NO: (Substantive strategy) Set control risk at the maximum, rely on substantive procedures
• YES: (Reliance strategy) Perform tests of controls, perform substantive procedures based on level of assessed control risk

• Risk assessment procedures
• Tests of controls
• Substantive procedures

• Inquiries of appropriate management
• Inspection of documents
• Observation of the application of specific controls
• Walkthroughs
• Reperformance of the application of the control by the auditor

• Tests of details of classes of transactions, account balances, and disclosures
• Substantive analytical procedures

• (Low) Observation, Inquiry
• (Medium) Documents, confirmation, analytical procedures, scanning
• (High) Physical assets, reperformance, mathematical recalculation

• Control environment
• Entity's risk assessment process
• Control Activities
• Information and communications
• Monitoring of controls

• Communication and enforcement of integrity and ethical values
• A commitment to competence
• Participation of those charged with governance
• Management's philosophy and operating style
• Organizational structure
• Assignment of authority and responsibility
• Human resource policies and practices

• Changes in the operating environment
• New personnel
• New or revamped information systems
• Rapid growth
• New technology
• New business models, products, or activities
• Corporate restructurings
• Expanded international operations
• New accounting pronouncements

• Identify and record all valid transactions
• Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions for financial reporting
• Measure the value of transactions properly
• Determine the time period in which transactions occurred (proper accounting period)
• Properly present the transactions and related disclosures in the financial statements

• Performance reviews
• Information processing controls
• Physical controls
• Segregation of duties

• Establish a baseline for control effectiveness
• Design and execute monitoring procedures that are based on the significance of business risks relative to the entity's objectives
• Assessing and reporting results, including follow-up on corrective actions

• Develop an expectation
• Define a tolerable difference
• Compare the expectation to the recorded amount
• Investigate differences greater than the tolerable difference

• PCAOB (Public Company Accounting Oversight Board) for public companies
• ASB (Auditing Standards Board) for nonpublic companies

• Industry developments
• New products and services
• Expansion of the business
• New accounting requirements
• Regulatory requirements
• Current and prospective financing requirements
• Use of IT
• Effects of implementing a strategy, particularly any effects that will lead to new accounting requirements

• Known - No uncertainty
• Likely - Differences between management's and the auditor's judgments OR likely to exist based on an extrapolation from audit evidence

• Pressure / Incentive
• Opportunity
• Rationalization / Attitude

• misappropriation of assets
• Fraudulent financial reporting

Persuasive.  Why?

• Because audit must be completed in a reasonable amount of time and at a reasonable cost
• due to the nature of the evidence, it is not perfectly reliable

• Copies of the corporate charter
• chart of accounts
• organizational chart
• accounting manual
• copies of important contracts
• documentation of internal control (flowcharts)
• Terms of stock and bond issues
• Prior years' analytical procedure results

• Copy of financial statements and auditor's report
• Audit plan and audit programs
• Copies of minutes of important committee meetings
• Working trial balance
• Adjusting and reclassification journal entries
• Working papers supporting financial statement accounts

• Trial balance would contain only one line for "cash and cash equivalents" and the
• "C Lead" schedule would list all general ledger cash accounts

(1) to judge the adequacy of the evidence gathered to support any unusual or unexpected balances investigated during the audit

(2) determine if any other unusual balances or relationships have not been investigated

The size of the assurance bucket depends on how much assurance is desired for an assertion.  The bucket is filled with evidence that is drawn from the following tests (in order):

• Risk assessment procedures
• Tests of controls
• Substantive analytical procedures
• Remaining assurance needed from tests of details

• Consistent application of predefined business rules
• Performance of complex calculations in processing large volumes of transactions or data
• Enhancement of the timeliness, availability, and accuracy of information
• Facilitation of additional analysis of information
• Reduction in the risk that controls will be circumvented
• Enhancement of the ability to achieve effective segregation of duties

• Reliance on systems or programs that inaccurately process data, process inaccurate data, or both
• Unauthorized access to data that may result in destruction of data or improper changes to data
• Unauthorized changes to data in master files
• Unauthorized changes to systems or programs
• Failure to make necessary changes to systems or programs
• Inappropriate manual intervention
• Potential loss of data

• Segregation of duties
• Prenumbered documents that are accounted for
• Daily or monthly reconciliation of subsidiary records with independent review

• Prenumbered documents that are accounted for
• Segregation of duties
• daily or monthly reconciliation of subsidiary records with independent review

• Internal verification of amounts and calculations
• Monthly reconciliation of subsidiary records by an independent person

• General and specific authorization of transactions at important control points

• Procedures for prompt recording of transactions
• Internal review and verification

• Chart of accounts
• Internal review and verification

• Management override
• Human errors or mistakes
• Collusion

• Identify specific controls that will be relied upon
• Perform tests of controls
• Conclude on the achieved level of control risk

• Data center and network operations
• System software acquisition, change, and maintenance
• Access security
• Application system acquisition, development, and maintenance

• General controls
• Application controls

• Data capture controls
• data validation controls
• processing controls
• output controls
• error controls

• Limit test
• Range test
• Sequence check
• Existence test
• Field Test
• Sign test
• Check-digit verification