Title: Auditing
1 - Auditing
- Attestation
- Assurance
- Fraud
2Truisms
- In God We Trust, All Others We Audit
- Trust but verify
- Be not suspicious but be darn skeptical
- When all else fails, use common sense
- Use common sense before you use anything else
3Introduction
- What is an Assurance service?
- What is an Attestation service?
- What is Auditing?
- What is the difference between Accounting and
auditing?
4What do the following scenarios have in common?
- Making a valuation statement about the accuracy
and validity of someones decisions/assertions - An auto mechanic tells you that your alternator
is defective? - A stereo salesman suggests that a certain brand
of CD player is the best value for the money. - A cellular phone company claims to have the best
rates in the area.
5What do the following scenarios have in common?
- A dentist urges you to put a crown on a tooth.
- Your friends tell you to take Route 1 instead of
Route 95 to get to your destination. - A recruiter pushes his companys employee
benefits program during an interview. - Management releases reports showing a 20 percent
growth in revenue and profits.Aunt Edna tells
you to put a cold compress on your tooth?
6Common Themes
- Relevance
- Reliability
- Users expectations of auditors behavior
7Methods to encourage appropriate behavior
- GAAS
- SEC
- Legal Liability
- Code of Conduct
- Peer Reviews
8Is fraud present?
- Definition of fraud
- Managements responsibility
- Auditors responsibility
9Overview of Auditing
10What is an Audit and what value does it have?
- Agent/Principal, Asymmetry of Information, and
self-protection. - Value Added--banks,creditors, government
- formal definition--systematic process of
objectively obtaining and evaluating evidence
regarding assertions about economic transactions
and events to ascertain the degree of
correspondence between assertions and established
criteria and communicate the results to users of
financial statements.
11Types of auditors?
- The good, the bad, the ugly, and the untouchable.
- formal definition--an independent party that
obtains and evaluates evidence to determine
agreement between managements assertions and
established criteria. Must plan and perform the
audit to obtain reasonable assurance that the f/s
are free from material misstatements.
12Auditors Responsibility
- Financial statements (assertions) are the
responsibility of management. - Auditors responsibility is to opine that the f/s
are, or are not, free of material misstatements
(errors, irregularities, fraud) based on evidence
obtained (GAAS).
13Types of Audits
- Financial
- Compliance
- Operational
- Forensic
- F/S fraud
- Insurance fraud
- Embezzlement
- Money laundering
- Matrimonial disputes
14Types of fraud (against and on behalf of)
- Misappropriation of assets vs fraudulent
financial reporting
15Why do frauds occur?
- Perceived pressure
- Perceived opportunity
- Ability to rationalize
16Auditing vs attestation vs assurance
- Examinations-expresses written opinion
17Auditing vs attestation vs assurance
- Attestations engagements--expresses written
conclusion. .
18Auditing vs attestation vs assurance
- Assurance services--improves the quality of
information. care services, TAMU vs UT,
19Generally Accepted Auditing Standards
- General Standards-TIP
- Field Work Standards - PIE
- Reporting Standards - DOGC / GCDO
20Professional Code of Conduct
- General stds of ideal conduct with rules and
examples of misconduct. - Four parts to the AICPA code of conduct.
- Principles
- Rules of Conduct
- Interpretations
- Rulings
21Rules of Conduct
- independence, intergrity and objectivity, general
stds, compliance w/stds, acctg principles,
confidential info, acts discreditable,
advertising, commissions, and forms of practice.
22Ethical behavior
- Conduct that differs from what is considered
appropriate under the circumstances - Core valuesTrustworthiness, respect.
- Ethical dilemmas
23Independence
- Independence in Fact and Independence in
Appearance - Advocateto be or not to be.
- Unbiased in the performance of tests, evaluation
of those tests, and in issuance of the report
24Independence
25Independence
- Direct financial interest
- Covered members(ability to influence engagement)
- Members on ET and their spouses/immediate family
- Certain Partners
- Timing
- Materiality
- Participate
- Do not participate
26Independence
- Indirect financial interest
- Mutual funds
- Nondependent/close relatives
- Timing
- Covered members(ability to influence engagement)
- Members on ET and their spouses/immediate family
- Certain Partners
- Participate
- Materiality
- Aware
- Do not participate
- Materiality
- Aware
27Independence
- Direct managerial interest
- Auditor and dependent/close relatives
- Timing
- Positions
- Audit sensitive
- Significant influence
- Participate
- Do not participate
28Independence
- Indirect managerial interest
- Positions
- Audit sensitive
- Significant influence
- Nondependent/close relatives
- Covered members(ability to influence engagement)
- Members on ET and their spouses/immediate family
- Certain Partners
- Timing
- Participate
- Do not participate
29Auditors Reports
- Attestation/GAAS
- Examinations, reviews, and agreed upon procedures
- Reporting Stds
- Objective of reporting stds
30NO Qualifications
- Unqualified report
- Std three par report pg 17-2
- f/s present fairly
31Modifications without qualifying
- Uncertainties (litigation)
- Going Concerns
32Modifications without qualifying
- Departures from promulgated GAAP
- reliance on other auditors
- External (sharingpredecessor/successor)
- Internal
33Qualified for Scope limitations--pg 17-6
- Reasons to qualify (except for) for scope
limitations
34Qualified for Disclosure problems--pg 17-14
- Reasons to qualify (except for) for disclosure
problems
35Qualified (maybe) for Changes in GAAP or
departures from GAAP
- Determining afffect on opinion depends on the
answers to the following - Changing from GAAP to GAAP?
- Is the method of change GAAP?
- Is there adequate justification?
- Yes
- No
36Adverse pg 17-13
- F/S as a whole are/are not misleading.
- Reasons for giving an adverse?
37Disclaimer pg 17-8
- What happens to the scope paragraph?
- Reasons for giving a disclaimer?
38Other Reporting Issues
- No piecemeal opinions
- Use of a specialist
- Updating the report (same) (17-21)
- Updating the report (17-22)
- Changing prior opinion
- Different (qualified vs unqualified)
- Dual dating
39Attestation stds vs GAAS
- Similarites in TIP PIE GCDO
- Differences in TIP PIE GCDO
40Reporting on other information and special reports
- Other information (not required) presented with
F/S - Other information (required)--segments
- Other information(required)--supplementary
information - Other information(not required)--schedules
41Special reports
- OCBOA pg18-8
- Specified elements pg18-10
- Agreed upon procedures pg18-11
42Special reports
- Compliance with contractual agreements (loan
covenant reviews) pg18-13 - Special purpose financial statements pg 18-13
- Prescribed forms pg18-14
43Deficient Report
44Summary and Examples
- Sharing responsibility
- Emphasis of a matter
- Departure from GAAP
- Inconsistency in GAAP (justified or not
justified) - Uncertainty
- Going Concern
45Summary and Examples
- Billing rates-Proof Positive
- QC4
- Reporting on I/C
46Overview of audit process
- Obtain client
- Understand client
- Standard
- Strategic processes
- Formulate audit plan
- Determine level of risks
- Evaluate I/C
- Test I/C if warranted
- Perform substantive tests
47Audit Time Line
- Strategy and budgets---April/May
- Analytical Reviews and draft of
program---July/August - Obtain/document understanding of I/C
- Perform testEvaulate resultsAssess
risks-----Sept/Oct - Substantive tests Subsequent events Rep letter
Report---Dec/Feb
48Obtaining the client
- CHANGING AUDITORS
- WALK INS
- REFERRALS (STAFF AND CLIENTS)
- BIDS (PROPOSAL LETTER)
- ADVERTISING
49Accepting Client
- CREDIT CHECKS
- PRIOR F/S
- PRIOR AUDITORS
- INQUIRE OF THIRD PARTIES (SMALL CLIENTS)--MAGNUM
PI - DESIRED INFORMATION
50Engagement letters
- Contractual relationship
- Explains responsibilities
- New and continuing clients
- 1136 Tenants Case
51Understanding industry and economic conditions
- Organization structure
- Production lines
- Capital structure
52Understanding industry and economic conditions
- Operational structure, locations of subs
- related parties SAS 57
- how to identify?
- Distribution methods
- Compensation policies
- Control structure
53Understanding industry and economic conditions
- Control environment
- Risk assessment
- Control activities
- Information and communication
- Monitoring
- acctg principles
- risk areas
- risk factors of significance
- red flags-danger signals to auditors
54Sources of industry and economic information
- Touring facilities
- Transaction reviews
- Trade publications and business periodicals
- SEC filings
- prior year wps
- Audit guides
55Formulate audit plan
- Perform Analytical reviews
- Determine audit strategy
- materiality
- Assess audit risk
- ARIR CR DR
- Assess risk of fraud
- Types
- Responsibility
- Reasons
- Risk factors
56Formulate audit plan
- audit program--road map
- EDP
- Staffing
- Specialist
- Use of internal auditors
57Types of fraud
- Financial reporting (mgmt)
- Misappropriation of assets (employees/customers)
58Reasons frauds occur
- Pressure
- Opportunity
- Ability to rationalize
59Responsibility for detection
- Management
- Auditor
- SAS no. 1 The auditor has a responsibility to
plan and perform the audit to obtain reasonable
assurance about whether the financial statements
are free of material misstatement, whether caused
by error or fraud.
60Risk Factors associated with
- Fraudulent financial reporting
- Misappropriation of assets
61Common techniques used in fraudulent financial
reporting
- Usually involves accounts receivables, inventory,
expenses, revenues
62Purpose of ICS
- is to provide reasonable assurance that
managements objectives will be met. Safeguard
assets, provide reliable data (safeg
authorsegrdocu indep rev), promote operating
efficiency (indep revmonitoringsafegbudget
rev), and compliance with applicable laws.
63The Internal Control Structure
- Why test I/C procedures?
- Questions to ponder
- 45M in billings were placed in a drawer and
forgotten when the accountant was out sick. - customer did not pay 15m for shipped merch.
because their purchasing mgr was out of town. - client has several cking acctscks are not
prenumberedvoids cks are discarded and the
number reused How would you determine that all
disbursements were recorded and were appropriate.
64The Internal Control Structure
- Questions to ponder
- client ordered chemicals for resale from
different supplier because of cheaper price.
chemicals were unstable and contaminated
customers supply. client lost customer and is
facing a lawsuit. - are 94 sales included with 95 sales are 95
expenses included with 96 expenses are all
liabilities recorded - how do you know that cash exist complete
accuratein the proper periodproperly
valuedpresented and disclosed properlybelongs
to the company.
65Components of I/C S
- control environment
- risk assessment
- control activities
- information communication
- monitoring
66Control environment
- overall attitude--inherent risk factors (no board
of dir/audit committee no I/A dept lacks
integrity)--Tone at the top
67control environment
- embezzelment computer down time
- aggressive in taking bus risks
- monitors operations--owner/mgr...
- pressures to achieve unrealistic
goals--Managements philosophy - methods of assigning authority
68control environment
- use of budgets, forecasts
- hiring , training, promotions, compensation
- involvement of directors and audit committee
- regulatory agencies
69Risk assessment
- What are the risks associated with achieving
control objectives? - What are the risks associated with providing
reliable data? - What are the risks that data is incomplete, does
not exist, not accuarate, not properly valued?
70Control activities
- Performance reviews
- Information processing
- Safeguarding assets
- Segregation of duties
71Information Communication (Accounting system)
- documents, journals, ledgers
- identify, classify, record, report all valid
transitions (consistent with magmata objectives)
on a timely basis, in the proper period, and for
the proper amount.
72Auditor must know (information and communication)
- all classes of transactions,
- how transactions originatehow a sale is made
revenue recognition policies how a liability is
incurred - all files and records, flow of the documents
- computer interface, normal and abnormal
transactions - how accruals and estimates are made
73Monitoring
- Typical supervisory and/or managerial functions
to track the effectiveness of I/C
74Different systems for different companies
- size, industry,regulatory requirements,complexity
- cost of implementing system (concept of
reasonable assurance) - computer Vs no computer, integrity of personnel,
degree of seg. of duties - internal auditors, easy access to assets.
75Limitations
- errors
- collusion
- management override
76Auditor considers I/C S in determining the N,T,
E of Sub Test
- Test of I/C procedures vs sub test
- test of i/c are employees performing their
duties. test that are directed toward the design
or operation of an internal control structured
procedure to assess its effectiveness in
preventing or detecting material misstatements in
a f/s assertion. - standard audit procedures--I I O C R
77Sub test
- provides evidence of likely monetary error
- test of details and analytical procedures to
detect material misstatements in the account
balance, transaction or f/s assertion. - standard audit procedures--I I O C R
78Assessment of I/C risk
- Must decide the degree of risk that the control
structure does or does not provide some
predetermined level of assurance that
managements assertions are free of material
misstatements.
79Assessment of I/C risk
- obtain and document understanding of how the
systems should work. - inquiry, inspection, observation, prior
experience - origination and disposition of transaction,
documents used, depts and personnel - more detailed if reliance approach used vs subst
approach - auditable? identify I/R?
80Preliminary assess--
- C/R at maximum if no reliance is planned or it is
not cost beneficial to perform I/C tests--small
clientprepaidsaccrualsintangibles--limited
number of transactions--subst approach
81Preliminary assess ---
- C/R at less than a maximum if reliance is planned
and auditor can identify controls he/she wants to
place on--reliance approach
82Test controls and evaluate results
- (increase/decrease preliminary assessment of C/R)
to - determine the N,T, E of sub tests (interim tests)
83Timing and situational risk factors--
- even if results appear positive
- sampling risk
- observational risk
- incompetence
84The assessment of C/R
- should be done for each acct and for each audit
objective(assertion). - Keep in mind the type of misstatements that would
occur (over/under)
85Verify mgmts assertions
86Existence
- from g/l to document
- tests for overstatement
- based on your direct knowledge or
interrelationships - sales represents goods shipped or services
rendered. A/R are for amounts owned by
non-fictitious customers at the b/s date.
87Completeness
- from document to g/l
- tests for understatement
- based on direct knowledge or interrelationships
- all credit and cash transactions were properly
recorded (inputted and processed)
88Accuracy
- transactions, journals are accurate (reconciled,
footed, extensions)--princes and
quantitiesdebits and credits - based on review and resolution of errors
identified in edit runs and exception reports
89Nature of evidence gathered to verify assertions
- Underlying accounting data
- Corroborating information
- physical,external,internal,analytical,reperformanc
e - canceled cks,invoices, contracts, minutes, client
rep letter, atty letter, confirmations
90Evidence must be evaluated for its competency and
sufficiency
- competent--persuasive not convincing evidence
- valid and relevant (reliable and
useful)--persuasive
91sufficiency
- depends on audit risk and materiality
- Audit risk (ARIRX CR X DR)
- present fairly in all material ....
- the risk that a material error /irreg. showing up
in the f/s - the risk that the wrong opinion was issued
- level of audit risk should be low
92IR--
- nature and characteristic of the account. Depends
on industry, regulation, economy, number of
transactions
93CR--
- based on assessment of internal control procedures
94DR--
- level of sub test---quality control
95Materiality
- how much error can you live with
- defined during planning and revised during the
audit - allowance for undetected errors
96Materiality
- b/s, i/s
- score sheet
- Number of items examined depends on sampling,
judgment, costs of reperformance,etc.
97Revenue/accounts receivable/cash receipts
- Control functions
- sales order control
- execution of order control
- invoicing control
- recording
- cash receipts
98Management assertions and control activities
- Existence/completeness/accuracy?
- Safeguard
- Segregation of duties
- Independent reviews
- Proper documents
- Proper authorization
99sales order control (phys, seg, indp, doc,
auth)ltgt (E,C,C,A,V,RO,PD)
- credit department receives and approves customer
order. - prepares sales order for shipping, billing, and
customer
100execution of order control (phys, seg, indp, doc,
auth)ltgt (E,C,C,A,V,RO,PD)
- shipping /stores prepares shipping documents for
billing and customer. - updates perpetual records
101invoicing control (billing) (phys, seg, indp,
doc, auth)ltgt (E,C,C,A,V,RO,PD)
- prepares invoice based on s/o and shp/d for
customer and accts/rec - enters transaction in the sales register
102recording control (accts rec) (phys, seg, indp,
doc, auth)ltgt (E,C,C,A,V,RO,PD)
- updates sub ledger
- prepares COGS entry
103cash receipts (phys, seg, indp, doc, auth)ltgt
(E,C,C,A,V,RO,PD)
- lock box
- listing--names and amounts--gt to accts rec for
posting - remittances endorsed immediately for deposit only
104cash receipts (phys, seg, indp, doc, auth)ltgt
(E,C,C,A,V,RO,PD)
- cashier deposits remittances daily--gtdeposit slip
sent to accts rec for posting - total cash receipts (daily) posted to CR journal
and reconciled with listing and control accts. - establish control over post dated or incorrect
cks
105Cash receipts (phys, seg, indp, doc, auth)ltgt
(E,C,C,A,V,RO,PD)
- returned cks (customer NSF ck)
- should be controlled by employee not involved
with making the deposits or recording the entries
106Testing control procedures---pgs 10-12 10-13
- Authorization
- Proper doc
- Safeguarding assets/accuracy
- Indp reviews
- Seg. of duties
107Expenses/accts pay/cash disb
- Control functions
- requisition
- purchasing
- receiving
- recording
- cash disb
108Requisition (phys, seg, indp, doc, auth)ltgt
(E,C,C,A,V,RO,PD)
- prepares purchase requisition
- examines merch for validity
- updates perpetuals
109Purchasing (phys, seg, indp, doc, auth)ltgt
(E,C,C,A,V,RO,PD)
- based on requisition approves purchase (prepares
PO) and selects vendor.
110Receiving (phys, seg, indp, doc, auth)ltgt
(E,C,C,A,V,RO,PD)
- receives merch and prepares receiving doc
- distributes merch
111Recording (phys, seg, indp, doc, auth)ltgt
(E,C,C,A,V,RO,PD)
- based on RO,PO, RD,Inv, prepares voucher
- updates voucher register and a/p sub ledger
112cash disb (phys, seg, indp, doc, auth)ltgt
(E,C,C,A,V,RO,PD)
- validity of supporting doc
- signer of cks indep of CR and CD functions
- signer cancels docs
113cash disb (phys, seg, indp, doc, auth)ltgt
(E,C,C,A,V,RO,PD)
- cks are pre-numbered
- cks are mailed by signer and not the preparer
- cks not made to cash or bearer
114cash disb (phys, seg, indp, doc, auth)ltgt
(E,C,C,A,V,RO,PD)
- cks not signed in advance
- unsigned cks and blank cks properly safeguarded
- petty cash used for small , miscellaneous
disbursements
115Testing control procedures--pgs 12-12 , 12-13
- Authorization
- Seg. of duties
- Proper doc
- Indp reviews
- Safeguarding assets
116(No Transcript)
117Summary
- Preliminary review
- obtain and document understanding
- Develop plan based on preliminary assessement
- Reliance planned
- Substantive test
118Review--test I/C for A/R Rev
- Which cycle? Which account? (RevenuePayments
SalesA/RInventory COGS) - Which assertion/objective? (AccuracyCompleteness
Existence) - Which control procedure?---Testing
authorization.... - Which control function? (Sales order Execution
of order ) - Which files? Which documents?
119Review--test I/C for A/R Rev
- Which audit procedures?
- inspect doc for signatures
- inspect doc for proof of math accuracy (recompute
extensions--PxQ) - inquire about credit granting policies
120Review--test I/C for A/R Rev
- Which audit procedures?
- inspect/observe posting and authorization for
postings (any intentional under/over footings - inspect/observe proof of authorizations for
correcting entries (from exception reports) and
clients review of numerical control - inspect/observe proof of authorization for
shipping (all docs)
121Substantive tests--Accts Rec
- Purpose of sub tests
- Control functions
- Control procedures
- Audit objectives
122Substantive tests--Accts Rec
- Completeness, Accuracy, and Cutoff
- test math accuracy
- cutoff tests
- unmatched items
- test numerical sequence--if not prenumbered
123Substantive tests--Accts Rec
- Existence Rights and Obligations
- confirmations
- confirmation procedures
- population
- reconcile with sub
- select sample (unusal balances)
- positive
- negative
124Substantive tests--Accts Rec
- confirmation exceptions
- unable to locate
- timing diff
- true exceptions
125Substantive tests--Accts Rec
- If you cannot send confirmations
- sales orders
- contracts
- shipping doc
- cash receipts and remittance advice
- postings
126Substantive tests--Accts Rec
- Lapping
- lockboxsegregationvacationmonthly statements
- Tests for collectability
- review and test aging schedule
- review problem accts
127Other substantive tests
- test math accuracy of ledgers
- examine credits and returns after year-end
- examine write-offs before and after year-end
- examine contingent sales agreements
- examine related party sales
128Substantive tests--Cash
- Types
- Confirmation
- bank reconciliation
- transfer tests
- cash counts
- proof of cash
129Confirmation
- Standard
- Normally done at year-end and interim
- Also request a cutoff statement
- confirm all accounts open during the year
- other information--LTD
130Bank reconciliation
- Standard --
- May review over a given period.
131Bank transfer test--
- provides reasonable assurance that kiting has not
occurred - compare dates that disb and receipts were
recorded in g/l with date disb and receipts
recorded by the bank
132Proof of cash
133General
- review cash transactions until field work ends
for unusual payments to officers, temporary
reduction in N/P, or payments to unrecognized
vendors. - any restrictions
134Inventory--Substantive tests
- Mckesson Robbins
- Required by GAAS
135Planning
- Client has primary responsibility
- Review clients instructions
136Observation
- s/b well informed regarding industry---may need a
specialist - inventory s/b well arranged to detect
consignments, age and neglect, movements,
shipments, receipts, awaiting repair or delivery.
137Observation-test counts
- confirm accuracy
- corroborate existence
- records info from tag numbers for later tracing
to summerization - how many depends on judgement, error rate, type
of inventory, client request
138Observation-tag/sheet control
139Other tests
140Difficult inventories
- logs in river
- piles of coal/scrap metal
- vats of chemicals
- cattle ranch
141If inventory not observed
- alternative procedures on beginning or ending
inventoy - over slept
142Variable sampling
- Classicial
- MPU
- Difference estimation
- Ratio estimation
- PPS
- Use for testing overstatements
143Sampling risk
- compliment of confidence level
- incorrect acceptance (overreliance)
- incorrect rejection (underreliance)
144Precisionmaterialitytolerable rate
- Precision intervalAVPrecision
- Sample size
- based on planned precision n(_at_/PP)
- planned precision is an adjusted TR determined by
IA, IR.
145SS does not determine IA, IR, nor TR
- as PP increasesgtSS decreases
- as CL decreasesgtcauses IA IR to increase
(allowed to go up)gtincrease in PPgtSS
decreases
146(No Transcript)
147(No Transcript)
148(No Transcript)
149Common law
- based on prior legal decisions
- varies by state
- burden of proof on plaintiff
150Liabilitiy to client and subrogee under common law
- Can sue for ordinary negligence, gross
negligence, fraud - Breach of contract
- Lack of confidentiality (special breach)
- Defalcation by employee not detected by CPA
(because did not follow gaas)
151Plaintiffs must show
- loss
- cpa had a duty to perform (privity)
- loss resulted from nonperformance of duty (breach)
152CPA can show
- not negligent
- followed GAAS
- causation defense
- contributory negligence
153Liability to third parties under common law
- Can only sue for gross negl and fraud unless
- Identified
- Forseen third parties (ord., gross, and fraud)
- Forseeable third parites (ord., gross, and fraud)
154Liability under statutory law
- 1933 act
- burden of proof on CPA
- any buyer of shares can sue for ord. gross or
fraud - cpa must prove due diligence
1551934 act
- cpa liable for loss to buyer and seller for
false or misleading stmt - burden of proof on plaintiff
1561934 act
- cpa must proove due diligence (18a only) and no
knowledge of false or misleading stmt. - Rule 10b-5