-
FIA Paper FAU Foundations in Audit
theexpgroup.com
Notes
ExPress Notes FIA Foundations in Audit
Page | 2 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
Contents
About ExPress Notes 3
1. Business environment and audit framework 7
2. Audit planning and risk 14
3. Internal control 20
4. Audit evidence and procedures 25
5. Audit completion 49
-
ExPress Notes FIA Foundations in Audit
Page | 3 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
START About ExPress Notes
We are very pleased that you have downloaded a copy of our
ExPress notes for this paper. We expect that you are keen to get on
with the job in hand, so we will keep the introduction brief.
First, we would like to draw your attention to the terms and
conditions of usage. Its a condition of printing these notes that
you agree to the terms and conditions of usage. These are available
to view at www.theexpgroup.com. Essentially, we want to help people
get through their exams. If you are a student for the ACCA exams
and you are using these notes for yourself only, you will have no
problems complying with our fair use policy.
You will however need to get our written permission in advance
if you want to use these notes as part of a training programme that
you are delivering.
WARNING! These notes are not designed to cover everything in the
syllabus!
They are designed to help you assimilate and understand the most
important areas for the exam as quickly as possible. If you study
from these notes only, you will not have covered everything that is
in the ACCA syllabus and study guide for this paper.
Components of an effective study system
On ExP classroom courses, we provide people with the following
learning materials:
x The ExPress notes for that paper x The ExP recommended course
notes / essential text or the ExPedite classroom
course notes where we have published our own course notes for
that paper x The ExP recommended exam kit for that paper. x In
addition, we will recommend a study text / complete text from one
of the ACCA
official publishers, but we do not necessarily give this as part
of a classroom course, as we think that it can sometimes slow
people down and reduce the time that they are able to spend
practising past questions.
ExP classroom course students will also have access to various
online support materials, including:
x The unique ExP & Me e-portal, which amongst other things
allows view again of the classroom course that was actually
attended.
x ExPand, our online learning tool and questions and answers
database
ExPress Notes FIA Foundations in Audit
Page | 4 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
Everybody in the World has free access to ACCAs own database of
past exam questions, answers, syllabus, study guide and examiners
commentaries on past sittings. This can be an invaluable resource.
You can find links to the most useful pages of the ACCA database
that are relevant to your study on ExPand at
www.theexpgroup.com.
How to get the most from these ExPress notes For people on a
classroom course, this is how we recommend that you use the suite
of learning materials that we provide. This depends where you are
in terms of your exam preparation for each paper.
Your stage in study for each paper
These ExPress notes
ExP recommended course notes, or ExPedite notes
ExP recommended exam kit
ACCA online past exams
Prior to study, e.g. deciding which optional papers to take
Skim through the ExPress notes to get a feel for whats in the
syllabus, the size of the paper and how much it appeals to you.
Dont use yet Dont use yet Have a quick look at the two most
recent real ACCA exam papers to get a feel for examiners style.
At the start of the learning phase
Work through each chapter of the ExPress notes in detail before
you then work through your course notes.
Dont try to feel that you have to understand everything just get
an idea for what you are about to study. Dont make any annotations
on the ExPress notes at this stage.
Work through in detail. Review each chapter after class at least
once. Make sure that you understand each area reasonably well, but
also make sure that you can recall key definitions, concepts,
approaches to exam questions, mnemonics, etc.
Nobody passes an exam by what they have studied we pass exams by
being efficient in being able to prove what we know. In other
words, you need to have effectively input the knowledge and be
effective in the output of what you know. Exam practice is key to
this.
Try to do at least one past exam question on the learning phase
for each major chapter.
Dont use at this stage.
-
ExPress Notes FIA Foundations in Audit
Page | 5 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
Your stage in study for each paper
These ExPress notes
ExP recommended course notes, or ExPedite notes
ExP recommended exam kit
ACCA online past exams
Practice phase Work through the ExPress notes again, this time
annotating to explain bits that you think are easy and be brave
enough to cross out the bits that you are confident youll remember
without reviewing them.
Avoid reading through your notes again. Try to focus on doing
past exam questions first and then go back to your course notes/
ExPress notes if theres something in an answer that you dont
understand.
This is your most important tool at this stage. You should aim
to have worked through and understood at least two or three
questions on each major area of the syllabus. You pass real exams
by passing mock exams. Dont be tempted to fall into passive
revision at this stage (e.g. reading notes or listening to CDs).
Passive revision tends to be a waste of time.
Download the two most recent real exam questions and answers.
Read through the technical articles written by the examiner. Read
through the two most recent examiners reports in detail. Read
through some other older ones. Try to see if there are any
recurring criticism he/ she makes. You must avoid these!
The night before the real exam
Read through the ExPress notes in full. Highlight the bits that
you think are important but you think you are most likely to
forget.
Unless there are specific bits that you feel you must revise,
avoid looking at your course notes. Give up on any areas that you
still dont understand. Its too late now.
Dont touch it! Do a final review of the two most recent
examiners reports for the paper you will be taking tomorrow.
At the door of the exam room before you go in.
Read quickly through the full set of ExPress notes, focusing on
areas youve highlighted, key workings, approaches to exam
questions, etc.
Avoid looking at them in detail, especially if the notes are
very big. It will scare you.
Leave at home. Leave at home.
ExPress Notes FIA Foundations in Audit
Page | 6 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
Our ExPress notes fit into our portfolio of materials as
follows:
Notes
Notes
Notes
Provide a base understanding of the most important areas of the
syllabus only.
Provide a comprehensive coverage of the syllabus and accompany
our face to face professional exam courses
Provide detailed coverage of particular technical areas and are
used on our Professional Development and Executive Programmes.
To maximise your chances of success in the exam we recommend you
visit www.theexpgroup.com where you will be able to access
additional free resources to help you in your studies.
START About The ExP Group
Born with a desire to be the leading supplier of business
training services, the ExP Group delivers courses through either
one of its permanent centres or onsite at a variety of locations
around the world. Our clients range from multinational household
corporate names, through local companies to individuals furthering
themselves through studying for one of the various professional
exams or professional development courses.
As well as courses for ACCA and other professional
qualifications, our portfolio of expertise covers all areas of
financial training ranging from introductory financial awareness
courses for non financial staff to high level corporate finance and
banking courses for senior executives.
Our expert team has worked with many different audiences around
the world ranging from graduate recruits through to senior board
level positions.
Full details about us can be found at www.theexpgroup.com and
for any specific enquiries please contact us at
[email protected].
-
ExPress Notes FIA Foundations in Audit
Page | 7 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
Chapter 1
Business environment and audit framework
START The Big Picture
For the financial markets to be efficient they need trust. The
investors must believe that the financial reports of companies are
true and free from errors. This assurance is provided by external
accountants that apply specialist procedures to the information
presented by companies in their financial statements. These
accountants are called auditors and are licensed by certain
organizations of public trust or by governments directly.
In order for their assurance to be meaningful there are some
strict requirements on who they should be and how they should
behave. These relate primarily to their independence there can be
no doubt that they work in the best interest of shareholders rather
than the companies being audited.
In the past, when such doubts arouse this led to the collapse of
both the company and its auditor (eg. Enron and Arthur Andersen) as
investors stopped believing both the companys financial reports and
their auditors.
ExPress Notes FIA Foundations in Audit
Page | 8 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
KEY KNOWLEDGE The purpose and scope of an audit
The need for the audit of the financial statements comes from
the demand for trust in financial markets. Shareholders of
companies hire managers to manage their businesses. Periodically
those owners want to assess the effectiveness of the management
actions. Thus they read the financial statements.
Yet it is the managers that are responsible for the preparation
of the financial statements.
In order to remove the potential conflict of interest, the
shareholders appoint auditors professionals who will assert that
the content of the financial statements shows a true and fair view
of the companys financial position and performance in accordance
with an accepted reporting framework (eg. International Financial
Reporting Standards).
The scope of auditors work is to provide reasonable (rather than
absolute) assurance that the financial statements are free of
material misstatement. They provide reasonable assurance because
their work is performed on a test basis given the limited time they
have to perform their procedures auditors cannot verify every
single transaction and event (which would effectively mean
reperform the accountants work over the period) they will first
analyse the internal control environment to check whether material
misstatements could be made by lack of controls and then they will
verify samples of transactions and balances to make sure that the
ultimate financial statements are not materially misstated.
The company
Owners
The managers
Financial statements
Auditors own
is managed by
who prepare
for
hire
to make sure that the financial statements are free from
material misstatement.
-
ExPress Notes FIA Foundations in Audit
Page | 9 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
KEY KNOWLEDGE Requirements for becoming an auditor
Only a member of a Recognised Supervisory Body (eg. ACCA) may
act as an auditor if that person is allowed to do it by the rules
of that body. In some jurisdictions auditors are authorized
directly by the state.
Since his role is to provide assurance on the financial
statements of the company the key requirement for becoming an
auditor in a company is that they must be independent of that
company.
Independence is defined as freedom from situations and
relationships where objectivity would be perceived to be impaired
by a reasonable and informed third party. An auditor must be and
must be seen to be independent. This means that despite his own
feeling about his independence and objectivity, it must be
absolutely clear to any informed external third party that there is
no threat to the auditors objectivity.
There are 5 threats to independence that the auditor must be
aware of:
1. Self interest eg. when the auditor is also an investor in the
company (or a lender) this poses a threat that his views on the
financial statements will be impacted by his investment
decisions.
2. Self review eg. when financial statements contain information
prepared by the auditor (through provision of some other
services).
3. Advocacy eg. when the auditor may be perceived as willing to
unduly support companys views without professional skepticism.
4. Familiarity eg. when the auditor becomes too familiar with
the company staff. 5. Intimidation eg. when the auditor may be
deterred from acting objectively by
threats, actual or perceived.
In order to reduce the threats above the audit profession
requires auditors to introduce safeguards against those threats.
Those safeguards will be implemented at the level of the profession
(eg. through education and experience requirements), at the level
of an audit firm (eg. through work practices, recruitment and
oversight procedures) and at the level of an individual (eg. being
in contact with professional bodies, complying with continuous
professional development requirements of the professional
body).
Professional ethics
ExPress Notes FIA Foundations in Audit
Page | 10 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
Auditors are required to adhere to the Code of Ethics issued by
their professional body (eg. ACCA for ACCA members with practicing
certificates).
A Code of Ethics was issued by IFAC (International Federation of
Accountants) which contains key requirements that auditors should
meet. Based on this code the professional bodies built their own
Code of Ethics which may be more demanding than the one of IFAC.
The professional bodies have the right to discipline their for
non-compliance with their Code of Ethics. This discipline
eventually ends with being removed from the register of members of
the body which effectively means being removed from the
profession.
The fundamental principles require the auditors to maintain 5
qualities in their behavior:
1. Integrity auditors should be straightforward and honest in
all professional and business relationships.
2. Objectivity auditors should not allow bias, conflicts of
interest or undue influence of others to override professional or
business judgments.
3. Professional competence and due care auditors have a
continuing duty to maintain professional knowledge and skill at a
level required to ensure that a client or employer receives
competent professional service based on current developments in
practice, legislation and techniques.
4. Confidentiality auditors should respect the confidentiality
of information acquired as a result of professional and business
relationships and should not disclose any such information to third
parties without proper and specific authority or unless there is a
legal or professional right or duty to disclose.
5. Professional behaviour auditors should comply with relevant
laws and regulations and should avoid any action that discredits
the profession.
KEY KNOWLEDGE Legal duties of auditors
In accordance with ISA 200 the auditor's duties are to:
obtain reasonable assurance about whether the financial
statements as a whole are free from material misstatement, whether
due to fraud or error;
express an opinion on whether the financial statements are
prepared, in all material respects, in accordance with an
applicable reporting framework; and
report on the financial statements, and communicate as required
by ISA's, in accordance with the auditor's findings.
-
ExPress Notes FIA Foundations in Audit
Page | 11 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
KEY KNOWLEDGE Auditors rights
During his work the auditor has the right to:
Access to the companys books and records. Receive information
and explanations necessary for the audit. Ro receive notice of and
attend any general meeting of members of the
company. Be heard at such meetings on matters of concern to the
auditor.
KEY KNOWLEDGE Liabilities of auditors
Auditors are liable for professional negligence which an auditor
may incur because of an act or default by him/her or by one of
his/her employees or associates which results in financial loss to
a client or third party to whom a duty of care is owed.
In recent years there have been a number of cases where
substantial sums have been claimed as damages for negligence
against accountants and auditors. In a number of cases it appears
that the claims may have arisen as a result of some
misunderstanding as to the degree of responsibility which the
accountant was expected to assume in giving advice or expressing an
opinion. It is therefore important to distinguish between:
(a) disputes arising from misunderstandings regarding the duties
assumed (the expectation gap); and
(b) negligence in carrying out agreed terms.
In order to limit the possibility of any liability to the
clients, the auditors should:
(a) clearly agree the terms of each engagement in an engagement
letter which details the responsibilities of the auditor and
separates them from the responsibilities of the company; and
(b) strictly adhere to the standards of auditing on which the
engagement is based (eg. International Standards on Auditing ISA)
in their work practices and evidence collection.
ExPress Notes FIA Foundations in Audit
Page | 12 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
Other methods of reducing the impact of potential litigation and
therefore restricting the liability include:
(a) obtaining a professional indemnity insurance (mandatory in
certain jurisdictions);
(b) acting through a limited liability company (not permitted in
certain jurisdictions).
KEY KNOWLEDGE Audit regulation
Auditors must follow a number of sets of regulatory
guidance:
1. The Code of Ethics
2. The Auditing Standards (for this examination the
International Standards on Auditing are the standards to be
followed)
3. Any national legislation relating to the profession of
auditors or in general the company law.
KEY KNOWLEDGE The impact of fraud
ISA 240 the Auditors Responsibilities Relating to Fraud in an
Audit of Financial Statements recognises that misstatement in the
financial statements can arise from either fraud or error. The
difference is whether the misstatement was intentional or
unintentional.
Fraud can be of two types:
(a) Misappropriation of assets the typical theft of companys
assets; or
(b) Fraudulent financial reporting leading to unjustified
amounts (eg. bonuses) being paid out which effectively is the same
as (a).
It is not the auditors responsibility to detect fraud. That is
because fraud is a criminal activity that is usually well
concealed. Auditors procedures should however allow to detect
material misstatements in the financial statements, including those
resulting from fraud.
This means that the auditor must consider whether there is a
possibility that the financial statements are misstatement as a
result of fraud and should obtain sufficient and appropriate
evidence on the likelihood of such a misstatement.
-
ExPress Notes FIA Foundations in Audit
Page | 13 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
KEY KNOWLEDGE External audit and internal audit
The IIA (Institute of Internal Auditors) defines internal
auditing as follows>
Internal auditing is an independent, objective assurance and
consulting activity designed to add value and improve an
organisations operations.
It helps an organisation accomplish its objectives by bringing a
systematic disciplined approach to evaluate and improve the
effectiveness of risk management, control and governance
processes.
Fundamental differences between internal and external
auditors
Both internal auditors and external auditors will have a major
interest in the effectiveness of a companys internal control
systems. Both are assurance providers and as such will make use of
similar techniques and procedures.
Due to these similarities the external auditors may find it
useful sometimes to use the work or the products of the work of
internal auditors. However, it is important for the external
auditor to always be aware of certain fundamental differences as
indicated below:
INTERNAL AUDITOR EXTERNAL AUDITOR SCOPE MANAGEMENT ISAs +
REGULATIONS APPROACH MANAGEMENT ISAs + REGULATIONS RESPONSIBILITY
MANAGEMENT SHAREHOLDERS
The differences mentioned above lead to different requirements
that one would have towards an internal auditor. Eg. the internal
auditor cannot possibly by independent of the company (he/she is an
employee of the company).
Thus a lot of care should be taken by auditors when attempting
to use the internal audit in their work.
ExPress Notes FIA Foundations in Audit
Page | 14 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
Chapter 2
Audit planning and risk
START The Big Picture
The objective of the auditor is to identify and assess the risks
of material misstatement, whether due to fraud or error, at the
financial statement and assertion levels, through understanding the
entity and its environment, including the entitys internal control,
thereby providing a basis for designing and implementing responses
to the assessed risks of material misstatement.
Planning an audit involves establishing the overall audit
strategy for the engagement and developing an audit plan. Adequate
planning benefits the audit of financial statements in several
ways, including the following:
Helping the auditor to devote appropriate attention to important
areas of the audit. Helping the auditor identify and resolve
potential problems on a timely basis. Helping the auditor properly
organize and manage the audit engagement so that it
is performed in an effective and efficient manner.
-
ExPress Notes FIA Foundations in Audit
Page | 15 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
Assisting in the selection of engagement team members with
appropriate levels of capabilities and competence to respond to
anticipated risks, and the proper assignment of work to them.
Facilitating the direction and supervision of engagement team
members and the review of their work.
Assisting, where applicable, in coordination of work done by
auditors of components and experts.
KEY KNOWLEDGE Audit strategy, audit plan and audit programme
(ISA 300)
An overall audit strategy sets the scope, timing and direction
of the audit, and guides the development of the audit plan.
The process of establishing the overall audit strategy should
assist the auditor to determine procedures, such matters as:
The resources to deploy for specific audit areas, such as the
use of appropriately experienced team members for high risk areas
or the involvement of experts on complex matters;
The amount of resources to allocate to specific audit areas,
such as the number of team members assigned to observe the
inventory count at material locations, the extent of review of
other auditors work in the case of group audits, or the audit
budget in hours to allocate to high risk areas;
When these resources are to be deployed, such as whether at an
interim audit stage or at key cutoff dates; and
How such resources are managed, directed and supervised, such as
when team briefing and debriefing meetings are expected to be held,
how engagement partner and manager reviews are expected to take
place (for example, on-site or off-site), and whether to complete
engagement quality control reviews.
Based on this strategy the auditor should develop an audit plan
that shall include a description of:
(a) The nature, timing and extent of planned risk assessment
procedures
(b) The nature, timing and extent of planned further audit
procedures
The audit plan is more detailed than the overall audit strategy
in that it includes the nature, timing and extent of audit
procedures to be performed by engagement team members.
ExPress Notes FIA Foundations in Audit
Page | 16 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
Planning for these audit procedures takes place over the course
of the audit as the audit plan for the engagement develops.
For example, planning of the auditors risk assessment procedures
occurs early in the audit process. However, planning the nature,
timing and extent of specific further audit procedures depends on
the outcome of those risk assessment procedures.
Audit programme is a list of specific procedures to be performed
and documentation to be collected for each specific class of
transactions of balances.
KEY KNOWLEDGE Risk assessment procedures (ISA 315)
Before collecting audit evidence and performing audit procedures
the auditor should perform risk assessment procedures. Those
procedures aim at determining the risk of material misstatement in
the financial statements. These procedures will include:
(a) Inquiries of management, and of others within the entity who
in the auditors judgment may have information that is likely to
assist in identifying risks of material misstatement due to fraud
or error.
(b) Analytical procedures (analysis of financial and not
financial information in order to detect trends and expectations
and investigate potential departures from those trends or
expectations).
(c) Observation and inspection.
Based on this risk assessment the auditor will conclude on the
likelihood of material misstatement at the financial statements
level and at the assertion level (eg. whether there are issues with
valuation, accuracy, completeness, rights and obligations,
occurrence etc.) and designs his/her procedures to make sure that
such potential material misstatements are detected.
KEY KNOWLEDGE Understanding the entity and its environment (ISA
315)
The auditor must understand the key features of an entity
including:
(a) industry or regulatory factors and applicable reporting
framework (eg. IFRS),
-
ExPress Notes FIA Foundations in Audit
Page | 17 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
(b) the nature of its operations, ownership and structure, (c)
entitys accounting policies, (d) entitys objectives and strategies,
(e) its financial performance in the past, (f) the internal control
environment relating to the financial reporting and control
activities relevant to audit, (g) the entitys business risk
management process, (h) entitys IT infrastructure and systems
KEY KNOWLEDGE Audit planning documentation (ISA 300)
The documentation of the overall audit strategy is a record of
the key decisions considered necessary to properly plan the audit
and to communicate significant matters to the engagement team. For
example, the auditor may summarize the overall audit strategy in
the form of a memorandum that contains key decisions regarding the
overall scope, timing and conduct of the audit.
The documentation of the audit plan is a record of the planned
nature, timing and extent of risk assessment procedures and further
audit procedures at the assertion level in response to the assessed
risks. It also serves as a record of the proper planning of the
audit procedures that can be reviewed and approved prior to their
performance. The auditor may use standard audit programs or audit
completion checklists, tailored as needed to reflect the particular
engagement circumstances.
KEY KNOWLEDGE Audit materiality (ISA 320)
Misstatements, including omissions, are considered to be
material if they, individually or in the aggregate, could
reasonably be expected to influence the economic decisions of users
taken on the basis of the financial statements.
The concept of materiality is applied by the auditor both in
planning and performing the audit, and in evaluating the effect of
identified misstatements on the audit and of
ExPress Notes FIA Foundations in Audit
Page | 18 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
uncorrected misstatements, if any, on the financial statements
and in forming the opinion in the auditors report.
Determining materiality involves the exercise of professional
judgment. A percentage is often applied to a chosen benchmark as a
starting point in determining materiality for the financial
statements as a whole.
Examples of benchmarks that may be appropriate, depending on the
circumstances of the entity, include categories of reported income
such as profit before tax (eg. errors in excess of 5-10% of profit
are considered material), total revenue (eg. errors in excess of
0,5-1% of revenue are considered material), total assets (eg.
errors in excess of 1-2% of total assets are considered
material).
However planning the audit solely to detect individually
material misstatements overlooks the fact that the aggregate of
individually immaterial misstatements may cause the financial
statements to be materially misstated, and leaves no margin for
possible undetected misstatements. Performance materiality (which
can be one or more amounts) is set to reduce to an appropriately
low level the probability that the aggregate of uncorrected and
undetected misstatements in the financial statements exceeds
materiality for the financial statements as a whole.
In other words performance materiality is a number which is
lower than overall materiality and if the procedures are design to
detect all errors in excess of performance materiality level then
the risk of a material misstatement resulting from aggregation of
undetected errors is reduced to an acceptable low level (that level
is determined by the auditor).
KEY KNOWLEDGE Audit risk
AUDIT RISK is very simply the overall risk that the auditor
gives an inappropriate audit opinion in his report.
Eg. if an auditor gave an unqualified opinion, when in fact the
company was not a going concern, then shareholders and others
placing reliance on this report in making economic decisions
relating to their dealings with the company might suffer financial
loss.
Audit risk is seen as being made up of 3 elements:
AUDIT RISK = INHERENT RISK x CONTROL RISK x DETECTION RISK
-
ExPress Notes FIA Foundations in Audit
Page | 19 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
The auditor must assess inherent risk and control risk but
cannot influence them, they are what they are. The only element
which the auditor can influence directly is detection risk, which
he must do in order to have overall an acceptable level of audit
risk.
Inherent risk is the risk that there may be material errors or
misstatements in the clients financial statements, before giving
consideration to any internal controls that may have been
established.
Eg. in a high tech company there is high risk of obsolescent
inventory which if not recognised could result in a material
overstatement of both profits and asset values.
Control risk is the risk that the clients internal control
systems will fail to prevent or detect material errors or
misstatements.
Eg. if there is not effective segregation of duties then there
is a much higher risk of employee fraud, without the need for
collusion, going undetected.
Detection risk is the risk that the auditors tests and enquiries
will fail to detect material errors or misstatements in the
transactions and balances reflected in the clients financial
statements.
Eg the detection risk is always greater with a new client
because the auditors have had less time to build up their knowledge
and understanding of the clients business and the risks to which it
is exposed.
Detection risk is seen to include the elements of:
1. Sampling risk eg. if the auditor selects too small a sample
size, it may not be representative of the population from which it
is drawn, resulting in the auditor reaching an invalid conclusion
about that population.
2. Non-sampling risk is any other risk that might result in the
auditor arriving at the wrong audit conclusion eg. if client
management were to deliberately provide the auditor with misleading
information and explanations.
ExPress Notes FIA Foundations in Audit
Page | 20 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
Chapter 3
Internal control
START The Big Picture
The internal control is a fundamental issue in auditing. The
auditors assessment of the control environment will impact on the
nature, timing and extent of his/her procedures. Logically the
better controls exist in the organization over the accounting and
financial reporting process the lower the risk that misstatements
appear in financial statement undetected by the organization
itself.
In the previous chapter the risk related to this was referred to
as control risk.
The auditor therefore will always perform an assessment of
control environment based on which he/she will determine how much
reliance can be placed on entitys internal controls and thus how
much procedure does the auditor need to do (how many procedures,
how large sample sizes the lower level of reliance on controls the
larger the sample to be tested by the auditor).
-
ExPress Notes FIA Foundations in Audit
Page | 21 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
KEY KNOWLEDGE General principles of internal control
ISA 315 Identifying and Assessing the Risks of Material
Misstatement Through Understanding the Entity and Its Environment
states that there are 5 components of internal control:
1. The control environment 2. The entitys risk assessment
process 3. The information system 4. Control activities 5.
Monitoring of controls
The IIA have provided the following useful definition:
An internal control is any action taken by management to enhance
the likelihood that established objectives and goals will be
achieved. Management plans, organises and directs the performance
of sufficient actions to provide reasonable assurance that
objectives and goals will be achieved. Thus, control is the result
of proper planning, organising and directing by management.
The UK Turnbull report gives us a useful summary of the main
purposes of an internal control system, by stating that internal
control consists of the policies, processes, tasks, behaviour and
other aspects of a company that taken together:
x Facilitate its effective and efficient operation by enabling
it to respond to significant business, operational, financial,
compliance and other risks to achieving the companys objectives.
This includes safeguarding the assets from inappropriate use or
from loss and fraud and ensuring that liabilities are identified
and managed.
x Help to ensure the quality of internal and external reporting.
x Help ensure compliance with applicable laws and regulation, and
also with internal
policies with respect to conduct of business.
Control activities
Control activities may be explained by the type or nature of
activity. These include (but are not limited to):
Segregation of duties - separating authorization, custody, and
record keeping roles of fraud or error by one person.
ExPress Notes FIA Foundations in Audit
Page | 22 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
Authorization of transactions - review of particular
transactions by an appropriate person.
Retention of records - maintaining documentation to substantiate
transactions. Supervision or monitoring of operations - observation
or review of ongoing
operational activity. Physical safeguards - usage of cameras,
locks, physical barriers, etc. to protect
property, such as merchandise inventory. Top-level
reviews-analysis of actual results versus organizational goals or
plans,
periodic and regular operational reviews, metrics, and other key
performance indicators (KPIs).
IT Security - usage of passwords, access logs, etc. to ensure
access restricted to authorized personnel.
Top level reviews-Management review of reports comparing actual
performance versus plans, goals, and established objectives.
Controls over information processing-A variety of control
activities are used in information processing. Examples include
edit checks of data entered, accounting for transactions in
numerical sequences, comparing file totals with control accounts,
and controlling access to data, files and programs.
Recording and evaluating the controls
Auditor must record and evaluate those controls. His/her work
will have two objectives:
(a) to verify whether a relevant control activity exists
Eg. to limit a possible fraud, an auditor would expect that the
person making bank transfers is no the same as the person
authorized to enter new counterparties into the system segregation
of duties.
(b) to verify that the control activity is actually
performed
Eg. continuing from previous example if the duties in this area
are segregated but the two persons shared their system passwords so
that they can cover for each other in case of absence the control
(even though relevant) is not effective and cannot be relied
on.
The auditor identifies key controls that he/she would expect to
see in order to rely on companys internal control systems,
documents their existence in the company and evaluates them through
tests of controls.
It may be possible that the auditors assessment of controls in
negative or that the expectation is that they are not existent or
not functioning properly (even before testing). In such
circumstances the auditor may not place reliance on control (or
even not test them)
-
ExPress Notes FIA Foundations in Audit
Page | 23 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
and perform fully substantive procedures ie. extensive audit
procedures with large sample sizes to accommodate for the fact that
control risk is high.
Techniques to record and evaluate controls in accounting
systems
IT systems require some additional knowledge from the auditor.
Specifically, internal control in a computer environment is
normally considered under 2 main headings:
1. General Controls These relate to the environment within which
computer systems are developed, operated and maintained. They will
therefore be relevant to all applications. They are often
sub-divided into administration controls and systems development
controls. They may be either manual or programmed. These will
include: use of passwords, segregation of duties between IT and
operational staff, back-ups etc.
2. Application Controls These relate to those activities which
have been
computerised and are concerned with the completeness and
accuracy of the processing of authorised data and the maintenance
of computer files. As with general controls, they may be either
manual or programmed. These will include: data verification on
input (eg. no debit without a corresponding credit), data
validation (eg. check digits), access control logs etc.
There are techniques of auditing the systems the auditor must
have an expectation of the controls he/she would see in the system
and over the inputs and outputs from the system (have in mind that
nowadays nearly all information in the financial statements is
generated by the accounting system and thus the control over
authorization and validation of inputs into this system becomes
crucial).
Auditor performs test of controls, often obtaining date from the
system and transferring them into spreadsheets to test their
accuracy or completeness. Sometimes the auditor is granted access
to the system to perform procedures directly on it.
KEY KNOWLEDGE Tests of controls (ISA 330)
Tests of controls are performed only on those controls that the
auditor has determined are suitably designed to prevent, or detect
and correct, a material misstatement
Typical methods of controls testing include:
ExPress Notes FIA Foundations in Audit
Page | 24 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
x inquiry x inspection (verifying that documents or reports are
physically authorized through a
signature) x reperformance x observation of control activities x
walkthrough tests where a transaction is followed through the
system x computer assisted auditing techniques (CAAT)
The nature of the particular control influences the type of
procedure required to obtain audit evidence about whether the
control was operating effectively. For example, if operating
effectiveness is evidenced by documentation, the auditor may decide
to inspect it to obtain audit evidence about operating
effectiveness. For other controls, however, documentation may not
be available or relevant.
In case of controls testing the concept of materiality is not
applied. In fact this is a black-or-white situation the control
either works or not it cannot work most of the time.
KEY KNOWLEDGE Communicating control deficiencies (ISA 265)
If the auditor detects deficiencies in internal controls (ie.
missing internal controls or existing internal controls not
operating effectively), the auditor will report those deficiencies
to those charged with governance if those deficiencies are
considered significant.
Such deficiencies will be communicated in writing in the form of
a Management Letter. The letter will include a description of the
deficiency and the effect that the deficiency might have on the
financial reporting process. Additionally the auditor may suggest
how the deficiency should be removed.
-
ExPress Notes FIA Foundations in Audit
Page | 25 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
Chapter 4
Audit evidence and procedures
START The Big Picture
This part of the syllabus is what people usually think the
auditor does. It is about collecting the evidence in order to
support conclusions that will take a form of auditors report and
opinion. The auditor takes a huge risk based on some limited
procedures over a limited period of time he/she issues an opinion
on the financial statements that are made up of thousands or
millions of transactions imagine consolidated financial statements
of a multinational group!
Thus the procedures must be very well designed to spot any
potential misstatements and the evidence collected must be such
that any other person would draw the same conclusions based on the
information available from the company.
ExPress Notes FIA Foundations in Audit
Page | 26 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
KEY KNOWLEDGE Financial statements assertions
An item in the financial statements may be misstated due to any
of a number of events that might have resulted in an error. Thus
the auditor, in his/her procedures should be able to verify that
none of these events had a material impact on the item.
The auditor therefore should use assertions for classes of
transactions, account balances, and presentation and disclosures in
sufficient detail to form a basis for the assessment of risks of
material misstatement and the design and performance of further
audit procedures.
Take an example of inventory. It can be misstated due to:
x items being miscounted during the count (Accuracy);
x items actually received after year end being included in the
year-end balance (Cut-off);
x items being incorrectly valued at cost while a net realisible
value was appropriate (Valuation);
x damaged items could have been counted as good ones
(Valuation);
x production cost may have been measured incorrectly (Valuation
or Accuracy);
x items might have been missed out of the inventory
(Existence).
The auditor uses assertions in assessing risks by considering
potential misstatements that may occur, and thereby designing audit
procedures that are responsive to the particular risks.
Assertions used by the auditor fall into the following
categories:
(a) Assertions about classes of transactions and events for the
period ended:
x Occurrence did the transactions actually occur and pertain to
the entity? x Completeness have all transactions, assets,
liabilities and equity balances
that related to the entity been recorded? x Accuracy - have
amounts, data and other information been recorded and
disclosed appropriately? x Cut-off - have transactions and
events been recorded in the correct
accounting period?
-
ExPress Notes FIA Foundations in Audit
Page | 27 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
x Classification - have transactions and events been: recorded
in the proper accounts?
(b) Assertions about account balances at the period end:
x Existence - do assets, liabilities and equity interests exist?
x Rights and obligations - does the entity hold or control the
rights to assets
and are liabilities the obligations of the entity? x
Completeness x Valuation and allocation - are assets, liabilities
and equity interests included in
the financial statements at appropriate values?
(c) Assertions about presentation and disclosure:
x Occurrence x Completeness x Classification and
understandability x Accuracy and valuation
The assertions are not individually assessed but quite often at
the same time.
Eg. To ensure completeness of electricity expense, the auditor
ensures the 12 months of payments were booked. Since the client may
record the bills paid on a cash basis, electricity expense of a
month of previous basis period might be entered in the current
year. Electricity expense of last month of current year might be
recorded next year. If the monthly fluctuation is immaterial, the
auditor always ignore the cut-off issue. In case where electricity
is a material expense, the auditor considers preparing adjustments
for year ended cut-off purpose so that the profit or loss would not
be materially misstated.
KEY KNOWLEDGE Audit evidence (ISA 500)
The auditor is required to collect sufficient and appropriate
evidence in order to justify the shape of his/her report and the
conclusions formed in his/her audit opinion.
The auditor considers reliability of audit evidence collected.
For instance, audit evidence is more reliable when it exists in
documentary form rather than subsequent oral representation of the
matters. Auditors consider reliability of information but involve
little authentication of evidence.
Methods or techniques of audit evidence gathering are classified
in 6 categories:
ExPress Notes FIA Foundations in Audit
Page | 28 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
1. Inspection 2. Observation 3. Inquiry 4. Confirmation (audit)
5. Re-performance 6. Analytical procedures
For example, the auditor perform vouching to ensure such
electricity expense occurred and whether correct amount was booked.
The auditor compares electricity expense of current and last year
to see whether there are fluctuations. If there are huge
fluctuations, the auditor may examine electricity together with
rental expense, water expense to find out reasons.
The evidence collected must be sufficient. What is sufficient is
a matter of auditors professional judgment. In exercising the
judgment the auditor takes into account the following facts:
x the risk of material misstatement; x the results of controls
tests; x the size of a population being tested; x the size of the
sample selected to test; and x the quality of the evidence
obtained
In general the higher the risk the more evidence should be
collected. Similarly the poorer the results of tests of controls
the more evidence from substantive testing will be necessary
etc.
Evidence is appropriate when it is: relevant and reliable.
Relevance is the feature of tests that determines whether the test
is the right one to address the financial statement assertion.
Eg. attendance at an inventory take is an excellent evidence of
inventorys existence.
Reliability of evidence is a feature that depends on a number of
factors. In general however:
Evidence more reliable Evidence less reliable
From independent external source From within the company Subject
to effective control Not subject to effective control
Obtained directly by the auditor Obtained indirectly through the
company
Written Oral Original Copy
-
ExPress Notes FIA Foundations in Audit
Page | 29 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
The more reliable the evidence the less of it needs to be
collected to support the decision taken for the audit opinion.
Substantive procedures
Substantive procedures (or substantive tests) are those
activities performed by the auditor during the substantive testing
stage of the audit that gather evidence as to the completeness,
validity and/or accuracy of account balances and underlying classes
of transactions.
Management implicitly assert that account balances and
underlying classes of transaction do not contain any material
misstatements: in other words, that they are materially complete,
valid and accurate. Auditors gather evidence about these assertions
by undertaking activities referred to as substantive
procedures.
Eg. An auditor may: physically examine inventory on the balance
sheet date as evidence that inventory shown in the accounting
records actually exists (validity assertion); arrange for suppliers
to confirm in writing the details of the amount owing at balance
date as evidence that accounts payable is complete (completeness
assertion); and make inquires of management about the
collectability of customers' accounts as evidence that trade
debtors is accurate as to its valuation.
There are two categories of substantive procedures - analytical
procedures and tests of detail. Analytical procedures generally
provide less reliable evidence than the tests of detail. Note also
that analytical procedures are applied in several different audit
stages, whereas tests of detail are only applied in the substantive
testing stage.
Substantive analytical procedures Tests of details
Comparisons of financial statement amounts with an auditor's
expectation.
Eg.
A comparison of actual interest expense for the year (a
financial statement amount) with an estimate of what that interest
expense should be. The estimate can be found by multiplying a
reasonable interest rate times the average balance of interest
bearing debt outstanding during the year (the auditor's
expectation). If actual interest expense differs significantly from
the expectation, the auditor explains the difference in audit
Direct tests of financial statement balances (substantive audit
procedures) that are not analytical procedures.
Eg.
x selecting a sample of items from the major account balances,
and finding hard evidence (e.g. invoices, bank statements) for
those items.
x physically examining inventory on balance date as evidence
that inventory shown in the accounting records actually exists
(validity assertion);
x arranging for suppliers to confirm in writing the details of
the amount owing at
ExPress Notes FIA Foundations in Audit
Page | 30 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
documentation. balance date as evidence that accounts payable is
complete (completeness assertion); and
x making inquires of management about the collectability of
customers' accounts as evidence that trade debtors is accurate as
to its valuation.
KEY KNOWLEDGE Audit sampling (ISA 530)
Audit sampling is the testing of less than 100% of the items
within a population to obtain and evaluate evidence about some
characteristic of that population, in order to form a conclusion
concerning the population.
The use of audit sampling, on all audit assignments, offers
innumerable benefits to all auditors. These include:
x developing a consistent approach to audit areas; x providing a
framework within which sufficient audit evidence is obtained; x
forcing clarification of audit thinking in determining how the
audit objectives
will be met; x minimising the risk of over-auditing; and x
facilitating more expeditious review of working papers.
It is crucial that the items selected should be representative,
in order to be able to form a conclusion on the entire population.
For if a test is applied only to those items which have a specific
feature (e.g., all customers balances exceeding $20,000) this
constitutes 100% examination of a sub-population (or selective
testing of high-value items) and the results cannot be projected to
the whole population.
Samples can be selected statistically (by using random selection
and then applying the probability theory to the analysis of the
results) or non-statistically if the sample is selected using any
other method. Example of methods are:
x random selection; x systematic selection (eg. every 10th item
is selected); x monetary unit selection (eg. every item containing
the multiple of 100 dollar
is selected) x haphazard selection no structured technique
applied by the auditor but
without bias
-
ExPress Notes FIA Foundations in Audit
Page | 31 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
The size of the sample will depend on the level of sampling risk
the auditor is willing to accept.
Sampling vs. non-sampling risk
Sampling risk is the risk that the auditors conclusion based on
the sample is different to that which would be reached if the whole
population was examined.
This may result in:
(a) the risk of incorrect rejection which arises when the sample
indicates a higher level of errors than is actually the case. This
situation is usually resolved by additional audit work being
performed;
(b) the risk of incorrect acceptance when material error is not
detected in a population because the sample failed to select
sufficient items containing errors. Such errors should be detected
by other complementary audit procedures.
Non-sampling risk is the component of detection risk that is not
related to the fact that the auditor only tests a sample. Examples
of sources of non-sampling risk include:
x failure to investigate significant fluctuations in
relationships when placing reliance on analytical procedures;
x placing reliance on management representations as a substitute
for other audit evidence that could reasonably be expected to be
available;
x errors not detected due to allocating staff without
appropriate skills or experience.
KEY KNOWLEDGE Computer assisted audit techniques (CAATs)
CAATs is the practice of using computers to automate or simplify
the audit process. In the broadest sense of the term, CAATs can
refer to any use of a computer during the audit.
CAATs is the practice of analyzing large volumes of data looking
for anomalies. A well designed CAATs audit will not be a sample,
but rather a complete review of all transactions. Using CAATs the
auditor will extract every transaction the business unit performed
during the period reviewed. The auditor will then test that data to
determine if there are any problems in the data.
Another advantage of CAATs is that it allows auditors to test
for specific risks. For example, an insurance company may want to
ensure that it doesn't pay any claims after a policy is terminated.
Using traditional audit techniques this risk would be very
difficult to test. The
ExPress Notes FIA Foundations in Audit
Page | 32 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
auditor would "randomly select" a "statistically valid" sample
of claims (usually 30-50.) They would then check to see if any of
those claims were processed after a policy was terminated. Since
the insurance company might process millions of claims the odds
that any of those 30-50 "randomly selected" claims occurred after
the policy was terminated is extremely unlikely. Even if one or two
of those claims was for a date of service after the policy
termination date, what does that tell the auditor?
In practical terms the use of CAAT can take 2 major forms:
(a) Audit software the auditor uses a specialised software to
facilitate sampling, data analysis, trend spotting, preparing
reports and letters;
(b) Using test data the auditor feeds the companys system with
test data containing errors. Subsequently the system is tested
whether the errors were correctly addressed by the system and
whether the data was rejected or treated in accordance with
expectations.
KEY KNOWLEDGE Audit procedures
Cash
Risks
x Cash transactions may not be recorded accurately
x Cash may not exist
Steps
1. Confirm selected bank accounts and special arrangements
Select bank accounts for confirmation in order to obtain a
moderate to low level of assurance that the aforementioned audit
objectives are achieved. Bank confirmations should be sent to all
banking relationships to identify accounts not included in the
general ledger.
Confirmation requests should be sent under our control and,
second requests and, where warranted, third requests should be
mailed when responses to confirmation requests have not been
received within a reasonable time.
Consider sending a special inquiry letter to ascertain the
existence of special arrangements or restrictions, for example,
compensating balance arrangements, security arrangements, written
guarantees.
-
ExPress Notes FIA Foundations in Audit
Page | 33 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
2. Review confirmation replies
For confirmations returned:
(a) agree account information and account balance to comparative
summary;
(b) investigate all discrepancies reported or questions raised
in review and determine whether any adjustments are necessary;
and
(c) assess impact of special arrangements or restrictions
identified and determine whether disclosure is appropriate.
3. Test accounts where there is no confirmation
In the unusual situation where we do not receive a bank
confirmation and are willing to forego the receipt of the bank
confirmation, consider performing the following procedures to
obtain a high level of assurance that the aforementioned audit
objectives are achieved:
(a) obtain subsequent month bank statement, bank reconciliation
and supporting documentation. Consider obtaining information
directly from the bank;
(b) test the mathematical accuracy of the bank reconciliation;
(accuracy)
(c) trace outstanding items listed on the bank reconciliation to
the subsequent month's bank statement and for those not traced,
trace to the cash disbursements records for the period prior to the
balance sheet date; (accuracy and existence/occurrence)
(d) trace deposits in transit listed on the bank reconciliation
to the subsequent month's bank statement and for those not traced,
trace to the cash receipts records for the period prior to the
balance sheet date; (accuracy and existence/occurrence)
(e) obtain explanation for large, unusual reconciling items and
trace to supporting documentation and/or entries in the cash
records, as appropriate; (accuracy and existence/occurrence)
(f) review the date the above items cleared the bank or were
recorded in the client's books to ensure appropriate recording
period. Trace to supporting documentation as necessary; and
(cut-off)
(g) investigate items such as, long outstanding items,
dishonoured checks and significant adjustments in the subsequent
month, and record adjustments as necessary. (accuracy and
existence/occurrence)
ExPress Notes FIA Foundations in Audit
Page | 34 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
4. Test bank reconciliations
Test bank reconciliation in order to obtain a moderate to low
level of assurance that the aforementioned audit objectives are
achieved by performing the following:
(a) test the mathematical accuracy of the reconciliation;
(accuracy)
(b) trace book balances on the client's bank reconciliation to
the comparative summary; (accuracy)
(c) trace bank balances on the client's bank reconciliation to
the bank statement; (accuracy)
(d) test reconciling items on the bank reconciliation by
performing the following:
i) obtain subsequent month bank statement and supporting
documentation. Consider obtaining information directly from the
bank;
ii) trace outstanding items listed on the bank reconciliation to
the subsequent month's bank statement and for those not traced,
trace to the cash disbursements records for the period prior to the
balance sheet date; (accuracy and existence/occurrence)
iii) trace deposits in transit listed on the bank reconciliation
to the subsequent month's bank statement and for those not traced,
trace to the cash receipts records for the period prior to the
balance sheet date; (accuracy and existence/occurrence)
iv) obtain explanation for large, unusual reconciling items and
trace to supporting documentation and/or entries in the cash
records, as appropriate; (accuracy and existence/occurrence)
v) review the date the above items cleared the bank or were
recorded in the client's books to ensure appropriate recording
period. Trace to supporting documentation as necessary; and
(cut-off)
vi) investigate items such as, long outstanding items,
dishonored checks and significant adjustments in the subsequent
month, and record adjustments as necessary (accuracy and
existence/occurrence).
(e) review client's bank reconciliation for review and approval
by appropriate management and timely completion of
reconciliation.
Account receivable
Risks
x The accounts receivable listing or individual balances may be
inaccurate
x Accounts receivable balances may not exist
-
ExPress Notes FIA Foundations in Audit
Page | 35 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
x Accounts receivable may not be collectible
x Bad debts write-offs may not be valid
x Sales transactions may be processed in the wrong period
Steps
1. Agree a detailed listing of accounts receivable to the
summary
Obtain a detailed listing of accounts receivable balances (aged
by customer, if possible) and:
(a) trace totals to the comparative summary of accounts
receivable balances;
(b) select reconciling items in order to obtain a moderate to
low level of assurance that accuracy is achieved and
i) trace these items to supporting documentation; and ii)
determine whether the results of the client's investigations have
been
reviewed and approved by a responsible official;
(c) test, to an extent to obtain a moderate to low level of
assurance, the mathematical accuracy of the detailed listing;
and
(d) if appropriate, examine support for any significant
adjustments made throughout the year in reconciling detailed
accounts receivable records with the account(s) in the general
ledger.
2. Positively confirm selected accounts receivable balances
Select customers' account from the detail accounts receivable
listing for positive confirmation in order to obtain a moderate to
low level of assurance that the aforementioned audit objectives are
achieved. Perform the following:
(a) send positive confirmation requests under our control. Where
appropriate, send itemized statements to customers to facilitate
responses. Second requests and, where warranted, third requests
should be mailed when responses to positive confirmation requests
have not been received within a reasonable time. When management
requests us not to confirm certain accounts receivable balances,
consider whether there are valid grounds for such a request. Before
accepting a refusal as justified, examine any available evidence to
support management's explanations.
(b) summarize confirmation coverage.
ExPress Notes FIA Foundations in Audit
Page | 36 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
3. Review confirmation replies
For confirmations returned:
(a) agree account information and account balance to detail
listing;
(b) reconcile the account detail between the returned
confirmation and the detail listing, where applicable; and
(c) investigate all reconciling items and determine whether any
adjustments are necessary.
4. Test accounts where there is no confirmation
When confirmation is not carried out, or where it is not
possible to confirm a selected amount (including where confirmation
requests are unanswered), select customer accounts from the detail
accounts receivable listing for verification and perform the steps
outlined below in order to obtain a moderate to low level of
assurance that the aforementioned audit objectives are
achieved.
(a) compare subsequent remittances credited to accounts with
remittance advices or other receipts (e.g. deposit slips and bank
statement) and ascertain that payments relate to the account
balances;
(b) examine documentation such as shipping documents, copies of
sales invoices, customer sales orders, and other relevant
correspondence supporting the unpaid portion of the account
balances. Coordinate this test with the review of the
collectability of overdue accounts; and
(c) consider whether it is necessary to verify further the
existence of the customer.
5. Assess adequacy of allowance for doubtful accounts
To an extent based upon materiality and inherent risk, assess
the adequacy of allowance for doubtful accounts by performing the
following procedures:
(a) obtain a list of accounts for which an allowance has been
established. Review and test the process used by management to
develop their estimate of collectability;
(b) where provisions are made by the use of formulae based on
the aged listing, determine by reference to the details in our
notes of the client's procedures whether the basis is:
i) consistent with prior years; ii) appropriate to the
circumstances of the business; and iii) in accordance with the
accounting policy;
-
ExPress Notes FIA Foundations in Audit
Page | 37 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
(c) determine the effect, if any, of the client's policies and
experiences regarding the timing of the passage of title, sales
returns and allowances where right of return exists, and bill and
hold situations; and
(d) discuss collectability with management and review other
documentation supporting collectability as necessary.
6. Review bad debt write-offs
Review, in order to obtain a moderate to low level of assurance
that valuation is achieved, bad debt write-offs by performing the
following:
(a) consider the reasonableness of bad debt expense in light of
the levels of bad debt write-offs compared with prior years;
and
(b) examine documentation relating to write-offs during the
period and determine whether the write-offs were properly
authorized.
7. Test sales/accounts receivable cutoff
Accounts receivable cutoff testing is typically performed in
conjunction with testing inventory cutoff and may be tested in the
Inventory audit area. If cutoff is tested in the Accounts
receivable audit area, perform the following:
Select sales and credit memoranda to obtain a moderate to low
level of assurance that cutoff is achieved by reviewing the cutoff
at the time of inventory taking and at year-end (if different) and
performing the following:
(a) for selected sales for periods before and after the cutoff
date, examine the related records of goods shipped and services
performed to determine that the sales invoices are recorded as
sales in the proper period;
(b) for selected credit (debit) memoranda for periods before and
after the cutoff date, examine the related records of returns and
claims from customers to determine that the credit (debit)
memoranda are recorded in the proper period;
(c) determine whether there are unusually high volumes of
returned goods after year-end; and
(d) consider unusual fluctuations in sales or return patterns
before and after year-end and, if present, review for possible
cutoff errors.
Inventory
Risks
x Inventory records may not be complete
ExPress Notes FIA Foundations in Audit
Page | 38 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
x Inventory transactions may be processed in the wrong
period
x Inventory items may not exist
x Inventory carrying values may not be realizable
Steps
1. Observe physical inventory
To an extent based on materiality and inherent risk, perform the
following:
(a) inspect the premises to determine whether:
i) the arrangement of inventory is such that an accurate count
is possible. ii) the inventory is in good condition with adequate
storage space, and
whether items are properly packed or binned in a convenient
manner for counting.
iii) scrap, obsolete, and damaged goods are adequately
identified and segregated.
iv) inventory owned by third parties is adequately identified
and segregated. v) inventories appear to be adequately safeguarded
against access by
unauthorized persons and protected against deterioration.
(b) in observing physical inventory counts, determine
whether:
i) the counts are carried out under proper supervision.
Determine whether this official is independent of the custody and
recording of inventory. Observe whether persons supervising the
inventory make test counts in all areas and review all areas where
inventory are kept to ensure that they have all been counted and
the counts are recorded.
ii) appropriate procedures are employed to control inventory
movements (e.g., transfers, stock picking, etc.) during the
count.
iii) quantities and descriptions are properly entered on the
inventory tags or sheets.
iv) the methods used to determine quantities are reasonably
accurate. v) there are adequate procedures for determining
quantities of goods not
susceptible to direct physical counting (e.g., screws, nails).
vi) count totals are adequately checked by persons other than the
original
counters. vii) there are adequate procedures to ensure that all
inventory (other than that
on the company's premises owned by others) is counted and that
no inventory is counted more than once.
viii) inventory on the company's premises owned by others has
been appropriately identified and counted.
-
ExPress Notes FIA Foundations in Audit
Page | 39 2014 The ExP Group. Individuals may reproduce this
material if it is for their own private study use only.
Reproduction by any means for any other purpose is prohibited.
These course materials are for educational purposes only and so are
necessarily simplified and summarised. Always obtain expert advice
on any specific issue. Refer to our full terms and conditions of
use. No liability for damage arising from use of these notes will
be accepted by the ExP Group.
ix) tags or count sheets are signed by individuals carrying out
the count, or other suitable means of identifying individuals
carrying out the count have been established, such as assigning
tags or count sheets to count teams.
(c) test the counting of inventory items by selecting items from
the inventory tags or sheets and perform an independent count.
Perform other counts of inventories and compare the results with
those recorded on the inventory tags or sheets by company
personnel. Follow up any differences noted in the counts. Record
selected items counted for subsequent comparison with priced
inventory listings. (Existence/Occurrence, Accuracy)
(d)