student notes

Home About

Resources Sample Questions

Store

You can customize your profile here.

EDIT PROFILE »

Need to logout? LOGOUT »

Article Typical Audit Engagement

Following are the steps in a fairly typical audit of a new client. This list is designed to show how the procedures in an audit engagement fit together. The steps presented here are roughly in chronological order but always remember that some degree of flexibility does exist. Think of this as a study guide more than as a design for an audit. Understanding an audit as a sequential process is helpful as you consider the work performed by the auditor. This knowledge will enable you to envision how each topic that you study fits into the overall engagement. I would not attempt to memorize these steps. It is an outline for an audit so that, as you study specific auditing procedures, you can understand the role each plays within the entire process.

1. The CPA or the CPA firm is approached by (or approaches) a potential audit client. Frequently, the client will open discussion for a future engagement to a number of audit firms allowing each to make a proposal.

2. As a professional, the CPA must make certain what type of assurance that the client wants and needs (a compilation, a review, an audit, or some other type of attestation). The CPA does not want to charge the client for a level of assurance that is not needed.

3. The auditor obtains general information about the possible client—its history, ownership, management, products, financing, profitability, relationship with former auditors, and the like. During the audit, this knowledge assists the auditor in making appropriate evaluations of the financial assertions made by the client. The auditor tours the client's office and plant examining production facilities, company records, tax returns, the accounting system, and the like. The auditor is attempting to determine the difficulty and risk involved in the engagement. The auditor also talks with key client personnel to ascertain their abilities and level of knowledge. If the engagement is accepted, the auditor must also gain an adequate understanding of the client's industry before making any specific evaluations. This knowledge is often gained by reading AICPA industry audit guides, looking at competing companies and the like.

4. The CPA firm makes a proposal to the client outlining the work to be done and the cost. The decision as to which firm to hire should be made by the Audit Committee of the Board of Directors to emphasize the auditor's independence from the management of the company.

5. The auditor cannot accept an engagement without further investigation. With client permission, the auditor talks with the predecessor auditor to assess the integrity of the client management and any potential accounting or auditing problems. New auditor also asks when and why predecessor felt obliged to communicate with company's audit committee. Such communications provide evidence about problems arising between auditor and management. Unless client has a very good reason, auditor will not pursue the job if not permitted to talk with predecessor auditor. Auditor does not talk with predecessor until an offer is made so that a bunch of firms seeking the engagement do not pester the predecessor over and over.

6. Auditor evaluates the firm's own ability to do the audit engagement by addressing issues such as: (a) is there any reason that the firm is not properly independent, (b) does the firm have (or can it get) sufficient knowledge of the industry to make evaluations of the assertions made by the client's management, (c) are the client's records in a

http://www.cpareviewforfree.com/profile.cfm

condition to be audited, (d) are there any auditing or accounting problems that pose too much risk, (e) does the client management have sufficient integrity? If everything is okay, auditor accepts the offer.

7. Auditor is required to have a documented understanding with client as to the services to be provided. It can be an engagement letter or a contract but no single form is mandated. This understanding should include the objectives of an audit, management's responsibilities, and the auditor's responsibilities.

8. Auditor returns to predecessor auditor to review working papers from past audits. Auditor focuses on a number of elements such as the establishment of asset cost figures, identifying specific accounting methods being used, the existence of contingencies, and other possible reporting problems. The auditor tends to concentrate more on balance sheet items because they carry over from year to year.

9. Auditor begins planning stage of the engagement. Auditor makes a preliminary assessment of the necessary size for a misstatement to be judged as material (an assessment which may change during the audit as more data is obtained). "Material" is defined as any misstatement of a size or quality that would cause decision makers to change their decisions. Misstatements are errors (unintentional mistakes), fraud (intentional mistakes to hide theft or manipulate the records), and direct illegal acts.

10. Management is responsible for the financial statements and makes five assertions about every group of accounts (inventory/cost of goods sold, for example) being reported as well as the financial statements as a whole: (1) they are valued correctly (the numbers were determined according to GAAP), (2) assets and debts do exist and transactions did occur (the account balance is not overstated—there are no extra amounts or transactions included), (3) presentation and disclosure within the financial statements is appropriate (the numbers are in the right place and the footnotes provide all necessary information), (4) all balances are complete (balance is not understated—no transactions or amounts have been left out), and (5) obligations – all debts are recorded and rights - the reporting company has title to all the reported assets.

11. Auditor seeks sufficient substantive evidence to corroborate these five assertions made by management. This evidence eventually provides a reasonable basis for determining whether the statements contain any material misstatements. If satisfied, the auditor's opinion provides reasonable assurance that the statements are presented fairly according to GAAP.

12. For each group of accounts, the auditor seeks to reduce the actual audit risk to an acceptably low level. Audit risk is the chance that a material misstatement will occur in one or more of management's assertions and manage to get into the released financial statements. Actual audit risk cannot be reduced to zero because the auditor does not look at all transactions and most audit procedures are performed by humans who can make mistakes. However, an acceptable level of audit risk can be achieved. That is the point where the risk that a material misstatement does exist in the financial statements has become so low that the auditor is willing to provide reasonable (but not perfect) assurance.

13. Audit risk is made up of three components: (1) inherent risk (the chance that a material misstatement could occur in an account group), (2) control risk (the chance that a material misstatement which had occurred would not be detected by the client's control system), and (3) detection risk (the chance that a material misstatement that had occurred and also gotten through the control system will not be detected by the independent auditor). The auditor cannot provide reasonable assurance until actual audit risk (the combination of these three separate risks) has been reduced to an acceptably low level.

14. Auditor first studies the company and estimates both the inherent risk and control risk associated with the organization and its operations. Auditor uses these estimated levels of inherent risk and control risk to determine what the acceptable level of detection risk must be to achieve the overall desired level of audit risk. If inherent and control risks are high, detection risk must be reduced a low level. If inherent and control risks are low, detection risk can be higher. Inherent risk and control risk are both assessments made by the auditor about the client. In contrast, detection risk varies based on the type and quantity of the auditor's work. Actual detection risk is then reduced to its acceptable level by performing substantive testing (to gather corroborating evidence). More testing reduces detection risk as does better testing (using more sophisticated techniques, for example, or testing closer to year end or using more experienced people.)

15. Throughout the assessment of both inherent risk and control risk and the performance of substantive tests (to reduce detection risk to the acceptable level), the auditor also must make an ongoing assessment of risk factors that could indicate that fraud has occurred. That is part of the risk assessment process. At the beginning of the audit (and throughout the engagement) members of the audit team (or the entire team) brainstorm as to where and how fraud might occur within the client company that would impact the financial reporting. This alerts the team to specific fraud risk factors relevant to this particular engagement. In addition, during the audit, the team looks for the existence of any of a long list of general fraud risk factors. If any of these factors are found, assessed risk levels are increased and additional testing will probably be necessary to compensate.

16. The auditor first assesses inherent risk in relation to various account groups. This judgment is based on: analytical procedures, past problems, integrity of management, materiality of the balance in question, evaluation of accounting system and personnel, etc. Inherent risk can be high for some accounts and low for others. If risk is higher than expected, additional substantive testing or better substantive testing is likely to be needed for a greater reduction in detection risk.

17. Analytical procedures must be performed at the beginning of the audit to help assess inherent risk. These procedures provide an overview; they do not look at individual transactions. The auditor sets an expected range for account balances, ratios, and other relationships (age of receivables, gross profit percentage, etc.) to see if client figures fall within this range. These auditor expectations come from budgets, competition, past balances, industry

figures, relationships with other accounts, and nonfinancial changes. Any client figure that falls outside of the expected range probably has a higher assessed level of inherent risk.

18. Auditor next seeks to assess control risk. To do this, the auditor must gain a general understanding of the client's internal control components: (a) control environment, (b) risk assessment, (c) control activities, (d) information and communication, (e) monitoring.

19. Based on an understanding of these control components, auditor makes a preliminary assessment of control risk. Auditor evaluates whether control risk seems to be at a maximum level or possibly below the maximum level. If judged to be at the maximum risk level (control appears to be weak), documentation of the components is necessary but no further work or documentation of control system is required. Even if the internal control looks as if it might be effective, auditor can still assume maximum control risk if further testing of control activities would be more expensive than any potential savings in time and money from reducing the amount of substantive testing.

20. If preliminary assessment of five controls components is that (a) control risk might possibly be below maximum level and (b) further testing of controls could reduce the cost of overall testing, auditor should perform tests of those controls. To do this, the auditor first determines the design of specific control activities within the individual systems. Determining the design of control activities within a specific system can be done by memorandum, questionnaire, and/or flow chart. Second, the auditor should anticipate the kinds of problems that might occur in this particular system. Third, the auditor should attempt to identify specific control activities within the design of the system that would significantly reduce the risk of misstatement by either preventing or detecting each of the anticipated problems. Fourth, for any such control activities that are identified, the auditor should ascertain whether these specific controls are operating effectively. This can be done by inquiry, observation, or by looking for physical proof of occurrence. Statistical sampling for attributes may be used here in testing effectiveness. Testing for attributes estimates a rate and can be used here to estimate an error rate.

21. The last component of audit risk is "detection risk," the chance that a material misstatement will be missed by the auditor. The auditor can only change the amount of detection risk. As mentioned previously, if inherent and/or control risks are assessed as high in relation to the acceptable level of audit risk, detection risk must be reduced by more testing or better testing (referred to as substantive testing). Conversely, if inherent and/or control risks are assessed as low in relation to the desired audit risk, the auditor can afford to do less testing or testing of a lesser quality.

22. After the assessment of inherent risk and control risk, the desired level of detection risk is set to reduce actual audit risk to the acceptable level. At that point, an audit program for the substantive tests to be performed is designed to ensure that sufficient, competent evidence will be obtained. This is a required procedure to indicate proper planning.

23. All kinds of substantive testing can be done to provide evidence about account balances. The nature, extent, and timing of the testing depend on the assessment of inherent risk, control risk, and the presence of any fraud risk factors. Testing done directly on an account balance is a "test of a balance." Testing of individual entries is a "test of details." Statistical sampling for variables is one technique used in some of the testing of balances procedures because it uses a sample in order to estimate a total (such as the account balance). (A) - All findings from the substantive testing are recorded in auditor's working papers (known as "audit documentation") to provide support for the auditor's opinion. (B) – Substantive testing includes confirmation, computation, reconciliation, vouching, tracing, inquiry, inspection, analytical procedures, etc. (C) - Cut-off testing is done for the period around year's end to make sure items are recorded in the correct time period. (D) - Auditor also tests transactions in the period subsequent to the end of the year to provide additional evidence and to look for transactions that need disclosure. (E) - Analytical procedures are required again at the very end of the audit to make sure that nothing was missed or overlooked. Final client figures may vary from the auditor's expectations so that further investigation is needed.

24. Auditor must get management to furnish a representation letter on last day (or later) to acknowledge its responsibility for the financial statements, to indicate its belief that statements are according to GAAP, to provide evidence for events that might not have other physical evidence, and to put oral representations made by management into a written form.

25. Audit firm issues an audit report to be attached to financial statements to provide opinion. An unqualified opinion typically has three paragraphs. The first (introductory) paragraph identifies the financial statements and indicates the responsibility of both the management and the audit firm. The second (scope) paragraph describes the audit and the work of the auditor. The third (opinion) paragraph indicates whether reasonable assurance is being given that the financial statements are presented fairly in all material respects in accordance with generally accepted accounting principles.

Back to Articles »

advertisements

http://www.webcpa.com/

© 2008-2011 CPAreviewforfree.com - All Rights Reserved - Terms and Conditions - Privacy Policy - Contact Us

Home About


Store


EDIT PROFILE »


Article Student Audit Notes--General Concept of Auditing

General concept of auditing: Someone’s hired to check up on, review, and follow up on something done by another person.

Three types of auditing:

1. Operational auditing – to make sure that operations in a company are running as prescribed (it has nothing to do with accounting or financial statements, so it is not discussed in this class).

2. Compliance auditing – to make sure that some sort of rule, regulation, law, or contract has been followed (such as school’s eligibility to financial aid, IRS doing tax law audits). Although auditor is interested in compliance, he leaves it up to others (such as the IRS) to deal with.

3. Financial statement audit – to audit (check, review, test) financial statements of a company to make sure that what’s reported in the financial statements is actually correct/true, i.e. the right numbers. After audit is done, the auditor issues an audit report, and in it will be an opinion stating whether financial statements are fairly stated.

Three types of auditors:

http://www.careerbank.com/

http://www.accountingcoach.com/


1. Internal auditor – auditor who’s on payroll of a company for the following purposes:

a. To have someone to do the same as an independent auditor

b. To make sure things were running properly.

Internal auditors do lots of operational and financial statement auditing, usually not compliance auditing.

Opinions of internal auditors are not accepted; after all, they’re still cashing paychecks of the company itself, so there’s lack of objectivity regardless of how much objectivity they can maintain.

2. Independent (external) auditor – auditor who works for CPA firm; is not on the payroll of a particular client; rather charges client a fee for engagement; works for a number of months at a time; issues an independent auditor’s report.

Inherent limitations of auditing:

Every audit has the following inherent limitations:

1. Human error and fatigue

2. Due to the high expense of doing audits, audits will never be perfect, since auditor will not look at everything; rather, the audit profession is OK with reasonable assurance, (not perfect, maximum, or absolute assurance), that the financial statements are fairly stated. As a result, every audit will have a certain degree of risk that the opinion given by the auditor is wrong – audit risk.

3. Client may still find a way to cheat, regardless of how much auditor does to stop the cheating. Cheating is done by collusion, which his almost impossible to stop.

GAAS vs. QCS:

GAAS Generally Accepted Auditing Standards

Measures quality of auditors work on particular engagement (one who conducts an audit is “cooking with GAAS”).

QCS Quality Control System Measures quality of work of entire CPA firm

Company with a good QCS is probably following GAAS, but it’s not a guarantee.

Company following GAAS probably has a good QCS, but it’s not a guarantee.

(One is an indicator for the other but not a guarantee.)

10 standards of GAAS divided into 3 groups:

GROUP I: General standards: (TIC: Training Independence Care)

1 T Training – Auditor should possess adequate training to perform audit.2 I Independence – To perform the audit, auditor must be independent in both fact and

appearance.3 C due professional Care – in planning and performing the audit, and preparing the audit report.

Requires that auditor maintain an attitude of “professional skepticism.” (Keep the open mind that client may not be the most honest person, though not the biggest cheat.)

GROUP II: Fieldwork standards: (PIE: Planning Internal Evidence)

Fieldwork = significant work done at the client’s place

4 P Planning the audit – Planning and supervision of staff to make sure their work is consistent with audit report.

5 I Internal control – Auditor must always get an understanding of internal control (IC), the inner workings at a client, which client puts in place to stop and prevent things from happening.

Based on the understanding and/or testing, (depending on how good or hoe poor the client’s controls are), auditor will help determine the NET (nature, extent, and timing) of the

substantive testing he needs to do.

If internal control is strong and reliable, and is able to find mistakes on its own the auditor’s will have to do less substantive testing; if internal control is not reliable, auditor will have to

do more substantive testing.

Substantive testing is the audit, where auditor goes out and gets the evidence that the financial statements are fairly stated.

In non-SOX or non-GAGAS audits, testing IC is not mandatory.

In SOX or GAGAS audits, auditor must test internal control.6 E Evidence – performing substantive testing to gather evidence regarding the amounts and

disclosures in financial statements so as to issue an opinion as to the fairness of financials.

GROUP III: Reporting standards (CPA DOE: Consistency, Principles Accounting, Disclosures, Opinion Expression)

Implicit standards – Unless audit report states otherwise, it’s assumed that they’re present; no news is good news.

7 C Consistency – Accounting principles must be consistent from period to period.8 D adequate Disclosures – Disclosures on the financials must be adequate

Explicit standards – must be stated in audit report (in the last paragraph).

9 OE Opinion Expression – audit report must either express an opinion or express a disclaimer of an opinion.

10 PA Principles of Accounting – Last sentence of audit report: “fairly stated in accordance with GAAP”

5 components of QCS: (PIC ME)

1 P Personnel – Hiring the right people, promoting them, firing bad people, making sure workers are developing professionally, assigning the right people to the right jobs, etc.

2 I Independence and objectivity – not to be bias3 C Client acceptance and retention – accepting new clients and retaining old clients

Concern is not to associate with clients who lack integrity. Because when the client’s name is “in the mud,” the accountant suffers (if he doesn’t withdraw), and it has a direct impact on

the staff of the CPA firm.4 M Monitoring – two types in CPA firms:

I – Administrating monitoring

¨Reviewing auditors’ potential conflict of interest:

They’d ask the auditor questions such as

Which company do you own stock in? (‘Cause you can’t audit that company since you’re an

owner).

Do you have relationships with anyone (wife, etc.) who works at the client?

¨Reviewing auditors’ personal files:

How many parts of the CPA exam did you pass?

Are you keeping up with your continuing education credits?

Let me see your college transcripts, what’s your GPA, etc.

II – Technical monitoring

Monitoring the job itself (although a normal audit is reviewed first by the senior, then manager, then senior manager, then partner, it still undergoes the following reviews:

Concurring partner (or wrap-up, or QCP [quality control partner]) review

Before an audit report is released to the public, it is reviewed by a second partner who is in charge of quality control (QC); he has no clients; he has only one job in this world: to do

these reviews.

¨PAR (post-audit review) – After the audit has been released, and filed away, someone on the staff, not associated with the audit, pulls out the file and reviews the audit – this time,

without any deadlines or stress – to check if there were no mistakes

All the previous reviews are done under SEC deadlines, so even a concurring partner, at the heat of the moment, may mess up (doing a cost-benefit analysis: cost of not releasing

audit in time).

¨Peer review – an external firm reviews work of auditor of firm; checks if an auditor would do the same type of testing or reach the same conclusion of firm’s auditor.

For independence purposes, it would be like: firm A reviews firm B, firm B reviews firm C, and firm C reviews firm A.

In non-SOX or non-GAGAS audits, peer reviews are not mandatory

In a SOX or GAGAS audit, there must be a peer review5 E Engagement performance – to make sure the job is being performed competently at each

level of the engagement, from staff member to manager to senior manager.

Back to Articles »

advertisements



Home About


Store


EDIT PROFILE »


Article Student Audit Notes--Standard Audit Report

Standard Audit Report ( memorize this report)

Title: Independent Auditor’s Report

Addressed to 1 of 2 bodies/groups: shareholders or board, not to management

3 paragraphs: (ISO) 1) Introduction

2) Scope paragraph

3) Opinion

Introductory: “We have audited (names of financial statements)…”

Mentions 2 responsibilities: management’s responsibility for their financial statements and auditor’s responsibility to express opinion on them.




Scope: “We conducted our audit in accordance with U.S. GAAS. Explains what GAAS is: “Those standards require that we plan and perform the audit to obtain reasonable assurance…”

(“Reasonable” means that every audit has a degree of audit risk.)

“…as to whether the financial statements are free of material misstatements.” (Not “any” misstatements, not of nickel and dime, but material.)

“An audit involves examining evidence on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit involves looking at the accounting principles used, significant estimates made by management, as well as overall financial statement presentation.”

Conclusion: “We believe that our audit provides a reasonable basis for our opinion.”

Opinion: “In our opinion, the financial statements referred to above present fairly, in all material respects, the financial position of, performance of, cash flows of, company XYZ in accordance with U.S. Generally Accepted Accounting Principles.”

Notice that there’s no mention of consistency or adequacy of disclosure since those are implicit standards, which means that no news is good news, but there is mention of GAAP and an expression of an opinion.

The report is then signed (with rubber stamp or manual signature), and it is dated the last day of fieldwork (significant time and work is does at the client)

5 types of opinions:

1) Unqualified and unmodified = No problems, no exceptions; all’s good.

2) Unqualified but modified = Innocent with an explanation

All’s good, but auditor needs to add some language or entire paragraphs to the report in order to explain certain things. It doesn’t mean that financials are not fairly stated, just auditor needed to add some explanation. For example, client makes a justified change in accounting principle, which auditor agrees with; nevertheless, even though auditor makes an unqualified opinion, he still must add a paragraph (called an explanatory paragraph) explaining that a change was made, because that change violates consistency.

3) Qualified = There was a material issue with GAAP or GAAS (like the auditor was unable to do his work).

Because of this material issue that went uncorrected, auditor needed to qualify his opinion; that means: everything’s OK “except for” something. The words “except for” are the magic words of a qualified opinion. The use in the audit report of “except for” language is material enough to qualify an opinion, material enough not to give a clean opinion, but not bad enough to give one of the (next) two severe opinions.

4) Adverse = There were highly material (usually multiple, severe) departures from GAAP that cause financial statements to be severely not fairly stated when taken as a whole.

It is very rare that a CPA firm survives to give such an opinion because as soon as client senses such that such a thing will happen, he’ll fire the auditor and go auditor shopping. People will find out, since the SEC will have the auditor to file an 8K stating why he left…

5) Disclaimer of an opinion = no opinion at all

One of two things happened:

1) There were circumstances that occurred where the auditor was simply unable to gather the evidence he needed to do the audit, so he felt more comfortable not giving any opinion at all.

(It doesn’t mean that the auditor had no information at all. He could have even audited 80%, but in certain areas enough to be material, he didn’t have information. For example, inventory was destroyed by fire.)

2) Client had stood in auditor’s way.

Adverse opinion is bad, but it can still be fixed up; disclaimer, even though it’s not as bad, it can’t be fixed up. Also, a disclaimer is not the same as having no audit at all. Having no audit is when no auditor was hired to do an audit. A disclaimer is when an auditor was hired, but there wasn’t enough information.

Back to Articles »

advertisements


Home About


Store


EDIT PROFILE »


Article Student Audit Notes--Auditor's Professional Responsibilities

Auditor’s professional responsibilities





The AICPA code of professional conduct (AICPA CPC) is a set of rules – not laws – that govern the conduct of accountants in general.

1. Independence – accounting auditor must be independent in fact and in appearance in order to do an audit.

Independence in fact: objectivity, being impartial, not being bias

Independence in appearance: no ownership in client, no relationship at client

Independence is ruined in following cases:

¨Direct financial interest (ownership) in the client (even owning 1 share of client’s stock), or having a relationship (such as spouse) who works at the client.

Ïndirect financial interest (ownership) in client through mutual stock or through relative if it’s material to auditor’s net worth

¨Loans between client and auditor generally don’t implicate independence as long as they are on the same terms as loans to others without special agreements.

Except for the following two situations, which ruin independence:

1) Post-1982 home mortgage, and

2) Audit fee outstanding for over a year since last year’s audit report date

The following engagements require independence:

1) audit, 2) review, 3) attestation

The following engagements do not require independence:

1) tax returns, 2) compilation (putting together financial statements), 3) consulting

2. Competency – Auditor shouldn’t accept a job that he can’t complete with complacency.

He may, however, accept the job even though he isn’t competent at the time as long as he’ll be competent when he finishes the job (e.g., he will take classes in that field).

3. Contingency fees – auditor is forbidden to work on contingent fees; that is, getting paid based on the result.

Except for the following two situations, which are permitted:

1) Reviewing a tax return prepared by a different accountant, and finding some overlooked refund, the accountant may charge a fee contingent upon his finding.

2) Representing one’s own client in a tax hearing in court may be contingent

4. Advertising – Auditor is permitted to advertise in any media as long as it’s not misleading (“cheapest prices” not allowed)

5. Commissions – Auditor is not permitted accept a commission for recommending a product or service to a client.

Ïf auditor accepts a commission, he must notify client about it, and he may not perform the audit for 1 year.

Ïf auditor is offered a discount that is offered to everyone else – equality – that’s OK.

6. Owning a CPA firm with non-CPA partners is allowed if:

¨More than half the owners are CPAs

¨Non-CPAs do no accounting work

¨The non-CPA partners are actively involved in whatever work they do for the firm; no non-CPA silent partners

¨Non-CPA partners follow the AICPA Code of Professional Conduct

7. Confidentiality – Under the AICPA Code of Professional Conduct, an auditor must keep his client’s information confidential.

Although by law, accountants don’t have the attorney-client privilege (law that protects confidentiality of communication between lawyer and client) that lawyers have.

Accordingly, the auditor may disclose information only if one of the following 3 situations occurs (3 Cs):

1) Court order, 2) Client permission, 3) CPA society review

8. Creditability – Auditor should not do anything in his personal or professional life that will discredit him

9. Discipline Within the Profession:

Local ethics violation is dealt with by the state CPA society; they may require the accountant take more education classes or may have the accountant ousted.

AICPA handles ethics consideration of national concern.

IRS and SEC can stop CPA from representing clients in their presence.

STATE ACCOUNTING BOARD issues state licenses.

Back to Articles »

advertisements





Home About


Store


EDIT PROFILE »


Article Student Audit Notes--Auditor's Professional Responsibilities

Auditor’s professional responsibilities

The AICPA code of professional conduct (AICPA CPC) is a set of rules – not laws – that govern the conduct of accountants in general.

1. Independence – accounting auditor must be independent in fact and in appearance in order to do an audit.

Independence in fact: objectivity, being impartial, not being bias

Independence in appearance: no ownership in client, no relationship at client

Independence is ruined in following cases:

¨Direct financial interest (ownership) in the client (even owning 1 share of client’s stock), or having a relationship (such as spouse) who works at the client.

Ïndirect financial interest (ownership) in client through mutual stock or through relative if it’s material to auditor’s net worth

¨Loans between client and auditor generally don’t implicate independence as long as they are on the same terms as loans to others without special agreements.

Except for the following two situations, which ruin independence:

1) Post-1982 home mortgage, and

2) Audit fee outstanding for over a year since last year’s audit report date

The following engagements require independence:

1) audit, 2) review, 3) attestation


The following engagements do not require independence:

1) tax returns, 2) compilation (putting together financial statements), 3) consulting

2. Competency – Auditor shouldn’t accept a job that he can’t complete with complacency.

He may, however, accept the job even though he isn’t competent at the time as long as he’ll be competent when he finishes the job (e.g., he will take classes in that field).

3. Contingency fees – auditor is forbidden to work on contingent fees; that is, getting paid based on the result.

Except for the following two situations, which are permitted:

1) Reviewing a tax return prepared by a different accountant, and finding some overlooked refund, the accountant may charge a fee contingent upon his finding.

2) Representing one’s own client in a tax hearing in court may be contingent

4. Advertising – Auditor is permitted to advertise in any media as long as it’s not misleading (“cheapest prices” not allowed)

5. Commissions – Auditor is not permitted accept a commission for recommending a product or service to a client.

Ïf auditor accepts a commission, he must notify client about it, and he may not perform the audit for 1 year.

Ïf auditor is offered a discount that is offered to everyone else – equality – that’s OK.

6. Owning a CPA firm with non-CPA partners is allowed if:

¨More than half the owners are CPAs

¨Non-CPAs do no accounting work

¨The non-CPA partners are actively involved in whatever work they do for the firm; no non-CPA silent partners

¨Non-CPA partners follow the AICPA Code of Professional Conduct

7. Confidentiality – Under the AICPA Code of Professional Conduct, an auditor must keep his client’s information confidential.

Although by law, accountants don’t have the attorney-client privilege (law that protects confidentiality of communication between lawyer and client) that lawyers have.

Accordingly, the auditor may disclose information only if one of the following 3 situations occurs (3 Cs):

1) Court order, 2) Client permission, 3) CPA society review

8. Creditability – Auditor should not do anything in his personal or professional life that will discredit him

9. Discipline Within the Profession:

Local ethics violation is dealt with by the state CPA society; they may require the accountant take more education classes or may have the accountant ousted.

AICPA handles ethics consideration of national concern.

IRS and SEC can stop CPA from representing clients in their presence.

STATE ACCOUNTING BOARD issues state licenses.

Back to Articles »

advertisements


Home About


Store


EDIT PROFILE »


Article Student Audit Notes--Auditor's Legal Responsibilities

Auditor’s Legal Responsibilities

1. Breach of contract – An auditor who fails to perform his service according to terms of engagement (etc.) may be sued for breach of contract





Who can sue? Under common law, the parties who are in privity of contract; they are: 1) client and 2) known third parties.

2. Negligence – 4 elements of negligence:

A – A duty of care is owed from CPA to client

B – Breach (there was a breach of that duty)

C – Causation (which caused)

D – Damages

Example: Client hires an auditor to perform an audit because they are borrowing money from First National Bank, and First National Bank wants audited financial statements. The auditor knows that First National Bank will be looking. The auditor forgot to properly audit A/R, which lead to A/R being overstated, and the client was able to obtain the loan based on these healthier-than-truth financial statements. The loan, however, was obtained from Second National Bank, and not from First National Bank. The client went into default on the loan; the auditor’s negligence was discovered, and Second National Bank is suing the auditor for negligence.

Ïn this country, there’s a division of views on negligence:

¨Majority rule: Client, known third parties, and foreseen third parties may sue. A foreseen third party is someone who uses the accountant’s work for the same reason as the known third party.

¨Very strong minority rule ( ultra mares ): Only client and known third parties may sue for negligence.

So, according to ultra mares, Second National Bank can’t sue, because it’s not the client or known third party. But under the majority rule, Second National Bank is a foreseen third party, because they used the accountant’s work for the same reason that First National Bank used it – to lend money.

3. Fraud – Auditor knows reports are materially misstated, yet still gives an unqualified opinion. There are 5 elements (FBIRD):

F False statement of factB Bad mind (knowledge of falsity, scienter (doing so and knowing about it)) (auditor knows he’s

lying)I Intend to induce reliance (auditor wants client to rely on his lie)R Relied justifiably (plaintiff did rely justifiably on the lie)D Damages were caused (due to relying on the lie)

Defenses against fraud:

¨Prove lack of knowledge of falsity (lack of scienter)

¨Prove that the person suing never read the financial statements (so he couldn’t have relied on them, and there was now justifiable reliance)

Who can sue? Client, known third parties, and reasonably foreseeable third parties (more foreseen third parties): such as investors, potential investors, etc. (practically everybody).

¨There’s a subtle difference between fraud and gross negligence (a.k.a. recklessness). Gross negligence has the same FBIRD as fraud except for the B (Bad mind). Instead of an outright knowledge of telling a lie, scienter, gross negligence is reckless disregard for truth (auditor doesn’t actually know that he’s lying, but so doesn’t care – beyond negligence – to be truthful).

There are degrees: innocence, negligence, gross negligence, and fraud. Negligence is not being careful. gross negligence (recklessness) is almost being spiteful, doing everything in one’s power to lie without getting caught.

4. RICO – Racketeering Influence Corrupt Organization – association with mafia or criminal-type activity.

If the accountant is associated with mafia, criminal-type activity (such as cover-up of drugs, bookmaking, alcohol, etc.), and helps them put up a front and creates false books to make it look like a legitimate business, he may be subject, among other things such as jail (for the criminal side of it), to being responsible for triple damages determined for being involved – called TREBL damages.

The following acts are now Federal law, (no longer standards, GAAP, etc.)

5. Private Securities Litigation Reform Act of 1995

An auditor of publicly traded company must plan and perform the audit to obtain a reasonable assurance of detecting material misstatements due to fraud or illegal acts.

Ïf auditor suspects such activity, he must bring it to the audit committee’s attention immediately.

Ïf the audit committee does not take corrective action, auditor must notify the board of directors. The board of directors then has 24 hours to do the following two things:

1) Notify SEC of auditor’s finding;

2) Send a copy of that notification to the auditor, so that he knows that SEC was notified.

Ïf, within those 24 hours, the auditor does not get this copy from board of directors saying that SEC was notified, then the auditor has 24 hours to notify SEC himself.

Even if he is going to withdraw from the engagement, he still must carry through with this notification. So the SEC will know about it within 48 hours.

6. Securities Act of 1933 regulates issuance primarily of new securities. It requires that new securities be registered, or there be an exemption from registration.

¨This registration requires audited financial statements, making an accountant a candidate for people who could potentially be sued.

¨For a plaintiff to win under the 1933 act is very easy: they just have to prove three things:

1) Plaintiff purchased the securities.

2) There was a material misstatement or omission in the registration statement.

3) Damages were suffered

¨Best defense for an accountant:

Due diligence – if accountant can show that he acted in the same manner any reasonably prudent accountant would have acted, he’s free from his responsibility.

Since there’s a presumption of negligence, the accountant must raise his own defense proving his innocence – affirmative defense.

7. Securities Exchange Act of 1934 – also called Reporting Act (or Watchdog Act).

¨Company must report under the 1934 Act if:

1) It’s traded on the national exchange

2) It satisfies the 5-Hundred-10-Million Rule – company has:

More than 500 shareholders, and

At least $10,000,000 in assets

¨The following 6 reports must be made under the 1934 Act:

1) 10K – yearend annual report with financial statements and an auditor’s report attached.

2) 10Q – quarterly report (doesn’t need audited financials but needs reviewed financials).

3) 8K – early warning report (when auditor finds fraud or illegal activity, or change of auditors, etc.).

4) When an officer, director, or a 10%-shareholder (an insider) sells his stock, SEC wants to know about it.

5) Whenever there’s a proxy solicitation (getting people to vote by postcard), SEC wants to know about it.

6) Whenever a tender offer is made by outsider to buy 5% ore more of company’s stock, SEC wants to know about it.

¨Violation of the 1934 Act: insider trading (trading on information not known to the public). SEC views this as fraud. One who proves FBIRD can sue also for 1934 Act.

Äuditor’s defense is the same as in farad.

8. SOX (Sarbanes Oxley Act) – An auditor for a publicly traded company (that reports under the 1934 Act) is subject to the rules of SOX.

¨SOX prohibits performance of an audit if CPA firm is also performing the following 10 (but not limited to 10) services:

1 Bookkeeping (or other services relating to the accounting records or financial statements of the audit client)

2 Financial information systems design and implementation (IT)3 Actuarial services4 Legal services unrelated to the audit5 Expert services unrelated to the audit6 Management functions7 Personnel (human resources: recruiting, hiring, firing)8 Internal audit outsourcing services9 Broker, dealer, investment advisor, or investment banking services

10 Valuation (appraisal or evaluation services, fairness opinions, or contribution-in-kind reports)

And any other service that the accounting board (PCAOB) determines, by regulation, is impermissible.

¨Preparing taxes for SOX client while doing an audit is permitted, but it requires a written authorization from client’s audit committee.

¨The 5-3-1 Rule: 5 – Partner on the job must be rotated every 5 years

3 – The CPA firm needs a peer review every 3 years

1 – If the CFO of the client worked for the CPA firm within last 1 year, that firm’s accountants cannot do the audit for that client.

Ïn a SOX audit, the auditor must test client’s internal control (IC) and must issue a separate report on its effectiveness.

Ïn a non-SOX audit, the auditor’s responsibility of internal control (IC) is just to understand it.

¨From the client’s perspective:

1) The client must have an audit committee made up entirely of outsiders, not employers, employees, or shareholders.

2) The client must give the auditor two separate assertions (letters):

a) Assertion on the effectiveness of their own Internal Control

b) Assertion on the reliability of their financial statements

3) SOX requires that a written engagement letter (contract) be put together, documenting the understanding of what the auditor’s responsibilities are and what the client’s responsibilities are.

In a non-SOX audit, an engagement letter is not required, but it’s highly recommended by GAAP.

Back to Articles »

advertisements






Home About


Store


EDIT PROFILE »


Article Student Audit Notes--Assertion

Assertion

Financial statement assertion – representation made by management that is embodied in the financial statement, (besides what SOX requires).

¨Management makes the assertions; accountants audit them and issue an opinion whether the management’s assertions where correct.

¨There are 5 (PERCV) financial statements assertions made by management. The audit revolves around these assertions. They are:

1 P Presentation and disclosure – This deals with:

Classification: current vs. non-current

Categorization: should something be capitalized or expensed

Adequacy of disclosure: footnotes

This applies to every line of every account.2 E Existence – checking whether it is real, is it true, is it valid

When client represents that something (such as an asset or investment) exists, he says that it’s true, it’s valid, it’s there.

Existence is more of a concern with assets than with liabilities: Are assets overstated? Do they really exist?

3 R Rights and obligations

Even if even if the assets and liabilities do exist,

Rights: does the client actually own them (assets)?

Obligations: does the client actually owe them (liabilities)?4 C Completeness – whatever should have been recorder is recorded in its right period and right

amount

Completeness is more of a concern with liabilities than with assets: Is the client understating the liability.

5 V Valuation – determine whether something is properly valued (appraised) on financial

statements.

Äuditor has to satisfy these items when client claims that he has them.

Back to Articles »

advertisements


Home About


Store


EDIT PROFILE »


Article Student Audit Notes--Fraud and Illegal Acts

Fraud

¨There are two types of fraud:





1. Financial statements deception = intentional misstatement = putting wrong numbers (= cooking the books, fudging the financials)

2. Misappropriation of assets = embezzlement [or, as on the CPA exam, defalcation] done by employees against the company and transmits to financial statements.

Auditor’s responsibility:

¨ No special responsibility to find fraud. In fact, in the engagement letter it’s stated: “We are not experts in finding fraud.” Auditor’s responsibility to find fraud is no different than to find errors.

¨To plan and perform audit to obtain reasonable assurance of detecting material misstatements due to fraud (to find out whether misstatements were due to mistakes, fraud, or illegal activities)

Flags of fraudulent financial statements (risk factors that would heighten auditor’s awareness of potential fraud):

1. Pending loan application

2. Impending stock offering (client would “juice up” net income to make boost stock value)

3. Bonuses are tied to performance (better the performance bigger the bonuses)

4. Declining industry (client wants to show he’s doing well despite that his industry is hurting)

5. Turnover of senior accounting personnel (when 3 or 4 high-end accountants walk out.)

Either they were dismissed because their too smart, and it’s hard to work around them, or maybe they know what’s going on, and they don’t want to be involved, so they quit.

Ïf auditor sees that there’s potential fraud, the auditor must do the following to change his audit approach:

1. Staff the job with more senior, more experienced personnel (who have and a greater chance to find fraud)

2. Zero reliance on client’s internal control (even if it was tested and it’s effective)

3. More substantive testing, closer to balance sheet date

4. More surprise testing

5. Lots more of inquiry of management (talking to a lot of people to catch them in double talk, conflicting facts, and lies which hopefully lead to catching fraud).

If auditor finds fraud, to whom does he communicate it?

Internal communication:

Ïf fraud is immaterial (to the financial statements) and committed by low-level employees, it’s communicated to the immediate superiors (GAAS: go one level above the problem)

Ïf fraud is material and committed by anybody, or

Ïf fraud is immaterial but committed by upper-level management,

Then it’s communicated to audit committee or its equivalent (i.e. the board of directors). If they don’t care, then based on QCS, auditor should withdraw from the engagement

Outside communication:

¨Fraud may be communicated to outsiders only in the following 3 cases:

a) Court order, subpoena

b) When a public audit changing auditors, the leaving auditor must fill out an 8K (an early warning report filed with SEC) that states the reason for leaving.

c) When successor (new) auditor communicates with predecessor (old) auditor, (for in order to talk to predecessor, he anyway needed client permission, so once permission is granted, he can talk about everything else).

Illegal Acts

¨There are two types of illegal acts:

1. Those that have a direct and material effect on the financial statements. (Example: tax evasion)

Auditor’s responsibility for illegal acts is no different than for errors or for fraud. His responsibility is to perform the audit to obtain reasonable assurance of detecting material misstatements due to illegal acts.

2. Those that have an indirect effect on the financial statements; that is, they didn’t yet impact the financials but it could in future.

Example: Auditor knows that his client, in manufacturing process, creates certain toxic wastes, and auditor notices that he’s not currently disposing of these toxic wastes; he wasn’t caught yet, no lawsuits yet, but there are potential fines, penalties, cleanup costs, lawsuits, etc. to come in the future

Auditor’s responsibility is to be aware of them, keep his eyes open, talk to management (about inspection, etc.), so when it becomes serious, he should not let the client get away with covering up any costs etc., but to make sure that not only is it properly accrued, but properly booked (with full disclosure).

Although auditor can’t give out the information (due to confidentiality), he should keep on top of when the situation becomes hot, at which time it may become a contingent liability, (maybe start booking cleanup costs or potential losses, etc. (The client may get a penalty and just bury it.)

Internal communication

Äll illegal acts, except those that are inconsequential (less than material), must be communicated directly to the audit committee

Ït is not enough for the auditor that the audit committee merely fixes the financial statements, we have to see corrective action; for example, firing workers.

Ïf audit committee does nothing, the auditor should withdraw from the engagement, not to associate will a client that lacks integrity.

Outside communication: same rules as with fraud.

Back to Articles »

advertisements


Home About


Store


EDIT PROFILE »


Article Student Audit Notes--Audit Risk

Audit risk

¨Found in every audit is some degree of audit risk. In fact, in the in the scope paragraph of the audit report, this audit risk is recognized through the words “reasonable assurance,” mostly because the auditor doesn’t look at everything.

¨Definition: audit risk is the risk that the financial statements will be materially misstated, and the auditor will fail to modify his audit report and will still give an unqualified opinion when he shouldn’t.

¨This risk is made up of 3 sub risks:

1. Inherent risk (client) – risk that martial misstatements will occur, and client has NO internal control in place to stop it.

Client can’t spend unlimited money on IC, so it’s a cost benefit.





2. Control risk (client) – risk that martial misstatements will occur, and while client HAS internal control in place that are supposed to stop it, but they do not work effectively.

3. Detection risk (auditor) – risk that auditor, in the course of doing his own testing, will fail to detect martial misstatements.

(The first 2 are on the shoulders of the client; 3rd is on the shoulders of auditor):

¨Client’s risks must have inverse relation to auditor’s risks:

If client’s and auditor’s risks are both high, no one will find mistakes, and the audit will be ineffective: financials will be misstated.

If client’s and auditor’s risks are both low, both will find mistakes, and the audit will be inefficient: the cost of auditing will be higher than it should be.

Ïf client’s (inherent or control) risks are high (at the maximum, i.e. client’s controls are not trustworthy, not reliable), auditor better make sure his own detection risks are low:

How? By doing more of substantive testing (that substantiates the numbers, prove the numbers are right), and closer to the balance sheet date.

(Doing substantive testing in middle of the year is relevant only when auditor can do a projection of those numbers tested, without having to test more, but a projection can be done only if client’s numbers are trustworthy, if they have a rock-solid internal system. But if their IC is unreliable, then there’s no purpose to it, and the auditor is better off doing the testing close to year-end.)

Ïf client’s (inherent or control) risks are low (below the maximum, i.e. client’s controls are trustworthy and reliable based on the auditors test of controls), the auditor has an easier job: he can allow his own detection risk a little latitude (to have the flexibility of being high).

How? By doing less substantive testing, and away from the balance sheet date.

CPA firms love doing interim testing because it makes good staff utilization.

Communicating with predecessor auditor and prerequisites of accepting new client

Äuditor cannot accept a new client without first communicating with the predecessor auditor.

¨However, in order to communicate with predecessor auditor, he must first get client’s permission.

¨Successor initiates the communication (he has to get in touch with the predecessor auditor).

Ünder the standards of perfection, predecessor is expected to respond fully and promptly

¨Prior to accepting the new client, successor wants to know 4 things:

1) Why, does the predecessor think, there was a change

2) About the integrity of the client’s management

3) To see predecessor’s written communication about audit committee

4) Any disagreements with client regarding GAAP, GAAS, or law

Ïf successor is satisfied with the answers he gets and accepts client, there are still another 3 things he would ask the predecessor auditor:

1) To see predecessor auditor’s work papers (technical stuff: money, budget, not administrative stuff: to get an idea on how to approach)

2) If there’s anything that took an unexpectedly long period of time to audit, (i.e., A/R took too long, maybe no confirmations came back)

3) If there are any areas in the accounting system that had problems.

¨When having a new client, as opposed to a recurring client, the following must be done besides what was mentioned above:

1) Establish opening balances (since successor didn’t audit last year’s financials). If predecessor is reputable, the successor can rely on predecessor’s audit and client’s financials.

2) Gather together permanent files (contracts, loan agreements, leases, chart of accounts, organization charts, etc.) to see if there’s anything in them that’s relevant to this year. Successor should get predecessor’s work papers, read them, and highlight data that’s relevant to this year; (it may take lots of auditor’s private time – it is pajama work).

3) Document in work papers that auditor’s own firm standards were followed.

¨Firms do all kinds of analyses on the client, among them:

1) Business risk analysis (to find out the likelihood of getting paid)

2) Legal analysis (to find out the likelihood of ending up in court)

Äuditor cannot accept an engagement unless he reaches an understanding with the client (on what is agreed upon in advance).

In a SOX audit – this understanding must be in writing in what is called an “engagement letter.”

In a non-SOX audit, an engagement letter is highly recommended by GAAS but not required. Auditor can get an oral understanding and document it in the work papers. (It would be really stupid, though, not to have a written engagement letter.)

¨What’s found in an engagement letter?

Fees (how much…)

Timing (start, finish, when auditor will be there, when he’ll come back, etc.)

Documentation preparation (what auditor needs from client to get prepared)

Use of specialists

Use of internal auditors

The fact that auditor is here to give an opinion on the financials but that client is ultimately responsible for financials and his internal control

Understanding as to whether other parties would see the auditor’s work papers (auditor will make copies of his originals).

Also, auditor will ask client for indemnification (reimbursement for legal fees) should they end up in court, should they need to hire lawyers, (especially in these daunting times).

Three fieldwork stages:

1) Planning

2) Internal control

3) Evidence

Planning the engagement

Planning the engagement is divided up into 3 sections:

I – Planning within own CPA firm:

(Before going after the client, before even talking to anybody, before pulling documents, auditor must do internal planning)

1) Get a staff together (staffing the job)

2) Set up time budgets for completing each section

3) Research (new) GAAP, GAAS, or law as it pertains to the client

4) Review prior year’s work papers (either own or predecessor’s)

5) Come up with a preliminary audit program (a book that states all audit procedures that auditor needs to do to complete the audit; after the audit, auditor must come back to the office and sign off on everything he’s done).

6) Come up with planned level of control risks (trustworthiness of IC)

7) Come up with planned level of materiality

8) Coordinate with other departments within own CPA firm (such as tax department, since they need to do the tax return and auditor needs to know by when they need the numbers in order to do the tax return properly)

II – Planning with the client:

1) Document preparation (what auditor needs client to have ready for him), including lead schedules

(Lead schedule is a detail of each financial statement line, for example:

Inventory

Raw materials

Work in process

Finished goods

Supplies

If client prepares it for the auditor, it would reduce the time and effort of performing the audit, and it will cost the client less.

2) Fees

3) Need for a management rep letter

4) Potential use of internal auditors

5) Potential for auditor’s work papers to be seen by third parties (banks, lenders, stockholders)

6) Potential for auditors to be indemnified (compensated) for legal fees should they end up in court

7) Fact that client is responsible for own financials and internal control

III – Planning with third parties:

This is getting people and information that will help to plan and do the audit. This is not just talking to other people (violating confidentiality).

1) Predecessor auditor (who did last year’s audit)

2) Other auditors (who help with this year’s audit)

For example, auditors of another accounting firm in a distant place near a distant subsidiary of the client would audit that branch on auditor’s behalf. It doesn’t matter how big or small the firm is, as long as it’s reputable.

Once auditor relies on another firm, all he needs to do is make reference to the other firm in his the report, and whatever happens, auditor is free, and the other firm is responsible. So doing so divides up the responsibility.

3) Service organizations (that process significant accounting transactions on behalf of the client, such as a company who does payroll, APD).

Since ADP does the client’s payroll, ADP’s internal control becomes part of client’s internal control, so auditor must plan with the auditors of ADP to see what’s going on.

Auditor must get two reports on ADP’s internal control: one will report whether or not they understand ADP’s internal control, and one will report whether or not ADP’s internal control is effective.

4) SEC (if client is a public company)

6) Lawyers

7) Specialists (such as appraisers)

For example: client is listing precious stones at $1 million, so a gemologist would come and test that these stones are really worth $1 million. Another example: testing impairment of goodwill requires a professional business broker to evaluate of the business as a whole and of each individual asset.

Back to Articles »

advertisements




Home About


Store


EDIT PROFILE »


Article Student Audit Notes--Audit Enagement

Internal auditor (IA) (auditor who’s on the client’s payroll)

Ïn order to utilize internal auditor during engagement, external auditor must be comfortable with both his objectivity and his competency.

¨Measuring objectivity:

Major way: to see if internal auditor reports to high-level management (such as audit committee (better) or board of directors), since one who reports straight to high-level is not afraid to open his mouth.

Another way: to see if internal auditor is a member of the Institute of Internal Auditors (IIA), since they have a code of professional conduct part of which requires being objective.

¨ Measuring competency:

Look at the internal auditor’s education, experience, licensing.

Look at the internal auditor’s audit programs and work papers.

Test some of the internal auditor’s work done and redo it to see if it comes up with the same results.

Önce external auditor is comfortable with IA’s objectivity and competency, and he decides to use him,



IA may help the auditor in all three stages of the audit: planning stage, internal control stage, and evidence stage.

However, be careful not to assign the IA work that requires a great deal of auditors’ professional judgment (APJ):

IA can do bank reconciliation, fixed assets, help in inventory count

IA cannot do related property transfers, intangibles, contingent liabilities, etc.

Önce external auditor decides to use the IA, he must treat the IA as part of his staff: have periodic meetings with IA, supervise IA, and review IA’s work on a timely basis.

Specialists – people who possess specialized knowledge that auditor simply does not have (e.g., appraisers, attorneys, actuaries, other accountants, etc.)

(Specialist should not be a relative of the auditor, and he shouldn’t be the same person the client uses.)

Ïf specialist concludes with same numbers as the client’s, that’s good!

Ïf specialist concludes with materially different numbers from the client’s, bring a second specialist to give a second opinion.

Ïf second specialist agrees with first specialist, client must book an adjustment; otherwise there will be a material misstatement.

If client refuses, auditor gives a qualified or adverse opinion (depending on the materiality of the misstatement).

Ïf second specialist concludes with materially different numbers from first specialist’s number, which is different from client’s number (so everyone has different numbers, and there’s no consistent answer, so auditor is unable to gather evidence regarding this item):

Auditor gives either a qualified opinion (if there’s a material misstatement) or a disclaimer of opinion (if there’s a highly material misstatement).

¨Qualified opinions are given for one of two reasons:

GAAP problem – client refuses to fix a misstatement.

For GAAP issues, opinion is either qualified or adverse

GAAS problem – auditor can’t get evidence.

For GAAS issues, opinion is either qualified or disclaimer

Ïs specialist mentioned in the report?

Yes, if both the following are present:

1) Auditor is modifying the report because of findings of the specialist.

2) Auditor feels that mentioning the specialist will help the reader better understand what’s going on.

Materiality:

In the scope paragraph of the audit report it says that the purpose of an audit is to provide reasonable assurance that the financial statements are free of material misstatements. So what is materiality?

¨The level of materiality is entity determined – what’s material for one entity is not necessarily material for another entity. (After all, for a co. with a $10-million balance sheet, a $10,000 mistake is a “freckle,” but for a co. with a $100,000 balance sheet, a $10,000 mistake is most likely significant.)

¨The concept of materiality (planning the materiality level for a client) is a rolling process (one of the most annoying things in auditing):

The auditor plans a level of materiality based on his experience with and trust in the client, and his audit adheres to that plan. (He may set the materiality level to a high number.) But, after doing (all or most of) the audit and using that planned level, the auditor suddenly discovers fraudulent activity being done at the client, causing him to lose trust in the client. The auditor has to do more testing and set the materiality level to a lower number so that he do more work.

He may have to look back at everything he’s done to see, in retrospect, if he were to redo the audit all over again, if his material level would have been enough. (Maybe it wasn’t enough to check 20 invoices; maybe he should have checked 60.) He may have to change everything he’s done to catch up.

¨First, materiality is looked at from the “financial statement level” perspective (looking at each financial statement as a whole).

For example, looking at the financial statements, it is decided that: $30,000 is material for the balance sheet, $20,000 for the cash flow statement, $10,000 for the income statement. And this is the auditor’s planned materiality, based on previous years’ experience and the comfort level of client’s IC.

May the auditor conduct his audit using three different levels?

Suppose he does that, and he found (cumulatively) $18,000 of mistake(s) on the balance sheet – that is immaterial for the balance sheet. So he ignores it with the ever popular “pass, further audit work.”

The problem is that every mistake in the balance sheet has a sister on the income statement. Every asset that is overstated on the balance sheet will lead to an overstatement on the income statement.

Yet it is ignored because $18,000 is immaterial to the balance sheet. But meanwhile, the sister of this $18,000 is a misstatement on the income statement, and $18,000 is material to the income statement (as it’s more than $1,000), and yet the auditor bypasses it!

To avoid this, the rule in auditing is to use for all financial statements the smallest dollar amount in any one of them.

So since $10,000 is the smallest one, the materiality level for all the financial statements will be $10,000. It’s better safe than sorry.

¨Next is the “account balance level” perspective. Each component of a financial statement that adds up to the total is also a component of the materiality level.

Continuing our example, auditor considers anything over 10,000 to be material, even on the balance sheet. Now he’s auditing A/R, and A/R represents 10% of assets (10% of the balance sheet). Since 10% of $10,000 is $1,000, auditor decides that he will audit any A/R that’s $1,000 or more, and he’ll send out confirmations to those customers.

(As a preview, the #1 way to audit A/R, auditor sends out an A/R confirmation, a letter to the customer stating, “This is what our records show that you owe us; please confirm back to us whether it’s true or not.” If success ratio is low, he’ll have to do an alternative analysis.)

What if each item by itself is immaterial?

Suppose the client doesn’t have any customers who owe $1,000, but hundreds of customers who owe $80, $100, $120, etc., nickel-and-dime customers! (Each item by itself is immaterial, but in the aggregate, the A/R balance may be material.)

An auditor is allowed to deviate from his plan and employ his APJ (auditor’s professional judgment) and modify the approach.

So in our example, for that particular account, since he’s not comfortable otherwise, he’ll drop the materiality level just for A/R to ensure that he tests enough items to be comfortable.

¨ The auditor should have one of his staff go through each page of his work papers and write down, on a separate piece of paper, with a reference of every page on which the auditor wrote, “No problem; difference is immaterial.” And he should add them all up, because all those immaterial differences, in the aggregate, may also be material. Then the auditor should have the client make an adjustment for the aggregate difference.

¨These immaterial differences happen when testing samples out of a bunch of different items (e.g. 10 of 100) and projecting the misstatements.

For example, auditor adds up all the bills of utilities expense for six months and finds a $5 misstatement. Auditor says to himself, “If I looked at 10 items and they’re off by $5, then if I would have looked at all 100 items are off by $50. Adding up results of such tests may, in aggregate, result in a material misstatement.

¨The auditor will have the client make an adjustment in some sort of made up account (such as Miscellaneous Expense); it doesn’t matter which account as long as the financial statement ends up being fairly stated, (and as long as the account, in itself, due to being wrong, has no impact on any ratio and is not misleading to the reader).

¨Many CFO’s and controllers make phony entries, from a conservatism perspective, just to offset any misstatements that the auditor may come up with. This account (Misc. or Other Expenses or Losses) is called a cushion account. This is good if client wants to be conservative, not if the client wants to overstate expenses for reasons such as tax purposes. There is potential fraud, but it can be detected by seeing how big the number is.

Ëven when there are enough material items to test, auditor should always test a handful of small-number documents to see if client is doing fraud “below the radar” (by making numerous misstatements below the immateriality level). And if he is, oy vay! it changes everything the auditor has done with everything else in the audit – it’s a whole rolling process.

Analytical procedures (AP) – The search for plausible and predictable relationships between:

–financial data and other financial data (such as net income to net sales)

NOTE: All financial statement ratios are considered a type of AP)

–financial data and non-financial data (such as net sales to square footage of selling space) which gives a reasonable explanation for changes etc.

¨The thought process is that once these relationships exist, they will continue to exist in the future.

¨When to use analytical procedures:

1) Planning stage – AP must be used in the planning stage of the audit according to GAAS.

¨Procedure of AP in the planning stage:

a) Auditor comes to client Aug. or Sept. ’08 after the client prepared the first half of the year’s records (actual numbers) for the auditor.

b) The auditor takes these half-year numbers and projects the numbers for the next half year to see what they would look like at yearend. Auditor uses historical trends of the business (whether it does business all year round, seasonally, or at heavy holiday times, etc.), and he will project the numbers accordingly: he’ll either double the numbers or multiply them by different multiples.

c) Auditor then compares the projected numbers of ’08 to the actual numbers of ’07. That will set the stage for the audit evidence that the auditor will need to gather, and what he needs to do (not to paskan any numbers from the records).

Auditor is looking for 2 things to set the stage the need of auditing:

1) for unusual fluctuation (such as sales revenue going up by 400%)

2) for anything that is new (such as 250,000 of relocation expense)

Having everything prepared for the auditor to project will help get the audit done quicker, avoid the busy season, and make it for the SEC deadline in May.

2) Internal control – never use AP to test internal control.

AP is about numbers, dollar amounts.

IC is about attributes, traits, not about dollar amounts. Meaning that if a control is not carried out on a $1 transaction, it is equally as bad as not carrying it out on a $100,000 transaction. A mistake is a mistake is a mistake – regardless of the dollar amount involved. So since IC doesn’t deal with dollar amounts, there’s no use for analytical procedures for IC

3) Substantive testing – AP may be used as a substantive test.

ÄP is best be served (used) as a substantive test in 3 environments:

1) To test the income statement items, since the income statement is for a period of time, not as of a moment in time, so it’s easier to get a proportion and a projection thereof, (unlike the balance sheet, which is a snap shot as of a certain moment in time).

2) In a stable economic environment, since items on the income statement remain stable, and it would make sense to project them.

But in an unstable economy, the numbers are volatile because certain revenues, expenses, prices, interest rates, etc. fluctuate according to the economy, (example: gas expense); that makes it difficult to use analytics (project numbers), in which case there is no choice but to audit each statement regarding each component of the income statement in order to come up with the numbers.

3) Only works in the face of strong internal control, but if IC is no good, AP would be useless, since auditor cant rely on the numbers.

Example: Auditor audits 9 months of telephone expense, and it’s $90,000, and there’s strong IC over telephone expense and its recording. At yearend, auditor comes back to find that they’re reporting $122,000 for 12 months. Now one would expect that if for 9 months they reported $90,000, then for 12 months they should report $120,000. But they’re reporting $122,000, which is better because it’s $2,000 more of expenses (not less), so the auditor would say, “amount is reasonable; pass; further audit work; done.”

4) Overall review stage – AP must be used in the overall review stage.

¨The overall review stage (also called post-balance-sheet report – PBSR) is at the end of an audit, when the auditor has the final numbers of that year, and there’s nothing left to predict because everything is done; everything is closed out. The auditor puts together a 4-column schedule looking like this:

Last year’s ending numbers

This year’s ending numbers

Difference in dollars Difference in percentage

Äs an auditor, he would set a scope, saying: anything that changed by more than (for example) $10,000 and more than 10%, he will look into. (The 10% number is pretty steady, but the dollar amount number will differ, depending on the client.)

–If something that went up from $1 to $2, it went up 100% but not more than $10,000.

–If something that went up from $1,100,000 to $1,120,000, it went up more than $10,000 but not more than 10%.

(So this scope avoids nickel and dime changes).

¨This is the auditor’s last chance to do 2 things:

1) To make sure that he gathered all the evidence regarding the items he identified in the planning stage of the audit that needed testing and evidence gathering.

2) To make sure that he didn’t completely miss anything. (This maybe even more important; the unfortunate result of missing something is that the auditor will have to do more audit testing, just when he thinks he’s all done.)

Änalytical procedures include:

1) All financial statement ratios

2) The following comparisons (to find out why there are major differences):

a) Comparing this year’s ending numbers to last year’s ending numbers (which is done in the overall review stage)

b) Comparing auditor’s numbers to numbers of other companies in the same industry. (If the entire industry is doing poorly, why is client, who’s in the same industry, doing so well?)

(This information can be obtained from auditors of other companies; there’s professional courtesy between auditors.)

c) Comparing budgeted numbers to actual numbers

¨Major differences between the components in these three comparisons don’t mean that client is doing fraudulent activities. They just “raise flags” for which questions need to be asked, and if CFO or CEO has no good explanation, the auditor gets suspicious.

¨There may be reasonable explanations, (including what techniques or skills the client has that others don’t have, etc.).

¨But, there may be potential deception and some insight to fraud, yet, at the end of the day, the auditor is focusing only on the here and the now. So, from an auditor’s selfish prospective, if this year’s is conservative, even though there could be some devious, diabolical plan for the future, he’ll be happy just to sign off and leave; and in the future, if there was sincere premeditation in doing it, he’ll look into it; but right now, there are SEC deadlines, so he has to sign off.

Back to Articles »

advertisements





Home About


Store


EDIT PROFILE »


Article Student Audit Notes--Audit Engagement Analytical Procedures

Analytical procedures (AP) – The search for plausible and predictable relationships between:

–financial data and other financial data (such as net income to net sales)

NOTE: All financial statement ratios are considered a type of AP)

–financial data and non-financial data (such as net sales to square footage of selling space) which gives a reasonable explanation for changes etc.

¨The thought process is that once these relationships exist, they will continue to exist in the future.

¨When to use analytical procedures:

1) Planning stage – AP must be used in the planning stage of the audit according to GAAS.

¨Procedure of AP in the planning stage:

a) Auditor comes to client Aug. or Sept. ’08 after the client prepared the first half of the year’s records (actual numbers) for the auditor.

b) The auditor takes these half-year numbers and projects the numbers for the next half year to see what they would look like at yearend. Auditor uses historical trends of the business (whether it does business all year round, seasonally, or at heavy holiday times, etc.), and he will project the numbers accordingly: he’ll either double the numbers or multiply them by different multiples.

c) Auditor then compares the projected numbers of ’08 to the actual numbers of ’07. That will set the stage for the audit evidence that the auditor will need to gather, and what he needs to do (not to paskan any numbers from the records).

Auditor is looking for 2 things to set the stage the need of auditing:


1) for unusual fluctuation (such as sales revenue going up by 400%)

2) for anything that is new (such as 250,000 of relocation expense)

Having everything prepared for the auditor to project will help get the audit done quicker, avoid the busy season, and make it for the SEC deadline in May.

2) Internal control – never use AP to test internal control.

AP is about numbers, dollar amounts.

IC is about attributes, traits, not about dollar amounts. Meaning that if a control is not carried out on a $1 transaction, it is equally as bad as not carrying it out on a $100,000 transaction. A mistake is a mistake is a mistake – regardless of the dollar amount involved. So since IC doesn’t deal with dollar amounts, there’s no use for analytical procedures for IC

3) Substantive testing – AP may be used as a substantive test.

ÄP is best be served (used) as a substantive test in 3 environments:

1) To test the income statement items, since the income statement is for a period of time, not as of a moment in time, so it’s easier to get a proportion and a projection thereof, (unlike the balance sheet, which is a snap shot as of a certain moment in time).

2) In a stable economic environment, since items on the income statement remain stable, and it would make sense to project them.

But in an unstable economy, the numbers are volatile because certain revenues, expenses, prices, interest rates, etc. fluctuate according to the economy, (example: gas expense); that makes it difficult to use analytics (project numbers), in which case there is no choice but to audit each statement regarding each component of the income statement in order to come up with the numbers.

3) Only works in the face of strong internal control, but if IC is no good, AP would be useless, since auditor cant rely on the numbers.

Example: Auditor audits 9 months of telephone expense, and it’s $90,000, and there’s strong IC over telephone expense and its recording. At yearend, auditor comes back to find that they’re reporting $122,000 for 12 months. Now one would expect that if for 9 months they reported $90,000, then for 12 months they should report $120,000. But they’re reporting $122,000, which is better because it’s $2,000 more of expenses (not less), so the auditor would say, “amount is reasonable; pass; further audit work; done.”

4) Overall review stage – AP must be used in the overall review stage.

¨The overall review stage (also called post-balance-sheet report – PBSR) is at the end of an audit, when the auditor has the final numbers of that year, and there’s nothing left to predict because everything is done; everything is closed out. The auditor puts together a 4-column schedule looking like this:

Last year’s ending numbers

This year’s ending numbers

Difference in dollars Difference in percentage

Äs an auditor, he would set a scope, saying: anything that changed by more than (for example) $10,000 and more than 10%, he will look into. (The 10% number is pretty steady, but the dollar amount number will differ, depending on the client.)

–If something that went up from $1 to $2, it went up 100% but not more than $10,000.

–If something that went up from $1,100,000 to $1,120,000, it went up more than $10,000 but not more than 10%.

(So this scope avoids nickel and dime changes).

¨This is the auditor’s last chance to do 2 things:

1) To make sure that he gathered all the evidence regarding the items he identified in the planning stage of the audit that needed testing and evidence gathering.

2) To make sure that he didn’t completely miss anything. (This maybe even more important; the unfortunate result of missing something is that the auditor will have to do more audit testing, just when he thinks he’s all done.)

Änalytical procedures include:

1) All financial statement ratios

2) The following comparisons (to find out why there are major differences):

a) Comparing this year’s ending numbers to last year’s ending numbers (which is done in the overall review stage)

b) Comparing auditor’s numbers to numbers of other companies in the same industry. (If the entire industry is doing poorly, why is client, who’s in the same industry, doing so well?)

(This information can be obtained from auditors of other companies; there’s professional courtesy between auditors.)

c) Comparing budgeted numbers to actual numbers

¨Major differences between the components in these three comparisons don’t mean that client is doing fraudulent activities. They just “raise flags” for which questions need to be asked, and if CFO or CEO has no good explanation, the auditor gets suspicious.

¨There may be reasonable explanations, (including what techniques or skills the client has that others don’t have, etc.).

¨But, there may be potential deception and some insight to fraud, yet, at the end of the day, the auditor is focusing only on the here and the now. So, from an auditor’s selfish prospective, if this year’s is conservative, even though there could be some devious, diabolical plan for the future, he’ll be happy just to sign off and leave; and in the future, if there was sincere premeditation in doing it, he’ll look into it; but right now, there are SEC deadlines, so he has to sign off.

Back to Articles »

advertisements





Home About


Store


EDIT PROFILE »


Article Student Audit Notes--Understanding Internal Control

Understanding internal control (IC):

Ünderstanding IC is gotten in the planning stage.

(Even though IC is its own phase of the audit, the understanding of IC is done in the planning stage.)

Äuditor must get an understanding of IC, and he must document that understanding, whether client is a SOX client or a non-SOX client.

(SOX client – IC must be tested; non-SOX client – IC may be tested).

Ünderstanding IC does not mean that the auditor passes judgment on the effectiveness of the client’s IC, although once the auditor gets an understanding of internal control:

–Auditor can conclude that IC is ineffective (control risk is high, and he cannot rely on it).

–Auditor cannot conclude that IC is effective (control risk is low, below the maximum, and he can rely on it and trust it).

It’s improper to conclude that it’s effective, because the only way to really conclude that it’s effective, reliable, and trustworthy is to perform a test IC, and he’s not up to that stage yet; he’s merely at the understanding of IC.

Ünderstanding IC means understanding the design, implementation, and knowledge of internal control.

Implementation is when auditor checks one time on what IC implements, to see if the implementation exists and is not a phony, (but not for 99 out of 100 times – that’s testing, not implementing).

For example If Marry was supposed to stamp the invoices “paid in full” and filed it away, auditor wants to see her do it one time; then if I want to rely on it, I’ll come back and see if Marry does it 99 out of 100 times, and then I can trust that invoices are not paid twice.


¨4 ways to document the understanding of IC (from most popular to least):

1) Internal control memorandum (IC memo) – a narrative description (story) of how IC works. The memo is written by the auditor, it passes from audit to audit and is updated in each audit.

2) Flow chart – a pictorial description: the use of universally accepted symbols that show, in picture format, how the IC of company flows.

3) IC questionnaire – a series of yes or no questions, and it’s set up in such a manner that:

–If the answers are “yes,” it means that IC is good.

–If the answer is “no,” it means that IC is bad, and there’s a follow-up comment section for every answer “no” for an explanation.

Auditor interviews client and fills in answers as the client speaks.

4) Decision tree – a series of questions whose answers lead to other questions: if yes, here’s another question; if no, here’s another question, and so on. (This resembles a family tree in which each question may have a “great-grandchild” at the bottom. It’s hardly used anymore nowadays, due to the trouble of reading and understanding it.)

Different firms use different documentations based on how they feel about them.

Internal Control

ÏC is where the employees of a company should be able to detect errors and problems in the course of doing their day-to-day functions.

Ä good IC should not have to go out of their way to find things; they should be able to do their routine jobs, and it should be set up in such a way that they could find things while doing their jobs.

ÏCs relate to three areas (the ICs watch over three things):

1) Reliable financial reporting

2) Compliance with laws and regulations

3) Efficient and effective operations

¨The auditor cares only about the first two because auditor cares only about IC that relates to financial statement assertions (PERCV), not about operations. He doesn’t care if the client is wasteful and leaves the lights on all night, and his electric bill is 30% higher than it should be; he doesn’t care so long as the bill, when it comes in, is properly recorded.

ÏC has 5 interrelated components (that make up the first two areas listed above). Remember that IC is all about the client. To get an understanding of internal control the auditor must examine, interview, and inquire about the following:

1) Control environment:

How much does client care about IC?

Does client have good HR (human recourse) policies?

Do employees get suspended or fired or docked for violations?

Are there competent people who oversee it?

Does the board of directors get involved hands-on?

Tone, at the top: The top of company sets the tone for how people behave (tone = care attitude). If they’re not serious about their IC, then no one else will care about it.

2) Control activities:

A – Segregation of duties:

Do not have one person perform two incompatible functions, which usually are custodial and record keeping. Those two must be kept separate.

We don’t want to give the ability to perpetrate and conceal.

For example: If the person who receives the merchandise is the same person who records it, he has the ability to steal it and to hide the fact that he stole it. Rather, one should count it, and another should record it.

At the end of the day, any internal control system can be easily circumvented with collusion, but there are even ways to fight collusion.

That’s why many companies mandate that employees take vacation, or administer job rotation, so that someone else can assume the role of the other employee and see if any pattern of something going on is broken. This is one way to stop potential collusion.

Unfortunately IC is a cost/benefit relation, and money is an issue. Many times a company does not have the money to appoint the number of workers to have segregation of duties. Cost vs. benefit is not only in reference to revenues and expenses; it is also in reference to how much the audit will cost.

B – Physical control over assets:

Make sure that only authorized people have access to assets.

(If you give everybody a key, why lock the door?)

The auditor’s concern with poor custody is that the client may list assets that he thinks he owns, but in fact he doesn’t because it may have been easily stolen. That’s misappropriation of assets (defalcation), and indirectly it misstates the financials.

C – Information systems:

Make sure all transactions carried out and recorded are properly authorized. The auditor’s concern is that when unauthorized transactions take place, there is an “existence” issue: when the transactions are not authorized, anything that was bought with these transactions must be returned.

Also, the auditor’s concern is about general authorization: access to accounting system: no unauthorized person should be able to get into the accounting system and make changes and commit white-collar crime (embezzlement).

D – Performance reviews:

Does client investigate variances between budgeted and actual numbers? Does he care to follow up on things, or does he ignore the fact that his expenses were 50% more?

(This, by the way, becomes an environment issue.)

Write-offs of assets, investments, and receivables – does the client’s have a policy in place to follow up on it? Maybe there is a recovery, maybe the market value of the investment went up, and maybe the receivable has become collectible.

3) Risk Assessment (management risk)

What does client do to assess and handle risk that financial statements might be materially misstated?

Does the client have an audit committee in place, do they have competency with regard to accounting, auditing, and financial statements?

Does the client have internal auditors on staff (on payroll) whose job all year is to stay on top of the preparation of books, records, worksheets, and financial statements, and to test them, no different than what an external auditor would do?

4) Information and communication

How does the client communicate IC to his employees: how does he teach them; how does he train them?

Remember that IC is only as good as the employees who carry them out. So how does the client “bring them up to speed” (to educate them)? Does he give them huge training manuals (which probably never came out of the plastic), does he give them former education in classrooms, does he have role-play, does he have on-the-job training, etc.?

5) Monitoring

An IC structure is only worth something if being watched, and the one who is watching is ready with corrective action.

If a control is just not working, one should not just sit back and let it continue to be ineffective; rather, one should make changes. So does the client have contingency plans in place? When plan A doesn’t work on a control, is there a plan B? And if there is a plan B, does the client implement it timely?

Äll this is from the client’s perspective.

¨The auditor does the following concerning internal control:

(OATS: Obtain Assessment Test Substantive):

O – Obtain and document an understanding of internal control.

This must be done – nonnegotiable – whether SOX or non-SOX; whether he plans testing IC or not; whether he must test or may choose not to.

A – Assessment: a preliminary assessment of internal controls based on understanding of internal control.

For a non-SOX client, the auditor may come to a final conclusion based on the understanding of the design of IC only that IC is bad, and that he won’t rely on it, and hence he won’t test it. [This may be for a particular control; it doesn’t have to be for all the controls.] He’ll just have to do more substantive testing to find the errors himself, since he doesn’t rely on the client’s controls to find the errors.

But the auditor may not come to a final conclusion if IC is good just based on his understanding of IC; to conclude that IC is good, he must test IC.

(In a non-SOX audit, the auditor may end up mot doing any testing of IC at all, maybe only substantive testing.)

In a SOX audit, he must anyway test IC, but maybe not as much

T – Test of internal control. In a SOX audit it’s a must; in a non-SOX audit, only if the preliminary assessment is below the maximum.

S – Substantive: effects on substantive testing

If control risk is Then the auditor’s detection riskhigh better be low

To make it low to balance out the risk, he must do more substantive testing closer to the balance sheet date

low (based on *testing, not just based on understanding)

may be given some latitude

he may do less substantive testing

and interim testing (maybe even a lot of it)* Testing means that the auditor pulled 100 checks over $10,000 and 99 of them had two

signatures; he pulled 100 invoices that were paid and 98 of them were stamped “paid in full”. Based on this work, the auditor concluded that control risk is low, not based on a preliminary assessment.

Report on Significant Deficiencies and Material Weaknesses of IC

The report will apply only to a non-SOX audit, because in a SOX audit the auditor must test IC and issue a separate report (opinion) on the effectiveness of IC.

¨Before understanding what this report is about, 3 terms must be defined:

1) Deficiency in IC – weakness that is less than remote to happen and its impact on the financials is less than material

2) Significant deficiency (SD) – weakness that is more than remote to happen, but its impact on the financial statements is less than material

3) Material weakness (MW) – weakness that is more than remote to happen, and its impact on the financial statements is more than material

¨The third one (MW) affects the assessment of control risk and may change the manner in which the auditor plans to audit.

Because if he thought IC is good, then he may have gone in the direction of doing tests of controls; but if he finds material weaknesses, then he won’t rely on IC, and he’ll do more substantive testing. He may also find that IC is more trustworthy and decide to utilize the trustworthiness in a manner that impacts his substantive testing. (Again, this topic is not relevant in SOX because in SOX testing control is a must, not an option.)

¨There is no report if there are only deficiencies, and especially if the auditor finds nothing wrong.

General rule for auditors: Never tell anybody that you didn’t find anything. If you simply didn’t find anything, then just keep quiet. Saying that you found nothing might imply that you did a lot of work, and it may confuse the reader. If you give no report at all, that’s not going to happen. So the report is only on SD and MW.

¨The report is generally done at the end of the audit. But if the client is going to be upset, because the auditor has information about his IC that the client feels he can really use now (GAAS: if warranted), it may be done in middle of the audit.

¨The report is generally done in writing, but it does not have to be in writing, although it’s foolish not to have it done in writing. Even if it’s done orally, it will have to be documented in the auditor’s work papers.

PARAGRAPH 1: We are here to do an audit, which is to express an opinion on the financial statements and not to give an opinion on internal control. (Proceed to give definitions of SD and MW. Usually there’s a separate paragraph for each item.)

Then write as many paragraphs needed to list out all the SDs and MWs.

New – Whatever is a SD, it should say, “”This is a significant efficiency." Whatever is a MW, it should say, “This is a material weakness.”

END OF REPORT: This report is restricted. (This report is solely intended for use by management and may not be distributed in any other manner.)

This means that this report may be seen only internally by management; it is not permitted to have this report sent away as an annual report to shareholders.

General Rule: Any communication that is called a “byproduct of the audit” is restricted.

¨Hopefully, management will use this report to correct the situation.

Summary of Documentation Requirements:

Älways document the understanding of IC.

Ïf the auditor goes ahead and assesses the risk of internal control(s) at the maximum, all he needs to document is: “We are assessing control risk over (whatever) at the maximum.” No need for stating the reasons.

When auditor says, “I don’t trust IC, he doesn’t have to give the reasons. The courts care only about whether or not the audit was done right. (Were you effective? And if not, were you in breach, standard contract negligence, fraud, etc.?) They don’t care about the profits made in doing it right (efficiency).

Ïf the auditor assesses internal control risk below the maximum (for which the only way he may do so is by testing of those internal controls), he also must state the reasons for assessing controls below the maximum.

Rule, the more the auditor wants to trust IC, the lower he wants that risk to be, the more tests of controls he needs to do. He can’t say that he’s going to rely on a control just by understanding of it.

¨Reasons that the auditor would assess IC risk below the maximum:

Tests of control done by the auditor

Auditor shows references to his work papers:

(T of C work paper 1-A 1-B 1-C)

For example, if the auditor tests payroll and “beat up” the controls on it, which in turn will mean that he won’t have to do so much work on payroll because he knows it has good control, then he will document all those papers where he did tests of control on payroll.

While every firm has its own quantitative way of testing control (based on statistics), it’s always OK to do it in a qualitative way, using the terms “maximum, minimum, and moderate.”

¨Three reasons that the auditor would assess IC risk at the maximum:

1) Control is operational (for which auditor doesn’t care, see above).

2) Based on his understanding, the controls are awful.

3) Control does pertain to an assertion, and it could be effective, but it’s not worth testing it.

The whole purpose of testing IC is to determine the N.E.T. (nature extent and timing) of substantive testing; there’s a cost/benefit issue: the auditor will not spend 3 hours testing internal control over payroll when it will save him only 1 hour of substantive testing.

¨Since there is no responsibility under GAAS of testing control in non-SOX, why would the auditor test controls? He feels that it will help him reduce the level of substantive testing:

Nature – instead of “killing it to death” maybe all he’ll have to do is talk to management.

Extent – the amount of internal control may be reduced.

Timing – maybe he’ll move the substantive testing to interim.

Äuditors have a preliminary risk assessment for each client, but this may change because the people who were doing IC before may have been replaced with others who may not be as effective. So the preliminary risk is not necessarily going to be the conclusory risk. Auditing is a flowing process.

Back to Articles »

advertisements


Home About


Store


EDIT PROFILE »


Article





Student Audit Notes--Attestation and Testing Engagements

Attestation Engagements on Client’s I.C.

Äs mentioned, in a non-SOX audit the auditor assesses the SDs and MWs, but he doesn’t give an opinion on IC. But what if, in a non-SOX audit, management or shareholders or some outside body (such as a bank who is going to lend the client money) wants a report (an opinion) done on internal control? Here’s where an attestation engagement is done.

Ïn an attestation engagement, the auditor takes off his auditor’s hat and puts on his accountant’s hat.

(CPA audit exam: if the exam calls him an auditor, it’s a question about audit, but if it calls him a CPA, an accountant, a practitioner, or a professional, or any non-audit term, it’s not a question about audit, and anything in that question about audit may be ignored.)

An accountant may be hired to do an attestation separate from the audit, and unlike SOX, he needs not worry about doing an audit and one of the ten “deadly sins”; in fact, the auditor of a non-SOX audit is allowed to do the audit and do one of the ten tings not allowed in a SOX audit (seed above), as long as the auditor is independent.

(In a SOX audit all this is irrelevant: why would the client hire an accountant to test IC if it must be tested anyway?)

¨There are two ways to handle an attestation engagement:

1) Examination – this is similar to an audit in that it leads to an opinion, but the amount of work is much less.

2) Agreed-upon procedures

Ïn order to accept an attestation engagement, on IC or any area, four conditions must be satisfied:

1) Client gives the accountant a written assertion on his IC.

2) In this written assertion, the client accepts responsibility for his IC.

3) In this written assertion, the client evaluates his IC, using reasonable and unbiased criteria (not just because he says so).

For example: “We believe that our internal control over payroll is effective because it’s modeled after a suggested model by the Securities and Exchange Commission (or by the AICPA or by the Institute of Internal Auditors)”

4) Accountant must believe that there’s sufficient evidence to gather.

¨There are two styles to approach an attestation engagement; the way it’s approached will have an impact on the report. The client chooses which one of the two ways to approach it:

1) Report on client’s assertion on IC. (The report mentions that it’s management’s assertion). The accountant’s report is a general-use document, and everyone may see it.

2) Report directly on the subject matter – IC. (The report does not mention that it’s management’s assertion on IC). The accountant’s report is a limited-use document: it may be seen only by the client.

¨The report will have an inherent limitations paragraph: “What we conclude today, because conditions may change, may not be true in the future.”

¨There are four steps in the attestation engagement (POTO):

P – Planning the engagement

O – Obtaining understanding of IC

T – Testing IC

O – Opinion or Conclusion about IC

Ïn an attestation engagement, the test of internal control may be much more in scope than in a SOX audit, because in a SOX audit the test of IC is only in order to rely on it; but in an attestation engagement, IC must be tested enough to give an opinion on IC.

Testing IC in Auditing

Ïf another accountant tested IC, and there was a public report on IC, the auditor – for his own audit – may rely on other accountant’s work, but he must judge who’s doing the report, his reputation, his standing in the business community; he must be more intimate with what went into this job. In an examination, this may be O.K. because it is very thorough, so depending on the accountant and the firm who did the test that’s how much the auditor will rely on it. But in agreed-upon procedures, the fundamental aspect is who comes up with these procedures, so the auditor would be lest trusting to the other accountant.

¨Tests of compliance, from weaker to stronger (IIOR):

I – Inquiry of management

Weakness: client may say it’s all good when it isn’t.

I – Inspection of documents (look at paperwork of transactions and see if everything was done as it was supposed to)

Weakness: client may fudge documents, etc.

O – Observation (watching employees do their work)

R – Reperformance (walking through series of performances and asking employees what they do)

The employees should know what to do on their own, and they should be able to find mistakes while doing their day-to-day routine work without having to go out of their way.

Ïf you want to rely on IC a little, do weak stuff. If you want to rely on IC strongly, which would make substantive testing less, do strong stuff.

¨Whenever doing any testing, in auditing, the auditor never looks at everything; the key to auditing is samples.

¨Suppose the auditor is testing particular control, for example, he’s looking at 100 checks, all over $100,000, and company’s control policy is that every check needs two signatures, and the auditor finds 3/100 checks have only one signature.

That is the auditor’s Sample Deviation Rate (of mistakes found) = 3%.

Every sample has a sample risk (of mistakes being found in a sample).

Äuditor builds this risk into his analysis; he sets for himself an allowance for sampling risk (cushion).

Suppose he sets this allowance at 4%. Adding the mistakes found (3%) to the cushion (4%), the result (7%) is the upper precision limit (UPL).

Allowance (cushion) at 4%

+ Sampling risk (mistakes found) 3%

= Upper precision limit (UPL) 7%

Every CPA firm has its own way of arriving at the allowance (cushion).

¨Compare the 7% to the Tolerable Rate, which is the auditor’s predetermined rate, the number of mistakes auditor can tolerate and still rely on IC:

If UPL is £ Tolerable rate, he can rely on internal control.

Control is good; he can tolerate it.

The less mistakes the more he can rely.

If UPL is > Tolerable rate, he cannot rely on control, and he assesses control risk at the maximum.

So if the tolerable rate is 7% or 8%, he can rely on internal control.

But if the tolerable rate is 6%, he cannot rely on internal control.

Notice that we’re using rates, not dollar amounts. Materiality is not an issue when testing IC; it’s the number of mistakes that’s the issue. The auditor is not counting dollars; he is counting errors, and there’s no difference if the mistake is in $1 or $10,000. An error is an error is an error. Only when doing substantive testing, materiality and dollar amounts come into play.

Service organizations:

¨Sometimes the client processes significant transactions outside the organization. (Classic example: ADP does client’s payroll accounting).

Äuditors (we) are called user auditors.

ADP’s auditors are called service auditors.

Äs mentioned earlier, regardless of whether or not client is subject to SOX, the auditor must get an understanding of IC and document the understanding.

To satisfy this responsibility, auditor should contact ADP’s auditor and get from them a report called “Controls Placed in Operation”, and this report is enough to rely on for an understanding of IC (providing that the auditors are from a reputable firm).

(Later the auditor may match up the client’s payroll records with ADP’s information to check for errors or fraud.)

¨To take this to the next level – to rely on the report for test of IC – or to meet requirements for a SOX client, the auditor needs a second report, which encompasses the first one (so only this one alone is needed); it’s called “Report of Controls Placed in Operation and Tests of Operating Effectiveness.”

That’s not just a report on understanding something; that’s a report on what the auditor did (testing) and the results he came up with, and that’s enough to satisfy SOX and to rely on the particular control.

¨The user auditor does not make any mention of the service auditor in the audit report (no mention of ADP) because the service auditor is completely not responsible at all for user auditor’s audit, so it is not right to give any implication that the service auditor is involved, and it’s forbidden to mention his name.

Back to Articles »

advertisements


Home About


Store


EDIT PROFILE »


Article Student Audit Notes--Audit Report Intro

Audit Reports

¨Recall the four reporting standards, two of which are implicit (consistency and adequacy of disclosure), and no mention of these two means everything’s OK, and two of which are explicit (expression of an opinion – the entire third paragraph of the report – as well as the use of GAAP), and they are mentioned in the report.

¨Review of the 5 opinions:

1) Unqualified, unmodified (standard audit report: only 3 paragraphs).

2) Unqualified, modified (still an unqualified opinion, but either an extra paragraph or extra language is added to the report). There are numerous reasons that can cause this.





3) Qualified (except for something happening, everything else is OK; that’s the language of a qualified opinion, called “except for” language). This can occur because of GAAP problems or GAAS problems.

4) Adverse (when there are highly material departures from GAAP for which giving a qualified opinion is just not enough). This is a strong statement that the financial statements are not fairly stated.

5) Disclaimer (no opinion at all). This happens only when there’s a highly material GAAS issue where the auditor just can’t gather the evidence he needs to give an opinion, so what he does is he gives no opinion.

For an adverse opinion, the auditor did the work from which he concluded that the financial statements are not fairly stated.

With a disclaimer, the auditor couldn’t do the work; either the client stood in the way, or there was a highly material item for which he couldn’t get evidence, so, the auditor refuses to give an opinion. It’s not interpreted as something bad; rather it’s pareve.

¨The report is supposed to mention words that the reader understands, such as “except for” in a qualified opinion, and “not fairly stated” in an adverse opinion. Similarly, it won’t use the words “scope limitation”; rather, it uses the words “unable to find” – KISS: keep it simple stupid.

¨Tajerstein’s “It’s O.K.” List:

TAJ 1: It’s O.K. to be hired to audit just one financial statement. (This is called a “limited reporting” engagement.)

Example: the company is not public, not SOX, and it doesn’t need a report on any financial statement, but it wants an audit on its cash flow statement for whatever reason.

Still the auditors need access to everything even though they’re auditing only one financial statement.

TAJ 2: It’s O.K. to express one opinion last year and a different opinion this year.

TAJ 3: It’s O.K to give one opinion on one financial statement and a different opinion on another financial statement

Example: auditor issued an unqualified opinion on the balance sheet and a qualified opinion on the income statement.

TAJ 4: It’s O.K to change the opinion given on last year.

Example: last year the client refused to capitalize a lease that deserved to be capitalized, he wanted to report it as an operating lease, and because of that, the auditor gave a qualified opinion. When the auditor came back this year to audit this year’s financials, the client informed him that he restated last year’s financials and fixed the problem with the capital lease, so now last year’s financials are exactly the way you want them to look. Now, when the auditor gives his opinion on last year, it can be an unqualified opinion.

(This will be discussed later.)

TAJ 5: It’s NOT O.K. to issue a “piece meal” opinion (reporting on an individual account)

Example: auditor gives an adverse opinion on the financial statements as a whole, but Cash is O.K. or A/R is O.K.

The reason is that the reader, looking at this report, may infer that even though it’s an adverse opinion, but Cash is O.K., maybe A/R is also O.K., maybe Inventory is also O.K., etc.

GAAS prohibits the issue of a piece meal opinion in order that the piece meal opinion to overshadow the main opinion on the financial statements as a whole.

EXCEPTION: A “piece meal” opinion will be permitted if the following 2 conditions are satisfied:

1) The item being reported on is not a “substantial portion” of the financial statements

(Substantial ¹ material; substantial is defined differently in each individual circumstance).

2) The auditor issues a second report on the individual account. This report (green light on Cash or A/R) may not be included as part of the main audit report. The main audit report is given as it’s supposed to, and then a separate report is done on the individual account.

(There are a variety of reasons for issuing such a separate report. It may not necessarily be a material issue or have anything to do with audit purposes.)

Back to Articles »

advertisements


Home About


Store


EDIT PROFILE »


Article Student Audit Notes--Unqualified Opinions





1) Unqualified, Unmodified Opinion

Review of Standard Audit Report:

Title: Independent Auditor’s Report

(Addressee) It’s addressed either Board of Directors or Shareholders, but not Management, because the shareholders are the owners, and the board runs the show, not the managers.

INTRODUCTORY or OPENING PARAGRAPH:

(It names all the financial statements: balance sheet, cash flow, statement income statement, comprehensive, etc. And it discusses the two responsibilities: how management is responsible for the financial statements, and how the auditor’s responsibility is to express an opinion on the financial statements.)

We have audited the accompanying balance sheet of ABC Incorporated as of December 31, 20XX, and the related statements of income, retained earnings, and cash flows for the year* then ended. These financial statements are the responsibility of the company’s management. Our responsibility is to express an opinion on these financial statements based on our audit.

SCOPE PARAGRAPH:

(It’s all about GAAS Lists the “big four” responsibilities of the auditor when performing the audit: for the 1amounts and disclosures, 2accounting principles, 3significant estimates, and 4overall financial statement presentation)

We conducted our audit in accordance with United States generally accepted auditing standards. Those standards require that we plan and perform the audit to obtain reasonable assurance as to whether the financial statements are free of material misstatements. An audit includes examining, on a test basis, evidence supporting the 1amounts and disclosures in the financial statements. An audit also includes assessing the 2accounting principles used and 3significant estimates made by management, as well as evaluating the 4overall financial statement presentation. We believe that our audit provides a reasonable basis for our opinion.

OPINION PARAGRAPH:

(It again names all the financial statements)

In our opinion, the financial statements referred to above present fairly, in all material respects, the operations of, the financial position of, and the cash flows of ABC Incorporated for the year (or “years” depending on how many years’ financials are being audited) then ended in conformity with United States generally accepted accounting principles.

Signature (by the CPA firm)

Date (last day of field work, not last day at the client but last day substantial work was done on the client)

2) Unqualified but Modified Opinion

Äuditor is still giving a clean opinion; however, he’s either going to add an extra paragraph to explain something, or he’ll add extra language to each of the three paragraphs.

¨The primary situation where extra language is added to each paragraph is when there is another auditor (of a different firm) helping the auditor (us) do this year’s audit, and (we) the auditor is not accepting responsibility for the other auditor.

(If we would be accepting responsibility of the other auditor, no modification would be made to the audit report; the standard audit report would be used. Such a situation would happen if (1) what the other auditor is auditing is immaterial, or (2) the other auditor’s firm is a break-off firm of our firm who does the small stuff for us.

Example: suppose the client has a subsidiary in Oregon. Maybe the client doesn’t want to pay for us go to all the way to Oregon just to spend two hours auditing, so he hires a local firm to audit that subsidiary, and hopefully he’s reputable, which doesn’t matter anyway because we’re not going to accept responsibility for his work, so we’ll divide up the responsibility by modifying the report.

¨Modification when firm doing the audit does not accept the responsibility of the other auditors.

INTRO: We have audited the accompanying balance sheet of XYZ Company as of December 31, 20XX, and the related statements of income, retained earnings, and cash flows for the year then ended. These financial statements are the responsibility of the company’s management. Our responsibility is to express an opinion on these financial statements based on our audit. We did not audit XYZ Subsidiary in Portland, Oregon. This was audited by other auditors. The subsidiary’s assets and revenues equal 4 percent and 7 percent of the consolidated totals, respectively.

Mentioning percentages shows the reader of the audit report the magnitude of what the subsidiary represents to the total entity.

SCOPE: We conducted our audit in accordance with United States generally accepted auditing standards. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatements. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audit, and the audit of other auditors, provides a reasonable basis for our opinion.

OPINION: In our opinion, based on our audit and the audit of other auditors, the financial statements referred to above present fairly, in all material respects, the financial position of XYZ Company as of (at) December 31, 20XX, and the results of its operations and its cash flows for the year then ended in conformity with United States generally accepted accounting principles.

The other auditors’ names may be mentioned only if two things apply:

1) They give permission. AND

2) Their report is attached to our report.

Otherwise, they will be referred to simply as other auditors.

¨Modification in all other situations:

In each situation, the three standard paragraphs will remain unchanged and will have standard language.

In each situation, an extra paragraph will be inserted. But, in any of the three standard paragraphs, there will be no reference to the extra paragraph.

Because mentioning the extra paragraph will overshadow the unqualified the report, and people may interpret the opinion to be unclean. But not mentioning the paragraph, people will see the fourth paragraph but will notice that the standard language – especially in the opinion – was unchanged, and they’ll conclude that even though the auditor needed to explain, verify, and clarify something, it still doesn’t change the opinion in any way, shape, or form.

Ïn an unqualified opinion, it is never wrong to insert the extra paragraph under (after) the opinion paragraph (unqualified under). [That is, the extra paragraph may be the fourth paragraph.]

Ïn the following two situations, the extra paragraph may be inserted either over or under (before or after) the opinion paragraph. [That is, either the extra paragraph will be the third paragraph and the opinion paragraph the fourth paragraph, or the opinion paragraph will be the third paragraph and the extra paragraph the fourth paragraph.] The purpose is that the reader should read the extra paragraph before the opinion.

1) There’s a justified departure from GAAP

The auditor agrees that for a certain transaction it was impossible to come of with a number using accrual accounting, because it would be misleading, so for this transaction it was OK to use cash basis: to record the revenue when received and expense when paid, not when earned and incurred, respectively.

Example: a complicated vacation package.

2) The auditor wants to emphasize a particular matter that the client has already disclosed, but in Note XZ that the reader may probably may end up getting to read. But the auditor feels that he needs to bring it to the attention of the reader.

Example: After the year was over, before the financials were issued, there was a sudden flood that wiped out 50% of the client’s inventory for which there’s no insurance. The client has buried this information in Note 57 to the financials, as he is permitted to do. But the auditor wasn’t comfortable with it, so he brings it to the forefront by adding a paragraph to his otherwise unqualified opinion.

Since this is a material situation that happened between the balance sheet date and the issuance date, it would be foolish not to mention it in the report.

¨The modification would be as follows:

INTRO and SCOPE and OPINION will remain the same.

An extra paragraph will be inserted – either over or under (before or after) the opinion paragraph – explaining the justified departure from GAAP: “As described in Note Q, the client uses cash basis accounting to account for vacation pay…”

Or explaining what the auditor wants to emphasize: “As described in Note 57, 50% of the client inventory was washed away by a flood for which there is no insurance…”

Ïn the following three situations, the extra paragraph is inserted under (after) the opinion paragraph:

3) There’s a justified change in accounting principle.

Example: the company went from the percentage-of-sales method to the aging method. And the auditor agrees with the change.

Consistency is an implicit reporting standard. So if there’s a change, although the auditor agrees with it, nonetheless there’s a consistency issue – a lack of consistency – and it must be mentioned in the report.

4) The client omitted a supplemental disclosure that FASB or GASB requires, but it is not part of the financial statements as requirement by GAAP and hence not a part of the audit.

Example: Government contract for which GASB requires disclosures. Even though it’s supplemental, it can’t be ignored.

A fourth paragraph will be added under the opinion paragraph, explaining what the client omitted.

5) There are inconsistencies between the client’s financials and the wording of his MD&A (management discussion and analysis), an annual report through which the auditor has a responsibility to read, and the client refuses to fix them. The financials may be perfectly right, but it’s this other information that we asked the client to fix, and he refused.

Example: The financials show that there are collection issues, but the MD&A says that they have recently improved collection procedures. So there’s an inconsistency (contradiction) between what the financials are saying in numbers and what the client is saying in words.

A fourth paragraph will be added under the opinion paragraph, explaining what the inconsistencies are.

Ä client may feel that there’s less harm in adding a paragraph to an otherwise clean opinion than there is in changing something or disclosing something in the financial statements.

6) There’s substantial doubt about whether the client can continue as a going concern.

To continue using historical cost, auditor has to believe that the client will be for at least 12 months in business. If the auditor felt that the client would close up shop within the year, he would have to have the client restate everything to liquidation value, as if he were going to sell everything.

¨The auditor must be on the lookout – concern – for whether the client can continue as a going concern.

¨The flags (the “concern”) of going concern problems:

1) Recurring operating losses

2) Industry decline

3) Loss of major customers

4) Uninsured catastrophes

5) Strikes and work stoppages

6) Bankruptcy filing

Äuditor must not panic; he should just go and ask the client what plan he has to mitigate (soften, lessen) the blow of what’s going on. The auditor wants to hear that the client has a plan to raise money or save money, such as one of these typical plans:

1) No more dividends

2) Stop expansion

3) Start selling off parts of the business that are losing money

Ïf the auditor is satisfied with the mitigation plan, he’ll give an unqualified, unmodified opinion.

Ïf the auditor is still concerned about this going concern, he’ll give an unqualified, modified opinion, adding an extra paragraph under (after) the opinion paragraph:

“As more fully described in Note Q to the financial statements, ABC Inc. has suffered recurring operating losses and work stoppages that raise substantial doubt about the ability to continue as a going concern.” (This language is not negotiable; it may not be changed; it must be stated verbatim; it is FASB mandated.) “No adjustments have yet to be made to the financial statements because of the foregoing events (aforementioned items).”

Three important parts of this paragraph are:

(1) It makes reference to a note, and

(2) Using the words “substantial doubt about the ability to continue as a going concern”

(3) “We have yet to adjust the financial statements because of…”

¨Note: if the client does not disclose this, there’s an issue of lack of adequate disclosure, which may trigger a qualified or adverse opinion.

Back to Articles »

advertisements



Home About


Store


EDIT PROFILE »


Article Student Audit Notes--Qualified Opinion

Qualified Opinion

¨There are two general situations that would trigger a qualified opinion:

1) GAAP problems

2) GAAS problems

¨Modification when there are GAAP problems:

INTRO and SCOPE will remain the same.

EXTRA paragraph, always preceding the opinion paragraph, will explain what went wrong that caused a qualified opinion.

OPINION: In our opinion, except for the matter discussed in the preceding paragraph, based on our audit, the financial statements referred to above present fairly, in all material respects, the financial position of X Company as of (at) December




31, 20XX, and the results of its operations and its cash flows for the year then ended in conformity with United States generally accepted accounting principles.

Two important parts of the opinion paragraph are:

(1) It makes reference to the extra paragraph, and

(2) The words “except for” are used.

Ïnstances that cause a qualified opinion due to GAAP problems:

1) Unjustified departure from GAAP

2) Unjustified change in accounting principle

3) Lack of adequate disclosure

When there’s lack of adequate disclosure, GAAS says that the auditor, in the extra paragraph, should himself make the disclosures that the client didn’t make, provided that they are reasonably obtainable from the books and records, and hence the auditor would not be put in the position of being the preparer of the information.

(If the auditor were also the preparer of the information, by assembling things, doing math, calculations, etc., it would ruin his independence. How can one audit what he prepared?)

4) Client is not reporting a statement of cash flows

In this case, the audit report would be modified as follows:

INTRO will not mention the statement of cash flows.

SCOPE will remain the same.

EXTRA paragraph explains the fact that a statement of cash flows is required, as part of a full set of financial statements, and the client is not publishing one.

OPINION will not mention the statement of cash flows and will use the words “except for”:

In our opinion, except for the matter discussed in the preceding paragraph, based on our audit, the financial statements mentioned above present fairly, in all material respects, the results of operations and the financial position of ABC Inc. in conformity with United States generally accepted accounting principles.< /o:p>

¨The biggest GAAS problem is that the auditor is unable to do his work – to gather the evidence he needs regarding certain transactions, for a material item, but not highly material enough to issue a disclaimer

¨Materiality is based on APJ (auditor’s professional judgment) which centers around firm policy.

¨Modification when there are GAAS problems:

INTRO paragraph is the same.

Because it’s a scope limitation, the scope paragraph will be modified, using “except for” language to make reference to the extra paragraph:

SCOPE: Except for the matter discussed in the forthcoming paragraph, we conducted our audit in accordance with United States generally accepted auditing standards. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatements. An audit includes

examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audit provides a reasonable basis for our opinion.

EXTRA paragraph explains what the auditor was unable to do, what the scope limitation was. However, never use the words “scope limitation” because the reader of the audit report doesn’t understand what that means. (Scope means range.)

In the opinion paragraph, once again, the auditor uses “except for” language to make reference to the extra paragraph:

OPINION: In our opinion, except for the matter discussed in the preceding paragraph, based on our audit, the financial statements referred to above present fairly, in all material respects, the financial position of X Company as of (at) December 31, 20XX, and the results of its operations and its cash flows for the year then ended in conformity with United States generally accepted accounting principles.

¨So the auditor uses “except for” twice: in the scope and opinion paragraphs so that both paragraphs make reference to the extra paragraph.

Back to Articles »

advertisements


Home About


Store






EDIT PROFILE »


Article Student Audit Notes--Adverse Opinion

Adverse opinion

¨This is cause by highly material (severe) departure from GAAP, usually stemming from multiple departures from GAAP.

¨Modification when there are highly material (severe) GAAP problems:

INTRO and SCOPE will remain the same.

TWO EXTRA paragraphs:

1) Qualitative: explaining just in words what the client did wrong

Classic example: “The client has written up his equipment to fair market value, based on his own appraisal.” (Well, you’re not supposed to write things up, and you’re not supposed to use your own appraisal.) “Accordingly, assets are overstated, depreciation is overstated, net income is understated, retained earnings is understated, and earnings per share is understated.”

2) Quantitative: giving exact dollar amounts of the errors going uncorrected.

“Accordingly, assets are overstated by $---, depreciation is overstated by $---, net income is understated by $---, retained earnings is understated by $---, and earnings per share is understated by $---.”

OPINION: In our opinion, based on the matters discussed in the preceding paragraphs, the financial statements referred to above do not present fairly, in all material respects, the financial position of X Company as of (at) December 31, 20XX, and the results of its operations and its cash flows for the year then ended in conformity with United States generally accepted accounting principles.

¨No more “except for” language; this isn’t “except for”; this is bad! Also, don’t use the word “adverse” because the reader doesn’t understand what that word is about, but the reader does understand the words “do not …”

5) Disclaimer of an Opinion

¨The following two situations will cause the auditor to give a disclaimer:

1) There is a highly material scope limitation – there’s not enough evidence to gather, and the auditor doesn’t feel comfortable giving an opinion, based on APJ.

It may have been destroyed (by fire, flood, etc.)

Or client may have stood in auditor’s way.

[In real life, for almost any client-imposed scope limitation (e.g., client doesn’t allow auditor to see cash, inventory, etc.), the CPA firm would go out of its way to give a disclaimer, and the materiality level shrinks.]

2) There’s a significant uncertainty about a particular thing; even the best evidence available, is just not enough to clear up this uncertainty, and the auditor feels uncomfortable giving an opinion.

Example: There is a major lawsuit against the client, but there’s nothing to say about it at this point. But it’s known that if the client loses, he could be gone. And the auditor is uncertain about how to handle it.

¨There are two modifications in the introductory paragraph:

(1) “We have audited” is changed to “We were engaged to audit” because the client was not fully audited.

(2) The last sentence “Our responsibility is to express an opinion…” is omitted because the auditor is not expressing an opinion.

INTRO: We were engaged to audit the accompanying balance sheet of XYZ Company as of December 31, 20XX, and the related statements of income, retained earnings, and cash flows for the year then ended. These financial statements are the responsibility of the company’s management.

SCOPE paragraph is entirely omitted.

EXTRA paragraph – preceding the last paragraph – describes the problem that led to a disclaimer and the effect – both in words and in dollar amounts – it had on the financial statements.

DISCLAIMER paragraph will look somewhat like this:

“Based on the matters discussed in the preceding paragraph, we were unable to satisfy ourselves regarding [whatever could not be audited], and are, therefore, unable to express an opinion, and do not express an opinion on the financial statements taken as a whole.”

Changing the Opinion on Last Year

Ëxample: Last year, the auditor gave a qualified opinion. There was a lease that was material, and the auditor said that it should be capitalized because it matched one of the criteria, but the client refused to capitalize it, and it caused a highly material misstatement of assets, depreciation, and interest expense (and it effects the times-interest-earned ratio). The next year, the client shows comparative financial statements, and he informs the auditor that he fixed up last year’s lease, as the auditor wanted last year. Now, since the auditor is reporting on two years’ financial statements, he has to give an opinion on last year’s and on this year’s financial statements.

Ïn this year’s audit report the auditor will add an EXTRA paragraph – preceding the opinion paragraph – will include the following:

DORCS (Day Opinion Reason-Change Statement):

D – Date of last year’s report

O – Opinion type given last year on last year’s financial statements

RC – Reason for Change of opinion on last year’s financial statements

S – Statement that says that the opinion given now on last year’s is different from the opinion given last year on last year’s.

Dual Dating the Report

¨Central rule: The report is dated the last day of fieldwork. That is when significant work is done on the client (not necessarily at the client).

¨Suppose the last day of work was April 18th, 2009, and the date of mailing the financials of 2008 with the report to the public was May 1st, 2009; then on April 21st, 2009, suddenly, there was a big flood that wiped out the ending inventory that was not insured.

Does it impact the financials of 2008?

If yes, the client must include a footnote disclosure, (not an accrual, because it happened suddenly).

(If client refuses to disclose it, it would possibly result in a qualified or adverse opinion due to lack of adequate disclosure.)

If the client makes the disclosure, the auditor should dual date the report as follows:

April 18th (except for note XZ for which the date is April 21st).

¨Dual dating spares the auditor from the responsibility for anything else that may have happened after April 18 th without his knowledge. If he would not dual date the report, he would assume responsibility for anything else that may have happened after April 18th.

Back to Articles »

advertisements


Home About


Store


EDIT PROFILE »

Need to logout?





LOGOUT »Article Student Audit Notes--Disclaimer of an Opinion

Disclaimer of an Opinion

¨The following two situations will cause the auditor to give a disclaimer:

1) There is a highly material scope limitation – there’s not enough evidence to gather, and the auditor doesn’t feel comfortable giving an opinion, based on APJ.

It may have been destroyed (by fire, flood, etc.)

Or client may have stood in auditor’s way.

[In real life, for almost any client-imposed scope limitation (e.g., client doesn’t allow auditor to see cash, inventory, etc.), the CPA firm would go out of its way to give a disclaimer, and the materiality level shrinks.]

2) There’s a significant uncertainty about a particular thing; even the best evidence available, is just not enough to clear up this uncertainty, and the auditor feels uncomfortable giving an opinion.

Example: There is a major lawsuit against the client, but there’s nothing to say about it at this point. But it’s known that if the client loses, he could be gone. And the auditor is uncertain about how to handle it.

¨There are two modifications in the introductory paragraph:

(1) “We have audited” is changed to “We were engaged to audit” because the client was not fully audited.

(2) The last sentence “Our responsibility is to express an opinion…” is omitted because the auditor is not expressing an opinion.

INTRO: We were engaged to audit the accompanying balance sheet of XYZ Company as of December 31, 20XX, and the related statements of income, retained earnings, and cash flows for the year then ended. These financial statements are the responsibility of the company’s management.

SCOPE paragraph is entirely omitted.

EXTRA paragraph – preceding the last paragraph – describes the problem that led to a disclaimer and the effect – both in words and in dollar amounts – it had on the financial statements.

DISCLAIMER paragraph will look somewhat like this:

“Based on the matters discussed in the preceding paragraph, we were unable to satisfy ourselves regarding [whatever could not be audited], and are, therefore, unable to express an opinion, and do not express an opinion on the financial statements taken as a whole.”

Changing the Opinion on Last Year

Ëxample: Last year, the auditor gave a qualified opinion. There was a lease that was material, and the auditor said that it should be capitalized because it matched one of the criteria, but the client refused to capitalize it, and it caused a highly material misstatement of assets, depreciation, and interest expense (and it effects the times-interest-earned ratio). The next year, the client shows comparative financial statements, and he informs the auditor that he fixed up last year’s lease, as the auditor wanted last year. Now, since the auditor is reporting on two years’ financial statements, he has to give an opinion on last year’s and on this year’s financial statements.

Ïn this year’s audit report the auditor will add an EXTRA paragraph – preceding the opinion paragraph – will include the following:

DORCS (Day Opinion Reason-Change Statement):

D – Date of last year’s report

O – Opinion type given last year on last year’s financial statements

RC – Reason for Change of opinion on last year’s financial statements

S – Statement that says that the opinion given now on last year’s is different from the opinion given last year on last year’s.

Dual Dating the Report

¨Central rule: The report is dated the last day of fieldwork. That is when significant work is done on the client (not necessarily at the client).

¨Suppose the last day of work was April 18th, 2009, and the date of mailing the financials of 2008 with the report to the public was May 1st, 2009; then on April 21st, 2009, suddenly, there was a big flood that wiped out the ending inventory that was not insured.

Does it impact the financials of 2008?

If yes, the client must include a footnote disclosure, (not an accrual, because it happened suddenly).

(If client refuses to disclose it, it would possibly result in a qualified or adverse opinion due to lack of adequate disclosure.)

If the client makes the disclosure, the auditor should dual date the report as follows:

April 18th (except for note XZ for which the date is April 21st).

¨Dual dating spares the auditor from the responsibility for anything else that may have happened after April 18 th without his knowledge. If he would not dual date the report, he would assume responsibility for anything else that may have happened after April 18th.

Back to Articles »

advertisements





Documents

student notes