Overall Audit Strategy and Audit Program chapter 13 Overall Audit Strategy and Audit Program
Auditors must understand internal control in every audit Auditors must understand internal control in every audit. … For all public companies and for nonpublic companies where control risk is assessed below maximum, the auditor must perform tests of controls. But, don’t forget that auditing standards also require that substantive tests be performed in all audits.
Don’t L k Sallyanne what is the objective of AU section 315?
AU 315 Understanding the Entity & Its Environment & Assessing RoMM .03 The objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and relevant assertion levels through understanding the entity and its environment, including the entity's internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.
AU 315.A84 the accounting system Procedures and records designed to Initiate, authorize, record, process, and report entity transactions Maintain accountability for the assets, liabilities & equity Transfer information to the general ledger Capture information other than transactions that is relevant to the financial statements. e.g. depreciation and amortization of assets, changes in the recoverability of receivables. Ensure information that is required to be disclosed is accumulated, recorded, processed, summarized, and appropriately reported in the financial statements. transactions adjusting journal entries disclosures
Page 338 (268) (Design of Internal Control) Risks related to all relevant assertions Evaluating Significant classes of transactions Identify how each significant class of transactions Initiated Authorized Recorded Processed through the accounting system Reported in the financial statements and disclosures In order to identify points in the transactions where material misstatements could occur
Understanding Internal Controls Risk assessment procedures Evaluate design of internal controls Document understanding Assess Control Risk (preliminary) Test Operating Effectiveness of controls Assess Control Risk (after ToC’s) Substantive Tests of Transactions Substantive Analytical Procedures Tests of Details of Balances
Phil Don’t Look what is the definition of control risk?
Control Risk The risk that a misstatement that could occur in an assertion about a class of transaction, account balance, or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity's internal control.
Tests of Controls if a control is properly designed test if control is operating effectively
Assess control risk Identify: Significant classes of transactions Use managements’ assertions to determine points where errors or fraud could occur Controls that would prevent or detect these errors Link specific controls to related assertions Evaluate the design of the control Test the operating effectiveness of the control
Risk Matrix Figure 12-3 p. 373 (305)
Tests of Controls Table 13-1 p. 412 (346)
Transaction Related Objectives Table 14-2 p. 457 Figure 12-3 p. 373 (305)
Final Assessment CR < Max
Paloma Don’t Look What is the objective of AU section 500?
Procedures used to Tests Controls p. 410 (344) Make inquiries of client personnel Examine documents for evidence the control was implemented Observe control activities Reperform control activities
Table 1 ---Key Controls p. 412 (346) ties to CR Matrix p. 373 (305) 1 Credit is approved for each sale 2 Recorded sales are supported by an authorized shipping document 2 And an approved sales order 3 4 Shipping documents are forwarded to billing daily and a billing invoice is created 5 Shipping documents are prenumbered and accounted for weekly 6 7 Unit selling prices are obtained from the master price list
Table 1 p. 412 (346) 1 Credit is approved for each sale 2 Recorded sales are supported by an authorized shipping document 2 And an approved sales order 4 Shipping documents are forwarded to billing daily and a billing invoice is created 5 Shipping documents are prenumbered and accounted for weekly 7 Unit selling prices are obtained from the master price list Occur (accuracy) Occurrence cutoff Completeness accuracy
Vouch & Trace Project Table 1 on p Vouch & Trace Project Table 1 on p. 412 (346) Sample 10 transactions discuss how V&T could be used to test controls in Table 1
p. 423 (357) Sales & Collection Set Performance Materiality (tolerable misstatement) Assess control risk for credit sales transactions preliminary Design and perform Tests of Controls Assess control risk credit sales transactions final Design and perform Substantive Tests of Transactions Design and perform Substantive Analytical Procedures . Credit sales transactions Conclude on Sales
p. 423 (357) Sales & Collection Set Performance Materiality (tolerable misstatement) Assess control risk for cash receipts transactions (collection) preliminary Design and perform Tests of Controls Assess control risk cash receipts transactions (collection) final Design and perform Substantive Tests of Transactions Cash receipts transactions
p. 423 (357) Sales & Collection Set Performance Materiality (tolerable misstatement) Design and perform Subst Analytical Procedures – Acc Rec Subst Test of Details – Acc Rec Conclude on Accounts Receivable Design and perform Subst Analytical Procedures – cash Subst Test of Details - cash Conclude on Cash
$ubstantive Tests Provide substantive evidence help establish the monetary correctness
Substantive tests Substantive tests of transactions Substantive analytical procedures Tests of details of account balances
Table 6-3 Page 159 (167)
Substantive analytical procedures Indicate possible misstatements Provide substantive evidence help establish the monetary correctness (only indicate the likelihood of misstatement)
Substantive analytical procedures Supplies Prepaid rent Depreciation expense
Substantive Tests of Details of Balances Provide substantive evidence help establish the monetary correctness Bank reconciliations Confirmation of accounts receivables Inventory observation
Audit Approaches
for private companies non-SEC companies not covered by Sarbanes-Oxley
Private Company non SEC When you reflect on similar audit clients You believe it would cost less to perform Tests of Contols than $ubstantive Test$
Max M After evaluating the design of the controls you DO NOT believe the client’s controls would effectively prevent or detect and correct misstatements even if they are properly implemented You preliminarily assess CR =
Patrick After evaluating the design of the controls you DO NOT believe the client’s controls would effectively prevent or detect and correct misstatements even if they are properly implemented You preliminarily assess CR = High Which audit approach will you take?
Max D Which types of audit tests will you perform Tests of Controls evaluate design of controls Tests of Controls test operating effectiveness none some extensive Substantive Tests analytical procedures test of details of account balances none limited extensive
Private Company non SEC When you reflect on similar audit clients You believe it would cost less to perform Tests of Contols than $ubstantive Test$
Devin After evaluating the design of the controls you believe the client’s controls would effectively prevent or detect and correct misstatements if they are properly implemented You preliminarily assess CR =
Abby After evaluating the design of the controls you believe the client’s controls would effectively prevent or detect and correct misstatements if they are properly implemented You preliminarily assess CR = Low Which audit approach will you take?
Lauren Which types of audit tests will you perform Tests of Controls evaluate design of controls Tests of Controls test operating effectiveness none some extensive Substantive Tests analytical procedures test of details of account balances none limited extensive
Private Company non SEC When you reflect on similar audit clients You believe it would cost less to perform $ubstantive Test$ than Tests of Contols
Deidre After evaluating the design of the controls you believe the controls would NOT prevent, or detect and correct misstatements even if they are properly implemented You will preliminarily assess CR =
Alyssa After evaluating the design of the controls you believe the controls would NOT prevent, or detect and correct misstatements even if they are properly implemented You will preliminarily assess CR = High Which audit approach will you take?
Aidan Which types of audit tests will you perform Tests of Controls evaluate design of controls Tests of Controls test operating effectiveness none some extensive Substantive Tests analytical procedures test of details of account balances none limited extensive
Private Company non SEC When you reflect on similar audit clients You believe it would cost less to perform $ubstantive Test$ than Tests of Contols
PJ After evaluating the design of the controls you believe the controls would prevent, or detect and correct misstatements if they are properly implemented You will preliminarily assess CR =
Alice After evaluating the design of the controls you believe the controls would prevent, or detect and correct misstatements if they are properly implemented You will preliminarily assess CR = Low Which audit approach will you take? What will your final assess of CR be ?
Kelsey Which types of audit tests will you perform Tests of Controls evaluate design of controls Tests of Controls test operating effectiveness none some extensive Substantive Tests analytical procedures test of details of account balances none limited extensive
Iterative Process analysis of audit 4 page 418 (352) Analysis of Audit 4 Demonstrates the iterative nature of the audit process Planned CR = med ToC medium Anal Proc extensive PDR = med Subst medium
Iterative Process analysis of audit 4 Auditor found significant misstatements while performing substantive tests. The auditor must conclude that controls are ineffective and that control risk is MAX, regardless the results of their previous tests of controls and control risk assessment. The auditor must perform extensive Substantive Tests
Private Company non SEC When you reflect on similar audit clients You believe it would cost less to perform Tests of Contols than $ubstantive Test$
Bryn After evaluating the design of the controls you believe the controls would prevent, or detect and correct misstatements if they are properly implemented You will preliminarily assess CR =
Cory After evaluating the design of the controls you believe the controls would prevent, or detect and correct misstatements if they are properly implemented You will preliminarily assess CR = Low Which audit approach will you take?
Adam Go To Next Slide Which types of audit tests will you perform evaluate design of controls Tests of Controls test operating effectiveness none some extensive Substantive Tests analytical procedures test of details of account balances none limited extensive Go To Next Slide
David While you are performing tests of controls you encounter control deficiencies. Do you need to change you audit approach? You will assess CR = Which audit approach will you take?
Carolyn Which types of audit tests will you perform Tests of Controls evaluate design of controls Tests of Controls test operating effectiveness none some extensive Substantive Tests analytical procedures test of details of account balances none limited extensive
Must do extensive Subst Tests preliminarily assess Subst Tests Less costly than ToC controls effective (CR =Low) extensive limit subst tests => analytical procedures ineffective (CR = MAX) Must do extensive Subst Tests
Understand internal controls Document understanding Evaluate the design of the controls Preliminarily assess control risk Document prelim CR assessment If CR < Max & $ToC < $Sub$t Tests Design and perform ToC Document results of ToC and CR assessment Design and perform limited Subst Tests Document results of Subst Tests If CR = Max or $Sub$t < $ToC Design and perform extensive Subst Tests
for public companies SEC companies covered by Sarbanes-Oxley
Public Company When you reflect on similar audit clients You believe it would cost less to perform Tests of Contols than $ubstantive Test$
Monica After evaluating the design of the controls you DO NOT believe the client’s controls would effectively prevent, or detect and correct misstatements even if they are implemented You preliminarily assess CR =
Sirinad After evaluating the design of the controls you DO NOT believe the client’s controls would effectively prevent, or detect and correct misstatements even if they are implemented You preliminarily assess CR = High Which audit approach will you take?
Dannia Which types of audit tests will you perform Tests of Controls evaluate design of controls Tests of Controls test operating effectiveness none some extensive Substantive Tests analytical procedures test of details of account balances none limited extensive
Public Company When you reflect on similar audit clients You believe it would cost less to perform $ubstantive Test$ than Tests of Contols
Sean After evaluating the design of the controls you believe the controls would prevent, or detect and correct misstatements if they are properly implemented You will preliminarily assess CR =
Vincente After evaluating the design of the controls you believe the controls would prevent, or detect and correct misstatements if they are properly implemented You will preliminarily assess CR = Low Which audit approach will you take?
Torri Which types of audit tests will you perform Tests of Controls evaluate design of controls Tests of Controls test operating effectiveness none some extensive Substantive Tests analytical procedures test of details of account balances none limited extensive
Public Company When you reflect on similar audit clients You believe it would cost less to perform Tests of Contols than $ubstantive Test$
Neda After evaluating the design of the controls you believe the controls would prevent, or detect and correct misstatements if they are properly implemented You will preliminarily assess CR =
Dana After evaluating the design of the controls you believe the controls would prevent, or detect and correct misstatements if they are properly implemented You will preliminarily assess CR = Low Which audit approach will you take?
Mason Which types of audit tests will you perform Tests of Controls evaluate design of controls Tests of Controls test operating effectiveness none some extensive Substantive Tests analytical procedures test of details of account balances none limited extensive
Continuing with the previous example Hanna Continuing with the previous example While you are performing tests of details of account balances you encounter material misstatements. Do you need to change you audit approach? You will assess CR = Which audit approach will you take?
Marisela Which types of audit tests will you perform Tests of Controls evaluate design of controls Tests of Controls test operating effectiveness none some extensive Substantive Tests analytical procedures test of details of account balances none limited extensive
analytical procedures preliminarily assess Subst Tests Less costly than ToC controls effective (CR < Low) can limit subst tests analytical procedures ineffective (CR = MAX) must do some ToC Extensive Subst Tests Tests of Details
Understand internal control structure Document understanding Evaluate the Design Effectiveness of ICS Design and perform ToC to assess CR Document results of ToC and CR assessment If CR > Low Design and perform extensive Subst Tests Document results of Subst Tests
Audit Documentation Workpapers Must document Record of compliance with GAAS
Summary of Understanding Internal Control and Assessing Control Risk Figure 11 page 391 (323) is good
Private AR = CR * DR ineffective AR = 1.00 * .05 Primarily substantive effective Subst cheaper ToC cheaper AR = .0.05 * 1.00 RL of CR PUBLIC Always some TOC for SOX 404 Always RL of Cr SOX 404