1 chapter 13 Overall Audit Strategy and Audit Program

2 Partner Terry: Auditors must understand internal control in every audit. … For all public companies and for nonpublic companies where control risk is assessed below maximum, the auditor must perform tests of controls. But, don’t forget that auditing standards also require that substantive tests be performed in all audits.

3 Ciara what is the objective of AU-C section 315?

4.03 The objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and relevant assertion levels through understanding the entity and its environment, including the entity's internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement. AU-C 315 Understanding the Entity & Its Environment & Assessing RoMM

5 Page 160/169 (what is a sufficient understanding?) For all significant classes of transactions, accounts and disclosures Evaluate Risks related to all relevant assertions Identify points in the transactions where material misstatements could occur How each significant class of transactions –Initiated & Authorized –Recorded –Documents & records –Processed through the accounting system into the GL –Reporting process including disclosures & estimates

6 Understanding Internal Controls Risk assessment procedures Evaluate design of internal controls Document understanding Assess Control Risk (preliminary) Test Operating Effectiveness of controls Assess Control Risk (after ToC’s) Substantive Tests of Transactions Substantive Analytical Procedures Tests of Details of Balances

7 Jon P what is the definition of control risk?

8 Control Risk The risk that a misstatement that could occur in an assertion about a class of transaction, account balance, or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity's internal control.

9 Tests of Controls if a control is properly designed test if control is operating effectively

10 Assess control risk Identify: Significant classes of transactions Use managements’ assertions to determine points where errors or fraud could occur Controls that would prevent or detect these errors Link specific controls to related assertions Evaluate the design of the control Test the operating effectiveness of the control

11 Page 59

12 Final Assessment CR < Max

13 What is the objective of AU-C section 500? Jake S

14.04 The objective of the auditor is to design and perform audit procedures that enable the auditor to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor's opinion. AU-C 500 Audit Evidence

15 Procedures used to Tests Controls p. 205 Make inquiries of client personnel Examine documents for evidence the control was implemented Observe control activities Reperform control activities

16 Table 1 ---Key Controls p. 207 ties to CR Matrix p Credit is approved for each sale 2 Recorded sales are supported by an authorized shipping document 2 And an approved sales order 3 4 Shipping documents are forwarded to billing daily and a billing invoice is created 5 Shipping documents are prenumbered and accounted for weekly 6 7 Unit selling prices are obtained from the master price list

17 Table 1 page Credit is approved for each sale 2 Recorded sales are supported by an authorized shipping document 2 And an approved sales order 4 Shipping documents are forwarded to billing daily and a billing invoice is created 5 Shipping documents are prenumbered and accounted for weekly 7 Unit selling prices are obtained from the master price list Occur (accuracy) Occurrence cutoff Completeness accuracy

18 Vouch & Trace Project Table 1 on page transactions discuss how V&T could be used to test controls in Table 1

19

20

21 Set Performance Materiality (tolerable misstatement) Assess control risk for 1.credit sales transactionspreliminary 2.cash receipts transactions (collection)preliminary Design and perform Tests of Controls Assess control risk 1.credit sales transactionsfinal 2.cash receipts transactions (collection)final Design and perform Subst Tests of Transactions Subst Analytical Procedures Subst Test of Details of Acc Rec Balance Conclude on Accounts Receivable page 218 Accounts Receivable

22 $ubstantive Tests Provide substantive evidence help establish the monetary correctness

23 Set Performance Materiality (tolerable misstatement) Assess control risk for 1.credit sales transactionspreliminary 2.cash receipts transactions (collection)preliminary Design and perform Tests of Controls Assess control risk 1.credit sales transactionsfinal 2.cash receipts transactions (collection)final Design and perform Subst Tests of Transactions Subst Analytical Procedures Subst Test of Details of Acc Rec Balance Conclude on Accounts Receivable page 218 Accounts Receivable

24 Substantive tests Substantive tests of transactions Substantive analytical procedures Tests of details of account balances

25 Page 59

26 Substantive analytical procedures Indicate possible misstatements Provide substantive evidence help establish the monetary correctness (only indicate the likelihood of misstatement)

27

28 Substantive analytical procedures Supplies Prepaid rent Depreciation expense

29 Substantive Tests of Details of Balances Provide substantive evidence help establish the monetary correctness Bank reconciliations Confirmation of accounts receivables Inventory observation

30 Audit Approaches

31 for private companies non-SEC companies not covered by Sarbanes-Oxley

32

33 Private Company non SEC When you reflect on similar audit clients You believe it would cost less to perform Tests of Contols than $ubstantive Test$

34 Sam After evaluating the design of the controls you DO NOT believe the client’s controls would effectively prevent or detect and correct misstatements even if they are implemented You preliminarily assess CR = Which audit approach will you take?

35 Janet Which types of audit tests will you perform evaluate design of controls Tests of Controls test operating effectiveness nonesome extensive Substantive Tests analytical procedures test of details of account balancesnonelimitedextensive

36 Private Company non SEC When you reflect on similar audit clients You believe it would cost less to perform Tests of Contols than $ubstantive Test$

37 Bryce After evaluating the design of the controls you believe the client’s controls would effectively prevent or detect and correct misstatements even if they are implemented You preliminarily assess CR = Which audit approach will you take?

38 Ashley Which types of audit tests will you perform evaluate design of controls Tests of Controls test operating effectiveness nonesome extensive Substantive Tests analytical procedures test of details of account balancesnonelimitedextensive

39 Private Company non SEC When you reflect on similar audit clients You believe it would cost less to perform $ubstantive Test$ than Tests of Contols

40 Christina After evaluating the design of the controls you believe the controls would NOT prevent, or detect and correct misstatements if they are properly implemented You will preliminarily assess CR = Which audit approach will you take?

41 Christine Which types of audit tests will you perform evaluate design of controls Tests of Controls test operating effectiveness nonesome extensive Substantive Tests analytical procedures test of details of account balancesnonelimitedextensive

42 Private Company non SEC When you reflect on similar audit clients You believe it would cost less to perform $ubstantive Test$ than Tests of Contols

43 Vivian After evaluating the design of the controls you believe the controls would prevent, or detect and correct misstatements if they are properly implemented You will preliminarily assess CR = Which audit approach will you take?

44 Fiona Which types of audit tests will you perform evaluate design of controls Tests of Controls test operating effectiveness nonesome extensive Substantive Tests analytical procedures test of details of account balancesnonelimitedextensive

45 Iterative Process analysis of audit 4 page 214 Analysis of Audit 4 Demonstrates the iterative nature of the audit process PlannedCR = medToC medium Anal Proc extensive PDR = medSubst medium

46 Iterative Process analysis of audit 4 Auditor found significant misstatements while performing substantive tests. The auditor must conclude that controls are ineffective and that control risk is MAX, regardless the results of their previous tests of controls and control risk assessment. The auditor must perform extensive Substantive Tests

47 Private Company non SEC When you reflect on similar audit clients You believe it would cost less to perform Tests of Contols than $ubstantive Test$

48 Julia After evaluating the design of the controls you believe the controls would prevent, or detect and correct misstatements if they are properly implemented You will preliminarily assess CR = Which audit approach will you take?

49 Jake M Which types of audit tests will you perform evaluate design of controls Tests of Controls test operating effectiveness nonesome extensive Substantive Tests analytical procedures test of details of account balancesnonelimitedextensive Go To Next Slide

50 Tim While you are performing tests of controls you encounter control deficiencies. Do you need to change you audit approach? You will assess CR = Which audit approach will you take?

51 Somer Which types of audit tests will you perform evaluate design of controls Tests of Controls test operating effectiveness nonesome extensive Substantive Tests analytical procedures test of details of account balancesnonelimitedextensive

52 preliminarily assess Subst Tests Less costly than ToC Less costly than Subst Tests controls effective (CR =Low) extensive Subst Tests ToC limit subst tests => analytical procedures controls ineffective (CR = MAX) Must do extensive Subst Tests

53 Understand internal controls –Document understanding –Evaluate the design of the controls Preliminarily assess control risk –Document prelim CR assessment If CR < Max & $ToC < $Sub$t Tests –Design and perform ToC –Document results of ToC and CR assessment –Design and perform limited Subst Tests –Document results of Subst Tests If CR = Max or $Sub$t < $ToC –Design and perform extensive Subst Tests –Document results of Subst Tests

54 for public companies SEC companies covered by Sarbanes-Oxley

55

56 Public Company When you reflect on similar audit clients You believe it would cost less to perform Tests of Contols than $ubstantive Test$

57 Katina After evaluating the design of the controls you DO NOT believe the client’s controls would effectively prevent, or detect and correct misstatements even if they are implemented You preliminarily assess CR = Which audit approach will you take?

58 Lauren Which types of audit tests will you perform evaluate design of controls Tests of Controls test operating effectiveness nonesome extensive Substantive Tests analytical procedures test of details of account balancesnonelimitedextensive

59 Public Company When you reflect on similar audit clients You believe it would cost less to perform $ubstantive Test$ than Tests of Contols

60 Huyen After evaluating the design of the controls you believe the controls would prevent, or detect and correct misstatements if they are properly implemented You will preliminarily assess CR = Which audit approach will you take?

61 Aleksandr Which types of audit tests will you perform evaluate design of controls Tests of Controls test operating effectiveness nonesome extensive Substantive Tests analytical procedures test of details of account balancesnonelimitedextensive

62 Public Company When you reflect on similar audit clients You believe it would cost less to perform Tests of Contols than $ubstantive Test$

63 Ian After evaluating the design of the controls you believe the controls would prevent, or detect and correct misstatements if they are properly implemented You will preliminarily assess CR = Which audit approach will you take?

64 Romy Which types of audit tests will you perform evaluate design of controls Tests of Controls test operating effectiveness nonesome extensive Substantive Tests analytical procedures test of details of account balancesnonelimitedextensive

65 Madyson Continuing with the previous example While you are performing tests of details of account balances you encounter material misstatements. Do you need to change you audit approach? You will assess CR = Which audit approach will you take?

66 Marc Which types of audit tests will you perform evaluate design of controls Tests of Controls test operating effectiveness nonesome extensive Substantive Tests analytical procedures test of details of account balancesnonelimitedextensive

67 preliminarily assess Subst Tests Less costly than ToC Less costly than Subst Tests controls effective (CR < Low) ToC can limit subst tests analytical procedures ToC can limit subst tests analytical procedures controls ineffective (CR = MAX) must do some ToC Extensive Subst Tests Tests of Details must do some ToC Extensive Subst Tests Tests of Details

68 Understand internal control structure –Document understanding –Evaluate the Design Effectiveness of ICS Design and perform ToC to assess CR –Document results of ToC and CR assessment If CR > Low –Design and perform extensive Subst Tests –Document results of Subst Tests

69 Audit Documentation Workpapers Must document Record of compliance with GAAS

70 Summary of Understanding Internal Control and Assessing Control Risk Figure 11page 188 is good

71

72

73

74

75

76