CHAPTER 1: DEMAND FOR AUDIT & OTHER ASSURANCE SERVICES

Auditing​ - accumulation & evaluation of evidence about information to determine & report on
the degree of correspondence between the information & established criteria

To do an audit​ - needs information in a verifiable form & some standards (criteria) by which the
auditor can evaluate the information

Auditing Accounting

determining whether recorded information recording, classifying, & summarizing of

properly reflects the economic events that economic events for the purpose of providing
occurred during the accounting period financial information used in decision making

Information risk
Causes:
● Remoteness of information
● Biases & motives of the provider
● Voluminous data
● Complex exchange transactions
Reducing information risk:
● User verifies information
● User shares information risk with management
● Audited financial statements are provided

Assurance services ​- an independent professional service, performed by CPAs or variety of

other professionals
Type of Audits

Operational Audit Compliance Audit Financial Statements

Example Evaluate computerized Determine whether Annual audit of

payroll system for bank requirements for Boeing’s financial
efficiency & effectiveness loan continuation have statements
been met

Information Number of records Company records Boeing’s financial

processed, costs of the statements
department, & number of
errors

Established Company standards for Loan agreement Generally accepted

criteria efficiency & effectiveness provisions accounting principles,
in payroll department GAAP

Available Error reports, payroll Financial statements & Documents, records &
evidence records, & payroll calculations by auditor outside sources of
processing costs evidence

Types of Auditors
● Independent certified public accounting firms
● Governmental general accounting office auditors
● Internal Revenue agents
● Internal auditors

Requirements for becoming a CPA

● Educational requirement
● Uniform CPA examination requirement
○ Auditing & Attestation
○ Financial Accounting & Reporting
○ Business Environments & Concepts
○ Regulation
● Experience requirement
CHAPTER 2: CPA PROFESSION

Certified Public Accounting Firms

● Granted legal rights to perform audits
● Provide many other services to their clients
● Continues to develop new products & services
● What do they do?
○ Accounting & bookkeeping services
○ Tax services
○ Management consulting services

Organizational Structure of CPA

Main factors influencing organizational structure
- The need for independence from clients
- Importance of a structure to encourage competence
- Increased litigation risk faced by auditors

❏ Proprietorship
❏ General corporation
❏ Professional corporation
❏ General partnership
❏ Limited liability partnership
❏ Limited liability company

Sarbanes-Oxley Act
● Most important legislation affecting the auditing profession, the provisions of the Act
apply to publicly held companies & their audit firms
● Public Company Accounting Oversight Board (PCAOB) - applicable to US Public
Companies & other SEC registrants

Securities & Exchange Commission

● Purpose is to assist in providing investors with reliable information upon which to make
investment decisions
● The Securities Act of 1933
● The Securities Exchange Act of 1934
AICPA
Performs services for CPAs:
● Sets professional requirements
● Conduct research
● Publishes materials related to services performed
Establishing standards & rules
1. Auditing standards
2. Compilation & review standards
3. Other attestation standards
4. Code of Professional Conduct
Other functions
● CPA examination
● Research & grants
● Publishes variety of materials
● Provides seminars & continuing education

International Standards on Auditing ​- applicable to entities outside US

International Federation of Accountants (IFAC)
- Worldwide organization for accountancy profession
- Works to improve uniformity of auditing practices & related services throughout the world

Generally Accepted Auditing Standards (GAAS) ​- applicable to private entities in US

General Standards Standards of Field Work Standards of Reporting

● Adequate training ● Proper planning & ● Statements prepared

proficiency
● Independence in
mental attitude
● Due professional care
supervision in accordance with
● Understanding of the GAAP
entity ● Circumstances when
● Sufficient appropriate GAAP not followed
evidence ● Expression of opinion
of financial statements

Quality Control Standards ​(elements)​ ​- applicable to CPA firm to aid in satisfying GAAS
● Independence, integrity, & objectivity
● Personnel management
● Acceptance & continuation of clients & engagements
● Engagement performance
● Monitoring
CHAPTER 3: AUDIT REPORTS

Parts of the Standard Unqualified Audit Report (SUAR)

1. Report title
2. Audit report address
3. Introductory paragraph
4. Scope paragraph
5. Opinion paragraph
6. Name of CPA firm
7. Audit report date

Conditions for SUAR

- Includes all financial statements
- Three general standards are met
- Complies with the three standards of field work
- Financial statements comply with GAAP
- No circumstances require an explanatory paragraph/ report modification

Reporting on Internal Control over Financial Reporting

Auditors of public companies subject to Section 404 of Sarbanes-Oxley Act must report on the
effectiveness of internal control over financial reporting.
PCAOB Auditing Standard 5 requires the audit of internal control to be integrated with the audit
of the financial statements.
Separate Report on Financial Statements & Internal Control over Financial Reporting
1. Introductory paragraph
2. Scope paragraph
3. Definition paragraph
4. Inherent limitation paragraph
5. Opinion paragraph
6. Cross-Reference paragraph
Unqualified Report with Explanatory Paragraph
Lack of consistent application of
GAAP
Substantial doubt about going
concern
Auditor agrees with departure
from promulgated accounting
principles
Emphasis of a matter
Reports involving other auditors
Departures from an Unpopular Opinion​ - scope limitation, GAAP departure, auditor not
independent
Auditors:
- Must note circumstances in which accounting
principles are not consistently applied
- Should modify the report when a material
change occurs by adding an explanatory
paragraph in the report
- Significant recurring operating losses/ working
capital deficiencies
- Inability of the company to pay its obligations
as they come due
- Loss of major customers, the occurrence of
uninsured catastrophes
- Legal proceedings, legislation that might
jeopardize the entity’s ability to operate
- Departure may not require a qualified/ adverse
opinion
- Auditor must separately explain in the audit
report that adhering to the principle would have
produced a misleading result
- Circumstances are most unusual
Under certain circumstances, CPA may want to
emphasize specific matters regarding the financial
statements, even though the CPA intends to express
an unqualified opinion
- Financial statement comparability
- Subsequent events
- Related party transactions
- Material uncertainties
- Make no reference in the audit report
- Make reference in the report (modified wording
report)
- Qualify the opinion
Qualified opinion report can result from a limitation on the scope of the audit/ failure to follow
GAAP | Same introductory & scope paragraphs as the standard report with third paragraph
added and opinion paragraph - qualified

Adverse opinion - auditor believes the financial statements are not presented fairly in
conformity with GAAP | Same introductory & scope paragraphs as the standard report with third
paragraph added and opinion paragraph - adverse

Disclaimer of opinion - issued when auditor is unable to be satisfied that the overall financial
statements are fairly presented, can arise only from a lack of knowledge by auditor | Same
introductory paragraph with second paragraph added and opinion paragraph - disclaimer

Materiality ​- a misstatement in financial statements can be considered material if knowledge of

the misstatement would affect a decision of a reasonable user of the statements

Levels of Materiality
- Amounts are immaterial
- Amounts are material but do not overshadow the financial statements as a whole
- Amounts are so material/ so pervasive that overall fairness of the statements is in
question
Materiality level Significance in terms of reasonable Type of opinion
user’s decisions

Immaterial User’s decisions are unlikely to be Unqualified

affected

Material User’s decisions are likely to be affected Qualified

Highly material User’s decisions are likely to be Disclaimer or adverse

significantly affected

Discussion of Conditions Requiring Departure - auditor’s scope has been restricted,

statements are not in conformity with GAAP, auditor is not independent
CHAPTER 4 PROFESSIONAL ETHICS

Ethics ​- a set of moral principles/values

Core ethical values (Josephson Institute)
1. Trustworthiness ​- honesty, integrity, reliability, loyalty
2. Responsibility ​ - civility, courtesy, dignity, tolerance, acceptance
3. Caring - accountable for one’s actions & exercising restraint
4. Respect - equality, impartiality, proportionally, openness, due process
5. Fairness - genuinely concerned for the welfare of others
6. Citizenship - obeying laws, performing one’s fair share to society

Needs for ethics ​- necessary for a society to function in an orderly manner

Reasons for unethical act
- Different ethical standards from society
- Chooses to act selfishly
Rationalizing unethical behavior
- Everyone else is doing it
- If it’s legal, it’s ethical
- Likelihood of discovery & consequences

Ethical Dilemmas ​- situation a person faces in which a decision must be made about
appropriate behavior, auditors face many ethical dilemmas in their business careers

Resolving Ethical Dilemmas

1. Obtain relevant facts
2. Identify ethical issues from facts
3. Determine who is affected
4. Identify alternatives available to the person who must resolve the dilemma
5. Identify the likely consequence of each alternative
6. Decide the appropriate action
CHAPTER 5 LEGAL LIABILITY

5.1 Changed Legal Environment

- Under common law, auditors have a responsibility to fulfill, implied/expressed contracts
with clients
- They are liable to their clients for negligence and/or breach of contract if they fail to
provide the services/not exercise due care in their performance
- They generally owe a duty of care to third parties who are part of a limited group of
persons whose reliance is ‘foreseen’ by them
- They might be liable to third parties under common law & statutory law
- Auditors also could be liable for criminal acts
- High number of lawsuits against auditors & size of awards to plaintiffs in US, UK,
Australia & Hong Kong
- Suits are also involved from third parties under common laws & statutory laws
Major contributors to lawsuits against auditors:
a) Growing awareness of the responsibilities of public accounts by users of financial
statements
b) Increased consciousness on the part of the SEC for its responsibility for protecting
investors’ interest
c) Complexity of auditing & accounting functions caused by the increasing size of
businesses, the globalization of business & the complexities of business operations
d) Tendency of society to accept lawsuits by injured parties against who might be able to
provide compensation, regardless of who was at fault, coupled with the joint & several
liability doctrine
e) Large civil court judgements against CPA firms awarded in a few cases, encouraging
attorneys to provide legal services on a contingent-fee basis
f) Many CPA firms being willing to settle legal problems out of court in an attempt to avoid
costly legal fees & adverse publicity rather than pursuing resolution through the judicial
process
g) The difficulty judges & jurors have understanding & interpreting technical accounting &
auditing matters
5.2 Failure of Financial Statements
Business failure Occurs when a business is unable to repay its lenders/meet the
expectations of its investors because of economic/business conditions.
e.g. recession, poor management decisions/unexpected competition in
the industry

Audit failure Occurs when the auditor issues an incorrect audit opinion because it
failed to comply with the requirements of auditing standards.
E.g. firm assigning unqualified assistants to perform certain audit tasks
where they failed to notice material misstatements in the client’s records
that a qualified auditor would have found

Audit risk - Represents the possibility that the auditor concludes after
conducting an adequate audit that the financial statements were
fairly stated when in fact they were material misstated
- Is unavoidable because auditors gather evidence only on a test
basis & because well-concealed frauds are extremely difficult to
detect
- Auditors may still fail to uncover a material misstatement due to
fraud to uncover a material misstatement due to fraud despite
fully comply with auditing standards

5.3 Legal Concepts Affecting Liability

- An auditor is responsible for every aspect of their public accounting work - auditing,
taxes, management advisory services, accounting & bookkeeping services
- An auditor can be held liable for any penalties & interest if an auditor fails to correctly
prepare & file a client’s tax return
- Legal concepts pertinent to lawsuits involving auditors are:
Prudent person - An auditor is expected to conduct the
audit with ​due care (prudent person
concept) & is not expected to be
perfect
- Refer to ​Cooley on Torts​, a legal
treatise (pg 108)
- An auditor should possess the degree
of skill commonly possessed by other
auditors & should exercise it with
reasonable care & diligence
- Auditors should be assigned to tasks &
supervised commensurate with their
level of knowledge, skill, & ability so
that they can evaluate the audit
evidence they are examining
- The auditor with final responsibility for

Liability for the acts of others
Lack of privileged communication
the engagement should know the
relevant professional accounting &
auditing standard
- They should be knowledgeable about
the client & is responsible for the
assignment of tasks
- SSM has issued the Limited Liability
Partnership Act (LLP) 2012
- LLP is an alternative business vehicle
in Malaysia
- Under the LLP, the liability for one
owner’s action does not extend to
another owner’s personal assets
unless the other owner was directly
involved in the actions of the owner
causing the liability
- However, the firm's assets all subject
to the damage arise
- The partners may also be liable for the
work of others on whom they rely
under the laws of agency
- The partners are most likely to rely on
employees, other audit firms engaged
to do part of the work & specialist
called upon to provide technical
information
- The partner can be held liable if their
employee improperly performs in
doing an audit
- Auditors do not have the right to
withhold information from the courts on
the grounds that the information is
privileged
- Confidential discussions between the
client & auditor cannot be withheld
from the courts
- However, in the US, several states
have statutes that permit privileged
communication between the client &
the auditor. Not applied for federal
courts
- The intent at the time of the
communication must have been for the
communication to remain confidential
5.4 Legal Terms Affecting CPA’s Liability
Ordinary negligence Absence of reasonable care that can be expected of a person in a
set of circumstances.
For auditors, it is in terms of what other competent auditors would
have done in the same situation.

Gross negligence Lack of even slight care, tantamount to reckless behavior that can
be expected of a person.
Some states do not distinguish between ordinary & gross
negligence.

Constructive fraud Existence of extreme/unusual negligence even though there was no

intent to deceive/do harm.
Recklessness in the case of an audit is present if the auditor knew
an adequate audit was not done but still issued an opinion, even
though there was no intention of deceiving statement users.

Fraud Occurs when a misstatement is made & there is both the knowledge
of its falsify & the intent to deceive

Breach of contract Failure of one/both parties in a contract to fulfill the requirements of

the contract.
The contract parties have privity of contract which entitles them to
sue each other but prevents a third party from doing so.

Third-party Third party who does not have privity of contract but is known to the
beneficiary contracting parties & is intended to have certain rights & benefits
under the contract

Common law Law that have been developed through court decision rather than
government statutes

Statutory law Laws that have been passed by the Malaysian Government.
The securities Commission Act 1993 & Companies Act 1965
together with their amendments are important statutory laws
affecting auditors.

Joint & several The assessment against a defendant of the full loss suffered by a
liability plaintiff, regardless of the extent to which other parties shared in the
wrongdoing

Separate & Assessment against a defendant of that portion of the damage

proportionate liability caused by the defendant’s negligence.
Only apply in cases of liability to third parties under common law &
the securities laws.
5.5 Major Sources of Auditor’s Legal Liability
1. Liability to clients
a. Failure to complete a non-audit engagement on the agreed-upon date
b. Failure to discover an embezzlement as a result of negligence in audit work
c. Breach of confidentiality requirements
2. Liability to third parties under common law
3. Civil liability under federal securities law
4. Criminal liability
See ​Cenco Incorporated v Seidman & Seidman

Auditor’s Defenses Against Client Suits

Lack of duty to perform
- The audit firm claims that there was no
implied/expressed contract
- Misstatements were not uncovered because the
rim did a review service instead of audit
- An engagement letter provides a basis to
demonstrate a lack of duty to perform
- An engagement letter could reduce the likelihood
of adverse legal actions

Non-negligent performance
- The audit firm claims that the audit was performed
in accordance with auditing standards
- The auditor is not responsible for undiscovered
misstatements if the audit was conducted properly
- Auditing standards clearly stated that an audit is
subject to limitations & not an absolute assurance
services
- The prudent person concept establishes in law that
the audit firm is not expected to be infallible

Contributory negligence
- The auditor claims that the client’s own action
either resulted in the loss that is the basis for
damages/interfered with the conduct of the audit in
such a way that prevented the auditor from
discovering the cause of the loss
- If the audit firm had notified the client of a
deficiency in internal control that would have
prevented the theft but the management did not
correct it, the audit firm would have a defense of
contributory negligence

Absence of causal connection - The client must be able to show that there is a
close causal connection between the auditor’s
failure to follow auditing standards & the damages
suffered by the client
Liability to Third Parties Under Common Law
Ultramares doctrine - Established from case of Ultramares v Touche (1931)
- A primary beneficiary is one about whom the auditor was
informed before conducting the audit
- Ordinary negligence is insufficient for liability to third parties
because of the lack of ​privity of contract ​between the third
party & the auditor
- In a subsequent trial of the Ultramares case, the auditor could
be held liable to third parties who are not primary beneficiaries
if there been fraud/gross negligence on the part of the auditor

Foreseen users - The court have broadened the Ultramares doctrine to allow
recovery by third parties in more circumstances by introducing
the concept of foreseen users
- Are members of a limited class of users that the auditor knows
will rely on the financial statements
- Is treated the same as known third party

CHAPTER 6 AUDIT RESPONSIBILITIES & OBJECTIVES

Objective of Conducting an Audit of Financial Statements

- Framework ​- the MASB provide the framework for the preparation & presentation of
financial statements
- Regulations ​- The Companies Act 2016 regulate the auditor’s duties & responsibilities in
conducting the audit of financial statements
- Objective ​- to enable the auditor to express an opinion whether the financial statements
are prepared, in all material respects, in accordance with an identified reporting
framework (ISA 200)
- Auditors accumulate evidence to allow them to
- Reach conclusions whether the financial statements are fairly stated
- The effectiveness of internal control
- Issue the appropriate audit report

Management’s Responsibilities
- Preparing & presenting the financial statements (ISA 200)
- Adopting sound accounting policies
- Maintaining adequate internal control
- Making representations in the financial statements
- CEO & CEO of public companies to certify the quarterly & annual financial statements
submitted to the SEC (the Sarbanes-Oxley Act)
- Criminal penalties for falsification of financial statement’s offence (the Sarbanes-Oxley
Act)
Auditor’s Responsibilities
Material vs Immaterial Statements
Reasonable Assurance
+ Material if the combined uncorrected errors &
fraud in the financial statements would likely
have changed/influenced the decisions of a
reasonable person using the statements
+ Auditors are responsible for obtaining
reasonable assurance that the materiality
threshold is satisfied
+ Extreme cost for auditors to detect all
immaterial errors & fraud
- Assurance = ​a measure of level of certainty
that the auditor has obtained at the completion
of the audit
- Reasonable assurance = presumably ​less than
certainty/absolute assurance & more than a low
level of assurance
- Assurance indicates that the ​auditor is not an
insurer/guarantor of the correctness of the
financial statements
- Why not absolute assurance? -​ most audit
evidence results from ​testing of a sample of a
population such as accounts
receivable/inventory
- Sampling inevitably includes some of ​risk of not
uncovering​ in a material misstatements
- The tested areas & the evaluation of test
results require ​significant auditor judgement
- Accounting presentations contain complex
estimates which inherently involve uncertainty
& can be affected by future events
- Thus, the auditor has to rely on evidence that is
persuasive but not convincing
- The auditor is difficult to detect fraudulently
prepared financial statements due to collusion
among management
- It would be ​extremely high cost ​for auditors to
give assurance on all the assertions in the
statements
- Impossible for auditors ​to uncover all material
misstatements ​in every audit
Errors vs Fraud
Error Fraud

An unintentional Intentional
misstatement of the misstatements of the
financial statements financial statements

A mistake in extending Misappropriation of

prices times quantity on assets
a sales invoice (defalcation/employee
fraud)

Overlooking older raw Fraudulent financial

materials in determining reporting (management
the lower of cost of fraud)
market for inventory

Fraudulent Reporting vs Theft of

Assets
Assets Fraudulent Reporting
Misappropriation

Staff’s theft of company Incorrect financial

assets reporting

Harmful to company's Harmful to financial

owners statement users

Mostly perpetrated by Committed by

employees management

Cash stolen by cashier Overstatement of

revenue using falsified
invoices
CHAPTER 7 AUDIT EVIDENCE

Nature of Evidence
- Any information used by the auditor to determine whether the information being audited
is stated in accordance with the established criteria
- Includes persuasive information & less persuasive information
- Gathering evidence is a large part of auditor’s works - sufficient competent advice

Audit Evidence Decisions

Audit Procedures - The detailed instruction that explains the audit evidence to be
obtained during the audit
- It is common to spell out these procedures in sufficiently specific
terms so an auditor may follow these instruction during the audit

Sample Size - Once an audit procedure is selected, auditors can vary the
sample size from one to all the items in the population being
tested
- The decision of how many items to test must be made by the
auditor for each audit procedures
- The sample size for any given procedure is likely to vary from
audit to audit

Items to Select The auditor must decide which items in the population to test

Timing - The timing of audit procedures vary from early in the accounting
period to long after it has ended
- It is influenced by when the auditor believes the audit evidence
will be most effective & when audit staff is available
Persuasiveness of Evidence - Two Determinants
Persuasiveness of evidence can be evaluated only after considering the combination of
appropriateness & sufficiency
1) Appropriateness
a) Measure of the ​quality of evidence, meaning its ​relevance & reliability in meeting
audit objectives for classes of transactions, account balances & related
disclosures
b) Relevance - evidence must pertain to/be relevant to the audit objective that the
auditor is testing before it can be appropriate
c) Reliability​ - the degree to which evidence can be believable/worthy of trust
Characteristics of Reliable Evidence
Independence of provider Evidence obtained from a source outside the
entity is more reliable than that obtained from
within

Effectiveness of client’s internal controls When the client’s internal controls are
effective, evidence obtained is more reliable
than when they are weak

Auditor’s direct knowledge Evidence obtained directly by the auditor

through physical examination, observation,
recalculation & inspection is more reliable than
information obtained indirectly

Qualifications of individuals providing Although the source of information is

the information independent the evidence will not be reliable
unless the individual providing it is qualified to
do so

Degree of objectivity Objective evidence is more reliable than

evidence that requires considerable judgement
to determine whether is is correct

Timeliness Timeliness of audit evidence can refer either to

when it is accumulated/to the period covered
by the audit
2) Sufficiency
a) The quantity of evidence obtained determines its sufficiency
b) Measured primarily by the sample size the auditor selects
c) Factors determine the appropriate sample size - auditor's expectations of
misstatements & effectiveness of the client’s internal control
CHAPTER 8 AUDIT PLANNING & ANALYTICAL PROCEDURES

8.1 Reasons for Planning

Reason Benefit

To obtain ​sufficient appropriate evidence To minimize legal liability due to insufficient &
inappropriate evidence issue

To help keep audit ​costs reasonable To help CA firms remain competitive

To ​avoid misunderstanding ​with the client To maintain good reputation with the client

8.2 Client Acceptance Decisions & Initial Audit Planning

Initial Audit Planning

1. Client acceptance & continuance ​- to accept a new client/continue serving an existing
one
2. Identify clients reasons for audit ​- this information is likely to affect the remaining parts
of the planning process
3. Obtain an understanding with the client ​- understanding about the terms of the
engagement
4. Develop overall audit strategy ​- engagement staffing & any required audit specialists

1) Client Acceptance & Continuance

Type of client Explanation

New client + Investigate the new client to determine its acceptability

+ Examine the new client’s business community,
financial stability & relations with its previous CA firm
+ The CA firm must have competency
+ To communicate with the previous CA firm
+ The communication required the client's permission
+ To consider the engagement if not obtained a client’s
permission

Continuing clients Evaluate existing clients annually to determine whether to

continue/not with audit engagement.
Reasons not to continue:
- Previous conflicts over the appropriate scope of the
audit
- The type of opinion to issue
- Unpaid fees
- Excessive risk
2) Identify Client’s Reasons for Audit
Factor’s accepting audit risk

Likely statement users Intended uses of the statements

- Likely to accumulate more evidence for companies that are publicly held/have
extreme indebtedness/likely to be sold
- Informations are obtained from the previous audit management & discussions
with management
- Thus, helping the auditor to determine the likely uses of the statements
- An engagement letter states the objective & scope of an audit
CHAPTER 9 RISK & MATERIALITY

Obtain reasonable assurance ​- auditors do not guarantee/ensure the fair presentation of the
financial statements

Free from material misstatement ​- auditor’s responsibility is limited to material financial

information

Materiality ​- the magnitude of an omission/misstatement of accounting information that, in the

light of surrounding circumstances, make it probable that the judgement of a reasonable person
relying on the information would have been changed/influenced by the omission/misstatement

Applying materiality to the audit (steps)

1. Set preliminary judgement about materiality (planning extent of tests)
2. Allocate preliminary judgement about materiality to segments
3. Estimate total misstatement in segment (evaluating results)
4. Estimate the combined misstatement
5. Compare combined estimate with preliminary/revised judgement about materiality

Set Preliminary Judgement About Materiality

A preliminary judgement about materiality​:
● Is the combined amount of misstatements that the auditor would consider material early
in the audit.
● Helps the auditor to plan the appropriate evidence to accumulate
● The amount which still not affect the decisions of reasonable users
● The lower the ringgit amount, the more evidence required
A revised preliminary judgement about materiality:
● Auditor often change the preliminary judgement about materiality during the audit
● The revision is due to changes in one of the factors used to determine the preliminary
judgement
Factors affecting judgement:
1. Materiality is a relative rather than an absolute concept
2. Bases are needed for evaluating materiality
3. Qualitative factors also affect materiality
Allocate Preliminary Judgement About Materiality To Segments
- Evidence is accumulated by segments rather than for the financial statements as a
whole
- Most practitioners allocate materiality to balance sheet accounts
- Tolerable misstatement is the materiality allocated to the a/c balances
Major difficulties in allocating materiality
+ Auditors expect certain accounts to have more misstatements than others
+ Both overstatements & understatements must be considered
+ Relative audit costs affect the allocation

Estimated Total Misstatement & Preliminary Judgement

Misstatements
1. Known misstatements
2. Likely misstatements
a. Difference between management’s & the auditor’s judgement about estimates of
a/c balances
b. Projections of misstatement based on the auditor’s test of a sample from a
population

Risk
- Auditors accept some level of risk in performing the audit
- Risk exists, are difficult to measure & require careful thought in response
- Proper risk response is critical to achieving a high-quality audit
- Auditors need to understand the client’s business & assess business risk
- The ​audit risk model ​helps identify the potential & likelihood of misstatements
- Planned detection risk = acceptable audit risk/(inherent risk x control risk)
Inherent Risk (IR) ● Measures the auditor’s assessment of the likelihood that there
are material misstatements due to error/fraud in a segment
before considering the effectiveness of internal control
● Assessment are based on discussion with management,
knowledge of the company & result in audit of previous years
● High likelihood of misstatements exists, high IR
● High IR, thorough review, experienced staff to be assigned

Control Risk (CR) ● Measures the auditor’s assessment of whether misstatements

exceeding a tolerable amount in a segment will be
prevented/detected on a timely basis by the client’s internal
controls
● Auditors must obtain an understanding of internal control &
evaluate it
● Auditors must test the internal controls for effectiveness
● Ineffective internal controls, high CR
● High CR, high evidence
● IR + CR = risk of material misstatements
 Acceptable Audit ● A measure of how willing the auditor is to accept that the
Risk (AAR) financial statements may be materially misstated after the audit
is completed and an unqualified opinion has been issued. ​
● Zero risk, certainty that the FS are not materially misstated. ​
● 100% risk, complete uncertainty. ​

Planned Detection ● The risk that audit evidence for a segment will fail to detect
Risk (PDR) misstatements exceeding tolerable misstatements.​
● It depends on the other 3 risk components (IR, CR and ARR). ​
● It will change only if the auditor changes one of the other 3 risk
components. ​
● Determines the amount of substantive evidence that the auditor
plans to accumulate, inversely with the size of PDR. ​
● Low PDR, high evidence required.​

Engagement Risk ​- used to modify acceptable audit risk & closely relates to client business risk
Factors affecting AAR
● External users​ reliance on the statements​
● The likelihood of ​financial difficulties
○ The auditor believe the ​chance of financial failure/loss is high & a corresponding
increase in engagement risk occurs, ​AAR should be reduced
● ​Management’s integrity​
Factors affecting IR
- Nature of client’s business
- Likelihood of obsolete inventory
- Audit experience
- Likelihood of recurring misstatements which found in the previous audit
- Culture
- Set a high IR for a new client
- Related parties
- Greater likelihood of misstatement from related parties transaction = increase in
IR
- Non-routine transactions
- Transactions that are unusual for a client are more likely to incorrectly recorded
than routine transactions because the client often lacks experience recording
them
- Understanding the client’s business & reviewing minutes of meeting will trigger
non-routine transactions
- Judgement required to correctly record amount balances & transactions
- Factors related to fraudulent financial reporting & misappropriation of asset
- Management’s lacks of integrity that motivated to misstate financial statements
CHAPTER 10 AUDITS OF INTERNAL CONTROL & CONTROL RISK

Internal Control Objectives ​- broad objectives in designing an effective ICO

- Compliance with laws & regulations
- Reliability of financial reporting
- Efficiency/effectiveness of operations

Management’s Responsibilities for Internal Control

● Establish and maintain the entity’s internal control.
● Design and implement on internal controls based on 2 key underlying concepts:
Ø ​Reasonable assurance
A company should develop internal controls that provide reasonable, but not absolute,
assurance that the financial statements are fairly stated.
Ø ​Inherent limitation
The effectiveness of internal control depends on the competency and dependability of
the people using it.
● Required to publicly report on the operating effectiveness of these controls.

Auditor’s Responsibilities for Internal Control

● Understand and test on the entity’s internal controls.
● “The auditor must obtain a sufficient understanding of the entity and its environment,
including its internal control, to assess the risk of material misstatements of the financial
statements whether due to error or fraud and design the nature, timing and extent of
further audit procedures”
● 2 primary concerns:
Ø ​Controls over the reliability of financial reporting
● This is an auditor’s primary concern.
● Financial statements are not likely to correctly reflect GAAP of IFRS if internal
controls over financial reporting are inadequate.
● However, auditors should not ignore controls affecting internal management
information such as budgets and internal performance reports.
- Management’s sources to run the business
- Audit evidence whether the financial statements are fairly presented
Ø ​Controls over classes of transactions
● Auditors emphasize internal control over classes of transactions rather than
account balances.
● This is because the accuracy of accounting system outputs (account balances)
depends heavily on the accuracy of inputs & processing (transactions).
● Auditors are primarily concerned with the transaction-related audit objectives
when assessing internal controls over financial reporting.
Components of Internal Control
Components
Control Environment
• Actions, policies and procedures that
reflect the overall attitude of top
management, directors and owners of an
entity about internal control and its
importance.
•The BOD and management establish the
tone at the top regarding the importance
of internal control.
Sub-components =
Integrity & Ethical Values
•The product of the entity’s ethical and behavioral
standards.
•Communicated within the organization and
reinforced in practice.
Commitment to Competent
•The knowledge and skills necessary to
accomplish tasks that define an individual's job.
Board of Director/Audit Committee
Participation
•An effective board of directors is independent of
management, and its members stay involved in
and scrutinize management’s activities.
•Active roles – can reduce the likelihood that
management overrides existing controls.
•Directors must regularly assess internal controls.
•Audit committee is charged with oversight
responsibility for financial reporting.
•The Audit Committee is responsible for matters
related to internal audit functions and external
auditor (i.e. fee, services, etc.)
Management’s Philosophy & Operating Style
•Management’s activities provide clear signals to
employees about the importance of internal
control.
•Understanding of management’s philosophy and
operating style gives the auditor a sense of
management’s attitude about internal control.
Organizational Structure
•The structure defines the existing lines of
responsibility and authority.
•The auditor can learn the management and
functional elements of the business and perceive
how controls are implemented.
Human Resource Policies & Practices
•Quality of employee - competent and trustworthy
•HR matters – hiring, evaluation, training,
promotion and compensation
Risk Assessment
•Management’s identification and
analysis of risks relevant to the
preparation of financial statements in
accordance with appropriate accounting
frameworks such as GAAP/IFRS.
•Management assesses risks as a part of
designing and operating internal controls
to minimize errors and fraud.
•In contrast, auditors assess risks to
decide the evidence needed in the audit.
Control Activities
•Policies and procedures that
management has established to meet its
objectives for financial reporting.
Types of control activities =
1. Identify a risk
2. Estimate the significant of the risk
3. Assess the likelihood of the risk occurring
4. Develop specific actions to reduce the risk
an acceptable level
Adequate separation of duties
1-Separation of the custody of assets from
accounting
•To protect a company from embezzlement.
•A person who has temporary or permanent
custody of an asset should not account for that
asset.
2-Separation of the authorization of transactions
from the custody of related assets
•To prevent persons who authorize transactions
from having control over the related assets.
•To reduce the likelihood of embezzlement.
3-Separation of operational responsibility from
record-keeping responsibility
•To ensure unbiased information.
•Record keeping is typically the responsibility of a
separate department reporting to the controller.
4-Separation of IT duties from user departments
•The computer plays a significant role in the
authorization and record keeping of companies’
transactions
•To compensate for potential overlaps of duties, it
is important for companies to separate major
IT-related functions from key user department
functions.
Proper authorization of transactions &
activities
•Every transaction must be properly authorized if
controls are to be satisfactory.
•Authorization vs. Approval
General Authorization
•Management establishes policies and
subordinates are instructed to implement these
general authorizations by approving all
transactions within the limits set by the policy.
Specific Authorization
•Applies to individual transactions.
Authorization - a policy decision for either a
general class of transactions or specific
transactions.
Approval - The implementation of management’s
general authorization decision.

Adequate documents & records

•The records upon which transactions are entered
and summarized, either in electronic or paper
formats.
•Adequate documents are essential for correct
recording of transactions and control of assets.
•Documents and records should be:
Ø ​Pre-numbered ​consecutively to facilitate
control over missing documents and records and
as an aid in locating them when they are needed
at a later date.
Ø Pre-numbered documents and records are
important for the completeness
transaction-related audit objective.
Ø ​Prepared at the time a transaction takes
place​, or as soon as possible, thus to minimize
timing errors.
Ø Designed for multiple use, when possible, to
minimize the number of different forms.
Ø ​Constructed in a manner that encourages
correct preparation.
Ø This can be done by providing internal checks
within the form or record.

Physical control over assets & records

•To maintain adequate internal control, assets
and records must be protected.
•Assets and records can be stolen, damaged,
altered or lost if left unprotected or not adequately
protected.
•Negative impacts: interrupt the accounting
process and business operations & costly or even
impossible to reconstruct
•Physical precautions are used as protective
measures to safeguard assets and records.

Independent checks on performance

•It is the careful and continuous review or internal
verification of the 4 types of control activities.
•It is needed because internal controls tend to
change over time.
•Personnel are likely to forget or intentionally fail
to follow procedures, or may become careless
unless someone observes and evaluates their
performance.
•Independent personnel is responsible for internal
verification procedures, i.e. not the one who
prepared the data.
•Computerized accounting systems can be
designed so that many internal verification
procedures can be automated as part of the
system.
CHAPTER 11 FRAUD AUDITING

Types of fraud ​- management fraud

+ Fraudulent financial reporting
● An intentional misstatement/omission of amounts/disclosures with the intent to deceive
users
● Most cases involve an attempt to overstate income either by overstatement of assets &
income/by omission of liabilities & expenses
● Earnings management involves deliberate actions taken by management to meet
earnings objectives
● Income smoothing is a form of earnings management in which revenues & expenses are
shifted between periods to reduce fluctuations in earnings
● Technique - cookies jar accounting, big bath accounting, changing accounting method
+ Misappropriation of assets
● Fraud that involves theft of an entity’s assets
● The theft of company assets is often a management concern regardless of the
materiality of the amounts involved. Small thefts can easily increase in size over time
● Normally perpetrated at lower levels of the organization hierarchy

The Fraud Triangle

Condition Explanation

Incentives/Pressures ● A decline in the company’s financial prospects.

● A decline in earnings may threaten the company’s ability to
obtain financing.
● To meet analyst’s forecasts/benchmarks such as prior-year
earnings.
● To meet debt covenant restrictions.
● To artificially inflate stock prices.

Opportunities ● Significant judgments and estimates are involved.

● i.e. valuation of inventories is subject to greater risk of
misstatements for companies with diverse inventories in
many locations.
● The risk of misstatement is further increased if those
inventories are at risk for obsolescence.

Attitudes/ ● The attitude of top management toward FS is a critical risk

Rationalization factor in assessing the likelihood of fraudulent FS.
● High likelihood of fraudulent FS if:
The CEO or other top managers display a significant disregard for
the financial reporting process such as consistently issuing overly
optimistic forecasts.
They are overly concerned about meeting analysts’ earnings
forecast.
● Management’s character or ethical values also may
rationalize their fraudulent act.
CHAPTER 13 OVERALL AUDIT PLAN & AUDIT PROGRAM

Types of Audit Tests

= Further Audit Procedures & the Audit Risk Model
AAR
IR × CR = P DR
Tests of + Substantiv + Analytical + Tests of = Sufficient
control e tests of procedures details of appropriate
transactio balances evidence per
ns GASS