Академический Документы
Профессиональный Документы
Культура Документы
Definition of auditing
Auditing is the accumulation and evaluation of evidence
about information to determine and report on the degree of
correspondence between the information and established
criteria. Auditing should be done by a competent,
independent person who observes due professional care.
Chapters 1 & 2
We realize the following from the above
definition:
The auditor's final result is to judge the degree of
correspondence between the information and
established criteria. The information is mainly
the financial statements and their related notes.
Established criteria are the accounting
standards used, such as International Financial
Reporting Standards (IFRS) or US GAAP.
Quality control:
This means methods used to ensure that the audit firm meets its
professional responsibilities to clients and others. Main issues a
quality control program contains include:
Leadership responsibilities for quality within the firm.
Compliance with relevant ethical requirements.
Policies and procedures for acceptance and continuation of clients
and engagements.
Policies and procedures for human resources.
Policies and procedures for engagement performance.
Policies and procedures for monitoring effective application of other
quality control elements.
See table 2-4 page 60 for additional detail on quality control issues.
Chapter 3
Audit reports
Scope restriction
Scope restriction means that the auditor, after
fulfilling his professional responsibilities and due
professional care, cannot judge part of the
financial statements as to whether or not it
contains material misstatements. Scope
restriction may be imposed by the client or be a
result of the circumstances of the audit.
If the scope restriction is immaterial the auditor
issues a standard unqualified opinion. He does
not mention the scope restriction in his report.
Persuasiveness of evidence:
2- Confirmation:
3- Inspection:
This is the auditor's inspection of the client's documents and
records to substantiate the information that is, or should be,
included in the financial statements. There are too many
documents available for testing, and the auditor tests the
document itself and its relation to recorded figures and accounts.
Internal documents (those that have been prepared by the client
and never leaving the client) are considered less reliable than
external documents (those that have been prepared by the client
but seen by at least one external party, or have been prepared by
an external party).
5- Observation:
7- Analytical procedures:
Corroboration of evidence
In many cases, the use of one of the above audit
evidence types alone is not enough. Therefore, a piece
of evidence collected from a source is later checked by
collecting information related to it from other sources.
This may either confirm the previous information (if
results and conclusions are similar) or question it (if
results and conclusions are different).
Cost of evidence
As an audit firm aims for profit, it is
expected for it to try to cut cost. This is
considered acceptable as long as the
auditor does not compromise the quality of
the audit and the fulfillment of his
professional and legal responsibilities.
Audit documentation
Audit documentation is the principal
record of auditing procedures applied,
evidence obtained, and conclusions
reached by the auditor in conducting the
audit.
The ownership of audit working papers rests with the audit firm, but
rules of confidentiality apply as there are client secrets in the
working papers.
Risk
The audit function includes some risk or uncertainty. A
popular method of dealing with risk is called the audit
risk model, which can be summarised as:
AAR = IR * CR * PDR
Where AAR stands for acceptable audit risk, IR for inherent
risk, CR for control risk, and PDR for planned detection
risk.
A- Size: In general, the larger the client's size, the more widely its
financial statements are used by external parties.
B- Distribution of ownership: The financial statements of publicly held
companies (especially when there are many small shareholders) are
generally more widely used by external parties than those of closely
held companies, such as those with a small number of large
investors, those with family ownership, or partnerships.
C- Nature and amount of liabilities: The more the client's liabilities are,
the more likely its financial statements will be used by external
creditors, such as banks, bondholders, and trade creditors.
Control environment
The control environment consists of the actions, policies,
and procedures that reflect the overall attitudes of top
management, directors, and owners of an entity about
internal control and its importance to the entity. It has
several subcomponents:
1- Integrity and ethical values: Such as managements
actions to remove or reduce incentives and temptations
that might prompt personnel to engage in dishonest,
illegal, or unethical acts. It also includes communicating
entity values and behavioral standards to employees
through policy statements, codes of conduct, and by
example.
Risk assessment
Risk assessment for financial reporting is
managements identification and analysis
of risks relevant to the preparation of
financial statements in conformity with
accounting standards. It is important to
evaluate the significance of the risk and its
likelihood of occurrence, and decide the
actions needed to address the risks.
Control activities
Control activities are policies and procedures
that help ensure that necessary actions are
taken to address risks facing the achievement of
the entitys objectives. They generally fall into
five categories:
Adequate separation of duties: Such as separation of
the duties of custody of assets and accounting,
authorization of actions and custody of related assets,
operational responsibility and record-keeping
responsibility, and information technology duties and
user departments.
Monitoring
Monitoring activities deal with ongoing or
periodic assessment of the quality of internal
control by management to determine that
controls are operating as intended and that they
are modified as appropriate for changes in
conditions. Several sources of information are
used here, including studies of existing internal
controls, internal auditor reports, exception
reporting on control activities, reports by
regulators, feedback from operating personnel,
and complaints from customers.
Tests of controls
If the auditor decides to consider relying on the
internal controls of the client (the assessed
control risk is low or medium), he has to test the
controls in order to justify the previously made
assessment of control risk. If the results of the
tests of controls supports the previous
assessment of control risk, then they can be
used to reduce substantive testing evidence
collection. If not, the previous assessment of
control risk is to be reconsidered.
Types of fraud
Types of tests
In developing an overall audit plan, auditors use five
types of tests to determine whether financial statements
are fairly stated. Auditors use risk assessment
procedures to assess the risk of material misstatements.
The other four types of tests represent further audit
procedures performed in response to the risk identified.
Each audit procedure falls into one, and sometimes
more than one, of these five categories. The five types of
audit tests are:
This is to
communicate auditor responsibilities in the audit of financial
statements
provide an overview of the scope and timing of the audit
provide those charged with governance with significant findings
arising during the audit.
Obtain from those charged with governance information relevant to
the audit.
Also, the auditor writes to the client about his recommendations about
any part of the clients business.