This Document Contains Chapters 5 to 7 Chapter 5 Evidence And Documentation Answers to Review Questions 5-1 Auditors typically divide the financial statements into components or segments in order to make the audit more manageable. A component can be a financial statement account or a business (transaction cycle) process. This approach allows the auditor to gather evidence by examining the processing of related transactions through the accounting system from their origin to their ultimate disposition in the accounting journals and ledgers. Thus, the auditor can examine an accounting transaction from the time it is initiated by the entity until its final recording in the financial statement accounts. 5-2 The financial statements contain management's assertions about the various financial statement components. The auditor tests management’s assertions by conducting audit procedures that provide evidence on whether each relevant assertion is supported. The results from applying audit procedures provide the evidence that supports the fair presentation of management’s assertions and the auditor's report (see Figure 5-1). 5-3 Assertions about classes of transactions and events, and related disclosures, for the period under audit: Assertion Definition Occurrence Transactions and events that have been recorded or disclosed have occurred, and such transactions and events pertain to the entity (sometimes referred to as validity). Completeness All transactions and events that should have been recorded have been recorded, and all related disclosures that should have been included in the financial statements have been included. Authorization All transactions and events have been properly authorized. Accuracy Amounts and other data relating to recorded transactions and events have been recorded appropriately, and related disclosures have been appropriately measured and described. Cutoff Transactions and events have been recorded in the correct accounting period. Classification Transactions and events have been recorded in the proper accounts. Presentation Transactions and events are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework. 5-4 This Document Contains Chapters 5 to 7 Assertions about account balances, and related disclosures, at the period end: Assertion Definition Existence Assets, liabilities, and equity interests exist. Rights and Obligations The entity holds or controls the rights to assets, and liabilities are the obligations of the entity. Completeness All assets, liabilities, and equity interests that should have been recorded have been recorded, and all related disclosures that should have been included in the financial statements have been included. Accuracy, valuation, and allocation Assets, liabilities, and equity interests have been included in the financial statements at appropriate amounts, and any resulting valuation or allocation adjustments have been appropriately recorded, and related disclosures have been appropriately measured and described. Classification Assets, liabilities, and equity interests have been recorded in the proper accounts. Presentation Assets, liabilities, and equity interests are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework. 5-5 Audit evidence is the information used by the auditor in arriving at the conclusions on which the audit opinion is based, and includes the information contained in the accounting records underlying the financial statements and other information. Accounting records include the records of initial entries and supporting records, such as checks and records of electronic fund transfers; invoices; journal entries, and other adjustments to the financial statements that are not reflected in formal journal entries; and records such as work sheets and spreadsheets supporting cost allocations, computations, reconciliations, and disclosures. Many times, the entries in the accounting records are initiated, recorded, processed, and reported in electronic form. Other information is audit evidence that includes minutes of meetings; confirmations from third parties; industry analysts’ reports; comparable data about competitors (benchmarking); controls manuals; information obtained by the auditor from such audit procedures as inquiry, observation, and inspection; and other information developed by, or available to, the auditor that permits the auditor to reach conclusions through valid reasoning. 5-6 Audit evidence is usually persuasive rather than convincing for two reasons. First, since an audit must be completed in a reasonable amount of time and at a reasonable cost, the auditor examines only a sample of the transactions that compose the class of transactions or account balance. Second, due to the nature of evidence, auditors must often rely on evidence that is not perfectly reliable. The types of audit evidence examined by the auditor have different degrees of reliability, and even highly reliable evidence has weaknesses. Therefore, the evidence obtained by the auditor seldom provides absolutely convincing evidence about an audit objective. 5-7 The types of audit procedures and their definitions are: (1) Inspection of records or documents consists of examining internal and external records or documents that are in paper form, electronic form, or other media. (2) Inspection of tangible assets consists of physical examination of tangible assets. (3) Observation consists of watching a process or procedure being performed by others. (4) Inquiry consists of seeking information of knowledgeable persons, both financial and nonfinancial, within the entity or outside the entity. (5) Confirmation represents audit evidence obtained by the auditor from a third party in paper form or by electronic or other medium. (6) Recalculation consists of checking the mathematical accuracy of documents and records either manually or electronically. (7) Reperformance is the auditor's independent execution of procedures or controls that were originally performed as part of the entity's internal control, either manually or through the use of CAATs. (8) Analytical procedures consist of evaluations of financial information through analysis of plausible relationships among both financial and nonfinancial data. (9) Scanning is the review of accounting data to identify significant or unusual items. 5-8 Vouching refers to first selecting an item for testing from the accounting journals or ledgers and then examining the underlying source document. Thus, the direction of testing is from the journals or ledgers back to the source documents. Vouching provides evidence that items included in the accounting journals or ledgers have occurred (are valid). Tracing refers to first selecting an accounting transaction (a source document) and then following it into the journal or ledger. The direction of testing in this case is from the source documents to the journals or ledgers and tests whether transactions that occurred are recorded (completeness) in the accounting records. 5-9 Corroborating evidence is obtained for inquiry and for observation because these audit procedures typically are not from independent sources and therefore are not considered to be highly reliable. For example, the auditor might follow up on the client's responses concerning the internal controls over the raw-material storeroom by conducting tests of the control procedures to verify their existence and effectiveness. 5-10 Inspection of tangible assets, reperformance, and recalculation are generally considered of high reliability because the auditor has direct knowledge about them. Inspection of records and documents, confirmation, analytical procedures, and scanning are generally considered to be of medium reliability. The reliability of inspection of records and documents depends primarily on whether a document is internal or external. Scanning depends on the auditor’s ability to identify anomalous items using judgment or CAATs. The form of the confirmation, prior experience with the entity, the nature of the information being confirmed, and the intended respondent affect the reliability of confirmations. The reliability of analytical procedures may be affected by the quality of the client's internal control system. Finally, inquiry and observation are generally low-reliability types of evidence since both require further corroboration by the auditor. It should be understood, however, that levels of reliability for the types of evidence should be considered as general guidelines. The reliability of the types of evidence may vary considerably across entities, and it is subject to a number of exceptions. 5-11 The "audit testing hierarchy" starts with tests of controls and substantive analytical procedures because those tests are generally both more effective and more efficient than starting with tests of details (i.e., substantive tests of transactions and substantive tests of account balances and disclosures). 5-12 Some of the buckets are larger than others because certain assertions will be more important or present bigger risks for some accounts than for others. For instance, existence (or validity) is typically more important for accounts receivable than it is for accounts payable. After the auditor has determined the risks associated with the assertions for an account balance, s/he can determine the size of the assurance buckets (i.e., how much assurance is needed) and then begin filling the buckets by applying the "audit testing hierarchy." 5-13 It is important that the audit documentation or working papers be organized or indexed in such a way that members of the audit team or firm can find relevant audit evidence. When the auditor performs audit work on one working paper and supporting information is obtained from another working paper, the auditor cross-references the information on each working paper. This process of indexing and cross-referencing provides a trail from the financial statements to the individual working papers that can be easily followed by members of the audit team or firm. Today, “linking” the information using electronic working papers facilitates much of this cross-referencing. 5-14 The quality of an expectation is referred to as the precision of the expectation. Precision is a measure of the potential effectiveness of an analytical procedure; it represents the degree of reliance that can be placed on the procedure. Precision is a measure of how closely the expectation approximates the unknown “correct” amount. The degree of desired precision will differ with the specific purpose of the analytical procedure. The precision of the expectation is a function of the materiality and required detection risk for the assertion being tested. If the assertion being tested requires a low level of detection risk, the expectation needs to be very precise. However, the more precise the expectation, the more extensive and expensive are the audit procedures used to develop the expectation, resulting in a cost/benefit trade-off. The second step in the substantive analytical procedures decision process is to define or calculate a tolerable difference. Since the expectation developed by the auditor will rarely be identical to the client's recorded amount, the auditor must decide the amount of difference that would require further investigation. The size of the tolerable difference depends on the significance of the account, the desired degree of reliance on the analytical procedure, the level of disaggregation in the amount being tested, and the precision of the expectation. Auditors often use rules of thumb such as, “tolerable difference is 10% of the predicted amount.” 5-15 Explanations for significant differences observed for substantive analytical procedures must be followed up and resolved through quantification, corroboration, and evaluation. Quantification: Quantification involves determining whether the explanation or error can explain the observed difference. This may require the recalculation of the expectation after considering the additional information. For example, a client may offer the explanation that the inventory account increased by a certain percentage as compared to the prior year due to a 12 percent increase in raw materials prices. The auditor should compute the effects of the raw materials price increase and determine the extent to which the price increase explains (or does not explain) the increase in the inventory account. Corroboration: Auditors must corroborate explanations for unexpected differences by obtaining sufficient competent audit evidence linking the explanation to the difference and substantiating that the information supporting the explanation is reliable. This evidence should be of the same quality as the evidence obtained to support tests of details. Common corroborating procedures include examination of supporting evidence, inquiries of independent persons, and evaluating evidence obtained from other auditing procedures. Evaluation: Evaluation involves the effective use of professional skepticism, combined with the desire to obtain sufficient appropriate audit evidence, similar to other auditing procedures. The auditor should evaluate the results of the substantive analytical procedures to conclude whether the desired level of assurance has been achieved. If the auditor obtains evidence that a misstatement exists and can be sufficiently quantified, the auditor makes note of his or her proposed adjustment to the client’s financial statements. 5-16 There are four categories of financial ratios discussed in the text: short-term liquidity ratios, activity ratios, profitability ratios, and coverage ratios. Short-term liquidity ratios are indicators of the entity's ability to meet its current obligations when they become due. Activity ratios indicate how effectively the entity's assets are managed. Profitability ratios are indicators of the entity's success or failure for a given period. Coverage ratios provide information on the long-term solvency of the entity, including the ability of the entity to continue as a going concern. Answers to Multiple-Choice Questions 5-17 b 5-24 b 5-18 c 5-25 c 5-19 b 5-26 d 5-20 b 5-27 a 5-21 a 5-28 c 5-22 b 5-29 c 5-23 b Solutions to Problems 5-30 a. 4 b. 3 c. 1 d. 2 5-31 a. Fictitious revenue. Revenue recorded, goods not shipped, or services not performed. b. Goods shipped or services performed, revenue not recorded. c. Goods shipped or services performed for a customer who is a bad credit risk. Shipments made or services performed at unauthorized prices or on unauthorized terms. d. Revenue transaction recorded at an incorrect dollar amount. Revenue transactions not posted correctly to the sales journal or customers’ accounts in accounts receivable subsidiary ledger. Amounts from sales journal not posted correctly to general ledger. e. Revenue transactions recorded in the wrong period. f. Revenue transaction not properly classified as revenue (i.e. improperly recorded as other income or as an offset to expenses). g. Revenue transactions not properly presented and disclosed. 5-32 a. 5 g. 3 b. 1 h. 7 c. 1/7 i. 5 d. 4 j. 1/7 e. 8 k. 9 f. 2 5-33 Category of Assertion Assertion a. Assertions about account balances Existence b. Assertions about classes of transactions and events Cutoff c. Assertions about account balances Completeness d. Assertions about account balances Accuracy, valuation, and allocation e. Assertions about account balances Accuracy, valuation, and allocation f. Assertions about account balances Existence g. Assertions about account balances Completeness/Existence h. Assertions about account balances Completeness/Existence i. Assertions about account balances Accuracy, valuation, and allocation/Completeness j. Assertions about classes of transactions and events Accuracy k. Assertions about account balances Accuracy, valuation, and allocation 5-34 a. The bank confirmation would be considered more reliable than the observation of segregation of duties because an independent external party provided the information. Observation is not as reliable because the individuals performing the functions may act differently when someone is observing them. b. The auditor's recalculation of depreciation is more reliable than the examination of the raw material requisitions because the auditor has direct personal knowledge of the outcome. c. The bank statement would be considered more reliable than shipping documents because the bank statement was prepared by an entity that is external to the client. d. The examination of the common stock certificates would generally be considered more reliable than a physical examination of inventory components for a personal computer because the stock certificates are prepared by an entity external to the client. Additionally, the auditor may not be able to easily determine the quality or value of the computer components. 5-35 a. Type b. Reliability 1. Internal 1. High if internal control is excellent, moderate to low otherwise. 2. Internal 2. High if internal control is excellent, moderate to low otherwise. 3. External 3. High because it comes from an external party. 4. External 4. High to moderate because the document has been circulated to a party outside the entity. 5. External 5. High because it comes from an external party. 6. Internal 6. High if internal control is excellent, moderate to low otherwise. 7. Internal 7. High if internal control is excellent, moderate to low otherwise. 8. Internal 8. High if internal control is excellent, moderate to low otherwise. 9. Internal 9. High to moderate because the document has been circulated to a party outside the entity. 10. External 10. High because it comes from an external party. 5-36 a. The reliability of evidence obtained through confirmations is directly affected by factors such as: • The form of the confirmation. • Prior experience with the entity. • The nature of the information being confirmed. • The intended respondent. There are two types of confirmation requests: the positive form and the negative form. Positive confirmations are generally considered more reliable because the respondent must reply to the requested information. A nonresponse to a negative confirmation is assumed to be correct. Prior experience with the client in terms of confirmation response rates, misstatements identified, and the accuracy of returned confirmations should be considered when assessing the reliability of confirmations. If response rates were low in prior audits, the auditor might consider obtaining evidence using alternative procedures. The nature and availability of the information being confirmed may directly affect the competence of the evidence obtained. The intended respondent to confirmations may vary from individuals with little accounting knowledge to highly qualified accounting personnel in large corporations. The auditor should consider the respondent's competence, knowledge, ability, and objectivity when assessing the reliability of confirmation requests. b. This is a difficult question, but one that is worth discussing with the students, at least preliminarily. AU 500 indicates that even when audit evidence is obtained from sources external to the entity, circumstances may exist that affect its reliability. All responses carry some risk of interception, alteration, or fraud. The auditor's consideration of the reliability of the information obtained through the confirmation process to be used as audit evidence includes consideration of the risks that (a) the information obtained may not be from an authentic source, (b) a respondent may not be knowledgeable about the information to be confirmed, and (c) the integrity of the information may have been compromised. One of the most important steps is to ensure that the confirmation process is adequately controlled. The auditor is required by AU 500 to determine whether to modify or add procedures to resolve doubts over the reliability of information to be used as audit evidence. The auditor may choose to verify the source and contents of a response to a confirmation request by contacting the confirming party. c. The following amounts or information included in EarthWear's financial statements could be confirmed. The source of the confirmation is also included. Amounts or Information Confirmed Source of Confirmation Cash balances Banks Accounts receivable Individual customers Lines of credit Banks Accounts payable Individual vendors Lease assets Leaseholders Common stock outstanding Registrar/Transfer agent Insurance coverage Insurance company 5-37 a. Auditing standards stipulate that working papers have two functions: (1) to provide principal support for the representation in the auditor’s report that the audit was conducted in accordance with GAAS and (2) to aid in the planning, performance, and supervision of the audit. b. The more common types of working papers include the audit plan and programs, working trial balance, adjusting and reclassification entries, account analysis and listings, and audit memoranda. c. The auditor should consider the following factors when determining the form and extent of the documentation for a particular audit area or auditing procedure: • The size and complexity of the entity. • The nature of the audit procedures to be performed. • Identified risks of material misstatement. • The significance of the audit evidence obtained. • The nature and extent of exceptions identified. • The need to document a conclusion or the basis for a conclusion not readily determinable from the documentation of the work performed or audit evidence obtained. • The audit methodology and tools used. • The extent of judgment involved in performing the work and evaluating the results. 5-38 a. The calculation of the expectation for the reserve for returns account can be made as follows: Months Monthly Sales (in 000s) Historical Return Rate Estimated Returns July $ 73,300,000 0.004 $ 293,200 August 82,800,000 0.006 496,800 September 93,500,000 0.010 935,000 October 110,200,000 0.015 1,653,000 November 158,200,000 0.025 3,955,000 December 202,500,000 0.032 6,480,000 $13,813,000 Gross Margin % x 0.425 Auditor expectation $ 5,870,525 b. We can establish a tolerable difference by applying a percentage (50%) to the planning materiality set for EarthWear of $1,800,000. This results in a tolerable difference of $900,000. Alternatively, the auditor might use a rule of thumb like this to determine tolerable difference for account where substantive analytics are being used: Tolerable difference will be 10% of the account balance or 50% of planning materiality, whichever is less. c. The expectation of $5,870,525 is approximately $20,000 less than the book value of $5,890,000. Since this amount is less than the tolerable difference of $900,000 (and also less than 10% of the account balance if the auditor used a lower tolerable difference), the analytical procedure supports the fair presentation of the reserve for returns account. d. If the difference between the auditor’s expectation and the book value is greater than the tolerable misstatement, the auditor should consider performing the following audit procedures: • Review the general journal and general ledger for any unusual entries. • Reevaluate the historical return rates. • Reevaluate the gross profit margin. • Ask the client to adjust the books. 5-39 The issues and potential risks listed below are based on a real-world situation involving a liquidity crisis and a pending bankruptcy. Because the solution below includes the benefits of the Home Depot insights it is likely to be more complete than answers provided by students. 1. Quick Ratio a. The quick ratio presents a good picture of the client’s liquidity position. A quick ratio greater than 1.0 generally indicates that the entity’s liquid assets are sufficient to meet the cash requirements for paying current liabilities. Home Improvement’s quick ratio has decreased significantly over the past two years and has fallen well below the 1.0 threshold, whereas the industry’s quick ratio has been consistently increasing and above the 1.0 threshold in the last year. Home Improvement appears to be facing serious liquidity issues that are not reflected in the industry. The lack of liquidity presents many risks, including the potential inability to stay current with payments owed to vendors and creditors. A lack of liquidity also increases the risk that the company may face bankruptcy (i.e., may not be able to continue as a going concern). Liquidity pressures also increases the inherent risks on accounting measures related to debt covenants and new financing (i.e., incentive to overstate in order to avoid default and/or acquire new financing). 1: Growth. A cash crunch is not uncommon for companies going through rapid growth as appears to be the case with The Home Improvements when you consider the pattern of other ratios and trends (e.g., significant debt to equity, increase in inventory to total assets). As the client expands, it spends large amounts of cash on buying more inventory, building new stores, and incurring other significant start- up costs. The client may also add additional debt during these growth periods to help finance expansion, and this debt also requires repayment as well as interest charges. Although this cash shortage is not uncommon for growth companies, it is vital that sales increase at such a rate as to allow the client to repay future debt and meet all liabilities and/or the client have the ability to acquire additional capital to survive the cash crunch. 2: Repayment of Debt. The cash crunch in the final year could be the result of repayment of debt (perhaps due to a balloon payment). Note that debt to equity dropped significantly in the last year…indicating that either debt significantly reduced or equity significantly increased. Given the pattern in this case, the former seems more likely. 2. Days of Inventory on Hand a. This ratio, which is computed as 365 days divided by the inventory turnover, represents how much inventory the entity has on hand to sell to customers. The higher the ratio, the slower the inventory turns and the less able the client is to liquidate inventory and avoid inventory obsolescence. Although the client’s ratio is not much worse than the industry average, the last several years show a large increase, which may represent increasing difficulty in selling its products. This increasing ratio represents an increasing risk of inventory obsolescence and the potential that inventory is being carried at an amount in excess of its market value. b. As the client has grown, it may be that it has established a strategy of maintaining a large volume of inventory on hand in order to meet customer demands. As such, its inventory turnover would naturally decrease. However, the lower inventory turnover may also be a result of a decreased demand for home improvement products or simply that the client has grown too quickly and has increased supply in excess of market demand. 3. Inventory/Current Assets a. This ratio sheds light on how the client is increasing inventory purchases compared to the industry average. Carrying large amounts of inventory on hand can be expensive when carrying, stocking, and storage costs are considered. As mentioned previously, when large amounts of inventory are stored on hand, the risk of inventory obsolescence increases, as does the risk that the client may be poorly investing cash in such a way that materially decreases necessary operating liquidity. Inventory as a percent of current assets has skyrocketed over the past two years, especially when compared to industry averages and deserves further attention indicating that inventory will be an account that should be considered high risk by the auditor. b. This ratio highlights the fact that the client is dramatically increasing inventory purchases to stock new stores and expand rapidly. Although necessary for growth, this increase in inventory can also be dangerous if sales do not support the expansion. 4. Return on Assets (ROA) a. This ratio indicates the return earned on the resources invested by both the stockholders and the creditors. As such, when this ratio dips below the industry average it indicates that the company is not generating as high a return as its competitors and may represent going concern issues. Additionally, if the client feels pressured to keep its ROA higher through higher earnings, the client may engage in earnings management or fraud. ROA over the past three years are quite a bit lower than the earlier years and are quite a bit lower than the industry average and as such deserve further investigation to determine underlying causes and related financial statement risks. b. As a growing company, and as shown in other ratios, the client has spent considerable amounts of money expanding its business, including the build-up in inventory, which increases the denominator (Total Assets). At the same time, the company may be experiencing lower profit margins (as they attempt to liquidate inventory at lower prices) and lower net earnings due to higher expenses related to expansion. These factors reduce Net Income, which also reduces ROA. The high amounts of debt to fund expansion also result in higher interest expense, further lowering earnings. 5. Debt to Equity Ratio a. This ratio indicates what portion of an entity’s capital comes from debt. The lower the ratio, the less debt pressure on the entity. The client’s debt has increased dramatically over the last three years and although the ratio drops in the final year in the table, it is still higher than the earliest years as well as the industry ratio over the same timeframe. The fact that the client’s ratio is significantly above the industry average indicates that the client may be too highly leveraged and may not be able to meet its debt obligations on a long-term basis, which increases the risk that the client is a viable going concern. As the amount of debt increases, so does the pressure to meet potentially restrictive debt covenants, putting pressure on the client to be aggressive or even fraudulent in financial statement reports. b. As a growth company, the client has understandably sought out debt as a way to finance its expansion. However, this debt has increased at an alarming rate. As the client has experienced lower than expected earnings, its stock price may have dropped to the point that raising capital through a public offering may have been ineffective and thus debt may have been the client’s only avenue for additional financing. NOTE: The data used in this problem are based on Home Depot and its industry between 1982 and 1986. Founded in 1978, Home Depot quickly became a major player in its industry. Because of its success, Home Depot sought to rapidly expand during the early 1980’s. Unfortunately, Home Depot tried to expand too quickly. It acquired millions of dollars in debt to purchase large amounts of PP&E and inventory for new stores, but sales did not keep pace with the rapid expansion in assets and debt. As a result, Home Depot had serious cash shortages to the extent that it was having trouble financing operations. Home Depot was forced to restructure its debt and strategy for growth. On the verge of bankruptcy, Home Depot was able to orchestrate a miraculous turnaround and ultimately returned to profitability. Solution to Discussion Cases 5-40 Part I a. Because of the large increase in sales, both in general and abroad, the auditor primarily would be concerned with occurrence of sales transactions. b. For the same reason given in part a, the auditor would be concerned with the existence of the accounts receivable. In addition, because there is some evidence that the increase in accounts receivable is greater than the increase in sales (e.g., greater percentage increase in accounts receivable than for sales, increase in average days outstanding), the auditor also would be concerned with valuation or allocation (i.e., to what extent are the receivables collectible). c. The auditor could vouch sales and receivables. Specifically, to examine the occurrence and existence assertions, the auditor could choose a sample sales transactions and examine supporting documents, perhaps paying particular attention to the existence of a valid sales order as well as evidence that the products were shipped (i.e., shipping documents). The auditor also could confirm a sample of accounts receivable with customers, perhaps asking the customers to fill in the dollar amount that they owe as of the balance sheet date. This procedure would help verify existence or occurrence, rights and obligations, and valuation or allocation. The auditor also could prepare an aging schedule to check for the existence of a significant amount of old receivables. This procedure would be useful primarily for valuation or allocation. Part II a. The auditors could have examined documentation for sales transactions, particularly searching for valid sales orders and evidence that the products sold were shipped. The auditor also could have considered sending additional confirmations to a larger number of customers, perhaps asking the customer to fill in the dollar amounts because there is so much doubt about the accuracy of L&H’s figures. b. The confirmation responses suggest that management integrity likely is low, especially those that stated they were not a customer of L&H’s. Therefore, the auditor would be unlikely to use inquiry of the client as an audit procedure. 5-41 1. See Development of Auditors' Expectation on the following page. 2. Reported ticket revenue differs from the expectation by approximately 14 percent (($2,200,000 - $1,922,190) / $1,922,190); this difference is material and should be investigated. One explanation for the larger than expected reported ticket revenue could be that the football team performed better than expected. In addition, perhaps the weather also was better than expected. Auditors can verify ticket sales, perhaps by comparing deposits of ticket revenue with reported attendance. The auditors also could check weather conditions on game days to ascertain whether favorable weather conditions are a plausible explanation for the higher attendance. 3. In a problem such as this, analytical procedures will be most effective when accurate expectations can be developed. From the information provided in this problem, it appears that the auditors' knowledge of Western’s ticket sales is sufficient to allow them to develop a reasonable expectation. Development of Auditors' Expectation Four regular games 24,000 Total attendance Price per Total Allocation Total Fans Less free Ticket Revenue 0.7 16,800 16,300 $12 $195,600 0.2 4,800 4,800 8 38,400 0.1 2,400 2,400 5 12,000 24,000 $246,000 X4 Four normal games $984,000 Bloomington University (30% higher attendance, 20% higher ticket price) 31,200 Total attendance Price per Total Allocation Total Fans Less free Ticket Revenue 0.7 21,840 21,340 $14.40 $307,296 0.2 6,240 6,240 9.60 59,904 0.1 3,120 3,120 6.00 18,720 31,200 $385,920 Norwalk University (20% more fans, 75% box seats, 25% upper deck) Price per Total Ticket Revenue Extra fans (total): 4,800 Box 3,600 $12 $43,200 Upper 1,200 5 6,000 49,200 Normal game revenue: 246,000 $295,200 Night Games (10% higher ticket prices, 5% lower attendance) 24,000 Base attendance Tickets Less: 5% Price per Total and Free Seats Ticket Revenue 0.7 16,800 15,485 $13.20 $204,402 0.2 4,800 4,560 8.80 40,128 0.1 2,400 2,280 5.50 12,540 24,000 22,325 $257,070 Total estimated revenue for the year $1,922,190 5-42 a. The auditor can assess the reliability of the client's records for developing the allowance for return of unsold books by testing the number of books sold and the number of books returned. Taking a sample of sales by individual title and tracing them into the client’s internal records could accomplish this. This would verify the sales portion of the internal records. The book return portion of the client's records can be tested by examining a sample of receiving documents used to record the books returned by individual titles from the retail stores. If these tests indicated that the client's records were accurate, the auditor could rely on the client's records for establishing the allowance for return of unsold books. b. The return rate could be estimated for relatively new titles in a number of ways. One possibility is to use the average historical "first-year" return rate for all new titles. Another possibility is to estimate the first-year return rate by individual author. Thus, if a new title was from an author who had previously published with Bentley Bros., the author's average first-year rate could be tested and used. c. Other than average industry data, there is not likely to be much external evidence that can be gathered on returned books. It might be possible to send a confirmation to the major retail stores and ask for information on current sales activity. Some evidence might also be gathered from the "best-selling" book lists. Solution to Internet Assignment 5-43 A general search for each term using an Internet browser resulted in a long list of "hits;" most of which did not apply to the material covered in the text. The Institute of Internal Auditors' home page (www.theiia.org) contained some information related to EDI and image processing systems. Using the search function at the AICPA's home page (www.aicpa.org) identified a significant number of references to the three terms. EDI refers to the electronic exchange of data, for example, the electronic exchange of data regarding inventory requirements between a customer and a vendor. Image processing systems capture and store electronic images, usually reproductions of documents. For example, many banks and credit unions now make electronic images of cancelled checks available to their customers online. These technologies have fundamental implications for auditing, especially in terms of the quality of the electronic evidence involved in both. If important audit evidence is stored only in electronic form and controls over the integrity of the electronic records are not adequate, the auditor may not be able to gather sufficient appropriate evidence to express an unqualified opinion on the client’s financial statements. Chapter 6 Internal Control in A Financial Statement Audit Answers to Review Questions 6-1 From management's perspective, internal control provides a way to accomplish management’s stewardship or agency responsibilities. Management also needs a control system that generates reliable information for decision-making purposes. The importance of internal control to the auditor is rooted in the second standard of fieldwork. The controls that are relevant to the entity's ability to initiate, record, process, and report financial data consistent with management's assertions are the auditor's main concern. The auditor needs assurances about the reliability of the data generated within the entity's internal control system in terms of how it affects the fairness of the financial statements and how well the assets and records of the entity are safeguarded. The auditor uses this understanding of internal control to identify the types of potential misstatements, ascertain factors that affect the risk of material misstatement, and design tests of controls and substantive procedures. 6-2 The potential benefits and risks to an entity’s internal control from information technology include (see Table 6-1): Benefits: • Consistent application of predefined business rules and performance of complex calculations in processing large volumes of transactions or data. • Enhancement of the timeliness, availability, and accuracy of information. • Facilitation of additional analysis of information. • Enhancement of the ability to monitor the performance of the entity's activities and its policies and procedures. • Reduction in the risk that controls will be circumvented. • Enhancement of the ability to achieve effective segregation of duties by implementing security controls in applications, databases, and operating systems. Risks: • Reliance on systems or programs that inaccurately process data, process inaccurate data, or both. • Unauthorized access to data that may result in destruction of data or improper changes to data, including the recording of unauthorized or nonexistent transactions or inaccurate recording of transactions. • Unauthorized changes to data in master files. • Unauthorized changes to systems or programs. • Failure to make necessary changes to systems or programs. • Inappropriate manual intervention. • Potential loss of data. 6-3 Internal control is composed of five components: 1. Control Environment: The control environment is the set of standards, processes, and structures that provide the basis for carrying out internal control across the organization. The board of directors and senior management establish the tone at the top regarding the importance of internal control and expected standards of conduct. 2. The Entity’s Risk Assessment Process: Risk assessment involves a dynamic and iterative process for identifying and analyzing risks to achieving the entity’s objectives, thereby forming a basis for determining how risks should be managed. Management considers possible changes in the external environment and within its own business model that may impede its ability to achieve its objectives. 3. Information and Communication: Information is necessary for the entity to carry out internal control responsibilities in support of achievement of its objectives. Communication occurs both internally and externally and provides the organization with the information needed to carry out day-to-day internal control activities. Communication enables personnel to understand internal control responsibilities and their importance to the achievement of objectives and allows for upward flow of operating information to management. 4. Control Activities: Control activities are the actions established by policies and procedures to help ensure that management directives to mitigate risks to the achievement of objectives are carried out. Control activities are performed at all levels of the entity and at various stages within business processes, and over the technology environment. 5. Monitoring of Controls: Ongoing evaluations, separate evaluations, or some combination of the two are used to ascertain whether each of the five components of internal control, including controls to effect the principles within each component, are present and functioning. Findings are evaluated and deficiencies are communicated in a timely manner, with serious matters reported to senior management and to the board. 6-4 Factors that affect the control environment include (see Table 6-3): • The organization demonstrates a commitment to integrity and ethical values. • The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. • Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. • The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. • The organization holds individuals accountable for their internal control responsibilities in the pursuit of objectives. 6-5 A substantive audit strategy means that the auditor has made a decision not to rely on the entity's controls and to audit the related financial statement accounts directly. Control risk is set at the maximum when a substantive audit strategy is followed. With a reliance strategy, the auditor relies on the entity's controls and sets control risk below the maximum. A reliance strategy requires a more detailed understanding and documentation of internal control than does a substantive strategy. The auditor also plans and performs tests of controls to support the lower assessed level of control risk. 6-6 In addition to planning the audit of the financial statements, the auditor's understanding of the entity's internal control is used to (1) identify the types of potential misstatements, (2) pinpoint factors that affect the risk of material misstatement, and (3) design tests of controls and substantive procedures. 6-7 The concept of reasonable assurance recognizes that the cost of an entity's internal control system should not exceed the benefits that are expected to be derived from the system. Thus, an internal control system will not detect every error that might occur because it would be too costly to design such a system. Management override of internal control, personnel errors or mistakes, and collusion are inherent limitations of internal control. 6-8 A number of tools are available to the auditor for documenting the understanding of the internal control, including copies of the entity's procedures manuals and organizational charts, internal control questionnaires, flowcharts, and narrative descriptions. 6-9 The auditor should document the achieved level of control risk for the controls evaluated. The auditor’s assessment can be documented using a structured working paper, an internal control questionnaire, or a memorandum. 6-10 The auditor might consider conducting substantive tests at an interim date for a number of reasons. For example, the client may want the auditor to confirm accounts receivable before year-end because of demands on the client’s staff at year-end. Alternatively, the auditor may wish to conduct substantive tests at an interim date to minimize staff overtime at year-end. The auditor should consider the following factors when substantive tests are to be completed at an interim date: • The control environment and other relevant controls. • The availability of information at a later date that is necessary for the auditor’s procedures (e.g., information stored electronically for a limited period of time). • The purpose of the substantive procedure. • The assessed risk of material misstatement. • The nature of the class of transactions or account balance and relevant assertions. • The ability of the auditor to perform appropriate substantive procedures or substantive procedures combined with tests of controls to cover the remaining period in order to reduce the risk that misstatement may exist at the period-end will not be detected. When the auditor conducts substantive tests of an account at an interim date, additional substantive tests might include comparing the year-end account balance with the interim account balance, conducting some analytical procedures, and/or reviewing related journals and ledgers for large or unusual transactions during the remaining period. 6-11 For private companies, auditing standards require that the auditor report to those charged with governance (e.g., audit committee) and management any control deficiencies discovered by the auditor that are serious enough to be considered a significant deficiency or a material weakness. See Chapter 7 for the auditor’s reporting responsibility for reporting on internal control. Answers to Multiple-Choice Questions 6-12 d 6-19 b 6-13 d 6-20 b 6-14 d 6-21 d 6-15 d 6-22 c 6-16 a 6-23 d 6-17 c 6-24 b 6-18 b Solutions to Problems 6-25 a. The COSO definition is: “Internal control is designed and carried out by an entity’s board of directors, management, and other personnel to provide reasonable assurance about the achievement of the entity’s objectives in the following categories: (1) reliability, timeliness, and transparency of internal and external, nonfinancial and financial reporting; (2) effectiveness and efficiency of operations, including safeguarding of assets; and (3) compliance with applicable laws and regulations. In Chapter 7, you will find a somewhat similar definition for internal control that is included in the PCAOB’s AS 2201. b. The auditor should obtain an understanding of each of the five components of internal control in order to plan the audit. This understanding includes knowledge about the design of relevant controls and whether they have been placed in operation by the entity. The auditor uses this knowledge to (1) identify the types of potential misstatements, (2) pinpoint factors that affect the risk of material misstatement, and (3) design tests of controls and substantive procedures. c. An auditor should document the understanding of the internal control components obtained to plan the audit. The auditor should also document the assessed (achieved) level of control risk. 6-26 The control environment factors that establish, enhance, or mitigate the effectiveness of specific controls, and their components, are: Principle 1: The organization demonstrates a commitment to integrity and ethical values. The effectiveness of an entity’s controls is influenced by the integrity and ethical values of the individuals who are responsible to create, administer, and monitor the controls. Integrity and ethical values are essential elements of the control environment, affecting the design, administration, and monitoring of the other components. Integrity and ethical behavior are the product of the entity’s ethical and behavioral standards, how they are communicated, and how they are reinforced in practice. Principle 2: The board of directors demonstrates independence from management and exercises oversight of the development and performance of internal control. The board of directors and audit committee significantly influence the control consciousness of the entity. Factors that affect the effectiveness of the board and audit committee include the following: its independence from management, the experience and stature of its members, the extent of its involvement with and scrutiny of the entity's activities, the appropriateness of its actions, the degree to which difficult questions are raised and pursued with management, and its interaction with the internal and external auditors. Principle 3: Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives. The organizational structure defines how authority and responsibility are delegated and monitored. Establishing a relevant organizational structure includes considering key areas of authority and responsibility and appropriate lines of reporting. It provides a framework for planning, executing, and monitoring operations. An entity develops an organizational structure that depends on its size and the nature of its business. This principle includes how authority and responsibility for operating activities are assigned and how reporting relationships and authorization hierarchies are established. It also includes policies regarding acceptable business practices, the knowledge and experience of key personnel, and the resources provided for carrying out duties. It also includes policies and communications directed toward ensuring that all personnel understand the entity's objectives, know how their individual actions interrelate and contribute to those objectives, and recognize how and for what they will be held accountable. Principle 4: The organization demonstrates a commitment to attract, develop, and retain competent individuals in alignment with objectives. Management must specify the competence level for a particular job and translate it into the required level of knowledge and skill. Management must then hire employees who have the appropriate competence for a job. The quality of internal control is a direct function of the quality of the personnel operating the system. The entity should have personnel policies for hiring, training, evaluating, counseling, promoting, compensating, and taking remedial action. Principle 5: The organization holds individuals accountable for their internal control responsibilities in pursuit of objectives. Management and the board of directors are responsible for establishing mechanisms to communicate and hold individuals accountable for performance of internal control responsibilities across the organization and for implementing corrective action as necessary. Management and the board of directors also establish performance measures, incentives, and rewards appropriate for responsibilities at all levels of the entity, reflecting reasonable expectations for performance and standards of conduct in light of both short-term and longer-term objectives 6-27 a. The auditor should consider a reliance strategy if evidence is available only in electronic form. However, after developing an understanding of the new system, the auditor would need to test the system to determine whether it is working as intended. If the system is working effectively, the auditor is more likely to use a reliance strategy. The auditor should also consider whether the firm’s knowledge of IT systems is sufficient to allow it to use a reliance strategy; if not, a substantive strategy may be more appropriate. b. When deciding whether to hire a specialist, the auditor in this case should consider factors such as the complexity of the new system, whether the implementation of the system allows the company to engage in electronic commerce and the extent to which audit evidence is available only in electronic form. The auditor should ask the IT specialist to communicate information including how IT controls are designed and how data and transactions are initiated, recorded, processed, and reported. c. The control environment likely is not affected to a great extent by the switch to an automated system except inasmuch as the switch might signal management’s commitment to competence and willingness to improve its controls. The entity’s risk assessment is affected because the existence of an automated system creates a new set of risks, such as risks involving the design of the control system. In terms of the information system and communication, the auditor will have to verify that the new system identifies and records all valid transactions and provides information sufficient for preparing accurate and complete financial statements. Control activities are important because new controls regarding the information system will have to be designed and implemented. Monitoring of controls is important because the monitors (including the internal and external auditors) will have to have sufficient knowledge of the system to be able to effectively monitor the use of the system and its outputs. 6-28 a. The strength of using procedures manuals and organizational charts is that they help the auditor document understanding of the internal control system. The strength of a narrative description is that it provides a simple, written memorandum that documents the understanding of internal control. The strength of an internal control questionnaire is that it provides a systematic and comprehensive way to evaluate internal control. A strength of using a flowchart is that it provides a diagrammatic representation of the entity’s internal control system. This facilitates the auditor's analysis of the system's controls. b. On many engagements, auditors combine these tools to document their understanding of the components of internal control. The combination depends on the complexity of the entity’s internal control system. For example, in a complex information system where a large volume of transactions occurs electronically, the auditor may document the control environment, the entity’s risk assessment process, and monitoring activities using a memorandum and internal control questionnaire. Documentation of the information system and communication component, as well as control activities, may be accomplished through the use of an internal control questionnaire and a flowchart. For a small entity with a simple information system, documentation using a memorandum may be sufficient. 6-29 a. The internal auditor would have the following concerns with respect to individual entries: • The reasonableness of significant entries (e.g., manual entries in traditionally automated accounts such as inventory), • The review of the appropriateness of the individual who prepared the journal entry (e.g., senior executives or unauthorized personnel), • The review of the frequency of journal entries, particularly those that are relevant to management authorization levels, • The identification of journal entries without descriptions, and • Potentially fraudulent entries. b. The external auditor could rely on the internal audit’s work, but not to the exclusion of reperforming some of the internal audit’s work. 6-30 a. Before applying principal substantive procedures to balance sheet accounts at April 30, 2018, the interim date, Cook should assess the difficulty in controlling incremental audit risk. Cook should consider whether • Cook's experience with the reliability of the accounting records and management's integrity has been good. • Rapidly changing business conditions or circumstances may predispose General's management to misstate the financial statements in the remaining period. • The year-end balances of accounts selected for interim testing will be predictable. • General's procedures for analyzing and adjusting its interim balances and for establishing proper accounting cutoffs will be appropriate. • General's accounting system will provide sufficient information about year-end balances and transactions in the final two months of the year to permit investigation of unusual transactions, significant fluctuations, and changes in balance compositions that may occur between the interim and balance sheet dates. • The cost of the substantive tests necessary to cover the final two months of the year and provide the appropriate audit assurance at year-end is substantial. Assessing control risk at below the maximum would not be required to extend the audit conclusions from the interim date to year-end. However, if Cook assesses control risk at the maximum during the final two months, Cook should consider whether the effectiveness of the substantive tests to cover that period will be impaired. b. Cook should design the substantive procedures so that the assurance from those tests and the tests to be applied as of the interim date, and any assurance provided from the assessed level of control risk, will achieve the audit objectives at year-end. Such tests should include the comparison of year-end information with comparable interim information to identify and investigate unusual amounts. Other analytical procedures and/or substantive procedures should be performed to extend Cook's conclusions relative to the assertions tested at the interim date to the balance sheet date. 6-31 a. The following communication is the report on significant deficiencies for Houghton Enterprises: In planning and performing our audit of the financial statements of Houghton Enterprises as of and for the year ended December 31, 2018, in accordance with auditing standards generally accepted in the United States of America, we considered Houghton Enterprises’ internal control over financial reporting (internal control) as a basis for designing our auditing procedures that are appropriate in the circumstance for the purpose of expressing our opinion on the financial statements, but not for the purpose of expressing an opinion on the effectiveness of the Company’s internal control. Accordingly, we do not express an opinion on the effectiveness of the Company’s internal control. Our consideration of internal control was for the limited purpose described in the preceding paragraph and would not necessarily identify all deficiencies in internal control that might be significant deficiencies or material weaknesses. However, as discussed below, we identified certain deficiencies in internal control that we consider to be significant deficiencies. A deficiency in internal control exists when the design or operation of a control does not allow employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis. A significant deficiency is a control deficiency, or combination of control deficiencies, in internal control, which is less severe than a material weakness; yet important enough to merit attention by those responsible for oversight of the company’s financial reporting. We consider the following items are significant deficiencies: 1. Control activities for granting credit to new customers were inadequate. In particular, the Credit Department did not perform an adequate check of the creditworthiness of the customer with an outside credit agency. 2. There were not adequate physical safeguards over the Company's inventory. There were no safeguards to prevent employees from stealing high-value inventory parts. This communication is intended solely for the information and use of management, individuals charged with governance, and others within the organization and is not intended to be and should not be used by anyone other than these specified parties. b. If the second item were a material weakness, the following report would be issued: In planning and performing our audit of the financial statements of Houghton Enterprises as of and for the year ended December 31, 2018, in accordance with auditing standards generally accepted in the United States of America, we considered Houghton Enterprises’ internal control over financial reporting (internal control) as a basis for designing our auditing procedures that are appropriate in the circumstance for the purpose of expressing our opinion on the financial statements, but not for the purpose of expressing an opinion on the effectiveness of the Company’s internal control. Accordingly, we do not express an opinion on the effectiveness of the Company’s internal control. Our consideration of internal control was for the limited purpose described in the preceding paragraph and would not necessarily identify all deficiencies in internal control that might be material weaknesses or significant deficiencies. However, as discussed below, we identified certain deficiencies in internal control that we consider to be a material weakness and a significant deficiency. A deficiency in internal control exists when the design or operation of a control does not allow employees, in the normal course of performing their assigned functions, to prevent, or detect and correct, misstatements on a timely basis. A material weakness is a deficiency, or combination of deficiencies, in internal control, such that there is a reasonable possibility that material misstatement of the entity’s financial statements will not be prevented, or detected and corrected, on a timely basis. We believe that the following deficiency constitutes material weaknesses: There were not adequate physical safeguards over the Company's inventory. There were no safeguards to prevent employees from stealing high-value inventory parts. A significant deficiency is a control deficiency, or combination of control deficiencies, in internal control, which is less severe than a material weakness; yet important enough to merit attention by those responsible for oversight of the company’s financial reporting. We consider the following item to be a significant deficiency: Control activities for granting credit to new customers were inadequate. In particular, the Credit Department did not perform an adequate check of the creditworthiness of the customer with an outside credit agency. This communication is intended solely for the information and use of management, individuals charged with governance, and others within the organization and is not intended to be and should not be used by anyone other than these specified parties. Solution to Discussion Case 6-32 1. In their complaint against Koss Corporation, the SEC noted the following internal control deficiencies: • Lack of segregation of duties over disbursements and bank reconciliations. • Old and weak accounting system, leaving little audit trail and enabling post-closing entries, among other weaknesses. • Lack of documentation for journal entries. • Failure to perform monthly bank reconciliations. • Lack of required review of wire transfers prior to execution (note the distinction between a preventive policy and a preventive control). • Lack of an after-the-fact review of journal entries. • Lack of detailed review of financial information by CEO (very cursory). • Insufficient monthly analytical procedures (e.g., no monitoring of even gross margins). • Failure to change passwords on a regular basis, along with other IT security and control deficiencies. 2. Koss could have implemented a number of internal controls that might have prevented the misappropriation of assets: • The biggest improvement that Koss could have made was to establish a stronger control environment, including better oversight of and segregation of duties over accounting and financial reporting functions. The Company could have assigned someone outside of the accounting function to provide an independent check and balance on employees' integrity and to maintain a sufficiently strong control system. For example, different employees could have performed the separate duties of signing checks, processing cash receipts and cash disbursements, and maintaining the books of original entry. • Koss could have updated its computerized accounting system. • Someone outside the accounting department, such as Michael Koss as the CFO or the Vice President of Operations, review large wire transfers or the recording of payments on accounts payable when not processed through the accounts payable system. • Someone outside of accounting should have reviewed the monthly reconciliations of its bank accounts • Someone outside of accounting should periodically review documentation to support the general journal entries to verify that the corresponding transactions were being executed in accordance with Koss's accounting policies and recorded as necessary to permit preparation of financial statements in conformity with Generally Accepted Accounting Principles. • Develop an internal audit function. With a well-qualified internal audit function many of the deficiencies in internal control could have been corrected. 6-33 1. Many of the same issues found in the Koss fraud existed in the Dixon IL fraud. • Lack of segregation of duties. • Little oversight or monitoring by the part-time city administrators. • Ability to deposit funds from one account to another without approval or review. • Lack of review of bank statements and reconciliations. • It does not appear that the city had a mandatory vacation policy where someone performed Crundwell’s job. 2. There appears that a number of things went wrong on the audits conducted by Clifton, Larson, Allen, LLP (CLA). In 2005, CLA resigned from the city “audit” to take on more additional consulting work. However, it appears that they continued to provide information to the small firm (Janis Card Company, LLC) who assumed the audit. Not much information is available publicly about the quality of the audits performed by either firm. The city’s attorney has stated that a number of invoices provided to the firm were fabricated. For example, he pointed to more than 170 phony invoices created by Crundwell, supposedly from the Illinois Department of Transportation. The fake invoices are visibly different from real documents. He stated: “The invoices that she showed to Clifton auditors were palpably different. They were day and night than the true invoices from the Illinois Department of Transportation. All those are red flags that Clifton should have identified, should have followed up on and it would have simply been a two minute phone call to the Illinois Department of Transportation in Springfield,” Bruce said. Chapter 7 Auditing Internal Control Over Financial Reporting Answers to Review Questions 7-1 Following are management’s and the auditor’s responsibilities under Section 404 of the Sarbanes-Oxley Act of 2002: Management’s Responsibilities • Accept responsibility for the effectiveness of the entity's ICFR. • Evaluate the effectiveness of the entity's ICFR using suitable control criteria. • Support its evaluation with sufficient evidence, including documentation. • Present a written assessment of the effectiveness of the entity’s ICFR as of the end of the entity’s most recent fiscal year. Auditor’s Responsibilities • The auditor must plan and perform the audit to obtain reasonable assurance about whether the entity maintained, in all material respects, effective internal control as of the date specified in management's assessment. • The audit of internal control should be “integrated” with the financial statement audit, and should express an opinion on the effectiveness of the entity’s ICFR. 7-2 “Likelihood” refers to the probability that a misstatement will not be prevented or detected. For a significant deficiency or a material weakness to exist, the likelihood of such an occurrence must be either “reasonably possible” or “probable.” “Magnitude” refers to the significance that the control deficiency could have on the financial statements according to the judgment of a prudent official who considers the possibility of further, undetected, misstatements. If the auditor’s likelihood assessment is “reasonably possible” and if the magnitude of the deficiency is assessed as “significant,” then either a significant deficiency or material weakness exists depending on the magnitude of the potential effects of the deficiency on the entity’s financial statements. 7-3 All of the following controls would typically be tested (see Table 7-2): • Entity-level controls (see Table 7-1). • Controls over initiating, authorizing, recording, processing, and reporting significant accounts and disclosures and related assertions embodied in the financial statements. • Controls over the selection and application of accounting policies that are in conformity with GAAP. • Antifraud programs and controls. • Controls, including IT general controls, on which other controls are dependent. • Controls over significant nonroutine and nonsystematic transactions, such as accounts involving judgments and estimates. 7-4 Management and the auditor make similar decisions deciding which locations or business units to include for testing. Thus, the choice of which locations to include in the assessment of internal control is based on the presence of entity-level controls and the financial reporting risk at each individual location or business unit. Willis & Adams provide the following flowchart as part of its Policy Statement on Identifying Significant Business Units or Locations (see the policy statement for more details): 7-5 The SEC allows considerable flexibility to management in how it should document its assessment. Reasonable support would include the basis for management’s assessment, such as documentation of the methods and procedures it utilizes to gather and evaluate evidence. Such documentation would include the design of the controls management has placed in operation to adequately address identified financial reporting risks, including the entity-level and other pervasive elements necessary for effective ICFR. Management is not required to identify and document every control in a process. Documentation should focus on those controls management concludes are adequate to address the entity’s financial reporting risks. Such evidence for management’s assessment ordinarily includes documentation of how management formed its conclusion about the effectiveness of the company’s entity-level controls and other pervasive elements of ICFR that its control framework describes as necessary for an effective system of internal control. Yes No No No No Yes Yes Are there specific significant Yes risks? Is the location or business unit individually important? Are there locations or business units that are not important even when aggregated with others? No further action required for such units. Evaluate and test controls over specific risks. Evaluate documentation and test significant controls at each location or business unit. Are there documented company- level controls over this group? Evaluate documentation and test company-level controls over this group. Some testing of controls at individual locations or business units is required. Multi-location Testing Consideration Flowchart 7-6 The steps in the auditor’s process for an audit of ICFR include (see Figure 7-2): • Plan the audit of ICFR. • Identify controls to test using a top-down, risk-based approach. • Test the design and operating effectiveness of selected controls. • Evaluate identified control deficiencies. • Form an opinion on the effectiveness of ICFR. 7-7 (Refer to Table 3-2). The following factors can be used to judge the objectivity of the internal audit function: • Whether the organizational status of the IAF, including the function’s authority and accountability, supports the ability of the function to be free from bias, conflict of interest, or undue influence of others to override professional judgments (e.g., the IAF reports to audit committee or an officer with appropriate authority, or if the function reports to management, whether it has direct access to audit committee). • Whether the IAF is free of any conflicting responsibilities (e.g., having managerial or operational duties or responsibilities that are outside of the IAF). • Whether audit committee oversees employment decisions related to the IAF. • Whether any constraints or restrictions placed on the IAF by management or audit committee exist, for example, in communicating the IAF’s findings to the external auditor. • Whether the internal auditors are members of relevant professional bodies and their memberships obligate their compliance with relevant professional standards relating to objectivity or whether their internal policies achieve the same objectives. The competence of internal audit function can be determined by assessing the following factors: • Whether the IAF is adequately and appropriately resourced relative to the size of the entity and the nature of its operations. • Whether established policies for hiring, training, and assigning internal auditors to internal audit engagements exist. • Whether the internal auditors have adequate technical training and proficiency in auditing. (e.g., the internal auditors’ possession of a relevant professional designation and experience). • Whether the internal auditors possess the required knowledge relating to the entity’s financial reporting and the applicable financial reporting framework and whether the IAF possesses the necessary skills to perform work related to the entity’s financial statements. • Whether the internal auditors are members of relevant professional bodies that oblige them to comply with the relevant professional standards, including continuing professional development requirements. 7-8 The steps in the top-down, risk-based approach to obtaining an understanding of ICFR include: • Identify entity-level controls – Because these controls have a pervasive effect on ICFR, the auditor needs a thorough understanding of entity-level controls. The two major categories of controls included here are: (1) the control environment and (2) the period- end financial reporting process. • Identify significant accounts and disclosures and their relevant assertions - To complete this step, the auditor evaluates risk factors related to the financial statement accounts and disclosures. The risk factors include: • Size and composition of the account. • Susceptibility to misstatement due to errors or fraud. • Volume of activity, complexity, and homogeneity of the individual transactions processed through the account or reflected in the disclosure. • Nature of the account or disclosure. • Accounting and reporting complexities associated with the account or disclosure. • Exposure to losses in the account. • Possibility of significant contingent liabilities arising from the activities reflected in the account or disclosure. • Existence of related-party transactions in the account. • Changes from the prior period in account or disclosure characteristics. • Understand likely sources of misstatement – In order to complete this step, the auditor needs to do the following: • Understand the flow of transactions related to the relevant assertions. • Identify the points within the entity's processes at which a misstatement – including a misstatement due to fraud – could arise that, individually or in combination with other misstatements, would be material. • Identify the controls that management has implemented to address these potential misstatements. • Identify the controls that management has implemented over the prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could result in a material misstatement of the financial statements. • Select controls to test – Table 7-4 shows factors the auditor should consider when identifying controls to test. 7-9 The period-end financial reporting process controls include procedures used to enter transaction totals into the general ledger; initiate, authorize, record, and process journal entries in the general ledger; record recurring and nonrecurring adjustments to the annual and quarterly financial statements; and draft annual and quarterly financial statements and related disclosures. The auditor’s evaluation of the period-end financial reporting process includes the inputs, procedures performed, and outputs of the processes the company uses to produce its annual and quarterly financial statements. The auditor should also consider the extent of IT involvement in each period-end financial reporting process element, who participates from management, the number of locations involved, types of adjusting entries, and the nature and extent of the oversight of the process by appropriate parties, including management, the board of directors, and the audit committee. 7-10 Walkthroughs help the auditor to confirm his or her understanding of control design and transaction process flow, to determine whether all points at which misstatements could occur have been identified, to evaluate the effectiveness of the design of controls, and to confirm whether controls have been placed in operation. Walkthroughs typically do not provide evidence of the operating effectiveness of controls. A typical walkthrough involves observation, inquiry, and inspection of documents. 7-11 The circumstances that should be regarded as indicators of a material weakness include (see Table 7-7): • Identification of fraud, whether or not material, on the part of senior management. • Restatement of previously issued financial statements to reflect the correction of a material misstatement. • Identification by the auditor of a material misstatement of financial statements in the current period in circumstances that indicate that the misstatement would not have been detected by the company's internal control over financial reporting. • Ineffective oversight of the company's external financial reporting and internal control over financial reporting by the company's audit committee. These circumstances are “red flags” for potential problems in the control environment. Because the nature of the audit report depends on the significance of such weaknesses, the PCAOB does not want them to be overlooked. 7-12 Remediation is when an entity determines that it has a material weakness and takes steps to correct it. If management corrects a material weakness before the “as of” date, and both management and the auditor can adequately test the operating effectiveness of the control, management can assert that ICFR is effective. 7-13 AS 2201 requires that the auditor appropriately document the processes, procedures, judgments, and results relating to the audit of internal control. The auditor’s documentation must include the auditor’s understanding and evaluation of the design of each of the components of the entity's ICFR. The auditor also documents the process used to determine, and the points at which misstatements could occur within, significant accounts, disclosures, and major classes of transactions. The auditor must justify and document the extent to which he or she relied upon work performed by others. Finally, the auditor must describe the evaluation of any deficiencies discovered as well as any other findings that could result in a modification to the auditor's report. 7-14 The auditor’s unqualified opinion on the effectiveness of an entity’s internal control signifies that the entity’s internal control is designed and operating effectively in all material respects. Significant deficiencies relate to possible financial statement errors that are less than material, and therefore do not require a departure from an unqualified opinion. A serious scope limitation requires the auditor to disclaim an opinion. An adverse opinion is required if a material weakness is identified. Figure 7-4 illustrates the types of auditor’s reports and the circumstances leading to each. 7-15 The auditor will issue an adverse opinion on the effectiveness of internal control if a material weakness is identified. 7-16 If the scope of the auditor’s work is limited, the auditor may disclaim an opinion, depending on the severity of the limitation and whether or not management intentionally imposes it. 7-17 When a significant period of time has elapsed between the time period covered by the tests of controls in the service auditor's report and the date of management's assessment, additional procedures should be performed. The auditor should consider the results of relevant procedures performed by management or the auditor, how much time has passed since the service auditor's report, the significance of the activities of the service organization, whether errors have been identified in the service organization's processing, and the nature and significance of any changes in the service organization's controls. As these factors increase in significance, the need for the auditor to obtain additional evidence increases. 7-18 Generalized audit software (GAS) includes programs that allow the auditor to perform tests on computer files and databases. GAS enables auditors to conduct similar computer- assisted audit techniques in different IT environments. Custom audit software is generally written by auditors for specific audit tasks. Such programs are necessary when the entity's computer system is not compatible with the auditor's GAS or when the auditor wants to conduct some testing that may not be possible with the GAS. Some functions that can be performed by GAS are: (1) file or database access, (2) selection of transactions that meet certain criteria, (3) arithmetic functions, (4) statistical analyses, and (5) report generation. Answers to Multiple-Choice Questions 7-19 d 7-27 c 7-20 b 7-28 a 7-21 c 7-29 c 7-22 c 7-30 a 7-23 c 7-31 c 7-24 b 7-32 a 7-25 d 7-33 d 7-26 d Solutions to Problems 7-34 Control 1: Monthly Manual Reconciliation Nature, Timing, and Extent of Procedures Objective of the Test: To determine whether misstatements in accounts receivable (existence, valuation, and completeness) would be detected on a timely basis. Test the company's reconciliation control by selecting a sample of reconciliations based upon the number of accounts, the dollar value of the accounts, and the volume of transactions affecting the account. Perform the following tests on the reconciliation process: a. Make inquiries of personnel performing the control. Ask the employee performing the reconciliation the following questions: • What documentation describes the account reconciliation process? • How long have you been performing the reconciliation work? • What is the reconciliation process for resolving reconciling items? • How often are the reconciliations formally reviewed and signed off? • If significant issues or reconciliation problems are noticed, to whose attention do you bring them? • On average, how many reconciling items are there? • How are old reconciling items treated? • If need be, how is the system corrected for reconciling items? • What is the general nature of these reconciling items? • Who performs this function when you are ill or on vacation? b. Observe the employee performing the control. For nonrecurring reconciling items, observe whether each item included a clear explanation as to its nature, the action that had been taken to resolve it, and whether it had been resolved on a timely basis. c. Reperform the control for two months by inspecting the reconciliations and reperforming the reconciliation procedures. Scan through the file of all reconciliations prepared during the year and note whether they had been performed on a timely basis. d. Make inquiries of company personnel and determine that the reconciliation procedures have not changed from interim to year-end. Control 2: Daily Manual Preventive Control Nature, Timing, and Extent of Procedures Objective of the Test: To determine whether misstatements in cash (existence) and accounts payable (existence, valuation, and completeness) would be prevented on a timely basis. Test the control that a cash disbursement is made only after matching the invoice with the receiving report and purchase order. Select 25 disbursements (voucher packages) from the cash disbursement registers from January through September. Perform the following procedures: a. Examine the invoice to see if it includes the signature or initials of the accounts payable clerk, evidencing the clerk's performance of the matching control. b. Reperform the matching control corresponding to the signature by examining the invoice to determine that (a) its items matched to the receiving report and purchase order and (b) it was mathematically accurate. c. Update the testing through the end of the year by asking the accounts payable clerk whether the control was still in place and operating effectively. Perform a walkthrough of one transaction in December. Control 3: Programmed Preventive Control and Weekly Information Technology- Dependent Manual Detective Control Nature, Timing, and Extent of Procedures Objective of the Test: To determine whether misstatements in cash (existence) and accounts payable/inventory (existence, valuation, and completeness) would be prevented or detected on a timely basis. Test the programmed application control of matching the receiving report, purchase order, and invoice as well as the review and follow-up control over unmatched items. To test the programmed application control, perform the following procedures: a. Identify, through discussion with company personnel, the software used to process receipts and purchase invoices. b. Determine, through further discussion with company personnel, that they do not modify the core functionality of the software, but sometimes make personalized changes to reports to meet the changing needs of the business. c. Establish, through further discussion, that the inventory module operated the receiving functionality, including the matching of receipts to open purchase orders. d. Identify, through discussions with the entity and review of the supplier's documentation, the names, file sizes (in bytes), and locations of the executable files (programs) that operate the functionality under review. e. Identify the objectives of the programs to be tested; i.e., whether appropriate items are received (for example, match a valid purchase order), appropriate purchase invoices are posted (for example, match a valid receipt and purchase order, non-duplicate reference numbers) and unmatched items (for example, receipts, orders or invoices) are listed on the exception report. f. Determine whether the programmed control is operating effectively by performing a walkthrough in the month of July. Test the detect control and follow up on the Unmatched Items Report, by performing the following procedures in the month of July for the period January to July: a. Make inquiries of the employee who follows up on the weekly-unmatched items reports and determine why items appear on it. b. Observe the performance of the control. c. Reperform the control. d. Determine that the company had not made significant changes in its controls from interim to year-end by discussing with company personnel the procedures in place for making such changes. NOTE: In answering Problems 7-35 and 7-36, you should refer to the Audit Policy of Willis & Adams LLP as part of the EarthWear Case on Evaluating Control Deficiencies. A copy of the policy can be downloaded from the firm's web site at (www.mhhe.com/messier9e). The decision chart is included here. Box 1. Does the deficiency relate directly to the achievement of one or more financial statement assertions? Box 2. Is the likelihood of a misstatement resulting from the deficiency (or combination of deficiencies) at least reasonably possible? YES Box 3. Is the magnitude of the potential deficiency material to either the interim or annual financial statements? Box 4. Is the deficiency (or combination of deficiencies) important enough to merit attention by those responsible for oversight of the company’s financial reporting? NO NO NO Box 5. Do compensating controls exist and operate effectively at a level of precision sufficient to prevent or detect a misstatement that could be material to interim or annual financial statements? YES Deficiency NO Box 6. Would a well-informed, competent and objective individual (i.e., prudent official) conclude the deficiency is a material weakness? NO YES Significant Deficiency Material Weakness YES YES NO YES 7-35 a. Based only on these facts, this deficiency represents a significant deficiency for the following reasons: First, the deficiency satisfies Box 1 – it relates to a financial statement assertion. Second, the controls do not effectively address the detection of misstatements as evidenced by situations in which transactions that were not material were improperly recorded. Therefore, there is a reasonable possibility that a misstatement could occur. Thus, the answer to Box 2 is “yes.” In addressing Box 3, the magnitude of a financial statement misstatement resulting from this deficiency would reasonably be expected to be significant but not material because individual sales transactions are not material. Furthermore, the risk of material misstatement is limited to revenue recognition errors related to shipping terms as opposed to broader sources of error in revenue recognition. Thus, the answer to Box 3 is “no.” Because the misstatements that could occur from this deficiency are significant, the answer to Box 4 is “yes.” However, the possible misstatements are not material so the answer to Box 6 is “no,” leading to a conclusion of a significant deficiency. It should be noted that there is a compensating detective controls that operates monthly and at the end of each financial reporting period that should reduce the likelihood of a material misstatement going undetected. However, the compensating detective controls are only designed to detect material misstatements. b. Based only on these facts, this deficiency represents a material weakness for the following reasons: First, the deficiency satisfies Box 1 – it relates to a financial statement assertion. Second, the controls do not effectively address the detection of misstatements as evidenced by improper revenue recognition that has occurred. Therefore, the likelihood of material misstatements occurring is probable. Thus, the answer to Box 2 is “yes.” The answer to Box 3 is “yes” since the magnitude of a financial statement misstatement resulting from this deficiency would reasonably be expected to be material. Individual sales transactions are frequently material and gross margin can vary significantly with each transaction. The answer to Box 5 is “no” since the compensating detective controls based on a reasonableness review are ineffective. Taken together, the magnitude and likelihood of misstatement of the financial statements resulting from this internal control deficiency meet the definition of a material weakness (Box 6). c. Based on only these facts, this deficiency represents a material weakness for the following reasons: First, the deficiency satisfies Box 1 – it relates to a financial statement assertion. Second, the likelihood of material misstatement of the financial statements resulting from this internal control deficiency is reasonably possible (even assuming that the amounts were fully reserved for in the company's allowance for uncollectible accounts) due to the likelihood of material misstatement of the gross accounts receivable balance (Box 2 is answered “yes”). The magnitude of a financial statement misstatement resulting from this deficiency would reasonably be expected to be material, because the frequency of occurrence allows insignificant amounts to become material in the aggregate (Box 3 is answered “yes”). The answer to Box 5 is “yes” since there are no compensating controls present. It is concluded that a prudent official would deem this deficiency to be a material weakness (answer to Box 6 is “yes”). 7-36 a. Based only on these facts, the combination of these significant deficiencies represents a material weakness for the following reasons: First, the deficiency satisfies Box 1 – it relates to a financial statement assertion. Second, the combination of these deficiencies was evaluated as representing a reasonably possible likelihood that a misstatement could occur (Box 2 is answered “yes”). Third, the gross amount of the transactions totaled an amount greater than materiality, so Box 3 is answered “yes.” Fourth, there are no effective compensating controls, i.e., no timely reconciliations (Box 5 is answered “no”). Finally, it is likely that a prudent official would conclude that these deficiencies represent a material weakness (answer to Box 6 is “yes”). b. Based only on these facts, the auditor should determine that the combination of these significant deficiencies represents a material weakness for the following reasons: First, the deficiency satisfies Box 1 – it relates to a financial statement assertion. Second, the combination of these deficiencies was evaluated as representing a reasonably possible likelihood that a misstatement could occur (Box 2 is answered “yes”). Third, the balances of the loan accounts affected by these deficiencies have increased over the past year and are expected to increase in the future. In addition, the growth in loan balances, coupled with the combined effect of the deficiencies described, results in a reasonably possible likelihood that a material misstatement of the allowance for credit losses or interest income could occur. Thus, Box 3 is answered “yes.” Fourth, there are no effective compensating controls (Box 5 is answered “no”). Finally, it is likely that a prudent official would conclude that these deficiencies represent a material weakness (answer to Box 6 is “yes”). 7-37 (Note that these cases were taken from disclosures made by companies subject to SOX 404.) a. Case 1 would be deemed a material weakness because the company did not have proper controls over the accounting for and disclosure of derivatives that were associated with warrants. The company’s management acknowledged that it did not have the expertise within the company to properly evaluate the analysis of the warrants under ASC 815. The inability to perform such analysis by entity personnel would suggest that there is a high likelihood that a material misstatement could occur since we can assume that this financial statement account (and it related disclosures) are highly material. b. Case 2 is a material weakness because management acknowledges that its controls over the preparation of the tax provision was not adequate, and resulted in what can be assumed to be material errors. Without proper controls, there is a high likelihood that a misstatement can occur. It is also likely that the tax provision and related accounts are material to the financial statements. c. Case 3 is a material weakness for a number of reasons. First, there was a computational error in the update of the calculation of the allowance for loan losses. Second, the monitoring controls for reviewing the calculation did not identify the error in a timely manner. Finally, an error did occur and the allowance for loan losses account for a bank would be highly material. 7-38 a. The auditor must determine whether the restatements are significant or material deficiencies. If material, an adverse opinion will probably be issued, otherwise an unqualified report may be given. If the misstatement resulted in a restatement of the financial statements, the misstatement would likely be considered material. b. If other controls over financial reporting are present, the auditor may issue an unqualified opinion. However, if the deficiency carries a high risk of material misstatement, then an adverse opinion should be issued. In most cases when oversight is considered seriously deficient, an adverse opinion would be issued. c. The auditor would most likely issue an adverse opinion because of the importance of the audit committee in the control process. d. If the ineffective monitoring component is a material deficiency, then an adverse opinion should be issued. Otherwise, an unqualified opinion may be given. Because the auditor determined that an effective internal audit function was critical to effective monitoring, an adverse opinion would most likely be considered appropriate. e. The significance of financial fraud by the CFO is a material weakness and an adverse opinion should be issued. f. Depending on the amount of risk of material misstatement due to the ineffective control environment, the auditor will issue an adverse opinion or an unqualified opinion. In most cases, an ineffective control environment will result in an adverse opinion because it is considered a pervasive entity-level control. g. Given the lack of management’s concern for internal control, which can be considered a control environment issue, an adverse opinion would most likely be issued, depending on the nature and severity and the combined effect of the significant deficiencies that were left uncorrected. 7-39 a. The auditor would most likely issue an unqualified opinion on the effectiveness of internal control. Significant deficiencies do not necessitate an adverse opinion. In this case, the likelihood is extremely low that the deficiencies taken individually or together will result in a material misstatement, meaning that there is no material weakness. If the significant deficiencies remain uncorrected in future years, the auditor may conclude that management’s attitude toward internal control reflects a poor control environment and may issue an adverse opinion. b. A disclaimer of opinion on the effectiveness of internal control because the auditor has a scope limitation. The auditor must have sufficient appropriate evidence to conclude that the entity’s ICFR is effective—surmising based on partial results does not constitute a high level of assurance. c. Unqualified opinion on the effectiveness of internal control. The audit of internal control is “as of” the report date. In other words, so long as the auditor has sufficient evidence that the entity’s internal control was operating effectively as of the end of the reporting period, an unqualified opinion can be expressed. This gives management an opportunity to remediate weaknesses and avoid an adverse opinion so long as enough time is left for management to reassess and for the auditor to retest controls and obtain sufficient competent evidence that controls were effective as of the report date. d. An adverse opinion with respect to effectiveness of ICFR. The presence of a material weakness as of the report date necessitates an adverse opinion with respect to internal control. e. The auditor would most likely issue a disclaimer on the effectiveness of internal control due to a scope limitation. The auditor’s inability to collect sufficient data to assess the operating effectiveness of the control constitutes a scope limitation, and the opinion should be modified accordingly. However, after the auditor completes testing in the following year and if controls were found to be operating effectively, an interim report on the effectiveness of internal controls could be issued. f. Adverse opinion on the effectiveness of internal control. Because the significant deficiencies identified, taken together, produce a “moderately low” risk of material misstatement in the financial statements, this likelihood assessment is within the range of “reasonably possible,” and thus, this combination of deficiencies is considered a material weakness. 7-40 a. As long as the auditor agrees with company’s assessment of controls, an unqualified report can be issued. However, AS5 indicates that controls must operate for a sufficient time period to accommodate management and auditor testing. This does not appear to be possible in the scenario when the changes were made after management’s assessment. The auditor should explicitly disclaim any opinion with respect to the information about corrective actions and plans to implement new controls as disclosed by management. However, after the auditor completes testing in the following year and if controls were found to be operating effectively, an interim report on the effectiveness of internal controls could be issued. b. The auditor should issue an adverse opinion if he or she does not believe sufficient time has passed to gather sufficient, competent evidence that the control deficiencies have been corrected. However, after the auditor completes testing in the following year and if controls were found to be operating effectively, an interim report on the effectiveness of internal controls could be issued. 7-41 The audit report should describe the reason for the material weakness. An example can be found in Exhibit 7-6. 7-42 The audit report should include the proper title; introductory, scope, definition, limitations, and opinion paragraphs; and should describe the reason for the material weakness. The combined report would be similar to the report in Exhibit 7-5 except that the material weakness explanatory paragraph would be added and the opinion paragraph would be modified to reflect the adverse opinion over ICFR similar to Exhibit 7-6. 7-43 The auditors' report on ICFR would be prepared similar to Exhibit 7-4. 7-44 a. 2 b. 3 c. 1 7-45 The substantive auditing procedures Brown may consider performing include the following: Using the perpetual inventory file: • Recalculate the beginning and ending balances (prices x quantities), foot, and print out a report to be used to reconcile the totals with the general ledger (or agree beginning balance with the prior year's working papers). • Calculate the quantity balances as of the physical inventory date for comparison to the physical inventory file. (Alternatively, update the physical inventory file for purchases and sales from January 6 to January 31, for comparison to the perpetual inventory at January 31, 2018.) • Select and print out a sample of items received and shipped for the periods (1) before and after January 5 and January 31, 2018, for cutoff testing, (2) between January 5 and January 31, 2018, for vouching or analytical procedures, and (3) prior to January 5, 2018, for tests of details or analytical procedures. • Compare quantities sold during the year to quantities on hand at year-end. Print out a report of items for which turnover is less than expected. (Alternatively, calculate the number of days' sales in inventory for selected items.) • Select items noted as possibly unsalable or obsolete during the physical inventory observation and print out information about purchases and sales for further consideration. • Recalculate the prices used to value the year-end FIFO inventory by matching prices and quantities to the most recent purchases. • Select a sample of items for comparison to current sales prices. • Identify and print out unusual transactions. (These are transactions other than purchases or sales for the year, or physical inventory adjustments as of January 5, 2018.) • Recalculate the ending inventory (or selected items) by taking the beginning balances plus purchases, less sales (quantities and/or amounts), and print out the differences. • Recalculate the cost of sales for selected items sold during the year. Using the physical inventory and test count files: • Account for all inventory tag numbers used and print out a report of missing or duplicate numbers for follow-up. • Search for tag numbers noted during the physical inventory observation as being voided or not used. • Compare the physical inventory file to the file of test counts and print out a report of differences for the auditor follow-up. • Combine the quantities for each item appearing on more than one inventory tag number for comparison to the perpetual file. • Compare the quantities in the file to the calculated quantity balances in the perpetual inventory file as of January 5, 2018. (Alternatively, compare the physical inventory file updated to year-end to the perpetual inventory file.) • Calculate the quantities and dollar amounts of the book-to-physical adjustments for each item and the total adjustment. Print out a report to reconcile the total adjustment to the adjustment recorded in the general ledger before year-end. • Using the calculated book-to-physical adjustments for each item, compare the quantity and dollar amount of each adjustment to the perpetual inventory file as of January 5, 2018, and print out a report of differences for follow-up. INTERNET ASSIGNMENTS 7-46 The opinion paragraph of the audit report will indicate whether the report a separate report or for both audits. Note that even separate reports on each of the audits (of financial statements and ICFR) will refer to the opinion issued on the other audit. I 7-47 The opinion paragraph of an audit report for ICFR will provide the definition of a material weakness and will describe the particular material weakness(es) resulting in the adverse opinion. Solution Manual for Auditing and Assurance Services: A Systematic Approach William F. Messier, Steven M. Glover, Douglas F. Prawitt 9781260687637, 9780077732509, 9780077732509, 9781259162312
Download
Close
Close
