This Document Contains Chapters 5 to 6 CHAPTER 5 Preliminary Auditing Planning: Understanding the Auditee’s Business SOLUTIONS FOR REVIEW CHECKPOINTS 5-1 The three main steps are risk assessment, response to assessed risks, and concluding by forming the audit opinion and issuing an appropriate audit report. 5-2 The ongoing activities that are required by CAS throughout the engagement include: ⸀Communications among audit team members throughout the process, ⸀Documentation of the audit decisions and findings, ⸀Revisions to risk assessments and planned responses if appropriate due to knowledge obtained during audit process, and ⸀Communications with those charged with the auditee’s governance and its management. ⸀other valid activities may be noted 5-3 Publicly listed companies need to be audited according to the securities regulations that apply to them. Private companies often don’t need audits, depending on the jurisdiction, because in some cases shareholders of smaller corporations can waive a statutory audit requirement. In some cases, the company’s stakeholders, such as major shareholders or lenders, may require an audit of the financial statements even if it could be waived. 5-4 “Audit clients” are the people who engaged the auditor and pay his or her fees. The auditee is the actual entity whose financial statements are being audited. Often in practice the auditor is engaged by the those charged with governance (usually the board of directors) as part of their responsibilities to the shareholders, in which case the ‘client’ and ‘auditee’ are one in the same. 5-5 “Those charged with governance” of an entity are the people who are responsible for its operations and accountable to its stakeholders. 5-6 An auditor can use the following sources of information to help decide whether to accept a new audit auditee. Financial information prepared by the prospective auditee: Annual reports to shareholders Interim financial statements Securities registration statements Reports to regulatory agencies Inquiries directed to the prospect's business associates: Banker Legal counsel Underwriter Other persons, e.g., customers, suppliers Predecessor auditor, if any, communication, re: Integrity of management, Disagreements with management Analysis: Special or unusual risk related to the prospect Need for special skills (e.g., computer or industry expertise) Internal search for relationships that would compromise independence 5-7 Auditee consent is required because the rules of professional conduct / code of ethics applicable to the practice of public accounting (as issued by various professional accounting bodies) prohibit the predecessor auditor from revealing confidential information to the successor without the consent of the auditee. Confidentiality remains even when the auditor-auditee relationship ends. 5-8 An auditor may decide to take on low, moderate, or even a high risk engagement, as long as the auditor is confident that the risk can be managed down to an acceptable level through careful performance of the audit work. This decision depends on the judgment of each auditor, which is based on their capacity to manage the risks, and their personal tolerance for risk. Auditor A’s judgment in this case is that the engagement is too risky, but Auditor B’s judgment is that the risk can be reduced to an acceptable level by performing the audit work. 5-9 Engagement letter benefits: * Helps establish an understanding between auditee and auditor of the terms of the engagement and the nature of the work. * Helps avoid quarrels and misunderstandings between auditee and auditor. Helps avoid disputes over the audit fee. * Helps avoid legal liability assertions based on failure to do work that the PA may not have contemplated or agreed to do. 5-10 A time budget shows the different audit team members assigned to the various segments of the audit work, the time expected to be needed to perform procedures for each segment, and other information useful for planning such as whether the work is to be done at a interim date or at year end. The actual time spent on the assigned audit work is recorded so that (1) there is a record for billing the auditee, (2) the efficiency of the audit team members can be evaluated, and (3) there is a record for planning the next audit. 5-11 Interim audit work refers to procedures performed several weeks or months before the balance sheet date. Year- end audit work refers to procedures performed shortly before and after the balance sheet date. Audit firms typically spread the workload out during the year by scheduling interim audit work so they will have enough time and people available when several audits have year-ends on the same date (December 31 is common). 5-12 Auditors must understand the: ⸀ Broad economic environment in which the auditee operates ⸀ Effects of national economic policies ⸀ Geographic location and its economy ⸀ Developments in taxation and regulatory areas ⸀ Industry characteristics that are important ⸀ Significant IT applications in the company's that produce accounting information ⸀ The business strategy, the business risks the strategy addresses, and the business processes used to operate the business The auditor’s objective in obtaining an understanding of the auditee’s business, its environment and its risks is to design an effective audit program that addresses all the significant risks of financial statement misstatements. Audit standards require a discussion among the engagement team about the susceptibility of the auditee’s financial statements to material misstatement. Based on this shared understanding, the audit team can identify what can go wrong at the financial statement level, determine the significance of the risks and assess how likely it is that these risks occurred. The standards further require the auditor to perform this risk assessment at the financial statement level by considering classes of transactions, account balances and disclosures in the financial statements. The auditor also assesses risks at the assertion level; assertions are discussed later in this chapter. Accounting is supposed to reflect the economic substance of transactions and this usually requires asking the right business questions of management. Effective questioning requires strong understanding of the auditee’s business, its environment and risks. 5-13 The broad economic environment includes external factors that can affect the auditee’s success but over which it may have little control. These present risks that the auditee’s management needs to take into account in developing its strategy. These factors include: international trade restrictions, duties and tariffs; foreign exchange rates, global commodity prices (which can be affected by weather or political unrest, or other unpredictable external events); taxation and regulatory changes. 5-14 The broad economic factors will affect different industries differently. For example global commodity prices affect companies that supply or use each particular commodity. The auditee’s industry may be targeted by foreign governments for punitive “anti-dumping” duties (e.g. softwood lumber or steel), or may be particularly vulnerable to low cost foreign suppliers (e.g. clothing or furniture). Energy shortages and price increases will affect energy intensive industries more significantly than other industries. Market demand fluctuations in the auditee’s market need to be considered by the auditor as they will affect its financial condition and performance. Also, specific tax regulations may affect the auditee’s industry. 5-15 The RIM example in the chapter highlights risks in high-tech companies related to protecting intellectual property rights and effective patent filing and searching processes to avoid infringement by others, and lawsuits for infringement. Going beyond the chapter section, high tech businesses also face risk of obsolescence, competition, failure to generate cash flows from users of their technology, failure to set pricing to cover costs, etc. In the forestry industry, companies face risks of commodity price or currency fluctuations that are hard to plan for, and changes in export duties to countries they export to, and competition with other countries that produce forest products with lower costs.. The AbitibiBowater case in the chapter illustrates an example of the risks in the forestry industry. 5-16 The purpose of performing preliminary analytical procedures in the audit planning stage is to direct attention to potential problem areas so the audit work can be planned to reduce the risk of missing something important. 5-17 The auditor’s understanding the business and risks is highly integrated with planning and executing the rest of the audit work. The auditor needs to understand the business in order to recognize what analytical procedures are telling him or her. The fact that something is different from last year may or may not be something that needs to investigated; knowing the business helps the auditor make that judgment. The final set of audit procedures executed to complete the audit must take into account all the relevant knowledge that the audit team gains during the audit engagement, including internal control and risks. 5-18 Five types of general analytical review procedures: 1. Compare financial information with prior period(s). 2. Compare financial information with budgets or forecasts. 3. Study predictable financial information patterns based on the entity's experience. 4. Compare financial information to industry statistics. 5. Study financial information relationships to nonfinancial information. 5.19 Official documents and authorizations that can be read as part of a preliminary analytical review: Corporate charter Corporate bylaws Articles of partnership Directors' minutes Executive committee minutes Audit committee minutes Finance committee minutes New contracts and leases 5-20 Officers' Compensation Authorization of officers' salaries. Authorization of stock options and other "perk" compensation. Business Operations Amount of dividends declared. Acceptance of contracts, agreements, lawsuit settlements. Approval of major purchases of property and investments. Discussions of merger and divestiture progress. Corporate Finance Amount of dividends declared. Discussions of merger and divestiture progress. Authorization of financing by stock issues, long-term debt, and leases. Approval to pledge assets as security for debts. Discussion of negotiations on bank loans and payment waivers. Accounting Policies and Control Approval of accounting policies and accounting for estimates and unusual transactions. Authorizations of individuals to sign bank cheques. 5-21 The auditor’s understanding of the business risks is important in identifying what kinds of changes and relations are expected based on how the business performed during the audited period and what kinds might indicate the financial information is misstated. Business risk is the auditee risk that the entity will be unable to achieve its business objectives or execute its strategies. Understanding management’s risk assessment process helps to assess the risk that the financial statements could be materially misstated. Auditing standards (e.g., Handbook CAS 315) emphasize the auditor’s need to understand business risk and the "entity's risk assessment process” in order to plan and execute appropriate audit procedures. This is referred to in the text as the business risk approach to planning and executing the audit. The auditor may identify risks of material misstatement that management’s risk assessment process failed to identify and if the auditor believes there is a material weakness in the entity's risk assessment process, the auditor needs to communicate this to the audit committee or equivalent. Generally, the business risk approach requires the auditor to take a broader view of the whole organization and assess the risks of material misstatements that arise from a variety of aspects of the business. 5-22 They are the financial statements management has prepared for the current year that will be, but have not yet been, audited. They are the starting point for the audit planning. 5-23 The steps auditors can use to apply comparison and ratio analysis to unaudited financial statements are: (1) obtain or prepare comparative common-size financial statements and calculate ratios, (2) study the data and describe the company's financial activities, (3) ask relevant questions about questionable relationships, and (4) obtain or prepare a cash flow statement to begin the analysis of the going-concern status of the company. 5-24 Vertical analysis refers to financial statement amounts expressed each year as proportions of a base, such as sales for the income statement accounts and total assets for the balance sheet accounts. These ‘common-size’ statements show how the various components related to each other - this analysis provides a starting point for further evaluation and enquiry by the auditor. They can be further analyzed horizontally, to see how the relations have changed over time. 5-25 Horizontal analysis refers to changes of financial statement numbers and ratios across two or more years. This basic analytical data can indicate unusual or unexpected fluctuations that suggest further evaluation and enquiry that the auditor should perform. 5-26 The ratios in Appendix 5-A are: current ratio, days' sales in receivables, doubtful accounts ratio, days' sales in inventory, receivables turnover, inventory turnover, cost of goods sold ratio, return on equity, and Altman's financial distress ratios and discriminant score. Students may be able to name other relevant ratios. 5-27 Decrease in accounts receivable turnover ratio can indicate slow collections, that may indicate more uncollectible accounts should be provided for in the allowance for bad debts, i.e. net A/R balance is overstated. It can also indicate the A/R balance is overstated because it has been manipulated fraudulently. 5-28 Increase in number of day’s sales in inventory can indicate slow moving inventory that is more likely to be obsolete or otherwise hard to sell, that may indicate a bigger provision should be made for inventory obsolescence, i.e. net inventory balance is overstated. It can also indicate the inventory balance is overstated because it has been manipulated fraudulently. 5-29 The prior year retained earnings ($900,000) plus current year income ($370,000) does not add up to the current year ending retained earnings ($1,260,000). Retained earnings has been reduced by $10,000, probably dividends declared and paid. The balance sheet does not show dividends payable, and no other information is given. 5-30 Net cash flow is negative $400,000 Net cash flow = Net income +/- changes in working capital and non-cash items, +/-financing and investing cash flows = change in cash balance 370,000-390000-100000-100000-20000+300000+750000-200000-10000-1000000=-400000 5-31 Analysis directs attention to areas that look unusual, where misstatements may have occurred. This indicates questions auditors should raise with management. Management may provide valid business reasons for the fluctuations, but the analysis alone does not confirm or refute these explanations. More tangible evidence is required to form a conclusion about whether a particular financial statement amount is fairly stated or not. 5-32 Materiality is one of the first important judgments the auditor must make since it affects every other planning, examination and reporting decision. 5-33 "Material information" in accounting and auditing is information that should be disclosed if it is likely to influence the economic decisions of financial statement users. "Overall materiality" in an audit context is the largest amount of uncorrected dollar misstatement that could exist in published financial statements, yet they would still fairly present the company's financial position and results of operations in conformity with GAAP. 5-34 Some amount of inaccuracy always exists in financial statements because inaccuracies do not affect users’ decisions and hence are not material, the cost of finding and correcting small errors is too great, and the time taken to find them would delay issuance of financial statements. Also, accounting numbers involve estimates and predictions about future events that may not turn out as expected. 5-35 The audit of an estimate involves the auditors producing their own estimate and comparing it to management’s estimate. Often a range for an estimated amount is generated. For example, management may estimate an allowance for doubtful accounts to be $50,000, and the auditors may estimate that the allowance could be $40,000 to $55,000. In this case management’s estimate is within the auditors’ range of reasonableness. However, the auditors should take note that the management estimate leans toward the conservative side (more than the auditors’ $40,000 lower estimate, but not much less than the auditors’ higher $55,000 estimate). If other estimates exhibit the same conservatism, and the effect is material, the auditors will need to evaluate the overall reasonableness of the effect of all estimates taken together. If the auditors develop an estimate that differs (e.g., a range of $55,000 to $70,000 for the allowance that management estimated at $50,000), the preferred treatment is to consider the difference between management’s estimate and the closest end of the auditors’ range as an error (in this case, error = $5,000 = auditors’ $55,000 minus management’s $50,000). The remaining difference to the farthest end of the range ($15,000 = $70,000 – $55,000) is noted and reconsidered in combination with the findings on all management’s estimates. 5-36 The best objective evidence of the reasonableness of an estimate (for example, the allowance for doubtful accounts receivable) is the actual events that occur later (for example, the write-off of accounts that existed at the time the allowance was estimated). The comparison of estimates with subsequent actual experience can often be used as a hindsight test of the objective reasonableness of accounting estimates. However, some estimates (for example, pension expense) may have such long time horizons that actual experience may not be available before new estimates must be made. 5-37 Overall Materiality is set for the financial statements as a whole; it applies to the largest amount of misstatement that in the auditors view would not affect user decisions. Overall Performance Materiality is an amount less than the overall materiality level; it allows a cushion since there are likely misstatements that the auditors procedures won’t detect, even in a competent audit. The cushion is to lower the risk of giving a clean opinion on financial statements that are materially misstated. 5-38 If the auditor decides the materiality should be revised to a smaller amount, the auditor will probably have to extend any testing that was done based on the larger materiality level. As the audit materiality level gets smaller, the auditor must do more work to find any material misstatements. If materiality is lowered after test extents have been determined and procedures conducted, the auditor would need to consider whether these extents are adequate with a lower materiality level. If not, it may be necessary to increase the extent of testing. If some accounts had been subject to minimal audit work because they were much less material, this also would need to be reconsidered based on the new lower materiality. Also, any ‘trivial’ misstatements discovered would also need to be reconsidered, as well as the overall decision on what level of misstatements will be treated as ‘trivial’ since this may be lower if materiality is lower. 5-39 Qualitative aspects of materiality are important because even quantitatively small misstatements resulting from intentional misstatement, intentional violation of the law, or intentional earnings manipulation must be considered material because of their potential impact on users. Qualitative criteria allow the auditor to stand back to take a broad perspective and consider other factors that may be informative about the consequences of the materiality level used. The qualitative aspects of materiality are equally important as comparison to an arbitrary fixed dollar amount that may be chosen to some extent on the basis of an auditor’s cost/benefit decision (i.e., a business decision of the auditor or audit firm). 5-40 Auditing standards do not require auditors to use any specific quantitative benchmarks for setting materiality levels. 5-41 Any fraud committed against external stakeholders for the company’s benefit is material no matter how small. However, in frauds against the company materiality is determined by the usual qualitative and quantitative guidelines discussed in the chapter. In the case of controls in place to prevent fraud, if the risk of a theft or misstatement is more than remote, then this is considered a ‘material’ internal control deficiency must be reported to the audit committee or Board. 5-42 Using one Overall Materiality level is the simplest approach, in comparison to various methods that might be used to allocate the amount to different accounts (i.e., ‘Specific Materiality’ levels). This approach also results in the least testing and is the approach implied by the Handbook audit guidance. 5-43 Five principal assertions in financial statements: 1. Existence assertion: The practical objective is to establish with evidence that assets, liabilities and equities actually exist and that sales and expense transactions actually occurred. Cut-off can be considered an aspect of the existence assertion (Existence in a specified time period). CAS 315 uses the term occurrence when existence is applied to transactions. 2. Completeness assertion: The practical objective is to establish with evidence that all transactions of the period are in the financial statements and all transactions that properly belong in the preceding or following accounting periods are excluded. Another term for these aspects of completeness is cut-off. Completeness also refers to proper inclusion in financial statements of all assets, liabilities, revenue, expense and related disclosures. 3. Ownership (or Rights and Obligations) assertion: The practical objectives related to rights and obligations are to establish with evidence that assets are owned (or rights such as capitalized leases are shown) and liabilities are owed. 4. Valuation (or Allocation, Measurement) assertion: The practical objective is to establish with evidence that proper values have been assigned to things (assets, liabilities, equities and related disclosures) and events (revenues, expenses and related disclosures). ‘Allocation’ refers to the practical objective of obtaining evidence about "valuations" achieved by cost allocations such as depreciation and inventory costing methods. ‘Measurement’ is the term used to refer to application of an appropriate generally accepted method to determine the dollar amount to include in a financial statement, as in CICA s.1000 or other conceptual accounting frameworks. 5- Presentation and Disclosure assertion: The practical objective is to establish with evidence that accounting principles used by management are appropriate in the circumstances and are applied properly, and that disclosures contain all information required by generally accepted accounting principles. 5-44 Assertions are the focal points for all audit procedures because they are the fundamental management claims that are being audited. Audit procedures produce evidence that relates to one or more specific assertions. As will be explained in detail later in Chapter 8, auditors use “audit objectives” that are derived from the five principal assertions to design specific evidence gathering procedures. 5-45 Auditing completeness involves getting evidence about what is not there. Auditors have to depend on management’s representations to some extent, and corroborate these with evidence from a variety of sources, including internal controls. There is rarely a ‘slam dunk’ type of procedure that provides strong conclusive evidence that everything that should have been included has been included. 5-46 Auditors should think about a "compliance assertion" even though it is not explicitly listed in the auditing standards because auditors have responsibilities regarding these compliance-type events: (1) company employees observing the company's internal control policies and procedures (see Chapter 9), (2) irregularities and illegal acts (see Chapter 7), and (3) compliance with laws and regulations in government-standard audits (see Chapter 21). The practical objective of the compliance assertion, though not listed in the CICA Handbook, can be stated as: to establish with evidence that the entity has complied with applicable public laws and regulations and with the terms of private contracts and agreements. The compliance assertions are particularly important when auditing governmental agencies (most Auditor General audits as well as ones done by PAs). Internal audits extend the concept to compliance with managerial policies. 5-47 If you are given a list of audit procedures (this is called an audit ‘program’) and are using them to plan this year’s audit, you need to consider: “What are the assertions management is making by reporting this financial information?” Which assertion(s) does this procedure produce evidence about?” “Does the list of procedures (the audit program) cover all the assertions?” One aspect that may be missing in many standard audit programs is to consider the compliance assertion, as discussed in the chapter. 5-48 The overall audit strategy is outlined in CAS 300. The components suggested in the standard include documents information about (1) investigation or review of the prospective or continuing engagement and client relationship; (2) staff, technical, or industry expertise required; (3) preliminary materiality levels; (4) assessment of significant industry or company risks and related audit issues; (5) identification of unusual accounting principles; (6) use of substantive or combined audit approach; (7) nature and extent of resources required; (8) staff assignment and scheduling of team communications and field work; and (9) special considerations for initial or group audit engagements. 5-49 The overall audit strategy guides development of the detailed audit plan, which contains the audit program details. The audit programs include specific audit objectives and procedures for determining inherent and control risk, obtaining the sufficient competent evidence that is the basis for the audit report, and producing the required documentation. SOLUTIONS FOR EXERCISES AND PROBLEMS EP5-1 Analytical Review Ratio Relationships a. The current ratio was made larger than it should have been. The current asset numerator was made larger (fictitious accounts receivable larger than the inventory removed) while the current liability denominator did not change. (However, if the income tax effect of the error is included, the current liabilities change by a greater proportion that the current assets change, and it turns out that the current ratio was made smaller!) b. In this case the relative rate of change is important, because both the numerator and denominator of the current ratio are changed by the same amount. 1. Current ratio (before) was greater than 1:1--the incorrect accounting makes the ratio larger than it should be. Example: Before $100,000 / $20,000 = 5.0:1 After $ 90,000 / $10,000 = 9.0:1 2. Current ratio (before) was equal to 1:1--the incorrect accounting does not change the ratio. Example: Before $100,000 / $100,000 = 1:1 After $ 90,000 / $ 90,000 = 1:1 3. Current ratio (before) was less than 1:1--the incorrect accounting makes the ratio smaller than it should be. Example: Before $ 20,000 / $100,000 = 0.2:1 After $ 10,000 / $ 90,000 = 0.11:1 c. Effect of unrecorded purchase counted in physical inventory, assuming the accounts are adjusted to include the inventory on hand. Inventory is not misstated. Cost of goods sold is understated. Gross profit is overstated. Net income is overstated. The question asks for the effect on the ratios compared to what they would have been without the error. Current ratio: Greater than 1:1 before. The error of recording the inventory and not the current payable makes the ratio larger. Equal to 1:1 before. The error makes the ratio larger. Less than 1:1 before. The error makes the ratio larger. Gross margin ratio: The error makes it larger. Cost of goods sold ratio: The error makes it smaller. Receivables turnover: The error does not affect either the sales numerator or the receivables denominator, so the ratio is not affected. d. In this case the net receivables amount is correct. The proper adjustment should be to reduce gross receivables and the allowance for doubtful accounts by an equal amount. Current ratio: Not affected because the current asset and current liability totals are not affected. Day's sales in receivables: Not affected when the net receivables is used to calculate the ratio. Doubtful account ratio: The improper accounting causes the ratio to be larger than it should be. (Proper accounting would cause the allowance numerator to be reduced to a greater extent, by a faster rate, than the receivables denominator.) Receivables turnover: Not affected when the net receivables is used to calculate the ratio. Return on beginning equity: Not affected because the income is measured properly with adequate allowance for doubtful accounts. Working capital/Total assets: Not affected because both terms are measured properly. e. The effect on the Altman (1968) discriminate Z score is a larger score because of the directional effect of all the changes mentioned: Working capital/Total assets: The ratio is larger because WC is greater and TA is smaller. Retained earnings/Total assets: The ratio is larger because retained earnings remained the same while TA is smaller. Earnings BIT/Total assets: The ratio is larger, because EBIT is about the same as last year, and TA is smaller. Market equity/Total debt: The ratio is larger because market equity is the same, while total debt is lower. Net sales/Total assets: The ratio is larger because net sales have decreased less (5%) than the total assets have decreased (10%). EP5-2 Understand the Business--Transactions and Accounts Accounting systems may differ, so the solution below accommodates most possibilities. [formatting request from reviewer: can this be converted to a table format with grid lines?] Debits Credits Cash receipts Cash Sales revenue Accounts receivable Investment income Cash disbursements Accounts payable Cash Inventory Fixed assets Long term debt Expenses Credit sales Accounts receivable Sales revenue Sales returns and allowances Sales revenue Accounts receivable (contra return account) Cash (cash refunds) Purchases on credit Inventory Accounts payable Fixed assets Expenses Purchase returns Cash (cash refund) Inventory Accounts payable (contra return acct.) Uncollectible account Allowance for Accounts receivable Write-offs doubtful accounts EP5-3 Auditing an Accounting Estimate The audit problem is to develop a range of valuation of the inventory in order to evaluate management's estimate. Low High Selling price $ 78,000 $ 92,000 Advertising and shipping expenses 7,000 5,000 Auditors' estimate of the range for the inventory valuation $ 71,000 $ 87,000 a. Yes, an adjustment can be proposed. Loss (or Cost of Goods Sold) $ 12,000 Inventory $12,000 Write down the inventory to the nearest end of the auditors' range. b. No adjustment is necessary. The management estimate of $80,000 is within the auditors' range estimate. EP5-4 Risk of Misstatement in Various Accounts a. Based on information you have available in Chapter 5, which accounts may be most susceptible to overstatement? Understatement? Inventory understatements may occur from counting and pricing errors. Fixed asset understatements may result from failure to capitalize costs (expensing them instead) or from erroneous depreciation calculations. Liability understatement and expense understatement appear to be quite common. b. Why do you think a company might permit asset accounts to be understated? Asset understatements can result from accounting errors, misapplication of accounting principles, and measurement errors (such as undercounting the inventory). A company might be motivated by tax evasion to understated assets and income. c. Why do you think a company might permit liability accounts to be overstated? Estimated liabilities might be measured large for conservatism. The company might over accrue expenses in order to reduce taxable income. A fraud might be imbedded in false payables to false vendors. d. Which direction of misstatement is most likely: income overstatement or income understatement? Research studies indicate that income overstatement occurs most frequently; the cause is often understatement of expenses (e.g. accrued expenses), or overstatement of revenues (e.g. inappropriate revenue recognition policy choice or interpretation). EP5-5 Audit planning a) Walter should: ▪ Know the business and industry ▪ Review ▪ prior years’ files ▪ auditee correspondence ▪ engagement letter or obtain one ▪ Coordinate staff ▪ Hold a planning meeting with the staff ▪ Prepare risk and materiality assessments ▪ Obtain draft statements for analytical review ▪ Develop a preliminary audit strategy ▪ Identify key dates, i.e., inventory count ▪ Consider need for specialists or other auditors ▪ Consider role of internal auditors ▪ Estimate fees and time ▪ Develop audit programs ▪ Prepare files and supplies ▪ Have plan approved by partner. b) Validity ▪ all amounts in the F/S should be there Existence ▪ all assets and liabilities exist at a given date Completeness ▪ everything that should have been included in the F/S is there Ownership ▪ assets/liabilities are owned/owed by the entity Valuation ▪ all F/S items are properly valued Cut-off ▪ all transactions are included in the correct period Disclosure ▪ all information required in the F/S has been disclosed either in the body of the statements or in notes Measurement ▪ Revenues and expenses are recorded in the proper amounts and in the proper period. EP5-6 Assertions Assertions used by the auditor fall into the following categories: (a) assertions about classes of transactions and events for the period under audit: (i) occurrence — transactions and events that have been recorded have occurred and pertain to the entity; (ii) completeness — all transactions and events that should have been recorded have been recorded; (iii) accuracy — amounts and other data relating to recorded transactions and events have been recorded appropriately; (iv) cut-off — transactions and events have been recorded in the correct accounting period; and (v) classification — transactions and events have been recorded in the proper accounts; (b) assertions about account balances at the period end: (i) existence — assets, liabilities and equity interests exist; (ii) rights and obligations — the entity holds or controls the rights to assets, and liabilities are the obligations of the entity; (iii) completeness — all assets, liabilities and equity interests that should have been recorded have been recorded; and (iv) valuation and allocation — assets, liabilities and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded; and (c) assertions about presentation and disclosure: (i) occurrence and rights and obligations — disclosed events, transactions and other matters have occurred and pertain to the entity; (ii) completeness — all disclosures that should have been included in the financial statements have been included; (iii) classification and understandability — financial information is appropriately presented and described, and disclosures are clearly expressed; and (iv) accuracy and valuation — financial and other information are disclosed fairly and at appropriate amounts. The auditor may use the assertions as described above or may express them differently provided all aspects described above have been covered. For example, the auditor may choose to combine the assertions about transactions and events with the assertions about account balances. As another example, there may not be a separate assertion related to cut-off of transactions and events when the occurrence and completeness assertions include appropriate consideration of recording transactions in the correct accounting period. Source: CICA Assurance Handbook, CAS 315 Existence Completeness Valuation Existence and completeness Presentation Existence Ownership Completeness Valuation Existence and Ownership Completeness Presentation Valuation Different terms are used to provide finer definitions. The finer definitions can be helpful for developing more specific statements of the auditing objectives, that relate specific financial statement components and to auditing procedures. For example, to describe the existence assertion as it relates to a transaction stream some people find it easier to think about whether transactions really ‘occurred’ rather than whether the transactions really ‘exist’. Another term used for existence is validity, i.e., are the balances valid, are the transactions valid? Various alternate terms have been used historically and so they are retained, but they can be viewed as synonyms. Overall, sufficient appropriate audit evidence must be obtained to address the five principle assertions discussed in the text, with regard to the level of risk of misstatement in each assertion, for each account balance, class of transactions, and disclosure. EP5-7 Experts’ Work as audit evidence When experts/specialists are engaged, auditors must ensure they have appropriate professional qualifications and good reputations. An expert should be unrelated to the company under audit, if possible. Auditors must obtain an understanding of the expert’s methods and assumptions. The auditor also must verify all significant information that the expert’s conclusions are based on if the expert’s work will be a significant piece of evidence used to form the audit opinion (CAS 620). For example, if the expert is providing an opinion on mineral reserves valuation, the auditor should tie the reports used by the expert into other documentation to verify the properties evaluated are owned by the auditee, and check commodity price assumptions to external data such as published commodity trading statistics. EP5-5-8 The professional standards Jack is applying in the end of chapter Application Case and Analysis include: CSQC-1 Quality control for firms that perform audits and reviews of financial statements, and other assurance engagements; CAS 200 Overall objectives of the independent auditor and the conduct of an audit in accordance with Canadian auditing standards; CAS 210 Agreeing the terms of audit engagements; CAS 300 Planning an audit of financial statements; and CAS 315 Identifying and assessing the risks of material misstatement through understanding the entity and its environment. Selected excerpts of relevant sections of these standards are given below for each of the seven steps in the Case Analysis. Students can also be assigned to review the standards to identify these and other requirements that call for the acceptance considerations set out in the case. Overall, the objective set out in CSQC-1 is being applied by Jack’s firm’s procedures in this case. e.g., CSQC-1 Objective 11. The objective of the firm is to establish and maintain a system of quality control to provide it with reasonable assurance that: (a) The firm and its personnel comply with professional standards and applicable legal and regulatory requirements; and (b) Reports issued by the firm or engagement partners are appropriate in the circumstances.” Referring to the standards more specifically, note the following professional requirements being met by the seven steps Jack is taking. 1. Obtaining and reviewing financial information about the prospective auditee organization to determine purpose, main users, and basis of accounting. > This step allows the firm to comply with CSQC-1, paragraphs 26 and 27, e.g., Acceptance and Continuance of Client Relationships and Specific Engagements 26. The firm shall establish policies and procedures for the acceptance and continuance of client relationships and specific engagements, designed to provide the firm with reasonable assurance that it will only undertake or continue relationships and engagements where the firm: (a) Is competent to perform the engagement and has the capabilities, including time and resources, to do so; (Ref: Para. A18, A23) (b) Can comply with relevant ethical requirements; and (c) Has considered the integrity of the client, and does not have information that would lead it to conclude that the client lacks integrity. (Ref: Para. A19-A20, A23) 27. Such policies and procedures shall require: (a) The firm to obtain such information as it considers necessary in the circumstances before accepting an engagement with a new client, when deciding whether to continue an existing engagement, and when considering acceptance of a new engagement with an existing client. (Ref: Para. A21, A23) (b) If a potential conflict of interest is identified in accepting an engagement from a new or an existing client, the firm to determine whether it is appropriate to accept the engagement. (c) If issues have been identified, and the firm decides to accept or continue the client relationship or a specific engagement, the firm to document how the issues were resolved.” > It also meets CAS 220, paragraph 12 in regards to the specific audit engagements Jack firm is considering accepting. e.g., CAS 220 12. The engagement partner shall be satisfied that appropriate procedures regarding the acceptance and continuance of client relationships and audit engagements have been followed, and shall determine that conclusions reached in this regard are appropriate. (Ref: Para. A8-A9) 2. Evaluating the public accounting firm’s and individual auditors’ independence from the prospect > This step meets requirements of CSQC-1 and CAS 220, paragraphs 11 and CAS 200, paragraph 14. e.g., CSQC-1, paragraphs 21 and .24 Independence 21. The firm shall establish policies and procedures designed to provide it with reasonable assurance that the firm, its personnel and, where applicable, others subject to independence requirements (including network firm personnel) maintain independence where required by relevant ethical requirements. Such policies and procedures shall enable the firm to: (Ref: Para. A10) (a) Communicate its independence requirements to its personnel and, where applicable, others subject to them; and (b) Identify and evaluate circumstances and relationships that create threats to independence, and to take appropriate action to eliminate those threats or reduce them to an acceptable level by applying safeguards, or, if considered appropriate, to withdraw from the engagement, where withdrawal is possible under applicable law or regulation. 24. At least annually, the firm shall obtain written confirmation of compliance with its policies and procedures on independence from all firm personnel required to be independent by relevant ethical requirements. (Ref: Para. A10-A11) ” e.g., CAS 200 Ethical Requirements Relating to an Audit of Financial Statements 14. The auditor shall comply with relevant ethical requirements, including those pertaining to independence, relating to financial statement audit engagements. (Ref: Para. CA14-A17)” 3. Considering whether the public accounting firm has competency, resources, any special skills required >This step applies CSQC-1, paragraph 29, CAS 220, paragraphs 12-14 (see above), and CAS 300, paragraph 8, e.g., CSQC-1 Human Resources 29. The firm shall establish policies and procedures designed to provide it with reasonable assurance that it has sufficient personnel with the competence, capabilities, and commitment to ethical principles necessary to: (a) Perform engagements in accordance with professional standards and applicable legal and regulatory requirements; and (b) Enable the firm or engagement partners to issue reports that are appropriate in the circumstances. (Ref: Para. A24-A29) CAS 300 8. In establishing the overall audit strategy, the auditor shall: (a) Identify the characteristics of the engagement that define its scope; (b) Ascertain the reporting objectives of the engagement to plan the timing of the audit and the nature of the communications required; (c) Consider the factors that, in the auditor's professional judgment, are significant in directing the engagement team's efforts; (d) Consider the results of preliminary engagement activities and, where applicable, whether knowledge gained on other engagements performed by the engagement partner for the entity is relevant; and (e) Ascertain the nature, timing and extent of resources necessary to perform the engagement. (Ref: Para. A8-A11)” 4. Obtaining information from management as to whether the prospect’s management accepts responsibility for the financial statement preparation and implementing adequate controls to reduce risk of errors and fraud > This step complies with CAS 210, paragraph 6 allowing Jack’s firm to determine whether pre-conditions for the audits are present. This knowledge will also be useful in complying with CAS 300, paragraph 6, and CAS 315, paragraphs 6-7 e.g., CAS 315 6. The risk assessment procedures shall include the following: (a) Inquiries of management, and of others within the entity who in the auditor's judgment may have information that is likely to assist in identifying risks of material misstatement due to fraud or error. (Ref: Para. A6) (b) Analytical procedures. (Ref: Para. A7-A10) (c) Observation and inspection. (Ref: Para. A11) 7. The auditor shall consider whether information obtained from the auditor's client acceptance or continuance process is relevant to identifying risks of material misstatement.” 5. Considering whether the engagement would require special attention or involve unusual risks >This step also allows Jack’s firm to comply with CAS 220 and the other standards concerning audit engagement continuance and acceptance 6. Searching for news reports and, when possible, asking business associates about the organization >This step can provide information related to the acceptance standards noted above in CAS 220, as well as knowledge relevant in identifying and assessing risks of misstatement that are set out in CAS 315. 7. For new audits, communicating with the previous auditor >This step arises in the CAS from the requirements to comply with relevant ethical requirement for public accountants. These include the rules of conduct or ethics codes of the various provincial accounting bodies.e.g., CAS 220, paragraph C7(n) C(n) Relevant ethical requirements – Ethical requirements to which the engagement team and engagement quality control reviewer are subject, which comprise relevant independence and other ethical requirements set out in rules of professional conduct / code of ethics applicable to the practice of public accounting issued by the various professional accounting bodies. [In ISA 220, this paragraph states: Relevant ethical requirements – Ethical requirements to which the engagement team and engagement quality control reviewer are subject, which ordinarily comprise Parts A and B of the International Ethics Standards Board for Accountants' Code of Ethics for Professional Accountants (IESBA Code) related to an audit of financial statements together with national requirements that are more restrictive.]” SOLUTIONS FOR DISCUSSION CASES DC5-1 Communications between predecessor and successor auditors The procedures you should follow prior to accepting the engagement include the following: 1. You should explain to your prospective auditee your firm’s need to inquire of Diggs and should request permission to make such inquiries. (This means that the President of Lyrac will need to contact Diggs to inform him that he is no longer the company’s auditor, even though the President does not want to. Since the auditor must be engaged, and dismissed, by those charged with governance of Lyrac, it would not be appropriate for your firm to do this.) 2. You should ask your prospective auditee to authorize Diggs to respond fully to all inquiries since Diggs would be prohibited from disclosing confidential information without its former auditee’s permission. 3. With permission, you should contact Diggs about your prospective auditee’s decision to change auditors, as an act of professional courtesy. 4. You should make reasonable inquiries of Diggs regarding matters that will aid in deciding whether to accept the Lyrac audit engagement. (Your inquiries should ask about facts which might bear on the integrity of management, disagreements with management about accounting and auditing matters, and Diggs' understanding of the reason(s) for the change of auditors.) 5. If Diggs does not respond fully to your questions, you should consider the implications of the limited response in deciding whether to accept the engagement. 6. After weighing all information received from Diggs, you should inform your auditee that a first-time audit is more time-consuming than a recurring audit because the new auditor is generally unfamiliar with the auditee's operations and does not have the benefit of past knowledge of company affairs to use as a guide. 7. A discussion with your auditee of the estimated required audit time and fee arrangement should be coordinated with a clear explanation of the purpose and scope of the audit. Any work that can be done by auditee personnel should also be discussed so that excess audit time might be eliminated and proposed report deadlines can be reasonably met. 8. To satisfy your quality control objective, you should use procedures such as reviewing the financial statements of the auditee; inquiring of third parties such as its banks, legal counsel, investment bankers, and others in the business community as to its reputation; and evaluating his ability to serve this auditee properly with reference to industry expertise, size of engagement, and available staff. 9. If you have no reservations, after all significant factors have been considered, discussed, and agreed to, you should accept the engagement and confirm the understandings in an engagement letter. DC5-2 Audit engagement acceptance a. The sources of information and inquiries include: Inquiry, Including Prior Working Papers--prior audit working papers, personnel who worked on the audit in prior years are available to convey their understanding of the business, inquiry and interviews with the company's management, directors, and audit committee. Observation--take a tour of the company's physical facilities, keeping eyes open for activities and things that should be reflected in the accounting records. The tour is the time to see company personnel in their normal workplaces. Study. Numerous sources--CICA and AICPA industry accounting and auditing guides, specialized trade magazines and journals, registration statements and Annual Reports filed with the securities market regulators, general business magazines and newspapers (Financial Post, Report on Business, Business Week, Forbes, Fortune, Harvard Business Review, Barron's, and the Wall street Journal). b. No, but Quality Control Standards require firms to investigate prospective auditees. c. Students can decide this acceptance question either way, although the brief facts may prejudice the conclusion toward nonacceptance. The PA's own firm decided to resign 10 years ago, presumably over matters of owner-manager integrity. Yet, Mr. Shine appears to be a respected member of his new community. Maybe his "fast and loose" accounting past is behind him. Maybe not. Student should use the facts available, and madke reasonable assumptions, to provide arguments that support the choice they make. DC5-3 a) Factors to consider before accepting the audit engagement include: - Is the PA firm independent? - Does the PA firm have the expertise to conduct the audit? - Will the auditee be able to pay the audit fee? - Is the auditee a going concern? - Is management highly questionable? - Do they need an audit? - Is the risk arising from known users of the financial statements reasonably determinable and acceptable? b) Risk assessment procedures include the following activities. Identify users of financial statements –owner/major shareholder who has asked for audit for first time this year, and potential lenders she will likely give the audited financial statements to, and who likely will use the f/s to evaluate the risk of the company not paying back its loan and interest. Other qualitative factors could be relevant, like contracts or covenants based on f/s balances, transaction volumes, pledges of assets as collateral, etc. c) For quantitative assessment, apply appropriate benchmarks, e.g. 5-10% normal income, 0.5 - 1% revenues or assets, Here there is no ‘Normal income’ as it is a new, start-up company. Other bases suggested can be considered, such as: Assets: $25000 to 50000 Revenues: $4000 to 8000 Then also consider qualitative factors, to generate reasonable range. Assets is probably most appropriate since the start up stage also means revenues are not good performance indicators yet, and user decisions not likely to depend on revenue information. As the auditor, you must select one amount from the range to provide a materiality level for planning the audit. Your choice needs to be justified based on qualitative factors. For example, in this case it would be appropriate and prudent go to the lower end of asset-based range, $25,000, since it is a first time audit, users are known to be relying at least partly on financial statements for important financial decisions, but the best information in the financial statements at this stage of the business’s life is the asset values. Materiality is the most important judgment and is made early in the audit because the auditor’s assessment of risk of material misstatement requires a preliminary benchmark of what it ‘material’ - this then affects every other planning decision. d) Some possible ratios: Current ratio/quick ratio – may indicate liquidity problem, financial condition is poor, risk of business failure. Operating cash flows over payables - indicates cash burn for start up stage business - indicates working capital requirements to fund operating shortfall and risk if not likely to be met. Gross margin percent– may suggest performance of operation is inefficient as costs not covered by revenues, or price competition affecting viability - other valid ratios, implications are also acceptable for this case Example of additional information - For more meaningful ratio analysis, further information is needed for more different comparisons, e.g. more operating periods to compute turnover, efficiency ratios, industry averages, DC5-4 Predecessor and Successor Auditors Wells & Ratley need to initiate communications with both predecessor auditors. The situation is unusual, but W&R need to obtain complete information from all the predecessors involved since the last audit (2012 financial statements). Both Canby & Co. and Albrecht & Hubbard are predecessors. (If Canby & Co. had completed the 2013 audit, and W&R had been hired to perform the 2014 audit, then Canby & Co. would be the only Predecessor. A&H would be history.) Inquiry of only one of the predecessors would not result in complete information because the circumstances surrounding each auditor change may be different. The two predecessors, having served at different times and for different lengths of time, may have different knowledge about Allpurpose Loan Company and its president. If the company is public and subject to securities market reporting requirements, reports for both changes should have been filed with the regulator. DC5-5 Calculate a Planning Materiality Amount This solution provides a stock price-based method of determining what is material to users based on the impact of an income misstatement is expected to have on the share price, as indicated by the ‘multiple’ that market participants are using to price this company’s shares. This approach provides an alternative way of thinking about the materiality concept, though simpler methods based on financial statement amounts (usually pre-tax income) are more commonly used in practice. 6% Price Effect Stock price (16 x $0.687) $ 11.00 (slightly rounded) Price materiality judgment $ .66 Adjusted stock price $ 10.34 Adjusted earnings per share (divide by 16 multiple) $ .64625 Indicated net income (multiply by 750,000 shares) $ 484,688 (rounded) Add pre-tax accounts that can be audited completely: Interest expense $ -0- Income tax expense (35%) $ 260,986 (rounded) Indicated pre-tax income $ 745,674 Unaudited pre-tax income $ 792,308 (rounded) ($515,000/0.65) Indicated planning materiality based on pre-tax income $ 46,634 DC5-6 Preliminary Analysis, Materiality, Assertions. a) To assess the risk of material misstatement, the auditor must understand the nature of the business on what needs to be accounted for, because it will affect what inherent risks exist in the business and thus its accounts. This illustrates the importance to the auditor of understanding how a business creates value and earns profits. The case requires one to apply one’s knowledge of the business, given the facts provided in the case and other reasonable assumptions, to judge the relevant inherent risks for different financial statement components in relation to the five principle assertions: existence, completeness, ownership, valuation and presentation [ECOVP] b) To make a decision on materiality, we first identify the main users of financial statements – these are the minority shareholders who have asked for an audit for the first time this year. Also, the bank holding the long term loan shown in the trial balance likely will use the f/s to evaluate the risk of the company not paying back its loan. Other qualitative factors could be relevant, like contracts or covenants based on f/s balances, transaction volumes, indicators of fraud, etc. For quantitative assessment, apply appropriate benchmarks, e.g. 5-10% pre-tax normal income, 0.5-1% revenues or assets, and then also consider qualitative factors, to generate reasonable range. Select one level from range and justify the quantitative choice based on qualitative factors. c) Two possible ratios that could be calculated for analysis are: i) current ratio/quick ratio – may indicate liquidity problem, financial condition is poor, risk of business failure. ii) gross margin percent – may suggest performance of operation is inefficient, or price competition affecting viability - for more meaningful ratios and analysis, further information is needed, e.g. past periods to compute turnover, efficiency ratios, industry average, to allow for more different comparisons. Other valid ratios, implications, and related further investigation are also acceptable if clearly explained and supported d) Assessment of the risk of material misstatement (RMM) takes into consideration both the inherent and control risks, at the assertion level. The inherent risk assessments are based on the nature of the item and the risk that an error can have occurred in accounting for that item in the first place, regardless of controls. The general tendency is for high value items that are attractive to steal, like TVs, to have higher inherent risks related to the existence assertion. For Dawood, it is manufacturing the TV and monitors, so the valuation may be subject to errors in complex cost allocations, and the net realizable value may fall due to technological obsolescence, so the valuation assertion has high risk of misstatement. Several other accounts could also be noted as high risk, such as warranty provision (high valuation assertion risk as this is an estimate) or PPE because it is highly material and may become obsolete or inefficient over time, affecting its valuation. Another item that may have high inherent risk in Dawood is the accounts receivable balance if there is a concern about collectibility, as the valuation assertion would have a high risk of misstatement. Two items that may have low inherent risk assessments are the bank loan - it is straightforward to value it and confirm its existence and completeness. Share capital might also be noted as a low risk account, since its ownership is well documented and since it is not complex to account for, its existence, valuation and completeness would not have high inherent risk. Generally, assessing high inherent risk leads the auditor to expect management to have strong risk assessment processes, and strong controls in place to offset/reduce these risks. If this is the case, when inherent risk and control risk are combined as RMM, the assessed risk could be lower than the inherent risk alone. However, to rely on this assessment the auditor must test the relevant controls. In Dawood’s case it may be feasible and efficient for the auditor to test these controls and get some assurance from them, and that will lower the amount of assurance required from substantive tests. On the other hand, if the controls are not very strong the RMM will be very high for high inherent risk items and the auditor will need a lot of substantive evidence to be able to get reasonable assurance to form an opinion about whether the f/ss are fairly stated. e) Inventory in manufacturing business will have raw material, WIP and finished goods Assertions: (note - assessments of RMM below are for finished goods, WIP risk assessments may differ) Existence: moderate - The question is whether all the TVs and monitors recorded really are on hand. Since these items could be easily stolen, the risk is raised, but verification by physical inspection can provide very reliable evidence. Further, if controls in place appear strong over recording the purchases, it would be difficult to make an entry for an inventory purchase that doesn’t exist. Thus the risk is moderated. Completeness: moderate - The question is whether all the inventory the company actually owns has been recorded. This depends on good controls over recording all purchases, and moving costs of WIP through the production accounting process properly. Since it is possible to miss recording unless controls are good, and inventory is key to the company’s success, we can assume the controls over this are good and the risk is moderated. Valuation: high - The question is whether the dollar amount allocated to the finished goods is correctly calculated and complies with GAAP (i.e., the financial reporting framework selected by management, including the relevant inventory valuation policies and methods). There are a number of factors that can lead to risk of misstatement of the valuation assertions, such as: the TVs might not be able to be sold at expected prices; the raw materials and componement used may not be of suitable quality; the costs of the components may not be correctly recorded; all production costs incurred in the process may not be captured accurately such overhead allocations. Ownership: low - The question is whether Dawood has proper title to the inventory. The risk is assessed as low since it is unlikely that Dawood will record inventory that is has not purchased and taken title to upon delivery, or will include inventory once it is sold (under an assumption that the terms of sale for this type of business are not complex to follow, and title transfers when goods are delivered with little uncertainty about completing the sale ) Presentation: low - The question is whether the inventory is properly classified in the financial statements and all disclosures required by GAAP are complied with. This is assessed as a low risk assertion since the classification not complex (as long as there are reasonable systems controls in place to measure the different classes of inventory: RM, WIP and FG), accounting policies for inventory valuation & disclosure are clear to apply, management is assume to have the required accounting skills. Other valid risk assessments could be made based on different assumptions, or on different interpretations of the facts provided since these are fairly limited in the case. DC5-7 Materiality Level Reduced The case requires consideration of the factors that determine the materiality level for audit purposes, in particular a decision to reduce the materiality level. a) The magnitude of net income, other financial statement items, the users and the potential impact of errors on their decisions, and other qualitative factors can be discussed. b) Lower materiality will tend to require more audit procedures, e.g. higher sample extents when representative samples are tested, and this will apply whether extents are determined statistically or judgmentally - if a smaller error matters, more has to be looked at to get the same assurance that a material error is unlikely to have occurred. c) In this case the auditors need to consider the impact of a lower materiality level on the unadjusted errors (and the potentially undetected errors) in the opening balances. It may be that at the lower materiality level these errors would have needed to be adjusted. Since they were not, and they affected a current asset, they will reverse in this year, and which in turn materially affects the current year-end balances. It will be important for the auditor to take the reversal of this prior period error into account DC5-8 Materiality Approaches in Audit Practice. Materiality decisions are highly judgmental, so a lot of variability in practice is inevitable. Even the same auditor may want to use a different approach in different audits, since the decision is based on many qualitative factors that will be context-specific. CAS 320 provides a lot of options so that auditors are not constrained from applying their judgment. CAS 320 also highlights the different considerations and requires the auditor to consider different factors and justify the decision on each financial statement audit. Allowing for these different approaches in the standards can prevent auditors in practice from starting to take too much of a literal, ‘cookbook’ attitude about what the standards require. DC5-9 Materiality and Misstatements in Estimates The case is based on the SEC’s lawsuit against the Nortel executives, alleging they used ‘cookie jar’ reserves to make their 2003 bonus. The data provided can be analyzed to show management may be using measurement uncertainty strategically, to bias the estimate. Using large reserves/provisions to understate income in one year can allow a higher income to reported in a later period, when the result will push the company into profit and make the executives eligible for bonuses. The auditor would need to assess the reasonable range of these estimates in each year, and compare the company management’s suggested estimate to see if it is outside the range. The direction of any difference between the auditor’ and management’s estimates is important to track across all the company’s estimates in a period - do they tend to go in the same direction in terms of impact on earnings? This could suggest a conscious attempt to over or understate the reserves to have control over the reported results in the following periods. The analysis of auditor ranges to management’s in subsequent periods should also take into account the reversal of provisions in previous periods, to assess potential for bias. DC5-10 Quantitative and qualitative materiality criteria a) The following accounts will be overstated: Accounts receivable Current assets and total assets Sales revenue Income and retained earnings This cut-off error most clearly affects the EXISTENCE (or OCCURRENCE) assertion since it results in the year’s sales and year-end A/R balance being overstated. b) Current ratio calculations: including error = 1,100,000/860,000 = 1.28 with error corrected = (1100000-250000) / (860,000) = 0.99 Impact is to lower the ratio from 1.28 to 0.99 This brings the ratio below the level required by the bank covenant. c) Based on quantitative criteria only, an auditor might conclude it is not material since it is less than 5% of NIBT. However, another auditor might judge it to be close enough to quantitative thresholds for it to be considered material, since it is 4% of NIBT, 2.3% current assets, etc. In any case, since correcting the error will push ratio below the minimum level set in the bank covenant of 1.2 to 1, the error affects a key financial ratio that the bank/user is monitoring and will affect banks decision to continue loan or call it back. This is a qualitative factor that makes it a material misstatement. In conclusion, it should be considered material based on qualitative considerations. DC5-11 Overall Audit Strategy, Retail Industry This case involves finding two real companies in the same industry and applying the chapter planning concepts in this context. The “Overall Audit Strategy” checklist in Exhibit 5-9 can be used as a guide. Some other guiding questions that students can consider include: - What business are the companies in. How does each make money? What are its main strategic objectives? What business risks does it face that could prevent it from meeting its strategy? (Refer to the relevant risk factors listed in CAS 315 Appendix) Discuss two business processes that are likely to be important in this business considering its strategy and risks, and why these would be most important. - Outline the company’s corporate governance structure (e.g., Board of Directors composition and qualification and independence, Audit or other board committees), as indicated or implied in their Annual Report. -Determine the audit risk level the audit team would be willing to accept for this engagement, and the materiality level for planning purposes. Justify your choices. -Review the company's main accounting policies, including those for revenue, inventory, capital assets, and any other that seem relevant in this business and comment on their appropriateness (i.e., are the policies chosen by management conservative, aggressive, etc?). -Present the result of key analytical review procedures and explain the impact of these finding on your audit approach. Summarize your findings in the report and provide details in an Exhibit. Comment on the impact of accounting policy choices on the results of the analytical procedures. -Based on your research and business risk assessment above, identify two or three key audit issues, and their impact on your audit approach. A key audit issue is an area where you think there is a particularly high risk that the company's financial statements are materially misstated. Support your selection of these key audit issues by explaining specifically how the business risks and other company factors you identified might lead to higher risk of material misstatement in this company's financial statements. CHAPTER 6 ASSESSING RISKS AND INTERNAL CONTROL SOLUTIONS FOR REVIEW CHECKPOINTS 6-1 The four risks included in the audit risk model and their descriptions are: Inherent risk: the probability that material misstatements, due to errors or fraud, have entered the data processing system. Control risk: the probability that the auditee's system of internal control will fail to detect material misstatements, provided any enter the accounting system in the first place. Detection risk: the probability that audit procedures will fail to find material misstatements, provided any have entered the system and have not been detected or corrected by the auditee's internal control system. Audit risk (also sometimes called "overall risk" or “tolerable risk” or ”ultimate risk”): a concept applied both to the probability of giving an inappropriate opinion and to the probability of failing to discover material misstatements in a particular disclosure or account balance. It represents the amount of risk the audit is accepting, for example if audit risk is 5% the auditor is accepting a 5% probability of giving the wrong audit opinion. Another way of thinking of audit risk is the complement of assurance - so at 5% audit risk the auditor is 95% sure that the financial statements are not misstated The audit risk model is a conceptual model of how the four types of risk are related. Audit risk is a combination of the other risks: Audit Risk = Inherent Risk x Control Risk x Detection Risk. 6-2 The audit risk level an auditor will be willing to accept varies according to auditee and engagement circumstances. Generally, the more risky the auditee or the more users rely on the audited financial statements, the lower the planned audit risk. As the possibility of being sued for material misstatement increases, an auditor will decrease planned audit risk to compensate for the increased risk associated with the engagement. This possibility of negative consequences for the auditor tends to be higher when the company is listed on a public stock exchange, when the company is in financial difficulty, and when users are making significant financial decisions based directly on audited financial statement information. 6-3 Inherent risk assessment will vary from auditee to auditee and is an important application of the auditors understanding of the business risks. It is helpful to assess inherent risk on an assertion by assertion basis, as sometimes the risk arises mainly from one assertion (e.g. valuation of accounts receivable when the auditee has a liberal credit policy). Accounts with high inherent risk are those subject to misstatement because of complexity (inventory valuation in a manufacturing business), volume (sales transactions in a large retail business), likelihood of theft (jewelry or small consumer electronic gadgets), or because they are difficult to control (cash receipts in a charity). Inherent risk tends to be low in accounts that change little (share capital), are low volume (dividend payment) or calculated from other amounts (amortization). 6-4 Control frameworks are tools that help auditors to identify all the aspects of control that should exist in the auditee’s business. This includes ‘company-level’ or ‘management controls’ as well as control over business processes, information systems and financial statements . There are various frameworks an auditor can choose from, and usually an audit firm will develop a version for use by its audit teams. The frameworks help auditors to focus on key aspects of control relevant to the financial statements and to evaluate whether all the required controls exist and whether they are designed to be effective in reducing risks to an acceptable level. The auditor’s control identification and evaluation process is called the control risk assessment. Control frameworks thus are useful tools that assist auditors in their control risk assessment processes. 6-5 Some well accepted control frameworks are: CICA’s Criteria of Control Committee (COCO); Committee of Sponsoring Organizations of the Treadway Commission, Internal Control –Integrated Framework (COSO); and Control Objectives for Information and Related Technology, published by the IT Governance Institute (COBIT). 6-6 In connection with auditor's judgments about internal control, anchoring is the mental carryover of prior knowledge and the application of prior conclusions to the current control system, usually without gathering much new evidence. 6-7 In the hockey game analogy, the defending hockey team’s fans can represent the users of the company’s financial statements. If the audit (goalie) does not stop the puck from entering the net (material misstatement in the financial statements not detected and corrected) it is a bad outcome for the users as the financial statements may be misleading or useless for their decisions. 6-8 For example, from a recent Audit Risk Alert: Some of the effects of bad economic times that create risk of material misstatement, and auditors should be alert to detect in auditees' financial statements, include: Asset valuations--recoverability and bases of accounting. Inappropriate offsetting of assets and liabilities. Changes in cost-deferral policies and the reasonableness of amortization periods. Allowances for doubtful accounts, in general, and loan-loss allowances for financial institutions, in particular. Compliance with financial covenants and the necessity to obtain waivers from lending institutions to meet current requirements. Changes in sales practices or terms that may require a change in accounting. Changes in revenue recognition approaches and assumptions 6-9 "Audit risk in an overall sense" refers to the audit taken as a whole and the probability that an auditor will give an inappropriate opinion on financial statements. Generally, this is the risk of giving the standard unqualified report when the financial statements contain material misstatements or the report should be qualified or modified in some manner. "Audit risk applied to individual account balances" refers to the probability that auditors will fail to discover misstatement in a particular account balance at least equal to the tolerable misstatement assigned to the audit of that balance. This version of audit risk is applied in concept at the individual account balance level. 6-10 In theory, the materiality decision (how much precision is required in the audit opinion) is independent of audit risk decision ( how much assurance is required in the audit opinion). It is helpful for an auditor to keep these two considerations separate since the materiality decision focuses on what dollar amount of misstatement is likely to affect users’ decisions, while the audit risk level decision is focused on the audit firm and how careful it wants to be to avoid providing a clean opinion on materially misstated financial statements. In practice, the two concepts are related because they have a similar impact on the amount of audit evidence required, for example when a fraud is suspected a smaller materiality level is used - this has the same result as using a lower tolerable audit risk level. Materiality and audit risk decisions both have an impact on the auditor’s decisions on the nature, extent and timing of audit evidence to be gathered. You may want to refer ahead to Exhibit 8-6 which shows the impact of both materiality and audit risk decisions on audit evidence gathering decisions. 6-11 Business risk needs to be considered in assessing audit risk. Audit risks relate to accurate reporting on business risks, thus, the higher the business risks the greater the need to report them accurately. As a consequence, the general relationship is that the higher the auditee’s business risk the lower the planned audit risk needs to be. 6-12 Business risk analysis can be incorporated into the audit risk model to provide insight into many risks of material misstatement that arise from accounting uncertainties and estimation risk. These risks cannot be detected by substantive factual evidence because they are based on forecasts of future economic factors. These uncertainties can be viewed as accounting risks that relate to the business risk. The auditor’s understanding of business risk can help to assess how significant such non-detectible accounting estimation misstatements might be. Business risk analysis is a way for the auditor to distinguish accounting risk from audit risk, and ensure that the financial statements adequately present the risks to users. If these risks are assessed as unacceptably high, effectively the scope of the audit is too limited to allow the auditor to provide reasonable assurance on the financial statements overall. 6-13 Business risk is the auditee risk that the auditee will be unable to achieve its business objectives or execute its strategies. Understanding management’s risk assessment process helps to assess the risk that the financial statements could be materially misstated. Auditing standards (e.g., CICA Handbook - Assurance, CAS 315) emphasize the auditor’s need to understand business risk and the "entity's risk assessment process” in order to plan and execute appropriate audit procedures. This is referred to in the text as the business risk approach to planning and executing the audit. The auditor may identify risks of material misstatement that management’s risk assessment process failed to identify and if the auditor believes there is a material weakness in the entity's risk assessment process, the auditor needs to communicate this to the audit committee or equivalent. Generally, the business risk approach requires the auditor to take a broader view of the whole organization and assess the risks of material misstatements that arise from a variety of aspects of the business. 6-14 The two parts of business analysis are strategic analysis and business process analysis. The goal is to learn about the auditee’s analysis of the risks its business faces, in particular, whether the analysis identifies all material business risks. 6-15 Auditor’s knowledge of the business (e.g., from previous audits of companies in the same or similar industries) is the key to understanding the risks associated with a particular auditee’s business strategy. Common risks associated with a business strategy are risks of cost leadership, risks of differentiation, and risks of focus. These are discussed in the chapter appendix. Senior management is the chief source of information about the auditee company’s business strategy. 6-16 A business processes is a structured set of activities within the entity that is designed to produce a specific output in accordance with the business strategy. 6-17 If the business process produces value-added output in the way that the strategy intended it to do, it is more likely that the business will achieve its objectives and not fall prey to the various risks. The purpose of business process analysis is to identify the system to assure adherence to the business strategy. The auditor must understand the process and identify key sub-processes to examine in detail these key sub-processes, inherent business risk associated with the sub-process, and the control environment associated with the sub-process. The information the auditor seeks to learn about a target business process are the following: process objectives (i.e., role in achieving the entity’s business objectives), process activities, classes of accounting transactions and cycles employed, process risks, and process controls. 6-18 In the airline industry, a key business risk is being required to service routes that are not profitable. The company needs to plan schedules and fares that ensure revenues can cover costs. Cost controls are also critical to the strategy to address this risk. In a manufacturing business a risk is not producing the right quantity of the right products at the right time. Processes that predict market demand and integrate production scheduling, including supply chain integration, are examples of processes to address this risk. 6-19 Business organizations that are run hierarchically tend to use structured, routine processes to achieve their strategies - this tends to be possible when a large part of the operation involves fairly predictable high volume transactions. Less hierarchical organizations tend to use more variable and judgmental processes to achieve strategies that involve more unique, one-off types of output. Organizations can also be viewed as being ‘rigid’ ( and hence more likely to see hierarchical decision-making processes) or ‘organic’ (hence using more fluid decision- making processes). 6-20 Business risks that could affect the financial statements when complex IT and e-commerce are used include integration of various systems, accessibility risks mean the security infrastructure and related controls should more extensive, financial records generated need to be supported by appropriate controls that may need to be automated. 6-21 The business process analysis has to consider the extent to which management has identified e-commerce opportunities and risks in its strategy; whether the e-commerce activities are being aligned carefully with the entity's overall business strategy or just adopted ad hoc in response to opportunities and risks as they arise; whether management’s risk assessment process covers the changing sources of revenues and costs for the entity and how effectively the business processes capture and control these; whether evaluation techniques are appropriate to assess the incremental profitability of e-commerce activities, etc. 6-22 External performance measures are key performance indicators reported to analysts, creditors and shareholders. Internal performance measures are those used for personnel review and incentive programs like bonus plans. These uses can create pressures on the business that may increase the risk that managers are motivated to misstate the financial statements. Events or conditions that indicate an incentive or pressure to commit fraud or provide an opportunity are referred to as "fraud risk factors". For example, the need to meet expectations of third parties to obtain additional equity financing or the granting of significant bonuses if unrealistic profit targets are met may create pressure to manipulate financial reports fraudulently. 6-23 Gimmicks to manipulate earnings include inappropriate revenue or expense recognition to move profits from future to current period or vice versa, failing to accrue liabilities, fabricating ‘transactions’ that boost profits, etc. 6-24 Quality of earnings refers to the company’s ability to contine to earn profits on a similar basis to its current earnings, both in terms of the amounts and the trends over relatively long periods of time. Quality earnings will be consistent and highly associated with the underlying core business activities. 6-25 The auditor has a continuing responsibility to communicate any suspicions or evidence of fraud, to a level of management higher than the employees involved in the case of lower-level employees. If the possible fraud involves high-level managers the auditor must communicate this with those charged with governance, such as the audit committee or the board of directors. The auditor is responsible for communicating any suspected or known fraud with management and those charged with governance on a timely basis, regardless of the stage of audit work. 6-26 The three components of business performance analysis are: 1. financial performance measures 2. nonfinancial performance measures, and 3. the interrelationship among the two. The purpose of business performance analysis is to determine if the financial statements accurately reflect the auditor’s analysis of business performance (e.g., if economic substance rather than legal form is captured by the financial statements). 6-27 Procedures used in financial performance analysis include but are not limited to: analysis of key financial statement ratios, examining trends of such ratios over time, review of significant accounting policies, developing a balanced scorecard, and analyzing the consistency of financial and nonfinancial performance measures. Major discrepancies in any of the above indicates a higher risk of material misstatement. For example, major inconsistencies between financial and nonfinancial measures of performance, inadequate management justification of unusual or questionable accounting policies, and ratios out of line with industry trends would lead the auditor to assess a higher risk of material misstatement, and result in additional substantive work to reduce this risk to the acceptable level. 6-28 Nonfinancial performance analysis includes, but is not limited to, “non-financial measures of the ‘balanced scorecard’, research and development activities, investment in high technology and productivity improvement, as well as a variety of other possible measures of economy, efficiency and effectiveness (such as the value for money (VFM) concepts from public sector auditing discussed later in Chapter 21). 6-29 By looking at relationships between financial and nonfinancial performance measures, the focus is on looking for discrepancies, which may indicate undetected risks, and thus help direct audit substantive testing to better assess and disclose there risks in the financial statements. Emphasis on consistency follows from the logical fact that multiple independent, corroborating sources of evidence helps strengthen the case for a relevant assertion, or for indicating the assertion does not hold. 6-30 Four "processes" and accounts in them: Revenue process | Purchases process | | Production process | | | Finance process | | | | | | | | -- -- -- -- X X X X Cash X Accounts receivable X Allowance for doubtful accounts X Sales X Sales returns X Bad debt expense X X Inventory X Fixed assets X Accum depreciation X Accounts payable X Accrued expenses X General expense X Cost of goods sold X Depreciation expense X Bank loans X Long term notes X Accrued interest X Capital stock X Retained earnings X Dividends declared X Interest expense X Income tax expense An accounting process can also be referred to as a ‘cycle’, because transaction information from the same type of business process (e.g., a sale on account) will run through the same set of accounts over and over during an accounting period (e.g., sales revenue, accounts receivable and cash are the main accounts involved in recording sales on account). A cycle perspective groups the set of accounts affected by a particular class of transaction together for audit examination, which often increases efficiency. 6-31 The cash account is represented in all the processes/cycles, because: (a) cash receipts are involved in cash sales and collections of accounts receivable (revenue process), (b) cash receipts arise from issuing shares and loan proceeds (finance process), (c) cash disbursements are involved in buying inventory and capital assets and paying for expenses purchases process), and (d) cash disbursements are involved in paying wages and overhead expenses (production process). 6-32 Predictable relations should exist among the accounts in each process/cycle. Also, the audit evidence that is available for one component of the process often also contains information for other components, because high- volume routine transactions are recorded using the journal entries. A process groups the accounts related because a typical routine transaction (e.g. recording a sale, or paying salaries) affects them all. 6-33 Business risks can be managed by avoidance (by anticipating risks and not performing those business activities that would cause the risk to occur), by management controls embedded in business processes to reduce risks to an acceptable level, by tolerating them if the costs of reducing them do not justify the benefits because the risks are unlikely to have a significant impact, or by transferring risks to another party via a contract (e.g., insurance) 6-34 Business processes are related to business risks in that they are specifically designed, implemented and monitored by management to control business risks. 6-35 Management controls operate at the company level, and permeate all aspects of the company’s operations and information systems, so they can have a big impact on whether the company’s financial reporting and disclosures objectives are met. Management controls include the control environment, the entity's risk assessment process, the information system(including business processes relevant to financial reporting, and communications) and monitoring of controls. Examples of management controls include budgets, forecasts, financial and non-financial performance measures (balance scorecards and/or key performance indicators), monitoring, accounting controls, quality control,etc. In the COSO framework, management controls are mainly included in management’s risk assessment processes, the information system, and the monitoring components. The purpose of management controls are to ensure that the organization’s resources, systems, processes, culture, structure and tasks support people in the achievement of the organization’s objectives. 6-36 The auditor considers any the risks that threaten to prevent the entity from carrying out the process effectively. The auditor then identifies the controls that management has in place to ensure efficient and effective functioning of the key business processes, and whether these controls are operating effectively. This analysis allows the auditor to make a preliminary assessment of whether management controls are appropriate for producing reliable financial statements as part of the auditors assessment of the overall risk of material misstatement of the financial statements. 6-37 In the business analysis, the auditor analyzes the business risks, and then considers the results that effective functioning of management controls have on the original risk analysis. If the auditor identifies business risks that management controls these are considered significant risks and need to be subject to further audit work. These significant risk categories effectively represent categories for which the control risks are high. That is, there is a significant risk that controls will fail to reduce the risks that the financial statements don’t portray the actual business performance. Thus the business analysis is a key component of the auditor’s preliminary assessment of the risk of material misstatement, including inherent and control risks, at the overall financial statement level. 6-38 Components of internal control, from COSO framework a) the control environment; b) the entity's risk assessment process; c) the information system, including the related business processes, relevant to financial reporting, and communication; d) monitoring of controls; and e) control activities 6-39 Information systems capture and hold information about the organization and its environment. The main activities are input, processing, output and feedback of output to people for decision making. An information system functions relate to assertions as follows: EXISTENCE/COMPLETENESS - identify and record all valid transactions; PRESENTATION - describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions for financial reporting and present properly the transactions and related disclosures in the financial statements; VALUATION - measure the value of transactions in a manner that permits recording their proper monetary value in the financial statements; CUT-OFF/EXISTENCE & COMPLETENESS - determine the time period in which transactions occurred to permit recording of transactions in the proper accounting period. Information systems consist of infrastructure (physical and hardware components), software, people, procedures and data. Many information systems are highly automated, making extensive use of information technology (IT). Information systems may also have some manual components. Systems that are primarily manual will have little or no hardware and software. 6-40 Information systems can be used to facilitate communication across an organization by electronic or paper-based means, in addition to communication that is implemented orally and through the actions of management. Communication is important because it provides an understanding of individual roles and responsibilities pertaining to internal control over financial reporting. It includes the extent to which personnel understand how their activities in the financial reporting information system relate to the work of others and the means of reporting exceptions to an appropriate higher level within the entity. Open communication channels help ensure that exceptions are reported and acted on, so weaknesses and errors/misstatements do not “fall through the cracks”. 6-41 Tone at the top of the organization is reflected in management’s and directors’ attitudes, awareness, and actions concerning the company's internal control. Management's approach to taking and monitoring business risks, attitudes toward financial reporting (conservative or aggressive selection of accounting principles and use of accounting estimates) and controls are critical to the strength of the control environment. The control environment includes the way that integrity and ethical values are communicated and enforced in the company, because the effectiveness of controls cannot rise above the integrity and ethical values of the people who create, administer and monitor them. Management must be taking action to remove or reduce incentives and temptations that might motivate people in the organization to act unethically. Management must assess requisite skills and knowledge for particular jobs and ensure people in those positions are competent. Directors or others charged with governance of the organization should be independent from management, and experienced and knowledgeable enough to raise and pursue difficult questions with management, and internal and external auditors. They should also be responsible for the design and effective operation of whistle-blower procedures and the engaged in a process for assessing the effectiveness of the company’s internal control. Management’s reactions when control violations occur should be immediate and appropriate to set the right example for others. The organization should have in place clear policies relating to appropriate business practices, knowledge and experience of key personnel, and resources provided for carrying out duties. Policies should ensure that all personnel understand the entity's objectives, know how their individual actions interrelate and contribute to those objectives, and recognize how and for what they will be held accountable. 6-42 Preventive. Environmental controls are there to prevent misstatements from arising in the first place. Preventive controls are more cost effective than controls designed to detect or correct misstatements that have entered the system. This is one reason why auditors tend to focus the preliminary evaluation on environmental controls. Another reason is the pervasive impact environmental controls have on the accounting cycles affected. 6-43 Auditors’ main reason for understanding internal control is to consider how different aspects of an entity's internal control system may affect the financial statements. As noted, the internal control framework in the CAS includes the following five components: a) the control environment; b) the entity's risk assessment process; c) the information system, including the related business processes, relevant to financial reporting, and communication; d) monitoring of controls; and e) control activities Company level controls, components (a) to (d), permeate the company and can have a big impact on whether its financial reporting and disclosures objectives are met. Control activities, component (e), are controls over processes, applications and transactions related to accounting information (“accounting controls”) are of most interest to the auditor because these are needed for a company to safeguard its assets and prepare financial statements in conformity with generally accepted accounting principles. Note that management can meet its responsibility for establishing and maintaining an internal control system and assist the auditors at the same time by: (1) ensuring that documentation of the system is complete and up to date, (2) maintaining a system of transaction processing that includes an audit trail, and (3) making computer resources and knowledgeable personnel available to the auditors to help them understand and audit the system. 6-44 Monitoring controls are management’s procedures for assessing the quality of internal control performance over time and involves considering the design and operation of controls, including taking necessary corrective actions to ensure their continued effective operation. Monitoring of controls is accomplished through ongoing monitoring activities, separate evaluations, or a combination of the two. Monitoring allows management to meet its important management responsibility of establishing and maintaining internal control on an ongoing basis, considering whether controls are operating as intended, and modifying them as appropriate for changes in conditions. 6-45 The control environment includes the attitudes, awareness, and actions of management and those charged with governance concerning the entity's internal control and its importance in the entity. The control environment also includes the governance and management functions and sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for effective internal control, providing discipline and structure. General and application controls are control activities that pertain mainly to information processing. Application controls apply to the processing of individual applications. These controls help ensure that transactions occurred, are authorized, and are completely and accurately recorded and processed. Examples of application controls include checking arithmetical accuracy of records, maintaining and reviewing accounts and trial balances, automated controls such as edit checks of input data and numerical sequence checks; and manual follow-up of exception reports. General controls are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems. General controls commonly include: - performance review and analysis, - physical controls (security of assets and records); - authorization for access to computer programs and data files; - periodic comparing the results of cash, security and inventory counts with accounting records), and - segregation of duties (assigning different people the responsibilities of authorizing transactions, recording transactions, and maintaining custody of assets is intended to reduce the opportunities to allow any person to be in a position to both perpetrate and conceal errors or fraud in the normal course of the person's duties, e.g., reporting, reviewing and approving reconciliations, and approval and control of - documents). - general IT contols General IT controls apply to mainframe, network, and end-user environments. Examples of such general IT controls are: i) controls over data centre and network operations; ii) system software acquisition, change and maintenance; iii) access security; and iv) application system acquisition, development, and maintenance. v) program change controls; vi) controls that restrict access to programs or data; vii) controls over the implementation of new releases of packaged software applications; and viii) controls over system software that restrict access to or monitor the use of system utilities that could change financial data or records without leaving an audit trail. 6-46 Organizational features that provide general controls include capable personnel, assigning incompatible functions to separate people, supervision, physical access controls, periodic comparisons and reviews with follow up and resolution of discrepancies. 6-47 Application controls ensure that transactions occurred, are authorized, and are completely and accurately recorded and processed. They operation at the accounting process/cycle level. General controls are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems. 6-48 The auditor gathers knowledge such as: - descriptions of the auditee’s IT structure, personnel, resources - methods used to communicate authority and responsibility - methods used by management to supervise the IT system, such as design, documentation, procedures, access, outputs, internal audit roles - flow of transactions - journal entries to general ledger - financial statement preparation procedures - other knowledge relevant to understanding the system and the risks that financial statements could contain material misstatements. 6-49 Company-level controls include the control environment, management’s risk assessment process, information systems and communication, and monitoring. In general, company-level controls will be relevant to the audit because of their pervasive impact. In contrast, to obtain an understanding of internal control, the auditor will focus on identifying the types of misstatements that can arise and the factors that can affect the risks of material misstatement. This understanding will identify internal control relevant to the audit to assist in assessing risk of material misstatement at the assertion level, and designing the nature, timing, and extent of further audit procedures. Most controls relevant to the audit are likely to relate to the reliability of the auditee’s financial reporting, but not all controls that relate to financial reporting are relevant to the audit, and some controls relating to operating efficiency and compliance may be relevant. It is a matter of the auditor’s professional judgment whether a control, individually or in combination with others, is relevant to the audit for the purpose of designing the nature, timing, and extent of further audit procedures. CAS 315 provides guidance to identifying relevant controls to the audit. Factors relevant to the auditor’s judgment about whether a control, individually or in combination with others, is relevant to the audit may include such matters as the following: ⸀ Materiality. ⸀ The significance of the related risk. ⸀ The size of the entity. ⸀ The nature of the entity’s business, including its organization and ownership characteristics. ⸀ The diversity and complexity of the entity’s operations. ⸀ Applicable legal and regulatory requirements. ⸀ The circumstances and the applicable component of internal control. ⸀ The nature and complexity of the systems that are part of the entity’s internal control, including the use of service organizations. ⸀ Whether, and how, a specific control, individually or in combination with others, prevents, or detects and corrects, material misstatement. Controls over the completeness and accuracy of information produced by the entity may be relevant to the audit if the auditor intends to make use of the information in designing and performing further procedures. Controls relating to operations and compliance objectives may also be relevant to an audit if they relate to data the auditor evaluates or uses in applying audit procedures. Internal control over safeguarding of assets against unauthorized acquisition, use, or disposition may include controls relating to both financial reporting and operations objectives. The auditor’s consideration of such controls is generally limited to those relevant to the reliability of financial reporting. An entity generally has controls relating to objectives that are not relevant to an audit and therefore need not be considered. For example, an entity may rely on a sophisticated system of automated controls to provide efficient and effective operations (such as an airline’s system of automated controls to maintain flight schedules), but these controls ordinarily would not be relevant to the audit. Further, although internal control applies to the entire entity or to any of its operating units or business processes, an understanding of internal control relating to each of the entity’s operating units and business processes may not be relevant to the audit. 6-50 Control activities related specifically to information systems include general controls and application controls. General control activities include performance review/analysis, physical controls, and segregation of duties. 6-51 Per Handbook CAS 315, paragraph 18 - “The information system relevant to financial reporting objectives, which includes the accounting system, consists of the procedures and records established to initiate, record, process and report entity transactions (as well as events and conditions) and to maintain accountability for the related assets, liabilities and equity.” 6-52 Automated processes and controls may reduce the risk of inadvertent error but do not overcome the risk that individuals may inappropriately override such automated processes, for example, by changing the amounts being automatically passed to the general ledger or financial reporting system. Misstatement risks also exist relating to the controls over non-standard journal entries such as consolidating adjustments and non-recurring estimates such as an asset impairment. The auditor has to be aware that when automated IT procedures are used to transfer or record information, to maintain the general ledger and prepare financial statements there may be little or no visible evidence of such intervention in the information systems. When entries exist only in electronic form they may be more easily identified and examined by the use of computer-assisted audit techniques. (In contrast, in manual, paper-based general ledger systems, non-standard journal entries may be identified through inspection of ledgers, journals and supporting documentation.) The auditor also must understand how the incorrect processing of transactions is resolved, for example, whether there is an automated suspense file and how it is used by the entity to ensure that suspense items are cleared out on a timely basis, and how system overrides or bypasses to controls are processed and accounted for. 6-53 Nonstandard journal entries can materially change the reported financial statement balances from what is recorded in the general ledger. Nonstandard journal entries are used to record nonrecurring, unusual transactions, or adjustments, such changes in estimated uncollectible accounts receivable, asset disposals, or asset impairment estimates, consolidating adjustments. There are high risks of material misstatement associated with inappropriate management override of controls over journal entries and the controls surrounding nonstandard journal entries, including automated journal entries that produce no visible evidence of intervention in the information systems. SOLUTIONS FOR EXERCISES AND PROBLEMS EP6-1 Industry risks include: competition, product integrity, labelling, suppliers of organic products may be hard to find, demand for products and willingness to pay higher prices is very uncertain. Regulatory risks include: ‘organic’ registration and certification is required, standards need to be complied with to qualify, this requires appropriate compliance systems and monitoring by management. Operating risks include: real estate investments’ location and value, new store acquisitions, perishable inventory to be managed, possibility of product liability if unsafe food products are sold, etc. These risks all have an impact on accounting in this business. Product inventory valuation is complex because estimates of costs are required and valuation depends on determining salability of the various organic food products. There are valuation issues related to whether products are eligible for ‘organic’ labelling, and can be sold for adequate prices that cover costs on a timely basis given the perishable nature. Accounting for real estate used in the business also raises issues such as whether locations are viable, whether investments are recoverable as any impairment must be identified for valuation of these assets. There are also possible and contingent liabilities that need to be disclosed or recorded if required by the accounting framework. It is important for the auditor to ensure appropriate accounting information is reported about the business’s financial performance and conditions, and that disclosure of risks is adequate and in accordance with the financial reporting framework’s requirements EP6-2 As Royal Health is a public company, the auditor would likely accept only a low level of audit risk. Three audit issues that affect audit risk and risk of material misstatement include: Inventory: The company is growing its own inventory, so cost accumulation and determination of quantities may increase risk of misstatements in the existence and valuation assertions. The product is a commodity, and the auditor may require expert assistance to obtain appropriate evidence. Related party transactions: The company has significant marketing expenditures that not at arms’ length. This increases risk of misstatement since valuation may not be at fair value, and evidence will need to be obtained regarding fair value of the marketing services used. The auditor will also need to ensure that related parties, and the transactions and balances with them, are accounted for and disclosed in accordance with the financial reporting framework. Foreign sales: The company makes sales in other countries, so there is risk of misstatements arising in currency translation. Also, the terms of sale, and determining when title transfer has occurred, may be complex across borders. The availability of evidence from far flung customers may also be an issue that increases the risk of misstatement, and also may limit the scope such that it will difficult for the auditor to perform procedures to attain an acceptably low audit risk level. EP6-3 Business processes generate accounting information. Types (or classes) of transactions related to a business process are also viewed as an accounting process or "cycle." Accounting processes provide convenient way to separate transactions for study and assessment during audit. This is because the same general ledger accounts will be used over and over in the process/cycle so the balances can be related via analytical procedures. Also, an error in one of accounts will affect the others in the process, so the risk of material misstatement is related for all accounts in a particular process. Examples of accounting processes used in the text are Revenues, Purchases, Payroll & Production, and Financing. EP6-4 Business Processes, different industries a) Bicycle manufacturer Revenue processes - processes for accumulating customer orders, credit approval, tying in to production and delivery scheduling, record keeping for units shipped, customer relations management processes, issuing invoices, tracking receivables, cash collections, etc. Purchases processes - processes for materials procurements tying into production scheduling, supplier relations management, recording materials received, setting up payables, cash payments, etc. Production processes - tying in to customer order process, lead time for materials procurement and manufacturing labour scheduling, cost accumulation for materials, labour and overheads, quantity tracking, transfers from work-in-progress to finished goods inventory, etc. Finance processes - cash flow projections tying in to borrowings to cover negative cash balance phases after paying for materials and labour, borrowing and repayment, investing surplus cash, etc. b) Architect firm Revenue processes - processes for obtaining client projects, credit approval, tracking hours and progress billing, record keeping for hours , issuing invoices, tracking receivables, cash collections, etc. Purchases processes - processes for procuring supplies and services, setting up payables, cash payments, etc. Production processes - project planning and staff scheduling, tying in to tracking hours and billings, etc. Finance processes - cash flow projections tying in to borrowings to cover negative cash balance phases after paying for staff hours/salaries, borrowing and repayment, investing surplus cash, etc. c) Retail grocery store Revenue processes - processes for pricing stock on store shelves, cash register control procedures for sales, cash receipts reconciliations, cash deposits, etc. Purchases processes - processes for goods procurement tying into sales projections and economic ordering quantities, modifications to purchasing plans for special promotions and seasonal demand items, supplier relations management, recording goods received, inventory management processes, setting up payables, cash payments, etc. Production processes - not applicable Finance processes - cash flow projections tying in to borrowings to cover negative cash balance phases after paying for, borrowing and repayment, investing surplus cash, etc. EP6-5 Auditors should pay particular attention to external and internal performance measures for the following reasons: Quality of earnings refers to a company’s ability to replicate its earnings, both in terms of the amounts and the trends over relatively long periods of time. While users are particularly interested in high quality earnings that are informative about future performance, managers likewise have incentives to paint the best picture possible. Auditors have to consider whether the earnings reported reflect actual underlying economic performance and also provide a realistic basis for users to assess whether the performance is repeatable in future. External performance measures reported to analysts, creditors and shareholders and internal performance measures used for personnel review and incentive programs like bonus plans can create pressures on the business that may increase risk that managers are motivated to misstate financial statements. For example, the need to meet expectations of third parties to obtain additional equity financing or the granting of significant bonuses if unrealistic profit targets are met may create pressure to manipulate financial reports through aggressive accounting choices even to the point of that an auditor may assess that the risk of fraudulent reporting is significant. SOLUTIONS FOR DISCUSSION CASES DC6-1 Audit risk model Evaluation of risk assessment conclusions with AR = IR x CR x DR as a model. a) Ohlsen is not justified in acting upon a belief that IR = 0. He may have seen no adjustments proposed because (1) none were material or (2) Limberg's control system has functioned well in the past and prevented/detected/corrected material errors. If IR = 0, then AR = 0 and no further audit work need be done. Conservative auditing standards and practice do not permit this level of (non)work based on this little evidence and knowledge. b) Jones is not justified in acting upon a belief that CR = 0. She may well know that Lang's internal accounting control is exceptionally good, but (1) her review did not cover the last month of Lang's fiscal year and (2) control procedures are always subject to lapses, and management override is always a possibility. Therefore, CR can never equal zero. If CR = 0, that implies AR = 0 and no further audit work would need be done. Conservative audit practice does not permit assessment of control risk at zero to the exclusion of other audit procedures. c) Insofar as audit effectiveness is concerned, Fields' decision is within the spirit of audit standards. Even if IR = 1 and CR = 1, if DR = 0.02, the AR = 0.02. This audit risk (AR) seems quite small. However, Fields' decision may result in an inefficient audit. d) This case was deliberately left ambiguous, without putting probability numbers on the audit risks. Students will need to experiment with the model. One approach is to compare the current audit to a hypothetical last year's audit when "everything was operating smoothly." Assume: Last Year: AR = IR (0.50) + CR (0.20) x DR (0.20) = 0.02 Current year: AR = IR (1.0) + CR (1.0) x DR (0.25) = 0.25 Features of the hypothetical comparison: 1. Inherent risk is greater than last year. 2. Control risk is greater than last year. 3. The audit was done in less time, and maybe the detection risk is a little greater. 4. Audit risk appears to be very high. An alternative analysis is that Shad perceived higher inherent and control risk early, and he did not put audit time into trying to assess the risks at less than 100%. He proceeded directly to performance of extensive substantive procedures and worked a lesser total number of hours, yet still performed a high-quality audit by keeping AR low by keeping DR low. In this case, however, Shad would still need to do at least a cursory examination of controls, and document the conclusion, to provide support in the audit file for the assessment of control risk as being very high, and the decision not to rely on internal control (see CAS 200, paragraph 7). DC6-2 Planning, inherent and control risk, manufacturing business The case requires one to apply one’s knowledge of the business, given the facts provided in the case and other reasonable assumptions, to judge the relevant inherent and control risks for different financial statement components, to designing appropriate and cost-effective controls and assessing the adequacy of these controls. Various valid considerations and procedures can be generated. a) The inherent risk assessments can take into consideration the nature of the item and the risk that an error can have occurred in accounting for that item in the first place b) The general tendency for high value items that have higher inherent risks to require stronger controls can be discussed. This can lead to recognizing the constraint that more extensive controls are more costly and at some point the additional benefit is not justified. The risk will remain that errors that have occurred will not be caught by control procedures - this is control risk. c) Procedures can be described that relate to identifying risk and the controls in place to mitigate those risks. The assessment involves judgment as to whether the inherent risk is adequately reduced by the control procedure, and whether the procedure is being followed so as to effectively reduce the risk to a reasonable level. d) The question requires consideration of impact of the nature of the business on what needs to be accounted for, what inherent risks exist in the business and thus its accounts. This illustrated the importance to the auditor of understanding how a business creates value and earns profits. (The question could be expanded to address control risk in these different businesses, as above) DC6-3 Business understanding, risk analysis The TGL case provides an exercise for a group project or in-class group discussions. a) Review the list of factors in Appendix 6A and describe how each applies to the TGL companies, or indicate if it is not applicable. The categories can be divided up among groups and each group then presents their results to the rest of the class. The categories factors provide search parameters for the optional Internet research project. b) The factors, as they apply in the grocery business are considered in terms of operating characteristics of TGL to identify risks that may have financial implications. For example, large increases in energy costs can affect the costs of product storage, transportation, heating and lighting in stores. Operating changes may be introduced to lower energy use, but may have negative consequences. For example, raising refrigeration temperature may increase food spoilage. Incentives relating to meeting profit targets may induce employees to underaccrue electricity bills, affecting the completeness assertion for accounts payable. c) TGL appears to be striving for differentiation from other grocery stores through product and service differentiation, with one-stop convenience providing value to customers. They also can achieve cost leadership because of their size and buying volumes, and through vertical integration. Processes to achieve this strategy will involve at the enterprise-wide level, logistics (right quantities of right products in right location), cost management, sales volume analysis. Store level processes include: ⸀ Revenue processes - processes for pricing stock on store shelves, cash register control procedures for sales, cash receipts reconciliations, cash deposits, etc. ⸀ Purchases processes - processes for goods procurement tying into sales projections and economic ordering quantities, modifications to purchasing plans for special promotions and seasonal demand items, supplier relations management, recording goods received, inventory management processes, setting up payables, cash payments, etc. ⸀ Production processes - not applicable ⸀ Finance processes - cash flow projections tying in to borrowings to cover negative cash balance phases after paying for, borrowing and repayment, investing surplus cash, etc. d) Strategic risks: supply chain restructuring, adoption of new information system platform, new contracted out general merchandise warehouse and distribution facility, GST audit Possible process deficiencies: supply chain management, planning and management processes relating to organization changes/restructuring, information system planning and development, management of third- party warehousing and distribution functions, GST collection and remittance processes. Potential financial statement impact: Lower profits and missed targets create incentives for overly aggressive accounting choices. Systems problems can result in omitted transactions, and other accounting errors or omissions. An unrecorded contingent liability may exist related to GST reassessment, etc. DC6-4 Business understanding, retail industry a) HBC strategy is to go after off-price product sales to beat its discounting competitor Winners, by making use of its strong position with its suppliers. Winners is pursuing a strategy of selling brand name goods somewhat past their prime at discounted prices from big-box stores. The objective of both businesses appears to be to claim more market share in the discount brand label clothing and housewares markets. HBCs risk is from going after a different market and competing with existing players in that market, such as Winners. Winners faces risk of competitors with more buying power, such as HBC, entering its market. Other valid points can be discussed. b) HBC appears to have analyzed the risks and taken action successfully. Winners appear to have been taken by surprise at HBCs move into its domain. Winners explanation of ‘buying too much…too far in advance’ doesn’t rule out the explanation that it did not anticipate HBCs move. HBC may have some strategic advantages over Winners as it offers a wider selection of other items that customers may want to purchase, i.e. a one-stop shopping location. c) HBCs success may result in higher revenues, but whether profits increase depend on the margins they achieve on the discounted lines. Winners is experiencing lower profit performance and managers may be under pressure to boost reported profits by avoiding inventory write-downs or other accounting choices. DC6-5 a) Key business factors in the CB case that its auditors must understand to assess the risks of material misstatement (RMM) include: Industry, regulatory, other external risk factors - global operations: risk of currency fluctuations, political risk e.g. expropriation of assets by government, unfavourable tax or duty imposed - highly competitive industry, competing with powerful large companies, price cutting may threaten profitability - materials are commodities with fluctuating world prices - many laws and regulations are costs of operating, if violated can result in additional costs or shut down of operations Nature of CB’s business (operations, investments, financing) - raw material prices may rise and competition may prevent CB from passing these on - supplier contracts need to be renegotiated annually, may lose a key supplier or face unfavourable renegotiation terms. - CB is dependent on a few large customers, loss of one customer can severely impact its profitability - investment expansion of operations may overextend financial and management resources - product liability for unsafe products is highly risky, may suffer significant costs of damages and loss of reputation and customer confidence may reduce sales - may not be able to protect its intellectual property successfully, or prove that it has not infringed on other companies’ property rights since beverage products are not very distinguishable - breach of debt covenants can require disclosure of uncertainty regarding successful renegotiation CB’s objectives and strategy to address business risks - expansion geographically and into new products and services to remain competitive - cost cutting and rationalization to increase profitability/reduce losses - new, experienced top management hired to start a turnaround by changing ‘culture’ b) Linking business risks to RMM Industry, regulatory, other external risk factors - RMM: commodity prices and currency fluctuations are risk factors that may affect inventory valuation (LCM), contingent losses due to regulatory violations may be probable and require disclosure etc. (to be valid the points must be clearly linked to industry and external risk factors) Nature of CB’s business (operations, investments, financing) - RMM: inventory valuation may be affected by changes in costs imposed by suppliers, marketability, beverages have limited shelf life, disclosure of economic dependence on large customers may be inadequate, valuation of PPE and intangibles may be affected negatively by poor investment management risk or inadequate capitalization to complete construction, or inability to protect intellectual property rights, contingent liability disclosures may be incomplete if unreported product liability or patent infringement issues occur (to be valid the points must be linked to operating/investing/financing risk factors) CB’s objectives and strategy to address business risks - RMM: CB’s strategies to address its risks may not succeed, if they fail the company may go bankrupt given the cut-throat nature of its competitive environment. (to be valid the points must relate to management’s strategic risk assessment factors) c) Control risk appears to be high as some material weaknesses have been identified recently and the auditors don’t know whether management has succeeded in fixing these problems yet. Assessment of internal control would require enquiries of management, observation and documentation of the control environment and control system, and identification of key control procedures in CB that may be effective, or significant deficiencies if they are not effective. (If any reliance on controls being effective is feasible, the controls identified would need to be tested by procedures such as observation, examination of documents, and reperformance - but this does not seem likely in this case.) Applying the conceptual audit risk model: Inherent risk also would be assessed as high in the risk model, given the factors identified in part a). Thus the auditors will assess a very high risk of material misstatement (IR and CR combined). Facts suggest lowest audit risk should be accepted - it is a public company, with complex global operations, new management, financial difficulties, investors are unhappy - many factors indicate the auditor faces considerable risk of being sued for business and/or audit failure due to complex and risky operations. Overall the high RMM, combined with a low desired audit risk, will give a very low DR and the auditors will need to obtain a high level of highly reliable audit evidence to support their opinion. DC6-6 Obtaining a ‘sufficient’ understanding of internal control The primary reason for conducting an evaluation of a auditee's existing internal control system is to give the auditors a basis for finalizing the details of the account balance audit program--to determine the nature, timing and extent of subsequent substantive audit procedures. (See CAS 200, paragraph 7.) A secondary purpose for conducting an evaluation of internal control is to be able to make constructive suggestions for improvements. Officially, the profession considers these suggestions a part of the audit function and does not define the work as management consulting. Another purpose of the evaluation is to report to management and the board of directors or its audit committee any discovery of "any reportable conditions" of internal control deficiencies. These conditions may suggest a high risk of error, fraud or other irregularities. DC6-7 Management controls, impact on audit The case presents a scenario where an integrated decision-oriented database system has been implemented and describes its features and how it is being used by senior management. It requires one to consider the impact of this system using computer-based management supervisor controls on the company’s internal control: The system can enhance internal control in several ways. The data used in the system are integrated from several databases, making them more accurate than if they had to be developed by manually combining data from different systems. The data come from the raw source directly to the senior managers so there is no opportunity for operating managers to manipulate the data, for example to obscure data that might indicate poor performance. Since the senior managers have the ability to customize, they can create more specific analysis that may enhance their ability to detect problems and potential misstatements that can affect the financial statements. The case also requires one to consider whether this system has audit implications. Two of the aspects that could be commented on are: 1. The higher potential effectiveness of management’s supervisory control since the data are capable of being drawn on from source, with less interpretation by middle managers being required in the report generation stage, making possible a lower control risk assessment. 2. The availability of business data on a variety of operational aspects that are more independent and reliable for obtaining a knowledge of the business and for doing statistical analysis and other analytical audit procedures. DC6-8 Comprehensive audit planning decisions a) Factors to consider to support accepting/continuing OMS , based on facts given in OMS case: Obtaining and reviewing financial information about prospective client - are there unusual accounts or business practices that audit firm is not familiar with? Need to understand business risks. - OMS provides moving and storage services to offices, we need to understand their business process, nature of sales agreements, liabilities for damage/losses of customer property and related insurance policies, etc. There may be issues of completeness of liabilities, and valuation of sales that will present challenges in doing audit. The use of fuel futures is new to OMS - this raises risks to assess related to valuation issues, whether an accounting policy per GAAP, etc. Is the financial condition good? --OMS profits are around $1.6 million, and have Assets-Liabilities around $1.3 million. With such a strong balance sheet & earnings, there is high certainty it will continue as a going concern Evaluation of audit firm's independence -- if OMS is a continuance decision, our firm needs to consider if it should assign new partner or manager so he/she will be less familiar and more objective about the OMS audit. We need to re-check that all audit firm staff still have no conflicts of interest with OMS. Does audit firm have competency and resources to do an effective audit? --Considering OMS’s size, location, nature of operations, it is not an unusual or complex business model and there is no indication of major changes this year (assuming a continuing audit) so the audit firm should still be capable to complete audit Determine management’s willingness to accept responsibility for financial statements that are fairly presented in accordance with GAAP/acceptable framework and accept responsibility for adequate internal control --OMS management includes the 3 shareholders, this suggests management has integrity and enforces good controls in their own interest as owners. However, the plans to bring in passive investors could create risks as the current owner managers might want to bias income upwards to get higher price for new shares… Predecessor auditor communication -- This would be required if first time audit assumed, the audit firm will need to find out if any reasons not to accept the engagement. b) Current Assets = 2,392,421 Current Liabilities = 1,451,844 Current ratio = 1.6 to 1.0 Credit revenues = 34643256.99 Net A/R= 1,428,583 A/R turnover = 24.3 times CR analysis can tell you liquidity is good - CA can support paying CL. The audior might do more a rigorous test with fuel futures excluded (then CR = 1.2 to 1, so not as safe but still okay) - low risk of bankruptcy A/R turnover tells us that the net A/R balance is collected about twice a month - with 10 day payment terms this is longer than their collection policy. It suggests there may be some collection delays that can result in higher risk of bad debts - need to investigate sufficiency of AFBD provision. c) Materiality levels Quantitative starting point: 5-10% normal operating income Base: Calculate “ normal income” from trial balance data NIBT= $1.6 million Materiality level determination: Objective is to determine a reasonable Overall Materiality level for financial statements as a whole, consistent with reasons Start by taking 5% of NIBT to provide lower end of range (or other reasonable approaches can be considered) Pretax income $1.6 m @ 5% = $80,000 Justification for judgment considers the following: Qualitative considerations - Outside investors may look at financial statements to support share price they will pay, for example they may be using an multiple-of-earnings approach - Consider the preliminary level in relation to other financial statements components that users may look at, such as revenues, total assets, etc. Calculate performance materiality as 70% of materiality level chosen, based on the guidance given in the case. So if $80,000 chosen above, $56,000 will be used as Overall Performance Materiality. d) The auditor’s decision on acceptable audit risk level is based on nature of engagement, consequences of audit failure Factors to note, with appropriate impact on audit level acceptance: Public vs. private company -- OMS is private, would raise AR willing to accept Users making risky financial decisions from f/s -- new investors will use audited f/s to check trends using this year’s audited f/s,possible to calculate and earnings based purchase price, would lower AR Auditee financial health/risk of business failure -- OMS financially sound, may raise AR acceptable --OMS has plans to grow so faces new risks if strategy doesn’t work - may lower acceptable AR Management's reputation/integrity, willingness accept responsibilities for preparing GAAP f/s, designing and implementing adequate I/C and to provide written representations -- at OMS this appears as no problems stated in case, also can support raising acceptable AR level Overall, some factors indicate the auditor can accept higher risk and other suggest it should be lower. This indicates the auditor can accept a moderate level of AR for the OMS audit. Using the guidance in the case, of the three choices ‘low, lower, lowest’ the ‘lower’ level is appropriate. e) In order to design an effective audit, auditors must understand the business and the economic environment of the business including factors such as: economic conditions - geographic locations - developments in taxation and regulation - specific industry characteristics & risks - business objectives- key strategies employed to meet those objectives - quality control, research/improve production processes, etc. risks that threaten achievement of those objectives - Consider the following case facts in relation to the above business riks factors: 80% credit sales - collection risk Extras not well controlled as main moving contract since no segregation of collection and ability to not report - risk of incorrect billings Manager discounts may be inappropriate - could allow kickback scheme Unrealized gains on futures as revenues - could be risky if lack internal expertise, use of estimates creates misstatement risk Plan to expand, may fail and bring whole company down Destroying customer property - insurance can increase, Economic - interest rates, increase insurance premiums overall Geographic - spread out Few assets for amount of services selling - could lower quality and damage reputation and future sales f) Revenues transactions arise from credit and cash sales. There are different services with different revenue transactions streams: moving, extra moving services, storage services Assertions and related IR assessments: Existence: No case specific facts suggest a high risk of recording false revenues, so low IR Completeness: Depends on good controls over recording all sales & extras, possible to miss recording unless controls are good, especially extras since may not be contracted through segregated office staff (movers might arrange these with customers unknown to office stafrf and pocket extra cash) - so high IR Valuation: -- case facts suggest a risk of errors of calculating customer charges due to the different types of revenue and extra charges that are difficult to monitor, so high IR Ownership: - no case specific facts suggest a risk of billing unauthorized amounts, so low IR Presentation: classification not complex, accounting policies for revenue & disclosure are clear to apply, management has strong accounting skills - so low IR (An exception may be for the recording unrealized gain on futures in revenues - not ‘held for trading’ so it’s not GAAP to put with ordinary revenues, OCI would be appropriate - this seems to be a specific risk on this aspect of the revenue total only) Solution Manual for Auditing: An International Approach Wally J. Smieliauskas, Kathryn Kate Bewley 9780071051415
Download
Close
Close
