Auditing

1 Introduction and Overview of Audit and Assurance 1-1


1.1 Auditing and Assurance Defined 1-4


1.2 Demand for Audit and Assurance Services 1-6


1.2.1 Financial Statement Users 1-6


1.2.2 Sources of Demand for Audit and Assurance Services 1-7


1.2.3 Theoretical Frameworks 1-8


1.2.4 Demand in a Voluntary Setting 1-9


1.3 Different Assurance Services 1-10


1.3.1 Financial Statement Audits 1-10


1.3.2 Compliance Audits 1-12


1.3.3 Performance Audits 1-12


1.3.4 Comprehensive Audits 1-13


1.3.5 Internal Audits 1-13


1.3.6 Corporate Social Responsibility (CSR) Assurance 1-13


1.4 Different Levels of Assurance 1-14


1.4.1 Reasonable Assurance 1-14


1.4.2 Limited Assurance 1-17


1.4.3 No Assurance 1-17


1.5 Different Audit Opinions 1-20


1.6 Preparers and Auditors 1-22


1.6.1 Preparer Responsibility 1-22


1.6.2 Auditor Responsibility 1-23


1.6.3 Assurance Providers 1-24


1.7 The Role of Regulators and Regulations 1-25


1.7.1 Regulators, Standard Setters, and Other Bodies 1-25


1.7.2 Legislation 1-26


1.7.3 Regulation 1-27


1.8 The Audit Expectation Gap 1-29


2 Ethics, Legal Liability, and Client Acceptance 2-1


2.1 The Fundamental Principles of Professional Ethics 2-3


2.1.1 The Fundamental Ethical Principles 2-4


2.1.2 Specific Rules Incorporating the Principles of Professional Ethics 2-5


2.1.3 Framework for Ethical Dilemmas 2-6


2.2 Professional Judgement and Professional Scepticism 2-7


2.2.1 A Decision-Making Framework for Applying Professional Judgement 2-7


2.2.2 Improving Professional Scepticism 2-8


2.3 Independence 2-9


2.3.1 Threats to Independence 2-10


2.3.2 Safeguards to Independence 2-13


2.4 The Auditor’s Relationships with Others 2-17


2.4.1 Auditors and Shareholders 2-17


2.4.2 Auditors and the Board of Directors 2-17


2.4.3 Auditors and the Audit Committee 2-18


2.4.4 Auditors and Internal Auditors 2-18


2.5 Legal Liability 2-19


2.5.1 Legal Liability to Clients 2-20


2.5.2 Contributory Negligence 2-21


2.5.3 Legal Liability to Third Parties 2-21


2.5.4 Avoidance of Litigation 2-23


2.6 Client Acceptance and Continuance Decisions 2-24


3 Audit Planning I 3-1


3.1 Phases of an Audit 3-4


3.1.1 Risk Assessment Phase 3-4


3.1.2 Risk Response Phase 3-6


3.1.3 Concluding and Reporting on an Audit 3-6


3.2 Gaining an Understanding of the Client 3-6


3.2.1 Entity Level 3-7


3.2.2 Industry Level 3-9


3.2.3 Economy Level 3-10


3.3 Related Parties 3-11


3.4 Fraud Risk 3-13


3.4.1 Incentives and Pressures to Commit a Fraud 3-14


3.4.2 Opportunities to Perpetrate a Fraud 3-14


3.4.3 Attitudes and Rationalizations to Justify a Fraud 3-15


3.4.4 Audit Procedures Relating to Fraud 3-16


3.5 Going Concern 3-17


3.5.1 Going Concern Risk—Indicators 3-17


3.5.2 Going Concern Risk—Mitigating Factors 3-18


3.6 Auditing Estimates and Related Disclosures 3-19


3.6.1 Risk Assessment and Estimation Uncertainty 3-19


3.6.2 Estimates and the Entity Level Risk Assessment 3-20


3.7 Corporate Governance 3-21


3.8 Information Technology 3-22


3.9 Financial Reporting and Closing Procedures 3-24


4 Audit Planning II 4-1


4.1 Audit Risk 4-3


4.1.1 The Audit Risk Model and Its Components 4-5


4.1.2 Quantification of the Audit Risk Model 4-11


4.2 Materiality 4-12


4.2.1 Qualitative and Quantitative Factors 4-12


4.2.2 Materiality and Audit Risk 4-16


4.3 Audit Strategy 4-17


4.4 Client Approaches to Measuring Performance 4-21


4.4.1 Profitability 4-21


4.4.2 Liquidity 4-22


4.5 Analytical Procedures 4-22


4.5.1 Comparisons 4-24


4.5.2 Trend Analysis 4-24


4.5.3 Common-Size Analysis 4-25


4.5.4 Ratio Analysis 4-25


4.5.5 Analysis with Technology 4-28


4.5.6 Factors to Consider when Conducting Analytical Procedures 4-29


5 Audit Evidence 5-1


5.1 Assertions 5-4


5.2 Types of Audit Evidence 5-7


5.2.1 Sufficient Appropriate Audit Evidence 5-7


5.2.2 External Confirmations 5-9


5.2.3 Documentary Evidence 5-13


5.2.4 Representations 5-14


5.2.5 Verbal Evidence 5-17


5.2.6 Computational Evidence 5-17


5.2.7 Physical Evidence 5-18


5.2.8 Electronic Evidence 5-18


5.3 Persuasiveness of Audit Evidence 5-19


5.3.1 Internally Generated Evidence 5-19


5.3.2 Externally Generated Evidence Held by the Client 5-20


5.3.3 Externally Generated Evidence Sent Directly to the Auditor 5-20


5.4 Using the Work of an Expert 5-21


5.4.1 Assessing the Need to Use an Expert 5-21


5.4.2 Determining the Scope of the Work to Be Carried Out 5-21


5.4.3 Assessing the Competence and Capability of the Expert 5-22


5.4.4 Assessing the Objectivity of the Expert 5-22


5.4.5 Assessing the Expert’s Report 5-22


5.4.6 Responsibility for the Conclusion 5-22


5.5 Using the Work of Another Auditor 5-23


5.6 Evidence-Gathering Procedures 5-24


5.7 Drawing Conclusions 5-26


5.8 Documentation—Audit Working Papers 5-27


5.8.1 Permanent File 5-28


5.8.2 Current File 5-29


6 Sampling and Overview of the Risk Response Phase of the Audit 6-1


6.1 Audit Sampling 6-3


6.2 Sampling and Non-Sampling Risk 6-4


6.2.1 Sampling Risk and Tests of Controls 6-4


6.2.2 Sampling Risk and Substantive Procedures 6-5


6.2.3 Non-Sampling Risk 6-6


6.3 Statistical and Non-Statistical Sampling 6-7


6.4 Sampling Techniques and Factors Affecting Sampling 6-8


6.4.1 Sampling Techniques 6-8


6.4.2 Factors to Consider when Selecting a Sample 6-10


6.5 Factors that Influence the Sample Size—Testing Controls 6-12


6.6 Factors that Influence the Sample Size—Substantive Testing 6-13


6.6.1 Factors that Influence Sample Size when Performing Substantive Tests 6-13


6.6.2 Techniques for Performing Substantive Tests 6-14


6.7 Evaluating Sample Test Results 6-16


6.8 Tests of Controls and Substantive Procedures 6-18


6.8.1 Tests of Controls 6-19


6.8.2 Substantive Procedures 6-20


6.9 Nature, Timing, and Extent of Audit Testing 6-22


6.9.1 Nature of Audit Testing 6-22


6.9.2 Timing of Audit Testing 6-23


6.9.3 Extent of Audit Testing 6-24


7 Understanding and Testing the Client’s System of Internal Controls 7-1


7.1 The System of Internal Control Defined 7-4


7.2 Objectives of Internal Controls 7-5


7.3 System of Internal Controls 7-6


7.3.1 The Control Environment 7-7


7.3.2 The Entity’s Risk Assessment Process 7-10


7.3.3 Information Systems and Communication 7-11


7.3.4 Control Activities 7-12


7.3.5 Monitoring of Controls 7-14


7.3.6 Internal Control in Small Entities 7-15


7.4 Types of Controls 7-16


7.4.1 Preventive and Detective Controls 7-17


7.4.2 Manual and Automated Controls 7-20


7.5 Selecting and Designing Tests of Controls 7-24


7.5.1 Which Controls Should Be Selected for Testing? 7-24


7.5.2 How Much Testing Does the Auditor Need to Do? 7-25


7.6 Documenting and Testing Internal Controls 7-29


7.6.1 Documenting Internal Controls 7-29


7.6.2 Testing Internal Controls 7-30


7.7 Results of the Auditor’s Testing 7-33


7.8 Documenting Conclusions 7-35


7.9 Identifying Strengths and Weaknesses in a System of Internal Controls 7-37


7.10 Management Letters 7-38


8 Execution of the Audit—Performing Substantive Procedures 8-1


8.1 Overview of Substantive Procedures 8-3


8.1.1 Substantive Procedures and Assertions 8-3


8.1.2 Definition of Substantive Procedures 8-6


8.2 Relationship Between Risk Assessment and the Nature, Timing, and Extent of Substantive Procedures 8-8


8.3 Substantive Audit Procedures 8-10


8.3.1 Tests of Details 8-10


8.3.2 Analytical Procedures 8-12


8.3.3 Performing Substantive Testing Using Technology 8-15


8.4 Levels of Evidence 8-16


8.4.1 Persuasive 8-16


8.4.2 Corroborative 8-17


8.4.3 Minimal 8-18


8.4.4 General 8-19


8.5 Auditing Accounting Estimates 8-19


8.6 Evaluating and Documenting Substantive Analytical Procedures’ Results 8-21


8.6.1 Evaluating Errors Identified in Testing 8-22


8.6.2 Concluding and Documenting the Results of Substantive Procedures 8-22


9 Audit Data Analytics 9-1


9.1 What Are Data Analytics? 9-3


9.1.1 How Audit Data Analytics Are Used 9-4


9.1.2 When Audit Data Analytics Are Used 9-5


9.1.3 Techniques Used for Audit Data Analytics 9-6


9.2 Data Considerations 9-8


9.2.1 Types of Data 9-9


9.2.2 Data Access 9-9


9.2.3 Data Quality 9-9


9.2.4 Data Relevance and Reliability 9-10


9.2.5 Documentation 9-12


9.2.6 The Data Life Cycle 9-12


9.3 The Audit Data Analytic (ADA) Five-Step Process 9-13


9.3.1 Plan the ADA 9-14


9.3.2 Access and Prepare the Data 9-15


9.3.3 Consider the Data’s Relevance and Reliability 9-16


9.3.4 Perform the ADA 9-16


9.3.5 Evaluate the Results 9-17


9.3.6 Additional Issues to Consider when Performing an ADA as a Risk Assessment Procedure 9-18


9.4 Audit Data Analytics as a Substantive Analytical Procedure 9-24


9.4.1 Regression Analysis 9-24


9.5 Audit Data Analytics as a Substantive Test 9-27


9.5.1 Substantive Testing 9-27


9.5.2 ADA Example of Accounts Receivable and Revenue 9-28


9.5.3 ADA Example of Payroll 9-30


9.6 Features of a Good Visualization 9-33


10 Auditing Sales and Receivables 10-1


10.1 Audit Objectives 10-3


10.2 The Process for Credit Sales Transactions 10-6


10.2.1 Credit Sales Transactions 10-6


10.2.2 Cash Receipts Transactions 10-9


10.2.3 Sales Adjustment Transactions 10-11


10.3 Audit Strategy 10-12


10.3.1 Understanding the Entity and Its Environment 10-12


10.3.2 Analytical Review 10-13


10.3.3 Inherent Risk Assessment 10-13


10.3.4 Internal Controls 10-15


10.3.5 Final Assessment 10-20


10.4 Determining an Acceptable Level of Detection Risk 10-21


10.5 Designing Substantive Procedures 10-23


10.5.1 Initial Procedures 10-25


10.5.2 Analytical Procedures 10-25


10.5.3 Tests of Details of Transactions 10-26


10.5.4 Tests of Details of Balances 10-27


10.5.5 Evaluating Adequacy of the Allowance for Doubtful Accounts 10-31


10.5.6 Disclosure 10-31


11 Auditing Purchases, Payables, and Payroll 11-1


11.1 Audit Objectives 11-3


11.2 The Process for Purchase Transactions 11-6


11.2.1 Purchase Transactions 11-6


11.2.2 Payment Transactions 11-10


11.3 The Process for Payroll Transactions 11-11


11.3.1 Hiring Employees 11-12


11.3.2 Authorizing Payroll Changes 11-13


11.3.3 Preparing Attendance and Timekeeping Data 11-13


11.3.4 Preparing the Payroll 11-13


11.3.5 Recording the Payroll 11-13


11.3.6 Paying the Payroll and Protecting Unclaimed Wages 11-14


11.4 Audit Strategy 11-15


11.4.1 Understanding the Entity and Its Environment 11-15


11.4.2 Analytical Review 11-16


11.4.3 Inherent Risk Assessment 11-16


11.4.4 Internal Controls 11-17


11.4.5 Final Assessment 11-23


11.5 Determining an Acceptable Level of Detection Risk 11-24


11.6 Designing Substantive Procedures 11-26


11.6.1 Initial Procedures 11-27


11.6.2 Analytical Procedures 11-28


11.6.3 Tests of Details of Transactions 11-28


11.6.4 Tests of Details of Balances 11-29


11.6.5 Disclosure 11-31


12 Auditing Inventories and Property, Plant, and Equipment 12-1


12.1 Audit Objectives: Inventory 12-4


12.2 Custody of Inventory and Maintenance of Inventory Records 12-5


12.2.1 Maintaining Inventory Records 12-6


12.2.2 Physical Comparison of Inventory with Inventory Records 12-7


12.2.3 Determining and Recording Inventory Costs 12-9


12.3 Audit Strategy: Inventory 12-10


12.3.1 Inherent Risk Assessment 12-10


12.3.2 Control Risk Assessment 12-12


12.4 Substantive Procedures for Inventories 12-14


12.4.1 Initial Procedures 12-16


12.4.2 Analytical Procedures 12-16


12.4.3 Tests of Details of Transactions 12-17


12.4.4 Tests of Details of Balances 12-17


12.4.5 Testing Inventory Pricing 12-20


12.4.6 Confirming Inventories at Locations Outside the Entity 12-21


12.4.7 Examining Consignment Agreements and Contracts 12-22


12.4.8 Disclosure 12-22


12.5 Audit Objectives: Property, Plant, and Equipment 12-23


12.6 Audit Strategy 12-25


12.7 Designing Substantive Procedures for Property, Plant, and Equipment 12-26


12.7.1 Initial Procedures 12-28


12.7.2 Analytical Procedures 12-29


12.7.3 Tests of Details of Transactions 12-29


12.7.4 Tests of Details of Balances 12-30


12.7.5 Disclosure 12-31


13 Auditing Cash and Investments 13-1


13.1 Audit Objectives for Cash 13-4


13.2 Audit Strategy for Cash 13-5


13.2.1 Bank Reconciliations 13-6


13.2.2 Imprest Accounts 13-6


13.3 Substantive Procedures for Cash Balances 13-9


13.3.1 Initial Procedures 13-9


13.3.2 Analytical Procedures 13-9


13.3.3 Tests of Details of Transactions 13-9


13.3.4 Tests of Balances 13-12


13.3.5 Disclosure 13-16


13.4 Special Considerations for Cash Balances 13-17


13.4.1 Detecting Lapping 13-17


13.4.2 Auditing Imprest Petty Cash Funds 13-19


13.4.3 Auditing Imprest Bank Accounts 13-19


13.5 Audit Objectives for Investments 13-20


13.6 Audit Strategy for Investments 13-21


13.6.1 Control Environment 13-22


13.6.2 Functions and Related Controls 13-22


13.7 Substantive Procedures for Investments 13-23


13.7.1 Initial Procedures 13-24


13.7.2 Analytical Procedures 13-25


13.7.3 Tests of Details of Transactions 13-25


13.7.4 Tests of Details of Balances 13-25


13.7.5 Disclosure 13-26


13.8 Auditing Consolidated Financial Statements 13-27


13.8.1 Audit Strategy for Consolidated Financial Statements 13-28


13.8.2 Substantive Procedures 13-28


14 Completing and Reporting on the Audit 14-1


14.1 Engagement Wrap-Up 14-5


14.1.1 Sufficient Appropriate Audit Evidence 14-7


14.1.2 Evaluating Audit Evidence 14-7


14.2 Going Concern 14-8


14.3 Contingent Liabilities 14-10


14.4 Subsequent Events 14-11


14.4.1 Type 1 Subsequent Events 14-12


14.4.2 Type 2 Subsequent Events 14-12


14.4.3 Procedures Used When Conducting a Subsequent Events Review 14-12


14.4.4 Auditor Responsibility for Subsequent Events 14-14


14.5 Misstatements 14-15


14.5.1 Current-Year Misstatements 14-16


14.5.2 Prior-Year Misstatements 14-17


14.5.3 Qualitative Considerations 14-18


14.6 Evaluating the Conclusions and Forming an Opinion 14-19


14.7 Components of the Audit Report 14-20


14.8 Identification of the Types of Modifications to an Audit Report 14-22


14.8.1 Emphasis of Matter and Other Matters 14-23


14.8.2 Inability to Obtain Appropriate Audit Evidence 14-24


14.8.3 Material Misstatement of Financial Statements 14-27


14.9 Communication with Those Charged with Governance 14-30


14.9.1 Audit Matters of Governance Interest to Be Communicated 14-30


14.9.2 Documentation Considerations 14-31


14.10 Other Engagements 14-32


14.10.1 Reports Prepared in Accordance with a Special Purpose Framework 14-32


14.10.2 Reports on a Component of the Financial Statements 14-33


14.10.3 Review Engagements 14-33


14.10.4 Review Engagements on Interim Financial Statements 14-34


14.10.5 Assurance Engagements 14-35


14.10.6 Compliance Engagements 14-36


14.10.7 Reporting on Controls 14-37


14.10.8 Reports on Supplementary Matters 14-37


14.10.9 Reports on the Results of Applying Specified Procedures to Financial Information Other Than Financial Statements 14-37


14.10.10 Reports on the Application of Accounting Principles 14-38


14.10.11 Reports Used in an Offering Document or Designated Document 14-38


Appendix A Cloud 9 Ltd. A-1


Cloud 9 Ltd. Company Background A-1


Personnel A-2


Financial Information A-2


Glossary G-1


Index I-1