Task 1:

Here we use a practitioner approach, the four-phase process most common in

professional literature:

■ phase one – formulate expectations (expectations);

■ phase two – compare the expected value to the recorded amount (identification);

■ phase three – investigate possible explanations for a difference between expected

and recorded values (investigation);

■ phase four – evaluate the impact of the differences between expectation and

recorded amounts on the audit and the financial statements (evaluation)..

Phase One

In phase one of the analytical review process, the auditor develops expectations of

what amounts should appear in financial statement account balances based on prior

year financial statements, budgets, industry information and non-financial

information.

Expectations are the auditor’s estimations of recorded accounts or ratios. The

auditor develops his expectation in such a way that a significant difference

between it and the recorded amount will indicate a misstatement.

Forming an expectation is the most important phase of the analytical procedure

process. The closer the auditor’s expectation is to the correct balance or

relationship, the more effective the procedure will be at identifying potential

misstatements.

Expectations are formed from a variety of sources. Research7 suggests that the use

of industrial, economic, or environmental data can improve the predictive ability of

analytical procedures. Other resources include industry data, data about similar

businesses, and auditor experience. Expectations are also based on the entities prior

financial statements, same store sales, non-financial data, budgets and public

reports.

Phase Two

Phase two of the analytical review process (identification) is when the auditor

compares his expected value with the recorded amount. Audit efficiency and

effectiveness depend on competency in recognizing error patterns in financial data

and in hypothesizing likely causes of those patterns to serve as a guide for further

testing.

The auditor must consider how large a difference between expected value and

recorded amount he will accept. In other words, at what point is the difference
material (e.g. if the difference is 20 percent)? This point could be called a

materiality threshold.

In substantive testing, an auditor testing for the possible misstatement of the book

value of an account determines whether the audit difference was less than the

auditor’s materiality threshold. If the difference is less than the acceptable

threshold, the auditor accepts the book value without further investigation. If the

difference is greater, the next step is to investigate the difference.

Phase Three

In phase three of the analytical review process (investigation), the auditor

undertakes an investigation of possible explanations for the expected recorded

amount difference. The difference between an auditor’s expectation and the

recorded book value of an account not subject to auditing procedures can be due to

misstatements, inherent factors that affect the account being audited, and factors

related to the reliability of data used to develop the expectation.

The greater the precision of the expectation, the more likely the difference between

the auditor’s expectation and the recorded value will be due to misstatements.

Conversely, the less precise the expectation, the more likely the difference is due to

factors related to inherent factors, and the reliability of data used to develop the

expectation.
Inquiries and Corroboration of Differences

Where differences between expectation and recorded amounts are found, the first

step is usually to ask management for an explanation. However, it is important that

the auditor maintains his professional skepticism when considering these answers

and it is suggested that the auditor conduct other audit procedures to corroborate

them. When analytical procedures are used in the planning phase, corroboration is

not immediately required because the purpose of analytical procedures in planning

is to chart the work to follow.

Phase Four

The final phase (phase four – evaluation) of the analytical review process involves

evaluating the impact on the financial statements of the difference between the

auditor’s expected value and the recorded amount. It is usually not practical to

identify factors that explain the exact amount of a difference investigated. The

auditor attempts to quantify that portion of the difference for which plausible

explanations can be obtained and, where appropriate, corroborated. If the amount

that cannot be explained is sufficiently small, the auditor may conclude there is no

material misstatement.
Task 2:

Generalized Audit Software (GAS)

Generalized audit software (GAS) packages contain numerous computer-assisted

audit techniques for both doing analytical procedures and statistical sampling

bundled into one piece of software. There are widely used GAS packages such as

ACL22 and Idea, and the Big Four audit firms have their own software such as

Deloitte and Touche’s STAR and MINI MAX. GAS packages provide the auditors

with the ability to access, manipulate, manage, analyze, and report data in a variety

of formats. This software allows the auditor to move from analytical procedures to

statistical sampling for analytical procedures fairly easily.

File Interrogation Procedures Using GAS

Using GAS in an audit requires converting client data into a common format and

then analyzing the data. This is generally referred to as file interrogation. File

interrogation is a CAAT that allows the auditor to perform automated audit

routines on client computer data. It is a method of using a computer to capture

accounting data and reports and test the information contained therein. Because the

nature of audit evidence changes, audit techniques that take advantage of

technology are often more appropriate than traditional auditing techniques. In

sophisticated environments, file interrogation techniques can often create

efficiency and improve the quality of audit work.

Extracting information that meets specific criteria, selecting information, and

testing the accuracy of calculations can be done with file interrogation. CAATs

used in GAS allows auditors to analyze and test every item on a report to

determine whether it meets predefined criteria, identify significant differences,

create an independent report of exceptions, select an audit sample, and export the

results into audit software.

Audit Tasks

In general terms, file interrogation can accomplish the following six types of audit

tasks:

1 convert client data into common format;

2 analyze data;

3 compare different sets of data;

4 confirm the accuracy of calculations and make computations;

5 sample statistically;

6 test for gaps or duplicates in a sequence.

We will discuss the first three audit tasks in this section. For a discussion of the last

three items (confirm accuracy of the calculations, statistical sampling, and tests for

gaps)

Convert Data Into a Common Format

The auditor can use GAS (e.g. ACL)) to convert client data into a common format

that can be manipulated by the software. Audit work is more efficient since data

does not have to be manually entered and the conversion is usually performed with

100 percent accuracy. The data can then be used by the GAS or exported as several

formats such as plain text, comma delimited, XML, Microsoft Word, Excel, or

Access. Analyze Data

GAS can handle large volumes of data quickly. Often, file interrogation can be

used to analyze an entire population in less time than it would take to test a sample

of items manually. The auditor can identify all records in a data file that meet

specified criteria or reformat and aggregate data in a variety of ways.

Audit tests that can be performed with GAS include the following:

■ Identify all inventory items relating to products no longer sold.

■ Select all inventory items with no recorded location.

■ Summarize inventory items by location to facilitate physical observation.

■ Review account receivable balances for amounts over credit limits or older than

a specified period.

■ Summarize accounts receivable by age for comparison to the client’s schedules.

■ Review inventory quantities and unit costs for negative or unusually large

amounts.

■ Isolate all inventory items that have not moved since a specified date.

■ Review assets for negative net book values.

■ Summarize inventory by age to assess the reasonableness of obsolescence

provisions.

Compare Different Sets of Data

If records on separate files contain comparable data, GAS can be used to compare

the different sets of data. For example, the auditor could compare the following:

■ changes in accounts receivable balances between two dates with the details of

sales and cash receipts on transaction files;

■ payroll details with personnel records;

■ current inventory files with prior period files to identify potentially obsolete or

slow moving items;

■ portfolio positions recorded in the accounting records of an investment company

with the records maintained by the custodian.

Task 3:

Elements of a System of Quality Control

The elements of quality control policies adopted by an audit firm normally

incorporate policies related to general firm activities and personnel. General firm

activities for which quality control policies and procedures are required include

leadership responsibilities for quality within the firm, acceptance and retention of

clients, engagement performance, and monitoring. Quality controls applied to

human resources include ethical requirements. The quality control policies and

procedures should be documented and communicated to the firm’s personnel.

■ Quality Control Leadership

The firm should establish policies and procedures designed to promote an internal

culture based on the recognition that quality is essential in performing

engagements. Such policies and procedures should require the firm’s chief

executive officer (or equivalent) or, if appropriate, the firm’s managing board of

partners (or equivalent), to assume ultimate responsibility for the firm’s system of

quality control. That person should have sufficient and appropriate experience and

ability to assume the responsibility.

■ Ethical and Independence Requirements

The firm should establish policies and procedures designed to provide it with

reasonable assurance that the firm and its personnel comply with relevant ethical

requirements and maintain independence where required by the IFAC Code and

national ethical requirements. The firm should establish policies to insure that it is

notified of breaches of independence requirements, and to enable it to take

appropriate actions to resolve such situations. At least annually, the firm should

obtain written confirmation of compliance with its policies and procedures on

independence from all applicable firm personnel. The audit firm should establish

policies and procedures:

■ setting out criteria for determining the need for safeguards to reduce the

familiarity threat to an acceptable level when using the same senior personnel on

an assurance engagement over a long period of time;

■ for all audits of financial statements of listed entities, requiring the rotation of the

engagement partner after a specified period in compliance with the IFAC Code and

national ethical requirements that are more restrictive.

■ Acceptance and Continuance of Client Relationships and Specific Engagements

The firm should establish policies and procedures for the acceptance and

continuance of client relationships and specific engagements, designed to provide

it with reasonable assurance that it:

■ has considered the integrity of the client and does not have information that

would lead it to conclude that the client lacks integrity;

■ is competent to perform the engagement and has the capabilities, time and

resources to do so;

■ can comply with ethical requirements.

When deciding to continue an existing engagement or accept a new engagement

with an existing client, and where difficult issues have been identified, the firm

should document how the issues were resolved. Where the firm obtains

information that would have caused it to decline an engagement if that information

had been available earlier, the firm should consider the professional and legal

responsibilities that apply to the circumstances and the possibility of withdrawing

from the engagement or from both the engagement and the client relationship.

An evaluation of prospective clients and a review, on an ongoing basis, of existing

clients should be conducted. The continued adequacy and operational effectiveness

of quality control policies and procedures require monitoring. The firm’s general
quality control policies and procedures should of course be communicated to its

personnel.

■ Engagement Quality Control Review

The audit firm should establish policies and procedures for an engagement quality

control review that provides an objective evaluation of the significant judgments

made by the engagement team. Firms should require an engagement quality control

review for all audits of financial statements of listed entities. They should set

policies for assurance and related services engagements, and all other audits and

reviews of historical financial information.

The work performed by each person in the audit team may be reviewed by

personnel of at least equal competence to consider whether:

■ The work has been performed in accordance with the audit program.

■ The work performed and the results obtained have been adequately documented.

■ All significant audit matters have been resolved or are reflected in audit

conclusions.

■ The objectives of the audit procedures have been achieved.

■ The conclusions expressed are consistent with the results of the work performed

and support the audit opinion.

■ Monitoring

The firm should establish policies and procedures to see that quality control

systems are relevant, adequate, operating effectively, and complied with in

practice. Such policies and procedures should include ongoing evaluation and a

periodic inspection of a selection of completed engagements.

At least annually, the firm should communicate the results of the monitoring of its

quality control system to engagement partners and other appropriate individuals

within the firm. Such communication should include the following:

■ a description of the monitoring procedures performed;

■ the conclusions drawn from the monitoring procedures;

■ where relevant, a description of systemic, repetitive or other significant

deficiencies and of the actions taken to resolve or amend those deficiencies.

Supervisory personnel should:

1 Monitor the progress of the audit to consider whether:

a assistants have the necessary skills and competence to carry out their assigned

tasks;

b assistants understand the audit directions;

c the work is being carried out in accordance with the overall audit plan and the

audit program.

2 Become informed of and address significant accounting and auditing questions

raised during the audit, by assessing their significance and modifying the overall

audit plan and the audit program as appropriate.

3 Resolve any differences of professional judgment between personnel and

consider the level of consultation that is appropriate.

■ Human Resources

The firm should establish policies and procedures to insure that it has sufficient

personnel with the capabilities, competence, and ethical commitment to perform its

engagements in line with professional standards and regulatory and legal

requirements. The firm should assign responsibility for each engagement to an

engagement partner with the appropriate capabilities, competence, authority, and

time to perform the role. The firm should also assign appropriate staff with the

necessary capabilities.

Presently two IAASB standards apply to audit quality: International Standards on

Quality Control (ISQC) and ISA 220, “Quality Control For Audit Work.” IAASB

issues International Standards on Quality Control (ISQCs) as the standards to be

applied for all services falling under the Standards of the IAASB (i.e. ISAs,
International Standards on Assurance Engagements (ISAEs), and International

Standards on Related Services (ISRSs)).

ISA 220 establishes standards and provides guidance on specific quality control

procedures only for audit engagements. ISA 220 includes specific requirements for

an engagement quality control reviewer to perform an objective evaluation of

compliance with applicable professional standards.