Summary Chapter Notes Combined With Lecture Notes Chapter 12458 10

lOMoARcPSD|3622993
Summary - Chapter notes combined with lecture notes -

chapter 1,2,4,5,8-10
Auditing and Assurance Services (Western Sydney University)
StuDocu is not sponsored or endorsed by any college or university

Downloaded by Ramon Absin (absinramon@gmail.com)
lOMoARcPSD|3622993
CHAPTER 1 INTRODUCTION AND OVERVIEW OF AUDIT AND

ASSURANCE
1. What is assurance and what are the different types and levels of assurance?
An assurance engagement is defined as ‘an engagement in which an assurance practitioner
expresses a conclusion designed to enhance the degree of confidence of the intended users
other than the responsible party about the outcome of the evaluation or measurement of a
subject matter against criteria.’ An assurance practitioner may be, for example, an auditor
working in public practice providing assurance on financial reports of publicly listed
companies or a consultant providing assurance about environmental disclosures.
• ‘intended users’ - the people for whom the auditor prepares their report.
Example: shareholders, creditors, employees
• ‘responsible party’ - the person or organisation responsible for preparing the
financial statements. Example: company management
• ‘subject matter’ – that which the auditor is expressing a conclusion on. Example:
financial reports
• ‘criteria’ – the rules or principles by which the subject matter is being evaluated.
Example: Accounting standards and interpretations and Corporations laws
2. What are the different responsibilities of financial report preparers and auditors?
THE MOST COMMON ASSURANCE SERVICES ARE:
1. FINANCIAL REPORT AUDITS
An engagement designed to express an opinion about whether the report is
prepared in all material respects in accordance with a financial reporting framework
(ASA 200, para. 11; ISA 200, para 11).
Fnancial report audit provides reasonable assurance about whether the financial report is
prepared in all material respects in accordance with a financial reporting framework
Under sections 295(4)(c) and 295A of the Act, directors of the reporting entity must declare
whether the reporting entity will be able to pay its debts as and when they become due,
whether the financial records have been properly maintained, whether the financial report
and notes comply with Australian Accounting Standards including interpretations, and
whether the financial report and notes give a true and fair view - refers to the consistent
and faithful application of accounting standards in accordance with the financial reporting
framework when preparing the financial report (ASA 200, para. 13; ISA 200, para.13)
The auditor must be independent of the company they audit, exercise due professional
care, and comply with Auditing and Assurance.
LIMITATIONS OF A FINANCIAL REPORT AUDIT:

• There is no guarantee that the financial report is free from error or fraud.
• The nature of audit procedures and processes are required to be performed
within a reasonable period and at a reasonable cost. (ASA 200, ISA 200)
• Judgement is required in the process of preparation of the financial statements.

lOMoARcPSD|3622993
2. COMPLIANCE AUDIT
Involves gathering evidence to ascertain whether rules, policies, procedures, laws
and regulations have been followed.
– A tax audit is an example of a compliance audit.
3. PERFORMANCE AUDIT
Refers to the economy, efficiency and effectiveness of an organisation’s activities.
– Usually done by internal auditors or can be outsourced to external auditors.
Economy refers to the cost of inputs, including wages and materials. Efficiency refers
to the relationship between inputs and outputs. Specifically, efficiency refers to the
use of the minimum amount of inputs to achieve a given output. Finally,
effectiveness refers to the achievement of certain goals or the production of a
certain level of outputs.
For example, if buying cheap inputs results in an inefficient production process,
efficiency may be seen to be sacrificed to achieve economic goals.
4. COMPREHENSIVE AUDIT
Combines elements of financial report audit, compliance audit and performance
audit. Eg an auditor may report on whether an entity has met its efficiency targets.
– Often occur in the public sector.
5. INTERNAL AUDIT
Provides assurance about various aspects of an organisation’s activities.
The internal audit function is typically conducted by employees of the organisation
being audited, but can be outsourced to an external audit firm. A semi-independent
service within an entity which generally evaluates and improves risk management,
internal control procedures and elements of the governance process
– Often contain elements of performance audits, compliance audits, internal
control assessments and reviews.
6. CORPORATE SOCIAL RESPONSIBILITY (CSR) ASSURANCE

– Includes voluntary reporting about environmental, employee and social
subject matter.
– Incorporates both financial and non-financial information.
– Auditor must consider environmental issues on their clients’ financial reports
(AGS 1036) even if reports do not include any disclosures.
Consulting firms non-audit firms that provide assurance services on information such
as corporate social responsibility and environmental disclosures
2. Why is there a demand for assurance services and what regulation exists to ensure it
meets the demand?
The users of the financial statements are not limited to the shareholders or owners
of the business.
Other users can include:
 Investors: can include current or potential investors. Decisions include to buy,
hold or sell stake in the organisation.

lOMoARcPSD|3622993
 Suppliers: may want to assess whether the entity can pay them back for
goods supplied.
 Customers: may look into going concern if it is to rely on the entity for goods.
Lenders: to assess whether loan repayments can be made as and when they fall due.
Employees: to assess whether they can pay entitlements, and stability may be assessed
for job security.
Governments: whether the entity is complying with regulations and paying appropriate
taxes.
General public: whether they should associate with the entity (future employee,
customer or supplier,) what it does and plans to do in future.
REASONS WHY USERS DEMAND FINANCIAL REPORT AUDITS INCLUDE:

1. Remoteness: users do not have access to information themselves.
2. Complexity: users do not have knowledge to be able to make disclosure
choices.
3. Competing incentives: users may find it difficult to identify when the
incentives of management have been over-represented.
4. Reliability: as decisions are being made based on information presented, it is
important that it be reliable.
Role of an auditor is different to the role of an accountant, auditor role would be saying
this are the things we found if you continue with those reports, if you don’t want to
change them that’s fine these are the reports we will give, if you do change them it will
be a different report, they are meant to review the statements they are presented with.
THE DEMAND FOR AUDIT CAN BE EXPLAINED BY THE FOLLOWING THREE THEORIES:
1. AGENCY THEORY: Due to the remoteness of the owners from the entity, the owners
have an incentive to hire an auditor to assess information provided by management.
2. INFORMATION HYPOTHESIS: Due to the need for reliable information, users will
demand that information be audited to aid in decision making.
3. INSURANCE HYPOTHESIS: Investors demand audited financial statements to insure
against potential losses.
Demand in a Voluntary Setting

• It is becoming more common to voluntarily disclose CSR information in various
forms.
• This is as stakeholders are demanding information regarding the entity’s impact on
the environment and actions taken to reduce their impact.
• Entities are not currently required to have CSR disclosures assured.
• These services are provided to meet user demands for high-quality, reliable
information and to demonstrate a high level of corporate social responsibility.
AUDITORS MAY PROVIDE VARYING LEVELS OF ASSURANCE WHEN CONDUCTING

ASSURANCE ENGAGEMENTS.
1. Reasonable assurance
2. Limited assurance
3. No assurance

lOMoARcPSD|3622993
• The culmination of the auditor’s work is a report. For financial report audits it
expresses their opinion of the financial statements (which is the type of audit we will
focus on in this unit)
• The audit report is based on the evidence gathered during the audit process
• The different types of reports that auditors can issue are summarised in section 1.4
of the text but these will be covered later in the semester in conjunction with
Chapter 12.
4. What is the audit expectation gap and how can it be reduced?

The audit expectation gap occurs when there is a difference between the expectations of
assurance providers and financial report users.
IS THE DIFFERENCE BETWEEN THE EXPECTATIONS OF ASSURANCE PROVIDERS AND
FINANCIAL REPORT OR OTHER USERS.
• Can be caused by unrealistic expectations including:
– The auditor providing a complete assurance.
– The auditor guaranteeing future viability of entity.
– An unqualified opinion denotes complete accuracy.
– The auditor will find all frauds.
• We know these cannot be met by the auditor.
THE EXPECTATION GAP CAN BE REDUCED BY:
– Auditors performing their duties appropriately
– Undertaking peer reviews of work performed
– Reviewing and updating auditing standards.
– Educating the public.
– Enhanced reporting explaining audit processes and levels of opinion auditors
provide to the entity.
– Greater attention to the risk of material fraud occurring.

lOMoARcPSD|3622993
CHAPTER 2: ETHICS, LEGAL LIBABILITY AND CELIENT ACCEPTANCE

What are the fundamental principles of professional ethics?
It is the responsibility of every member of the accountancy profession to act in the public
interest, members should be mindful of how their actions affect others. The public refers to
clients, credit providers, governments, employers, employees, investors, the business
community, the financial community and others who rely on the work produced by
members of the professional bodies. The fundamental ethical principles that apply to all
members of the professional bodies are to act with integrity, objectivity, professional
competence and due care, confidentiality and professional behaviour (APES 110, s. 100.5).
Non-compliance can lead to disciplinary measures by the member’s professional body (that
is, the ICAA, CPA Australia or the IPA).
Integrity
Integrity (section 110 of APES 110) the obligation that all members of the professional
bodies be straightforward and honest.
Objectivity
(Section 120 of APES 110) refers to the obligation that all members of the professional
bodies not allow their personal feelings or prejudices to influence their professional
judgement. Members should be unbiased and not allow a conflict of interest or the
influence of others to impair their decision process. When faced with such a situation, a
member shall not perform a service if a circumstance or relationship biases or unduly
influences the member’s professional judgment with respect to that service.
Professional competence and due care

(Section 130 of APES 110) Professional competence and due care refers to the obligation
that all members maintain their knowledge and skills at a level required by the professional
bodies. According to section 130 of APES 110, members must attain a level of competence
and keep up-to-date with changes in regulations and standards. due care the obligation to
complete each task thoroughly, document all work and finish on a timely basis.
Confidentiality
(Section 140 of APES 110). Confidentiality refers to the obligation that all members of the
professional bodies refrain from disclosing information to people outside of their workplace
that is learned as a result of their employment. Members must maintain confidentiality,
including in a social environment. Members are also not allowed to use information, that is
not publicly available, gained as a result of their employment to their advantage or to the
advantage of another person (for example, using information learned at a client to trade
shares).
Professional behaviour
(Section 150 of APES) Professional behaviour refers to the obligation that all members of
the professional bodies comply with rules and regulations and ensure that they do not harm
The reputation of the profession. Should be honest in their representations to current and
prospective clients.

lOMoARcPSD|3622993
Why is auditor independent critical to the audit function, and how is it achieved?
independence the ability to act and be seen to act with integrity, objectivity and
professional skepticism. Independence is essential when complying with the ethical
principles to act with integrity and objectivity. (APES 110, section 290) Independence —
assurance engagements’ deals with auditor independence. An external auditor is often
referred to as an independent auditor, which highlights the importance of independence in
every audit engagement. If an auditor is not independent of their client, it will affect the
credibility and reliability of the financial report. It is vital that financial report users believe
that the external auditor is independent of the company they audit.
According to APES 110, section 290 there are two forms of independence:
Independence of mind is the ability to act with integrity, objectivity and professional
scepticism. It is the ability to make a decision that is free from bias, personal beliefs and
client pressures.
Independence in appearance is the belief that independence of mind has been achieved. It
is not enough for an auditor to be independent of mind; they must also be seen to be
independent. Auditors must consider their actions carefully and ensure that nothing is done
to compromise their independence both of mind and in appearance.
It is the responsibility of every auditor to consider potential threats to their independence
and to seek out appropriate safeguards to reduce those threats to the extent possible. If a
threat to an auditor’s independence appears insurmountable for a particular client, an
auditor should consider discontinuing as the auditor of that client.
APES 110, section 290 sets out a conceptual framework to help members identify threats to
independence, evaluate the significance of those threats and apply safeguards to minimise
those threats.
(a) identify threats to independence
(b) evaluate the significance of the threats identified
(c) apply safeguards, when necessary, to eliminate the threats or reduce them to an
acceptable level.
Threats to independence
The Code of Ethics for Professional Accountants identifies five key threats to auditor
independence (APES 110, s. 290). They are the self-interest, self-review, advocacy,
familiarity and intimidation threats.
Self-interest threat (APES 100, section 290) Self-interest threat refers to the threat that can
occur when an accounting firm or its staff has a financial interest in an audit client. For
example; a member of the assurance team having a significant close business relationship
with an assurance client or a member of the audit team entering into employment
negotiations with the audit client.
Self-review threat (Section 200.5 of APES 110) Self-review threat refers to the threat that
can occur when the assurance team need to form an opinion on their own work or work
performed by others in their firm. For example: a firm issuing an assurance report on the
effectiveness of the operation of financial systems after designing or implementing the
systems or a member of the assurance team being, or having recently been, a director or
officer of the client

lOMoARcPSD|3622993
Advocacy threat
(200.6 of APES 110) Advocacy threat refers to the threat that can occur when an accounting
firm or its assurance staff acts, or is believed to act, on behalf of its assurance client. The
objectivity of the assurance provider may come under question. For example the firm
promoting shares in an audit client or a member acting as an advocate on behalf of an audit
client in litigation or disputes with third parties.
Familiarity threat (Section 200.7 of APES 110) Familiarity threat refers to the threat that can
occur when a close relationship exists or develops between the assurance firm and the
client or between members of the assurance team and directors or employees of the client.
The assurance team become too sensitive to the needs of the client and lose their
objectivity. For example; a member of the engagement team having a close or immediate
family member who is a director or officer of the client or senior personnel having a long
association with the assurance client.
Intimidation threat (Section 200.8 of APES 110) Intimidation threat refers to the threat that
can occur when a member of the assurance team feels threatened by the client’s staff or
directors. The assurance team member is unable to act objectively, believing that if they do
so there may be some negative. For example, a firm being threatened with dismissal from a
client engagement or an audit client indicating that it will not award a planned non-
assurance contract to the firm if the firm continues to disagree with the client’s accounting
treatment for a particular transaction.
Safeguards to independence
Safeguards are mechanisms that have been developed by the accounting profession,
legislators, regulators, clients and accounting firms (APES 110, s. 290). They are used to
minimize the risk that a threat will surface (for example, through education) and to deal
with a threat when one becomes apparent (for example, through reporting processes within
the assurance firm).
SAFEGUARDS TO INDEPENDENCE
1. Created by profession, legislation or regulation
• Quality control standards
• Code of ethics
• Legislative requirement to be independent
2. Created by clients
• Corporate governance
• Policies and procedures
3. Created by accounting firms
• Quality control procedures
• Client acceptance and continuance
What is the auditor’s legal liability to parties that use audit reports?
The auditor must be diligent in applying technical and professional standards, and
document each stage in the audit process. If the auditor is found to be negligent (to have
not exercised due care) they may be sued for damages by their client or a third party.
Under tort law, to prove that an auditor has been negligent it must be established that:

lOMoARcPSD|3622993
• a duty of care was owed by the auditor

• there was a breach of the duty of care
• a loss was suffered as a consequence of that breach.
Legal liability to clients

A client can establish that its auditor owes them a duty of care using either the tort of
negligence or contract law. Under the tort of negligence, the client must prove that the
auditor failed in the performance of their audit by being careless and breaching their duty of
care. Under contract law, the client must establish that the auditor breached the duty of
care to their client that is implicit in agreeing to act as auditor, and made explicit in an
engagement letter. To prove that an auditor has been negligent, a plaintiff, whether a client
or a third party, must establish, for example, that an auditor did not comply with auditing
standards, ethical pronouncements, an element of the law in place at the time of
conducting their audit or apply due care when conducting their audit.
Key Cases
London and General Bank Ltd - account receivable was over stated, didn’t put it in the
reports, but said it was going to be in the general meeting, you have to provide it to the
share holders, but to the chief of the company, the auditor was announced guilty in this
case, reasonable care and skill
Kingston Cotton Mill - managers of the company overvalued it inventory, auditor didn't’t
check the value of inventory at the time 1896 that how it was operated, manager gave
certificate of value these days it is not good auditing, the judge said it wasn’t looking for
fraud by the managers, if it comes across its wrong they should investigate ate not look for
wrong doing.
Pacific Acceptance - finance company that gave loans based on doge information that didn’t
have enough security, auditor used no efficient staff, and didn’t supervise them, company
lost business and the auditor was responsibility. (replace London and kington case)
HIH - auditor did a bad job, he got soft, lost independence, he didn’t stand up didn’t want to
lose the client.
Centro – settle out before court, two aspect to it, joint responsibility between manager and
auditor, the auditor duties making sure advise shareholder of problems - in class exercise
Legal liability to third parties

Third parties include anyone other than the client and its shareholders who uses the
financial report to make a decision (for example, creditors). Generally do not have a
contractual relationship with the auditor, they must rely on tort law. If they are able to
prove that such a duty is owed, third parties must provide evidence that the auditor was
negligent and that the third party suffered a loss as a result of that negligence.
Key Cases:
– Candler (1951) auditors liable to third parties that the auditors know their clients
will show the accounts to [UK Case]. – liable if they know which third party is going
to use it, only to those who rely on the report – the judges call.
– Scott Group (1978) auditors liable to third parties that they can reasonably foresee
may rely on the financial report of their client [This NZ decision widened auditor
liability]. Assets were overstated, but it wasn’t so they tried to sue the auditor, but
they didn’t, audit report should know what reason they will use it therefore they can

lOMoARcPSD|3622993
focus more on those part and duty of care is owed.

How should an auditor decide which clients are to be accepted and retained?
THE FIRST STAGE IN ANY AUDIT IS THE CLIENT ACCEPTANCE OR CONTINUANCE DECISION.
• Step 1: Assess client integrity
• Step 2: Assess audit firm’s ability to meet ethical requirements, service client
• Step 3: Prepare client engagement letter
Assessing client integrity the auditor will consider:

• the reputation of the client, its management, directors and keym stakeholders
• the reasons provided for switching audit firms (client acceptance decision)
• the client’s attitude to risk exposure and management
• the client’s attitude to the implementation and maintenance of adequate internal
controls to mitigate (minimise) identified risks
• the appropriateness of the client’s interpretation of accounting rules
• the client’s willingness to allow the auditor full access to information required to form
their opinion
• the client’s attitude to audit fees and its willingness to pay a fair amount for the work
completed.

lOMoARcPSD|3622993
CHAPTER 4 RISK ASSESSMENT 2

1. What is audit risk and what are the components of the audit risk model?
AUDIT RISK is the risk that an auditor expresses an inappropriate audit opinion when
a financial report is materially misstated (ASA 200; ISA 200)
– This means the auditor gives an opinion that the financial report is true and
fair when it contains a significant error or fraud
• Audit risk can never be zero
• Audit risk is reduced during risk response phase by identifying the key
risks and adjusting audit effort accordingly
STAGES IN AUDIT RISK MINIMISATION

1. ASSESS INHERENT RISK
Identification of accounts and related assertions most at risk of material
misstatement
– Assertions are statements made by management about recognition,
measurement, presentation and disclosure of items in financial report and
notes
– For example, if a client sells valuable goods, there is a risk of overstatement
of inventory as goods may be stolen but remain recorded in the client’s
books. Therefore, there is a risk that management’s assertion that recorded
inventory exists is not valid. In this example, the auditor may spend more
time testing for the existence of recorded inventory than in the case of a
client that sells lower valued goods.
– When identifying accounts and related assertions at risk of material
misstatement, some risks are classified as being more significant than others.
A significant risk is an identified and assessed risk of material misstatement
that, in the auditor’s judgement, requires special audit consideration (ASA
315 (ISA 315)
– When classifying risks as being significant consideration is given to whether
the risk:
- involves fraud
- is related to significant economic or accounting developments
- involves complex transactions
- involves significant related party transactions
- involves significant subjectivity in measurement of financial
information
- involves significant transactions outside the client’s normal course of
business.
2. ASSESS CONTROL RISK

 Assessment of client’s system of internal controls
 The auditor is interested in whether their client has controls in place that are
designed to minimise the risk of material misstatement for each account and
related assertion identified as being high risk by the auditor. In the above
example, if a client sells valuable goods, an auditor will assess whether their
client has controls in place to reduce the risk that inventory may be stolen.

lOMoARcPSD|3622993
3. AUDITOR PLANS TO UNDERTAKE DETAILED TESTING OF EACH IDENTIFIED

ACCOUNT (Detection Risk)
 Based on auditor’s assessments of riskiness of account and related assertions, and
effectiveness of the client’s system of internal controls
 Auditor will plan and perform their audit to reduce audit risk to an acceptably low
level (ASA 200; ISA 200)
• There is an inverse relationship between IR and CR and DR
2. How are materiality levels established and incorporated into the audit process?
 Materiality guides audit planning, testing, and assessment of information in financial
report
 Information is material if it impacts on the decision-making process of users of the
financial report (AASB 1031)
 Information could be considered material because of its qualitative or quantitative
characteristics
 Materiality is a key auditing concept and is assessed during the risk assessment
phase of every audit. This preliminary assessment of materiality guides audit
planning and testing. Before explaining how an auditor arrives at their preliminary
materiality assessment, it is important to differentiate between the qualitative and
quantitative considerations of materiality.
 qualitative materiality information that impacts a user’s decision-making process for
a reason other than its magnitude
 quantitative materiality information that exceeds an auditor’s preliminary
materiality assessment, which is between 5 and 10 per cent of an appropriate base
SETTING MATERIALITY
 Auditor uses professional judgement. They are mindful of the primary users of the
financial report. For listed companies, the primary users are the shareholders. For
unlisted companies, the primary users are generally the owners and/or major
lenders of funds.
 Audit firms vary in methods to set materiality percentages in the risk assessment
phase to derive at an appropriate base percentage
o Balance sheet bases include total assets or equity
o Income statement bases include profit before tax, revenue or gross profit
 Setting lower materiality level during planning increases quality and quantity of
evidence required to be gathered
 AASB 1031 provides guidelines on the percentages to use when calculating
materiality. Any item that is 10 per cent or greater of profit before tax is considered
to be material. Any item less than 5 per cent of profit before tax is considered to be
immaterial. The materiality of any item between 5 and 10 per cent of the profit
before tax is a matter for professional judgement. When using total assets or
revenue as a base, the percentages fall to 0.5–1 per cent and when equity is the
base, the percentages are 1–2 per cent.
 When setting a lower planning materiality level, an auditor increases the quality and
quantity of evidence that needs to be gathered. When gathering evidence, one of
the criteria may be to test material items.

lOMoARcPSD|3622993
 By setting a lower materiality level, an auditor increases their sensitivity to a

potential misstatement. When analysing test results, an auditor will assess potential
misstatements in aggregate with reference to their planning materiality. The lower
the materiality, the more likely the auditor will conclude that misstatements are
material and further testing is required.
3. Why is an audit strategy important and how is it determined?

AUDITOR MUST ESTABLISH AN OVERALL AUDIT STRATEGY (ASA 300; ISA 300)
• Audit strategy is the determination of the amount of time/effort spent
testing the client’s internal controls Vs time/effort spent conducting detailed
testing of transactions and balances
• Sets scope, timing, and direction of the audit
• Provides basis for developing detailed audit plan
• Is based on preliminary assessments of IR and CR
High Risk Client
 When inherent and control risk are assessed as high he risk of material misstatement
is assessed as high and an auditor will set detection risk as low, to reduce audit risk
to an acceptably low level. There is an inverse relation between the risk of material
misstatement (a client’s inherent and control risk combined) and detection risk, as
set by the auditor. By assessing control risk as high, an auditor has determined that
their client’s system of internal controls is non-existent, very poor or unlikely to be
effective in mitigating the inherent risks identified. When the risk of material
misstatement is high, the audit strategy set by the auditor is to do no (or very
limited) tests of control and place increased reliance on substantive tests of
transactions and account balances. For example, a client sells expensive medical
testing equipment and has limited security. If even a few pieces of equipment go
missing or are stolen it will have a material impact on the value of inventory. No
regular stocktakes are held either. Inherent risk is high for the existence of inventory;
stock may be recorded that does not exist. In this case control risk is high as there
are no controls in place to mitigate (reduce) the identified risk.
 An exception is where an auditor has identified a significant risk. In this case, an
auditor will gain an understanding of their client’s controls relevant to that risk (ASA
315,para. 29; ISA 315, para. 29). For example, if a client has significant transactions
that involve estimation, an auditor will review the processes used by management to
make those estimations. If a client does not have adequate controls to address
significant risks, this is considered a noteworthy deficiency in a client’s system of
internal controls (ASA 315, para. A126; ISA 315, para. A126).

lOMoARcPSD|3622993
Low Risk Client
 When assessing control risk as low an auditor will generally obtain a detailed
understanding of their client’s system of internal controls as they plan to rely on that
system to identify, prevent and detect material misstatements.
 For low-risk clients, if tests of controls are conducted and found to be effective, the
audit strategy will be to reduce reliance on detailed substantive testing of
transactions and account balances. An auditor can never completely rely on a client’s
system of internal controls and will always conduct some substantive procedures to
gather independent evidence regarding the numbers that appear in their client’s
financial report.
 For example, a client sells nuts and bolts and conducts regular stock counts. Inherent
risk is low as a significant number of nuts and bolts would need to be stolen before
having a material impact on the amount recorded for inventory. The auditor will plan
on testing that the stock counts are effective and that records are updated on a
timely basis for any stock losses.
4. How can measures of performance and analytical procedures assist in assessing risk
in an audit?
As part of gaining understanding of client, auditor should learn how client
measures its own performance
– The key performance indicators (KPIs) used by a client to monitor and assess its
own performance and the performance of its senior staff provide an auditor with
insights into the accounts that their client focuses on when compiling its financial
report and which accounts are potentially at risk of material misstatement.
– Auditor needs to understand what client focuses on, and what is potentially
at risk of misstatement
PROFITABILITY
– Profit by division, branch, manager etc
– Price earnings ratio (P/E) market price per share divided by earnings per
share, shows how much a shareholder is willing to pay per dollar of earnings.
– Earnings per share (EPS) profit divided by weighted average ordinary shares
issued, reflects the earnings return on each issued share
• Decline could signal pressure on management
– Cash Earning per share (CEPS) operating cash flow divided by outstanding
shares, shows the cash flow capacity of a company for each issued share
– Inventory turnover

lOMoARcPSD|3622993
• Decline could signal overvalued stock

LIQUIDITY
– Ability of company to meet its cash needs in short and long term
– Ratios can be written into debt contracts (as covenants) and restrict client’s
actions
– Client potentially under pressure to misstate accounts included in ratios
Evaluation of financial information by studying plausible links among both financial
and non-financial data (ASA 520; ISA 520)
• Identify fluctuations in accounts that are inconsistent with auditor’s
expectations based on their understanding of the client
Analytical Procedures defines analytical procedures as an evaluation of financial
information by studying plausible relationships among both financial and non-financial data.
They involve the identification of fluctuations in accounts that are inconsistent with the
auditor’s expectations based upon their understanding of their client. For example, if an
auditor is aware that their client has borrowed a significant amount of money in the
previous financial year, a reduction in the client’s debt to equity ratio would be unusual and
would warrant further investigation.
Analytical procedures can be conducted throughout audit
• Risk assessment phase – risk identification
• Risk response phase – estimating account balances
• Reporting – overall review
Analytical procedures are conducted at the risk assessment phase of the audit to:
• highlight unusual fluctuations in accounts
• aid in the identification of risk
• enhance the understanding of a client
• identify the accounts at risk of material misstatement
• minimise audit risk by concentrating audit effort where the risk of material misstatement
is greatest.
COMMON ANALYTICAL PROCEDURES

1. SIMPLE COMPARISONS
 Simple comparisons are made between account balances for the current
year and the previous year and the current year and the budget.
2. TREND ANALYSIS (HORIZONTAL ANALYSIS)
 Comparison of account balances over time
 Select base year, restate all accounts in subsequent years as a % of that
base
 Various accounts can be selected for inclusion in a trend analysis.
Accounts that vary from one year to the next are generally the focus.
For both techniques, auditor should factor in client and economic changes and form
expectations of reasonable changes in balances over time
3. COMMON-SIZE ANALYSIS (VERTICAL ANALYSIS)
• Comparison of account balances to single line item
• Balance sheet – express each item as % of total assets
• Income statement – express each item as % of sales

lOMoARcPSD|3622993
•
Using analysis over several years, auditor can see how each
account contributes to totals, and how this changes over time
4. RATIO ANALYSIS
Assess relationship between various financial report balances, and
between them and non-financial items
— Profitability ratios
— Liquidity ratios
— Solvency ratios
o The gross profit margin indicates whether a seller of goods has a sufficient mark-up
on goods sold to pay for other expenses.
o The profit margin indicates the profitability of a company after taking into account
all operating expenses.
o The return on assets (ROA) indicates the ability of a company to generate income
from its average investment in total assets.
o The return on shareholders’ equity (ROE) indicates the ability of a company to
generate income from the funds invested by its common (ordinary) shareholders.
o The current ratio indicates how well current assets cover current liabilities. A ratio
that is greater than one indicates that a company should be able to meet its short-
term commitments when they fall due.
o The acid-test (quick) ratio indicates how well liquid (cash or near cash) assets cover
current liabilities. Liquid assets include cash, short-term investments and receivables
o Inventory turnover measures how many times a company sells its inventory in a
year. An auditor will look at the trend in this ratio to determine whether inventory is
being turned over more or less frequently from year to year.
o Receivables turnover measures how many times a year a company collects cash from
its debtors. A slowdown in this ratio may indicate that the client is making sales to
customers who are unable to pay for their goods on a timely basis or the client is not
following up on customers who are late in paying in an efficient manner. If receivables
turnover falls, an auditor will spend more time considering the adequacy of the
allowance for doubtful debts.

lOMoARcPSD|3622993
o Solvency ratios are used to assess the long-term viability of a company. Liquidity
ratios tend to take a short-term view of a company; solvency ratios have a long-term
perspective.
o The debt to equity ratio indicates the relative proportion of total assets being
funded by debt relative to equity. A high debt to equity ratio increases the risk that a
client will not be able to meet interest payments to borrowers when they fall due.
o Times interest earned measures the ability of earnings to cover interest payments. A
low ratio indicates that a client may have difficulty meeting its interest payments to
lenders if there is a lack of evidence that the client has the capacity to service its
debt.
INTERPRETING RESULTS OF RATIO ANALYSIS

• Compare results to previous years’, budgets, competitors
• Discuss significant variation with management
• Consider effects on future viability of company (going concern risk)
• Lack of variation in results could be unexpected if conditions have
changed
• Where results are unusual or unexpected, investigate further because
it indicates risk of material misstatement
FACTORS TO CONSIDER WHEN CONDUCTING ANALYTICAL PROCEDURES

• Has client data been audited? Is external data reliable?
• Poor controls would signal higher risk in relying on analytical
procedures
• Change in accounting methods could distort data
• Auditor may have access to half-year results only
• Reliability of budget setting process – is client continually missing
budgeted targets?
• Are industry comparisons valid?
In conducting analytical procedures, the following information sources are generally
considered to be reliable:
 information generated by an accounting system that has effective
internal controls
 information generated by an independent reputable external source
 audited information
 information generated using consistent accounting methods
 information from a source internal to the client that has proven to be
accurate in the past (for example, when preparing budgets).

lOMoARcPSD|3622993
CHAPTER 5 AUDIT EVIDENCE

1. What is an audit assertion and what are the key categories of assertions?
Those charged with governance of an entity are responsible for ensuring that the financial
report gives a true and fair view of the entity and its operations
When preparing the financial report, management makes assertions about each account
and related disclosures in the notes. For example, when reporting on inventory,
management should ensure that the items disclosed exist, are owned by the entity,
represent a complete list of the inventory owned and are valued appropriately.
– Assertions are statements regarding the recognition, measurement, presentation
and disclosure of items included in the financial report
– ASA 315 (ISA 315) requires auditors to use assertions when assessing the risk of
material misstatement and designing audit procedures
– This means that auditors need to gather sufficient appropriate evidence about each
assertion for each transaction and account balance, or disclosure
Transactions Related Audit

lOMoARcPSD|3622993
Balance Related Audi Assertions
Valuation and Allocation Examples;

 an auditor checks that inventory has been appropriately recorded at the lower of cost
and net realisable value (risk of overstatement)
• an auditor tests for the adequacy of the allowance for doubtful debts provision (risk of
understatement)
• an auditor checks that transactions are allocated to the correct account when auditing
research and development expenditure (risk of understatement of the expense
account).
Presentation and Disclosure Related Audit Assertions

Presentation and disclosure assertions relate to the disclosures themselves, not the
underlying asset, liability, equity, revenue or expense items, for example
– “Classification and understandability” relates to the classification of the disclosure,
not whether the correct account was used for the transaction or event

lOMoARcPSD|3622993
2. What is sufficient appropriate audit evidence and what types of audit evidence are
available?
Evidence is the information that an auditor uses when arriving at their opinion on the truth
and fairness of the client’s financial report (ASA 500; ISA 500). It is the responsibility of those
charged with governance at a client to ensure that the financial report is prepared in
accordance with Australian Accounting Standards and the Corporations Act 2001. They are
also responsible for ensuring that accurate accounting records are maintained and any
potential misstatements are prevented, or detected and corrected. It is the responsibility of
the auditor to gather sufficient appropriate evidence to arrive at their opinion.
 Auditor must gather sufficient appropriate evidence
 Sufficiency relates to quantity of evidence
 Appropriateness relates to quality of evidence
 Audit risk determines what evidence is required
High Risk accounts; (refer to previous chapter for the table) When there is a significant risk
that an account will be misstated and the client’s system of internal controls is not
considered to be effective at reducing that risk, detection risk is set as low and more high-
quality evidence is gathered when conducting substantive tests of that account.
Low Risk accounts; (refer to previous chapter for the table) When there is a low risk that an
account will be misstated and the client’s system of internal controls is considered to be
adequate for that account, detection risk is set as high and less high-quality evidence is
gathered when conducting substantive tests of that account.
Types of Audit Evidence

1. EXTERNAL CONFIRMATIONS
– It provides guidance on the use of external confirmations. Auditor requests
third party to confirm matter in confirmation letter. Including:
• Banks: confirm cash balances, securities, loans
• Lawyers: confirm documents being held
• Creditors: confirm amount owed, terms, by client
• Debtors: confirm amount owed to client
• Others: confirm description and quantity of assets held
– Negative form: reply if information incorrect
• Hard to interpret non-response
– Positive form: reply in all circumstances
• Cannot know how well other party checked their records
2. DOCUMENTARY EVIDENCE
1. Invoices, suppliers’ statements, bank statements, minutes of
meetings, correspondence, legal agreements
2. Can be internally or externally generated
– Auditor can
1. Verify information in client’s records by reading documents to confirm
existence, rights and obligations (“vouching” back), or
2. Trace from documents to clients records to confirm classification,
accuracy, completeness (“tracing” through)
3. REPRESENTATIONS (WRITTEN)

lOMoARcPSD|3622993
1. Legal representation letter is sent by client to its lawyers to complete

and return direct to auditor
• Can include opinions on legal matters, details of
disagreements with client (ASA 502; ISA 501)
2. Management representation letter contains acknowledgement of
management’s responsibilities, undertaking about legal compliance,
confirmation of discussions
• Auditor still needs to gather other evidence
• ASA 580; ISA 580
4. VERBAL EVIDENCE
• Auditor documents discussions with client management and staff
• Used to gain understanding of internal controls; corroborate other
evidence
5. COMPUTATIONAL EVIDENCE
• Auditor checks mathematical accuracy; re-adding, can include
complex re-calculations, verifying formulae
6. PHYSICAL EVIDENCE
• Gathered by inspecting assets, to assess condition, to reconcile to
client’s records
7. ELECTRONIC EVIDENCE
• Includes data held on client’s computer, emails to auditor, and scans
and faxes
• No paper trail
• Auditor needs to consider quality of client’s computer system when
assessing reliability of this evidence
Persuasiveness Of Audit Evidence

• Auditor is seeking evidence to corroborate client’s recorded transactions and
balances
• Greater corroboration is provided by more persuasive evidence
• Evidence types vary in persuasiveness
• Least to most persuasive:
– Evidence generated internally by client
– Evidence generated externally, held by client
– Externally generated evidence send direct to auditor
INTERNALLY GENERATED EVIDENCE:
• Includes records of cheques sent, copies of invoices and statements
sent to customers, purchase orders, company documentation
regarding policies and procedures, contracts, minutes of meetings,
journals, ledgers, trial balances, spreadsheets, worksheets,
reconciliations, calculations and computations
• Could be held in paper or electronic form
• Least persuasive because it is possible that client could manipulate or
omit this type of evidence
EXTERNALLY GENERATED, HELD BY CLIENT:
• Includes supplier invoices and statements, customer orders, bank
statements, contracts, lease agreements, tax assessments

lOMoARcPSD|3622993
•Originals are more persuasive than photocopies

•More persuasive than internally generated evidence because it is
produced by third parties
• Still possible that client could omit or tamper with evidence
EXTERNALLY GENERATED, SENT DIRECTLY TO AUDITOR:
• Includes bank confirmations, debtors’ confirmations, correspondence
with client’s lawyers, experts valuations
• Most reliable type of evidence because it is independent of client
• Client has no opportunity to alter evidence
• More reliable when external party is considered to be more reliable,
trustworthy, independent of client
3. What issues must an auditor consider when using the work of an expert or another
auditor?
Auditor may engage expert to help in the audit when auditor does not possess
required skills and knowledge to assess item
– Expert could be member of audit team, audit firm, client, or independent
– ASA 620; ISA 620 provides guidance
1. Is expert required?
2. Determining scope of work for expert
3. Selecting expert – assessing objectivity, capability of expert
4. Assessing work of expert
5. Auditor is responsible for drawing conclusions
Using Work of An Expert

1. Assessing need to use an expert. Consider:
– Knowledge of audit team
– Significance and complexity of item being assessed
– Availability of appropriate alternative corroborating evidence
• The less knowledge held by audit team, the greater risk of material
misstatement and less corroborating evidence available, the more
likely an expert required
2. Scope of work to be carried out
– Auditor must set nature, timing and extent of work
– Use written instructions covering issues expert will report on,
and how work will be used by auditor
3. Assessing capability/objectivity of expert
– Consider expert’s qualifications, membership of professional
body, reputation in the field, experience
– More objective if not connected to client
4. Assessing the expert’s report
– Report should be understandable to non-expert
– Include process, assumptions, data used by expert
– Auditor considers consistency with other information
5. Responsibility for the conclusion
– Auditor responsible for quality of expert’s work

lOMoARcPSD|3622993
GROUP ENGAGEMENT PARTNER responsible for signing audit report, but may use
other auditors, especially for remote locations
– Consider capacity of component auditors to undertake the work (ASA 600;
ISA 600)
– Component auditor’s work must be to same standard as group engagement
partner
• Objectivity
• Gathering sufficient, appropriate evidence
4. What procedures are used to gather and document audit evidence?

• Evidence gathering occurs throughout audit
• Guidance about primary evidence gathering techniques contained in ASA 500; ISA
500
– Inspection of records and documents
• e.g. for evidence of authorisation, to check amounts
– Inspection of tangible assets
• e.g. that they exist, their condition, to trace to records
– Observation of client staff
• e.g. that they conduct stocktake correctly
• Provides evidence only for date of observation
– Enquiry
• Useful to for gaining understanding, or to corroborate other evidence;
auditor will document conversation
– Recalculations
• To check mathematical accuracy
– Re-performance
• Follow the process used by client
– Analytical procedures
• Relationships between data

lOMoARcPSD|3622993
CHAPTER 8 EXECUTION OF THE AUDIT – TESTING OF CONTROLS

1. What are the different types of controls?
ENTITY-LEVEL CONTROLS:
the collective assessment of the client’s control environment, risk assessment process,
information system, control activities and monitoring of controls.
T here are two types of internal controls: entity-level controls and transaction-level
controls. This chapter will focus on transaction-level controls. Transaction-level controls
relate to one of the five components of entity-level internal control
Control Environment ; the terms internal control, control(s), system of internal controls and
components of internal control may be used to refer to the same process
Entity’s risk assessment process; the collective assessment of the client’s control
environment, risk assessment process, information system, control activities and monitoring
of controls
It and communication systems
Control Activities ; policies and procedures that help ensure that management directives are
carried out. Control activities are a component of internal control.
Monitoring of Controls
TRANSACTION-LEVEL CONTROLS
TRANSACTION-LEVEL CONTROLS are designed to reduce the risk of misstatement due to
error or fraud and to ensure that processes are operating effectively.
• Controls can include any procedure used and relied upon by client to prevent errors
occurring, or to detect and correct errors that occur
TYPES OF CONTROLS
CONTROLS HAVE TWO MAIN OBJECTIVES:
1. To prevent or detect misstatements in the financial report, or
2. To support the automated parts of the business in the functioning of the
controls in place
CONTROLS ARE CLASSIFIED AS:

1. Manual controls
2. Automated (or application) controls
3. IT general controls (ITGCs)
4. IT-dependent manual controls

lOMoARcPSD|3622993
PREVENTATIVE CONTROLS
TESTS OF CONTROLS
• are the audit procedures performed to test the operating effectiveness of controls in
preventing or detecting and correcting material misstatements at the assertion
level.
1) PREVENT CONTROLS can be applied to each transaction during normal
processing to avoid errors occurring
2) Commonly automated, e.g. reject duplicate transaction
An absence of effective prevent controls increases the risk that errors will occur or fraud
may occur and therefore increases the need for controls that are sensitive enough to detect
these errors should they occur.
For example, the signature of the goods inwards staff member on a delivery docket or a bill
of lading indicates that the signer agreed that stock was physically received into the
warehouse but it does not guarantee that the person carefully reviewed it or that they
agreed the quantities of each item on the delivery docket. The documentation

lOMoARcPSD|3622993
may have been signed based on only a quick glance or without any review at all. Thus, goods
may be recorded that do not exist, excess goods may have been received but not be
recorded, or the goods received may not match the goods ordered and recorded. The
quality of the evidence that the control will prevent one of these errors from occurring does
not provide persuasive enough evidence for the auditor to conclude that the control
operated effectively throughout the reporting period.
DETECTING CONTROLS
2) DETECT CONTROLS are necessary to identify and correct errors that do enter the
records
– Usually not applied to transaction during normal flow of processing, but
applied outside normal flow to partially or fully processed transactions
• E.g. payments are prepared and held by system until approved, then
processed
– Wide variation in detect controls from client to client, depending on
complexity, preferences
• Can be informal and formal
Detect controls can depend on the nature of the client’s business and on the competence,
preferences and imagination of the people who perform the controls. Detect controls may
be formally established procedures, such as the preparation of a monthly reconciliation and
the subsequent follow-up of reconciling or unusual items.
DETECT CONTROLS
It is important that detect controls:
• Completely and accurately capture all relevant data
• Identify all potentially significant errors
• Are performed on a consistent and regular basis
• Include follow-up and correction on timely basis of any misstatements or issues
detected

lOMoARcPSD|3622993
EXAMPLES OF DETECTING CONTROLS

EXAMPLES OF DETECT CONTROLS:
• Management level analysis and follow-up of reviews: actual vs budgets, prior
periods, competitors, industry; anomalies in performance indicators
• Reconciliations with follow-up of reconciling, unusual items, to resolution and
correction (e.g. bank reconciliation, subsidiary ledger to control account)
• Review and follow-up of exception reports (automatically generated reports of
transactions outside pre-determined parameters)
– Usually can obtain evidence of detect controls’ operation and effectiveness
MANUAL CONTROLS
MANUAL AND AUTOMATED CONTROLS
• Purely manual controls do not rely on IT for operation
• e.g. locked cage for inventory
• Could rely on IT information from others
• e.g. reconcile stock count to computer generated consignment stock
statements
AUTOMATED CONTROLS
AUTOMATED CONTROLS generally rely on client’s IT
It is important to identify the extent of reliance a control places on IT to determine the
effect of IT on the evaluation of controls. The key consideration for relying on automated
aspects of controls is to determine whether or not the client has effective ITGCs.
– IT general controls (ITGCs)
• Support functioning of automated controls
• Provide basis for relying on electronic evidence in audit
– Types of ITGCS:
• Program change controls; only appropriately authorised, tested and approved
changes are made to applications, interfaces, databases and operating systems
• Logical access controls; only authorised personnel have access to data and
applications and can perform only authorised tasks and functions. For example,
the accounts receivable clerk does not have access or authorisation to the cash
payments application; the payroll manager may have access to the electronic
funds transfer application, but is unable to process any pay runs without the
additional approval (and use of passwords) of the financial controller.
• Other ITGCs, e.g. data back-up
• Application controls apply to processing of individual transactions, support
segregation of duties e.g. edit checks, validations, calculations, interfaces,
authorisations
ITGCs are important because they impact the effectiveness both of application controls and
IT-dependent manual controls, as well as potentially affecting the reliability of electronic
audit evidence the auditor may wish to rely upon during the audit.
IT DEPENDENT MANUAL CONTROLS

IT-DEPENDENT MANUAL CONTROLS
– Has both manual and automated aspects

lOMoARcPSD|3622993
– E.g. For example, management reviews a monthly variance report and

follows-up on significant variances. Because management relies on the
computer-generated report to identify the variances, the auditor also needs
to check that there are controls in place to ensure that the variance report is
complete and accurate.
– Auditor must consider both aspects – report generation and management
follow-up
– Consider controls over report generation – is report accurate and complete?
If not, follow-up is not effective
2. What are the different techniques for testing controls?

TECHNIQUES FOR TESTING CONTROLS
AUDITOR USES COMBINATION OF TECHNIQUES WHEN TESTING CONTROLS
1. ENQUIRY
– Auditor questions employee performing control, management about review
of control
2. OBSERVATION
– Auditor observes actual control being performed
– Employee might be more diligent when observed
3. INSPECTION OF PHYSICAL EVIDENCE
– Trace from reconciliation to accounting records or other documents
– Examine reconciling items to determine whether reconciliation detects error
and action to deal with errors
4. RE-PERFORMANCE
– Auditor re-performs control (e.g. prepares reconciliation)
3. What are the different techniques for testing controls?

3. SELECTING AND DESIGNING TESTS OF CONTROLS
PROFESSIONAL JUDGEMENT IS REQUIRED TO DECIDE:
A. Which controls to select for testing?
– Select controls that will provide most efficient and effective audit evidence
– Increase efficiency by only testing controls that are critical to audit opinion –
those that address the WCGWs most effectively with least amount of testing
– More efficient to test controls that address multiple WCGWs
B. How much testing of controls is required?
Efficient less time less money
Effective is getting good results
HOW MUCH TESTING?

• Extent of testing based on statistical sampling (see chapter 6) or professional
judgement
• Consider:
– how often the control is performed
– the degree to which the auditor intends to rely on the control as a basis for
limiting their substantive tests
– the persuasiveness of the evidence produced by the control
– the need to be satisfied that the control operated as intended throughout

lOMoARcPSD|3622993
the period of reliance. For some controls they may need evidence only as at
year-end, whereas for most controls they need evidence that the control
operated throughout the year.
– the existence of a combination of controls that may reduce the level of
assurance that might be needed from any one of the controls
– the relative importance of the ‘what could go wrong’ questions or statement
being considered
– other factors that relate to the likelihood that a control operated as
intended. In determining the extent of tests of a control, the auditor
considers several other factors that affect the perception of the likelihood
that a control operated as intended throughout the period of reliance,
including:
o the competence (and integrity) of the person who performs the control
o the quality of the control environment such as the potential for
management to override the control or for the control to be bypassed
o changes in the accounting system that may have occurred
o unexplained changes in related account balances
• Testing must provide enough evidence to be able to reasonably conclude that
control is effective
• Attribute sampling allows conclusion about population in terms of frequency of
control being performed
– E.g. attribute being tested could be presence/absence of authorising
signature on document
– Evidence of one exception (or deviation) in sample
• Investigate cause of exception,
• Increase sample and extend testing, or
• Amend decision to rely on control – test other controls and/or
increase substantive testing
APPLICATION CONTROLS – test using these methods:

1. Test operating effectiveness
– Test manual follow-up procedures that support the application control
 E.g. Investigate how client follows-up on computer-generated exception
report for sales with no prices in master file
2. Test controls over program changes, and/or access to data files
– Test ITGCs
 E.g. test controls to ensure that all changes to pricing master file are
approved
APPLICATION CONTROLS
• Benchmarking
– Carry forward benefit of certain application controls testing into future audit periods
– Computer will continue to perform procedure in same way until application program is
changed
– Verify that there are no changes to program, no need to repeat audit procedures. More
likely when
• Specific program can be identified
• Application is stable

lOMoARcPSD|3622993
• Reliable record of program changes available
Timing of tests of controls

• Usually at interim date, especially if controls relied upon to reduce substantive
procedures
• Preferable to test entity-level controls and ITGCs early in audit because results impact
other tests
• Update interim results and evaluation at year-end
• Identify relevant changes in environment and controls
EXAMPLE EXTENT OF TESTING TABLE
How many tests of each control might be performed depending on the frequency of the
control in question. The selection of how many instances of a control to test is an area of
significant judgment. The example only and two different auditors are likely to design two
different extents of testing. For example, if it is a monthly control and the auditor wants to
obtain a more than limited level of assurance from the controls testing, two controls (for
example, a monthly bank reconciliation) would be tested from throughout the year. If,
however, only a limited level of assurance from the controls testing is required, only one
control would be tested from throughout the year. ‘More than limited’ in this example is
not the same as reasonable assurance (which is 95 per cent confidence).
4. How are tests of controls interpreted and documented?

Compare and Contrast
If the test results do not confirm their preliminary evaluation of controls (and control risk),
the auditor revises the overall audit risk assessment for the related account and the planned
audit strategy (that is, increases the level of substantive procedures). For example if the
tests of controls indicate that certain controls are not as effective as originally believed or
have not functioned as prescribed and substitute (compensating) controls are not available
or were not effective, the auditor revises their audit risk assessment (increases control risk),
reduces or eliminates the intended reliance, and reduces detection risk by designing more
extensive substantive audit procedures (which are intended to detect and estimate the
effect of errors in the related significant account balances).

lOMoARcPSD|3622993
.
RESULTS OF AUDITOR’S TESTING
Do results of control testing confirm preliminary evaluation of controls and control
risk based on internal control documentation?
• If so, do not modify planned substantive procedures
• If not,
• Are compensating controls available? If so, then test them.
• Revise audit risk assessment for related account and the planned audit
strategy
RESULTS OF AUDITOR’S TESTING

When deciding whether need for additional tests of controls, consider:
a) Results of enquiries and observations - could reveal alternative controls now being
relied upon and need to be tested
b) Evidence provided by other tests – substantive tests can provide evidence about
continued functioning of controls
E.g. examining invoice for evidence of payables balance could provide evidence of
controls over purchases and payables
c) Changes in overall control environment – change in key personnel could make
additional control tests necessary
DOCUMENTING CONCLUSIONS
Results of control testing documented in working papers
• Test performed
• Purpose of test of controls
• Actual controls selected for testing
• Results of testing- exceptions found
Document in sufficient detail to allow another auditor to perform same test
• Extent of documentation depends on complexity of client’s operations,
systems and controls
• Review impact of testing controls on rest of audit
Example of documenting conclusion

lOMoARcPSD|3622993
In-class Exercise 1
Test of control linked to transaction assertion:
For each Test of Control below identify the assertion being tested.
a. Review evidence of the accounting for the numerical sequence of invoices.
b. Review a sample of cash payment transactions for evidence of authorisation of the
account to be charged.
c. Use test data on a back-up copy of the Sales File to confirm that IT edit checks operate as
prescribed.
a. Completeness – is there a missing number, all invoices are there.

b. Classification – making sure each amount is done in the write account
c. Its filters out wrong information – therefore accuracy, a prevention control
Solution to in-class Ex 2
a. Yes, with qualification. But must test at least some of the controls every year so
that all controls are tested over a 3 year period. ASA330.14B
b. If greater reliance is placed on the control then more frequent test is needed. this
control is really important, test it more often, if its not important don’t test it every
year (if that’s required)

lOMoARcPSD|3622993
Chapter 9 - Execution of the audit – performing substantive

procedures
Chapter 10 (part) - Substantive testing and balance sheet accounts
(up to trade receivables p.371)
1. What are substantive procedures and how do they relate to key audit assertions?
1. OVERVIEW OF SUBSTANTIVE PROCEDURES
Nature, timing and extent of audit procedures responds to risk assessment for each
significant account and assertion.
• Audit risk model: AR = f(IR, CR, DR) (first introduced in chapter 4)
• Risk of material misstatement (IR, CR) is inverse to the level of DR auditor will
accept
• Substantive procedures reduce DR
• If IR and CR are low, auditor will accept a high DR, and small number of
substantive procedures are required
The combination of inherent risk and control risk determines the level of detection the
auditor is willing to accept to be able to conclude that the financial report is materially
correct. There is an inverse relationship between the auditor’s assessed risk of material
misstatement and detection risk. Detection risk is reduced or increased in direct proportion
to the amount of substantive testing performed.
For example, the auditor needs to verify that sales transactions recorded in the income
statement occurred and relate to the entity (the occurrence assertion). Those same sales
transactions flow through to the trade receivables balance in the balance sheet, and the
auditor needs to verify that the balance of trade receivables as at
year-end exists and that the client holds the rights to those receivables (the existence, and
rights and obligations assertions). The auditor then needs to verify that the balances then
disclosed in the financial report as sales revenue and trade receivables occurred and relate
to the entity (the occurrence, and rights and obligations assertions).
OVERVIEW OF SUBSTANTIVE PROCEDURES

lOMoARcPSD|3622993
RISK ASSESSMENTS ARE REQUIRED TO BE PERFORMED AT ASSERTION LEVEL (ASA 315; ISA
315)
• Assertions can be stated as audit objectives
– Management assert that sales transactions recorded in income
statement occurred and relate to the entity
– Auditor’s objective is to verify that recorded sales transactions exist
• Transaction assertions are related to account balance and disclosure
assertions
– Work done to verify sales occurrence provides some evidence about
accounts receivable existence
Transactions assertions: CCCOA
DEFINITION OF SUBSTANTIVE PROCEDURES

SUBSTANTIVE PROCEDURES:
Substantive procedures are designed to obtain direct evidence as to the completeness,
accuracy and validity of data, and the reasonableness of the estimates and other
information contained in the financial report. Substantive procedures include inspection,
observation, enquiry, confirmation, recalculation, re-performance and analytical reviews.
• Audit procedures that are designed to detect material misstatements at the assertion
level
• They are used to obtain direct evidence as to the completeness, accuracy, and validity of
data, and the reasonableness of the estimates and other information contained in the
financial report
• Audit program documents substantive procedures the auditor plans to use to identify
and rectify material errors before giving the audit opinion
NATURE, TIMING AND EXTENT OF SUBSTANTIVE PROCEDURES IN AUDIT PROGRAM

DETERMINED BY:
A. Risk of material misstatement
B. Timing considerations affect nature of substantive test (e.g. access
during interim periods)
C. Level of assurance necessary (reasonable or limited)
D. Type of evidence required (how persuasive)
E. Complexity of client’s data systems

lOMoARcPSD|3622993
RELATIONSHIP BETWEEN RISK ASSESSMENT AND THE NATURE, TIMING AND EXTENT OF
SUBSTANTIVE PROCEDURES
THE NATURE OF SUBSTANTIVE TESTING VARIES FROM ACCOUNT TO ACCOUNT AND
CONSISTS OF ONE OR A COMBINATION OF TECHNIQUES, INCLUDING:
o Key items testing
o Representative testing
o Other test of transactions/underlying data
o Analytical procedures
The appropriate mix of substantive procedures depends on:
• The nature of the account balance
• The risk assessment for the specific account and the client overall
Risk assessments not only affect the extent of the tests, but can also affect the nature and
timing. For example, in the situation described above, it is likely that the auditor would test
the completeness of claims at or near year-end; however, the tests of the valuation for
individual claims by product type could be carried out prior to year-end.
Similarly, the auditor may have agreed with the client that based on the risk assessment it is
appropriate for the client to carry out a physical stocktake prior to year-end (existence
assertion). However, it is not appropriate for the auditor to test the client’s valuation
(pricing) of its stock at that date. Rather, they would perform tests of stock pricing as at a
date nearer to or at the year-end.
Significant professional judgement is therefore required in relating the risk assessment to
the nature, timing and extent of the tests in order to hold overall audit risk to an acceptable
level.
TIMING OF SUBSTANTIVE PROCEDURES:

• Influenced by level of control risk
• Typically at or near year-end, exceptions include:
– Accounts that accumulate transactions that mostly remain in year-end balance
• E.g. additions to fixed asset register
– Control testing confirms a strong control system
– Roll-forward procedures are suitable due to strong controls and no changes to
controls
– Roll-forward procedures are done between interim date and year-end, and
provide evidence that interim testing results continue to apply for the remainder
of the period

lOMoARcPSD|3622993
The auditor might also perform substantive procedures prior to year-end because of a client
reporting requirement.
Test Of Detail
• Are substantive tests other than analytical procedures
• Designed to verify a balance or transaction with supporting documentation
• Often referred to as either vouching or tracing
– Vouching: taking a balance or transaction from the underlying accounting
records and verifying it by agreeing the details to supporting evidence
outside of the accounting records of the company. Evidence if it’s a valid valid
of the transaction that has occurred or the existence of the balance.
• Primarily tests existence/occurrence assertion
– Tracing: tracking a source document to the accounting records, record in the
general journal to the statements, the completeness. If you starting from the
financial statements you are not testing for completeness.
• Primarily tests completeness assertion
DECIDING HOW MUCH OF A BALANCE TO TEST:

1. KEY ITEM TESTING
– Identify key items in a balance
– Usually select largest transactions within a balance to obtain ‘coverage’ of
the total
– The more persuasive other evidence available, the less coverage key items
have to address
2. REPRESENTATIVE SAMPLING
– If further testing required after selecting key items
– Select items that are representative of population
– Sampling strategy depends on auditor’s expectations of error and overall
audit objective (ie testing primarily for over or understatement of balance)
3. OTHER TESTS OF TRANSACTIONS/UNDERLYING DATA:
– Tests of client prepared schedules eg warranty calculations
– Tests performed at interim date with roll-forward procedures
– Tests of underlying data to be used as part of analytical procedures
– Tests of income statement accounts for account classification
– Tests of individual transactions by vouching (agreeing) to supporting
documents

lOMoARcPSD|3622993
3. ANALYTICAL PROCEDURES can be used as:

– Primary (persuasive) tests of a balance
– Corroborative tests in combination with other procedures
– To provide at least some minimal level of support for the conclusion
– Analytical procedures can be the most effective test of a balance, or at least
reduce extent of other substantive tests (ASA 520; ISA 520)
TYPES OF ANALYTICAL PROCEDURES:

• Absolute data comparisons (prior year, budgets etc)
• Ratio analysis (activity, liquidity, profitability, leverage)
• Trend analysis (over several accounting periods)
• Common-size financial reports
• Break-even analysis
• Pattern analysis and regression (most sophisticated)
TESTING THE RELIABILITY OF ANALYTICAL PROCEDURES:
• Mitigate risk of accepting account as not misstated when it is materially misstated
• Consider relevance of analytical procedures, they are less useful
– When client’s operations are diverse
– If industry data is unreliable or not comparable to client
– When severe inflation
– When client’s budget process not well-controlled
• Consider reliability of data
– E.g. test reliability of ageing of debtors reports, the report has information of
how long it takes for debtors to give there money, the percentage, how
accurate is the report.
– Do control tests suggest data is reliable?
– Consider controls over non-financial data (e.g. tonnes)
The auditor considers the relevance of the information used in the analytical procedure; for
example:
• Analytical procedures may not be useful when they are used on a company with
significantly diverse operations and geographical segments. Analytical procedures
are ordinarily more useful on an individual subsidiary, business segment or location
basis than on a consolidated basis.
• The analytical procedure is adversely affected if the industry data is unreliable or is
not comparable to the client’s data. Industry ratios that are no longer meaningful
because of rapidly changing economic conditions may be misleading.
• For entities with operations in inflationary economies, the extent to which increases
in, say, costs or prices have been affected by inflation should be considered before
performing analytical procedures and relying on the results.
• The comparison of budget to actual results is meaningful only if the client’s budget
process is well controlled. In some cases it may be necessary to expand the
understanding of the process beyond that obtained during the planning phase of the
audit
The auditor tests the reliability of underlying data when the analytical procedure is to
provide persuasive assurance; they use judgement to determine the need for, and extent of,

lOMoARcPSD|3622993
tests of underlying data when the analytical procedure provides corroborative assurance;
and they need not test underlying data when the analytical procedure provides minimal
assurance
SUMMARY OF ANALYTICAL PROCEDURES APPROACH:

1. Identify computation, comparison, to be made
2. Assess reliability of any data to be used
3. Estimate probable balance or outcome
4. Perform computations using internal or external data
5. Compare estimated amount with calculation, assess if any difference is significant
6. Determine appropriate procedures for investigating reasons for the difference
7. Perform procedures
8. Draw conclusions
USING COMPUTERS FOR SUBSTANTIVE TESTING:

As clients have become more sophisticated and complex over time, the auditor’s audit
procedures and techniques have needed to respond to these complexities and have also
become more sophisticated. One such development is the use of computers to assist the
auditor with their testing. This is often referred to as ‘computer assisted audit techniques’
(CAATs).
• Computer assisted audit techniques (CAATs) assist auditors with their testing in
complex tasks. There are two main categories.
1. Software used to interrogate and examine client files (software can be special
programs or spreadsheets)
– Re-adding, performing logic tests, select key items, representative samples
– Handle large volumes of data, be more comprehensive
1. Software that individual firms use to plan, perform and evaluate audit
procedures, regardless of whether client automated or no:
– CAATS are more useful when client controls are stronger
 The main considerations in deciding whether to use CAATs are the completeness of
the records and the reliability of the data. As with any audit procedure, the nature
and extent of the procedures performed with a CAAT will largely depend on the
evaluation of the effectiveness of the client’s control environment, IT general
controls and application controls.
2. What are the levels of evidence obtained when performing substantive procedures?
 LEVELS OF EVIDENCE
Evidence from different types of substantive procedures varies in persuasiveness
1. PERSUASIVE EVIDENCE
– Analytical procedures can be the primary test of a balance (that is, the primary
basis for the conclusion) if they provide persuasive evidence.
– Is suitable as primary test of balance
– Provides a reasonable estimate of balance, enabling auditor to conclude whether
or not the account balance is free from material errors so no further procedures
required

lOMoARcPSD|3622993
– Table 9.2 provides examples of analytical procedures that provide persuasive

evidence (e.g. School revenue = number of enrolled students in each grade x
relevant fee)
 CORROBORATIVE
An analytical procedure provides corroborative evidence if
1. Confirms audit findings from other procedures
2. Supports management representations or otherwise decreases the level of
audit skepticism
 Allows auditor to limit extent of other procedures in the area
 Unexpected results would require auditor to expand other substantive audit
procedures to provide explanation of result
3. MINIMAL
– Not persuasive or corroborative
– E.g. simple comparison with previous year to help identify problems, not to
reduce other testing
– In deciding whether a particular analytical procedure or combination of
procedures provides corroborative evidence or only minimal support for the
conclusion, the auditor evaluates both the extent of their analytical procedures
and the quality of the evidence they expect to obtain.

lOMoARcPSD|3622993
– Usefulness of procedure to generate more persuasive evidence depends on

circumstances such as complexity of client and extent of fluctuations in particular
account balance
– Table 9.4 provides examples of analytical procedures that provide minimal
evidence (e.g. for salaries expense compare the average pay per employee - i.e.
total salaries expense ÷ no. of employees - this year with last year)
EVALUATING, DOCUMENTING RESULTS

Auditor assesses impact of all errors identified during the audit and documented in
working papers
• Distinguish between errors (including fraud) and judgemental misstatements
– Differences in judgement between auditor and client
– Likely to be focus of discussions between auditor and client, more likely to be
‘range’ than exact number
• Decide if one-off event, or systematic errors
• These fluctuations may be caused by trends, seasonal patterns, cyclical patterns,
dependent relationships, specific business decisions taken, or external decisions
directly impacting the business.
Conclude on results for each audit program step and each significant account and
significant assertion
RELATIONSHIP BETWEEN RISK AND SUBSTANTIVE PROCEDURES

1. EXTENT OF SUBSTANTIVE PROCEDURES
 substantive procedures (substantive testing or tests of details) audit procedures
designed to detect material misstatements at the assertion level
 Audit risk the risk that an auditor expresses an inappropriate audit opinion when
a financial report is materially misstated
 Determined by risk assessment
 Trivial or immaterial accounts are either ignored or subjected to analytical
procedures only
 Audit risk model used to make a risk assessment on each significant account or
disclosure
 High IR, CR: do not rely on and test controls, use significant amount of
substantive testing to reduce DR to acceptable level
 Low IR, CR: testing controls shows them to be effective, limited substantive
testing required
2. TIMING OF SUBSTANTIVE PROCEDURES

lOMoARcPSD|3622993
 the timing of substantive testing is dependent on the risk assessment of the significant
account or disclosure in question.
 Also determined by risk assessment
o Lower DR, more work done at year-end
 Audit firm must also consider availability of resources to conduct procedures around
year-end
o Use techniques to influence schedule:
 Review events prior to year-end, e.g. acquisitions
 Review activity in period to date, e.g. review interim ageing of debtors
then update at year-end
 Perform general audit procedures prior to year-end, e.g. read board
minutes
 Review provisions prior to year-end, e.g. understand estimation
processes used by management
 Leverage off internal audit (ASA 610; ISA 610)
3. OTHER MATTERS TO CONSIDER IN DESIGNING SUBSTANTIVE PROCEDURES
 Ensure procedures respond to specific risk faced by client from both IR and CR factors
o Different clients may have same overall level of risk but risk caused by different
factors – procedures would be also different
 Take credit for work already done – early work in audit to assess risk also provides
evidence.
 Set appropriate testing thresholds – what the auditor considers important for an audit
will vary depending on the overall risk assessment.
3. What are the substantive procedures for testing Cash?

SUBSTANTIVE TESTING – CASH
TEXT CHAPTER 10
THREE MOST IMPORTANT ASSERTIONS FOR CASH:
1. EXISTENCE
 Usually addressed by bank confirmation (AGS 1002)
2. COMPLETENESS
 Test bank reconciliation and cut-off of cash transactions
 Verify reconciling items to next period bank statement
3. CLASSIFICATION
 Important because of special disclosure requirements
Other assertions may also be important in the audit of cash:

lOMoARcPSD|3622993
4. RIGHTS AND OBLIGATIONS assertion also significant where clients may pledge
assets
 Pledging restricts client’s rights over cash
5. VALUATION AND ALLOCATION usually only an issue when client has significant
foreign currency bank accounts
PROCESSES IMPACTING ON CASH

• Auditor assesses evidence obtained from interim testing on significant transactions,
control testing
• the auditor should assess any audit evidence obtained from the testing they
performed at an interim stage on significant transactions, including tests of controls
(for example, appropriate approvals of cash payments made).
• The two important types of transactions that impact the cash balance are cash
receipts and cash payments. These procedures would only be considered when the
auditor has been unable to test and rely upon controls (controls are ineffective) or
they have decided that it is more efficient to test the transactions making up the
balance substantively.
• When CR low, unlikely to do additional testing on cash receipts and payments, focus
on balance
• If CR not low, substantive tests of receipts and payments may be required
• Substantive testing of cash account balances always done at some level, additional
procedures required as risk assessment increases
• Tests include bank confirmations, bank reconciliation re-performance, analytical
procedures etc
4. What are the substantive procedures for testing Accounts Receivable?

SUBSTANTIVE TESTING – RECEIVABLES
TWO MOST IMPORTANT ASSERTIONS:
1. EXISTENCE

lOMoARcPSD|3622993
– Usually addressed by debtors’ confirmation (ASA 505; ISA 505)

• Positive confirmation: auditor requests reply in all circumstances
• Negative confirmation: auditor requests reply only if debtor disagrees
with balance shown
• Confirmations do not provide assurance about valuation because they
do not address recoverability
2. VALUATION & ALLOCATION
– Use subsequent receipts test
– Analytical procedures based on ageing
Other assertions may also be important in the audit of trade receivables
3. CLASSIFICATION assertion can also be important because of disclosures, such as
related parties and financial instruments
4. RIGHTS & OBLIGATIONS can also be important because of restrictions on trade
terms
5. COMPLETENESS can be addressed through cut-off testing
THERE ARE THREE IMPORTANT TRANSACTIONS THAT IMPACT ON THE BALANCE OF

TRADE RECEIVABLES:
1. Sales
2. Sales Returns and Allowances
3. Cash receipts
• Auditor would only consider these procedures if unable to test and rely on controls
or it is deemed more efficient to test balance substantively
• Substantive testing of receivables account balances usually done at some level,
additional procedures required as risk assessment increases
• Tests include debtors’ confirmations, cut-off for sales, returns, and cash receipts,
analytical procedures such as ageing of debtors, turnover (how quickly do debtors
pay), assessing creditworthiness, assessing reasonableness of allowance for doubtful
debts

lOMoARcPSD|3622993
In-class Exercise 1
Substantive procedures:
When would it be more appropriate to use analytical procedures as a substantive test?
For account balance:
– That are immaterial; or
– That are low risk; or
– Where only corroborating evidence is required; or
– Which can be easily tested for overall reasonableness via calculations ( e.g. sales
commission expensive as a % of sales)
In-class Exercise 2
Testing Cash and Accounts Rec. balances:
Identify a substantive procedure that an auditor could undertake to gain evidence about the
following:
a. Existence of Cash at Bank
b. Cut-off of Accounts Receivable sales transaction
c. Valuation/Allocation of Accounts Receivable.
a. bank confirmation – external confirmation
b. cut off issues relates to dates, around year end. Traced customer orders and credit notes
around year end to related delivery records and sales invoices to ensure they recorded in
the correct period.
c. examine aged debtors listening for adequacy of allowance for doubtful debts. There is a
doubt of collection. Test subsequent repceipts.

Summary Chapter Notes Combined With Lecture Notes Chapter 12458 10

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Summary Chapter Notes Combined With Lecture Notes Chapter 12458 10

Transféré par

Droits d'auteur :

Formats disponibles

lOMoARcPSD|3622993

Summary - Chapter notes combined with lecture notes -

StuDocu is not sponsored or endorsed by any college or university

CHAPTER 1 INTRODUCTION AND OVERVIEW OF AUDIT AND

LIMITATIONS OF A FINANCIAL REPORT AUDIT:

Downloaded by Ramon Absin (absinramon@gmail.com)

6. CORPORATE SOCIAL RESPONSIBILITY (CSR) ASSURANCE

Downloaded by Ramon Absin (absinramon@gmail.com)

REASONS WHY USERS DEMAND FINANCIAL REPORT AUDITS INCLUDE:

Demand in a Voluntary Setting

AUDITORS MAY PROVIDE VARYING LEVELS OF ASSURANCE WHEN CONDUCTING

Downloaded by Ramon Absin (absinramon@gmail.com)

4. What is the audit expectation gap and how can it be reduced?

Downloaded by Ramon Absin (absinramon@gmail.com)

CHAPTER 2: ETHICS, LEGAL LIBABILITY AND CELIENT ACCEPTANCE

Professional competence and due care

Downloaded by Ramon Absin (absinramon@gmail.com)

Downloaded by Ramon Absin (absinramon@gmail.com)

Downloaded by Ramon Absin (absinramon@gmail.com)

• a duty of care was owed by the auditor

Legal liability to clients

Legal liability to third parties

Downloaded by Ramon Absin (absinramon@gmail.com)

focus more on those part and duty of care is owed.

Assessing client integrity the auditor will consider:

Downloaded by Ramon Absin (absinramon@gmail.com)

CHAPTER 4 RISK ASSESSMENT 2

STAGES IN AUDIT RISK MINIMISATION

2. ASSESS CONTROL RISK

Downloaded by Ramon Absin (absinramon@gmail.com)

3. AUDITOR PLANS TO UNDERTAKE DETAILED TESTING OF EACH IDENTIFIED

Downloaded by Ramon Absin (absinramon@gmail.com)

 By setting a lower materiality level, an auditor increases their sensitivity to a

3. Why is an audit strategy important and how is it determined?

Downloaded by Ramon Absin (absinramon@gmail.com)

Low Risk Client

Downloaded by Ramon Absin (absinramon@gmail.com)

• Decline could signal overvalued stock

COMMON ANALYTICAL PROCEDURES

Downloaded by Ramon Absin (absinramon@gmail.com)

Downloaded by Ramon Absin (absinramon@gmail.com)

INTERPRETING RESULTS OF RATIO ANALYSIS

FACTORS TO CONSIDER WHEN CONDUCTING ANALYTICAL PROCEDURES

Downloaded by Ramon Absin (absinramon@gmail.com)

CHAPTER 5 AUDIT EVIDENCE

Transactions Related Audit

Downloaded by Ramon Absin (absinramon@gmail.com)

Balance Related Audi Assertions

Valuation and Allocation Examples;

Presentation and Disclosure Related Audit Assertions

Downloaded by Ramon Absin (absinramon@gmail.com)

Types of Audit Evidence

Downloaded by Ramon Absin (absinramon@gmail.com)

1. Legal representation letter is sent by client to its lawyers to complete

Persuasiveness Of Audit Evidence

Downloaded by Ramon Absin (absinramon@gmail.com)

•Originals are more persuasive than photocopies

Using Work of An Expert

Downloaded by Ramon Absin (absinramon@gmail.com)

4. What procedures are used to gather and document audit evidence?

Downloaded by Ramon Absin (absinramon@gmail.com)

CHAPTER 8 EXECUTION OF THE AUDIT – TESTING OF CONTROLS

CONTROLS ARE CLASSIFIED AS: