Revision Notes Principles of Auditing Chapter 1 8

lOMoARcPSD|3286997
Revision Notes Principles Of Auditing Chapter 1 8
Principles of Auditing (Athabasca University)
StuDocu is not sponsored or endorsed by any college or university

Downloaded by Learning Space Tutors (olaoyeoj@gmail.com)
lOMoARcPSD|3286997
Chapter 1 Auditing
1. What is the role of professional accountants?
a. They assess risk of errors or fraud, provide examinations of controls, audit

financial statements, and help businesses be more successful.
2. What is the role of the auditor?
a. As businesses become more complex and need more reliable information,

auditors play a vital role.
b. They play a role in both providing assurance on information other than financial
statements and in providing business advisory and tax services.
c. They often make and help implement recommendations that improve profitability
by enhancing revenue or reducing costs, by reducing risks of errors and fraud, and
by improving operational controls.
3. What is the definition of auditing?
a. Auditing is the accumulation and evaluation of evidence about information to

determine and report on the degree of correspondence between the information
and established criteria.
b. Auditing is a process by which a competent, independent person gathers, assesses,
and reports on financial and operational data about an organization as evidence in
determining whether certain criteria about that data have been met.
Definition Expanded
4. Auditing is done to determine and report on the degree of correspondence between the
information and established criteria. Explain this part of the definition (information and
established criteria).
a. There must be information in a verifiable form and some standards (criteria) by

which the auditor can evaluate the information.
b. Auditors routinely perform audits of quantifiable information, including
companies’ financial statements and individuals’ federal income tax returns.
c. Auditors also perform audits of more subjective information, such as the
effectiveness of computer systems and the efficiency of manufacturing operations.
d. The criteria against which information is evaluated vary depending on the
information being audited.

lOMoARcPSD|3286997
e. For more subjective information, such as auditing the effectiveness of computer

operations, it is more difficult to establish criteria. Typically, auditors and the
entities being audited agree on the criteria well before the audit starts.
5. Auditing is the accumulation and evaluation of evidence about information. Explain this
process.
a. Evidence: any information used by the auditor to assess whether the information
being audited is stated in accordance with established criteria.
b. The quality and amount of evidence collected depends upon the risks of
misstatement.
c. Audit Strategy: a planned approach to the conduct of audit testing, taking into
account assessed risks.
i. The auditor devises this strategy to effectively plan the evidence-gathering
process.
ii. Evidence takes many different forms, including oral representation of the
auditee (client), written communication with outsiders, and observations
by the auditor.
iii. Certain evidence (from a third party) is considered more reliable than
other evidence (from the client). It is important to obtain a sufficient
quality and volume of evidence to mitigate the risks of the audit.
6. Auditing should be done by a competent, independent person. Explain what they mean by
competent and independent (third part of the definition of auditing)
a. The auditor must be qualified to understand the engagement risks and the criteria
used. This includes competence in selecting the types and amount of evidence to
accumulate and effectively evaluating evidence to reach the proper conclusion.
b. The auditor also must be independent in mind and appearance.
c. Auditors reporting on company financial statements are often called independent
auditors.
i. Even though an auditor of published financial statements is paid a fee by a
company, he or she is normally sufficiently independent to conduct audits
that can be relied on by users.
d. Internal Auditors—an auditory employed by a company to audit for the
company’s board of directors and management.
7. Explain the final stage in the definition and the auditing process, reporting.

lOMoARcPSD|3286997
a. The final stage in the audit process is the independent auditor’s report (the
communication of audit findings to users).
b. Reports must inform readers of the degree of correspondence between
information and established criteria.
8. Explain the difference between auditing and accounting.
a. Accounting is the recording, classifying, and summarizing of economic events in

a logical manner for the purpose of providing financial information for decision
making.
b. The function of accounting is to provide certain types of quantitative information
that management and others can use to make decisions.
9. Explain the economic demands for auditing.
a. Publicly accountable organizations, such as businesses listed on securities

exchanges or large not-for-profit organizations, are legally required to have an
annual financial statement audit.
b. Assuming a bank manager makes a loan to a business, it will charge a rate of
interest determined primarily by three factors:
i. Risk-free interest rate. This is approximately the rate the bank could earn
by investing in Canada Treasury Bills for the same length of time as the
business loan.
ii. Business risk for the customer. This risk reflects the possibility that the
business will not be able to repay its loan.
iii. Information risk. This risk reflects the possibility that the information
upon which the business decision was made was inaccurate.
c. Auditing has no effect on either the risk-free interest rate or business risk. It can
have a significant effect on information risk. If the bank manager is satisfied that
there is low information risk, the risk is lowered and the overall interest rate to the
borrower can be reduced.
10. As society becomes more complex, there is an increased likelihood that unreliable
information will be provided to decision makers. What are the reasons for this?
a. Remoteness of information,
b. Bias and motives of provider,
c. Voluminous data,
d. The existence of complex exchange transactions

lOMoARcPSD|3286997
11. Managers of businesses and the users of their financial statements may conclude that the
best way to deal with information risk is simply to have the risk remain reasonably high.
A small company may find it less expensive to pay higher interest costs than to increase
the costs of reducing information risk (e.g., by having an audit). For larger businesses, it
is usually practical to incur such costs to reduce information risk. What are the three main
ways to do so?
a. The user may go to the business premises to examine records and obtain
information about the reliability of the statements.
b. Management is responsible for providing reliable information to users. Users may
evaluate the likelihood of sharing their information risk loss with management.
c. An independent audit is performed. This is the most common way for users to
obtain more reliable information.
In addition to understanding accounting, the auditor must also possess expertise in risk
assessment processes and the accumulation and interpretation of audit evidence. It is this
expertise that distinguishes auditors from accountants. Determining the proper audit procedures
that mitigate risks, deciding the number and types of items to test, and evaluating the results are
tasks that are unique to the auditor.
Learning Objective 2
Assurance and Non-Assurance Services
12. What are assurance services?
a. Assurance engagements (services): are independent professional services that

improve the quality of information for decision makers.
b. The assurance engagement is an assurance service where the auditor issues a
report about the reliability of an assertion (such as financial statements) prepared
by another party (such as management).
c. Assurance services can be performed by auditors or by a variety of other
professionals. For example, companies that perform television ratings are
performing an assurance engagement. These organizations provide assurance that
a specified number of viewers are watching the identified television shows.

lOMoARcPSD|3286997
13. What are attestation services?
a. A large category of assurance services provided by accounting firms is attestation

services.
b. Attestation service—a special form of assurance engagement, such as a financial
statement audit, in which the auditor evaluates the information provided by one
party, using suitable criteria, and issues a report about the reliability of this
information to another party.
14. What are the five categories used to describe attestation services?
a. Audit of historical financial statements

b. Review of historical financial statements
c. Attestation on internal control over financial reporting.
d. Attestation services on information technology.
e. Other attestation services that may be applied to a broad range of subject matter
15. Explain Audit of historical financial statements
a. A major service provided by public accounting firms.

b. The auditor’s report expresses an opinion on whether those financial statements
conform with the specific financial reporting framework.
c. External users, such as shareholders and lenders, who rely on those financial
statements to make business decisions, look to the independent auditor’s report as
an indication of the statements’ reliability. They value the auditor’s assurance
because of the auditor’s independence from the client, expertise, and knowledge
of financial statement reporting matters.
16. Explain review of historical financial statements.
a. Many smaller, non-public companies want to issue financial statements to various

users at a lower cost than an audit.
b. They use a review, which provides a much lower degree of assurance than an
audit.

lOMoARcPSD|3286997
c. A review provides moderate assurance, with the result that the public accountant
(PA) provides a conclusion on the financial statements produced, rather than an
opinion.
d. Less work so there is less cost.
17. Explain Attestation on internal control over financial reporting
a. Management states that internal controls have been developed and implemented
following well-established criteria.
b. The Sarbanes-Oxley Act requires companies to report management’s assessment
of the effectiveness of internal control.
c. This increases user confidence about future financial reporting because effective
internal controls reduce the likelihood of future misstatements in the financial
statements.
18. Explain Attestation services on information technology.
a. The volume of real-time information available on the internet is shifting the need
for assurance from historical information at a point in time, such as financial
statements, to assurances about the privacy and reliability of processes generating
information in a real-time format.
b. As transactions and information are shared online and in real time, there is an
even greater demand for assurances about computer system controls surrounding
information transacted electronically and the security of the information related to
the transactions. Auditors can help provide assurance about these functions.
19. Explain other attestation services.
a. Accountants may also prepare special reports for clients where the auditor
provides an opinion on financial information other than financial statements or on
compliance with an agreement or regulations.
20. What are four types of Non-Assurance Services?
a. Compilation: A compilation involves the accountant preparing financial

statements from a client’s records or from other information provided.

lOMoARcPSD|3286997
i. Compilations are also called “Notices to Readers” or NTRs, after the name
of the report issued with such engagements.
ii. No assurance is provided by a compilation, and readers are cautioned that
the financial statements may not be appropriate for their purposes.
b. Tax Services: Accounting firms prepare corporate and individual tax returns for
both audit and non-audit clients
c. Management Advisory Services: management advising includes services such as
retirement planning and personal financial planning.
d. Accounting and Bookkeeping Services: Some small clients lack the personnel or
expertise to prepare their own subsidiary records. Many small accounting firms
work with accounting software packages to help clients record their transactions.
i. When a PA conducts a review or an audit after doing bookkeeping work,
he or she must take care to ensure that independence rules are properly
followed.
Types of Audits
21. Auditors perform which primary four types of audits?
a. Financial Statement Audit: A financial statement audit involves the examination

of financial statements to determine if they are in accordance with generally
accepted accounting principles (GAAP), cash basis, or with some other
appropriately disclosed basis of accounting for certain types of organizations.
i. Done to add credibility to the financial statements
ii. Any company that publicly trades its securities is required to have an
audit.
b. Operational Audit: An operational audit focuses on the organization’s operating

procedures to evaluate their economy, effectiveness, and efficiency.
i. Operational audits are not limited to accounting and are, therefore, more
difficult to evaluate objectively than compliance or financial statement
audits.
ii. The end result of this audit is a list of recommendations to management
for improving operations
c. Compliance Audit: A compliance audit is conducted to determine whether an

organization is following certain procedures and policies as designed by

lOMoARcPSD|3286997
management, or whether the organization is complying with the terms of certain

contracts, agreements, and legal requirements that it must follow.
i. The auditor reports the results to the specific entity that issued the
requirements and not to all the outsiders like financial auditors.
d. Comprehensive Audit: A comprehensive audit is a combination of all of the

types of audits previously described.
22. What are the different types of auditors?
a. External Independent Auditors (Public Accountants):

i. Most financial statement audits are conducted by external auditors who are
not employees of the company being audited.
ii. These auditors are hired by the shareholders and represent their interests.
iii. These firms not only conduct financial statement audits but also perform
compliance and operational audits and provide bookkeeping, tax, and
management consulting services.
b. Government Auditors:
i. Auditors General are appointed by government.
ii. Government auditors are legislated by various jurisdictions to conduct all
types of audits for the ministries, departments, and agencies that report to
the government.
iii. They are considered to be independent enough to audit other government
departments.
c. CRA Auditors:
i. Canada Revenue Agency auditors perform compliance audits of taxpayers
to determine whether or not they have complied with government
regulations such as personal tax laws, corporate tax laws, goods and
services tax laws, and trusts laws.
d. Internal Auditors:
i. Internal auditors are not independent of the company that employs them.
ii. Their in-depth knowledge of the business allows them to examine more
detailed transactions and practices than an external auditor would
examine.
iii. Internal auditors often assist the external auditor.

lOMoARcPSD|3286997
iv. Internal auditors are commonly employed by larger businesses, where it is

economical to have such a group performing audits.
v. Their reports provide organizations with information that helps them
conduct their operations in an efficient and effective manner.
23. What are the strategic differences between accounting and auditing?
a. Accounting involves the actual preparation of underlying records, whereas

auditing helps determine whether that recorded information reflects actual
economic events. The auditor must plan the audit strategically, i.e., select
evidence in response to identified risks of error or fraud.
24. What are the major reasons for needing Auditing?
a. Users of financial information may need to have audits performed for one or more
of the following reasons.
b. Remoteness of the Information
i. The owners and creditors of a business do not have access to the daily
financial records of the company; therefore, they rely heavily on the
company’s financial statements about the enterprise, which are the
primary source of financial information about the organization.
c. Bias and Motives of Management
i. The management and employees of a company may have goals and
objectives that differ from those of the owners.
ii. The best way the owners have of ensuring their goals are met is to hire
independent auditors to conduct an examination of the financial statements
and accounting policies of the business.
d. Voluminous Data
i. As a company grows, so does the volume of its transactions. It is almost
impossible for users of the financial statements—even with access to all of
the accounting records—to examine the large number of transactions
recorded in the company’s accounts. It is more economical to have an
auditor examine these records and present an audit report to all users of
the data.
e. Complexity of Transactions

lOMoARcPSD|3286997
i. Because of the complexity of many financial transactions, users of

financial information generally prefer to have a financial expert examine
complex transactions from an independent point of view.
What are the major differences in the scope of audit responsibilities?
 Public accountants perform audits in accordance with generally accepted auditing standards
of published financial statements prepared in accordance with an acceptable financial
reporting framework
 Government auditors from the auditor generals (federal or provincial) perform compliance or
operational (value-for-money) audits in order to assure the Parliament that the expenditure of
public funds is in accordance with its directives and the law and is done with efficiency,
economy and effectiveness. They also do financial statement audits of Crown Corporations,
or sub-contract this work to external public accountants.
 Canada Revenue Agency auditors perform compliance audits to enforce the federal tax laws
as defined by Parliament, interpreted by the courts, and regulated by the Income Tax Act.
 Internal auditors perform compliance or operational audits in order to assure management or
the board of directors that controls and policies are properly and consistently developed,
applied and evaluated

lOMoARcPSD|3286997
Chapter 2 Auditing Lesson 1
1. What are the four size categories that can be used to describe public accounting firms?
 “Big Four” international firms

 Other international or national firms
 Large local and regional firms
 Small local firms
2. The organization and structure of public accounting firms can vary depending on the
nature and range of services offered by the firm. Three main factors influence the
organizational structure of all firms:
 The need for independence from clients. Independence permits auditors to remain
unbiased in drawing conclusions about their clients’ financial statements.
 The importance of a structure to encourage competence. The ability of the
structure to encourage competence permits auditors to conduct audits and perform
other services efficiently and effectively.
 The increased litigation risk faced by auditors. Firms continue to experience
increases in litigation-related costs. Some organizational structures afford a
degree of protection from lawsuits to individual firm members.
3. Who issues Canadian Auditing and Assurance Standards?
 Canadian auditing and assurance standards are issued by the Auditing and
Assurance Standards Board (AASB), which is composed of volunteers appointed
by the Auditing and Assurance Standards Oversight Board (AASOB) and from
the business community.
 Canadian auditing and assurance standards are based upon standards originally
developed and released by IFAC’s IAASB.
4. Define Assurance Standards
 Assurance Standards—a framework for the auditor to use to assist him or her in
the conduct of an audit engagement;
 The authority underlying the audits and related services activities carried on by
public accountants;
 The Requirements sections of CASs and the italicized portions of Other Canadian
Standards in the CICA Handbook.

lOMoARcPSD|3286997
 They are issued by the Auditing and Assurance Standards Board.
5. Define Auditing and Assurance Standards Board (AASB)
 Auditing and Assurance Standards Board (AASB)—an independent Board of the

CICA that has the responsibility for issuing auditing and assurance standards for
financial statement audits and other types of assurance and related services
engagements
6. What are Assurance and Related Services Guidelines?
 Interpretations of Assurance Standards or views of the Auditing and Assurance

Standards Board on particular matters of concern; less authoritative than
Assurance Recommendations.
Ways Public Accountants Are Encouraged to Perform Effectively
7. What do the auditing and assurance standards include?
 Auditing or assurance standards are general requirements designed to aid auditors

in fulfilling their professional responsibilities in the audit of historical financial
statements.
 They include:
i. Quality control standards
ii. Consideration of management integrity about providing relevant evidence
iii. Professional qualities such as competence and independence requirements
iv. Evidence assessment and gathering requirements
v. Reporting requirements
8. What are the Overall Objectives of the Independent Auditor and the Conduct of an
Audit?
 There are three categories of generally accepted accounting standards:

 Category 1: General qualifications and conduct
i. Compliance with ethical requirements and independence.
ii. These standards include integrity, objectivity, professional competence,
due care, confidentiality, and professional behaviour.
iii. Implementation is monitored using quality control procedures.
 Category 2: Examination performance of the audit
i. The audit should be planned and executed using professional skepticism,
recognizing that materials errors could exist.

lOMoARcPSD|3286997
ii. Professional judgement should be used by the auditor during the planning
process and during the conduct of the financial statement audit.
iii. The audit shall be conducted using a risk-based approach.
iv. There needs to be enough evidence to show the quality to allow the
auditor to reduce audit risk to a good level.
 Category 3: Reporting the results
i. Provide a report on the statements that matches the auditors report.
ii. Findings and modifications must be in accordance with the CASs
9. Explain the first category in detail, general qualifications and conduct
 This standard stresses the important qualities the auditor should possess.
 Practical experience and continuing professional education are aspects of
competence.
 The auditor must be technically qualified and experienced in those industries in
which the auditor has clients.
 The requirement involves due care in the performance of all aspects of auditing
This means that the auditor is a professional, responsible for fulfilling his or her
duties diligently and carefully.
 As a professional, the auditor must act in good faith, but he or she is not expected
to make perfect judgments in every instance.
 To conduct the audit effectively, the auditor must be free of bias.
 The rules of conduct of CGAAC also stress the need for independence of CGAs
engaged in public accounting.
 Public accounting firms are required to follow several practices to increase the
likelihood of independence of all personnel. For example, the internal and
external auditors usually report to the audit committee. An audit committee is a
subcommittee of the board of directors of a company. So that the audit committee
can provide effective oversight, the audit committee members must be
independent, that is, be composed of directors not belonging to management, also
strengthening audit independence.
10. Explain the second category in detail, Examination: performance of the audit
 These standards require that the auditor conduct the audit using a risk-based
approach, being skeptical about the potential for material misstatement (which
includes errors or fraud) in the financial statements.

lOMoARcPSD|3286997
 A strategic and risk-based approach means that the client must be assessed in the
context of the business environment, the corporate governance process, and the
quality of internal controls.
11. Explain the third category, Reporting: the results
 Specific wording is required in the auditor’s report.
12. Canadian Auditing Standards require that the audit be conducted using a risk assessment
approach. What are the steps for conducting the Financial Statement audit using a Risk
Assessment Approach?
 Step 1: Identify risks of material misstatement

 Step 2: Risk response—gather evidence to assess the likelihood of material
misstatement
 Step 3: Evaluation of evidence
 Step 4: Report
Quality Control
13. Define quality control
 Policies and procedures used by a public accounting firm to make sure that the
firm meets its professional responsibilities.
 These policies and procedures include the organizational structure of the public
accounting firm and the procedures the firm sets up.
14. Why is quality control necessary?
 A public accounting firm must make sure that generally accepted auditing
standards are followed on every audit.
 Quality controls represent the mechanisms used by the firm that help it meet those
standards consistently on every engagement.
 Quality controls are therefore established for the entire public accounting firm and
all the activities in which the firm is involved; GAAS require that these standards

lOMoARcPSD|3286997
are applied to each engagement on an individual basis
15. What is one of the ways in which the PA profession in Canada has dealt with quality
control?
 Through the establishment of practice inspections.

 The purpose of all practice inspections is to ensure the existence of, and
adherence to, quality control standards.
 These inspections may be administered by professional associations, provincial
institutes, ordre, or the CPAB.
In July of 2002, the Sarbanes-Oxley Act (SOX) was legislated in The Unites States, as a result of
bankruptcies and alleged audit failures involving Enron and WorldCom. In the United States,
one impact of SOX was the establishment of the Public Company Accounting Oversight Board
(PCAOB), appointed and overseen by the Securities and Exchange Commission (SEC). The
PCAOB is responsible for establishing auditing and quality control standards for public company
audits and for inspecting the quality controls at audit firms responsible for performing public
company audits.
These events have caused the accounting profession in Canada to take a long look at, and to
reassess, the processes and standards used in audits. In Canada effective December 1, 2005, the
CICA adopted quality control standards for audits. As a result, massive revisions of the CICA
Handbook in 2005 reflect a more risk-assessment approach to auditing. Another outcome was the
formation of the Canadian Public Accountability Board (CPAB). The CICA Handbook -
Assurance,Section CSQC 1 lists the “Canadian Standard on Quality Control 1." These general
standards of quality controls apply to public accounting firms that perform audits and reviews of
financial statements, and other assurance engagements. These standards list the policies and
procedures that the audit firms should have in place. A summary of these standards is presented
in Table 2-2 on page 39 of your textbook. The impact of these standards will be discussed in
more detail in subsequent lessons. The CPAB performs regular inspections of the public
accounting firms that audit Canadian public companies.
A major difference between the PCAOB (US) and the CPAB (Cdn) is that the PCAOB is also
responsible for developing auditing standards for public companies (formerly done by AICPA),
while in Canada that responsibility still lies with the CICA.

lOMoARcPSD|3286997
Chapter 3 Auditing: Lesson 3
Describe the ethical behaviour required of auditors and apply the components of the professional
rules of conduct.
1. Define Ethics?
 A set of moral principles or values
2. What are the six ethical principles?
 Trustworthiness—Be honest and reliable. Honour your agreements or promises,

and do not intentionally mislead others. Be reliable—do your best to fulfill your
commitments. Declare conflicts of interest. Act promptly to disclose hazards.
 Respect—Be civil, courteous, and accepting of others, understanding the many
differences that exist among people. Be unbiased in your decision making
 Responsibility—Be accountable for your own actions and aware of the actions of
those you are supervising. Keep confidential information confidential. Use
resources wisely and economically. Do not use the work of others without
declaring the source. Identify your own competence levels and act within that
competence.
 Fairness—Judge actions and individuals on their merits, considering the equality
of individuals and having regard for due process and transparency.
 Caring—Act out of a positive intention to do no harm or to minimize harm. Be
concerned for others, showing benevolence when it is within your ability to do so.
 Citizenship—Obey laws, and assist others in obeying laws, including the
reporting of offenders. Help your society function by participating in voting,
volunteer work, and the conservation of resources.
3. What are the two primary reasons why people act unethically?
 The person’s ethical standards are different from those of society as a whole
i. Extreme examples of people whose behaviour violates almost everyone’s
ethical standards are drug dealers, bank robbers, and larcenists.
 The person chooses to act selfishly.
i. unethical behaviour often results from selfish motives.
ii. Political scandals result from the desire for political power. Cheating on
tax returns and expense reports is motivated by financial greed.
iii. In each case, the person knows that the behaviour is inappropriate but
chooses to do it anyway because of the apparent personal sacrifice needed

lOMoARcPSD|3286997
to act ethically.
4. What is an ethical dilemma?
 An ethical dilemma is a situation a person faces in which a decision must be made

about appropriate behaviour.
 Continuing to be a part of the management of a company that harasses and
mistreats employees or treats customers dishonestly is an ethical dilemma,
especially if the manager has a family to support and the job market is tight.
5. What are some commonly employed rationalization methods that can easily result in
unethical conduct?
 Everybody does it.

 If it’s legal, it’s ethical.
 Likelihood of discovery and consequences. This approach relies on evaluating the
likelihood that someone else will discover the behaviour.
6. Formal frameworks have been developed to help people resolve ethical dilemmas. The
purpose of such frameworks is to help a person identify the ethical issues and decide on
an appropriate course of action based on the person’s own values. What is this six-step
approach to resolving ethical dilemmas?
 Obtain the relevant facts.

 Identify the ethical issues from the facts.
 Determine who is affected by the outcome of the dilemma and how each person
or group is affected.
 Identify the alternatives available to the person who must resolve the dilemma.
 Identify the likely consequence of each alternative.
 Decide on the appropriate action.
7. What is Giving Voice to Values?
 Provides a framework for dealing with ethical issues in a proactive way, with the
assumption that the organization is willing to work to resolve ethical dilemmas
and the person at the centre of the dilemma is willing to take action.
8. What are the steps in the GVV process?

lOMoARcPSD|3286997
 Identification: Identifying the ethical issue, the values underpinning the different
positions in this value conflict and the possibilities for action
 Purpose and choice: Considering your personal and professional purpose and
choices.
 Stakeholder analysis: Who is affected, what is at stake for them, and how do you
connect with them?
 Powerful response: Craft a useful, powerful response that you could use, taking
into account multiple options, the need for additional information, working with
allies, and who your audience would be.
 Scripting and coaching: Further develop and practise your response (scripting)
and get help (coaching).
9. What is the structure of the code of professional conduct
 Principles—ideal standards of ethical conduct stated in philosophical terms. They

are not enforceable.
 Rules of Conduct—minimum standards of ethical conduct stated as specific rules.
They are enforceable.
 Interpretations or examples—interpretations, examples, or discussions, of the
rules of conduct. They are not enforceable, but a practitioner must justify
departure.
10. What is independence in fact?
 Independence in fact—the auditor’s ability to take an unbiased viewpoint in the

performance of professional services.
11. What is independence in appearance?
 Independence in appearance—the auditor’s ability to maintain an unbiased

viewpoint in the eyes of others.
12. When deciding to accept a client or to continue an existing engagement, the PA is

required to examine five threats to independence. What are these five threats?
 Self-interest threat—when the member could receive a benefit because of a

financial interest in the client or in the financial results of the client or due to a
conflict of interest.

lOMoARcPSD|3286997
i. The firm or member owns shares in or has made a loan to the client. The
client fees are significant in relation to the total fee base of the PA or of
the firm.
 Self-review threat—when the PA is placed in the position of having to audit his or
her own work or systems during the audit.
i. The reasons for this could be that the PA prepared original data or records
for the client as part of a bookkeeping engagement or was an employee or
officer of the organization. The PA could also have designed and
implemented an accounting information system used to process client
records.
 Advocacy threat—when the firm or member is perceived to promote (or actually
does promote) the client’s position; that is, the client’s judgment is perceived to
direct the actions of the PA.
i. The PA is acting as an advocate in resolving a dispute with a major
creditor of the client. The firm or PA is promoting the sale of shares or
other securities for the client or is receiving a commission for such sales.
 Familiarity threat—occurs when it is difficult to behave with professional
skepticism during the engagement due to a belief that one knows the client well.
i. There is a long association between senior staff and the client (e.g., being
on the engagement for 10 years). A former partner of the firm is now the
chief financial officer of the client.
 Intimidation threat—the client personnel intimidate the firm or its staff with
respect to the content of the financial statements or with respect to the conduct of
the audit, preventing objective completion of field work.
i. The client threatens to replace the audit firm over a disclosure
disagreement. The client places a maximum upon the audit fee that is
unrealistic with respect to the amount of work that needs to be completed.
13. What is independence threat analysis?
 Independence threat analysis—assessment of independence threats for a particular

engagement.
14. What is audit committee?
 Independence threat analysis—assessment of independence threats for a particular

engagement.
15.

lOMoARcPSD|3286997
Note 1: Ethics and Rules of Conduct
Ethics are the backbone of the practice of public accounting and auditing. They are a set of moral
principles that include honesty, integrity, and fairness. Ethics are needed for society to function
in an orderly manner.
Society has attached a special meaning to the term “professional” and, therefore, expects
professionals to act with a high level of ethical behaviour.
For an accountant, being a professional means
 maintaining independence
 acting in a manner that serves to enhance the image of the profession and the public’s
confidence in the profession
 monitoring the level of performance of the profession’s members.

Unlike other professionals, accountants are providing a service to unknown parties (users of the
financial statements) and they must ensure that these parties have confidence in an accountant’s
integrity and conduct.
To read an extensive and detailed code of professional conduct, go to the website for one of the
professional accounting organizations. The textbook refers to the rules of conduct for CGA
Association of Canada and the CPA Ontario.
On the CGA (Canada) site, click Standards in the left-hand menu; this will bring you to the
Professional and Practice Standards.
On the CPA Ontario site, enter "member’s handbook" in the Search field and select the first
result.
There are differences in the codes between provinces, but all professional accounting
organizations have developed codes of professional conduct that are based on certain principles.
The most important of these principles are summarized in the following paragraphs.
Independence
Professional independence ensures that the auditor has an unbiased viewpoint, which is critical to
the credibility of the audit opinion. Independence is the most important characteristic of the

lOMoARcPSD|3286997
auditor. Auditors take steps to ensure that they are not just independent “in fact” but are also
independent “in appearance.”
When evaluating the acceptance of an audit, the public accountant must examine the following
five facets of independence and document the safeguards used to eliminate or reduce them to
acceptable levels.
Self-interest threat—when there is a financial interest.
Advocacy threat—when the firm or public accountant seems to be promoting the client or acting
as its representative.
Self-review threat—when any of the audit staff are auditing their own work.
Familiarity threat—when audit staff conduct a company’s audit for many years, they may take
some aspects of the company for granted.
Intimidation threat—when the client is trying to impose some conditions on the audit.
Independence is maintained by
 threat of legal liability, and the consequences thereof
 rules of professional conduct
 GAAS
 quality controls established by individual accounting firms
 an audit committee (see below)
 application of accounting principles (e.g., CICA Handbook - Assurance, Section 7600

sets out the requirements that must be met when an auditor is requested to give an
opinion on the application of accounting principles)
 shareholders’ approval of auditors.
Confidentiality
Accounting professionals are not allowed to disclose confidential information about their clients

lOMoARcPSD|3286997
or employer. However, this rule does not apply to information demanded by a court. As well, this
rule does not apply when the member’s professional association will be conducting a practice
review or when there is a disciplinary process. Consequently, an auditor must be very careful
when placing information in a file and should not release that information to anyone (except a
court) without the client’s permission.
Maintaining the Reputation of the Profession
This principle prohibits public criticism of professional colleagues. Accountants should never do
anything that diminishes the reputation of their profession.
Integrity and Due Care
Integrity refers to the accountant’s honesty and fairness, which must be above question. Failure
to exercise due care results in negligence, which may lead to legal liability.
Competence
Professional competence is usually maintained by participating in continuing education programs

and practice inspections.
Adherence to GAAP and GAAS
Professional accountants cannot associate themselves with false or misleading information or fail
to reveal material omissions. GAAP and GAAS are the means by which accountants determine
their professional actions.
Advertising and Solicitation
Solicitation of another public accountant’s client is strictly prohibited. However, responses to

proposals to provide accounting services are allowed. Advertising must not be comparative or
include dollar amounts for fees and must not promise favourable outcomes.
Other Rules
A member of a professional organization who becomes aware of a breach of the rules of conduct
by another member has a duty to report this breach to the discipline committee of that profession.
The professions are self-policing, and public pressure has forced many professional
organizations to include non-members on their discipline committees. The formation of the
CPAB is another self-policing measure. Punishment can result in fines, loss of designation for an

lOMoARcPSD|3286997
extended period, and public disclosure of the punishment rendered.
Communication with predecessor auditors is required before the new audit engagement is
accepted. This consultation ensures that the new auditor does not risk accepting unethical clients
without obtaining a reference from the predecessor auditor.
Professional liability insurance is required of all practising public accountants.
Audit Committees
Under the Canada Business Corporations Act, public companies are required to have an audit
committee, although provision is made for a waiver in some circumstances. The audit committee
is required to review the company’s financial statements before they are issued. The committee
must comprise at least three members of the company’s board of directors, the majority of whom
must be outside directors. The directors have an obligation to inform the auditor and audit
committee of any wrongdoing or misstatements that come to their attention.
Duties of the audit committee include
 advising shareholders about which firm to appoint as auditors

 meeting with the auditors on a periodic basis
 resolving any disputes that auditors may have with management
 monitoring the findings and audit work performed by both the external and internal
auditors.
The auditor should communicate with the audit committee (or those responsible for overseeing
the financial reporting process). Matters to be included and the extent of communication may
vary, depending on the needs and accountability of the entity. For public companies, the
communication should be more extensive and should include
 details of the audit process, including planning and approach

 matters that arise during the audit
 matters that could bear on the independence of the auditor.

lOMoARcPSD|3286997
Legal Liability
1. What is legal liability?
 Legal liability—the professional’s obligation under the law to provide a

reasonable level of care while performing work for those he or she serves.
2. What are the conditions that must be present for a fiduciary duty to arise?
 The fiduciary has the ability to exercise discretion or power

 Discretion or power can be unilaterally exercised, and
 The beneficiary is peculiarly vulnerable
3. Can auditors be targeted for criminal acts?
 It is extremely rare
 A criminal conviction against an auditor can result only when it is demonstrated
that the auditor acted with criminal intent.
4. Define fiduciary duty
 Fiduciary duty—a party (such as an accountant) has an obligation to act for the
benefit of another, and that obligation includes discretionary power.
 The situations where an accountant is making payments on the client’s behalf to a
tax authority or is appointed as a trustee for an estate are examples where
fiduciary duty could arise.
 A professional accountant acting as an officer or director of an organization
would have a fiduciary duty to shareholders.
5. Show how the responsibilities of auditors are layered upon the basic transaction
processing of an organization.

lOMoARcPSD|3286997
Business failure, audit failure, and audit risk
Many accounting and legal professionals believe that a major cause of lawsuits against public
accounting firms is the lack of understanding by financial statement users of the difference
between a business failure and an audit failure and between an audit failure and audit risk.
6. What is business failure?
 Business failure—the situation when a business is unable to repay its lenders or

meet the expectations of its investors because of economic or business conditions.
 Recession, poor management decisions, or unexpected competition in the industry
are examples.
 The extreme case of business failure is filing for bankruptcy.
7. What is audit failure?
 Audit failure—a situation in which the auditor issues an erroneous audit opinion
as the result of an underlying failure to comply with the requirements of generally
accepted auditing standards.
 For example, the auditor may have assigned unqualified assistants to perform
audit tasks, and because of their lack of competence and inappropriate
supervision, they fail to find material misstatements that qualified auditors would

lOMoARcPSD|3286997
have discovered.
8. What is audit risk?
 Audit risk—the risk that the auditor will conclude that the financial statements are
fairly stated and an unqualified opinion can therefore be issued when, in fact, they
are materially misstated
 There is always some risk that the audit will not uncover a material financial
statement misstatement, even when the auditor has complied with GAAS.
9. What is due care?
 Due care (during an audit)—completing the audit with care, diligence, and skill.
 If the auditor failed to use due care in the conduct of the audit, then there is an
audit failure.
 Then, the law often allows parties who suffered losses as a result of the auditor’s
breach of duty of care to recover some or all of the losses linked to the audit
failure.
10. What is an expectation gap?
 Expectation gap—the conflict between what some users expect from an auditor’s
report and what the auditor’s report is designed to deliver; some users believe that
an auditor’s report is a guarantee for the accuracy of the financial statements,
although the report is, in fact, an opinion based on an audit conducted according
to GAAS.
11. What is the prudent person concept?
 The standard of due care to which the auditor is expected to be held is often
referred to as the prudent person concept.
 This is the legal concept that a person has a duty to exercise reasonable care and
diligence in the performance of his or her obligations to another.
12. Explain liability for the acts of others.
 Each partner may be held liable in a civil action for the tort or negligent actions of
each of the other partners and employees in the partnership.
 Limited liability partnership (LLP)—an organizational structure whereby only the
person who does the work, those who supervise that person, and the firm itself are

lOMoARcPSD|3286997
liable, but not other individual partners within the firm.
13. Explain lack of privileged communication.
 Public accountants do not have the right under common law to withhold
information from the courts on the grounds that the information is privileged.
 A court can subpoena information in an auditor’s working papers. Confidential
discussions between the client and auditor cannot be withheld from the courts.
Terms Related to Negligence and Fraud
14. What is negligence?
 Negligence: Failure to exercise reasonable care in the performance of one’s

obligations to another. For auditors, it is in terms of what other competent
auditors would have done in the same situation.
15. What is tort action for negligence?
 A legal action taken by an injured party against the party whose negligence
resulted in the injury.
 A typical negligence action against a PA is a bank’s claim that an auditor had a
duty to uncover material errors in financial statements that had been relied on in
making a loan.
16. What is gross negligence?
 Lack of even slight care that can be expected of a person, tantamount to reckless
behaviour.
17. What is contributory negligence?
 When a person injured by a PA’s negligence has also been negligent, and this
negligence has also caused or contributed to the person’s loss or injuries.
 A common example of such negligence is failure to give a PA information
requested during the preparation of a tax return.
 The client later sues the accountant for improper preparation of the return. The
court may hold that there was contributory negligence on the part of the client,
and any damages that the client is awarded would be reduced in proportion to the
amount that the client’s own negligence was responsible for the loss.

lOMoARcPSD|3286997
 This defence is also used to reduce the effects of joint and several liability.
18. What is fraud?
 A false assertion that has been made knowingly, without belief in its truth, or
recklessly without caring whether or not it is true.
 An example is an auditor giving a standard (unqualified) opinion on financial
statements that will be used to obtain a loan when the auditor knows the financial
statements contain a material misstatement.
Terms related to contract law
19. What is breach of contract?
 Failure of one or both parties in a contract to fulfill the requirements of the

contract. An example is the failure of a public accounting firm to deliver a tax
return on the agreed-upon date.
 Parties who have a relationship that is established by a contract are said to have
privity of contract. There can be privity of contract without a written agreement,
but an engagement letter defines the contract more clearly.
20. What is a third-party beneficiary?
 A third party who does not have privity of contract but is known to the
contracting parties and is intended to have certain rights and benefits under the
contract.
 A common example is a bank that has a large loan outstanding at the balance
sheet date and requires an audit as a part of its loan agreement.
21. What is joint and several liability?
 The assessment against a defendant of the full loss suffered by a plaintiff,

regardless of the extent to which other parties shared in the wrongdoing.
 For example, if management intentionally misstates financial statements, an
auditor can be assessed the entire loss to shareholders if the company is bankrupt
and management is unable to pay.
22. What is defalcation?

lOMoARcPSD|3286997
 Theft of assets
23. What are the six auditor defences against client suits for negligence?
One. Lack of Duty
 The lack of duty to perform the service is a legal defence under which the professional
claims that no contract existed with the plaintiff; therefore, no duty existed to perform the
disputed service.
 For example, the public accounting firm might claim that errors were not uncovered
because the firm did a review engagement, not an audit.
 A common way for a public accounting firm to demonstrate a lack of duty to perform is
by use of an engagement letter.
Two. Absence of Misstatement
 Prior to addressing negligence, the defendant accountants could provide evidence that the
financial statements were in accordance with accounting standards (no material errors).
 So even if the auditors had been negligent, the appropriate financial statements would not
have differed materially from those on which the plaintiff relied.
 Then no grounds exist for suing the auditors.
 Absence of misstatement—the financial statements appropriately portray the financial
situation of the organization.
Three. No damages (or reduced damages)
 Two types of letters that are commonly used by auditors to reduce potential liability to
clients are an engagement letter and a management representation letter.
o Engagement letter is a signed agreement between the public accounting firm and
the client identifying such items as whether an audit is to be done, other services
to be provided, the date by which the work is to be completed, and the fees.
o The representation letter documents oral communication between auditors and
management and states management’s responsibilities for fair presentation in the
financial statements.
 It is possible that the financial statements were materially misstated and that the audit was
negligently performed but that the plaintiff did not suffer any damages.
 A third party, the shareholders, claimed damages, but the Supreme Court stated that the
damages were suffered by the corporate entity itself rather than by the shareholders.
Thus, those plaintiffs (the shareholders) had no standing in law to claim the damages.

lOMoARcPSD|3286997
Four. Absence of Negligence
 Absence of negligence—a legal defence under which the professional claims that the
disputed service was properly performed;
o an auditor would claim that the audit was performed according to GAAS.
 Even if there were undiscovered unintentional material misstatements (errors), intentional
misstatements, or misrepresentations (fraud and other irregularities), the auditors would
argue that they were not responsible if the audit was properly conducted.
 This occurs because there was an absence of negligence. The public accounting firm is
not expected to be infallible.
Five. Absence of Causal Connection
 To succeed in an action against the auditor, the client must be able to show that there is a
close causal connection between the auditor’s breach of the standard of due care and the
damages suffered by the client.
 For example, assume an auditor failed to complete an audit on the agreed-upon date. The
client alleges that this caused a bank not to renew an outstanding loan, which caused
damages.
 A potential auditor defence is that the bank refused to renew the loan for other reasons,
such as the weakening financial condition of the client.
Six. Contributory Negligence
 Here the auditor must prove that the client was negligent, by not acting on some of the
auditor’s recommendations or by providing false information to the auditor.
Note 5: Legal Liability
1. Under common law, what is the obligation of the audit profession?
 Under common law, the audit profession has the obligation to fulfill implied or
expressed contracts with clients.
 If auditors fail to do this they can be sued for negligence and/or breach of
contract.
2. Under the provincial securities acts, what is the obligation of the audit profession?
 Under the provincial securities acts, auditors are also legally responsible to third
parties, in certain circumstances.

lOMoARcPSD|3286997
 According to the SCC, the auditor is held accountable for duty of care to third
parties—those people the auditor knows will use and rely on the financial
statements and audits.
3. What are the Major Sources of Auditors’ Legal Liability (litigation)?
 Client—liability to client under common law

i. An auditor’s liability may be due to failure to fulfill the terms of a contract
(letter of engagement) or failure to comply.
ii. LLP protects the partners from actions like this.
 Third party—liability to third parties under common law
i. The term third parties refers to anyone who did not enter into a contract
with the auditor.
ii. Bank sues auditor for not discovering materially misstated financial
statements.
 Liability under provincial securities acts—liability due to claim of negligence
i. A purchaser of stock issued by a company sues the auditor for not
discovering materially misstated financial statements in a prospectus.
 Criminal liability—liability due to claim of fraud
i. Court prosecutes auditor under the Criminal Code of Canada for
knowingly issuing an incorrect auditor’s report.
 Fiduciary duty—one party has an obligation to act for the benefit of another, and
that obligation includes discretionary power
i. An accountant acting as trustee for a client invests in inappropriate
investment vehicles and otherwise squanders the assets of the trust.
 Proceeds of Crime (Money Laundering) and Terrorist Financing Act—obligation
to report cash transactions and suspicious transactions and maintain control
systems to track same
i. Five years in jail and/or a fine of up to $2 million for non-reporting of
cash transactions over $10,000 or suspicious cash transfers
 Criminal offence of possession or laundering
i. Transfer to legitimate organizations of money that was known to be
proceeds of illegal activities, resulting in criminal charges.
4. Auditors can use what practices to minimize their liability?
 Deal only with clients possessing integrity.

 Hire qualified personnel (train and supervise properly).
 Follow the standards of the profession.
 Maintain independence.

lOMoARcPSD|3286997
 Understand the client’s business.

 Perform quality audits.
 Document the work properly.
 Obtain an engagement letter and a management representation letter.
 Maintain confidential relations.
 Carry adequate insurance.
 Seek legal counsel.

lOMoARcPSD|3286997
Chapter Five Objectives
Objective One: State the Overall Objective of the Audit
1. What is the overall objective of the audit?
 The purpose of the financial statement audit is to express an opinion on the

financial statements.
 The opinion is about whether they were presented fairly in the context of
materiality, in conformity with an applicable financial reporting framework
(GAAP).
 CICA Handbook - Assurance, CAS 200
Objective Two: Compare management’s responsibilities with the auditor’s

responsibilities.
2. What are the auditor’s responsibilities when performing an audit?
 Responsibility to hold an attitude of professional skepticism

i. Professional skepticism—the auditor should not be blind to evidence that
suggests that documents, books, or records have been altered or are
incorrect.
ii. The auditor should not assume that management is dishonest, but the
possibility of dishonesty must be considered.
 Responsibility to seek reasonable assurance as to whether the financial statements
are free of material misstatement.
3. The auditor must accumulate evidence to prove assertions about the components of the
financial statements. What are the assertions they are trying to prove?
 Occurrence. Assets and liabilities included in the financial statements exist and
the transactions actually took place.
 Completeness. There are no unrecorded items.
 Valuation. Assets and liabilities are properly valued.
 Accuracy. Revenues and expenses are recorded in the proper amount. The general
ledger agrees to supporting records (such as subsidiary ledgers).
 Classification. Transactions in the company records are properly classified.
 Timing. Transactions should be recorded when they occur.

lOMoARcPSD|3286997
 Posting and summarization. The transactions have been properly transferred from
subsidiary records to general ledger.
Let us illustrate these assertions with an example. Suppose you are auditing the inventory of a
particular company. To ensure that the inventory existed, you would observe your client
counting the inventory. To ensure that the inventory is complete, you would examine accounting
records for evidence of any shipments in transit. This examination would also reveal if the cost
of the inventory was lower than market (a test of valuation), if the company actually owned the
inventory, if the inventory transactions were recorded in the proper period (measurement), and if
the financial statements had appropriate note disclosure on the types of inventory and their
costing methods. If the auditor cannot prove each of these assertions for every material item in
the financial statements, then a reservation to the audit report is warranted.
4. What are the responsibilities of management?
 They are responsible for:

i. Adopting sound and appropriate financial reporting framework and
corresponding accounting policies
ii. Maintaining adequate internal control
iii. Making fair representations in the financial statements
 Management is responsible for internal control because the entity’s transactions
and related assets, liabilities, and equity are within the direct knowledge and
control of management.
 The auditor’s knowledge of these matters is limited to what is acquired during the
audit.
 The Canadian Securities Administrators (CSA) impose the following

requirements on companies listed on Canadian stock exchanges:
i. The CEO and the CFO must certify annual and interim financial
statements, as well as management discussion and analysis and other
forms that are filed with the stock exchanges.
ii. Management must certify that they have reviewed the documents, that the
documents are free of misrepresentation, and that internal control over
financial reporting has been designed, evaluated, and disclosed.
Management Responsibilities Auditor’s Responsibilities
Adopt appropriate accounting framework Use professional skepticism.
Adopt sound accounting policies. Conduct the audit using a risk-based approach.

lOMoARcPSD|3286997
Maintain adequate internal control. Conduct the audit to provide reasonable

assurance about material misstatements.
Make fair representations in the financial Consider fraud and error.

statements.
Acknowledge its responsibilities to the Issue a management letter if weaknesses are

auditors. encountered that could result in a material
error.
Provide documentation and information for the Issue an appropriate report.

audit process.
Objective Three. Explain the difference between fraud and error.
5. What is an error?
 Error—an unintentional misstatement of the financial statements.

 Two examples of errors are a mistake in extending price times quantity on a
sales invoice and overlooking older raw materials in determining lower of cost
or market for inventory.
6. What is fraud?
 Fraud or other irregularity—an intentional misstatement of the financial

statements.
7. What are the four categories of fraud?
 Management fraud—fraudulent financial reporting

i. Done for the benefit of the company
ii. An example of fraudulent financial reporting is the intentional
overstatement of sales near the balance sheet date to increase reported
earnings
 Employee fraud—theft of assets; defalcation
i. Employee fraud also includes corruption, such as managers or others
taking bribes or having the corporation pay for personal expenses
ii. Done to go against the company.
iii. An example of theft of assets is a clerk taking cash at the time a sale is
made and not entering the sale in the cash register.
 Computer fraud

lOMoARcPSD|3286997
 Illegal acts.
8. What should the auditor do when they have discovered fraud or an illegal act?
 There is now increased emphasis on the auditor’s responsibility to assess the

likelihood of management fraud
 When fraud is discovered, the audit committee or the board of directors should be
informed.
 When discovering an illegal act, the auditor should obtain more evidence about
the situation.
 This should be then discussed with management and the audit company.
 Legal counsel may be consulted to see if it greatly affects the financial statements.
9. Why is management fraud so difficult to uncover?
 It is possible for one or more members of management to override internal

controls.
 There is typically an effort to conceal the misstatement.
 Careful examination of journal entries and other adjustments made by
management may help to identify risks of management fraud.
Audit Phases
10. Explain how the audit phases are broken down.
 There are eight phases.

 The eight phases of the audit are broken down into three sections: Risk
Assessment, Risk Response, and Reporting.
 Risk assessment—the auditor identifies what could go wrong with the financial
statements and the approaches for dealing with the risks.
 Reporting—the auditor decides upon the type of independent auditor’s report to
be issued, issues the report, and communicates with management and the audit
committee.
 Risk response—specific audit programs and processes are designed and tests
conducted to obtain reasonable assurance with respect to the financial statements
in the context of assessed risks.
Section One. Risk Assessment

lOMoARcPSD|3286997
In these phases the auditor finds out about the client and the client’s industry and business
environment. A phrase that describes risks is “what could go wrong”? The auditor needs to know
“what could go wrong” in the financial statements, the client industry, or business, before
tailoring the risk response to those assessed risks.
There are three phases of risk assessment.
11. Explain Phase 1: Preplanning
 Preplanning the audit—actions taken prior to commencing detailed client risk

analysis.
 The reasons for doing the audit must be identified.
 An independence threat analysis must be conducted.
i. The auditor can only conduct an audit if they are independent. The five
threats to independence must be explicitly assessed, and any potential
threats described.
ii. If there are threats without compensating safeguards available, or the
safeguards do not adequately mitigate the threat, the engagement must be
declined.
 The auditor must decide if they will accept or continue doing the audit for the
client.
i. High-risk companies or those that argue or lack integrity may be denied.
 Identify any staff available for the audit.
i. Assigning the best staff is important to meet quality control standards in
GAAS and to promote audit efficiency.
ii. If the auditor does not have the expertise or available staff to audit the
client, then the engagement should be declined.
 An engagement letter should be obtained.
i. Signed engagement letter—a written agreement between the public
accounting firm and the client as to the terms of the engagement for the
conduct of the audit and related services.
ii. What the auditor will do
iii. Any restrictions imposed
12. Explain Phase 2: Client Risk Profile
 The auditor must identify and document risks by

i. obtaining knowledge of the industry and business environment
ii. obtaining knowledge of the client’s business
iii. documenting corporate governance processes and control environment
iv. assessing entity-level controls

lOMoARcPSD|3286997
v. assessing risks of fraud

vi. documenting internal controls and evaluating design effectiveness of
internal controls
vii. identifying significant risks or transactions/accounts that require more
than substantive tests
13. Explain Phase 3: Planning the Audit
 The auditor must develop a strategic audit approach (which is influenced by the
findings from the two preceding phases). The audit plan may be modified as
needed during the audit process.
Section Two: Risk Response
The concept of risk response refers to the fact that the audit is designed to respond to identified
risks with audit programs and tests addressing those risks.
There are four risk response phases.
14. Explain Phase 4: Designing further audit procedures.
 The auditor considers different types of tests in dealing with the specific risks and
materiality.
 The tests are conducted in relationship to the materiality levels determined,
dealing with specific risks such as the potential for management bias or override,
fraud risks, or complex transactions identified.
15. Explain Phase 5: Testing Internal Controls.
 Where the auditor has decided to rely upon internal controls, the auditor must test
the effectiveness of the controls or rely upon tests of controls conducted in one of
the prior two years if the control has characteristics that permit extended reliance.
 Tests of controls—audit procedures to test the effectiveness of control policies
and procedures in support of a reduced assessed control risk.
 As the tests are completed, the results are evaluated to determine if there should
be any changes in assessed risks or in the design of the audit procedures.
 Tests of control involve inquiry, observation, reperformance, and inspection of
controls and transactions.
16. Explain Phase 6: Substantive Tests

lOMoARcPSD|3286997
Objective Four: Describe the nature of substantive testing and the audit objectives that
this type of testing attempts to prove.
 At this stage, tests are done to substantiate the balance in an account at a certain
date.
 These tests satisfy the third examination standard of GAAS.
 They consist of:
i. Analytical procedures
1. Analytical procedures are those that assess the overall
reasonableness of transactions and balances using comparisons and
relationships. .
ii. Tests of details of balance
1. Tests of details of balances—an auditor’s tests for monetary errors
or fraud and other irregularities in the details of balance sheet and
income statement accounts.
iii. Tests of key items.
1. Tests of key items—audit tests that focus on specific transactions
that could be at risk of material error.
2. For example, the purchase of shares in a subsidiary company may
be at risk of incorrect valuation. Similarly, the auditor may choose
to examine the activity between the company and a related party to
ensure that the amounts have been recorded correctly.
17. Explain Phase 7: Ongoing evaluation, quality control, and final evidence gathering.
 As the result of the audit work is compiled, there is ongoing supervision from the
supervisor, manager, and partner.
 Together they assess the impact upon the risks and decide if further procedures
have to be designed.
 After the auditor has completed all the procedures for each audit objective and for
each financial statement account, it is necessary to combine the information
obtained into an audit summary memorandum to reach an overall conclusion as to
whether the financial statements are fairly presented.
18. Explain Phase 8: Completing quality control and issuing the report.
 The auditor must consider not only events that have occurred before the audit
report date but also those that have occurred subsequent to the year end, and the
auditor must determine whether these events affect the financial statements.

lOMoARcPSD|3286997
 The audit report represents a conclusion about the financial statements taken as a
whole.
Financial Statement Cycles
Objective Five: Describe the major accounting cycles.
 An auditor conducts an audit efficiently by designing tests of similar transactions.

 The auditor may test the various systems or transaction cycles used by an entity. This
procedure satisfies the second examination standard, and testing of controls is necessary
if the auditor is to rely upon the controls.
 There are five major financial statement cycles:
 Sales and receivables. Transactions in this cycle record sales, receivables, and
cash receipts; these transactions are usually the responsibility of the entity’s
accounts receivable departments.
 Purchases and payables. This cycle includes transactions that record purchases of
assets and expenses, current liabilities, and cash disbursements. The capital
acquisition and repayment cycle is a subset of this cycle.
 Payroll. Transactions in this cycle pertain to the payment of employee
compensation.
 Inventory. Transactions in this cycle include those that affect the cost of goods
sold and inventory balances.
 Capital acquisition and repayment.
 Many of these cycles are interrelated. When auditors test transactions to determine
whether the system of internal controls for that cycle is functioning as designed, they are
performing “tests of controls.” The results of these tests help auditors determine if
internal controls can be relied on and the extent of other audit procedures.
LAST like 10 pages, which seem kind of important.

lOMoARcPSD|3286997
Chapter 6 Auditing Lesson 4

List items to be considered when entering into an audit engagement.
Describe how auditors obtain knowledge to determine client risk profile.
Explain how analytical procedures are used in planning an audit.
Describe some features of audit working papers.
Client Risk Profile and Documentation
1. CAS 300 (par. 9) states that the auditor must develop an audit plan that includes which
following components?
 The nature, timing, and extent of audit procedures for the purpose of risk
assessment.
 The nature, timing, and extent of additional audit procedures, linked to the
individual audit assertions.
 Any other audit procedures that are needed for the audit to be conducted in
accordance with GAAS (the exact wording is to state that the audit is conducted
in compliance with the CASs).
2. Why do engagements need to be planned out properly?
 To enable the auditor to obtain sufficient appropriate audit evidence for the
circumstances
i. Allows you to minimize legal liability and maintain a good reputation
 To help keep audit costs reasonable
i. Helps the firm remain competitive and retain its clients
 To avoid misunderstandings with the client.
i. Important for good client relations and for facilitating quality work.
3. Why is planning so important?
 Planning is essential if the auditor expects to meet the requirements of the first
examination standard of GAAS.
 Proper audit planning must be done to ensure that sufficient, appropriate audit
evidence is obtained in a cost-effective manner.
 Proper planning will help identify information for the auditor to use in assessing
audit risk and inherent risk of the client.

lOMoARcPSD|3286997
 Assessing these risks will help the auditor make decisions about accepting a
client, continuing with a client, gathering evidence, staffing, and formulating the
engagement letter.
4. The planning phase of the audit includes what steps?
 Performing client acceptance procedures

 Preparing a client risk profile
 Performing analytical procedures
 Assessing materiality and risk
Phase 1 Performing Client Acceptance Procedures
5. Explain the first phase of the planning process, performing client acceptance procedures.
 Auditors must conduct an appropriate investigation of new clients to ensure they

are not conducting business with unethical persons.
 Need to assess the client’s reasons for needing an audit.
 Need to know if they’ve hired anyone else in the previous years to ask them if
they should take them as a client.
 Need to consider who the intended users of the financial statements will be.
 Need to gauge the issue of independence.
 Before accepting, they need to ensure they have the expertise and staff available.
 If no problems arise, an engagement letter is then prepared that specifies the work
to be performed.
Phase 2 Preparing a Client Risk Profile
6. Explain the second phase in the planning process, preparing a client risk profile.
 This phase is called the Client Risk Assessment.

 It includes studying the following five things:
i. Industry and external environment
ii. Business operations and procedures
iii. Management and governance
iv. Objectives and strategies
v. Measurement and performance
 The auditor develops an understanding of the client’s business and industry to
assess business risk and risk of material misstatements or fraud.

lOMoARcPSD|3286997
 This will affect the auditor’s assessment of the audit risk, the inherent risk, and
the risk of fraud or error.
Industry and external environment
7. Explain item one, industry and external environment. There are the three primary reasons
for obtaining a good understanding of the client’s industry.
 Risks associated with specific industries may affect the auditor’s assessment of
client business risk and acceptable audit risk
i. It may even influence auditors against accepting engagements in riskier
industries, such as high technology.
 Knowing about inherent risks helps the auditor in assessing their relevance to the
client.
i. An example is potential inventory obsolescence in the fashion clothing
industry.
 Many industries have unique accounting requirements that the auditor must
understand to know if their statements are in accordance with the applicable
financial reporting framework.
i. For example, if the auditor is doing an audit of a city government, the
auditor must understand governmental accounting and auditing
requirements.

lOMoARcPSD|3286997
Business operations and processes
8. What are the different types of business operations and processes that should be
evaluated?
 reviewing trade magazines and economic publications to learn about the economy
and industry in which the client operates
 reviewing the prior year’s audit files and discussing anything of significance with
the predecessor auditor
 consulting with co-workers or colleagues who have similar engagements
 touring the client’s facilities and meeting with key personnel to discuss business
conditions and outlook
 conferencing with the client’s personnel, including internal auditors
 identifying related parties, major suppliers, and customers
 consulting with specialists
 evaluating current financial and accounting policies
 reviewing organization charts and the most recent financial statements
 meeting with the audit committee, senior management, and corporate governance
 reviewing with the client the nature of any contractual obligations and loan
conditions
 reading articles of incorporation, corporate bylaws, and major legal agreements
 reading the minutes from the meetings of the audit committee, directors,
shareholders, and key management committees.
Management and governance
 Since management establishes a company’s strategies and business processes, an auditor

should assess management’s philosophy and operating style and its ability to identify and
respond to risk.
 A firm’s governance includes its organizational structure, as well as the activities of the
board of directors and the audit committee.
 Three closely related types of legal documents and records should be examined early in
the engagement: articles of incorporation and bylaws, minutes of board of directors’ and
shareholders’ meetings, and contracts.
 Articles of incorporation—a legal document granted by the federal or provincial
jurisdiction in which a company is incorporated that recognizes a corporation as a
separate entity. It includes the name of the corporation, the date of incorporation, capital

lOMoARcPSD|3286997
stock the corporation is authorized to issue, and the types of business activities the
corporation is authorized to conduct.
 Bylaws—the rules and procedures adopted by a corporation’s shareholders, including the
corporation’s fiscal year and the duties and powers of its officers.
 Corporate minutes—the official record of the meetings of a corporation’s board of
directors and shareholders in which corporate issues such as the declaration of dividends
and the approval of contracts are documented.
Objectives and Strategies
Strategies are approaches followed by the entity to achieve organizational objectives. Auditors
should understand client objectives related to:
 Reliability of financial reporting
 Effectiveness and efficiency of operations.
 Compliance with laws and regulations.
9. During the risk assessment process, the auditor uses primarily four of types of evidence
 Inquiries of management and others: Thorough discussion with management will

enable the auditor to target risk assessment and evidence gathering.
 Observation: The plant tour is an important example of observation. It can also
corroborate statements that were made during inquiries
 Inspection: Examining key organizational contracts, reports, and minutes are
valuable examples of inspection.
 Analytical procedures: Analysis is used during many phases of the audit but is
particularly relevant during risk assessment to highlight areas where inquiries of
management need to be made and to target additional audit work.
Phase Three—analytical procedures
10. What do analytical procedures involve
 comparing recent financial results with those in the industry

 comparing recent financial results with the results of the previous period
 comparing recent financial results with those shown in the client’s budget

lOMoARcPSD|3286997
 comparing client data with auditor-determined expected results.
The auditor can estimate the results by using both financial and non-financial information.
Generally, analytical procedures are used to assess the reasonableness of amounts shown in the
financial statements. The quality of the procedure is largely determined by the appropriateness
and reliability of the data used. For example, it would be difficult to assess the reasonableness of
interest expense if the client or the bank gave you an incorrect interest rate on the bank loan
balance.
Auditors often find differences between the amounts that they estimated and the amounts shown
in the financial statements. Before performing the analytical procedure, an acceptable level of
difference should be determined on the basis of materiality.
When analyzing the results of analytical procedures, the auditor may have to perform additional
work. For example, if the reasonableness of interest expense was analyzed by taking the average
interest rate on a bank loan and multiplying it by the average balance of the loan during the
period, and this calculation yielded a result considerably different from that shown in the
financial statements, additional work (such as the examination of monthly bank debit memos for
loan interest) would be performed.
Note 5: Working Papers
The CICA requires that the auditor maintain written or electronic records—that is, working
papers of the procedures performed that support the conclusions reached in performing the audit.
The working papers may be contained in computerized files. The purpose of working papers is to
 serve as a basis for planning the audit
 maintain a record of evidence accumulated and the results of tests
 assist the auditor in preparing the audit report and the financial statements (as well as
tax returns and reports for regulatory agencies)
 serve as a basis for review by senior members of the auditing firm (managers and
partners).
Note 6: Working Paper Organization
There are two major types of working papers.
Permanent Files
Permanent files contain any ongoing legal and planning information about the client, such as
copies of important legal documents, details on the accounting policies used, descriptions of the
systems of internal controls, and financial statement analyses from previous years. All

lOMoARcPSD|3286997
information about the client that is of continuing interest from year to year is filed in the
permanent file.
Current Files
Current files document the work performed in the current year and may include any or all the
following items:
 documents supporting reasons and conclusions for materiality, audit risk, inherent risk,
control risks, and the resulting overall audit approach
 financial statements cross-referenced to work performed on the account balances in the

file
 documentation on related party transactions and subsequent events
 memos to the audit committee and to the client about recommendations for
improvement in the system of internal controls
 management representation letters (usually signed by the president and controller of

the company) stating that the financial statements are presented fairly and that all
information about them has been given to the auditors
 letters from the company’s lawyers informing the auditor about the status of any
lawsuits, so as to assess the need for the accrual or disclosure of contingent liabilities
 audit programs (questionnaires completed by audit staff members documenting that the
compliance and substantive audit procedures have been performed)
 general information about current company or audit activities
 working trial balance
 adjusting journal entries
 unadjusted journal entries for immaterial errors discovered by the auditor. Individually,
these entries do not warrant adjustment to the financial statements. They are listed and it
is later determined whether, in total, they are material. If they are material, an adjustment
would be required.
 reclassification entries that are made to the financial statements but not to the records
of the company
 supporting schedules, usually organized by balance sheet component, showing analysis

of the account, procedures performed, confirmations obtained, and other relevant

lOMoARcPSD|3286997
evidence gathered to prove the audit objectives (refer to Figure 8-4 on p. 258 of the
textbook for an example)
These working papers are owned by the auditor and are generally not shown to anyone without
the permission of the client; exceptions include regulatory authorities and members of the
profession conducting a peer review of the auditor’s practice. Working papers contain sensitive
information about the client’s business and must be protected at all times. As more of this
information is held in electronic form, it becomes important that working papers be stored on
secure systems.
Working papers should be properly identified with the name of the company, initials of the
auditor, and date of preparation on all pages. They should also include conclusions for each
component on the financial statements. The conclusion would state that the balance of the
component was fairly stated in accordance with GAAP.
What working papers does the auditor retain to document the planning and risk profile
process?
The auditor will document observations of the client’s business, relevant industry and
environment characteristics, as well as information gathered about the client’s business (e.g.,
related parties, extracts from articles of incorporation, bylaws, minutes), and conduct preliminary
analytical review. Supported conclusions for each of the risk factors will be included.
What are the purposes of working papers?
They are a written record (in either paper or electronic form) providing information collected
during the audit, supporting the conclusions reached in the audit opinion, and demonstrating that
the audit was conducted in accordance with Canadian GAAS.
What are the common characteristics of high-quality working papers?
The design will reflect clarity of purpose, allowing others to clearly see the work that the auditor
has completed so that it can be reperformed if necessary. They will also demonstrate that
adequate supervision and review were completed during the audit.

lOMoARcPSD|3286997
Chapter 7 Auditing—Lesson 4
 Explain the meaning of materiality and describe how it is applied.
 Explain the risk model and describe each of its components.
 Describe how inherent risk is assessed.
 Explain the relationships among audit risk, materiality, and evidence.
1. Define Risk
 Risk—the acceptance by auditors that there is some level of uncertainty in

performing the audit function.
2. The overall audit approach designed by most firms is strategic—overview tactical plans
are developed that take into account the client’s objectives and strategies considering the
broader business environment within which the client operates.
3. What is the Audit Risk Model?
 Audit risk model—a formal model reflecting the relationships among audit risk
(AR), inherent risk (IR), control risk (CR), and planned detection risk (PDR); AR
= IR × CR × PDR.
 The audit risk model is used primarily for planning purposes in deciding how
much evidence to accumulate in each cycle.
4. Explain Audit Risk
 Audit risk—a measure of the level of risk the auditor is willing to accept that the
financial statements may be materially misstated after the audit is completed and
an unqualified audit opinion has been issued; see also Audit assurance.
 Audit assurance—a complement to audit risk; an audit risk of 2 percent is the
same as audit assurance of 98 percent; also called “overall assurance” and “level
of assurance.”
5. What is inherent Risk?
 Inherent risk—a measure of the auditor’s assessment of the likelihood that there
are material misstatements in a segment before considering the effectiveness of
internal controls.

lOMoARcPSD|3286997
 Internal controls are ignored in setting inherent risk because they are considered
separately in the audit risk model as control risk.
 Inherent risk is normally assessed at the account balance assertion (audit
objective) level.
6. What is control risk?
 Control risk—a measure of the auditor’s assessment of the likelihood that

misstatements exceeding materiality in a segment will not be prevented or
detected by the client’s internal controls
7. What is Planned Detection Risk?
 Planned detection risk—a measure of the risk that audit evidence for a segment
will fail to detect misstatements exceeding materiality, should such misstatements
exist; PDR = AR / (IR × CR).
8. The audit risk desired affects the amount of evidence to be gathered. As audit risk
decreases, assurance required increases and more evidence must be gathered, making the
audit more costly.
9. What is engagement risk?
 Engagement risk or auditor business risk—the risk that the auditor or audit firm
will suffer harm after the audit is finished.
10. Business risk—includes auditor business risk and client business risk
11. Which factors are good indicators of the degree to which financial statements are relied
on by external users?
 Client’s size.
i. The larger the operations, the more widely its statements will be used.
ii. The client’s size, measured by total assets or total revenues, will have an
effect on audit risk.
 Distribution of ownership.
i. The statements of publicly held corporations are normally relied on by
many more users than those of private or closely held corporations
 Nature and amount of liabilities.

lOMoARcPSD|3286997
i. When statements include a large number of liabilities, they are more likely
to be used extensively by actual and potential creditors than when there
are few liabilities.
12. What are the factors involved in indicating if a company will experience financial failure
after an audit?
 Liquidity position.
i. If a client is constantly short of cash and working capital, it indicates a
future problem in paying bills
 Profits (losses) in previous years.
i. When a company has rapidly declining profits or increasing losses for
several years, the auditor should recognize the future solvency problems
the client is likely to encounter.
 Method of financing growth.
i. The more a client relies on debt as a means of financing, the greater the
risk of financial difficulty if the client’s operations become less successful.
 Nature of the client’s operations.
i. Certain types of businesses are inherently riskier than others.
ii. For example, other things being equal, there is a much greater likelihood
of bankruptcy of a start-up technology company dependent on one product
than of a diversified food manufacturer.
 Extent of reliance upon technology and quality of support strategies.
i. The more a client relies upon technology, the more important it is that the
client has an adequate backup and disaster recovery plan in the event of
hardware or software failure.
 Competence of management.
i. Competent management is constantly alert for potential financing
difficulties and modifies its operating methods to minimize the effects of
short-run problems.
13. What is risk of material misstatement?
 Risk of material misstatements—the expectation of misstatements after

considering the effect of internal controls on inherent risk.
14. Define Materiality.
 Materiality—the magnitude of an omission or misstatement of accounting

information that, in the light of surrounding circumstances, makes it probable that

lOMoARcPSD|3286997
the judgment of a reasonable person relying on the information would have been
changed or influenced by the omission or misstatement.
15. CAS 450 suggests that an auditor be concerned with several levels of misstatement in
assessing whether or not there is a material misstatement:
 Identified misstatements—the actual misstatements discovered in the sample

tested; they have not been corrected by management.
 Likely or projected misstatements—the projection of the actual misstatements in
the sample to the population; the misstatements have not been corrected by
management or could be disagreements of opinion with management.
 Likely aggregate misstatement—the sum of the identified misstatements and
likely misstatements in the financial statements.
 Further possible misstatements—the misstatements over and above the likely
aggregate misstatement that result from the imprecision in the sampling process.
 Maximum possible misstatement—the sum of likely aggregate misstatement plus
further possible misstatements.

lOMoARcPSD|3286997
16. Explain Step 1: Set Materiality
 The reason for setting materiality is to help the auditor plan the appropriate
evidence to accumulate. If the auditor sets a low dollar amount, more evidence is
required than for a high amount.
 Several factors affect setting materiality for a given set of financial statements.
i. Materiality is a relative rather than an absolute concept
ii. Bases with a percentage applied are needed for evaluating materiality
Applications of Materiality
Early in the audit, a preliminary estimate of materiality should be made on the basis of the
auditor’s professional judgment. This estimate helps the auditor determine how much audit
evidence should be gathered.
Materiality is relative, not absolute. What is material for one company or purpose may not be
material for another. To determine a measure of materiality, most auditors use factors such as
percentage of net income, gross profit, total assets, shareholders’ equity, revenue, or a
combination thereof. Qualitative factors must also be considered when determining materiality.
For example, if fraud is suspected in a certain area, materiality will be lowered for the work
conducted in that area.
Note 8: Audit Risk
Risk is the uncertainty an auditor accepts when performing an engagement. Audit risk (AR) is
the risk that the auditor will fail to express a reservation in the opinion on financial statements
that are materially misstated. A lower audit risk means the auditor is less willing to live with the
uncertainty of misstatements in the financial statements and, therefore, will increase the amount
of evidence testing in the audit, and/or assign more experienced staff, and/or have an additional
independent review of their working papers.
The CICA (CICA Handbook - Assurance, CAS 200) has developed a risk model that defines the
component types of risk:
Audit risk (AR) = Inherent risk (IR) x Control risk (CR) x Detection risk (DR)
Note that audit risk is described in percentage terms or, more frequently, through the use of such
adjectives as low, moderate, or high. Audit risk can also be described as a measure of the
willingness of the auditor to accept a material misstatement in the financial statements. The
lower this measure is, the lower the auditor’s tolerance to error (zero is absolute certainty that no
errors exist). Absolute certainty is not economically feasible.

lOMoARcPSD|3286997
Inherent risk (IR) is the measure of the auditor’s assessment of the likelihood that a material
misstatement might occur in the first place, without considering the effect of internal controls. A
thorough understanding of the business is needed to assess inherent risk.
Control risk (CR) is the measure of an auditor’s assessment of the likelihood that a material
misstatement will not be prevented or detected by the system of internal control. However, for
the auditor to assess a control risk, an understanding of the control system must first be obtained.
For control risk to be assessed at less than maximum, two tasks must be carried out:
 an evaluation of the system

 tests of the internal controls
Detection risk (DR) is the measure of the risk that the audit evidence gathered will fail to detect
material errors or fraud and other irregularities, should such errors or fraud exist. The auditor can
control the level of this risk by increasing the amounts of audit evidence gathered.
Audit risk and the level of audit evidence required are inversely related. As audit risk increases,
the amount of acceptable tolerable misstatements also increases, and therefore, the amount of
audit evidence accumulated can be reduced.
Note 9: Assessing Inherent Risk
In planning an audit, the auditor must attempt to predict where misstatements are most, and least,
likely to occur. The auditor can do little to reduce inherent risk. However, the effect of inherent
risk on audit risk can be reduced by decreasing other risk factors, such as detection risk.
In assessing inherent risk, the following factors should be considered:
 the nature of the business, including the nature of the products and services
 the nature and use of data-processing systems and data communications (textbook,
Chapter 11)
 the integrity of management
 client motivation
 results of previous audits
 initial versus repeat engagement
 related parties

lOMoARcPSD|3286997
 non-routine transactions
 extent of estimates used to determine balances and transactions
 assets that are susceptible to misappropriation
 make-up of the population (e.g., age of inventory, age of accounts receivable, foreign
currency items)
Remember that inherent risk and other forms of risk are assessed not just on an overall basis but
also for each cycle and account to be audited. Risk can also be assessed for each assertion or
audit objective.
Note 10: The Order of Risk Assessments
When a client engages an auditor, the auditor must obtain an understanding of the client’s
business to assess inherent risk. At the same time, overall audit risk is assessed. Next, control
risk is assessed on the basis of the procedures performed by the auditor to understand the system
of internal controls. If inherent risk and control risk are high enough to make audit risk greater
than the auditor can accept, then steps are taken to reduce detection risk and, indirectly, audit
risk. These steps include the accumulation of more audit evidence.
Audit risk is generally held to be the same for each cycle and account because the audit opinion
is expressed on the financial statements as a whole. Inherent and control risk, however, usually
vary from cycle to cycle or from account to account. For a constant audit risk to be maintained,
the levels of audit evidence and detection risk also vary from cycle to cycle or from account to
account.
Risk assessment is an ongoing process. For example, in the initial stages of an audit, control risk
over inventories may be assessed as low. On conducting limited tests on these inventories, it may
later be determined that controls are very poor. If all other risk components are to remain
unchanged, the amount of audit evidence required must be increased.
Note 11: Relationships Between Audit Risk, Materiality, and Evidence
There is a relationship between evidence, materiality, and the risk of an error occurring.
If audit evidence remains unchanged and materiality is increased, then audit risk is decreased.
Audit risk is decreased because, given the change in the materiality level, the level of audit
evidence has not been reduced.

lOMoARcPSD|3286997
If materiality remains unchanged and audit evidence is increased, then audit risk is also
decreased. Audit risk is decreased because additional evidence has been obtained, which reduces
detection risk and, therefore, audit risk.
If audit risk remains unchanged and materiality is decreased, the amount of audit evidence
needed is increased. Given the lower level of materiality, additional audit evidence is needed to
ensure that no material errors occur in the financial statements.
Example
For the company described in the following paragraph, assess audit risk, inherent risk, control
risk, detection risk, and the amount of audit evidence that will have to be obtained. Describe your
assessment using terms such as low, moderate, or high.
ABC Company is a new public company that develops computer parts for export to
developing countries. All accounting functions are performed by one accountant. The
company’s bank loans have a working capital covenant that is close to being violated.
Answer
Audit risk is assessed as low. You would not be very tolerant of errors in the financial
statements, given the public ownership of the company and the bank’s concern with the loan
covenant. Inherent risk is high because of the complexity of the transactions (foreign currency
effects) and the potential inventory valuation problems prevalent in this industry. Control risk is
also assessed as high because no segregation of duties exists. Consequently, to lower detection
risk as much as possible, a large amount of audit evidence must be gathered.
Answer the following questions from your textbook and then compare your answers with the
Suggested Solutions.
6-23 (textbook, p. 177)

7-17 (textbook, p. 208)
7-17 You are the auditor in charge of the audit of the municipality of Sackville, New Brunswick.
The municipality has a budget of about $65 million and has had a balanced budget for the last
three years. There are about 10 people in the accounting office and the rest of the employees are
operational, dealing with supervision of roadwork, garbage collection, and similar matters. Many
services are outsourced, minimizing the need for employees. The municipality has a chief
executive officer and a controller and reports to the council of elected representatives.

lOMoARcPSD|3286997
For each of the following situations, state a preliminary conclusion for audit risk, inherent risk,
control risk, and detection risk. Justify your conclusions. State any assumptions that are
necessary for you to reach your conclusions.
 This is the first year that you have been auditing Sackville. There has been extensive
turnover after the recent election. Costs are out of control, and it looks like it may be
necessary to raise realty taxes by as much as 15 percent.
 For four years now, you have been auditing Sackville. The employees are experienced,
and any control recommendations that you have suggested have been discussed and,
where feasible, implemented. There is a tiny budget surplus this year, and it looks as if a
balanced budget is in sight again for next year.
 Sackville is being hit by bad press. It seems that one of the purchasing agents set up a
fictitious company and was billing the municipality for goods that had not been received.
To make it worse, the purchasing agent’s wife was the assistant accountant. The office of
the provincial Auditor General has sent a letter to the controller of Sack-ville stating that
the municipality has been selected for audit by the provincial Auditor General’s Office
based on a random sample and that the provincial auditors will be arriving within two
weeks of the completion of your audit
Solution:

lOMoARcPSD|3286997

lOMoARcPSD|3286997
1. The auditor’s de isio s o e ide e a u ulatio a e roke i to hat fi e su de isio s?
 Which risks could result in a risk of material misstatement (RMM) at the assertion level.
 Whi h audit pro edures to use their ature .
 What sa ple size to sele t for a gi e pro edure the e te t of a test .
 Which particular items to select from the population.
 Whe to perfor the pro edures the ti i g .
2. Explain the first one, identifying risks by assertion.
 For each major class of transactions and material general ledger account, the auditor
looks at the potential for RMM
 Need knowledge of the business, industry, and operating procedures.
3. Explain the second one, which audit procedures to use.
 Audit procedure—detailed instruction for the collection of a type of audit evidence.

 Evidence such as physical inventory counts and shipping document details is collected
using audit procedures.
 The procedures need to be detailed and specific (what, how and when)
 Can be manual or automated procedures
4. Explain the third one, what sample size is needed.
 Once an audit procedure is determined, it is possible to vary the sample size from one to
all the items in the population being tested
 The decision as to how many items to test must be made by the auditor for each audit
procedure
5. Explain the fourth one, what particular items need to be selected.
 After sample size has been decided, the auditor still needs to decide what items they
will use in that sample.
 Selecting them randomly, selecting them based on a particular week, or selecting them
based on highest risk for error.
6. Explain the fifth one, the timing of the procedures.

lOMoARcPSD|3286997
 An audit of financial statements usually covers a period such as a year, and an audit is
often not completed until several weeks or months after the end of the fiscal period.
 The timing of audit procedures can vary from early in the accounting period to long after
it has ended.
 Normal is one to three months after year end.
7. What is an audit program?
 Audit program—detailed instructions for the entire collection of evidence for an audit
area or an entire audit; always includes audit procedures and may also include sample
sizes, items to select, and timing of the tests.
8. What is persuasiveness of evidence?
 Persuasiveness of evidence—the degree to which the auditor is convinced that the

evidence supports the audit opinion
 The auditor must be persuaded that his or her opinion is correct with a high level of
assurance
 There are three determinants of persuasiveness:
i. sufficiency
ii. appropriateness
iii. timeliness of the evidence
9. Explain sufficiency
 Sufficiency—the quantity of evidence; appropriate sample size.

 There are several factors that determine the appropriate sample size in audits.
i. The t o ost i porta t are the auditor’s expectation of errors and the
effe ti e ess of the lie t’s i ter al o trols.
 Sufficiency requires enough items, enough representative items, and enough dollar
value to be tested.
10. Explain Appropriateness
 Appropriateness—the degree to which evidence can be considered relevant and

reliable.
 If evidence is considered to be highly appropriate, it is a great help in persuading the
auditor that the financial statements are fairly stated.
 For example, the auditor counting the inventory himself is more appropriate then
management giving him the numbers.
 The more appropriate, the less evidence you need.

lOMoARcPSD|3286997
 It must be both relevant and reliable

 Depends on the audit procedures selected.
11. Explain Relevance with regard to appropriateness
 Relevant evidence—the pertinence of the evidence to the audit objective being tested.
 Relevance can be considered only in terms of specific audit objectives.
12. Explain Reliability with regard to appropriateness
 Reliability of evidence—evidence is reliable when it is obtained from

i. the auditor’s dire t k o ledge
1. Evidence obtained directly by the auditor through observation,
reperformance, and inspection is more appropriate than information
obtained indirectly
ii. an independent provider
1. Evidence obtained from a source outside the entity is more reliable than
that o tai ed fro ithi , assu i g that the e ter al part is ar ’s
length from the organization.
2. An example of external evidence is an insurance policy, whereas a
purchase requisition is internal evidence.
iii. a client with effective internal controls
1. Whe a lie t’s i ter al o trols are effe ti e, e ide e o tai ed fro
the client is more reliable than when controls are weak
iv. qualified providers such as law firms and banks
1. Even when the source of information is independent, the evidence will
not be reliable unless the individual providing it is qualified to do so.
2. Communications from law firms and bank confirmations are typically
more highly regarded than accounts receivable confirmations from
persons not familiar with the business world.
3. Evidence obtained directly by the auditor may not be reliable if he or
she lacks the qualifications to evaluate the evidence
v. Objective sources
1. Objective evidence is more reliable than evidence that requires
considerable judgment to determine whether it is correct.
2. Examples of objective evidence include confirmation of accounts
receivable and bank balances, the physical count of securities and cash,
and the adding (footing) of a list of accounts payable to determine if it is
the same as the balance in the general ledger.
3. E a ples of su je ti e e ide e i lude o u i atio fro a lie t’s
lawyers as to the likely outcome of outstanding lawsuits against the

lOMoARcPSD|3286997
client, observation of obsolescence of inventory during physical

examination, and inquiries of the credit manager about the collectability
of non-current accounts receivable.
vi. Consistent and multiple sources
 Evidence with all sources consistent is more reliable than inconsistent evidence.
13. Explain timeliness of evidence
 Timeliness—the timing of audit evidence in relation to the period covered by the audit.
 Evidence is usually more persuasive for balance sheet accounts when it is obtained as
close to the balance sheet date as possible.
 For income statement accounts, evidence is more persuasive if there is a sample from
the entire period under audit rather than from only a part of the period.
Methods of Evidence Collection
The CICA Handbook specifies that audit evidence may be obtained through the methods of inspection,
observation, external confirmation, recalculation, reperformance, and analytical procedures and
inquiry.
One. Inspection
 Inspection—the auditor’s ph si al e a i atio or ou t of a ta gi le asset, or i spe tio of a

document.
 Usually associated with inventory and cash
 If the object being examined, such as a sales invoice, has no inherent value, the source is called
documentation. For example, before a cheque is signed, it is a document; after it is signed, it
becomes an asset; and when it is cancelled, it becomes a document again.
 Most reliable and useful
Two. Observation
 Observation—use of the senses to assess certain activities.

 For e a ple, the auditor a tour a pla t to o tai a ge eral i pressio of a lie t’s fa ilities,
observe whether equipment is rusty to evaluate obsolescence, and watch individuals perform
accounting tasks to determine whether the persons assigned responsibilities are performing
them.
 Rarely enough by itself because the presence of the auditor is known and so they might change
stuff.

lOMoARcPSD|3286997
Three. External confirmation
 External confirmation—the auditor’s re eipt of a ritte or oral respo se fro a i depe de t

third party verifying the accuracy of information requested.
 Costly to obtain and may be inconvenient for the third parties.
 Oral confirmations require a written documentation.
 While external confirmations are generally a very reliable form of evidence, the auditor must be
aware that the third party providing the confirmation may be careless or not competent, may
not have the correct information, or may be a related party.
Four. Recalculation
 Recalculation—repeating or checking the mathematical accuracy of calculations completed by

the client.
 It includes such procedures as:
o Extending sales invoices and inventory,
o Adding data files, reports and subsidiary ledgers,
o Checking the calculation of amortization expense and prepaid expenses.
 Involves selecting a sample of transactions if done manually.
Five. Reperformance
 Reperformance or parallel simulation—the redoing of procedures and internal controls (other

than mathematical calculations) of the client by the auditor.
 This could include rechecking of transfers of information, which consists of tracing amounts to
verify that when the same information is included in more than one place, it is recorded at the
same amount each time.
 Reperformance is also referred to as parallel simulation. For example, if the auditor recreates
the aged accounts receivable trial balance using client data, this is parallel simulation. This is a
dual-purpose test since it ensures the mechanical accuracy of the aging process (a substantive
test hile also erif i g that the lie t’s agi g progra is fu tio i g orre tl a o trols test .
Six. Analytical Procedures
 Analytical procedures—use of comparisons and relationships to determine whether account

balances or other data appear reasonable.
 An example is comparing the gross margin percent in the current year with that of the preceding
year.

lOMoARcPSD|3286997
 An example is o pariso of the urre t period’s total repair e pe se ith pre ious ears’ a d
investigation of the difference, if it is significant, to determine the cause of the increase or
decrease.
Seven. Inquiry
 Inquiry of the client—the obtaining of written or oral information from the client in response to
questions during the audit.
 Inquiry cannot be regarded as conclusive because it is not from an independent source and may
e iased i the lie t’s fa our.
 As a illustratio , he the auditor a ts to o tai i for atio a out the lie t’s ethod of
recording and controlling accounting transactions, he or she usually begins by asking the client
how internal controls operate. Later, the auditor performs a walk-through and tests of controls
to determine if the controls function as described.
Note 8: Analysis
The CICA issued CAS 520, Analytical Procedures, to expand on guidance regarding the use of analysis as
an audit procedure. The section emphasizes that analysis can be used at all phases of audit planning, as
a substantive procedure, and in the overall evaluation phase.
Along with knowledge of the client’s usi ess, the auditor a use a al ti al pro edures to
help ake the assess e t of a o pa ’s a ilit to o ti ue as a goi g o er
possibly indicate misstatements that require further investigation (through unusual fluctuations in
accounts)
reduce the extent of other tests of detail.

Analysis involves comparison of data and ratio analysis. It can be internal client or industry data, prior
periods, expected results from the client (budget) or auditor, or other non-financial data. Technology
provides many tools to help the auditor perform analytical procedures.
What are the five evidence decisions that need to be made?
After identifying the risk associated with audit objectives (1), the auditor needs to select audit
procedures (2), choose sample size (3), decide on items to select (4), and determine the timing of the
actual conduct of the procedures (5).

lOMoARcPSD|3286997
What does the auditor ea y the phrase suffi ie t appropriate audit evide e ?
The auditor needs to have enough evidence that is relevant to the financial statement accounts to state
an opinion on the financial statements.
How does the auditor choose the type of evidence to collect?
The auditor uses criteria such as the independence of the provider, the effectiveness of internal
controls, the qualifications of the provider (including the auditor), and the objectivity of the evidence in
the context of the specific financial statement assertions that are being examined, as well as the overall
risk of the engagement and the materiality of the account or balance.
Describe the times when particular types of evidence collection are mandated.
The auditor needs to evaluate and test internal controls when substantive procedures are not sufficient,
conduct tests of the financial statement closing process, and perform tests of detail when the risk of
material misstatement for an account or transaction stream is high.
Describe five major types of analytical procedures.
Client data can be compared with industry data, prior-period data, client-determined expected results,
auditor-determined expected results, or non-financial data.

Revision Notes Principles of Auditing Chapter 1 8

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Revision Notes Principles of Auditing Chapter 1 8

Transféré par

Droits d'auteur :

Formats disponibles

lOMoARcPSD|3286997

Revision Notes Principles Of Auditing Chapter 1 8

Principles of Auditing (Athabasca University)

StuDocu is not sponsored or endorsed by any college or university

1. What is the role of professional accountants?

a. They assess risk of errors or fraud, provide examinations of controls, audit

2. What is the role of the auditor?

a. As businesses become more complex and need more reliable information,

3. What is the definition of auditing?

a. Auditing is the accumulation and evaluation of evidence about information to

a. There must be information in a verifiable form and some standards (criteria) by

Downloaded by Learning Space Tutors (olaoyeoj@gmail.com)

e. For more subjective information, such as auditing the effectiveness of computer

Downloaded by Learning Space Tutors (olaoyeoj@gmail.com)

8. Explain the difference between auditing and accounting.

a. Accounting is the recording, classifying, and summarizing of economic events in

9. Explain the economic demands for auditing.

a. Publicly accountable organizations, such as businesses listed on securities

Downloaded by Learning Space Tutors (olaoyeoj@gmail.com)

Assurance and Non-Assurance Services

12. What are assurance services?

a. Assurance engagements (services): are independent professional services that

Downloaded by Learning Space Tutors (olaoyeoj@gmail.com)

13. What are attestation services?

a. A large category of assurance services provided by accounting firms is attestation

a. Audit of historical financial statements

15. Explain Audit of historical financial statements

a. A major service provided by public accounting firms.

16. Explain review of historical financial statements.

a. Many smaller, non-public companies want to issue financial statements to various

Downloaded by Learning Space Tutors (olaoyeoj@gmail.com)

17. Explain Attestation on internal control over financial reporting

18. Explain Attestation services on information technology.

19. Explain other attestation services.

20. What are four types of Non-Assurance Services?

a. Compilation: A compilation involves the accountant preparing financial

Downloaded by Learning Space Tutors (olaoyeoj@gmail.com)

21. Auditors perform which primary four types of audits?

a. Financial Statement Audit: A financial statement audit involves the examination

b. Operational Audit: An operational audit focuses on the organization’s operating

c. Compliance Audit: A compliance audit is conducted to determine whether an

Downloaded by Learning Space Tutors (olaoyeoj@gmail.com)

management, or whether the organization is complying with the terms of certain

d. Comprehensive Audit: A comprehensive audit is a combination of all of the

22. What are the different types of auditors?

a. External Independent Auditors (Public Accountants):

Downloaded by Learning Space Tutors (olaoyeoj@gmail.com)

iv. Internal auditors are commonly employed by larger businesses, where it is

a. Accounting involves the actual preparation of underlying records, whereas

24. What are the major reasons for needing Auditing?

Downloaded by Learning Space Tutors (olaoyeoj@gmail.com)

i. Because of the complexity of many financial transactions, users of

What are the major differences in the scope of audit responsibilities?

Downloaded by Learning Space Tutors (olaoyeoj@gmail.com)

Chapter 2 Auditing Lesson 1

 “Big Four” international firms

3. Who issues Canadian Auditing and Assurance Standards?

4. Define Assurance Standards

Downloaded by Learning Space Tutors (olaoyeoj@gmail.com)

 They are issued by the Auditing and Assurance Standards Board.

5. Define Auditing and Assurance Standards Board (AASB)

 Auditing and Assurance Standards Board (AASB)—an independent Board of the