Top Auditing Issues FOR 2015 CPE COURSE BONUS CPE COURSE! PERRY M. HENDERSON, CPA, MPA JAMES L. ULVOG, CPA

Transcription

1 Top Auditing Issues FOR 2015 CPE COURSE PERRY M. HENDERSON, CPA, MPA JAMES L. ULVOG, CPA BONUS CPE COURSE! Earn CPE Credit and stay on top of key Accounting issues. Go to CCHGroup.com/PrintCPE

2 Top Auditing Issues FOR 2015 CPE COURSE Perry M. Henderson, CPA, MPA James L. Ulvog, CPA 1

3 Contributors Technical Review... Kelen Camehl Production Coordinator... Mariela de la Torre; Jennifer Schencker Production... Lynn J. Brown This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the services of a competent professional person should be sought CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago, IL CCHGroup.com No claim is made to original government works; however, within this Product or Publication, the following are subject to CCH Incorporated s copyright: (1) the gathering, compilation, and arrangement of such government materials; (2) the magnetic translation and digital conversion of data, if applicable; (3) the historical, statutory and other notes and references; and (4) the commentary and other materials. 2

4 Introduction CCH's Top Auditing Issues for 2015 CPE Course helps professionals stay abreast of the most significant new auditing standards and important developments. It does so by identifying the events of the past year that have developed into hot issues and by reviewing the opportunities and pitfalls presented by these changes. This course is structured in four Modules. The first Module covers risk assessment and audit documentation. Chapter 1 provides a top-level summary and overview of the definitions and significant requirements of the Risk Assessment sections of the Clarified Statements on Auditing Standards, and additional practical implementation guidance in selected key areas. Chapter 2 provides in-depth coverage of the AICPA s AU-C section 230, Audit Documentation, and a summary of the documentation requirements lodged in other AU-C sections. The content of Module 1 is: Chapter 1 Risk Assessment Standards Overview Chapter 2 Audit Documentation The second Module covers Financial Reporting Framework for Small- and Medium-sized Enterprises. Chapter 3 introduces FRF for SMEs and provides an overview of the accounting model. Chapter 4 describes the general principles for the statements of financial position, operations, and cash flow. It also describes the very brief guidance in the framework for derivatives and sales of financial assets. Treatment of changes in accounting principle and correction of errors is described. Chapter 5 describes the requirements in the framework for inventory, PP&E, discontinued operations, and equity. It also covers the broader, general topics of commitments, contingencies, related party transactions, and subsequent events. Chapter 6 describes the accounting for investments, with a focus on the simplicity in the FRF for SMEs framework. Consolidation and acquisition of another entity through business combination is explained. Chapter 7 describes the general principles used to guide revenue recognition. It also describes the accounting for intangible assets and leases. Chapter 8 describes the accounting for retirement and other postemployment benefits and also income taxes. Both areas are noticeably simpler than the corresponding rules in GAAP. The content of Module 2 is: Chapter 3 FRF for SMEs An Alternative to GAAP Introduction Chapter 4 FRF for SMEs An Alternative to GAAP Basic Financial Statements Chapter 5 FRF for SMEs An Alternative to GAAP General Issues Chapter 6 FRF for SMEs An Alternative to GAAP Investments and Consolidation Chapter 7 FRF for SMEs An Alternative to GAAP Revenue, Intangibles, Leases Chapter 8 FRF for SMEs An Alternative to GAAP Pensions, Income Taxes The third Module covers a mix of topics dealing with quality control and peer review, internal audit, and GAAP relief for private business. Chapter 9 summarizes the definitions and requirements of SQCS 8, relevant to the monitoring element of quality control, the provisions of PRP Section 10,000, and provides commentary on the elements of an effective monitoring program, and offers guidance on monitoring steps for practical implementation. Chapter 10 summarizes the definitions and requirements of SQCS 8, relevant to engagement quality control review, provides commentary on the elements of an effective engagement quality control review program, and 3

5 offers practical implementation guidance. Chapter 11 provides an update and overview of important changes affecting both the administrative processes, substantive requirements, and their practical implications for the peer review process. Chapter 12 reviews the Statement on Auditing Standards Number 128, Using the Work of Internal Auditors (SAS 128) issued by the Auditing Standards Board. Chapter 13 describes the alternatives identified by the Private Company Council (PCC) to simplify accounting requirements for private business. The content for Module 3 is: Chapter 9 Monitoring as an Element of Quality Control Chapter 10 Engagement Quality Control Review Chapter 11 Peer Review Update Chapter 12 Using the Work of Internal Auditors Chapter 13 Private Company Council Relief from some GAAP Rules for Private Business The fourth Module covers audit evidence and consideration for fraud. Chapter 14 is intended as a top-level summary and overview of the significant definitions and requirements of the twelve pronouncements that make up the Audit Evidence section of the clarified audit standards. Chapter 15 examines fraud in the financial statement audit from an academic and professional perspective that is concerned with conceptual models, and a professional liability insurance company s claims experience. The content of Module 4 is: Chapter 14 Audit Evidence Chapter 15 Fraud in a Financial Statement Audit Study Questions. Throughout the course you will find Study Questions to help you test your knowledge, and comments that are vital to understanding a particular strategy or idea. Answers to the Study Questions with feedback on both correct and incorrect responses are provided in a special section beginning at 10,100. Quizzer. This course is divided into four Modules. Take your time and review all course Modules. When you feel confident that you thoroughly understand the material, turn to the CPE Quizzer. Complete one, or all, Module Quizzers for continuing professional education credit. Go to CCHGroup.com/PrintCPE to complete your Quizzer online. The CCH Testing Center website lets you complete your CPE Quizzers online for immediate results and no Express Grading Fee. Your Training History provides convenient storage for your CPE course Certificates. Further information is provided in the CPE Quizzer instructions at 10,200. November 2014 Perry M. Henderson, CPA, MPA James L. Ulvog, CPA CCH'S PLEDGE TO QUALITY Thank you for choosing this CCH Continuing Education product. We will continue to produce high quality products that challenge your intellect and give you the best option for your Continuing Education requirements. Should you have a concern about this or any other CCH CPE product, please call our Customer Service Department at

6 COURSE OBJECTIVES Upon completion of this course, the reader should be able to: List key requirements of the risk assessment standards and describe the effects of the auditor s risk assessment on the nature, timing and extent of further audit procedures List the audit documentation requirements of the AICPA s AU-C section 230, Audit Documentation, and describe current implementation issues in the practical application of audit documentation standards Describe the Reporting Framework for Small- and Medium-Sized Entities. (FRF for SMEs) and identify the type of entities for which FRF for SMEs is most appropriate Describe the general financial statement recognition and presentation concepts contained in the FRF for SMEs framework Describe the FRF for SME requirements for inventory, long-lived assets, stock-based compensation, related party transactions, subsequent events, subsidiaries, and investments Describe the criteria for recognizing, measuring, and amortizing goodwill and other intangible assets Identify the accounting policy choices in accounting for income taxes, retirement, and other postemployment benefits List the requirements of Statements on Quality Control Standards No. 8, A Firm s System of Quality Control (SQCS 8) related to monitoring and explain their application to a variety of practical situations List the requirements of Statements on Quality Control Standards No. 8, A Firm s System of Quality Control (SQCS 8) related to engagement quality control review and explain their application to a variety of practical situations Identify changes to previous peer review practice created by the revised Peer Review Program Manual Describe the factors used to evaluate whether the internal audit function can be used to obtain audit evidence List the types of entities which generally may elect to follow the accounting treatments approved by FASB and PCC Describe the three alternative accounting approaches approved by PCC, including the effective date and transition Explain significant audit planning and performance requirements related to audit evidence and recognize areas of significant audit risk that require specific forms of audit evidence Explain the various conceptual models for assessing fraud risk and the implications of evolving models of fraud risk and malpractice claims experience for audit practice One complimentary copy of this course is provided with certain copies of CCH publications. Additional copies of this course may be downloaded from CCHGroup.com/PrintCPE or ordered by calling (ask for product ). 5

7 About the Author Perry M. Henderson has over thirty years of experience in public accounting. For over twenty years, he has been a sole practitioner providing audit and accounting services to nonprofit organizations and privately held businesses. He has performed peer reviews of about five hundred accounting firms and has served on the Peer Review Committee and Professional Conduct Committee of the California Society of CPAs, and the Executive Committee of the AICPA Governmental Audit Quality Center. He is the author of the CPA's Guide to Quality Control and Peer Reviews, and of Top Auditing Issues since He also has contributed material to several other CCH publications, and to various publications of the AICPA and the California Society of CPAs. Mr. Henderson holds a bachelor's degree from Claremont McKenna College and a master's degree in public administration from the University of Oklahoma. He has been as an adjunct faculty member at the University of Redlands. His greatest ambition in life is to become a character in a Jimmy Buffett song. James L. Ulvog gained seventeen years of experience in public accounting prior to starting his own accounting firm with the focus of serving the non-profit community. Since starting his own firm, Mr. Ulvog has worked with over fifty different NPOs, including twenty-one churches and thirteen organizations with an international focus. Prior to January 2002, Mr. Ulvog was a Senior Audit Manager at a national accounting firm widely recognized for its expertise in serving the non-profit community. During thirteen years at the firm, he gained extensive hands-on experience working with medium-to-large churches and non-profit organizations. He also performed twenty audits of field programs during the course of eleven overseas trips. Mr. Ulvog has written eight continuing education courses for CCH, all of which address compilation and review services. Other public accounting experience was with two of the international accounting firms, where he served for over four years. His audit experience included engagements with financial institutions, construction companies, insurance and investment companies, and colleges. Mr. Ulvog graduated with honors from the University of Maryland and earned his MBA from the University of South Dakota. He is a member of the American Institute of Certified Public Accountants and the California Society of CPAs. 6

8 Contents MODULE 1: RISK ASSESSMENT AND AUDIT DOCUMENTATION 1 Risk Assessment Standards Overviews Welcome Learning Objectives Introduction Definitions Requirements Audit Documentation Welcome Learning Objectives Introduction Nature and Purpose of Audit Documentation Objectives Definitions Requirements Considerations for Smaller, Less Complex Entities Permanent File Documentation Relationship to Other Auditing Literature MODULE 2: FINANCIAL REPORTING FRAMEWORK FOR SMALL- AND MEDIUM-SIZED ENTERPRISES 3 FRF for SMEs An Alternative to GAAP Introduction Welcome Learning Objectives Introduction What is FRF for SMEs, Where did it Come From, and Where Does it Fit in the World of Accounting Rules? FRF for SMEs An Alternative to GAAP Basic Financial Statements Welcome Learning Objectives Introduction Statement of Financial Position General Principles for Certain Financial Assets and Liabilities Financial Instruments with Liability and Equity Components Accounting Changes and Correction of Errors FRF for SMEs An Alternative to GAAP General Issues Welcome Learning Objectives Introduction Inventories PP&E

9 Disposal of Long-Lived Assets and Discontinued Operations Equity Commitments Contingencies Related Party Transactions Subsequent Events FRF for SMEs An Alternative to GAAP Investments and Consolidation Welcome Learning Objectives Introduction Equity, Debt, and Other Investments Subsidiaries Consolidated Financial Statements and Noncontrolling Interests Business Combinations New Basis (Push-Down) Accounting FRF for SMEs An alternative to GAAP Revenue, Intangibles, Leases Welcome Learning Objectives Introduction Intangible Assets Revenue Leases Nonmonetary Transactions FRF for SMEs An Alternative to GAAP Pensions, Income Taxes Welcome Learning Objectives Introduction Retirement and Other Postemployment Benefits Income Taxes MODULE 3: QUALITY CONTROL, PEER REVIEW, INTERNAL AUDIT, AND PCC 9 Monitoring as an Element of Quality Control Welcome Learning Objectives Introduction Definitions Requirements Elements of a Monitoring Program Monitoring Steps Engagement Quality Control Review Welcome Learning Objectives

10 Introduction Definitions Requirements Commentary Peer Review Update Welcome Learning Objectives Introduction Peer Review Information System Manager (Prism) Peer Review Program Manual Updates Becoming a Peer Reviewer Using the Work of Internal Auditors Welcome Learning Objectives Introduction Presumptively Mandatory Requirements Gathering Audit Evidence Determining Whether, and in Which Areas, the Internal Audit Function can be Used to Obtain Audit Evidence and to What Extent Direct Assistance Determining Whether the Internal Audit Function can be Used to Provide Direct Assistance and to What Extent Private Company Council Relief from Some GAAP Rules for Private Business Welcome Learning Objectives Introduction Items on the Agenda Framework for Private Company Council Goodwill Interest Rate Swaps Consolidation of Variable Interest Entities that Provide Leasing Audit Opinions and Accountant s Reports MODULE 4: AUDIT EVIDENCE AND CONSIDERATION OF FRAUD 14 Audit Evidence Welcome Learning Objectives Introduction Audit Evidence Audit Evidence Specific Considerations for Selected Items External Confirmations Opening Balances Analytical Procedures Audit Sampling

11 Auditing Accounting Estimates Related Parties Subsequent Events and Subsequently Discovered Facts Going Concern Written Representations Consideration of Omitted Procedures Fraud in a Financial Statement Audit Welcome Learning Objectives Introduction Evolving Models of Fraud Risk Malpractice Claims Involving Fraud Answers to Study Questions... 10,100 Module 1 Chapter ,101 Module 1 Chapter ,102 Module 2 Chapter ,103 Module 2 Chapter ,104 Module 2 Chapter ,105 Module 2 Chapter ,106 Module 2 Chapter ,107 Module 2 Chapter ,108 Module 3 Chapter ,109 Module 3 Chapter ,110 Module 3 Chapter ,111 Module 3 Chapter ,112 Module 3 Chapter ,113 Module 4 Chapter ,114 Module 4 Chapter ,115 CPE Quizzer Instructions... 10,200 CPE Quizzer Questions: Module ,301 CPE Quizzer Questions: Module ,302 CPE Quizzer Questions: Module ,303 CPE Quizzer Questions: Module ,304 Answer Sheets... 10,400 Module ,401 Module ,402 Module ,403 Module ,404 Evaluation Form... 10,500 CCH Learning Center... 10,600 10

12 CHAPTER 1: Risk Assessment Standards Overview 101 WELCOME This chapter provides a top-level summary and overview of the definitions and significant requirements of the Risk Assessment sections of the Clarified Statements on Auditing Standards, and additional practical implementation guidance in selected key areas. 102 LEARNING OBJECTIVES Upon completion of this chapter, the reader should be able to: Define key terms related to risk assessment List key requirements of the risk assessment standards Describe procedures applicable to planning an audit, including the auditor's risk assessment Describe the effects of the auditor's risk assessment on the nature, timing and extent of further audit procedures 103 INTRODUCTION The Clarified Statements on Auditing Standards contain six AU-C sections under the heading of Risk Assessment and Response to Assessed Risks: AU-C Section 300, Planning an Audit AU-C Section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement AU-C Section 320, Materiality in Planning and Performing an Audit AU-C Section 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained AU-C Section 402, Audit Considerations Relating to an Entity Using a Service Organization AU-C Section 450, Evaluation of Misstatements Identified During the Audit With the adoption of the Clarified Standards effective for audits of periods ended on or after December 31, 2012, these Sections effectively replaced the previously existing Statements on Auditing Standards (SAS) Nos This revision did not see significant new requirements in this group of standards. As with the Clarity project in general, there has been some reorganization of content. The many unconditional requirements of the previous standards have all been changed to presumptively mandatory requirements those that should, rather than must be observed. The Application and Other Explanatory Material (AOEM) now provides many of the detailed procedures/considerations that were previously contained within the requirements. This chapter provides a top-level summary and overview of the definitions and significant requirements of these Sections, and additional practical implementation guidance in selected key areas. 11

13 104 DEFINITIONS These Sections define the following terms for purposes of generally accepted auditing standards (GAAS): Assertions Representations, whether explicit or otherwise, made by management and embodied in the financial statements used by the auditor to consider the different types of potential misstatements that may occur. OBSERVATION The AOEM to AU-C Section 315 notes that assertions used by auditors to consider the types of misstatements that may occur fall into three categories: Assertions about transaction classes and events, such as: - Occurrence - Completeness - Accuracy - Cutoff - Classification Assertions about account balances at period end: - Existence - Rights and obligations - Completeness - Valuation and allocation Assertions about presentation and disclosure: - Occurrence - Rights and obligations - Completeness - Classification - Understandability - Accuracy - Valuation Business Risk A risk resulting from significant conditions, circumstances, events, actions or inactions that could adversely affect an entity's ability to: Achieve its objectives Execute its strategies Avoid setting inappropriate objectives or strategies Complimentary User Entity Controls Controls that a service organization assumes will be implemented by user entities. These controls are identified in the service organization's description of its system if they are necessary to achieve its control objectives. Internal Control A process effected by management, those charged with governance, and others that is designed to provide reasonable assurance about the achievement of the entity's objectives with respect to: The reliability of financial reporting The effectiveness and efficiency of operations Compliance with applicable laws and regulations 12

14 Controls over the safeguarding of assets against unauthorized use, acquisition or disposition may include controls related to both financial reporting and operating objectives. Misstatement A difference between a reported amount, classification, presentation or disclosure in the financial statements and that which is required for those statements to be fairly presented in accordance with the applicable financial reporting framework. Misstatements can arise from fraud or error. OBSERVATION The term applicable financial reporting framework replaces the term basis of accounting as used in previous Standards. Performance Materiality Amount or amounts set by the auditor at less than materiality for the financial statements as a whole, for the purpose of reducing the probability that the aggregate of undetected and uncorrected misstatements will exceed materiality for the statements as a whole. This term also refers, when applicable, to amounts less than the materiality levels for particular account balances, transaction classes, or disclosures. Relevant Assertion A financial statement assertion that has a reasonable possibility of containing one or more misstatements that would cause material misstatement of the financial statements. The determination of whether an assertion is relevant is made without regard to the effect of internal controls. Risk Assessment Procedures Audit procedures performed to: Gain an understanding of the entity, its environment, and its internal control Identify and assess risk of material misstatement, caused by either fraud or error, at the: - Financial statement level - Relevant assertion level Service Auditor A practitioner who reports on controls at a service organization. Service Organization An organization that provides services to a user entity that are relevant to its internal control over financial reporting. Service Organization's System The policies and procedures designed, implemented and documented by the service organization's management to provide user entities with the services covered by the service auditor's report. Management's description of the service organization's system identifies the: Services covered Period or date to which the description relates Specified control objectives Party specifying the control objectives, if not specified by management Related controls Significant Risk An identified and assessed risk of material misstatement that requires special consideration in the auditor's professional judgment. 13

15 Subservice Organization A service organization used by another service organization to perform some of the services provided to user entities. Substantive Procedure An audit procedure designed to detect material misstatements at the assertion level. These procedures comprise: Tests of details Substantive analytical procedures Tests of Controls Audit procedures designed to evaluate the operating effectiveness of controls in preventing, or in detecting and correcting material misstatements at the assertion level. Type 1 Report A report on management's description of a service organization's system and the suitability of the design of controls, that comprises: Management's description of the system Certain written assertions by management with respect to the system A service auditor's opinion on management's assertions Type 2 Report A report on management's description of a service organization's system and the suitability of the design and operating effectiveness of controls, that comprises: Management's description of the system Certain written assertions by management with respect to the system A service auditor's opinion on management's assertions, including a description of the auditor's tests of controls and their results Uncorrected Misstatements Misstatements accumulated by the auditor that have not been corrected. User Auditor An auditor who audits and reports on the financial statements of a user entity. User Entity An entity using a service organization, and whose financial statements are being audited. STUDY QUESTIONS 1. AU-C Section 315 identifies certain assertions which it groups into which of the following broad categories? a. Existence, rights and obligations, completeness, and valuation and allocation b. Account balances at period end, classes of transactions and events, and presentation and disclosure c. Occurrence, rights and obligations, completeness, classification, understandability, accuracy and valuation 14

16 d. Occurrence, completeness, accuracy, cutoff, and classification 2. Which of the following statements regarding the term relevant assertion is correct? a. Auditors should consider the effects of internal control in determining the relevance of an assertion. b. A relevant assertion is a financial statement assertion that has a reasonable possibility of containing a material misstatement. c. A relevant assertion is an explicit representation by management that is embodied in the financial statements. d. Auditors should deem assertions that have at least a remote possibility of containing one or more material misstatements to be relevant assertions. 105 REQUIREMENTS Throughout all AU-C Sections, presumptively mandatory requirements are signaled by the word "should." Auditors must comply with presumptively mandatory requirements in all cases in which they are relevant, except in rare circumstances when that procedure would not be effective in achieving the intent of the requirement. AU-C Sections also contain AOEM paragraphs which are cross-referenced to the related requirements. They provide additional guidance and explanations for carrying out the requirements of the standard. These are an integral part of each requirement. Even though they contain no requirements, auditors should read and understand their entire text, and should be prepared to justify departures from them in their work. These Sections contain only presumptively mandatory requirements. There are no unconditional requirements. The following sections provide an overview, by AU-C Section, of the significant performance requirements of these Sections. The documentation requirements are covered in detail in the chapter entitled "Audit Documentation". AU-C Section 300, Planning an Audit AU-C Section 300 states that planning an audit involves establishing an overall audit strategy, and developing an audit plan. The auditor's objective is to plan the audit so that it will be effectively performed. This Section contains the following requirements: Involvement of key engagement team members. The engagement partner and other key engagement team members should be involved in planning the audit. This includes planning and participating in an engagement team discussion. Preliminary engagement activities. At the beginning of the audit, auditors should: Evaluate whether the client and engagement should be continued. Evaluate compliance with relevant ethical requirements. Establish an understanding of the terms of the engagement. Planning activities. Auditors should establish an overall audit strategy that: Sets the scope, timing and direction of the audit Guides the development of the audit plan In establishing an overall audit strategy, auditors should: Identify engagement characteristics that define its scope 15

17 Ascertain the reporting objectives in order to plan: - Engagement timing - The nature of required communications Consider factors that in the auditor's professional judgment are significant in directing the engagement team Consider the results of preliminary engagement activities Consider, if applicable, knowledge gained on other engagements performed for the entity Ascertain the nature, timing and extent of resources needed to perform the audit Auditors should develop an audit plan that describes: The planned risk assessment procedures The nature and extent of planned further audit procedures at the relevant assertion level Other planned procedures required to achieve conformity with GAAS OBSERVATION Audit plan is the term used in the Clarified Standards for what is commonly known as the audit program. Auditors should also: Update and change the overall audit strategy and audit plan as needed during the audit Plan the nature, timing and extent of the direction and supervision of the engagement team and the review of its work Involvement of specialists. Auditors should consider whether specialized skills are needed to perform the audit. If so, they should: Seek the assistance of a professional possessing such skills. Have sufficient knowledge to: - Communicate the objectives of that professional's work - Evaluate whether the specified audit procedures will meet the auditor's objectives - Evaluate the results Initial audits. Before starting an initial audit, auditors should: Ensure that appropriate procedures for the acceptance of the client and engagement have been followed, and that their conclusions are appropriate Communicate with the predecessor auditor, when there has been a change of auditors STUDY QUESTION 3. According to AU-C Section 300, a properly developed audit plan should describe: a. Characteristics that define the scope of the engagement b. The nature and extent of planned further audit procedures at the financial statement level c. Planned risk assessment procedures d. Knowledge obtained on other engagements performed for the entity 16

18 AU-C Section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement AU-C Section 315 addresses the auditor's responsibility to identify and assess the risks of material misstatement to the financial statements through understanding the entity, its environment, and its internal control. The auditor's objective is to identify and assess those risks, whether due to fraud or error, at the financial statement and relevant assertion levels through developing such an understanding, in order to provide a basis for designing and implementing responses to those assessed risks. AU-C Section 315 contains the following requirements: Risk assessment procedures and related activities. Auditors should perform risk assessment procedures to provide a basis for identifying and assessing risks of material misstatement at the financial statement and relevant assertion levels. These procedures in themselves, do not, however, provide sufficient appropriate evidence to support an audit opinion. Risk assessment procedures should include: Inquiries of management and others who may have information to assist in identifying risks of material misstatement caused by fraud or error Analytical procedures Observation and inspection Auditors should consider: Whether information obtained from the following is relevant to identifying risks of material misstatement: - The client and engagement acceptance and continuance process - Information obtained from other engagements, if any, performed for the entity The results of the fraud risk assessment, along with other information obtained in identifying risks of material misstatement Auditors should determine if they intend to use information from a previous audit or experience with the entity, whether changes have occurred that would affect its relevance to the current audit. The engagement partner should: Conduct a discussion with other key engagement team members about: - The susceptibility of the financial statements to material misstatement - The application of the applicable financial reporting framework to the entity's facts and circumstances Determine which of the matters discussed are to be communicated to other team members Understanding the entity, its environment, and internal control. Auditors should obtain an understanding of the following matters related to the entity and its environment: Relevant industry, regulatory, and other external factors The applicable financial reporting framework The nature of the entity, including the following matters, to enable the auditor to understand account balances, transaction classes and disclosures expected in the financial statements: - Nature of operations - Ownership and governance structures - Investment types, plans, and objectives - Entity structure - Entity financing Selection and application of accounting policies (including changes), and whether they are: 17

19 - Appropriate for the entity's business - Consistent with the applicable financial reporting framework - Consistent with industry practice Entity objectives, strategies and related business risks that may lead to risks of material misstatement How management or others measure and review entity financial performance Auditors should obtain an understanding of the following matters related to internal control: The design and implementation of internal controls, which should be evaluated by performing procedures in addition to inquiry of entity personnel. The control environment, including and evaluation of whether: - There is a culture of honesty and ethical behavior. - The strengths of the control environment collectively provide a foundation for the other components of internal control. - Other control components are undermined by deficiencies in the control environment. Whether the entity has a process for: - Identifying business risks related to financial reporting - Estimating the significance of those risks - Assessing the likelihood of their occurrence - Deciding on actions to address risks If the entity has established a risk assessment process, the auditor should gain an understanding of the process and its results. When auditors identify risks that management failed to identify, they should evaluate: Whether management's process would have been expected to identify the risks. - If not, why the process failed to identify the risks. Whether the process is appropriate. Whether a significant deficiency or material weakness in internal control exists. If the entity has not established a risk assessment process, or if it is an informal process, auditors should: Discuss with management whether business risks related to financial reporting have been identified, and how they have been addressed. Evaluate whether the absence of a documented risk assessment process is appropriate in the circumstances, or determine whether it represents a significant deficiency or a material weakness in internal control. Auditors should obtain an understanding of: The information system, including processes related to financial reporting, such as: - Significant classes of transactions - Procedures for initiating, authorizing, recording, processing, correcting, transferring to the general ledger and reporting transactions in the financial statements. - Related accounting records - How the system captures events and conditions, other than transactions, that are significant to the financial statements. - The financial reporting process - Controls over journal entries How financial reporting roles and responsibilities, and significant financial reporting matters are communicated, both internally and externally. Control activities relevant to the audit, including the process of reconciling detailed records to the general ledger. 18

20 Entity responses to risks arising from IT. Major entity activities to monitor internal control over financial reporting. How remedial actions for internal control deficiencies are initiated. The nature of internal audit responsibilities, if applicable, including its activities and how it fits into the organizational structure. Sources of information used in the entity's monitoring activities, and the basis on which management assesses its reliability. OBSERVATION Auditors are not required to gain an understanding of all the control activities related to each significant transaction class, account balance, disclosure, or relevant assertion. Identifying and assessing risks of material misstatement. Auditors should identify and assess the risks of material misstatement at both the financial statement and relevant assertion levels, to provide a basis for designing and performing further audit procedures. For this purpose, they should: Identify risks throughout the process of obtaining and understanding of the entity and its environment. Assess identified risks and their pervasiveness to the financial statements as a whole. Relate identified risks to the potential for misstatement at the relevant assertion level, considering plans to test controls. Consider the likelihood of misstatement, including multiple misstatements, and whether it could result in material misstatement. Auditors should consider whether any of the risks identified are, in their professional judgment, significant risks. This consideration should exclude the effects of related internal controls, but should take into account: Whether the risk is a fraud risk Whether the risk is related to recent significant economic, accounting, or other developments The complexity of transactions Whether there are significant transactions with related parties. The degree of subjectivity in measurement. Transactions outside the normal course of business. Transactions that otherwise appear unusual. When auditors determine that a significant risk exists, they should obtain an understanding of the entity's relevant controls. Based on that understanding, they should evaluate whether those controls are suitably designed and implemented to mitigate the risk. Sometimes it is not possible or practicable to obtain sufficient appropriate audit evidence about a risk from substantive procedures alone. This is often true of high-volume transaction classes with highly automated processing and little human intervention. Controls over the associated risks therefore become relevant to the audit. Auditors should obtain an understanding of the entity's controls over these risks. Initial risk assessments at the assertion level may change during an audit as a result of additional audit evidence. Accordingly, auditors should modify further planned audit procedures as needed. OBSERVATION The AOEM to AU-C Section 315 contains appendices that provide examples of: Industry, regulatory and other external factors 19

21 Nature of the entity matters Objectives, strategies and business risk considerations Measurement and review of financial performance considerations Internal control components Conditions and events that may indicate risks of material misstatement STUDY QUESTIONS 4. An auditor's consideration of whether any of the risks identified are significant risks should take into account all of the following except: a. Whether the entity's internal controls would mitigate the risk b. Whether the risk is a fraud risk c. Whether the risk is related to recent significant economic developments d. Whether the transaction involves related parties 5. Auditors should identify and assess the risks of material misstatement at the: a. Financial statement and relevant assertion levels b. Transaction class, account balance and disclosure level c. Financial statement level only d. Relevant assertion level only AU-C Section 320, Materiality in Planning and Performing an Audit AU-C Section 320 addresses the auditor's responsibility to apply the concept of materiality in planning and performing an audit. The auditor's objective is to apply this concept appropriately. AU-C Section 320 recognizes that misstatements are considered to be material if they could reasonably be expected, individually or in the aggregate, to influence the economic decisions of statement users. Judgments about materiality are made in light of the surrounding circumstances, and may be affected by both the size and nature of a misstatement. Auditors make these judgments based on a consideration of the common financial information needs of the users as a group. The possible effects on specific individual users is not considered because their needs may vary widely. This Section states that materiality determination is a matter of professional judgment. It is reasonable for auditors to assume that financial statement users: Have a reasonable understanding of business and economic activities and accounting Are willing to study the financial statements with reasonable diligence Understand that financial statements are prepared, presented and audited to levels of materiality. Recognize that there are inherent uncertainties in the measurement of financial statement amounts. Make reasonable economic decisions based on financial statement information. Materiality determined in planning the audit does not necessarily dictate an amount below which uncorrected 20

22 misstatements will always be evaluated as immaterial. AU-C Section 320 contains the following requirements: Determining materiality and performance materiality. In establishing an overall audit strategy, auditors should determine materiality for the financial statements as a whole. Auditors should also: Determine lower levels of materiality for particular account balances, transaction classes or disclosures when misstatements in them could reasonably be expected to influence the economic decisions of users. Determine performance materiality in order to assess risks of material misstatement and design further audit procedures. Revision as audit progresses. Auditors should: Revise materiality during the audit if they become aware of information that would have caused them to determine different amounts initially. Determine whether it is necessary to revise performance materiality or further audit procedures when materiality is revised during the audit. STUDY QUESTION 6. AU-C Section 320 makes all of the following assumptions relating to financial statement users except: a. Financial statement users are willing to study the statements with appropriate diligence. b. They have a reasonable understanding of economic and business activities and accounting. c. The individual needs of specific individual financial statement users have been considered by the auditor in determining materiality. d. Financial statement users recognize that there are uncertainties inherent in the measurement of financial statement amounts. AU-C Section 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained This Section addresses the auditor's responsibility to design and implement responses to identified and assessed risks of material misstatement and to the audit evidence obtained. The auditor's objective is to obtain sufficient appropriate audit evidence about the assessed risks of material misstatement by designing and implementing appropriate responses to those risks. AU-C Section 330 contains the following requirements: Overall responses. Auditors should design and implement overall responses to assessed risks of material misstatement at the financial statement level. Audit procedures at the relevant assertion level. Auditors should design and perform further audit procedures based on, and responsive to, the assessed risks of material misstatement at the relevant assertion level. In designing those procedures, auditors should: Consider the reasons for the assessed risks of material misstatement at the relevant assertion level for each transaction class, account balance and disclosure, including: - Inherent risk, which is the likelihood of material misstatement due to particular characteristics of the transaction class, account balance or disclosure. 21

23 - Control risk, which is whether the risk assessment takes into account relevant controls. Obtain more persuasive evidence the higher the assessed risk. Tests of controls. Auditors should design and perform tests of controls to obtain evidence about their operating effectiveness if: Their risk assessment at the relevant assertion level includes an expectation that the controls are operating effectively, or Substantive procedures alone cannot provide sufficient appropriate evidence at the relevant assertion level. Auditors should obtain more persuasive evidence the greater the reliance they place on controls. In designing and performing tests of control, auditors should: Perform other procedures in combination with inquiry to obtain evidence about operating effectiveness of controls, including: - How the controls were applied at relevant times during the audit period - The consistency of application - By whom and by what means controls are applied - Whether the person performing the control has the necessary competence and authority to perform it effectively. Determine whether controls to be tested depend upon other controls, and if so, whether it is necessary to obtain evidence about their operating effectiveness. With respect to the timing of control tests, auditors should: Test controls for the particular time or throughout the period for which they plan to rely on them, subject to the following: - When using test results from an interim period, auditors should obtain evidence about significant changes since that period, and - Determine the additional evidence needed for the remaining period. - Test operating effectiveness of controls over risks that the auditor has determined to be significant in the current period. In determining whether to use the results of control tests from previous audits, consider certain specific factors detailed in this Section, including the effects of other control elements, and the risks of material misstatement. When using the results of control tests from previous audits, establish by means of inquiry and observation or inspection, the continuing relevance of that information. - Retest controls in the current audit when changes affect the relevance of the evidence from prior audits. - Retest at least some controls in each audit, and all controls at least every third audit. Evaluate whether substantive procedures indicate that controls are ineffective. Make specific inquiries to understand the potential consequences of observed deviations from controls upon which the auditor plans to rely. Substantive procedures. Auditors should: Design and perform substantive procedures for all relevant assertions related to each material transaction class, account balance and disclosure, irrespective of the assessed risks of material misstatement. Consider whether external confirmations are to be obtained as substantive procedures. Confirm accounts receivable except when any of the following apply: 22

24 - The overall balance is immaterial. - Confirmations would be ineffective. - The assessed level of risk of material misstatement at the relevant assertion level is low, and other planned procedures address the risk. OBSERVATION An auditor would ordinarily decide not to send out confirmation requests when prior experience with the client or the industry indicates that response rates will be low, or that responses will be inaccurate or unreliable. In this case, a subsequent collections test might be used to support the existence and valuation assertions for the accounts receivable. Perform substantive procedures related to the financial statement closing process, such as: - Agreeing or reconciling the statements with the underlying accounting records. - Examining material journal entries and other adjustments made during statement preparation. Perform substantive procedures that are specifically responsive to significant risks of material misstatement at the relevant assertion level. When those procedures consist only of substantive procedures, they should include tests of details. OBSERVATION In audits of small entities, auditors often decide that it is ineffective to test internal controls. When this is the case, and there is a significant risk of material misstatement at the relevant assertion level for a transaction class, balance or disclosure, this requirements means that auditors should include tests of details in their procedures, and should not rely solely on substantive analytical procedures. When substantive procedures are performed at an interim date, auditors should obtain a reasonable basis for extending the conclusions from the interim date to the period-end by performing : - Substantive procedures and tests of control for the remaining period, or - Further substantive procedures only, when considered sufficient If unexpected misstatements are detected at an interim date, auditors should evaluate whether to modify their risk assessments and planned substantive procedures for the remaining period. Selecting items for testing. In selecting items for tests of controls or details, auditors should determine the means of selection that are effective in meeting the purpose of the audit procedure. Adequacy of presentation and disclosure. Auditors should perform procedures to evaluate whether overall statement presentation and disclosures are in accordance with the applicable financial reporting framework. Evaluating audit evidence. Before the conclusion of the audit, auditors should evaluate whether the assessments of the risks of material misstatement at the relevant assertion level remain appropriate. Auditors should conclude whether sufficient appropriate audit evidence has been obtained. In so doing, they should consider all relevant evidence, regardless of whether it corroborates or contradicts the financial statement assertions. If sufficient appropriate evidence has not been obtained, auditors should attempt to obtain further evidence. If this is not possible, the auditor should express either a qualified opinion or a disclaimer. STUDY QUESTIONS 7. Auditors should test controls: a. When substantive procedures do not by themselves provide sufficient appropriate evidence at the relevant assertion level 23