Auditing

Assurance and Risk

Third Edition
Knechel/Salterio/Ballou

Chapter 3
The Building Blocks
of Auditing

Concepts Underlying the

Audit Process
Management assertions about:
Financial statements.
Internal control.

Audit reporting.
Risk and materiality.
Audit procedures.
Risk evaluation.
Tests of accounting information.

Audit Evidence.

Management Assertions about

Financial Statements
Transactions

Occurrence
Completeness
Accuracy
Cutoff
Classification

Accounts Presentation and

Disclosure
Occurrence
Existence
Rights and
Rights &
obligations
obligations
Completeness Completeness
Classification &
Valuation &
understandability
allocation
Accuracy &
valuation

Management Assertions about

Internal Controls in an
Integrated Audit
An appropriate internal control framework has
been used by management to:
develop,
document, and
test its internal controls.

Management is responsible for internal control.

Must provide reasonable assurance that
financial statements are reliable.

Auditor Responsibilities
Errors and unintentional misstatements.
Fraudulent misstatements:
Fraudulent financial reporting.
Misappropriation of assets.
Illegal acts.
Going concern.

Fraud Types and Errors

Misappropriations of assets: employee
theft of corporate assets that leads to
material misstatements in the financial
statements.
Financial reporting fraud: management
or other parties intentionally manipulate
information in the financial statements.
Errors: unintentional misstatements or
omissions of financial information.

Responses to Increase in
Fraud Risk
Professional skepticism.
Assignment of more senior personnel
and more intense supervision.
Questioning of accounting policy
choices.
Reduce predictability of audit
procedures:
Change nature, extent, and timing of tests

What are the auditors

responsibilities regarding client
illegal acts?
The auditor must provide
reasonable
assurance of detection of illegal
acts that have a direct effect
on the financial statements.
The auditor provides no
assurance of detection of illegal
acts that have an indirect effect
on the financial statements.

Auditors Report on
Internal Control
The auditor must also audit the company's financial
statements.
The auditors report on the internal control audit is
really two reports:
A report over managements assessment of the
effectiveness of internal controls over financial reporting.
A report about the operating effectiveness of the internal
control over financial reporting carried out by the auditor.

Subject matter is control deficiencies: An internal

control system that does not allow management to
prevent or detect misstatements on a timely basis.

Insignificant Deficiency

Auditors Decisions
All decisions the auditor makes about his/her
two reports are conditioned on whether
managements report discloses material
weakness(es) and the resulting management
assessment.
Auditor may agree that management has reported all
material weaknesses (if any) in managements report
and reached the correct conclusion about control
effectiveness and hence issue an unqualified audit
opinion on managements assessment.
If a material weakness exists, the auditors only option
is an adverse opinion on internal control
effectiveness.

Possible Auditor Reports on

Internal Control over
Financial Reporting

Unqualified GAAS Audit Report on

Financial Statements
Report title:
Independent Accountants Report (or Auditors Report)

Address:
To the Shareholders of Ace Company:

Introductory paragraph:
We have audited the balance sheets of Ace Company as at
December 31, 200x and the statements of income, retained
earnings, and cash flows for the year then ended. These
financial statements are the responsibility of the Companys
management. Our responsibility is to express an opinion on
these financial statements based on our audits.

Scope paragraph:
We conducted our audits in accordance with generally
accepted auditing standards. Those standards require that we
plan and perform the audit to obtain reasonable assurance
about whether the financial statements are free of material
misstatement. An audit includes examining, on a test basis,
evidence supporting the amounts and disclosures in the
financial statements. An audit also includes assessing the
accounting principles used and significant estimates made by
management, as well as evaluating the overall financial
statement presentation.

BUT

In the U.S.,GAAS no longer applies to public

companies. Instead, report is in accordance
with the standards set by the Public Company
Accounting Oversight Board.

Opinion paragraph:
In our opinion, these financial statements present fairly, in
all material respects, the financial position of Ace
Company as at December 31, 200x and the results of its
operations and its cash flows for the year then ended in
accordance with COUNTRY name generally accepted
accounting principles.

Name of firm:
Taylor & Tower, CPAs

City:
Anywhere, any country

Audit report date:

February 27, 200x+1

field work
completion
date

Types of Audit Opinions

Unqualified - statements present fairly
versus
Reservation of opinion (three types)

Reservations of Opinion
Qualified - Except for one or more
exceptions, statements present fairly.
Adverse - Statements do not present
fairly.
Denial/Disclaimer - No opinion.

Core Audit Concepts

Materiality

Risk

Evidence

REM
Risk: Deals with the reality that an auditor
can never be completely certain that the
assertions they are auditing are entirely
free of material omissions or
misstatements.
Audit Evidence: Any information that
gives the auditor an indication whether an
assertion is true or not.
Materiality: The significance of financial
statement information to decision makers.

Strategic Risk
Strategy is how a company creates value.
Environment and industry.
Competitive advantage.
How business risks arise from the environment or
competitive advantage.
How the client manages business risks.

Engagement Risk
Litigation: The extent to which a firm
may be subject to lawsuits arising from
their involvement with a client.
Regulatory penalties: Imposed by
government bodies (SEC, PCAOB).
Loss of reputation: Individually and for
firm.
Lack of profitability: The possibility that
fees will not yield an adequate profit
margin on the engagement.

Audit Risk
ISA 300 defines:
Audit Risk = f (risk of material misstatement,
detection risk)
Risk of material misstatement: the risk that the
financial statements are misstated prior to audit.
Detection risk: the risk that the auditor will not detect
a material misstatement that exists in an assertion.
Applies to both financial statements taken as a whole
and to classes of transactions, specific accounts,
and individual disclosures.

Audit Risk Definitions

Audit Risk: The likelihood that an auditor will
conclude that a set of assertions is free of material
misstatement when that is not the case.
Risk of Material Misstatement: The risk
that financial statements are misstated prior
to the conduct of the audit.

Inherent Risk

Control Risk

Detection Risk: The risk that an

auditor will not detect an existing
misstatement in an assertion.

The Audit Risk Model

Audit
=
Risk

Risk of
Material
Misstatemen
t
Risk assessment and
results of knowledge
acquisition

Detectio
X
n Risk

Focus of
substantive
testing

Risk of Material Misstatement

Business risks associated with the clients
industry, strategy and organizational choices.
Susceptibility of assets to theft.
Ease at which information can be manipulated.
Information processing risks.
Challenges associated with accounting for
nonroutine or complex transactions.
Risks associated with judgments utilized for
accounting estimates.
Limitations that prevent internals controls from
working

Why does detection risk exist?

Sampling Risk: The auditor does not examine
all transactions
Nonsampling Risk:
1. The auditor may select ineffective audit
procedures.
Lack of knowledge, training, or supervision

2. The auditor may apply procedures

ineffectively.

Lack of training, supervision, or personal indifference

(lack of work ethic)

3. The auditor may incorrectly evaluate the

results of procedures.
Bias, lack of independence, or lack of knowledge.

What is
materiality?
The magnitude of an omission or misstatement
of accounting information that, in light of
surrounding circumstances, makes it probable
that the judgment of a reasonable person relying
on the information would have been changed or
influenced by the omission or misstatement.

Quantitative Judgments
about Materiality

5% of income from continuing operations.

Multiple bases of materiality may be
appropriate.
Industry-specific guidance, such as:
% to 2% of total expenses or revenues for a
not-for-profit.
% to 1% of net asset value in the mutual
fund industry.
1% of revenue in the real estate industry.

Assessing Qualitative Materiality

Effects on trends.
Changes a loss to income or vice versa.
Compliance with debt covenants loan agreements.
Misstatements that increase management
compensation.
Fraud or illegal acts (i.e., sensitivity).
Motivation of management:
Earnings management.
Management bias.
Misstatement due to known control weaknesses that
management will not correct.

Assessing Identified
Misstatements
Quantitative Materiality
The auditor should consider identified
misstatements individually and in the aggregate.
Aggregate misstatements should be considered in
relation to individual amounts, subtotals, or totals
in the financial statements, to determine if they
materially misstate the financial statements taken
as a whole.
Qualitative Materiality
The nature of the misstatement may be important.

Conceptual Model of the Audit Process

Management
Assertions

Audit
Procedures

Audit
Conclusions

Audit
Evidence

Types of Audit Procedures

Risk Assessment
Procedures to understand the clients environment.
Procedures to understand and evaluate internal control.
Preliminary analytical procedures.
Substantive Testing of Financial Information
Substantive analytical procedures.
Tests of transactions.
Tests of accounts.
Tests of presentation and disclosure.

 Which Yield Evidence

Inspection (examination) of tangible assets.

Confirmation.
Inspection of documents and records.
Observation.
Recalculation and reperformance.
Analysis.
Client inquiry.

 of Different Quality

Relevance to the assertion.

Independence of the provider.
Qualifications of the provider.
Extent of auditors direct knowledge.
Level of objectivity.
Reliability and extent of internal processing.

The Relationship of Evidence

to the Audit Report
Financial
Statements

Effects on Audit Report

Management
Assertions
Material Effects on F/S?
Audit
Procedures
Evidence

Competence of evidence?

Regulation of the Audit

Generally Accepted Auditing Standards (or
national regulatory standards):
General (planning and supervision).
Fieldwork.
Reporting.
Ethical standards:
Objectivity and independence.
Professional skepticism.
Quality control standards.