Chapter 6 Performing an Integrated Audit

Copyright 2010 South-Western/Cengage Learning

Audit Opinion Formulation Process

LO1: Evolution in Standards on Conducting Integrated Audits

AS 2, approved by SEC on June 17, 2004 and was effective for audits of internal control over financial reporting required by Section 404(b) AS 5, approved by SEC on July 25, 2007 and is effective for audits of fiscal years ending on or after November 15, 2007 Major changes in guidance since the original issuance of AS 2 include:
Encouragement to both management and auditors to implement a top-down, risk-based approach Clarity in the definition of material weakness that there should be a reasonable possibility that a material misstatement could occur in an account balance

Evolution in Standards on Conducting Integrated Audits (continued)

Recognition that the external auditor can rely on the work of management in assessing internal controls, particularly on work performed by a competent and independent internal audit function Additional emphasis on the need to document the auditors reasoning process linking control deficiencies to specific tests of account balances Increased focus on improving audit efficiency by encouraging greater reliance on effective internal controls

LO2: Audit Reports on Internal Control over Financial Reporting

Requirements for the audit of internal control set out in Audit Standard No. 5 (AS 5), Para. 3
The auditors objective in an audit of internal control over financial reporting is to express an opinion on the effectiveness of the companys internal control over financial reporting. Because a companys internal control cannot be considered effective if one or more material weaknesses exist, to form a basis for expressing an opinion, the auditor must plan and perform the audit to obtain competent evidence that is sufficient to obtain reasonable assurance about whether material weaknesses exist as of the date specified in management s assessment. A material weakness in internal control over financial reporting may exist even when financial statements are not materially misstated

Unqualified Opinion on Internal Control over Financial Reporting

The auditors report on internal control is integrated with the report on the companys financial statements
The internal control report is contained in the same report that contains the opinion on the financial statements. An acceptable alternative is to issue two reports: one on the financial statements and the other on internal controls. However, if separate reports are issued, each report must refer to the other report The auditor provides an opinion on the effectiveness of internal control in the context of agreed upon criteria, that is, the COSO Internal Control, Integrated Framework The auditor recognizes and conveys to users that there are limitations of internal control that can affect its effectiveness in the future

Adverse Audit Opinion on Internal Control over Financial Reporting

An adverse report is issued when the auditor finds one or more material weaknesses in the clients internal control over financial reporting Auditor describes the weaknesses identified in managements report but does not discuss the actions being taken to overcome those problems Does not discuss whether the control weakness was first identified by management or by the auditor

LO3: Steps in an Integrated Audit

The Sarbanes-Oxley Act of 2002 requires publicly held companies to report on the effectiveness of their internal controls over financial reporting The Public Company Accounting Oversight Board requires external auditors to perform an integrated audit of the effectiveness of internal controls and financial reporting In essence, the auditor must attest to both the financial statements and management's assertions regarding the effectiveness of internal controls over financial reporting

Framework for Audit Evidence in an Integrated Audit

Important Elements of the Integrated Audit

Quality of internal control affects the reliability of financial statement data Control environment is pervasive and affects the process of recording transactions, making estimates, and making adjusting entries If the control environment is strong and the controls over transaction processing, adjusting, and estimating are good, then both management and the auditor would have a high degree of confidence that the financial accounts are fairly stated and financial disclosures are adequate

Important Elements of the Integrated Audit (continued)

A potential for misstatements exists in inputting, processing, estimating, or adjusting account balances There is always a need to perform some substantive testing of material account balances, but the nature, timing, and extent of that testing will depend on the quality of internal controls The auditors evidence is based on testing internal controls, testing transactions, and substantive tests of account balances, including substantive analytical procedures and direct tests of account balances

Implementing the Integrated Audit Within the Audit Opinion Formulation Process
Steps to implement an Integrated Audit
Update information about various risks Consider the possibility of account misstatements Complete preliminary analytical procedures Understand the clients internal controls Identify controls to test Make a plan to test the controls and execute that plan Consider the results of control testing Conduct substantive audit tests

Phases I and II of the Audit Opinion Formulation Process

Step1: Update Information about Various Risks
This requires auditors to identify
Account balances or related disclosures that are more likely to be materially misstated Potential causes of the misstatement Important processes that may affect one or more account balances

Step2: Consider the Possibility of Account Misstatements Step3: Complete Preliminary Analytical Procedures Step4: Understand the Clients Internal Controls

Types of Controls identified by PCAOB

Controls over significant, unusual transactions, particularly those that result in late or unusual journal entries Controls over journal entries and adjustments made in the period-end financial reporting process Controls over related-party transactions; Controls related to significant management estimates Controls that mitigate incentives for, and pressures on, management to falsify or inappropriately manage financial results

Step2: Consider the Possibility of Account Misstatements

Step4: Understand the Clients Internal Controls

Documenting significant accounts (including the relevant assertions of those accounts), the processes related to those accounts, and controls within those processes Documenting the other COSO control components, especially the control environment, risk assessment, and monitoring How management tests the effectiveness of important controls Identifying how management has corrected identified control deficiencies, where applicable Understanding managements monitoring of previously identified effective controls Evaluating how management assimilates data and the approach it

Phases III and IV of the Audit Opinion Formulation Process

Step 5: Identify Controls to Test
For formulating an opinion on the entitys internal controls For reducing substantive testing for the financial statement audit Evaluating the Control Environment, Risk Assessment, Information and Communication, and Monitoring Managements Process of Evaluating Internal Control

Managements Process of Evaluating Internal Control

In assessing whether the work of the internal auditor can be relied on, the auditor considers
The independence of the internal audit function from management The competency of the internal audit department The design and comprehensiveness of the internal audit testing approach The documentation of the internal audit testing Corroborating evidence, for example, selected tests of the same controls to validate the results achieved by internal audit

Phases III and IV of the Audit Opinion Formulation Process

Step 6: Make a Plan to Test the Controls and Execute that Plan
Concepts Affecting Control Testing
Computerized Controls Manual Controls:
Authorizations Reconciliations Segregation of duties Review for unusual transactions

Adjusting Entries Accounting Estimates

Step 6: Make a Plan to Test the Controls and Execute that Plan

LO4: Step 7: Consider the Results of Control Testing

Potential outcomes, with associated alternative courses of action in the audit
If deficiencies are identified, assess those deficiencies to
determine whether they are significant deficiencies or material weaknesses determine whether the preliminary control risk assessment should be modified and document the implications for substantive testing determine the impact of these deficiencies, and any revision on the control risk assessment, and on planned substantive audit procedures by determining the types of misstatements that are most likely to occur

Step 7: Consider the Results of Control Testing (continued)

If no control deficiencies are identified, assess
whether the preliminary control risk assessment is still appropriate, determine the extent that controls can provide evidence on the correctness of account balances, and determine planned substantive audit procedures
The level of substantive testing in this situation will be less than what is required in circumstances where deficiencies in internal control were identified

Questions that must be addressed by Auditor

How much assurance can be obtained regarding audit risk when internal control is present and working? If control activities within major processes are working properly throughout the year, what is the residual risk that remains that an account balance can still be misstated? What is the risk that the auditors evaluation of internal controls might be incorrect? Which account balances contain more than an acceptable amount of risk that a material misstatement could occur? How would a misstatement in a material account balance most likely occur? What are the most effective substantive tests of account balances to determine whether there is a misstatement in the account balance?

Factors affecting extent of direct testing to be performed

Likely Nature of Misstatements and Efficiency of Audit Tests

Step 8: Conduct Substantive Audit Tests

Identification of material account balance
Input from the audit teams brainstorming analysis regarding potential for fraud Review of market expectations of company performance Trends in performance, including trends in key business segments The size of the account balance The subjectivity used in making the accounting estimate Comparison of account balances with industry trends, averages Other important factors specific to the client

Linking Controls Testing and Substantive Testing in an Integrated Audit

LO5: Integrated Audit Example: Judging the Severity of Control Deficiencies and Implications for the Financial Statement Audit

Managements Assessment of Controls

In deciding how to categorize a weakness, management and auditors should consider the following factors
Risk that is being mitigated and whether other controls operate effectively to mitigate the risk of material misstatement Materiality of the related account balances Nature of the deficiency Volume of transactions affected Subjectivity of the account balance that is subject to the control Rate at which the control fails to operate

Auditor Assessment of Controls

Control Environment Design of controls addresses the relevant assertions or not Documentation is sufficient to test whether the controls were working properly or not Determining which control to test deficiencies identified Auditors testing of internal controls Examination of all adjusting entries by auditor Testing of inventory quantities at year end