What is the procedure for financial statement audit.pdf
Chapter 4
1. The auditor needs to understand
a. the risks that affect the operations of the client
b. how well management identifies and deals with those risks.
4 kinds of risks
1. business risk- risk that affects the operations and potential outcomes of organizational activities
2. financial reporting risk- risk that relates to the recording of transactions and presentation of financial
Data
3. Engagement risk- risk that auditor encournter by being associated with a particular client
4. Audit risk- the risk that the auditor expresses an audit opinion that the financial statements are fairly
presented when they are materially misstated.
Common sources of business risks:
1. economic downturn
2. technological changes
3. competitor’s action
4. business volatility
5. geographic location.
Common sources of financial reporting risks:
1. competence and integrity of management and potential incentives to misstate the financial
statement
2. complexity of transaction
3. internal control
Safeguards to business and financial risks
1. gather information through reviews of previous audits (requires client’s permission)
2. reviews of the client’s internal control and risk management processes
3. discussions with management
4. analysis of the current economic environment
Safeguards to audit risk
1. Not accepting certain companies as clients thereby reducing engagement risk to zero.
2. Set audit risk at a level that the auditor believes will mitigate the likelihood that the auditor will
fail to identify material misstatements.
Factors to consider when accepting or retaining an audit client
1. Management integrity
a. Interviewing previous auditors
i. integrity of management
ii. Disagreements with management as to accounting principles, auditing
procedures or other similarly significant matters.
iii. The predecessor auditor’s understanding of the reasons for the change of
auditors.
iv. Any communication by the predecessor to the clients management or audit
committee concerning fraud, illegal acts by the client and matters related to
internal control.
b. Independent sources of information
2. i. Independent, private investigations
ii. References from key business leaders such as bankers and lawyers
iii. Background search records
iv. Past filings with regulatory agencies such as the SEC
2. Independence and competence of management and the board of directors
3. The quality of the organization’s risk management process and controls.
4. Reporting requirements, including regulatory requirements.
5. Participation of key stakeholders
a. Understand their concerns
b. Understand key compliance issues
6. Existence of related-party transactions
a. Conflicts of interest
b. Opportunities to influence the reported financial statements of the entity
7. The financial health of the organization
a. No business operates independently of the basic economy of the country
b. A downward trend in the economy implies
i. More companies will fail
ii. Companies will scale back their operations
iii. Company will experience greater problems in collecting receivables or realizing
the value of their inventory
iv. Many financial instruments will not be realized at their cost
c. Importance: important areas investigated and going concern of the company
Engagement letter- clarifies the responsibilities and expectations of each party and thus is an important
element of managing engagement risk.
Materiality
Materiality- magnitude of an omission or misstatement of accounting information that, in light of
surrounding circumstances, make it probable that the judgment of a reasonable person relying on the
information would have been changed.
Guidance for materiality is adjusted for the qualitative conditions of the particular audit.
Make materiality assessment
1. Audit planning
2. Evidence evaluation after audit tests are completed
overall materiality- in terms of the smallest aggregate level in any of the F/S
planning materiality- on transaction and planning level.
Tolerable misstatement- amount of misstatement in an account balance that the auditor could tolerate
and still not judge the underlying account balance to be materially misstated
Posting materiality- a materiality level where the auditor believes errors below that level would not,
even when aggregated with all other misstatements, be material to the financial statement
3. Change in judgment-
1. preliminary financial statement is different from audited amounts
2. financial statement amounts used initially is changed significantly.
Other factors to consider
all audits involve testing- there is always some risk of material misstatement not uncovered
some clients are not worth accepting
compete in an active market place
understand society’s expectation of financial reporting
identify risky areas of a business
allocate overall assessment of materiality.
AR= f(IR, CR, and DR)- audit risk model
Inherent risk- susceptibility of an assertion to a misstatement because of error or fraud that could be
material, individually or in combination with other misstatement before consideration of any related
controls. (recognizes that an error is more likely to occur in some areas than on others.)
Control risk- risk that a misstatement because of error or fraud that could occur in an assertion and that
could be material, individually or in combination with other misstatements, will not be prevented or
detected by related internal control..
Detection risk- risk that the prrocedures performed by the auditor will not be detect a misstatement that
exists.
The only purpose of controls is to mitigate risk.
Limitation of audit risk model
inherent risk is difficult to formally assess
audit risk is judgmentally determined
treats each risk component as sparate and independent
audit technology is not so precisely developed that each component of the model can be
accurately assessed.
Not particulary useful for healong auditor determine the necessary control testing for issuing an
opinion on the effectiveness of internal control
Because of the reduced reliability of internally generated evidence, the auditor should
1. Understand the company, its strategies and operation
2. Develop an understanding of the market including economic trends, product trends and
competition
3. Develop an understanding of the economics of the client’s transactions
4. Develop a set of expectaions about financial results
Audit risk approach
1. Develop an independent understanding of the business as well as the risks the organization
faces
a. Sources that may help understand key business processes
4. i. Management inquiries
ii. Review of client’s budget
iii. Tour of client’s plants
iv. Review of data processing centers
v. Review of important debt covenants and board of director minutes.
vi. Revuew relevant government regulation and client’s legal obligation.
2. Use the risks identified to develop expectations about account balances and financial results
a. Should be documented and communicated
3. Assess the quality control system to manage risks
4. Determine risidual risk and update expections about financial account balances
5. Manage the remaining risk of account balance misstatement by responding to the risks of
material misstatement.
Analytical techniques to identify areas of heightened risk
Basic premise underlyint is that plausible relationships among data may reasonably be expected
to exists and continues in the absence of kwnon conditions to the contrary
Process for performing analytical procedures
o Developing expectations using general economic factors where the business exists
o Determine the deviation from the client’s record (threshold)
o The differences are areas where there is heightened risk misstatement.
Types of analytical procedures
o Trend analysis
o Ratio analysis
Comparison with previous year data
Comparison with industry data