Chapter1: Introduction to auditing

 Introduction
 Financial statement(FS), internal control(IC) and integrated audit
 Definition of an audit
 Auditing internal control over financial reporting(ICFR)
 Purpose and values of an audit
 Services provided by auditors
 Standards setters and governing authorities
 Internal auditors
 Other audit services
 Accountants who are not auditors
Introduction:
An audit has a simple purpose: to provide assurance that financial statements are reliable
(fairness). When an auditor issues a report that accompanies the FSs, FSs users have greater
confidence in their decisions to rely on the financial information.

FSs, IC, integrated audits:

Audit => someone checks that a representation is correct.

Audit in an accounting context refers to a financial statement audit, through which an auditor
examines supporting information and evaluates whether the FSs represent the underlying
economic events that the company has experienced.

company produces FSs and a report on the efectiveness of ICFR

auditor performs audit
auditor issues audit report based on the results of the audit

Integrated audit= fairness of FSs+ effectiveness of ICFR

Description of an integrated audit   :

audit procedures or tests

evidence

opinion or audit report=tangible report (result) of an integrated audit.

If the FSs are fair and the ICFRare effective then the report is "clean" or "unqualified"

If a company has to register with the “Securities and Exchange Commission”(SEC) and
undergo an integrated audit, it is referred to as a public company ,if not it is a non-public
company.

An unqualified audit report for a public company:

Report of independent registered public accounting firm

 Auditing ICFR based on criteria established in internal control- integrated Framework

issued by the “Committee of Sponsoring Organizations of the Treadway
Commission” (COSO).
 In accordance with the standards of the “Public Company Accounting Oversight
Board” (PCAOB): conducting audits to assure about whether the FSs are fee of
material misstatement and whether effective ICFR was maintained in all material
respects.
 A company’s ICFR includes policies and procedures that:
 1. Pertain to the maintenance of records that accurately and fairly reflect the
transactions and dispositions of the assets of the company.
2. Provide assurance that transactions are recorded as necessary to permit
preparation of FSs in accordance with generally accepted accounting
principles (GAAP).
3. Provide assurance regarding prevention or timely detection of unauthorized
acquisition, use or disposition of the company’s assets that could have material
effect on the FSs.

An unqualified FSs auditreport for a non-public company:

Independent auditor’s report

 Audit of the accompanying balance sheets and the related statements of income,
retained earnings, and cash flow for the year ended.
 These FSs are the responsibility of the company’s management.
 Audit in accordance with auditing standards generally accepted in the US of America
to obtain an assurance about whether the FSs are free of material misstatement.
 Examine, on a test basis, evidence supporting the amounts and disclosures in the FSs.
 Evaluate the overall FSs presentation

The audit engagement team:

 Responsible for the complete engagement
 Expert in tax
 Partner with IT
 Expert in audit
 Partner that will conduct engagement quality review (EQR).

Definition of an audit:
Auditing is a systematic process (plan of action, series of
steps to achieve an outcome)

objectively obtainning(auditor does not have to be

biased either favorably or unfavorably toward th
company and management's assertions) evidence based
on information about the client's industry, business
activities, structure and organization

evaluating evidence regarding assertionsabout economic

actions and events (ascertain the degree of
correspondancebetween the assertions and established
criteria)

communicating the results to interested users

Auditing ICFR:
The ICFR audit of public companies is required by Sarbanes Oxley Act (SOX) and governed
by standards of PCAOB. ICFR are prepared on the COSO Framework’s criteria.

FSs can be prepared on various accepted criteria:

 GAAP
 IFRS (international financial reporting standards)
 Other Comprehensive Basis Of Accounting (OCBOA)
When auditing ICFR the auditor:
 Is objective
 Obtains and evaluates evidence regarding the design and operating effectiveness of
ICFR
 Determines if management’s conclusions correspond closely with the supporting
evidence
 Reports an audit opinion

Purpose and values of an audit:

Main goal: Auditing provides a reasonable assurance to the users of FSs that FSs are reliable.

The SEC requires the filing of audited FSs in order to obviate the fear of loss from reliance
on inaccurate information, thereby, encouraging public investment in the Nation’s industries.

Misstated FSs:
 Audits can be proactive and preventive as well as serving to identify erroneous or
misleading FSs.
 Improper presentation of FSs is sometimes unintentional.
 Accountants who prepare the FSs must understand the company’s economic events as
well as the accounting standards that apply to those events. A lack of understanding of
the accounting standards or of skill in applying them, can lead to errors in the FSs.

Different benefits to different parties:

 Audit increases investor confidence => investor participates in the capital market
(personal investing, or savings and retirement program)
 Audit elevates the probability that everyone’s needs are met with the same financial
reports
 Existing and potential shareholders: audit provides assurance about what management
has reported as the company’s performance and financial position => make
investment decisions
 Management:
 Audit enables access to the various sources of capital at the best available cost
 Audit enhances the reliability of the company’s performance indicators
  Audit provides feedback that helps management improve operational and
financial efficiencies
 The audit committee ,which is a subset of the board of directors (BOD), is responsible
for oversight of the audit function
 The BOD relies on the audit to fulfill its responsibilities to oversee the company
 Audit is required by:
 Creditors & lending institution
 SEC for access to the US stock exchange

Remote owners and complex transactions:

Single owner Owners
Small business Large, multinational
Simple business Numerous lines of
activities business

Audit reports provide

Owner is aware of all the
activities, has the ability to
understand all of the
transactions
The owner can personally
evaluate his/ her invest
owners who are remote
from a company's business
activities with
assranceregarding the
propriety of the compan's
financial reports

Internal operations & management:

 Access to capital markets (raise capital, lower cost of capital )
 Having the company’s stocks and bounds actively traded
 Improvement to internal operations
 Benefits to: shareholders, management, BOD

Services provided by auditors:

 Companies being audited => audit clients
 Public accounting firms that perform audits:
 Audit firms
 External independent auditors
 CPA firms
 Professional services firms
 Common knowledge and expertise to perform audits
 Knowledge includes IT, tax, accounting, industry expertise
 Other services their clients need
Other audit services:
 ICFR audits.
 Compliance audits: US Government Accounting Office (GAO) performs financial
audits of government units, reports on topics as widespread as the efficiency of
contractors working for the government to the effectiveness of program on which
federal funds are spent.
 Operational audits or management audits or performance audits.
 Forensic audits or forensic accounting: the auditor looks for specific and detailed
information (fraud, errors, etc). It is used to apply to engagements that may be called
litigation support.

Standards setters and governing authorities:

SEC:
Is a government agency that regulates publicly traded companies, sets accounting and
reporting standards and oversees and approves the standards set by PCAOB.

PCAOB:
Not for profit entity

 Standard setting
 Oversight of both:
 Audits of public companies
 Firms that perform the audits

FASB: financial accounting standards board

Not for profit entity

 Set accounting standards for entities in the US in private sector

 Performs its duties under the oversight of the SEC

GASB:government accounting standards board

Not for profit entity

 Set accounting standards for entities in the US in government sector

 Has authority bases on legal requirements for entities to report using its standards

AICPA: America institute of certified public accounting

Not for profit entity

 Contributes to GAAP accounting standards

 Sets auditing standards for non-public companies
IAASB: international auditing and assurance standard board
 Sets international auditing standards
 Responsible for writing and administering the CPA exam (certified public
accountants)

IASB: international accounting standard board

 Sets the international financial reporting standard (IFRS)

Stated and fedral government:

The ultimate regulators involved in the audit process are: state government and the US
congress.

State governments issue CPA licenses and govern the work of accounting professionals
working within their states.

The US congress is the author of the laws that created the SEC and authorize its power.

Internal auditors:
Employees, within a company, perform financial audit activities similar to those of the
external auditor.

They report to the audit committee.

Types of auditors:

 Internal
 External
 Government
 Forensic

Accountants who are not auditors:

 Understanding the audit process, helps accountants communicate with the auditors,
not only during the audit engagement but also when they are presented with their
findings.
 Accountants find themselves with documentation and reporting requirements related
to internal control
 Accountant can be a valuable asset in supporting company policies and procedures
 Perform and manage more effectively
 Management looks to the entity’s accounting staff for help in meeting Board
expectations.

.
 Chap 2: Overview of integrated audit

 Introduction
 Integrated audit
 Preliminary requirements for an audit
 Overview of an integrated audit
 Fundamental concepts
 Preliminary engagement procedures
 Audit planning and risk assessment
 Test of ICFR operating effectiveness
 Substantive procedures on accounts and disclosures
 Wrap-up, completion and reporting
 Non-public company audits
 Auditing standards
 Conclusion
Integrated audit:
 SEC registrants are required to file audited FSs and management reports on ICFR
 Auditors follows, while performing audits of public companies (SEC registrants),
standards issued by PCAOB.
 Auditors follow, while performing audits of non-public companies, standards issued
by AICPA.
 Non-public companies can perform only a FSs audit, and do not have to prepare
reports on their ICFR.
 By issuing an opinion on the effectiveness of ICFR, an auditor satisfies the SOX
requirement for an audit opinion on management’s ICFR report.
 If an auditor disagrees with management’s assessment of the effectiveness of ICFR,
the auditor states this in audit report.

Preliminary requirements for an audit:

1. Benchmarks must exist against which:
 ICFR can be compared for effectiveness (COSO)
 FSs can be compared for fairness (GAAP)
2. Auditor needs guidelines “audit or auditing standards” on the manner in which the
comparison and assessment is performed (PCAOB, AICPA)
3. The entity must have records that are sufficient for the auditor to gather evidence that
can support conclusions.
The auditor must have reasonable confidence in management’s integrity.

Overview of an integrated audit:

Preliminary engagement procedures:

1. The process of client acceptance or continuance
2. Establishing an understanding about the terms of the engagement with the client
3. Confirming the auditor’s independence

Planning and risk assessment:

 Planning in auditing is a term used for a number of processes that begin during client
acceptance and continuance activities.
 Obtaining information during preliminary audit planning.
 The auditor loops back to consider early decisions and make changes as needed.
 The auditor evaluates the information and makes decisions about the necessary audit
procedures targeted at the risks of the client (important accounts, weaknesses,
fraud…)
 Designing the preliminary audit plan describe early risk assessment and planning.
 Conclusions about risk and the appropriate audit plan are often revised or updated as
audit steps uncover new information.
  The auditor’s primary focus when performing steps to understand the company, is the
accounting information system and particularly ICFR.
 Design the effectiveness of ICFR. The auditor considers the controls built into the
system and decides whether those controls are appropriate for the risks that are
important to the company’s business.
If the ICFR is not well designed, then there is more risk that the financial statement
will be based on inaccurate information.

Test of ICFR perating effectiveness and substantive procedures:

An important part of the integrated audit is testing whether ICFR are operating as intended.

The auditor has already assessed “design effectiveness:

ICFR
Effectively designed Not effectively designed

Test th control to see if they function

No test
properly

Preliminary decision

Preliminary decision+ relevant information obtained during FSs audit= final conclusion on
the effectiveness.
Procedures of FSs audit include activities called “substantive procedures” which examine the
accounts and disclosures.
Uncover evidence => audit plan is not based on an appropriate assessment of the risks => the
audit process is iterative => new procedures are carried out.

Wrap-uo, completion, and reporting:

 Collecting overall information from management and the company’s lawyers.
 Auditor makes specific communication to management and the audit committee.
 At the completion of the final steps => report => opinions on the effectiveness of
ICFR and fairness of FSs.

Fundamental concepts:

Management assertion: (PCAOB)

The FSs and their contents are management’s responsibility.

Their representations are called “FSs assertions” grouped into 5 categories:

 Existence or occurrence (in the time period when they are reported)
 Completeness
  Rights and obligations
 Valuation or allocation
 Presentation and disclosures

Audit evidence:
It is the auditor’s goal that helps him to provide a reasonable basis for forming an opinion
regarding the appropriateness of management’s FSs assertions and conclusions on the
effectiveness of ICFR.

Audit evidence:

 Accounting data (general and subsidiary ledgers)

 Information that corroborates the accounting data (invoices, contracts, records of
electronic funds transfers)

Produced internally by the company or can come from third parties.

Auditor’s use of management assertions:

 The audit’s purpose is to collect evidence to conclude as to whether management’s
assertions are fair.
 The audit procedures have to address the risks that management assertions are not
justified because the FSs are in some way materially misstated.
 Management assertion => risk of material misstatements => audit procedures =>audit
evidence.

AICPA management assertions: (3level, 13assertions)

1. Classes of transactions and events for the period under audit:
 Occurrence (validity)
 Completeness
 Accuracy( amounts and other data relating to recorded transactions)
 Cutoff (in the correct accounting period)
 Classification (proper accounts)
2. Assertions about account balances at the period end:
 Existence
 Rights & obligations
 Completeness
 Valuation & allocation
3. Assertions about presentation and disclosure:
 Occurrence and rights
 Completeness
 Classification & understandability
 Accuracy & valuation
More audit concepts and their relationships:

the auditor identifies specific "management assertions"

Assesses the expected levels of risk

Based on theexpected risk, the auditor decideson the audit

procedures
Collects evidence through a process called "confirmation

The auditor often selects a sample of all transaction and performs

audit procedures on that subset of the population
this approach is accepted if the auditor exercices what is called "due
professional care" or "professional skepticism" => auditor gains
reasonable assurance about FS mangement assertion.

Conclusions or auditor's professional judgment

 Sometimes the auditor makes judgment errors (≠ negligent due to a lack in the “due
professional care”)
 Due professional care allows the auditor to obtain reasonable assurance that FSs are
free of material misstatements
 The evidences contribute to material decisions.
 Evidence
shoulde be

Appropriate Sufficient
(quality of audit (quantity of
evidence) evidence needed)

Relevant (relates
to the audit issue
Reliable (trustworthy source and manner being adressed)
of collection)
-source outside the company
-documentary evidence
-orginal documents
-the firm has good control in the
accounting information system

Definition of materiality:

In FASB: the magnitude of an omission or misstatement of accounting information, that, in

the light of surrounding circumstances makes it probable that the judgment of a reasonable
person relying on the information would have been changed or influenced by the omission or
misstatement.

In PCAOB: the level of detail and degree of assurance that would satisfy prudent officials in
the conduct of their own affairs.

In ICFR: the auditor use the same materiality consideration he or she would use in planning
the audit of the company’s annual FSs.

The concept of materiality recognizes that some matters, either individually or I the
aggregate, are important for fair presentation of FSs in conformity with GAAP.

Audit risk: for the integrated audit is the risk that the auditor may unknowingly fail to
appropriately modify his or her opinion o FSs that are materially misstated or on ICFR that is
not effective.
 This audit risk of an incorrect opinion exists because the evidence collected permits
reasonable, but not absolute, confidence in the conclusion.

Preliminary engagement procedures:

The audit firm must examine whether it wants the company as a client (good
reputation, it doesn't have financial viability issues, if the audit fir feels
comfotable having its name associated with thepotential client)
Whether it can effectively perform the audit to the company (enough expertise,
available personel...)

Research the client (verify that the information about the client is correct)

Present proposal

If the audit firm win the engagement it sugns a contract or engagement letter to
communicate with the client's audit committee about independance

The audit firm confirms its independance from the client and discuss any issues
that might raise questions about independance

Audit planning and risk assessment:

Preliminary audit strategy:

 Initial decisions about: staffing and timing.
 Consideration of what amount or types of misstatement would make the company’s
FSs materially wrong and the beginnings of the overall audit plan.
 The auditor works to obtain an understanding of the client’s business, activities,
transactions…
 The auditor considers the entity-level control
 The auditor must consider whether the company has ICFR that are well designed
 To understand the FSs => the auditor performs activities that are called “analytical
procedures”.

Understanding the company:

3 sources of information on the company:

1) Information obtained during client acceptance or continuance. This

information provides a starting place.
2) Work performed o the quarterly information filed with the SEC (information
about a public company).
3) The client’s own ICFR documentation.
Assessing risk:
 The auditor asks company management about fraud risk, fraud controls and considers
the risk of fraud during a brainstorming session of the audit team.
 The auditor evaluates the company’s FSs.
 The auditor evaluates managements assertions.
 The auditor links the FSs accounts and ICFR to the important assertions and after that
he tests them in future stages.
 Entity-level control => reduce the overall risk that material FSs misstatement will
occur.
 Management corrects Interns control problems through a process called
“remediation”.

Audit planning:
After evaluating design effectiveness, the auditor can make an initial judgment of:

 Which controls are important

 To what level those controls need to be functioning in order for them to be relied upon
 How should they be tested
The auditor prepares “documents”, sufficiently detailed to provide a guide to those who will
actually perform the audit procedures.
Documentation supports the auditor’s conclusions regarding FSs and ICFR.

Tests of ICFR operating effectiveness:

Audit tests are used to determine how well the important ICFR are functioning, in other
words, to test the operating effectiveness of ICFR.

These evidence-gathering procedures are:

 Tests of control: determine whether a control is functioning as it is designed.

 Dual purpose: collects information useful to the FSs audit.

The auditor evaluates the results to determine whether ICFR are functioning.

If there are problems with control => the auditor does more testing to confirm the findings.

Substantive procedures on accounts and disclosures:

The degree of ICFR operating effectiveness affects the type and amount of evidence
gathering procedures conducted during the FSs audit.

 Inherent risk: term used to describe the risk that a FS amount is likely to be
incorrect.
 Control risk: the risk that a misstatement is not prevented or that a misstatement that
has occurred is not discovered by the ICFR.
 Risk of material misstatement: inherent risk+ control risk.
 Dual purpose test +test of details of balaces (auditor collects documentary evidence that
supports the amounts in the client's records).

Substantive analytical procedures(examine accounts and disclosures)

Evaluate results and document

In documenting the audit plan, the auditor identifies needed auditproceduresbased o information or assumptions about inherent and control risks.

The evidence gathering procedures are designed to limit the probability that a material
misstatement that exists will remain undetected by the audit." Detection risk process".

Consider other information

Form tentative conclusions o fairness of FSs.

Wrap-up, completion, and reporting:

Wrap-up steps include: communicating with the client's attorney and

receiving assurance from the client that is has provided the auditor with
honest information + review steps

The auditor decides on the appropriate audit opinions to issue

Communications with the audit committee and management (discussion

about the auditor's firm's independence)

The auditor issues the integrated audit report

Non-public company audits: (overview)

Preliminary engagement procedures

Audit planning,risk assessment, understand ICFR and identify significant

risks

Decide whether to rely on controls, test the operating effectiveness of

ICFR to be relied upon

Substantive procedures on accounts and disclosure

Wrap-up, completion andreporting an opinion on the FSs only

Auditing standards:
Standards of the PCAOB => auditing standards (AS)

+ Standards of AICPA => statements on auditing standards (SAS)

=fairly specific guidance on audit procedures.

All are based on 10 standards called GAAS (generally accepted auditing standards) grouped
under 3 categories:

1 st categoty :General standards:

1) The audit is to be performed by a person or persons having adequate technical training
and proficiency as an auditor.
2) Independence in mental attitude is to be maintained by the auditor.
3) Due professional care is to be exercised in the performance of the audit and the
preparation of the report.

2 n d category:Standards of field work:

Work done at the site of the client’s business

1) Planning and supervising (assistants must be supervised)

2) Understanding of ICFR is to be obtained to plan the audit and to determine the nature,
timing and extent of tests to be performed.
3) Sufficient appropriate evidential matter is to be obtained through inspection,
observation, inquiries => reasonable basis for an opinion regarding the FSs under
audit.
 3 rd category:Standards of reporting:
1) Report shall state whether the FSs are presented in accordance with GAAP.
2) The report shall identify those circumstances in which such principles have not been
consistently observed in the current period in relation to the preceding period.
3) Informative disclosures in the FSs are to be regarded as reasonably adequate unless
otherwise stated in the report.
4) The report shall contain either an expression of opinion regarding the FSs or an
assertion that an opinion cannot be expressed (disclaim) and the reasons why it cannot
be expressed.
It should also contain a clear- cut indication of the character of the auditor’s work and
the degree of responsibility the auditor is taking.

Report form:
 Title (public or non-public company)
 Recipient (addresser)
 Paragraphs:
 Introductory: information of FSs, responsibility of management and auditor
 Scope: Auditing standards per company
 PCAOB
 AICPA
 GAAS
 Opinion: Fairness, effectiveness, material respects, financial position …
 Name and signature
 Date of audit report