ACC Final

Substantive Tests

. Perform further audit procedures—substantive procedures for inventories and cost of goods sold. 1. Obtain listings of inventory and reconcile to ledgers. 2. Evaluate the client's planning of physical inventory. 3. Observe the taking of physical inventory and make test counts. 4. Review the year-end cutoff of purchases and sales transactions. 5. Obtain a copy of the completed physical inventory, test its clerical accuracy, and trace test counts. 6. Evaluate the bases and methods of inventory pricing. 7. Test the pricing of inventories. 8. Perform analytical procedures; consider using data analytics 9. Determine whether any inventories have been pledged and review purchase and sales commitments. 10. Evaluate financial statement presentation of inventories and cost of goods sold, including the adequacy of disclosure.

Tests of Controls for Financial Investments

. Perform further audit procedures—tests of controls. 1. Examples of tests of controls: a. Trace several transactions for purchases and sales of investments through the accounting system. b. Review and test reports of investment activity prepared for the investment committee. c. Inspect reports by internal auditors regarding their periodic inspection and review of securities and derivative instruments. d. Inspect monthly reports on securities owned, purchased, and sold and amounts of revenue earned and budgeted. 2. If necessary, revise the risk of material misstatement based on the results of tests of controls.

Computer assisted techniques to test controls

1. Test Data Auditors trace sample /dummy transactions with auditor designed specific exceptions (missing data, erroneous transactions, out of sequence, duplicate trans. etc.) Make sure to keep track of. 2. Integrated Test Facility Subsytem of records and files (mini company) e.g. fictitious dept. employee, customer etc . 3. Controlled Programs Auditors use duplicate AIS programs under their control and compare to output of real AIS. 4. Program Analysis Techniques (auditor analyzes client AIS programs by generating flowcharts from them, to evaluate the logic of these programs 5. Tagging and Tracing Transactions Tagging the client transactions with an indicator so the auditor can audit them and make note of unauthorized program steps

Objectives for audit of revenue and expenses

1. Use the understanding of the client and its environment to consider inherent risks, including fraud risks, related to revenues and expenses. 2. Consider internal control over revenues and expenses. 3. Assess the risks of material misstatement of revenues and expenses and design further audit procedures that: a. Establish the occurrence of recorded revenue and expense transactions. b. Determine the completeness of recorded revenue and expense transactions. c. Establish the accuracy of revenue and expense transactions. d. Verify the cutoff of revenue and expense transactions. e. Determine that the presentation and disclosure of revenue and expense accounts are appropriate, including the proper classification of amounts and the proper presentation of earnings-per-share data.

Internal Control

A process, effected by the entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding achievement of (the entity's) objectives relating to: Operations, Reporting, and Compliance

Assessing Risks of Material Misstatement

A. Use the understanding of the client and its environment to consider inherent risks, including fraud risks, related to accounts payable. B. Obtain an understanding of internal control over accounts payable. C. Assess the risks of material misstatement and design further audit procedures.

Assessment of Risk for Financial Investments

A. Use the understanding of the client and its environment to consider inherent risks, including fraud risks related to financial investments. B. Obtain an understanding of internal control over financial investments C. Assess the risks of material misstatement and design further audit procedures.

Risk Assessment for the Audit of Cash

A. Use the understanding of the client and its environment to consider inherent risks, including fraud risks, related to cash. B. Obtain an understanding of internal control over cash. C. Assess the risks of material misstatement and design further audit procedures.

Contrasting Confirmation of Accounts Payable and Accounts Receivable

Accounts Payable Accounts Receivable Primary Audit Objective AP Completeness AR Existence Other Evidence Available AP External evidence (vendors' invoices receiving reports) and statements) AR Internal evidence (sales invoices, receiving reports) Confirmation Generally Required? AP No AR Yes

Cost Accounting

Accounts for usage of raw materials Determines content and value of goods in progress Compute finished inventory

Sources of Accrued Liabilities

Accrued liabilities Sometimes called accrued expenses Examples: Salaries, interest, and rent Accumulate over time and management must make accounting estimate at year-end Note that if management does not make such an estimate, no entry will occur since the related transactions (e.g., interest) may have occurred months ago

Audit of Statement of Cash Flows

Amounts are audited in conjunction with the audit of balance sheet and income statement accounts Presentation and disclosure audit objective is important Operating Investing Financing

Significant Accounts and Disclosures

An account is significant if there is a reasonable possibility that it could contain a misstatement that individually or in aggregate has a material effect on financial statements Factors Size and composition. Susceptibility of loss due to errors or fraud. Volume of activity, complexity, and homogeneity of individual transactions. Nature of the account. Accounting and reporting complexity. Exposure to losses. Possibility of significant contingent liabilities. Existence of related party transactions. Changes from the prior period.

Perform Further Audit Procedures - Test of Controls 1/2

Approach: Identify controls likely to prevent or detect material misstatements Perform tests of controls to determine whether they are operating effectively Tests of controls address: How controls were applied The consistency with which controls were applied By whom or by what means (e.g., electronically) the controls were applied

Audit Risk of Receivables

Audit risk significant because Many incidences of fraud have involved overstatement of receivables and revenue Revenue recognition may be based on complex accounting rules Receivables and revenues are usually subject to valuation using significant accounting estimates

Techniques for Testing Application Controls

Auditing Around the Computer--Manually processing selected transactions and comparing results to computer output Manual Tests of Computer Controls--Inspection of computer control reports and evidence of manual follow-up on exceptions Computer assisted techniques to test controls Test Data Integrated Test Facility Controlled Programs Program Analysis Techniques Tagging and Tracing Transactions

Post-Audit Responsibilities

Auditor subsequent discovery of facts existing at date of report Advise client to make appropriate disclosure of the facts to anyone actually or likely to be relying upon the audit report and financial statements If client refuses to make disclosure, CPA should inform each member of board and notify regulatory agencies

Nature of an Integrated Audit

Auditors of large public companies should report on: Financial statements, and Internal control over financial reporting Based on provisions of PCAOB Standard No. 5, the audits of internal control and financial reporting should be integrated

Where are the control objectives in COBIT 5

Based on five principles and seven enablers, COBIT 5 uses governance and management practices to describe actions that are examples of good practices to effect governance and management over enterprise IT. Many of these practices and the supporting activities exert 'control' over the process to deliver the required outcome.

Search for Unrecorded Accounts Payable

Be alert during reconciliations, confirmations and analytical procedures for unrecorded liabilities Examine transactions recorded following year-end Compare cash payments after year-end to accounts payable trial balance Examine cash disbursements over specific dollar amounts during subsequent period

Who is using COBIT 5

COBIT 5 is used globally by those who have the primary responsibility for business processes and technology, depend on technology for relevant and reliable information, and provide quality, reliability and control of information and related technology.

Enterprise Risk Management (ERM)

COSO issued a framework in 2004 (revised in 2017) on Enterprise Risk Management. It does not replace the original COSO internal control framework. It goes beyond internal control to focus on how organizations can effectively manage risks and opportunities. The auditing standards are still structured around the original COSO internal control framework but the risk management framework is useful in evaluating the risk assessment component of internal control.

Internal Control—Cash Receipts

Cash sales Involvement of two or more employees Cash Registers Electronic point of sales systems Collections of receivables Initial listing (or input) of details of cash receipts Custody and depositing of cash receipts Maintenance of customer account records Reconciliation of customers' ledgers with control accounts Mailing monthly statements to customers Collection activity and past-due accounts Direct receipt of funds by financial institution Electronic Funds Transfer

Audit time for cash

Cash typically has a small account balance, but auditors devote more hours than justified by the balance because: Liabilities, revenues, expenses, and most other assets flow through cash Most liquid asset so greater temptation for misappropriation High risk account

Check 21 Act

Checks may be processed electronically Electronic processing creates a substitute check - an electronic image of check Legal equivalent of original check for all purposes Audit implications Need to rely on substitute check for evidence of check Impossible for clients to kite checks (manipulate bank balances to conceal cash shortage)

Risk Assessment

Clearly specify objectives to allow the identification and assessment of risks related to those objectives. Identify and analyze risks to the achievement of its objectives to determine how they may be managed. Consider potential fraud relating to the achievement of objectives. Identify and assess changes that could impact internal control.

Inventory Observation

Client counts and supervises inventory Auditors observe Determine all items included Employees comply with instructions Be alert for inclusion of obsolete or damaged merchandise Record numbers of final receiving and shipping documents (data) issued before inventory taking Make test counts Make sure that inventory counting includes procedures to determine that at items are included and none are included more than once (e.g., tag control)

Control Environment Factors

Commitment to integrity and ethical values. Board of directors demonstrates independence from management and exercises oversight of internal control. Establishment of effective structure, including reporting lines, and appropriate authorities and responsibilities. Commitment to attract, develop, and retain competent employees. Holding employees accountable for internal control responsibilities.

System Characteristics

Companies use various types of computer systems, such as office automation systems, transaction processing systems, management information systems, decision support systems, expert systems, and enterprise wide systems. In auditing and accounting we focus on transaction processing systems Support routine business activities, such as sales, and purchasing Range in size from simple general ledger packages to company-wide enterprise resource planning systems Regardless of the size, systems possess one or more of the following characteristics Batch vs. real-time processing Batch—all of one type run at a point. Online transaction processing Online analytical processing Database storage End user computing Client/Server environments Cloud computing Electronic commerce

Service Organizations 1/3

Computer service organizations provide processing services to customers who decide not to invest in their own processing of particular data Examples: Outsource processing of payroll or Internet sales; storage of data and records in the service organization's Cloud Auditors should obtain understanding of the outsourced function by following one or more of: Contacting service organization to obtain information Visiting service organization and performing necessary procedures Obtaining a report from the auditors of the service organization Terms Service auditor—provides examination of service organization's controls User auditor—Uses that report Types of Service Auditor Reports Type 1—Management's description of the system and the auditor's assessment of the suitability of the design of controls Type 2—Attributes of 1, plus assurance on the operating effectiveness of controls A Type 2 report may provide the user auditor with a basis for assessing control risk below the maximum.

Standard Confirmation—General Information

Confirmation of amounts on deposit by direct communication with financial institution officials Standard form agreed to by: AICPA American Bankers Association Bank Administration Institute Addresses only the client's deposit and loan balances The confirmation process may be performed electronically if properly controlled

The nature of transactions

Consider the nature of the transactions Routine transactions—e.g., regular revenue, purchases, and cash receipts and disbursements Non-routine transactions—e.g., taking of inventory, calculating depreciation expense Estimation transactions—e.g., determining the allowance for doubtful accounts Generally routine transactions have the strongest controls

Internal Control over A/R and Revenue 1/2

Control Environment Important because of risk of intentional misstatement of revenue Commitment to integrity and ethical behavior Independence of board and audit committee Appropriate structure and lines of responsibility Commitment to recruit, develop, and retain competent employees Holding employees accountable Risk Assessment Risk of misstatement of revenue may be high based on its nature and complex rules regarding revenue recognition Control Activities Prepare sales order Approve credit Issue merchandise from stock Shipment Billing Invoice verification Maintenance of control accounts Maintenance of customers' ledgers Approval of sales returns and allowances Authorization of write-offs of uncollectible accounts Monitoring Controls

Internal Control 1/3

Control environment Commitment to competence and human resource policies and practices Appropriately qualified and trained personnel assigned to inventory Integrity and ethical values For example, company purchasing agents are discouraged from accepting "kickbacks" Organizational structure and assignment of authority and responsibility Purchasing, receiving, and production personnel understand roles Risk assessment; risks related to: Availability of a supply of goods, services, and skilled labor Stability of prices and labor rates Generation of sufficient cash flow to pay for purchases Changes in technology that affect manufacturing processes Obsolescence of inventory Monitoring Observations by production supervisors of performance of various activities and functions Quality and performance reviews Formal program to consider improvements in purchasing and production noted by internal auditors

Auditing Operations

Corporate earnings are considered as an extremely important indicator of health and well-being of corporations Measurement of income is generally regarded as the single most important function of accounting

Revenue Cycle—Documents

Customer purchasing--Purchase order Sales--Sales order Shipping--Bill of lading Billing—Invoice Receiving cash receipts--Control listing Authorizing adjustments to accounts receivable--Credit memo

Additional Tests of Controls

D. Perform further audit procedures—tests of controls 1. Examples of tests of controls: a. Test the accounting records and reconciliations by reperformance. b. Compare the details of a sample of cash receipts listings to the cash receipts journal, accounts receivable postings, and authenticated deposit slips. c. Compare the details of a sample of recorded disbursements in the cash payments journal to account payable postings, purchase orders, receiving reports, invoices, and paid checks. If significant weaknesses are discovered data analytics may be used to test transactions. 2. If necessary, revise the risk of material misstatement based on the results of tests of controls.

Additional Tests of Controls

D. Perform further audit procedures—tests of controls. 1. Examples of tests of controls. a. Verify a sample of postings to the accounts payable control account. b. Vouch to supporting documents a sample of postings in selected accounts of the accounts payable subsidiary ledger. c. Test IT application controls. d. If necessary, revise the risks of material misstatement based on the results of tests of controls.

Effects of Data Analytics

Data analytics may be used to perform tests of controls (operating effectiveness); auditors may test controls over the entire population of transactions rather than a sample

Customers' Deposits

Deposits on returnable containers or to guarantee payment of bills Review procedures followed in accepting and returning deposits Verify list of individual deposits and compare to general ledger account Generally do not confirm

User Control Activities

Designed to test the completeness and accuracy of IT-processed transactions Designed to ensure reliability of processing Reconciliation of control totals generated by system to totals developed at input phase, or manually testing computer processing Example: Sales invoices generated by the computer may be selectively tested for clerical accuracy and pricing by an accounting clerk

Auditors' Consideration of Internal Control

Difference between audit of internal control and audit of financial statements Time period Audit of internal control - as of date Audit of financial statements - entire financial statement period Differences between small and large clients Degree of complexity of operations

Presentation and Disclosure

Disclosure of inventory pricing methods or methods in use Other important disclosures: Changes in methods Classifications of inventory Details of pledged inventory Deduction of valuation allowance for inventory losses Existence and terms of inventory purchase commitments

Subsequent Discovery of Omitted Audit Procedures

Discovered during peer review or other subsequent review of working papers Assess importance of omitted procedures to their previously issued opinion If omission impairs ability to support issued opinion and report being relied upon by third parties, attempt to perform omitted procedure or appropriate alternative procedure

General Guidelines for Internal Control Over Cash 1/2

Do not permit any one employee to handle a transaction from beginning to end. Separate cash handling from recordkeeping. Centralize receiving of cash to the extent practical. Record cash receipts on a timely basis. Encourage customers to obtain receipts and observe cash register totals. Deposit cash receipts promptly. Make all disbursements by check or electronic funds transfer, with the exception of small expenditures from petty cash. Have monthly bank reconciliations prepared by employees not responsible for the issuance of checks or custody of cash. The completed reconciliation should be reviewed promptly by an appropriate official. Monitor cash receipts and disbursements using data analytics software and by comparing recorded amounts to forecasted amounts.

Internal Control in the Small Company

Due to lack of employees, internal control is seldom strong in small businesses Specific practices for small businesses Record all cash receipts immediately Deposit all cash receipts intact daily Make all payments by serially numbered checks, with exception of petty cash disbursements Reconcile bank accounts monthly and retain copies Use serially numbered purchase orders, invoices, and receiving reports Issue checks to vendors only in payment of approved invoices that have been matched with purchase orders and receiving reports Balance subsidiary ledger with control accounts Prepare comparative financial statements monthly to disclose significant variations in any category of revenue or expense

Substantive Procedures for Accounts Payable

E. Perform further audit procedures—substantive procedures for accounts payable. 1. Obtain or prepare a trial balance of accounts payable as of the balance sheet date and reconcile with the general ledger. 2. Vouch balances payable to selected creditors by inspection of supporting documents. 3. Reconcile liabilities with monthly statements from creditors. 4. Confirm accounts payable by direct correspondence with vendors. 5.Perform analytical procedures for accounts payable and related accounts. 6. Search for unrecorded accounts payable. 7. Perform procedures to identify accounts payable to related parties. 8. Evaluate proper balance sheet presentation and disclosure of accounts payable.

Substantive Tests for Financial Investments

E. Perform further audit procedures—substantive procedures for investment transactions and year-end balances. 1. Obtain or prepare analyses of the investment accounts and related revenue, gain, and loss accounts and reconcile them to the general ledger. 2. Inspect securities on hand and review agreements underlying derivatives. 3. Confirm securities and derivative instruments with holders and counterparties. 4. Vouch selected purchases and sales of financial investments during the year and verify the client's cutoff of investment transactions. 5. Review investment committee minutes and reports. 6. Perform analytical procedures. 7. Make independent computations of revenue from securities. 8. Inspect documentation of management's intent to classify derivative transactions as hedging activities. 9. Evaluate the method of accounting for investments. 10. Test the valuation of financial investments. 11. Evaluate financial statement presentation and disclosure of financial investments.

Plan the Engagement

Efficient planning requires coordination with financial statement audit Consider matters such as: Client's industry Regulatory matters Client's business Recent changes in the client's operations

Limitations of Internal Control

Errors may arise from misunderstandings of instructions, mistakes of judgment, fatigue, etc. Controls that depend on the segregation of duties may be circumvented by collusion Management may override internal controls Compliance may deteriorate over time

Controls Over Financial Investments

Establishment of formal investment policies Review and approval of investment activities by the investment committee of the board of directors Separation of duties among employees Authorizing purchases and sales Having custody of the securities Maintaining records Detailed records of all securities owned and the related revenue from interest and dividends Registration in the name of the company Periodic physical inspection of securities Determination of accounting for complex instruments by competent personnel

Form an opinion

Evaluate: 1. The results of their evaluation of the design, 2. The results of tests of the operating effectiveness of controls, 3. Negative results of substantive procedures performed during the financial statement audit, and 4. Any identified control deficiencies.

Proper Cutoff of Inventory

Examine on a test basis the purchase invoices and receiving reports for several days before and after the inventory date Determine that liability has been recorded for all goods in inventory Make sure shipments and purchases recorded in proper period

Assessing Risks at the Assertion Level

Examples Failure to recognize an impairment losses on a long-lived assets affects only the valuation assertion Inaccurate counting of inventory at year-end affects the valuation of inventory and the accuracy of cost of goods sold Responses Decisions are made here as to the appropriate combination of tests of controls and substantive procedures that respond specifically to the risk

Assessing Risks at the Financial Statement Level

Examples Preparing the period-end financial statements, including the development of significant accounting estimates and preparation of the notes The selection and application of significant accounting policies IT general controls The control environment Responses to high risks Assigning more experience staff or those with specialized skills Providing more supervision and emphasizing the need to maintain professional skepticism Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed Increasing the overall scope of audit procedures, including the nature, timing, or extent

Test Valuation

FASB valuation methods for investments Depends on the classification May use the fair value method for all investments FASB requirements for derivative instruments and hedging activities: All derivative instruments valued at fair values Unrealized gains or losses depend on classification as hedges FASB hierarchy for market value of investments Level 1—reference to market prices Level 2—reference to markets for similar instruments Level 3—use of a valuation model (such as the Black Scholes option pricing model)

Misstatements

Factual misstatements Specific misstatements identified during the course of the audit for which there is no doubt Judgmental misstatements Differences arising from judgments of management that the auditor consider incorrect. Projected misstatements Arise from sample results projection to population.

Organizational Structure

Finance and accounting department work together to provide assurance that: All cash that should have been received was in fact received, recorded accurately, and deposited promptly Cash disbursements have been made for authorized purposes only and have been properly recorded Cash balances are maintained at adequate, but not excessive, levels by forecasting

Effect of Substantive Procedures on Audit of Internal Control

Findings from substantive procedures may affect audit of internal control Could provide evidence of effectiveness or ineffectiveness of internal control over financial reporting Example: Identification of material misstatement in financial statements is indicative of at least a significant deficiency in internal control

Required Communication with Those Charged with Governance

Fraud and Illegal Acts Significant deficiencies and material weaknesses Auditor responsibility under generally accepted auditing standards (e.g., to form and express an opinion, and management's responsibilities) An overview of the planned scope and timing of the audit Significant findings from the audit Qualitative aspects of accounting practices Audit difficulties encountered Uncorrected misstatements Disagreements with management Management consultations with other accountants Auditor independence issues Other matters that the auditors feel are significant, e.g., critical audit matters

IT Control Activities

General Control Activities System acquisition, development and maintenance Changes to existing programs and systems Access security IT operations controls

Assess the risks of material misstatement

General approach Identify risks while obtaining an understanding of the client and its environment, including its internal control Relate the identified risks to what can go wrong at the relevant assertion level Consider whether the risks are of a magnitude that could result in a material misstatement Consider the likelihood that the risks could result in a material misstatement

Major Components of an IT System

Hardware Software System Application Data People Procedures Networks

Computer-Based Fraud

History shows the person responsible for frauds in many situations set up the system and controlled its modifications Segregation of duties Programming separate from controlling data entry Computer operator from custody or detailed knowledge of programs If segregation not possible need compensating controls like batch totals Organizational controls not effective in mitigating collusion

Objectives of an Accounting System

Identify and record valid transactions Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions Measure the value of transactions appropriately Determine the time period in which the transactions occurred to permit recording in the proper period Present properly the transactions and related disclosures in the financial statements

Data Analytics Tests of Payroll

Identify duplicate payroll checks (also, direct deposits or cash payments) to employees within pay periods. Identify multiple payments to the same bank account within pay periods, both with the same and different employee names. Identify pay deposited to the same bank account of that of a vendor in the vendor master file. Identify false, invalid, or duplicate social security numbers. Identify differences in pay between union agreements and actual payments. Compare and summarize costs for special pay, overtime, and premiums.

Data Analytics

Identify overvalued inventory items by comparing cost per unit to sales prices or net realizable values. Identify obsolete inventory items by comparing actual or forecasted sales to number of items in inventory. Identify obsolete parts by searching for components of manufactured products that have been identified as obsolete. Identify overstocked (and understocked) inventory items by comparing numbers of items in inventory to target stocking levels. Identify high-value items (and their locations) to be included in test counts performed during inventory observation. Identify locations to be selected for inventory observation in a multiple location audit by searching for unusual relationships, such as a location that has unusually high or low sales in relation to inventory levels. Identify inventories purchased (1) without proper approval, or (2) from unusual or related parties.

Data Analytics

Identify possible duplicate payments by searching for cash disbursements of the same amount and to the same payee made close in time. Identify possible duplicate receipts by searching for cash receipts of the same amount and from the same customer made close in time. Identify possible improper or unexpected disbursements by searching for large disbursements in relation to the account being charged. Identify unauthorized payroll or expense reimbursement cash disbursements to employees, particularly those employees able to initiate or authorize transactions or to perform the record-keeping function for cash disbursements. Identify employees with the largest expense reimbursements and consider reasonableness of disbursements. Identify fictitious entries into the cash account by searching large entries to cash from unusual sources, such as from a journal entry. Identify payments to related party transactions by searching for payments to or receipts from those parties.

Specialized Knowledge to Audit Financial Investments

Identifying controls at service organizations that provide financial services and are part of the client's information system. Obtaining an understanding of information systems for securities and derivatives that are highly dependent on computer technology. Applying complex accounting principles to various types of financial investments. Understanding the methods used to determine the fair values of financial investments, especially those that must be valued using complex valuation models. Assessing inherent and control risk for assertions about derivatives used in hedging activities.

Payroll

Importance - typically largest operating cost Payroll fraud had been common and often substantial but now fraud difficult to conceal because of: Extensive segregation of duties relating to payroll Use of computers with proper controls for preparation of payrolls Filing of frequent payroll reports with the government

Internal Control in IT

Importance of internal control is not diminished in computerized environment Separation of duties Clearly defined responsibilities Physical controls Access controls Augmented by controls written into computer programs

Database Storage

In traditional IT systems, each computer application maintains separate master files Redundant information stored in several files Database system allows users to access same integrated database file Eliminates data redundancy Creates need for data administrator to provide security against improper access

Source of Inventories

Includes: Goods on hand ready for sale Goods in the process of production Goods to be consumed directly or indirectly in production such as raw materials, purchased parts, and supplies

Other Contingencies

Income tax disputes Accommodation endorsements and other guarantees of indebtedness Accounts receivable sold or assigned with recourse Environmental issues Commitments General risk contingencies

Responsibilities

Information systems management Supervise the operation of the department and report to vice president of finance Systems analysis Responsible for designing the system Application programming Design flowcharts and write programming code Database administration Responsible for planning and administering the company database Data Entry Prepare and verify input data for processing IT Operations Run and monitor central computers Data Control Reviews and tests all input procedures, monitors processes, and reviews IT logs Systems Programming Responsible for troubleshooting the operating system

Batch Processing

Input data gathered and processed periodically in groups Example: Accumulate all of a day's sales transactions and process them as a batch at end of day Often more efficient than other types of systems but does not provide up-to-minute information

Effects of Internal Control Testing on Audit Substantive Procedures

Integrated audit requires tests of controls for all major account and relevant assertions Will lead to decreased scope of substantive procedures However, significant deficiencies or material weaknesses could lead to more substantive procedures Not acceptable to omit substantive procedures completely

Internal Auditing in IT

Interested in evaluating the overall efficiency and effectiveness of information systems operations and related controls throughout the company. Should participate in design of IT-based system. Perform tests to ensure no unauthorized changes, adequate documentation, control activities functioning, and data group performing duties.

Purchasing Function

Internal control Segregation of purchasing, receiving, and recording Cycle Purchase requisition form completed by department needing the goods Purchasing prepares purchase order May require bids Item description and quantity Copy forwarded to accounting Copy forwarded to receiving should not include quantity

COSO ERM Framework

Introduces a new structure: With just five components and twenty principles aligned to the business cycle, the Framework's key principles cover processes from governance to day-to-day activities. They are manageable in number and applicable for all organisations regardless of size, type, or sector and allow for a more fulsome conversation about risk between the board and management. Explores the different benefits of ERM: The Framework presents a clear case for integrating enterprise risk management practices with strategy-setting and performance management practices to help realise benefits related to value. Bringing a focus to these benefits enhances conversations about why ERM matters. Provides a focus on integrating risk management: The Framework offers guidance on how to better integrate enterprise risk management: linking risk with strategy setting and day-to-day activities, embedding it throughout an organisation's culture, capabilities and practices, and fostering better decision-making. Is written from the perspective of business: The Framework's language makes conversations about risk relevant and universal by setting out core definitions, components and principles for all levels of management involved in designing, implementing and conducting ERM practices. Features a suite of new graphics: The Framework utilises new conceptual graphics. The core graphic brings to life the relationship between risk management and the business model. Other graphics, such as risk curves, highlight the relationships between risk, strategy, and performance further embedding the management of risk into day-to-day conversations. Explores risk management at all altitudes of the organisation: From entity-level to process-level risks, the Framework explores how the identification, assessment and management of risk changes from the transactional to the strategic. Dives into deeper discussions on challenging topics: The Framework examines such topics as risk appetite and the portfolio view of risk, and addresses some misconceptions that exist today, providing deeper insight. Includes greater emphasis on culture: The Framework explores how enterprise risk management practices can instill more transparency and risk awareness into an organisation's culture, helping people make decisions while understanding the importance of culture in shaping those decisions. Addresses the evolving role of information technology: The Framework sheds light on how business trends, such as the proliferation of data, artificial intelligence and automation; influence an organisation's strategy, business context, and risk management.

Control in Decentralized and Single Workstation Systems

Involves use of one or more user operated workstations to process data Needed controls Train users Document computer processing procedures Files backed-up at a secure location Authorization controls Prohibit use of unauthorized programs Use antivirus and malware software

Levels of severity of control deficiencies

Less than a significant deficiency Significant deficiency - less severe than material weakness yet important enough to merit attention Material weakness - reasonable possibility that a material misstatement will not be prevented or detected

Qualitative materiality factors

Likely to be material when: Arise from an item capable of precise measurement (e.g., the amount of a sale) rather than from an estimate (e.g., the amount in the allowance for doubtful accounts). Mask a change in earnings or other trends. Hide a failure to meet analysts' consensus expectations for the company. Change a loss into income, or vice versa. Concern a particularly important segment or other portion of the registrant's business. Affect compliance with regulatory requirements, loan covenants, or other contractual requirements. Increase management's compensation. Involve concealment of an unlawful transaction. Are of an amount that management or the auditors believe would affect the stock's price.

Loss Contingencies

Loss contingencies should be reflected in the financial statement amounts when: It is probable that a loss had been sustained before the balance sheet date The amount of the loss can be reasonably estimated Loss contingencies should be disclosed in the notes to the financial statements when it is at least reasonably possible that a loss has been sustained Loss contingencies need not be disclosed when the possibility of loss is remote

Management's Report on Internal Control under Section 404a

Management acknowledges its responsibility for establishing and maintaining internal control Management has assessed internal control effectiveness as of the last day of the company's fiscal year-end using suitable criteria Management supports the evaluation with sufficient evidence

Management Assessment

Management can be assisted by consultants but not by the CPA firm that conducts the audit of financial statements Must understand definition of internal control adopted by the SEC Evaluation must use an accepted "control framework" such as Internal Control-Integrated Framework created by COSO Must understand concepts of control deficiency, significant deficiency, and material weakness

The Special Significance of Audit of Inventories

Management fraud has often involved the fraudulent overstatement of inventories. The valuation of goods on hand and in process often presents complex and difficult issues Determining the quantities of inventories may require specialized techniques Inventories often represent the largest current asset of a company Misstatements of inventories directly affect cost of goods sold and, therefore, net income

Kiting

Manipulations that utilize temporarily overstated bank balances to conceal cash shortage or meet short-term cash needs. Kiting schemes rely upon the existence of a "float period" in which transactions are not processed in real time; increased electronic processing has made kiting more difficult through reducing (or eliminating the float period). Auditors can detect kiting by preparing a schedule of bank transfers for a few days before and after balance sheet date. Misstatements Date of recording per transfer per the books are from different financial statement periods. Date the check was recorded by the bank is from financial statement period prior to books. As indicated previously, the Check 21 Act makes kitting of checks very difficult because check clearing is so fast.

Financial Investments

Marketable securities Treasury instruments Commercial paper Mortgages and trust deeds Cash surrender value of insurance policies Derivatives

Adjusting entry needed?

Misstatements and omissions are judged based on impact on the financial statements Materiality Effect on net income Need to consider cumulative effect on the financial statements

Miscellaneous Revenue 1/2

Mixture of minor items, some nonrecurring and others received at regular intervals Auditor should analyze account to look for items improperly recorded as miscellaneous: Collections on previously written-off accounts or notes receivable Write-offs of old outstanding checks or unclaimed wages Proceeds from sales of scrap Rebates or refunds of insurance premiums Proceeds from sales of plant assets Auditor should Propose adjusting journal entry to classify items correctly Perform analytical procedures and investigate unusual fluctuations Can detect material amounts of unrecorded revenue and Significant misclassifications affecting revenue

Litigation

Most common loss contingency - pending or threatened litigation Letter of inquiry to client's legal counsel Provides evidence about pending and threatened litigation Unasserted claims - need to be disclosed if probable and reasonably possible Auditors should obtain from management a list describing and evaluating threatened or pending litigation for review by legal counsel

Sources of Notes Receivable

Nature Substantial loans to individuals or companies Installment note or contract can allow seller to hold lien on goods. Examples: Sale of industrial machinery, or farm equipment Loans to subsidiaries or other types of related companies Loans to officers, employees

IT Networks

Networks Computers linked together through telecommunication links that enable computers to communicate information back and forth WAN, LAN Internet, intranet, extranet Electronic commerce Involves electronic processing and transmission of data between customer and client Example: Electronic Data Interchange (EDI)

Accrued Liabilities

Obligations payable sometime during the succeeding period for services or privileges received before balance sheet date Examples: Interest payable, accrued property taxes Accounting estimates Review and test management's process of developing the estimate Review subsequent events Independently develop estimate to test reasonableness Basic audit steps 1. Examine any contracts or other documents on hand that provide the basis for the accrual. 2. Assess the accuracy of the detailed accounting records maintained for this category of liability. 3. Identify and evaluate the reasonableness of the assumptions made that underlie the computation of the liability. 4. Test the computations made by the client in setting up the accrual. 5. Determine that accrued liabilities have been treated consistently at the beginning and end of the period. 6. Consider the need for accrual of other accrued liabilities not presently considered (that is, test completeness). 7. For significant estimates, perform a retrospective analysis of the prior year's estimates for evidence of management bias. Accrued Property Taxes Accrued Payrolls Pension Plan Accruals Postemployment Benefits other than Pensions Accrued Vacation Pay Product Warranty Liabilities Accrued Commission and Bonuses Income Tax Payable Accrued Professional Fees

Likely Source of Misstatements

Once the auditors understand entity-control controls and the flow of transactions, the auditors are in a position to: Verify points within the company's processes at which a misstatement could arise that could be material; Identify the controls management has implemented to address these potential misstatements; and Identify the controls management has implemented to prevent or detect on a timely basis unauthorized acquisition, use, or disposition of the company's assets that could result in a material misstatement.

Monitoring

Ongoing monitoring activities Regularly performed supervisory and management activities Example: Continuous monitoring of customer complaints Separate evaluations Performed on nonroutine basis Example: Periodic audits by internal audit

Online Capabilities

Online systems allow users direct access to data stored in the system Two types (a company may use both) Online transaction processing (OLTP) Individual transactions entered from remote locations Online real time (Example: Processing transactions at ATM) Online analytical processing (OLAP) Enables user to query a system for analysis Example: Use of a decision support system to make decisions

Auditors' Overall Approach as it Relates to Internal Control

Overall approach of an audit 1. Plan the audit 2. Obtain an understanding of the client and its environment, including internal control 3. Assess the risks of material misstatement and design further audit procedures 4. Perform further audit procedures 5. Complete the audit 6. Form an opinion and issue the audit report Steps 2-4 relate most directly to the role of internal control in financial statement audits

Foreign Corrupt Practices Act

Passed in 1977 in response to American corporation practice of paying bribes and kickbacks to officials in foreign countries to obtain business The Act Makes illegal payment of bribes to foreign officials Requires an effective system of internal control (applies to public companies)

Substantive Tests for Selling, General, and Administrative Expenses 1/2

Perform analytical procedures Develop an expectation of the account balance Use budgeted amounts, prior-year audited balances, industry averages, relationships among financial data, and relevant nonfinancial data Determine the amount of difference from the expectation that can be accepted without investigation Use estimates of materiality Compare the company's account balance with the expected account balance Investigate significant deviations from the expected account balance Obtain or prepare analyses of selected expense accounts Examine accounts based on results of analytical procedures Which accounts? AICPA suggests Advertising Research and development Legal expenses and other professional fees Maintenance and repairs Rents and royalties Obtain or prepare analyses of critical expenses in the income tax return

Substantive Tests

Perform further audit procedures—substantive procedures for receivables and revenue. Obtain an aged trial balance of trade accounts receivable and analyses of other accounts receivable and reconcile to ledgers. Obtain analyses of notes receivable and related interest. Inspect notes on hand and confirm those with holders. Confirm receivables with debtors. Review the year-end cutoff of sales transactions. Perform analytical procedures for accounts receivable, notes receivable, and revenue. Review significant year-end sales contracts for unusual terms. Test the valuation of notes receivable, computation of interest income, interest receivable, and amortization of discount or premium. Evaluate the propriety of the client's accounting methods for receivables and revenue. Evaluate accounting estimates related to revenue recognition. Determine the adequacy of the client's allowance for uncollectible accounts. Ascertain whether any receivables have been pledged. Investigate any transactions with or receivables from related parties. Evaluate the business purpose of significant and unusual sales transactions. Evaluate financial statement presentation and disclosure of receivables and revenue.

Substantive Procedures

Perform further audit procedures—substantive procedures for cash transactions and balances. 1. Obtain analyses of cash balances and reconcile them to the general ledger. 2. Confirm cash balances with financial institutions. 3. Obtain or prepare reconciliations of bank (financial institution) accounts as of the balance sheet date and consider the need to reconcile bank activity for additional months. 4. Obtain a cutoff bank statement containing transactions of at least seven business days subsequent to balance sheet date. 5. Identify and investigate unusual cash receipts and disbursements. 6. Count and list cash on hand. 7. Verify the client's cutoff of cash receipts and cash disbursements. 8. Analyze bank transfers for the last week of audit year and the first week of following year. 9. Investigate any checks representing large or unusual payments to related parties. 10. Evaluate proper financial statement presentation and disclosure of cash.

Further Tests of Controls

Perform further audit procedures—tests of controls. 1. Examples of tests of controls: a. Examine significant aspects of a sample of purchase transactions. b. Perform tests of the cost accounting system. 2. If necessary, revise the risks of material misstatement based on the results of tests of controls.

Additional Tests of Controls

Perform further audit procedures—tests of controls. 1. Examples of tests of controls: a. Examine significant aspects of a sample of sales transactions. b. Compare a sample of shipping documents to related sales invoices. c. Review the use and authorization of credit memoranda. d. Reconcile selected cash register tapes and sales tickets with sales journals. e. Test IT application controls. f. Examine evidence of review and approval of revenue estimates. 2. If necessary, revise the risks of material misstatement based on the results of tests of controls.

Tests of Controls for Payroll

Perform tests of controls over payroll transactions for selected pay periods, including the following specific procedures: a. Compare names and wage or salary rates to records maintained by the human resources department. b. Compare time shown on payroll to time cards and time reports approved by supervisors. c. If payroll is based on piecework rates rather than hourly rates, reconcile earnings with production records. d. Determine basis of deductions from payroll and compare with records of deductions authorized by employees. e. Test extensions and footings of payroll. f. Compare total of payroll with total of payroll checks issued. g. Compare total of payroll with total of labor cost summary prepared by cost accounting department. h. If wages are paid in cash, compare receipts obtained from employees with payroll records. i. If wages are paid by check, compare paid checks with payroll and compare endorsements to signatures on withholding tax exemption certificates. j. If wages are paid by direct deposit, compare listing of employee payments with payroll and direct deposit authorizations. k. Observe the use of time clocks by employees reporting for work and investigate time cards not used.

Control Activities

Performance reviews Transaction control activities Physical controls Segregation of duties Segregate authorization, recording, and custody of assets

Other Functions

Perpetual inventory system Provide information essential to purchasing, sales, and production-planning policies Allows companies to control high costs of holding excessive inventory IT systems Easier to control inventories EDI to coordinate production and purchasing

Auditors' Objective

Plan and perform the audit to obtain reasonable assurance about whether material weaknesses exist to express an opinion on company's internal control over financial reporting The evidence is gathered for an opinion as of the date specified in management's assessment - normally the last day of the company's fiscal year

Primary Concern in Audit of Liabilities

Possibility of understatement or omission of liabilities Exaggerates the financial strength of company Conceals fraud as effectively as overstatement of assets Accompanied by understatement of expenses and overstatement of net income

Conservatism in the Measurement of Income

Powerful influence on revenue and expenses Important because of subjectivity involved with accounting estimates Assets - accountants choose lower of two or more reasonable alternative values Liabilities - higher amount is chosen Results in income statement with a low or conservative income figure

Audit Documentation

Prepare lead schedules for receivables and net revenue, and Prepare working papers for: Aged trial balance of A/R Analyses of other accounts receivable Analysis of notes receivable and related interest Analysis of allowance for uncollectible accounts and notes Comparative analyses of revenue Documentation of internal control Risk analyses and audit plan (program)

Errors may arise from misunderstandings of instructions, mistakes of judgment, fatigue, etc. Controls that depend on the segregation of duties may be circumvented by collusion Management may override internal controls Compliance may deteriorate over time

Preventive Aimed at avoiding the occurrence of misstatements in the financial statements Example: Segregation of duties Detective Designed to discover misstatements after they have occurred Example: Monthly bank reconciliations Corrective Needed to remedy the situation uncovered by detective controls Example: Backups of master file used to reconstruct erroneous records Controls overlap Complementary - function together Redundant - address same assertion or control objective Compensating - reduces risk existing weakness will result in misstatement

Obtaining the Understanding

Procedures include Inquiring of entity personnel Observing the application of specific controls Inspecting documents and reports Tracing transactions through the information system relevant to financial reporting (System Walkthrough) May also obtain evidence on operating effectiveness of various controls

Problems with First Year Clients

Procedures to obtain evidence that beginning inventory is fairly stated Review predecessor's working papers Discuss with person who supervised physical inventory at beginning Study written instructions in planning Trace numerous items from inventory tags to final summary sheets Test perpetual inventory records for previous year Test overall reasonableness of beginning inventory

Application Control Activities

Programmed Control Activities Input validation checks Limit test Validity test Allowed character test Missing data test Self-checking number Batch controls Item count Control total Hash total Processing controls Input controls ▫ Manual Follow-up Activities Exception reports follow-up

Objective of Management's Evaluation of Internal Control

Provide a reasonable basis for its annual assessment Process Evaluate design effectiveness of controls Evaluate operating effectiveness of internal control Document the process Issue the report

Functions related to inventories

Purchasing Receiving Storing Issuing Production Shipping

Obtain Representation Letter

Purpose is to have the client's principal officers acknowledge that they are primarily responsible for the fairness of the financial statements Dated as of the date of the audit report Not a substitute for application of necessary audit procedures

Documenting the Understanding of Internal Control

Questionnaires Typically standardized by firm or industry Written Narratives Memos that describe flow of transactions and controls Flowcharts Systems flowcharts

Confirmation of Receivables

Receivables should be confirmed, unless: Accounts receivable are immaterial, The use of confirmations would be ineffective, or The auditors' combined assessment of inherent and control risk is low, and audit risk can be reduced to acceptably low level with substantive tests

Receiving and Storing

Receiving Determines quantity of goods received Detects damaged or defective merchandise Prepares receiving report Prompt transmittal of goods received to stores department Storing Counts, inspects, and receives goods Notifies accounting of receipt Physically secures inventory

Proof of Cash General Information

Reconciles the account balance and reconciles cash transactions during a specified period. Used to identify: Cash receipts and disbursements recorded in the accounting records, but not on the bank statement. Cash deposits and disbursements recorded on the bank statement, but not on the accounting records. Cash receipts and disbursements recorded at different amounts by the bank than in the accounting records.

Identifying Relevant Assertions

Relevant assertions are those that have meaningful bearing on whether account is presented fairly. Recall that the relevant assertions about accounts and classes of transactions are: (1) existence or occurrence; (2) completeness; (3) valuation or allocation; (4) rights and obligations; and/or (5) presentation and disclosure.

Management's Report on Internal Control

Report must: State that it is management's responsibility to establish and maintain adequate internal control. Identify management's framework for evaluating internal control. Include management's assessment of the effectiveness of the company's internal control over financial reporting as of the end of the most recent fiscal period, including a statement as to whether internal control over financial reporting is effective. If, applicable, include a statement that the company's auditors have issued an attestation report on management's assessment.

Sales Tax Payable

Required to collect sales tax imposed by state and local governments Not an expense, just collecting agent Liabilities until remitted Verify liability by reviewing tax return Test reasonableness of amount Test invoices for correct tax charge

Evaluating Revenue Estimates

Revenue recognition may involve significant accounting estimates. Auditors can evaluate these estimates by: Reviewing and testing management's method of developing the estimates, Developing their own estimates, or Reviewing subsequent transactions and other events that provide evidence about the accuracy of the estimates. The auditors are required to perform a retrospective review of the prior year's significant accounting estimates to determine whether they indicate bias on the part of management.

Audit of Allowance for Doubtful Accounts

Review collections in subsequent period. Develop estimate and evaluate reasonableness of management estimate. Compare the details of the aging of accounts receivable to prior years' aging. Investigate the credit ratings for delinquent and unusually large accounts. Review confirmation exceptions for an indication of amounts in dispute or other clues as to possible uncollectible accounts. Summarize in a working paper those accounts whose collectability is doubtful based on the preceding procedures. List customer names, doubtful amounts, and reasons for considering these accounts doubtful. Review with the credit manager the current status of significant doubtful accounts. Compute relationships, such as the number-of-days' sales in accounts receivable and the relationship of the valuation allowance to (1) accounts receivable and (2) net credit sales.

Audit Procedures to Identify Subsequent Events

Review latest available financial reports and statements and minutes of the board and selected committees Inquiry about matters dealt with at meetings for which minutes are not available Inquiry of management Obtain lawyer's letter Obtain representations from management

Review the Engagement

Review of work of audit staff accomplished through review of audit working papers Typically performed by seniors Review of working papers not completed until near (of after) completion of fieldwork Partner and manager devote attention to accounts with higher risk of material misstatement Second partner review prior to issuance of audit report

Audit Procedures for Loss Contingencies

Review the minutes of directors' meetings to the date of completion of fieldwork. Send letter of inquiry to client's legal counsel. Send confirmation letters to financial institutions to request information on contingent liabilities of the company. Review correspondence with financial institutions for evidence of accommodation endorsements, guarantees of indebtedness, or sales or assignments of accounts receivable. Review reports and correspondence from regulatory agencies to identify potential assessments or fines. Obtain a representation letter from the client indicating that all liabilities known to officers are recorded or disclosed.

Amounts withheld from employees' pay

Risk: Income taxes and other amounts withheld from employees' pay but not remitted as of balance sheet date may not be accurately recorded Possible procedures Trace amounts withheld to payroll summary sheets Test computations of taxes and other amounts withheld and accrued Determine that amounts have been deposited in accordance with law

Evaluation Materiality: Considering Prior Year Uncorrected Misstatements

SEC SAB 108 Situation: $70,000 current year misstatement $60,000 balance sheet carryover from preceding year If either the $70,000 or the $130,000 total ($70,000 + 60,000) is material to this year, an adjustment must be made. The current year's income is decreased by at least $70,000 If the $60,000 is immaterial this year, it will also decrease current year income If the $60,000 is material this year, prior year financial statements should be adjusted.

Potential Revenue Recognition Problems

Sales with unusual right to return Side agreements Franchise fees Bill and hold transactions Sales using notes with unusual interest rates Long-term construction contracts Multiple element agreements

Audit Procedures Completed Near the End of Field Work

Search for unrecorded liabilities. Review the minutes of meetings. Perform final analytical procedures. Perform procedures to identify loss contingencies. Perform the review for subsequent events. Obtain the representation letter. Communicate misstatements to management. Evaluate audit findings.

Sarbanes-Oxley Act of 2002

Section 404 404(a) - requires annual report filed with SEC to include an internal control report by management Management acknowledges responsibility for establishing and maintaining adequate internal control Report provides assessment of internal control effectiveness at end of fiscal year 404(b) - requires CPA firm to audit internal control and express an opinion on effectiveness of internal control. (Required for companies with a capitalization in excess of $75,000,000)

Internal Control — Cash Disbursements

Segregation of duties Payment by check or electronic funds transfer Pre-numbered checks Match of purchase order and receiving documents with vendor's invoice Review of supporting documents by authorized check signer Cancelation of supporting documents Authorized check signer should mail checks Monthly bank reconciliations

Controls Over the Acquisition Cycle

Segregation of duties—purchases and disbursements Approval of purchase orders Numerical control of purchase orders and receiving reports Matching of details of vendors' invoices to purchase orders and receiving documents Approval of vendors' invoices Pre-numbered checks Reconciliation of details of individual disbursements to controlling accounts Reconciliation of vendors' statements to accounts Reconciliation of bank accounts Use of budgets and analysis of variances Use of chart of accounts and review of account coding

Segregations of Functions—Payroll

Separate departments should handle: Employment (personnel) Timekeeping Payroll preparation and record keeping Distribution of pay to employees

Shipping

Shipment upon authorized sales order approved by credit department Generates a prenumbered shipping document One copy in shipping One copy to billing Third copy used as packing slip For goods shipped common carrier - fourth copy services as bill of lading

Sources of Accounts Payable

Short-term obligations arising from purchase of goods and services in ordinary course of business; examples: Acquisition of merchandise on credit Receipt of services such as advertising, repairs, etc. Invoices and statements from suppliers usually evidence of the amount of accounts payable Interest-bearing obligations are not included in accounts payable; they are included as bonds, notes, etc.

McKesson & Robbins Fraud Case

Significant impact on responsibility of auditors with respect to validity of inventories Case decided in 1939 - the audited financial statements contained $19 million of fictitious assets including $10 million of nonexistent inventories Auditors followed customary auditing practice which limited audit work on inventories to examining records only Statements on Auditing Procedures 1 and 2 - first formal auditing standards issued by AICPA affirmed the importance of auditors' observation of physical inventories although other auditing procedures could be substituted

purpose of COBIT 5

Simply stated, it helps enterprises create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use.

Sources of Accounts Receivable

Sources Claims against customers from sale of goods or services Loans to officers or employees Loans to subsidiaries Claims against various other refunds Claims for tax refunds Advances to suppliers Shown on balance sheet at net realizable value

Sources and Nature of Cash

Sources General checking account Payroll checking accounts Petty cash Savings accounts Cash equivalents Money market funds Certificates of deposit Savings certificates

Steps 1 and 2 and 3 of Audit—Plan Audit and Obtain an Understanding

Step 1 - Consider IT system in planning Step 2 - Obtain an understanding of the client and its environment Documentation of client's IT-based system depends on complexity of system Narrative Systems flowchart Program flowchart Internal control questionnaires Step 3 of Audit: Assess the Risks of Material Misstatement Identify risks Relate the identified risks to what can go wrong at the relevant assertion level Consider whether the risks are of a magnitude that could result in a material misstatement Consider the likelihood that the risks could result in a material misstatement Evaluate effectiveness of related controls in mitigating risks Test of controls over IT-based systems

Steps for Recognition of Revenue

Step 1: Identify the Contract. Step 2: Identify the Performance Obligations. Step 3: Determine the Transaction Price. Step 4: Allocate the Transaction Price to the Performance Obligations. Step 5: Recognize Revenue When the Performance Obligations Are Satisfied.

Issuing and Production

Stores department issues goods to requesting department Prenumbered requisition Production Controlled with master production schedule Production orders Materials requisitions and move tickets Job time tickets

Internal Control over Notes Receivable

Subdivision of duties The custodian of notes receivable should not have access to cash or to the general accounting records The acceptance and renewal of notes are authorized in writing by a responsible official who does not have custody of notes The write-off of defaulted notes are approved in writing by responsible officials and effective procedures adopted for subsequent follow-up of such defaulted notes

Unclaimed wages

Subject to misappropriation Concerned with adequacy of internal control Should not be left for more than a few day Prompt deposit in special bank account Analyze unclaimed wages to determine Credit represents all unclaimed wages after each payroll distribution Debits represent authorized payments

Indications of Risks of Misstatement

Subsidiary records not in agreement with general ledger Receiving reports and vouchers used haphazardly Purchase transactions not recorded until payment is made Many accounts payable long past due Risks such as these indicate the need for additional substantive procedures

IT and the Audit Trail

System may be on-premises or off-premises Illustration of manual vs. automated initiation of transactions Manual—May manually record sales orders on paper forms, authorize credit, prepare shipping reports and invoices, record sales and maintain accounts receivable records. Automated—Records may all be electronic. IT may be able to create, update, and delete data without evidence of change.

Relationship Between Audits

Tests of controls Same for internal control audit and financial statement audit Evidence from internal control audit can be used for financial statement audit Differences between audits Objectives are different Integrated audit Testing should be spread through the year to satisfy both objectives

Perform Further Audit Procedures - Test of Controls 2/2

Tests of controls include: Inquiries of appropriate client personnel Inspection of documents and reports Observation of the application of controls Reperformance of the controls The results of the tests of controls are used to determine the nature, timing, and extent of substantive procedures

Components of Internal Control

The Control Environment Risk Assessment Control Activities Information System Relevant to Financial Reporting and Communication Monitoring Activities

Client/Server Environment

The term client/server architecture involves a logical separation of an information system's tasks into client and server tiers or layers. The three-tier configuration that separates the presentation, application processing, and data management functions was the primary client/server arrangement for most in-house enterprise business systems until virtualized IT environments were introduced. A virtualized client/server configuration requires the system software to partition a single physical computer server into multiple virtual machines, each capable of running a different operating system and different applications, simultaneously and independently.

Details on Understanding the Client Business

The types of products and services sold. The classes and categories of the client's customers. Whether the business is affected by seasonal or cyclical demand. Typical marketing policies for the client and its industry. Policies regarding pricing, sales returns, discounts, extension of credit, and normal delivery and payment terms. Compensation arrangements that are based on recorded revenue. Typical revenue recognition principles used in the industry and their methods of application.

Obtain an understanding of the client and its environment, including internal control

The understanding of internal control is used to help the auditors to Identify types of potential misstatements Consider factors that affect the risks of material misstatement Design tests of controls (when applicable) and substantive procedures Auditors must consider all five internal control components Control environment Accounting information system Risk assessment Control activities Monitoring In doing so, the auditors should also consider areas difficult to control like non-routine transactions

Potential Misstatements—Financial Investments

Theft of marketable securities Unauthorized investment transactions Incomplete recording of investments Improper valuation of investments Failure to properly account for derivatives Inadequate disclosure of the nature of investment activities

Approach to Audit of Internal Control under Section 404b

This section applies to public companies with a market capitalization of $75 million or more. For those companies, the auditors audit internal control as a part of an integrated audit. In doing so, the auditors: Plan the engagement Use a top-down approach to identify the controls to test Test and evaluate design effectiveness of internal control Test and evaluate operating effectiveness of internal control Form an opinion on effectiveness of internal control over financial reporting

Related Party Transactions

To identify related party transactions, auditors should review Proxy and other filings with SEC or other regulatory agencies Conflict-of-interest statements by management Transactions with unusual terms Accounting records for unusual balances or transactions particularly near year-end Determine that related party transactions are appropriately disclosed

Software

Two Types: System software Programs that control and coordinate hardware components and provide support to application software Operating system (Examples: Unix, Windows) Application software Programs designed to perform a specific data processing task Written in programming language (Example: Java)

Types of Confirmations

Two methods of confirmation of receivables: Positive confirmations - request addressed to the debtor asking for a reply Ordinarily sent with balances due on them Blank forms - leave amount blank (used less frequently) Negative confirmations - ask debtor to advise the auditors only if the balance shown is incorrect Low level of assessed risk of material misstatement Large number of small balances A low error rate is expected No reason to believe the respondent will ignore the request

Nature of IT Based Systems

Types Small Businesses Off-the-shelf software packages Electronic checkbooks (e.g., Quicken) basic general ledger systems (e.g., QuickBooks) Large businesses Client/server ERP Cloud computing

Fraud Risk related to Receivables and Revenue

Understand controls established by management to control risks Determine controls have been implemented Response to risks An overall effect on audit Alter the design of audit procedures Performing procedures to address risk of material misstatement due to management override of internal control

Potential Sources of Unrecorded Accounts Payable

Unmatched invoices and unbilled receiving reports Vouchers payable entered in the voucher register subsequent to balance sheet date Invoices received after balance sheet date Consignments in which client acts as a consignee

Objectives for the Audit of Accounts Payable and Purchases

Use the understanding of the client and its environment to consider inherent risk, including fraud risks, related to accounts payable. Obtain an understanding of internal control over accounts payable. Assess the risks of material misstatement and design tests of controls and substantive procedures that: Substantiate the existence of accounts payable and the client's obligation to pay these liabilities and establish the occurrence of purchase transactions Establish the completeness of recorded accounts payable Verify the cutoff of transactions affecting accounts payable Establish the proper valuation of accounts payable and the accuracy of purchase transactions Determine that the presentation and disclosure of accounts payable are appropriate

Objectives for the Audit Cash

Use the understanding of the client and its environment to consider inherent risk, including fraud risks, related to cash Obtain an understanding of internal control over cash. Assess the risks of material misstatement of cash and design tests of controls and substantive procedures that: Substantiate the existence of recorded cash and occurrence of the related transactions Determine the accuracy of cash transactions Establish the completeness of recorded cash Verify the cutoff and accuracy of cash transactions Determine that the client has rights to recorded cash Determine that the presentation and disclosure of cash, including restricted funds, are appropriate

Objectives for the Audit of Receivables and Revenue

Use the understanding of the client and its environment to consider inherent risk, including fraud risks, related to receivables and revenues. Obtain an understanding of internal control over receivables and revenues. Assess the risks of material misstatement and design tests of controls and substantive procedures that: Substantiate the existence of receivables and the occurrence of revenue transactions Establish the completeness of receivables and revenue transactions Verify the cutoff of revenue transactions Determine that the client has rights to recorded receivables Establish the proper valuation of receivables and the accuracy of revenue transactions Determine that the presentation and disclosure of receivables and revenue are appropriate

Risk Assessment for the Audit of Inventories

Use the understanding of the client and its environment to consider inherent risks, including fraud risks, related to inventories and cost of goods sold. B. Obtain an understanding of internal control over inventories and cost of goods sold. C. Assess the risks of material misstatement and design further audit procedures.

Risk Assessment for the Audit of Receivables

Use the understanding of the client and its environment to consider inherent risks, including fraud risks, related to receivables and revenue. B. Obtain an understanding of internal control over receivables and revenue. C. Assess the risks of material misstatement and design further audit procedures.

Objectives for the Audit of Financial Investments

Use their understanding of the client and its environment to assess inherent risks including fraud risks. Obtain an understanding of internal control over investments. Assess the risks of material misstatements of investments and design further audit procedures that Substantiate the existence of recorded financial investments and the occurrence of investment transactions. Establish the completeness of financial investments and investment transactions. Verify the cutoff of investment transactions. Determine that the client has rights to recorded investments. Determine that the valuation of financial investments is appropriate; that is, determine that such valuation is in accordance with the cost, fair value, or equity method of accounting and that any unrealized appreciation or depreciation in value is appropriately recorded. Determine that the presentation and disclosure of financial investments and realized and unrealized gains and losses are appropriate.

End User Computing

User departments are responsible for the development and execution of certain IT applications Involves a decentralized processing system IT department generally not directly involved Controls needed to prevent unauthorized access and ensure applications do not have programming errors

Performing Walk-Throughs

Walk-through Tracing a transaction from its origination through the company's information system until it is reflected in the company's financial reports Provide evidence to: Verify that the auditors have identified points at which a significant risk of misstatement to a relevant assertion exists. Verify their understanding of the design of controls, including those related to the prevention or detection of fraud. Evaluate the effectiveness of the design of controls. Confirm whether controls have been placed in operation (implemented).

Use of the Work of Internal Auditors

Work of Internal Auditors may be used in two ways: Obtaining audit evidence by using the internal auditors' work performed as a part of their normal responsibilities, and Using internal auditors to provide direct assistance on the external audit.

Audit Documentation

Working papers Lead schedule for accounts payable Trial balances of various types of accounts payable Confirmation requests for accounts payable Listing of unrecorded accounts payable