Advanced Auditing

Attribute Sampling

Used to estimate the proportion of a population that possesses a specified characteristic

Classical Variables Sampling

Uses normal distribution theory to evaluate the characteristics of a population based on sample data

Statistical Sampling

Uses the laws of probability to compute sample size and evaluate results

ADA's What is new/not new?

Using technology in the audit - not new; accounting firms expect new audit associates to have some exposure to ADA's and how to perform and understand their outputs in the context of the audit - new

Integrity

establishes trust and thus provides the basis for reliance on their judgement

SOC 2

A SOC 2 report is limited either to the management of the organization or to specific users.

SOC 3

A SOC 3 report is ordinarily intended for general use to provide assurance to a broad group of external users.

Nonstatistical Sampling

Allows the use of random or systematic selection, but also permits the use of other methods such as haphazard sampling

Agreed-upon procedures

one in which a practitioner is engaged by an entity to issue a report of findings based on specific procedures performed on the subject matter for use by specific parties.

Examination

the accounting practitioner expresses an opinion that (a) the subject matter is in accordance with (or based on) the criteria in all material respects or (b) the assertion is fairly stated, in all material respects, based on the criteria

nonstatistical sampling

the auditor does not use statistical techniques to determine sample size, select the sample items, or measure sampling risk

Allowance for Sampling Risk

the difference between expected and tolerable deviation rate.

Reviews

the level of assurance and required procedures are greatly reduced from those required for an examination. Rather than express an affirmative opinion, the practitioner indicates a conclusion as to whether any information came to his or her attention regarding material modifications that should be made to (a) the subject matter in order for it to be in accordance with the criteria or (b) the responsible party's assertion, in order for it to be fairly stated.

Inherent risk factors - Property Management Process

1. Complex Accounting Issues 2. Difficult to audit transactions 3. Misstatements detected in prior audits

Trust Services Criteria

1. Confidentiality - Information designated as confidential is protected to meet the entity's objectives. 2. Availability - Information and systems are available for operation and use to meet the entity's objectives (uptime) 3. Processing Integrity - System processing is complete, valid, accurate, timely, and authorized to meet the entity's objectives 4. Privacy - Personal information (PI) is collected, used, retained, disclosed, and disposed to meet the entity's objectives. 5. Security - Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy of information or systems and affect the entity's ability to meet its objectives

Property Management Control Risk Assessment - Occurence/Authorization

1. Control procedures for the occurrence and authorization of property, plant, and equipment are normally part of the purchasing process. 2. However, larger capital asset transactions may be subject to additional controls. 3. Companies should have an authorization table for approving capital asset transactions. 4. Control activities should also identify assets no longer in use

Advantages of Statistical Sampling

1. Design an efficient sample 2. Measure the sufficiency of evidence obtained 3. Quantify sampling risk

Disadvantages of Classical Variables Sampling

1. Does not work well when little or no misstatement is expected in the population. 2. To determine sample size, the auditor must estimate the standard deviation of the audit differences. 3. If few misstatements are detected in the sample data, the estimated variance used for evaluation may underestimate the true variance, and the resulting projection of the misstatements and the related confidence limits are not likely to be reliable.

Four internal auditor roles

1. Evaluating Risks and Controls Evaluate risk management process Help to determine the sources of risks Internal control audits Facilitate senior management's ability to certify controls 2. Reviewing Compliance Compliance with relevant laws and regulations OSHA EPA FDA FCPA HIPAA, etc. 3. Financial Auditing Specific financial issues (e.g. travel) Work relevant to the external auditor too 4. Operational Auditing Audits conducted to identify the causes of problems or enhance the efficiency and effectiveness of operations.

Inherent risk factors - human resources

1. High turnover increases inherent risk assessment due to the level of employee additions and terminations and the risk associated with processing. For example, there is greater risk that pay will be inappropriately dispersed to terminated or fictitious employees. 2. The inherent risk associated with executive compensation is frequently not set at low because officers may have motive and opportunity to take advantage of their high-ranking offices in the form of excessive compensation. Due to the complexity of accounting and disclosures associated with stock-based compensation (stock options, stock appreciation rights), combined with the degree of judgement and estimation involved in option-valuation models, there can also be substantial inherent risk associated with stock-based or share-based compensation.

Inherent risk factors - Inventory

1. If industry competition is intense, there may be problems with the proper valuation of inventory in terms of lower-of-cost-or-market values. 2. Changes in technology or a drop in customer demand may also result in a material misstatement due to obsolescence 3. The type of product sold by the entity can increase the potential for defalcation- products that are small and of high value, such as jewelry, are more susceptible to theft than large products 4. Inventory is often difficult to audit, and its valuation may result in disagreements with the entity

Confidentiality - internal auditors

1. Shall be prudent in the use and protection of information acquired in the course of their duties 2. Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organization

Competency - internal auditors

1. Shall engage only in those services for which they have the necessary knowledge, skills, and experience 2. Shall perform internal auditing services in accordance with the International Standards for the Professional Practice of Internal Auditing 3. Shall continually improve their proficiency and the effectiveness and quality of their services

Objectivity - internal auditors

1. Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interest of the organization. 2. Shall not accept anything that may impair or be presumed to impair their professional judgement 3. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review

Integrity - internal auditors shall:

1. Shall perform their work with honesty, diligence, and responsibility 2. Shall observe the law and make disclosures expected by the law and the profession 3. Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or the organization 4. Shall respect and contribute to the legitimate and ethical objectives of the organization

Five factors in assessing control risk

1. The expertise and experience of those determining the fair value of the assets. 2. Controls over the process used to determine fair value measurements, including controls over data and segregation of duties between those committing the entity to the purchase and those undertaking the valuation. 3. The extent to which the entity engages or employs valuation specialists. 4. The significant management assumptions used in determining fair value. 5. The integrity of change controls and security procedures for valuation models and relevant information systems, including approval processes.

Procedures involved in examining prospective financial statements

1. The practitioner is independent. 2. Party is responsible for the subject matter, or (b) party is able to provide evidence of a third party's responsibility for the subject matter. 3. Practitioner and specified parties agree on the procedures to be performed. 4. Take responsibility for the sufficiency of the agreed-upon procedures. 5. Subject matter is subject to reasonably consistent measurement. 6. Criteria to be used in the determination of findings are agreed upon between the practitioner and the specified parties. 7. Procedures to be applied are expected to result in reasonably consistent findings using the criteria. 8. Relevant evidence is expected to exist to provide a reasonable basis for expressing the findings using the criteria. 9. Where applicable, materiality limits are agreed upon (practitioner/specified party). 10. Use of the report is restricted to the specified parties. 11. Prospective information... include a summary of significant assumptions.

Disadvantages of MUS

1. The selection of zero or negative balances generally requires special design consideration. 2. When more than a few misstatements are detected, the sample results calculations may overstate the allowance for sampling risk.

Advantages of Classical Variables Sampling

1. When the auditor expects a relatively large number of differences between book and audited values, this method will normally result in a smaller sample size than MUS. 2. The techniques are effective for both overstatements and understatements. 3. The selection of zero balances generally does not require special sample design considerations.

Advantages of MUS

1. When the auditor expects little misstatement, MUS usually results in a smaller sample size than classical variables sampling. 2. When applied using the probability-proportional-to-size procedure, MUS automatically results in a stratified sample. 3. MUS does not require the user to make assumptions about the distribution of misstatements.

Inherent risk factors - Long-Term Assets

1. With the judgement and complexity associated with the valuation and impairment testing of intangible assets, the auditor is likely to assess the inherent risk of significant intangibles as high, particularly if the assets might be impaired 2. Judgement is required to initially value assets such as trademarks, customer relations, copyrights, and customer order backlogs and good will when one company acquires another

Why will some sampling always be required?

Control processes require human involvement; testing procedures require the auditor to physically inspect an asset; required to obtain and evaluate evidence from third parties

Disadvantages of Statistical Sampling

Cost of training auditors Cost to design and conduct sampling application Lack of consistent application

Relationship of Population Size (attribute)

Decreases sample size only when population is small (fewer than 1,000 items)

Two technological advances that reduced the number of times an auditor needs to apply sampling techniques

Development of well-controlled, automated accounting systems; powerful audit software to entire populations of data

Relationship of Desired Confidence Level

Direct Lower - Decrease Higher - Increase

Relationship of Expected Misstatement

Direct Lower - Decrease Higher - Increase

Relationship of Population Size (Monetary)

Direct Lower - Decrease Higher - Increase

Why does the effective use of ADA's go beyond IT skills or the use of software tool

Effective use of ADA's requires combining technological skills and knowledge of accounting and auditing and a sound understanding of the entity and potential risk of misstatement

SOC for cybersecurity

Examination engagement performed by practitioners under the AICPA attestation standards on an entity's cybersecurity risk management program

Risk of Incorrect Rejection (Type I)

Internal Controls - Control is not operating effectively when it is Substantive Testing - Recorded balance is misstated when it is not Relates to Efficiency

Risk of Incorrect Acceptance (Type II)

Internal Controls - Control is operating effectively when it is not Substantive Testing - Recorded balance is not misstated when it is Relates to Effectiveness

Competency

Internal auditors apply the knowledge, skills, and experience needed in the performance of internal auditing services

Objectivity

Internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments

Confidentiality

Internal auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to

Relationship of Tolerable Misstatement

Inverse Lower - Increase Higher - Decrease

General/Limited Use

Only a financial forecast can be made available for general use; financial projections are not to be made available for general use if an accountant's report is to be involved.

Why does population size matter in Monetary unit sampling when it is insignificant in attribute sampling

Population size does influence sampling computations when testing monetary account balances

Preparation

Preparation of financial statements is done by the accountant to assist a client in organizing the financial information based on a selected accounting framework. Procedures involved: Bookkeeping service - independence is not required. Assurance provided: Legend on each page of the financial statements explicitly stating no assurance. Reporting of service: Accountant not required to verify accuracy or completeness or gather evidence to express an opinion. (does not issue any type of report)

financial forecast

Prospective financial statements that present an entity's expected financial position, results of operations, and cash flows. They are based on assumptions reflecting conditions the responsible party expects to exist and the course of action it expects to take.

Financial Projections

Prospective financial statements that present, given one or more hypothetical assumptions, an entity's expected financial position, results of operations, and cash flows. These assumptions may not reflect the most likely or expected conditions.

SOC 2/3

Reports that are issued by a practitioner in conjunction with information systems and a Trust Services engagement

Desired Confidence Level

The desired level of assurance that the sample results will support a conclusion that the control is functioning effectively

Property Management Control Risk Assessment - Completeness

The detailed property, plant, and equipment subsidiary ledger usually includes the following information for each capital asset: 1. Description, location, and ID number 2. Date of acquisition and installed cost 3. Depreciation methods for book and tax purposes, salvage value, and estimated useful life

Basic Precision

The difference between the expected and tolerable deviation rates

Tolerable Deviation Rate

The maximum deviation rate from a prescribed control that the auditor is willing to accept

Sampling Risk

The possibility that the sample drawn is not representative of the population

Data Analytics

The process of obtaining, cleaning, transforming, and then using data to identify and communicate meaningful patterns, trends, outliers, and information in support of decision making ; Process of using technology to transform data into information

Audit Data Analytics

The science and art of using analysis, modeling and visualization to discover and analyze patterns, anomalies, and other information for the purpose of planning and performing an audit

Sampling Population

all or a subset of the items that constitute the class of transactions

Why is Data Analytics becoming more widespread

analyzing very large datasets draw meaningful conclusions; advances in technology enable data to be analyzed by more affordable and user-friendly software

Monetary Unit Sampling

attribute-sampling theory to express a monetary conclusion rather than a rate of occurrence

Compilation

is defined as presenting financial statements that contain prospective financial information, pro forma financial information, or other historical financial information that are the representation of management or owners without the accountant expressing any assurance on the financial statements. Procedures involved: Must address significant questions that arise during the engagement (required to obtain revised/corrected information before issuing a compilation report). Assurance provided: While no assurance is provided, the accountant must have the following knowledge: Accounting principles and practices of the industry in which the entity operates General understanding of the entity's organization, operating characteristics, and the nature of its assets, liabilities, revenues and expenses. An understanding of the accounting principles and practices used by the entity. Reporting of service: Requires a report to be issued

Review

is defined as the performance of inquiry and analytical procedures to provide the accountant with a reasonable basis for expressing limited assurance that no material modifications should be made to the statements in order for them to conform to the applicable financial reporting framework (e.g. GAAP). Procedures involved: Obtaining knowledge of the accounting principles and practices of the industry in which the entity operates. Obtaining a general understanding of the entity's organization, its operating characteristics, and the nature of its assets, liabilities, revenues, and expenses. Obtaining an understanding of the accounting principles and practices used by the entity in measuring, recognizing, recording, and disclosing all significant accounts and disclosures in the financial statements. Asking the entity's personnel about important matters. Performing analytical procedures. Reading the financial statements to determine if they conform to the applicable reporting framework. Obtaining reports from other accountants, if any. Obtaining a representation letter from management. Assurance provided: (Limited Assurance) If while conducting the review the accountant becomes aware of information that is incorrect, incomplete, or misleading, he or she should perform any additional procedures necessary to provide limited assurance that no material modifications to the financial statements are required Reporting of service: A standard review report assumes that the financial statements are in accordance with GAAP. Includes all necessary disclosures. Be dated as of the completion of accountants inquiry and analytical procedures