ACC 453 Final Exam
Attestation
"Attestation is the process of providing assurance about the reliability of specific information provided by one party to another." (KSB p.12) Attestation requires: Responsibility for a specific assertion of interest to another party (Case 1-1 Anthony's Pizza) Agreed-upon and objective criteria (Case 1-1 Anthony's Pizza) Verifiable (not subjective terms like "best") Written conclusion
Analytical Procedures
"evaluations of financial information made by a study of plausible relationships among both financial and non-financial data."
Audit Risk Model
AR=IR X CR X DR
ICFR Objectives
Accurately record routine transactions (e.g., revenue) Conformity with GAAP Prevent fraud Serve as general control over IT Facilitate estimation process for non-routine transactions Facilitate period-end close and preparation of financial statements
Endogenous Assurance Demand
Attestation predates regulation Organizations not required to, often purchase financial-statement audits (e.g., partnerships) and other attest services (e.g., internal controls, terms in contractual agreements) and non-attest assurance services (e.g., IT Consulting)
What are we skeptical of ?
Audit Evidence Being skeptical of the evidence that you obtain during the audit including evidence from and about people. Assumption of academics and standard setters Own judgments (Self-Criticism) Embracing potential judgment fallibility and overconfidence Thinking in flexible, multidimensional ways
Where are AP's applied?
Audit Planning: Attention Directing Substantive Testing: As a Substitute for Tests of Details. Final Review: Making sure that fluctuations have been explained and that results are reasonable.
Why SSA?
Before making various decisions, auditors need to acquire knowledge of a client's environment or entity business states (EBS). The Audit Risk Model has little guidance on questions like: What type of knowledge is needed? How much knowledge is needed? How much weight should auditors give such knowledge? Strategic-systems auditing provides guidance.
Audit Evidence
Being skeptical of the evidence that you obtain during the audit including evidence from and about people. Assumption of academics and standard setters
Earnings Management and Fraud Similarities
Both are typically designed to make the firm's financial performance and condition appear better than reality. Both may result in misleading financial statements and professional liability exposure for auditors.
Types of Controls in ICFR
Business Process Controls Capturing information at the point of the transaction Monitoring Controls KPIs, performance reports Financial Reporting Controls Closing procedures, estimates, etc.
Confirmation
Confirm with third parties independent of client. Examples: Cash balances, loan amounts with client's banks; Acct. Rec. balances with client's customers. Primarily used for existence and accuracy but sometimes for completeness Bank confirmation: Confirm balance (existence/accuracy) List any outstanding client liabilities to your financial institutions (completeness)
COSO's 5 Elements
Control Environment (The Foundation) An organization's integrity, general competence, and ethics. Attitudes and incentives (i.e., Tone at the top) Risk Assessment Control Activities Information and Communication Monitoring
Control Objectives
To improve the effectiveness of decision making and the efficiency of business processes. To increase the reliability of information To comply with laws, regulations, and contractual obligations
Types of Management Controls
Top-level reviews Performance indicators (i.e., KPIs) and benchmarking Independent evaluations
Tracing
Trace a given "flow" forward in time from its origination to completion. From the source documents to the general ledger Good for testing completeness assertion Example: Sample from invoices and trace to see if accurately recorded in journals and ledgers.
Types of Substantive Procedures
Tracing Vouching Confirmation Physical Examination Substantive Analytical Procedures
Reducing Ethical Dilemmas and Biases
Training Group decision making Written justification of decisions Use of decision aids Consultation Quality control Rewarding ethical behavior
Further Warnings
Transactions are not recorded or are improperly recorded. Unsupported or unauthorized transactions or balances Missing or altered documents Last minute adjustments Control weaknesses allow employees to perform incompatible duties Denial of access to records, facilities, and key personnel. Undue pressure to complete audit quickly Significant deviations between actual results and audit expectations that cannot be satisfactorily resolved.
Vouching
Vouch a given "flow" backward in time to original, supportive source documents From the general ledger to the source documents Good for testing existence assertion Example: Sample from journalized sales and see if supported by shipping document and payment/AR.
General Warning Signals: Conditions Conducive to Fraud
Weak board: Management chooses board members due to absence of nominating committee. Large board is packed with celebrities, insiders, and friends. Audit committee lacks expertise. Weak controls and ineffective internal auditors Reluctance to fix control problems found in previous audits and make adjustments to correct errors (i.e. same audit adjustments every year)
Strategic Analysis
What are the company's key business objectives? What is the company's strategy for achieving its objectives? What are the key factors that have shaped the current degree of success or failure of this strategy? Does the company's strategy appear to be working? What are the key threats (business risks) to the sustainability of the company's strategy? Given these threats, does it appear that the company's current strategy is sustainable? Prepare a customized entity-level business model for the company (see Canvas for the template).
Process Analysis
What is the overall process objective? In other words, explain how management envisions the process contributing to the firm's business objectives. What are two relevant sub-processes and sub-process objectives? What risks threaten the company's achievement of the sub-process objectives? Identify several key performance indicators (KPIs) for the core business process. What is the role of these performance measures that management has developed in dealing with these process risks? Be sure to clearly link your KPIs to the risks identified in #2. Prepare a Process Analysis Document (PAD) for the core business process. A PAD template is available on Canvas.
Fraud Triangle
presssure, rationalization, opportunity Fraud Risk is highest when: Perceived opportunities exist Pressures exist A "justification" is available to help rationalize. What are some common pressures that could lead to fraud? What are some possible rationalizations for fraud?
Purpose of Audit Risk Model
risk of material misstamenet and the risk that the auditor will not detect such misstatement (detection risk)
Documentation
Examine documents for evidence of performance of control procedures Example: Does the credit manager review the accounts receivable detail for uncollectible accounts? The auditor could verify that the credit manager initials the monthly report (or other "proof" that the control was performed).
Assertions
Existence Do the assets, liabilities, and equities exist? Completeness Are all assets, liabilities, and equities recorded? Valuation Are the amounts recorded in accordance with GAAP (e.g., are there any impairments?) Rights and obligations Does the client hold the rights to the assets? Are the liabilities obligations of the client? Presentation and Disclosure Information is appropriately presented and described in accordance with GAAP. Disclosures are adequate and understandable.
Independence in Fact Vs. Independence in Appearance
Independence in Fact is concerned with maintaining objectivity throughout the audit process. Independence in Appearance is concerned with eliminating economic incentives or emotional ties that make it difficult to maintain objectivity. Virtually all regulation is focused on factors related to the appearance of independence.
Assurance
Independent professional services that improve the quality of information, or its context, for decision makers.
Conditionally Skeptical
Investigate every "blip" that appears on your professional "radar screen" (intuition) Become wary and follow-up on red flag cues
Audit Planning and Final Review
Involves comparing KPI's (e.g., ratios) to relevant benchmarks such as: Competitors Industry performance Prior client performance
Audit Differences
Judgmental Differences vs. Errors A judgmental difference arises when the recorded accounting estimate is outside the auditor's acceptable range. An error arises from the following: Misapplication of an accounting principle Failure to record a required transaction Recording a transaction which is not required Recording a transaction at the incorrect $ amount. An estimate can be an error if both the auditor and the client agree that the estimate is wrong. Discuss differences with the appropriate level of management and/or the audit committee Should be sent to the client on a real-time basis since clients do not like surprises! All unrecorded (waived) differences must be quantified and compared to materiality. If Summary of Differences > Materiality, then the auditor must resolve these with the client.
Ratio for Audit Planning and Final Review
Liquidity Ratios Current Ratio (Current Assets / Current Liabilities) Debt Management Ratios Interest Rate Ratio (Interest Exp / Avg. Total Debt) Asset Management Ratios Inventory Turnover (COGS / Inventory) Profitability Ratios Return on Equity (Net Income / Equity) Market Value Ratios Earning per Share (Net Income / # of common shares)
Categories of Control
Management Controls -Controls that mitigate strategic risks to the organization and promote effectiveness of decision making and business activities Process Controls -Monitoring and reacting to process-level risks
Final Evaluation of Evidence
Materiality Risk assessments Disposition of proposed audit differences Evaluate presentation and disclosure assertions Final analytical and technical review
The Public Company Accounting Oversight Board (PCAOB)
Mixed public/private body Private exempt from many laws that apply to government agencies (e.g., open meetings) Public SEC appoints board and approves budget PCAOB fees are not public monies (i.e., secure source of funding). 5 member board 2 auditors (expertise) 3 members independent of auditing profession Staggered 5 year terms and can only be removed with cause (minimize political pressure) Registering audit firms Setting standards Auditing Standards Control System Disclosure Standards Inspection and investigation Disciplining audit firms
Two Extreme Approaches
No control testing Lots of substantive testing (minimum reliance on internal control) Lots of control testing Less substantive testing (maximum reliance on internal control)
Non Sampling Risk
Non-sampling risk arises from factors that cause the auditor to reach an erroneous conclusion for any reason not related to the size of the sample (ISA glossary of terms, emphasis added)
Observation
Observe how well the control procedure being performed by client employees. Example: Observation of client's count of inventory
Unqualified Opinion
Often called a clean opinion, an unqualified opinion is an audit report that is issued when an auditor determines that each of the financial records provided by the small business is free of any misrepresentations. In addition, an unqualified opinion indicates that the financial records have been maintained in accordance with the standards known as Generally Accepted Accounting Principles (GAAP). This is the best type of report a business can receive. Typically, an unqualified report consists of a title that includes the word "independent." This is done to illustrate that it was prepared by an unbiased third party. The title is followed by the main body. Made up of three paragraphs, the main body highlights the responsibilities of the auditor, the purpose of the audit and the auditor's findings. The auditor signs and dates the document, including his address.
Disclaimer of Opinion
On some occasions, an auditor is unable to complete an accurate audit report. This may occur for a variety of reasons, such as an absence of appropriate financial records. When this happens, the auditor issues a disclaimer of opinion, stating that an opinion of the firm's financial status could not be determined.
Sources of Non Sampling Risk
One source of NSR is that auditors' belief formation and revision may be faulty, resulting in inaccurate assessment(s) of any component of audit risk (i.e., inherent risk (IR), control risk (CR), RMM, and DR, including sampling risk). Others include: misinterpretation or misapplication of accounting principles and auditing standards, failure to obtain an understanding of the entity and its environment sufficient for assessing the components of audit risk, and failure to obtain sufficient, appropriate audit evidence when responding to preliminary assessments of such components.
Types of Process Controls
Process performance reviews KPIs and detailed reviews Processing controls Procedures and systems documentation Application controls Authorization Use of documents and records Physical controls (e.g., limiting access) Segregation of duties Employees should only be responsible for one of the following: operational decisions, authorization, custody of assets, and accounting for transactions.
Professional Skepticism
Professional skepticism is defined as "an attitude that includes a questioning mind and a critical assessment of audit evidence."
Reperformance
Redo the procedure supposedly performed and examines for discrepancies in findings. Example: Footing (i.e., checking for mathematical accuracy)
Substantive Analytical Procedures
Refer to M3 Day 1 Lecture Notes Must involve development of formal expectations Inter-relationships among data. Good for completeness and existence assertions and for assertions related to estimates. Not good for accuracy assertions
Invariably Skeptical
Regardless of past positive experiences Regardless of good reasons to trust management
Regression Analysis
Regression analysis also allows expectations to be conditioned on several variables simultaneously. Regression analysis provides a measure of uncertainty associated with expectations. This allows auditors to quantify and to control their risks of making inferential errors.
Auditor Responsibilities
Report evidence of suspected and discovered frauds involving high-level management to the audit committee and board of directors. Report other frauds involving lower level employees to senior management and the audit committee When a material fraud undermines the reliability of previously issued financial statements, the auditor should insist upon a restatement and must notify appropriate authorities such as the SEC and Stock Exchanges if client is unwilling.
Other Audit Wrap Up Procedures
Representation letters Legal documentation of management representations made to the auditor Documents responses to critical inquiries and avoids misunderstandings Subsequent events review Consideration of events after year-end that have implications for year-end financial results (e.g., major customer bankruptcy, legal settlements) Typically, these events require 1) adjusting the f/s and/or 2) disclosing information about the event. Attorney letters Attorneys confirm information about pending claims (e.g., nature, status, likelihood and magnitude of liability) Attorneys list any other claims and confirm that the final list of claims is complete. Audit checklist Check compliance with auditing and firm standards Going concern evaluation Assessing whether or not there is doubt that the client will remain in business for the next year. Relies heavily on strategic analysis
SSA Process
Strategic analysis (SA) Process analysis (PA) Risk assessment (RA) Pervasive / recursive through SA & PA What business risks exist, are they under control? What are the implications for audit risk? What are the implications for audit planning?
Strategic Analysis
Strategic analysis involves understanding how the client... adds value to its economic environment utilizes business processes to achieve its business objectives identifies and reacts to external threats to the organization. The outcome is an extensive set of evidence about the client's current risks and the implications for the auditor.
Computer System Evaluation
Testing of IT controls Financial Reporting System Consolidation Operational Systems IT procedures Test Data Parallel simulation (large clients)
Physical Examination
Going on-site or using technology to examine client's inventory/equipment for existence
Exogenous Assurance Demand
Government legislation could require that commodity quality always be subjected to attest engagements. Financial statement audits -- SEC Acts. Sarbanes-Oxley Act of 2002 Prescription drugs -- FDA rules.
AP Pitfalls
Ill-defined expectations Lack of reliable data Influence of reported outcomes Incomplete or inconsistent explanations of fluctuations Undue reliance on management integrity
Qualified Opinion
In situations when a company's financial records have not been maintained in accordance with GAAP but no misrepresentations are identified, an auditor will issue a qualified opinion. The writing of a qualified opinion is extremely similar to that of an unqualified opinion. A qualified opinion, however, will include an additional paragraph that highlights the reason why the audit report is not unqualified.
Unconscious Biases
In this model, biases affect the auditor unconsciously when they are making judgments concerning evidence. As a result, decisions could be biased in a manner that is consistent with the auditor's self-interest. Molly the auditor believes that management of Badger Co. is upset with her service and is considering changing auditors. They have indicated to her that they do not want to record any audit adjustments in this year's audit. As a result, when she evaluates the collectibility of the company's accounts receivable, she is more likely to unconsciously evaluate the receivables as being collectible.
Ways to Reduce Non Sampling Risk
Evidentiary Triangulation Recursive Risk Assessment Self-Criticism / Judgment Skepticism Non-financial Key Performance Indicators (KPIs) Systems Thinking Skills
Inquiry
Discuss the control procedure with strategically selected client employees. Many firms require corroboration of inquiry Example: asking the preparer of a monitoring control report if the reviewer ever questions items on the report
Warnings from Analytical Procedures and Strategic Analysis
Divergence between the client and competitors' performances (Worldcom) Divergence between client's net income and operating cash flows. Changes in capital structure and debt maturity Unsupported changes in estimates
Indirect Verification/Control Testing Procedures
Documentation Inquiry Observation Reperformance Computer System Evaluation
Earnings Management and Fraud Differences
Earnings management may or may not involve violations of GAAP or laws. Frauds are the result of intentional acts perpetrated to deceive, scienter. Fraud convictions create both civil and criminal penalty exposure for defendants.
Self Criticism
Embracing potential judgment fallibility and overconfidence Thinking in flexible, multidimensional ways
PCAOB Inspections
Engagement performance Human Resources Compensation Promotion Assignment Quality Control Independence Client acceptance and retention Internal inspection process Training
SOX Core Elements
Enhancing the role of auditors in enforcing laws against fraud and theft Improved oversight of auditors PCAOB Disclosure and auditor attestation of control systems Section 404
Ethics Rationalization
Everybody does it" rationalization Earnings management? "Legal equals ethical" fallacy It is OK because it isn't illegal. "No one will ever know" delusion How many frauds start "Slap on the wrist" syndrome Penalty doesn't fit the crime
Information Communicated to Audit Committee
General matters The audit firm is independent of management and the client in general. General description of work performed Auditor's responsibility with respect to the supplemental information Nature of significant accounting policies and procedures Significant management estimates (i.e., where misstatements are most likely) Accounting disagreements between the auditor and management and difficulties (e.g., timing, access to records, client assistance) encountered during the audit Specific matters Audit Reporting Significant audit adjustments (both adjusted and waived) Planned type of report (i.e., unqualified, etc.) ICFR reporting Significant Findings Material Weaknesses Significant Deficiencies Planned type of report
Information Used in AP's
Sales Revenue Interrelationships between financial measures Internal measures / non-financial KPI's External data Competitors Supply Chain Partners
SOX and Independence
Section 201 of Sarbanes-Oxley now prohibits auditors from performing certain non-audit services. All non-audit services to be performed by the auditor must be approved by the Audit Committee of the Board. Lead Audit Engagement and Review partners must rotate every 5 years. CPAs are prohibited from performing audits if the Client's CEO, Controller, CFO, Chief Accounting Officer or person in an equivalent position was previously employed by the audit firm during the preceding year. Audit Firms must make disclosures All of these provisions in Sarbanes-Oxley are designed to enhance auditor independence. The following non audit services are prohibited by SOX: Bookkeeping services Appraisal services Actuarial services Internal Audit services Management Functions Human Resources services Legal and Expert Services unrelated to the audit. Broker/dealer and Investment Banking services
Steps in Applying Regression
Select dependent variable based on audit objectives. Select independent variables based on accounting knowledge, risk analysis, and systems thinking. Use the model to "predict" the dependent variable Construct confidence intervals about regression predictions and determine whether actual results fall inside or outside confidence intervals. Observations are flagged for further investigation when they fall outside the confidence interval.
Reasons for Endogenous Demand
Signaling Monitoring-Producer agents require compensation to work hard Producer agents tend to shirk because principals cannot readily monitor their work levels. Essentially, effort aversion leads to a moral hazard problem Information-risk reduction Insurance
Analytical Procedures as Substantive Testing
Some audit applications of APs involve testing rather than mere exploration. An analytical procedure qualifies as a substantive test when it involves: The development of formal expectations Comparisons between expectations and observations. A basis for deciding when differences signal a potential problem.
Independence in Appearance
The avoidance of circumstances that would cause a reasonable and informed third party, having knowledge of all relevant information, including safeguards applied, to reasonably conclude that the integrity, objectivity, or professional skepticism of a firm or a member of the attest engagement team had been compromised.
Independence in Fact
The state of mind that permits the performance of an attest service without being affected by influences that compromise professional judgment, thereby allowing an individual to act with integrity and exercise objectivity and professional skepticism.
Adverse Opinion
The worst type of financial report that can be issued to a business is an adverse opinion. This indicates that the firm's financial records do not conform to GAAP. In addition, the financial records provided by the business have been grossly misrepresented. Although this may occur by error, it is often an indication of fraud. When this type of report is issued, a company must correct its financial statement and have it re-audited, as investors, lenders and other requesting parties will generally not accept it.
Deliberate Collusion
This model assumes that auditors form unbiased judgments when evaluating evidence. If the bias is deliberate, then it can be fixed by the threat of sanctions. i.e., auditors will evaluate the costs/benefits of collusion. Some high profile audit failures have been the result of deliberate collusion with the client (e.g., Enron).
