ACC3701 ASSURANCE & ATTESTATION Firm wide/engagement-specific/safeguards within client’s tests/Significant matters (professional judgement)/Evidence Analytical: ratio/profit margin/g rates (actual vs
Week 1 – Intro to regulatory framework systems & procedures | partner rotation every 7 yrs obtained/Conclusions reached est/industry stds/YOY)
Principal (SH) & Agent (Managers) r/s → conflict of interests & PART 4: INDEPENDENCE Engagement terms: Objectives, Mgmt. responsibilities, Scanning: identify significant, unusual items. Raise qns.
info risk Independence of MIND: express conclusion without Auditors ~, Limitations, Audit fee & Using work of internal Scan unselected items → reduce sampling risk
Transn classes Accounts bal Presentatn & disclos compromising professional judgement/act w integrity, audit fn & Role of TCWG/AC Audit report: another exp auditor can unds & replicate.
Occurrence Existence Occurrence & rights exercise objectivity & professional scepticism AUDIT TESTS Permanent/current files → QC. Retain for 5 yrs min.
Completeness Rights & & obligations Independence in APPEARANCE: avoidance of facts & whether a Risk Assessment Procedures: obtain unds of entity & int ctrls. Substantive analytical procedures: Trend, ratio,
Authorisation obligations Completeness reasonable & informed 3rd party can conclude ~ compromised Identify potential MMs. Biz nature, obj, strats, risks, industry, reasonableness analysis
Accuracy Completeness Classification (don’t rec gift) | nobody believe regulatory, past exp, ext factors, perf measures, int key ctrls Actual – exp > tolerable amt OR inconsistent fluctuations →
Cut off Valuation & (understandability) Provide non-assurance svs: self-review threat Test of Controls: eff of int ctrls to prevent/detect/correct Investigate & obtain corroborative evidence
Classification allocation Accuracy & valuation SHALL NOT assume mgmt responsibility (don’t touch fin stts) Inquiry, Inspection, Observe, Walk-through, Reperformance Exp based on: fin/op data, budgets, forecasts, competitor info,
Audit: EV evidence & subject matter wrt assertions → express but MAY provide assistance. IF client is a PIE [listed entity/def Ctrl objectives: validity, completeness, authorisation, accuracy, analyst’s reports
unmodified opinion on true & fairness | Assurance: enhance by legislation] only valuation&tax calc can/material eff on fin classification, cutoff Tolerable difference based on: Sig. of acc, desired deg of
deg of confi of intended users & credibility of client’s fin stt stts/significant degree of subjectivity/ threaten independ/sig. Substantive Procedures: Analyse r/s bet. Fin & non-fin data reliance, lvl of disaggregation in tested amt, precision of exp
Subject matter: fin info/non-fin info/systems & processes (int part of int ctrls → don’t provide svcs Nature: type|Extent: how many & items to test|Timing: when SHOULD NOT EXCEED PERF MATERIALITY
ctrls)/behaviour (compliance/corp. governance) Safeguards: policies prohibit assuming responsibility/indep Test of details: detect MM in trans class/acc bal/disclosure Week 5 – Internal controls (general vs application)
Materiality: reasonably influence user’s economic dec. verification/remove staff from audit team/outsource Dual-purpose tests → 1 procedure (more efficient) Reasonable assurance of adequate control & reliability of data
Audit risk: IR * CR * DR | auditor express inappropriate If safeguards cannot reduce threats to acceptable lvl → Materiality (judgement + proportional): dpds on users&type of gen → Assets safeguarded & reliable info for DM
opinion when fin stts materially misstated Auditor resp. → unds co. int ctrl & assess CR. Enquire staffs.
eliminate the circumstance/r/s creating the threats info | Determine overall mat → perf mat → EV audit findings
Reasonable assurance: some MM risk present, fail to detect COSO Int Ctrl Int Framework: Obj: reliability in fin rep; eff & eff
QC: firm’s leadership/ethical req/HR/accept & cont client’s Eg. Use adj PBT (omit one
Evidence: Sufficiency & appropriateness (RELEVANCE & ops; compliance w laws & reg
r/s/engagement performance/monitoring time gain)/av values→
RELIABILITY). Acct data & add. info avail
Accept client: disagreements on acct pol/procedures/reasons Adj lower if prior yrs have Components: [Layers of ctrl: entity, division, op unit, fn]
NOT TRUE & FAIR: MMs/not faithful rep/not prudent/
for change/int ctrl deficiencies/NOCLAR/mgmt integrity MMs, high risk of fraud Control env: stds, processes, structures to establish the
incomplete info → not reflective of firm’s ec reality
Rel party/arms-length transn → cloud prof judgement → importance of int ctrls & high stds of conduct
Audit standards: ensure quality of auditor’s performance (Values/competency/policies, manuals & practices/op
Professionalism: code of conduct, aims, qualities of profession, approval from independent directors in AC + disclose Performance mat.: less than overall materiality to reduce
Week 3 – Audit Planning & Risk Assessment probability of uncorrected/undetected MMs exceeding fin stt style/assignment of authority & responsibility
due care → trust & quality control Risk assessment: changes in op env/new personnel/new
AR = IR * CR * DR | RMM = IR * CR DR: Non-sampling risk: materiality. Scope for audit tests (select acc bal for testing). 50-
Legal liability for fraud/negligence. Liability caps: risk mgmt. info systems/tech/growth rates/expansion/restructuring
wrong procedures | 75% of OVERALL materiality. If RMM is high, use 50%.
Week 2 – Code of ethics & professional conduct (IESBA) Control activities: to mitigate risks. P: perf reviews. I:
PART 1: Conceptual Framework Approach: Identify threats Sampling risk: wrong EV audit findings: Aggregates MMs from each acc/trans
info processing. P: physical ctrls. S: seg of duties
(actual/perceived) → EV significance → apply safeguards sample Consider effects of unadj MMs in current & prior period.
Info & comms: Ext & int info for daily ops. Record &
(reduced to acceptable lvl) *RITP test complies w fundamental Inherent Risk Control Risk Detection Risk Agg MMs > Overall mat OR Indiv acc MMs > Perf mat → Adjust communicate timely. Present & disclose properly.
principles (FPs) [integrity/obj/prof competence/behaviour/ Nature of Effectiveness of Auditor will not fin. stt OR ISSUE QUALIFIED/ADVERSE OPINION Monitoring: QC of intl ctrls. EV findings. Communicate
biz/industry the int. controls detect misstts. MMs: 1. Fin stt (whole) 2. Assertion lvl (indiv accs)| intentional deficiencies.
confidentiality] | Threats: extent/degree
Audit Risk Model: 1. Set audit risk lvl (Determine AR) 2. (fraud) vs un~ IT system: evidence in electronic format, ask expert on design,
Self-interest: Financial&personal interests(materiality)
Determine RMM (IR * CR) 3. Determine DR = AR/RMM 4. Week 4 – Documentation & Evidence documentation, data flow & r/s, inputs, processing, record
Self-review: Don’t appropriately evaluate prev.
Based on DR lvl (inappropriate procedures/misinterpret Types: invoice, minutes, entries records, SL, GL, benchmarking, (easier, more accurate, timely, reliable)
judgement. Can’t identify own mistakes/won’t own up
Advocacy: Promote client’s/employer’s results/sampling results) → design audit procedures contracts, analyst report, computations, reconciliations, Substantive strat: poor ctrls → high CR (ctrls ineffective/
position/shares/listing Higher RMM → auditors need work harder → lower DR → spreadsheets inefficient/unrelated to assertion) → larger samples
Familiarity: Long/close recurring r/s w client → lower AR (to acceptable lvl) Sufficiency (qty) & appropriateness (qly: relevance & Reliance strat: gd ctrls → lower CR based on TOC (I I O R)
sympathetic. Familiar w procedures. Limitations: don’t know initial lvl of RMM → dk desired lvl reliability) → Greater risk of MM = more evidence req | Higher Small firms: maybe don’t have TOC (just do substantive tests)
Intimidation: Actual/perceived pressures. Audit strategy) + plan: effective & efficient quality/reliable = less req |More credible: Independent ext TOC consistent w planned assessment of CR (ctrs eff) → low CR
Threatened. Undue influence. Assess biz risks: unds biz ops/transns. Identify potential source, auditor’s personal knowledge; original docs Limitations of ctrl: judgement/mgmt override/human errors &
PART 2: PA in BUSINESS (not in audit firm) areas of MMs → allocate more time to risky accs Thorough search + unbiased EV mistakes/collusion/ctrl breakdown/too exp/not enough staff
Pressures: to approve illegitimate expenses/report misleading Establish materiality: OVERALL (fin stt)&PERFORMANCE. |Procedures: Inspection, obsv, Low DR → work @ yr end | High DR → interim & yr end
results/inducements to influence (don’t accept)/ evade tax | Consider multi-locations: Consolidated stts inquire, ext confirm, recalc, Ctrl deficiency: unable to prevent, detect, correct / missing ctrl
INTENT TEST: actual/perceived intent to influence (req: Need for experts: audit/IT/valuation. Consider: reperform, analytical, scanning → merit mgmt’s attn
perceived threat) → depends on: nature/freq/value/usual competence, obj, independence, consistency w
Significant deficiency: based on professional judgement, need
practice/roles & pos (to influence decision) of individuals evidence, confidentiality (agree in writing). Don’t ref in Inspection: Vouching (find source doc – bkwds)
audit report to merit TCWG’s attn → no material impact on FS
Large proportion of fees (wrt total $): self int + intimidation + (occurrence) & trace to FS (fwd) (completeness). See the
Non-compliance to rules & regs: direct/indirect/material inventory (qty & condition) Material weakness: reasonable p that MM not prevented/
threatened independence detected → material impact on FS. More severe than sig
Related parties: review contracts & agreements Observation: watch the process Recalc: accuracy
NOCLAR: Non-compliance to laws & regulations deficiency. | *consider LIKELIHOOD + MAGNITUDE
Consider value-added svcs: limited Inquire: Clear, concise, close/ended qns. Ask the right
Responsible when aware. Integrity & prof behaviour. Alert Sarbanes-Oxley Act: publicly traded co. need report int ctrl
Documentation: Nature, timing, extent (freq/imptance) of person. EV response/reactions
mgmt/TCWG. Need for documentation. over fin rep (ICFR - GAAP). Integrated audit = ICFR + fin stts
audit tests/Risk management methods/Results of audit Ext confirm: +ve/blank/-ve (E, O, V, cutoff; no complete)
PART 3: PAs in PUBLIC PRACTICE Substantive procedures results → considered int ctrl EV
tests/Addressed risks/Lvl of control testing → substantive Reperform: Identify loopholes/non-compliance to ctrls
Week 1 – Intro to regulatory framework systems & procedures | partner rotation every 7 yrs obtained/Conclusions reached est/industry stds/YOY)
Principal (SH) & Agent (Managers) r/s → conflict of interests & PART 4: INDEPENDENCE Engagement terms: Objectives, Mgmt. responsibilities, Scanning: identify significant, unusual items. Raise qns.
info risk Independence of MIND: express conclusion without Auditors ~, Limitations, Audit fee & Using work of internal Scan unselected items → reduce sampling risk
Transn classes Accounts bal Presentatn & disclos compromising professional judgement/act w integrity, audit fn & Role of TCWG/AC Audit report: another exp auditor can unds & replicate.
Occurrence Existence Occurrence & rights exercise objectivity & professional scepticism AUDIT TESTS Permanent/current files → QC. Retain for 5 yrs min.
Completeness Rights & & obligations Independence in APPEARANCE: avoidance of facts & whether a Risk Assessment Procedures: obtain unds of entity & int ctrls. Substantive analytical procedures: Trend, ratio,
Authorisation obligations Completeness reasonable & informed 3rd party can conclude ~ compromised Identify potential MMs. Biz nature, obj, strats, risks, industry, reasonableness analysis
Accuracy Completeness Classification (don’t rec gift) | nobody believe regulatory, past exp, ext factors, perf measures, int key ctrls Actual – exp > tolerable amt OR inconsistent fluctuations →
Cut off Valuation & (understandability) Provide non-assurance svs: self-review threat Test of Controls: eff of int ctrls to prevent/detect/correct Investigate & obtain corroborative evidence
Classification allocation Accuracy & valuation SHALL NOT assume mgmt responsibility (don’t touch fin stts) Inquiry, Inspection, Observe, Walk-through, Reperformance Exp based on: fin/op data, budgets, forecasts, competitor info,
Audit: EV evidence & subject matter wrt assertions → express but MAY provide assistance. IF client is a PIE [listed entity/def Ctrl objectives: validity, completeness, authorisation, accuracy, analyst’s reports
unmodified opinion on true & fairness | Assurance: enhance by legislation] only valuation&tax calc can/material eff on fin classification, cutoff Tolerable difference based on: Sig. of acc, desired deg of
deg of confi of intended users & credibility of client’s fin stt stts/significant degree of subjectivity/ threaten independ/sig. Substantive Procedures: Analyse r/s bet. Fin & non-fin data reliance, lvl of disaggregation in tested amt, precision of exp
Subject matter: fin info/non-fin info/systems & processes (int part of int ctrls → don’t provide svcs Nature: type|Extent: how many & items to test|Timing: when SHOULD NOT EXCEED PERF MATERIALITY
ctrls)/behaviour (compliance/corp. governance) Safeguards: policies prohibit assuming responsibility/indep Test of details: detect MM in trans class/acc bal/disclosure Week 5 – Internal controls (general vs application)
Materiality: reasonably influence user’s economic dec. verification/remove staff from audit team/outsource Dual-purpose tests → 1 procedure (more efficient) Reasonable assurance of adequate control & reliability of data
Audit risk: IR * CR * DR | auditor express inappropriate If safeguards cannot reduce threats to acceptable lvl → Materiality (judgement + proportional): dpds on users&type of gen → Assets safeguarded & reliable info for DM
opinion when fin stts materially misstated Auditor resp. → unds co. int ctrl & assess CR. Enquire staffs.
eliminate the circumstance/r/s creating the threats info | Determine overall mat → perf mat → EV audit findings
Reasonable assurance: some MM risk present, fail to detect COSO Int Ctrl Int Framework: Obj: reliability in fin rep; eff & eff
QC: firm’s leadership/ethical req/HR/accept & cont client’s Eg. Use adj PBT (omit one
Evidence: Sufficiency & appropriateness (RELEVANCE & ops; compliance w laws & reg
r/s/engagement performance/monitoring time gain)/av values→
RELIABILITY). Acct data & add. info avail
Accept client: disagreements on acct pol/procedures/reasons Adj lower if prior yrs have Components: [Layers of ctrl: entity, division, op unit, fn]
NOT TRUE & FAIR: MMs/not faithful rep/not prudent/
for change/int ctrl deficiencies/NOCLAR/mgmt integrity MMs, high risk of fraud Control env: stds, processes, structures to establish the
incomplete info → not reflective of firm’s ec reality
Rel party/arms-length transn → cloud prof judgement → importance of int ctrls & high stds of conduct
Audit standards: ensure quality of auditor’s performance (Values/competency/policies, manuals & practices/op
Professionalism: code of conduct, aims, qualities of profession, approval from independent directors in AC + disclose Performance mat.: less than overall materiality to reduce
Week 3 – Audit Planning & Risk Assessment probability of uncorrected/undetected MMs exceeding fin stt style/assignment of authority & responsibility
due care → trust & quality control Risk assessment: changes in op env/new personnel/new
AR = IR * CR * DR | RMM = IR * CR DR: Non-sampling risk: materiality. Scope for audit tests (select acc bal for testing). 50-
Legal liability for fraud/negligence. Liability caps: risk mgmt. info systems/tech/growth rates/expansion/restructuring
wrong procedures | 75% of OVERALL materiality. If RMM is high, use 50%.
Week 2 – Code of ethics & professional conduct (IESBA) Control activities: to mitigate risks. P: perf reviews. I:
PART 1: Conceptual Framework Approach: Identify threats Sampling risk: wrong EV audit findings: Aggregates MMs from each acc/trans
info processing. P: physical ctrls. S: seg of duties
(actual/perceived) → EV significance → apply safeguards sample Consider effects of unadj MMs in current & prior period.
Info & comms: Ext & int info for daily ops. Record &
(reduced to acceptable lvl) *RITP test complies w fundamental Inherent Risk Control Risk Detection Risk Agg MMs > Overall mat OR Indiv acc MMs > Perf mat → Adjust communicate timely. Present & disclose properly.
principles (FPs) [integrity/obj/prof competence/behaviour/ Nature of Effectiveness of Auditor will not fin. stt OR ISSUE QUALIFIED/ADVERSE OPINION Monitoring: QC of intl ctrls. EV findings. Communicate
biz/industry the int. controls detect misstts. MMs: 1. Fin stt (whole) 2. Assertion lvl (indiv accs)| intentional deficiencies.
confidentiality] | Threats: extent/degree
Audit Risk Model: 1. Set audit risk lvl (Determine AR) 2. (fraud) vs un~ IT system: evidence in electronic format, ask expert on design,
Self-interest: Financial&personal interests(materiality)
Determine RMM (IR * CR) 3. Determine DR = AR/RMM 4. Week 4 – Documentation & Evidence documentation, data flow & r/s, inputs, processing, record
Self-review: Don’t appropriately evaluate prev.
Based on DR lvl (inappropriate procedures/misinterpret Types: invoice, minutes, entries records, SL, GL, benchmarking, (easier, more accurate, timely, reliable)
judgement. Can’t identify own mistakes/won’t own up
Advocacy: Promote client’s/employer’s results/sampling results) → design audit procedures contracts, analyst report, computations, reconciliations, Substantive strat: poor ctrls → high CR (ctrls ineffective/
position/shares/listing Higher RMM → auditors need work harder → lower DR → spreadsheets inefficient/unrelated to assertion) → larger samples
Familiarity: Long/close recurring r/s w client → lower AR (to acceptable lvl) Sufficiency (qty) & appropriateness (qly: relevance & Reliance strat: gd ctrls → lower CR based on TOC (I I O R)
sympathetic. Familiar w procedures. Limitations: don’t know initial lvl of RMM → dk desired lvl reliability) → Greater risk of MM = more evidence req | Higher Small firms: maybe don’t have TOC (just do substantive tests)
Intimidation: Actual/perceived pressures. Audit strategy) + plan: effective & efficient quality/reliable = less req |More credible: Independent ext TOC consistent w planned assessment of CR (ctrs eff) → low CR
Threatened. Undue influence. Assess biz risks: unds biz ops/transns. Identify potential source, auditor’s personal knowledge; original docs Limitations of ctrl: judgement/mgmt override/human errors &
PART 2: PA in BUSINESS (not in audit firm) areas of MMs → allocate more time to risky accs Thorough search + unbiased EV mistakes/collusion/ctrl breakdown/too exp/not enough staff
Pressures: to approve illegitimate expenses/report misleading Establish materiality: OVERALL (fin stt)&PERFORMANCE. |Procedures: Inspection, obsv, Low DR → work @ yr end | High DR → interim & yr end
results/inducements to influence (don’t accept)/ evade tax | Consider multi-locations: Consolidated stts inquire, ext confirm, recalc, Ctrl deficiency: unable to prevent, detect, correct / missing ctrl
INTENT TEST: actual/perceived intent to influence (req: Need for experts: audit/IT/valuation. Consider: reperform, analytical, scanning → merit mgmt’s attn
perceived threat) → depends on: nature/freq/value/usual competence, obj, independence, consistency w
Significant deficiency: based on professional judgement, need
practice/roles & pos (to influence decision) of individuals evidence, confidentiality (agree in writing). Don’t ref in Inspection: Vouching (find source doc – bkwds)
audit report to merit TCWG’s attn → no material impact on FS
Large proportion of fees (wrt total $): self int + intimidation + (occurrence) & trace to FS (fwd) (completeness). See the
Non-compliance to rules & regs: direct/indirect/material inventory (qty & condition) Material weakness: reasonable p that MM not prevented/
threatened independence detected → material impact on FS. More severe than sig
Related parties: review contracts & agreements Observation: watch the process Recalc: accuracy
NOCLAR: Non-compliance to laws & regulations deficiency. | *consider LIKELIHOOD + MAGNITUDE
Consider value-added svcs: limited Inquire: Clear, concise, close/ended qns. Ask the right
Responsible when aware. Integrity & prof behaviour. Alert Sarbanes-Oxley Act: publicly traded co. need report int ctrl
Documentation: Nature, timing, extent (freq/imptance) of person. EV response/reactions
mgmt/TCWG. Need for documentation. over fin rep (ICFR - GAAP). Integrated audit = ICFR + fin stts
audit tests/Risk management methods/Results of audit Ext confirm: +ve/blank/-ve (E, O, V, cutoff; no complete)
PART 3: PAs in PUBLIC PRACTICE Substantive procedures results → considered int ctrl EV
tests/Addressed risks/Lvl of control testing → substantive Reperform: Identify loopholes/non-compliance to ctrls
