Chapter 8 audit planning and analytical procedures solutions

Auditing Course Assignment

Read "Chapter 3" pdf. then Answer the following questions(a.b.c) based on the information presented for Cloud 9 in the appendix to this book and in the current chapter and previous chapters.（Attached file "Chapter 3" contains the reading material and the assignment detail.Attached file "data"is the appendix for question a. Attached files "Chapter 1"&"Chapter 2" is optional reading for this assignment. "）

a. Using the September 30, 2022, trial balance(in the appendix to this book), calculate planning materiality and include the justification for the basis that you have used for your calculation.

b. Discuss how the planning materiality would be used to determine performance materiality.

c. If the planning materiality amount is subsequently increased or decreased later in the audit, how would that impact the audit?

Risk Assessment Part I Audit Risk and Audit Strategy

CHAPTER 3

Au di

t d at

a an

al yt

ic s

Ch ap

te r 7

Au di

t e vi

de nc

e Ch

ap te

r 5

Client Acceptance/Continuance and Risk Assessment Chapters 3 & 4

Develop Responses to Risk and an Audit Strategy

Gain an understanding of

the client

Identify significant accounts and transactions

Set planning materiality

Identify what can go wrong (WCGW)

Gain an understanding of internal controls

Chapter 6

Overview and Audit Assurance Chapter 1

Concluding the Audit and Reporting Chapter 14 & 15

ReportingDrawing auditconclusions Procedures performed near

the end of the audit

Auditing the balance sheet and related income accounts

Chapter 13

Auditing purchases, payables, and payroll

Chapter 12

Auditing sales and receivables

Chapter 11

Reliance on internal controls Chapter 8

Substantive strategy Chapter 9

Audit sampling for substantive tests Chapter 10

Professionalism and Professional Responsibilities Chapter 2

c03RiskAssessmentPartI.indd Page 3-1 07/08/18 7:15 PM f-389 c03RiskAssessmentPartI.indd Page 3-1 07/08/18 7:15 PM f-389 /208/WB02435/9781119401810/ch03/text_s/208/WB02435/9781119401810/ch03/text_s

Pr op

er ty

o f J

oh n

W ile

y &

So ns

, L td

. N ot

fo r g

en er

al re

di st

rib ut

io n.

3-2 CHAPTER 3 Risk Assessment Part I

Cloud 9 - Continuing Case Sharon and Josh have already discussed some specifi c client accep- tance issues, such as independence threats and safeguards. Sharon explains they also must consider the overall integrity of the client (that is, management of Cloud 9). This means they need to perform and document procedures that are likely to provide information about the client’s integrity. Josh is a little skeptical. “Do you mean that we should ask them if they are honest?” Sharon suggests it is probably more useful to ask others, and the key people to ask are the existing auditors. Josh is still skeptical. “The existing auditors are Ellis & Associates. Are they going to help us take one of their clients from them?” Sharon says the client must give permission fi rst, and, if that is given, the existing auditor will usually state whether or not there were any issues that the new auditor should be aware of before accepting the work. This type of communica- tion is covered by AS 2610 (AU-C 210 for private company clients)

and is part of professional ethics. Sharon also gives Josh the task of researching Cloud 9’s press coverage, with special focus on any- thing that may indicate poor management integrity.

Sharon emphasizes they must perform and document proce- dures to determine whether W&S Partners is competent to per- form the engagement and has the capabilities, time, and resources to do so. For example, they must make sure they have audit team members who understand the clothing and footwear business. They also must have enough staff to complete the audit on time.

In addition, Sharon and Josh must perform and document procedures to show that W&S Partners can comply with all parts of the code of professional conduct, not just those that focus on independence threats and safeguards. Finally, they can draft the engagement letter to cover the contractual relationship between W&S Partners and Cloud 9.

Auditing and Assurance Standards

PCAOB AS 1015 Due Professional Care in the Performance of Work

AS 1101 Audit Risk

AS 1301 Communications with Audit Committees

AS 2101 Audit Planning

AS 2105 Consideration of Materiality in Planning and Performing an Audit

AS 2110 Identifying and Assessing Risk of Material Misstatement

AS 2301 The Auditor’s Responses to the Risks of Material Misstatement

AS 2401 Consideration of Fraud in a Financial Statement Audit

AS 2610 Initial Audits—Communication Between Predecessor and Successor Auditors

AUDITING STANDARDS BOARD AU-C 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards

AU-C 210 Terms of Engagement

AU-C 240 Consideration of Fraud in a Financial Statement Audit

AU-C 300 Planning an Audit

AU-C 315 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

AU-C 320 Materiality in Planning and Performing an Audit

AU-C 330 Performing Audit Procedures in Response to Assessed Risks and Evaluating Audit Evidence Obtained

QC10 A Firm’s System of Quality Control

Learning Objectives

LO 1 Evaluate client acceptance and continuance decisions.

LO 2 Identify the diff erent phases of an audit.

LO 3 Explain and apply the concept of materiality.

LO 4 Explain professional skepticism and apply the audit risk model.

LO 5 Explain how auditors determine their audit strategy and how audit strategy aff ects audit decisions.

LO 6 Analyze fraud risk and explain the fraud risk assessment process.

c03RiskAssessmentPartI.indd Page 3-2 07/08/18 7:15 PM f-389 c03RiskAssessmentPartI.indd Page 3-2 07/08/18 7:15 PM f-389 /208/WB02435/9781119401810/ch03/text_s/208/WB02435/9781119401810/ch03/text_s

Pr op

er ty

o f J

oh n

W ile

y &

So ns

, L td

. N ot

fo r g

en er

al re

di st

rib ut

io n.

Client Acceptance and Continuance Decisions 3-3

Chapter Preview: Audit Process in Focus This chapter marks the beginning of our overview of how an audit is conducted. First, we consider the factors that impact an auditor’s client acceptance/continuation decision. The fi rst step for any audit is the decision to accept a company as a new audit client or to continue as the auditor of an existing client.

Risk assessment is an important topic that we will cover in this and the next chapter. In this chapter we begin with a discussion of the diff erent phases (or stages) of the audit: (1) the risk assessment phase, (2) the risk response phase (where the detailed work is conducted), and (3) the reporting phase (where the audit opinion is formed). In the risk assessment phase, auditors adopt a broad view of the client as a whole and the industry in which it operates. In this context, auditors obtain a more detailed understanding of the client in the early stages of each audit; that knowledge drives the audit planning decisions about the nature, extent, and timing of audit evidence to collect. Auditors cannot economically audit everything; therefore, the concepts of materiality, professional skepticism, and audit risk guide auditors in deciding which areas of the fi nancial statements are most important to examine. Ultimately, auditors will develop a detailed audit strategy for the execution of the audit.

This chapter will conclude with a discussion of the assessment of fraud risk, which is part of the risk assessment phase of the audit. The remainder of the risk assessment procedures will be covered in Chapter 4.

LEARNING OBJECTIVE 1 Evaluate client acceptance and continuance decisions.

The fi rst stage of any audit is the client acceptance or continuance decision. While the deci- sion to take on a new client is more detailed than the decision to continue with an existing client, they have much in common. QC 10, A Firm’s System of Quality Control, provides guid- ance on the procedures used when making the client acceptance or continuance decision. Illustration 3.1 summarizes factors that infl uence client acceptance and retention decisions and these factors are discussed below.

Client Acceptance and Continuance Decisions

ILLUSTRATION 3.1 Factors that infl uence client acceptance and retention

Positive Factors Influencing Client Acceptance and Retention Decisions

Factors that Influence Client Acceptance and Retention

Negative Factors Influencing Client Acceptance and Retention Decisions

Management shows integrity in business and accounting decisions.

Management places a premium on representational faithfulness of accounting information.

Integrity of management Concerns exist about the integrity of management in business and accounting decisions.

Management is preoccupied with meeting specific accounting numbers.

The firm has expertise to perform services requested by the client or has access to specialists that can meet client needs.

Competence issues The firm does not have expertise needed to provide the full scope of services requested by the client, or does not have aff iliation with specialists to meet client needs.

No independence problems exist, or independence problems can be resolved prior to client acceptance.

Independence issues Independence and conflict of interest issues exist that cannot be resolved prior to client acceptance.

(continued)

c03RiskAssessmentPartI.indd Page 3-3 07/08/18 7:15 PM f-389 c03RiskAssessmentPartI.indd Page 3-3 07/08/18 7:15 PM f-389 /208/WB02435/9781119401810/ch03/text_s/208/WB02435/9781119401810/ch03/text_s

Pr op

er ty

o f J

oh n

W ile

y &

So ns

, L td

. N ot

fo r g

en er

al re

di st

rib ut

io n.

3-4 CHAPTER 3 Risk Assessment Part I

You may be wondering why the decision to take on a new client or continue with an exist- ing client is such a big deal. More clients mean more revenue for the CPA accounting fi rm, so why not accept all client engagement opportunities? The answer is because being associated with a “bad client” can damage the fi rm’s reputation, which causes the public to lose trust in the fi rm. A good example of this situation is the accounting fi rm Arthur Andersen LLP (“Andersen”), formerly one of the largest fi rms in the world. In the 1990s and early 2000s, several of Andersen’s clients were investigated by the Securities and Exchange Commission (SEC) for accounting fraud, the most well-known being Enron and WorldCom. Andersen was convicted of a felony (obstruction of justice) in the Enron case, but that was reversed by the Supreme Court in 2005.1 With the felony conviction overturned, Andersen could resume operations and audit public company clients. That has not happened. Why? The damage to the Andersen name and reputation was so severe that companies do not want to be associated with the Andersen name.

One of the key factors that infl uences the client acceptance decision is the assessment of the integrity of the client’s management. When assessing management integrity, the auditor will consider the following factors:

• the reputation of the client, its management, directors, and key stakeholders • client’s reasons for switching audit fi rms, if the company was previously audited • management’s attitude to risk exposure • management’s attitude to the implementation and maintenance of adequate internal

controls • the appropriateness of management’s interpretation of accounting rules • management’s willingness to allow the auditors full access to client personnel, records,

and information required to form their opinion

How do auditors gather information on these factors? Information is gathered primarily through communication with individuals internal and external to the prospective client. Some of the key communications are as follows:

• communication with the previous auditor, if the company was previously audited AU-C 210 Terms of Engagement and AS 2610 Initial Audits—Communications Between Predecessor and Successor Auditors require that the auditor obtain permission from the prospective client before communicating with the predecessor, or previous, auditor. If that permission is not granted, the auditor should consider the implications of that re- fusal when deciding whether to accept the engagement (AU-C 210.11). Illustration 3.2 lists the types of inquiries the auditor should make of the predecessor auditor.

• communication with client personnel • communication with third parties such as client bankers and lawyers

There are minimal regulatory reporting requirements.

The client is financially stable and profitable, with no significant concerns about debt covenants.

No scope limitations exist.

The entity has a strong accounting system with good internal controls.

Special circumstance and unusual risks

There are significant regulatory reporting requirements with close monitoring by regulators.

The client is experiencing profitability issues, weak cash flows, and is close to violation of debt covenants.

The client voices significant concerns about the scope of audit work.

The entity has a weak accounting system with few internal controls.

ILLUSTRATION 3.1 (continued)

Positive Factors Influencing Client Acceptance and Retention Decisions

Factors that Influence Client Acceptance and Retention

Negative Factors Influencing Client Acceptance and Retention Decisions

1Arthur Andersen LLP vs. United States (04-368) 544 U.S. 696 (2005).

c03RiskAssessmentPartI.indd Page 3-4 07/08/18 7:15 PM f-389 c03RiskAssessmentPartI.indd Page 3-4 07/08/18 7:15 PM f-389 /208/WB02435/9781119401810/ch03/text_s/208/WB02435/9781119401810/ch03/text_s

Pr op

er ty

o f J

oh n

W ile

y &

So ns

, L td

. N ot

fo r g

en er

al re

di st

rib ut

io n.

Client Acceptance and Continuance Decisions 3-5

• communication with the client’s industry peers • review of newspaper and magazine articles about the client, or articles in industry trade

journals

Before accepting a new client, consideration must be given to any threats to compli- ance with the fundamental principles of professional ethics, such as integrity, objectivity, independence, professional competence, and due care, as discussed in Chapter 2. Threats to the fundamental principles of professional ethics will occur if the prospective client is dishonest, involved in illegal activities, or aggressive in its interpretations of accounting rules. An accounting fi rm should not accept a new client if the fi rm is concerned about any of these issues. Potential threats to compliance with the fundamental principles of pro- fessional ethics for existing clients should be considered regularly as part of continuation decisions.

To ensure professional competence and due care, a fi rm must be certain it has the staff available for the time required to complete the audit. The fi rm must ensure its audit staff has the knowledge and competence required to conduct the audit. The fi rm must have access to independent specialists, if required. The use of specialists will be discussed in Chapter 5.

To ensure that it is independent of prospective and continuing clients, the accounting fi rm must review the threats to independence, described in Chapter 2, and make certain that safeguards are put in place to limit or remove those threats. If an independence threat appears insurmountable, a fi rm should decline an off er to be the auditor of a prospective client or resign from the audit of an existing client. An example of such a threat is fee dependence, where the fees from a client would form a signifi cant proportion of the fi rm’s total fees. This can occur if a prospective client is much larger than a fi rm’s current clients or if an existing client has grown signifi cantly.

The fi rm should also consider any special circumstances or unusual risks that could be unique to a prospective or continuing client. For example, is the client fi nancially stable, or is it experiencing profi tability issues? Another issue is the regulatory environment for the client. Auditors should be aware of any issues being raised by regulators or whether the client may be close to violating regulatory requirements. These and other special circumstances should be carefully considered by the fi rm.

Inquiries of the predecessor auditor may be oral or written and should include:

1. Information that might bear on the integrity of management.

2. Disagreements with management about accounting policies, auditing procedures, or other significant matters.

3. Communications to those charged with governance regarding fraud and noncompliance with laws or regulations by the entity.

4. Communications to management and those charged with governance regarding significant deficiencies and material weaknesses in internal control.

5. The predecessor auditor’s understanding about the reasons for the change of auditors.

Source: AU-C 210 Terms of Engagement, paragraph A31; AS 2610 Initial Audits—Communications Between Predecessor and Successor Auditors, paragraph 9

ILLUSTRATION 3.2 Communication with the predecessor auditor

Audit Reasoning Example Acceptance of New Client

A software company is looking for a new auditor. The company has grown through an acquisition and needs an auditor that can handle its needs. The company has paid attention to good internal controls, and the new auditor sees no independence issues. Discussions with the predecessor auditor, the audit committee, and management indicate a good tone at the top and provide a consistent story about the company and its reasons for changing auditors. The new fi rm, with national and international offi ces and many clients in the software industry, sees this as a client with good potential for the fi rm.

c03RiskAssessmentPartI.indd Page 3-5 07/08/18 7:15 PM f-389 c03RiskAssessmentPartI.indd Page 3-5 07/08/18 7:15 PM f-389 /208/WB02435/9781119401810/ch03/text_s/208/WB02435/9781119401810/ch03/text_s

Pr op

er ty

o f J

oh n

W ile

y &

So ns

, L td

. N ot

fo r g

en er

al re

di st

rib ut

io n.

3-6 CHAPTER 3 Risk Assessment Part I

The fi nal stage in the client acceptance or continuance decision process involves the preparation of an engagement letter. AU-C 210 Terms of Engagement and AS 1301 Commu- nications with Audit Committees provide guidance on the preparation of engagement letters. An engagement letter is prepared by an auditor and acknowledged by a client before the audit begins. It is a form of contract between an auditor and the client. It is not necessary to send a new engagement letter each year for a continuing client unless the terms of the engagement change. If no revisions are necessary, the auditor should remind client management of the terms of the engagement. The reminder can be in writing or orally, and the auditor should document the reminder was made.

The purpose of an engagement letter is to set out the terms of the audit engagement to avoid any misunderstandings between the auditor and the client. The engagement letter in- cludes an explanation of the scope of the audit, the timing of the completion of various aspects of the audit, an overview of the client’s responsibility for the preparation of the fi nancial state- ments, the requirement that the auditor have access to all information required to perform the audit, and independence considerations and fees. An example of an engagement letter for a private company client is provided in the appendix to AU-C 210 and is reproduced in Illustra- tion 3.3. (Appendix C of AS 1301 details matters that should be included in the engagement letter for a public company client.)

engagement letter sets out the terms of the audit engagement, to avoid any misunderstandings between the auditor and the client

Audit Reasoning Example Refusal of New Client

A fi rm has been asked to submit a bid on a new engagement. An individual with experience in the investment industry is starting a new hedge-fund company. The company is looking for an auditor so that audited fi nancial statements can be provided to potential investors. While the fi rm has 15 offi ces in the United States, the fi rm has very limited experience auditing investment com- panies or hedge funds. A background check on the CEO indicates he had allegations of improper business dealings and possible fraud with a company he ran fi ve years before. The fi rm chooses not to bid on the audit because of concerns about possible management integrity issues, as well as concerns about its own expertise.

To the appropriate representative of those charged with governance of ABC Company:

[The objective and scope of the audit]

You have requested that we audit the financial statements of ABC Company, which comprise the balance sheet as of December 31, 20XX, and the related statements of income, changes in stockholders’ equity, and cash flows for the year then ended, and the related notes to the financial statements. We are pleased to confirm our acceptance and our understanding of this audit engagement by means of this letter. Our audit will be conducted with the objective of our expressing an opinion on the financial statements.

[The responsibilities of the auditor]

We will conduct our audit in accordance with auditing standards generally accepted in the United States of America (GAAS). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluating the overall presentation of the financial statements.

Because of the inherent limitations of an audit, together with the inherent limitations of internal control, an unavoidable risk that some material misstatements may not be detected exists, even though the audit is properly planned and performed in accordance with GAAS.

ILLUSTRATION 3.3 Example of an audit engagement letter for a private company client

c03RiskAssessmentPartI.indd Page 3-6 07/08/18 7:15 PM f-389 c03RiskAssessmentPartI.indd Page 3-6 07/08/18 7:15 PM f-389 /208/WB02435/9781119401810/ch03/text_s/208/WB02435/9781119401810/ch03/text_s

Pr op

er ty

o f J

oh n

W ile

y &

So ns

, L td

. N ot

fo r g

en er

al re

di st

rib ut

io n.

Client Acceptance and Continuance Decisions 3-7

In making our risk assessments, we consider internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances but not for the purpose of expressing an opinion on the eff ectiveness of the entity’s internal control. However, we will communicate to you in writing concerning any significant deficiencies or material weaknesses in internal control relevant to the audit of the financial statements that we have identified during the audit.

[The responsibilities of management and identification of the applicable financial reporting framework]

Our audit will be conducted on the basis that [management and, when appropriate, those charged with governance] acknowledge and understand that they have responsibility

a. for the preparation and fair presentation of the financial statements in accordance with accounting principles generally accepted in the United States of America;

b. for the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error; and

c. to provide us with

i. access to all information of which [management] is aware that is relevant to the preparation and fair presentation of the financial statements such as records, documentation, and other matters;

ii. additional information that we may request from [management] for the purpose of the audit; and

iii. unrestricted access to persons within the entity from whom we determine it necessary to obtain audit evidence.

As part of our audit process, we will request from [management and, when appropriate, those charged with governance], written confirmation concerning representations made to us in connection with the audit.

[Other relevant information]

[Insert other information, such as fee arrangements, billings, and other specific terms, as appropriate.]

[Reporting]

[Insert appropriate reference to the expected form and content of the auditor’s report. Example follows:]

We will issue a written report upon completion of our audit of ABC Company’s financial statements. Our report will be addressed to the board of directors of ABC Company. We cannot provide assurance that an unmodified opinion will be expressed. Circumstances may arise in which it is necessary for us to modify our opinion, add an emphasis-of-matter or other-matter paragraph(s), or withdraw from the engagement.

We also will issue a written report on [Insert appropriate reference to other auditor’s reports expected to be issued.] upon completion of our audit.

Please sign and return the attached copy of this letter to indicate your acknowledgment of, and agreement with, the arrangements for our audit of the financial statements including our respective responsibilities.

XYZ Partners

Acknowledged and agreed on behalf of ABC Company by

___________________________

[Signed]

[Name and Title]

[Date]

Source: AU-C 210 Terms of Engagement, Appendix

ILLUSTRATION 3.3 (continued)

c03RiskAssessmentPartI.indd Page 3-7 07/08/18 7:15 PM f-389 c03RiskAssessmentPartI.indd Page 3-7 07/08/18 7:15 PM f-389 /208/WB02435/9781119401810/ch03/text_s/208/WB02435/9781119401810/ch03/text_s

Pr op

er ty

o f J

oh n

W ile

y &

So ns

, L td

. N ot

fo r g

en er

al re

di st

rib ut

io n.

3-8 CHAPTER 3 Risk Assessment Part I

Before You Go On 1.1 What will an auditor consider in assessing the integrity of a client’s management, board, and

other personnel? 1.2 What are the key components of an engagement letter? 1.3 Why must an auditor seek a client’s permission before communicating with its prior auditor

or any other relevant third party?

Cloud 9 - Continuing Case “Great news!” announces Sharon Gallagher at the weekly team meeting. “We just received word that the audit engagement letter for Cloud 9 has been signed. We are now offi cially the auditors and the risk assessment phase starts now!”

Later, at the fi rst planning meeting, Sharon and Josh Thomas focus on assigning the tasks for gaining an understanding of Cloud 9. Ian Harper, a fi rst-year staff , is not happy. He grumbles to another member of the team, Suzie Pickering, as he leaves the room. “This is such a waste of time. Why did we sign an engage- ment letter if we don’t understand the client? Why don’t we just get on with the audit? What else is there to know?”

“Oh boy, are you missing the point!” Suzie says. “If you don’t understand where the risks are greatest, where are you going to start ‘getting on with it’?”

“The same place you always start,” replies Ian. Ian thinks that all audits are pretty much the same and that

W&S Partners must have an audit plan they can use for the Cloud 9 audit. Suzie explains that if they tailor the plan to the client, the audit is far more likely to be effi cient and eff ective. That is, they will get the job done without wasting time and ensure that quality evidence is gathered for the accounts that are most at risk of being misstated. If they can do this, W&S Partners will not only issue the right audit report, but they will make a profi t from the audit as well. In other words, if the plan is good, performing the audit properly will be easier.

Suzie realizes it will be a big job explaining this to Ian and invites him for a coff ee in the staff room so that they can talk. Suzie is an experienced staff and has worked with other clothing and footwear clients.

LEARNING OBJECTIVE 2 Identify the diff erent phases of an audit.

Before we begin the discussion of the diff erent phases of an audit, it is important to emphasize that each audit is unique. For example, risks associated with the audit of a grocery store will not be the same as the risks associated with an audit of a jewelry store, even though both are retailers. Risks associated with the oil and gas industry will be diff erent from risks associated with the computer technology industry because of factors like diff erent laws and regulations that apply to each industry. Auditors must tailor their audit to be specifi c to each client, but broadly speaking, there are three general phases of every audit. An overview of these phases is represented in Illustration 3.4. The main phases of an audit are risk assessment, risk re- sponse, and reporting. Once the client acceptance or continuation decision has been made, the fi rst phase is risk assessment and planning the audit. The risk assessment phase in- volves gaining an understanding of the client, identifying factors that may impact the risk of a material misstatement occurring in the fi nancial statements, performing a risk and materi- ality assessment, and developing an audit strategy. The risk response phase of the audit involves the performance of detailed tests of controls and substantive, or detailed, testing of transactions and accounts. The reporting phase involves an evaluation of the results of the detailed testing in light of the auditor’s understanding of the client and forming an opinion on the fair presentation of the client’s fi nancial statements. An overview of each phase of the audit follows.

risk assessment phase gaining an understanding of the client, identifying risk factors, develop- ing an audit strategy, and setting planning materiality audit strategy the determi- nation of the amount of time spent testing the client’s internal controls and conducting detailed testing of transactions and account balances risk response phase perform- ing tests of controls and detailed substantive testing of transactions and accounts, concentrating eff ort where the risk of material misstatement is greatest reporting phase evaluation of the results of the detailed testing in light of the auditor’s under- standing of the client and forming an opinion on the fair presen- tation of the client’s fi nancial statements

Phases of an Audit

c03RiskAssessmentPartI.indd Page 3-8 07/08/18 7:15 PM f-389 c03RiskAssessmentPartI.indd Page 3-8 07/08/18 7:15 PM f-389 /208/WB02435/9781119401810/ch03/text_s/208/WB02435/9781119401810/ch03/text_s

Pr op

er ty

o f J

oh n

W ile

y &

So ns

, L td

. N ot

fo r g

en er

al re

di st

rib ut

io n.

Phases of an Audit 3-9

Risk Assessment Phase AU-C 300 Planning an Audit and AS 2101 Audit Planning require auditors to plan the au- dit by assessing risk to reduce audit risk to an acceptably low level. Audit risk is the risk that an auditor expresses an inappropriate audit opinion when the fi nancial statements are materially misstated (AU-C 200.14). An auditor will perform various risk assessment pro- cedures to ensure that appropriate attention is paid to the accounts and transactions most at risk of being materially misstated. For example, the inventory account at The Boeing Company has a higher risk of material misstatement than the prepaid expenses account. Why is that? First, think about the diff erence in the dollar amount of the two accounts. In- ventory will most likely be the largest current asset and prepaid expenses will be one of the smallest. Also, the number and complexity of transactions in the inventory account will be much higher than the number of transactions in the prepaid expenses account. Therefore, auditors should plan to devote more audit time to the inventory account than to the prepaid expenses account. This Boeing example illustrates that the risk assessment phase of the audit provides the opportunity to optimize effi ciency and eff ectiveness when conducting an audit. Effi ciency refers to the amount of time spent gathering audit evidence. Eff ectiveness refers to minimizing audit risk.

You should also understand that the risk assessment process is an iterative process. Auditors make preliminary risk assessments while planning the audit. Those risk assessments are later confi rmed, or refuted, when auditors perform tests of the system of internal control, or tests of account balances, transactions, or disclosures. On occasion, auditors might obtain informa- tion in the risk response phase that causes them to revise their preliminary conclusions drawn during the risk assessment phase. Auditors must be open to evaluating evidence obtained at any phase of the audit and to considering its implications for risk assessments made earlier in the audit.

Illustration 3.5 provides a graphical depiction of the risk assessment phase of the audit and some key concepts that are applied during risk assessment and the other phases of the audit. The key concepts of materiality, professional skepticism, and audit risk are discussed in the sections Materiality, and Professional Skepticism and Audit Risk. The section Audit Strategy in this chapter discusses how, once the elements of risk assessment have been con- sidered, auditors can develop their audit strategy. The section Fraud Risk closes this chapter. The remaining elements of risk assessment will be discussed in Chapter 4.

Risk Response Phase The risk response phase of the audit involves detailed testing of internal controls, transac- tions, account balances, and disclosures the auditors have determined to be at high risk of material misstatement. Auditors determine whether they plan to rely on the client’s system of internal controls. If so, they will test the effectiveness of internal controls, which is discussed in the section Audit Strategy and further in Chapter 8. Auditors will also make decisions about the extent and timing of detailed testing of account balances and trans- actions, which is discussed in Audit Strategy and further in Chapters 9 through 13. This detailed testing provides the evidence needed by auditors to determine if the financial statements are fairly presented.

audit risk the risk that an auditor expresses an inappropriate audit opinion when the fi nancial statements are materially misstated

Understanding

the Client

Risk

Identification

and Strategy

Risk and

Materiality

Assessment

Tests of

Control

Substantive

Testing

Conclusion

and Forming

an Opinion

Risk Assessment Phase

Risk Response Phase

Reporting Phase

ILLUSTRATION 3.4 Overview of the audit

c03RiskAssessmentPartI.indd Page 3-9 07/08/18 7:15 PM f-389 c03RiskAssessmentPartI.indd Page 3-9 07/08/18 7:15 PM f-389 /208/WB02435/9781119401810/ch03/text_s/208/WB02435/9781119401810/ch03/text_s

Pr op

er ty

o f J

oh n

W ile

y &

So ns

, L td

. N ot

fo r g

en er

al re

di st

rib ut

io n.

3-10 CHAPTER 3 Risk Assessment Part I

Concluding and Reporting on an Audit The fi nal phase of the audit involves drawing conclusions based upon the evidence gathered and arriving at an opinion regarding the fair presentation of the fi nancial statements. The auditor’s opinion is expressed in the audit report (see Chapter 15). At this stage of the audit, auditors draw on their understanding of the client, their detailed knowledge of the risks faced by the client, and the conclusions drawn when testing the client’s controls, transactions, and account balances.

ILLUSTRATION 3.5 Risk assessment

Closing procedures Risk Assessment Client performance

measurement

Corporate governance Related parties

Understand the entity

and the industry

Audit Strategy

Professional SkepticismMateriality Audit Risk

Analytical proceduresUnderstand internal

controls and IT

Fraud risk Compliance with

laws and regulations

Before You Go On 2.1 What are the three main phases of the audit? 2.2 Briefl y discuss why auditors must treat every audit as unique. 2.3 Explain how the risk assessment phase helps to improve the effi ciency and eff ectiveness of

the audit.

LEARNING OBJECTIVE 3 Explain and apply the concept of materiality.

The concept of materiality is used to guide audit testing and assess the validity of informa- tion contained in the fi nancial statements and the notes. Information is considered material if it impacts the decision-making process of users of the fi nancial statements. PCAOB AS 2105 includes the defi nition stated by the U.S. Supreme Court that “information is material if there

materiality the ability of infor- mation to infl uence decisions that users make on the basis of the fi nancial information of a specifi c reporting entity

Materiality

c03RiskAssessmentPartI.indd Page 3-10 07/08/18 7:15 PM f-389 c03RiskAssessmentPartI.indd Page 3-10 07/08/18 7:15 PM f-389 /208/WB02435/9781119401810/ch03/text_s/208/WB02435/9781119401810/ch03/text_s

Pr op

er ty

o f J

oh n

W ile

y &

So ns

, L td

. N ot

fo r g

en er

al re

di st

rib ut

io n.

Materiality 3-11

is a substantial likelihood that the . . . fact would have been viewed by a reasonable investor as having signifi cantly altered the total mix of information made available (para 2).” This in- cludes information that is misstated and information that is omitted but should be disclosed.

Materiality is a key auditing concept that is fi rst assessed during the risk assessment phase of every audit. This overall or planning materiality guides audit planning and testing for the fi nancial statements as a whole. Before explaining how auditors arrive at their planning ma- teriality assessment, it is important to diff erentiate between the qualitative and quantitative considerations of materiality.

Qualitative and Quantitative Materiality Information can be considered material because of its nature and/or its magnitude. An item that is considered material due to its nature is referred to as being qualitatively material. An item that is considered material due to its magnitude is referred to as being quantitatively ma- terial. While these concepts are not mutually exclusive as it is possible for information to be both qualitatively and quantitatively material, they are now explained separately to help you diff erentiate between the two concepts.

Qualitative Materiality Factors Information is considered qualitatively material if it aff ects a user’s decision-making pro- cess for a reason other than its magnitude. For example, a fraud, by its nature, is considered signifi cant no matter how small the fraud may be. Fraud that is small today could grow to a massive fraud in the future. Throughout the audit, auditors use their understanding of the client to be alert to qualitative factors that refl ect on the client’s fi nancial position, results of operations, and/or cash fl ows.

When reading the notes to the fi nancial statements, an auditor will assess accounting disclosure accuracy and compliance with any regulations and legislation and ensure any legal matters that should be disclosed are disclosed correctly. If any of these disclosures are inaccu- rate or omitted in error, the auditor will consider the potential impact on users. If the auditor believes an inaccurate disclosure or omission will aff ect a user’s decision-making process, it is considered qualitatively material, and the auditor will request that the client correct the disclosure or include any omitted information. Examples include a change in an accounting method, a change in operations that aff ects the level of risk faced by the client, or the client being in danger of breaching a debt covenant. AU-C 320 and AS 2105 refer to other items that may be considered material due to their nature rather than their size.

Quantitative Materiality Factors Information is considered quantitatively material if it exceeds the magnitude of an audi- tor’s planning materiality assessment. Auditors use their professional judgment to arrive at an appropriate planning materiality amount for each client. Planning materiality is typically a percentage of an appropriate benchmark from the fi nancial statements. AU-C 320 provides guidance for determining an appropriate benchmark. An auditor will select a benchmark, as discussed in the section Setting Materiality, and then decide on the percentage to use, depend- ing upon the client’s circumstances.

Setting Materiality When determining planning materiality, auditors will use professional judgment and are mindful of the primary users of the fi nancial statements. For publicly traded companies, the primary users are the stockholders. For private companies, the primary users are generally the owners and/or major lenders. Accounting fi rms may vary in the method they use to set planning materiality in the risk assessment phase, but common practice is to calculate a per- centage of an appropriate benchmark. In selecting an appropriate benchmark, auditors can choose an item from the balance sheet or the income statement. Balance-sheet benchmarks

qualitative materiality information or misstatements that impact a user’s decision-making process for a reason other than its magnitude

quantitative materiality information or misstatements that exceed the magnitude of an auditor’s preliminary materiality assessment, which is a percentage of an appropriate benchmark

c03RiskAssessmentPartI.indd Page 3-11 07/08/18 7:15 PM f-389 c03RiskAssessmentPartI.indd Page 3-11 07/08/18 7:15 PM f-389 /208/WB02435/9781119401810/ch03/text_s/208/WB02435/9781119401810/ch03/text_s