Ch1 [AD30].pdf

11 Pages
102 Views

Department
Financial Accounting
Course Code
MGAC03H3
Professor
Genevieve Dewar

This preview shows pages 1,2 and half of page 3. Sign up to view the full 11 pages of the document.
Description
Lecture :__________ CHAPTER 1: AUDITING AND INTERNAL CONTROL Overview: IT has inspired the reengineering of traditional business processes to promote more efficient operations and to improve communications within the entity and between the entity and its customers and suppliers. These advances, however, have introduced new risks that require unique internal controls. They have engendered the need for new techniques for evaluating controls and for assuring the security and accuracy of corporate data and the information systems that produce it. After studying this chapter, you should: •Know the difference between attest services and advisory services and be able to explain the relationship between the two. •Understand the structure of an audit and have a firm grasp of the conceptual elements of the audit process. •Understand internal control categories presented in the COSO framework. •Be familiar with the key features of Section 302 and 404 of the Sarbanes-Oxley Act. •Understand the relationship between general controls, application controls, and financial data integrity. ----------------------------------------------------------------------------------------------------------------------------------- OVERVIEW OF AUDITING External Financial Audits: An external audit is an independent attestation performed by an auditor who expresses an opinion regarding the presentation of financial statements. •The audit objective is always associated with assuring the fair presentation of financial statements. •Throughout the audit process, the auditor must maintain independence from the client organization. Public confidence in the reliability of the company’s internally produced financial statements rests directly on an evaluation of them by an independent auditor. Attest Service vs Advisory Services: The following requirements apply to attestation services: 1. Require written assertions and a practitioner’s written report. Class Notes: ________________________________________________________________________________________________________ ________________________________________________________________________________________________________ ________________________________________________________________________________________________________ ________________________________________________________________________________________________________ 2. Require the formal establishment of measurement criteria or their description in the presentation. 3. Levels of service in attestation engagements are limited to examination, review, and application of agreed-upon procedures. Advisory Services: are services to improve their client organizations’ operational efficiency and effectiveness. As a result of SOX, it is unlawful for a PA firm to provide attest services with the following services: bookkeeping, IS design & implementation, internal audit outsourcing services and legal services. Internal Audits is a function established within an organization to examine and evaluate its activities as a service to the organization. External versus Internal Auditors: while external auditors represent outsiders, internal auditors represent the interests of the organization. External auditors can rely in part on evidence gathered by • internal audit departments that are organizationally independent and report to the board of directors’ audit committee Fraud Audits: The objective of a fraud audit is to investigate anomalies and gather evidence of fraud that may lead to criminal conviction. ----------------------------------------------------------------------------------------------------------------------------------- ROLE OF THE AUDIT COMMITTEE • Consists of three people who should be outsiders and at least one member of the audit committee must be a “financial expert.” The audit committee serves as an independent “check and balance” for the internal audit • function and liaison with external auditors. • SOX mandates that external auditors now report to the audit committee who hire and fire auditors and resolve disputes. Class Notes: ________________________________________________________________________________________________________ ________________________________________________________________________________________________________ ________________________________________________________________________________________________________ ________________________________________________________________________________________________________ • To be effective, the audit committee must be willing to challenge the internal auditors (or the entity performing that function) as well as management, when necessary. • Part of its role is to look for ways to identify risk. • Corporate frauds often have some bearing on audit committee failures. ----------------------------------------------------------------------------------------------------------------------------------- FINANCIAL AUDIT COMPONENTS Overview: The auditor’s report expresses an opinion as to whether the financial statements are in conformity with generally accepted accounting principles (GAAP); external users of financial statements are presumed to rely on the auditor’s opinion about the reliability of financial statements in 6 Chapter 1: Auditing and Internal Control making decisions. Auditors are guided in their professional responsibility by the ten GAAS (pg. 6) TABLE 1.1 Generally Accepted Auditing Standards General Standards Standards of Field Work Reporting Standards 1. The auditor must have adequate technic1. Audit work must be adequately 1. The auditor must state in the report training and proficiency. planned. whether financial statements were prepared in accordance with generally accepted accounting principles. 2. The auditor must have independence of 2. The auditor must gain a sufficientThe report must identify those circum- mental attitude. understanding of the internal controlnces in which generally accepted structure. accounting principles were not applied. 3. The auditor must exercise due professionalhe auditor must obtain suffici3. The report must identify any items care in the performance of the audit and thepetent evidence. that do not have adequate informative preparation of the report. disclosures. 4. The report shall contain an expression of the auditor’soptefinancial statements as a whole. The lack of physical procedures that can be visually verified injects complexity into the IT audit (e.g., attorneys regarding contingent liability claims against clients, and techniques for obtain- the audit trail may be purely electronic, in a digital form, and thus invisible to those attempting to verify ing background information on the client’sindustry. it). Therefore, a logical framStatements on Auditing Standardsare regarded as authoritative pronouncements be- cause every member of the profession must follow their recommendations or be able to auditor identify all-important processes and data files. show why a SAS does not apply in a given situation. The burden of justifying departures from the SASs falls upon the individual auditor. Management Assertions and Audit Objectives: The task of the auditor is to determine whether the F/S are fairly presented. To accomplish this goal, the auditor establishes audit objectives, designs AS yemacPrcss procedures, & gathers evidence that corroborate or refute management’s assertions. These assertions fall into 5 categories:g an audit is a systematic and logical process that applies to all forms of information systems. While important in all audit settings, a systematic approach is Class Notes: particularly important in the IT environment. The lack of physical procedures that can be visually verified and evaluated injects a high degree of complexity into the IT ________________________________________________________________________________________________________ audit (e.g., the audit trail may be purely electronic, in a digital form, and thus invisible _________________________to those attempting to verify it). Therefore, a logical framework for conducting an audit ________________________________________________________________________________________________________ocesses and data files. ________________________________________________________________________________________________________ Management Assertions and Audit Objectives correctly classified (e.g., long-term liabilities will not mature within one year) and that footnote disclosures are adequate to avoid misleading the users of financial statements. Generally, auditors develop their audit objectives and designaudit procedures based on the preceding assertions. The example in Table 1.2 outlines these procedures. Audit objectives may be classified into two general categories. Those in Table 1.2 1. Existence or occurrence assertion affirms that all assets and equities contained in the B/S existporting. The second category pertains to the information system itself. This category includes the and that all transactions in the I/S actually occurred. audit objectives for assessing controls over manual operations and computer technologies used in transaction processing. In the chapters that follow, we consider both categories of audit objectives and the associated audit procedures. 2. Completeness assertion declares that no material assets, equities, or transactions have been omitted from the F/S. Obtaining Evidence 3. Rights & obligations assertion maintains that assets appearing on the balance sheet are owned Auditors seek evidential matter that corroborates management assertions. In the IT envi- by the entity and that the liabilities reported are obligations.ce relating to the reliability of computer controls as well as the contents of databases that have been processed by computer pro- grams. Evidence is collected by performing tests of controls, which establish whether in- 4. Valuation or allocation assertion states that assets/equities are valued in accordance with GAAP ternal controls are functioning properly, and substantive tests, which determine whether & that allocated amounts are calculated on a systematic and rational basis.sactionslnces.ountbaa Ascertaining Materiality 5. The presentation and disclosure assertion alleges that financial statement items are correctly classified (e.g., The auditor must determine whether weaknesses in internal controls and misstatements are adequate to avoid misleading the users of F/S. balances are material. In all audit environments, TABLE 1.2 Audit Objectives and Audit Procedures Based on Management Assertions Management Assertion Audit Objective Audit Procedure Existence of Occurrence Inventories listed on the balance sheet exObserve the counting of physical inventory. Completeness Accounts payable include all obligations tCompare receiving reports, supplier invoices, vendors for the period. purchase orders, and journal entries for the period and the beginning of the next period. Rights and Obligations Plant and equipment listed in the balance Review purchase agreements, insurance policies, sheet are owned by the entity. and related documents. Valuation or Allocation Accounts receivable are stated at net Review entity’sagingt andlteu realizable value. the adequacy of the allowance for uncorrectable accounts. Presentation and Disclosure Contingencies not reported in financial Obtain information from entity lawyers about the accounts are properly disclosed in footnotstatus of litigation and estimates of potential loss. Copyright 2011 Cengage Learning, Inc. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. ----------------------------------------------------------------------------------------------------------------------------------- AUDIT RISK: Audit Risk is the probability that the auditor will render a clean opinion on F/S that are, in fact, materially misstated. Material misstatements may be caused by errors (unintentional mistakes) or irregularities. Irregularities are intentional misrepresentations associated with fraud such as the misappropriation of physical assets or the deception of F/S users. Class Notes: ________________________________________________________________________________________________________ ________________________________________________________________________________________________________ ________________________________________________________________________________________________________ ________________________________________________________________________________________________________ Inherent Risk is associated with the unique characteristics of the business or industry of the client. Control Risk is the likelihood that the control structure is flawed because controls are either absent or inadequate to prevent or detect errors in the accounts. Auditors assess the level of control risk by performing tests of internal controls. Detection Risk is the risk that auditors are willing to take that errors not detected or prevented by the control structure will also not be detected by the auditor. Auditors set an acceptable level of detection risk that influences the level of substantive tests is performed. Relationship Between Tests of Controls and Substantive Tests: The stronger the internal control structure, as determined through tests of controls, the lower the CR and the less substantive testing the auditor must do. When controls are in place and effective, the auditor may limit substantive testing. In contrast, the weaker the internal control structure, the greater the control risk and the more substantive testing the auditor must perform to reduce total audit risk. Evidence of weak control
More Less
Unlock Document

Only pages 1,2 and half of page 3 are available for preview. Some parts have been intentionally blurred.

Unlock Document
You're Reading a Preview

Unlock to view full version

Unlock Document

Log In


OR

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


OR

By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.


Submit