(Objectives 13-5, 13-7) The following are parts of a typical audit for a company with a fiscal year-end of July 31.
1. Confirm accounts payable.
2. Do tests of controls and substantive tests of transactions for the acquisition and payment and payroll and personnel cycles.
3. Do other tests of details of balances for accounts payable.
4. Do tests for review of subsequent events.
5. Accept the client.
6. Issue the audit report.
7. Understand internal control and assess control risk.
8. Do analytical procedures for accounts payable.
9. Set acceptable audit risk and decide preliminary judgment about materiality and tolerable misstatement
a. Identify the phase of the audit in which each activity occurs.
b. Put parts 1 through 9 of the audit in the sequential order in which you will expect them to be performed in a typical audit.
c. Identify those parts that will frequently be done before July 31.
DESIGN OF THE AUDIT PROGRAM
After the auditor uses risk assessment procedures to determine the appropriate emphasis on each of the other four types of tests, the specific audit procedures for each type of test must be designed. These audit procedures are then combined to form the audit program. In most audits, the engagement in-charge auditor recommends the evidence mix to the engagement manager. After the evidence mix is approved, the incharge prepares the audit program or modifies an existing program to satisfy all audit objec tives, considering such things as materiality, evidence mix, inherent risk, control risk, and any identified fraud risks, as well as the need for an integrated audit for larger public companies. The in-charge is also likely to get approval from the manager before performing the audit procedures or delegating their performance to an assistant. Let’s focus on designing audit programs to satisfy transaction-related and balancerelated audit objectives. Keep in mind the auditor will also design audit programs to satisfy presentation and disclosure-related audit objectives. In addition to the section of the audit program that contains the risk assessment procedures performed in planning, the audit program for most audits is designed in three additional parts: tests of controls and substantive tests of transactions, substantive analytical procedures, and tests of details of balances. Each transaction cycle will likely be evaluated using a separate set of sub-audit programs. In the sales and collection cycle, for example, the auditor might use:
• A test of controls and substantive tests of transactions audit program for sales and cash receipts
• A substantive analytical procedures audit program for the entire cycle
• Tests of details of balances audit programs for cash, accounts receivable, bad debt expense, allowance for uncollectible accounts, and miscellaneous accounts receivable The tests of controls and substantive tests of transactions audit program normally includes a descriptive section documenting the understanding of internal control obtained during the performance of risk assessment procedures. The program is also likely to include a description of the procedures performed to obtain an under standing
of internal control and a description of the assessed level of control risk. The auditor Apago PDF Enhancer uses this information to develop the tests of controls and substantive tests of trans – actions audit program. Figure 13-4 illustrates the methodology used to design these tests. (We previously discussed the steps in the first three boxes of Figure 13-4 on pages 302–315 of Chapter 10.) The audit procedures include both tests of controls and substantive tests of transactions, which vary depending on assessed control risk. When controls are effective and control risk is assessed as low, auditors put heavy emphasis on tests of controls. Some substantive tests of transactions will also be included. If control risk is assessed at maximum, only substantive tests of transactions will be used, assuming the audit is of a smaller public company or a nonpublic company. Audit Procedures When designing tests of controls and substantive tests of trans – actions, auditors emphasize satisfying the transaction-related audit objectives developed in Chapter 6. Auditors follow a four-step approach to reduce assessed control risk. 1. Apply the transaction-related audit objectives to the class of transactions being tested, such as sales. 2. Identify key controls that should reduce control risk for each transactionrelated audit objective.
3. Develop appropriate tests of controls for all internal controls that are used to reduce the preliminary assessment of control risk below maximum (key controls).
4. For potential types of misstatements related to each transaction-related audit objective, design appropriate substantive tests of transactions, considering deficiencies in internal control and expected results of the tests of controls in step 3. Figure 13-5 (p. 416) summarizes this four-step approach to designing tests of controls and substantive tests of transactions.
Because substantive analytical procedures are relatively inexpensive, many auditors perform them on all audits. Analytical procedures performed during substantive testing, such as for the audit of accounts receivable, are typically more focused and more extensive than those done as part of planning. The auditor is likely to use dis – aggregated data to increase the precision of the auditor’s expectations. During planning, the auditor might calculate the gross margin percentage for total sales, while during substantive testing of accounts receivable, the auditor might calculate gross margin percentage by month or by line of business, or possibly both. Analytical procedures calculated using monthly amounts will typically be more effective in detecting misstatements than those calculated using annual amounts, and comparisons by line of business will usually be more effective than companywide comparisons. If sales and accounts receivable are based on predictable relationships with nonfinancial data, the auditor often uses that information for analytical procedures. For example, if revenue billings are based on the number of hours professionals charge to clients, such as in law firms and other organizations that provide services, the auditor can estimate total revenue by multiplying hours billed by the average billing rate. When the auditor plans to use analytical procedures to provide substantive assur – ance about an account balance, the data used in the calculations must be considered sufficiently reliable. This is true for all data, especially nonfinancial data. For example, if auditors estimate total revenue using hours billed and the average billing rate, they must be confident that both numbers are reasonably reliable. To design tests of details of balances audit procedures, auditors use a methodology oriented to the balance-related audit objectives we covered in Chapter 6 (pp. 158–160). If the auditor is verifying accounts receivable, for example, the planned audit pro cedures must be sufficient to satisfy each of the balance-related audit objectives. In planning tests
of details of balances audit procedures to satisfy these objectives, many auditors follow a methodology such as the one shown in Figure 13-6 for accounts receivable. The design of these procedures is normally the most difficult part of the entire planning process because it is subjective and requires considerable pro fessional judgment. Let’s discuss the key decisions in designing tests of details of balances audit procedures as shown in Figure 13-6. Identify Client Business Risks Affecting Accounts Receivable As part of gaining an understanding of the client’s business and industry, the auditor identifies and evaluates significant client business risks to determine whether they result in increased risk of material misstatements in the financial statements. If any of the identified client business risks affect accounts receivable, they should be incorporated in the auditor’s evaluation of inherent risk or control risk. These risks will then affect the appropriate extent of evidence.
Set Tolerable Misstatement and Assess Inherent Risk for Accounts Receivable Auditors must decide the preliminary judgment about materiality for the audit as a whole and then allocate the total to account balances, to establish tolerable misstatement for each significant balance. For a lower tolerable misstatement, more testing of details is required, and vice versa. Some auditors allocate tolerable misstatement to individual balance-related audit objectives, but most do not. Inherent risk is assessed by identifying any aspect of the client’s history, environ – ment, or operations that indicates a high likelihood of misstatement in the current year’s financial statements. Considerations affecting inherent risk that may apply to accounts receivable include makeup of accounts receivable, nature of the client’s business, initial engagement, and other inherent risk factors discussed in Chapter 9. An account balance for which inherent risk has been assessed as high will result in more evidence accumulation than for an account with low inherent risk. Inherent risk also can be extended to individual balance-related audit objectives. For example, adverse economic conditions in the client’s industry may make the auditor conclude that a high risk of uncollectible accounts receivable (realizable value objective) exists. Inherent risk can still be low for all other objectives. Assess Control Risk for the Sales and Collection Cycle The methodology for evaluating control risk will be applied to both sales and cash receipts in the audit of accounts receivable. Effective controls will reduce control risk and, along with it, the amount of evidence required for substantive tests of transactions and tests of details of balances. Inadequate controls will increase the substantive evidence needed. Design and Perform Tests of Controls and Substantive Tests of Transactions for the Sales and Collection Cycle Tests of controls and substantive tests of transactions are designed with the expectation that certain results will be obtained. These predicted results affect the design of tests of details of balances. For example, the auditor usually plans to do extensive tests of controls when control risk is assessed as low. This will permit less extensive substantive testing of accounts receivable balances. Design and Perform Analytical Procedures for Accounts Receivable Balance Auditors perform substantive analytical procedures for an account such as accounts receivable for two purposes: to identify possible misstatements in the account balance and to reduce detailed audit tests. The results of substantive analytical procedures directly affect the extent of tests of details of balances. Design Tests of Details of Accounts Receivable Balance to Satisfy BalanceRelated Audit Objectives The planned tests of details of balances include audit procedures, sample size, items to select, and timing. Procedures must be selected and designed for each account and each balance-related audit objective within each account. A difficulty auditors face in designing tests of details of balances is the need to predict the outcome of the tests of controls, substantive tests of transactions, and substantive analytical procedures before they are performed. This is necessary because the auditor should design tests of details of balances during the planning phase, but the appropriate design depends on the outcome of the other tests. In planning tests of details of balances, the auditor usually predicts few or no exceptions will occur in tests of controls, substantive tests of transactions, and substantive analytical procedures. If the results of the tests of controls, substantive tests of transactions, and substantive analytical procedures are not consistent with the predictions, auditors will need to change the tests of details of balances as the audit progresses. Figure 13-7 summarizes the discussion about the approach to designing tests of details of balances applied to accounts receivable. The light shaded boxes on the left side of the figure correspond to the design of tests of controls and substantive tests of trans – actions, as presented in Figure 13-5 (p. 416). Figure 13-7 builds on Figure 13-5 by also showing how tests of controls and substantive tests of transactions affect the design.
SUMMARY OF THE AUDIT PROCESS
Figure 13-9 shows the four phases for the entire audit process, and Table 13-7 (p. 427) shows the timing of the tests in each phase for an audit with a December 31 balance sheet date. Auditors use information obtained from risk assessment procedures related to client acceptance and initial planning, understanding the client’s business and industry, assessing the client’s business risks, and performing preliminary analytical procedures (first four boxes in Figure 13-9) primarily to assess inherent risk and acceptable audit risk. Auditors use assessments of materiality, acceptable audit risk, inherent risk, control risk, and any identified fraud risks to develop an overall audit plan and audit program.
At the end of phase I, the auditor should have a well-defined audit plan and a specific audit program for the entire audit. Auditors perform tests of controls and substantive tests of transactions during this phase. The objectives of phase II are to:
1. Obtain evidence in support of the specific controls that contribute to the auditor’s assessed control risk (that is, where it is reduced below the maximum), including integrated audits of internal control over financial reporting.
2. Obtain evidence in support of the monetary correctness of transactions. The first objective is met by performing tests of controls, and the second by performing substantive tests of transactions. Frequently both types of tests are done simultaneously on the same transactions. When controls are not considered effective or when the auditor finds deviations, substantive tests can be expanded in this phase or in phase III, along with considering the implications for the auditor’s report on internal control over financial reporting in an integrated audit. Because the results of tests of controls and substantive tests of transactions are a major determinant of the extent of tests of details of balances, they are often done two or three months before the balance sheet date. This helps the auditor revise the tests of details of balance audit program for unexpected results in the earlier tests and to complete the audit as soon as possible after the balance sheet date. This approach is also used in an integrated audit to allow management an opportunity to correct control deficiencies in time to allow auditor testing of the newly implemented controls before year-end. Auditors update their testing of internal controls near year-end to verify that the controls continue to operate effectively. For computerized accounting systems, auditors often perform tests of controls and substantive tests of transactions throughout the year to identify significant or unusual transactions and determine whether any changes have been made to the client’s computer programs. This approach is often called continuous auditing and is frequently used in integrated audits of financial statements and internal control for public companies. The objective of phase III is to obtain sufficient additional evidence to determine whether the ending balances and footnotes in financial statements are fairly stated. The nature and extent of the work will depend heavily on the findings of the two previous phases. The two general categories of phase III procedures are:
1. Substantive analytical procedures that assess the overall reasonableness of transactions and balances. 2. Tests of details of balances, which are audit procedures to test for monetary misstatements in the balances in the financial statements. Table 13-7 shows analytical procedures are performed before and after the balance sheet date. Because of their low cost, analytical procedures are commonly used whenever they are relevant. They are often performed early, using preliminary data before year-end, as a means of planning and directing other audit tests to specific areas. But the greatest benefit from calculating ratios and making comparisons occurs after the client has finished preparing its financial statements. Ideally, these analytical procedures are done before tests of details of balances so they can then be used to determine how extensively to test balances. They are also used as a part of performing tests of balances and during the completion phase of the audit. Table 13-7 also shows that tests of details of balances are normally done last. On some audits, all are done after the balance sheet date. When clients want to issue state – ments soon after the balance sheet date, the more time-consuming tests of details of balances are done at interim dates before year-end with additional work being done to
roll-forward the audited interim-date balances to year-end. Substantive tests of balances performed before year-end provide less assurance and are normally only done when internal controls are effective. After the first three phases are completed, auditors must accumulate additional evi – dence related to presentation and disclosure-related objectives, summarize the results, issue the audit report, and perform other forms of communication. As shown in Figure 13-9 (p. 425), this phase has several parts. Perform Additional Tests for Presentation and Disclosure Recall from Chapter 6 that auditors accumulate evidence related to presentation and disclosurerelated audit objectives. The procedures auditors perform to support the four presen – tation and disclosure-related objectives are similar to audit procedures performed to support both transaction- and balance-related audit objectives. For example, management imple ments internal controls to ensure that all required footnote disclosures are included and that amounts and other information disclosed are accurate. Auditor tests of those controls provide evidence supporting the completeness and accuracy presen tation and disclosure-related audit objectives. Auditors also perform substantive tests to obtain sufficient appropriate evidence that information disclosed in the footnotes reflects actual transactions and balances that have occurred and that represent obligations of the client to support the occurrence and rights and obligation objectives. A considerable portion of the auditor’s testing related to presentation and disclosure-related objectives is done during the first three phases, but additional testing is done in phase IV. During this last phase of the audit, auditors perform audit procedures related to con tingent liabilities and subsequent events. Contingent liabilities are potential liabilities that must be disclosed in the client’s footnotes. Auditors must make sure that the disclosure is complete and accurate. Subsequent events represent events that occasionally occur after the balance sheet date, but before the issuance of the financial statements and auditor’s report, that have an effect on the financial statements. Specific review pro cedures are designed to bring to the auditor’s attention any subsequent events that affect the financial statements. Both contingent liabilities and subsequent events are studied in Chapter 24. Accumulate Final Evidence In addition to the evidence obtained for each cycle during phases I and II, and for each account during phase III, auditors must gather the following evidence for the financial statements as a whole during the completion phase:
• Perform final analytical procedures
• Evaluate the going-concern assumption
• Obtain a client representation letter
• Read information in the annual report to make sure that it is consistent with the financial statements Issue Audit Report The type of audit report issued depends on the evidence accumu – lated and the audit findings. The appropriate reports for differing circumstances were studied in Chapter 3. Communicate with Audit Committee and Management The auditor is required to communicate significant deficiencies in internal control to the audit committee or senior management. Auditing standards also require the auditor to communicate certain other matters to those charged with governance, such as the audit committee or a similarly designated body upon completion of the audit, if not sooner. Although not required, auditors often also make suggestions to management to improve business performance.