Engagement Planning Flashcards Preview

CPA - AUD > Engagement Planning > Flashcards

Flashcards in Engagement Planning Deck (70):

Accounting Standards vs. Auditing Standards


  • FASB - primarily for businesses
  • GASB - state and local government entities
  • FASAB - federal governmental entities
  • IASB - International standard setting body (entiites adopting IFRS


  • ASB - non-issuers (private) companies
  • PCAOB - issueing (public) companies
  • GAO - governmental entities
  • ISA - issued by IAASB (within IFAC) - issues International Standards on Auditing (ISAs)


The PCAOB still incorporates the 10 traditional GAAS standards as a framework relevant to the PCAOB auditing standards. From a PCAOB perspective, there are 10 standards that comprise the traditional GAAS and that used to serve as the criteria to evaluate the quality of the auditor's performance.


General Standards

  1. Training
  2. Independence
  3. Due Care

Fieldwork Standards

  1. Planning Supervision
  2. Internal Control
  3. Evidence

Reporting Standards

  1. GAAP
  2. Consistency
  3. Disclosure
  4. Opinion



10 traditional GAAS Standards:

  • General Standards (TID)

General Standards  --  There are 3 of these ("TID"). They are "personal" in nature as they relate to qualities that the auditor brings to the assignment:

  1. Training  --  "The auditor must have adequate technical training and proficiency to perform the audit."
  2. Independence  --  "The auditor must maintain independence in mental attitude in all matters relating to the audit."
  3. Due care  --  "The auditor must exercise due professional care in the performance of the audit and the preparation of the report."
    1. Critically review the judgment exercised by those assisting in the audit.


10 traditional GAAS Standards:

  • Fieldwork Standards (PIE)

Field Work Standards  --  There are 3 of these ("PIE"). They are related to the evidence-gathering activities that form the foundation for the auditor's conclusions.

  1. Planning and supervision  --  "The auditor must adequately plan the work and must properly supervise any assistants."
  2. Internal control  --  "The auditor must obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of material misstatement of the financial statements whether due to fraud or error, and to design the nature, timing, and extent of further audit procedures."
  3. Evidence  --  "The auditor must obtain sufficient appropriate audit evidence by performing audit procedures to afford a reasonable basis for an opinion regarding the financial statements under audit."


10 traditional GAAS Standards:

  • Reporting Standards (GCDO)

Reporting Standards  --  There are 4 of these ("GCDO"). Each of them says something about the language that is required in the auditor's report.

  1. GAAP  --  "The auditor must state in the auditor's report whether the financial statements are presented in accordance with generally accepted accounting principles (GAAP)."
  2. Consistency  --  "The auditor must identify in the auditor's report those circumstances in which such principles have not been consistently observed in the current period in relation to the preceding period."
  3. Disclosure  --  "When the auditor determines that informative disclosures are not reasonably adequate, the auditor must so state in the auditor's report."
  4. Opinion  --  "The auditor must either express an opinion regarding the financial statements, taken as a whole, or state that an opinion cannot be expressed, in the auditor's report. When the auditor cannot express an overall opinion, the auditor should state the reasons therefore in the auditor's report. In all cases where an auditor's name is associated with financial statements, the auditor should clearly indicate the character of the auditor's work, if any, and the degree of responsibility the auditor is taking, in the auditor's report."


What was a result of the AICPA's Clarity and Convergence Project

  • The AICPA reissued substantially all of their existing Statements on Auditing Standards (SASs) in a clarified format intended to make the SASs easier to understand. In addition, the AICPA substantially converged their auditing standards to be consistent with the requirements of IFAC's International Standards on Auditing. Although some differences in those respective requirements remain (and will be covered elsewhere in CPAexcel), those standards are now very, very similar. The recent AICPA pronouncements are referred to as "Clarified Standards."
  • As part of that effort, the AICPA has also replaced its use of 10 "Generally Accepted Auditing Standards" with 7 "principles" to provide a framework for understanding and explaining an audit.


7 Principles to provide a framework for understanding and explaining an audit (AICPA replaced GAAS Standards with these 7 principles)

4 Themes: PR - PR

  • The 7 principles are not requirements and have no authoritative status. However, they are intended to be helpful as a framework for audit standard setting.
  • The 7 principles reflect most of the considerations that had been addressed in the previous 10 generally accepted auditing standards (the former reporting standards seem to have changed the most relative to these principles).

  1. Purpose/Premise 
  2. Responsibilities (replaces General Standards)
  3. Performance (replaces Fieldwork Standards)
  4. Reporting 


7 principles)

4 Themes: PR - PR

  • Purpose/Premise 
  • Responsibilities 
  • Performance 
  • Reporting

Purpose of an Audit and Premise Upon Which an Audit is Conducted

  • The purpose of an audit is to provide financial statement users with an opinion by the auditor on whether the financial statements are presented fairly, in all material respects, in accordance with the applicable financial reporting framework. An auditor's opinion enhances the degree of confidence that intended users can place in the financial statements.
  • An audit in accordance with generally accepted auditing standards is conducted on the premise that management and, where appropriate, those charged with governance, have responsibility for
    1. The preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework; this includes the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error; and

    2. Providing the auditor with all information, such as records, documentation, and other matters that are relevant to the preparation and fair presentation of the financial statements; any additional information that the auditor may request from management and, where appropriate, those charged with governance; and unrestricted access to those within the entity from whom the auditor determines it necessary to obtain audit evidence.


7 principles

4 Themes: PR - PR

  • Purpose/Premise 
  • Responsibilities 
  • Performance 
  • Reporting

Responsibilities  --  Note that the term responsibilities principle takes the place of what previously had been called General Standards describing characteristics the auditor brings to the engagement.

  1. Auditors are responsible for having appropriate competence and capabilities to perform the audit; complying with relevant ethical requirements; and maintaining professional skepticism and exercising professional judgment, throughout the planning and performance of the audit.


7 principles

4 Themes: PR - PR

  • Purpose/Premise 
  • Responsibilities 
  • Performance 
  • Reporting

Performance (takes place of Fieldwork Standards)  --  Note that the term performance principle takes the place of what previously had been called Fieldwork Standards governing the auditor's evidence-gathering activities.

  1. To express an opinion, the auditor obtains reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error.
  2. To obtain reasonable assurance, which is a high, but not absolute, level of assurance, the auditor:
    1. plans work, supervises assistants
    2. determines and applies materiality levels
    3. identifies and assesses risks of MM's
    4. obtains evidence about whether a potential MM exists
  3. The auditor is unable to obtain absolute assurance that the financial statements are free from material misstatement because of inherent limitations, which arise from:
    1. The nature of financial reporting;
    2. The nature of audit procedures; and
    3. The need for the audit to be conducted within a reasonable period of time and so as to achieve a balance between benefit and cost.



7 principles

4 Themes: PR - PR

  • Purpose/Premise 
  • Responsibilities 
  • Performance 
  • Reporting

Reporting  -- 

  • Based on an evaluation of the audit evidence obtained, the auditor expresses, in the form of a written report, an opinion in accordance with the auditor's findings, or states that an opinion cannot be expressed. The opinion states whether the financial statements are presented fairly, in all material respects, in accordance with the applicable financial reporting framework.


The AICPA's Use of the Term GAAS and Guidance Associated with It

  • Statements on Auditing Standards (SASs)
    • The SASs constitute GAAS and must be followed by auditors when AICPA auditing standards are applicable.
    • The auditor should be prepared to justify any departures from the SASs.
  • Interpretative publications
    • Interpretive publications are not considered to be auditing standards, however.
    • These are issued under the authority of the ASB after all ASB members have had an opportunity to comment on the interpretive publication.
  • Other auditing publications
    • ​Include articles in the Journal of Accountancy and the AICPA's CPA Letter (and other professional publications), continuing professional education programs, textbooks, etc.


The various AICPA standards (i.e., Statements on Auditing Standards, Statements on Standards for Attestation Engagements, Statements on Standards for Accounting and Review Services, and Statements on Quality Control Standards) distinguish between two types of professional requirements: and...

  • what is explanatory material?


  1. Unconditional
    • non-negotiable and applicable across the board ("must" and "is" are words used)
  2. Presumptively Mandatory
    • Compliance is expected however there are rare exceptions that are permitted. Indicated by the word "should"
      • must document the justification for any exception

Any guidance not in required material is called "explanatory material," which is descriptive guidance within the body of the standards that does not impose a "requirement" (indicated by "may," "might," or "could" in applicable standards).


Generally Accepted Auditing Standards (GAAS)


Quality Control Standards (SQCS)

An individual audit engagement is governed by GAAS, whereas... 

A CPA firm's collective portfolio of accounting and auditing services (sometimes called the "A&A" practice, which involves entities' financial statements and, thereby, involves the "public interest") is governed by the AICPA's SQCS.

  • SQCS are issued by the AICPA's Auditing Standards Board (in particular, the section of the SQCS dealing with "A Firm's System of Quality Control" is QC10). The relevant AICPA guidance applicable to an individual audit engagement is provided by AU 220: "Quality Control for an Engagement Conducted in Accordance with [GAAS]."


Six Elements of a Quality Control System


  1. Leadership Responsibility (tone at the top mentality)
  2. Relevant Ethical Requirements
    1. If the engagement team identifies a threat to independence that safeguards may not eliminate or reduce to an acceptable level, the engagement partner is required to report the matter to the relevant person(s) in the firm to determine the appropriate action (to either eliminate the threat or withdraw from the engagement when withdrawal is allowed under applicable law or regulation).
  3. Acceptance and Continuance of client relationships and engagements (risk assessment of engagement)
  4. Human Resources (address personnel issues and procedures)
  5. Engagement Performance (compliance with firm and professional standards)
  6. Monitoring


SQCS: Timing of Control Review - The Main Difference Between the Clarified SAS and the Corresponding International Standard on Auditing

  • The SAS requires that the quality control review must be completed before the engagement partner releases the auditor's report,
  • whereas the ISA requires that the quality control review be completed before the engagement partner dates the auditor's report.


Other AICPA Standards apply to Non-Audit Engagements

  • Statements on Standards for Accounting and Review Services (SSARS) - apply when the accountant provides either Compilation or Review services to F/S of non-issuers (private companies).  
  • Statements on Standards to Attestation Engagements (SSAEs) - apply when the accountant provides assurance on management representations or subject matter other than traditional F/S.


Positive Assurance

Highest level of assurance possible.  Associated with an "Audit" under the ASB standards and/or with an "Examination" under the SSAE standards.  

We have an opinion!


Negative Assurance

Limited assurance (moderate level of assurance) associated with a "Review" either of the F/S (ASB standards) or other subject matter (attestation standards = SSAEs).  


3rd Type of Assurance that is neither positive nor negative

Assurance expressed as "Procedures/Finding" for agreed upon procedures engagement under the attestation standards (SSAEs).  

Here's what we did and here's what we found


No Assurance

Associated with a compilation engagement (where we assemble the F/Ss) and we express no conclusions as to its reliability.  


Auditor Flow Chart


SQCS - Differences of Opinion

The firm should establish policies and procedures for dealing with and resolving differences of opinion within the engagement team, with those consulted, and between the engagement partner and the engagement quality control reviewer (including that the conclusions reached are documented and implemented and that the report is not released until the matter is resolved).


Auditor's Report - 1st Section & 2nd Section

  • 1st Section has no label. It identifies the nature of the engagement and the entity's financial statements involved (consists of 1 sentence).
  • 2nd Section is labeled "Management's Responsibility for the Financial Statements" -- (1 sentence) it states that management is responsible for the fair presentation of the F/S and the implementation of internal control.


Auditor's Report - 3rd Section - Paragraph 1/3

The first consists of 3 sentences:

  1. Responsibility to express an opinion;
  2. Conducted the audit in accordance with (GAAS); and
  3. Plan and perform the audit to provide reasonable assurance.


Auditor's Report - 3rd Section - Paragraph 2/3

The second consists of 5 sentences:

  1. Perform procedures to obtain audit evidence about the amounts and disclosures;
  2. The procedures depend on the auditor's judgment, including assessment of risks of material misstatement, whether due to fraud or error;
  3. In making those risk assessments, the auditor considers internal control;
  4. The auditor expresses no such opinion (on internal control, when not engaged to report on internal control in an "integrated audit"); and
  5. An audit includes evaluating the appropriateness of accounting policies used and the reasonableness of significant accounting estimates.


Auditor's Report - 3rd Section - Paragraph 3/3

The third consists of 1 sentence -- expressing the auditor's belief that the audit evidence is sufficient and appropriate to provide a basis for the opinion.


Auditor's Report - 4th Section

The fourth section is labeled "Opinion" -- (1 sentence) it expresses the auditor's opinion (in the same wording as that used in the previous AICPA standards).


Auditor's Report - Sections & Sentences

The AR has 4 sections and 12 total sentences.

  1. Defines nature of engagement and F/S (1)
  2. Management's Responsibility for the F/S (1)
  3. Auditor's Responsibility (9)
    1. Opinion, GAAS, reasonable assurance (3)
    2. Evidence, MM, I/C, No opine on I/C, Policies and Estimates
    3. Evidence is sufficient base for opinion
  4. State Opinion


Initial Audit:

Ordinarily, the predecessor auditor permits the successor auditor to review the predecessor's working paper analyses relating to?

Predecessor's audit documentation related to:

  • Planning
  • Internal Control
  • Audit Results
  • Balance Sheet Accounts
  • Contingencies


Before accepting a client for an Audit engagement, the CPA firm should consider:

  • Client's business risk
  • CPA's business risk


  • The client's business risk is the risk that the client will fail to meet its objectives, particularly with regard to survival and profitability.
  • The CPA's business risk is the risk that the CPA's business will suffer due to association with the client. The CPA should consider both risks in determining whether to accept a client for an audit engagement.


Professional standards require that the auditor establish an understanding with the client regarding the services to be performed. The understanding would generally include:

  1. the objective of the audit;
  2. management's responsibilities with regard to the financial statements, internal control, compliance with laws and regulations, availability of records, and the management representation letter;
  3. the auditor's responsibilities for GAAS and reportable conditions;
  4. a description of an audit; and
  5. management's responsibilities regarding correction of material misstatements and evaluation of immaterial adjustments.


Terms of Engagement


The auditor's objective is to accept an audit engagement involving a new or existing audit client only when the basis for the audit has been agreed upon by

  1. establishing when the "preconditions for an audit" are present; and
  2. confirming that a common understanding of the terms of the engagement exists between the auditor and management (and those charged with governance, as applicable).

Preconditions for an audit

  1. The use by management of an acceptable financial reporting framework in the preparation of the financial statements and
  2. the agreement of management to the premise on which an audit is conducted.


Pre-Engagement Planning:

  • Management's Responsibilities

Management should acknowledge its responsibility for:

  1. the fair presentation of the financial statements;
  2. the design and implementation of effective internal control over financial reporting; and
  3. providing the auditor with all information relevant to the financial statements and
  4. any additional information requested by the auditor, and providing access to all entity personnel relevant to the audit of the financial statements. (The auditor should determine whether the financial reporting framework is appropriate and obtain an agreement that management acknowledges and understands its responsibilities.)


Pre-Engagement Planning:

  1. What if the pre-conditions for an audit are not present?
  2. What if management imposes a limitation on the scope of the audit?
  3. If agreed upon, where should the engagement terms be documented?

  1. No PC = the auditor should not accept the engagement; instead, the auditor should discuss the matter with management.
  2. If management imposes a limitation on the scope of the audit that the auditor believes would result in a disclaimer of opinion (called a "limited engagement") -- the auditor normally should not accept the engagement. If such an entity is required by law or regulation to have an audit, the auditor is then allowed to accept the "limited engagement," so as long as a disclaimer of opinion is acceptable under the applicable law or regulation.
  3. The agreement of the terms of the engagement should be documented in an audit "engagement letter."


Pre-Engagement Planning:

  • Engagement Letter

Agreement on audit engagement terms -- The agreement of the terms of the engagement should be documented in an audit "engagement letter" and address the following:

  1. The objective and scope of the audit;
  2. The auditor's responsibilities;
  3. Management's responsibilities;
  4. A statement about the inherent limitations of an audit;
  5. A statement identifying the applicable financial reporting framework;
  6. Reference to the expected content of any reports to be issued; and
  7. Other matters as warranted in the auditor's judgment.


Initial Audit:

  • Definition
  • Requirements

Initial audit refers to when the prior year's financial statements have been audited by a different auditor (referred to as the "predecessor auditor").

  • Before accepting engagement, the auditor should request that management authorize the predecessor auditor to respond to the auditor's inquiries relevant to the decision whether to accept the engagement.
    • If management refuses to authorize, auditor must consider this when deciding whether to accept the engagement.  
  • The predecessor is expected to respond fully and to indicate when the response is limited. The auditor should evaluate the predecessor's response in deciding whether to accept the engagement.
  • The auditor's communication with the predecessor auditor may be written or verbal.


Initial Audit:

  • The auditor's communication with the predecessor auditor may be written or verbal
    • typical matters expected to be addressed include the following:

  • Information that might bear on the integrity of management;
  • Any disagreements with management about accounting or auditing issues;
  • Communications involving those charged with governance with respect to fraud and/or noncompliance with applicable laws or regulations;
  • Communications involving management and those charged with governance regarding significant deficiencies in internal control; and
  • The predecessor's understanding about the reasons for the entity's change in auditors.


Recurring Audit Engagements:

  • Engagement letter?

  • The auditor may remind management of the terms of the engagement in writing or verbally. When the communication is oral, it is desirable to document the significant matters discussed (including with whom and when).
  • It may be appropriate to revise the terms of the previous engagement --This is the case, for example, when there is a change in senior management or a significant change in ownership; when there is a change in the financial reporting framework adopted; when there is a change in legal or regulatory requirements; when there is any indication that management misunderstands the nature of the audit; or when there are special terms to the engagement.


Acceptance of Change in Terms of Audit Engagement

  1. If the auditor is asked to change the audit engagement to an engagement resulting in a lower level of assurance (prior to completing the audit engagement) -- The auditor should determine whether reasonable justification for doing so exists; if not, the auditor should decline the request.
  2. Suppose that the auditor concludes no reasonable justification for such a change exists, but management will not permit the auditor to continue the original audit engagement. The auditor should:
    1. withdraw from the audit engagement when possible;
    2. communicate the circumstances to those charged with governance; and
    3. determine whether there is any legal or other obligation to report the matter to any other parties.
  3. Reasonable basis for a change -- Reasonable justification would exist when there is a change in circumstances affecting management's requirements, or if there was a misunderstanding about the nature of the service originally requested. The resulting report should not refer to any audit procedures performed prior to changing the engagement to a review or other service.


Planning An Audit

auditor's objective is to plan the audit so that it will be performed in an effective manner.

  • Involvement of Team Members

The engagement partner and other key members of the audit team should be involved in planning activities.

  • The nature and extent of planning varies with the size and complexity of the entity
  • Planning is an ongoing iterative process, not a one-time activity
  • The engagement partner may delegate portions of planning and supervision to other personnel, but a discussion about the risk of material misstatement (including fraud risks) among key members of the audit team, including the engagement partner, is required.


Preliminary Engagement Activities

The auditor should address the following matters at the beginning of the engagement:

  1. Perform appropriate procedures to address quality control issues related to the continuance of the client relationship and the specific audit engagement (including consideration of issues regarding management integrity);
  2. Evaluate compliance with relevant ethical requirements related to quality control considerations (particularly regarding independence issues);
  3. Establish an understanding of the terms of the engagement.


Planning An Audit:

  • Audit Strategy

The auditor should establish an "overall audit strategy" dealing with the scope and timing of the audit work, which affects the development of the required "audit plan."

  1. Identify relevant characteristics of the engagement affecting its scope;
  2. Identify the reporting objectives of the engagement and required communications;
  3. Consider the factors that are significant in utilizing the audit team;
  4. Consider the results of preliminary engagement activities, and
  5. Determine the nature, timing, and extent of necessary resources for the engagement.
  6. The overall strategy affects the auditor's decisions regarding the allocation of audit resources to specific audit areas and how those resources are managed and supervised.
  7. Communication with those charged with governance -- The auditor is required to communicate with those charged with governance about an overview of the planned scope and timing of the engagement. The auditor may discuss planning issues with management, but should be careful to avoid divulging details that might reduce the effectiveness of the audit by making the auditor's procedures and scope too predictable.


Planning An Audit:

  • Audit Plan
    • more detailed than Audit Strategy
    • a basic tool used by the auditor to control the audit work and review the progress of the audit

The auditor should also develop an "audit plan." (In practice, the term "audit program" is often used in place of what the AICPA calls the "audit plan.") The audit plan encompasses:

  1. the nature and extent of planned risk assessment procedures;
  2. the nature, timing, and extent of planned "further audit procedures" at the relevant assertion level; and
  3. other planned audit procedures necessary to comply with GAAS.


Because planning is an iterative process, the auditor should make appropriate changes to the overall strategy and to the audit plan as necessary during the course of the audit if unexpected circumstances are encountered.


Planning An Audit:

  • Documentation Required

The auditor should address the following matters in the audit documentation:

  1. the overall audit strategy;
  2. the audit plan; and
  3. any significant changes made to the audit strategy or the audit plan during the audit engagement, along with the reasons for any such changes.


Planning An Audit:


remember they are similar in nature

  • AICPA - Recall the AICPA's specific "Performance Principle" dealing with "planning, materiality, risk assessment, and evidence," which states: "To obtain reasonable assurance, which is a high, but not absolute, level of assurance, the auditor: plans the work and properly supervises any assistants."
  • GAAS - For PCAOB auditing standards, recall the First Field-work Standard of GAAS "The auditor must adequately plan the work and must properly supervise any assistants."


Materiality Amount Determination

In considering materiality for planning purposes, an auditor believes that misstatements aggregating $10,000 would have a material effect on an entity's income statement, but that misstatements would have to aggregate $20,000 to materially affect the balance sheet.

Ordinarily, it would be appropriate to design auditing procedures that would be expected to detect misstatements that aggregate

Materiality should be considered in terms of the smallest aggregate level of misstatements that could be considered material to any one of the financial statements. As $10,000 is material to the income statement and that amount is smaller than the $20,000 material to the balance sheet, the smaller amount would be used.


Under what circumstance may an auditor, in using the work of a "specialist," may refer to the specialist's findings in the auditor's report?

The auditor may refer to the specialist's findings in the audit report if, as a result of the specialist's findings, the auditor modifies the opinion on the entity's financial statements.


Is a specialist required to be independent?

The specialist is not required to be independent. The auditor, however, must evaluate the nature of the relationship of the specialist to the client and assess the specialist's ability to be objective.

An auditor should obtain an understanding of the nature of the work performed by the specialist, including the objectives and scope. The auditor should also understand the specialist’s relationship to the client, the methods or assumptions used (including a comparison with the preceding period), the appropriateness of using the specialist’s work, and the form and content of the specialist’s findings.


An auditor is obligated to communicate an uncorrected audit adjustment to an entity's audit committee (or those charged with governance) only if the adjustment:

  • Is individually material
  • Is not believed to be trivial
  • Is a recurring matter that was proposed to management the prior year.
  • Results from the correction of a prior period's departure from GAAP.

All uncorrected misstatements must be communicated to the audit committee (or those charged with governance), unless they are deemed to be trivial.


  • Describe Detection Risk
  • As the acceptable level of detection risk increases, an auditor may change the?

  • DR is the last risk component of Audit Risk formula.  It is entirely controlled by the auditor and represents the risk that auditor's substantive audit procedures will not detect a MM.  
  • Performing substantive tests at an interim date increases the risk that misstatements that exist at the balance sheet date will not be detected by the auditor. Evidence collected at an interim date is therefore less strong than evidence collected at year end. Increasing detection risk means that the auditor can obtain less or weaker evidence. As a result, the auditor may be able to push the timing of substantive tests from year end to an interim date.


Holding other planning considerations equal, a decrease in the number of misstatements in a class of transactions that an auditor could tolerate most likely would cause the auditor to?

Perform the planned auditing procedures closer to the balance sheet date.

When the level of tolerable misstatements decreases, the auditor will have to increase substantive testing to ensure that all material misstatements are detected. Performing the planned auditing procedures closer to the balance sheet date increases the effectiveness of substantive procedures and thus increases substantive testing.


Analytical procedures serve 3 audit purposes (two of which are required)


  1. For risk assessment (required!) - i.e. Planning;
  2. For substantive purposes (widely used voluntarily, but not technically required); and
  3. As a final review (required!).

substantive testing not technically required!


Analytical Procedures - Planning

Remember AP's are typically done by the manager or partner.  They are higher level activities.  The staff person typically performs the substantive testing procedures in the field.  

Analytical procedures used in planning the audit should focus on: 

  1. enhancing the auditor's understanding of the client's business and the transactions and events that have occurred since the last audit; and 
  2. identifying areas of specific risk to the audit.

Analytical procedures used in planning often use data aggregated at a high level.

In planning the audit engagement, an auditor likely would compare current-year balances with budgeted balances that would be useful in developing expectations.


Which of the following tends to be most predictable for purposes of analytical procedures applied as substantive tests?

  1. Relationships involving balance sheet accounts.
  2. Transactions subject to management discretion.
  3. Relationships involving income statement accounts.
  4. Data subject to audit testing in the prior year.

Relationships involving income statement accounts.

Relationships involving income statement accounts tend to be more predictable for analytical review purposes because the income statement accounts represent transactions occurring over a period of time.


Analytical Procedures and Predictability of Relationships

Relationships involving transactions from which of the following accounts most likely would yield the highest level of evidence?

  • Relationships involving income statement accounts and nondiscretionary accounts tend to be more predictable than relationships involving balance sheet accounts. This occurs because income statement accounts capture transactions occurring over a period of time, whereas balance sheet accounts look at balances at a single point in time.
  • Nondiscretionary accounts are not subject to change based on management decisions. Payroll expense, as an income statement and relatively nondiscretionary expense, would most likely yield the highest level of evidence.


Which of the following is not a specialist upon whose work an auditor may rely?

  • Actuary
  • Appraiser
  • Internal Auditor
  • Engineer

Internal Auditor

The professional standards relating to the work of a specialist do not apply to the work of an internal auditor.


Illegal Acts

  • remember the auditor is not qualified to detect all types of illegal acts, but if an illegal act comes to the auditor's attention, they should follow up on it with alternate procedures to identify the illegal act's impact on the FS.  

Upon discovering that the client has engaged in illegal acts, the professional standards indicate that the auditor should consider the need to withdraw when the client does not take remedial action, even when the illegal act involved is immaterial


Management Financial Statement Assertions

  • Transaction Classes (OAC3)

  • Occurrence
  • Completeness
  • Accuracy
  • Cutoff
  • Classification


Management Financial Statement Assertions

  • Account Balances (ERCV)

  • Existence
  • Rights and Obligations
  • Completeness
  • Valuation and Allocation


Management Financial Statement Assertions

  • Disclosures (ORCAC)

  • Occurrence
  • Rights and Obligations
  • Completeness
  • Accuracy and evaluation
  • Classification and understandibility


Audit Risk Formula & Definitions

AR = IR x CR x DR, or AR = RMM x DR, or AR = RMM x TD x AP

Remember it is a multiplicative model and the presence of audit risk is indicated in the auditor's report by the words "reasonable assurance."

  • Audit Risk = the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk.
  • Inherent Risk = The susceptibility of a financial statement assertion to a material misstatement assuming there are no related controls.
  • Control Risk = The probability that a material misstatement that occurred in the first place would not be detected and corrected by internal controls that are applicable.
  • Detection Risk = The probability that a material misstatement that was not prevented or detected and corrected by internal control was not detected by the auditor's substantive audit procedures (that is, an undetected material misstatement exists in a relevant assertion).


Prior to, or in conjunction with, the information-gathering procedures for an audit, audit team members should discuss the potential for material misstatement due to fraud. Which of the following best characterizes the mind-set that the audit team should maintain during this discussion?

  1. Presumptive
  2. Judgmental
  3. Criticising
  4. Questioning


Auditors must maintain a questioning mind and exercise professional skepticism.


Individuals who commit fraud are ordinarily able to rationalize the act and have?

  1. Incentive
  2. Professional Skepticism

Yes to Incentive and No to Professional Skepticism

The three conditions generally present when fraud occurs are that individuals have an:

  1. incentive or pressure,
  2. opportunity, and
  3. ability to rationalize.


Disagreements btw. Auditor & Management that must be communicated to those charged with governance.  

The professional standards require that disagreements that should be communicated include those relating to

  1. estimates,
  2. the scope of the audit,
  3. application of accounting principles,
  4. the wording of the audit report,
  5. and other matters.


Holding all other factors constant, decreasing the extent of substantive audit procedures for any account ordinarily has what effect on audit risk?

Decreasing the extent of substantive audit procedures increases detection risk, and this will increase audit risk when all other factors remain constant.


What is the most likely course of action that an auditor would take after determining that performing substantive tests on inventory will take less time than performing tests of controls?

Alternatively, the risk assessment may not include an expectation that controls operate effectively. This will be the case when (1) controls appear weak, or (2) the auditor believes that performing extensive substantive procedures is likely to be more cost effective than performing a combination of tests of controls and a decreased scope of substantive procedures.

When the risk assessment does not include an expectation that controls operate effectively, further audit procedures will consist entirely of substantive procedures. No evidence on the operating effectiveness of the controls need then be gathered; that is, no tests of controls will be performed. If a separate assessment of control risk is made, control risk is at the maximum level and the auditor will design substantive tests placing no reliance upon the controls operating effectively.


Which of the following is correct concerning PCAOB guidance that uses the term “must”? 

  1. The auditor must fulfill the responsibilities if relevant to the audit.
  2. The auditor must comply with requirements unless s/he demonstrates that alternative actions were sufficient to achieve the objectives of the standards.
  3. The auditor should consider the guidance; whether the auditor follows depends on exercise of professional judgment in the circumstances.
  4. The auditor has complete discretion as to whether to perform the procedure.

The auditor MUST fulfill the responsibilities if relevant to the audit.

This answer is correct because terms such as "must," "shall," and "is required to" are used to indicate that the auditor must fulfill the responsibilities if those responsibilities are relevant to the audit being performed.


As guidance for measuring the quality of the performance of an auditor, the auditor should refer to

  1. Statements of the Financial Accounting Standards Board.
  2. Generally accepted auditing standards.
  3. Interpretations of the Statements on Auditing Standards.
  4. Statements on Quality Control Standards.

Generally accepted auditing standards.  Auditors are responsible for compliance with generally accepted auditing standards and comparison of their performance against these standards is appropriate.

Statements on Quality Control Standards provide guidance for CPA firms in meeting their responsibility to provide professional services that conform with professional standards.


Timing Considerations

The higher the risk of material misstatement, the more likely it is that the auditor may decide it is more effective to

  1. Perform substantive procedures nearer to, or at, the period end rather than at an earlier date, or
  2. Perform audit procedures unannounced or at unpredictable times

If the auditor performs tests of operating effectiveness of controls or substantive procedures before period end, the auditor should consider the additional evidence that is needed for the remaining period

Other timing considerations

  • Control environment strength
  • When relevant information is available (e.g., electronic files may subsequently be overwritten)
  • Nature of risk (e.g., risk of inflated revenues to meet earnings expectations)
  • Period or date to which audit evidence relates