Presentation Outline • Application of Audit Testing • Selecting Tests to Perform • Design of the Audit Program • A Summary of the Audit Process
I. Application of Audit Testing • Tests of Controls • Testing for Monetary Misstatement • Reduction of Risk • Audit Assurance at Different Levels of Internal Control Effectiveness • Simultaneous Testing of Controls and Substantive Testing of Transactions • Timing of Audit Testing
A. Tests of Controls Audit procedures to test the operating effectiveness of control policies and procedures in support of a reduced assessed control risk. Some examples include: • Matching of vendor invoices against a purchase order and receiving report before approving invoice for payment. • Examination of employee time cards for approval of overtime.
B. Testing for Monetary Misstatement • Substantive Tests of • Transactions • Testing for monetary • misstatements to determine • if the following 6 transaction- • related audit objectives • have been met: • Existence • Completeness • Accuracy • Classification • Timing • Posting and Summarization • Tests of Details of • Balances • Testing for monetary • misstatements to determine if the • following 9 balance-related audit • objectives have been met: • Existence • Completeness • Accuracy • Classification • Cutoff • Detail tie-in • Realizable value • Rights and obligations • Presentation and disclosure
Control Risk Procedures to gain an understanding of internal control Tests of controls Once the auditor obtains an initial understanding of controls, tests of controls must be performed to obtain evidence regarding the effectiveness of controls. Stronger controls will allow the auditor to assess control risk below the maximum. Detection Risk Substantive tests of transactions Analytical procedures Tests of details of balances The more evidence an auditor collects from the above procedures, the lower the detection risk. Detection risk must be lower when control risk is higher. C. Reduction of Risk
D. Audit Assurance at Different Levels of Internal Control Effectiveness C3 Acceptable assurance Audit assurance from control risk assessment and tests of control C2 Audit assurance from substantive tests AUDIT ASSURANCE C1 No assurance A C B INTERNAL CONTROL EFFECTIVENESS Weak control Strong control Reliance on controls: C3 – None, C2 – Some, C1 – Maximum
E. Simultaneous Testing of Controls and Substantive Testing of Transactions • The determination of control risk affects the type of procedures and sample size for the substantive testing of transactions. • For purposes of convenience, the testing of controls and substantive testing of transactions will often occur simultaneously. • In such situations the auditor will make an assumption about the results of tests of controls. If the testing of controls indicates that internal control is worst than expected, substantive testing of transactions will have to be modified accordingly.
F. Timing of Audit Testing Auditors frequently consider it desirable to perform audit tests prior to year end. Certain procedures may be performed at an interim time (prior to client’s year end) : • Update depreciation schedules • Examine new loan agreements • Vouch transactions • Analyze changes in client’s accounting system • Review board of director minutes • If strong internal controls exist the auditor may also: • Observe physical inventories • Confirm account balances
II. Selecting Tests to Perform • The Cost of Testing • Appropriate Evidence for Audit Testing • Risk and Testing in the Audit Process
A. The Cost of Testing Going from the most to least costly, the types of tests are: • Tests of details of balances • Substantive tests of transactions • Tests of controls • Procedures to obtain an understanding of internal controls • Analytical procedures
Type of Evidence Reperformance Analytic performance Inquiries of the client Physical Examination Confirmation Documentation Observation B. Appropriate Evidence for Audit Testing Type of Test Procedures for internal control Tests of controls Substantive tests of transactions Analytical procedures Tests of details of balances
Substantive Testing of Transactions In some situations it may be more efficient to assess control risk at a higher level and reduce or eliminate tests of controls. This depends on cost of testing controls versus the additional substantive testing that would result from a higher control risk. Tests of Details of Balances If tolerable misstatement is low, and inherent risk and control risk are high, planned tests of details of balances must be high. C. Risk and Testing in the Audit Process
III. Design of the Audit Program • Tests of Controls and Substantive Tests of Transactions • Analytical Procedures • Tests of Details of Balances Most audits design an audit program in the following three parts:
A. Tests of Controls and Substantive Tests of Transactions A four-step approach when the auditor plans to reduce assessed control risk below the maximum: • Transaction related audit objectives are applied to the class of transactions being tested, such as sales. • Key controls that should reduce control risk for each transaction-related audit objective are identified. • For all internal controls used to reduce the initial assessment of control risk below the maximum (key controls), appropriate tests of controls are developed. • Design appropriate substantive tests of transactions, considering weaknesses in internal control and expected results of tests of controls (allows for simultaneous tests of controls and substantive testing). Note: If control risk is assessed at 1.0, only substantive tests of transactions will be used in this part of the audit program.
B. Analytical Procedures Analytical procedures may be performed during 3 different stages of the audit: • In the planning stage to help the auditor understand the client’s business and determine other evidence needed to satisfy acceptable audit risk. • During the audit, especially during substantive testing. • Near the end of the audit as a final test of reasonableness.
C. Tests of Details of Balances If the results of tests of controls, substantive tests of transactions, and analytical procedures are not consistent with the predictions, tests of details of balances will need to be changed as the audit progresses. Figure 13-6 on page 388 illustrates the testing methodology using Accounts Receivable
IV. A Summary of the Audit Process
Summary of the Audit Process - Phase I (Planning) Accept client and perform initial planning. Understand the client’s business and industry. Assess client’s business risk. Perform preliminary analytical procedures. Set materiality and assess acceptable audit risk and inherent risk. Understand internal control and assess control risk. Develop overall audit plan and audit program.
Summary of the Audit Process - Phase II (Begin Field Work) From Phase I Plan to reduce assessed level of control risk? No Yes Perform tests of controls. Perform substantive tests of transactions. Assess likelihood of misstatements in financial statements.
Summary of the Audit Process Phase III (End of Fieldwork) From Phase II Likelihood of Misstatement in Financial Statements Low Medium High or unknown Perform analytical procedures. Perform tests of key items. Perform additional tests of details of balances.
Summary of the Audit Process Phase IV (Wrap-Up) From Phase III Review for contingent liabilities. Review for subsequent events. Accumulate final evidence. Evaluate results. Issue audit report. Communicate with audit committee and management.