Understanding Auditing Standards and Procedures: A Comprehensive Guide

Posted on Apr 28, 2024 in Law & Jurisprudence

Understanding Auditing Standards and Procedures

ASA 220: Quality Control for Financial Report Audits

ASA 220 establishes the auditor’s responsibilities regarding quality control procedures for financial report (FR) audits. Key elements include:

  1. Leadership opportunities
  2. Ethical requirements (e.g., independence)
  3. Client evaluation
  4. Assignment of engagement teams
  5. Engagement performance
  6. Monitoring
  7. Documentation

Audit Strategy

Two main audit strategies exist:

  1. Predominantly Substantive: Used when the preliminary assessment of control risk (CR) is high, internal controls (IC) are poor/unreliable, there is no reliance on controls (TOC), and a lot of substantive testing (ST) is required.
  2. Lower Assessed Level of CR: Used when the preliminary assessment of CR is low, IC is good/reliable, TOC is performed, and ST is reduced.

Audit Opinions/Reports

Unmodified Audit Report

Issued when the auditor believes the client’s FR complies in all material aspects with the applicable FR framework and gives a true and fair view of the client’s financial situation.

Modified Audit Report

Issued when an unmodified report isn’t appropriate due to two main conditions:

  1. The FR is materially misstated.
  2. There’s a scope limitation preventing the auditor from obtaining sufficient appropriate evidence.

Three types of modified audit reports exist:

  1. Qualified Opinion: Issued when either of the above conditions exists, but the effect isn’t pervasive (highly significant).
  2. Adverse Opinion: Issued when the FR is materially misstated, and the effect is so pervasive that the FR cannot be relied upon by users.
  3. Disclaimer of Opinion: Issued when there is a severe scope limitation, the effect of which is so pervasive that the auditor is unable to express an opinion on the financial statements (FS).

Audit Planning

Key steps in audit planning include:

  1. Accepting the client and performing initial audit planning:
    1. Accepting a new client or continuing with an existing client (considering management integrity, auditor competence/capabilities, ethics/independence, and significant matters from current/previous audits)
    2. Identifying reasons for the audit (identifying users and discussing with management)
    3. Obtaining a mutual understanding with the client about the terms of the engagement (engagement letter – legal contract)
    4. Selecting staff for the engagement and evaluating the need for outside specialists
  2. Understanding the client’s industry and business:
    1. Industry/external environment
    2. Business operations/processes, including related parties (directors, spouses, parents/kids of directors, controlled entities by the client, must be disclosed in FS)
    3. Management and governance
    4. Objectives/strategies (reliability of FR, effectiveness/efficiency of operations, compliance with laws)
    5. Measurement/performance
  3. Assessing client business risk
  4. Performing preliminary analytical procedures (AP)
  5. Setting materiality and assessing acceptable audit risk and inherent risk (IR)
  6. Understanding IC and assessing CR
  7. Gathering information to assess fraud risk
  8. Developing the overall audit plan and audit program

Materiality

Three materiality levels exist:

  1. Financial Statement Level: Materiality for the FR as a whole.
  2. Assertion Level: Materiality for classes of transactions, account balances, or disclosures.
  3. Performance Materiality: Amounts set at less than materiality to reduce to an appropriately low level the probability that the aggregate of uncorrected/undetected misstatements exceeds the materiality determined for a) and b).

Steps in Applying Materiality

  1. Set a preliminary assessment about materiality
  2. Allocate the preliminary assessment about materiality to segments (considering the likelihood of misstatements in the account, the account balance size, and the probable cost of verifying the account)
  3. Estimate total misstatements in segments (including known misstatements that the auditor can determine and unknown misstatements due to disagreements in judgment between the auditor and management or projected misstatements required when sampling is used)
  4. Estimate the combined misstatement
  5. Compare the combined estimate with the assessment about materiality

Factors Affecting Assessment of Inherent Risk

Main factors include industry factors, the nature of the audit client’s business, management integrity, audit client motivation, results of previous audits, initial vs. repeated engagements, related parties, non-routine transactions, judgment required for correct recording, makeup of the population, susceptibility of fraudulent FR, susceptibility of misappropriation of assets, and other factors like IT changes, litigation, legal environment, and country factors.

Internal Control Tests

Several types of IC tests exist:

  1. Risk assessment procedures: Evaluate the control environment and design effectiveness.
  2. Tests of controls (TOC): Evaluate operational effectiveness.
  3. Substantive procedures (SP): Provide direct evidence as to the substance of management’s FS assertions.
  4. Dual-purpose tests: Combine TOC and SP, designed and evaluated by considering each purpose of the test separately (e.g., transaction walk-through – sales revenue source document check if transactions are correctly recorded in the sales journal and sales reports/ledger; serial numbers properly authorized, traced to the accounting department through journals, and all relevant source documents are kept; before recording, the accountant checks and matches with details; examine the IC).

Limitations of Internal Controls

Inherent limitations of IC include management override, collusion, non-routine transactions, breakdowns (carelessness/distractions, mistakes in judgment, changes in operations/conditions), and the cost-benefit analysis (CBA) of reasonable assurance.