Duty Department/Individual
Provides authorizations of employees and their pay rates  – Human resources
Oversees employees’ working hours (time cards)  – Timekeeping
Prepares the payroll register – Payroll
Prepares payment vouchers – Accounts payable
Approves the payments (signing checks) – Cash disbursement (CFO)
Records the payrolls – General ledger

Electronic Data Interchange – EDI is the communication of electronic documents directly from a computer in one entity to a computer in another entity.

The advantages of using EDI are:

1. Reduced clerical errors
2. Increased speed
3. Elimination of repetitive clerical tasks
4. Elimination of document preparation, processing, filing, and mailing costs

An audit trail allows for the tracing of a transaction from initiation to disposition. One key element of an audit trail in transactions involving auditing electronic data interchange (EDI) is the activity log.

Completeness assertion for sales and receivables
Reconciling total amounts in subsidiary ledgers with the general ledger
Performing analytical procedures (e.g., comparing accounts receivable turnover with previous year)
Accounting for the numerical sequence of sales orders, shipping documents, and invoices
Tracing from sales invoices to shipping documents

Accuracy assertion for sales and receivables 

Obtaining management representation letters
Evaluating disclosures about reportable operating segments (e.g., geographic areas)
Comparing general ledger balances with financial statement balances
Preparing bank reconciliations

Valuation and Allocation assertion for sales and receivables 

Comparing aged accounts receivables schedule with the prior year’s
Tracing subsequent cash receipts
Reviewing delinquent customers’ credit ratings
Testing the allowance for credit losses and write-offs

Existence assertion for sales and receivables 

Sending external confirmations
Vouching journals to shipping documents

Cutoff assertion for sales and receivables 

Sales cutoff – Testing whether revenue is recognized in the appropriate period
— Tracing shipping documents to accounting records near year end
Cash receipts cutoff – Testing the recording of cash receipts and accounts receivable reduction
— Tracing daily remittance list to accounting records near year end

Rights and Obligation assertion for sales and receivables 

Inquiring of management (e.g., whether the accounts receivable is pledged and factored)
Tracing cash receipts to deposits into bank accounts
Determining the right of return, expected returns, and actual returns

Occurrence assertion for sales and receivables 

Vouching samples of recorded sales transactions to customer orders and shipping documents

Classification and understandability assertion for sales and receivables
Evaluating
— Classification of
–Sales (minus returns and allowances) as revenue
— Accounts receivables (minus allowance) as current assets
Disclosures of
— Accounting policies
— Pledges and factoring of accounts receivables
— Sales and receivables with related parties

Types of Controls and Scope

General controls – The organization’s entire processing environment
Application controls – Particular to each of the organization’s applications

Three Categories of Application Controls are: 

Input controls
Processing controls
Output controls

Three types of controls classified by function are:

Preventive controls
Detective controls
Corrective controls

Input controls provide reasonable assurance that data submitted for processing are
Authorized
Complete
Accurate

Examples of Input Controls are:
Preformatting Entry in an online tax return
Edit (field) checks – Rejecting the input of letters for SSNs
Limit (reasonableness) checks –  Rejecting working hours of over 100 per week
Check digits – Using algorithms to verify ID numbers
Record count – Matching the number of time clock cards with the number of payroll records processed
Financial total – Matching the sum of individual salaries with total salaries
Hash total – Matching the sum of individual SSNs with a predetermined total

Processing controls provide reasonable assurance about:
Processing controls provide reasonable assurance that
All data submitted for processing are processed
Only approved data are processed

Examples of processing controls.
Control Description /Example
Validation Rejecting transactions by vendors whose vendor numbers are not in the vendor master file
Completeness check –  Rejecting records with missing data
Arithmetic controls – Zero-balance checking

Output controls provide assurance that processing was complete and accurate.

Control Description/Example
Audit trail Checking for the completeness of each process
Error listing Reporting all transactions rejected by the system

Three Objectives of Internal Control are: 

Operations
—- Effectiveness and efficiency of operations
Reporting
— Reliability of financial reporting
Compliance
— Compliance with applicable laws and regulations

5 Components of Internal Control are:

Internal controls stop CRIME
Control activities Policies and procedures
Risk assessment process Identification and analysis of relevant risks
Information system Information systems and communication
Monitoring of controls Assessment of control effectiveness over time and corrective actions
Control environment Tone at the top and control consciousness of members

Internal controls provide only reasonable assurance, but not absolute assurance, that an entity’s objectives are met.

Inherent Limitations of Internal Control are:

Human error (e.g., faulty human judgment)
Collusion
Management override
Cost and benefit constraint

Documentation of Audit Plans include:

The overall audit strategy (basis of the audit plan)
Procedures to be performed
Risk assessment procedures
Further procedures
Other procedures
Involvement of specialists

Three aspects of audit procedures should be documented in audit plans are:
NET of procedures
N = Nature
E = Extent
T = Timing

Factors external auditors consider before using the work of internal auditors are:
The objectivity of the internal auditors
The level of competence of the internal audit function
Whether the internal audit function applies a systematic and disciplined approach

Factors auditors consider before using the work of a specialist are:
The auditor should evaluate whether the auditor’s or management’s specialist has the necessary
Competence,
Capabilities, and
Objectivity.

Transactions that may suggest related-party transactions are:
Exchanging property for similar property in a nonmonetary transaction
Borrowing or lending at rates significantly above or below market rates
Selling realty at a price materially different from its appraised value
Making loans with no scheduled repayment terms

Accounting estimates
The objective of the auditor is to obtain sufficient appropriate audit evidence about whether accounting estimates, including fair value accounting estimates, are reasonable and related disclosures are adequate. This is achieved by determining whether
Management has appropriately applied the applicable financial reporting framework
The methods for making the accounting estimates are appropriate and have been applied consistently
The estimates, individually or collectively, exhibit no significant management bias

[A] Pre-Engagement Acceptance Responsibilities

1) Preconditions for an Audit – Auditor to determine that management uses

1. Acceptable financial reporting framework
2. Understands its responsibility for the preparation and fair presentation of financial statements
3. Understands its responsibility for the design, implementation and maintenance of internal control and
4. Understands its responsibility to provide access to all information

2) Client Acceptance –
It is continuous evaluation of existing clients and evaluation of new clients

1. Successor Auditor is responsible for initiating the communication and is required to communicate with the predecessor auditor BEFORE accepting the engagement
2. Successor auditor to consider the implications in event of client’s refusal to grant permission or predecessor auditor’s failure to respond fully
3. Establish an understanding with the client regarding services to be performed

3) Engagement Letter –
Engagement Letter to include audit scope, limitations, expectations, fees and responsibilities of  management for services

[B] Planning an Audit

Planning – Overall strategy for the audit (Size and complexity of the entity, Auditor’s experience and Auditor’s understanding and environment of the entity including internal control)

Audit Plan (Nature, timing and extent of procedures expected to reduce audit risk to an acceptably low level). Audit Plan includes a description of risk assessment procedures directed toward the risk of material misstatement. Risk assessment procedures are performed to obtain an understanding of the entity and its environment, including its internal control, to identify and assess the risks of material misstatements at the a) Financial statements as a whole and b) Relevant assertions

Supervision – 1) Directing the efforts of assistants  in accomplishing the objectives of the audit ; 2) Determine if the objectives were accomplished. – a) Instructions ; b) Informed of problems encountered ; c) Reviewing the work ; d) Resolving differences of opinion
Differences  of Opinion – a) Assistant to document his / her disagreement with the conclusion reached  b) Document the basis of final resolution

Internal Audit Plans – Internal auditor’s work is more comprehensive. They are more detailed and cover areas that normally are not considered by the independent auditor

[C] Audit Risk and Materiality

[1] Audit Risk – Risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated
3 components of Audit Risk :
a) Inherent Risk – Susceptibility of an assertion to material misstatement in absence of related controls
b) Control Risk – Risk that internal control will not prevent or detect on a timely basis a material misstatement
c) Detection Risk –  Auditor will not detect a material misstatement that exists. It is a function of audit effectiveness of an audit procedure and its application by the auditor.

[2] Materiality – Materiality is a matter of professional judgement about whether misstatements could reasonable influence the economic decisions of users as group.
Materiality – Planning Purpose :
1. Financial Statement level as a whole
2. Particular account balances, classes of transactions or disclosures
3. Performance Materiality
Audit Risk and Materiality have an Inverse Relationship

The risk of a large misstatement may be low, but the risk of a small misstatement may be high
Auditor is required to perform atleast one of the following:
a) Perform Effective Procedures
b) Perform Procedures nearer to year end
c) Increase the extent of certain procedures

[3] Evaluating Findings – Considers the individual and aggregate effects of misstatements. Likely misstatements not merely known misstatements.

[4] Documentation – Document a) Amount of Misstatement that are trivial ; b) All Misstatements accumulated ; c) Whether misstatements are corrected ; d) Basis of conclusion that the uncorrected misstatements are material

[D] Understanding the Entity and its Environment

1) Auditor to obtain a sufficient understanding of the entity and its environment including its internal control
2) Auditor need not acquire this understanding PRIOR to acceptance of the engagement
3) Knowledge may be obtained from a variety of sources :
a) Prior year working papers ; b) Inquiries of entity personnel ; c) Experience with the entity or its industry ; d) AICPA Accounting and Audit Guides, industry publication and periodicals etc.
4) Risk Assessment Procedures – a) Inquiries of management and others within the entity ; b) Analytical Procedures ; Observation and Inspection

[E] Analytical Procedures

1) Evaluation of financial information made by study of plausible relationship among both financial and non financial data
2) Significant differences between expectations and recorded amounts should be investigated and evaluated
3) Analytical Procedures are : 1) Required to be used as risk assessment procedures in PLANNING

4) PERMITTED but NOT REQUIRED to be applied as SUBSTANTIVE TESTS

5) REQUIRED to be used in the FINAL REVIEW STAGE of the audit

[F]  Risk Assessment Procedures –
a) Improve the understanding of the client’s business and significant transactions and events since the last audit
b) Identify unusual transactions or events and amounts, ratios and trends that might indicate matters with audit planning implications
c) Auditor develops expectations of recorded balances from  a) Comparable prior periods ; b) Budgets or Forecasts ; c) Relationship among data ; d) Information from Client’s Industry ; e) Related non financial information
d) Analytical Procedures applied as Substantive Tests : a) The nature of assertion ; b) Plausibility and predictability of relationship ; c) Availability and reliability of data ; d) Precision of the expectations
e) Analytical Procedures used in Final Review Stage – a) Assess conclusions and overall financial statement presentation ; b) Read financial statement and notes – (i) Adequacy of Evidence in response to unusual balances identified in planning or conducting the audit ; (ii) Unusual or unexpected balances not previously identified

[G] Ratio Analysis – a) Unexpected changes in ratios ; b) Potential explanation of changes in ratio
1) Current Ratio = Current Assets / Current Liabilities
2) Quick (Acid Test Ratio) = (Current Assets – Inventory)/Current Liabilities
3) Receivables Turnover = Net Sales / Average Net Receivables
4) Day’s Sales in Receivables = 365, 360, 300 / Receivables Turnover
5) Inventory Turnover = Cost of Goods Sold / Average Inventory
6) Day’s Sales in Inventory = 365, 360, 300 / Inventory Turnover
7) Total Assets Turnover = Net Sales / Total Assets
8) Debt to Equity Ratio = Total Debt / Total Equity
9) Times Interest Earned = (Net Income + Int Exp + Income Tax) / Interest Expense
10) Cost of Goods Sold = Cost of Goods Sold / Net Sales
11) Gross Margin Percentage = (Net Sales – Cost of Goods Sold) / Net Sales
12) Net Operating Margin Percentage = Operating Income / Sales
13) Return on Equity = Net Income / Total Equity

[H] Consideration of Fraud in a Financial Statement

1) Management is responsible for programs and controls that prevent, deter and detect fraud
2) Management and oversight authorities must set the proper tone and maintain a culture of honesty
3) Auditor cannot obtain absolute assurance that material misstatements will be detected because of characteristics of fraud and limitations of audit evidence
4) Properly planned audit may NOT detect a material misstatement resulting from fraud because of : a) Concealment aspects of fraudulent activity ; b) Control overriding by Management; c) Altering accounting records or withholding evidence ; d) Professional Judgement in identification and evaluation of fraud risks
5) Fraud differs from Error because it is intentional – a) Fraud involves pressures or incentives to commit fraud, perceived opportunity to do so and capacity to rationalize
6) Types of Fraud – a) Fraudulent financial reporting (Intentional misstatements or omissions to deceive users) ; b) Misappropriation of Assets (Theft, embezzlement that causes Financial Statements to be materially misstated)
7) Professional Scepticism – Auditor to a) Critically assess evidence ; b) continually question whether fraud has occurred ; c) Not accept unpersuasive evidence solely because management is believed to be honest
8) Assessment of Risks –
9) Evaluation of Audit Test Results – a) If discovered fraud is not material ; b) If discovered fraud is material or evaluation is impossible ; c) If the risk of fraud is significant.
10) Communication of Fraud – a) Inconsequential Fraud to appropriate level of management; b) Fraud involving senior management to those charged with governance

[I] Consideration of Laws and Regulations in an audit of financial statements

1) Noncompliance is a violation of laws or governmental regulations
2) Auditor to consider the laws and regulations that are having a direct and material effect on the financial statements
3) An audit provides NO assurance that they will be detected or that any contingent liabilities that may result will be disclosed
4) If the noncompliance a) has a material effect on the financial statements or b) The client does not take the remedial action , auditor express a Qualified or adverse opinion or withdraw from the engagement
5) Disclosure of possible noncompliance to outside parties is NOT the auditor’s responsibility
6) Auditor may need to disclose while : a) Complying with legal and regulatory requirements ; b) Communicating with successor auditor ; c) Responding to Subpoena ; d) Reporting to funding or other specified agency

AICPA Code of Professional Conduct has a set of specific mandatory rules describing minimum levels of conduct a member must maintain as a CPA Profession has a responsibility to the public. AICPA Code of Professional Conduct expects the CPA to honour public trust

Rules that are mandatory for all members are :

(a) Integrity and Objectivity

(b) General Standards

(c) Compliance with Standards

(d) Accounting Principles

(e) Acts Discreditable

(f) Forms of Organization and Names

Rules that are mandatory for members in Public Practice only are :

(a) Independence

(b) Confidential Client Information

(c) Contingent Fees

(d) Advertising and other form of fees

(e) Commission and Referral Fees 

[1] Independence

Member in Public practice must be independent as required by standards setting bodies (AICPA, SEC, PCAOB, GAO)

– Independence in Mind (Intellectually Honest)

– Independence in Appearance (Free from any obligation to or interest in the client, management or owners)

Independence is impaired if Covered member has certain interests or relationships

Covered Member

Below are considered to be covered members:

1. Individual on an attest engagement team or who can influence the engagement
2. A partner or manager who provides at least 10 hours of non attest services
3. A partner in the office where the lead engagement partner primarily practices in relation to the engagement
4. The accounting firm
5. An entity that can be controlled by foregoing parties

Impairment of Independence

A covered member MUST NOT

1. Have a direct financial interest in the client, even if immaterial
2. Have a material indirect financial interest in a client
3. Loans to or from an attest client or its officers, directors, or 10% (or greater) owners during the period of the engagement
4. Trustee of a Trust or Executor of an estate that has a direct or material indirect interest in a client
5. Have a material joint, closely held investment with a client
6. He / family member is associated with the client as an officer, diector, manager, employee, promoter or underwriter
7. His close relative holds key position with the client
8. Has financial interests in non clients having investor or investee relationships with the client

Materiality is determined by aggregating the interests of the covered member and his / her immediate family

Independence is not impaired by Grandfathered unsecured Loans that are not Material to the covered member’s net worth or secured loans provided that the loans were obtained from a financial institution under its normal lending procedures, terms and requirements

Permitted Loans

Loans obtained under the normal lending procedures, terms and requirements:

1. Automobile Loans
2. Loans fully collateralized by the cash surrender value of insurance / cash deposits
3. Credit Cards with aggregate outstanding balance of $5,000/- or less by the payment due date (SEC permits credit card balance upto $ 10,000)

 Firm’s Independence is impaired if :

1. Firm partner or professional employee owns more than 5% of a client
2. A former partner or professional employee of the firm is employed by or associated with attest client in key position
3. Non attest services are performed for an attest client

Firm’s Independence is NOT Impaired by providing the following services:

1. Consulting Services
2. Tax Preparation and Compliance services
3. Business risk advising service
4. Providing general advice based on audit findings

Independence is NOT Impaired for ATTEST engagements of NONISSUERS  by :

1. Providing book keeping service
2. Prepare client financial statements based on information in a Trial Balance
3. Payroll Processing
4. Record keeping functions

Independence is NOT impaired if :

• Member in Honarary Position is associated with FS of a not for profit organization that he allows to use his name in the letterhead. He cannot vote or participate in board or management decisions
• Independence is not impaired when the litigation is not related to the work product and is not material eg. dispute over billing
• If the CPA has been retained as the auditor of the credit union of which CPA is  member, his independence is not impaired
• Auditors checking account which is fully insured by the federal agency which is held at a clients financial institution – auditor is considered independent
• Being an advisor to the client’s Board of Trustees does not impair an auditors independence
• Independence is not impaired when a bank subsidiary in the consolidated group provides asset custody services in the ordinary course of business to an attest client of a new CPA Firm
• Designing of an information system that is unrelated to the accounting records does not impair auditor independence

Unpaid fees owed by attest client to a covered member for professional service may impair independence.

[2] Integrity and Objectivity

Member shall :
a) Maintain Objectivity and Integrity
b) Free of Conflicts of Intersts
c) Not knowingly misrepresent facts
d) Not subordinate his / her judgements to others

[3] Professional Standards

 A member shall :
a) Take Services which he can complete with Professional Competence
b) Exercise Due Professional Care
c) Adequately Plan and Supervise performance
d) Obtain Sufficient relevant date to provide reasonable basis for conclusion
* Compliance with standards
* Accounting Principles

[4] Other Responsibilities

 Acts Discreditable :
1) Failure to return records upon requests
2) Discrimination and Harassment
3) Failure to follow the requirements of governmental bodies
4) Failure to follow applicable audit standards

Response to Requests for Records :
Client provided records must be returned even if:
a) Fees have not been paid
b) The state in which the member practices grants a lien on certain records

Type of Record                   Right to Withhold
Client provided record             None
Working Papers                         Absolute
Member prepared Records     If fee due
Supporting records                   If fee due

Advertisement and Other Forms of Solicitation
Member shall not seek to obtain clients by advertising or other forms of solicitation done in false, misleading and deceptive manner

Contingent Fee
Receipt of contingent fee is prohibited when auditors report will be used by third parties and the report does not disclose CPA’s lack of independence

Member shall NOT prepare for a contingent fee:
a) Original Tax Return
b) Amended Tax Return
c) Claim for a Tax Refund

Fees are not considerd to be contingent if :
a) They are fixed by public authorities  (eg. courts)
b) In tax matters, they are based on the results of judicial proceedings or the findings of governmental agencies  

[5] Other Pronouncements on Professional Responsibilities

Sarbenes-Oxley, PCAOB and SEC :
[1] Preapproval of Services : 1) Audit Committee must preapprove the services performed by accountants.
[2] Disclosure of Fees : An issuer must disclose in its proxy statement or annual filing fees paid for the accountant segregated into 4 categories : 1) Audit ; 2) Audit related ; 3) Tax ; 4) All other
[3] Rotation of Partners : The lead and concurring (reviewing) partner must rotate every 5 years with a 5 year time out period
Other partners must rotate every 7 years with a 2 year time out period
Auditors to maintain their audit working papers for 7 years
[4] Communication with Audit Committee : 1) All critical accounting policies and practices to be used ; 2) All material alternative treatments of financial information within GAAP discussed with the management ; 3) Ramification of the use of alternative disclosures and treatments  ; 4) Treatment preferred by the accountant
[5] Material Departure from GAAP : is permitted when a) The financial statements or data would have been misleading without a departure from GAAP due to the unusual circumstances / new legislation or evaluation of a new form of business transaction exists
[6] Prohibited Non Audit Services : The firm is prohibited from certain non audit services to their attest clients, including 1) Management services ; 2) Booking ; 3) HR ; 4) Internal Audit ; 5) Appraisal or Valuation ; 6) Expert services ; 7) Broker-Dealer ; 8) Designing and Implementing financial information system ; 9) Investment banking or advisory ; 10) Hosting service ; 11) Expert witness
Conflict of Interest may be permitted in certain circumstances if DISCLOSURE is made to and CONSENT  is obtained from the appropriate parties
[7] Audit Committee : Each member of the audit committee MUST BE INDEPENDENT member of the BOD and directly responsible for appointing, compensating and overseeing the work of the auditor and must have one member designated as financial expert