Chapter 13
Overall Audit Plan and Audit Program
?
Review Questions
13-1 The five types of tests auditors use to determine whether financial statements are fairly stated include the following:
? Risk assessment procedures ? Tests of controls ? Substantive tests of transactions ? Analytical procedures ? Tests of details of balances While risk assessment procedures (procedures to gain an understanding of the entity and its environment, including internal control) help the financial statement auditor obtain information to make an initial assessment of control risk, tests of controls must be performed as support of an assessment of control risk that is below maximum. The purpose of tests of controls is to obtain evidence regarding the effectiveness of controls, which may allow the auditor to assess control risk below maximum. If controls are found to be effective and functioning, the substantive evidence may be reduced. Substantive evidence is obtained to reduce detection risk. Substantive evidence includes evidence from substantive tests of transactions, analytical procedures, and tests of details of balances. For audits of internal control over financial reporting, the auditor only performs the first two types of audit tests: procedures to obtain an understanding of internal control and tests of controls. Because a public company auditor must issue a report on internal control over financial reporting, the extent of the auditor’s tests of controls must be sufficient to issue an opinion about the operating effectiveness of those controls. That generally requires a significant amount of testing of controls over financial reporting.
13-2 Risk assessment procedures are performed to assess the risk of material misstatement in the financial statements. Risk assessment procedures include procedures performed to obtain an understanding of the entity and its environment, including internal controls. Auditors use the results of the risk assessment procedures to design and perform further audit procedures. Further audit procedures (not risk assessment procedures) provide the auditor sufficient appropriate evidence, required by the third GAAS fieldwork standard.
13-1
13-3 Tests of controls are audit procedures to test the operating effectiveness of control policies and procedures in support of a reduced assessed control risk. Tests of controls provide the primary basis for a public company auditor’s report on internal controls over financial reporting. Specific accounts affected by performing tests of controls for the acquisition and payment cycle include the following: cash, accounts payable, purchases, purchase returns and allowances, purchase discounts, manufacturing expenses, selling expenses, prepaid insurance, leasehold improvements, and various administrative expenses.
13-4 Tests of controls are audit procedures to test the operating effectiveness of control policies and procedures in support of a reduced assessed control risk. Examples include: 1. The examination of vendor invoices for indication that they have
been clerically tested, compared to a receiving report and purchase order, and approved for payment.
2. Examination of employee time cards for approval of overtime hours
worked.
3. Examination of journal entries for proper approval. 4. Examination of approvals for the write-off of bad debts. Substantive tests of transactions are audit procedures testing for monetary misstatements to determine whether the six transaction-related audit objectives have been satisfied for each class of transactions. Examples are: 1. Recalculation of amounts (quantity times unit selling price) on
selected sales invoices and tracing of amounts to the sales journal.
2. Examination of vendor invoices in support of amounts recorded in
the acquisitions journal for purchases of inventories.
3. Recalculation of gross pay for selected entries in the payroll journal. 4. Tracing of selected customer cash receipts to the accounts
receivable master file, agreeing customer names and amounts.
13-5 A test of control audit procedure to test that approved wage rates are used to calculate employees' earnings would be to examine rate authorization forms to determine the existence of authorized signatures. A substantive test of transactions audit procedure would be to compare a sample of rates actually paid, as indicated in the earnings record, to authorized pay rates on rate authorization forms.
13-2
13-6 The auditor resolves the problem by making assumptions about the results of the tests of controls and performing both the tests of controls and substantive tests of transactions on the basis of these assumptions. Ordinarily the auditor assumes an effective system of internal control with few or no exceptions planned. If the results of the tests of controls are as good as or better than the assumptions that were originally made, the auditor can be satisfied with the substantive tests of transactions, unless the substantive tests of transactions themselves indicate the existence of misstatements. If the tests of controls results were not as good as the auditor assumed in designing the original tests, expanded substantive tests must be performed.
13-7 The primary purpose of testing sales and cash receipts transactions is to evaluate the internal controls so that the scope of the substantive tests of the account balances may be set. If the auditor performs the tests of details of balances prior to testing internal controls, no benefit will be derived from the tests of controls. The auditor should attempt to understand the entity and its environment, including internal controls, as early as practical through the analysis of the accounting system, tests of controls, and substantive tests of transactions.
13-8 When the results of analytical procedures are different from the auditor's expectations and thereby indicate that there may be a misstatement in the balance in accounts receivable or sales, the auditor should extend the tests to determine why the ratios are different from expectations. Confirmation of accounts receivable and cutoff tests for sales are two procedures that can be used to do this. On the other hand, if the ratios are approximately what the auditor expects, the other tests can be reduced. This means that the auditor can satisfy the evidence requirements in different ways and that analytical procedures and confirmation are complementary when the results of the tests are both good.
13-9 Substantive tests of transactions are performed to verify the accuracy of a client's accounting system. This is accomplished by determining whether individual transactions are correctly recorded and summarized in the journals, master files, and general ledger. Substantive tests of transactions are also concerned with classes of transactions, such as payroll, acquisitions, or cash receipts. Tracing amounts from a file of vouchers to the acquisitions journal is an example of a substantive test of transactions for the acquisition and payment cycle. Tests of details of balances verify the ending balance in an individual account (such as inventory, accounts receivable, or depreciation expense) on the financial statements. An example of a test of details of balances for the acquisition and payment cycle is to physically examine a sample of the client's fixed assets.
13-3
13-10 1. Control #1 -- Computer verification of the customer’s credit limit.
The presence of strong general controls over software programs and master file changes can significantly reduce the auditor’s testing of automated controls such as control #1. Once it is determined that control #1 is functioning properly, the auditor can focus subsequent tests on assessing whether any changes have occurred that would limit the effectiveness of the control. Such tests might include determining whether any changes have occurred to the program and whether these changes were properly authorized and tested prior to implementation. These are all tests of general controls over software programs and master file changes.
2. Control #2 – The accounts receivable clerk matches bills of lading, sales invoices, and customer orders before recording in the sales journal. This control is not an automated control, but is rather a manual control performed by an employee. General controls over software programs and master file changes would have little effect on the auditor’s testing of control #2. If the auditor identifies control #2 as a key control in the sales and collection cycle, he or she would most likely examine a sample of the underlying documents for the accounts receivable clerk’s initials and reperform the comparisons.
13-11 The audit of fixed asset additions normally involves the examination of
invoices in support of the additions and possibly the physical examination of the additions. These procedures are normally performed on a test basis with a concentration on the more significant additions. If the individual responsible for recording new acquisitions is known to have inadequate training and limited experience in accounting, the sample size for the audit procedures should be expanded to include a larger sample of the additions for the year. In addition, inquiry as to what additions were made during the year may be made by the auditor of plant managers, the controller, or other operating personnel. The auditor should then search the financial records to determine that these additions were recorded as fixed assets. Care should also be taken when the repairs and maintenance expense account is analyzed since lack of training may cause some depreciable assets to be expensed at the time of acquisition.
13-12 The following shows which types of evidence are applicable for the five types of tests.
13-4
TYPE OF EVIDENCE Physical examination Confirmation Documentation Observation Inquiries of the client Reperformance Analytical procedures Recalculation TYPES OF TESTS Tests of details of balances Tests of details of balances All except analytical procedures Risk assessment procedures and tests of controls All five types Tests of controls, substantive tests of transactions, and tests of details of balances Analytical procedures Substantive tests of transactions and tests of details of balances 13-13 Going from most to least costly, the types of tests are:
? Tests of details of balances ? Substantive tests of transactions ? Tests of controls ? Risk assessment procedures ? Analytical procedures
13-14 C represents the auditor's assessment of the effectiveness of internal
control. C3 represents the idea that internal controls are ineffective and no assurance can be obtained from controls and all assurance must come from substantive testing. This would not represent the audit of a public company’s financial statements. Tests of controls at the C1 level would provide minimum control risk. This would require more testing of the controls than would be required at either C2 or C3. Testing controls at the C1 level allows the auditor to obtain assurance from the controls, thereby allowing for a reduction in the 13-14 (continued)
amount of substantive testing which must be performed to meet the level of acceptable audit assurance. C1 reflects the level of testing of controls necessary for the audit of internal controls over financial reporting required by PCAOB Standard 2. It would be a good decision to obtain assurance from tests of controls at point C1 especially if the cost of substantive testing is considerably greater than tests of controls. At point C2, the auditor performs some tests of controls and is able to reduce control risk below maximum. Point C2 would be appropriate if it is cost beneficial for the auditor to obtain assurance at a level between the two extremes mentioned above (C1 and C3).
13-5