Summary
Highlights
Auditors gather and evaluate audit evidence to form an opinion on if financial statements conform to GAAP. Audit risk is the possibility of issuing an unmodified opinion on materially misstated financial statements. To mitigate this, auditors must obtain sufficient appropriate evidence, influenced by the risk of misstatement and evidence quality.
Management makes assertions about accounts, transactions, and disclosures, which auditors test for compliance with financial reporting frameworks. Audit risk comprises the risk of material misstatement (inherent and control risk) and detection risk. Inherent risk is the likelihood of misstatement before internal controls, while control risk is the failure of internal controls to prevent or detect misstatements. Detection risk, the only one auditors control, is the risk that auditor procedures fail to detect a material misstatement.
Inherent risk is linked to the client's nature, environment, or financial statement element. High inherent risk indicators include inconsistent profitability, economic sensitivity, going concern issues, prior misstatements, and management with questionable reputation. Inherent risk also varies by account type and transaction complexity, classified as routine, non-routine, and estimation transactions, with estimation transactions having the highest inherent risk due to management judgment.
Audit evidence is all information leading to the audit opinion, needing to be sufficient (quantity) and appropriate (quality). Sufficiency depends on the risk of misstatement and evidence reliability. Appropriateness relates to relevance and reliability, with evidence being more reliable if obtained from independent sources, generated internally through effective controls, obtained directly by auditors, documented, and from original documents.
Audit procedures include risk assessment, tests of controls, and substantive procedures. Substantive procedures encompass analytical procedures and tests of details. Common audit procedures are inspecting records/documents, inquiry, using specialists, external confirmation, observing processes, recalculating, and re-performing client procedures. The scope of audit procedures can be changed by altering their nature, timing, and extent.
Analytical procedures are mandatory at the planning and final review stages and can be used as substantive procedures. These involve developing expectations for account balances or ratios, determining acceptable differences, comparing actuals to expectations, and investigating significant deviations. Techniques include trend analysis, ratio analysis (horizontal and cross-sectional), common-size financial statements (vertical analysis), regression analysis, and reasonableness tests. Data analytics offers advanced ways to identify unusual patterns and improve the effectiveness and efficiency of audit procedures.
Auditors must carefully consider management's accounting estimates, especially those with varied acceptable methods. They determine if estimates were properly developed and are reasonable by reviewing and testing management’s process, independently developing estimates, or reviewing subsequent events. Fair value measurements, becoming more prevalent, rely on inputs classified into three levels: Level 1 (observable quoted prices), Level 2 (other observable quoted prices), and Level 3 (unobservable inputs).
Related parties are individuals or entities that can significantly influence the client. Disclosures should cover the nature of relationships, transaction descriptions, dollar amounts, and settlement terms. The auditor's challenge is identifying undisclosed related party transactions, using methods like management inquiries, SEC filings, and conflict of interest statements. A list of related parties should be established early in the audit to help identify unusual transactions.
Audit documentation, or working papers, records procedures, evidence, and conclusions, supporting compliance with auditing standards and the auditor’s opinion. It assists audit teams in planning, performing, and supervising the audit, demonstrates accountability, and aids internal quality reviews. Documentation should be sufficient for an experienced auditor to understand the work and conclusions, and confirm financial statement agreement with accounting records. It should identify performers, reviewers, and dates.
Working papers fall into administrative, working trial balance and lead schedules, adjusting/reclassification entries, supporting schedules, analysis, reconciliations, computational work, and corroborating documents. Auditors usually maintain current files (for each completed audit) and permanent files (for unchanging data applicable over many years). Current files are often organized by financial statement account arrangement, starting with administrative papers, trial balance, and then supporting documents. Permanent files refresh memory, summarize client policies for new staff, and preserve static information.
Working papers should be separate for each topic, clearly identified with client name, description, and date/period. Client-prepared documents should be marked 'PBC' and tested. They need initials of preparer and reviewer, dates, indexing, and cross-references. Tick marks with explanations should show work performed, and auditors' conclusions must be stated.