Chapter 13 Overall Audit Plan and Audit Program

Chapter 13 Overall Audit Plan and Audit Program 13 - 1

Presentation Outline I. Application of Audit Testing II. Selecting Tests to Perform III. Design of the Audit Program IV. A Summary of the Audit Process 13 - 2

I. Application of Audit Testing A. Tests of Controls B. Testing for Monetary Misstatement C. Reduction of Risk D. Audit Assurance at Different Levels of Internal Control Effectiveness E. Simultaneous Testing of Controls and Substantive Testing of Transactions F. Timing of Audit Testing 13 - 3

A. Tests of Controls Audit procedures to test the operating effectiveness of control policies and procedures in support of a reduced assessed control risk. Some examples include: Ø Matching of vendor invoices against a purchase order and receiving report before approving invoice for payment. Ø Examination of employee time cards for approval of overtime. 13 - 4

B. Testing for Monetary Misstatement Substantive Tests of Transactions Testing for monetary misstatements to determine if the following 6 transactionrelated audit objectives have been met: ØExistence ØCompleteness ØAccuracy ØClassification ØTiming ØPosting and Summarization Tests of Details of Balances Testing for monetary misstatements to determine if the following 9 balance-related audit objectives have been met: ØExistence ØCompleteness ØAccuracy ØClassification ØCutoff ØDetail tie-in ØRealizable value ØRights and obligations ØPresentation and disclosure 13 - 5

C. Reduction of Risk Control Risk q Procedures to gain an understanding of internal control q Tests of controls Once the auditor obtains an initial understanding of controls, tests of controls must be performed to obtain evidence regarding the effectiveness of controls. Stronger controls will allow the auditor to assess control risk below the maximum. Detection Risk q Substantive tests of transactions q Analytical procedures q Tests of details of balances The more evidence an auditor collects from the above procedures, the lower the detection risk. Detection risk must be lower when control risk is higher. 13 - 6

Acceptable assurance No assurance AUDIT ASSURANCE D. Audit Assurance at Different Levels of Internal Control Effectiveness C 3 Audit assurance from substantive tests C 2 C 1 Audit assurance from control risk assessment and tests of control A C B INTERNAL CONTROL EFFECTIVENESS Weak control Strong control Reliance on controls: C 3 – None, C 2 – Some, C 1 – Maximum 13 - 7

E. Simultaneous Testing of Controls and Substantive Testing of Transactions v The determination of control risk affects the type of procedures and sample size for the substantive testing of transactions. v For purposes of convenience, the testing of controls and substantive testing of transactions will often occur simultaneously. v In such situations the auditor will make an assumption about the results of tests of controls. If the testing of controls indicates that internal control is worst than expected, substantive testing of transactions will have to be modified accordingly. 13 - 8

F. Timing of Audit Testing Auditors frequently consider it desirable to perform audit tests prior to year end. Certain procedures may be performed at an interim time (prior to client’s year end) : v Update depreciation schedules v Examine new loan agreements v Vouch transactions v Analyze changes in client’s accounting system v Review board of director minutes v If strong internal controls exist the auditor may also: ü Observe physical inventories ü Confirm account balances 13 - 9

II. Selecting Tests to Perform A. The Cost of Testing B. Appropriate Evidence for Audit Testing C. Risk and Testing in the Audit Process 13 - 10

A. The Cost of Testing Going from the most to least costly, the types of tests are: q Tests of details of balances q Substantive tests of transactions q Tests of controls q Procedures to obtain an understanding of internal controls q Analytical procedures 13 - 11

B. Appropriate Evidence for Audit Testing Inquiries of the client Reperformance Analytic performance Observation Procedures for internal control Tests of controls Substantive tests of transactions Analytical procedures Tests of details of balances Documentation Type of Test Physical Examination Confirmation Type of Evidence 13 - 12

C. Risk and Testing in the Audit Process Substantive Testing of Transactions In some situations it may be more efficient to assess control risk at a higher level and reduce or eliminate tests of controls. This depends on cost of testing controls versus the additional substantive testing that would result from a higher control risk. Tests of Details of Balances If tolerable misstatement is low, and inherent risk and control risk are high, planned tests of details of balances must be high. 13 - 13

III. Design of the Audit Program Most audits design an audit program in the following three parts: A. Tests of Controls and Substantive Tests of Transactions B. Analytical Procedures C. Tests of Details of Balances 13 - 14

A. Tests of Controls and Substantive Tests of Transactions A four-step approach when the auditor plans to reduce assessed control risk below the maximum: ü Transaction related audit objectives are applied to the class of transactions being tested, such as sales. ü Key controls that should reduce control risk for each transaction-related audit objective are identified. ü For all internal controls used to reduce the initial assessment of control risk below the maximum (key controls), appropriate tests of controls are developed. ü Design appropriate substantive tests of transactions, considering weaknesses in internal control and expected results of tests of controls (allows for simultaneous tests of controls and substantive testing). Note: If control risk is assessed at 1. 0, only substantive tests of transactions will be used in this part of the audit program. 13 - 15

B. Analytical Procedures Analytical procedures may be performed during 3 different stages of the audit: v In the planning stage to help the auditor understand the client’s business and determine other evidence needed to satisfy acceptable audit risk. v During the audit, especially during substantive testing. v Near the end of the audit as a final test of reasonableness. 13 - 16

C. Tests of Details of Balances If the results of tests of controls, substantive tests of transactions, and analytical procedures are not consistent with the predictions, tests of details of balances will need to be changed as the audit progresses. Figure 13 -6 on page 388 illustrates the testing methodology using Accounts Receivable 13 - 17

13 - 18

Summary of the Audit Process - Phase I (Planning) Accept client and perform initial planning. Understand the client’s business and industry. Assess client’s business risk. Perform preliminary analytical procedures. Set materiality and assess acceptable audit risk and inherent risk. Understand internal control and assess control risk. Develop overall audit plan and audit program.

Summary of the Audit Process - Phase II (Begin Field Work) From Phase I Plan to reduce assessed level of control risk? No Yes Perform tests of controls. Perform substantive tests of transactions. Assess likelihood of misstatements in financial statements. 13 - 20

Summary of the Audit Process Phase III (End of Fieldwork) From Phase II Likelihood of Misstatement in Financial Statements Low Medium High or unknown Perform analytical procedures. Perform tests of key items. Perform additional tests of details of balances. 13 - 21

Summary of the Audit Process Phase IV (Wrap-Up) From Phase III Review for contingent liabilities. Review for subsequent events. Accumulate final evidence. Evaluate results. Issue audit report. Communicate with audit committee and management. 13 - 22