These lectures cover what is an audit, assurance services, non-assurance services, auditing and attestation services, different types of audit and auditors.
What is an audit?
How audit Reduces Information Risk
Assurance Services | Audit Services | Attestation and Non Assurance Services
Different Types of Audits
Types of Auditors
The page covers what is an audit? This is an undergraduate course in auditing and attestation which is covered on the CPA exam.
The term audit is sometimes used in everyday language to mean that someone checks that a representation is correct. For example, perhaps your university requires a “degree” or “grad- uation” audit. When applying to graduate from college, you state that you have fulfilled all degree requirements. Your university then checks your academic records to be sure that you have actually completed all of the requirements. In the accounting world, the term audit has a more specific meaning.
Historically, the term audit has been used in an accounting context to refer to a financial statement audit. A financial statement audit is a process through which an auditor examines supporting information and evaluates whether the financial statements represent the underlying economic events that the company has experienced. For companies that are traded on U.S. stock exchanges, the word “audit” currently refers to an integrated audit.
An integrated audit includes both an audit of the financial statements and an audit of inter- nal control over financial reporting (ICFR). This second component, the audit of ICFR, examines whether the company’s internal controls are effective and, as a result, whether the controls enable the company to produce fair and reliable financial statements. Exhibit 1-1 is an overview diagram of an integrated audit.
The end product of an integrated audit is actually the auditor’s conclusions about whether or not the ICFR is effective and the financial statements are fair. Being able to come to this conclusion is the ultimate purpose of all the planning and procedures that an audi- tor performs. However, the tangible result that other people can see is the report issued by the auditor. This audit report communicates to users of financial statements that an audit has been performed, and the auditor’s opinion. The audit report is unqualified or clean if ICFR is effective and the financial statements are a fair representation of the company’s eco- nomic experiences and situation. Audit reports are addressed in Chapter 11. Although they will likely seem foreign to you at this stage of your studies, you should read the audit report examples presented in this chapter.
This book centers on the process of performing an integrated audit and the outcomes of that process. The chapters address the purpose of an audit, the role that audits and audi- tors play in society, and the audit process. The audit process progresses from client accep- tance and continuance (Chapter 5), through planning (Chapter 6), internal control over financial reporting (Chapters 7 and 8), audit procedures applied to financial statement
audits (Chapter 9), and the wrap-up of an audit and reporting process (Chapter 11). Chapters 10 and 12 through 15 address how an audit is conducted for various cycles of a company’s activities and for different types of companies. Chapter 16 introduces other ser- vices, beyond audits, offered by public accounting firms.
This text uses the terms company or business interchangeably to refer to a variety of enti- ties, including for-profit and not-for-profit organizations. If a company has to register with the Securities and Exchange Commission (SEC) and undergo an integrated audit, it is referred to as a public company. Otherwise it is called a nonpublic company. Be aware that some companies that must register with the SEC are not traded on an active market.
Studying this book prepares you with a conceptual understanding of auditing. However, no amount of classroom training can teach you to perform an audit. An audit is a collaborative process performed by a team of professionals with different levels of knowledge and experience. Studying auditing in an academic environment prepares you to understand and perform tasks assigned to you as a member of an audit engagement team. The work setting is where you truly learn auditing.
Auditing is a distinct area of study. Knowledge of accounting is fundamental to auditing because accounting information is the target of audit activities. However, auditing processes are not an intuitive extension of accounting knowledge. Studying auditing teaches you how to perform the processes through which you check the quality of a company’s ICFR and financial reporting. But even if you learn the auditing processes, you must know account- ing and what constitutes good ICFR to effectively apply your auditing knowledge. A formal definition of auditing, published by the American Accounting Association’s Committee on Basic Auditing Concepts is shown in Exhibit 1-2.
Although the audit process has evolved since this definition was first crafted, the fun- damental purpose and activities remain consistent. The definition states that auditing is a systematic process. This means that an audit has a plan of action and specific steps to achieve an outcome. As we progress through the discussion of auditing, you will likely be surprised at the amount of planning that occurs before other auditing procedures begin. Each audit is designed based on information about the client’s industry, business activities, structure, and organization. Based on that information, the audit is designed to do all that the audi- tor believes is necessary to evaluate the company’s ICFR and financial statements. The audit plan is followed carefully and, as the definition states, systematically. After the steps of the plan are completed, the auditor forms conclusions about the effectiveness of the company’s ICFR and the fairness of the financial statements. The auditor then issues an audit report based on those conclusions.
Referring again to the definition of auditing in Exhibit 1-2, we see that the audit process involves obtaining and evaluating evidence regarding management’s financial statement assertions about economic actions and events. The Financial Accounting Standards Board (FASB) Concepts Statement 6, Elements of Financial Statements describes economic events and actions as those occurrences that affect a company’s assets, liabilities, and equity. Based on the FASB’s definitions, assets are the result of economic events that increase the current or future value of the company. Liabilities are the results of economic events or actions that require a company to use its assets in the future. When management drafts the company’s financial statements, it is “asserting” that various economic events took place affecting the company and that the financial statements are a communication of those economic events and results. In other words, management’s assertions about economic events and actions that affected the company are communicated through the financial statements (AS 5.28).
The audit process focuses on objectively obtaining and evaluating evidence about man- agement’s assertions. Auditors must be objective as they perform audit processes. This means that they may not be biased either favorably or unfavorably toward the company and man- agement’s assertions. Auditors select evidence that relates to management’s assertions. Evidence is discussed extensively throughout this text, but for now you should understand that the documents and records that a company uses in its day-to-day business activities provide audit evidence (AU 326). A company’s underlying financial records such as the gen- eral ledger and various journals constitute evidence. Documents in either electronic or paper form, such as checks, invoices, and contracts are audit evidence. The auditors collect some forms of evidence specifically for purposes of the audit. Other evidence is not even in doc- ument form. Evidence can be what the auditor observes, such as the procedures clients fol- low as they execute business transactions. Evidence can also be what the auditor hears in conversations with client personnel and others.
Once the evidence is collected, the auditor’s task is to evaluate whether the evidence and management’s assertions correspond, based on established criteria. For financial state- ments, the established criteria are the accounting standards followed. In the last paragraph of the audit reports shown earlier, they are referred to as accounting principles generally accepted in the United States of America. In the future the criteria may be international accounting standards. Auditors must conclude whether the evidence supports the statements that management has made in the financial statements about the economic actions and events. The auditor assesses whether they actually occurred as presented. Auditors deter- mine whether the financial statements present the economic actions and events in accor- dance with the accounting standards used. If management has presented the actual economic events and situation according to the accounting standards, then there is a high degree of correspondence between the underlying evidence and the resulting financial statements. The auditor’s job is to determine whether this high degree of correspondence exists.
In audits of ICFR, auditors assess whether the evidence supports management’s asser- tion about the effectiveness of ICFR. To do this, the auditor again uses established criteria, but this time uses the criteria as a standard or benchmark against which ICFR is compared. One example of established internal control standards is the set provided in the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control (IC) Framework. You may have learned about COSO in previous accounting classes. COSO has produced a number of important publications that can be found on its Web site: www.coso.org. Auditors evaluate whether a high degree of correspondence exists between the evidence about ICFR and what an effective system of ICFR should be according to the COSO IC Framework criteria. If the evidence indicates effective controls, then there is a high degree of correspon- dence between the evidence and a management assertion that ICFR is effective.
Auditors consider internal controls when they audit nonpublic companies. However, their activities have a different purpose. When auditing a nonpublic company, auditors con- sider internal control to identify areas of concern or risk. Also, if the company’s internal con- trols are strong, they can affect the auditor’s plan for the financial statement audit. When an auditor gathers evidence about a company’s internal control system and determines that it is effective and functions well, that information is a part of the auditor’s evidence for the financial statement audit.
Although accounting and auditing are different, in order to be a good auditor you must first be a good accountant. Auditors must determine whether ICFR is effective and whether economic actions and events are presented in the financial statements according to the accounting standards. To do this, auditors must understand accounting standards and the controls required to produce proper accounting information. Auditors determine what information must be captured about an economic event and how it should be presented in the financial statements. Much of this book and your auditing course will focus on how to audit. Keep in mind that even if you know the steps to collect, document, and evaluate audit evidence, you must be a good accountant to be a good auditor. You must be able to deter- mine what is important about the business activities and transactions and the appropriate accounting for the underlying events. Otherwise, you will not be able to audit management’s assertions as presented in the reports and financial statements.
The last component of the definition of the audit process is communicating results to users. Management of a public company prepares:
1. areportontheeffectivenessofICFR,and 2. thefinancialstatements.
Auditors do not write the internal control report. Neither do they control the content or form of the financial statements. Auditors only prepare the audit report. This report is the vehicle that auditors use to communicate the findings of the audit process. Management may choose to change its report on ICFR and the financial statements based on the audi- tor’s evaluation. Management is especially likely to revise its ICFR report or the financial statements if the auditor concludes that there is a problem.
Be aware, however, that even though management’s decision to revise its ICFR report or the financial statements may be influenced by the auditor’s evaluation and conclusion, such a change is management’s choice. Management has ownership of the report on ICFR effectiveness and the financial statements just as the auditor has ownership of the audit report. The various forms of the audit report and what is communicated by each variation are discussed in Chapter 11.
AUDITING INTERNAL CONTROL OVER FINANCIAL REPORTING [LO 2]
Even though it was published in 1973, the audit definition presented in Exhibit 1-2 is still accurate and relevant as it relates to the audit of the financial statements. However, the Sarbanes-Oxley Act of 2002 (SOX) requires that an audit of ICFR accompany the finan- cial statement audit of a public company. This engagement to audit both ICFR and the finan- cial statements is called an integrated audit. Remember that the financial statements report management’s assertions about the economic actions and events of the company. Management’s assertions regarding ICFR are presented in reports the company is required to file with the SEC. These reports state that management is responsible for establishing and maintaining ICFR, and provide a conclusion on the effectiveness of ICFR design and oper- ations. The auditor reports on management’s conclusion regarding the effectiveness of ICFR by issuing an independent opinion on ICFR effectiveness.
The components of the formal definition of auditing can also be applied to the audit of ICFR. When auditing ICFR,
1. Theauditorisobjective. 2. Theauditorplanstheaudittosystematicallyobtainandexamineevidenceunderly-
ing management’s conclusion regarding the design and operating effectiveness of ICFR.
3. Theauditordetermineswhethermanagement’sconclusionsregardingICFRcorre- spond closely with the supporting evidence.
Financial statements can be prepared based on various accepted criteria, such as United States generally accepted accounting principles (GAAP), International Financial Reporting Standards (IFRS) or an Other Comprehensive Basis of Accounting (OCBOA). A statement on the basis of accounting used is included in the audit report. Similarly, the set of estab- lished criteria that management uses to assess the design and function of ICFR is identified in the audit report. As noted earlier, one of these accepted sets of criteria is the COSO IC Framework.
Later chapters discuss more about management assertions and audit procedures. For now, it is important to understand that an integrated audit consists of a financial statement audit and an audit of ICFR. The financial statement audit has been in existence and uni- versally understood for a long time. The ICFR audit of public companies is newer, required by SOX, and governed by standards of the Public Company Accounting Oversight Board (PCAOB).4 When auditing either ICFR or the financial statements, audit activities look for a correspondence between the audit evidence and management’s communications.