下载文档原格式
Chapter 13Overall Audit Plan and Audit ProgramReview Questions13-1The five types of tests auditors use to determine whether financial statements are fairly stated include the following:Risk assessment proceduresTests of controlsSubstantive tests of transactionsAnalytical proceduresTests of details of balancesWhile risk assessment procedures (procedures to gain an understanding of the entity and its environment, including internal control) help the financial statement auditor obtain information to make an initial assessment of control risk, tests of controls must be performed as support of an assessment of control risk that is below maximum. The purpose of tests of controls is to obtain evidence regarding the effectiveness of controls, which may allow the auditor to assess control risk below maximum. If controls are found to be effective and functioning, the substantive evidence may be reduced. Substantive evidence is obtained to reduce detection risk. Substantive evidence includes evidence from substantive tests of transactions, analytical procedures, and tests of details of balances.For audits of internal control over financial reporting, the auditor only performs the first two types of audit tests: procedures to obtain an understanding of internal control and tests of controls. Because a public company auditor must issue a report on internal control over financial reporting, the extent of the auditor’s tests of controls must be sufficient to issue an opinion about t he operating effectiveness of those controls. That generally requires a significant amount of testing of controls over financial reporting.13-2Risk assessment procedures are performed to assess the risk of material misstatement in the financial statements. Risk assessment procedures include procedures performed to obtain an understanding of the entity and its environment, including internal controls. Auditors use the results of the risk assessment procedures to design and perform further audit procedures. Further audit procedures (not risk assessment procedures) provide the auditor sufficient appropriate evidence, required by the third GAAS fieldwork standard.13-3Tests of controls are audit procedures to test the operating effectiveness of control policies and procedures in support of a reduced assessed control risk. Tests of controls provide the primary basis for a public company auditor’s report on internal controls over financial reporting. Specific accounts affected by performing tests of controls for the acquisition and payment cycle include the following: cash, accounts payable, purchases, purchase returns and allowances, purchase discounts, manufacturing expenses, selling expenses, prepaid insurance, leasehold improvements, and various administrative expenses.13-4Tests of controls are audit procedures to test the operating effectiveness of control policies and procedures in support of a reduced assessed control risk. Examples include:1. The examination of vendor invoices for indication that they havebeen clerically tested, compared to a receiving report and purchaseorder, and approved for payment.2. Examination of employee time cards for approval of overtime hoursworked.3. Examination of journal entries for proper approval.4. Examination of approvals for the write-off of bad debts.Substantive tests of transactions are audit procedures testing for monetary misstatements to determine whether the six transaction-related audit objectives have been satisfied for each class of transactions. Examples are:1. Recalculation of amounts (quantity times unit selling price) onselected sales invoices and tracing of amounts to the sales journal.2. Examination of vendor invoices in support of amounts recorded inthe acquisitions journal for purchases of inventories.3. Recalculation of gross pay for selected entries in the payroll journal.4. Tracing of selected customer cash receipts to the accountsreceivable master file, agreeing customer names and amounts.13-5 A test of control audit procedure to test that approved wage rates are used to calculate employees' earnings would be to examine rate authorization forms to determine the existence of authorized signatures.A substantive test of transactions audit procedure would be to compare a sample of rates actually paid, as indicated in the earnings record, to authorized pay rates on rate authorization forms.13-6The auditor resolves the problem by making assumptions about the results of the tests of controls and performing both the tests of controls and substantive tests of transactions on the basis of these assumptions. Ordinarily the auditor assumes an effective system of internal control with few or no exceptions planned. If the results of the tests of controls are as good as or better than the assumptions that were originally made, the auditor can be satisfied with the substantive tests of transactions, unless the substantive tests of transactions themselves indicate the existence of misstatements. If the tests of controls results were not as good as the auditor assumed in designing the original tests, expanded substantive tests must be performed.13-7The primary purpose of testing sales and cash receipts transactions is to evaluate the internal controls so that the scope of the substantive tests of the account balances may be set. If the auditor performs the tests of details of balances prior to testing internal controls, no benefit will be derived from the tests of controls. The auditor should attempt to understand the entity and its environment, including internal controls, as early as practical through the analysis of the accounting system, tests of controls, and substantive tests of transactions. 13-8When the results of analytical procedures are different from the auditor's expectations and thereby indicate that there may be a misstatement in the balance in accounts receivable or sales, the auditor should extend the tests to determine why the ratios are different from expectations. Confirmation of accounts receivable and cutoff tests for sales are two procedures that can be used to do this. On the other hand, if the ratios are approximately what the auditor expects, the other tests can be reduced. This means that the auditor can satisfy the evidence requirements in different ways and that analytical procedures and confirmation are complementary when the results of the tests are both good.13-9Substantive tests of transactions are performed to verify the accuracy of a client's accounting system. This is accomplished by determining whether individual transactions are correctly recorded and summarized in the journals, master files, and general ledger. Substantive tests of transactions are also concerned with classes of transactions, such as payroll, acquisitions, or cash receipts. Tracing amounts from a file of vouchers to the acquisitions journal is an example of a substantive test of transactions for the acquisition and payment cycle. Tests of details of balances verify the ending balance in an individual account (such as inventory, accounts receivable, or depreciation expense) on the financial statements. An example of a test of details of balances for the acquisition and payment cycle is to physically examine a sample of the client's fixed assets.13-10 1. Control #1 -- Comput er verification of the customer’s credit limit.The presence of strong general controls over software programs and master file changes can significantly reduce the auditor’s testing of automated controls such as control #1. Once it is determined that control #1 is functioning properly, the auditor can focus subsequent tests on assessing whether any changes have occurred that would limit the effectiveness of the control. Such tests might include determining whether any changes have occurred to the program and whether these changes were properly authorized and tested prior to implementation. These are all tests of general controls over software programs and master file changes.2. Control #2 –The accounts receivable clerk matches bills of lading,sales invoices, and customer orders before recording in the sales journal.This control is not an automated control, but is rather a manual control performed by an employee. General controls over software programs and master file changes would have little effect on the auditor’s testing of control #2. If the auditor identifies control #2 as a key control in the sales and collection cycle, he or she would most likely examine a sample of the underlying documents for the accounts receivable clerk’s initials and reperform the comparisons.13-11 The audit of fixed asset additions normally involves the examination of invoices in support of the additions and possibly the physical examination of the additions. These procedures are normally performed on a test basis with a concentration on the more significant additions. If the individual responsible for recording new acquisitions is known to have inadequate training and limited experience in accounting, the sample size for the audit procedures should be expanded to include a larger sample of the additions for the year. In addition, inquiry as to what additions were made during the year may be made by the auditor of plant managers, the controller, or other operating personnel. The auditor should then search the financial records to determine that these additions were recorded as fixed assets.Care should also be taken when the repairs and maintenance expense account is analyzed since lack of training may cause some depreciable assets to be expensed at the time of acquisition.13-12 The following shows which types of evidence are applicable for the five types of tests.13-13Going from most to least costly, the types of tests are:Tests of details of balancesSubstantive tests of transactionsTests of controlsRisk assessment proceduresAnalytical procedures13-14 C represents the auditor's assessment of the effectiveness of internal control. C3 represents the idea that internal controls are ineffective and no assurance can be obtained from controls and all assurance must come from substantive testing. This would not represent the audit of a public company’s financial statements.Tests of controls at the C1 level would provide minimum control risk.This would require more testing of the controls than would be required at either C2 or C3. Testing controls at the C1 level allows the auditor to obtain assurance from the controls, thereby allowing for a reduction in the13-14 (continued)amount of substantive testing which must be performed to meet the level of acceptable audit assurance. C1reflects the level of testing of controls necessary for the audit of internal controls over financial reporting required by PCAOB Standard 2.It would be a good decision to obtain assurance from tests of controls at point C1especially if the cost of substantive testing is considerably greater than tests of controls.At point C2, the auditor performs some tests of controls and is able to reduce control risk below maximum. Point C2 would be appropriate if it is cost beneficial for the auditor to obtain assurance at a level between the two extremes mentioned above (C1 and C3).13-15By identifying the best mix of tests the auditor can accumulate sufficient appropriate evidence at minimum cost. The auditor can thereby meet the standards of the profession and still be cost effective and competitive.13-16The four-step approach to designing tests of controls and substantive tests of transactions is as follows:1. Apply the transaction-related audit objectives to the class oftransactions being tested.2. Identify specific control policies and procedures that should reducecontrol risk for each transaction-related audit objective.3. Develop appropriate tests of controls for each key control.4. Design appropriate substantive tests of transactions consideringdeficiencies in internal control and expected results from 3 above. 13-17 The approach to designing tests of controls and substantive tests of transactions (Figure 13-4) emphasizes satisfying the transaction-related audit objectives developed in Chapters 6 and 10. Recall that these objectives focus on the proper functioning of the accounting system.The methodology of designing tests of details of balances (Figure 13-6) emphasizes satisfying the balance-related audit objectives developed in Chapter 6. The primary focus of these objectives is on the fair presentation of account balances in the financial statements.13-18 It is desirable to design tests of details of balances before performing tests of controls and substantive tests of transactions to enable the auditor to determine if the overall planned evidence is the most efficient and effective in the circumstances. In order to do this, the auditor must make assumptions about the results of the tests of controls and substantive tests of transactions. Ordinarily the auditor will assume no significant misstatements or control problems in tests of controls and substantive tests of transactions unless there is reason to believe otherwise. If the auditor determines that the tests of controls and substantive tests of transactions results are different from those expected, the amount of testing of details of balances must be altered.13-19 If tolerable misstatement is low, and inherent risk and control risk are high, planned tests of details of balances which the auditor must perform will be high. An increase in tolerable misstatement or a reduction of either inherent risk or control risk will lead to a reduction in the planned tests of details of balances.13-20 The nine balance-related audit objectives and related procedures are as follows:13-21 Auditors frequently consider it desirable to perform audit tests throughout the year rather than waiting until year-end because of the CPA firm's difficulty of scheduling personnel. Due to the uneven distribution of the year-end dates of their clients, there is a shortage of personnel during certain periods of the year and excess available time at other periods. The procedures that are performed at a date prior to year-end are often dependent upon adequate internal controls and when the client will have the information available. Additionally, public company auditors must begin their testing of controls earlier in the year to ensure they are able to test a sufficient sample of controls for operating effectiveness. Some controls may only be performed monthly or quarterly. Thus, the public company auditor must begin testing early in the year so that there is a sufficient number of months or quarters to test.Procedures that may be performed prior to the end of the year are:1. Update fixed asset schedules.2. Examine new loan agreements and other legal records.3. Vouch certain transactions.4. Analyze changes in the client's accounting systems.5. Review minutes of board of directors' meetings.6. If the client has strong internal control, the following proceduresmay be performed with minor review and updating at year-end:(a) Observation of physical inventories;(b) Confirmation of accounts receivable balances;(c) Confirmation and reconciliation of accounts payablebalances.Multiple Choice Questions From CPA Examinations13-22 a. (2) b. (2) c. (3) d. (1)13-23 a. (2) b. (4) c. (1) d. (3)13-24 a. (4) b. (3)Discussion Questions and Problems 13-2513-2613-11* The primary concern in these two items is the separation of duties rather than the existence of the deposit slip and prelisting. The primary test of control procedure must therefore be observation.* The objectives satisfied depend upon what she examines. She might for example examine supporting documents for accuracy and even for account classification. In that event, those two objectives would be added.13-2913-1213-1413-30a. 1. Automated control embedded in computer software2. Manual control whose effectiveness is based significantly onIT-generated information3. Automated control embedded in computer software4. Manual control whose effectiveness is based significantly onIT-generated information5. Manual control whose effectiveness is not significantly relianton IT-generated informationb. 1. The extent of testing of this control could be significantlyreduced in subsequent years if effective controls overprogram and master file changes are in place. Such controlswould increase the likelihood that the inventory softwareprogram that contains the automated control and the relatedinventory master file are not subject to an unauthorizedchange. If the auditor determines that no changes havebeen made to the automated control, the auditor can rely onprior year audit tests of the controls as long as the control istested at least once every third year audit. If the controlmitigates a significant risk, the control must be tested in thecurrent year’s audit.2. The extent of testing of this control could be moderatelyreduced in subsequent years if effective controls overprogram and master file changes are in place. Such controlswould increase the likelihood that the printout of pricesaccurately reflects actual prices used by the system torecord inventory transactions. Adequate controls over themaster file would decrease the likelihood that pricesapproved by the sales and purchasing department managershave been changed without authorization. However,because this control is also dependent on manager review ofcomputer generated output (e.g., a human process subjectto error), some testing may be required each year, althoughthe amount of testing may be reduced by strong generalcontrols.3. The extent of testing of this control could be significantlyreduced in subsequent years if effective controls overprogram and master file changes are in place. Such controlswould increase the likelihood that the inventory softwareprogram that processes the automatic purchase order andthe related inventory master file of product numbers are notsubject to an unauthorized change.4. The extent of testing of this control could be moderatelyreduced in subsequent years if effective controls overprogram changes are in place. Such controls would increasethe likelihood that the purchasing system software programthat identifies purchases exceeding $10,000 per vendorfunctions accurately. However, because this control is alsodependent on manager review of the computer generated exception listing, some testing may be required each year.13-30 (continued)5. Because this control is not dependent on technologyprocesses, the strength of general controls over programand master file changes is likely to not have an impact onthe extent of testing of this review by the sales departmentmanager.13-31a. The performance of interim tests of controls and substantive tests of transactions is an effective means of keeping overtime to aminimum where many clients have the same year-end date.However, this approach requires additional start-up time each timethe auditor enters the field to perform additional tests duringdifferent times of the year. In the case of a small client, start upcosts and training time may require more total time than waitinguntil after December 31.b. Schaefer may find that it is acceptable to perform no additionaltests of controls and substantive tests of transactions work as apart of the year-end audit tests under the following circumstances:1. The results of the tests of the interim period indicate theaccounting system is reliable.2. Inquiries concerning the remaining period may indicate therewere no significant changes in internal control andaccounting procedures.3. The transactions occurring between the completion of thetests of controls and substantive tests of transactions andthe end of the year are not unusual compared to thetransactions previously tested and to the normal operationsof the company.4. Other tests performed at the end of the year do not indicatethat the internal controls are less effective than the auditorhas currently assessed.5. The remaining period is not too long in the circumstances.(Some consensus exists in the profession requiring theremaining period to be three months or less, dependingupon the circumstances.)6. Other matters of concern to the auditor indicate that thelimitation of interim testing is appropriate (i.e., risk ofexposure to legal sanction is not too great; the auditor willprobably be familiar with the client's operations and willdetermine that a reduced control risk is justified; the auditorhas appropriate confidence in the competence of personneland the integrity of management).7. All key controls related to financial reporting are testable atinterim periods by the auditor of a public company who mustissue an opinion on internal controls over financial reporting.(Some key controls may only be performed by the client aspart of the year-end closing process and thus can only betested by the auditor at year end).c. If Schaefer decides to perform no additional tests of controls andsubstantive tests of transactions, depending upon thecircumstances, she may wish to perform analytical procedures,such as reviewing interim transactions for reasonableness ortracing them to their source, comparing balances to previousperiods, or other such procedures, for the remaining period to year-end.d. If Schaefer is auditing a public company, she must performsufficient tests of controls to provide her a basis for issuing anopinion on the operating effectiveness of those controls overfinancial reporting. Schaefer’s approach to performing interim testsof controls in August through November would be appropriate forthe audit of internal control over financial reporting. Schaefer needsto begin testing early enough in the year to ensure that she can testcontrols enough to provide a sufficient basis for reporting oninternal controls over financial reporting. Because some keycontrols may only be performed by the client as part of the year-endclosing process, Schaefer may have to extend her testing beyondNovember since year-end closing controls can only be tested bythe auditor at year end.13-32 a. The sequence the auditor should follow is:3. Assess control risk.1. Determine whether it is cost effective to perform tests ofcontrols.4. Perform tests of controls.2. Perform substantive tests of details of balances.The only logical sequences for parts b through e are shown as follows:EFA B DG H DC DAny other sequence is not cost effective or incorrect. For example: E,A, G, C would be the sequence when there is planned reducedassessed control risk and effective results of tests of controls.b. The sequence is E, A, H, D. The logic was reasonable. The auditorbelieved the internal controls would be effective and it would be costeffective to perform tests of controls. In performing the tests ofcontrols the auditor concluded the controls were not effective.Therefore, expanded substantive tests of details of balances wereneeded.c. The sequence is E, B, G, C. The auditor concluded the internalcontrols may be effective, but it was not cost effective to reduceassessed control risk. The auditor should not have performed tests ofcontrols. It would have been more cost effective to skip performingtests and instead follow the sequence E, B, D.d. The sequence is F, A, G, C. The logic is not reasonable. When theauditor concluded the controls were not effective he or she shouldhave gone immediately to D and performed expanded substantivetests of details of balances.e. The sequence is F, D. The logic was reasonable. The auditorconcluded that internal controls were not effective, therefore theauditor went directly to substantive tests of details of balances andperformed expanded tests.13-33AUDIT PROCEDURES TOOBTAIN ANUNDERSTANDINGOF INTERNALCONTROLTESTS OFCONTROLSSUBSTANTIVETESTS OFTRANSACTIONSANALYTICALPROCEDURESTESTS OFDETAILSOFBALANCES1 E E S E S2 M N S M E3 E E M E S, E*E = Extensive amount of testing.M = Medium amount of testing.S = Small amount of testing.N = No testing.S,E* = Small amount of testing for the gross balance in accounts receivable; extensive testing done for the collectibility of theaccounts.a. For audit 1 the recommended strategy is to maximize the testing ofinternal controls and minimize the testing of the details of all endingbalances in inventory. The most important objective would be tominimize the number of locations that need to be visited. Thejustification for doing this is the quality of the internal controls andthe results of prior years' audits. Assuming that some of thelocations have a larger portion of the ending inventory balance thanother locations, the auditor can likely completely eliminate tests ofphysical counts of some locations and emphasize the locations withlarger dollar balances. The entire strategy is oriented to minimizingthe need to visit locations.b. Audit risk for this audit should be low because of the plans to sellthe business, severe under-financing and a first year audit. Thelack of controls over accounts payable and the large number ofadjusting entries in accounts payable indicate the auditor cannotconsider the internal controls effective. Therefore the plan shouldbe to do extensive tests of details of balances, probably throughaccounts payable confirmation and other end of year procedures.No tests of controls are recommended because of the impracticalityof reduced assessed control risk. Some substantive tests oftransactions and analytical procedures are recommended to verifythe correctness of acquisitions and to obtain information about thereasonableness of the balances.c. The most serious concern in this audit is the evaluation of theallowance for uncollectible accounts. Given the adverse economicconditions and significant increase of loans receivable, the auditormust be greatly concerned about the adequacy of the allowance foruncollectible accounts and the possibility of uncollectible accountsbeing included in loans receivable. Given the internal controls,the auditor is not likely to be greatly concerned about the grossaccounts receivable balance, except for accounts that need to bewritten off. Therefore, for the audit of gross accounts receivablethere will be a greatly reduced assessed control risk and relativelyminor confirmation of accounts receivable. In evaluating theallowance for uncollectible accounts, the auditor should test thecontrols over granting loans and following up on collections.However, given the changes in the economy, it will be necessary todo significant additional testing of the allowance for uncollectibleaccounts. Therefore an "S" is included for tests of details ofbalances for gross accounts receivable and an "E" for the tests ofnet realizable value.13-34a. Factors which could explain the difference in the amount of evidence accumulated in different parts as well as the total time spent on the engagement are:1. Internal control2. Materiality of the account balance3. Size of the populations4. Makeup of populations5. Initial vs. repeat engagement6. Results of the current and previous audits7. Existence of unusual transactions8. Motivation of the client to misstate the financial statements9. Degree of client integrity10. Reliance by third parties on the audited financial statementsFor an example, in the first audit, the partner has apparently made the decision to emphasize tests of controls and substantivetests of transactions and minimize tests of details of balances. Thatimplies effective internal controls and a low expectation ofmisstatement (low inherent and control risk.) In the third audit, thepartner apparently has a high expectation of misstatements, andtherefore believes it is necessary to do extensive tests of controlsand substantive tests of transactions, as well as extensive tests ofdetails of balances. Audit two is somewhere between audit one andthree.。
审计学--一种整合方法审计学是一门综合性的学科,它通过收集、分析、评估和报告企业财务信息的合理性和准确性,为利益相关方提供决策依据。
审计学整合了会计学、法律学、经济学和管理学等多个学科的理论和技术,以确保审计师能够有效地履行其职责。
为了更好地理解审计学的整合方法,我们可以从以下几个方面进行讨论。
首先,审计学整合了会计学的理论和技术。
会计学是审计学的基础,它提供了审计师所需的财务会计和管理会计的知识和技能,使其能够理解和分析企业的财务状况和经营绩效。
审计师必须对会计准则和原则有深入的了解,以确保财务信息的合规性和真实性。
其次,审计学整合了法律学的理论和技术。
在审计过程中,审计师需要了解和遵守相关法律法规,特别是公司法、证券法和税法等法律法规,确保审计工作的合法性和合规性。
此外,审计师还需要掌握法律程序和法律文书的编制方法,以便在需要时提供有效的法律支持。
第三,审计学整合了经济学的理论和技术。
经济学是审计学的重要支撑,它提供了审计师所需的经济分析和决策理论,使其能够理解和评估企业的经济状况和竞争力。
审计师需要通过经济学方法进行成本、效益和风险的分析,为企业的经营决策提供专业建议。
第四,审计学整合了管理学的理论和技术。
审计是一项复杂的管理活动,它需要审计师具备良好的管理能力和沟通能力,以有效地组织和实施审计工作。
管理学的理论和技术为审计师提供了管理思维和管理方法,帮助他们更好地规划和控制审计活动,提高审计效益和质量。
最后,审计学整合了信息技术的理论和技术。
随着信息技术的不断发展,现代审计已经越来越依赖于计算机和信息系统的支持。
审计师需要掌握信息技术工具和技术,以提高审计效率和准确性。
此外,信息技术还为审计师提供了大数据分析和数据挖掘等技术手段,有助于发现企业的潜在风险和问题。
综上所述,审计学是一种整合方法,它综合了会计学、法律学、经济学和管理学等多个学科的理论和技术。
通过整合这些学科的知识和技能,审计师能够更好地履行其职责,提供可靠的审计意见,为企业和利益相关方提供决策依据。
