Principles Of Auditing And Other Assurance Services Accounting Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

The core purpose of an external audit is to supply top management with trustworthiness of internal controls over financial reporting and to verify accuracy and timeliness of transaction records, financial statements, and any regulatory reports. An external audit presents an unbiased perspective of a company's financial systems. This information is invaluable for top management who are charged with managing a company's financial policies. Therefore, a well organized external audit plan provides incisive information regarding the effectiveness of the financial control systems within a company.

Audit planning begins with determining the requirements for the engagement, including (California State University, [CSU], n.d.):

The financial statements to be audited

Any other requirements (e.g., regulatory filings)

The timing of the engagement

During this stage auditors establish an understanding with their client as to:

The nature of services to be provided

The responsibilities of each party

In addition they develop:

an overall audit strategy

an audit plan

an audit program

While describing the audit planning process as the first step in an audit, it should be recognized that significant portions or the planning process cannot be completed until the auditors have a sufficient understanding of:


Client's environment

Client's internal control

It should also be recognized that during audit planning auditors use a risk based approach in which they are continually considering the possibility of material financial statement misstatement. As a result, the audit plan may need to be revised as a result of information on risk as well as audit findings that are gathered throughout the audit. There are four steps involved regarding planning an audit, which are ("The External Auditing Process"):

Understanding the client

The internal control procedures which need to be reviewed

The substantive tests

The final reporting steps

Step I: Understanding the client

Auditors must obtain an understanding of the client and its environment. It must gather sufficient background information to assess:

The risks of material misstatement of the financial statements

To design the nature, timing, and extent of further audit procedures

Risk assessment procedures are used to gather this information and include (Cornell University Audit Office, 2007):

Inquiries of management

Analytical procedures


Inspection and other procedures

Auditors use their understanding of the client and its environment to identify account balances, transactions, and disclosures that might be materially misstated. At the assertion level the auditor considers ("Audited Financial Statements"):

• What could go wrong?

• How likely is it that it will go wrong?

• What are the likely amounts involved?

At this stage of the audit, the auditors are attempting to obtain:

An overall understanding of the client

Client's environment

Client's objective

Client's strategies

Client's related business risks

The manner in which management measures and reviews financial performance

The client's internal control

This understanding helps the auditors identify:

Account balances


Disclosures with a high risk of material misstatement

Obtaining an understanding of the nature of internal control

Obtaining an understanding of the nature of internal control is an essential part of this process because it allows auditors:

To identify accounts and classes of transactions that may be misstated

To tailor audit procedures to the existing internal control system

Step II: The internal control procedures which need to be reviewed

Internal control, which is a process, affected by the entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories (Committee of Sponsoring Organizations [COSO], n.d.):

• Reliability of financial reporting

• Effectiveness and efficiency of operations

• Compliance with applicable laws and regulations

Information on internal control comes from:

Interviewing client personnel

Observing the application of specific controls

Inspecting documents and reports

Tracing transactions through the information system

Reviewing prior years audit working papers

Areas of internal control include:

financial reporting



In the three areas of internal control COSO states that a series or control objectives and sub objectives exists.

To illustrate this concept; consider internal control over financial reporting:

At the top level, the overall objective is to prepare and issue reliable financial information

At the very detailed level, as applied to accounts receivable, COSO illustrates the following control objectives (sub objectives):

All goods shipped are accurately billed in the proper period

Invoices arc accurately recorded for all authorized shipments and only for such shipments

Authorized and only authorized sales returns and allowances are accurately recorded

The continued completeness and accuracy of accounts receivable is ensured

Accounts receivable records are safeguarded

Controls over financial reporting are often classified as (Committee of Sponsoring Organizations [COSO], n.d.):

Preventive Controls

Detective Controls

Corrective Controls

Preventive controls are aimed at avoiding the occurrence of misstatements in the financial statements. Examples of preventive controls include segregation of duties and requiring approval of period-ending journal entries.

Detective controls are designed to discover misstatements after they have occurred. A policy requiring the preparation of monthly bank reconciliations is an example of a control that could detect misstatements of cash receipts or disbursements.

Corrective control is ordinarily needed to remedy the situation when detective controls discover a misstatement. Maintaining backup copies of key transaction and master files to allow the correction of data entry errors is a common example of a corrective control. It is important to realize that preventive controls operate at the individual transaction level, while detective controls may operate at the transaction level or at a higher level.

The various controls designed to achieve a control objective often overlap. That is the controls are complementary in that they function together to achieve the same control objective. To illustrate, consider the control that requires all cash disbursements to be authorized and the complementary control of requiring reconciliations of bank statements. These controls work together to help ensure that unauthorized transactions arc prevented or detected. Controls are referred to as redundant if they address the same financial statement assertion or control objective. Finally, a compensating control reduces the risk that an existing or potential control weakness will result in a misstatement.

While there are many different types of control activities performed in an organization, only the following types are generally relevant to an audit of the organization's financial statements (Generally Accepted Accounting Principles [GAAP], n.d.):

• Performance reviews

• Information processing controls

• Physical controls

• Segregation of duties

Performance reviews: These controls include reviews of actual performance as compared to budgets, forecasts and prior period performance; relating different sets or data to one another; and performing overall reviews or performance. Performance reviews provide management with an overall indication of whether personnel at various levels are effectively pursuing the objectives of the organization, by investigating the reasons for unexpected performance, management may make timely changes in strategies and plans or take other appropriate corrective action.

Information processing controls: A variety of control activities arc performed to check the accuracy, completeness, and authorization of transactions. The two broad categories of information processing controls include general control activities which apply to all information processing procedures, and application control activities which apply only to one particular activity. Examples of general control activities would include those that help ensure the reliability or all information processing activities. To understand the nature of application control activities, consider the controls over payroll that help to ensure that:

(I) only authorized payroll transactions are processed

(2) authorized payroll transactions are processed completely and accurately

These application control activities would only affect the reliability of payroll processing.

Physical controls: These controls include those that provide physical security over both records and other assets. Activities that safeguard records may include maintaining control at all times over unissued pre numbered documents as well as other journals and ledgers, and restricting access to computer programs and data file. Only authorized individuals should be allowed access to the company's valuable assets. Direct physical access to assets may be controlled through the use of safes, locks, fences and guards. Improper indirect access to assets, generally accomplished by falsifying financial records, must also be prevented. This may be accomplished by safeguarding the financial record.

Segregation of duties: A fundamental concept of internal control is that no one department or person should handle all aspects of a transaction from beginning to end. No one individual should perform more than one of the functions of:

Authorizing transactions

Recording transactions

Maintaining custody over assets

Also to the extent possible, individual executing the specific transaction should be segregated from these functions. The goal is to not allow an individual to have incompatible duties that would allow him or her to both perpetrate and conceal error or fraud in the normal course of his or her duties.

A credit sales transaction may be used to illustrate appropriate authorization and segregation procedures (Whittington & Pany, 2010):

Top management may have generally authorized the sale of merchandise at specified credit terms to customers who meet certain requirements

The credit department may approve the sales transactions by ascertaining that the extension or credit and the terms or sale are in compliance with company policies

Once the sale is approved, the shipping department executes the transaction by obtaining custody of the merchandise from the inventory stores department and shipping it to the customer

The accounting department uses copies of the documentation created by the sales, credit, and shipping departments as a basis (or recording the transaction and billing the customer.

With this segregation of duties no one department or individual can initiate and execute an unauthorized action.

Step III: The substantive tests

An auditor must adopt substantive procedure to perform its audit. The auditor is required to plan the substantive procedure to be adopted (American Institute of CPA's [AICPA], 2002):

Establish the existence of assets

Establish that the company has rights to the assets

Establish completeness of recorded assets

Verify the cutoff of transactions

Determine the appropriate valuation of the assets

Determine the appropriate financial statement presentation and disclosure of the assets

It should prepare an audit checklist to obtain its object of audit so as to determine the risk involved in carrying out such procedures. An illustrative e.g. on substantive procedure on accounts receivable is given as (Whittington & Pany, 2010):


Objective Risks


1. Ensure that all goods shipped are accurately billed in the proper period.

Missing documents or incorrect information.

Improper cutoff of shipment at the end of a period.

• Use standard shipping or contract terms.

• Communicate nonstandard shipping or contract terms to accounts receivable department.

• Identify shipments as being before or after period end by means of a shipping log and pre numbered shipping documents.

2. Accurately record invoices for all authorized shipments and only for such shipments.

Missing documents or incorrect information.

• Prenumber and account for shipping documents and sales invoices.

• Match orders, shipping documents, invoices, and customer information, and follow through on missing or inconsistent information.

• Mail customer statements periodically and investigate and resolve disputes or inquiries by individuals independent of the invoicing function.

• Monitor number of customer complaints regarding improper invoices or statements.

3. Accurately record all authorized sales returns and allowances and only such returns and allowances.

Missing documents or incorrect information.

Inaccurate input of data.

• Authorization of credit memos by individuals independent of accounts receivable function.

• Pre-number and account for credit memos and receiving documents.

• Match credit memos and receiving documents and resolve unmatched items by individuals independent of the accounts receivable function.

• Mail customer statements periodically and investigate and resolve disputes or inquiries by individuals independent of the invoicing function.

4. Ensure continued completeness and accuracy of accounts receivable.

Unauthorized input for nonexistent returns, allowances, and write offs.

• Review correspondence authorizing returns and allowances.

• Reconcile accounts receivable subsidiary ledger with sales and cash receipts transactions.

• Resolve differences between the accounts receivable subsidiary ledger and the accounts receivable control account.

5. Safeguard accounts receivable records.

Unauthorized access to accounts receivable records and stored data.

• Restrict access to accounts receivable files

Step IV: The final reporting steps:

Audit reports are a vital function in keeping a company honest with their financial information. A financial audit report is written of a company's financial statement accuracy. These audits have several guidelines published by organizations such as:

GAAP - Generally Accepted Accounting Principles

GAAS - Generally Accepted Auditing Standards

Writing the Audit Report includes:


Responsibilities of Directors and Auditors

Basis of Opinion and the Opinion

Report will appear as a business letter

Be clear, concise and use proper professional terms

Begin report with a title and header that reads: "Independent Auditor's Report." This also includes:

Auditing firm's name

Author's name and business address

Address the report to the Board of Directors and shareholders of the company

The above is prescribed by GAAP. One must understand that this report will be published for public scrutiny by the SEC (Securities and Exchange Commission).

The introduction of the auditing report includes (American Institute of CPA's [AICPA], 2002):

The name of the company being audited

Business year that the audit examines

The next section includes:

Description of the party's responsibilities

Audit firm responsibility to issue an opinion

Management's responsibility to create the financial statement that the audit was based from

Write the basis of opinion:

Descriptive and concise

Declare the audit was conducted in accordance with GAAS

Disclose all of types of data that was examined

Describe basic framework of the audit

Auditing firm states opinion which is written in the first sentence of the paragraph. It should be stated plainly and clearly. Opinions include (Whittington & Pany, 2010):

Qualified opinion

Unqualified opinion

Adverse opinion

Qualified opinion: an auditor will issue if during the audit, it finds a deviation from GAAP, or if the audit could not be completed for some reason. A qualified opinion issued by an auditor points out reservations that concern the auditor regarding the accuracy of the financial records examined. Situations prompting qualified opinions involve a limited scope of the audit, or missing or misstated information. An auditor can also write a qualified opinion if he/she discovers unusual accounting practices that do not comply with GAAP.

Unqualified opinion: signifies that the financial statements conform to GAAP. It is also referred to a complete audit, an unqualified audit is an audit that uses all possible informational resources to evaluate a set of accounting records, and finds that those books are in harmony with those resources. In order to accomplish this task, the auditor not only evaluates the information found in the books themselves, but also looks closely at the system of checks and balances used by the company to ensure that the accounting records are accurate. An unqualified audit is the goal for companies, since the outcome indicates that the books are accurate and truthful, at least as far as the auditor can determine based on the documentation provided and the strength of those internal systems.

Adverse opinion: will be issued if the auditor finds a material misstatement, or if procedures do not follow GAAP standards. It results when there is concerning financial statements that the statements as a whole do not present results fairly and truthfully. Also an adverse opinion can contain substantial exceptions or warnings.

In conclusion, the audit procedures contained in an audit program are designed to be responsive to potential material misstatements of the financial statements. To make sure that the program addresses all potential misstatements, auditors develop audit objectives for each significant account balance and class of transactions. These objectives follow directly from management assertions that are contained in the client's financial statements. From these assertions general objectives may be developed for each major type of balance sheet account including assets, liabilities, and owners equity and the related income statement accounts. Therefore, a well organized external audit plan provides incisive information regarding the effectiveness of the financial control systems within a company.