Description

Audit Risk Assessment in Audits of Non-Issuers, written by J. Russell Madray, CPA, and Carrie Benedict, CPA, analyzes the standards to which auditors must adhere in planning and performing audits to obtain sufficient appropriate audit evidence to express an opinion on an entity's financial statements. 

In March 2006, the AICPA's Auditing Standards Board (ASB) issued eight Statements on Auditing Standards (SAS) relating to the assessment of risk in an audit of financial statements. These SASs establish standards and provide guidance concerning the auditor's assessment of the risks of material misstatement (whether caused by error or fraud) in a financial statement audit, and the design and performance of audit procedures whose nature, timing, and extent are responsive to the assessed risks. Additionally, the SASs establish standards and provide guidance on planning and supervision, the nature of audit evidence, and evaluating whether the audit evidence obtained affords a reasonable basis for an opinion regarding the financial statements under audit. 

The primary objective of these SASs is to enhance auditors' application of the audit risk model in practice by specifying, among other things: 

• More in-depth understanding of the entity and its environment, including its internal control, to identify the risks of material misstatement in the financial statements and what the entity is doing to mitigate them. 
• More rigorous assessment of the risks of material misstatement of the financial statements based on that understanding. 
• Improved linkage between the assessed risks and the nature, timing, and extent of audit procedures performed in response to those risks. 

This Portfolio focuses on the general approach to conducting audits responsive to assessed risks. Specifically, it focuses on the key issues identified in the risk assessment standards. 

Since an audit performed under generally accepted auditing standards must comply with all three categories of standards (general standards, standards of fieldwork, and standards of reporting), auditors are reminded that professional standards provide detailed guidance in these areas that must be followed in the performance of an audit. 

The purpose of this Portfolio is to analyze the American Institute of Certified Public Accountant's risk assessment standards to which an independent auditor must adhere in planning and performing an audit of certain companies to obtain sufficient appropriate audit evidence enabling it to express an opinion on the company's financial statements.  

The focus of this Portfolio is on the audit process required to implement these risk assessment standards. In describing the audit process related to these risk assessment standards, the Portfolio focuses on the standards' objectives and approaches. 

Audit Risk Assessment in Audits of Non-Issuers allows you to benefit from: 

• Hundreds of hours of original research on specific tax planning topics from leading practitioners in this area.
• Invaluable practice documents including tables, charts and lists.
• Guidance from world-class experts.
• Real-world and in-depth analysis that lets you explore various options.
• Time-saving access to relevant sections of tax laws, regulations, court cases, IRS documents and more.
• Alternative approaches to both common and unique tax scenarios. 

This Portfolio is included in the Accounting Policy & Practice Series, a comprehensive series of titles which explain, explicate, and offer commentary on a wide range of accounting and financial management topics, including revenue recognition, income taxes, leasing, business combinations, debt instruments, risk management, internal controls and more. 

Table of Contents

Detailed Analysis

I. Introduction, Background, and Scope of Portfolio

A. Purpose of Portfolio

B. Background and History

1. AICPA Statements on Auditing Standards Established by the AICPA

2. Auditing Standards Established by the PCAOB

C. Risk Assessment Standards

II. Key Concepts of Audit Risk Assessment

Introductory Material

A. Reasonable Assurance

B. Audit Risk and the Risk of Material Misstatement

1. Audit Risk Model

2. Risk of Material Misstatement

3. Detection Risk

4. Historical Perspective of the Audit Risk Model in GAAS

C. Materiality and Tolerable Misstatement

1. Materiality in the Audit Environment

2. Financial Statement Users

3. Nature of Misstatements

4. Qualitative Considerations

5. Tolerable Misstatement

D. Financial Statement Assertions

E. Internal Control

1. Internal Control Defined

2. Components

a. Control Environment

(1) Communication and Enforcement of Integrity and Ethical Values

(2) Commitment to Competence

(3) Board of Directors or Audit Committee Participation

(4) Management's Philosophy and Operating Style

(5) Organizational Structure

(6) Assignment of Authority and Responsibility

(7) Human Resource Policies and Practices

(8) Application to Small and Mid-Size Entities

b. Entity's Risk Assessment Process

c. Information and Communication

(1) Information Systems

(2) Communication

(3) Application to Small and Mid-Sized Entities

d. Control Activities

(1) Performance Reviews

(2) Information Processing

(3) Physical Controls

(4) Segregation of Duties

(5) Application to Small and Mid-Sized Entities

e. Monitoring of Controls

(1) In General

(2) Application to Small and Mid-Sized Entities

3. Nature of Controls

4. Control Design

5. Control Operation

6. Other Characteristics of Internal Control

a. Significance of Controls

b. Complementary Controls

c. Preventive Versus Detective Controls

7. Control Deficiencies

F. Information Technology

1. Implications for Internal Control

2. Implications for Audit Planning

G. Audit Evidence

1. In General

2. Sufficiency of Audit Evidence

3. Appropriateness of Audit Evidence

III. Steps in the Audit Risk Model

IV. Engagement Planning and Supervision

A. In General

B. Relationship Between the Overall Audit Strategy and the Audit Plan

1. Overall Audit Strategy

2. Audit Plan

C. Establishing an Understanding With the Client

D. Preliminary Engagement Activities

1. Procedures for Engagements With Existing Clients

2. Procedures for Engagements With New Clients

E. Establishing Planning Materiality and Tolerable Misstatement

1. Lesser Materiality for Particular Items

2. Tolerable Misstatement

a. Estimation Approach

b. Rule-of-Thumb Approach

3. Considerations as the Audit Progresses

F. Supervising Assistants

1. Required Discussions and Communications With Assistants

2. Reviewing the Work Performed by Assistants

3. Differences of Opinion

G. Extent of Involvement of Professionals Having Specialized Skills

H. Discussions With Management and Those Charged With Governance

I. Documenting Audit Planning

V. Gathering Information About the Entity and Its Environment, Including Internal Control

Introductory Material

A. Scope of Necessary Information

1. Sufficiency of Understanding

2. Extent and Purpose of Understanding

a. External Factors

b. Nature of Entity

c. Objectives and Strategies and Business Risks

d. Measurement and Review of Financial Performance

e. Internal Control

B. Performing Procedures to Gather Information

1. Risk Assessment Procedures

a. Inquiries of Management and Others Within the Entity

b. Analytical Procedures

c. Observation and Inspection of Documents

(1) In General

(2) Walkthroughs

2. Other Procedures

3. Using Information Obtained in Prior Periods

C. Discussion Among the Audit Team

D. Gathering Information About Internal Control

1. Documentation of Internal Control

a. Management's Documentation of Internal Control

b. Auditor's Documentation

c. Ability to Assess Control Design

d. Communications Component of the Entity's Internal Control

2. Initial Determination of the Overall Scope of Evaluation of Internal Control

3. Consideration of IT Systems

4. Consideration of Controls at a Service Organization

5. Outsourcing

6. Relevant Entity-Level Controls

a. Elements of the COSO Control Components

b. IT General Controls

c. Antifraud Programs and Controls

d. Controls Related to Significant Financial Statement-Level Risks

e. Other Relevant Entity-Level Controls

7. Relevant Activity-Level Controls

a. Elements of the COSO Components and Antifraud Controls

b. Revenue Recognition

c. Controls Related to Significant Activity-Level Risks

d. Other Controls That Are Relevant to the Audit

8. Perform Risk Assessment and Other Procedures

a. Information Obtained in Prior Audits

b. Performing Risk Assessment Procedures to Gather Information About Internal Control

(1) Inquiries

(2) Analytical Procedures

(3) Observation and Inspection

(4) Other Procedures

(5) Walkthroughs

E. Documenting Risk Assessment and Other Procedures

VI. Gaining an Understanding of the Entity and Its Environment

Introductory Material

A. External Factors

B. Nature of the Entity

C. Objectives, Strategies, and Related Business Risks

D. Measurement and Review of Financial Performance

E. Internal Control

1. Relevant Controls

a. Controls Related to Preparation of Financial Statements

b. Controls Over Completeness and Accuracy of Information

c. Controls Over Safeguarding of Assets

2. Depth of Understanding of Internal Control

a. Control Environment

b. Entity's Risk Assessment Process

c. Information and Communication Systems

(1) Information Systems

(2) Communication Systems

d. Control Activities

(1) IT Application Controls

(2) IT General Controls

e. Monitoring of Controls

3. Automated Internal Control Elements

4. Manual Internal Control Elements

5. Limitations of Internal Control

F. Evaluation of the Design and Implementation of Internal Control

1. Evaluating Control Design

2. Determining if the Control Has Been Implemented

3. Distinguishing Between the Evaluation and Assessment of Operating Effectiveness

4. Absence of Control Documentation

5. Evaluating Entity-Level Controls

a. Control Environment

b. Risk Assessment Process

c. Information and Communication

d. Monitoring of Controls

e. Other Entity-Level Controls

(1) Antifraud Programs and Controls

(2) IT General Controls

(3) Controls Over Nonroutine Transactions, Judgmental Matters, and the Selection and Application of Significant Accounting Policies

(4) Responsibilities of Those Charged With Governance

6. Evaluating Activity-Level Controls

a. Information Systems

b. Control Activities

7. Identifying Control Deficiencies

G. Documenting the Understanding of the Entity and Its Environment

VII. Assessing the Risk of Material Misstatement

Introductory Material

A. Considerations at the Financial Statement Level

B. Considering Internal Control When Assessing Risks

C. Significant Risks

1. Significant Financial Statement-Level Risks

2. Significant Assertion-Level Risks

D. Situations in Which Substantive Procedures Alone Are Not Effective

E. Revising Risk Assessment

F. Considerations at the Assertion Level

G. Documenting Assessment of Risk and Design of Further Audit Procedures

VIII. Responding to the Assessed Risks

Introductory Material

A. Overall Responses

B. Responses to Risks of Material Misstatement at the Relevant Assertion Level

C. Further Audit Procedures

1. Nature of Further Audit Procedures

2. Timing of Further Audit Procedures

3. Extent of Further Audit Procedures

D. Tests of Controls

1. Nature of Tests of Controls

2. Timing of Tests of Controls

3. Extent of Tests of Controls

E. Substantive Procedures

1. Nature of Substantive Procedures

2. Timing of Substantive Procedures

3. Extent of Substantive Procedures

F. Generic Audit Programs

G. Adequacy of Presentation and Disclosure

H. Documenting Further Audit Procedures

IX. Evaluating Audit Findings, Audit Evidence, and Control Deficiencies

Introductory Material

A. Consideration of Misstatements

B. Communicating Material Misstatements to Management

C. Considering and Evaluating Uncorrected Misstatements

1. Evaluating Uncorrected Misstatements Individually

2. Evaluating Uncorrected Misstatements in the Aggregate

D. Evaluating Whether the Financial Statements Taken as a Whole Are Free of Material Misstatement

E. Evaluating the Sufficiency and Appropriateness of the Audit Evidence

1. Inconsistencies in Audit Evidence, Findings, and Estimates

2. Deviations From Prescribed Controls and Misstatements in Substantive Tests

F. Identifying and Evaluating Control Deficiencies

1. Definitions

2. Evaluating Control Deficiencies

a. Compensating Controls

b. Prudent Official Test

c. Examples of Circumstances That May Be Deficiencies, Significant Deficiencies, or Material Weaknesses

3. Communication Requirements

a. Timing of Communication

b. Communication of Other Matters Related to Internal Control

c. Management's Written Response to the Auditor's Communication

d. Auditor's Responsibility for Significant Deficiencies and Material Weaknesses Not Corrected by the Client

e. Inclusion of Additional Statements in the Communication Regarding Inherent Limitations of Internal Control

4. Issues for Audits of Smaller Entities

G. Documenting Evaluation of Audit Findings

Working Papers

TABLE OF WORKSHEETS

Worksheet 1 Glossary

Worksheet 2 Acronyms

Worksheet 3 The GAAS Hierarchy

Worksheet 4 Generally Accepted Auditing Standards

Worksheet 5 Illustrative Audit Engagement Letter

Worksheet 6 Examples of Matters the Auditor May Consider in Establishing the Overall Audit Strategy

Worksheet 7 Understanding the Entity and Its Environment

Worksheet 8 Illustrative Financial Statement Assertions and Examples of Substantive Procedures-Illustrations for Inventories of a Manufacturing Company

Worksheet 9 Conditions and Events That May Indicate Risks of Material Misstatement

Worksheet 10 Examples of Circumstances That May Be Control Deficiencies, Significant Deficiencies, or Material Weaknesses

Worksheet 11 Evaluation Questions

Worksheet 12 Illustrative Written Communication of Internal Control Related Matters Identified in an Audit

Worksheet 13 Illustrative Written Communication of Internal Control Related Matters Identified in an Audit When the Auditor Has Not Identified Any Material Weaknesses

Worksheet 14 Control Deficiency Case Studies

Bibliography

OFFICIAL

Statutes

Case Law

SEC Regulations

SEC Releases

SEC Staff Accounting Bulletins

PCAOB Rules

PCAOB Releases

FASB Statements

FASB Concepts Statements

AICPA Statements on Auditing Standards

AICPA Statements on Quality Control Standards

AICPA Code of Professional Conduct

AICPA Audit Guides and Audit Risk Alerts

Office of Management and Budget

UNOFFICIAL

Books

BNA Portfolios

Authors