Auditing: Audit Risk Model, Disclosures, and Steps to Solving an Ethical Dilemma

User Generated

Phegqbt

Business Finance

Description

“The aim of risk assessment in auditing standards is to improve the quantity and effectiveness of audits by substantially changing the audit practice” (Ramos, 2009). Statements on auditing standards nos. 104-111 provide increased rigor to the audit process in a number of key areas, including the assessments of inherent and control risks and the linking of these risk assessments to further audit procedures. After reading Ramos, M. (2009) and Lamoreaux, M.G. (2011) and watching the videos for Module 2, discuss the importance of inherent and control risk assessment prior to an audit.#action=share#action=share#action=share#action=share#action=share#action=share

Unformatted Attachment Preview

AUDITING Rísk'Based Audit Best Practices by Michael Ramos. CPA T he aim of the risk assessment auditing standards was to improve the quality and effectiveness of audits by substantially changing audit practice. Statements on Auditing Standards nos. 104-111 provide increased rigor to the audit process in a number of key areas including the assessments of inherent and control risks and the linking of these risk assessments to further audit procedures. This year marks the third anniversary of the standards' effective dale. Across the profession much progress has been made toward the uUimale goal of a more reliable audit process, but even more is possible as we continue to leai n about the standards' practical application. This article captures some of the most important lessons learned and besi practices that have emerged during the extended implementation of ihe risk assessment standards (see sidebar, "Methodology Behind Application Suggestions"). IMPLEMENTATION ISSUE NO. 1 : EVALUATING INTERNAL CONTROL Previous auditing standards allowed audittirs, at their discretion, to simply designate the client's internal control as 32 Journal of Accountancy December 2009 www,ioumalofaccountartcy.com AUDITING Exhibit 1 The COSO Process Starting with the financial statements, the auditor identifies... Financial Statements 1 ' Financial Statements i i A/R Cash I \ A/P 1 1 Complete Assertions 1 Ri; ks Risk#1 Ris ecause auditors would leverage their ated without judging whether ihe control knowledge of ihe client obtained in prior was properly designed. The requirement audits. In practice, realizing these savings in the risk assessment standards to eval- has been difficult as auditors have stmguate control design has been difficuli for gled to determine the nature and extent ol some auditors. Lhe procedures they should perform on an Firms that have rigorously applied the ongoing basis. COSO process in their audit methodology have been able to perform a meaning- APPUCATION SUGGESTION: ful evaluation of internal control design, IDENTIFY AND EVALUATE which ultimately improves audit quality CHANGE As shown in Exhibit 1, the COSO For years, auditors have fought a SALY process requires the auditor lo define rel- mentality, the tendency to implicitly asevant control objectives and then deter- sume that everything on the audit is mine the control acti\ities or combination "Same As Last Year." an assumption that of control activities that meet ihe objective. invariably leads to diminished audit A control system that meets the stated con- quality. The risk assessment standards trol objectives is designed effectively A sys- give audit firms an opportunity to elimtem that leaves important control objec- inate the SALY mindset by reframing the tives unmet is ineffective. Identifying these issue. Instead of considering how to "upcontrol weaknesses allows the auditor to date" last year's audit, start wiih lhe better assess risks and respond by de- premise that something has changed, signing the right mix of further audit pro- and the first priority of the current year's cedures. audu is to identify those changes and stand, assess and document, which allows the audit to be as efficient as possible. EXECUTIVE SUMMARY • On all audits the auditor must evaluate the design and implementation of internal control to properly identify and assess risk Implementing and applying this standard in practice has proven to be a challenge for many firms. • The key to implementing the internal control evaluation requirement is "Ihe COSO process." The auditor starts at the highest level of aggregation, the fi- nancial statemenls, then proceeds through a sequence of analyses that grow increasingly granular until the auditor ultimately assesses individual control activities. • Auditors have struggled to determine the nature and extent of the procedures they should perform on an ongoing basis, instead of considering how to update the prior year's audit, make identifying changes in the 34 Journal of Accountancy December 2009 organization your first priority. • The broad scope of the risk assessnnent standards made it difficult for audit firms to optimize implementation of the standards by developing firm policies and practice aids. The temptation is to use policies and practice aids developed by others, but by developing and owning their own approaoh, firms gain more in-depth knowledge of the standards and of their clients' businesses that will help them truly optimize processes and maintain quality. Michael Ramos (micfiaeljramos® mac.com) is a consu/ia/i/ and writer who specializes in auditor training. To comment on this artide or to suggest an idea far another artide. contact Matthew G. Lamorvaux, senk»- &iHor. at mlamorvaux® alcpa.org or 919-402-4435. www.journalofaccountancy.com AUDITING Exhibit 2 Identify and Evaluate Change Knowledge from prior year environment, excluding internai control Current-year procedures '^ Changes in entity arxl "^ H itsenvironi—*^ , Knowledge from prior year ^, I Knowledge from prior year i Current-year judgment Inherent risks Internal control Do changes ' ^ indicate new inherent ^ ^ risks? Yes - Current-year judgment Should prioryear controls change to address new risks? Knowledge from prior year control design Changes Yes n I/C design or plenientation? No Yes t Current-year procedures Assess risk of material misstater Current-year procedures Assess design eftectiveness and of material misstatemen^ determine their effect on risk by asking questions such as: • What has changed at the entity and in its operating environmeni since our last audit? • As a result of these changes, how have inherent risks at ihe client changed since our last audil? • Were changes lo internal control necessary to address these changes to inherenl risk? Oniy Lit'tcr the auditor has adequately answered ihese questions will he or she be able to determine ihe nature and extent of www.iournalofaccountancy.com Current-year procedures Gain understanding of I/C. assess design etfectiveness and risk ot material misstatement addilional risk assessment procedures. Exhibit 2 describes a structured process for applying tliis approach. UNDERSTANDING AND EVALUATING CHANGE In Exhibit 2: • The blue diamonds describe the key audit judgments ihai should be made in the current year, • The blue rectangles summarize the risk assessment procedures that should be performed in the current year. • The green ovals summarize ihe knowledge that is catTied forward from prior-year audits and how il factors into current-year audit judgments. Read this decision tree from top to bottom; • Begin by considering the nalure of the changes to the entity and its environment since the previous audit. It is key to ask whether those changes have resulled in changes to inherent risks. For example, the current recession may create inherent risks for your client ihai were not present before (he economic downturn. • lfinherenlrisksareunchanged,(and assuming ihai the prior year's controls December 2009 Journal of Accoumancy 35 AUDITING were effectively designed and implemented) the auditor will need to verify the implemeniation of controls to detenniiie whether there have been any changes in their design or implementation. • tí changes in the entity or its environment create new or modified inherent risks, then the auditor will need to determine whether changes in internal control were necessary to address ihose new risks. For exatnple, the recession may create risks related to asset valuation that were not material in the past. In prior years, the client did very little to evaluate asset impairment. But m the current environment, the auditor should detemime whether the client has changed its control procedures in response to the heightened level of risk. The bottom of ihe diagram describes three possible scenarios: • If the controls in place during the prior year would have been effective in addressing the current year's risks and [he auditor has determined that there have been no changes to those controls, then the auditor is prepared to assess the risk of material misslaiement. • if the prior year's controls would have been effective in addressing the current, yeafs risks but the auditor discovers that the design or implcmentaLion of those controls has changed, then the auditor will need to assess the design of those new controls belore assessing the risk of material misstatement, • For all new or significantly changed inherent risks that could not be effectively addressed by the prior year's controls, the process will be similar to that undertaken in the initial Implementation. The auditor will have to perform risk assessment procedures to gain an understanding of the design and implementation of controls to ser\'e as a basis for assessing risk of material misstatement. IMPLEMENTATION ISSUE NO. 3: ONGOING IMPLEMENTATION The sweeping scope of the risk assessment AICPA RESOURCES JofA articles • "Assessing and Responding to Risks in a Financial Statement Audit: Part li; Jan. 07, page 59 • "Assessing and Responding to Risks in a Financial Statement Atidit," July 06, page 43 Use ioumalofaccountancy.com to find past articles. In the search box, click "Open Advanced Search" and then search by title. standards made it difficult tor even [he most resource-rich audit firms to optimize implementation of the standards. Mosl firms continue to refine their audit approaches and set firm policy [o deal with issues that arise as a result of applying ihe standards. The ongoing implementation Issues for audits of smaller businesses will require even more attention. Audits of smaller, less complex businesses pose many challenges ihat may not exist in audits of larger clients. For example, auditors of smaller, less complex businesses frequently encounter: • Accounting records that require significant adjustments pnor to the slart of significant auditing procedures. • Significant transactions with unaudited related parties. • Less sophisticated or formal internal controls characterized by minimal documentation, lack of segregation of duties, and an overall lack of in-house accounting expertise. Approach (#RCSA) • Auditor's Risk Assessment Process: Tackling the Risk Assessment SASs (#ARAP) • Detecting Misstatements: Integrating SAS 99 and the Risk Assessment Standards (#DEMI) To access courses, go to aicpalearning.org and click on "On-Site Training" then search by "Acronym Index." If you need assistance, please contact a training representative at 800-634-6780 (option 1). iT Center and CUP credentiai CPE The Information Technology (IT) Oenter provides a venue for CPAs, Risk Assessment Standards-Understanding the Entity and Assessing their clients, employers and customers to research, monitor, assess, Risk, a CPE self-study course (#738801) educate and communicate the impact of technology developments on Publications business solutions. Visit the IT Center at aicpa.org/INFOTECH. • Risk Assessment Suite of Standards (#060704) Members who v/ant to maximize information technology to increase • Understanding the New Auditing Standards Related to Risk Asefficiency and boost profits may be interested in joining the IT Memsessment-Audit Risk Alert (#022526) ber Section or pursuing the Certified Information Technology Profes• Assessing and Responding to Audit Risk in a Financial Statement sional (CITP) credential. For more information about Ihe IT Member Audit-AICPA Audit Guide. Revised Edition as of Oct. 1, 2009 Section or the CITP credential, visit aicpa.org/IToffers. (#012459) (Available Januaiy 2010) • The above three publications can be purchased as a bundle Web sites (#990104HI). • IT Center Assurance Services resources, tinyurl.com/ybntmjn • The AICPA Audit and Accounting Manual has been updated to in• IT Section's "Risk-Based Auditing" podcast, tinyurl.com/ycm273h clude the risk assessment standards (#0051309). • IT Section's "CAATTs' podcast, tinyurl.com/yclkkmx • "CAATTs Ideal for Efficient Audits" (article), tinyurl.com/ybb5b3m For more iniomnation or to make a purchase, go to cpa2biz.com or • "Frequenlly Asked Questions: IT Considerations tn Risk-Based Aucall the Institute at 888-777-7077. diting," tinyurl.com/ye6loty On-Site Training • "IT Considerations in Risk Based Auditing," a two-part webcast • Applying the Risk Assessment Standards Using a Case Study slide presentation, tinyurl.com/ybxlru6 36 loumal of Accountancv Decetuber 2(X)9 www.journalofaccountancy.com AUDITING Meíhodology Behind Application Suggestions During the summer of 2009, the AICPA significantly revised the audit guide that was originally published concurrently with the risk assessment standards. To make these revisions, the Audii and Accounting Publications team formed an online, collaborative work group of more than 50 auditors who worked to identify and discuss technical issues, provide suggestions and vet new content. The issues and suggesiions described in this article were generated from the input received from this online working group. The revised audii guide, Assessing and Responding to Audit Risk in a Financial Statement Audit—AICPA Audit Guide, Revised Edition as of Oct. 1, 2009 (#012459), will be available January 2010 at cpa2biz.com. • The need lo adapt standardized audit practice aids developed for audits of larger entities to the conditions that exist on an audit of a smaller, less complex business. APPUCATION SUGGESTION: " O W N " YOUR METHODOLOGY Most firms build their audit methodologies around a set of standardized practice aids. These forms and checklists help auditors comply with the requirements of the standards, but they should not be confused with the standards themselves. An auditor can comply with the standards and prepare audit documentation in many ways. "Forms and guidance only cover a percentage (hopefully high) of the requirements," says Lyn Graham, chair of the AICPA task force that drafted the risk as- firm-specific set of audit practice aids by creatmg their own fonns or checklists for highly judgmental areas such as the documentation of intemal controls. "We wanted a workpaper set thai we could continue to build on and customize," says Andrew Prather, shareholder at Clark Nuber. "For example, we work with a lot of not-for-profit organizations. so we wanted a format that would allow us to build a library of templates specific to our clients." Like many firms, Averett, Warmus, Durkee (AWD) formed a committee of five to six experienced auditors to evaluate the requirements of the standards and develop a firm-specific set of practice aids. "We did the project during our slower time in the summer and fall and did some practice runs with clients in differ- Firms that make the commitment to"own"their audit methodology do so with the expectation that it will lead to more effective and efficient audits. sessment audit guide, "They should not be a substitute for training or understanding or consulting the literature for unusual situations. From what 1 have seen, one needs to de\nate (probably more often than auditors would like to) from the forms to comply with GAAS." Once thought to be the purview of only the largestfirms,growing numbers of audit firms are developing a more customized, www4ournalofaccountancy.com ent industries to work out some of the kinks," said AWD audit partner Lena Combs. "We made some templates from these trials and made some samples, too, including a sample audit binder, and then we held in-house CPE to train everyone on how we were going to implement the standards. It saved us time when busy season hit." When asked whether she was con- cerned that thefirm'speer reviewers would take exception to some of their practice aids. Combs was confident that the AWD methodology would not be found lacking. "1 have no doubts that peer review will pass with little disruption." It's not just about the forms—there is tremendous value in the process itself. To create practice aids, firm personnel must obtain an in-depih understanding of the requirements of the standards and how they should be applied. This technical expertise becomes invaluable not only for performing audits but also for other critical activities such as training. Firms that make the commitment to "own" their audit methodology do so with the expectation that ultimately it will lead to more effective and efficient audits. APPUCATION SUGGESTION: EARLY PARTNER INVOLVEMENT ON AUDITS OF SM ALLF.R.LF5S CcnviPLEX BUSINESSES The unique demands of an audit of a smaller, less complex business typically require significant involvement of the most experienced auditors during the audit planning process. More experienced auditors will be able to make imponant judgments about audit strategy, including: • Thenature, timing and extent of risk assessment procedures designed to gather information about the client and its envirormient. • The assessment of risks of material misstat ement. • The nature and extent of the auditor's documentation of assessed risks. • The nature and extent of the documentation of the client's intemal control. • The choice of fiarther audit procedures that are clearly linked to assessed risks. • The allocation of audit resources to those areas of the audit that present the most risk. The significant involvement of the most experienced auditors early in the audit process should improve both audit quality and efficiency. • December 2009 Journal of Accountancy 37 Copyright of Journal of Accountancy is the property of American Institute of Ceritified Public Accountants and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

LastName1

Students Name
Instructors Name
Course Name
Date
Importance of inherent and control risk assessment prior to an audit
It is important to assess inherent risk and control risk prior to an audit. Both the inherent
and the control risk accounts to two third of the audit risk model. This tells us why they are more
important to consider before an aud...

Similar Content

Related Tags