Wednesday, May 27, 2015

Clarified Auditing Standards—Evaluation of Misstatements Identified During the Audit (AU-C 450)



One of the most important engagement completion procedures to be performed by an in-charge accountant and/or an engagement leader is the final determination that there is an acceptable level of error, both known and unknown, remaining in the financial statements after all auditing procedures have been completed. This is the culmination of the risk assessment process and the final determination that detection risk has been reduced to an acceptable low level, thereby permitting an unqualified audit opinion on the financial statements. This Part will discuss this process.

AU-C 450 Requirements

AU-C 450 requires the auditor to accumulate misstatements discovered during the audit.  If aggregated misstatements approach performance materiality for the financial statements as a whole or the individual account classifications, additional substantive procedures may be necessary. The size and nature of uncorrected misstatements should be considered individually and in the aggregate when performing error analysis.


Good error analysis should ordinarily be performed, of course, when an auditor evaluates the results of specific auditing procedures.  It should contain both quantitative and qualitative analysis by the person performing the procedures. The comparison of aggregated known and likely error and performance materiality by financial statement classification (normally performed by the engagement leader during engagement completion) may indicate, however, the need for additional analysis when aggregated error approaches or exceeds performance materiality.  It is possible that additional substantive procedures may still be necessary to reduce detection risk to an acceptable low level.

Aggregated known and likely error (uncorrected misstatements) should also be compared with the totals of material financial statement classifications (such as various current and long-term assets and liabilities, equity, revenues, expenses, net income, etc.) to determine if the level of known and likely error is acceptable.  This could be called accounting materiality, i.e., evaluating aggregated uncorrected audit differences and likely error as a percentage of the financial statement classifications balances.  Acceptable percentages of known and likely error will vary according to risk at the financial statement and assertion levels.  Ultimately, the auditor will make these final materiality decisions based on how the user of the financial statements would evaluate the level of error.  After appropriate qualitative error analysis and any necessary additional procedures have been performed, the auditor may propose general journal entries to correct certain known errors that have a material effect, individually or in the aggregate, on financial statement classifications.

Common acceptable percentages of error may be 1-2% of assets, liabilities, revenues and expenses and 5% for equity and net income; however, these percentages may vary depending on the planned use of the financial statements.  The higher the risk associated with the use of statements, the lower are the acceptable percentages.

Performing Error Analysis

Contrary to the practices of some auditors, the use of a practice aid aggregating uncorrected misstatements is not to make the numbers come out right!  The purpose is to make sure effective error analysis has been done.  As mentioned above, error analysis should be both quantitative and qualitative.  It may include:

a.       Proposing adjustments for some or all of the actual errors.
b.      Considering the nature of the projected or estimated errors to isolate causes for further investigation and corrective action.
c.       Expanding auditing procedures in the areas that resulted in large amounts of projected or estimated errors.

Most commonly, an auditor’s error evaluation process will result in some combination of making adjustments for actual errors and “carving out” the causes of projected or estimated errors.  From an efficiency standpoint, the last thing an auditor wants is to increase sample sizes and perform more sampling procedures!

Good error analysis includes consideration of both the error itself and the condition it may represent.  Qualitative factors may cause small, seemingly isolated errors to have a material effect on the financial statements as a whole.  Here are some qualitative factors that should be considered when evaluating error conditions:

a.       Related-party transactions.
b.      Errors resulting from conflicts of interest.
c.       Errors arising from fraud or illegal acts.
d.      Error effects that could be material in some future period.
e.       Errors with psychological impacts, e.g., changing earnings from a small profit to a loss or changing cash in bank to an overdraft.
f.        Errors symptomatic of larger problems, e.g., numerous sales returns, extensive product warranty claims.
g.       Errors affecting contractual obligations such as covenants in debt agreements.

Qualitative error analysis is always necessary to determine that potential known and unknown error has been considered and, when necessary, that additional substantive procedures have been performed. Performing good error analysis is the key to reducing detection risk to an acceptably low level, which is required for issuing an unqualified audit opinion.

More Information

These eBook resources, without CPE credit, can be obtained from my website, www.cpafirmsupport.com :
  • Small Audits Made Easy and Profitable
  • Performing Auditing Tests of Balances Procedures
  • Staff Training Series for Entry-Level Accountants, New In-Charge Accountants and Engagement Leaders
  • Key Accounting Issues for Non-Profit Organizations
  • A Practical Potpourri of Time Savings on Audits
  • The Financial Reporting Framework for Small- and Medium-Sized Entities

Clarified Auditing Standards—Materiality in Planning and Performing an Audit (AU-C 320)—Part 2



In Part 1 of the article on AU-C 320, requirements of the standard, definitions and types of error were discussed.  This Part will focus on the practical application of the standard.

Preliminary Estimate of Materiality for the Financial Statements as a Whole (Planning Materiality)

Simply put, the preliminary estimate of materiality at the financial statement level is the maximum amount by which the auditors believe the statements could be misstated, by known or unknown error or fraud, and still not affect the decisions of reasonable financial statement users.  Clarified Auditing Standards require quantification of materiality levels, which are estimates of the perceptions of likely users of financial statements. These estimates guide auditors’ decision-making and design of auditing procedures.  Again, these estimates are only guides and are not specific determinations of what is, and is not, material in an audit.  The nature of engagement risks, the needs of financial statement users, and audit objectives provide information for the ultimate determination of materiality.

Usually, a single base such as the higher of total revenues or total assets is selected for the financial statements taken as a whole.  Once the base is determined, the dollar amount of the base is normally multiplied by a percentage factor, sometimes determined by the volume of the base, to determine the allowance for known and unknown error and fraud in the financial statements taken as a whole. Next, a percentage factor based on risk at the financial statement level is multiplied times planning materiality to determine tolerable misstatement, or performance materiality, which is the maximum amount of known and likely error (uncorrected error) an auditor can accept in the financial statements without adjustment.

A Practical Framework for Materiality Calculations

A general range of 50% to 75 % of planning materiality, based on moderate risk at the financial statement level, is commonly used to calculate tolerable misstatement (performance materiality) at the financial statement level.  Extremely low risk could enable an auditor to calculate performance materiality at an even higher level, say 80% to 90%. Lower risk at the financial statement level will result in fewer individually significant items.

When risk is high at the financial statement level, a lower level of tolerable misstatement can result by using a factor of 10% to 30%. This will result in a lower, lower limit for individually significant items and gathering more evidence from auditing smaller account balances, general journal entries, unusual transactions, etc. 

All the percentage factors illustrative above are based on an auditors’ professional judgment resulting from the assessed level of risk at the financial statement level. None of the factors are specified in the auditing standards.

Individually Significant Items for Financial Statements Taken as a Whole:

Performance materiality (tolerable misstatement) is the base for determining the lower limit for individually significant items in the financial statements taken as a whole, ranging from 10% to 100% of performance materiality, depending on high risk or low risk respectively.  For engagements with higher risk of material misstatement at the financial statement level, individually significant items will generally be those account balances, transactions or general journal entries in excess of 10% to 30% of performance materiality.  When risk of material misstatement at the financial statement level is lower, a percentage of up to 100% may be used for determining individually significant items.  When risk is low at the financial statement level, the lower limit may be commonly calculated at 80% to 90% of performance materiality; moderate risk calculations may be 50% to 60% of tolerable misstatement and high risk 20% to 30%.  The determinations of appropriate percentages are matters of professional judgment based on the facts and circumstances of each engagement.
Individually Significant Items for Financial Statement Classifications—Assertion Levels
Clarified Auditing Standards clearly indicate that performance materiality (tolerable misstatement) is affected by risk.  Risk of material misstatement is often different for each financial statement classification. Because the lower limit for individually significant items is calculated based on performance materiality, and because performance materiality must be determined separately for each material financial statement classification, the lower limit for individually significant items will also vary by financial statement classification.  Performance materiality at the assertion or account classification level can range from 10% to 100% of performance materiality at the financial statement level. The same general rule of 10% to 100%, based on high or low risk, may be followed for calculating individually significant items at the assertion or account classification levels.

Some auditors have used 100% of tolerable misstatement at the financial statement level to determine the lower limit for individually significant items and sample sizes at the assertion level.  To reach this level of tolerable misstatement at the assertion level for sampling or non-sampling purposes, the risk assessment procedures must provide sufficient evidence to reduce the assessed level of risk of material misstatement to a very low level. Risk of material misstatement at account classification (assertion) levels for smaller entities ordinarily will be slightly less than high to moderate resulting in tolerable misstatement calculated at 30% to 60% of financial statement tolerable misstatement.

Part 3 of this materiality article will contain a discussion of how to perform good error analysis, which is the end of the risk assessment process.  A later article will discuss the Clarified Auditing Standard, Audit Sampling.

More Information

These eBook resources, without CPE credit, can be obtained from my website, www.cpafirmsupport.com :
  • Small Audits Made Easy and Profitable
  • Performing Auditing Tests of Balances Procedures
  • Staff Training Series for Entry-Level Accountants, New In-Charge Accountants and Engagement Leaders
  • Key Accounting Issues for Non-Profit Organizations
  • A Practical Potpourri of Time Savings on Audits
  • The Financial Reporting Framework for Small- and Medium-Sized Entities

My exclusive presentation of webcasts on CPE Credit.com and self-study courses covering various applications of auditing standards can be accessed by clicking the appropriate box on the left side of my home page, www.cpafirmsupport.com. Registered users accessing webcasts or self-study courses on my website receive a 20% discount on CPE materials presented by myself and numerous other authors on a variety of professional topics.

My assistance in CPA firm quality control consulting, audit planning and peer review preparation can be obtained by sending an email using the “Contact Us” tab on my home page.





Clarified Auditing Standards—Materiality in Planning and Performing an Audit (AU-C 320)—Part 1



AU-C 320 Requirements

The following requirements are excerpted from AU-C 320 (the complete Section can be obtained from the AICPA at www.aicpa.org and should be obtained and read for a thorough understanding of materiality concepts):

.10 When establishing the overall audit strategy, the auditor should determine materiality for the financial statements as a whole. If, in the specific circumstances of the entity, one or more particular classes of transactions, account balances, or disclosures exist for which misstatements of lesser amounts than materiality for the financial statements as a whole could reasonably be expected to influence the economic decisions of users, then, taken on the basis of the financial statements, the auditor also should determine the materiality level or levels to be applied to those particular classes of transactions, account balances, or disclosures. (Ref: par. .A3–.A13)
.11 The auditor should determine performance materiality for purposes of assessing the risks of material misstatement and determining the nature, timing, and extent of further audit procedures. (Ref: par. .A14)

Some Practical Issues

Definitions

Previously used terms such as planning materiality and tolerable misstatement have been changed by this Section materiality and performance materiality respectively.  Performance materiality applied to sampling applications is now termed tolerable misstatement.  While the Section requires a distinction between performance materiality and tolerable misstatement, practically it will be rare when there is an identifiable difference.  Following is a definition paraphrased from this Section:

Materiality:

Materiality concepts generally are that misstatements are considered to be material if they may be expected to influence the economic decisions of users of the financial statements.

Judgments about materiality are made in light of risk evaluations and the needs of financial statement users.

Materiality, similar in concept to the previously used term “planning materiality,” may be practically defined as the maximum amount of known and unknown error and auditor can accept in the financial statements taken as a whole without adjustment. As you can see from the definition below, this is also the definition of performance materiality.

Performance materiality:

The amount or amounts determined by the auditor, based on the assessed level of risk at the financial statement level, which is less than materiality for the financial statements as a whole. The amount of performance materiality is considered necessary to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements is greater than materiality. Performance materiality may also refer to the amount or amounts set by the auditor at less than the materiality level or levels for particular classes of transactions, account balances, or disclosures.

Tolerable Misstatement:

Tolerable misstatement is essentially the maximum amount of known and likely error an auditor can accept in a financial statement classification without adjustment.  As one can see, it will be difficult to find circumstances when performance materiality at the account class or transaction level is different from tolerable misstatement.

Materiality Levels and Error Definitions

Quantifying material levels based on assessed levels of material misstatement, including calculating the lower limit for individually significant items, enables the auditor to identify material unusual matters (risks of material misstatement). As indicated in the excerpts from AU-C 320 above, these risks of material misstatement will precipitate changes in the nature, extent and timing of further auditing procedures.  Substantive evidence from these procedures may identify errors. Known and likely error in financial statement classifications is compared with the amount of performance materiality to determine if an acceptable level of error remains in the financial statements during the completion phase of an audit.

Known and likely error (uncorrected error) includes 1) known but unadjusted error (passed adjustments) less than the lower limit for individually significant items and greater than any “paper pass” limit, 2) projected error from sampling applications and 3) estimated error from tests of accounting estimates and other procedures such as predictive analytical procedures that are designed to provide most of the substantive evidence for certain financial statement classifications. The reversing effects of the prior year’s errors must also be reflected in the current year’s aggregation of error, at least by material financial statement classifications, to support the in-charge accountant and engagement leader’s conclusions about an acceptable level of error in the financial statements. 

The next article will address the framework for calculating materiality levels and the process of error analysis, including consideration of both known and unknown error.

More Information

These eBook resources, without CPE credit, can be obtained from my website, www.cpafirmsupport.com :
  • Small Audits Made Easy and Profitable
  • Performing Auditing Tests of Balances Procedures
  • Staff Training Series for Entry-Level Accountants, New In-Charge Accountants and Engagement Leaders
  • Key Accounting Issues for Non-Profit Organizations
  • A Practical Potpourri of Time Savings on Audits
  • The Financial Reporting Framework for Small- and Medium-Sized Entities

Monday, May 18, 2015

Clarified Auditing Standards—Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (AU-C 315)—Part 4



AU-C 315 on Risk Assessment:

The following requirements are paraphrased from AU-C 315 for identifying and assessing the risks of material misstatement (RMM) as a basis for designing audit responses:

  • RMM should be identified at the financial statement level and the relevant assertion level for classes of transactions, account balances, and disclosures.
  • RMM should be identified when obtaining an understanding of the entity and its environment, including relevant controls that relate to the risks.
  • The identified risks should be evaluated to determine if they relate to the financial statements as a whole and if they may affect many assertions.
  • The identified risks, and the potential for errors or fraud, should be evaluated at the relevant assertion level, considering any internal controls for which the auditor may gather substantive evidence.
  • After considering the likelihood of misstatements, the magnitude of the misstatements should be considered to determine appropriate responses.

  • Identifying the risks of material misstatements at the financial statement level and at the assertion level for relevant assertions in significant account classifications. Relevant assertions synthesized from AU-C 315 are:
o       Completeness
o       Occurrence and cutoff
o       Valuation and accuracy
o       Existence
o       Rights
o       Obligations
o       Disclosure and presentation
  • Identifying the controls that mitigate the RMM and determining design and implementation of the controls.
  • Using this understanding to assess and document control risk.
  • Determining reductions in substantive tests of balances that can be achieved by relying on internal controls, i.e., by performing tests of controls or systems walk-through procedures.
In this process, auditors need to understand the client’s financial reporting system and the significance of key or entity-level controls. The financial reporting system understanding includes:

  • The flow of information through significant transactions cycles that affect material financial statement classifications:
o       Sales and collections—cash, accounts receivable, sales
o       Payments and acquisitions—cash, accounts payable, purchases, fixed assets, expenses
o       Payroll—salaries and wages, payroll expense, payroll withholdings and accruals
  • Understanding other transactions cycles such as inventory and warehousing, fixed assets and long-term debt may be necessary for larger entities.
  • The flow of information that includes data, documents, source records and journals, accounting system procedures and internal control activities.

In addition, auditors are required to document their understanding of an audit client’s IT system, accounting records and supporting information, as well as significant general ledger account activity. Analyzing the general ledger, performing system’s walk-through procedures, and preparing efficient internal control documentation may satisfy the requirements in AU-C 315 to understand a small- or medium-sized audit client’s business and environment.
  
Practical Risk Assessment Procedures that Satisfy the Requirements of AU-C 315

Risk assessment procedures normally include all engagement activities from the planning phase up to the development of the audit plan or detailed audit program. Below is an outline of common risk assessment procedures and related documentation.

  1. Creating and documenting client acceptance or continuance decisions.
  2. Reviewing prior year audit documentation; considering findings and conclusions; adjusting journal entries and uncorrected audit differences; and assessing their impact on the current year’s risk assessment.
  3. Reading the current year’s general ledger activity and preparing a spreadsheet or memo documenting parameters and findings.
  4. Performing and documenting other preliminary analytical procedures such as comparing the current year’s unadjusted account balances with prior year adjusted balances.
  5. Preparing flowcharts or memos documenting the client’s accounting and internal control systems and the performance of systems walk-through procedures for major transactions cycles.
  6. Calculating tolerable misstatement (performance materiality) by financial statement classification based on risk.
  7. Completing applicable practice aids and other documentation according to CPA firm policy.
  8. Preparing a linking working paper combining risk of misstatements due to error and fraud to determine the level of risk of material misstatement for relevant assertions in material financial statement classifications.
  9. Designing a detailed audit plan/program that links significant risks with appropriate procedures, i.e., tests of controls, systems walk-through procedures, analytical procedures and/or detailed tests of balances.
 AU-C 315 makes it clear that all risk assessment procedures produce substantive evidence that, when considered along with evidence from other auditing procedures, enables the auditor to evaluate relevant assertions. When considering the evidence necessary to decrease detection risk to an acceptably low level, obtaining evidence from the performance of risk assessment procedures will reduce the evidence required from other auditing procedures. This is a basic principle underpinning increased efficiency on all audits.

More Information

These eBook resources, without CPE credit, can be obtained from my website, www.cpafirmsupport.com :
  • Small Audits Made Easy and Profitable
  • Performing Auditing Tests of Balances Procedures
  • Staff Training Series for Entry-Level Accountants, New In-Charge Accountants and Engagement Leaders
  • Key Accounting Issues for Non-Profit Organizations
  • A Practical Potpourri of Time Savings on Audits
  • The Financial Reporting Framework for Small- and Medium-Sized Entities



Clarified Auditing Standards—Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (AU-C 315)—Part 3



The Entity’s Internal Control

This article will focus on the basic requirements of AU-C 315 regarding the auditor’s understanding of an entity’s internal control and the nature of the basic elements in an internal control system. The following paragraphs are excerpted from AU-C 315 (this Section may be obtained from the AICPA website (www.aicpa.org) and should be read in its entirety for a complete understanding of audit-related internal control issues):

.13 The auditor should obtain an understanding of internal control relevant to the audit. Although most controls relevant to the audit are likely to relate to financial reporting, not all controls that relate to financial reporting are relevant to the audit. It is a matter of the auditor's professional judgment whether a control, individually or in combination with others, is relevant to the audit. (Ref: par. .A42–.A67)

Nature and Extent of the Understanding of Relevant Controls (Ref: par. .14):

.A68 Evaluating the design of a control involves considering whether the control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements. Implementation of a control means that the control exists and that the entity is using it. Assessing the implementation of a control that is not effectively designed is of little use, and so the design of a control is considered first. An improperly designed control may represent a significant deficiency or material weakness in the entity's internal control.
.A69 Risk assessment procedures to obtain audit evidence about the design and implementation of relevant controls may include
• inquiring of entity personnel.
• observing the application of specific controls.
• inspecting documents and reports.
• tracing transactions through the information system relevant to financial reporting.
Inquiry alone, however, is not sufficient for such purposes

The Elements of Internal Control from AU-C 315

  • Control Environment—The core of any business is its people and the environment in which they operate.  The tone at the top, i.e., management’s attitudes, values and behaviors, provides the control environment for other employees.
  • Risk Assessment—The entity must be aware of and deal with the risks it faces; identifying the risk of error or fraud and implementing corrective actions is the primary responsibility of management.
  • Control Activities—Control policies and procedures must be designed and operated to address risks to the achievement of the entity’s objectives.
  • Information and Communication—These systems enable the entity’s people to obtain and use information necessary to conduct, manage and control operations.
  • Monitoring—The internal control process must be monitored and changed by management as circumstances and conditions necessitate.
 In 2013, the Committee of Sponsoring Organizations (COSO) updated and issued a revision of Internal Control—Integrated Framework, originally published in 1992.  The updated report did not change to basic components of internal control but, among other clarifying issues, the Framework sets out seventeen principles for applying these components. These principles from COSO’s report are presented below as they apply to the internal control components.

Control Environment
1.      The organization demonstrates a commitment to integrity and ethical values.
2.      The board of directors demonstrates independence from management and exer­cises oversight of the development and performance of internal control.
3.      Management establishes, with board oversight, structures, reporting lines, and appropriate authorities and responsibilities in the pursuit of objectives.
4.      The organization demonstrates a commitment to attract, develop, and retain com­petent individuals in alignment with objectives.
5.      The organization holds individuals accountable for their internal control responsibili­ties in the pursuit of objectives.
Risk Assessment
  1. The organization specifies objectives with sufficient clarity to enable the identifica­tion and assessment of risks relating to objectives.
  2. The organization identifies risks to the achievement of its objectives across the entity and analyzes risks as a basis for determining how the risks should be managed.
  3. The organization considers the potential for fraud in assessing risks to the achieve­ment of objectives.
  4. The organization identifies and assesses changes that could significantly impact the system of internal control.
Control Activities
  1. The organization selects and develops control activities that contribute to the miti­gation of risks to the achievement of objectives to acceptable levels.
  2. The organization selects and develops general control activities over technology to support the achievement of objectives.
  3. The organization deploys control activities through policies that establish what is expected and procedures that put policies into action.
Information and Communication
  1. The organization obtains or generates and uses relevant, quality information to support the functioning of internal control.
  2. The organization internally communicates information, including objectives and responsibilities for internal control, necessary to support the functioning of internal control.
  3. The organization communicates with external parties regarding matters affecting the functioning of internal control.
Monitoring Activities
  1. The organization selects, develops, and performs ongoing and/or separate evaluations to ascertain whether the components of internal control are present and functioning.
  2. The organization evaluates and communicates internal control deficiencies in a timely manner to those parties responsible for taking corrective action, including senior management and the board of directors, as appropriate.
Internal control is always relevant to the nature, size and complexity of a reporting entity.  Smaller entities will ordinarily have more informal controls that are carried out by one or a few persons.  While the basic components of internal control should be present in small- and medium-size entities, the 17 principles will ordinarily be subjectively included in an entity’s design and operation of internal controls. Larger entities may develop specific controls for these clarifying principles.

Generally, internal controls over financial reporting include those that are designed to make sure financial data is recorded, processed, summarized and reported consistent with management’s representations (assertions) in financial statements.  Management of an entity has the primary responsibility for internal control.  An auditor’s responsibilities include the evaluation of whether the five components are designed and operating effectively, given the nature, size and complexity of the entity.

The next article will begin a practical discussion of what auditors need to know about internal control and the part control activities play in the risk assessment process required by AU-C 315.

More Information

These eBook resources, without CPE credit, can be obtained from my website, www.cpafirmsupport.com :
  • Small Audits Made Easy and Profitable
  • Performing Auditing Tests of Balances Procedures
  • Staff Training Series for Entry-Level Accountants, New In-Charge Accountants and Engagement Leaders
  • Key Accounting Issues for Non-Profit Organizations
  • A Practical Potpourri of Time Savings on Audits
  • The Financial Reporting Framework for Small- and Medium-Sized Entities