1

AuditingA Business Risk Approach

Sixth Edition

Larry E. RittenbergUniversity of Wisconsin – Madison

Bradley J. SchwiegerSt. Cloud State University

Karla M. JohnstoneUniversity of Wisconsin – Madison

Thomson Learning

SouthwesternCopyright © 2008 Thomson South-Western, a part of the Thomson Corporation. Thomson, the Star logo, and South-Western are trademarks used herein under license.

2

Rittenberg/Schwieger/JohnstoneAuditing: A Business Risk Approach

Sixth Edition

Chapter 1

Auditing:

Integral to the Economy

3

Free Market Economy

A free market economy exists only if accurate, reliable data is available

Auditors contribute to an effective capital market by providing independent evaluations about the reliability of an organization's financial statements or the efficiency and effectiveness of various aspects of its performance

4

Auditing: A Special Function

Auditing is both more and less than public accounting

More because it includes internal and operational auditing, governmental auditing, and other services that evaluate and report on managerial performance

Less because public accounting firms provide a variety of other assurance and non-audit services

5

Auditing

“A systematic process of objectively

obtaining and evaluating evidence

regarding assertions about economic

actions and events to ascertain the degree

of correspondence between those

assertions and established criteria and

communicating the results to interested

users.

6

What is attestation?

Attestation involves gathering evidence about assertions, evaluating the evidence against objective criteria, and communicating the conclusion reached.

Auditing is specific attestation service where the auditor gathers evidence to determine whether the financial statements are fairly presented in accordance with Generally Accepted Accounting Principles and issues an opinion to be used by third-party users, management, and the Board of Directors

7

Auditing is all about evidence

The auditor gathers evidence to determine if the client's processes are working correctly, its financial data are recorded and presented correctly, and its financial statements as a whole are fairly presented.

This implies that--the process of auditing is to gather and evaluate

evidence to test assertionsthe audit process is systematicthe auditor must be independent of the entity

audited and the process followed in gathering evidence must be unbiased

8

Management & GAAP

When management prepares financial statements, they assert that those statements are fairly presented in accordance with GAAP

GAAP is the criteria by which "fairness" of financial statement presentation is judged

However, the interpretation and application of GAAP is difficult

The auditor's task is to determine whether the financial statements present fairly in accordance with GAAP

9

Communication

Communication of audit results to management and third parties completes the audit process

To minimize misunderstandings, this communication follows a prescribed format that states the responsibilities of both management and the auditor, summarizes the audit process, and expresses the auditor's opinion on the financial statements

10

Define an Unqualified Audit Report & List Its Three Paragraphs

Most audits result in reports that do not contain reservations about the fair presentation of the financial statements. 1.Introductory paragraph - identifies company,

statements, and accounting periods examined, management's responsibility for the financial statements, auditor's responsibility for expressing an opinion

2. Scope paragraph - performance of the audit in accordance with GAAS and limitations of the audit

3. Opinion paragraph - statements present fairly, in all material respects, in conformity with GAAP

11

The Need forAssurance Services

1. Potential bias in providing information - management has a vested interest in providing information that will make management look good

2. Remoteness of users - most users do not have the opportunity or time to interview management, tour company facilities, or review financial records firsthand. Instead, they rely on the financial statements

3. Complexity - many transactions are more complex than they were a decade ago. Users depend on auditors to ensure they are fairly presented and fully disclosed in financial statements

12

The accounting profession’s decade of unprecedented turmoil

& change1. The failure of one of the largest public

accounting firms (Andersen)

2. Four of the largest bankruptcies ever - each in companies where financial statement misrepresentation had taken place

3. Billions of investment and retirement dollars lost

4. Perception that auditors were not independent from their clients

13

What was Congress’ response?

Passing the Sarbanes-Oxley Act of 2002. That focused on five critical improvements in how financial information is presented.

1. Improved corporate governance

2. Reporting on internal controls

3. Greater independence of audit function

4. Acknowledgment of greater audit responsibility

5. Audit standard setting moved to a new quasi-public organization

14

Improved Corporate Governance

The lack of corporate governance was a major factor in business failures; most notably, a failure of Boards of Directors to oversee management, and effectively utilize the audit function.

Sarbanes requires Boards of Directors be independent of the organization and exercise oversight over management and the audit function

Further, the Board of Directors, through its audit committee, is the "client" of the public accounting firm.

15

Reporting on Internal Controls

In most cases of major fraud, companies

had poor internal controls over financial

reporting

Sarbanes requires the CEO and CFO of

SEC registered companies to assess and

publicly report on the quality of its internal

controls over financial reporting

16

Greater Independence ofthe Audit Function

The audit function must be independent and objective if assurances are to be trusted by third parties. Auditor independence has been strengthened by requiring:1. The audit committee has the authority to hire and fire the

external auditors2. Mandatory rotation of the audit engagement partner every

five years3. Consulting work cannot be performed for audit clients4. Increased oversight of potential independence conflicts by

the audit committee

Non-public companies and smaller audit firms are not required to follow all these guidelines

17

Audit Standard Setting Moved

The public lost confidence in the ability of the profession to serve the public interest. Sarbanes created the Public Company Accounting Oversight Board (PCAOB).

The PCAOB has authority to develop audit standards for audits of publicly traded companies.

The PCAOB is also charged with performing peer review of all public accounting firms that perform audits of public companies.

The PCAOB is comprised of five public members appointed by the SEC. No more than two members can be CPAs.

18

The AICPA’s definition of assurance services

The AICPA's Special Committee on Assurance Services defines assurance as: "independent professional services that improve the quality of information, or its context, for decision makers."

Assurance services involve three components:- Information or a process on which the assurance is

provided

- A user or group of users who derive value from the assurance provided

- An assurance service provider

19

What are the attributes needed to perform assurance services?

1. Subject matter knowledge

2. Independence from parties requesting assurance

3. Agreed upon criteria to evaluate quality of presentation

4. Expertise in the process of gathering and evaluating evidence

20

What are the levels of assurance provided?

1. Positive assurance (such as an audit opinion)

2. Limited or negative assurance (such as a review of financial statements)

3. No assurance (such as a compilation of financial statements)

21

The AICPA's Special Committee on Assurance Services has identified

six areas of potential service:1. Risk Assessment - the quality of processes implemented by

an organization to identify, assess, and manage risks.2. Business Performance Measurement - the processes to

identify, measure, and communicate alternative measures of performance

3. Information System Reliability - the quality of controls to ensure system security, reliability, timeliness, and accuracy

4. Healthcare Performance Measurement - provide information about the quality of services provided by healthcare providers

5. Electronic Commerce - provide assurance that systems and tools are designed and functioning with integrity and security

6. Elder Care Plus - provide assurance whether the needs of the elderly are being met by various caregivers

22

What are attest services?

Attest services are a subset of assurance

services

Attest services always involve evaluation

of an assertion made by one party to a

third party

Attest services always involve a report

sent to a third party

23

Requirements to Enter the Public Accounting Profession

Accounting and Auditing Expertise - in addition to technical knowledge, auditor must have sound conceptual understanding of financial reporting and auditing

Internal Auditing Expertise – auditor must be able to analyze the organization’s internal controls to determine if there are weaknesses

Knowledge of Business and its Risks - auditor must understand the basic structure of a business in order to identify significant risks affecting the client

Understanding Accounting System Complexity - auditor must understand the challenges posed in a system in which traditional source documents do not exist

24

Who Are the Providers of Assurance Services?

The Public Accounting Profession

The Internal Audit Profession

The Governmental Audit Profession

25

The Public Accounting Profession

More than 45,000 CPA firms in the United States, ranging sole-practitioners to large multinationals such as the Big 4.

These firms provide a variety of services in the areas of assurance and financial statement services, tax planning and compliance, and consulting

The SEC has prohibited accounting firms from providing most consulting services to public companies that they audit

Such restriction on services has not been specified by the AICPA or regulatory authorities for public accounting firms that do not audit SEC registered clients

26

Organization of CPA Firms

The organizational hierarchy of CPA firms has been described as a pyramidal structure.

Partners (or owners) are at the top and are responsible for the overall conduct of each audit

Next, managers review the detailed audit work performed by staff auditors

Seniors are responsible for overseeing much of the day-to-day activities on a specific audit

Staff auditors perform the basic, detailed audit work. Partners and managers may be involved in a number of

audit engagements being conducted simultaneously; seniors and staff are usually assigned to only one audit at a time

27

The Internal Audit Profession

Internal auditing is defined as

" an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes."

28

Internal auditors add value to an organization

The evaluate processes to identify and management risk, develop and implement effective internal controls

They assure management and the Board of Directors on the company's compliance with policies or regulatory requirements, or the effectiveness of processes and operations

They provide consulting services such as analyzing problems and identifying potential solutions

They perform operational audits designed to evaluate the effectiveness, economy, and efficiency with which resources are employed

Its broad scope makes internal auditing an excellent training ground for future management positions

29

Governmental Auditing Profession

Employed by various Federal, state, and

local agencies

Governmental auditors perform all the

types of audits that internal auditors

perform including compliance, operational,

and performance audits

30

Professional and Regulatory Organizations

The PCAOB established as part of the Sarbanes-Oxley Act of 2002 has authority to set auditing standards for audits of public companies and to perform quality reviews of all registered CPA firms

The SEC oversees the PCAOB and all companies publicly traded on the U.S. capital markets. It has the authority to establish GAAP for publicly traded companies, and to prosecute companies who violate SEC laws

The AICPA has long served as the primary governing organization of the public accounting profession. It provides a variety of continuing education programs and administers the Uniform CPA Examination. Membership in the AICPA is voluntary

31

Professional and Regulatory Organizations

The State Boards of Accountancy are responsible for certifying and licensing CPAs in their state. While all state boards require passage of the Uniform CPA Examination, education and experience requirements vary by state.

The Institute of Internal Auditors issued internal auditing standards and administers the Certified Internal Auditor program

The U. S. General Accounting Office is the nonpartisan audit agency for Congress. The GAO develops auditing standards for governmental audits.

32

The Securities and Exchange Commission (SEC)

Established by Congress in 1934 to regulate the capital market system

Over site of PCAOB and all public companies required to register with it to gain access to the U.S. capital market

Has the authority to establish GAAP for publicly traded companies

Has prosecutorial authority

33

The American Institute of Certified Public Accountants

(AICPA)Primary governing body of the public

accounting profession

Continues to develop standards for audits

of non-public companies

Administers the Uniform CPA Examination