ASN 1
JCC31
Cloud9.docxAppendix A Cloud 9 Inc. Audit
W&S Partners is a U.S.-based accounting firm with offices located in most major cities. W&S Partners will be conducting the January 31, 2023, audit for Cloud 9 Inc., a publicly traded company. The audit team assigned to the client is:
· Partner: Jo Wadley
· Audit manager: Sharon Gallagher
· Audit senior: Josh Thomas
· IT audit manager: Mark Batten
· Experienced staff: Suzie Pickering
· First-year staff: Ian Harper
Prior-year audits were conducted by Ellis & Associates. As part of the transfer of records process, Jo Wadley met with RJ Ellis (managing partner, Ellis & Associates) to discuss acceptance of Cloud 9 as a client and to inquire about access to Ellis & Associates' working papers. In the discussion, RJ Ellis stated that there were no issues that W&S Partners should be aware of before accepting the client or beginning the work.
Cloud 9 Inc. Company Background
Cloud 9 Inc. is a manufacturer and retailer of athletic shoes and apparel, based in Sacramento, California. In 2021, Cloud 9 purchased McLellan's Shoes from Ron McLellan. As part of the sale agreement, Ron McLellan was appointed to the Cloud 9 board of directors.
Cloud 9 has wholly owned subsidiaries in Canada and Vietnam, and has built a reputation for its comfortable and durable shoes. The company promotes itself using its now well-known tagline, “Our shoes are so comfortable, it's like walking on Cloud 9.” Currently, Cloud 9 is primarily a wholesaler of athletic shoes and apparel to its main customers All Day Sports, Mayer, Bob's, and Varsity Sports.
Cloud 9 receives about 25% of its inventory from the Vietnam production plant with the remainder coming from the United States. Also, about 20% of its property, plant, and equipment is located at the Vietnam production plant. All inventory is purchased on free on board (FOB) shipping terms, which means Cloud 9 takes ownership of the products once the international courier accepts the goods for delivery. The inventory is sent to the main warehouse in Sacramento, which is linked to retailers via an electronic inventory system. When retail inventory gets low, the company ensures deliveries are made using its own transport trucks, thus ensuring control throughout the entire process.
In February 2021, Cloud 9 launched its new product line that included the “Heavenly 456” walking shoe. Advertising campaigns and media coverage have been very successful, and sales for this style of shoe have steadily increased. For Cloud 9, the Heavenly 456 now makes up 20% of total sales.
A specific marketing campaign was initiated in 2022 to promote and build the Cloud 9 brand in the United States. Cloud 9 decided to sponsor a professional soccer team, Georgia Thunder, for the 2022 season. Under this sponsorship agreement, Cloud 9 is to provide all the athletic footwear and apparel for the team as well as have sole merchandising rights. The agreement also includes general advertising rights at the stadium.
In a separate contractual arrangement, Cloud 9 has signed Miguel Fernandez, the captain of Georgia Thunder, as spokesperson for the brand. This arrangement allows Cloud 9 to use Miguel's image to promote and build the brand.
To further establish the brand, the first Cloud 9 retail store was opened in San Francisco, California, on June 1, 2022. The store operates on a just-in-time inventory system linked with a series of warehouses and distribution centers throughout the United States and Canada. However, the management team reports that there have been a few hiccups in determining ideal stock quantities for the store to allow optimum availability of merchandise to its customers. Because some thefts of merchandise from the store have also occurred, the company has installed closed-circuit television cameras.
Personnel
The Cloud 9 corporate office has 358 full-time employees. In the retail store, the company employs two full-time managers and some part-time staff, with seasonal employees enhancing staff levels in the busier retail period.
Some key positions in the accounting and IT area are as follows:
· CFO: David Collier
· Financial controller: Carla Johnson
· IT manager: Will Burton
These three employees are entitled to participate in the employee stock-purchase plan and receive stock options in Cloud 9 if revenue targets are met.
Financial Information
Cloud 9 set a goal to increase revenue by 3% for the 2022 fiscal year. One of the critical success factors for the company to achieve this 3% increase is to grow its share of the U.S. footwear market. However, with the new store opening and the subsequent increase in costs, as well as the costs related to the sponsorship deals, the management team is projecting a decline in earnings for the year.
In addition, to build customer loyalty and promote sales in the retail store, Cloud 9 introduced a loyalty program whereby customers earn one point for every $10 that they spend. Customers can then redeem points by going online to receive coupons that can be exchanged for merchandise in the store. On August 1, 2022, the company took out an additional loan of $7 million with Windsor Bank to help fund the store costs and to purchase additional delivery trucks and vans. This loan is repayable over five years. The company's other debt relates to loans issued more than five years ago from various lending institutions.
All inventory is purchased in U.S. dollars, which the company acquires under forward exchange contracts. The company provides a 12-month warranty on all footwear. Historical claims have been 0.2% of total sales.
The most recent financial statements for Cloud 9 are as follows. (Note that these financial statements are also available in Excel format in WileyPLUS.)
|
Cloud 9 Consolidated Statement of Income |
||||
|
|
For the year ended January 31, 2022 |
For the year ended January 31, 2021 |
||
|
Revenues |
|
$364,953,846 |
|
$345,965,385 |
|
Costs and expenses: |
|
|
|
|
|
Cost of sales |
$222,496,154 |
|
$207,838,462 |
|
|
Selling and administrative |
104,450,000 |
|
100,246,154 |
|
|
Interest expense |
1,257,692 |
|
1,730,769 |
|
|
Other (income)/expense, net |
1,311,539 |
|
796,154 |
|
|
Total costs and expenses |
|
329,515,385 |
|
310,611,539 |
|
Income before income taxes |
|
35,438,461 |
|
35,353,846 |
|
Income taxes |
|
12,757,692 |
|
13,080,769 |
|
Net income |
|
$ 22,680,769 |
|
$ 22,273,077
|
|
Cloud 9 Consolidated Balance Sheet |
||||
|
|
January 31, 2022 |
January 31, 2021 |
||
|
Assets |
|
|
|
|
|
Current assets: |
|
|
|
|
|
Cash and cash equivalents |
$11,692,308 |
|
$9,780,769 |
|
|
Accounts receivable, less allowance for doubtful accounts of $2,773,077 and $2,515,385 |
62,361,538 |
|
60,361,539 |
|
|
Inventory |
54,773,077 |
|
55,615,385 |
|
|
Investments (derivatives) |
14,460,577 |
|
14,852,885 |
|
|
Deferred income taxes |
3,357,692 |
|
3,288,461 |
|
|
Prepaid expenses and other current assets |
5,250,000 |
|
7,276,923 |
|
|
Total current assets |
|
$151,895,192 |
|
$151,175,962 |
|
Property, plant, and equipment, net |
|
62,261,539 |
|
60,900,000 |
|
Identifiable intangible assets and goodwill, net |
|
3,820,192 |
|
3,950,961 |
|
Deferred income taxes and other assets |
|
5,853,846 |
|
9,238,462 |
|
Total assets |
|
$223,830,769 |
|
$225,265,385 |
|
Liabilities and Stockholders' Equity |
|
|
|
|
|
Current liabilties: |
|
|
|
|
|
Current portion of long-term debt |
$207,692 |
|
$1,926,923 |
|
|
Notes payable |
28,896,154 |
|
35,546,154 |
|
|
Accounts payable |
20,615,385 |
|
20,915,385 |
|
|
Accrued liabilities |
18,157,692 |
|
23,336,581 |
|
|
Income taxes payable |
842,308 |
|
582,650 |
|
|
Total current liabilities |
|
$ 68,719,231 |
|
$ 82,307,693 |
|
Long-term debt |
|
16,765,384 |
|
18,088,462 |
|
Deferred income taxes and other liabilities |
|
3,942,308 |
|
4,253,846 |
|
Stockholders' equity: |
|
|
|
|
|
Common stock at par value |
107,692 |
|
107,692 |
|
|
Capital in excess of par value |
17,669,231 |
|
14,192,308 |
|
|
Unearned stock compensation |
(380,769) |
|
(450,000) |
|
|
Accumulated other comprehensive income |
(5,850,000) |
|
(4,273,077) |
|
|
Retaining earnings |
122,857,692 |
|
111,038,461 |
|
|
Total stockholders' equity |
|
134,403,846 |
|
120,615,384 |
|
Total liabilties and stockholders' equity |
|
$223,830,769 |
|
$225,265,385
|
|
Cloud 9 Condensed Cash Flow Statement |
||
|
|
For the year ended |
|
|
|
January 31, 2022 |
January 31, 2021 |
|
Cash provided by operations |
$25,250,000 |
$26,907,692 |
|
Cash used by investing activities |
(13,165,385) |
(16,923,077) |
|
Cash used by financing activities * |
(13,457,692) |
(9,696,154) |
|
Effect of exchange rate changes on cash |
3,284,616 |
1,873,077 |
|
Net increase in cash and cash equivalents |
1,911,539 |
2,161,538 |
|
Cash and cash equivalents, beginning of year |
9,780,769 |
7,619,231 |
|
Cash and cash equivalents, end of year |
$11,692,308 |
$9,780,769
|
*Includes dividends paid of $4,988,462 in 2022 and $5,119,231 in 2021.
|
Cloud 9 Trial Balance |
||||
|
|
October 31, 2022 |
October 31, 2021 |
||
|
|
Debit |
Credit |
Debit |
Credit |
|
Cash and cash equivalents |
$13,446,154 |
|
$6,123,884 |
|
|
Accounts receivable |
70,485,625 |
|
64,867,910 |
|
|
Allowance for doubtful accounts |
|
$704,856 |
|
$648,679 |
|
Inventory |
55,100,000 |
|
57,900,000 |
|
|
Investments (derivatives) |
13,419,231 |
|
13,805,769 |
|
|
Deferred income taxes (current) |
2,857,692 |
|
3,584,615 |
|
|
Prepaid expenses and other current assets |
9,265,385 |
|
6,446,154 |
|
|
Property, plant, and equipment |
103,803,846 |
|
97,576,923 |
|
|
Accumulated depreciation |
|
39,761,538 |
|
35,207,692 |
|
Identifiable intangible assets and goodwill |
3,723,007 |
|
3,851,923 |
|
|
Accumulated amortization |
|
|
|
|
|
Deferred income taxes and other assets (noncurrent) |
9,557,692 |
|
8,410,849 |
|
|
Current portion of long-term debt |
|
2,115,385 |
|
300,125 |
|
Notes payable |
|
21,376,923 |
|
34,823,077 |
|
Accounts payable |
|
14,986,457 |
|
22,561,538 |
|
Accured liabilities |
|
25,803,846 |
|
24,150,000 |
|
Income taxes payable |
|
2,211,539 |
|
3,726,923 |
|
Long-term debt |
|
23,661,538 |
|
17,119,106 |
|
Deferred income taxes and other liabilities (noncurrent) |
|
4,915,384 |
|
4,330,769 |
|
Common stock at par value |
|
111,538 |
|
107,692 |
|
Capital stock in excess of par value |
|
19,415,385 |
|
16,484,615 |
|
Unearned stock compensation |
253,846 |
|
480,769 |
|
|
Accumulated other comprehensive income |
5,011,538 |
|
4,746,154 |
|
|
Beginning retained earnings |
|
122,857,692 |
|
98,150,473 |
|
Dividends |
3,866,838 |
|
3,299,423 |
|
|
Repurchases of common stock |
4,627,381 |
|
2,939,393 |
|
|
Revenue |
|
277,338,461 |
|
269,442,308 |
|
Cost of sales |
169,346,154 |
|
163,003,846 |
|
|
Selling and administrative |
79,092,308 |
|
78,246,154 |
|
|
Interest expense |
1,438,461 |
|
1,773,077 |
|
|
Other expense |
453,846 |
|
757,692 |
|
|
Income tax expense |
9,511,538 |
|
9,238,462 |
|
|
Totals |
$555,260,542 |
$555,260,542 |
$527,052,997 |
$527,052,997
|
Transcript of Meeting with David Collier
Present: David Collier, chief financial officer, Cloud 9 Inc. Josh Thomas, audit senior, W&S Partners
|
JT: |
Thanks for seeing me, David. |
|
DC: |
You're welcome, Josh. What can I do for you? |
|
JT: |
I need to ask you some questions about Cloud 9's process for recording wholesale revenue transactions, including the trade receivables and cash receipts aspects. After I understand the process, I will be doing a system walkthrough and confirming my understanding by talking to the individuals who are involved in each step of the process. |
|
DC: |
We've got a pretty complex inventory management software system called Swift. It was designed by some of our tech guys. It tracks inventory and it integrates with our sales system. |
|
JT: |
How do customers decide the quantity and know the price? |
|
DC: |
The customers complete a purchase order online through a site that is linked to Swift. The site will tell customers the price for each item in inventory, as well as the quantity we have in stock. |
|
JT: |
How often are prices changed? |
|
DC: |
Price changes really depend on the market. While they don't change that often, our marketing management meets weekly to discuss price changes. Price changes are initiated after that meeting. Only the marketing manager and a few of her staff members have access to update the master price list. |
|
JT: |
What if a customer logs on and you don't have the products? |
|
DC: |
The system doesn't allow a customer to place an order greater than our current inventory levels. If a customer needs more inventory, the customer should fill out a separate request for inventory not on hand. The request gets e-mailed to our production manager and our marketing manager, who determine if we need to manufacture more goods. The decision about manufacturing more goods is complex as it integrates with our production decisions, or whether we can purchase additional inventory from a subcontractor that manufactures for us. |
|
JT: |
OK. This is helpful. Let's stay focused on the sales process. Once a customer's purchase order is complete, then what? |
|
DC: |
The submitted purchase order goes through a credit check and then becomes a sales order. If a customer exceeds his or her credit limit, there are a few people in my office that can approve a credit override, on a case-by-case basis. We tend to allow this only for good customers with good payment history. Then, the purchase order becomes our sales order. |
|
JT: |
I guess this electronic process saves a lot of time and trees! |
|
DC: |
Yes, there's so much that we rely on the system to do for us, it's scary. I worry about things like what happens if we are hit by a storm or lose power. We do have the whole system backed up off-site. |
|
JT: |
That is nice to know, and probably gives you some comfort. What happens to the sales order – how does it get filled? |
|
DC: |
Every day, the system assigns shipments to the warehouse location nearest to the customer's location that can fulfill the entire order. The warehouse manager then downloads the outstanding sales orders to these little handheld computer/scanners. It's very Star Trek. Warehouse personnel use these to identify inventory in the warehouse, then the warehouse personnel put boxes of ordered shoes onto pallets. The pallets are taken to a staging area where each product is then scanned. |
|
JT: |
Are the shipping documents approved before the goods go out the door? How do you know that what got sent is what was ordered? |
|
DC: |
Swift matches the quantities and products on the packing slip to the sales order. If they don't match, the order is set aside for follow-up to ensure that the order is accurately filled. Once they match, the approval box is activated, and the shipping supervisor can enter his or her passcode. This officially approves the packing slip and bill of lading, and each gets printed. |
|
JT: |
OK, so once the goods are shipped to the customer, how do you bill for this shipment? |
|
DC: |
We go into the billing system and pull up a draft invoice that was generated when the shipping document was approved. At this point, Swift performs a number of checks. The system matches the quantities in the invoice against the packing slip and sales order. Prices are also matched to the sales order. The customer number should also match on the sales order, shipping documents, and draft invoice. A report is run daily of any shipments that have not resulted in invoices. The reverse is also true. A report is run of any invoices that are not supported by shipping documents. At month-end, we run a report to compare dates on shipping documents with the month that transactions are recorded in the sales journal. If there are any discrepancies, the transaction is reported for manual follow-up. I believe discrepancies are rare as the system is very tight, and we ship only what was ordered. Then, the sales invoice is processed. Processing the sales invoice enters the transaction in a database from which we build the sales journal and accounts receivable subsidiary ledger. Also, at the end of each day, we compare the totals for accounts receivable with the total of each customer's balance in the accounts receivable subsidiary ledger. |
|
JT: |
When you do have discrepancies, who follows up on them and how are they cleared? |
|
DC: |
We have a data control group that follows up on discrepancies in a variety of systems. Discrepancies have to be cleared daily. Once the reason for the discrepancy is identified, changes to the underlying data must be approved by a manager in the data control group. The data is then corrected, and the invoice is processed. As I noted, discrepancies are very rare. We don't ship goods unless the order is completely filled. |
|
JT: |
Does finance ever go back to the sales order? |
|
DC: |
No. Since the shipping document can't be generated unless it agrees to the sales order, Swift only looks at the sales order for prices. Do you think we should do otherwise? |
|
JT: |
I wouldn't say so at this stage. But you'd have to be sure to have some tight controls around Swift, given that it seems to do everything. |
|
DC: |
Yes, good IT general controls over the Swift program, and other programs, are extremely important. I meet with the IT manager monthly, to talk about the few discrepancies found, reasons for discrepancies, and the importance of controls. I think you will find that our IT manager understands the importance of strong IT general controls, and strong controls over clearing any discrepancies identified in transaction streams. |
|
JT: |
Let's talk about accounts receivable. Who follows up on past-due receivables? |
|
DC: |
That is the sales manager's responsibility. In my opinion, we do a good job of screening credit upfront so we don't have a significant problem with past-due receivables. We send statements to customers with their receivable balances monthly. The sales manager and I discuss past-due accounts on a regular basis. The sales manager, controller, and I review the allowance for doubtful accounts monthly. A monthly adjusting journal entry is made by the controller, which I review and approve. You will find that our allowance for doubtful accounts is only about 1% of outstanding receivables as we do a good job of screening customer's credit upfront. |
|
JT: |
What is the cash receipts process? |
|
DC: |
We get most payments via EFT. If a customer pays by check, it goes to a lockbox where it also is directly received by our bank. Our AR clerk is able to download the previous day's cash receipts from online banking. She then merges this information with our accounting system, which first screens the data, matching customer numbers with the master customer file. On occasion, the bank has made errors in entering customer numbers, and we have to follow up on these transactions before they are processed in our accounting system. This is done the same day. Once the transaction is processed, it is posted to the database from which we build our cash receipts journal and accounts receivable subsidiary ledger. Finally, every morning someone reconciles what was posted to cash receipts with what has been deposited in various bank accounts. I believe it is critical that all cash receipts are posted timely and accurately. |
|
JT: |
Are bank reconciliations done in a timely manner? |
|
DC: |
Yes, someone in my office does bank recs every month for the main operating account and other bank accounts. Our standard is to complete this by the fifth business day of each month. My assistant reviews and approves the bank reconciliations. Keep in mind that what I explained is for the wholesale transactions. We have separate procedures for the retail store regarding daily cash balance reconciliations to the deposits in the operating bank account. |
|
JT: |
Yes, we have another auditor who will be handling the retail store side of the sales-to-cash-receipts process. She or he will probably come and talk to you in a day or two. Well, I think that should do it for now. I may have some follow-up questions for you as I start getting my head around the revenue process. |
|
DC: |
The door is always open. |
|
JT: |
Thanks for your time. |
CHAPTER 1 Introduction and Overview of Audit and Assurance
Learning Objectives
· LO 1 Differentiate among assurance, attestation, and audit services.
· LO 2 Describe the different types of assurance services.
· LO 3 Explain the demand for audit and assurance services.
· LO 4 Discuss the different roles of the financial statement preparer and the auditor.
· LO 5 Identify the roles of different regulators and organizations that affect the audit profession.
· LO 6 Explain the concepts of reasonable assurance, materiality, and the nature of an unqualified/unmodified report on the audit of financial statements.
· LO 7 Explain the concept of reasonable assurance and the nature of an unqualified report on internal controls over financial reporting.
· LO 8 Discuss the audit expectation gap.
Auditing and Assurance Standards
|
PCAOB |
|
AUDITING STANDARDS BOARD |
|
Framework for Audits of Public Companies |
|
Framework for Audits of Private Companies |
|
AS 2201 An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements |
|
AU-C 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Generally Accepted Auditing Standards |
|
AS 3101 The Auditor's Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion |
|
AU-C 700 Forming an Opinion and Reporting on Financial Statements |
Cloud 9 - Continuing Case
This text is designed to provide you with the opportunity to learn about auditing by using a practical, problem-based approach. Each chapter begins with some information about an example audit client—Cloud 9 Inc. (Cloud 9). The chapter then provides the underlying concepts and background information needed to deal with this client's situation and the problems facing its auditor. As you work through the chapters, you will gradually build your knowledge of auditing by studying how the contents of each chapter are applied to Cloud 9. The end-of-chapter exercises and problems also provide you with the opportunity to study other aspects of Cloud 9's audit, in addition to applying the knowledge gained in the chapter to other practical examples.
Cloud 9 Inc., a listed company (publicly traded) in the United States (U.S.), is looking to expand. McLellan's Shoes was seen as a potential target.
In 1985, Ron McLellan started McLellan's Shoes in Seattle, Washington, manufacturing and retailing customized basketball shoes. Ron borrowed from the bank to start the company, using his house as security, and over the years he worked very hard to establish a profitable niche in the highly competitive sport shoe market. Ron repaid the bank in 1999, and he vows to never borrow again.
As the business grew, Ron's wife and three adult children started to work with him, with responsibility for administration, marketing and sales, production, and distribution. By the early 2000s, Ron's business employed 20 people full-time, most of whom work in production. There are also several casual employees and part-time staff in the retail outlet in Seattle, particularly during busy periods.
In February 2020, Ron received a call from Chip Masters, the senior vice president of Cloud 9. Chip expressed an interest in buying McLellan's Shoes. Ron wants to retire, and his children are starting to fight among themselves about who is going to take over their father's business. Ron is looking for an exit strategy, but he does not want Chip to know that. He asks if Chip is ready to talk about the price. Chip says he is, but first he needs to see the audited financial statements for McLellan's Shoes.
Ron asks for some time. He tells Chip that he first needs to talk to his family and will then get back to him. When Ron puts the phone down, he immediately calls his friend from the golf club, Ernie Black, who is a CPA. For years, Ernie has been suggesting to Ron that his business affairs need attention. Ron is good at making deals and working hard, but he has never bothered with sophisticated financial arrangements. He is still running his business as a sole proprietor (not a corporation), and his wife does all the tax returns. Ron is in a panic—he wants to sell McLellan's Shoes, but what is he going to do about Chip's request for audited financial statements?
Chapter Preview: Audit Process in Focus
The purpose of this chapter is to provide an overview of assurance, attestation, and audit services. While the focus of this text is the audit of financial statements, in this chapter we define assurance and attest engagements and differentiate among the types of assurance engagements. The assurance engagements explained in this chapter include financial statement audits, compliance audits, operational (performance) audits, and internal audits. We also discuss why there is a demand for audit and assurance services and then discuss the separate roles of the financial statement preparer and the auditors.
Regulatory bodies and other organizations that impact the audit profession are introduced in this chapter. Also, the audit reports issued by auditors at the completion of the audit are discussed with the goal of explaining what is communicated in the auditor's report. We discuss the audit expectation gap in the last section of this chapter.
Cloud 9 - Continuing Case
Chip Masters has asked Ron McLellan for audited financial statements of McLellan's Shoes. Ron has never had an audit and is not sure what it involves. He has heard about tax audits, safety audits, efficiency audits, as well as financial statement audits. Are they all the same thing? Ernie explains to Ron that there are several services that people call “audits” that are different from financial statement audits. However, all these services, including financial statement audits, can be defined as assurance services.
Assurance, Attestation, and Audit Services
LEARNING OBJECTIVE 1
Differentiate among assurance, attestation, and audit services.
The terms assurance, attestation, and auditing are sometimes used interchangeably, but they actually represent different types of services. They are similar in that they all represent a common process of an independent accounting firm taking information prepared by someone else and comparing that information to an established set of criteria. At the end of the service, the independent accounting firm provides a written report about the results of the service performed. This process is important because it adds credibility, or integrity, to the information, which makes it more useful for decision making. An everyday example of this process would be needing a physical exam from a medical doctor before joining a sports team. The doctor would be the independent professional. The doctor would conduct the physical exam and compare your results to standards considered acceptable for someone of your age and height. At the completion of the physical exam, the doctor would provide you with written documentation stating that you were in good physical condition to play on the sports team. The service provided by the doctor improves the “integrity” of your claim that you are in good condition to participate on the team.
The relationship of assurance, attestation, and auditing services is shown in Illustration 1.1 and resembles overlapping umbrellas. We will refer to Illustration 1.1 as we discuss the three services in more detail.
ILLUSTRATION 1.1 Relationship of assurance, attestation, and auditing services
Audit services are the most specific and narrow of the three services; therefore, it is the smallest umbrella in Illustration 1.1. Two primary types of audit services are an audit of financial statements and an audit of internal controls over financial reporting (ICFR). The purpose of an audit of financial statements is to provide financial statement users with an opinion by the auditor on whether the financial statements are presented fairly in accordance with an applicable financial reporting framework. The purpose of an audit of ICFR is to provide financial statement users with an opinion by the auditor on the design and operating effectiveness of ICFR. These audit services enhance the degree of confidence that intended users can place in the financial statements (AU-C 200.04). Some key concepts in these descriptions require further explanation. The financial statements refer to historical financial statements of either a public or private company. The auditor refers to an independent certified public accountant, or CPA, who is qualified to perform the auditing service. The only professional who can sign an audit report on historical financial statements and internal controls for a public or private company is a CPA. The applicable financial reporting framework refers to the set of standards used in preparing the historical financial statements, such as generally accepted accounting principles (GAAP) in the United States, International Financial Reporting Standards (IFRS), or governmental accounting standards for governmental entities. The intended users refer to any group that will be using the financial statements to make decisions, such as investors and creditors.
Companies produce financial information that goes beyond historical financial statements. Examples include financial forecasts and detailed schedules for specific accounts. When CPAs are hired to report on the integrity of this type of financial information, it is called an attestation service. Attestation services are performed when an independent practitioner, or CPA, is engaged to issue a report on subject matter that is the responsibility of another party. As depicted in Illustration 1.1, audit services fall under the umbrella of attestation services, but so do other services that involve a CPA reporting on other financial information. Note the use of the term practitioner in the definition of attestation services. The term practitioner is used rather than auditor because attestation services encompass more than just the audit of historical financial statements and internal controls.
Another example of an attestation service is a review of historical financial statements. Small private companies often do not want or need a service as extensive as an audit of the financial statements in which the auditor has to express an opinion on the fair presentation of the financial statements. In a review engagement, the practitioner expresses limited assurance that no material modifications need to be made to the financial statements. So a review of historical financial statements is a less extensive and, therefore, less expensive service that can be very useful for smaller private companies. A more detailed discussion of a review is presented in Chapter 15.
The largest umbrella in Illustration 1.1 represents assurance services. Assurance services are independent professional services that improve the quality of information, or its context, for decision makers. Some key concepts are included in this definition. The term independent is common to audit, attestation, and assurance services. Independent implies that the service is performed by someone who was not involved with the creation of the information and who is objective in the evaluation of the information. (Chapter 2 covers the concept of independence in more depth.) The term quality refers to the relevance and reliability of the information. The term information refers to subject matter that can be financial or nonfinancial, historical or prospective, standalone data or entire systems of data, internal or external to a company. Essentially, the concept of assurance services encompasses any service that a professional provides that involves improving the quality of information that was prepared by someone else. Both attestation and audit services fall under the broad term of assurance services, and therefore are depicted under the assurance umbrella in Illustration 1.1.
While the audit of a company's historical financial statements and internal controls is the focus of this text, there are other types of audit and assurance services that warrant some discussion. The next section provides a description of these different types of services.
Professional Environment Becoming a CPA
Certified public accountants (CPA) are the only licensed accounting professionals in the United States. CPA licenses are not issued at the national level but at the state level. To become a licensed CPA, an individual must earn the three Es – Education, Exam, and Experience.1 The first step is meeting the education requirements set by a state board of accountancy, which vary from state to state. All states require a bachelor's degree and completion of 150 hours of total college credit to be a licensed CPA. Within the 150 hours, some states require completion of courses in specific subject areas in accounting, business, or ethics. (See the discussion in this chapter on National Association of State Boards of Accountancy (NASBA) and State Boards of Accountancy.)
The second step is passing the Uniform CPA Examination, or CPA exam. The CPA exam is accepted for CPA licensure by all states, which is why it is called the “uniform” CPA exam. The CPA exam consists of four sections: Auditing and Attestation (AUD), Business Environment and Concepts (BEC), Financial Accounting and Reporting (FAR), and Regulation (REG). The testing time for each section is four hours for a total test time of 16 hours. Each part of the exam consists of multiple-choice items and task-based simulations, and the BEC section also contains written communication items. Exam candidates can take one part of the exam at a time and have 18 months to pass all four parts once the first part has been successfully passed.
The final step is work experience. Work experience requirements also vary by state. In general, states require one to two years of work experience under the supervision of a licensed CPA. The work experience can be earned either before, during, or after sitting for the CPA exam, but some restrictions may apply for when the experience can be earned.
A state board of accountancy will only issue a license to practice after all three Es have been earned. The purpose of the entire licensure process is to ensure that individuals possess the level of knowledge and the skills necessary to perform the duties of a CPA and to protect the public interest.
Before You Go On
1. 1.1 Who are intended users of assurance services?
2. 1.2 What does “independent” mean in the context of assurance services?
3. 1.3 What is an example of an “applicable financial reporting framework”?
Different Assurance Services
LEARNING OBJECTIVE 2
Describe the different types of assurance services.
In this section, we provide an overview of the most common types of assurance services that a practitioner can provide. We will discuss financial statement audits, compliance audits, operational (performance) audits, and internal audits.
Financial Statement Audits
As stated earlier, the purpose of an audit of financial statements is to provide financial statement users with an opinion by the audit firm on whether the financial statements are presently fairly in accordance with an applicable financial reporting framework, which enhances the degree of confidence that intended users can place in the financial statements (AU-C 200.04). Within a U.S. context, the applicable financial reporting framework is typically GAAP. Public companies, or issuers, in the United States are required by the federal government to have an annual financial statement audit. Private companies, or non-issuers, are not required by the U.S. government to have an annual financial statement audit, but often other interested users request that a private company provide audited financial statements. A good example would be a lender (bank or other financial institution) requesting audited financial statements when considering whether to lend money to the private company. Audited financial statements add a degree of confidence that helps the lender make an informed lending decision.
Cloud 9 - Continuing Case
Ron is not running a corporation. He operates his customized basketball shoe business as a sole proprietor. He is aware that big corporations have to be audited. However, because his business is not a publicly traded company, Ron does not believe that he has to have an audit. Ernie agrees that Ron does not have to follow the same rules, but he also tells him that there are auditing standards in place that apply to a company like his. This means that although all the attention is usually on corporations, sole proprietors can, and may be required to, have their financial statements audited, too.
Certain public companies in the United States are also required to have an audit of ICFR. The objective in an audit of ICFR is to express an opinion on the effectiveness of the company's system of internal controls over financial reporting (AS 2201.03). The reason for requiring an audit of internal controls is because effective internal control provides reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes (AS 2201.02). Therefore, public companies are required to have two audits every year, one on the financial statements and one on the effectiveness of the company's internal controls. For efficiency purposes, these two audits are performed at the same time. This is referred to as an integrated audit . The objectives of the audits are not identical, however, and the auditor must plan and perform the work to achieve the objectives of each audit (AS 2201.06). Private companies are not required by the government to have an audit of ICFR. As mentioned above, other interested users, such as a lender, may require a private company to have an audit of ICFR along with an audit of the financial statements as a condition for being approved for a loan.
Limitations of an Audit
A financial statement audit is conducted to enhance the reliability and credibility of the information included in the financial statements. It is not a guarantee that the financial statements are free from error or fraud. The limitations of an audit are caused by (1) the nature of financial reporting, (2) the nature of audit procedures, and (3) the need for the audit to be conducted within a reasonable period of time at a reasonable cost (AU-C 200.A49).
The nature of financial reporting refers to the use of judgment when preparing financial statements due to the subjectivity required when arriving at accounting estimates. Judgment is also required when selecting and applying accounting methods. For example, depreciating a piece of equipment is an estimate that requires judgment in selecting a depreciation method and determining a useful life and salvage value.
The nature of audit procedures refers to the reliance on evidence provided by the client and its management. For example, what if client management withholds or hides important documents from the auditors? If auditors are unaware of this situation, they may arrive at an inappropriate conclusion based on incomplete facts. Evidence may be withheld or modified by perpetrators of fraud. It can be difficult for an auditor to determine whether a fraud has occurred because documents altered by those committing the fraud generally hide evidence. Also, auditors often use sampling techniques when testing some transactions and account balances. If a sample is not representative of all items available for testing, an auditor may arrive at an incorrect conclusion.
The nature of audit procedures also refers to the concept of materiality . The Financial Accounting Standards Board (FASB) defines materiality as follows:
Information is material if omitting it or misstating it could influence decisions that users make on the basis of the financial information of a specific reporting entity. (SFAC No. 8, para QC11)
In other words, an error or misstatement in the financial statements is considered material if it impacts, or changes, the decision-making process of those individuals or groups who are using the financial statements. Therefore, when planning an audit, auditors select audit procedures that are designed to discover material misstatements. Because of time and cost constraints, it would be impractical for an audit to focus on finding all misstatements.
The timeliness and cost of a financial statement audit refer to the pressures auditors face to complete their audit within a certain time frame at a reasonable cost. While it is important that auditors do not omit procedures in an effort to meet time and cost constraints, they may be under some pressure to do so. This pressure will come from clients wanting to issue their financial statements by a certain date, from clients refusing to pay additional fees for additional audit effort, and from within the accounting firm where there are pressures to complete all audits on a timely basis to avoid incurring costs that may not be recovered. By taking the time to plan the audit properly, auditors can ensure that adequate time is spent where the risks of a material error or fraud are greatest.
Compliance Audits
A compliance audit involves gathering evidence to determine whether the person or entity under review has followed the rules, policies, procedures, laws, and regulations with which they must conform. One of the best examples of a compliance audit is an income tax audit. The Internal Revenue Service (IRS) may conduct an audit of an individual or a company to determine if tax laws have been followed and the correct amount of tax paid.
Operational (Performance) Audits
Operational (performance) audits are concerned with the economy, efficiency, and effectiveness of an organization's activities. Economy refers to the cost of inputs, including wages and materials. Efficiency refers to the relationship between inputs and outputs, or the use of the minimum amount of inputs to achieve a given output. Finally, effectiveness refers to the achievement of certain goals or the production of a certain level of outputs. From an organization's perspective, it is important to perform well across all three dimensions and not allow one to dominate. For example, if buying cheap inputs results in an inefficient production process, efficiency is sacrificed to achieve economic goals. Operational audits are generally conducted by an organization's internal auditors (discussed in the next section), or they may be outsourced to an external accounting firm.
Internal Audits
Internal audits are conducted to provide assurance about various aspects of an organization's activities. The internal audit function is typically conducted by employees of the organization being audited, but can be outsourced to an external accounting firm. The function of an internal audit is determined by those charged with governance and management within the organization. While the functions of internal audits vary widely from one organization to another, they are often concerned with evaluating and improving risk management, internal control procedures, and elements of the governance process. The internal auditors often conduct operational audits, compliance audits, internal control assessments, and reviews. Many internal auditors are members of the Institute of Internal Auditors (IIA). The IIA is an international organization with more than 120,000 members that provides guidance and standards to aid internal auditors in their work. When conducting the financial statement audit, the external auditor may rely on the work done by internal auditors when evaluating the evidence needed to form an opinion on the financial statements or on ICFR. A more detailed discussion of how internal auditors may assist with the audit is provided in Chapter 5.
Cloud 9 - Continuing Case
Ron is not concerned about internal audits—his business is too small for a separate internal audit function. He is also not worried about compliance and operational audits. His priority at the moment is to close the deal with Chip Masters, and he still does not know what he will do about the financial statement audit.
Before You Go On
1. 2.1 What is the objective of a financial statement audit?
2. 2.2 Explain the inherent limitations of a financial statement audit.
3. 2.3 What are the three elements of an operational audit?
4. 2.4 What are the most common functions of the internal auditors?
Demand for Audit and Assurance Services
LEARNING OBJECTIVE 3
Explain the demand for audit and assurance services.
In this section, we provide an overview of the primary financial statement users followed by a description of why these users may demand an audit of the financial statements.
Cloud 9 - Continuing Case
Ron believes that his business has good, reliable financial records. Ron's wife helps him keep tight control of the cash and other assets, and together they prepare some simple reports on a regular basis. Ron believes he knows exactly what is happening in the business and monitors the business's cash flow and profit very closely. However, he has not prepared financial statements that comply with U.S. GAAP. Is this a problem? Ernie explains to Ron that many businesses must apply the accounting standards, even if they are not corporations. It all depends on whether there are individuals or groups who are using the financial statements for decision-making purposes. Ron is a bit worried now—how does he know if he has these users?
Financial Statement Users
Financial statement users include current and potential investors, suppliers, customers, lenders, employees, governments, and the general public. Each of these groups will read the financial statements for a slightly different reason as described below.
Investors
Investors generally read financial statements to determine whether they should invest in the company. They are interested in the return on their investment and are concerned that the entity will remain a going concern (continue operating) into the foreseeable future. Investors may also be interested in the capacity of the company to pay a dividend. Prospective investors read financial statements to determine whether they should buy shares in the entity.
Suppliers
Suppliers may read financial statements to determine whether the company can pay for goods or services supplied. They are also interested in whether the company is likely to remain a going concern (is likely to continue to be a customer of the supplier) and continue to pay its debts when they come due.
Customers
In many business-to-business transactions, customers may read financial statements to determine whether a company they rely on is likely to remain a going concern and meet their needs.
Lenders
Lenders may read financial statements to determine whether an entity is sufficiently creditworthy to qualify for a loan and whether it can pay the interest and principal as they come due.
Employees
Employees may read financial statements to determine whether the entity can pay their wages or salaries and other benefits (for example, pensions). They may also be interested in assessing the future stability and profitability of the entity, as these affect job security.
Governments
Governments may read financial statements to determine whether the company is complying with regulations, to evaluate if the company is paying a fair amount of taxes given its reported earnings, and to gain a better understanding of the company's activities. A company in receipt of government grants often must provide a copy of its audited financial statements when applying for a grant and when reporting on how grant funds have been spent.
The General Public
The general public may read financial statements to determine whether they should associate with the company (for example, as a future employee, customer, or supplier), and to gain a better understanding of the company, what it does, and its plans for the future.
Sources of Demand for Audit and Assurance Services
Financial statement users and their needs are many and varied. There are a number of reasons why some or all of these users would demand an audit of financial statements. These include remoteness, complexity, competing incentives, and reliability. Each of these concepts is explained below.
Remoteness
Most financial statement users do not have access to the company under review. This makes it difficult to determine whether the information contained in the financial statements is a fair presentation of the entity and its activities for the relevant period.
Complexity
Financial statements are complex, the amounts are often affected by significant estimates, and the disclosures often require significant knowledge and experience to evaluate. Most financial statement users do not have the accounting and legal knowledge to assess the reasonableness of complex accounting and disclosure choices being made by the company.
Competing Incentives
Company managers have an incentive to disclose the information contained in the financial statements in a way that presents their performance in the best possible light. Users may find it difficult or impossible to identify when management is presenting biased information.
Reliability
Financial statement users are concerned with the reliability of the information contained in the financial statements. Since they use that information to make decisions that have real consequences, it is very important that users can rely on the information contained in the financial statements.
An independent third-party review of the financial statements by a team of auditors, who have the knowledge and expertise to assess the fairness of the information being presented by the preparers, helps users address all these issues. Auditors have access to company records, so they are not remote. Auditors are trained accountants and have detailed knowledge about the complex technical accounting and disclosure issues required to evaluate the choices made by the financial statement preparers. Independent auditors, whose work is regularly reviewed by regulators, have little incentive to aid the company in presenting its results in the best possible light. Auditors are concerned with verifying the information contained in the financial statements is reliable and free from any material misstatements. The audit service plays a vital role in maintaining the stability of the U.S. capital markets. Investors in public companies consider audited information reliable, which facilitates the trading of stocks and other financial instruments.
Cloud 9 - Continuing Case
Ron tells Ernie that he has no remote users, such as shareholders or lenders, and his business is not very complex. He is the owner and the manager of McLellan's Shoes and therefore has no competing incentives. For all these reasons, he has never felt the need to purchase an audit to assure users of the reliability of his business's financial information. Ernie agrees but points out that there is now a user who is very interested in the reliability of the financial information: Chip Masters.
Before You Go On
1. 3.1 Who are the main users of company financial statements?
2. 3.2 Why might financial statement users demand an audit?
3. 3.3 Explain why auditors, or CPAs, are the appropriate professionals to conduct an audit.
Preparers and Auditors
LEARNING OBJECTIVE 4
Discuss the different roles of the financial statement preparer and the auditor.
In this section, we explain and contrast the different responsibilities of financial statement preparers and auditors. We provide details of the role that each group plays in ensuring the financial statements are an accurate representation of the company. Following this discussion is an overview of the different firms that provide assurance services.
Preparer Responsibility
As you know from your financial accounting courses, the financial statements include the balance sheet (statement of financial position), income statement (statement of comprehensive income), statement of cash flows, statement of changes in equity, and accompanying notes. It is the responsibility of management, with oversight from those charged with governance (generally the board of directors), to prepare the financial statements. Specifically, management is responsible for the following:
1. Ensuring the information included in the financial statements is presented fairly and complies with the applicable financial reporting framework, which in the United States is most often GAAP.
2. Designing, implementing, and maintaining internal control relevant to the preparation and fair presentation of the financial statements.
3. Providing the auditors with access to all records, documentation, and personnel relevant to the preparation and fair presentation of the financial statements, and any additional information the auditors may consider relevant to complete the audit.
The preparation of financial statements requires the use of knowledge and judgment on the part of management. Management is responsible for making estimates for some financial statement items (e.g., allowance for doubtful accounts or a goodwill impairment) and selecting appropriate accounting policies within the applicable financial reporting framework, usually GAAP (AU-C 200.A2–A3).
Auditor Responsibility
The auditor's responsibility is to provide an opinion on whether the financial statements are presented fairly in accordance with the applicable financial reporting framework. It is important to emphasize the auditor is not responsible for preparing the financial statements. Preparation of financial statements is management's responsibility. Auditors are responsible for the following:
1. Conducting the audit in accordance with the appropriate auditing standards. Auditing standards provide minimum requirements and guidance for the performance of an audit. Later in this chapter, we discuss the auditing standards that apply to financial statement audits.
1. Planning and performing the audit with professional skepticism. Professional skepticism is an attitude adopted by auditors when conducting an audit. It means auditors remain independent of the entity, its management, and its staff when completing the audit work. In a practical sense, it means auditors maintain a questioning mind and thoroughly investigate all evidence presented by their client. Auditors must seek independent evidence to corroborate, or confirm, information provided by their client. Auditors must be suspicious when evidence contradicts documents held by their client or inquiries made of client personnel, including management and those charged with governance.
2. Planning and performing the audit with professional judgment. Professional judgment relates to the application of relevant training, knowledge, and experience that auditors use while making informed audit decisions in conducting an audit. Auditors must use their judgment throughout the entire audit. For example, auditors must use judgment when determining if an information source is reliable. They must also use judgment when deciding if enough audit evidence has been gathered to support the audit opinion.
The concepts of professional skepticism and professional judgment will be addressed throughout this text as we learn about the process used by auditors to arrive at their opinion. It is important to note that the auditor's opinion on the financial statements is not meant to be a predictor of the future success of the company. Also, the opinion is not a reflection of how effectively management is performing its role of running the company. The auditor's opinion is simply a report on whether the financial statements are fairly presented in accordance with the applicable financial reporting framework (AU-C 200.A1).
Assurance Providers
Assurance services are provided by accounting and other consulting firms. The largest accounting firms in the United States are known collectively as the “Big 4” firms: Deloitte, Ernst & Young (EY), KPMG, and PricewaterhouseCoopers (PwC). These four firms operate internationally through a network of affiliate companies, and dominate the assurance market throughout the world.
The next tier of accounting firms is known as the mid-tier. The firms that comprise the mid-tier have a significant presence nationally and most have international affiliations. The mid-tier firms in the United States include, among others, Grant Thornton, BDO USA, RSM, CBIZ/Mayer Hoffman McCann, and Crowe. These firms service medium-sized and smaller clients.
The next tier of accounting firms are regional and local accounting firms. Regional firms have a significant presence across multiple states in a geographical region. For example, a regional firm might have offices located in the southeastern states of Georgia, Florida, Alabama, and Mississippi. The regional offices could be as large as some of the national firms, with just as many partners and professional staff. Like the national firms, the regional firms service medium-sized and smaller clients. Local accounting firms service clients in their local areas and range in size from a single-partner firm to several-partner firms. Local firms primarily service small-company clients and individuals.
Many of these accounting firms provide non-assurance (or non-audit) services as well as assurance services. Independence is not required to provide non-assurance services. These non-assurance services include management consulting, business valuation, mergers and acquisitions, tax, and accounting. In Chapter 2, we will discuss rules regarding what types of non-assurance services, if any, can be provided to audit clients.
Accounting firms are not the only providers of assurance services. A number of consulting firms provide assurance services in areas such as website security and environmental sustainability reporting. Consulting firms employ staff with a variety of expertise including, for example, engineers, accountants, IT professionals, scientists, and economists.
Cloud 9 - Continuing Case
Ernie stresses to Ron that any financial statements prepared for McLellan's Shoes are Ron's responsibility, even if they are audited. The auditor must be skeptical about the claims made by Ron in the financial statements. These claims include, for example, that the assets shown on the balance sheet exist and are valued correctly, and that the balance sheet contains a complete list of the business's liabilities. In other words, the auditor is not just going to believe whatever Ron tells him or her. Auditors must gather evidence about the financial statements before they can give an audit opinion. Ernie also explains to Ron that because his business is relatively small, he has a choice between large and small audit firms. Very large companies must choose a Big 4 auditor because often the other auditors are too small to do the work and still maintain their independence. If a small audit firm audits a large company, it is open to the criticism that it will not be sufficiently skeptical because it does not want to lose the fees from that client. A large audit firm has many other clients, so the fees from any one client are a relatively small part of its revenue. Ron likes the idea that the smaller audit firms are generally less expensive.
Before You Go On
1. 4.1 Describe management's responsibilities in terms of the financial statement audit.
2. 4.2 What is professional skepticism?
3. 4.3 What are non-audit services? Provide several examples of non-audit services provided by accounting firms.
The Role of Regulators and Regulations
LEARNING OBJECTIVE 5
Identify the roles of different regulators and organizations that affect the audit profession.
In this section, we discuss the regulators and other organizations that impact the audit process and the profession.
Securities and Exchange Commission (SEC)
The SEC is a federal government agency whose mission is to protect investors, maintain fair and efficient markets, and facilitate capital formation (www.sec.gov). A primary task of the SEC is to enforce and interpret securities laws. Some of the key laws that impact the audit profession are the Securities Act of 1933, the Securities Exchange Act of 1934, and the Sarbanes-Oxley (SOX) Act of 2002. The Securities Act of 1933 regulates the disclosure of financial information in a company's initial public offering of stock and requires that the financial information be audited. The Securities Exchange Act of 1934 regulates the ongoing trading of securities after the initial public offering and requires the annual audit of a public company's financial statements. The SOX Act of 2002 was passed to help restore investor confidence after a series of corporate accounting scandals were revealed in the late 1990s and early 2000s. The SOX Act enhanced financial disclosures for public companies and placed more emphasis on corporate responsibility. It also created the Public Company Accounting Oversight Board, or PCAOB, which oversees the audits of public companies.
Public Company Accounting Oversight Board (PCAOB)
The PCAOB is a non-profit corporation established through the SOX legislation in 2002. Its mission is to oversee the audits of public companies to protect the interests of investors (www.pcaobus.org). Prior to the creation of the PCAOB, the audit profession was self-regulated. This means that audit professionals, through their own professional organization, created the auditing standards to be followed in the conduct of an audit. The audit profession also created a system of peer review for inspecting audit work to ensure auditors were following the standards, and would take enforcement action for auditors who did not perform audits according to the standards. The audit profession is still self-regulated with respect to the audits of private companies, but when the PCAOB was created, it took over the regulation and standard setting for the audits of public companies.
Standards issued by the PCAOB are called Auditing Standards (AS), which provide minimum requirements and guidance for auditing services. When the PCAOB was created, it adopted the audit profession's standards in 2003 as its interim standards, providing a starting point for the audits of public companies. Since then the PCAOB has issued its own standards that supersede, or replace, some of the interim standards. In 2015, the PCAOB reorganized its auditing standards using a topical structure and a single, integrated numbering system. The current topical organization of the PCAOB standards is listed in Illustration 1.2 . Throughout the text, you will be learning some of the specific PCAOB auditing standards in the different topical categories. The beginning of each chapter will list which PCAOB standards will be discussed in that particular chapter. You will also see references to the PCAOB standards within each chapter. The reference will begin with “AS” followed by the standard number, a decimal, and then a paragraph number, such as “AS 2201.06.”
|
General Auditing Standards (1000) |
|
|
1000 |
General Principles and Responsibilities |
|
1100 |
General Concepts |
|
1200 |
General Activities |
|
1300 |
Auditor Communications |
|
Audit Procedures (2000) |
|
|
2100 |
Audit Planning and Risk Assessment |
|
2200 |
Auditing Internal Control Over Financial Reporting |
|
2300 |
Audit Procedures in Response to Risks – Nature, Timing, and Extent |
|
2400 |
Audit Procedures for Specific Aspects of the Audit |
|
2500 |
Audit Procedures for Certain Accounts or Disclosures |
|
2600 |
Special Topics |
|
2700 |
Auditor's Responsibilities Regarding Supplemental and Other Information |
|
2800 |
Concluding Audit Procedures |
|
2900 |
Post-Audit Matters |
|
Auditor Reporting (3000) |
|
|
3100 |
Reporting on Audits of Financial Statements |
|
3300 |
Other Reporting Topics |
|
Matters Relating to Filings Under Federal Securities Laws (4000) |
|
|
Other Matters Associated with Audits (6000) |
ILLUSTRATION 1.2 PCAOB Auditing Standards topical organization
Source: www.pcaobus.org/standards/auditing.
Accounting firms that want to audit public companies must register with the PCAOB. Registration involves paying fees to the board, complying with the PCAOB's Auditing Standards, and having their audit work inspected by the board. The PCAOB has disciplinary authority over registered firms and can impose punishment on accounting firms that do not adhere to standards. Punishments can include revoking a firm's registration, imposing monetary fines, and banning an individual within a firm from auditing public companies.
American Institute of Certified Public Accountants (AICPA)
The AICPA is a private professional membership organization of CPAs representing the accounting profession. There are over 400,000 members in 145 countries (www.aicpa.org). Some key activities of the AICPA include representing the profession before rule-making bodies, acting as an advocate for the profession before legislative bodies, providing educational materials to its members, and setting ethical standards for the profession. The AICPA is also responsible for creating and grading the Uniform CPA Exam.
The AICPA accomplishes many of its activities through its system of committees. One of the standing committees is the Auditing Standards Board, or ASB. Prior to the creation of the PCAOB, the ASB was responsible for issuing auditing standards used for the audits of public and private companies. Since 2003, the task of the ASB has been to issue audit standards for the audits of private companies and not-for-profit organizations only. Audit standards issued by the ASB are called Statements on Auditing Standards (SAS). In an effort to improve the clarity of auditing standards, the ASB approved new clarity standards that were effective for audit periods ending after December 15, 2012. The new clarity standards include a more comprehensive set of principles underlying an audit conducted in accordance with generally accepted auditing standards (GAAS), which are presented in Illustration 1.3 . These principles explicitly address the concepts of materiality and professional skepticism. The principles describe the responsibilities of management, and those charged with governance of an entity, for the financial statements. The auditor responsibilities also address the important concepts of compliance with ethical requirements (including independence requirements) and the fact that an auditor must use professional judgment. Take a few minutes to read the principles in Illustration 1.3 .
Purpose of an Audit
The purpose of an audit is to provide financial statement users with an opinion by the auditor on whether the financial statements are presented fairly, in all material respects, in accordance with the applicable financial reporting framework. An auditor's opinion enhances the degree of confidence that intended users can place in the financial statements.
Premise Upon Which an Audit Is Conducted
An audit in accordance with generally accepted auditing standards is conducted on the premise that management, and where appropriate, those charged with governance, have responsibility:
1. for the preparation and fair presentation of the financial statements in accordance with the applicable financial reporting framework; this includes the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatements, whether due to fraud or error.
2. to provide the auditor with:
i. all information, such as records, documentation, and other matters that are relevant to the preparation and fair presentation of the financial statements;
ii. any additional information that the auditor may request from management, and where appropriate, those charged with governance; and
iii. unrestricted access to those within the entity from whom the auditor determines it necessary to obtain audit evidence.
Responsibilities of the Auditor
Auditors are responsible for having appropriate competence and capabilities to perform the audit; complying with relevant ethical requirements; and maintaining professional skepticism and exercising professional judgment, throughout the planning and performance of the audit.
Performing the Audit
To express an opinion, the auditor obtains reasonable assurance about whether the financial statements as a whole are free of material misstatement, whether due to fraud or error.
To obtain reasonable assurance, which is a high, but not absolute, level of assurance, the auditor:
· plans the work and properly supervises any assistants.
· determines and applies appropriate materiality level or levels throughout the audit
· identifies and assesses risks of material misstatement, whether due to fraud or error, based on an understanding of the entity and its environment, including the entity's internal control.
· obtains sufficient appropriate audit evidence about whether material misstatements exist, through designing and implementing appropriate responses to the assessed risks.
The auditor is unable to obtain absolute assurance that the financial statements are free of material misstatement because of inherent limitations, which arise from:
· the nature of financial reporting;
· the nature of audit procedures; and
· the need for the audit to be conducted within a reasonable period of time and so as to achieve a balance between benefit and cost.
Reporting the Results of an Audit
Based on an evaluation of the audit evidence obtained, the auditor expresses, in the form of a written report, an opinion in accordance with the auditor's findings, or states that an opinion cannot be expressed. The opinion states whether the financial statements are presented fairly, in all material respects, in accordance with applicable financial reporting framework.
Source: AU-C Preface.
ILLUSTRATION 1.3 Principles underlying an audit conducted in accordance with generally accepted auditing standards (GAAS)
The SASs are interpretations of the principles underlying an audit conducted in accordance with GAAS. The SASs explain the nature and extent of an auditor's responsibility and offer guidance to an auditor in performing the audit of a private company. Compliance with the SASs is mandatory for AICPA members, who must justify any departures from the standards. The SASs are numbered in the order in which they are issued by the ASB. Then the standards are organized by topical content using the AU numbering system. (Note that the “AU” stands for auditing standards, but these are not to be confused with the Auditing Standards (AS) from the PCAOB.) The AU-C topical order (the “C” denotes the clarified standards) is listed in Illustration 1.4 . Throughout the text, we will be learning some of the specific ASB auditing standards in the different topical categories. The beginning of each chapter will list which ASB standards will be discussed in that respective chapter. You will also see references to the ASB standards within the text. The reference will begin with “AU-C” followed by the standard number, a decimal, and then a paragraph number, such as “AU-C 200.05.”
|
AU-C Section |
General Topic |
|
AU-C 200–299 |
General Principles and Responsibilities |
|
AU-C 300–499 |
Risk Assessment and Response to Assessed Risks |
|
AU-C 500–599 |
Audit Evidence |
|
AU-C 600–699 |
Using the Work of Others |
|
AU-C 700–799 |
Audit Conclusions and Reporting |
|
AU-C 800–899 |
Special Considerations |
|
AU-C 900–999 |
Special Considerations in the United States |
ILLUSTRATION 1.4 Auditing Standards Board AU-C topical content
Source: AICPA.
The ASB also issues Statements on Standards for Attestation Engagements (SSAE) and Statements on Quality Control Standards (SQCS) for AICPA member firms. Another standing committee of the AICPA is the Accounting and Review Services Committee. This committee is tasked with issuing Statements on Standards for Accounting and Review Services (SSARS). The SSARS provide guidance for services provided on historical financial statements that are less extensive than an audit. An example that we discussed earlier is a review of historical financial statements. A more detailed discussion of accounting and review services is provided in Chapter 15 .
To help summarize the audit standard-setting environment in the United States, Illustration 1.5 provides a diagram of the current audit standard setting-structure for the audits of public and private companies.
ILLUSTRATION 1.5 Auditing standard setting in the United States
Professional Environment International Auditing and Assurance Standards Board (IAASB)
In 1977, 63 accountancy bodies (including the AICPA) representing 51 countries signed an agreement creating the International Federation of Accountants (IFAC). The mission of IFAC is to serve the public interest and strengthen the accountancy profession by supporting the development and implementation of high-quality international standards. 2 Toward this end, IFAC has established, as a standing subcommittee, the International Auditing and Assurance Standards Board (IAASB) with the responsibility and authority to issue International Standards on Auditing (ISA). The mission of the IAASB is to establish high-quality auditing, assurance, quality control, and related services standards and to improve the uniformity of practice by professional accountants throughout the world, thereby strengthening public confidence in the global auditing profession and serving the public interest. 3
Today, auditing has become a global profession. Many countries adopt IAASB standards as their own. Other countries have auditing standards that closely resemble the IAASB standards (for example, the SAS in the United States). Where differences exist between the international standards and local standards, the local member body, such as the AICPA's ASB, is expected to give prompt consideration to such differences with a view to achieving harmonization. In recent years, the U.S. ASB and the IAASB have worked jointly in creating auditing standards that have global acceptance. Most of the auditing principles and practices discussed in this text are consistent with IAASB standards.
Financial Accounting Standards Board (FASB)
The FASB is a privately funded organization whose mission is to establish financial accounting and reporting standards for nongovernmental entities with the goal of providing information that is useful for decision making (www.fasb.org). You are probably familiar with the FASB from your financial accounting courses. The FASB maintains the Accounting Standards Codification (ASC), which represents the authoritative standards of financial reporting recognized by the SEC, the PCAOB, and the AICPA. We commonly refer to the authoritative standards as GAAP. There are seven full-time members of the FASB who have diverse backgrounds in accounting, finance, business, and research. Members of the FASB work closely with the AICPA, SEC, and the PCAOB when researching and drafting financial accounting and reporting standards.
Committee on Sponsoring Organizations of the Treadway Commission (COSO)
COSO is an independent private-sector group that focuses on providing guidance to management and expertise in the areas of internal control, enterprise risk management, and fraud deterrence (www.coso.org). COSO was organized in 1985 and is sponsored by the following organizations: the American Accounting Association (AAA), the AICPA, Financial Executives International (FEI), the Institute of Internal Auditors (IIA), and the National Association of Accountants, which is now the Institute of Management Accountants (IMA). The first chairman of the commission was James C. Treadway, Jr., a former commissioner of the SEC. The group is often referred to as the “Treadway Commission.” In 1992, COSO issued a landmark report titled Internal Control—Integrated Framework. This report provided a comprehensive definition of internal controls and a framework that companies could use to design their own internal control systems. In 2013, the framework went through a comprehensive update and was reissued. This updated framework will be covered in depth in Chapter 6.
National Association of State Boards of Accountancy (NASBA) and State Boards of Accountancy
CPAs are professionals who are licensed by state governments. Each state legislature has established a state board of accountancy to license and regulate CPAs to protect the public interest. Some of the functions of a state board of accountancy include:
· Issuing CPA licenses to individuals who meet all the requirements.
· Adopting and enforcing rules of professional conduct for CPAs.
· Adopting and enforcing rules regarding continuing professional education requirements.
· Investigating complaints, conducting hearings, and taking appropriate disciplinary actions, such as suspension or revocation of the CPA license.
NASBA is a professional organization whose mission is to enhance the effectiveness and advance the common interests of its members, which are the state boards of accountancy (www.nasba.org). There are actually 55 jurisdictions with boards of accountancy. They include the 50 states, the District of Columbia, the Commonwealth of the Northern Mariana Islands, Guam, Puerto Rico, and the Virgin Islands. NASBA acts as a collective voice for the boards of accountancy and works to promote the interests of the state boards with legislative and regulatory bodies. NASBA also provides education and development opportunities for its members, provides technology support, and promotes ethical behavior in the profession. One of the services NASBA provides to state boards is that it serves as the application center for individuals applying to sit for the CPA exam. When you are ready to apply to take the CPA exam, you may be asked to apply through NASBA's website.
Cloud 9 - Continuing Case
Ernie explains that, in general, the regulators and regulations that apply to publicly traded corporations are not relevant to McLellan's Shoes. However, any auditor Ron engages would apply the auditing and accounting standards that are relevant to an audit engagement when auditing a small business. Since McLellan's Shoes is a private company, the auditors would follow the auditing standards of the ASB when conducting the audit.
Before You Go On
1. 5.1 What is the SEC and what is its role?
2. 5.2 Which organization sets the standards for the audits of public companies? For the audits of private companies?
3. 5.3 What are the main functions of a state board of accountancy?
Audit Report on Financial Statements
LEARNING OBJECTIVE 6
Explain the concepts of reasonable assurance, materiality, and the nature of an unqualified/unmodified report on the audit of financial statements.
In this section, we introduce you to the independent auditor's report, which is the “end product” of the financial statement audit. The independent auditor's report is used to communicate the audit firm's opinion about a company's financial statements to interested users. We will revisit the independent auditor's report in more depth in Chapter 15, but it is helpful to understand this report from the perspective of a financial statement reader as you begin to learn the audit process.
Reasonable Assurance and the Financial Statements
We have explained how the responsibility of the auditor is to provide an opinion on whether the financial statements are presented fairly in accordance with the applicable financial reporting framework. An opinion is defined as a judgment about matters that are subjective. The preparation of financial statements is considered somewhat subjective because management must make some estimates and choose between different accounting methods. Therefore, the auditor is only required to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. Reasonable assurance is a high, but not absolute, level of assurance (AU-C 200.06). In other words, the auditor does not “guarantee” or “certify” that the financial statements are 100% accurate because that is considered absolute assurance, which is not possible with content that is subjective.
In addition, an audit could not be completed in a reasonable amount of time if auditors had to provide absolute assurance. For some accounts and transactions, auditors use sampling techniques when gathering audit evidence and therefore do not examine 100% of a company's transactions for the period under audit. So, how do auditors know when they have gathered enough evidence? Ultimately, that is a matter of professional judgment. Since judgment is involved, there will always be a risk the auditors will give the wrong opinion. This is called audit risk . Audit risk is affected by client characteristics as well as actions of the auditor. For example, when a client implements a new accounting standard, audit risk increases because there is increased risk for error when implementing a new process. The internal control system of the client also impacts audit risk. If the client has strong internal controls, it is more likely the internal controls will prevent, or detect and correct, material misstatements, which decreases audit risk. Auditors impact audit risk by the decisions made in how to conduct the audit. For example, using a larger sample size versus a smaller sample size, in general, will decrease audit risk. The concept of audit risk is covered in depth in Chapter 3. We will devote considerable attention throughout the text to the concept of audit risk and determining how auditors make important professional judgments about collecting sufficient, appropriate evidence to achieve reasonable assurance and support the audit opinion.
Materiality and the Financial Statements
Although financial statements contain approximations, they must reflect a reasonable degree of precision. However, accounting is not precise, or accurate, the way we might think of Newtonian physics as being precise. If a potential misstatement of the financial statements is significant enough to influence or make a difference in the judgment or consequential activities of a financial statement user, it is considered material.
Materiality is a relative concept, and it differs from company to company and from year to year for a given company. For example, a $25,000 misstatement of revenues may be material to a company with $200,000 of net income, while a $25,000 misstatement for a company with $5,000,000 in net income may be immaterial. In addition, qualitative characteristics influence materiality. For example, an error in the financial statements may be a small percentage of an account balance. This small error, however, may be considered material because it could cause an entity to breach a loan covenant, which could result in a misclassification of current and noncurrent debt.
Auditors design an audit to provide reasonable assurance that the financial statements are free of material misstatement. However, auditors do not design an audit to look for immaterial misstatements because they would not influence a financial statement user. A deeper discussion of how auditors make materiality decisions can be found in Chapter 3.
Professional Environment Materiality
In the audit of a very large company, the amount of misstatement that would be considered immaterial might be quite large. Consider the audit of The Boeing Company for the year ended December 31, 2017, when Boeing had total revenues of $93.392 billion, earnings before income taxes of $10.047 billion, net income of $8.197 billion, and total assets of $92.333 billion at December 31, 2017. Boeing rounds its financial statement amounts to the nearest $1 million. For the year ended December 31, 2017, Boeing had a return on assets of 8.99%.
As an investor, would you consider a return on assets of 8.99% or 9.00% to be substantially the same? It would take approximately a $10 million misstatement to change return on assets by only 1/100 of 1% for Boeing for the year ended December 31, 2017. Alternatively, as an investor, would you consider a return on assets of 8.99% or 8.89% to be substantially the same? It would take approximately a $100 million misstatement to change return on assets by only 1/10 of 1% for Boeing for the year ended December 31, 2017.
The Auditor's Report on Financial Statements
When the audit firm has determined that it has gathered sufficient, appropriate evidence to form an opinion, then it is ready to issue the audit report. Auditing standards require a standard format of the audit report be used for all audits. In other words, all accounting firms use the same standard format and standard wording for reporting their audit opinions. Using a standard format makes it easier for financial statement users to navigate the audit report. There is a standard report for the audit of public company financial statements and a standard report for the audit of private company financial statements. The actual process of auditing the financial statements of public and private companies is similar, but there are also some differences, which will be discussed throughout the text. One of the key differences is the format of the audit reports.
Illustration 1.6 provides an example of an unmodified audit report on the financial statements of McLellan's Shoes, a private company. If auditors have determined the financial statements are presented fairly in accordance with the applicable financial reporting framework, they issue the standard unmodified report. Take a moment to read over the report. You will see some of the key concepts we have already discussed in this chapter. Sections of the report are numbered so we can further explain each component. Explanations of each numbered component follow Illustration 1.6.
[1] INDEPENDENT AUDITOR'S REPORT
[2] To the owners of McLellan's Shoes:
[3] Report on the Financial Statements
We have audited the accompanying financial statements of McLellan's Shoes, which comprise the balance sheets as of December 31, 2022 and 2021, and the related statements of income, changes in equity, and cash flows for the years then ended, and the related notes to the financial statements.
[4] Management's Responsibility for the Financial Statements
Management is responsible for the preparation and fair presentation of these financial statements in accordance with accounting principles generally accepted in the United States of America; this includes the design, implementation, and maintenance of internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error.
[5] Auditor's Responsibility
Our responsibility is to express an opinion on these financial statements based on our audits. We conducted our audits in accordance with auditing standards generally accepted in the United States of America. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor's judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity's preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity's internal control. Accordingly, we express no such opinion. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of significant accounting estimates made by management, as well as evaluating the overall presentation of the financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.
[6] Opinion
In our opinion, the financial statements referred to above present fairly, in all material respects, the financial position of McLellan's Shoes as of December 31, 2022 and 2021, and the results of its operations and its cash flows for the years then ended in accordance with accounting principles generally accepted in the United States of America.
[7] Bell & Bowerman, LLP
Seattle, Washington
[8] February 15, 2023
Source: AU-C 700.A63 Exhibit—Illustration 1.
ILLUSTRATION 1.6 Example of an unmodified audit report on the financial statements of McLellan's Shoes, a private company
1. Title—The term independent is in the title of the report to emphasize the auditors are external to the company, unbiased, and therefore can provide an objective opinion.
2. Address—The report is addressed to the owners or shareholders of the company and to the board of directors, if applicable.
3. Introductory paragraph—This paragraph explains that an audit was conducted and identifies the financial statements and the date of the financial statements.
4. Management's responsibility paragraph—This paragraph explains that management is responsible for the preparation and fair presentation of the financial statements and for the design, implementation, and maintenance of ICFR.
5. Auditor's responsibility paragraphs—These paragraphs explain the auditors are responsible for expressing an opinion on the financial statements, for following auditing standards, for assessing the risk of material misstatement, and for obtaining reasonable assurance about the fair presentation of the financial statements. The appropriate auditing standards would be those issued by the ASB since the company is a private company. In a private company audit, auditors state they do not evaluate internal control for the purpose of expressing an opinion on internal control. The audit firm concludes with a statement that it believes it has obtained sufficient and appropriate evidence to provide a basis for its audit opinion.
6. Opinion paragraph—This paragraph clearly states the auditor's opinion that the financial statements are fairly presented, in all material respects, in accordance with the applicable financial reporting framework, which in this example is GAAP.
7. Signature—The firm name and location are used as the signature.
8. Date—The date represents the end of fieldwork, which is the conclusion of gathering and evaluating evidence, and drawing all conclusions for the audit.
Illustration 1.7 provides an example of an unqualified audit report on the financial statements of The Boeing Company, a public company. If auditors have determined the financial statements are presented fairly in accordance with the applicable financial reporting framework, they issue the standard unqualified report. The PCAOB standards use the term unqualified report. The term unqualified is equivalent to the term unmodified used for the private company audit report. The terms are sometimes used interchangeably.
[1] REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
[2] To the shareholders and the Board of Directors of The Boeing Company
Opinion on the Financial Statements
[3] We have audited the accompanying consolidated statements of financial position of The Boeing Company and subsidiaries (the “Company”) as of December 31, 2017 and 2016, the related consolidated statements of operations, comprehensive income, equity, and cash flows, for each of the three years in the period ended December 31, 2017, and the related notes (collectively referred to as the “financial statements”). In our opinion, the financial statements present fairly, in all material respects, the financial position of the Company as of December 31, 2017 and 2016, and the results of its operations and its cash flows for each of the three years in the period ended December 31, 2017, in conformity with accounting principles generally accepted in the United States of America.
[4] We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the Company's internal control over financial reporting as of December 31, 2017, based on criteria established in Internal Control – Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission and our report dated February 12, 2018, expressed an unqualified opinion on the Company's internal control over financial reporting.
Basis for Opinion
[5] These financial statements are the responsibility of the Company's management. Our responsibility is to express an opinion on the Company's financial statements based on our audits. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
[6] We conducted our audits in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether due to error or fraud. Our audits included performing procedures to assess the risks of material misstatement of the financial statements, whether due to error or fraud, and performing procedures that respond to those risks. Such procedures included examining, on a test basis, evidence regarding the amounts and disclosures in the financial statements. Our audits also included evaluating the accounting principles used and significant estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that our audits provide a reasonable basis for our opinion.
[7] /s/ Deloitte & Touche LLP
Chicago, Illinois
[8] February 12, 2018
[9] We have served as the Company's auditor since at least 1934; however, an earlier year cannot be reliably determined.
ILLUSTRATION 1.7 Example of an unqualified audit report on the financial statements of The Boeing Company, a public company
Take a moment to look over the report in Illustration 1.7 and note some of the similarities and differences with the private company audit report. Again, you will see some of the key concepts discussed in this chapter. Sections of the report are numbered so we can further explain each component. Explanations of each numbered component follow Illustration 1.7.
1. Title—The term independent is also in the title of this report to emphasize the auditors are external to the company, unbiased, and therefore can provide an objective opinion. In addition, the term registered is included to emphasize the firm is registered with the PCAOB.
2. Address—The report is addressed to the shareholders and board of directors of the company.
3. Opinion paragraph—The first sentence explains that an audit was conducted and identifies the financial statements and the dates of the financial statements. The second sentence states the auditor's opinion. Note the opinion sentence is virtually identical to the opinion paragraph for the private company audit report.
4. Paragraph referencing the audit of internal control—This paragraph is unique to the public company audit report. Public companies are required to have an audit of ICFR and auditors issue a separate opinion for that audit, which is discussed in the next section.
5. Basis for opinion paragraph—This paragraph states the differing responsibilities of management and auditors. It is similar to the responsibility paragraphs of the report for private company audits, but the private company report goes into more detail regarding the responsibilities of management and auditors. One key difference is that this paragraph references registration with the PCAOB and independence requirements of the SEC and other federal securities laws.
6. Scope paragraph—This paragraph explains, in brief terms, the process of conducting an audit. It mentions the concept of reasonable assurance about whether the financial statements are free of material misstatement. It includes an explicit statement that PCAOB auditing standards were followed since it is a public company. The scope paragraph also includes a brief discussion of the professional judgments made during the audit. Finally, it concludes with a statement that the audit firm believes that its audit provides a reasonable basis for its opinion.
7. Signature—The firm name and location is used as the signature.
8. Date—The date represents the end of fieldwork, which is the conclusion of gathering and evaluating evidence, and drawing all conclusions for the audit.
9. Auditor tenure—The final component of the report is a sentence that states the year in which the firm began serving consecutively as the company's auditor.
After reviewing the standard audit reports, you may be wondering what happens if auditors conclude the financial statements are not presented fairly in accordance with the applicable financial reporting framework? Or what happens if auditors cannot gather enough evidence to form an opinion? When situations such as these occur, auditors may have to modify their opinion. Auditing standards have established three types of modified audit opinions: a qualified opinion, an adverse opinion, and a disclaimer of opinion. Illustration 1.8 provides a brief summary of situations that could cause auditors to issue a modified opinion. It is important to note that only material situations would cause auditors to modify the opinion. The discovery of immaterial errors would not prevent the issuance of an unmodified/unqualified opinion. The different types of modified reports will be covered in depth in Chapter 15, so consider Illustration 1.8 a basic introduction to the modified reports.
|
Situation |
Type of Modified Opinion |
|
Material departure(s) from the applicable financial reporting framework and the client refuses to make corrections |
· Qualified – financial statements are presented fairly, except for the uncorrected departure(s) · Adverse – financial statements are not presented fairly and should not be relied upon (pervasively material departures) |
|
Material limitation on the auditor's ability to gather sufficient appropriate evidence, referred to as a scope limitation |
· Qualified – financial statements are presented fairly, except for the auditor's inability to gather evidence for a material item · Disclaimer of opinion – auditor was not able to gather sufficient appropriate evidence and cannot express an opinion on the financial statements (pervasively material scope limitations) |
|
Auditor is not independent |
· Disclaimer of opinion – auditor is not independent and cannot express an opinion |
ILLUSTRATION 1.8 Situations that cause a modified opinion
Professional Environment PCAOB Releases New Audit Report
Prior to 2017, the standard unqualified auditor's report had remained substantially unchanged since the 1940s. Over the years, there had been much debate about the relevance of continuing to use the same standard report, particularly in the modern information age in which investors and other users demand better and faster information. Since 2011, the PCAOB has encouraged open discussion, comments, and feedback on various proposals for making the auditor's report more relevant to the public. Finally, on June 1, 2017, the PCAOB adopted a new auditor reporting standard, AS 3101 The Auditor's Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion. The standard was approved by the SEC on October 23, 2017. The standard includes two significant changes to the existing auditor's report.
The first significant change is the communication of critical audit matters, or CAM, in the audit report. A CAM is any audit matter that was communicated to or required to be communicated to the audit committee. The rationale is that if a matter is being communicated to the audit committee, it must be important and should be made available to users of the financial statements. The standard states that a CAM “relates to accounts or disclosures that are material to the financial statements and involves especially challenging, subjective, or complex auditor judgement” (AS 3101.11). For each CAM that is included in the auditor's report, the auditor must identify the CAM, describe why the auditor considered the item a CAM and how it was addressed during the audit, and refer to the relevant accounts or disclosures that relate to the CAM.
The second significant change is the inclusion of auditor tenure in the auditor's report. After the signature of the firm at the conclusion of the report, there is a statement that says, “We have served as the Company's auditor since [year]” (AS 3101 Appendix B). The firm includes the year in which it began serving consecutively as the company's auditor.
The PCAOB recognizes that including CAM in the auditor's report is a significant change. Therefore, the requirement to include CAM will go into effect for fiscal years ending on or after June 30, 2019. The other changes to the auditor's report, including the disclosure of auditor tenure, went into effect for fiscal years ending on or after December 15, 2017.4 The audit report for The Boeing Company in Illustration 1.7 reflects the new audit report and includes the statement about auditor tenure.
Before You Go On
1. 6.1 Why do auditors provide reasonable assurance and not absolute assurance?
2. 6.2 Explain the concept of materiality. How does the concept of materiality relate to reasonable assurance?
3. 6.3 What are the meanings of the terms unqualified and unmodified in the context of an audit of financial statements?
Audit Report on Internal Controls over Financial Reporting
LEARNING OBJECTIVE 7
Explain the concept of reasonable assurance and the nature of an unqualified report on internal controls over financial reporting.
Next, we will discuss the audit report for the audit of ICFR. Recall from earlier in the chapter that only certain public companies are required to have an audit on the effectiveness of ICFR. The SEC classifies public companies into three categories based on worldwide market value (in U.S. dollars) of outstanding voting and non-voting common equity:
1. Large accelerated filer: $700 million or more.
2. Accelerated filer: $75 million or more but less than $700 million.
3. Non-accelerated filer: less than $75 million.
Public companies categorized as non-accelerated filers are not required to have an audit of ICFR. Therefore, when we discuss the audit of ICFR for public companies, we are referring to public companies categorized as accelerated filers and large accelerated filers.
Reasonable Assurance and Internal Controls
Section 404 of the SOX legislation requires that management accept responsibility for the design and maintenance of internal controls. It also requires that management issue a report each year asserting whether internal controls over financial reporting were effective. Further, management's claims about the effectiveness of ICFR must be audited by the independent external auditor. The reason for requiring an audit of internal controls is because effective ICFR provides reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes (AS 2201.02). Here again we see the phrase reasonable assurance. If internal controls are effective, then it is more likely that the financial statements will be free of material misstatements and errors. Even though internal controls may be considered effective, it does not mean they will prevent all misstatements or errors from affecting the financial statements. There is still some risk that a material error could occur on the financial statements. Even an effective system of internal controls over financial reporting will only provide reasonable assurance, not absolute assurance, that financial statements are free from material misstatement.
PCAOB Auditing Standard 2201 An Audit of Internal Control Over Financial Reporting That Is Integrated with An Audit of Financial Statements states that auditors must conduct an integrated audit for public companies. This means auditors must plan and perform their work to achieve the objectives of both the financial statement audit and the audit of the effectiveness of ICFR simultaneously. For efficiency purposes, auditors will select audit procedures that allow them to gather evidence that is useful to both of the audits. Auditors are only required to obtain reasonable assurance about whether the company maintained effective ICFR for the period under audit. Auditors cannot provide absolute assurance about the effectiveness of internal controls for the same reasons they cannot provide absolute assurance on the fair presentation of the financial statements. The design and implementation of controls is somewhat subjective and there is not enough time for auditors to test the effectiveness of all of the entity's internal controls. Using professional judgment, auditors select the most critical internal controls over financial reporting and test the effectiveness of those controls. This will be discussed further in Chapters 6 and 8.
The Auditor's Report on Internal Control over Financial Reporting
When auditors have determined they have gathered sufficient, appropriate evidence to form an opinion on the effectiveness of ICFR, then they are ready to issue the audit report. Similar to the financial statement audit report, AS 2201 requires a standard format of the audit report be used for all audits of effectiveness of ICFR. Illustration 1.9 provides an example of an audit report on the effectiveness of ICFR for a public company. If auditors have determined the company has maintained effective ICFR for the period under audit, then they issue the standard unqualified report. Take a moment to read over the report and you will see some similarities to the financial statement audit report for a public company.
[1] REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
[2] To the Shareholders and Board of Directors of The Boeing Company
[3] Opinion on Internal Control over Financial Reporting
We have audited the internal control over financial reporting of The Boeing Company and subsidiaries (the “Company”) as of December 31, 2017, based on criteria established in Internal Control – Integrated Framework (2013) issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). In our opinion, the Company maintained, in all material respects, effective internal control over financial reporting as of December 31, 2017, based on criteria established in Internal Control – Integrated Framework (2013) issued by COSO.
[4] We have also audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States) (PCAOB), the consolidated financial statements as of and for the year ended December 31, 2017, of the Company and our report dated February 12, 2018, expressed an unqualified opinion on those financial statements.
[5] Basis for Opinion
The Company's management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management's Report on Internal Control Over Financial Reporting. Our responsibility is to express an opinion on the Company's internal control over financial reporting based on our audit. We are a public accounting firm registered with the PCAOB and are required to be independent with respect to the Company in accordance with the U.S. federal securities laws and the applicable rules and regulations of the Securities and Exchange Commission and the PCAOB.
[6] We conducted our audit in accordance with the standards of the PCAOB. Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, testing and evaluating the design and operating effectiveness of internal control based on the assessed risk, and performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.
[7] Definition and Limitations of Internal Control over Financial Reporting
A company's internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company's internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company's assets that could have a material effect on the financial statements. Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
[8] /s/Deloitte & Touche LLP
Chicago, Illinois
[9] February 12, 2018
ILLUSTRATION 1.9 Example of an unqualified audit report on the effectiveness of ICFR for The Boeing Company, a public company
The key components of the unqualified report in Illustration 1.9 are as follows:
1. Title—The term independent is also in the title of this report to emphasize the auditors are external to the company, unbiased, and therefore can provide an objective opinion. In addition, the term registered is required to indicate that the firm is registered with the PCAOB.
2. Address—The report is addressed to the shareholders and board of directors of the company.
3. Opinion paragraph—The first sentence explains that an audit of ICFR was conducted and references the COSO Internal Control—Integrated Framework as the criteria used as the basis for determining if ICFR are effective. The second sentence states the auditor's opinion.
4. Paragraph referencing the financial statement audit—This paragraph is a reference to the financial statement audit report and states the type of opinion that was given on the financial statements.
5. Basis for opinion paragraph—This paragraph states the different responsibilities of management and auditors. Like the audit report on the financial statements, this paragraph references registration with the PCAOB and independence requirements of the SEC and other federal securities laws.
6. Scope paragraph—This paragraph explains that auditors conducted their audit in accordance with the standards of the PCAOB. In brief terms, it explains the process of conducting an audit of the effectiveness of ICFR. It mentions that auditors are only required to obtain reasonable assurance about whether the company maintained, in all material respects, effective ICFR. It concludes with a statement that the audit firm believes its audit provides a reasonable basis for its opinion.
7. Definition and inherent limitations paragraph—This paragraph provides a definition of ICFR that is taken directly from AS 2201. This is helpful for users of the financial statements in case they are not familiar with the concept of internal controls. Also note the use of reasonable assurance in the definition to clarify that an internal control system does not eliminate all risk associated with the preparation of financial statements. The final sentence cautions not to use the current-year opinion to assume that future internal controls will be effective. Circumstances may change in the future that could render controls ineffective if the controls are not modified appropriately.
8. Signature—The audit firm's name and location are used as the signature.
9. Date—The date represents the end of fieldwork, which is the conclusion of gathering and evaluating evidence for the audit. Since the audits are integrated, the date on both the financial statement audit report and the audit report on the effectiveness of ICFR will be the same.
What happens if auditors conclude the company did not maintain effective ICFR over the period under audit? That would mean the auditors discovered a material weakness in the client's ICFR. The PCAOB defines a material weakness as follows:
A deficiency, or combination of deficiencies, in ICFR, such that there is a reasonable possibility that a material misstatement of the financial statements will not be prevented or detected on a timely basis. (AS 2201.A7)
If one or more material weaknesses are discovered during the audit, then auditors issue an adverse opinion on the effectiveness of ICFR that explicitly states the company did not maintain effective ICFR during the period under audit. AS 2201 dictates how auditors would modify the audit report to express an adverse opinion. If auditors encounter a material limitation in the scope of their work, they may consider disclaiming an opinion. We will cover these modifications in greater detail in Chapter 15.
Before You Go On
1. 7.1 Explain the concept of reasonable assurance as it applies to a system of internal controls and to the audit of the effectiveness of internal controls.
2. 7.2 What is management's responsibility for internal controls as stated in the audit report on the effectiveness of internal controls?
3. 7.3 What date is used on the audit report on the effectiveness of internal controls, and what does the date represent?
The Audit Expectation Gap
LEARNING OBJECTIVE 8
Discuss the audit expectation gap.
The overall audit expectation gap occurs when there is a difference between the expectations of auditors and financial statement users. The gap occurs when user beliefs do not align with an auditor's professional responsibilities. In particular, the gap is caused by unrealistic user expectations such as:
· The auditor is providing absolute assurance.
· The auditor is guaranteeing the future viability of the entity.
· An unmodified audit opinion is an indicator of complete accuracy of the financial statements.
· The auditor will definitely find any and all fraud.
· The auditor has checked all transactions.
The reality is that:
· An auditor provides reasonable assurance.
· The audit does not guarantee the future viability of the entity.
· An unmodified opinion indicates the auditor believes there are no material misstatements in the financial statements.
· The auditor will assess the risk of fraud and conduct tests to try to uncover any fraud, but there is no guarantee the auditor will find all material fraud, should one have occurred.
· The auditor tests a sample of transactions.
The overall audit expectation gap is graphically represented in Illustration 1.10 . In this figure, note the performance gap, which is the difference between auditor performance and auditing standards and regulations. There is also an expectation gap, which is the difference between a financial statement user's expectations and auditing standards and regulations.
ILLUSTRATION 1.10 Audit expectation and performance gaps
The performance gap can be reduced by:
· Auditors performing their duties appropriately, complying with auditing standards, and meeting the minimum standards of performance that should be expected of all auditors.
· Inspections of audits to ensure that auditing standards have been correctly applied.
· Assurance providers reporting accurately the level of assurance being provided.
The audit expectation gap can be reduced by:
· Auditing standards being reviewed and updated on a regular basis to enhance the work being done by auditors.
· Education of financial statement users as to the responsibilities of preparers and auditors of financial statements.
As described in this chapter, financial statement users rely on audited financial statements to make a variety of decisions. Financial statement users demand access to reliable information to help ensure the stability of financial markets. The audit profession is dedicated to providing reliable assurance services in the interest of protecting the public trust.
Cloud 9 - Continuing Case
Ron believes that Chip Masters would know what an audit can provide, and what it cannot, because Chip is an experienced vice president of a large international company. He deals with auditors on a regular basis.
Ron thanks Ernie for his time. Ernie has helped him to understand that preparing more detailed financial statements and engaging an auditor to perform a financial statement audit would not be as bad as he first thought. Ron now understands why Ernie thinks audits are valuable, and not just another business expense. If Chip Masters thinks that Ron's financial statements are more credible with an audit, then it is likely he will be prepared to pay a higher price for Ron's business.
Before You Go On
1. 8.1 Define the audit expectation gap. Define the audit performance gap.
2. 8.2 What has caused the audit expectation gap?
3. 8.3 What can be done to reduce the audit expectation gap? What can be done to reduce the audit performance gap?
Learning Objectives Review
1 Differentiate among assurance, attestation, and auditing services.
An assurance engagement involves an assurance provider arriving at an opinion about some information being provided by their client to a third party. Attestation and auditing services are types of assurance services. A financial statement audit involves an audit firm obtaining evidence to support an opinion about the fair presentation of the financial statements, in all material respects, in accordance with an applicable financial reporting framework.
2 Describe the different types of assurance services.
Assurance services include financial statement audits, audits of effectiveness over internal control of financial reporting, compliance audits, operational/performance audits, and internal audits.
3 Explain the demand for audit and assurance services.
Financial statement users include investors (shareholders), suppliers, customers, lenders, employees, governments, and the general public. These groups of users demand audited financial statements due to their remoteness from the entity, accounting complexity, competing incentives between them and the entity's managers, and their need for reliable information on which to base decisions.
4 Discuss the different roles of the financial statement preparer and the auditor.
It is the responsibility of the company's management to prepare the financial statements in accordance with the applicable financial reporting framework. Management is also responsible for the design, implementation, and maintenance of internal control over financial reporting and for providing the auditors with access to all documentation needed to complete the audit. It is the responsibility of the auditor to form an opinion on the fair presentation of the financial statements. In doing so the auditor must utilize professional skepticism and professional judgment in the planning and performance of the audit and must adhere to the appropriate auditing standards.
5 Identify the roles of different regulators and organizations that affect the audit profession.
Regulators and organizations that impact the audit profession include the Securities and Exchange Commission (SEC), the Public Company Accounting Oversight Board (PCAOB), the American Institute of Certified Public Accountants (AICPA), the Financial Accounting Standards Board (FASB), the Committee on Sponsoring Organizations of the Treadway Commission (COSO), and the National Association of State Boards of Accountancy (NASBA). Auditors must follow the PCAOB's Auditing Standards (AS) when auditing public companies and follow the Auditing Standards Board's Statements on Auditing Standards (SAS) when auditing private companies.
6 Explain the concepts of reasonable assurance, materiality, and the nature of an unqualified/unmodified report on the audit of financial statements.
Auditors are only required to provide reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to error or fraud. In a private company audit, if auditors determine the financial statements are presented fairly in accordance with the applicable financial reporting framework, then auditors issue the standard unmodified audit report. In a public company audit, if auditors determine the financial statements are presented fairly in accordance with the applicable financial reporting framework, then they issue the standard unqualified audit report.
7 Explain the concept of reasonable assurance and the nature of an unqualified report on internal controls over financial reporting.
An effective system of ICFR provides reasonable assurance the financial statements will be free of material misstatements. Only public companies are required to have an audit of the effectiveness of ICFR. In the audit of the effectiveness of ICFR, auditors provide reasonable assurance regarding whether or not there is a material weakness in ICFR for the period under audit. If auditors have determined the company has maintained effective ICFR, then they issue the standard unqualified audit report on ICFR.
8 Discuss the audit expectation gap.
The difference between what assurance providers provide and what financial statement users expect consists of two components: (1) the expectation gap, which is the difference between a financial statement user's expectations and professional standards and regulations, and (2) a performance gap, which occurs when assurance providers do not follow professional standards. The total gap occurs when user beliefs do not align with what an auditor has actually done.
Key Terms Review
· Operational (performance) audit
· Those charged with governance
CPAexcel
CPAexcel questions and other resources are available in WileyPLUS.
Multiple-Choice Questions
1. 1. (LO 1) Which of the following is not a characteristic of an assurance service?
1. The engagement is conducted by an independent professional.
2. The service lends credibility to information.
3. The subject matter is limited to financial information.
4. The service is useful for decision makers.
2. 2. (LO 2) An assurance service that determines whether the entity has conformed with regulations, rules or processes is a (an):
1. compliance audit.
2. financial statement audit.
3. internal audit.
4. operational audit.
3. 3. (LO 2) Operational (performance) audits are useful because they:
1. include a comprehensive audit.
2. are concerned with the economy, efficiency, and effectiveness of an organization's activities.
3. involve gathering evidence to determine whether the entity under review has followed the rules, policies, procedures, laws, or regulations with which they must conform.
4. ensure companies pay appropriate taxes.
4. 4. (LO 2) The function of internal audit is determined by:
1. the external auditor.
2. the IIA.
3. those charged with governance and management.
4. the government.
5. 5. (LO 3) All of the following are reasons why users would demand an audit of financial statements except:
1. complexity.
2. remoteness.
3. cost.
4. reliability.
6. 6. (LO 4) Management is responsible for which of the following?
1. Preparing financial statements in accordance with the appropriate auditing standards.
2. Designing, implementing, and maintaining internal control relevant to the preparation of the financial statements.
3. Using professional skepticism in the preparation of the financial statements.
4. Issuing an opinion on whether the financial statements are presented fairly in accordance with the appropriate financial reporting framework.
7. 7. (LO 5) Which of the following organizations issues auditing standards for the audits of public companies?
1. PCAOB.
2. SEC.
3. ASB.
4. COSO.
8. 8. (LO 5) The role of COSO is to:
1. establish financial accounting and reporting standards.
2. establish auditing standards for private companies.
3. prepare and grade the CPA exam.
4. provide guidance in the area of internal control and risk management.
9. 9. (LO 6) Auditors can only provide reasonable assurance that the financial statements are presented fairly because:
1. sampling techniques are used to gather evidence.
2. some items in the financial statements are subjective.
3. an audit must be completed in a reasonable amount of time.
4. All of these answer choices are correct.
10. 10. (LO 6) What is the appropriate date for an audit report?
1. The date the auditors were hired.
2. The date of the balance sheet.
3. The conclusion of the gathering of evidence for the audit.
4. The date required by regulators.
11. 11. (LO 7) Auditors of publicly traded companies are required to perform a(an) _______ for their clients.
1. compliance audit
2. integrated audit
3. internal audit
4. operational audit
12. 12. (LO 8) The audit expectation gap occurs when:
1. auditors perform their duties appropriately and satisfy users' demands.
2. user beliefs do not align with what professional standards and regulations expect of auditors.
3. inspections of audits ensure that auditing standards have been applied correctly and the standards are at the level that satisfy users' demands.
4. the public is well educated about auditing.
