Wondershare EdrawMind
MindMap Gallery Assurance (MGAC10)
- 6
- 1
Assurance (MGAC10)
Assurance (MGAC10) is an important guarantee mechanism aimed at providing customers with comprehensive protection and peace of mind. It covers multiple risk areas and provides flexible protection solutions to ensure that customers can receive timely and effective support when facing unexpected risks. Choose Assurance to make your life more secure and worry free. This is a mind map about Assurance (MGAC10). The map contains three main branches, namely: Audit, Compilation/NTR, and Review. Each main branch has a detailed description of its sub branches. Suitable for people interested in Assurance (MGAC10).
Edited at 2024-04-16 14:46:51
- Recommended to you
- Outline
Assurance (MGAC10)
Audit
High Assurance Level, Positive Opinipon Large Scope High Cost
Introduction to Audit
Definition about Audit
书本定义:"Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between assertions and established critetia and communicating the results to interested parties." =>客观的对被审计公司的经济活动进行取证,确保被审计公司的经济活动是 in compliance with assertion & criteria的。得出审计结论后,将结论报告给相关的party。 => 一共有四个重要的部分: 1. Objectivity 2. Verification [/Evaluation] 3. Establish Criteria 4. Communication
1. Objectivity
=> Objectivity的重要性: 商业活动中需要用到各种information来做decision。而有时提供信息的人和需要信息的人往往是有利益冲突的(conflict of interest). 这个时候就需要外部的审计来干预, Objectviely verify the information, make sure it is reliable. 如果审计员自己做不到完全客观,那么这个审计就一整个儿失去了意义
2. Verification
Verify subject matter provided by client through: Step 1: Obtain Evidence. 获取证据 Step 2: Evaluate Evidence. 核查证据 =>是provide assurance & enhance confidence中很很重要的一步。
3. Establish Criteria
=> When client prepare the subject matter, they assert the information they prepared is reliable. =>当client准备自己的financial information 时,他们就是在声明说自己的信息非常reliable;但对于审计员来说,我们不能直接选择相信客户的话,我们要去思考:"to what extend, can we conclude the information is reliable." =>我们要提前设立一个标准水平,然后再审计工作中判断客户是否达到这个水平。只有他达到这个水平,我们才能说你的FS info是OK的。 =>这个水平要求该设立在什么位置,这是审计员需要考虑的问题。我们需要综合考虑多方面的因素与风险,然后在planning stage得出一个大概的的预估;这个预估水平随着工作的进展,也会一直更新。
4. Communiction
Audit Report
Accounting V.S Auditing
Accounting
是一个收集整理信息,然后准备FS report的过程。 两者都需要懂得FS report framework
Auditing
是在别人准备完FS之后,审计员再去四处搜罗证据,然后审核这个FS。 两者都需要懂得FS report framework
Accountability Relationship

I. Accountability Relationship
=>The relationship between Asserter & User. 管理人员和股东之间的关系。 => Whennever there is a accountability relationship -> Possibility for auditor to perform an assurance engagement. =>但有这个relationship也并代表就一定要有audit。因为有的private firm股东和管理人员可能可以达成一致,同意不找审计员。但对于public firm来说,审计是必须的。
II. Assurance Engagement
1. Audit Engagement (High assurance level) 2. Review Engagement (Limited assurance level) 3. Notice to Reader/compilation (Minimum assurance level)
III. Conclusion
Auditor's report
Auditor's Report
Unmodified (Standard report) - 没问题
=> "The auditors are not calling attention to anything that may be wrong in FS." => The auditors are able to conclude that "The FS is presented fairly in all material respects." ->用大白话说就是,没发现什么大问题,这个财报可以相信
Modified/Qualified - 有问题

Adverse Opinion
Disclaimer of Option
Canadian Assurance Handbook
CPA Canada Assurance Handbook
1. Canadian Standards on Quality Management (CSQMs)
CSQM1
Highlight the firm's responsibility in designing and implementing a quality management.
CSQM2
appointment of engagement quality reviewer
2. Canadian Auditing Standards (CASs)
3. Other Canadian Standards (OCSs)
4. Assurance and Related Service Guidelines (AuGs)
I. Risk Assessment (Planning)
1. Pre-Engagement Activities
Client Acceptance
"PA should not accept or keep risky client." -> need to assess each potential client for risk, and should re-assess existing clients on an annual basis. 你在接受新客户之前要先判断一下这个客户的风险程度;如果这个客户看起来就不靠谱,接这个活只会给自己找麻烦,那就干脆不要接,对吧。而且不仅新客户需要被检视,老客户每一年也要被重新检视,因为他去年是靠谱的不代表他今年也是靠谱的,一年里可能会发生很多事,对吧。 Example factor to consider: 1. Financial information, 别明年就破产了,交不上我们的审计费。 2. Independence considerations: 我们是否足够客观,是否有资格接下这一单。 3. Competence and resources. 我们自己是否有能力和足够的资源来完成这个审计。 4. Special attention or unusual risks. 有没有什么不寻常的,奇奇怪怪的,可疑的风险。 5. Predecessor auditor's response. 前任有没有什么猛料要爆 6. Auditability. 审起来难不难,这个行业好审吗;如果审起来太麻烦就算了。 7. Overall risk for the engagement. 风险高不高,风险太高我们就先溜了,别人谁能干谁干吧,反正我是不想干。
CAS 210 Engagement Terms (MGAD20 Lec 02)
CAS 210.3 中提及,在接受一个client之前,需要和client在一下两点达成共识: 1. Establishing whether the precondition of an audit has been made. *Precondition: a). Management uses anacceptable financial reporting system b). Management (and those charged with governance) agrees to conduct an audit. 2. Confirm there's a common understanding of the engagement terms between management and audit team, (and those charged with governance is applicable). 要判断三件事: 1. Is the client ready to be audited? 2. Are we ready to preform the audit? ex timeline, available resource, appropriate background, and enough labor... 3. Make sure the client is aware of their responsibility and takes on it's responsibility through out the audit.
CAS 220 Quality Management (MGAD20 Lec 02)
Briefly mentioned beside CAS 210 in Lecture 02, CAS 210 also address some client acceptance issue, but mainly on the aspect of things that can be contorlled by auditors. i.e只有在partner能够确定自己可以带领团做做出一个质量有保证的audit时,公司才应该接这个client。
Difference
210 主要是关注一些PA对外的因素,比如management 是否理解了呀,client是否符合条件等等;(这些不一定总是能被PA firm控制) 而220主要是关注一些PA firm 内部的因素,一些完全在PA firm控制范围内的因素,比如我们团队的能力,资源等等。
Understanding the Engagement - CAS 315
=>你只有完全理解了你的客户的运行机制,你才能够去准确的判断相关风险,然后才能够去想如何应对他们。
a. Entity and it's environment
了解这个客户是做什么的,以及他们那个行业的大环境如何,有什么无可避免的潜在商业风险吗?
Business Risk
-> " The probability that significant conditions, events, circumstances or actions might arise that will adversly affect the entity‘s ability to achive its objectives and execute it's strategy." ->被审计企业的一些商业风险,可能会有某种情况让该公司的财务表现大受影响,从而完不成定下的目标,也会影响他们未来的一些商业计划。-> 根本不在任何人的控制范围内。 -> Auditor are not responsible to influence business risk, we just need to understand it and disclose it. 降低商业风险不在我们的工作范围内,我们只需要理解并披露就OK。 ->但是我们还要判断的是这个Business risk是否会进一步的导致一些别的风险,这些别的风险可能会需要我们特别去关注并且做更多工作。
Risk of material misstatement
Any risk that may cause RMM in FS
Significant risks
A specific high risk of material misstatement -> Require special audit consideration
Fraud risk factors
->这个风险是否提供了给management诈骗的机会,动机或压力 -> 增加了诈骗风险。
CAS 402 Service Organizations MGAD20 lec 03
当我们的client雇佣第三方公司帮他们服务,然后第三方的服务内容对财报信息直接有影响的情况下,我们需要perform 额外的工作: 1. obtain an understanding of the nature of the service organization and it's effect to FS. Identify and assess any related RMM. 2. Design related audit procedure to address the risks.
b. Internal Control
*Internal Control: The process that the client has designed, implemented and maintained, to reasonably assure the objectivity and reliability of their FS report, and complying with law and regulations at the same time. 客户的管理人员为了让自己公司的financial reporting正常运行而设计出来的一套方案。 Formal Definition from Commitee of Sponsoring Organizations (COSO): " The process designed, implemented and maintained by those who charged with governanve, management and other personnel to provide reasonable assurance about the achievement of the entity;s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regularions."太拗口了这句子,你就看我上面自己写的那一段就完了。
Other Activities
Obtain a signed engagement letter (contract)
Assign necessary staff to the engagement
Timing of audit work
Create a time budget
CAS 510 Opening Balance (MGAD20 Lec 02)
CAS 510 deal with the auditor's responsibility to collect sufficient and appropriate evidence on: If the begining balance contains material misstatetemnt and could impact current year's financial statement. If the management has been constantly using an appropriate accounting policy. If the management has propertyly accounted for any changes and If the management has adequately presented and disclosed in accordance with the financial reporting framework. * Initial Audit Engagement: 1. When the client has never been audited before 2. When the client has been auddited by other predecessors and recently swiched to our firm.
CAS 710 Comparative Financial Informtaion
CAS 300 Other activity prior to start an audit
2. Preliminary Audit Planning: Risk Identification
Audit Planning - CAS 300
CAS 300 require auditor to plan the audit so that it will be performed in an effective manner. Steps include: 1. Perform preliminary analytical procedures. 2. Assess planning materiality 3. Assess audit risk 4. Determine the audit strategy 5. Design the preliminary audit programs.
a. Perform preliminary analytical procedures - CAS 315
Analytical Procedures: "evaluation of financial information by a study of plausible relationships." *Plausible relationship: ex. 假设今年revenue增加了,那么我expect cash & A/R 也会增加. Why do we need to perform this? 1. To alert the audit team to problems in the accounts and disclosures. 打个比方,如果今年盈利明明增加了,但A/R却减少了,这个就很可疑,很有可能是记账记错了,或者是什么其他的原因,我们需要进一步去调查。=>就可以让我们更能注意到这些可能平时注意不到的小事 => 工作做得更加严谨。 2. To provide familiarity with the client's business and a standard starting point for procedures. 在你开始工作之前,先对这个客户的财务状况有一个基本的了解。 3. To describe financial activities by identifying relationships and changes in data. 对客户今年做了什么有一个基本的认知。 4. To comply with specific requirements in CAS 315. 最重要的是CAS要求我们这么做 Planning stage 的 analytical procedure: -> 为了让我们初步的对这个企业的big picture 有一个了解。
Subtopic
b. Assess planning materiality
什么是materiality? -> The amount that could reasonably be expected to influence the economic decision of users. -> No set rules for determining materiality, it is based on the auditor's professional judgement. -> Materiality should be set primarily based on the user's needs. 主要看FS user最看重的benchmark是什么,。比如他们最看重营利性,那我们可能就以Net income作为benchmark这样。 Planning materiality: 只是一个estimation of final materiality, will be updated when more information became available when we proceed the audt. Materiality Levels: 1. Overall Materiality: -> Depends on the FS user's need -> "What exfent of misstatement could reasonably be expected to influence the economic decision of F/S users?" 2. Performance materiality (required): -> Risk of not identifying misstatement. -> What amount (Lessor than overall materiality) is needed to make sure the undetected misstatement is below overall materiality. 3. Trivial Misstatement (Optional) 4. *Materiality for Specific Areas (Optional): -> What amount (less than overall materiality) could be reasonably expetced to influence certain FS users' decision? -> A lower percentage amount used for certain class of transactions and accounts. -> Include Specific materiality and specific performance materiality. Materiality Template: -> Form A420 in the Professional Engagement Mannual (PEG).
Quantitative

Benchmark
Depends on user's need. 他们看重哪个account,我们就以哪个account为benchmark。 注意: -> Can not choose zero or negative numbers as benchmark!!! -> Non GAAP number can be chosed, but we just need to be more cautious on that. Example of benchmark: Profit before tax from continuing operation Total revenue Gross profit ...
Percentage
Depends on: 1. What benchmark did you choose. ->选的benchmark基数大,我们 % 就选小一点;同理,基数小就选大一点的 %。 2. The amount of reliance by users.
Qualitative
Examples: FS element Items the users may be focused on Nature of the entity Ownership of structure and the way the entity is financed Relative volatiliy of the benchmark. 如果你选的benchmark本身自己就特别不稳定,那你可能要多考虑考虑。 Required normalization of the benchmark.
c. Assess audit risk
The risk that the auditor express an inappropriate conclusion when the FS is materially misstated. i.e你给假报告发unmodified report. Audit risk = RMM* Detection Risk = (Inherent Risk * Control Risk) * Detection Risk *Audit risk depends on: 1. Risk of the auditee 2. Number of FS users 3. Negative consequence of material misstatement Auditor are required to consider the following factor to determine whether the risk is significant or not: 1. The relationship with recent significant economic, accounting, or other developments that require specific attention. ->有没有什么需要特别注意的transaction? 2. The complexity of the related transaction ->这个交易是否搞得过于复杂?如果一个本来应该非常简单的交易,客户却倒了好几手,那就说明这个交易可能是有问题的。 3. The involvement of related parties. -> 是否有子公司,分公司介入;打个比方,子公司之间互相倒腾货物就有可能把他们的revenue以不正当手段搞上去,所以这个时候我们就得去看,他们的revenue是否有很多子公司出现的身影。 4. The degree of subjectivity with respect to measurement especially if there is a wide range of measurement uncertainty. -> 是否有可能因为controller的主观臆断而导致出现各种可能的问题。 *Measurement uncertainty: Management's inability to determine the value with accuracy. 5. The involvement of significant transactions that are outside the normal course of business or appear unusual -> 看起来就不正常的交易,和你专营业务根本不搭嘎的交易 6. The risk of fraud -> 诈骗
The audit risk equation
Audit risk = RMM* Detection Risk = (Inherent Risk * Control Risk) * Detection Risk
Inherent Risk
*Inherent Risk: "The suseptibility of an assertion to a misstatemnt that could be materila, ewither individually ot when aggregated with other misstatements, before consideration of any related controls." -> 是行业本身的RMM,与control无关。 -> Management and auditors do not create or control inherent risk, we only assess the inherent risk. 不在任何人的控制范围内,你干这一行,就得接受这个风险的存在。 -> Assessed at both overall and assertion levels. -> Can be assessed as high or low. (little change between years)
Control Risk
* Control risk: "The risk that a misstatement that could occur in an assertion that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corected, on a timely basis by the entity's internal control." ->用我的话说就是:The risk of the control system designed by management fail to prevent and detect misstatement, and the amoun of misstatement is material either individually or cumulatively. 这家公司自己内部管理出现漏洞的风险 -> Risk of management not detecting erros. -> Auditor do not create or control control risk, we only assess it, Management is responsible for control risk.与我们auditor无关,是客户公司自己的责任。我们只是评估,不会干预这个风险。 -> can be assessed at assertion level as high, moderate or low. -> Evaluated at both OFSL(effective/ ineffective) and assertion level (high/moderate/low) -> Control risk is set to high at default, unless we test control. 默认他是高,除非我们做了测试,然后得出他的control effective的结论。
RMM
Detection Risk
*Detection risk: "The risk that the procedure performed by the auditor to reduce audit risk to an acceaptibly low level will not detect a misstatement that could be material, either individually or when aggregated with other misstaments." ->Auditor检查不出来错误的概率 -> Can be controlled by auditor by performing substantive procedures. -> The more substantive approach we perform, the lower the detection risk Can be assessed as High/Moderate/Low
Substantive Procedure
*Substantive procedure: Include test of details and analytical procedures.
Level of risks
CAS 315 requires auditor to assess risk at both OFSL level and assertion level. 根据 CAS 315 的定义: *RMM at OFSL (Pervasive): Risk that relate pervasively to the financial statements as a whole and potentially affect many assertions. -> 可以是单个儿amount非常material,又可以是这个账户他跟很多其他的账户带来很重大的影响。 *RMM at assertion level (Transactional): Risk that relate to most entities and impact specific financial statement assersions.
Overall Financial Statemetn Level (OFSL)
Big Picture
Assertion Level
Specific Areas, such as: Class of transactions ( group of account entries that have the same source or purpose)类似的账户 Account Balances Disclosures Assertions are representation by management that are embodied in the FS. Auditor use assertion to consider different types of potential misstatement. Assertion不是审计员自己搞出来的东西,而是management自己claim说自己做到了XXX assertion;我们作为审计员,只是去判断management有没有真正的去完成这些assertion,判断一下哪里可能会出现问题。
B/S Items
Existence
Right & Obligation
"Amount reported as asset are held or controlled by the entity." "Amount reported as liability are obligation of the entity"
Accuracy, Valuation and Allocation
"Accuracy" -> Appropriate amount. "Valuation" -> valuation done objectively, value not materially overstated or understated. "Allocation" -> Appropriately recorded. -> Related disclosure are appropriately measured and described.
Completeness
所有的财产,债务,equity interest都记在账上了。 如果我忘记把我郊区的一块农场记在FS里,那就不完整了嘛对吧。 再比如说如果我欠银行十个亿,然后我特意“忘记了”记在我的财报上,这就不对了嘛。
Classification
Asset, Liabiliity and Equity Interest have been recorded in the proper account
Presentation
Assets, liabilities and equity interests are appropriatelt aggregared or disaggregated and clearly described, and related disclosures are relevant and understandable. 该一起报的东西一起报,该分开的分开弄,弄得清楚明白,需要披露的地方也披露清楚让人能看懂,
审计员会从这几个角度去查该公司准备的财报
I/S items
Occurrence
Cutoff
Recorded in the correct period
Accuracy
数字记的是对的 ->Related disclosures are properly measured and described.
Completeness
今年发生的所有交易是否都记录在案,包括所有的revenue,expense... => 对于FS的accuracy有很重要的作用。
Classification
All the event and transactions have to be recorded in the proper accounts
Presentation
Transaction and events are appropriatelt aggregared or disaggregated and clearly described, and related disclosures are relevant and understandable. 该一起报的东西一起报,该分开的分开弄,弄得清楚明白,需要披露的地方也披露清楚让人能看懂,
审计员会从这几个角度去查该公司准备的财报
Fraud risk
Fraud Risk Triangle

Opportunity
"Management have access to make fraudulent behaviour." Relates to client's internal control, and individual roles in client's organization
Attitude / Rationalization
"Work culture" 我们可以通过观察客户的内部邮件交流,site visit,以及日常交流来判断这家公司的环境怎么样;如果我们一看就知道这群人都不靠谱,那可能就说明他们公司诈骗的可能性比较高。
Pressure / Incentive
Management feel pressured to commit fraud: 1. Internal: Shareholder's negative feedback 2. External: Dropping stock price
CAS 240 Fraud MGAD20 Lec 03
Difference between fraud and misstatement is whether it was intentional or unintentional 240.11: Auditor's objectives are: 1. Identify RMM due to fraud 2. design and implement sufficient procedures to address the fraud risk detected 3. respond to fraud or suspected fraud properly.
CAS 250 Law & Regulations MGAD20 Lec03
CAS 250中表示,一共有两种law & Regulation: 第一种是对财报 determination of material amount 有直接影响的; 第二种是对财报无直接影响,但可以合理预估会有间接影响的,会影响该企业运营能力的regulation。 对于这两种regulation, auditor要做如下三件事: 1. 对于第一种对财报有直接影响的regulation,我们需要obtain sufficient and appropriate evidence on the compliance of the regulations.看看他是否遵循了这些重要的条例。 2. 对于第二种对财报无直接影响的,但有间接影响的,我们需要去判断这个影响是否material;如果material那我们需要去做一些specified procedure to detect any non-compliance, 去查他是否️遵循。 3. 如果发现了non-compliance,我们需要采取一些合理的手段来处理它。
d. Determine the audit strategy
CAS300 says :"Audit strategy sets the scope, timing and direction of the audit. When establishing the audit strategy, the auditors must: 1. identify the engagement scope. 我不太懂这一句话是什么意思耶。。。 2. Ascertain the reporting objectives of the engagement. 我们工作的主要目标是什么?是高效,还是高质量,还是尽可能的节约资源,以最低的开销完成审计? 3. Consider factors that are significant in direct engagement's team's effort. 考虑一下有哪些因素可能会大幅度地改变我们审计员的工作方向。 4. consider the result from preliminry engagement activities. 想一下你最开始做的那些调查,如果调查结果说风险很高,那你可能设计strategy的时候就要弄得复杂一点,多做一点工作。 5. Ascertain the nature, timing and extent of the resources necassary. 判断我们有多少资源在手里;你不能说你队里就两个人,完你还让人整一个特别复杂,特别substantive的file,这不现实对吧。
Combined Approach
Choose combined approach when: Preliminary control risk is assessed as effective at OFSL level, or low/moderate at the assertion level. 前期没啥大问题 It is reaonable for us to test control (effective and cost-effective), or when substantive procedures are not enough. 可以test control ->通过判断management的control system (their ability to prevent, detect and correct errors)来间接的测试有没有material misstatement at assertion level.
Test of Controls
Designed to evaluate the operating effectiveness of management's control in preventing, detecting & correcting material misstatements at the assertion level. 你只有test了control,才可以把control risk从高降低到moderate/low
Substantive Approach
Choose substantive approach when: Prelim有问题 + 不 test control Preliminary control risk is assessed as ineffective at OFSL level, or moderate/high at the assertion level. Prelim时发现他control有问题 It is not efficient or not cost-efficient for us to test control. 因为各种原因测试不了control -> 直接去找material misstatement, 不去管management的control到底怎么样
Tradeoff between Test of Control & Substantive Approach
你测试control测得越多,你就越能确定这个公司的control是否effective -> 后期能少点工作。 有的时候测试control又费时间又费钱,那倒不如直接不测试,然后多做一点后期工作算了。 ->所以这个时候可能需要你自己的professional judgement来判断到底哪一种方式最合适。
e. Design the preliminary audit programs.
Consider the risk at assertion level and the PM when developing preliminary audit program. => The audit plan -> will be updated during the audit engagement.
3. Risk Assessment Procedures to plan the audit
Qualified Opinion
II. Response to Assessed Risks (Performing)
4. Internal Control Documentation and Testing
->通过判断management的control system (their ability to prevent, detect and correct errors)来间接的测试有没有material misstatement at assertion level. Auditor's responsibility: Report significant dificiencies in internal control to Those Chaged with Governance (TCWG). Communicate on deviances or weakness in internal control to TCWG. -> 审计员通常会写一封Management Letter: 详细地描述并解释这个弱点(Describe),这个弱点会带来什么不好的后果(Implication),以及怎么样去改变(Suggestion)。 *Managemetn Letter: 是审计员写给管理层专门讨论internal control的一封文件。
Committee of Sponsoring Organizations of the Treadway Commission (COSO) Framework

1. Control Environment
-> "The attitude, awareness, actions and structure of management and those charged with governance." 管理人员对于Internal control的态度,可以是严谨的或者松散的又或者把诈骗当成公司文化。 -> Set the tone of an organization, influencing the control consciousness of its people. 管理者的态度直接影响到企业内部工作人员对待internal control的态度,如果老板带头不学好,底下的人有样学样,那这个公司的control就是一整个千疮百孔。 -> A good control enviroment is an appripriate fundation for other component of internal control. 你得现有有一个还不错的大环境,你才有可能会有一个比较好的overall control system,对吧。 ex. management's operating style, HR function, management's action and attitude. 作为审计员,我们要去判断这个公司的大体环境如何;如果大体环境都稀巴烂,领导带头不作为,那你能指望这个公司提供的财报信息是准确的吗?可能你就大概知道要多做多少工作了。 Example of element: 我们可以通过观察以下东西来判断这个大环境。 1. Communication and enforecement of intergrity, and ethic values. 从他们的日常交流中了解他们平时是否是个有道德的人 2. HR policy and practise. HR环境人不人性化;如果这家公司天天开人,那能是什么好公司。 3. Management's operating cycle 公司的整体管理是否合理 4. Organization Structure 比如说分公司与分公司之间的是怎么管理,怎么互相联系的。
2. Risk Assessment Process
Management's risk assessment process 管理层自己对于自己内部管理的一个风险评估: Step1: Identify Business Risk 找到风险 Step2: Estimate the significance of the risk 评估风险有多高 Step3: Assess the liklihood of their occurrence 判断这个风险有多经常会发生 Step4: Decide what action needs to be taken to mitigate the risk. 怎么做能降低风险 作为审计员,我们还要去判断这个公司,他是否有一个比较有效的自我评估风险的体系。如果他自己有一个很好的系统,那我们就会比较放心的进行下一步的工作。如果他自己的系统很烂,那我们就大概知道了,啊可能之后要多做很多工作。
a. Information and Communication
Information and communication system includes a set of interrelated function that collect, process, store and communicate informaiton including financial information. -> A wistle blower program is required for financial reporting. -> The information system is usually broken down into several processes, such as revenue process, purchasing process, production process, and financing process... 每一个process都有和他相关的几个account,比如现金,AR... 作为审计员,我们只需要有一个general understanding就可以;除非他和financial reporting有关,不然我们都不用太在意;我们只需要仔细的了解与FR相关的部分就可以了,其他地方可以放。 -> Do they communciate on a timely basis? -> Is there an appropriate whistle-blower program?
b. Monitoring
Monitoring's purpose is to assess whether the control system is effective over time. -> So try to be unpredictive when monitoring. Monitoring can be done as an on-going activity, or a separate evaluation. 作为审计员,我们需要判断: -> does management have a effective monitoring procedure? Is it independent, 会不会有self-reivew bias的风险。
c. Control Activities
"Entity's policies and procedures that help ensure management directoves are carried out." A good mix of general control activity and application contorl activity => overall effective control activity 作为审计员,我们只需要知道与我们审计相关的control activity是怎么设计和运行的就OK(包括IT control),其他的我们不用管。
General Control Activities
一些常见的general control activity如下: Perofrmance review Supervision Capable personnel IT control Periodic comparison Segregation of Responsibility => Preventive
Segragation of responsibility
Authorization to execute transactions Recording of transactions Custody of asset involved in transaction Periodic reconciliation of existing assets to record amount. => 这四个任务是绝对要分给不同的人做的,不能让一个人干全部的事情,很容易出事儿
Application Control Activities
-> Specific control activity to address the identified risks. => Detective and Corrective
Test of Controls
Designed to evaluate the operating effectiveness of management's control in preventing, detecting & correcting material misstatements at the assertion level. 你只有test了control,才可以把control risk从高降低到moderate/low 作为审计员,我们不可能测试全部的control,我们会尽量筛选比较重要的来测试,比如: 1. Control that relate to more than one assertion. 2. Important control ( Key Control) 3. Control with high inherent risk. 4. Find a balance of mannual(less effective) and automated(more effective) testing 我们无法要求客户达到100%的compliance, we will design an acceptable deviation rate (threshould) and make our conclusion based on that. 我们会允许一定的deviation,但是如果超出了这个标准,就有问题了 => Ineffective. 值得一提的是,就算我们最终得出的结论是ineffective,如果client有一些 compensating controls,我们就还能相信,还能rely on client's control system. *Compensating Control ex. 这个公司让一个非常没经验的小孩管钱 -> 我们认为 ineffective -> 但这个公司每天的晚上都会有一个特别有经验的会计师来reconcile小孩的工作 -> Compensating Contorl -> Auditors can still rely on management's control.
Phases of control testing
Phase 1: Understand the Internal Control - CAS 315
Phase 2: Assess Contorl Risk & Determine Audit Strategy - CAS 300 & 315
Phase 3: Test of Controls - CAS 315 & 330
6. Substantive Procedure
-> 直接去找material misstatement, 不去管management的control到底怎么样
Test of details
Any test performed on the details of a class of transactions, account, or disclosure.
Analytical Procedure
Analytical Procedure is used in both planning, performing and conclusion stage. 作为审计员,我们必须做以下几件事: 1. Determine the suitability of particular substantive analytucal procedures for given assertions. 在这个情况下,我们是否适合做analytical procedure。 2. Evaluate reliability of data:我们用来analyze的数据是否可靠 3. develop an expectation. 用这些信息来构建一个合理的expectation,并且还要判断这个expectation是否足够准确,能够让我们identify material misstatement。(不论是单个儿的,还是加在一起,都不超过materiality) 4. Determine the maximum amount of acceptable deviation between the expectation and recorded amount. Anthing above the maximum amount, we will need to confuct further investigation. Working stage analytical procedure: => 为了检查我们planning stage对 the big picture的assessment是否准确;需要做testing来确保真实情况是符合我们一开始的猜测的。
Plausible Relationship
Investigate on Inconsistent relationships
Investigate fluctuation or relationships that are inconsistent with other relevent information or expectations.
Audit Procedure
Nature
Purpose of the testing Which evidence collection technique should be used
Evidence Collection Technique
Before you started working on the evidence you colletcedm, always ensure: 1. The evidence is correct -> 他们给的证据是我们要的证据,不是随便发了个文件给你 2. The evidence agrees to other amount and schedules -> 不一样的话可能就又有新的问题了 3. The document is not tampered -> 至少看起来没有被篡改过。 4. The calculation on the evidence is correct 5. You have a thorough understanding of the evidence.
1. Inspection
Auditor gather information and do work to ensure: 1. Existency / Occurrence "你说你有这么个东西,在哪里呢,指给我看,或者合同拿给我看." 2. Accuracy, Valuation and Allocation "我们亲眼看到实物的condition,可以更准确的判断其价值,一打眼儿就能看出来他账上报的数是不是合理的." 可以是看第三方给的文件,client自己准备的文件,也可以是用眼睛看到的实物
Vouching
Sheet to floor -> Existence & Occurrence
Tracing
Floor to Sheet -> Completeness
Scanning
Scan thourgh document and look for anything unusual: 不会给我们直接提供任何新证据,但是可以让我们发现问题。 -> Reduce sampling risk. -> Existence(asset), Completeness(account record), Cutoff (Material transactions)
2. Observation
你作为一个auditor只是站在旁边看,并不参与任何的工作。 你观察别人做工作,但你自己不参与,和inspection不同的是inspection你是真的要自己去收集文件并且做工作的,而observation你只需要观察其他人就OK。 证据来自审计员自己肉眼的观察以及professional judgement
3. Confirmation
->Test on Existence, Ownership, valuation, cut-off, completeness... 可以测试很多的assertion, that why auditors love confirmations. ->Verification from an independent 3rd party by providing an oral / written response directl to auditors. requirement: 1. Confirmation must be sent out on client's letter head and signed by a client officer. 必须要客户签字同意,且以我们客户的名义去发,否则人家根本不会鸟我们的。 2. Auditor need to ensure the confirmation address is legitimate. 确保这个地址是正确的,没问题的。万一你看这个confirmation的地址是客户CEO的家,这不就有大问题? 3. Ensure the recipient is able to provide the information 人家是有能力给我们提供信息的。如果说对面是个八十多岁卧床的老头儿,人家怎么给你写confirmation对吧。 4. The confirmation must be sent by auditors, and must be returned directly to auditors. 这个confirmation必须要有我们发出去,而且要直接发还给我们。不可以有客户经手。 5. The response must be analyzed by the auditor. 我们时候还需要分析这个confirmation的信息,是否能让我们发现问题?
Positive Confirmation
有没有问题都需要回复
Negative Confirmation
只有对方觉得有问题才需要回复; 但有一个难点就是:你如何判断人家是看见了,确定没有问题,没有回复;还是说人家根本没看见所以没有回复呢。
4. Recalculation & Reperformance
auditor重新做一遍client做的工作 => "Verifiability" in "conceptual framework". -> Ensure accuracy
5. Analysis
根据已有信息,conclude an expectation -> assess if the recorded amount follows th eexpectation -> Determine whether the account is reasonable, it there RMM?
6. Inquiry
Ask Client questions, obtaining oral/written conformation directly from them
Audit Evidence
CAS 200 Requirement: Sufficient and Appropriate audit evidence. Audit evidence is the information auditors used to conclude their conclusion
Sufficient
数量 没有明文规定,use professional judgement base on RMM and audit evidence quality. 当你能够说服别人你的evidence足够sufficient时才算数,你自己觉得的不算数。
Appripriate
Quality of evidence 质量 The evidence must be relevent and reliable.
Reliability Hierarchy
 我们审计员自己的信息是最可靠的。 其次是独立第三方的信息 然后是有一些management 干预的第三方信息 再然后时management 提供的信息 最不可靠的是management自己的claim,不管是写下来还是口头说的,没有证据的情况下就是废话。
Most reliable
Physical Inspection Confirmation ( External document) Reperformance
Less reliable
External - Internal document Internal document (if there's good control) Observation Analytical procdure with specific data
Least reliable
Internal document (poor control) Inquiry Broad analytical procedures
Timing
什么时间做这个testing? Interim ot Year end. 如果是test control的话,你的test should cover the entire period of which the auditor intent to rely on the control. 你如果想要在今年相信这个control system,你的测试就必须on the scope of一整年的。
Extent
"How much sample do i need?" & "How deep should I test this on?" Focus on Sampling Theories, other consideration includes materiality, risk assessment, expected rate od deviation... 
5. Sampling Decisions
你只要不是看了100%的所有evidence,那么你就属于是一个sampling。 -> Sampling: Make sure all sampling unit have an equal change of geting selected, -> so that we can have a basis to draw conclusion about the entire population
Sampling Process
Population
The entire set of data
Sampling Unit
The individual item, constituting a population.
Sample
Item selected from population for testing
Sample item
The individual item constituting a sample
Type of sampling
Statistical Sampling
Random Selection Probability Theory -> Measure sampling risk numerically
Non-statistical Sampling
-> could be random selected or not. -> 不专注于平均选择每一个sample,而是主观地去更加注重一些更高的数额的sample。
Risk of sampling
Sampling Risk
由于你没有选够sample而造成的给出错误结论的风险。 The differences in conclusion if you have tested 100% of the sample. -> 你选的sample越多,sampling risk就越小。
Non-Sampling Risk
和sampling无关的风险 比如: Professional competency... 选sample的人今天没睡好,搞错了,或者缺乏经验,缺乏训练,都是non-sampling risk。 -> Controlled by quality control, management policies and procedures.
Detection Risk
Detection risk = sampling risk + non-sampling risk
CAS 530 Audit Sampling MGAD20 Lecture 2
CAS 530 applies when the auditors have to use sampling for audit procedures: 1. Sample design and selection (statistical and non-statistical). 2. Performance of Procedures (test of control and test of details) 3. Evaluation of sampling result. Objective: To provide a reasonable basis for auditor to draw conclusion on the population based on the sample they tested. CAS 530 requirements: 1. when designing sampling, choosing size and making the selection, auditors need to consider the purpose of the procedure, as well as the characteristics of the population. 2. Performing the appropriate audit procedure, if not applicable, perform on a suitable alternative sample; if still not applicable, treat as deviation. 3. Investigate the nature and cause for deviation and misstatement. 4. Projecting misstatement 5. Evaluating result of audit sampling, determine whether we have obtained enough evidence to draw conclusion on the population.
CAS 500 Audit Procedure
CAS 530 complements CAS 500
CAS 450 Misstatement
要求: 1. accumulate你发现的任何misstatement 2. 思考这些misstatement对audit的进行有什么影响不? 3. 与client 以及上司沟通misstatement,并积极参与改正。 4. 如果client拒绝改正,那么这个uncorrected misstatement对我们审计的影响是什么? 5. 要求management提供一个written response,说他们保证不改正这个错误并不会造成严重影响。 6. Document our work -> Identifies the auditor's responsibility in: 1. evaluate the effect of the misstatement 2. evaluate the effect of the uncorrected misstatement.
CAS 700 - FS free from Material Misstatement
CAS 320 - appropriate planning and performing
Auditor should determine materiality for the FS as a whole; if there are certain class of transactions, accounts that would reasonably be expected to influence user's decision with an amount lower than the materiality, then the auditor need to determine a separate materiality threashould for that class of transaction.
Other related CAS MGAD20 Lec03
CAS 540 Accounting Estimate
审计员要确保以下两件事: 1. the fair value estimated by mamagement is reasonable. 2. The management has adaquately disclosed related estimation.
CAS 550 Related Parties
*Related: 1. A person or entity that has direct or indirect control / significant inflluence, through one or more intermidiaries. 2. 2 entities under common control. auditors 要确保两个事儿: 1. 理解related party的关系与交易: - 判断有无诈骗风险 - 被related party影响到的FS的部分有没有presented fairly 2. 判断client是否identify了全部的related party, 我们 (auditor)具体要做三件事: 1 看看他们是否对related party有一个准确的理解;如果我们发现了一个unidentified related party,那就说明这个client可能对related party的定义不清楚,那就说明可能还有其他的unidentified related party没有找出来。 2. 检查所有的material transaction 3. 着重调查material transaction outside of normla course of business.
CAS 570 Going Concern
即这家公司有没有宣告破产,停止运营的计划;或者说没得选只能破产的情况发生。 审计员要做三件事: 1. 判断management对于他们自己going concern的evaluation是否appropriate 2. 根据我们自己收集到的证据,我们认为这家公司有无破产风险 3. 根据CAS的要求 report我们的观点。
CAS 600 Audit of Group FS - Reliance on others Lec 04
Component Auditor: 我们把一部分的audit工作外包给其他公司。 审计员要判断两个基本的事情: 1. 我们到底要不要以primary auditor的身份接下这个client 2. 如果我们决定接下这个client, 我们要确保: 1). 和component auditor的沟通一定要到位;让双方都明确知道该怎么样进行工作,并且及时上报任何audit finding 2). 作为primary auditor,我们需要为这一整个consolidated audit report负责。我们需要手机足够的证据,证明我们的这一整个大FS都是符合framework的 除此之外: 我们还需要understand the component auditor,: 判断他们的ethic compliance 判断他们是否有能力接下我们这个audit (professioanl Competent) 他们需要多少degree of involvement to performing the component audit. 他们有没有足够的监管
Documentation
在参与group audit时,一定要做足documentation, 给自己留好后路;因为你得能证明自己做足了due care,这样等到你到时候万一要是出了什么问题,你还能给自己留点后路,少担一点责任。
Significant v.c Non-significant Component
是否significant会影响到我们的工作量; significant的component就需要多做工作,non-significant的工作量就会相对比较少。 考虑因素包括如下: significance of the component 这些不同的entity分别有多大。 the identified significant RMM of the group statement 风险高不高 The design and implementation of group-wide control. 我们是否能很好的管理我们不同的component auditors。 我们要做的事-作为审计员: 1. Obtain an understanding of the group-wide control & the consolidation process. 2. Design and perform audit procedures on the consolidation process to address the risks we detected. 3. evaluate the completeness, accuracy and appropriateness of the consolidation adjustments.
CAS 620 Auditor's Experts AD20 Lec04
审计员只负责accounting,如果审计包括一些其他的内容,我们可能就需要去咨询其他的expert才行。 审计员要判断一下两个事情: 1. 是否要用expert 2. expert的工作是否足够我们的审计 自己找 v.s 用management的  如果我们决定自己额外找expert,我们需要对该expert工作的领域做一个基本的了解。因为如果你不了解人家做的什么工作,你怎么去判断这个工作是正确的呢?
Internal Expert
同一个公司里的
CAS 220 Experts in engagement team
External Expert
另一家公司
CAS 500 Management's Experts
特指那些被包括在FS report中的expert的工作。 我们作为审计员,我们可以选择相信management的expert (但要额外去证明该expert的independence),也可以选择雇佣自己的expert。
CAS 610 Internal Audits AD20 Lec04
很多公司内部有自己的internal auditor,然后还会再雇一个external auditor: 我们作为外部审计员对于internal audit可以做如下的事来改变我们的audit策略: 1. 可以直接用内审的工作 2. 可以获得来自内部审计员的直接指导与辅助。 除非以下三种情况: 1. 该公司没有内部审计 2. 该公司的内部审计与我们审计的项目无关 3. 我们觉得内部审计不能提供我们想要的证据,或者压根儿我们就没打算要用他们的东西。 但是,在用任何internal auditor的工作之前,我们要判断如下: 1. 他们的工作是否可靠,to what extent can be used by us. 2. 判断他们的工作是否满足我们的要求,我们是否还需要做额外的procedure? 3. 判断如果我们决定让他们参与帮助我们的审计工作,我们是否可以很好的supervise他们?
判断可用性
1. Their Professional Competence 2. The Organizational Structure 3. Their general approach and quality control
COSA 5000.A1 - Association AD20 Lec04
客户要想引用我们的报告,需要获得我们的consent
III. Concluding and Reporting
7. Review Audit Finding
Completion Procedure
Audit of revenue and expense
在弄完了B/S approach之后可能还要去看一下别的I/S的东西; -> The B/S approach gives us a good understanding about the accuracy of the numbers, but does not assure the I/S items' classification are correct. -> B/S approach is not enough for us -> 低风险的I/S就用B/S approach就够了,但高风险的I/S item需要 audit separately (Significant risk area). -> Analytical Procedure -> But there are always some FS area that's not inter-related to other areas-> they might be missed (Not audited). Expense risk: Completeness Accuracy Revenue risk: Existence Accuracy
Analytical Procedure
1.Ratio analysis 2.Comparison to prior year/expectation 3.Conparison to forecast/budget 4.Data analytics -> Obtain valid explaination on fluctuations -> discover inconsistency, unusual items -> investigate further However: -> Analytical Procedures are only as good as your data sources. If your data source is inaccurate, then you whole analysis will not make any sense.
Other Procedure
Variance analysis Reasonability Test More data analytics ...
Examine miscellaneous account
Examine miscellaneous, clearing, other accounts. Look for credit balance in expense, debit balance in revenue -> ask for explaination ->make sure they are classified correctly
Investigate unusual transactions
比如一个本来应该很简单的交易,却让management倒了好几手,故意弄的特别复杂,那就有可能有诈骗,洗钱的嫌疑。
Audit of other statemetns and disclosures
C/F statement -> tie to cash in B/S Change in shareholder's equity -> Tie to equity in B/S ->这两个FS都是在B/S出来之后才做的,我们要确保这两个新玩意儿和我们审过的B/S保持一致。
Review of minutes
Review the big decisions made by BoD -> big picture of the company -> understand more about our client -> discover if there is anything that requires special attention. Also assess how did the BoD evaluate management, 他们内部的控制是怎么样的
JE testing
Have a full understanding of all journal entries and then pick sample from them to test. Possible risk areas: Non-routine one: 人们不太经常做,没有一套成熟的体系,不熟练,然后容易出错甚至是忘记去记 Rountine one: 人们太经常做了,老话说得好,做的多,错的多;犯错的记录也嘎嘎高。 Automated one: 自动化的记也不代表就完全不会有问题;如果你的程序一开始就设置错了,那你的每一个entry都会是错的。 Mannual one: 人工输入的,犯错几率当然高;有时还有诈骗风险,如果这个JE是在比如说半夜填进去的,就很奇怪,很可疑了对吧。 Subsequent period one: 我们会检查YE后几周的entry,看看有没有什么可疑地地方;因为有的公司会在年前弄一批假的revenue去boost up performance然后年后又把他们给revise掉。那我们通过观察这些subsequent JE就可以发现一些端倪。
Related party transaction
Looser control for related parties, that management are not aware. More opportunity for collusion. Auditors needs: 1. remain alert for RPTs 2. perform procedures on previously unidentified related party 3. Perform procedures on RPT thats outside of it's normal business scope.
Subsequent Events
Type 1
年前就已发生的事,我们只是年后才知道 -> Retroactive adjustment
Type 2
年后才发生的事 -> No adjustment needed
CAS 560 - Subsequent Event MGAD20 lec 02
Period 1: FS date ~ Audit report date
审计员有责任perform procedure to actively identify subsequent events + Need to obatin a wrtten response to have the management claim that they have provide us with all the subsequent event information.
Period 2: Audit report date ~ FS issue date
审计员并没有义务再去主动找subsequent event,除非 anything has come to our attention; 那样的话我们就得和management讨论,看看他们想怎么处理,我们需不需要在做什么其他的procedure。 如果影响有限 -> dual dated report. 如果影响pervasive -> new report.
Dual Dated Report
When subsequent event came to auditor's attention 但影响还没有pervasive enough去issue一个new report -> dual dated report. only responsible till the original auditor's report date.
Period 3: After FS issued
同样,在这段时间,我们并没有义务再主动去找,但如果anything come to our attention, we can not ignore. 和period2一样的是:我们要和management商讨对应的策略,判断我们是否有必要去弄个新的或者dual dated report;但和period 2不同的是,我们需要去review management是否恰当的inform了之前收到旧的FS的user。 如果影响真的很严重 -> re audit.
CAS 720 - Auditor's responsibility on subsequent information received AD20 L02
Lawyer's letter
让Lawyer来confirm这家公司还有没有什么别的liability
CAS 501. Litigation and Cliams AD20 Lec04
per 501.9 auditor为了address legal concern, should perform the following: 1. Inquire management & internal legal counsel. 2. Review minutes of meeting & external legal counsel 3. review legal expense account.
Overall Analytical Procedures
我们之前工作的时候,不是把那一整个FS给 break down into pieces 来审嘛,现在到了结尾,我们又要把那些碎片一片一片粘起来,再从一个整体的角度去看这个FS。-> Form the audit opinion
Auditor's professional judgement
我们完成了completion procedure之后去判断我们是否发现了新问题?这些测试是否足够我们获得一个合理的assurance?有没有什么其他的地方需要注意的?然后我们把我们的工作总结给客户的管理层,然后让客户的管理层给我们出具一封management's written representation.
Management Letter
1. Management has fullfilled their responsibility in preparing and presenting FS. 2. Management has provided the auditor with all relevant information. 3. Management confirm all transaction has been properly recorded and reflected in FS 4. Management confirm that any uncorrected misstatement is immaterial to the FS.
Auditor's Judgement
Form Audit Opinion
FS released
Overall Evaluation (required in CAS200)
就是说结束收尾之前,还要在重新检查一遍,看看自己so far做的工作是否真的是有reasonable assurance的。
Management's judgement in applying accounting policies
这家公司内部是怎么理解和使用相应会计准则的
Management's accounting estimates
这家公司对未来的预估是否合理
Management's FS preparation
这家公司FS以及notes准备的怎么样 质量如何?是否漏洞百出?
Help completion & subsequent audits
Analytical Procedure
Conclusion Stage Analytical Procedure: Corroborate(证实) conclution formed during any stage of the audit。 确保你之前任何一个阶段下的结论,到目前为止还是make sense的;如果有任何变化,你还可以在issue final report 之前做更改对吧。
Going Concern (CAS 570)
management自己需要每年检查自己的going concern。 审计员的职责则是去检查management对自己的assessment是否合理,是否有隐瞒什么。
Errors
任何not trivial的错误都应该被记录在summary of audit adjustment 中。 -> 注意我们判断trivial的标准也一定需要被document 如果发现错误 -> 判断trivial? -> 记录 -> 和management沟通并理解错误原因 注意,你不能只看你发现了的错误,你还需要project基于现在这个情况,有多少错误可能还没被发现 -> projected misstatement -> 判断projected misstatement是否仍然低于materiality。
8. Form Opinion and Issue Report
Focus on auditor's report - CAS700
CAS 700 requires the form and content of the standard annual,consistent report.
Description of Responsibilities
Auditors are responsible to include a description of responsibilities: 1. General Description: Must be written wthin the body of the auditor's report. 2. Detailed Description: Can be written in the body, as an appendix, or some appropriate location where specific reference is provided.
General Description
Detailed Description
Management's responsibility to FS
Prepare the FS
Assess going concern
Internal Control over Financial Reporting
Auditor's conclusion
Auditor's opinion
Going concern (if applicable)
Key audit matter (if applicable)
Other information (if applicable)
Other reportign responsibilities (if applicable)
Auditor's opinion
Basis of Opinion
Auditor's responsibility for the FS audit
Other reporting responsibilities
Management's Written Representation
1. Management has fullfilled its responsibility for the preparation and presentatipn of the financial statement.
2. Management has provided the auditor with all relevant information
3. All transactions have been recorded and reflected in the financial statement
4. Management's representation that the errors included in the summary of uncorrected misstatement found by the auditor are immaterial to the financial statement.
2 additional paragraphq
Emphasis of Matter
告诉大家:“一定要读FS中的某一段,非常重要!”
Other Matter
告诉大家:“这个东西FS里没有讲,但是很重要!”
Client Communication
Management:
Internal control deficiencies
TCWG:
Auditor's reponsibility
Planned scope and timing
Significant Findings
Independence
Finalizing W./P
Lock up file in 60 days
you have 60 days to clean up a file
Review
Purpose (CSRE 2400): Express a conclusion about whether the financial statement are not prepared, in all material aspectes, in accordance with the applicable financial reporting framework. -> Limited Assurance -> Negative Conclusion -> Smaller Scope, -> Lower Cost
Timeline
can be performed at annual FS and interim FS
Practise Standards
General Accepted Standards for Review Engagemetns & Specefic Quality Conntrol Standards
OCS CSRE 2400 and OCS section 7060
CSRE 2400
1. Conduct review in accordance wiht CSRE 2400
2. Ethtical Requirement
3. Professional Skepticism and Professioanl Judgement
4. Engagement Level Quality Control
5. Acceptance and Continuance of Client Relationships and Review Engagements
6. Performing the engagement
General Quality Management Standard
CSQM1
CSQM 2
Procedures
Inquiry
Analytical Procedure
...
more procedures could be used if you think it is necessary.
Types of Reports
Unmodified
Modified
Qualified
Adverse
Discliamer of Conclusion
2 additional paragraph
Emphasi of Matter paragraph
和audit side一样
Other Matter Paragraph
Process
I. Planning
Client Acceptance and continuance Procedures
PLan the engagement
II. Performing
Perform Procedure
Evaluate Evidence Obtained
III. Reporting
Form a Conclusion
Issue the reprot
Compilation / NTR
Does not require practitioner to verify accuracy/ completeness of the information. -> provide assistance on the preparation of FS with an accounting absis selected by management. No assurnace, no opinion, Limited Scope Low Cost
Standards
Generally Accepted Standards for Compilation Engagements & Specific Quality Control Standards.
CSRS 4200
1. Conduct compilation in accordance with CSRS 4200
2. Ethtical Requirement
3. Professional Judgement
4. Engagement acceprance and continuance
5. Performing the engagement
6. Subsequent events
7. Compilation Engagement Report
General Quality Management Standards
CSQM1
CSQM 2
Process
I. Planning
Client acceptance / continuance procedures
Plan the engagement
II. Compiling
Compile the financial information
Discussions with the client
III. Reporting
Appropriate Wording and PLacement
Issue Compilation Engagement Report
Internal Control Evaluation MGAD20 lec03
Phase 1: Understanding the internal contorl - CAS 315
Phase 2: Assess control risk and audit strategy - CAS 300 & CAS 315
Phase 3: Test of controls CAS 315 & CAS 330
Management's Financial Statement Closing Process
I.e closing all I/S balance to zero at year end and start all over again in new year. -> High risk because it is non-routine. -> As an anditor, we need to understand how client prepare FS. The more we understand, the better we can respond to the risk. -> We also need to assess 4 other questions: 1. Are there policies and procedures to ensure the FS is compiled with the relevent reporting framwork? 2. Are all required journal entry and adjusting entries reviewed and approved? 3. Is the FS consistent with the accounting record? 4. Are responsible employees up to date with any changes in the reporting framework?
Auditor's Substantive procedures
Agree or reconcile
agree or reconcile FS items to accounting records
Examine material JE or other adjustment
Examine material JE and adjutsment made when compiling for FS
Other Key Processes
Revenue, Receivables and Receipts (RRR) Process Summary
 这图太糊了,你还是看WEEK 7的PPT吧
Production Process
Payroll Process
Finance & Investment Process
Audit Working Paper Files
"Auditor's record of complaince with the CASs"
Permanent File(s)
Files with continuous interest, 就是说你这个文件cover很长一段时间。 打个比方,二十年的贷款合同,那么他这个合同的条款基本上二十年都不会变的;不过还是需要去问一下客户以确定今年有没有什么新的变化,如果没变化的话,你就document一样的contract就行。
Current year file(s)
只有今年有效的文件: 比如: - Administratuve evidence such as planning documentation. - Current year's work: CY evidence, conclusion made during interim and year end procedures. - Any other relevant audit evidence.
Balance Sheet Approach
Accounts in financial statements are all interrelated and articulated, so by gaining assurance on B/S item, we can obtain a reasonable assurance on the all of the financial statement accounts.
Equation
Net Income = Change in Net Asset - Change in Contributed Capital