STANDARDS, MATERIALITY AND RISK1

CHAPTER 2

STANDARDS, MATERIALITY AND RISK

MAJOR TOPICS DISCUSSED

  1. Audit and attestation standards
  • There are ten GAAS (generally accepted auditing standards), classified as general, field work, and reporting standards
  • There are eleven attestation standards classified similarly to GAAS
  • The Public Company Accounting Oversight Board (PCAOB) has authority to develop audit standards for public companies and has adopted GAAS on an interim basis

2.Concepts that underlie financial statement auditing: independence, due care, evidence, and reporting

  • Independence is a state of mind and an attitude of impartiality
  • Due care can be described as the duty to exercise professional skills with reasonable care and diligence
  • Audit decisions are based on sufficient (quantity), competent (reliability) evidential matter
  • All attestation and audit engagements result in a report stating a conclusion or the inability to reach a conclusion

3.Audit risk

  • Despite performing an engagement with due diligence, there is a risk that management’s financial statements may still contain material errors or omissions
  • Audit risk is comprised of inherent risk, control risk and detection risk

4.Materiality in a financial statement audit

  • Materiality is most often defined as information that would affect a decision made by the average person or reasonable investor
  • Audit risk, materiality and audit effort are all linked
  • Materiality is qualitative as well as quantitative

CHAPTER REVIEW OUTLINE:

A.Audit and attestation standards

1.Generally accepted auditing standards (GAAS).

  • Developed by the AICPA’s Committee on Auditing Procedures in 1948
  • The ten standards are classified as general standards, standards of fieldwork, and standards of reporting
  • General Standards

Training and Proficiency

Independence

Due Care

  • Standards of Field Work

Planning and Supervision

Internal Control

Evidential Matter

  • Standards of Reporting

GAAP

Consistently Applied

Adequate Disclosures

Expression of an Opinion

2.Attestation standards

  • Developed jointly by the AICPA’s Auditing Standards Board and the Accounting and Review Services Committee in 1986
  • The eleven attestation standards parallel the first ten standards of GAAS
  • Attestation standards are general to all attest services, while GAAS apply exclusively to one attestation service: financial statement audits
  • These standards are measures of quality against which completed engagements are judged

3.The PCOAB is empowered to set standards for public-company audits

  • In 2003, the PCAOB adopted GAAS on an interim basis
  • PCAOB may ultimately decide to permanently adopt, modify, or eliminate GAAS

4.Standards are guidelines

  • Neither the attestation standards nor GAAS offers step-by-step procedures to follow during an audit
  • Standards rarely change dramatically over time
  • Procedures are detailed methods or techniques and should change as business and technology change
  1. Concepts that underlie financial statement auditing: independence, due care, evidence, and reporting

1.Independence

  • “In fact” is a state of mind, an attitude of impartiality
  • “In appearance” is a demonstration of independence by remaining free of any overt interest in a client
  • In 2000, the SEC proposed sweeping rule changes, most of which were restrictive on the scope of services public-company auditors could provide

The final rules were less restrictive than the proposed rules

Mandated an engagement team (rather than a firm wide) model of independence

A centerpiece of the SEC’s final rules was disclosure of aggregate fees

Would allow users to judge for themselves whether nonaudit service fees compromise an auditor’s independence

  • Sarbanes-Oxley limits the consulting services public-company auditors can provide their clients

Figure 2-2 describes prohibited services

Requires the Audit Committee of the client’s Board of Directors to approve any non-prohibited consulting services in advance

  • In January 2003, the SEC announced further regulations on auditor independence

Engagement partners rotate after 5-7 years (depending on involvement)

A client may not employ a former auditor within one year preceding the audit (if so, audit firm lacks independence)

An auditor is not independent if he earned compensation based on selling a service, other than audit, review or attest, to the client

Auditors must report certain matters to the audit committee

  • The SEC’s rules and the Sarbanes-Oxley Act apply only to public companies an auditor audits
  1. Due Care
  • The duty to exercise professional skills with reasonable care and diligence

To be intellectually honest about possessing requisite skills

Perform duties with the degree of care expected of the prudent practitioner who will

Take steps to foresee unreasonable risk or harm to others

Attend to any employee, department, transaction, or resource that experience or history suggests may carry extra risk

Consider any unusual circumstances or relationships when planning and performing the engagement

Recognize unfamiliar situations and take precautions

Take all appropriate steps to resolve doubt or unanswered questions about matters material to his or her report

Keep abreast of developments in his or her area of competence

Review the work of assistants with the full understanding of the importance of the task

Does not imply infallibility, providers of audit services are subject to human error

  1. Evidence
  • Provides the basis for decisions in all attestation and audit engagements
  • The nature and measure of evidence varies depending on whether an engagement is an audit or an attestation engagement
  • Statement on Auditing Standards No. 31, “Evidential Matter” (AU Sec.330), describes audit evidence as the underlying accounting data and all related corroborating information available to an auditor
  • An audit is based on sufficient, competent evidential matter

Sufficiency refers to the quantity of audit evidence obtained, but not meaning “the more, the better”

Competence refers to the validity and relevance of evidence, both of which depend heavily on whether the evidence is obtained from independent sources, obtained directly by the auditor, or processed through reliable information systems

Evidence obtained from independent sources is more reliable than evidence obtained from management

Evidence obtained through physical examination, observation, computation, and inspection is more persuasive than evidence obtained indirectly from management

Reliable evidence is more likely to be produced by effective, rather than by ineffective, systems of internal control

  • Persuasive, not convincing, audit evidence is collected, and the cost of obtaining the evidence should not exceed its usefulness
  1. Reporting
  • All attestation and audit engagements result in reports
  • Attestation reports conclude whether management’s written assertion is presented in conformity with established or stated criteria
  • Audit reports conclude whether management’s financial statements are presented in accordance with GAAP
  • Reporting will be discussed more extensively in the next chapter
  1. AUDIT RISK
  1. Attestation risk is the probability that an attestor may unknowingly fail to modify a written conclusion about an assertion that is materially misstated
  2. Audit risk is the probability that an auditor may unknowingly fail to modify an opinion on financial statements that are materially misstated
  • Recently, most audits are conducted as risk-driven audits

More effort is directed toward the assertions and accounts the auditor deems most risky, less effort is directed to low-risk accounts

  1. Audit risk is the product of three individual risk elements
  • Inherent risk is the susceptibility of an account balance to error, assuming no related internal controls

Auditors can do little to influence inherent risk

The task is to assess inherent risk completely by considering

The client’s business and industry

Management’s predisposition to manage earnings

Insights obtained from prior engagements

  • Control risk is the likelihood that error could occur and not be prevented or detected by internal controls

The more effective the internal controls are, the less control risk sustained by the auditor

Auditors can do little to influence control risk

  • Detection risk is the likelihood that error could occur and not be detected by an auditor’s procedures

Auditors attempt to manage inherent and control risk by controlling detection risk

Inherent and control risk are inversely related to detection risk

The higher a client’s assessed levels of inherent and control risks, the less detection risk an auditor can accept

  • The level of detection risk is inversely related to the amount of audit evidence an auditor needs to gather (that is, the more risk an auditor is willing to take that an error could occur and not be detected, the less evidence he needs)
  • Business risk is the risk an auditor may incur damages despite issuing an appropriate audit report
  1. Materiality in a financial statement audit

1.Materiality

  • The ability of an item of information to change or influence a judgment about an assertion
  • A transaction, event, or disclosure is material if it would affect a decision made by an average prudent investor, a reasonable person, or the like
  • Statement on Auditing Standards No. 47, “Audit Risk and Materiality in Conducting an Audit” (AU Sec.312), states that there is an inverse relationship between audit risk and materiality
  • During a financial statement audit, an auditor considers materiality at least twice

While planning the engagement

Preliminary estimate of materiality is the maximum amount by which a set of financial statements could be misstated and still not cause the auditor to believe that the decisions of reasonable users would be affected

Toward the end of the engagement, after all audit procedures have been completed

  • The preliminary estimate of materiality is allocated to individual accounts based on

Relative magnitude, which is the process of allocating the preliminary estimate based on the relative dollar balances in each balance sheet account

Relative variability, which focuses on the standard deviation of transactions processed or some other measure of variability

Professional judgment does not employ decision aids, as the two previous methods do

  1. Quantitative versus qualitative aspects of materiality
  2. Auditors should not rely solely on quantitative materiality criteria
  3. Auditors should judge the materiality of detected misstatements both individually and in the aggregate
  4. Intentional, but immaterial, misstatements are inappropriate and may be unlawful
  5. Qualitative materiality criteria include

Effect on compliance with loan covenants

Masking an earnings trend change

Concealing an unlawful transaction

Prompting undue expectations

DESCRIPTIONS OF ILLUSTRATIONS IN TEXT

Figure 2-1 / Attestation Standards and Auditing Standards
Figure 2-2 / Sarbanes-Oxley, Services Outside the Scope of Audit Practice
Figure 2-3 / Factors Affecting Business Risk
Figure 2-4 / Sunbeam Stock Price: 1996 to Bankruptcy
Figure 2-5 / A Materiality Decision Aid
Figure 2-6 / Quantitative and Qualitative Materiality Criteria

INFORMATION ABOUT PROBLEMS / DISCUSSION CASES AND RESEARCH PROJECTS

For your convenience, the end-of-chapter problems/discussion cases are described on the next page according to topic, learning objective, and level of difficulty. The time required to complete a problem tends to be proportional to the level of difficulty.

The Basic level of difficulty indicates an item that is fairly straightforward and covers only one or two concepts. They should require 15 to 20 minutes from the better students.

The Medium level of difficulty will take 20 to 40 minutes and require more thought in preparation of the answer. The questions generally have multiple parts and require support for conclusions.

The Difficult level items are much more comprehensive and may include some ambiguity. They may take 60 to 90 minutes to complete.

PROBLEM/
CASE /
TOPICAL CONTENT/LEARNING OBJECTIVE
/ LEVEL OF DIFFICULTY
2-1 / Comparing Attestation Standards and GAAS / Medium
2-2 / GAAS: Obsolescence or Endurance? / Basic
2-3 / Standards vs. Procedures / Basic
2-4 / Training and Proficiency / Basic
2-5 / Independence / Basic
2-6 / Professional Qualifications and the Scope Paragraph / Medium
2-7 / Accepting an Engagement / Basic
2-8 / Evidence / Medium
2-9 / Standards of Field Work / Medium
2-10 / Standards of Reporting / Difficult
2-11 / The Effect of Reporting Standards on Audit Reports / Medium
2-12 / Failure to Comply with GAAS / Medium
2-13 / Audit Risk / Medium
2-14 / Standards for an Assurance Services Engagement / Medium
2-15 / Effect of Audit Risk on Materiality / Medium
2-16 / Materiality / Difficult
2-17 / Calculating and Allocating a Preliminary Estimate of Materiality / Difficult
2-18 / Materiality / Medium
RESEARCH PROJECTS
1 / MD&A and Risk / Medium
2 / Materiality and Audit Risk / Difficult
3 / Violations of GAAS: The SEC’s Accounting and Auditing Enforcement Releases / Medium
4 / Programming, Investigative, and Reporting Independence / Medium

STANDARDS, MATERIALITY AND RISK1