Chapter one

Objective 1-1: Describe auditing

Auditing is the accumulation and evaluation of evidence about information to deter m i n e and report on the degree of
correspondence between the information and established criteria.

Auditing should be done by a competent, independent person.

From this definition the auditor make four activities:

1. Accumulate (Collecting evidence).
2. Evaluating evidence
3. Determine whether this information is prepared according to certain criteria
4. Reporting; the auditor should write a report

Also we have three important keywords in this definition

A. Information: Audited by the auditor

B. Established Criteria
C. Evidence

A. Information

To do an audit, there must be information in a verifiable form and some standards (Criteria) by which the auditor can evaluate
the information.

Information can and does take many forms as auditors routinely perform audit of:

1) Quantifiable
Such as the company’s financial statements; balance sheet, income statement, cash flow statement. And individual
federal income tax returns.
2) Subjective
Such as the effectiveness of computer systems and the efficiency of the manufacturing operations

B. Criteria
The criteria for evaluating information also vary depending on the information being audited

In the audit of: Criteria:

A. Financial Statements x GAA P (Generally Accepted
Accounting Principles)
x IFRS (International Financial
Reporting Standards)
B. Internal Control over Financial x Recognized framework for
Reporting established internal control such
as internal control integrated
framework issued by (COSO)
C. Tax return x Internal revenue code

Page 1
 D. For more subjective information x Allowable level of i n put or
such as: Output errors.
Effectiveness of computer systems

C. Accumulating and Evaluating Evidence

Evidence; It is any information used by the auditor to determine whether the information being audited is stated in
accordance with the established criteria.

Evidence can take many different forms including:

1. Electronic and documentary data about transactions
2. Written and electronic communication with outsiders
3. Observations by the auditor
4. Oral testimony of the auditee (Client)

 To satisfy the purpose of audit, auditors must obtain a Sufficient Quality and Volume of Evidence.

 Auditors must determine the types and amount of evidence necessary and evaluate whether the information
corresponds to the established criteria.

Competent, Independent Person:

 The auditor must be qualified to understand the criteria used and must be competent to know the types and amount
of evidence to accumulate to reach the proper conclusion after examining the evidence.
 The auditor must also have an independent mental attitude. The competence of those performing the audit is of
little value if they are biased in the accumulation and evaluation of evidence.
 Auditors strive to maintain a high level of independence to keep the confidence of users relying on their reports.
Auditors reporting on company financial statements are often called independent auditors. Even though such
auditors are paid fees by the company, they are norm ally sufficiently independent to conduct audits that can be
relied on by users.
 Even internal auditors²those employed by the companies they audit usually report directly to top management and
the board of directors, keeping the auditors independent of the operating units they audit.

Reporting:
The final stage in the audit i n g process is prep a r i n g the audit report, “which communicates the auditor’s findings to
users”.

 Reports differ in nature, but all must inform readers of the degree of correspondence between the information
audited and established criteria.

 Reports also differ in form and can vary from the highly technical type usually associated with financial statement
audits to a simple oral report in the case of an operational audit of a small department’s effectiveness.

 The key parts in the description of auditing are illustrated in Figure 1-1 using an IRS agent’s audit of an individual’s tax
return as an example.

Page 2
Objective 1-2: Distinguish between auditing and accounting:.
Accounting Auditing

It includes 3 activities; recording , Classifying, and It includes 4 activities; accumulation ,and

summarizing economic events. evaluating of audit evidence, determine and report
on the degree of correspondence between
information and established criteria.

The function is to provide information which

managers and users can use to make decisions. The function is to determine whether the recorded
information reflects the economic Events.

It should be done by the accountants who
must have a thorough understanding &
knowledge of the principles and rules (GAA P)
that provide the basis for preparing the
accounting information.
It should be done by the CPAs (auditors)
who must thoroughly understand (GA A P) and
have expertise in the accumulation and
Interpretation of audit evidence.

Objective 1-3: Explain The Importance Of Auditing In Reducing Information Risk.

If the bank makes the loan, it will charge a rate of interest determined prim arily by three factors:
1. Risk-free interest rate. This is approximately the rate the bank could earn by investing in U.S. treasury notes for the same
length of time as the business loan.
2. Business risk for the customer. This risk reflects the possibility that the business will not be able to repay its loan because
of economic or business conditions, such as a recession, poor management decisions, or unexpected com petition in the
industry.
3. Information risk. Inform ation risk reflects the possibility that the inform ation upon which the business risk decision was
made was inaccurate. A likely cause of the inform ation risk is the possibility of inaccurate financial statem ents.
Auditing has no effect on either the risk-free interest rate or business risk, but it can have a significant effect on inform ation
risk.
Objective 1-4: Causes of Information Risk:
1. Remoteness of Information:
 In a global economy, it is nearly impossible for a decision maker to have much firsthand know ledge about the organization
with which they do business. Inform ation provided by others must be relied upon.
 When inform ation is obtained from others, the likelihood of it being intentionally or unintentionally misstated increases.
2. Biases and Motives of the Provider:
If information is provided by someone whose goals are inconsistent with those of the decision maker, the information may be

Page 3
biased in favor of the provider.
3. Voluminous Data:
There is an inverse relation between the volume of data and accuracy of the information.
4. Complex Exchange Transactions:
 In the past few decades, exchange transactions between organizations have become increasingly com plex and therefore
more difficult to record properly.
 Therefore the accountants may commit a lot of misstatements because these transactions are more difficult to record
properly.
Reducing Information Risk:
After com paring costs and benefits, business managers and financial statements users may conclude that the best way to deal
with information risk is simply to have it remain reasonably high.
 A small company may find it less expensive to pay higher interest costs than to increase the costs of reducing information
risk.
 For larger businesses, it is usually practical to incur costs to reduce information risk. There are three main ways to do
so:

Ways Advantages Disadvantages

1. User Verifies 1. User obtains information desired.
Information 2. User can be more confident of the
qualifications and activities of the person
getting the information.
High cost of obtaining information.
Inconvenience to the person providing
the information because large number
of users would be on premises.

2. User Shares 1. No audit costs incurred. User may not be able to collect on
Information Risk losses.
With
Management

3. Audited Financial 1. Multiple users obtain the information.
Statements Are Low cost of obtaining information as
Provided Information risk can usually be reduced
sufficiently to satisfy users at reasonable cost.
Minimal inconvenience to management by
2. having only one auditor.
1. May not meet needs of certain
users.
2. Costs may be higher than the
benefits in some situations, such as
for a small company.

Figure 1-2 Relationships among Auditor, Client, and External Users Audited:

Page 4
Objective 1-5: Assurance Services:
1. Assurance Service
 An assurance service is an independent professional service that improves the quality of inform ation for decision
makers. Such services are valued because the assurance provider is independent and perceived as being unbiased with
respect to the inform ation examined.
 Individuals who are responsible for making business decisions seek assurance services to help them improve the
reliability and relevance of the inform ation used as the basis for their decisions.
 Assurance services can be done by C PA s or by a variety of other professionals. For example, Consumers Union, a
nonprofit organization, tests a wide variety of products.
used by consum ers and reports their evaluations of the quality of the products tested in Consumer Reports.
1. Attestation services
One category of assurance services provided by CPAs is attestation services. An Attestation Service is a type of assurance
service in which the CPA firm issues a report about the reliability of an assertion that is made by another party. A
ttestation services fall into five categories:
1. Audit of historical financial statem ents
2. Audit of internal control over financial reporting
3. Review of historical financial statements
4. Attestation services on inform ation technology
5. Other attestation services that may be applied to a broad range of subject matter
1. Audit of Historical Financial Statements.
2. Review of Historical Financial Statements
 Difference between Audit and Review of Financial Statements: There are Four main differences between the A udit and
Review
1. Level of assurance
2. Amount of evidence
3. Fees
4. Type of client
1. Level of assurance
Review of historical of financial statements provides a lower level of assurance compared to the high level of the audit of
the financial statem ents.
2. Evidence
Less evidence is needed for reviews compared to amounts needed for audit
3. Amount of fees
Review can be provided at much lower fees than the audit
4. Type of client
Public companies are required to have audit while many non-public companies have only to review their financial statem
ents to lim it their audit fees.

3. Attestation Services on Information Technology

Page 5
 For attestations on inform ation technology, management makes various assertions about the reliability and security of
electronic inform ation. M any business’s functions, such as ordering and making paym ents, are conducted over the
Internet or directly betw een com puters using electronic data interchange (ED I).
 As transactions and inform ation are shared online and in real time, businesspeople dem and even greater assurances
about inform ation, transactions, and the security protecting them.
Web-Trust and Sys-Trust are examples of attestation services developed to address these assurance needs.
Web-Trust: Sys-Trust
 It is designed to provide assurance to management, board of
directors, or third party about the reliability in criticized areas
 It is designed to provide assurance to a such as security and data integrity
third party (client) user of the website.
 Web-trust provide assurance that the
website meet the established criteria
related to business practices, transactions,
integrity and information process.

1. Web-Trust: is an attestation services and the web trust seal is a symbolic representation of t h e CPA’s report on
management’s assertions about its disc losu r e of electronic comm erce practices.
2. Sys-Trust: is an attestation type engagement to evaluate and test system reliability in areas such as security and data
integrity
4. Audit of Internal Control over Financial Reporting
Management asserts that internal controls have been developed and implemented following well established criteria.
Internal control is just a system, each company should establish its internal control system to save guard assets and insure
reliability of financial reports.
We need an auditor to audit the internal control system to tell us whether the system is efficient or not.
Also we need TWO opinions about:
1. The fairness of financial statements
2. The effectiveness of the control system
CPA does TWO jobs (External CPA)
1. Audit of financial statements
2. Audit of the control system as management is responsible for preparing financial statements & internal control
system
Section 404 of the Sarbanes–Oxley Act requires:
 Public companies to Report management’s assessment of the effectiveness of internal control.
 Auditors to attest to the effectiveness of internal control over financial reporting.
This evaluation, which is integrated with the audit of the financial statemtents, increases user confidence about future
financial reporting, because effective internal controls reduce the likelihood of future misstatements in the financial
statem ents.
5. Other Attestation Services:
C PA s provide num erous other attestation services. M any of these services are natural extensions of the audit of
historical financial statem ents, as users seek independent assurances about other types of inform ation.
a) Pro v ide assurance about the company’s compliance with the financial pro v i sio n s (term s) of the loan.
b) A ttest to the information in a client’s forecasted financial statements, which are often used to obtain financing.
Other Assurance Services
Most of the other assurance services that CPA s provide do not meet the definition of attestation services because:
1 . The CPA is not required to issue a written report, and
2. The assurance does not have to be about the reliability of another party’s assertion about com pliance with specified
criteria. But the CPA must still be independent and must provide assurance about inform ation used by decision makers.
Nonassurance Services Provided by CPAs
CPA firms perform num erous other services that generally fall outside the scope of assurance services. Three specific

Page 6
 examples are:
1. Accounting and bookkeeping services
2. Tax services
3. M anagement consulting services

Objective 1-6: Differentiate the three main types of audits.

Audits Of
Operational Audits Compliance Audits
Financial Statements

To evaluate whether To determine whether To determine whether the

operating procedures are the client is following overall financial statements
efficient and effective specific procedures set are presented in accordance
Purpose by higher authority with specified criteria
(usually GAA P)

Management of Authority setting Different groups for different

Users Of Audit
organization Down procedures, purposes ² many outside
Report
internal or external entities

Highly nonstandard; often Not standardized, but Highly standardized

Nature subjective specific and usually
objective
Performed By: Frequently Occasionally Almost universally
CPAs

GAO Auditors Frequently Frequently Occasionally

IRS Auditors Never Universally Never

Internal Frequently Frequently Frequently

Auditors

Page 7
Types of Auditors:

1. Certified Public Accounting Firms:

Certified public accounting firms are responsible for auditing the published historical financial statements of all
publicly traded companies, most other reasonably large companies, and many smaller companies and noncommercial
organizations.
 CPA firms are often called external auditors or independent auditors to distinguish them from internal auditors.
2. Government Accountability Office Auditors (GAO):
 It is an auditor working for the U .S. Government Accountability Office (GAO), a nonpartisan agency in the
legislative branch of the federal government. Headed by the Comptroller General, the GAO reports to and is
responsible solely to Congress.

 The GAO’s primary responsibility is to perform the audit function for Congress, and it has many of the same
audit responsibilities as a C PA firm.
 The GAO audits much of the financial information prepared by various federal government agencies before it is
submitted to Congress.
3. Internal Revenue Agents
 The IRS, under the direction of the Commissioner of Internal Revenue, is responsible for enforcing the federal tax laws
as they have been defined by Congress and interpreted by the courts. A major responsibility of the IRS is to audit
taxpayers’ returns to determine whether they have complied with the tax laws.

4. Internal Auditors
 Internal auditors are employed by all types of organizations to audit for management, much as the GAO does for
Congress. Internal auditors’ responsibilities vary considerably, depending on the employer.
 Some internal audit staffs consist of only one or two employees doing routine compliance auditing. Other internal audit
staffs may have more than 100 employees who have diverse responsibilities, including many outside the accounting
area.
 Many internal auditors are involved in operational auditing or have expertise in evaluating computer systems.
Objective 1-8: Describe the requirements for becoming a CPA.

Page 8
9