In Phase V, the auditor (a) completes various review and communication activities and (b) makes a decision about what type(s) of opinion(s) should be issued. Examples of review and communication activities include assessing detected misstatements and identified control deficiencies, reviewing the ade- quacy of financial statement disclosures, performing final analytical review procedures, communicating with the audit committee and management about identified control deficiencies, and performing an engagement quality review.
After completing the required review and communication activities, the audi- tor then decides on the appropriate opinion(s) to issue. In an integrated audit, the auditor issues an opinion on both the financial statements and internal control.
The opinions can be issued in one report or in two separate reports. However, if separate reports are issued, each report must refer to the other. In Chapter 1 we presented Ford’s combined audit report, which included an unqualified opinion on the financial statements and an unqualified opinion on internal controls. If the auditor has reservations about the fair presentation of the financial state- ments, the audit opinion on the financial statements would be modified and expanded to explain the nature of the auditor’s reservations. If the auditor has reservations about the effectiveness of the client’s internal controls, the auditor would issue an adverse opinion on internal controls. Exhibit 5.13 provides an example of an audit report with an unqualified opinion on the financial state- ments and an adverse opinion on internal control. Important aspects of Exhibit 5.13 related to the opinion on internal controls include the following:
● The report describes the materials weaknesses, but does not discuss any actions being taken by management to remediate the problems.
● The report does not discuss whether the control weaknesses were first identified by management or by the auditor.
● The report recognizes the integrated nature of the audit in that the audi- tors considered the identified material weaknesses when planning the financial statement audit.
LO12 Identify audit activities in Phase V of the audit opinion formulation process.
The Audit Opinion Formulation Process 185
E X H I B I T 5.13 Example of Adverse Opinion on Internal Control and Unqualified Opinion on the Financial Statements (bold emphasis added in report)
REPORT OF INDEPENDENT REGISTERED PUBLIC ACCOUNTING FIRM
To the Board of Directors and Stockholders of Powell Industries, Inc.:
In our opinion,the consolidated financial statements listed in the accompanying index present fairly, in all material respects, the financial position of Powell Industries, Inc. and its subsidiaries at September 30, 2011 and 2010, and the results of their operations and their cash flows for each of the three years in the period ended September 30, 2011 in confor- mity with accounting principles generally accepted in the United States of America. Also, in our opinion, the Companydid not maintain, in all material respects,effective internal control over financial reporting as of September 30, 2011, based on criteria established in Internal Control—Integrated Framework issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) becausematerial weaknesses in internal control over financial reporting related to thefinancial close and reporting process, the revenue recognition process for long-term construc- tion projects, the cost accumulation process, and the revenue and accounts receivable process for service contracts, existed as of that date. A material weakness is a deficiency, or a combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the annual or interim financial state- ments will not be prevented or detected on a timely basis. The material weaknesses referred to above are described in Manage- ment’s Report on Internal Control Over Financial Reporting under Item 9A.We considered these material weaknesses in determining the nature, timing, and extent of audit tests applied in our audit of the fiscal year 2011 consolidated financial statements, and our opinion regarding the effectiveness of the Company’s internal control over financial reporting does not affect our opinion on those consolidated financial statements. The Company’s management is responsible for these financial statements, for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting included in management’s report referred to above. Our responsi- bility is to express opinions on these financial statements and on the Company’s internal control over financial reporting based on our integrated audits. We conducted our audits in accordance with the standards of the Public Company Accounting Over- sight Board (United States). Those standards require that we plan and perform the audits to obtain reasonable assurance about whether the financial statements are free of material misstatement and whether effective internal control over financial reporting was maintained in all material respects. Our audits of the financial statements included examining, on a test basis, evidence sup- porting the amounts and disclosures in the financial statements, assessing the accounting principles used and significant esti- mates made by management, and evaluating the overall financial statement presentation. Our audit of internal control over financial reporting included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our audits also included performing such other procedures as we considered necessary in the circumstances.
We believe that our audits provide a reasonable basis for our opinions.
A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reli- ability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (i) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and disposi- tions of the assets of the company; (ii) provide reasonable assurance that transactions are recorded as necessary to permit prepa- ration of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (iii) pro- vide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the com- pany’s assets that could have a material effect on the financial statements.
Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projec- tions of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.
PricewaterhouseCoopers LLP Houston, Texas
December 12, 2011
Audit Example: Assessing Control Design Effectiveness, Implementation, and Operating Effectiveness
To illustrate the concepts related to internal control introduced in this chap- ter, we provide an abbreviated example of an integrated audit focusing on cost of goods sold, inventory, and accounts payable. We assume that the organization purchases and distributes products; in other words, the organi- zation is not a manufacturer, but it does hold a material amount of inven- tory. We focus our example on the purchasing cycle and significant accounts of Accounts Payable, Inventory, and Expenses.
Management Assessment of Controls
Management has identified the significant accounts and relevant assertions in the process of procuring goods and recording the related accounts pay- able and inventory. After selecting and testing controls designed to mitigate risk of misstatement in these accounts, management identifies the following control deficiencies:
● Segregation of duties:At one location, the controls are not well designed, as there is not proper segregation of duties. However, the location is very small, accounting for less than 1% of purchases.
● Lack of approval: At a second location that handles 62% of the organi- zation’s purchases, management found that approximately 17% of the purchase orders did not contain proper approval. The reason for the lack of approval was the rush to procure material in a timely fashion to meet a contract requirement. This represents an operating deficiency.
In deciding whether to categorize a deficiency as a significant deficiency or material weakness, management considers the following factors:
● The risk that is being mitigated and whether other controls operate effectively to mitigate the risk of material misstatement
● The materiality of the related account balances
● The nature of the deficiency
● The volume of transactions affected
● The subjectivity of the account balance that is subject to the control
● The rate at which the control fails to operate
Management concludes that the first deficiency (related to segregation of duties) did not rise to the level of either a significant deficiency or a material weakness. However, management decides to use this deficiency as a motiva- tion to centralize purchases at headquarters.
The second deficiency (related to lack of approval) is more of a problem.
Management determines this is a significant deficiency based on the follow- ing rationale:
● It is a major departure from an approved process.
● It could lead to the purchase of unauthorized goods.
● The unauthorized goods could lead to either (a) inferior products or (b) potential obsolescence.
● Those making the purchases could cause them to be shipped elsewhere (fraudulently) and could lead to a material misstatement in the financial statements.
Management determines that other controls are in place that test for inferior products and obsolescence, and that cycle counting of inventory would discover goods that are shipped to a different location. Accordingly, management believes that because of these controls, any potential misstate- ments in the financial statements would not be material. Management tests these controls and determines that they are operating effectively. If these LO13 Apply the concepts
related to the auditor’s assessment of internal control design effective- ness, implementation, and operating effectiveness.
Audit Example: Assessing Control Design Effectiveness, Implementation, and Operating Effectiveness 187
other controls were not in place and operating effectively, then management would have assessed the control deficiency as a material weakness.
Auditor Assessment of Controls
After determining significant accounts and relevant assertions, the auditor reviews management’s documentation of its internal control and manage- ment’s evaluation and findings related to internal control effectiveness.
The auditor had previously reviewed and tested the control environment and other entity-wide controls and had evaluated them as effective. The auditor then determined that the following were the important controls in this process (for discussion purposes, we will again concentrate on the purchasing process and assume that the auditor did not find any material weaknesses in the other processes):
● Only authorized goods are purchased from authorized vendors.
● Purchase prices are negotiated by contract or from bids.
● All purchases are delivered to the organization and received by a sepa- rate receiving department.
● All purchases are recorded in a timely fashion and are appropriately classified.
● Payments are made only for goods that are received.
● Payments are made consistent with the purchase orders or contracts.
● Payments are made in a timely fashion.
The auditor gathers evidence on the operating effectiveness of these con- trols as of the client’s year end for the opinion on internal control effective- ness and on operating effectiveness throughout the year for the financial statement audit. Because much of the process is computerized, the auditor performs computer security tests to assure that access controls are working properly and there is adequate control over program changes. The auditor determines that those controls are effective.
The auditor takes a sample of fifty purchase orders to examine whether purchases are authorized and processed properly. The auditor’s sample size is influenced by previous information about the operation of the control.
Although management had also taken a random sample of purchases and tested the operating effectiveness, the auditor needs to independently deter- mine that the controls are working (or not working). The sample is ran- domly chosen and the auditor traces the transactions through the system to determine that the objectives identified above are addressed by controls.
The auditor’s testing of controls identified the same two deficiencies identified by management. Management viewed the deficiency related to lack of approval as a significant deficiency because (a) the organization has a good ethical climate and (b) management’s tests confirmed that all goods were delivered to the organization. The auditor’s tentative conclusion is that this deficiency is a material weaknessbecause:
● The location was responsible for ordering 62% of all of the organiza- tion’s products.
● Management’s tests showed a failure rate of over 17%.
The fact that all the goods were delivered to the organization is impor- tant and a testament to the ethical culture of the organization. However, not all individuals are ethical; someone with a lower commitment to ethical behavior could be in the purchasing position. Stated another way, a material weakness in internal control can exist even if there are no errors in proces- sing and no misstatements in the current period. The potential for misstate- ment is high because the auditor believes that existing controls do not mitigate the risk of material misstatement.
More specifically, the auditor notes the following related to the auditor’s tests of controls:
● One of the fifty purchases was made from an unauthorized vendor. Inves- tigation reveals that the vendor was subsequently authorized and it was a timing problem; that is, the vendor should have been authorized earlier.
● Seven of the fifty did not have proper authorization, corroborating the earlier finding by management.
● Three of the fifty purchases were paid even though there was no receiv- ing report.
● All of the other controls were found to work properly.
The auditor is concerned that the system allowed a purchase to be made before the vendor was authorized. The auditor’s analysis is focused primarily on the risks that may be caused by unauthorized purchases. The auditor believes that unauthorized purchases could lead to a material misstatement of inventory;
that is, goods were ordered and paid for, with no proof that they were actually received, and may have been delivered elsewhere. Based on this concern, the auditor decides that the deficiency related to lack of approval warrants a mate- rial weakness designation. Using this analysis, the auditor determines the follow- ing implications for substantive procedures in the financial statement audit:
● The auditor will do limited testing of inventory quantities at year end, primarily through random tests of the perpetual inventory system.
● The auditor will assess the year-end inventory for potential obsolescence by looking at industry trends and recent prices within the firm and by using audit software to analyze the aging of inventory.
● The auditor will continue to examine all adjusting entries at the end of the year to determine whether there are unusual entries to inventory and related accounts.
SUMMARY AND NEXT STEPS
This chapter has presented a detailed overview of the activities you will be performing throughout the audit opinion formulation process. These activ- ities are based on guidance provided in the professional auditing standards.
Adhering to the relevant auditing standards and performing the required activities in a professional manner are important to audit quality. Most of what occurs during the audit opinion formulation process is directed towards obtaining evidence to support the audit opinion(s) that will be issued. The next chapter provides you with additional discussion on important aspects of audit evidence.
SIGNIFICANT TERMS
Accounting cycle Recording and processing transactions that affect a group of related accounts. The cycle begins when a transaction occurs and ends when it is recorded in the financial statements.
Audit documentation The record of audit procedures performed, rele- vant audit evidence obtained, and conclusions the auditor reached (terms such as working papersorworkpapersare also sometimes used).
Audit engagement letter A document that specifies the responsibilities of both the client and the auditor.
Significant Terms 189
Audit evidence Information used by the auditor in arriving at the con- clusions on which the auditor’s opinion is based.
Appropriate audit evidence The measure of the quality of audit evi- dence (that is, its relevance and reliability in providing support for the con- clusions on which the auditor’s opinion is based).
Audit procedures Procedures designed to obtain audit evidence to sup- port the audit opinion(s). Three categories of procedures include risk assess- ment procedures, tests of controls, and substantive procedures (including substantive analytical procedures and tests of details).
Audit program An audit document that lists the audit procedures to be followed in gathering audit evidence and helps those in charge of the audit to monitor the progress and supervise the work.
Control risk The risk that a misstatement due to error or fraud that could occur in an assertion and that could be material, individually or in combination with other misstatements, will not be prevented or detected on a timely basis by the organization’s internal control. Control risk is a func- tion of the effectiveness of the design and operation of internal control.
Controls reliance audit An audit that includes tests of controls and substantive procedures.
Dual-purpose test A substantive test and a related test of a relevant control that are performed concurrently, for example a substantive test of sales transactions performed concurrently with a test of controls over those transactions.
Inherent risk The susceptibility of an assertion to a misstatement, due to error or fraud, that could be material, individually or in combination with other misstatements, before consideration of any related controls.
Risk assessment procedure A procedure performed by the auditor to obtain information for identifying and assessing the risks of material misstatement in the financial statements whether due to error or fraud.
Risk assessment procedures by themselves do not provide sufficient appropriate evidence on which to base an audit opinion, but are used for purposes of planning the audit.
Substantive audit An audit that includes substantive procedures and does not include tests of controls.
Substantive procedure An audit procedure designed to detect material misstatements at the assertion level. Substantive procedures comprise tests of details and substantive analytical procedures.
Sufficient audit evidence The measure of the quantity of audit evidence.
Test of controls An audit procedure designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements, typically at the assertion level.
TRUE-FALSE QUESTIONS
5-1 LO1 Auditors of U.S. public companies should follow the PCAOB’s auditing standards.
5-2 LO1 There is not much commonality among the auditing stan- dards set by the PCAOB, AICPA, and IAASB.
5-3 LO2 The ten standards underlying the PCAOB’s auditing stan- dards fall within four different categories.
5-4 LO2 The purpose of an audit is to enhance the degree of confi- dence that users can place on the financial statements.
5-5 LO3 As a precondition to applying the audit opinion formulation process, the auditor needs to understand the client’s responsibilities for internal control over financial reporting and the financial statements.
5-6 LO3 The audit opinion formulation is described as consisting of five phases.
5-7 LO4 The cycle approach to auditing provides a way for breaking the audit up into manageable components.
5-8 LO4 Within a particular cycle, the auditor focuses on the flow of transactions within that cycle, including how transactions are initi- ated, authorized, recorded, and reported.
5-9 LO5 The completeness assertion is typically the more relevant assertion for assets.
5-10 LO5 Within each cycle, the audit is designed to test management assertions.
5-11 LO6 Risk assessment procedures alone provide sufficient appro- priate audit evidence on which to base an audit opinion.
5-12 LO6 The auditor’s selection of audit procedures depends on the accounts and assertions being tested.
5-13 LO7 Auditors are encouraged, but not required, to prepare audit documentation.
5-14 LO7 Audit checklists and audit programs are examples of audit documentation.
5-15 LO8 U.S. auditing standards require that an auditor communicate with a predecessor auditor for an initial audit engagement.
5-16 LO8 The agreed-upon terms of an audit engagement should be documented in an audit program.
5-17 LO9 During risk assessment, the auditor is focused on under- standing the risks of all misstatements in the financial statements and related disclosures.
5-18 LO9 The auditor assesses the risk of material misstatement at only the assertion level.
5-19 LO10 The auditor is expected to obtain evidence about the oper- ating effectiveness of internal control on all audits.
5-20 LO10 When testing controls, the auditor tests only transaction controls.
5-21 LO11 The auditor is expected to perform substantive procedures for each relevant assertion of each significant account and
disclosure.
5-22 LO11 Substantive procedures include substantive analytical pro- cedures and tests of details.
5-23 LO12 Once the auditor completes the substantive procedures in Phase IV, the auditor is in a position to issue the audit opinion.
True-False Questions 191