Table of Contents

1 Introduction and Overview of Audit and Assurance 1-1

Assurance, Attestation, and Audit Services 1-3

Different Assurance Services 1-6

Demand for Audit and Assurance Services 1-8

Preparers and Auditors 1-11

The Role of Regulators and Regulations 1-13

Audit Report on Financial Statements 1-19

Audit Report on Internal Controls over Financial Reporting 1-25

The Audit Expectation Gap 1-28

2 Professionalism and Professional Responsibilities 2-1

Professionalism and Accounting 2-3

The Structure of the AICPA Code of Professional Conduct 2-5

Conceptual Framework for Members in Public Practice 2-7

Integrity and Objectivity 2-11

Independence 2-12

General Standards 2-23

Other Rules of Conduct for Members in Public Practice 2-24

Auditor Liability Under Common Law 2-26

Auditor Liability Under Statutory Law 2-33

3 Risk Assessment Part I: Audit Risk and Audit Strategy 3-1

Client Acceptance and Continuance Decisions 3-3

Phases of an Audit 3-8

Materiality 3-10

Professional Skepticism and Audit Risk 3-14

Audit Strategy 3-21

Fraud Risk 3-25

4 Risk Assessment Part II: Understanding the Client 4-1

Understanding the Client 4-3

Client Approaches to Measuring Performance 4-12

Analytical Procedures 4-14

Related Parties 4-22

Corporate Governance 4-23

Internal Control and Information Technology 4-26

Closing Procedures 4-27

5 Audit Evidence 5-1

Management Assertions 5-3

Characteristics of Audit Evidence 5-7

Procedures for Gathering Audit Evidence 5-10

Using the Work of Others 5-18

Documentation—Audit Working Papers 5-24

6 Gaining an Understanding of the Client’s System of Internal Control 6-1

Internal Control Defined 6-3

Entity-Level Internal Controls 6-7

Transaction-Level Internal Controls 6-19

Information Technology (IT) Controls 6-23

Documenting Internal Controls 6-29

Identifying Strengths and Weaknesses in a System of Internal Controls 6-31

Management Letters 6-33

7 Audit Data Analytics 7-1

Steps in Performing Audit Data Analytics 7-3

Steps Associated with Accessing and Preparing Data for Audit Data Analytics 7-11

Using Audit Data Analytics as a Risk Assessment Procedure 7-13

Applying Audit Data Analytics as a Risk Assessment Procedure 7-17

Using Audit Data Analytics as a Substantive Test 7-37

Applying Audit Data Analytics as a Substantive Test 7-38

Validating Sales Revenue and Accounts Receivable with Subsequent Cash Receipts 7-38

8 Risk Response: Performing Tests of Controls 8-1

Steps in Assessing Control Risk 8-3

Types of Controls 8-7

Procedures for Testing Controls 8-13

Selecting and Designing Tests of Controls 8-15

Results of the Auditor’s Testing 8-26

Documenting Conclusions 8-29

9 Risk Response: Performing Substantive Procedures 9-1

Audit Risk and Substantive Procedures 9-3

Risk Response at the Financial Statement Level 9-5

Nature of Substantive Procedures 9-7

Timing of Substantive Procedures 9-14

Extent of Substantive Procedures 9-16

Auditing Accounting Estimates 9-19

Documenting Results of Substantive Procedures 9-26

10 Risk Response: Evaluating Audit Data Analytics and Audit Sampling for Substantive Tests 10-1

Using Audit Data Analytics versus Audit Sampling 10-3

Audit Sampling Defined 10-5

Sampling Risk and Nonsampling Risk 10-6

Statistical and Nonstatistical Sampling 10-8

Sampling Methods 10-9

Factors That Influence the Sample Size—Substantive Testing 10-11

A Basic Framework for Audit Sampling 10-14

Applying Probability-Proportionate-to-Size Sampling for Substantive Testing 10-16

Applying Nonstatistical Sampling for Substantive Testing 10-28

Appendix 10A: Applying Classical Variables Sampling for Substantive Testing 10-33

11 Auditing the Revenue Process 11-1

Nature of the Revenue Process 11-3

Understanding the Entity and Its Environment 11-4

Inherent Risks in the Revenue Process 11-9

Control Activities for Credit Sales 11-12

Control Activities for Cash Receipts 11-18

Control Activities for Sales Adjustments and Revenue Process Disclosures 11-23

Tests of Controls in the Revenue Process and Audit Strategy 11-25

Substantive Tests for the Revenue Process 11-28

12 Auditing the Purchasing and Payroll Processes 12-1

Nature of Purchase Transactions and Balances 12-3

Understanding the Entity and Its Environment 12-4

Inherent Risks in the Purchasing Process 12-8

Control Activities for Purchases 12-11

Control Activities for Cash Disbursements 12-18

Evaluated Receipt Settlement (ERS) 12-21

Control Activities for Purchase Adjustments and Purchasing Process Disclosures 12-24

Tests of Controls in the Purchasing Process and Audit Strategy 12-26

Substantive Procedures for the Purchasing Process 12-28

Appendix 12A: Auditing Payroll 12-34

Explain the Nature of Payroll Transactions and Balances 12-34

Understanding the Entity and Its Environment 12-35

Inherent Risks Related to Payroll 12-37

Control Activities for Payroll 12-38

Tests of Controls in the Payroll Process and Audit Strategy 12-42

Substantive Tests for the Payroll Process 12-45

13 Auditing Various Balance Sheet Accounts (and Related Income Statement Accounts) 13-1

Auditing Cash and Cash Equivalents 13-3

Auditing Inventory on the Balance Sheet 13-11

Auditing Property, Plant, and Equipment 13-28

Auditing Financing Activities 13-37

14 Completing the Audit 14-1

Audit Procedures for Loss Contingencies 14-3

Subsequent Events 14-7

Engagement Wrap-Up 14-10

Going Concern 14-18

Management Representation and Communication with Those Charged with Governance 14-21

15 Reporting on the Audit 15-1

Standard Unmodified/Unqualified Audit Report 15-3

Additional Paragraph for the Standard Unmodified Report 15-7

Opinion Based in Part on the Report of Another Auditor 15-12

Modifying the Audit Opinion 15-14

Subsequently Discovered Facts 15-22

Reports on the Audit of ICFR 15-26

Compilation and Review Engagements 15-30

Appendix A Cloud 9 Inc. Audit A-1

Cloud 9 Inc. Company Background A-1

Transcript of Meeting with David Collier A-4

Glossary G-1

Index I-1