We are a Dallas, Texas CPA firm specializing in audit, review, compilation, and agreed upon procedures services for Texas businesses in a wide range of industries and sizes.
Showing posts with label AU-C Section 200. Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Generally Accepted Auditing Standards. Show all posts
Showing posts with label AU-C Section 200. Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Generally Accepted Auditing Standards. Show all posts
"If an objective in a relevant AU-C section cannot be achieved, the auditor should evaluate whether this prevents the auditor from achieving the over-all objectives of the auditor and thereby requires the auditor, in accordance with GAAS, to modify the auditor's opinion or withdraw from the engagement (when withdrawal is possible under applicable law or regulation). Failure to achieve an objective represents a significant finding or issue requiring documentation in accordance with section 230, Audit Documentation."
Whether or not an audit objective has been achieved depends on the Auditor's professional judgment, and might include an analysis of
the results of audit procedures performed in complying with the requirements of GAAS;
the auditor's evaluation of whether sufficient appropriate audit evidence has been obtained; and
whether more needs to be done in the particular circumstances of the audit to achieve the objectives stated in GAAS.
Circumstances that might prevent the Auditor from achieving an objective include those that:
prevent the auditor from complying with the relevant requirements of an AU-C section.
result in it not being practicable or possible for the auditor to carryout the additional audit procedures or obtain further audit evidence (e.g., due to a limitation in the available audit evidence)
The Auditor doesn't necessarily have to document that he achieved the objectives (e.g., in a separate checklist), but his documentation of conclusions in various audit areas should provide evidence that the objectives were achieved.
".27 The auditor should consider applicable interpretive publications in planning and performing the audit.
.28 In applying the auditing guidance included in an other auditing publication, the auditor should, exercising professional judgment, assess the relevance and appropriateness of such guidance to the circumstances of the audit."
Interpretive Publications are issued under the approval of the ASB and are included in AU-C Sections; they are not auditing standards, but they provide recommendations on how to apply GAAS in special circumstances (e.g., for entities in specialized industries). Examples of Interpretive Publications are AICPA Audit and Accounting Guides and Statements of Position.
Other auditing publications have no authoritative status; however,they may help the auditor understand and apply GAAS. The auditor is not expected to be aware of the full body of other auditing publications. We can assume that anything published by the AICPA is appropriate for use by the Auditor, but the auditor must assess the relevance of other such publications based on their reputation as a credible source of information. An example of an Other Auditing Publication might be the Journal of Accountancy.
".24 Subject to paragraph .26, the auditor should comply with each requirement of an AU-C section unless, in the circumstances of the audit,
the entire AU-C section is not relevant; or
the requirement is not relevant because it is conditional and the condition does not exist.
.25 GAAS use the following two categories of professional requirements,identified by specific terms, to describe the degree of responsibility it imposes on auditors:
Unconditional requirements.The auditor must comply with an unconditional requirement in all cases in which such requirement is relevant. GAAS use the word "must" to indicate an unconditional requirement.
Presumptively mandatory requirements. The auditor must comply with a presumptively mandatory requirement in all cases in which such a requirement is relevant except in rare circumstances discussed in paragraph .26. GAAS use the word "should" to indicate a presumptively mandatory requirement.
.26 In rare circumstances, the auditor may judge it necessary to depart from a relevant presumptively mandatory requirement. In such circumstances,the auditor should perform alternative audit procedures to achieve the intent of that requirement. The need for the auditor to depart from a relevant presumptively mandatory requirement is expected to arise only when the requirement is for a specific procedure to be performed and, in the specific circumstances of the audit, that procedure would be ineffective in achieving the intent of the requirement."
As such, the Auditor must follow all requirements in GAAS unless
an entire AU-C Section is not relevant (e.g., if the entity under audit does not have an internal audit function, the Auditor does not have to comply with any of the requirements in AU-C Section 610 "Using the Work of Internal Auditors") or
a requirement within an AU-C Section is not relevant (e.g., if there is no limited scope on the audit, then the auditor is not required to modify the auditor's opinion due to a scope limitation; or if there are no internal control deficiencies, the auditor is not required to internal control deficiencies to management or those charged with governance).
There are two types of requirements:
unconditional requirements: these are characterized with a "must" statement; the Auditor has to comply with these requirements unless irrelevant.
presumptively mandatory: these are characterized with a "should" statement; whether or not the auditor complies with these requirements depends on his professional judgment. Section 230 establishes documentation requirements for when an auditor departs from a relevant requirement. If a requirement would likely not achieve its intent, the Auditor can depart from that requirement, but he should perform alternative procedures that achieve that intent.
"To achieve the overall objectives of the auditor, the auditor should use the objectives stated in individual AU-C sections in planning and performing the audit considering the interrelationships within GAAS to
determine whether any audit procedures in addition to those required by individual AU-C sections are necessary in pursuance of the objectives stated in each AU-C section; and
evaluate whether sufficient appropriate audit evidence has been obtained."
The objectives in each AU-C section help the auditor to link the requirements to the overarching goal of complying with the AU-C section and to focus the auditor on the desired outcome of the AU-C section. This will help the auditor to:
understand what needs to be accomplished and, when necessary, the appropriate means of doing so; and
decide whether more needs to be done to achieve the objectives in the particular circumstances of the audit.
In using the objectives, the auditor is required to consider the inter-relationships among the AU-C sections. This is because the AU-C sections in some cases address general responsibilities that apply to other sections and to the audit overall (e.g., the requirement for professional skepticism is included in this section and applies to all areas of the audit and to other sections, but is not included as a requirement in other sections).
The achievement of the objectives in each AU-C Section should be the ultimate goal of the auditor. And in cases where the requirements of an AU-C Section do not achieve the objectives (e.g., in an unusual circumstance or engagement), the auditor should perform additional procedures necessary to achieve the objectives. This might require the auditor to:
Evaluate whether further relevant audit evidence has been, orwill be, obtained as a result of complying with other AU-C sections;
Extend the work performed in applying one or more requirements; and/or
Perform other procedures judged by the auditor to be necessary inthe circumstances.
If the objectives have not been met, and none of the above additional considerations are practical or possible, the auditor should the auditor will not be able to obtain sufficient appropriate auditevidence and is required by GAAS to determine the effect on the auditor's reportor on the auditor's ability to complete the engagement.
https://www.aicpa.org/content/dam/aicpa/research/standards/auditattest/downloadabledocuments/au-c-00200.pdf
AU-C Section 200.20-22 says: ".20 The auditor should comply with all AU-C sections relevant to the audit. An AU-C section is relevant to the audit when the AU-C section is in effect and the circumstances addressed by the AU-C section exist. (Ref: par. .A57–.A62) .21 The auditor should have an understanding of the entire text of an AU-C section, including its application and other explanatory material, to understand its objectives and to apply its requirements properly. (Ref: par. .A63–.A71)
.22 The auditor should not represent compliance with GAAS in the auditor's report unless the auditor has complied with the requirements of this section and all other AU-C sections relevant to the audit."
The "Compliance With Standards Rule" (ET sec. 1.310.001) of the AICPA Code of Professional Conduct requires an auditor to comply with standards promulgated by the Auditing Standards Board (i.e., with GAAS). The Accounting Standards Board (i.e., the ASB) publishes auditing standards in Statements on Auditing Standards (i.e., SASs), which are then codified into AU-C Sections.
GAAS:
provide standards for fulfilling the overall objectives of the audit;
address general responsibilities of the auditor;
address those responsibilities for specific audit areas/topics; and
provide the scope, effective dates, and any limitations of applying the standards.
The audit may also be conducted in accordance with both GAAS and:
auditing standards promulgated by the Public Company Accounting Oversight Board (i.e., the PCAOB);
International Standards on Auditing;
Government Auditing Standards; or
auditing standards of a specific jurisdiction or country.
As such, it might be necessary for the auditor to perform additional procedures to comply with both GAAS and other standards. To comply with GAAS, the auditor must comply with the entire AU-C Sections that are relevant, which include:
Introductory Material: discusses the scope of the section; might include:
the purpose and scope of the AU-C Section
the subject matter of the AU-C Section
the responsibilities of the auditor and others in applying the AU-C Section
the context in which the AU-C Section is set
Definitions: a description of certain terms used in AU-C Sections.
Objectives: gives the overarching goal of applying the section
Requirements: gives the specific duties of the auditor in achieving the objectives
Application and other explanatory material: supports the requirements with additional tips for achieving the requirements.
Appendices: additional guidance to support the application and other explanatory material.
AU-C Section 200.19 says: "To obtain reasonable assurance, the auditor should obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor's opinion."
In performing the audit, we can never gain absolute assurance that the financial statements as a whole are free from material misstatement; and that is because there are inherent limitations of an audit. These inherent limitations stem from:
the nature of financial reporting: many facets of the financial reporting framework require judgments and subjective decisions; therefore, some financial statement items contain inherent variability that can't be eliminated by performing more audit procedures (e.g., accounting estimates depending on future events).
the nature of audit procedures: there are several practical and legal limitations to performing the audit:
management might not provide all information that is relevant to the preparation and fair presentation of the financial statements; as such, the auditor can't be certain of the completeness of information provided to him.
fraud may be sophisticated and concealed; as such, the auditor's procedures may be ineffective in detecting intentional misstatements supported by falsified documents or information.
the audit is not a legal investigation; as such, he does not have the authority to search the entity.
the cost/benefit balance of the audit: the audit opinion and financial statements need to be issued within a reasonable period of time after the entity's fiscal year, thereby being relevant to the financial statement users. However, this turnaround might not be enough time for the auditor to exhaustively test every assumption of fraud or error until proved otherwise. As such, the auditor must strike a balance between the reliability of information and its cost; this can be achieved through proper planning .
As such, the auditor should:
plan the audit so that it will be performed in an effective manner;
direct audit effort to areas most expected to contain risks of material misstatement, whether due to fraud or error,with correspondingly less effort directed at other areas; and
use testing and other means of examining populations for misstatements.
Other areas that are susceptible to the inherent limitations of the audit:
Fraud (see AU-C Section 240)
Related party relationships (see AU-C Section 550)
Noncompliance with laws and regulations (see AU-C Section 250)
Going concern (see AU-C Section 570)
These inherent limitations are not an excuse for the auditor to be satisfied with less persuasive audit evidence. He still needs to obtain sufficient appropriate audit evidence that supports the auditor's opinion.
"To obtain reasonable assurance, the auditor should obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor's opinion."
The AICPA defines audit risk as the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk.
Risk of Material Misstatement
The risk of material misstatement is the risk that the financial statements are materially misstated prior to the audit, and they exist at two levels:
The overall financial statement level: these are risks that relate pervasively to the financial statements as a whole and potentially affect many assertions (e.g., the risk of fraud or the management override of controls)
The assertion level: these are risks that relate to classes of transactions, account balances,and disclosures. The assessment of risk at this level allows the auditor to determine the nature, timing, and extent of audit procedures. The assertion level risks are composed of:
inherent risk: The susceptibility of an assertion about a class of transaction, account balance, or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls. Inherent risks might be higher for some accounts due to:
complex calculations (e.g., the value of derivatives)
significant estimation uncertainty (e.g., the allowance for doubtful accounts)
business risks (e.g., obsolete inventory in technology companies)
industry risks (e.g., a declining industry challenging the going-concern assumption)
control risk: The risk that a misstatement that could occur in an assertion about a class of transaction, account balance, or disclosure and that could be material, either individually or when aggregated with other misstatements,will not be prevented, or detected and corrected, on a timely basis by the entity's internal control. Proper internal controls can never eliminate the risk of material misstatement due to the inherent limitations of an audit, for example:
human error
collusion
management override of controls
AU-C Section 315 lays out requirements for assessing the risk of material misstatement at the overall financial statement level and the assertion level.
Detection Risk
Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.
Detection risk bears an inverse relationship to the risk of material misstatement; for example, the higher the risk of material misstatement, the more evidence that needs to be obtained to mitigate the risk that potential misstatements go undetected.
The following steps in an audit help the auditor to develop the nature, timing, and extent of his audit procedures to reduce detection risk to an appropriate level:
Adequate planning
Proper assignment of personnel to the engagement team
The application of professional skepticism
Supervision and review of the audit work performed
AU-C Section 300 establishes requirements and provides guidance on planning an audit of financial statements and the auditor's responses to assessed risks. Detection risk, however, can only be reduced, not eliminated, because of the inherent limitations of an audit. Accordingly, some detection risk will always exist.
"To obtain reasonable assurance, the auditor should obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor's opinion."
Audit evidence is required to support the auditor's opinion, and is comprised of information (or a lack of information) that supports or contradicts management's assertions; this evidence can come from several places:
procedures performed over the course of the audit;
previous audits;
a firm's quality control procedures;
the entity's accounting records; or
information provided by a specialist employed by the entity.
The auditor should seek to obtain evidence that is sufficient and appropriate to support his opinion. Sufficiency (i.e., quantity) and appropriateness (i.e., quality) of evidence are inversely related. For example, if the quality of the evidence is high, the auditor might determine he doesn't need as much evidence to support the assertion. Whether or not sufficient appropriate audit evidence has been obtained is a matter of professional judgment and explained more in detail at AU-C Section 500.
"The auditor should exercise professional judgment in planning and performing an audit of financial statements."
Professional judgment is defined as the application of relevant training, knowledge, and experience, within the context provided by auditing, accounting, and ethical standards, in making informed decisions about the courses of action that are appropriate in the circumstances of the audit engagement.
Since the requirements of GAAS, ethical standards, and accounting principles are frameworks and do not specifically reference every situation the auditor might encounter, the auditor has to leverage his knowledge and experience in planning, performing, and reporting on the audit.
Areas where the auditor is required to use his professional judgment include his assessment of:
materiality and audit risk;
the nature, timing, and extent of audit procedures used to meet the requirements of GAAS and gather audit evidence;
whether sufficient appropriate audit evidence has been obtained, and whether more needs to be done to achieve the objectives of GAAS and thereby, the overall objectives of the auditor;
the evaluation of management's judgments in applying the entity's applicable financial reporting framework; and
the drawing of conclusions based on the audit evidence obtained.
The level of professional judgement required of the auditor is obtained through relevant training, knowledge, and experience. In cases where the auditor does not have the knowledge or experience to exercise sound professional judgement, he should consult with others within and/or outside of the audit firm to assist him in making reasonable judgments.
The professional judgement exercised by the auditor should reflect a competent application of auditing standards and accounting principals under the facts and circumstances known by the auditor up to the auditor's report date. It also should be exercised and documented throughout the audit; this means the auditor is required to prepare audit documentation sufficient to enable an experienced auditor, having no previous connection with the audit, to understand the significant professional judgments made in reaching conclusions on significant findings or issues arising during the audit. Professional judgment should not be used as a scapegoat for decisions that are not otherwise supported by the facts and circumstances of the engagement or by sufficient appropriate audit evidence.
"The auditor should plan and perform an audit with professional skepticism, recognizing that circumstances may exist that cause the financial statements to be materially misstated."
Professional skepticism is defined as an attitude that includes a questioning mind, being alert to conditions that may indicate possible misstatement due to fraud or error, and a critical assessment of audit evidence.
Throughout the audit, the auditor should be alert to the following:
Audit evidence that contradicts other audit evidence obtained.
Information that brings into question the reliability of documents and responses to inquiries to be used as audit evidence.
Conditions that may indicate possible fraud.
Circumstances that suggest the need for audit procedures in addition to those required by GAAS.
In doing so, the auditor hopes to prevent:
overlooking unusual circumstances.
over-generalizing when drawing conclusions from audit observations.
using inappropriate assumptions in determining the nature, timing, and extent of the audit procedures and evaluating the results thereof.
In regard to the critical assessment of audit evidence, the auditor should:
question contradictory audit evidence and the reliability of documents and responses to inquiries and other information obtained from management and those charged with governance.
consider the sufficiency and appropriateness of audit evidence obtained in light of the circumstances.
The auditor may accept records and documents as genuine unless the auditor has reason to believe the contrary. In such a case, the auditor should investigate further and determine what modifications or additions to audit procedures are necessary to resolve the matter.
The auditor neither assumes that management is dishonest nor assumes unquestioned honesty. The belief that management is honest and has integrity does not relieve the auditor of his duty to obtain sufficient and appropriate evidence when obtaining reasonable assurance.
"The auditor should comply with relevant ethical requirements relating to financial statement audit engagements."
In acting ethically, the auditor should assume an obligation of self-discipline above and beyond the requirements of laws and regulations. This includes an unswerving commitment to honorable behavior in dealings with the public, his clients, and his colleagues, even at the sacrifice of personal advantage. The AICPA Code of Professional Conduct establishes the fundamental principles of professional ethics, which include the following.
Responsibilities: The auditor should exercise sensitive professional and moral judgments in all his activities. This responsibility is to the well-being of all those who use the auditor's professional services and to the art of accounting, the public's confidence, and the profession's special responsibilities of self-governance.
The Public Interest: The auditor should accept the obligation to act in a way that will serve the public interest, honor the public trust, and demonstrate a commitment to professionalism. The public interest includes the community of people and institutions that the profession services (e.g., clients, credit grantors, governments, employers, investors, the business and financial community, etc.)
Integrity: The auditor should perform all professional responsibilities, making decisions according to what is right and just. This means the auditor must be honest and candid, and should not subordinate his level of service to personal gain and advantage.
Objectivity and Independence: The auditor should remain independent in fact and appearance when carrying on his professional services. This means the auditor must be impartial, intellectually honest, and free from conflicts of interest.
Due Care: The auditor should observe the profession's technical and ethical standards, strive continually to improve competence and the quality of services, and discharge professional responsibility to the best of his ability. The auditor should employ a quest for excellence, through continual improvement in competence, and diligence in discharging his responsibilities to those he serves.
Scope and Nature of Services: The services the auditor provides should be in line the Code of Professional Conduct. This means that the auditor should only practice in firms that have in place appropriate quality control procedures to ensure that services are competently delivered and adequately supervised, only participate in engagements that are free from conflicts of interest, and only take on activities that are consistent with his role as a professional.
Please
note the auditor must also follow other ethical requirements
promulgated by his regulators (e.g., state boards of accountancy, and other regulatory agencies). These ethical requirements are typically embodied in the
firm's Quality Control Policies, which are explained in detail at AU-C Section 220.
"The auditor must be independent of the entity when performing an engagement in accordance with GAAS unless (a) GAAS provides otherwise or (b) the auditor is required by law or regulation to accept the engagement and report on the financial statements. When the auditor is not independent and neither (a) nor (b) are applicable, the auditor is precluded from issuing a report under GAAS."
There are an enumerate number of relationships and circumstances that might cause independence to be impaired, so it is impractical to plan for all situations; therefore, The AICPA's Code of Professional Conduct has published a framework that can be applied to specific engagements and situations. In performing its independence analysis, the auditor reviews the engagement for relationships or circumstances that could impair independence (i.e., threats); then he takes actions or other measures that may eliminate or reduce the threat (i.e., safeguards) to a level at which a reasonable and third party who is aware of the relevant information would be expected to conclude that the auditor's independence is not impaired (i.e., to an acceptable level). When an auditor's independence is impaired, the auditor is not independent. The AICPA provides a list of 7 categories of threats to independence:
Adverse Interest Threat: the auditor may not act objectively because his interests are in opposition to his client's (e.g, if the auditor and client are in litigation against each other).
Advocacy Threat: the auditor may promote a client's or position to the point that his independence is compromised (e.g, by promoting securities in an IPO, providing expert witness services, or representing the client in US tax court).
Familiarity Threat: the auditor may become too sympathetic to the interests of the client, because of its long or close relationship (e.g., if an engagement team member has a close friend or family member in a key position at the client, if a partner of the engagement team has worked with that client for a long time, a member of the audit firm has been an officer or director of the client).
Management Participation Threat: the auditor may take on the role of client's management or assume management responsibilities (e.g., by serving as an officer or director of the client, accepting responsibility for the design/implementation/maintenance of internal controls, or hiring/supervising/terminating the client's employees).
Self-interest Threat: the auditor could benefit from an interest in the client (e.g., if the auditor has a financial interest in the client, the auditor has a loan with the client, the auditor owns a significant portion of the client's equity securities, the auditor relies excessively on revenue from that one client, or the auditor has a joint venture with the client).
Self-review Threat: the auditor may not appropriately judge the results of a previous judgment he made for the client (e.g., by preparing source documents used to generate the client's financial statements).
Undue Influence Threat: the auditor may subordinate his judgement to an individual associated with the client (e.g., if management threatens to replace the auditor over a disagreement, management pressures the auditor to reduce audit procedures in an effort to lower the fee, or the auditor receives a gift from the client).
To mitigate these threats, the following types of safeguards could be put into place in order to reduce the threat to an acceptable level:
Safeguards created by the profession, legislation, or regulation (e.g., the publishing of ethical requirements).
Safeguards implemented by the client (e.g., a policy of preparing its own financial statements).
Safeguards implemented by the audit firm (e.g., removing an engagement team member from that particular engagement).
".12 The overall objectives of the auditor, in conducting an audit of financial statements, are to
obtain reasonable assurance about whether the financial statements as a
whole are free from material misstatement, whether due to fraud or
error, thereby enabling the auditor to express an opinion on whether the
financial statements are presented fairly, in all material respects, in
accordance with an applicable financial reporting framework; and
report on the financial statements, and communicate as required by GAAS, in accordance with the auditor's findings.
.13 In all cases when reasonable assurance cannot be obtained and a qualified opinion in the auditor's report is insufficient in the circumstances for purposes of reporting to the intended users of the financial statements, GAAS require that the auditor disclaim an opinion or withdraw from the engagement, when withdrawal is possible under applicable law or regulation."
Let's pick this apart phrase by phrase:
"overall objectives": This section describes the overarching goal of the auditor when performing the audit of financial statements under GAAS.
"reasonable assurance": There is no way for the auditor to obtain absolute assurance that the financial statements are free from material misstatements, due to several inherent limitations in performing the audit (e.g., cost/benefit limitations, information limitations, or fraud). In that case, the best the auditor can hope for is to obtain a high level of assurance that is reasonable in the circumstances.
"as a whole": The auditor has to determine whether all the uncovered misstatements and those that might still be remaining are material to the financial statements overall.
"material misstatement": The auditor is not expected to find every misstatement; only those that are material or would affect an economic decision to be made by the financial statement users. A misstatement is any difference between an amount/disclosure/classification/etc that is different than what is prescribed by the applicable financial reporting framework (i.e., GAAP, cash basis, regulatory basis, etc.)
"fraud or error": The auditor is not required to find fraud or errors; he is merely required to find misstatements, which might be caused by fraud or error.
"opinion": The auditor is required to determine "yes or no", are the financial statements free from material misstatement as a whole; nothing else. For example, he is not required to correct misstatements or even to prepare the financial statements.
"present fairly...financial reporting framework": This means the accounts/disclosures/classifications/amounts/etc are recorded or presented in line with the financial reporting framework used.
"report and communicate...findings": In addition to the opinion report, the auditor is required to communicate findings to those charged with governance and to management in letters. These letters might describe the conduct of the audit (i.e., any difficulties in achieving the audit objectives) and any internal control improvements that could be made at the entity to prevent misstatements in the future.
"08. GAAS contain objectives, requirements, and application and other explanatory material that are designed to support the auditor in obtaining reasonable assurance. GAAS require that the auditor exercise professional judgment and maintain professional skepticism throughout the planning and performance of the audit and, among other things,
identify and assess risks of material misstatement, whether due to fraud or error, based on an understanding of the entity and its environment, including the entity's internal control.
obtain sufficient appropriate audit evidence about whether material misstatements exist, through designing and implementing appropriate responses to the assessed risks.
form an opinion on the financial statements, or determine that an opinion cannot be formed, based on an evaluation of the audit evidence obtained.
.09 The form of opinion expressed by the auditor will depend upon the applicable financial reporting framework and any applicable law or regulation.
.10 The auditor also may have certain other communication and reporting responsibilities to users, management, those charged with governance, or parties outside the entity, regarding matters arising from the audit. These responsibilities may be established by GAAS or by applicable law or regulation."
The structure of the AU-C sections in GAAS include various sections designed to help the auditor throughout planning and performing the audit:
Introduction: provides a high-level overview or background information for how to use the AU-C section and how it should be implemented.
Objectives: explain what the auditor should accomplish by implementing the requirements of the AU-C section.
Definitions: explain various technical terms used in the AU-C section that might not be clear from other areas of the text.
Requirements: include the specific rules the auditor should follow in order to achieve the AU-C section's objectives.
Application and Other Explanatory Material: provide an interpretation and additional guidance on how to follow the requirements.
The auditor should use his professional judgment and professional skepticism in following the requirements of GAAS throughout the following three stages of the audit:
Identify and assess risks of material misstatement: the auditor explores where the financial statements are likely materially misstated by understanding the entity and its environment, and understanding the internal controls that are in place to prevent and detect misstatements.
Obtain sufficient appropriate audit evidence: the auditor designs procedures and obtains evidence to reduce the risk that the financial statements might be materially misstated.
Form an opinion on the financial statements: the auditor forms an opinion of whether the financial statements as a whole are materially misstated based on his evaluation of that evidence obtained.
The opinion the auditor makes on the financial statements depends on the financial reporting framework used as well as the laws and regulations applicable to the entity. In addition to the opinion report, the auditor might be required to issue letters to management (AU-C Section 265), those charged with governance (AU-C Section 260), and potentially other third parties, regarding matters arising during the audit.
"The concept of materiality is applied by the auditor when both planning and performing the audit, and in evaluating the effect of identified misstatements on the audit and uncorrected misstatements, if any, on the financial statements. 1 In general, misstatements, including omissions, are considered to be material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users that are taken based on the financial statements. Judgments about materiality are made in light of surrounding circumstances, and involve both qualitative and quantitative considerations. These judgments are affected by the auditor's perception of the financial information needs of users of the financial statements, and by the size or nature of a misstatement, or both. The auditor's opinion addresses the financial statements as a whole. Therefore, the auditor has no responsibility to plan and perform the audit to obtain reasonable assurance that misstatements, whether caused by fraud or error, that are not material to the financial statements as a whole, are detected."
Let's break this down piece by piece:
"the planning AND performing stage": At the beginning of the audit, the auditor will decide materiality levels that might be appropriate based on his understanding of the entity and its users. This will allow the auditor to develop procedures that are appropriate to address his most significant risks of material misstatement and the concerns of the financial statement users. As the auditor performs the audit procedures, he will consider these materiality levels and respond appropriately, sometimes even changing the materiality levels as new information comes to light.
"uncorrected misstatements": At the end of the audit, the auditor will accumulate the misstatements that have not been corrected by management, and decide whether the accumulation of those misstatements are material to the financial statements as a whole.
"reasonably be expected to influence the economic decisions of users": A misstatement is considered to be material if it would alter the decision of the financial statement users in relation to the company; for example, regulators may find different areas of the financial statements important as compared to investors, vendors, customers, etc. The materiality levels need to be developed based on what these users find important.
"qualitative and quantitative considerations...size or nature of misstatement": The auditor should develop materiality levels not only on dollar amounts, but should also consider the qualitative aspect of the misstatement. For example, the misstatement amount might be quantitatively small, but the financial statement user's decisions might be altered by that tiny misstatement based on qualitative factors.
"financial statements as a whole": The determination of the auditor's opinion is not on one particular account or assertion; it is on the financial statements as a whole. For that reason, the auditor needs to determine whether all misstatements when aggregated together affect an economic decision that could be made by a financial statement user. The auditor has no responsibility to plan and perform the audit to detect immaterial misstatements.
