2. Auditing
A Practical Approach with Data Analytics
Second Edition
RAYMOND N. JOHNSON PhD, CPA
Portland State University
Portland, Oregon
LAURA D. WILEY PhD, CPA
Louisiana State University
Baton Rouge, Louisiana
Adapted from Robyn Moroney, Fiona Campbell,
and Jane Hamilton, Auditing: A Practical Approach (Wiley)
Johnson_FM.indd 1 8/24/21 9:41 AM
4. Brief Contents
1
Introduction and Overview of Audit and Assurance 1-1
2 Professionalism and Professional Responsibilities 2-1
3
Risk Assessment Part I: Audit Risk and Audit Strategy 3-1
4 Risk Assessment Part II: Understanding the Client 4-1
5 Audit Evidence 5-1
6
Gaining an Understanding of the Client’s System of Internal
Control 6-1
7 Risk Response: Performing Tests of Controls 7-1
8 Audit Data Analytics 8-1
9
Risk Response: Performing Substantive Procedures 9-1
10
Risk Response: Audit Sampling for Substantive Procedures 10-1
11
Auditing the Revenue Process 11-1
12
Auditing the Purchasing and Payroll Processes 12-1
13
Auditing Cash, Inventory, and Related Income Statement
Accounts 13-1
14 Auditing Investing and Financing Activities 14-1
15
Completing the Audit 15-1
16
Reporting on the Audit 16-1
APPENDIX A
Cloud 9 Inc. Audit A-1
AUDITING AND ASSURANCE STANDARDS AS-1
GLOSSARY G-1
INDEX I-1
iii
Johnson_FM.indd 3 8/24/21 9:41 AM
5. From the Authors
Being an auditor is being a trusted professional. Auditing is about developing an inquisitive
mind and mastering decision-making. It is also about adapting to change and pivoting when
unexpected situations occur. With companies evolving more rapidly than ever, auditors must
think critically, act ethically, communicate clearly, and embrace new technologies.
To help you develop these skills, we have taken a very practical approach in this second
edition:
•
Written the text in a conversational style and incorporated more
headings and bulleted/numbered lists to streamline the content.
• Created a five-step audit decision-making framework to assist you
with developing your critical thinking skills.
•
Added information about biases in decision-making.
• Included new infographics to increase your understanding of key
topics.
• Updated content for recent changes in auditing standards and new
CPA exam content to provide you with the most up-to-date content.
In the area of technology, auditors and their clients are incorporating more technology
than ever before. You should not be concerned about mastering any specific technology or
software at this time, but you should be knowledgeable about how auditors are incorporating
various technologies, and you should be technologically nimble and willing to experiment
with using technology to analyze client data. To help you do this, we have:
•
Included a separate chapter on audit data analytics (ADA) and integrated the use of ADA
into many chapters.
•
Offered IDEA-based cases, Tableau exercises, and Excel exercises in Wiley Course Re-
sources.
•
Added discussions about clients’ digital mindset, automated tools for performing audit
procedures, artificial intelligence and machine learning, and cybersecurity.
The accounting and auditing skills you build in this course will serve you for the rest of
your life as you develop independence of thought and action. If you keep asking questions,
continue to explore the application of new technologies, and stay true to the importance of
integrity and independent thought and actions that will earn the public trust, you should have
a rich and rewarding career.
We are excited and honored to lead you on this “auditing” journey. We hope you dive
into the material and explore the resources provided in this text and Wiley Course Resources.
Above all else, we wish you great success in your auditing course and your career!
Raymond N. Johnson, PhD, CPA
Laura D. Wiley, PhD, CPA
iv
Auditing is about developing an inquisitive
mind and mastering decision-making. With
companies evolving more rapidly than ever, au-
ditors must think critically, act ethically, com-
municate clearly, and embrace new technolo-
gies. To help you develop these skills, we have
taken a very practical approach in this text.
Johnson_FM.indd 4 8/24/21 9:41 AM
7. Chapter 1:
Introduction and Overview of Audit and
Assurance
• ADDED the 2020 ASB Audit Report Updates.
• NEW discussion of review of interim financial state-
ments.
• NEW section on the critical-thinking and data analytics
skills required by auditors.
• NEW illustration on the audit decision-making frame-
work.
• NEW Audit Decision-Making Example at the end of the
text discussion.
Chapter 2:
Professionalism and Professional
Responsibilities
• NEW section on applying the conceptual framework
through use of an example.
• UPDATED Illustration 2.10 to reflect the most recent de-
piction of auditor liability under common law.
• UPDATED discussion of Ultramares Corp. v. Touche case
reflecting the latest appeal.
Chapter 3:
Risk Assessment Part I: Audit Risk and
Audit Strategy
• UPDATED Illustration 3.1 and following discussion for
clear connection and focus on the factors that influence
client acceptance and retention.
• UPDATED Illustration 3.4 to include “Developing an Au-
dit Strategy” as part of the risk assessment phase.
• UPDATED definition and discussion of materiality from
SAS 138, including qualitative and quantitative factors.
• NEW discussion of unconscious and conscious biases
that impact professional skepticism.
• IMPROVED discussion of audit risk with more logical
flow of audit risk components.
• NEW illustration on inherent and control risk compo-
nents.
• NEW discussion on role of data analytics in audit risk and
audit strategy.
• ENHANCED discussion of fraud risk.
Chapter 4:
Risk Assessment Part II: Understanding the
Client
• NEW illustrations: (1) comparing entity risks of a fast-
food restaurant versus a high-end restaurant and (2) how
KPIs vary by industry.
• UPDATED tables on financial ratios to include not only
the formulas but also a description of what they assess
and how they are interpreted.
• REDUCED text discussions where they repeated illustra-
tion or table information.
• UPDATED discussions on (1) procedures performed to
gain an understanding of the client, (2) tools for per-
forming analytical procedures, (3) related parties, and
(4) inherent risk considerations for IT, as well as a cli-
ent’s digital mindset.
Chapter 5: Audit Evidence
• UPDATED discussion of management assertions from
SAS 134.
• NEW illustrations on (1) the four forms of information
that auditors can use as audit evidence, (2) attributes that
auditors should consider when evaluating audit evidence,
and (3) using ADA and automated tools to perform audit
procedures.
• UPDATED discussion and examples of sufficient appro-
priate audit evidence from SAS 142.
• UPDATED discussion of ADA and automated tools for
performing audit procedures.
Chapter 6:
Gaining an Understanding of the Client’s
System of Internal Control
• NEW illustrations on (1) common inherent limitations
of internal control, (2) steps involved in assessing control
risk, and (3) major benefits and risks of IT systems.
• REDUCED text discussions that repeated information
presented in tables.
• DELETED cash receipts example of transaction flows, as
sales process example is comprehensive.
• NEW Professional Environment feature on cybersecurity.
• NEW discussion on the use of a service organization by
an audit client (SOC 1 Reports).
• MOVED section on management letters to Chapter 7.
Chapter 7:
Risk Response: Performing Tests of Controls
(previously Chapter 8)
• MOVED discussion of steps in assessing control risk into
Chapter 6.
• NEW discussion, illustrations, and EOC on evaluating an
SOC 1, Type 2 report.
• ADDED section on management letters from Chapter 6.
New to This Edition:
Chapter-by-Chapter Changes
vi
Johnson_FM.indd 6 8/24/21 9:41 AM
8. NEW TO THIS EDITION: CHAPTER-BY-CHAPTER CHANGES vii
• NEW Professional Environment feature on AICPA evi-
dence from peer reviews on control testing.
• HIGHLIGHTED AND EXPANDED example of New Mil-
lennium Ecoproducts throughout.
Chapter 8:
Audit Data Analytics (previously Chapter 7)
• NEW learning objective (and related EOC material) on
how artificial intelligence and machine learning may be
used in an audit.
• NEW emphasis on how ADA fits into the five-step audit
decision-making framework with specific focus on use of
ADA as a risk assessment tool and as a substantive pro-
cedure.
• NEW focus on how gathering data for ADA application
involves two key steps: (1) accessing and preparing the
data for ADA and (2) considering the relevance and reli-
ability of the data used.
• NEW Professional Environment feature detailing a recent
report on the use of technology in UK audit firms.
Chapter 9:
Risk Response: Performing Substantive
Procedures
• NEW illustrations highlighting (1) dual-purpose tests,
(2) using a substantive analytical procedure in the con-
text of the audit decision-making framework, (3) an ex-
ample of estimation uncertainty, (4) inherent risk factors,
and (5) an illustrative timeline of an event related to an
estimate occurring before the date of the audit report.
• UPDATED discussion on auditing accounting estimates
from SAS 143, including a running case example to illus-
trate application.
Chapter 10:
Risk Response: Audit Sampling for
Substantive Procedures
• COMBINED discussions within Learning Objectives 1
with 2, and 4 with 5, for a more streamlined, focused ap-
proach.
• ADDED audit risk model depictions to illustrate example
scenarios for improved understanding.
• NEW summary discussion of PPS sampling.
Chapter 11:
Auditing the Revenue Process
• NEW section and assessment material on evaluating con-
trol activities in a paperless revenue system.
• NEW discussions of the preliminary audit strategy as well
as drawing a final conclusion for revenues.
• NEW illustration on (1) the five-step process for auditing
revenues, (2) the lapping scheme, and (3) the ADA de-
cision tree for auditing allowance for doubtful accounts.
Chapter 12:
Auditing the Purchasing and Payroll
Processes
• NEW illustrations detailing the auditing steps for both
the purchasing and payroll processes.
• COMBINED some learning objectives for improved pre-
sentation of topics.
Chapter 13:
Auditing Cash, Inventory, and Related
Income Statement Accounts (previously
first half of Chapter 13)
• NEW discussions of understanding internal controls, de-
veloping a preliminary audit strategy, and drawing a final
conclusion.
• REVISED discussion of bank transfers for improved un-
derstanding.
• NEW Professional Environment feature on bank confir-
mations.
• NEW discussion on the three-step process of valuing in-
ventory.
• NEW discussion of the use of ADA to count inventories.
Chapter 14:
Auditing Investing and Financing Activities
(previously second half of Chapter 13)
• NEW discussions of how audit planning decisions affect
the assessment of inherent risk, understanding internal
controls, developing a preliminary audit strategy, and
drawing a final conclusion.
• NEW section on auditing debt transactions.
• NEW Auditing Decision-Making Example on investing
and financing activities.
Chapter 15:
Completing the Audit (previously Chapter 14)
• ENHANCED discussions and explanations throughout.
• REVISED Professional Environment feature on forensic
accounting.
Chapter 16:
Reporting on the Audit (previously
Chapter 15)
• UPDATED throughout to reflect 2020 ASB auditing
standards.
• NEW audit reports from Amazon.com and Photronics,
Inc.
• NEW discussion of preparation engagements.
Johnson_FM.indd 7 8/24/21 9:41 AM
9. viii
Hallmark Features
Auditing provides a unique pedagogical framework that helps students master the content and
prepare them for a successful career in accounting.
8-1
Audit Data Analytics
CHAPTER 8
Special thanks to Dr. Adrian Gepp of Bond University, Queensland, Australia, for his invaluable
assistance in co-authoring this chapter.
Audit
Data
Analytics
(Chapter
8)
Audit
Evidence
(Chapter
5)
Client Acceptance/Continuance and Risk Assessment
(Chapters 3 and 4)
Developing Responses to Risk and an Audit Strategy
Gaining an
Understanding of
the Client
Identifying Significant
Accounts and
Transactions
Setting Planning
Materiality
Making Preliminary
Risk Assessments
Gaining an Understanding
of the System of Internal Control
(Chapter 6)
Overview of Audit and Assurance
(Chapter 1)
Completing and Reporting on the Audit
(Chapters 15 and 16)
Reporting
Drawing Audit
Conclusions
Procedures Performed Near
the End of the Audit
Auditing Investing and
Financing Activities
(Chapter 14)
Auditing Cash and
Inventory
(Chapter 13)
Auditing the Purchasing
and Payroll Processes
(Chapter 12)
Auditing the
Revenue Process
(Chapter 11)
Performing Tests of Controls
(Chapter 7)
Performing Substantive Procedures
(Chapter 9)
Audit Sampling for
Substantive Procedures
(Chapter 10)
Professionalism and Professional Responsibilities
(Chapter 2)
The Audit Process
c08AuditDataAnalytics.indd 1 7/23/21 8:18 AM
The Big Picture
Each chapter begins with a flowchart de-
tailing exactly what section of the audit
process students are about to learn. The
chart helps students see the big picture of
the audit process.
Continuing Case
A Cloud 9 Continuing Case exercise
applies concepts introduced in each
chapter, concludes each chapter, and is
available as an assessment question.
3-44 ChApteR 3 Risk Assessment part I: Audit Risk and Audit Strategy
Cloud 9 Continuing Case
WS Partners has just won the January 31, 2026, audit for
Cloud 9. The audit team assigned to this client is:
• Partner, Jo Wadley
• Audit manager, Sharon Gallagher
• Audit senior, Josh Thomas
• IT audit manager, Mark Batten
• Experienced staff, Suzie Pickering
• First-year staff, Ian Harper
As a part of the risk assessment phase for the new audit, the audit
team needs to gain an understanding of Cloud 9’s structure and its
business environment, determine materiality, and assess the risk
of material misstatement. This will assist the team in developing
an audit strategy and designing the nature, extent, and timing of
audit procedures.
One task during the planning phase is to consider the con-
cept of materiality as it applies to the client. Auditors will de-
sign procedures to identify and correct errors or irregularities
that would have a material effect on the financial statements
and affect the decision-making of the users of the financial
statements. Materiality is used in determining audit procedures
and sample selections, and evaluating differences from client
records to audit results. Materiality is the maximum amount of
misstatement, individually or in aggregate, that can be accepted
in the financial statements. In selecting the benchmark to be
used to calculate materiality, the auditors should consider the
key drivers of the business. They should ask, “What are the end
users (that is, stockholders, banks, etc.) of the accounts going
to be looking at?” For example, will stockholders be interested
in profit figures that can be used to pay dividends and increase
share price?
WS Partners’ audit methodology dictates that one plan-
ning materiality (PM) amount is to be used for the financial
statements as a whole. The benchmark selected for determin-
ing materiality is the one determined to be the key driver of the
business.
WS Partners uses the following percentages as starting
points for the various benchmarks:
Benchmark Threshold (%)
Income before tax 5.0
Total revenue 0.5
Gross profit 2.0
Total assets 0.5
Equity 1.0
These starting points can be increased or decreased by taking into
account qualitative client factors, which could be:
• The nature of the client’s business and industry (for example,
rapidly changing, either through growth or downsizing, or
an unstable environment).
• Whether the client is a public company (or subsidiary of)
subject to regulations.
• The knowledge of or high risk of fraud.
Typically, income before tax is used; however, it cannot be used
if reporting a loss for the year or if profitability is not consistent.
When calculating PM based on interim figures, it may be nec-
essary to annualize the results. This allows the auditors to plan
the audit properly based on an approximate projected year-end
balance. Then, at year-end, the figure is adjusted, if necessary, to
reflect the actual results.
Required
Answer the following questions based on the information pre-
sented for Cloud 9 in the appendix to this text and in the current
chapter and previous chapters.
a. Using the October 31, 2025, trial balance (in the appendix
to this text), calculate planning materiality, and include the
justification for the benchmark that you have used for your
calculation.
b. Discuss how the planning materiality would be used to deter-
mine performance materiality.
c. If the planning materiality amount is increased or decreased
later in the audit, how would that impact the audit?
5-6 Chapter 5 audit evidence
assets and liabilities may exist but not be owned by the entity. For example, inventory held on
consignment in the client’s warehouse exists, but it is not owned by the client. This inventory
should not be listed as an asset because it does not meet the rights and obligations assertion
since it is not owned by the client.
When considering (9) completeness, auditors search for assets, liabilities, and equity items
to ensure they have been recorded. This assertion is particularly important when auditors
believe there is a risk of understatement and the client has omitted some items from the bal-
ance sheet. For example, a client may fail to record various accrued liabilities due to an error
or an attempt to improve reported financial ratios for the period. In addition, auditors gather
evidence that all related disclosures are included in the notes to the financial statements.
When considering (10) accuracy, valuation and allocation, auditors search for evidence that
assets, liabilities, and equity items have been recorded at appropriate amounts and subsequent
allocation or valuation adjustments are appropriately recorded. Allocation refers to the alloca-
tion of historical cost over a period of time, such as depreciation of buildings and equipment.
Valuation refers to subsequent measurements that determine fair value or net realizable value.
This assertion is particularly important when auditors believe there is a risk of over- or under-
valuation. Here are some examples:
• An auditor verifies that inventory has been appropriately recorded at the lower of cost or
net realizable value (risk of overstatement).
• An auditor tests for the adequacy of the allowance for doubtful accounts (risk of under-
statement or overstatement depending on the client’s motivation).
• An auditor verifies that equipment used in operations has been appropriately marked
down if it is impaired (risk of overstatement).
For (11) classification, auditors gather evidence that assets, liabilities, and equity interests
are recorded in the proper accounts. For example, a parking lot added to land should be clas-
sified in a separate account from land. A parking lot is considered a land improvement and is
subject to depreciation. Including the parking lot with the land account is improper classifica-
tion because land is not depreciated.
When considering (12) presentation, auditors gather evidence that assets, liabilities, and
equity interests are appropriately aggregated or disaggregated in the financial statements. For
example, liabilities are separated into current and long-term portions on the balance sheet. In
addition, related disclosures for long-term debt should be relevant and understandable. In the
notes, a company describes its long-term debt and includes relevant details such as interest
rates, payment schedule, and maturity dates.
Cloud 9 Continuing Case
Ian and Suzie have already talked in general terms about the
errors that could occur in Cloud 9’s accounts receivable. For exam-
ple, basic mathematical mistakes and other clerical errors could
affect the customer’s total in either direction. Suzie emphasizes
that Cloud 9’s management asserts this error did not exist when
they prepared the financial statements—i.e., they assert that
accounts receivable are valued correctly.
Auditors must gather evidence about each assertion for
each transaction class, account, and note in the financial state-
ments. Now that Ian understands this idea better, he can iden-
tify the assertions that relate to the potential errors in accounts
receivable that they discussed earlier:
• No mathematical mistakes or other clerical errors exist that
could affect the total receivables in either direction—accuracy,
valuation and allocation.
• No accounts receivables were omitted when calculating the
total—completeness.
• Accounts receivables included in the total do exist at year-end—
existence.
• Accounts receivables belong to Cloud 9 and have not been
sold or factored—rights and obligations.
• Bad debts have been provided for—accuracy, valuation and
allocation.
• Salesfromthenextperiodarenotincludedintheearlierperiod—
cutoff. Ian is a bit confused about this because cutoff is an asser-
tion for transactions, not account balances. Suzie agrees it is a
special sort of assertion that relates to transactions or events, but
also gives evidence about balance sheet accounts (e.g., an over-
statement of revenue is also an overstatement of receivables).
c05AuditEvidence.indd 6 7/26/21 12:26 PM
Learning Objectives
Learning Objectives have been carefully craft-
ed to reflect the Bloom’s Taxonomy framework,
as well as reinforce the practical auditing skills
that students will develop.
5-2 Chapter 5 audit evidence
Auditing and Assurance Standards
PCAOB
AS 1105 audit evidence
AS 1205 part of the audit performed by Other
Independent auditors
AS 1210 Using the Work of a Specialist
AS 1215 audit Documentation
AS 2110 Identifying and assessing risks of Material
Misstatement
AS 2310 the Confirmation process
AS 2605 Consideration of the Internal audit Function
Auditing StAndArdS BOArd
Au-C 230 audit Documentation
Au-C 315 Understanding the entity and Its environment
and assessing the risks of Material Misstatement
Au-C 500 audit evidence
Au-C 505 external Confirmations
Au-C 600 Special Considerations—audits of Group
Financial Statements (Including the Work of Component
auditors)
Au-C 610 Using the Work of Internal auditors
Au-C 620 Using the Work of an auditor’s Specialist
Cloud 9 - Continuing Case
At the next planning meeting for the Cloud 9 audit, Suzie Pickering
presents the results of the analytical procedures performed so far
and a working draft of the audit program. The audit manager,
Sharon Gallagher, and the audit senior, Josh Thomas, are also in-
volved in the planning, with special responsibility for the internal
control assessment.
The meeting’s agenda is to discuss the available sources of ev-
idence at Cloud 9 and specify these in the detailed audit program.
The team members also must ensure they have enough evidence
to conduct the audit. Two specific issues worry members of the
team. First, there are three very large asset balances on Cloud 9’s
trial balance that have particular valuation issues. Josh suggests
that a specialist will be required for the derivatives, but they can
handle the accounts receivable and inventory themselves. Second,
Sharon is worried about how they will gather evidence regarding a
subsidiary of Cloud 9 located in Vietnam. WS Partners does not
have an office in Vietnam, so they must determine the most effec-
tive and efficient way to gather evidence regarding the subsidiary.
In the planning meeting, the team considers the following
questions:
• What evidence is available?
• What criteria will the team use to choose among alternative
sources of evidence?
• What are the implications of using the work of specialists
and other auditors?
Chapter Preview—Audit Process in Focus
In Chapters 3 and 4, we considered audit risk and risk assessment. Those chapters focused
on the importance of risk identification to help ensure the auditor’s desired level of risk is
Learning Objectives
LO 1 Define management assertions about classes of
transactions, account balances, and presentation and
disclosure.
LO 2 Discuss the characteristics of audit evidence.
LO 3 apply the procedures for gathering audit evidence,
including the use of audit data analytics.
LO 4 evaluate when it is appropriate for auditors to use
the work of others.
LO 5 Document the details of evidence gathered in
working papers.
c05AuditEvidence.indd Page 2 04/03/19 8:37 PM F-0590 /208/WB02435/9781119401810/ch05/text_s
3-2 CHAPTER 3 Risk Assessment Part I
Cloud 9 - Continuing Case
Sharon and Josh have already discussed some specific client accep-
tance issues, such as independence threats and safeguards. Sharon
explains they also must consider the overall integrity of the client
(that is, management of Cloud 9). This means they need to perform
and document procedures that are likely to provide information
about the client’s integrity. Josh is a little skeptical. “Do you mean
that we should ask them if they are honest?” Sharon suggests it is
probably more useful to ask others, and the key people to ask are
the existing auditors. Josh is still skeptical. “The existing auditors
are Ellis Associates. Are they going to help us take one of their
clients from them?” Sharon says the client must give permission
first, and, if that is given, the existing auditor will usually state
whether or not there were any issues that the new auditor should
be aware of before accepting the work. This type of communica-
tion is covered by AS 2610 (AU-C 210 for private company clients)
and is part of professional ethics. Sharon also gives Josh the task
of researching Cloud 9’s press coverage, with special focus on any-
thing that may indicate poor management integrity.
Sharon emphasizes they must perform and document proce-
dures to determine whether WS Partners is competent to per-
form the engagement and has the capabilities, time, and resources
to do so. For example, they must make sure they have audit team
members who understand the clothing and footwear business.
They also must have enough staff to complete the audit on time.
In addition, Sharon and Josh must perform and document
procedures to show that WS Partners can comply with all parts
of the code of professional conduct, not just those that focus on
independence threats and safeguards. Finally, they can draft the
engagement letter to cover the contractual relationship between
WS Partners and Cloud 9.
Auditing and Assurance Standards
PCAOB
AS 1015 Due Professional Care in the Performance of Work
AS 1101 Audit Risk
AS 1301 Communications with Audit Committees
AS 2101 Audit Planning
AS 2105 Consideration of Materiality in Planning and
Performing an Audit
AS 2110 Identifying and Assessing Risk of Material
Misstatement
AS 2301 The Auditor’s Responses to the Risks of
Material Misstatement
AS 2401 Consideration of Fraud in a Financial
Statement Audit
AS 2610 Initial Audits—Communication Between
Predecessor and Successor Auditors
AUDITING STANDARDS BOARD
AU-C 200 Overall Objectives of the Independent
Auditor and the Conduct of an Audit in Accordance With
Generally Accepted Auditing Standards
AU-C 210 Terms of Engagement
AU-C 240 Consideration of Fraud in a Financial
Statement Audit
AU-C 300 Planning an Audit
AU-C 315 Understanding the Entity and Its Environment
and Assessing the Risks of Material Misstatement
AU-C 320 Materiality in Planning and Performing an
Audit
AU-C 330 Performing Audit Procedures in Response to
Assessed Risks and Evaluating Audit Evidence Obtained
QC10 A Firm’s System of Quality Control
Learning Objectives
LO 1 Evaluate client acceptance and continuance
decisions.
LO 2 Identify the different phases of an audit.
LO 3 Explain and apply the concept of materiality.
LO 4 Explain professional skepticism and apply the
audit risk model.
LO 5 Explain how auditors determine their audit
strategy and how audit strategy affects audit decisions.
LO 6 Explain the fraud risk assessment process and
analyze fraud risk.
c03RiskAssessmentPartI.indd Page 3-2 24/01/19 9:35 PM F-0590 /208/WB02435/9781119401810/ch03/text_s
Auditing and Assurance
Standards
Relevant AICPA and PCAOB Auditing and
Assurance Standards are listed at the be-
ginning of each chapter and highlighted
throughout the discussion.
Johnson_FM.indd 8 8/24/21 9:42 AM
10. HALLMARK FEATURES ix
Flowcharts and Graphs
Detailed flowcharts and graphs help students visualize important processes.
2-8 Chapter 2 professionalism and professional responsibilities
Step 1: Identify Threats CPAs interact with clients in a number of circumstances. CPAs
need to be alert to a possible relationship or situation that might cause a threat to their com-
pliance with ethical rules. The following is a discussion of seven common threats that CPAs in
public practice should be alert to, irrespective of the services the CPA is engaged to perform.
• Adverse interest threat. An adverse interest threat is the threat that a CPA will not
act with objectivity because the CPA’s interests are opposed to the client’s interests. For
example, an adverse interest threat exists if a client has expressed an intention to begin
litigation against the CPA regarding the quality of tax work previously performed.
• Advocacy threat. An advocacy threat is the threat that a CPA will promote a client’s inter-
ests or position to the point that his or her objectivity or independence is compromised. For
example, an advocacy threat exists if the CPA provides expert witness services to a client in
litigation or in a dispute with a customer regarding a licensing arrangement. Once the CPA is
advocating for a client, the CPA is no longer objective. An advocacy threat would also exist if
a firm acts as an investment adviser to an officer or director of a client.
• Familiarity threat. A familiarity threat is the threat that, due to a long or close rela-
tionship with a client, a CPA will become too sympathetic to the client’s interests or too
accepting of the client’s work or product. For example, a familiarity threat would exist if
a CPA’s immediate family member were employed by the client in a key position (such
as the CFO). A familiarity threat would also exist if a former partner or professional
employee of an audit firm joined the client as its CFO and had knowledge of the firm’s
policies and practices for the audit engagement.
• Management participation threat. A management participation threat is the
threat that a CPA will take on the role of client management or otherwise assume man-
agement responsibilities. For example, a CPA may have a small business client, and the
owner asks the CPA’s firm to do various bookkeeping services for the client. Providing
bookkeeping services may cause the CPA to make various management decisions, which
is a threat to the firm’s objectivity and independence. This may also put an accounting
firm in a position of auditing its own work.
• Self-interest threat. A self-interest threat is the threat that a CPA could benefit,
financially or otherwise, from an interest in, or relationship with, a client or persons asso-
ciated with the client. For example, a self-interest threat exists when a CPA has a financial
adverse interest threat the
threat that a CPA will not act
with objectivity because the
CPA’s interests are opposed to the
client’s interests
advocacy threat the threat that
a CPA will promote a client’s
interests or position to the point
that his or her objectivity or
independence is compromised
familiarity threat the threat
that, due to a long or close
relationship with a client, a CPA
will become too sympathetic
to the client’s interests or too
accepting of the client’s work or
product
management participation
threat the threat that a CPA
will take on the role of client
management or otherwise assume
management responsibilities
self-interest threat the threat
that a CPA could benefit, financially
or otherwise, from an interest in,
or a relationship with, a client or
persons associated with the client
Decline or
terminate
engagement
Threats
identified
Step 3
Identify
and apply
safeguards
Threats
significant
No
Yes
Proceed
with
engagement
Threats not
significant
No threats
identified
Are threats
at an acceptable
level?
Step 4
Evaluate the
effectiveness
of safeguards
Step 2
Evaluate
significance
of threats
Step 1
Identify
threats
Step 5
Document
threats and
safeguards
applied
ILLUSTRATION 2.2
Conceptual framework
flowchart
c02ProfessionalismAndProfessionalResponsibilities.indd 8 7/23/21 8:43 AM
3-18 ChApteR 3 Risk Assessment part I: Audit Risk and Audit Strategy
• Significant subjectivity in measurement of financial information.
• Significant unusual transactions.
As part of risk assessment, auditors will document the identified inherent risks for the client,
including documenting which risks are considered significant. Knowing where the risks are
greatest assists the auditor in planning the best procedures for the audit.
Control Risk After assessing IR, the second step is to gain an understanding of the cli-
ent’s system of internal controls. The client should have controls in place to minimize the
risk of material misstatement caused by inherent risks. The auditors gain an understand-
ing of internal controls for the purpose of assessing control risk. Control risk (CR) is the
risk that a client’s internal controls will not prevent or detect a material misstatement on
a timely basis.
Illustration 3.7 shows inherent and control risks for a jewelry store. An inherent risk
for jewelry inventory is that it is susceptible to theft from both customers and employees. If
jewelry is stolen without the client knowing, the inventory account will be overstated because
stolen goods would remain recorded in the client’s records. The client knows that jewelry is
susceptible to theft; therefore, the client has put controls in place to minimize the risk of theft.
The control risk for this client would be the risk of one or more of these controls failing and
jewelry stolen without client management knowing.
control risk (CR) the risk that
a client’s system of internal con-
trols will not prevent or detect a
material misstatement on a
timely basis
Inherent Risk
Jewelry inventory is susceptible to theft. Inventory account
will be overstated if client is unaware of the theft.
Control Risk
Controls put in place include security cameras and a security guard.
Risk of one or more of the controls failing and inventory
being stolen without the client knowing.
ILLUSTRATION 3.7 Example of inherent and control risks
Note that IR and CR are the client’s risks and exist separately from the audit of the
financial statements. In other words, the auditors have no control over a client’s inherent
and control risks. Inherent risk is driven by industry, economic, and client factors that
are out of the control of the auditor. Control risk is impacted by the client’s design and
implementation of internal controls, which are also out of the auditor’s control. These two
risks combine to form the RMM.
c03RiskAssessmentPartI.indd 18 8/19/21 1:41 PM
The Professional Environment
Professional Environment features provide in-depth discussions
of how concepts in a chapter are applied in the business world.
5-20 CHAPTER 5 Audit Evidence
Using the Work of Internal Auditors
The role of the internal audit function was introduced in Chapter 1. Internal auditors are
employees of the client who perform assurance and consulting activities designed to evaluate
and improve the effectiveness of the entity’s governance, risk management, and internal con-
trol processes. Not every client will have an internal audit function. For example, small and
medium-sized companies, especially private companies, may not have the resources to staff
an internal audit function. But if the client does have an internal audit function, what role,
if any, do the internal auditors play in the financial statement audit? According to AU-C 610
internal auditors employees
of the client who perform assur-
ance and consulting activities
designed to evaluate and improve
the effectiveness of the entity’s
governance, risk management,
and internal control processes
Cloud 9 - Continuing Case
Josh will take responsibility for obtaining a specialist’s opinion on
the derivatives. He knows that WS Partners has other staff (who
are not part of the audit team) who can provide additional expertise.
However, because he believes the accounts are so material to the
audit and derivatives have become such a big issue in audits in recent
years, he deems an external specialist’s opinion is also required. He
has some experience of using a derivatives specialist on prior audits,
and he also plans to ask Jo Wadley (the partner) to recommend a
suitable specialist.
Josh plans to investigate any possible connections between
the specialist and Cloud 9 that could adversely impact the special-
ist’s objectivity before engaging him for this audit.
Professional Environment Working with IT Auditors
Specialist IT auditors are often used in audits of clients with com-
plex information technology (IT) environments because the effec-
tive audit of the IT systems contributes to overall audit quality.
Large audit firms usually have such specialists within the firm, but
smaller audit firms could engage external IT consultants for this
part of the financial statement audit. In general, reliance on an
IT specialist is appropriate when the financial statement auditor
complies with the conditions of AU-C 620.
If the IT expert and the financial statement auditor do not
work well together, audit quality can be impaired. For this rea-
son, researchers have investigated the factors that affect the way
that financial statement auditors work with specialist IT auditors.
Brazel12
reviewed this research evidence and drew the following
conclusions. First, responses from financial statement auditors in
the United States who were surveyed about their experiences with
IT auditors indicated that they believe IT auditors’ competence
levels vary in practice. Financial statement auditors also said that
IT auditors appear to be overconfident in their abilities in some
settings, and questioned the value provided by IT auditors to the
financial statement audit.
Second, Brazel suggests the research shows that both finan-
cial statement auditors’ IT ability and experience and the IT audi-
tor’s competence affect how these two professions interact on an
audit engagement. This indicates that audit firms need to ensure
that staff training and scheduling produce appropriate combi-
nations of financial statement auditors and IT auditors on an
engagement.
Finally, Brazel argues that the research findings demon-
strated that auditors need to consider the implications of finding
a balance between greater software-assisted audit techniques
training for financial statement auditors and greater use of IT
specialists for overall audit efficiency and effectiveness.
The role of IT audit specialists could grow to become even
more than a support function for auditors. Some researchers
suggest that in e-businesses, the external financial statement
auditor’s authority will be challenged by IT audit specialists be-
cause of technological change and its impact on auditing.13
In
e-businesses, economic transactions are captured, measured,
and reported on a real-time basis without either internal human
intervention or paper documentation.14
Auditing is likely to be-
come more real-time and continuous to reflect the pattern of the
transactions. If traditional auditors are unwilling or unable to
adapt to the new environment, their role could be taken over by
IT specialists.
Other developments such as reporting using XBRL (eXten-
sible Business Reporting Language) provide challenges for au-
ditors as they have to adapt their techniques and approaches to
audit financial information that is disaggregated and tagged. Us-
ers can extract and analyze XBRL data directly without re-entry
and the tag provides additional information about the calculation
and source of the data. This means auditors have to recognize that
their clients are reporting financial data with different levels of
information and users might have greater expectations of the data.
Learn more about XBRL at www.xbrl.org.
12
J. F. Brazel. “How do financial statement auditors and IT auditors work together?” The CPA Journal,
November, 2008, pages 38–41.
13
A. Kotb, C. Roberts, S. Sian. “E-business Audit: Advisory Jurisdiction or Occupational Invasion?” Critical
Perspectives on Accounting 23, no. 6 (2012), pages 468–82.
14
Kotb et al., 2012.
c05AuditEvidence.indd Page 5-20 1/15/19 9:44 PM f-1241 /208/WB02435/9781119401810/ch05/text_s
Audit Decision-Making
Framework
Each chapter concludes with an Audit
Decision-Making Example that takes stu-
dents through specific steps of the audit
process while offering solutions to issues
presented throughout the example.
Obtain Company Background Information and Data
You have been assigned to the audit of inventory for a private company that owns and operates a chain
of retail jewelers. The company’s sales revenue has grown by 300% in the last two years, primarily
by acquisitions. Seventy-eight percent of the value of the company’s inventory is in wedding rings,
diamonds, gold necklaces, and high-end watches. Because the company has grown through acqui-
sition, the company has not yet brought two acquired companies (representing 35% of sales) under
the company’s inventory system. As a result, the company is currently operating with three different
inventory-control systems. The core inventory system being used by the retail stores represents 65%
of sales. Sixty percent of inventory was tested in the prior year and controls over the existence of
inventory were effective.
The CFO’s top priority is to put all retail operations under this one inventory-control system by the
end of the fiscal year (January 31). He is particularly concerned about lower-than-expected gross margins
at some of the acquired stores, and he expects that better inventory control will improve this situation. In
addition, gold prices have risen 15% in the last 12 months, and the company is making sure it is not selling
“conflict diamonds” illegally traded to fund conflict in war-torn areas of Africa. Your responsibility is to
develop an audit strategy for testing the existence of inventory.
? What Is the Audit Problem You Are Trying to Solve?
The focus of attention in this instance is to develop an audit strategy for testing the existence of inventory.
The auditor may develop a different audit strategy for testing the valuation of that inventory.
Gather Information and Evidence
Important information includes:
• A significant portion of the inventory is high in value, small in size, and susceptible to theft.
• Although internal controls may be strong overall, there is risk they may not be operating effectively
and uniformly in some locations.
• The weak gross margins in some stores may be evidence of inventory shrinkage or theft.
• Fraud risk may be high in some locations due to the opportunity offered by weak internal
controls.
• The auditor needs to determine how internal controls affect audit strategy and whether the auditor
wants one audit strategy for part of the inventory and another audit strategy for another part of the
inventory.
Perform the Analysis and Evaluate the Results
Analysis of risk:
• Inherent risk factors include valuable inventory that is subject to theft and misappropriation.
• Internal controls are not uniform. Based on the prior year’s evidence and a preliminary understand-
ing of the system in the current year, strong internal controls appear to operate over only 60% of
the inventory.
• It may be more efficient to physically inspect inventory as of one date and use one audit strategy for
all inventory testing.
• Fraud risk is considered to be high at locations where inventory controls are not strong.
! Draw an Audit Conclusion
• Inherent risk is set at the maximum because inventory is high in value and susceptible to theft and
misappropriation.
• Control risk is set at high, as 40% of inventory may not have sufficient internal controls.
• Fraud risk is considered high due to the opportunity offered by weak internal controls.
• These risk settings result in setting detection risk at low.
• Low detection risk impacts the nature, timing, and extent of substantive procedures. For exam-
ple, the auditor will plan testing of the physical existence of inventory at year-end, select a larger
number of locations to visit, and vary the extent of inventory testing at each location depending on
internal controls over the counting of inventory at each location.
Audit Decision-Making Example
Audit Decision-Making example 3-35
c03RiskAssessmentPartI.indd 35 7/23/21 8:20 AM
Real-World Illustrations
Many illustrations, such as working
papers and confirmations, present
documents that students will en-
counter in a real-world audit.
5-32 Chapter 5 audit evidence
The trial balance is then referenced into the appropriate lead and supporting schedules where
audit work is documented for each account in the trial balance. At Bell Bowerman, LLP,
the trial balance is referenced using the letter “A”; cash and cash equivalents in various banks
are referenced into the C Lead; accounts receivable are referenced into the E Lead; inventory
accounts are referenced into the F Lead; property, plant and equipment are referenced into
the K Lead; and so on.
The first working paper example is the cash and cash equivalents lead schedule
in Illustration 5.15. The purpose of this lead is to summarize all general ledger accounts that
are combined into the cash and cash equivalents account on the financial statements. The
lead schedule also has adjusting journal entries, if any, that are proposed by the auditor. In the
top-left corner of the lead schedule are the client name, period-end, and currency unit (in this
example, balances are rounded to the nearest thousand dollars). In the top center of the lead
schedule is section identification (C). In the top-right corner, details of the working paper pre-
parer and reviewers are documented. Next, details of the cash and cash equivalents balance
are listed. For each item listed in the lead schedule, the following are noted.
• General ledger account number, per the client records.
• General ledger account name, per the client records.
• Preadjusted balance, any adjustments, and the audit-adjusted current-year balance per
the client’s trial balance (TB).
• The prior-year balance, per the prior-year audit file (PY).
• Variance and percentage change, the calculated difference between the prior-year and
current-year balances.
• The cross-reference to the working paper where supporting documentary evidence is
kept for each balance (e.g., C02).
The final section of the lead working paper includes any relevant background information
about the account and comments based upon completed testing.
ILLUSTRATION 5.15 Working paper example: Cash lead schedule
Bell Bowerman, LLP
Client: New Millennium Ecoproducts
Period-end: 12/31/2025
Currency unit: $000
C–LEAD
Reference: C-Lead
Prepared by: KM 1/21/2026
Reviewed by: SO 1/22/2026
Reviewed by: MM 1/24/2026
Lead schedule:
Account
no. Account name
Pre-
adjusted
balance
12/31/2025 Adjustments
Adjusted
current-year
balance
12/31/2025
Prior-year
balance
12/31/2024 Variance Ref
Cash in Bank: Wells Fargo $ 11,000 $0 $ 11,000 TB PY 5% C01
Cash in Bank: U.S. Bank 134 0 134 TB PY 0% C02
Cash in Bank: Barclays 126 0 126 TB PY 0% C03
Cash in Bank: Citigroup 56 0 56 TB PY 12% C04
10400
10500
10100
10200
10300
Short-Term Deposits 5,796 0 5,796 TB PY 4% C05
Total Cash and Cash
Equivalents
$17,112 $0 $17,112
$ 10,500
134
126
50
5,600
$16,410
$500
0
0
6
196
$702 4%
Key to audit tick marks (TM):
TB Agrees to client’s trial balance.
PY Agrees to prior-year audit file.
Background: No significant changes in banks or bank accounts from the prior period. Note: Analytical review on movements in the cash flows has
been performed on the cash flow schedule — see A1.1.
Comments: Cash and cash equivalents: In line with budget and change consistent with level of activity for the period (see also our review of the
statement of cash flows referenced in A1.1). Short-term deposits: Although the balance is very consistent with previous period, inclusion of
short-term deposits within cash and cash equivalents is acceptable (refer to C5).
%
Variance
c05AuditEvidence.indd 32 7/23/21 8:20 AM
Real-World Examples
Audit Reasoning Examples apply chapter
concepts in brief real-world scenarios that
students might encounter in a professional
environment. They also provide real-world
company examples of chapter concepts.
Professional Skepticism and Audit Risk 3-15
Professional Skepticism
Auditors have a responsibility to plan and perform an audit with professional skepticism.
Professional skepticism is an attitude adopted by auditors when conducting all phases of the
audit. It means that auditors remain independent of the entity, its management, and its staff
when completing the audit work. In a practical sense, professional skepticism means au-
ditors maintain a questioning mind and thoroughly investigate all evidence presented by the
client (AS 1015.07). For example, AU-C 200.A22 states auditors should be skeptical if any of
the following arise during the audit:
• Audit evidence recently gathered that is contradictory to other evidence previously gathered.
• New information that brings into question the reliability of client documents or responses
to auditor inquiries.
• Conditions that may provide evidence of possible fraud.
• Situations that indicate the need for additional audit procedures beyond what is required
by generally accepted auditing standards.
Does maintaining professional skepticism mean auditors should assume client manage-
ment is being dishonest? The answer is no. Auditors should not assume management is dis-
honest, but at the same time, auditors should not assume management is always honest or
correct. Using professional skepticism means that even if auditors believe management and
those charged with governance are being honest, they should gather reliable evidence to sup-
port management’s responses to auditor inquiries and to support amounts and disclosures
in the financial statements. Throughout all phases of the audit, auditors should keep these
questions in mind when gathering audit evidence: Is this information reliable? Do we need to
perform more audit procedures? When auditors exercise professional skepticism during the
risk assessment phase, it helps to ensure they are using appropriate assumptions when devel-
oping their audit strategy that will be used in the risk response phase. In the reporting phase,
auditors use professional skepticism when evaluating the evidence gathered and forming an
opinion that the financial statements are presented fairly.
professional skepticism an
attitude that includes a question-
ing mind, being alert to condi-
tions that may indicate possible
misstatement due to fraud or
error, and a critical assessment of
audit evidence
Audit Reasoning Example Professional Skepticism
An auditor was auditing a recreational vehicle (RV) dealership. The auditor had obtained some
initial financial information from the client showing unaudited results for the end of the third
quarter. Sales were up and profit margins were up, making it the best year so far for the client.
Interim records showed that inventory was also up, and the client’s inventory records showed over
300 RVs on hand at the end of the third quarter. The audit senior went to talk to the audit man-
ager about the good news and the client’s performance. The audit manager asked the senior a key
question. “You did the inventory observation last year. How many RVs did the client have then?”
“I think it was about 210,” the senior replied. Then the audit manager asked, “How full was the lot
last year?” The senior replied that it was “almost overflowing” the year before. The manager then
said, “Let’s look at this more skeptically. I don’t think they have storage capacity for another 90
RVs even though sales are up. There could be an error in the inventory records. This information
makes me believe that the existence of inventory is a very high inherent risk.”
Audit Risk
Audit risk is the risk that an auditor expresses an inappropriate audit opinion when financial
statements are materially misstated (AU-C 200 Overall Objectives of the Independent Auditor
and the Conduct of an Audit in Accordance With Generally Accepted Auditing Standards and
AS 1101 Audit Risk). This means the audit report states the financial statements are presented
fairly, in all material respects, when in actuality the financial statements contain a material
error or fraud. While it is impossible to eliminate audit risk, auditors aim to reduce it to an
c03RiskAssessmentPartI.indd Page 3-15 24/01/19 9:35 PM F-0590 /208/WB02435/9781119401810/ch03/text_s
3-28 CHAPTER 3 Risk Assessment Part I
• Ongoing losses.
• Rapid growth.
• Poor cash flows combined with high earnings.
• Pressure to meet market expectations and profit targets.
• Planning to list on a stock exchange.
• Planning to raise debt or renegotiate a loan.
• The client being about to enter into a significant new contract.
• A significant proportion of remuneration tied to earnings (that is, bonuses or stock options).
Audit Reasoning Example Fraud at Toshiba: Part I
You may be familiar with Toshiba Corporation, a publicly traded Japanese company headquar-
tered in Tokyo that makes consumer electronics, household electronics, office equipment, and
more. In July 2015, the CEO of Toshiba announced he was resigning amid an accounting scandal
in which profits had been overstated for the past seven years by approximately $1.9 billion (224.8
billion yen). What incentives and pressures were involved that led to the fraud? The technology
industry is extremely competitive and Toshiba’s upper management set aggressive profit targets.
The home electronics and appliances division was showing losses and the memory chip division
was feeling pressure because of decreasing demand from Chinese electronics companies.6
As an
example, in September 2012, the head of the digital products and service division was told by the
CEO to improve a 24.8 billion yen loss into a 12 billion yen profit in just three days!7
Think about
how the external auditor would learn about the incentives given to lower-level management. How
might an internal auditor learn about these incentives?
Opportunities to Perpetrate a Fraud
After identifying one or more incentives or pressures to commit a fraud, auditors assess
whether a client’s employees have an opportunity to perpetrate a fraud. Auditors utilize their
knowledge of how other frauds have been perpetrated to assess whether the same opportuni-
ties exist at the client. While the examples below of opportunities to commit a fraud suggest
a fraud may have been committed, their existence does not mean a fraud has definitely oc-
curred. Auditors must use professional judgment to assess each opportunity in the context of
other risk indicators and consider available evidence thoroughly.
Examples of opportunities that increase the risk that a fraud may have been perpetrated
include:
• Accounts that rely on estimates and judgment (discussed further in Chapter 9).
• A high volume of transactions close to year-end.
• Significant adjusting entries and reversals after year-end.
• Significant related-party transactions (discussed further in Chapter 4).
• Poor corporate governance mechanisms.
• Poor system of internal control (discussed further in Chapters 6 and 8).
• A high turnover of staff with accounting or internal control responsibilities.
6
E. Pfanner and M. Fujikawa, M. “Toshiba Slashes Earnings for Past Seven Years,” The Wall Street Journal,
September 7, 2015. https://www.wsj.com/articles/toshiba-slashes-earnings-for-past-7-years-1441589473
7
K. Nagata. “Pressure to show a profit led to Toshiba’s accounting scandal,” The Japan Times, September 18,
2015. http://www.japantimes.co.jp/news/2015/09/18/business/corporate-business/pressure-to-show-a-profit-
led-to-toshibas-accounting-scandal/#.WNJjNmQrLjA
c03RiskAssessmentPartI.indd Page 3-28 24/01/19 9:35 PM F-0590 /208/WB02435/9781119401810/ch03/text_s
Conceptual Illustrations
NEW situational art helps students
conceptualize auditing concepts.
Johnson_FM.indd 9 8/24/21 9:42 AM
11. x
Engaging Students
The Auditing online homework system features a suite of teaching and learning resources
that were developed under close review of the authors. In the homework system, students can
access review content and practice assessment that will help them better understand course
material.
Student Practice
Each chapter includes practice questions
for each learning objective that students
can review to assess their understanding
of chapter topics.
Data Visualization
Assignments—Tableau
and PowerBI
Tableau and NEW PowerBI visual-
izations accompanied by assessments
are available with most chapters.
IDEA Cases
Select chapters include IDEA cases and case video
resources that allow students to use IDEA software
to analyze data. An IDEA casebook and accompany-
ing data sets, provided by Audimation Data Analytic
Software and Services, is also available.
Alteryx
NEW Alteryx cases and supporting video
resources are available with some chapters.
Gradable Excel
Select chapters include gradable Excel questions that
assess students’ understanding of Excel formulas.
Johnson_FM.indd 10 8/24/21 9:43 AM
12. ENGAGING STUDENTS xi
Relevant Accounting
Articles
Up-to-date accounting articles and videos
are posted to the Wiley accounting update
site, www.wileyaccountingupdates.com.
Many of these updates address auditing-
related topics.
Adaptive Assignments
Adaptive Assignments ignite students’ con-
fidence to persist so that they can succeed in
their courses and beyond. By continuously
adapting to each student’s needs and providing
achievable goals with just-in-time instruction,
Adaptive Assignments close knowledge gaps
to accelerate learning.
Johnson_FM.indd 11 8/24/21 9:43 AM
13. Preparing for the CPA Exam
For each chapter in the Auditing course, students can access CPAexcel videos, CPA Exam
Practice Questions in the PrometricTM
Testing Interface, and Task-Based Simulations (TBSs),
which are the primary form of assessment used by the American Institute of Certified Public
Accountants (AICPA). These resources:
1. Reinforce understanding of course topics.
2. Demonstrate relevance to show students how the auditing content they are learning will be
assessed on the CPA exam.
3. Build student confidence with early exposure to CPA exam questions.
xii
CPA Exam Practice Questions in
the Prometric™ Testing Interface
Wiley partners with CPAexcel to provide CPA exam
practice questions for each chapter that recreate the
environment students will encounter on the CPA
exam.
Task-Based Simulation in the
Prometric™ Testing Interface
CPA simulations recreate the environment stu-
dents will see on the CPA exam.
CPA Exam Video Lessons
Each chapter includes CPA exam text discus-
sions and videos that provide students with
insight into auditing topics commonly ad-
dressed on the CPA exams.
CPA Exam Assignment
Each chapter includes one CPA exam assign-
ment that allows instructors to assign CPA
multiple-choice questions. Student perfor-
mance is tied to the gradebook.
Johnson_FM.indd 12 8/24/21 9:43 AM
14. xiii
Each chapter of Auditing has over 300 assessment questions that can help keep your students
engaged and on track.
End-of-Chapter Assessment
Questions and Problems
Each Auditing text chapter concludes with over 40 assessment questions and problems you can
use to gauge students’ understanding and ability to apply auditing concepts, as follows:
• Multiple-Choice Questions—Available to quickly and effectively test students’ under-
standing of the chapter material.
•
Short Answer Questions—Open-ended questions that require students to begin
thinking critically about the auditing process.
• Analysis Problems—Based on scenarios students might encounter as auditors in the
business world, analysis problems assess how well students understand specific topics in
a chapter.
Cases
Because no two audits are alike, Auditing uses a practical, case-based approach to help stu-
dents develop professional judgment, think critically about the auditing process, and develop
the decision-making skills necessary to perform a real-world audit. The best way for a student
to learn auditing is to actually do auditing. To help provide real-world application, we have
developed the following cases:
•
Audit Decision Cases—Three cases run through most of the text chapters and provide
a broad review of the audit process (King Companies, Inc., Mobile Security, Inc., and
Brookwood Pines Hospital). In addition, chapter-specific cases help you assess students’
understanding of topics that are the focus of a particular chapter.
•
Cloud 9 Continuing Case—Requires students to apply chapter concepts to the ongoing
Cloud 9 case that is highlighted in the chapter.
To help you more easily identify what questions you want to assign, questions are tagged
with learning objectives, professional AICPA and AACSB outcome standards, Bloom’s
Taxonomy level, level of difficulty, and a recommended time of completion. You can track
student performance in the gradebook found in the Wiley online homework system.
Test Bank
Over 150 NEW, more challenging application and analysis questions were added to this edi-
tion’s test bank. Each chapter of the test bank has between 130 and 200 questions that you
can assign to students in an exam or as graded practice. Question types include true/false,
multiple-choice (NEW multiple-select), fill-in-the-blank, and short answer questions. To help
you more easily identify what questions you want to assign, questions are tagged with learning
objectives, professional AICPA and AACSB outcome standards, Bloom’s Taxonomy level, level
of difficulty, and a recommended time of completion. You can track student performance in
the gradebook.
Student Assessment
Johnson_FM.indd 13 8/24/21 9:43 AM
15. xiv
Acknowledgments
Auditing has benefited tremendously from the input of students who have used this text’s ma-
terial in class. We are also very appreciative of the comments and suggestions we received from
instructors who reviewed and used the first edition of this textbook, as well as the instructors
who participated in development and authoring activities for this new edition. A special thank
you to Kathleen Bakarich. We greatly appreciate her contributions to our Alteryx resources.
Sanaz Aghazadeh
Louisiana State University
Anne Albrecht
Texas Christian University
Matthew Anderson
Michigan State University
LuAnn Bean
Florida Institute of Technology
Marie Blouin
Ithaca College
A. Faye Borthick
Georgia State University
Joe Brazel
North Carolina State University
Billy Brewster
Texas State University
Rich Brody
The University of New Mexico
Melodi Bunting CPA, CMA, CGMA
Wegner CPAs
Jeffrey R. Cohen
Boston College
Emily Cokeley
Rochester Institute of Technology
Sheila Coomes
Kansas State University
Laurence DeGaetano
Montclair State University
Kristina Demek
University of Central Florida
Lisa Derouin
Wisconsin Lutheran College
Raymond Elson
Valdosta State University
Steven Ernest
Baton Rouge Community College
Reza Espahbodi
Washburn University of Topeka
Kel-Ann Eyler
Georgia College and State University
Magdy Farag
California Polytechnic University—Pomona
Dale Flesher
University of Mississippi
Paul Franklin
Purdue Global
Scott Fulkerson
University of California—Santa Barbara
Lori Fuller
West Chester University
Amber Gray
Adrian College
Abo-El-Yazeed Habib
Minnesota State University—Manka
James Hansen
Weber State University
Frederick Harmon
University of Bridgeport
Julia Higgs
Florida Atlantic University
Karen Hooks
Florida Atlantic University
Carol Jessup
University of Illinois—Springfield
Eric Johnson
University of Wyoming
Joe Johnston
Illinois State University
Bill Joyce
Bemidji State University
Brett Kawada
San Diego State University
Walied Keshk
California State University—Fullerton
Katherine Kinkela
Iona College
Milton Krivokuca
California State University—Dominguez Hills
Ellen L. Landgraf
Loyola University—Chicago
Betsy Lin
Montclair State University
Cathy Liu
University of Houston—Downtown
Joe Looney
Hofstra University
Jason MacGregor
Baylor University
Roger Martin
University of Virginia
Susanna Matson
Siena College of Taytay, Philippines
Linda McCann
Metropolitan State University
Karen McDougal
Pennsylvania State University—Brandywine
Linda McKeag
University of Dubuque
Mary Mindak
DePaul University
Ashley Minnich
Park University
Paula Mooney
Savannah State University
Anita Morgan
Indiana University
Grace Mubako
California Stata University—Sacramento
Christine Noel
Metropolitan State University of Denver
Christopher A. Nogot
Siena College of Taytay, Philippines
Connie O’Brien
Minnesota State University—Mankato
Aimee Pernsteiner
University of Wisconsin—Eau Claire
Rossen Petkov
Lehman College
Byron Pike
Minnesota State University—Mankato
Lincoln Pinto
Concordia University Chicago
Marshall Pitman
University of Texas—San Antonio
Dwayne Powell
Arkansas State University
Johnson_FM.indd 14 8/24/21 9:43 AM
16. ACKNOWLEDGMENTS xv
Sridhar Ramamoorti
University of Dayton—Ohio
Matthew Reidenbach
Pace University—New York
Maria Sanchez
Rider University
Matthew J. Sargent
University of Texas at Arlington
Gary Schneider
California State University—Monterey Bay
Dan Schrag
Baldwin Wallace University
Edward B. Seibert
Wesley College
Tim Seidel
Brigham Young University
Jamie L. Seitz
University of Southern Indiana
Suzanne Seymoure
Saint Leo University, University Campus
Margaret B. Shackell-Dowell
Ithaca College
Philip Slater
Forsyth Technical Community College
Vicki Stewart
Texas AM University—Commerce
Jaclyn Strauss
Purdue Global
Floran Syler
Azusa Pacific University
Paula Thomas
Middle Tennessee State University
Andrea Tietjen
Caldwell College
Patricia Timm
Northwood University—Michigan
Madeline Trimble
Illinois State University
Richard Turpen
University of North Carolina—Asheville
Lisa Victoravich
University of Denver
Jim Vogt
University of Colorado—Denver
Rick Warne
University of Cincinnati
Amanda Warren
University of Tennessee—Knoxville
Barrett Wheeler
Tulane University
Angela Woodland
Montana State University
Gail E. Wright
Fengyun Wu
Manhattan College
Aleksandra Zimmerman
Florida State University
Ally Zimmerman
Northern Illinois University
We also want to thank several individuals for their help in
moving this text from concept to publication. This work would
not have come to fruition without the extensive support and
guidance of Emily Marcoux, Veronica Schram, Joel Hollen-
beck, Ed Brislin, Nicole Repasky, Natalie Munoz, Terry Ann
Tatro, and Vimal Shanmugavelu.
We appreciate suggestions and comments from users—
instructors and students alike. Please send us your thoughts
and ideas about the text.
Raymond Johnson Laura Wiley
Sunriver, Oregon Baton Rouge, Louisiana
Johnson_FM.indd 15 8/24/21 9:43 AM
17. Table of Contents
1
Introduction and Overview of Audit
and Assurance 1-1
1.1 Assurance, Attestation, and Audit Services 1-3
Audit Services 1-4
Attestation Services 1-4
Assurance Services 1-5
1.2 Different Assurance Services 1-6
Financial Statement Audits 1-6
Compliance Audits 1-8
Operational (Performance) Audits 1-8
Internal Audits 1-8
1.3 Demand for Audit and Assurance Services 1-9
Financial Statement Users 1-9
Demand for Audit and Assurance Services 1-10
1.4 Preparers and Auditors 1-11
Preparer Responsibility 1-11
Auditor Responsibility 1-12
Auditor Skills 1-12
Assurance Providers 1-13
1.5 The Role of Regulators and Regulations 1-14
Securities and Exchange Commission (SEC) 1-14
Public Company Accounting Oversight Board (PCAOB) 1-15
American Institute of Certified Public Accountants
(AICPA) 1-16
Financial Accounting Standards Board (FASB) 1-19
Committee on Sponsoring Organizations of the Treadway
Commission (COSO) 1-19
National Association of State Boards of Accountancy
(NASBA) and State Boards of Accountancy 1-19
1.6 Audit Report on Financial Statements 1-20
Reasonable Assurance and the Financial Statements 1-20
Materiality and the Financial Statements 1-21
The Auditorʼs Report on Financial Statements 1-21
1.7 Audit Report on Internal Controls over
Financial Reporting 1-27
Reasonable Assurance and Internal Controls 1-27
The Auditor’s Report on Internal Control over Financial
Reporting 1-28
1.8 The Audit Expectation Gap 1-30
Audit Decision-Making Example 1-33
2
Professionalism and Professional
Responsibilities 2-1
2.1 Professionalism and Accounting 2-3
Level of Expertise 2-3
Concern for the Public Interest 2-4
2.2 The Structure of the AICPA Code of Professional
Conduct 2-5
Purpose of the Code 2-5
Organization of the Code 2-6
2.3 Conceptual Framework for Members
in Public Practice 2-7
Steps in the Conceptual Framework 2-7
Applying the Conceptual Framework: An Example 2-10
2.4 Integrity and Objectivity 2-11
Conflicts of Interest 2-11
Subordination of Judgment 2-12
2.5 Independence 2-12
Key Individuals and Independence Requirements 2-14
Employment or Association with an Attest Client 2-18
Nonattest Services 2-19
SEC and PCAOB Independence Rules 2-22
2.6 General Standards 2-25
2.7 Other Rules of Conduct for Members in
Public Practice 2-26
Accounting Principles Rule 2-26
Fees and Other Types of Remuneration 2-27
Confidential Information 2-27
2.8 Auditor Liability Under Common Law 2-28
Liability to Clients 2-29
Liability to Third Parties 2-31
Burden of Proof and Common Law Defenses 2-34
2.9 Auditor Liability Under Statutory Law 2-35
The Securities Act of 1933 2-36
The Securities Act of 1934 2-37
The Foreign Corrupt Practices Act of 1977 2-38
The Private Securities Litigation Reform Acts of 1995 and
1998 2-38
The Sarbanes-Oxley Act of 2002 2-39
Criminal Liability 2-41
Audit Decision-Making Example 2-45
3
Risk Assessment Part I: Audit Risk
and Audit Strategy 3-1
3.1 Client Acceptance and Continuance
Decisions 3-3
3.2 Phases of an Audit 3-8
Risk Assessment Phase 3-9
Risk Response Phase 3-10
Reporting Phase 3-10
3.3 Materiality 3-11
Qualitative and Quantitative Factors 3-11
Setting Materiality 3-12
xvi
Johnson_FM.indd 16 8/24/21 9:43 AM
18. 3.4 Professional Skepticism and Audit Risk 3-15
Professional Skepticism 3-15
Audit Risk 3-16
3.5 Audit Strategy 3-23
Reliance on Controls Approach 3-24
Substantive Approach 3-26
Where Does Data Analytics Fit In? 3-26
3.6 Fraud Risk 3-28
Incentives and Pressures to Commit a Fraud 3-30
Opportunities to Perpetrate a Fraud 3-31
Attitudes and Rationalization to Justify a Fraud 3-32
Fraud Risk Assessment Process 3-32
Audit Decision-Making Example 3-35
4
Risk Assessment Part II:
Understanding the Client 4-1
4.1 Understand the Entity and the Industry 4-3
Gain an Understanding of the Entity 4-4
Gain an Understanding of the Industry and Business
Environment 4-6
Procedures Performed to Gain an Understanding of
the Client 4-8
Compliance with Laws and Regulations 4-8
4.2 Client Approaches to Measuring Performance 4-11
Profitability 4-11
Liquidity, Solvency, and Cash Flow 4-12
4.3 Analytical Procedures 4-13
Comparisons 4-14
Trend Analysis 4-14
Common-Size Analysis 4-15
Ratio Analysis 4-16
Software Tools for Performing Analytical
Procedures 4-19
Factors to Consider When Conducting
Analytical Procedures 4-19
Audit Data Analytics During Risk Assessment 4-20
4.4 Related Parties 4-21
Risk Associated with Related Parties 4-21
Audit Procedures 4-22
4.5 Corporate Governance 4-23
Audit Committee 4-24
Public Company Requirements 4-24
4.6 Internal Control, Information Technology, and
the Client’s Digital Mindset 4-26
System of Internal Controls 4-26
Information Technology 4-26
Client’s Digital Mindset 4-27
4.7 Closing Procedures 4-28
Audit Decision-Making Example 4-31
5 Audit Evidence 5-1
5.1 Management Assertions 5-3
Assertions in the ASB Auditing Standard 5-3
Assertions in the PCAOB Standard 5-7
Relevant Assertions 5-7
5.2 Characteristics of Audit Evidence 5-8
Sufficient Audit Evidence 5-8
Appropriate Audit Evidence 5-9
Persuasive Audit Evidence 5-12
5.3 Procedures for Gathering Audit Evidence 5-13
Inspection of Documents and Assets 5-14
Observation 5-15
Inquiry 5-15
Confirmation 5-16
Recalculation 5-19
Reperformance 5-19
Analytical Procedures 5-20
Scanning 5-20
Audit Data Analytics and Automated Tools 5-20
5.4 Using the Work of Others 5-22
Using the Work of an Auditor’s Specialist 5-23
Using the Work of Internal Auditors 5-25
Using the Work of Another Auditor 5-27
5.5 Documentation—Audit Working Papers 5-29
Permanent File 5-29
Current File 5-30
Examples of Working Papers 5-31
Audit Decision-Making Example 5-36
6
Gaining an Understanding of
the Client’s System of Internal
Control 6-1
6.1 Internal Control Defined 6-3
The COSO Framework 6-4
Inherent Limitations 6-6
Steps for Understanding and Assessing Control Risk 6-6
6.2 Entity-Level Internal Controls 6-8
The Control Environment 6-9
Risk Assessment 6-11
Control Activities 6-13
Information and Communication 6-16
Monitoring Activities 6-17
Internal Control in Small Entities 6-19
6.3 Transaction-Level Internal Controls 6-20
Example Transaction Flows—Sales Process 6-21
6.4 Information Technology (IT) Controls 6-23
Benefits and Risks of IT Systems 6-23
IT General Controls 6-25
IT Application Controls 6-26
IT-Dependent Manual Controls 6-28
TABLE OF CONTENTS xvii
Johnson_FM.indd 17 8/24/21 9:43 AM
19. xviii TABLE OF CONTENTS
6.5 Documenting Internal Controls 6-30
6.6 Identifying Strengths and Weaknesses in a
System of Internal Controls 6-33
Internal Controls and Audit Strategy 6-33
Evaluating Internal Control Weaknesses 6-33
6.7 Use of a Service Organization by an Audit Client 6-34
Significant User Entity Controls over the Service
Organization 6-35
User Auditor Obtains a Systems Organization and
Controls (SOC) 1 Report 6-36
What Is a Soc 2 Report and How Does It Differ from a
SOC 1 Report? 6-38
Audit Decision-Making Example 6-40
7
Risk Response: Performing Tests
of Controls 7-1
7.1 Identify Relevant Transaction-Level Controls and
Determine Preliminary Audit Strategy 7-3
Preventive and Detective Controls 7-4
Manual and Automated Controls 7-7
Determine Preliminary Audit Strategy 7-8
7.2 Procedures for Testing Controls 7-10
Inquiry 7-10
Observation 7-10
Inspection of Physical Evidence 7-10
Reperformance 7-11
Tests of Software Controls 7-11
7.3 Selecting and Designing Tests of Controls 7-12
Selecting the Controls for Testing 7-13
Selecting Audit Procedures 7-15
The Extent of Tests of Controls 7-16
Timing of Tests of Controls 7-20
Benchmarking 7-21
Selecting and Designing Tests of Controls—A Summary 7-22
7.4 Results of the Auditor’s Testing 7-25
Tests of Controls and Audit Strategy 7-27
Classifying Control Exceptions 7-27
7.5 Using a Soc 1, Type 2 Report 7-29
Section 1: Independent Service Auditor’s Report 7-31
Section 2: Management’s Assertion 7-34
Section 3: Management’s Description of the System 7-36
Section 4: Control Descriptions, Related Controls,
and Tests of Operating Effectiveness 7-38
7.6 Documenting Conclusions 7-41
7.7 Management Letters 7-43
Audit Decision-Making Example 7-46
8
Audit Data Analytics 8-1
8.1 Applying the Audit Decision-Making
Framework to Audit Data Analytics 8-3
Step 1: Obtain Company Background Information
and Data 8-4
Step 2: What Is the Audit Problem You Are Trying to
Solve? 8-5
Step 3: Gather Information and Evidence 8-6
Step 4: Perform the Analysis and Evaluate
the Results 8-7
Step 5: Draw an Audit Conclusion 8-8
Audit Documentation 8-9
8.2 Steps Associated with Accessing and Preparing
Data for Audit Data Analytics 8-11
Are the Data Complete? 8-11
Do the Data Need to Be Cleaned? 8-12
Key Questions to Be Addressed in Evaluating
the Relevance and Reliability of Data Used in
Audit Data Analytics 8-12
8.3 Using Audit Data Analytics as a Risk
Assessment Procedure 8-13
Understanding the Risk Analysis Decision Tree 8-14
What Do We Mean by Notable Items? 8-15
Tools for Searching for Notable Items 8-15
What to Do When ADA Identifies a Large Number of
Items for Further Consideration 8-16
8.4 Applying Audit Data Analytics as a Risk Assessment
Procedure 8-18
Cluster Analysis 8-18
Matching Information in Key Data Fields 8-26
Regression Analysis 8-31
Visualization 8-35
8.5 Using Audit Data Analytics as a Substantive
Procedure 8-38
8.6 Applying Audit Data Analytics as a Substantive
Procedure 8-39
Validating Sales Revenue and Accounts Receivable with
Subsequent Cash Receipts 8-39
8.7 Artificial Intelligence and Machine Learning 8-44
Examples from Audit Practice 8-45
The Role of Professional Judgment in the AI
Environment 8-46
Audit Decision-Making Example 8-48
9
Risk Response: Performing
Substantive Procedures 9-1
9.1 Audit Risk and Substantive Procedures 9-3
9.2 Risk Response at the Financial Statement Level 9-5
Auditor’s Understanding of the Entity’s Control
Environment 9-6
Risk of Material Misstatement Due to Fraud 9-6
9.3 Nature of Substantive Procedures 9-7
Determining the Purpose of an Audit Procedure 9-7
Determining the Type of Substantive Procedure 9-8
Initial Procedures 9-9
Substantive Analytical Procedures 9-10
Tests of Details 9-14
ADA and Substantive Procedures 9-15
Johnson_FM.indd 18 8/24/21 9:43 AM
20. TABLE OF CONTENTS xix
9.4 Timing of Substantive Procedures 9-17
During an Interim Period 9-17
During Year-End 9-18
9.5 Extent of Substantive Procedures 9-19
Auditing an Entire Population 9-20
Auditing Select Items from a Population 9-21
9.6 Auditing Accounting Estimates 9-22
Inherent Risk Factors 9-22
Possible Management Bias 9-23
Risk Assessment Procedures for
Accounting Estimates 9-24
Identifying and Assessing the Risks of Material
Misstatement 9-26
Risk Response Procedures for Accounting Estimates 9-26
Overall Evaluation and Documentation 9-28
9.7 Documenting Results of Substantive
Procedures 9-30
Audit Decision-Making Example 9-33
10
Risk Response: Audit Sampling for
Substantive Procedures 10-1
10.1 Audit Sampling versus Audit Data Analytics 10-3
10.2 Sampling Risk and Nonsampling Risk 10-4
Risk of Incorrect Acceptance 10-5
Risk of Incorrect Rejection 10-5
Nonsampling Risk 10-5
10.3 Statistical versus Nonstatistical Sampling 10-7
Population and Sampling Unit 10-7
Sampling Methods 10-8
10.4 Factors That Influence the Sample
Size—Substantive Procedures 10-10
Tolerable Misstatement 10-10
Desired Level of Assurance 10-11
Expected Misstatement in the Population 10-11
Stratification of the Population 10-12
10.5 A Basic Framework for Audit Sampling 10-12
Step 1: Determine the Objectives of the Substantive
Procedure 10-14
Step 2: Determine the Substantive Procedures to
Perform 10-14
Step 3: Determine Whether to Audit a Sample
or the Entire Population 10-14
Step 4: Define the Population and Sampling Unit 10-15
10.6 Applying Probability-Proportionate-to-Size
Sampling for Substantive Procedures 10-15
Step 5: Choose the Audit Sampling Technique 10-15
Step 6: Determine Sample Size 10-16
Step 7: Randomly Select Representative Sample 10-18
Step 8: Apply Audit Procedures 10-20
Step 9: Evaluate Results Statistically and
Judgmentally 10-20
Step 10: Document Conclusions 10-25
Summary of PPS Sampling 10-26
10.7 Applying Nonstatistical Sampling for
Substantive Procedures 10-27
Step 5: Choose the Audit Sampling
Technique 10-27
Step 6: Determine Sample Size Using
Professional Judgment 10-27
Step 7: Judgmentally Select Representative
Sample 10-28
Step 8: Apply Audit Procedures 10-28
Step 9: Evaluate Results Judgmentally 10-29
Step 10: Document Conclusions 10-31
Appendix 10A: Applying Classical Variables
Sampling for Substantive Procedures 10-32
Step 5: Apply Classical Variables Sampling 10-32
Step 6: Determine the Sample Size 10-33
Step 7: Select a Random Sample 10-37
Step 8: Apply Audit Procedures 10-37
Step 9: Evaluate the Sample Results 10-37
Step 10: Document Results 10-39
Audit Decision-Making Example 10-42
11
Auditing the Revenue Process 11-1
11.1 Understanding the Revenue Process 11-3
Understand the Nature of the Revenue Process 11-4
Revenue Transactions 11-4
11.2 How Audit Planning Decisions Affect the
Assessment of Inherent Risk 11-5
Understanding the Entity and Its
Environment 11-6
Determining Inherent Risk in the Revenue
Process 11-10
11.3 Control Activities for Credit Sales 11-14
Example Transaction Flows—Credit Sales 11-15
Evaluate What Can Go Wrong (WCGW) and Identify
Key Controls—Credit Sales and Accounts
Receivable 11-17
11.4 Control Activities for Cash Receipts 11-20
Example Transaction Flows—Cash Receipts 11-20
Evaluate WCGW and Identify Key Controls—Cash
Receipts 11-22
11.5 Control Activities in a “Paperless” Revenue
System 11-24
Initiating an ERS Transaction 11-25
Shipping Goods 11-25
Recording Sales and Receivables 11-25
Electronic Cash Receipt 11-25
Internal Controls in an ERS System 11-26
11.6 Control Activities for Sales Adjustments
and Revenue Process Disclosures 11-27
Granting Sales Returns and Allowances 11-27
Determining Uncollectible Accounts 11-28
Other Controls in the Revenue Process 11-28
Preliminary Audit Strategy 11-29
Johnson_FM.indd 19 8/24/21 9:43 AM
21. xx TABLE OF CONTENTS
11.7 Tests of Controls in the Revenue Process and
Audit Strategy 11-30
Tests of Controls in the Revenue Process 11-30
Fraud Risk Assessment 11-31
Audit Data Analytics as a Risk Assessment Procedure 11-32
The Risk of Material Misstatement and Audit Strategy 11-32
11.8 Substantive Procedures for the Revenue
Process 11-33
Initial Procedures 11-36
Substantive Analytical Procedures 11-36
Audit Data Analytics as a Substantive Procedure 11-36
Tests of Details of Transactions 11-37
Tests of Details of Balances 11-38
Tests of Details of Presentation 11-43
Draw a Final Conclusion 11-44
Audit Decision-Making Example 11-46
12
Auditing the Purchasing and
Payroll Processes 12-1
12.1 Auditing Purchase Transactions and Balances 12-2
Overview of Auditing Purchases 12-2
Understand the Nature of the Purchasing Process 12-3
Purchase Transactions 12-4
12.2 How Audit Planning Decisions Affect the
Assessment of Inherent Risk 12-5
Understanding the Entity and Its Environment 12-5
Determining Inherent Risks in the Purchasing Process 12-9
12.3 Control Activities for Purchases 12-12
Example Transaction Flows—Credit Purchases 12-12
Evaluate What Can Go Wrong (WCGW) and Identify Key
Controls—Purchases and Accounts Payable 12-15
12.4 Control Activities for Cash Disbursements 12-18
Example Transaction Flows—Cash Disbursements 12-18
Evaluate What Can Go Wrong (WCGW) and
Identify Key Controls—Cash Disbursements 12-20
12.5 Evaluated Receipt Settlement (ERS) 12-21
Initiating an ERS Transaction 12-22
Receiving Goods 12-22
Recording Payables 12-22
Electronic Payment 12-22
Internal Controls in an ERS System 12-23
12.6 Control Activities for Purchase Adjustments and
Purchasing Process Disclosures 12-24
Purchase Returns and Allowances 12-24
Other Controls in the Purchasing Process 12-25
Preliminary Audit Strategy 12-25
12.7 Tests of Controls in the Purchasing Process and
Audit Strategy 12-26
Tests of Controls in the Purchasing Process 12-26
Fraud Risk Assessment 12-27
Audit Data Analytics as a Risk Assessment Procedure 12-28
The Risk of Material Misstatement and Audit
Strategy 12-28
12.8 Substantive Procedures for the Purchasing
Process 12-29
Initial Procedures 12-30
Substantive Analytical Procedures 12-31
Audit Data Analytics as a Substantive Procedure 12-31
Tests of Details of Transactions 12-31
Tests of Details of Balances 12-33
Tests of Details of Presentation 12-33
Draw a Final Conclusion 12-34
Appendix 12A: Auditing Payroll 12-35
12.9 Explain the Nature of Payroll Transactions and
Balances 12-36
Understand the Nature of the Payroll Process 12-36
Payroll Transactions 12-36
12.10 How Audit Planning Decisions Affect
the Assessment of Inherent Risk 12-37
Understanding the Entity and Its Environment 12-37
Determining Inherent Risk in the Payroll Process 12-39
12.11 Control Activities for Payroll 12-40
Example Transactions Flows—Payroll Transactions 12-40
Evaluate What Can Go Wrong (WCGW) and Identify Key
Controls—Payroll 12-42
Preliminary Audit Strategy 12-44
12.12 Tests of Controls in the Payroll Process and Audit
Strategy 12-45
Tests of Controls for Payroll 12-45
Fraud Risk Assessment 12-46
Audit Data Analytics Used in Fraud Risk Assessment 12-46
The Risk of Material Misstatement and Audit Strategy 12-46
12.13 Substantive Procedures for the Payroll
Process 12-47
Initial Procedures 12-48
Substantive Analytical Procedures 12-49
Audit Data Analytics as a Substantive Procedure 12-49
Tests of Details of Transactions 12-49
Tests of Details of Balances 12-50
Tests of Details of Presentation 12-50
Draw a Final Conclusion 12-51
Audit Decision-Making Example 12-53
13
Auditing Cash, Inventory, and
Related Income Statement
Accounts 13-1
13.1 Auditing Cash and Cash Equivalents 13-3
How Audit Planning Decisions Affect the Assessment of
Inherent Risk 13-3
Understanding Internal Controls and Developing a
Preliminary Audit Strategy 13-4
Assessing Control Risk, Fraud Risk, and RMM and
Determining a Final Audit Strategy 13-5
Substantive Procedures for Cash and Cash
Equivalents 13-6
Draw a Final Conclusion 13-13
Johnson_FM.indd 20 8/24/21 9:43 AM
22. 13.2 Auditing Inventory 13-13
How Audit Planning Decisions Affect the Assessment of
Inherent Risk 13-14
Understanding Internal Controls and Developing a
Preliminary Audit Strategy 13-17
Assessing Control Risk, Fraud Risk, and RMM and
Determining a Final Audit Strategy 13-19
Substantive Procedures for Inventory 13-21
Audit Decision-Making Example 13-31
14
Auditing Investing and Financing
Activites 14-1
14.1 Auditing Property, Plant, and Equipment 14-2
How Audit Planning Decisions Affect the Assessment of
Inherent Risk 14-3
Understanding Internal Controls and Developing a
Preliminary Audit Strategy 14-5
Assessing Control Risk and Fraud Risk, and Determining a
Final Audit Strategy 14-7
Substantive Procedures for Property, Plant, and
Equipment 14-7
Draw a Final Conclusion 14-12
14.2 Auditing Financing Activities 14-13
How Audit Planning Decisions Affect the Assessment of
Inherent Risk 14-13
Understanding Internal Controls and Developing a
Preliminary Audit Strategy 14-16
Assessing Control Risk and Fraud Risk, and Determining a
Final Audit Strategy 14-17
Substantive Procedures for Long-Term Debt 14-18
Substantive Procedures for Stockholders’ Equity 14-21
Audit Decision-Making Example 14-25
15
Completing the Audit 15-1
15.1 Audit Procedures for Loss Contingencies 15-3
Accounting for Loss Contingencies 15-3
Auditing Loss Contingencies 15-4
Legal Letter 15-4
15.2 Subsequent Events 15-7
Accounting for Subsequent Events 15-8
Auditing Subsequent Events 15-9
15.3 Engagement Wrap-Up 15-11
Final Analytical Procedures 15-11
Final Evaluation of Audit Findings 15-12
Completion of Working Paper Review 15-17
Engagement Quality Review 15-18
Completion of Documentation 15-19
15.4 Going Concern 15-20
Management Responsibility 15-20
Auditor Responsibility 15-21
Audit Procedures to Evaluate Going Concern 15-21
15.5 Management Representation and Communication
with Those Charged with Governance 15-23
Management Representation Letter 15-23
Communication with Those Charged with Governance 15-26
Audit Decision-Making Example 15-30
16
Reporting on the Audit 16-1
16.1 Standard Unmodified/Unqualified Audit
Report 16-3
16.2 Additional Wording for the Standard Unmodified
Report 16-9
Going Concern Section 16-9
Emphasis Added at Discretion of the Auditor 16-10
Consistency of Financial Statements 16-11
16.3 Opinion Based in Part on the Report of Another
Auditor 16-13
16.4 Modifying the Audit Opinion 16-15
Departure from Applicable Financial Reporting
Framework 16-16
Scope Limitation 16-18
16.5 Subsequently Discovered Facts 16-24
Subsequently Discovered Facts That Become Known
Before the Report Release Date 16-24
Subsequently Discovered Facts That Become Known After
the Report Release Date 16-26
16.6 Reports on the Audit of ICFR 16-28
Standard Unqualified Opinion on ICFR 16-28
Modified Opinion on ICFR 16-30
Integrated Audits for Private Companies 16-32
16.7 Preparation, Compilation, and Review
Engagements 16-32
Preparation of Financial Statements 16-33
Compilation of Financial Statements 16-33
Review of Financial Statements 16-35
Audit Decision-Making Example 16-39
APPENDIX A
Cloud 9 Inc. Audit A-1
Cloud 9 Inc. Company Background A-1
Personnel A-2
Financial Information A-2
Transcript of Meeting with David Collier A-4
AUDITING AND ASSURANCE STANDARDS AS-1
GLOSSARY G-1
INDEX I-1
TABLE OF CONTENTS xxi
Johnson_FM.indd 21 8/24/21 9:43 AM
24. 1-1
Introduction and Overview of
Audit and Assurance
CHAPTER 1
Audit
Data
Analytics
(Chapter
8)
Audit
Evidence
(Chapter
5)
Client Acceptance/Continuance and Risk Assessment
(Chapters 3 and 4)
Developing Responses to Risk and an Audit Strategy
Gaining an
Understanding of
the Client
Identifying Significant
Accounts and
Transactions
Setting Planning
Materiality
Making Preliminary
Risk Assessments
Gaining an Understanding
of the System of Internal Control
(Chapter 6)
Overview of Audit and Assurance
(Chapter 1)
Completing and Reporting on the Audit
(Chapters 15 and 16)
Reporting
Drawing Audit
Conclusions
Procedures Performed Near
the End of the Audit
Auditing Investing and
Financing Activities
(Chapter 14)
Auditing Cash and
Inventory
(Chapter 13)
Auditing the Purchasing
and Payroll Processes
(Chapter 12)
Auditing the
Revenue Process
(Chapter 11)
Performing Tests of Controls
(Chapter 7)
Performing Substantive Procedures
(Chapter 9)
Audit Sampling for Substantive Procedures
(Chapter 10)
Professionalism and Professional Responsibilities
(Chapter 2)
The Audit Process
c01IntroductionAndOverviewOfAuditAndAssurance.indd 1 8/23/21 1:55 PM
25. 1-2 Chapter 1 Introduction and Overview of Audit and Assurance
Auditing and Assurance Standards
PCAOB
Framework for Audits of Public Companies
AS 2201 An Audit of Internal Control Over Financial
Reporting That Is Integrated with An Audit of Financial
Statements
AS 3101 The Auditor’s Report on an Audit of Financial
Statements When the Auditor Expresses an Unqualified
Opinion
AUDITING STANDARDS BOARD (ASB)
Framework for Audits of Private Companies
AU-C 200 Overall Objectives of the Independent Auditor
and the Conduct of an Audit in Accordance with Generally
Accepted Auditing Standards
AU-C 700 Forming an Opinion and Reporting on
Financial Statements
Learning Objectives
LO 1 Differentiate among assurance, attestation, and
audit services.
LO 2 Describe the different types of assurance
services.
LO 3 Explain the demand for audit and assurance
services.
LO 4 Discuss the different roles of the financial
statement preparer and the auditor.
LO 5 Identify the roles of different regulators and
organizations that affect the audit profession.
LO 6 Explain the concepts of reasonable assurance and
materiality, and the nature of an unqualified/
unmodified report on the audit of financial statements.
LO 7 Explain the concept of reasonable assurance and
the nature of an unqualified report on internal controls
over financial reporting.
LO 8 Discuss the audit expectation gap.
Cloud 9 Continuing Case
Cloud 9 Inc., a listed company (publicly traded) in the United
States, is looking to expand. Stotez Shoes was seen as a potential
target.
In 1985, Ron Stotez started Stotez Shoes in Seattle, Washington,
manufacturing and retailing customized basketball shoes. Ron
borrowed from the bank to start the company, using his house as
security. Over the years, he worked very hard to establish a profit-
able niche in the highly competitive sport shoe market. Ron repaid
the bank in 1999, and he vows to never borrow again.
As the business grew, Ron’s wife and three adult children
started to work with him, with responsibility for administration,
marketing and sales, production, and distribution. By the early
2000s, Ron’s business employed 20 people full-time, most of whom
work in production. There are also several seasonal employees and
part-time staff in the retail outlet in Seattle, particularly during
busy periods.
In February 2023, Ron received a call from Chip Masters, the
senior vice president of Cloud 9. Chip expressed an interest in buy-
ing Stotez Shoes. Ron wants to retire, and his children are starting
to fight among themselves about who is going to take over their
father’s business. Ron is looking for an exit strategy, but he does not
want Chip to know that. He asks if Chip is ready to talk about the
price. Chip says he is, but first he needs to see the audited financial
statements for Stotez Shoes.
This text is designed to provide you with the opportunity to learn about auditing by using a practical, problem-based approach.
Each chapter begins with some information about an example audit client—Cloud 9 Inc. (Cloud 9). The chapter then provides the
underlying concepts and background information needed to deal with this client’s situation and the problems facing its auditor. As
you work through the chapters, you will gradually build your knowledge of auditing by studying how the contents of each chapter are
applied to Cloud 9. The end-of-chapter exercises and problems also provide you with the opportunity to study other aspects of Cloud
9’s audit, in addition to applying the knowledge gained in the chapter to other practical examples.
c01IntroductionAndOverviewOfAuditAndAssurance.indd 2 8/23/21 1:55 PM