Samenvatting
Summary accounting information systems (AIS) - book: auditing assurance and risk by Knecel & Salterio
- Instelling
- Radboud Universiteit Nijmegen (RU)
- Boek
- Auditing
Summary contains the chapters: 1 t/m 6 + 16 + 17
[Meer zien]Voorbeeld 7 van de 36 pagina's
Voorbeeld 7 van de 36 pagina's
In winkelwagengesponsord bericht van onze partner
Gekoppeld boek
Titel boek:
Auteur(s):
- Uitgave:
- ISBN:
- Druk:
Verkoper
Volgen
Voorbeeld van de inhoud
Summary book accounting information systems:Auditing assurance and risk - Knechel & Salterio
Chapter 1: Assurance and auditing ......................................................................................................... 2
Chapter 2: Managing risk: the role of auditing and assurance ............................................................... 5
Chapter 3: The building blocks of auditing .............................................................................................. 9
Chapter 4: The audit process ................................................................................................................ 14
Chapter 5: Understanding the client’s industry and business .............................................................. 17
Chapter 6: Understanding the client’s industry and business (processes and process control) .......... 22
Chapter 16: The ethical auditor (factors affecting auditor decision making) ....................................... 28
Chapter 17: interpreting Sample-Based audit evidence ....................................................................... 34
1
,Chapter 1: Assurance and auditing
Introduction
Informed decisions should be based on information that is objective, relevant, reliable and
understandable.
Information, business, and global capital markets
Investors base their information on financial statements of publicly listed companies.
Risks that investors face when making decisions based on financial reports:
- Information may be biased (earnings management)
- Information may be irrelevant (unrelated to future prospects of company)
- Information may be inaccurate (accident or manipulated)
- Information may be thought to be ‘sensitive’ → company keeps hidden information
- Information may be complex (confusing / hard to understand)
➢ If investor is unaware of low quality of information → may lead to poor decisions
➢ Role of auditor: reduce these risks for people who use the information
4 reasons for natural demand for auditing / why is audit important to stakeholders of organisation:
1. An audit keeps management honest and motivated since they know they’re being examined.
2. Many stakeholders might not have sufficient expertise to evaluate the quality of financial
statements; an audit serves this role in an efficient and effective manner.
3. Potential investors use audited information to help make their investment decisions
4. Investors and creditors want insurance against errors or fraud with financial statements.
Auditors provide a reasonable level of assurance.
The role of auditing in an international economic system
Access to good information can be used to acquire wealth and power; lack of good information may
lead to failure. Accountants who oversee he company’s information systems, and auditors who audit
the financial statements, are uniquely positioned to increase the usefulness of information which
ultimately contributes to the economic growth of a society
The demand for assurance: integrity, trust, and risk
There is need for integrity and trust in economic activities.
Management reports their performance to owners and other interested parties in the annual
financial statements. However, managers are subject to 2 potentially offsetting forces that might
influence the likelihood that they will misstate financial results for their own benefits:
1. Incentives for showing good performance
2. Ethical principles that emphasize honest dealing
Incentives: motivational forces such as bonuses or compensation
Ethical principles: a counterweight to perverse incentives; defines norms of behavior/conduct that
define inappropriate actions/activities // influence the willingness of individuals (managers) to take
part in inappropriate activities
Incentives
Incentives lead to, on average, better individual decisions → thus not better for everyone/ third
parties → because of information asymmetry
2
,Information asymmetry: one party knows more quality of information provided than another party
- Adverse selection: One can’t distinguish between good and bad alternatives // seller knows
more than buyer
- Moral Hazard (shirking): How individuals (managers) behave when their actions can’t be
observed by other stakeholders. The costs in these cases = Agency costs.
Agency costs: the cost of inappropriate behaviour by the manager and the manager’s loss of earnings
attributable to the owner’s distrust
Ethical principles
Ethical principles can vary among persons. How to determine: “if this action were to appear on the
front page of the local paper, would I be concerned/ ashamed?”
Various perspectives on ethical decision making:
- Utilitarianism: making decisions that will result in an increase in benefits to some while
doing no harm to others
- Golden rule: making decisions that result in treating others in a manner in which the
individual making the decision would like to be treated.
- Theory of rights: the rights of a decision maker and other parties should be equally balanced
in making a decision.
- Theory of justice: decisions should treat all stakeholders fairly, impartially and equitably.
- Enlightened self-interest: making decisions in all parties’ long term self-interests and
avoiding a short-term focus that might harm others.
3 Things an individual can do in an ethically questionable situation:
1. Remain loyal (do nothing) and collude actively/passively in unethical practices.
2. Exit from the situation (quit without informing others)
3. Voice concern (whistleblower; warn others)
The role of corporate governance
Corporate governance: oversight of management’s activities to deal with adverse selection, moral
hazard and ethical breakdowns.
Involves oversight of management’s activities, including establishing strategy, conducting operations
to achieve strategic objectives and manage risks, and communicating effectively with stakeholders.
A system of corporate governance usually includes the Board of Directors, committees of the Board
such as the Audit Committee and Compensation committee, the internal and external auditor.
Audit committee: monitors on behalf of the board and shareholders management’s financial
reporting process.
Financially literate: committee member must be able to read and understand financial statements
appropriate for the complexity associated with the organization
Financial expert: committee member must have served an accounting role or supervised
accountants in a previous or current position such that it can be expected that he or she would have
in-depth understanding of the organization’s financial statements.
Internal auditors: responsible for monitoring on behalf of senior management and the Board of
Directors the effectiveness and efficiency of operations, including the reliability of processes that
handle information within the organization.
3
,The role of the external auditor
Auditor: third party that evaluates the extent to which information is objective, relevant, reliable,
and understandable.
Differentiating assurance, attestation, auditing, and accounting
Assurance services: independent professional services that improve the quality of information, or its
context, for decision makers.
Assurance engagements: engagement in which a practitioner aims to obtain sufficient appropriate
evidence in order to express a conclusion designed to enhance the degree of confidence of the
intended users other than the responsible party about the outcome of he measurement or
evaluation of the underlying subject matter against criteria.
- Direct reporting engagement: the practitioner measures and evaluates information directly
- Attest engagement / attestation: the process of providing assurance about the reliability of
specific information provided by one party to another. Attester adds his/her opinion about
the reliability of information. (written communication)
Accounting: the process by which information about an activity or enterprise is identified, recorded,
classified, aggregated and reported.
Financial accounting: the specific process of identifying, recording, classifying, aggregating and
reporting the information that is required for external purposes by GAAP.
Auditing: the process of providing assurance about the reliability of information
contained in a financial report prepared by management in accordance by GAAP
The nature of assurance and attestation engagements
An auditor/public accountant should only undertake an assurance engagement
when 3 conditions are met:
1. He or she has adequate knowledge of the context in which assurance is to be given.
2. The subject matter of the assurance can be examined with an objective evaluation process.
3. The assurance provider must be independent and objective in regards to the information and
its context.
Criteria for offering attestation services:
1. There must be an assertion being made by one party, the accuracy of which is of
interest to another party (quantitative or qualitative).
2. There must exist agreed-upon and objective criteria that can be utilized to assess
the accuracy of the assertion (common unit of measure and measurement technology).
3. The assertion must be amenable to verification by an independent party. That is, the
accountant must be able to obtain adequate, diagnostic evidence to support or refute the
assertion being made.
4. The accountant should prepare a written conclusion about the accuracy of the assertion(s)
Examples of assurance services include: environmental, ethics, software, royalty, utilization,
investment performance and cost audits.
The auditing profession and regulation
Areas affected by regulation: requirements for entering the profession, organization of accounting
firms, process for updating and modifying the rules under which professionals are governed.
4
,Chapter 2: Managing risk: the role of auditing and assurance
Introduction
The auditor’s overall objective is to determine if the financial statements of an organization are fairly
and consistently reported in accordance with GAAP.
An audit has 4 broad objectives:
1. Ensure that financial statements are presented in accordance with GAAP.
2. Deter (and detect) fraudulent financial reporting
3. Evaluate the likelihood that the organization will continue as a going concern.
4. Report the conclusions from those evaluations to interested stakeholders.
5th objective for public companies (SEC) for trading of securities in US:
5. Evaluate and report to stakeholders about the effectiveness of the internal controls over the
processes by which reports are generated.
Risk management in a business enterprise
The nature of risk
Risk: A threat to an organization that reduces the likelihood that the organization will achieve one or
more of its objectives.
Information risk: the risk that information used in decision making is inaccurate or insufficient
(auditor reduces the information risk).
Enterprise risk management
Enterprise Risk Management (ERM): iterative, continuous process that involves identifying,
assessing, and managing key risks that threaten an organization’s strategic, operational, compliance,
and reporting objectives across all levels and units.
- Risks affect organizations in various ways
- Risks are interrelated
- Risks can only be managed through intervention by management or other stakeholders.
COSO (committee of sponsoring organizations) has become the facto international thought leader on
how enterprises can proactively manage their risks.
COSO’s 2004 enterprise risk management:
1. Different levels at which risks management can be applied: entity, division, unit, or subsidiary
2. Sources of risks: strategic, operations, reporting and compliance with laws and regulations
3. 8 components of an enterprise risk management approach
- Internal environment: the organization’s general philosophy and approach to risk
management. (most important: lays the foundation for all other elements)
- Objective setting: the set of organizational objectives to be supported through risk
management (strategic, operations, reporting and compliance).
- Event identification: the circumstances and events that represent potential risks that are
relevant to the organization’s objectives.
- Risk assessment: the identification and evaluation of potential risks that emanate from the
identified events.
- Risk response: the organization’s basic plan for avoiding, accepting, reducing or sharing risks.
- Control activities: specific activities undertaken by an organization to reduce risk.
5
, - Information and communication: an organization needs information to effectively respond to
risk, and the production and distribution of relevant and timely information will determine
the effectiveness of risk management.
- Monitoring: because circumstances change for any organization , the continuous evaluation
of risk management efforts is necessary to assure its effectiveness over time.
Organizations can approach risks by:
- Avoidance: the organization may attempt to avoid some risks by carefully circumscribing its
activities (avoiding certain markets or products).
- Acceptance: some risks may be accepted as an inevitable, unavoidable result of business
decisions.
- Sharing: risk sharing involves transferring, at a cost, all or part of a set of risks to another
party (insurance, strategic alliances, hedging transactions).
- Reduction: an organization may attempt to reduce many risks by designing and
implementing proactive policies, procedures and processes.
Control Activities: any actions taken to reduce the likelihood/significance of risk
Control activities for compliance risks
Corporate social responsibility reporting (CSR): Under CSR, organizations follow established criteria
for reporting information about the sustainability of the organization and its impact on the
environment.
Control activities over financial reporting risks
Internal controls over financial reporting: activities that directly impact the financial statements
upon which the auditors are issuing an opinion.
COSO’s 2013 internal control framework:
Key differences with COSO ERM:
ERM includes strategic activities and objective setting. Internal control framework uses 5
components of internal control over financial reporting that are a subset of the 8 components of the
ERM framework
5 components of internal control:
- Control environment (part of internal environment)
- Risk assessment: activities the organization performs to identify, asses and prioritize risks.
- Control activities: activities the organization performs to reduce the effect of risk on its
performance.
- Information and communications: the production and distribution of information necessary
for effective internal control.
- Monitoring: the oversight of internal control to determine if it is effective.
Different levels of internal control within an organization:
1. Management level: control environment is the component of the organization’s internal
environment that reflects management’s attitude about internal control over financial
reporting.
2. Internal business processes: activities designed to assure that transactions occurring in a
business process are properly recorded, classified, and maintained.
6
, Implications of risk management for financial performance
The elements of the risk management process relevant to the
auditor:
I. Identifying and understanding he important risks of
the organization
II. Management must decide how to cope with the
potential problem: avoid, accept, share, reduce
III. Monitoring of risk and the effectiveness of
management’s response often required an
information system
IV. Evaluation
V. Continuous improvement
Need for external assurance as a component of risk management
The primary attribute that makes external auditing valuable is that it is designed to provide an
objective check on the reliability and fairness of financial information.
Role of rules, regulations, and standards on risk in the audit
GAAS audit
Overall objective of auditor: obtain reasonable assurance about whether the financial statements as
a whole are free from material misstatement, whether due to fraud or error, thereby enabling the
auditor to express an opinion on whether the financial statements are prepared, in all material
respects, in accordance with an applicable financial reporting framework.
➢ Auditor must do his/her best to verify that the financial statements are accurate, complete
and reasonable given the circumstances of the company.
An audit report for a GAAS audit should include the following information:
1. Types of opinion and basis for that opinion, including any matters that the auditor deems
necessary to emphasize in the report
2. Responsibilities of management and those charged with governance for the financial
statements
3. Auditor responsibilities for the audit of financial statements
Integrated audit
2 phases:
1. Examination of the effectiveness of internal control over financial reporting
2. Examination of the effectiveness of the financial statements
Difference between two main types of audits (GAAS audit and Integrated audit) is the extent to
which the auditor formally evaluates and reports on the effectiveness of internal control over
financial reporting.
Ethical standards
Ethical standards: address who can perform an audit and how auditors should behave
Ethical standards exists to protect the user against risk of poor behaviour by auditors by requiring a
high standard of professional behaviour. They also guid auditors as to what is acceptable professional
behaviour with regard to clients and the public.
7
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper Kelly3012. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €5,99. Je zit daarna nergens aan vast.
Is Stuvia te vertrouwen?
4,6 sterren op Google & Trustpilot (+1000 reviews)
Afgelopen 30 dagen zijn er 53340 samenvattingen verkocht
Opgericht in 2010, al 14 jaar dé plek om samenvattingen te kopen