 In this presentation, we will discuss audit procedures. We're keeping in mind our objective. Our objective is to support accounting instruction by clicking the link below, giving you a free month membership to all of the content on our website, broken out by category, further broken out by course. Each course then organized in a logical, reasonable fashion, making it much more easy to find what you need then can be done on a YouTube page. We also include added resources, such as Excel practice problems, PDF files, and more like QuickBooks backup files, when applicable. So once again, click the link below for a free month membership to our website and all the content on it. But the financial statements, as we audit the financial statements, our objective is to give an opinion on the fairness of those financial statements in relation to a set of standards, typically being generally accepted accounting standards. To do that, we're gonna go through audit procedures, and as we go through the audit procedures, we're gonna document that evidence in order to support our opinion. As we go through each of the audit components when we start to test specific accounts, for example, it will be more clear as we think about specific accounts, what type of audit procedures would make sense, what type of assertions would make sense with regards to those specific accounts. However, we wanna take a step back because we wanna think about the audit process as a whole as we plan for the different types of audit procedures, going through the audit process, that's gonna give us a better understanding of the process as a whole. It will also help us to plan more efficient audit procedures as we move forward with them. So we're gonna be discussing here audit procedures from a step back, a general perspective that we would then apply to specific counts and assertions as we will do in future presentations. Audit procedures acts performed by the auditor to gather evidence about whether specific assertions are met. So you'll recall that we're gonna take the full audit, our goal to see if the financial statements are reported fairly, breaking that up to specific assertions, typically assertions related to specific transactions, disclosures and or accounts, then we're gonna apply our audit procedures to those specific assertions. The grouping of the audit procedures will include risk assessment procedures, test of controls and substantive procedures. So we're gonna have the risk assessment, then we're gonna go through the test of controls. You'll recall we're gonna test the controls, which is kind of like the bureaucracy, the process, the checks and balances that are in place. Then we move to the substantive tests. The substantive tests are the ones that would come to most people's mind if we were gonna just start to test things. We would go through and say, hey, let's take a look at these accounts. Let's go through substantive tests related to those accounts. But before we do that within the planning stage, we have audit procedures related to the risk assessment, then the test of controls, which we must rely on to some degree, especially for large publicly traded companies, then put together the substantive tests, which of course we can limit, hopefully, due to the fact that we're gonna fill up some of the bucket of evidence, which we'll talk about this kind of bucket analogy of filling up the bucket to get enough evidence in future or a future part of this presentation. Audit program, set of audit procedures prepared to test assertions for a component of the financial statements. So we're gonna put together then an audit program within the planning stage, and the audit program, once again, a set of audit procedures prepared to test assertions, the assertions by management, for a component of the financial statements. So we break the financial statements down into components in order to assess certain assertions with tests. We're gonna come up with those tests and put them together in the format of an audit program. Audit program for accounts receivable, for example. So now this is gonna be a specific example. We're gonna say, we're looking at the account of accounts receivable. How can we put together an audit program which will consist of tests of assertions? So what are the assertions? What tests can we put together to test them for that specific account of accounts receivable? So the management assertions with regards to accounts receivable are existence. Are the accounts receivable actually there? Outrights and obligations. Do we own the accounts receivable or possibly they sold the accounts receivable and are being collected in some other capacity? Completeness, are the accounts receivable recorded complete and valuation or allocation? So if we go through the audit procedures then, existence. Do they exist? We wanna confirm accounts receivable do exist. And we might do that by basically actually contacting people listed in the accounts receivable possible customers and say, do you indeed owe the company money or had you at this point in time some type of confirmation process? Rights and obligation, inquire of management whether receivables have been sold. So if we have accounts receivable on the books, our question is, did you sell that to basically a collection agency or something like that? Or are they yours basically to collect as possible to sell in essence the accounts receivable? Completeness, agree total accounts receivable subsidiary ledger to accounts receivable control account or general ledger. So typically the accounts receivable will have a subsidiary ledger. That subsidiary ledger is gonna be broken out by typically customer. We wanna make sure that the subsidiary ledgers are gonna agree to the control or the major account, the accounts receivable account. Valuation or allocation, we're gonna test adequacy of the allowance for doubtful accounts. So in other words, accounts receivable under the cruel method generally accepted accounts and principles needs to be set up under the allowance method. Typically if it's gonna be material in terms of the accounts receivable that would not be collectible, we're then gonna have to test and possibly recalculate the calculation for the allowance for doubtful accounts, which would be that contra asset account and lowered the value of the net accounts receivable. Another audit procedure would include the inspection of records and documents. Inspection of records and documents. Evidence from external documents is more reliable than that obtained from internal documents. So when we're going through those documentation as a part of our evidence, if we get that documentation from external sources, that's gonna be more value than from internal sources. Why? Just like it would from a detective. If we're looking at the information and we're auditing the company, the fairness of the financial statements, the assertions being made by the management, then a third party, someone not related to the company is gonna be more valuable, the documentation from them more valuable than that that was created internally because if the internal documentation, if management did want to deceive us, it would be more easy for them to do that with internal documentation. So we always have to maintain this level of skepticism as the auditor. There's a few different ways that we can expect the documentation. If we think about the documentation in terms of source documents and then the journal or the ledger or in essence, the books, we can consider the source document as the driving documentation that leads towards the transaction that will be on the books. If you think about accounting software, then these are gonna be the source documents are usually the documents that actually drive the recording of the transaction within accounting software. So for example, if you work with some accounting software, let's just say QuickBooks and you were to put in the source documents, a check or an invoice or a bill, these are the things that actually would generate the actual journal entry, the thing that would basically trigger the journal entry. Those are gonna be the source documents. So we can trace then the source documents of things that in essence trigger the transactions within the system. They trigger the transactions because of course they're related to the proper point in time or the attempt or the thought is that they are related. In other words, revenues recognized in accordance with the revenue recognition principle and then expenses with accordance with the matching principle or expense recognition. When inspecting documents and records, we often take what we consider to be source documents and we will compare them to the journal or ledger, the related journal or ledger. So the source document is gonna be that driving type of documentation, the documentation that's gonna be driving in essence, the journal entry. Why? Because the documentation is gonna be that which is gonna be as close to the revenue recognition principle or the matching principle with regards to when we recognize revenue or when we recognize expenses. When you look at accounting software, let's take for example, just QuickBooks, that's gonna be the documentation that will actually drive the transaction typically. So when we enter something like a bill, source document, when we enter something like a check, source document, when we enter something like a invoice, that's gonna be a source document. The software will actually record the debits and credits of course at the point in time that we enter that information into the accounting software. So what we wanna do then is say, take a look at that source document and compare it to the books that are being created for it. Couple different ways we can do that. One is we can say, let's take the source document and compare it and track it to what we call it tracing to the actual general ledger. So to do this, we might say something, go out to the client and say, give us these invoices. We've randomly picked these invoices. We'd like you to give us those invoices. We're gonna take those invoices and then we're gonna trace them to what we would think the related journal entry would be on the books. So we start with the source documents. We trace them to what we would see on the books. Now to do that, and if it was an invoice, we would expect to see revenue on the books and possibly accounts receivable on the books. So we're gonna trace them over and see if that is indeed the case. When we do that, we're thinking about completeness because what we're doing is we're starting with the source document, which you would think if we had the source document, we would be, it should be in the books. So we wanna be able to find it in the books. If we don't find it in the books, but we had the source document, we're pretty sure that it should have happened, it should have been recorded, but it wasn't. And that means that we don't think the books are complete or something's wrong in that case. Now notice when we're thinking about completeness, oftentimes we might test revenue and whatnot, but we might be thinking more about those types of things that would make the company look bad because our skepticism is always on the company possibly trying to look better than they are. So we might be doing this more in terms of the tracing for something like a bill. We might be saying, give us all these bills, those would make you look bad and then trace them over or like a loan or something like that and see if they're actually being recorded on the financial statements as they would, as they should. Now we can also go the other way, we can go from the journal, the actual books and we can vouch that back to the source document. So we're gonna say now it's on the books and we're gonna vouch it back. So if we took something like sales, the sales would be generated by what we would think would be invoices. We can start with the books then, pick out those sales items and then say I would like to vouch these back to the actual source document which in that case would be invoices. And we would do this, you would think with something like invoices, revenue because again, if they're trying to look good, what might a company do to try to look good? Increase revenue, how would they increase revenue? Possibly have something on the books in terms of a revenue. And then when you take it back to the source document, there's no related invoice for it or something like that. So in this case, we'd be testing for occurrence and oftentimes when you test for occurrence, you're looking at things like assets and revenue because it's more likely that the company would try to overstate those types of things, assets and revenues. Now we'll take a look at audit procedures with regard to the inspection of tangible assets. So when we think about tangible assets, we're typically thinking about those larger types of tangible assets like property, plant and equipment. And those are types of things that we can physically examine, of course. So if we have on the books, if we look on the books and they say that we have this many pieces of equipment, this many forklifts, this building, this piece of equipment, well, one thing we can do is actually go out there and physically examine whether or not that piece of equipment physically exists. So we may not be able to value it as easily as an audit or anything like that, but we can at least go out there, we can look at it and we can say, yeah, there's a building and we can inspect the tangible assets, usually the larger property, plant and equipment type assets. We can also have inspection of the tangible assets, watching a process or procedure be performed by others with relation to it. Now we're gonna take a look at inquiry as a type of audit evidence. When considering inquiry, it is just what it would sound like, it's us asking questions and typically who are we gonna be asking questions to? Usually it's gonna be some form of management. We're usually talking about upper management and then we're gonna be talking about who's gonna be in charge of a particular type of system and or if we're testing a particular type of process, we may perform inquiry to whoever's in charge of performing whatever type of process we are looking into. So inquiry, evaluate the knowledge, objectivity, experience, responsibilities and qualifications of the individual that is questioned. So as we think about inquiry, we have to think about who it is that we are inquiring. What's gonna be the item that we are testing here? Why are we inquiring this person and is this person qualified to answer the inquiries? Now, when you think about inquiry, you're gonna possibly think in your mind if you're thinking about a detective, you're saying, hey, we're trying to review the management and try to see that this company is performing or putting together the financial statements in accordance with some set of standards as they said they are, therefore, is inquiry reliable? And of course, as we'll see, we'll look at a hierarchy of the type of evidence. Inquiry isn't the most reliable type of evidence, but just like a detective would, we have to go in and of course inquire, document the inquiry and then treat it as we would any other type of piece of evidence, even though it may not be the most high-valued evidence as would evidence that would be from, say, a third party that's not related to the types of assertions that we're trying to test for. So inquiry is a really important thing to keep in mind. Format questions to be clear, concise and relevant. When we ask the questions, we wanna say what's the actual assertion that we are looking for? We wanna format the questions that are gonna be very clear with regards to the specific assertion that we are inquiring about so that we can document the answers and have our audit evidence that we need to complete the audit. Understand and use both open and closed format questions. So we wanna be pretty good at being able to ask questions when we think about these different types of inquiry formats. So when we're trying to get broad knowledge about, say, the environment or the culture of the organization, we might be asking more open questions. What does management think about internal controls? What do they think about the auditing process? What do they think about financial statements and the accuracy of financial statements? These are all open-ended questions that someone could just go on a story about. And then if we're acting a specific type of question, then we might have basically a yes or no type of question, a yes or no type answer of a question. Is this part of your procedures? Do you do this as part of your procedures? Do you sign off? Do you have to talk to someone else in order to get approval for this process or that process? Answers, yes or no? Who is it that you go to for approval in order to approve some components? So there's no very ambiguity in the answer to that. It's pretty much straightforward, one word, few word type of answer. So that can actually have a big effect on how well our inquiry process goes is to be able to use those things well. Understand and apply active listening. So active listening often involves different definitions of active listening, but one definition or one way to apply it would be to actually repeat back what the individual is saying. So if you're asking a question about who do you have to go to in order to get approval or what is the approval process and say they go through a list of basically approval processes, then as we document this information down, we're gonna repeat it back and say, is this my interpretation of what you just said right here? You're gonna do A, B, C and D, this is the process, is that correct? And then in that format we could basically hopefully build rapport at the same time as making sure that we're fully understanding so that we can document what type of inquiry we're going through. Ask appropriate follow up questions based on responses. So as we get better at the audit process, when we think about these types of items, we're gonna, as we go through the questioning, we may have other questions that would be relevant during that time period. Really good if we have a good interviewer that can basically go forward and ask those follow up questions at the point in time that we have the interview as opposed to going back, getting some supervision, and then asking new questions where we got to schedule multiple different engagements. So what we'd like to do is be able to say, ask the questions, any more questions that come up during that time period that we didn't initially have written down, we'll go ahead and ask those at that point in time as well. Next audit procedure is confirmation. Third party, direct written response to the auditors, what the confirmation is gonna be. Notice what we have here, a third party, that's gonna be someone outside of the organization and it's a direct written response, a direct written response meaning it's not going to the company, it's going to the auditor. And the classic example of this that you're gonna do almost all the time, even no matter what the assessment of the risk is, is with cash typically. So when we have cash, we'll typically look for confirmations from the bank to verify considering the fact that cash is a very liquid type of asset and therefore something worth a confirmation process typically. And what we'll do is we'll basically go to the bank and say we would like direct confirmation, not basically, we're not gonna give it on the letterhead of the company and let the company receive it and then give it to us. No, we want it directly from us. We're gonna say, hey, we're the auditor of the company, we're performing an audit in accordance with the company's consent and this is our agreement. We would like to get a confirmation of say the bank balance at this point in time and have that mailed directly to us, right? And that's gonna be the process that we'll typically do and by doing that, it doesn't go into the hands of the company who potentially could alter it. Now, hopefully we're working with a company that won't alter it, but the point is that the evidence is higher valued on our system and what we're trying to do is gather the evidence of high value and so if we get it from the third party, it's higher value in our evidence and so that's what we will typically try to do. Now, as we go through specific confirmations, we'll talk about different types of confirmation. So there's a whole lot of different ways we can word the confirmation. We can, for example, with regards to cash, we can word the confirmation of, the client says that this is the amount of cash balance as of this state and date is that what your records show as well and they would just have to say yes or no or we can ask them for the bank balance and not give them the number which is a bit higher amount of confirmation but also note that the people that we're confirming with don't have to respond to us. So the bank probably will but if we're talking to other people like people that owe them money for accounts receivable, they're more likely to respond to us if we just ask them if a more direct question as opposed to a more open question, they may not mail the confirmation back. So we'll get into more of those types of things when we actually have confirmations related to specific assertions but the reliability varies depending on these kind of factors. The form of the confirmation in part, the type of wording we have in the confirmation, the prior experience with the entity that's gonna be a factor as well and the nature of the information being confirmed. What type of thing is it that we are confirming? Is it cash? Is it accounts receivable? Is it a loan or something that's on the books? So here's gonna be a confirmation process. This is gonna be types of confirmations or things that we typically would consider a confirmation as an audit procedure to gather some audit evidence. So cash, again, almost always will you do cash. Doesn't really matter what the risk factors you say cash is inherently risky. Therefore, we almost always confirm to the bank. We send a letter to the bank, not on the company letterhead but on our letterhead, we are the auditor. We're auditing this company. We would like to confirm any bank, any liabilities as well as cash typically with the bank. And then accounts receivable. So we might have confirmations to customers. And you can see this will be a little bit more difficult. We're not gonna send out a confirmation to all of the customers, but we're gonna say if we can send out a sample of confirmations, we can give an idea that these accounts receivables are real and therefore be good with them. But note that the accounts receivable, the customers aren't as likely to give back the confirmations to us. So we have a bank. If the bank doesn't mail us back the confirmation, we have a problem. If the customers may not mail back the confirmation, we're gonna have to think about what type of confirmation or how many would be acceptable to get back from customers. So inventory on consignment. So what if they have inventory on consignment that's somewhere else that we might have a confirmation for the consignee, the accounts payable. We might have individual actually send things out to the individual vendors, confirmations, not things to the individual vendors. And we'll probably do this more for the receivables because we're more skeptical of the receivables being real. Accounts payable, it's less likely that they're gonna overstate accounts payable. So the confirmation to confirm that the accounts receivable that they're reporting on the books is actually there less likely but could be something worth doing. Bonds payable, the bond holder, insurance coverage. We might contact the insurance company. So audit procedures, we have the recalculation. We can go through recalculation as an audit procedure. We'll go through the mathematical accuracy. So we'll actually go through whatever if it was like depreciation. And we wanted to recalculate it to see if their math was accurate. Any type of estimate, we can do that with allowance for doubtful accounts, we can recalculate it. If it's something a little bit more complicated than the recalculation, we could re-perform it where the auditor executes procedures or controls. So that might include something that's a little bit more complex of a procedure than just the recalculation. But we'll go through those procedures and see if we come out to the same or similar number, something that's in the ballpark, hopefully, to the number that's being used to see if the process that they're putting in place for the calculations and the procedures are in alignment with generally accepted accounting principles. Then we have analytical procedures as a form of audit procedure. Examination of financial information made by a study of plausible relationships in both financial and non-financial data, as well as scanning, which can be defined as reviewing account data to identify significant or unusual items to test. I would consider the analytical procedures as something usually that you would do in the office. So if we're in the auditing office, basically the analytical procedures, we can usually get the data, we get the financial statements, we can run racial analysis, we can say, compare this year to last year, look at the dollar differences, look at the percentage differences year over year, comparing relationship ratio analysis within the current year, and we can look for different types of relationships or unusual items within those relationships or changes that we may want to further dig into as part of the audit evidence and just consider within, you could think of it kind of a scanning process to consider whether the relationship of the numbers look reasonable if there's the items within the relationship of numbers that look unreasonable or worth us looking into further due to changes year over year or to industry standards or something else of that nature. Now that we've looked at some of this data, the different type of evidence, we wanna consider the hierarchy of evidence. When we put together these procedures, we're gonna be thinking about how are we gonna put together these procedures and we wanna do so in the most efficient way. So we have the lower procedures that are gonna be less evident. So we were to think about a court case type of scenario this evidence is good, it fills up the bucket of evidence, but it's not as good of evidence as the higher evidence that we would like over here. So if we only had one piece of evidence, we want the higher evidence rather than the lower evidence. The lower evidence is gonna be the observation and the inquiry. So obviously if we're just gonna ask them something and they're the person that we are judging as to whether they're put in the financial statements in accordance with a standard such as generally accepted accounting principles, they're just saying so is worth something, right? It's worth something, but it's not the highest degree of evidence because they're the people that we're looking into in terms of testing on the procedures. So we want inquiry, we want observation, but those aren't gonna be the highest forms of evidence that we can have. We want them, we're gonna have them, we're gonna fill the bucket with them, but there's not gonna be anything in the bucket, that's not gonna be the only thing in the bucket and we'll get to the bucket analogy shortly here. And then we have inspection of records and documents. So to inspect the records and documents, the confirmation, the analytical procedures and the scanning, these are all in the mid-level. And then the high level is gonna be the inspection of tangible assets, so the re-performance and the recalculation. So in essence, if you think about the high level, that's of course gonna be the stuff that we do as the auditor. We're gonna basically, we've recalculated, we've redone it here, we've re-performed, recalculated, we went and inspected it and so we can rely on ourselves as basically the auditors, the people that are in charge of reviewing. At the mid-level, notice we have the inspection of the records, we have confirmations of gonna be the third party, which is better than the internal confirmation, analytical procedures, comparing to see if there's gonna be differences or changes from year over year, other type of animal and scanning. And then of course the stuff that's gonna be more dependent on the people that we are kind of judging in terms of whether or not they put the financial statements together. Fairly is gonna be the lowest portion of evidence, yet still applicable. So if we consider this process in kind of a flow chart type format, we could start off with, after assessing potential effectiveness of internal controls, will test of controls be conducted? So if we're trying to think about a certain assertion or a certain account, this is the process that we can think about going through. We have after assessing potential effectiveness of internal controls, so we discuss whether the controls are effective or not. Then the question is, should we have further testing on the controls? If we're talking about a publicly traded company, we almost always test the controls. If the controls were not effective, we have a big problem. And we probably, you couldn't complete the audit because we wouldn't be able to do it within the timeframe. We have to test the controls and rely on the controls to some degree. If you have a small company, it may not be that case if it's a non-publicly traded company. So then we're gonna do the test of controls. We're gonna apply our tests of the controls, the bureaucracy. And then we can affect, then we ask the question, can effective and efficient substantive analytical procedures be done? So in the case of this question one, anytime we have a red box, by the way, that means that we have a question of a yes or no. We have a yes or no answer. If the question up here was no, then we would go straight down to this question, can effective and efficient, substantive and analytical procedures be done? The only time that this would be no to this question up top would typically be for a non-publicly traded company, which may not have effective internal controls because they're small. Publicly traded companies must have internal controls if the question, if the answer is no, then we probably can't complete the audit within the time period that would be needed. Then if we take, we're gonna start from here now and we're gonna go forward, we're gonna say, perform substantive analytical procedures. So if they can be done, then we will do them. Is additional substantive evidence needed? So then we ask the question, do we need more evidence at that point in time? If the answer is yes, then we're gonna perform substantive tests of details on transactions and or balances, and then we're gonna have the documentation. Going back up to this red box, if the answer was no, then we're gonna have, are there any performed substantive tests of details on transactions and then do the documentation? If here, the answer is no, do we need any additional tests? And the answer is no, then we go to the documentation. So bottom line, typical type of transaction. After assessing the internal controls, we then typically test the internal controls. And then once we test the internal controls, we're gonna, can effective and efficient substantive analytical procedures be done? Usually the answer is yes. And so we're gonna say yes, perform substantive analytical procedures. Once that's done, we ask the question, given that evidence, do we need more substantive procedures? If the answer is yes, we do more. If the answer is no, then we go, okay, we're good. The bucket is full. We have the evidence necessary in the bucket for that. And therefore we document the results. Now let's take a look at this bucket analogy that we've been talking about here. Note that what we're doing is trying to get some evidence. And you can imagine the evidence we're gathering as so we have to fill up basically a bucket. And once we get the bucket up to a certain level, we could say that we have enough evidence for a particular type of assertion. So we might think that we have the risk assessment procedures as part of our process of filling up the bucket of evidence. Then we have the test of controls because the controls are gonna be something that we're gonna need to depend on. Then we're gonna have the substantive analytical procedures. And note, if the test of controls are strong, we can have less substantive analytical procedures and still fill up this bucket. And then we have the remaining assurance needed from test of details. So we have risk assessment procedures. And so we assess the level of risk. Then we do the test of controls. And that's gonna give us some evidence, but probably not enough. Then we do the substantive tests in order to fill the bucket. We do as many as we think we need to given the risk and the test of controls. And then we assess whether or not any more testing is done and we do remaining assurance needed from the test of details. Another useful way to imagine this is to consider, as we go through the auditing process, when we think about starting off the audit, we often think that we're just gonna go through the balance sheet account and test each line item. And we can kind of think of it that way, but we wanna plan the audit so that we're filling up the buckets as we go. So if this was one particular assertion or one particular account that we're trying to find assertions related to, assertions of completeness, accuracy, cutoff, presentation, disclosure, existence, or occurrence, valuation, rights, and obligations, as we go through planning the audit, we have the test of controls, substantive tests of details, and these things will actually fill up the bucket for multiple different accounts possibly or multiple different assertions as we go. And as we do that, we wanna basically note which buckets are being filled up so that we can limit the amount of work that we're gonna do. So for example, when we go through the controls, testing, and risk assessments, we might start to fill up some of these buckets related to this assertion, completeness, accuracy, cutoff, existence, and whatnot. Then when we go to the substantive testing, then we can say, well, this is gonna start to fill up these buckets here and we can start to consider which buckets need to be more filled up at this point in time. It's not a straightforward process like we work on one bucket at a time. We're trying to plan the audit process so that we do the least work as possible. If we can do one procedure that fills up multiple buckets or something like that, then we're gonna try to do that. Then we have the test of details, which once again could fill up these buckets and you have that overlap. And our goal, of course, is to get enough evidence to fill each assertion's bucket to say that we have enough evidence for that assertion to make a conclusion on that particular assertion.