[Anonymous]

Hello,

I am very confused on the flow of audit (from pre-acceptance to end of audit). I am using Becker and everything seems to be understandable until I do the MCQs, which makes me feel like everything I understood was completely wrong.

After accepting the engagement to audit a company, the first step is to obtain an understanding of the client, its environment, and the internal controls.

At this stage, you would do inquiries and analytical procedures to obtain an understanding so you can begin a preliminary risk assessment of potential material misstatements?

Then after that, you would perform test of internal controls for operating effectiveness in detecting material misstatements and substantive procedures to detect material misstatements.

Communicate w/ management about findings, and come up with an opinion?

Is that the general flow of an audit?

The MCQs that asks about what should be done before planning an audit, during an audit, and those type of questions seems to be confusing. So I am hoping understanding the general flow will help clear that up better.

edit: Another question I have about the planning of the overall audit strategy -> this is determined only by the audit team right? And the general plan is put into an engagement letter (signed by the client). While the specific procedures of the plan is put into the audit documentation?

Thanks for your help!

[Study Monk]

Testing of internal controls is part of the risk assessment. You are not testing the internal controls to have an opinion on them but instead trying to find out if there are weaknesses in the internal controls that might lead to material misstatements. Testing internal controls is the first thing you do when beginning an audit from a staff accountant(non manager) perspective.

Testing internal controls is always separate from the actual audit procedures. A lot of audit firms test internal controls before year end and come back and do the audit procedures after year end.

Performing testing procedures can be done right after doing internal controls for a particular account and would look like this:

Test internal controls for accounts receivable and determine this area is an area of risk. Then perform auditing procedures like selecting random invoices from the accounting system and match them to the physical invoices. If the internal controls are really weak you may want to do confirmations with the customers to see if the invoices are not fraudulent.

So basically the internal control review is to help you determine what audit procedures are necessary and where you should spend the most time. If internal controls are super strong in some areas you will probably do analytical procedures which in most cases are less time consuming. If internal controls are weak you may decide to look at almost every transaction.

Internal controls testing is one of the driving forces in determining what audit procedures to choose.

I spoke to an ancient wise man who sent me on a mushroom induced journey through an ancient forest to find the key to passing the CPA exam. A talking spider monkey told me to throw the last of my drinking water in the dirt to find what I was looking for. So I followed his instructions and the following message appeared in the soil:

"Do 5000 multiple choice questions for each section"

[Study Monk]

Testing of internal controls is part of the risk assessment. You are not testing the internal controls to have an opinion on them but instead trying to find out if there are weaknesses in the internal controls that might lead to material misstatements. Testing internal controls is the first thing you do when beginning an audit from a staff accountant(non manager) perspective.

Testing internal controls is always separate from the actual audit procedures. A lot of audit firms test internal controls before year end and come back and do the audit procedures after year end.

Performing testing procedures can be done right after doing internal controls for a particular account and would look like this:

Test internal controls for accounts receivable and determine this area is an area of risk. Then perform auditing procedures like selecting random invoices from the accounting system and match them to the physical invoices. If the internal controls are really weak you may want to do confirmations with the customers to see if the invoices are not fraudulent.

So basically the internal control review is to help you determine what audit procedures are necessary and where you should spend the most time. If internal controls are super strong in some areas you will probably do analytical procedures which in most cases are less time consuming. If internal controls are weak you may decide to look at almost every transaction.

Internal controls testing is one of the driving forces in determining what audit procedures to choose.

I spoke to an ancient wise man who sent me on a mushroom induced journey through an ancient forest to find the key to passing the CPA exam. A talking spider monkey told me to throw the last of my drinking water in the dirt to find what I was looking for. So I followed his instructions and the following message appeared in the soil:

"Do 5000 multiple choice questions for each section"

[Anonymous]

Oh I see, thanks!

That makes sense. I haven't got up to PCAOB standards yet but, for non-issuers (private companies), testing of controls can be optional right?

If the company internal controls seems to be ineffective or is non-existent.

While for substantive procedures, it is always required no matter how effective the controls are?

[Anonymous]

Oh I see, thanks!

That makes sense. I haven't got up to PCAOB standards yet but, for non-issuers (private companies), testing of controls can be optional right?

If the company internal controls seems to be ineffective or is non-existent.

While for substantive procedures, it is always required no matter how effective the controls are?

[Mayo]

@barronn30,

Essentially, yes. It just depends.

Private companies can have financial statement audits, Internal Control audits, or an integrative audit for both. At the end of the day it's whatever the company is hiring you to do an audit of.

However, more typically an auditor will be hired to do an audit of Finanicals. From there they then will usually assess whether or not the control environment is robust enough. If yes, then doing test of controls might allow them to rely on controls enough to do less substantive work. If the control environment sucks overall, then a fully substantive audit might be appropriate.

Mayo, BBA, Macc

[Mayo]

@barronn30,

Essentially, yes. It just depends.

Private companies can have financial statement audits, Internal Control audits, or an integrative audit for both. At the end of the day it's whatever the company is hiring you to do an audit of.

However, more typically an auditor will be hired to do an audit of Finanicals. From there they then will usually assess whether or not the control environment is robust enough. If yes, then doing test of controls might allow them to rely on controls enough to do less substantive work. If the control environment sucks overall, then a fully substantive audit might be appropriate.

Mayo, BBA, Macc

[Author]

Replies