Auditing Theory Exam Summary
Week 1
Chapter 1.2 What is an Audit?
Audit: Systematic, independent evaluation of evidence about management’s assertions against established
criteria, with results reported to users.
➔ Purpose is to lend credibility (reasonable assurance) to the (financial) statements.
Types of Audit=
• Financial Statement Audit: Examines financial statements to judge whether they fairly present the entity’s
financial position, performance, and cash flows.
• Operational Audit: Reviews a unit/process to assess efficiency and effectiveness of performance.
• Compliance Audit: Checks whether the organisation follows specified laws, rules, procedures, or
regulations.
Key Concepts=
• Assertions: Management claims (e.g., existence, completeness, rights/obligations, valuation,
presentation).
• Audit Opinion: Auditor’s conclusion on fairness of the financial statements.
• Professional Skepticism: Questioning mind; alert to error or fraud; critically assess evidence.
• Professional Judgement: Apply training and experience to make informed audit decisions within
standards.
• Materiality: A misstatement is material if it could influence user decisions.
Audit Process=
1. Plan: Understand entity, set materiality, assess risks (FS-level and assertion-level).
2. Evaluate Controls: Understand and, where relevant, test internal controls.
3. Perform Substantive Procedures: Test transactions, balances, and disclosures.
4. Obtain Evidence: Sufficient and appropriate (reliable and relevant).
5. Conclude & Report: Form opinion and issue the audit (assurance) report.
Inherent Limitations=
• Sampling risk: Not all items are tested.
• Control limitations: Controls can be overridden or fail.
• Reliance on external info: Authenticity may be uncertain.
• Persuasive (not conclusive) evidence: Most audit evidence is not definitive.
• Judgement-based: Estimates and auditor judgements affect outcomes.
• Going concern uncertainty: Future viability is difficult to predict.
Chapter 2.6 Standard Setting
IAASB: Role and Scope=
• International Auditing and Assurance Standards Board (IAASB) under IFAC.
• Issues global standards: ISQMs/ISQCs, ISAs, ISAEs, ISSAs, ISREs, ISRSs.
• Goal: harmonized, consistent audits and assurance worldwide; public interest oversight by PIOB.
Categories of IAASB Standards
Standard Purpose
ISQMs/ISQCs Quality management for audit firms
ISAs Audits of historical financial information
ISAEs Assurance on non-historical information
ISSAs Sustainability assurance engagements
ISREs Reviews of historical financial information
ISRSs Related services (AUP, compilations)
,ISAs: Organization and Topics=
• Adopted in 135+ countries; provide global consistency.
• Number ranges by topic:
o 100–199: Introductory matters
o 200–299: Principles & responsibilities
o 300–499: Risk assessment & responses
o 500–599: Audit evidence
o 600–699: Using the work of others
o 700–799: Conclusions & reporting
o 800–899: Specialized areas
How to Read an ISA=
1. Introduction (scope/effective date)
2. Objective
3. Definitions
4. Requirements (must do)
5. Application & Other Explanatory Material (paragraphs prefixed “A”)
IFRS vs Auditing Standards
• IFRS (IASB): Financial reporting rules for preparing statements.
• Auditing Standards (IAASB): Criteria and procedures to audit/evaluate those statements; separate from
IFRS.
Chapter 4 Exploring the Foundations of Auditing and Assurance
Reasonable Assurance (ISA 200): A high level of assurance but not absolute. The difference between a high
level of assurance and absolute assurance results from the inherent limitations to the work of an auditor:
o Economic impracticality of testing every transaction.
o Time constraints affecting relevance of audit results.
o Use of judgment in financial estimates (e.g. trade receivables).
o Audit evidence is persuasive, not conclusive.
• Auditors may issue an unqualified opinion even if undetected fraud/errors exist.
• Reasonable assurance is the maximum achievable level, despite inherent limitations.
Objective of a Financial Statement Audit (ISA 200:2)=
1. Obtain reasonable assurance that the financial statements are free of material misstatement (fraud or
error) and comply with the applicable framework.
2. Report on the financial statements and communicate findings as required by ISAs.
“True and fair” = true (correct above a threshold) + fair (complete, balanced presentation).
Phase Core Tasks Key Outputs
1. Acceptance/Continuance Assess client integrity, independence, Decision to
competence; evaluate engagement risks; accept/continue;
agree terms. engagement letter.
2. Planning: Understanding & Understand entity, environment, and Risk assessment;
Risk Analysis internal control; identify risks of material materiality; overall &
misstatement at FS and assertion level. detailed audit strategy.
3. Build & Execute Audit Plan Test controls (if relying on them); perform Working papers supporting
substantive procedures (analytical + tests conclusions; identified
of details) to obtain sufficient appropriate misstatements.
evidence.
4. Evaluate & Complete Aggregate misstatements; resolve issues; Auditor’s report;
obtain written representations; perform communications with
subsequent events/going concern work; governance.
form opinion.
,Sufficient Appropriate Audit Evidence=
● Goal: Reduce risk of undetected material misstatement to an acceptable level.
● Evidence must be:
○ Sufficient (quantity)
○ Appropriate (quality: relevant and reliable)
● Sources cover: acceptance work, entity understanding, risk analysis, control testing, substantive tests.
Materiality=
● Definition: A misstatement is material if it influences the judgment of a reasonable user relying on the
financial statements.
● Aggregate includes: errors, omissions, misstatements, and transactions
○ Judgment-Based: No fixed formula; determined by auditor’s professional judgment.
○ Quantitative Materiality: Based on benchmarks (e.g. % of equity, profit, turnover).
○ Qualitative Materiality: Depends on the nature of the item (e.g. management fees vs. inventory).
● Effects-> Drives audit scope, sampling, and extent of procedures. Does not change how controls are
tested, but strong controls reduce RMM.
Internal Control Measures=
● Physical safeguards (e.g. safes)
● Process controls (e.g. counting pallets, scanning goods)
● Monitoring (e.g. management oversight, customer surveillance)
● Effectiveness:
○ Varies by situation; not always black and white
○ Can be direct (e.g. cash count) or indirect (e.g. supervision)
● Audit Relevance: Auditor assesses reliability of controls to determine audit evidence value.
Auditor Ethics Fundamental Principles=
1. Integrity: Act honestly, avoid misleading information
2. Objectivity: Avoid bias or conflict of interest
3. Professional competence and due care: Maintain skills and diligence
4. Confidentiality: Protect sensitive information unless legally required to disclose
5. Professional behaviour: Uphold reputation of the profession
Independence: Critical for maintaining objectivity during audit engagements in mind and appearance
Professional Scepticism=
● Auditor critically evaluates audit evidence.
● Does not assume all information is false but remains objective and questioning.
● Seeks corroborative or contradictory evidence.
● Most audit evidence is persuasive, not conclusive.
, Professional Judgement=
● Auditing involves complex decisions requiring expertise.
● Used in evaluating estimates, assessing management’s assumptions, and determining sufficiency of
evidence.
● Relies on auditor’s experience and context-specific analysis.
Quality Management=
o Engagement level (partner responsibilities): Ethics/independence, acceptance/continuance, competent
team, specialists/reviews, address monitoring results, achieve reasonable assurance.
o Firm level: System of quality management, methodology/tools, training and education.
Documentation=
● Serves two purposes:
○ Supports auditor’s report.
○ Confirms compliance with laws and standards.
● Must allow experienced auditors to understand:
○ Procedures performed
○ Evidence obtained
○ Key findings and conclusions
● Not all details need to be documented if evident from the file.
Engagement Type Subject Assurance Level Typical Output
Audit Historical financial information Reasonable Audit opinion.
(high)
Review (ISRE) Historical financial info Limited Conclusion with moderate
assurance.
Other Assurance Financial or non-financial (incl. Reasonable or Assurance conclusion.
(ISAE/ISSA) sustainability) Limited
Related Services No assurance (e.g., AUP, N/A Factual findings/report.
(ISRS) compilations)
Chapter 6.2 Planning Objective and Procedures
Planning response to identified risks=
1. Understand the entity & environment (incl. internal control).
2. Assess risks of material misstatement (rMM) at financial statement and assertion levels.
3. Determine materiality (overall, performance, and specific).
Phase Objective Key Procedures (condensed)
I. Client & Decide to accept/continue Evaluate client background and reasons; confirm
Engagement and staff appropriately ethical/independence requirements; determine need for
Acceptance specialists; communicate with predecessor; issue
proposal; select team; obtain engagement letter.
II. Planning Establish overall strategy Perform procedures to understand entity, environment,
(scope, timing, direction) and internal control; assess rMMs; set materiality.
and identify/assess rMMs
III. Execution Obtain sufficient Prepare planning memo & detailed audit plan (responses
appropriate evidence to risks); test controls (if relying); perform substantive
procedures: analytical procedures and tests of details
(incl. sampling).
IV. Evaluation & Finalize conclusions and Evaluate governance matters; identify subsequent
Completion report events; review financial statements and other reports;
perform wrap-up; communicate with the board; issue
auditor’s report.
Chapter 6.3 Audit Risk Model
Audit Risk (AR) = Inherent Risk (IR) × Control Risk (CR) × Detection Risk (DR)
• AR = risk of issuing an inappropriate opinion when the financial statements are materially misstated.
• To keep AR acceptably low, the auditor gathers sufficient appropriate evidence.
Week 1
Chapter 1.2 What is an Audit?
Audit: Systematic, independent evaluation of evidence about management’s assertions against established
criteria, with results reported to users.
➔ Purpose is to lend credibility (reasonable assurance) to the (financial) statements.
Types of Audit=
• Financial Statement Audit: Examines financial statements to judge whether they fairly present the entity’s
financial position, performance, and cash flows.
• Operational Audit: Reviews a unit/process to assess efficiency and effectiveness of performance.
• Compliance Audit: Checks whether the organisation follows specified laws, rules, procedures, or
regulations.
Key Concepts=
• Assertions: Management claims (e.g., existence, completeness, rights/obligations, valuation,
presentation).
• Audit Opinion: Auditor’s conclusion on fairness of the financial statements.
• Professional Skepticism: Questioning mind; alert to error or fraud; critically assess evidence.
• Professional Judgement: Apply training and experience to make informed audit decisions within
standards.
• Materiality: A misstatement is material if it could influence user decisions.
Audit Process=
1. Plan: Understand entity, set materiality, assess risks (FS-level and assertion-level).
2. Evaluate Controls: Understand and, where relevant, test internal controls.
3. Perform Substantive Procedures: Test transactions, balances, and disclosures.
4. Obtain Evidence: Sufficient and appropriate (reliable and relevant).
5. Conclude & Report: Form opinion and issue the audit (assurance) report.
Inherent Limitations=
• Sampling risk: Not all items are tested.
• Control limitations: Controls can be overridden or fail.
• Reliance on external info: Authenticity may be uncertain.
• Persuasive (not conclusive) evidence: Most audit evidence is not definitive.
• Judgement-based: Estimates and auditor judgements affect outcomes.
• Going concern uncertainty: Future viability is difficult to predict.
Chapter 2.6 Standard Setting
IAASB: Role and Scope=
• International Auditing and Assurance Standards Board (IAASB) under IFAC.
• Issues global standards: ISQMs/ISQCs, ISAs, ISAEs, ISSAs, ISREs, ISRSs.
• Goal: harmonized, consistent audits and assurance worldwide; public interest oversight by PIOB.
Categories of IAASB Standards
Standard Purpose
ISQMs/ISQCs Quality management for audit firms
ISAs Audits of historical financial information
ISAEs Assurance on non-historical information
ISSAs Sustainability assurance engagements
ISREs Reviews of historical financial information
ISRSs Related services (AUP, compilations)
,ISAs: Organization and Topics=
• Adopted in 135+ countries; provide global consistency.
• Number ranges by topic:
o 100–199: Introductory matters
o 200–299: Principles & responsibilities
o 300–499: Risk assessment & responses
o 500–599: Audit evidence
o 600–699: Using the work of others
o 700–799: Conclusions & reporting
o 800–899: Specialized areas
How to Read an ISA=
1. Introduction (scope/effective date)
2. Objective
3. Definitions
4. Requirements (must do)
5. Application & Other Explanatory Material (paragraphs prefixed “A”)
IFRS vs Auditing Standards
• IFRS (IASB): Financial reporting rules for preparing statements.
• Auditing Standards (IAASB): Criteria and procedures to audit/evaluate those statements; separate from
IFRS.
Chapter 4 Exploring the Foundations of Auditing and Assurance
Reasonable Assurance (ISA 200): A high level of assurance but not absolute. The difference between a high
level of assurance and absolute assurance results from the inherent limitations to the work of an auditor:
o Economic impracticality of testing every transaction.
o Time constraints affecting relevance of audit results.
o Use of judgment in financial estimates (e.g. trade receivables).
o Audit evidence is persuasive, not conclusive.
• Auditors may issue an unqualified opinion even if undetected fraud/errors exist.
• Reasonable assurance is the maximum achievable level, despite inherent limitations.
Objective of a Financial Statement Audit (ISA 200:2)=
1. Obtain reasonable assurance that the financial statements are free of material misstatement (fraud or
error) and comply with the applicable framework.
2. Report on the financial statements and communicate findings as required by ISAs.
“True and fair” = true (correct above a threshold) + fair (complete, balanced presentation).
Phase Core Tasks Key Outputs
1. Acceptance/Continuance Assess client integrity, independence, Decision to
competence; evaluate engagement risks; accept/continue;
agree terms. engagement letter.
2. Planning: Understanding & Understand entity, environment, and Risk assessment;
Risk Analysis internal control; identify risks of material materiality; overall &
misstatement at FS and assertion level. detailed audit strategy.
3. Build & Execute Audit Plan Test controls (if relying on them); perform Working papers supporting
substantive procedures (analytical + tests conclusions; identified
of details) to obtain sufficient appropriate misstatements.
evidence.
4. Evaluate & Complete Aggregate misstatements; resolve issues; Auditor’s report;
obtain written representations; perform communications with
subsequent events/going concern work; governance.
form opinion.
,Sufficient Appropriate Audit Evidence=
● Goal: Reduce risk of undetected material misstatement to an acceptable level.
● Evidence must be:
○ Sufficient (quantity)
○ Appropriate (quality: relevant and reliable)
● Sources cover: acceptance work, entity understanding, risk analysis, control testing, substantive tests.
Materiality=
● Definition: A misstatement is material if it influences the judgment of a reasonable user relying on the
financial statements.
● Aggregate includes: errors, omissions, misstatements, and transactions
○ Judgment-Based: No fixed formula; determined by auditor’s professional judgment.
○ Quantitative Materiality: Based on benchmarks (e.g. % of equity, profit, turnover).
○ Qualitative Materiality: Depends on the nature of the item (e.g. management fees vs. inventory).
● Effects-> Drives audit scope, sampling, and extent of procedures. Does not change how controls are
tested, but strong controls reduce RMM.
Internal Control Measures=
● Physical safeguards (e.g. safes)
● Process controls (e.g. counting pallets, scanning goods)
● Monitoring (e.g. management oversight, customer surveillance)
● Effectiveness:
○ Varies by situation; not always black and white
○ Can be direct (e.g. cash count) or indirect (e.g. supervision)
● Audit Relevance: Auditor assesses reliability of controls to determine audit evidence value.
Auditor Ethics Fundamental Principles=
1. Integrity: Act honestly, avoid misleading information
2. Objectivity: Avoid bias or conflict of interest
3. Professional competence and due care: Maintain skills and diligence
4. Confidentiality: Protect sensitive information unless legally required to disclose
5. Professional behaviour: Uphold reputation of the profession
Independence: Critical for maintaining objectivity during audit engagements in mind and appearance
Professional Scepticism=
● Auditor critically evaluates audit evidence.
● Does not assume all information is false but remains objective and questioning.
● Seeks corroborative or contradictory evidence.
● Most audit evidence is persuasive, not conclusive.
, Professional Judgement=
● Auditing involves complex decisions requiring expertise.
● Used in evaluating estimates, assessing management’s assumptions, and determining sufficiency of
evidence.
● Relies on auditor’s experience and context-specific analysis.
Quality Management=
o Engagement level (partner responsibilities): Ethics/independence, acceptance/continuance, competent
team, specialists/reviews, address monitoring results, achieve reasonable assurance.
o Firm level: System of quality management, methodology/tools, training and education.
Documentation=
● Serves two purposes:
○ Supports auditor’s report.
○ Confirms compliance with laws and standards.
● Must allow experienced auditors to understand:
○ Procedures performed
○ Evidence obtained
○ Key findings and conclusions
● Not all details need to be documented if evident from the file.
Engagement Type Subject Assurance Level Typical Output
Audit Historical financial information Reasonable Audit opinion.
(high)
Review (ISRE) Historical financial info Limited Conclusion with moderate
assurance.
Other Assurance Financial or non-financial (incl. Reasonable or Assurance conclusion.
(ISAE/ISSA) sustainability) Limited
Related Services No assurance (e.g., AUP, N/A Factual findings/report.
(ISRS) compilations)
Chapter 6.2 Planning Objective and Procedures
Planning response to identified risks=
1. Understand the entity & environment (incl. internal control).
2. Assess risks of material misstatement (rMM) at financial statement and assertion levels.
3. Determine materiality (overall, performance, and specific).
Phase Objective Key Procedures (condensed)
I. Client & Decide to accept/continue Evaluate client background and reasons; confirm
Engagement and staff appropriately ethical/independence requirements; determine need for
Acceptance specialists; communicate with predecessor; issue
proposal; select team; obtain engagement letter.
II. Planning Establish overall strategy Perform procedures to understand entity, environment,
(scope, timing, direction) and internal control; assess rMMs; set materiality.
and identify/assess rMMs
III. Execution Obtain sufficient Prepare planning memo & detailed audit plan (responses
appropriate evidence to risks); test controls (if relying); perform substantive
procedures: analytical procedures and tests of details
(incl. sampling).
IV. Evaluation & Finalize conclusions and Evaluate governance matters; identify subsequent
Completion report events; review financial statements and other reports;
perform wrap-up; communicate with the board; issue
auditor’s report.
Chapter 6.3 Audit Risk Model
Audit Risk (AR) = Inherent Risk (IR) × Control Risk (CR) × Detection Risk (DR)
• AR = risk of issuing an inappropriate opinion when the financial statements are materially misstated.
• To keep AR acceptably low, the auditor gathers sufficient appropriate evidence.
