Small Business Audits: Best Practices Including Risk Assessment and Internal Control

• Chapter 0 - Overview
  • Course Objectives
  • Introduction
  • Organization
  • Conclusion
• Chapter 1
  • Characteristics of a Small Business
  • Learning Objectives
  • Introduction
  • What Is a Small Business?
  • Characteristics
    • Primary Characteristics
    • Secondary Characteristics
  • General Audit Approach for Small Businesses
  • Summary
  • Questions
• Chapter 2 - Independence Considerations
  • Learning Objectives
  • Introduction
  • Authoritative Guidance
  • Other Sources of Independence Rules
  • Application of the Independence Rules
    • Not a Covered Member
    • Formerly Employed by a Client
    • Considering Employment with an Attest Client
    • What If I Accept Employment or a Board Position with an Attest Client?
  • Family Relationships
    • Close Relatives
  • Financial Relationships
    • Mutual Fund Investments
    • Joint Closely Held Investment with a Client
    • Borrowing/Lending
    • Brokerage Account with a Client
    • Bank Account with a Client
    • Insurance Policy with a Client
    • Gifts or Entertainment from a Client
  • Business Relationships
  • Nonattest Services
    • AICPA General Requirements
    • Rules on Performing Bookkeeping Services for a Client
  • Summary
  • Questions
  • Case Studies
• Chapter 3 - Pre-Engagement Activities
  • Learning Objectives
  • Introduction
  • Client Acceptance
    • Prospective Client’s Reputation
    • Communication with a Predecessor Auditor
    • Planning and Supervision
    • Assessment of Required Services
    • Meeting Professional Standards
    • Condition of the Financial Reporting System
  • Engagement Letters
    • Reasons for Engagement Letters
    • Content of the Engagement Letter
    • Common Engagement Letter Deficiencies
    • Client Resistance
  • Related Party Considerations
    • Accounting Standards
    • Audit Procedures
    • Related Parties and Fraud
  • Initial Engagements
    • Replacing Predecessor Auditors
    • Initial Audit of an Unaudited Business
  • Summary
  • Questions
• Chapter 4 - Understanding the Entity and Its Environment
  • Learning Objectives
  • Introduction
  • Information Needed
    • Extent of Understanding
    • Sufficiency of Understanding
    • Purpose of Understanding
  • Risk Assessment Procedures
  • Discussion Among the Audit Team
  • Summary
  • Questions
• Chapter 5 - Audit Risk and Materiality
  • Learning Objectives
  • Introduction
  • Audit Risk
    • Risk of Material Misstatement
    • Detection Risk
    • Assessing the Risk of Material Misstatement
    • Considerations at the Financial Statement Level
    • Considering Internal Control when Assessing Risks
    • Significant Risks
    • Significant Financial Statement-Level Risks
    • Significant Assertion-Level Risks
    • Revision of Risk Assessment
    • Documentation
  • Materiality
    • Planning Materiality
    • Lesser Materiality for Particular Items
    • Tolerable Misstatement
    • Considerations as the Audit Progresses
    • Materiality for Evaluation
  • Summary
  • Questions
• Chapter 6 - Consideration of Internal Control
  • Learning Objectives
  • Introduction
  • Technical Practice Aids
  • Definition and Components of Internal Control
    • Definition
    • Components
    • Limitations of Internal Control
  • Understanding the Control Environment
    • Control Environment Factors
    • Application to Small Entities
  • Understanding Risk Assessment
  • Focus of Risk Monitoring
  • Risk Identification
  • Risk Analysis
  • Managing Change
    • Circumstances Demanding Special Attention
  • Application to Small Entities
  • Understanding Information and Communication
    • Information
    • Communication
    • Means of Communication
    • Application to Small Entities
  • Understanding Monitoring
    • Ongoing Monitoring Activities
    • Separate Evaluations
    • Application to Small Entities
  • Understanding Control Activities
    • Essential Tasks of an Accounting System
    • Control-Related Policies and Procedures
    • Application to Small Entities
  • Procedures to Obtain an Understanding
    • Gathering Information about Internal Control
    • Documentation of Internal Control
  • Summary
  • Questions and Case
    • Case 6-1 – Extent of Understanding of Control Activities
• Chapter 7 - Deficiencies in Internal Control
  • Learning Objectives
  • Introduction
  • SAS Nos. 112 and 115 Communicating Internal Control Related Matters Identified in an Audit
    • SAS No. 112
    • SAS No. 115
    • Key Differences between SAS Nos. 112 and 115
    • Revised Definitions
    • Other Revisions in SAS No. 115
    • Why SAS No. 115 Was Issued
    • Unconditional Requirements in SAS Nos. 112 and 115
    • Application
    • Effects on Audits
    • Effective Dates
  • Indentifying Deficiencies in Internal Control
    • The Auditor’s Responsibility for Identifying Deficiencies in Internal Control
  • Evaluating Deficiencies in Internal Control
    • The Evaluation Process
    • Magnitude
    • Probability of Occurrence
    • Multiple Deficiencies in Internal Control
    • Mitigating Effects of Compensating Controls
    • The Prudent Official Test
    • Examples of Circumstances That May Be Deficiencies, Significant Deficiencies, or Material Weaknesses
  • Communication Requirements
    • Issuing a “No Material Weaknesses” Communication
    • Timing
    • Other Matters
    • Management’s Written Response
    • Deficiencies Communicated but Not Corrected by the Client
    • Inclusion of Additional Statements
  • Issues for Audits of Small Businesses
  • Summary
  • Questions
• Chapter 8 - Analytical Procedures
  • Learning Objectives
  • Introduction
  • Objectives and Timing of Analytical Procedures
  • Sources of Information for Analytical Procedures
  • Types of Analytical Procedures
    • Comparison of Current Financial Data to Prior Periods
    • Comparison of Current Financial Data to Budgets and Forecasts
    • Comparisons to Industry Data
    • Comparisons Using Nonfinancial Information
  • Trend Analysis
  • Ratio Analysis
  • Analytical Procedures in the Planning Phase
    • SAS No. 108 Requirements
    • Relationship with Knowledge of Client
    • Material Misstatements
    • Types of Analytical Procedures Used in Planning
  • Analytical Procedures as Substantive Tests
    • Substantive Analytical Procedures
    • Identifying Significant Differences
    • Significant Unexplained Differences
    • Required Documentation
  • Analytical Procedures in the Final Review Phase
    • Final Review Objectives
    • Approach to Final Review
    • Aggregate of Misstatements
    • Documentation
  • Audit Efficiency
  • Summary
  • Questions and Cases
    • Case 8-1
    • Case 8-2
• Chapter 9 - Designing the Audit Plan
  • Learning Objectives
  • Introduction
  • Financial Statement Assertions
  • Developing Audit Objectives
  • Audit Tests
    • Purpose of the Test
    • Types of Audit Tests
    • Adequacy of Presentation and Disclosure
  • Linking Audit Procedures to Objectives
  • Special Considerations in Selecting Procedures
    • Responsibility for Fraud Detection
    • Completeness Assertion
  • Timing of Audit Procedures
    • Timing of Substantive Procedures
    • Further Substantive Procedures
  • Summary
  • Questions
• Chapter 10 - Extent of Testing
  • Learning Objectives
  • Introduction
  • Characteristics of a Small Business
  • AU Section 350, Audit Sampling
    • Applicability
    • Types of Tests
  • Determining the Extent of Testing without Sampling
    • Assess the Appropriate Level of Tolerable Misstatement
    • Determine an Amount for Individually Significant Items to Be Examined
    • Sufficient, Appropriate Audit Evidence
    • Consideration of Other Procedures
    • Evaluation
  • Planning the Extent of Testing Using Audit Sampling
    • Selection of a Representative Sample
    • Determining Sample Size
    • Projection of Misstatement Based on Sample Results
  • Summary
  • Questions and Case
    • Case 10-1
• Chapter 11 - Consideration of Fraud
  • Learning Objectives
  • Introduction
  • Overview of SAS No. 99
  • Understanding SAS No. 99
    • The Fraud Triangle
    • The Fraud Risk Assessment Process
  • Information Gathering Phase
    • Audit Team Communications
    • Inquiries of Client Personnel
    • Analytical Procedures
  • Considering Fraud Risk Factors
    • Fraudulent Financial Reporting
    • Misappropriation of Assets
  • Consider Programs and Controls and Assess Fraud Risks
    • Attributes of Risk
  • Developing an Audit Response
    • Overall Responses
    • Procedures to Address Specific Accounts or Classes of Transactions
    • Responding to the Risk of Management Override
  • Documentation
  • Fraud Issues Unique to Small Businesses
    • Owner/Manager Dominance
    • Misappropriation of Assets
  • Summary
  • Questions and Case
    • Case 11-1
• Chapter 12 - Completing the Audit
  • Learning Objectives
  • Introduction
  • Commitments and Contingencies
  • Lawyers’ Letters
    • Litigation
    • Unasserted Claims
    • Client Has Not Consulted a Lawyer
  • Management Representation Letter
  • Subsequent Events
    • Types of Subsequent Events
    • Subsequent Review Procedures
  • Related Parties
  • Going Concern Considerations
    • Assessing Results of Audit Procedures
    • Conditions and Events
    • Consideration of Management Plans
    • Procedures When There Is Substantial Doubt
• Risks and Uncertainties
• Summary
• Questions
• Chapter 13 - Latest Developments

732435

Chapter 0 - Overview

Course Objectives

• Recognize the unique characteristics of a small business.

• Understand and apply independence guidance, especially as it relates to small business services.

• Learn how to effectively plan and administer a small business audit.

• Understand audit risk and materiality and how they relate to a small business audit.

• Learn how a small business' system of internal control affects the audit engagement.

• Learn how to use analytical procedures in the audit of a small business.

• Learn how to design an effective and efficient audit program.

• Learn how to determine the extent of testing necessary.

• Recognize the responsibilities for consideration of fraud in an audit engagement.

Introduction

The vast majority of businesses in the United States are "small businesses." According to recent U.S. Small Business Administration statistics there are approximately 23 million small businesses in the United States, which create two out of every three new jobs and account for nearly half of America's overall employment. Although some elements of an audit are common for all organizations, there are unique characteristics of small businesses that must be considered in the audit of a small business' financial statements.

Organization

This course will cover audit issues that are unique to a small business environment. Specifically, the course will address small business characteristics, engagement planning considerations, internal control, audit testing, and fraud. This course is not intended to be a complete review of the audit process, but rather is intended to address audit issues that are unique to small businesses. It is assumed that participants have a basic understanding of the audit process. The course is a combination of discussion, examples to illustrate the concepts, plus thoughtful questions and answers and cases to test the understanding of the concepts covered in the course. The course is organized as follows:

• Chapter 1 – Characteristics of a Small Business. Explores the characteristics of small businesses that make them unique and explains why these characteristics affect the audit of the entity's financial statements.

• Chapter 2 – Independence Considerations. This chapter discusses the authoritative guidance on independence issues, including guidance concerning financial relationships, business relationships, and nonattest services.

• Chapter 3 – Pre-Engagement Activities. Discusses the activities that take place (a) before an engagement is accepted and (b) in the early planning stages of the engagement. Many of these matters should receive attention annually before the start of a continuing engagement. However, they are particularly important and more extensive in the first audit of a new client.

• Chapter 4 – Understanding the Entity and Its Environment. SAS No. 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement, positions obtaining an understanding of the entity and its environment, including its internal control, as an essential part of your risk assessment process. This chapter discusses the extent, sufficiency, and purpose of this understanding.

• Chapter 5 – Audit Risk and Materiality. Audit risk and materiality – the cornerstones of reasonable assurance – and their application to a small business engagement are discussed in this chapter.

• Chapter 6 – Consideration of Internal Control. This chapter covers the auditor's responsibility to consider internal control in audits of small businesses and describes how to incorporate the requirements into an effective and efficient audit strategy.

• Chapter 7 – Internal Control Deficiencies. SAS Nos. 112 and 115, Communicating Internal Control Related Matters Identified in an Audit, requires you to communicate, in writing, to management and those charged with governance control deficiencies that you believe are significant deficiencies or material weaknesses. This chapter discusses the evaluation and communication of internal control deficiencies.

• Chapter 8 – Analytical Procedures. SAS No. 56, Analytical Procedures, requires the auditor to use analytical procedures in the planning stage of the audit to determine the nature, timing, and extent of other audit procedures and in the final review stage as an overall review of the financial information. This chapter discusses those requirements and how to use analytical procedures in the context of a small business audit.

• Chapter 9 – Designing the Audit Plan. When conducting the audit, the auditor must determine what auditing procedures to perform. This chapter explains how the auditor selects procedures that will result in an effective and efficient audit in a small business engagement.

• Chapter 10 – Extent of Testing. In this chapter, the extent of testing in a small business engagement is discussed, with particular emphasis on the applicability of SAS No. 39, Audit Sampling.

• Chapter 11 – Consideration of Fraud. SAS No. 99, Consideration of Fraud in a Financial Statement Audit, provides guidance on the auditor's responsibility to consider the risk of material misstatement due to fraud. This chapter discusses the auditor's responsibility under SAS No. 99, particularly as it relates to the audit of small business.

• Chapter 12 – Completing the Audit. In addition to the audit procedures for specific financial statement components, some other procedures are necessary that are more general in nature. This chapter discusses those general requirements and the conclusion of the audit.

Note. In March, 2006, the Auditing Standards Board issued eight new Statements on Auditing Standards (SASs) which are collectively referred to as the "risk assessment standards." The SASs focus primarily on enhancing the auditor's application of the audit risk model, which is used to assess the risk of material misstatement in a financial statement audit, and to design the nature, timing, and extent of audit procedures to respond to those risks. The SASs emphasize the need to gain an appropriate understanding of the entity and its environment, including internal control, to enable the auditor to apply the audit risk model. Specifically, the SASs

• Require a more in-depth understanding of the entity and its environment, including its internal control, to identify the risks of material misstatement in the financial statements and what the entity is doing to mitigate them;

• Increase the guidance for more rigorous assessment of the risks of material misstatement of the financial statements based on that understanding; and

• Improve the linkage between the assessed risks and the nature, timing, and extent of audit procedures performed in response to those risks. The eight SASs, consist of the following:

• SAS 104, Amendment to Statement on Auditing Standards No. 1, Codification of Auditing Standards and Procedures ("Due Professional Care in the Performance of Work")

• SAS 105, Amendment to Statement on Auditing Standards No. 95, Generally Accepted Auditing Standards

• SAS 106, Audit Evidence

• SAS 107, Audit Risk and Materiality in Conducting an Audit

• SAS 108, Planning and Supervision

• SAS 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement

• SAS 110, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained

• SAS 111, Amendment to Statement on Auditing Standards No. 39, Audit Sampling

These SASs were effective for audits of financial statements for periods beginning on or after December 15, 2006.

Conclusion

This manual is designed to be a permanent reference tool. We hope your reading of this manual enriches your professional learning experience.

Note. We use the terms he and she alternately throughout the course (except when a particular person is mentioned) since both sexes are well represented in the accounting and auditing areas.

Chapter 1 - Characteristics of a Small Business

Learning Objectives

• Examine the various definitions of a small business.

• Understand why certain small business characteristics affect the audit engagement.

• Learn about the primary characteristics of a small business.

• Understand the secondary characteristics of a small business.

Introduction

This chapter lays the foundation for understanding audits of small businesses. In order to understand how an audit of a small business' financial statements may differ from the audit of any other entity's financial statements, the unique characteristics of a small business must be understood.

According to recent research, small businesses contribute significantly to the nation's economy. There are several federal agencies that research small businesses and provide a look at their performance and economic contribution, including the U.S. Department of Commerce, the Bureau of Labor Statistics, and the Small Business Administration.

According to recent SBA statistics, there are approximately 23 million small businesses in the United States. These businesses

• Represent approximately 99.7% of all employers.

• Account for nearly half of America's overall employment.

• Pay 44.5% of total U.S. private payroll.

• Create two out of every three net new jobs added to the economy.

• Represent 97% of all U.S. exporters.

732435