Audit (chapters 1-12)

Table of contents

ch1: Audit overview

ch2: audit plan

ch3: audit evidence

ch4: audit sampling

Ch5: The impact of information technology on auditing

ch6: Audit working papers

ch7: Risk assessment

Ch8: Risk Response

ch9: Audit of sales and collection cycle

ch10: Audit of the procurement and payment cycle

ch11: Audit of production and inventory cycle

Ch12: Audit of Monetary Funds

---

ch1: Audit overview

1. Audit objective: Whether the financial statements of the enterprise comply with the accounting standards for enterprises and whether they are prepared fairly
2. Assurance includes audit (financial statement audit, corporate internal control audit), review and other assurance services (eg capital verification, predictive financial information review -> limited assurance or reasonable assurance -> 1. The assumption is limited assurance; 2. The use of assumptions is a reasonable guarantee); related services (without providing any degree of guarantee) include the implementation of agreed procedures on financial information -> eg financial management -> analysis and comparison of the difference between the actual profit and the forecasted profit and issuing professional opinions
3. Auditing of financial statements: CPAs provide reasonable assurance on whether the financial statements are free from material misstatements, put forward opinions in a positive manner, and enhance the trust of expected users other than management in financial statements
4. Due to the inherent limitations of auditing: ① What audits provide is reasonable assurance, not absolute assurance ② Most audit evidence is persuasive rather than conclusive ③ Inspection risk cannot be reduced to zero
5. Positive approach to audit conclusions: We believe that the statements have been prepared in accordance with the applicable financial reporting basis in all material respects and have presented fairly. Negative approach to review: We did not note that the financial statements were not prepared in accordance with the applicable financial reporting basis. …
6. Audit working paper is the carrier of audit evidence
7. The review of financial statements is mainly based on inquiry and analysis procedures; Audit -> Inquiry, observation, inspection, analysis procedures, recalculation, and re-execution of confirmation/review and inspection have high risks and few audit evidences, while audit inspections have low risks and many audit evidences
8. Audit elements: "management of the audited unit" prepares "financial statements" based on appropriate "financial report preparation basis" and provides information to "intended users"; The "report" provides five elements of guarantee for "intended users": tripartite relations, financial statements (financial statements are the carrier of the audit object (historical financial status, operating results, financial performance and cash flow)), financial report preparation basis (no need to Only need to evaluate the applicability of the standard to the specific business), audit evidence (internal and external (current period, including the consideration of integrity in quality management procedures), pros and cons (further investigation) none), audit report (in all major aspects)
9. The premise of performing the audit work: the management and governance layer recognize and understand the three responsibilities that they should undertake: ①Responsibility for reporting (preparing financial statements according to the applicable financial report preparation basis, and achieving fair response) ②Responsibility for internal control (design , implement and maintain the necessary internal controls so that the financial statements are free from material misstatements due to fraud or error) ③ Responsibility for conditions (all relevant information, unrestricted access to necessary personnel)
10. Prerequisites for auditing: the existence of an acceptable basis for the preparation of financial reports + the premise of performing audit work
11. The overall objective of financial statement audit: ①Express opinions (financial statement audit, non-internal control audit, and does not provide reasonable assurance on the ability to continue as a going concern) ②Issuing reports (issue reports and communicate with management and governance) ///Audit procedures- >Audit evidence (fixed in the audit working paper) -> Opinion -> Issue audit report
12. Audit Specific Objectives: Reassessment of Assertions
13. Transactions and disclosures: occurrence (true and not fictitious), completeness (no concealment or omission), accuracy, cut-off (there is no inter-period cut-off, only the income statement has a cut-off), classification (collusion in the income statement), presentation
14. Account balances and disclosures: existence, completeness, (accuracy, valuation and allocation), rights and obligations (recognized -> overvalued), classification (indicated by existence and completeness), presentation
15. Problem Solvers: What It Means and Its Concerns
16. No provision for inventory decline: asset impairment loss (completeness), inventory (accuracy, valuation and allocation)
17. Basic requirements for auditing: ① Comply with auditing standards ② Comply with the code of professional ethics ③ Maintain professional skepticism (throughout the whole process) ④ Use professional judgment
18. Maintaining independence can enhance the ability of certified public accountants to maintain objectivity and professional skepticism in auditing
19. : The CPA can make a trade-off between the audit cost and the reliability of the information, but the difficulty, time or cost of the audit itself cannot be used as a reason to omit irreplaceable audit procedures or to be satisfied with less convincing audit evidence. /Professional judgment cannot be used as a reason for CPA’s inappropriate decision-making to maintain professional skepticism, which helps to properly use professional judgment and reduce inspection risks -> but it may increase audit costs
20. Whether or not professional doubt can be maintained largely depends on competence, and professional judgment is the core of competence
21. Standards to measure the quality of professional judgment: ① Accuracy (the extent to which conclusions are consistent with specific standards or objective facts) ② Consistency of opinion (different CPAs agree with each other on the same issue) ③ Stability (the same CPA’s judgment on the same issue at different points in time) The conclusion is the same or similar) ④ Decision-making consistency (the judgment of the same CPA on different issues of the same project has internal logic, such as revenue declines but inventory is sold out -> no logic) ⑤ Defensibility (proper written records -> improve reliability Defendability; the basis of defensibility is: ① sufficiency of reasons ② logic of thinking ③ compliance of procedures)
22. The risk of material misstatement (including the level of financial statements and the level of assertion) refers to the possibility of material misstatement before the audit of financial statements; the risk of material misstatement is related to the risk of the audited entity and exists independently of the audit of financial statements, which is an objective Existing risks; material misstatement risks at the financial statement level and at the assertion level may constitute special risks
23. Inherent risk is the likelihood (by nature) that an assertion is susceptible to misstatement without regard to controls /// Inherent risk levels can be either qualitative or quantitative Inherent risk factors -> Likelihood & Important Degree -> Inherent Risk Level
24. Control risk refers to the likelihood that a misstatement of an assertion will occur that, alone or in combination with other misstatements, is material but will not be prevented (preventive) or detected and corrected (censorative) by internal controls in a timely manner
25. Inherent risk factors: subjectivity of complex changes, uncertainty of fraud bias + external factors that generate business risks
26. Due to the inherent limitations of control (mainly from human decision-making errors and overriding, other considerations are incompetent, internal control cost-effective principles), control risks always exist
27. When judging which risks are special risks, the offsetting effect of identified controls on related risks should not be considered. ② When identifying and evaluating material misstatement risks, the impact of related controls should be considered, that is, the offsetting effect of controls on related risks should be considered (Assertion level material misstatement risk = inherent risk * control risk)
28. For the identified risk of material misstatement at the assertion level, inherent risk and control risk should be assessed separately; there is no clear requirement at the level of financial statements, which can be assessed separately or combined
29. Certified public accountants can only identify, assess and respond to the risk of material misstatement; the audited entity can reduce the control risk by establishing and improving internal control
30. Usually not all transactions, account balances and disclosures are checked, and for other reasons, it is impossible to reduce the risk of inspections to zero (reasonable assurance); P135 should implement substantive procedures for all significant transactions, account balances and disclosures -> Not for all, so only reasonable assurance
31. The inspection risk depends on the rationality of the audit program design and the effectiveness of the implementation; both P68 sampling risk and non-sampling risk will lead to inspection risk

• = Risk of material misstatement at assertion level (audited entity) * inspection risk (CPA)

1. Inherent limitations of auditing: ①The nature of financial reporting (subjective decision-making, accounting estimates, uncertainty) ②The nature of the degree of auditing (non-provision, fraud, non-compulsory) ③Timeliness and cost-effectiveness to form an audit opinion on the financial statements at reasonable cost)

ch2: audit plan

1. : Preliminary business activities-audit plan (overall audit strategy & specific audit plan)-risk assessment-risk response-completion of audit work-issue of audit report
2. Audit planning, risk assessment and risk response are dynamic cyclical processes, which are constantly adjusted and run through the audit
3. The content of preliminary business activities: ①Consider the other party (quality management procedures, there is no issue of management integrity) ②Look at yourself (evaluate relevant professional ethics -> professionalism and independence) ③Agreement (no misunderstanding)
4. Audit prerequisites = the existence of an acceptable basis for preparing financial reports + the management recognizes and understands the three responsibilities it undertakes (i.e. the prerequisites for performing audit work)
5. Factors to consider when determining the acceptability of the basis for financial reporting include: ①The nature of the entity being audited (enterprise or institution) ②The purpose of financial reporting (general purpose-annual report or special purpose-IPO) ③The nature of financial reporting (single or complete set) ④ laws and regulations
6. The basic content of the audit business book: ①The premise of the audit ②The responsibilities of both parties ③The delivery of the results -> 1. Applicable basis for preparing financial reports 2. Responsibilities of management 3. Responsibilities of certified public accountants 4. Objectives and scope of financial statement audit 5. Expected form and content of the audit report
7. For component and continuous audits, the need to resubmit the audit engagement letter is on a case-by-case basis
8. : The reason for the change is unreasonable (usually reasonable: environmental change & misunderstanding) -> should not agree to the change -> the management does not allow the original audit business to continue -> ① terminate the contract if the law allows ② and determine whether there is an obligation to pay the owner or Regulatory agency report (① and ② considered simultaneously)
9. : ①Audit -> Review (should not be mentioned, there is a misunderstanding) ②Audit -> agreed procedures (can be mentioned, rich content) ③Audit -> other related services (should not be mentioned, the degree of relevance is not high)
10. : Overall audit strategy (scope, plan, direction (materiality), people (quality review))
11. The overall audit strategy guides the formulation of a specific audit plan, which affects the overall audit strategy; among them, the specific audit plan includes: ①Risk assessment procedures (eg determine the nature, timing and scope of the risk assessment procedures) ②Further audit procedures (risk response procedures ) ③Other audit procedures; Among them, further audit procedures include the overall plan (comprehensive plan (control testing combined with substantive procedures), substantive plan (mainly substantive procedures) and specific procedures (control testing, substantive procedures); PS: overall plan ∈ specific audit plan
12. : One or more materiality: only the overall materiality of the financial statements is one; all audit engagements should determine: the overall materiality of the financial statements, the materiality of actual implementation, the threshold of obvious minor misstatement; the materiality of specific categories (when applicable Only determined, lower than the overall, also need to determine the importance of actual implementation)
13. Materiality applies (2023new): (1) in planning and performing audit work, evaluating the impact of identified misstatements on the audit, and the impact of uncorrected misstatements on the financial statements and audit opinions (2) determining the risk assessment process The nature, timing and scope of audit procedures, identifying and assessing the risks of material misstatement (3) determining the nature, timing and scope of further audit procedures
14. : The overall importance of the financial statement is 500W, and the misstatement is 600W->communication and request for correction->if not corrected>500->non-unqualified opinion (audit opinion on the financial statement, considering the overall importance of the financial statement)
15. : Materiality of the financial statement as a whole = benchmark * percentage (disregarding inherent uncertainties associated with specific items): Considerations for selecting a benchmark include:

      ① Elements of financial statements (revenue, assets, profits, expenses)

      ②Whether there are items of special concern to users of financial statements (pharmaceutical company research and development)

      ③The nature of the audited entity, its life cycle stage, and its industry and economic environment

    (Profit or public welfare organization, introduction period (startup period -> total assets, seize share -> operating income) or

      Maturity period (pre-tax profit of recurring business, etc.)

④ Ownership structure and financing method of the audited entity

⑤The relative volatility of the benchmark (substitute for small profits and small losses, and average for fluctuations, excluding unexpected operating characteristics)

/Considerations for choosing a percentage: (influence area, usually 1~5% in practice)

①Whether it is a listed company or a public interest entity

②Scope of users of financial statements

③Whether the audited entity is financed by related parties within the group or has large external financing

④Whether users of financial statements are particularly sensitive to benchmark data

1. Determine the overall importance of financial statements from both qualitative and quantitative aspects. Quantitative refers to the amount and value, and qualitative refers to the degree of influence. For example, although the amount of a certain misstatement is small, the correction of the misstatement will make the audited entity turn from profit to profit. deficit
2. Importance level of special categories: ①Whether laws and regulations or basis of financial reporting affect expectations for specific projects eg related party transactions, management compensation ②key industry-related disclosures eg pharmaceutical companies ③specially focus on separately disclosed businesses Specific aspects of e.g. disclosure of material business combinations, etc.
3. The considerations of actual implementation importance (usually 50%-75% of the whole): ①The nature and scope of the misstatement identified in the previous audit work; ②Knowledge of the audited entity; Expectations made by period error + importance of financial statements as a whole
4. : ① Leniency of 75% (few continuous audit adjustments, low-medium project risk, effective internal control) ② Strict 50% (first entrustment, high risk (high-risk industry, lack of management ability, facing greater market competition pressure or performance pressure) ), continuous audit adjustments, internal control deficiencies)
5. Usually, financial statement items whose amount exceeds the actual implementation importance are selected to be included in the scope of further audit procedures, but there are three cases that should be included even if they are lower than the actual implementation importance: ① Financial statements with a single amount lower than the actual implementation importance The sum of the items may be significant, and the potential misstatement risk after the summation needs to be considered. ②For financial statement items with underestimation risks, further audit procedures cannot be implemented just because the amount is lower than the importance of actual implementation. ③For the identification of fraud Risky financial statement items cannot be excluded from further audit procedures because their amounts are less important than actual performance.
6. Answer template (back): It may be necessary to implement further audit procedures for financial statement items whose amount is lower than the actual implementation importance. Statement items, or financial statement items identified as having a risk of fraud
7. "Obviously minor" is not the same as "not significant"; the threshold of obviously minor misstatement takes into account the scale and nature, and may not be accumulated, but it does not mean that further audit procedures may not be implemented. (The threshold of obviously minor misstatement is usually the overall financial statement 3% to 5% of materiality, usually not more than 10%, unless a higher cut-off is established for reclassification error alone); if not sure, the misstatement cannot be considered significantly minor
8. Considerations for the threshold of apparent minor misstatements: ①The number and amount of misstatements identified in previous audits ②Assessment results of the risk of material misstatement ) ④ Whether the financial indicators of the audited unit barely meet the requirements of the regulatory agency or the expectations of investors (barely)
9. For the misstatement caused by fraud and other circumstances, if the amount is lower than the threshold of obvious minor misstatement, although the misstatement may not be accumulated, the potential impact of fraud should be considered, and further audit procedures should be considered
10. As the level of materiality decreases, the assessed risk of material misstatement will increase, the acceptable inspection risk will decrease according to the audit risk model, and the amount of audit evidence required will increase
11. Determine the tolerable misstatement in the detail test -> not more than the materiality of the actual implementation; determine the acceptable difference amount in the substantive analytical procedures -> not more than the materiality of the actual implementation; determine the financial statement items to be included in the further audit procedures - >Importance of actual execution (but consider aggregation, undervaluation and fraud)
12. As benchmark data -> actual, forecast, budget, historical
13. The misstatement comes from mistakes or fraud; the form of misstatement is inconsistent with the basis of financial report preparation, and the judgment is wrong, which fails to achieve a fair reflection
14. Factual misstatements (mistakes, misunderstandings, omissions, intentional fraud) Judgmental misstatements (accounting estimates and accounting policies) and inferred misstatements (related to audit sampling)
15. Audit sampling -> sampling risk and non-sampling risk both lead to inspection risk -> that is, errors are not found; all misstatements accumulated are communicated to appropriate management and submitted for correction

ch3: audit evidence

1. Specific procedures may only be related to certain determinations, but not to other determinations (letter confirmation and supervision are mainly based on the determination of existence) -> It cannot be based solely on "full provision for bad debts" or "full provision for price decline" It is decided not to confirm the accounts receivable and not to supervise the inventory///Audit evidence for a specific determination cannot replace audit evidence related to other determinations
2. Relevance (influencing factors are test direction and audit procedures) refers to the logical relationship between the information of audit evidence and the purpose of audit procedures, and related determinations. The logical relationship between audit evidence and test objectives or the direct logical relationship between audit evidence and audit objectives
3. The reliability of audit evidence is related to the source, nature (form) and the specific environment in which the evidence is obtained
4. When using information generated by the audited entity, it is necessary to evaluate the completeness and accuracy of such information and to test the effectiveness of the controls related to the preparation of the information P59.
5. The test direction affects the logical relationship between the obtained audit evidence and the test target -> correlation
6. Inquiry (oral or written, internal or external, financial and non-financial information, evaluation of responses) ② Inspection (documentary or physical object) ③ Analytical procedures (between different financial data, between financial data and non-financial data)
7. Whether to implement the confirmation procedure should consider: ①Assessment level of assessment risk of material misstatement ②The determination (relevance) targeted by the confirmation procedure ③Implementation of other audit procedures (alternative) except the confirmation procedure can be considered: ①Confirmed The respondent’s understanding of the matters to be confirmed ②The ability or willingness to expect the reply ③The objectivity of the expected respondent
8. Certified public accountants should implement the exemption from the confirmation procedure for bank deposits (including zero balances and accounts canceled in the current period), loans and other important information (mortgages and pledges, financial products) with financial institutions (principle of materiality, because if you want to The exemption must first be satisfied (not important): There is sufficient evidence to show that a certain bank deposits, loans and other important information with financial institutions are not important to the financial statements, and the risk of material misstatement related to it is very low (important and low risk )
9. Accounts receivable should be subject to confirmation procedures; exemption status: not important (mainly during the opening period or cash sales) or likely to be invalid. If invalid, alternative procedures need to be implemented; if not important, no alternative procedures need to be implemented.
10. The confirmation of accounts receivable does not mean that confirmation of all accounts receivable should be carried out. Certified public accountants can use the audit sampling method; at the same time, when the relevant internal control is effective, the sample size of confirmation of accounts receivable can be reduced/ Sampling methods should not be used for bank confirmations. Even if the relevant internal control is effective, the sample size of bank confirmations should not be reduced (the number of bank accounts is often limited, and bank transaction information is closely related to capital movements)
11. Only when the assessment of the risk of material misstatement is low, the balance sheet date can be set as the cut-off date, and substantive procedures can be implemented for the changes in the items to be confirmed from the cut-off date to the balance sheet date
12. Factors that may affect reliability when designing confirmation letters: (before sending letters)

①The way of confirmation (positive or negative)

②Previous experience in auditing or similar business

③The nature of the proposed corroboration information (overestimated or underestimated risk)

④ Appropriateness of selecting the person to be inquired (whether it is a related party or not)

⑤ Types of information that the inquired are easy to reply to (whether to fill in the balance)

1. Use negative letter confirmation method to satisfy at the same time: low risk, many and small, few mistakes, good character
2. Factors that should be considered when evaluating the reliability of confirmation letters: ① control over the design, issuance, and withdrawal of confirmation letters ② competence, independence, authorization reply of the person inquired, understanding of confirmation items, and objectivity ③ Restrictions imposed by the audited unit or restrictions in the reply letter
3. Filling in the balance or not filling in the balance is helpful to deal with the risk of overestimation of accounts receivable, but filling in the balance is helpful to discover the underestimation of accounts receivable.
4. If it is considered that the management’s request not to implement the letter confirmation is reasonable, an alternative procedure should be implemented; if it is considered unreasonable and blocked from implementing the letter confirmation, it should be deemed that the scope of the audit has been limited, and the possible impact on the audit report should be considered ; When analyzing the reason why the management requires not to implement the letter confirmation, the CPA should maintain professional skepticism and consider: ① whether the management is honest; ② whether there may be major fraud or error; ③ whether the alternative procedures can provide sufficient and appropriate audit evidence
5. The letter of confirmation shall be issued directly by the certified public accountant, and shall not be issued by the audited entity
6. The follow-up letter needs to maintain control over the confirmation letter during the entire process, and at the same time be alert to the risk of collusion between the audited unit and the person to be confirmed//To maintain the entire process control over the letter confirmation
7. The electronic reply should create a safe environment for the reply, verify the source and content of the reply to the inquired -> the reliability of the electronic reply is risky, the certified public accountant and the respondent should adopt certain procedures to create a safe environment for the reply ENVIRONMENT // Oral responses alone are not reliable audit evidence ///Evaluation of the response method
8. Restrictive clauses should be judged whether they affect reliability
9. If no reply to the confirmation inquiry letter is received within a reasonable time, consideration should be given to sending the confirmation inquiry letter to the inquired again if necessary. If no response is received, an alternative procedure should be implemented; The project implements alternative procedures, but some sample projects that have not responded to the letter cannot be selected to implement alternative procedures.
10. When there are ① available corroborating evidence that the management believes that the information can only be obtained from outside the audited unit (a major fire occurred in the audited unit) ② there are specific fraud risk factors, at this time it is sufficient and appropriate to obtain a positive confirmation inquiry letter. If the alternative procedures cannot provide the audit evidence required by the certified public accountant, and if no reply is obtained, the impact on the audit work and audit opinion should be determined.
11. If corroboration is carried out by means of sampling, the CPA should investigate the cause of the misstatement identified in the sample, and infer the misstatement in the population based on the sample misstatement.
12. Analytical procedures should be used for risk assessment procedures (procedure-information-risk-identification), can be used for substantive procedures, and should be used for overall review. ///Substantial procedures include detailed testing (ask observation check and recalculate letter confirmation) and substantive analysis procedures -> in the substantive procedures, who is easy to use for detailed testing and substantive analysis procedures P144 There are exceptions for special risks, if for Special risk substantive procedures, not only substantive analysis procedures
13. Analytical procedures should be used in the risk assessment process, but need not be implemented to understand every aspect of the audited entity and its environment, applicable financial reporting basis and elements of the internal control system. For example, analytical procedures should not be used in understanding internal controls.
14. Considerations in the design and implementation of substantive analysis procedures: ① Applicability to the determinations involved (a large number of predictable, internal logic, whoever is easy to use with detailed tests) ② Reliability of data (source (external independence > IPE) , comparability, nature (original > copy) and relevance, controls related to information compilation) ③ evaluation of the accuracy of predictions (predictability, decomposability, availability of information) ④ acceptable variance ( If it does not exceed the importance of actual implementation, investigate all differences linkP138; if it is acceptable and cannot explain the relevant determination of the financial statements of the audited entity, there must be no misstatement; factors that affect the acceptable difference include: ① materiality ② plan assurance level ③assessed risk of material misstatement)
15. Discrimination between the substantive analysis procedure and the detail test: ①The substantive analysis procedure is not applicable to all financial statement determinations; To a large extent, it is indirect evidence, and its probative power is relatively weak (but compared with risk assessment and overall review, the granularity is finer) ③The substantive analysis procedure is not just a supplement to the detailed test (whoever is easy to use)
16. The overall review (at the financial statement level) uses analytical procedures to determine whether the financial statements as a whole are consistent with what is known about the entity being audited; the risk assessment procedure uses analytical procedures to identify unusual changes that may indicate a risk of material error in the financial statements.

ch4: audit sampling

1. Three basic characteristics of audit sampling: (1) Implement audit procedures for less than 100% of the items in the population (appropriateness) with audit relevance, that is, full investigation does not belong to sampling (2) All sampling units have the opportunity to be selected , but it does not mean that there is an equal chance (3) The sample infers the population (eg the difference between the draw and the reply -> consider the potential scope and severity of the error, and the sample infers the population)
2. Sample representativeness: Under a given risk level, the conclusions drawn by the certified public accountant based on the sample are similar (not identical) to the conclusions obtained by implementing the same audit procedures as the sample for the entire population; relevant factors of sample representativeness: ( 1) The overall sample (2) The incidence of misstatement (3) How to select the sample (unbiased); irrelevant factors: (1) Not related to a single item (2) Not related to the specific nature of the misstatement (abnormal situation) (3) Related to Sample size is irrelevant (increasing number does not improve quality)
3. Applicability of audit sampling: (1) Control testing with operational traces (except IT controls, i.e. manual) (2) Detailed testing in substantive analysis procedures
4. Statistical sampling considers and measures sampling risk, non-statistical sampling considers but cannot measure sampling risk; if non-statistical sampling is properly designed, it can also provide valid results that agree with statistical sampling -> the choice of sampling method mainly considers the principle of cost-effectiveness and uses professional judgment
5. Systematic sampling (start+step*i) population must be randomly arranged; cluster sampling cannot be used in audit sampling; random sampling can only be used in non-statistical sampling
6. Sampling risk in control testing (attribute sampling): under-reliance (efficiency), over-reliance (effect); sampling risk in detail testing (variable sampling): risk of false rejection (efficiency), risk of false acceptance (effect)
7. Compared with sampling risk affecting audit efficiency, CPAs should pay more attention to sampling risk affecting audit effect; whether it is control test or detail test, sampling risk can be reduced by expanding the sample size
8. The sample size and sampling risk change in reverse, full investigation -> there is no sampling risk, that is, sampling risk can be eliminated and can be quantified (statistical sampling); non-sampling risk (human factors, difficult to quantify) cannot be eliminated and quantified; sampling Both risk and non-sampling risk lead to inspection risk; sampling risk does not exist in all audit engagements (eg start-up or small units, audit sampling is not used)
9. The characteristics of the audit sampling population in the control test: appropriateness (direction, relevance), completeness (content and time) and homogeneity (internal control with major changes in the current period, the population should be defined separately before and after the change, eg manual control and automation control)
10. The application of audit sampling in control testing - the main factors affecting the sample size (in principle, the stricter the sample size, the larger): (1) acceptable risk of excessive trust (effect) (2) tolerable deviation rate (reduce or cancel the reliance on internal control), compared with the tolerable misstatement set in the detail test, the CPA usually sets a relatively high tolerable deviation rate for the control test (with the detail test in the background) (3) the estimated overall Deviation rate -> the higher the closer to the tolerable deviation rate -> the stricter -> the larger the sample size (to obtain sufficient and appropriate audit evidence), the effectiveness forecast of the plan evaluation, the lower the determined tolerable deviation rate, ( 4) The overall scale ---> 2 reversible / expected to be the same / the overall scale has little impact
11. Application of Audit Sampling in Control Testing - Considering Sampling Risk: Statistical sampling calculates the upper limit of the overall deviation rate, and the overall deviation rate is acceptable if the overall deviation rate is lower than the tolerable deviation rate; non-statistical sampling requires the overall deviation rate to be much lower than the tolerable deviation rate (more strict)
12. Control deviation does not necessarily lead to the misstatement of the amount in the financial statements, eg the cashier prepares the bank deposit balance reconciliation statement
13. Application of Audit Sampling in Control Testing - Dealing with Bias: (1) Enlarging the sample size to further collect evidence, but if the control bias is caused by systematic bias or fraud, enlarging the sample size is usually ineffective (2) Considering that the control is not operating effectively, the sample The results do not support the planned control operation effectiveness and assessment level of material misstatement risk, thus improving the assessment level of material misstatement risk and increasing substantive procedures for related accounts
14. The characteristics of the audit sample population in the detail test: (1) appropriateness (related to the direction of the detail test) (2) completeness (single major items checked one by one do not constitute the sample population)
15. The sampling unit in a detail test might be an account balance, a transaction or a record within a transaction, or even each monetary unit
16. In traditional variable sampling, the mean method (stratification, easy to use with fewer mistakes), the difference method (more mistakes are easier to use, the misstatement amount is closely related to the number of items) and the ratio method (more mistakes are easier to use, the misstatement amount is closely related to the item amount Relevant, independent of scale, dry goods rate)
17. Currency unit sampling (variable sampling) and traditional variable sampling both belong to statistical sampling; currency unit sampling uses the principle of attribute sampling, so it is also called comprehensive attribute variable sampling; check the logical unit corresponding to the currency unit being sampled; the larger the project amount, The greater the probability of being selected -> suitable for testing overestimated not suitable for testing underestimated
18. Comparison of the characteristics of traditional variable sampling and currency unit sampling: currency unit sampling is like hatred, if no misstatement is expected to exist, the sample size is smaller, if more misstatements are expected, the sample size is larger than traditional variable sampling; currency unit sampling is not suitable for The test is underestimated; currency unit sampling may overestimate the impact of sampling risk; currency unit sampling does not need to consider variability and stratification, traditional variable sampling needs to consider variability and stratification; currency unit sampling is easier to use and design samples is easier, but requires Special consideration for zero or negative balances
19. Application of Audit Sampling in Testing of Controls—Major Factors Affecting Sample Size: (1) Acceptable Risk of Misrejection (Compared to the CPA’s focus on risk of false rejection in testing of controls, CPA’s focus on risk of false rejection in testing of details The degree of attention is usually higher, that is, the efficiency in the detail test > the efficiency in the control test, because the control test is cumbersome and you can directly implement the substantive procedure without doing the control test) (2) Tolerable misstatement (no more than the actual implementation importance) (3) expected population misreporting (4) population size (5) population variability (the lower the population variability, the smaller the sample size)
20. CPAs usually stratify the population according to the amount. Stratification can reduce the variability of items in each stratum, thereby reducing the sample size without a proportional increase in sampling risk; after stratification, each stratum independently selects samples, Aggregate after inferring misstatements separately
21. If the CPA divides the items to be sampled into several strata when designing the sample, the misstatement must be inferred for each stratum separately, and then the amounts inferred for each stratum will be summed to calculate the estimated overall misstatement. The CPA also summarizes all misstatements and inferred misstatement amounts found in individually significant items that are 100% checked
22. Large unit: factual misstatement, that is, the inferred misstatement is equal to the actual misstatement of the logical unit; small unit (representing the entire interval): misstatement percentage * sampling interval (in descending order multiplied by the guarantee coefficient increment)
23. Application of Audit Sampling to Testing of Detail - Considering Sampling Risk

Ch5: The impact of information technology on auditing

1. General controls are designed to ensure the security of information systems and usually contribute indirectly to some or all of the financial statement assertions and, in some cases, may also contribute directly
2. General control of information technology: program development; program change; program and data access (authorization, security); computer operation (fault management); information processing control: ① information processing by information technology applications (automation) ② manual information processing Processing (manual) -> (1) The system automatically generates reports (2) System configuration and account mapping (debt and credit must be equal) (3) Interface control (business-finance linkage) (4) Access and permissions
3. : (1) Regardless of the extent to which the entity being audited uses information technology, the CPA needs to understand the general audit-related information technology controls and information processing controls (that is, it is necessary to understand) (2) If the plan relies on automated information processing controls, For the information generated by the system, etc., it is necessary to test the general control of information technology and determine whether the information processing control is effectively implemented (P140 Automated processing has internal consistency: generally effective + executed = effective control; usually: reasonable design + Consistent execution = effective operation)
4. : ①Evaluate the accuracy and completeness of information ②Test the effectiveness of controls related to the preparation of information
5. : The application of information technology does not change the principled requirements of certified public accountants to formulate audit objectives, conduct risk assessment and understand internal control, but affects audit trails, audit technical means, audit content and required knowledge and skills
6. A complex IT environment does not mean that information systems are complex (12306) and vice versa (3D printing)
7. Data-oriented computer-aided audit technology, including data query, account analysis, audit sampling, statistical analysis, numerical analysis and other methods; the application fields of computer-aided audit technology include substantive procedures (especially analysis procedures), control testing and auxiliary audit fraud check
8. CPAs should understand related spreadsheet controls (2023new)
9. Data analysis: (1) Data analysis extracts data through fields, not the format of records. The quality of analysis depends on the underlying data extracted, analyzed and connected in the correct way. (2) Data analysis tools can improve audit quality. This value comes from The quality of the analysis and corresponding judgments (3) can transform and change the data
10. : IT Outsourcing Arrangements -> Overall Procedures: (1) Understand the controls related to internal control in the service organization and the controls implemented for the activities of the service organization (2) Obtain evidence of the operating effectiveness of the relevant controls; control testing -> (1) Understand the service organization's CPA's report on the effectiveness of the service organization's internal controls or report on the agreed procedures related to the testing of controls (2) test the audited entity's control over the service organization's activities (3) perform control testing on the service organization; obtain external reports -> Evaluate (1) Report the relationship between the test period and the evaluation time (2) Relevance (3) Opinion

ch6: Audit working papers

1. Audit working papers do not include "wrong initial draft", drafted (replaced), preliminary (not comprehensive or preliminary thinking), wrong, repeated; if the original content is modified based on new changes and new situations , in order to fully reflect the audit process, the records before and after the modification belong to the audit working papers that need to be retained, for example, the relevant records of the audit plan, the update and modification of the importance; it should be recorded in the audit working papers. Any major revisions to the plan and justification -> be careful to distinguish between "same event at the same time" and "same event at different times"
2. The purpose of preparing audit working papers does not include: (1) providing evidence for the audited entity involved in litigation (reducing the willingness to respond to letters) (2) facilitating subsequent CPAs to review, extract or copy (3) helping accounting firms Other project teams in the same industry provide references (violation of confidentiality) (4) help the management of the audited unit review and improve the quality of financial statements (violation of independence, affecting the unpredictability of audit procedures)
3. The requirement for preparing audit working papers is to enable experienced professionals (auditing + accounting + industry + business environment) inside or outside the firm who have no contact with the audit project to clearly understand the audit procedures, audit evidence and major audit conclusions
4. Considerations in determining the format, elements and scope of audit working papers include the materiality of the audit evidence obtained, excluding filing period requirements, language, competence and scope of audit procedures
5. Audit working paper elements: ①Title ②Audit process record ③Audit conclusion ④Identification and description ⑤Index number and serial number ⑥Compiler and date ⑦Reviewer and date
6. Audit process records: (1) Identification features of specific items or events, identification features are usually unique, and relevant personnel can trace unique items (eg unique number of documents, time of inquiry, name and position) (2) Major items Professional judgment on relevant major matters ( the records of scattered major events can be summarized in the summary of major events): ①Matters that cause special risks ②The results of the implementation of audit procedures indicate that there may be material misstatements in financial information, or it is necessary to revise the previous Assessment of the risk of misstatement and the countermeasures to be taken ③Circumstances that make it difficult for the certified public accountant to implement the necessary audit procedures (restricted audit scope) ④Resulting in the issuance of modified opinions, paragraphs with emphasized matters, or "major uncertainties related to going concern" Audit report matters in paragraphs such as
7. Short answer questions (identifying features): the recorded identifying features are not unique
8. Audit conclusions: Each part of the audit engagement should contain conclusions related to the results of the audit procedures performed and whether they achieved the stated audit objectives, as well as how exceptions and significant matters identified during the audit procedures were resolved
9. Identification characteristics of supervision: inventory personnel, objects and process of supervision, time and place of supervision, etc.
10. Archiving of audit working papers refers to the organization of audit working papers into final files, which is a transactional work and does not involve the implementation of new audit procedures or new audit conclusions (not involving two new ones).
11. Requirements for archiving audit working papers: (1) within 60 days after the audit report date or within 60 days after the audit business is suspended (3) Audit working papers in electronic and other forms shall be archived together with other paper-based audit working papers, and shall be able to be converted into paper-based audit working papers by printing (referring to the Print)
12. After completing the finishing of the final audit archives, audit working papers of any nature (may be added) should not be deleted or discarded before the expiration of the specified retention period; the situation where it is necessary to change the audit working papers after filing: (1) The certified public accountant has Necessary audit procedures were implemented, sufficient and appropriate audit evidence was obtained, and appropriate audit conclusions were drawn, but the records of the audit working papers were not sufficient (supplementary notes) (2) After the date of the audit report, exceptions were found to require the implementation of new or additional audit procedures, or cause the certified public accountant to draw new conclusions; when changing the audit working papers, it shall record: (1) the reason for modifying or adding the audit working papers (2) the time and personnel for modifying or adding the audit working papers (3) Review time and personnel
13. From the date of the audit report, keep the audit working papers for at least 10 years; from the date of business suspension, keep the working papers for at least 10 years

ch7: Risk assessment

1. CPAs should implement risk assessment procedures (inquiry (inquiry about the internal control implemented by X in the business of X, but only insufficient inquiry), observation (observation of the audited entity's business activities), inspection (inspection of the logic of the system to generate XXX, inspection of internal documents, records and internal control manuals, reading reports prepared by management, etc.), analysis procedures (should be used), walk-through tests (not mandatory)) to understand the audited entity and its environment, applicable financial reporting basis and internal control system The level of understanding of each element/audit plan, risk assessment, and risk response throughout the entire audit process is lower than that of the audited entity
2. Walk-through testing (understanding, not deep enough, a small number of samples -> different from control testing) is the process of tracking the processing of transactions in the financial reporting information system /// to achieve an understanding of business processes and related internal controls; walk-through testing should not be performed , such as a small audited unit or an audited unit whose internal control is still in the construction period, it is not necessary to use the walk-through test
3. Procedure-Information-Risk-Identification: eg Accurate Q&A : Walk-through test->R&D process lacks a staged evaluation link->Misjudgment of the research stage as the development stage->Relationship with the "existence" or "accuracy" of intangible assets, valuation and apportionment" is directly related to
4. Project partners should determine what matters to report to project team members who are not involved in the discussion; project quality reviewers do not participate in internal project team discussions
5. Understand the audited entity and its environment (1) organizational structure, ownership structure and governance structure, business model -> one model three structures (business -> internal factors) (2) industry form, legal environment, regulatory environment and other external factors (Legal Affairs->Executive Law Supervision->External Factors->Focus on major changes compared with the previous period, e.g. sluggish market demand and generation capacity, impact of new products, outdated patents for technological changes, rising raw material costs but declining gross profit margins, revenue The growth rate far exceeds the industry level, etc.) (3) Financial performance measurement standards, including internal and external measurement standards (finance->internal or external factors->focus on whether there is performance pressure leading to fraud) ②Financial report preparation used Basis, accounting policies and reasons for changing accounting policies (internal factors) ③ Elements of the internal control system of the audited unit (internal factors) -> unit environment, standard policies, internal control elements
6. : Three structures: ①Organizational structure (consolidation of financial statements, goodwill, and long-term equity investment accounting) ②Ownership structure (identification of related parties, related party transactions) ③Governance structure (whether supervision is effective); one model: ①Operational activities ( Identification: specific transactions, account balances and disclosures) ②Investment activities (significant changes in business strategy and direction) ③Financing activities (assessment of financing pressure and ability to continue as a going concern)
7. Figure: Different goals and strategies of the company -> Influence (one model + three structures) -> Goals, strategies, and business models may all lead to business risks (inappropriate strategy, environmental changes, people can't do it) -> Most business risks lead to major mistakes Reporting risks (financial statement level and identification level -> note that operational risks will also have a direct impact on the financial statement level -> eg loss of financing opportunities affects continuous operations or new information systems and business processes are difficult to integrate, there may be extensive systemic error) /// egP115, P116 example .
8. : The impact of business risk on the risk of material misstatement: (1) The scope of business risk is wider than the risk of material misstatement of financial statements, and there is no responsibility to understand and identify all business risks (2) Most business risks will eventually lead to the risk of material misstatement, there is no Responsibility for identifying or assessing operating risks that do not materially affect the financial statements
9. Standards and policies guide information to be fairly prepared in financial statements; understanding inherent risk factors helps to understand the likelihood and severity of misstatements -> determine the level of inherent risk Example .
10. Inherent risk factors (qualitative or quantitative): complex (difficult to compile), variable subjectivity (difficult to select), fraudulent bias, uncertain (accounting estimates)
11. Objectives of internal control: ①Reliability of financial reports ②Improvement of operating efficiency and effectiveness ③Compliance with applicable laws and regulations
12. Internal control includes: internal environment, control activities, information system and communication, risk assessment, internal supervision
13. There are inherent limitations in internal control (human decision-making errors, management overriding fraud, insufficient competence, cost-effective principles), so control risks always exist and cannot be eliminated -> Substantive procedures should be implemented for all major transactions, account balances and disclosures
14. CPAs should only understand controls related to auditing (and financial statement preparation); controls mainly include direct control and indirect control: information systems and communication, and control activities are mainly direct controls, which are more likely to affect the risk of material misstatement at the assertion level ; internal Environment, risk assessment and internal supervision are mainly indirect controls, which are more likely to affect the risk of material misstatement at the financial statement level; (main, not absolute)
15. Five types of control activities: authorization and approval, reconciliation, verification, physical or logical control, segregation of duties (purchase and acceptance, accounting and cashier)
16. The purpose of understanding internal control is to evaluate the effectiveness of the control design and whether the control is implemented -> evaluate the effectiveness of the control design and confirm whether the control is implemented; ②The more reliable the test, the more effective the control is expected to perform the control test. Understand the difference between the purpose of internal control and the purpose of control testing. The purpose of control testing is to test the operational effectiveness of relevant internal controls -> test consistent execution, effective execution, and effective operation
17. Analytical procedures should be used in the process of understanding the audited entity and its environment, but it does not mean that every link needs to be used. For example, it is not used in understanding internal control.
18. After the preliminary evaluation of internal control and risk assessment, the conclusions that the certified public accountant usually needs to form in the audit work paper are: ①Whether the design of the control itself is effective; ②Whether the control is implemented; ③Whether to rely on the control and implement the control test
19. The objectives of performing a walk-through test and the available audit evidence: ① confirm the understanding of the business process; ② confirm that the understanding of the relevant transactions is complete, that is, all possible misstatement mitigations related to the assertion have been identified; The accuracy of preventive control and inspection control information in the process ④ Assess the effectiveness of the control design ⑤ Confirm whether the control is implemented ⑥ Confirm the accuracy of the written records made before
20. At the level of financial statements (countries or regions with unstable economies, asset liquidity problems, loss of important customers, limited financing capabilities, lack of competence of the chief financial officer, lack of integrity of the management, etc.), inherent risks and control risks can be assessed individually or in combination; Assertion levels must separately assess inherent risk and control risk
21. The possibility and importance of misstatement are used to comprehensively determine the inherent risk level (qualitative or quantitative). The higher level of inherent risk assessment does not mean that the possibility and importance of misstatement are higher.
22. Special risks: ①at or close to the highest level of inherent risk level ②Auditing standard regulations -> originate from unconventional transactions and judgments (such as fraud)
23. When judging which risks are special risks, the inherent risk factors should be considered, and the offsetting effect of the identified controls on related risks should not be considered. ② When identifying and assessing the risk of material misstatement, the impact of related controls should be considered, that is, the impact of controls on related risks should be considered. risk offsetting effect
24. Should understand the controls related to special risks: (1) For special risks, the auditor should evaluate the design of relevant controls and determine whether they have been implemented (that is, should understand the internal controls related to special risks) (2) If management Failure to implement controls to adequately address particular risks, the auditor should consider internal control deficiencies that warrant attention and consider the impact on the risk assessment.
25. For material misstatement risks (highly automated controls) that cannot be dealt with only by substantive procedures, the design and implementation of relevant controls should be understood and tested in accordance with the requirements of relevant auditing standards -> understanding + implementation of control testing

Ch8: Risk Response

1. Overall countermeasures: ①emphasize maintaining professional skepticism ②assign more experienced auditors ③provide more supervision ④incorporate more unforeseen factors into the selection of further audit procedures (eg extend the cut-off test time for sales and sales returns) ⑤ correct General revisions to the nature, timing, or scope of audit procedures to be performed, including obtaining more extensive audit evidence through the implementation of substantive procedures (internal controls are often weak at the financial reporting level, and control testing is not as effective as substantive procedures), and implementing more extensive audit evidence at the end of the period rather than during the period. audit procedures, increase the number of business locations to be included in the audit scope, etc.
2. (1) The certified public accountant needs to communicate with the senior management of the audited unit in advance, requiring the implementation of unforeseen audit procedures, but cannot inform the specific content (2) The certified public accountant can clearly propose to increase the number of audit procedures when signing the audit engagement letter. Requirements for program unpredictability (note that it is possible)
3. Analytical procedures for immaterial components at the group level are routinely necessary and do not increase the unpredictability of the audit procedure
4. Regardless of whether the CPA chooses a substantive plan or a comprehensive plan, they should design and implement substantive procedures for all major transactions, account balances and disclosures (due to inherent limitations of internal control)
5. Factors to consider when designing further audit procedures (design procedures to control misstatements, and determine that risk measurement is effective): ① The importance of risks, that is, the severity of the consequences caused by risks (inherent risks) ② The possibility of material misstatements (inherent risks) ) ③ characteristics of various transactions, account balances and disclosures involved (identification -> substantive procedures) ④ nature of specific controls adopted (whether highly automated -> control testing) ⑤ whether to obtain audit evidence to determine whether internal control is Effectiveness in preventing or detecting and correcting material misstatements (reliance->testing of controls)
6. Factors to be considered in determining the nature of further audit procedures (the nature of the procedures is the most important, and the results depend on the results): (what procedures) ①Assessment results of the risk of material misstatement at the identified level (high risk -> leaning toward substantive solutions) ②Different audit procedures Effectiveness in addressing specific misstatement risks (relevance of audit evidence to purpose) ③ Causes of material misstatement risks at the assertion level
7. Factors to be considered in determining the timing of further audit procedures: (Procedural time and risk are determined, and evidence is compiled and reported depends on the environment): ① Control environment (weak -> high risk of material misstatement at the reporting level -> end of period) ② When relevant information can be obtained (expected Liabilities -> End of Period) ③Nature of misstatement risk (Closing date of confirmation -> If the risk of material misstatement is low, the deadline can be before the balance sheet date) ④The time or time point when audit evidence is applicable (whether the previous year is valid, whether it is valid in the previous year, The mid-term implementation of the control test has a more positive effect) ⑤ The time for preparing financial statements (some procedures can only be implemented at the end of the period or after the end of the period, such as consolidation, offsetting, reclassification, etc.)
8. Considerations for determining the scope of further audit procedures (the scope of procedures is important to ensure that risks cannot escape): (the stricter the scope, the greater the scope)

       ①Determined level of importance (changes inversely with scope)

       ②Assessed risk of material misstatement (same direction)

       ③Guarantee degree of planned acquisition (same direction)

       ④Audit sampling -> tolerable misstatement or tolerable deviation rate

1. Obtain audit evidence about whether the controls are operating effectively: ①How the controls are operating at relevant points in the audited period ②Whether the controls are implemented consistently ③Who or how the controls are implemented (manual or automated, competent?)
2. Controls should be implemented when there is "expected effectiveness (reasonable design and implementation, intended to rely on internal control, expected effectiveness -> cost-effectiveness & cost reduction and efficiency increase)" or "only implementing substantive procedures is insufficient" (no other way) test
3. For an automated information processing control, due to the internal consistency of the information technology processing process, the auditor can use the audit evidence that the control is implemented and the audit evidence that the information technology general control is operating effectively as support for the control. Significant audit evidence of operating effectiveness during the period.
4. More trust and more testing: When the further audit procedures to be implemented are mainly control testing, a higher level of assurance about the effectiveness of the control operation should be obtained -> high level of assurance -> more audit evidence
5. The impact of the substantive procedure results on the control test results: (1) If the substantive procedure fails to find that a certain determination is misstated, it cannot explain that the relevant control operation is effective (2) If the substantive procedure finds that a certain determination is misstated , the impact on the operational effectiveness of relevant controls should be considered, such as reducing the degree of reliance on relevant controls, adjusting the nature of substantive procedures (such as doing more detailed tests instead of substantive analysis procedures), expanding the scope of substantive procedures, etc. (3 ) linkP131 Substantive procedures uncovering material misstatements that were not identified by the audited entity usually indicate significant deficiencies in internal control, and the auditor should communicate these deficiencies to management and those charged with governance.
6. Consider interim tests of controls implemented: having obtained audit evidence of the operating effectiveness of controls at the interim period, additional audit evidence should be obtained of (1) significant changes to these controls over the remainder of the period (no change for the remainder of the period -> extension; if change , understand and test the impact of changes on interim evidence (2) Supplementary audit evidence that needs to be obtained for the remaining period
7. Consider the tests of controls implemented at the interim: Factors that affect the amount of supplementary evidence for the remaining period: ① Assertion-level risks of material misstatement assessed (same direction) ② Specific controls tested at the interim, and significant changes since the interim test (retested) ) ③ Sufficiency of evidence of control operation effectiveness obtained during the period (reverse) ④ Length of remaining period (same direction) ⑤ Plan to narrow the scope of substantive procedures on the basis of reliance on control (same direction, more trust and more testing) ⑥ Control the strength of the environment (reverse)
8. Consider the audit evidence obtained from previous audits (special risk -> change -> span): (1) For controls designed to mitigate special risk, if the auditor intends to rely on the control that mitigates special risk, regardless of whether there has been a change in the current period, Evidence obtained from previous audits should be relied upon, and the operating effectiveness of these controls should be tested in the current period. Judgment determines whether to test their operational effectiveness during the current audit period, and the period between this test and the previous test, but at least once every three years for controls. PS: All the tests of the control to be relied on should not be concentrated in one audit, and no tests should be performed in the next two audits, that is, the tests should be dispersed.
9. Controls for specific risks and controls that have materially changed during the year should be retested during the year
10. Weakness of the audited entity's control environment shortens the period between tests and does not necessarily result in an inability to rely on evidence obtained from previous audits
11. Influencing factors and changing relations of the scope of control testing: ① degree of trust in control (same direction) ② frequency of control execution (same direction) ③ length of time to trust the effectiveness of control operation (same direction) ④ expected deviation of control (same direction) same direction/ineffective) ⑤ test the scope of evidence obtained from other controls related to the assertion (reverse) ⑥ relevance and reliability of the evidence to be obtained on the operational effectiveness of the controls at the assertion level (reverse)
12. Due to inherent limitations of internal control, the auditor should implement substantive procedures for all material classes of transactions, account balances, and disclosures, regardless of the outcome of the assessed risk of material misstatement.
13. Implement substantive procedures for special risks: ①If the assessed material misstatement risk is considered to be a special risk, the CPA should implement substantive procedures specifically for this risk; ②If only substantive procedures are implemented for special risks, the CPA should use the detailed test , or combine detailed testing with substantive analysis procedures to obtain sufficient and appropriate audit evidence, and substantive analysis procedures cannot be implemented only.
14. Under appropriate conditions, substantive procedures can also be implemented in the middle of the period and extended to the end of the period -> implement further substantive procedures for the remaining period or use a combination of substantive procedures and control tests; except for special risks; the audited entity controls the environment The worse it is, the more substantive procedures should be implemented at or near the end of the period
15. Audit procedures implemented by extending interim audit conclusions for special risks to the end of the period are generally ineffective, and consideration should be given to implementing substantive procedures (for special risks) at or near the end of the period (before or after the end of the period -> e.g. cut-off test) PS : should be considered rather than should be
16. Audit evidence obtained in previous periods has little or no evidentiary force for the current period and is not sufficient to address the risk of material misstatement for the current period, and the auditor should implement substantive procedures for all material account balances, transactions and disclosures
17. Factors affecting the timing of substantive procedures: ① control environment ② availability after the interim period ③ purpose of substantive procedures ④ risk of material misstatement assessment ⑤ nature of specific types of transactions, account balances and related assertions Whether to reasonably extend the interim audit evidence to the end of the period
18. Influencing factors of the scope of substantive procedures: ①Material misstatement risk at the level of assessment (same direction -> higher risk and stricter - larger scope) ② Results of control testing (effective internal control -> narrowing the scope of substantive procedures)

ch9: Audit of sales and collection cycle

1. : ch9~ch12->understanding->identification and evaluation->response (control test and substantive procedures)
2. Separation of responsibilities between the sales department and the credit management department. For the credit sales business, it is approved by the credit management department -> "accuracy, valuation and allocation" of accounts receivable, otherwise there is a risk of bad debts
3. Personnel not responsible for cash registers, sales and accounts receivable bookkeeping regularly send statements to customers and investigate discrepancies (investigate discrepancies)
4. When identifying and assessing the risk of material misstatement related to revenue recognition, the CPA should evaluate which types of revenue, revenue transactions or assertions lead to fraud risk based on the assumption that there is a risk of fraud in revenue recognition; if the assumption that there is a risk of fraud in revenue recognition Not applicable, the reasons should be recorded in the audit working papers (eg start-up period)
5. Assuming that there is a risk of fraud in revenue recognition does not mean that the certified public accountant should assume that there is a risk of fraud in all determinations related to revenue recognition, otherwise the soul of professional judgment will be lost; different audited entities have different motives and pressures for the management to implement fraud , the specific identifications involved in the risk of fraud are also different, and must be analyzed in detail, and it cannot be generally considered that a certain identification has a risk of fraud.
6. Assessing the risk of material misstatement at the level should evaluate the inherent risk (inherent risk factors -> possibility and importance of misstatement -> inherent risk level) and control risk
7. The more you trust, the more you test, and if you don’t test, you don’t pay attention; if you plan to test the operational effectiveness of the relevant controls in the sales and collection cycle, the CPA should evaluate the control risk -> plan to test and then evaluate ; if you do not plan to test the effectiveness of the control operation, then The result of the assessment of the inherent risk is the result of the assessment of the risk of material misstatement
8. Practical case ! ! ! ! +P156 Comprehensive questions
9. : ① For the performance obligations to be fulfilled in the future, one-time confirmation of revenue or reward points awarded to customers by the audited unit, but no transaction price apportionment to reward points -> recognition of operating income and completeness of contract liabilities ② When the government restricts the selling price of commodities, the audited entity recognizes the price difference subsidy as a government subsidy instead of operating income -> operating income classification recognition, other income classification recognition ③ intermediary, e-commerce platform, entrusted processing business -> net amount should be used ④ The audited entity carried out factoring and discounting business, and with the right of recourse, terminated the confirmation of accounts receivable -> the integrity of accounts receivable and the integrity of short-term loans
10. Rules of internal control testing procedures: ①IT: Check the logic of XXX generated by the system ②Manual: Inquire about the internal control implemented by X in X business, but only insufficient inquiry; inspection is insufficient for formal inspection and signature
11. Substantive procedures for main business income: reverse check and sequential check (main business income sub-ledger, delivery order (especially the customer's receipt copy)) + cut-off test (the path applicable to professional judgment, and the two paths can also be used together) + Extended inspection (to deal with fraud)
12. Cut-off test: (1) Select the outbound receipts (especially customer receipt -> transfer of control, not sales invoices) of several days before and after the balance sheet date, and check with the main business income sub-ledger; at the same time, from Select the vouchers of several days before and after the balance sheet date for the sub-account of main business income, and check with the outbound order to determine whether there is any intertemporal phenomenon in sales. (2) Review the level of sales and shipments before and after the balance sheet date, determine whether the level of business activity is abnormal, and consider whether it is necessary to additionally implement the cut-off test procedure -> extend the time -> increase the unpredictability of the audit procedure (the end of the year is fraudulent High-incidence period) (3) Obtain all sales return records after the balance sheet date, and check whether there is any early recognition of revenue Obtain the sales approved by the other party
13. Accounts receivable (usually positive confirmation) should be subject to confirmation procedures (exemption: immaterial or likely to be invalid), and if the confirmation is considered to be likely to be invalid, an alternative audit procedure should be implemented
14. Implement alternative procedures for unresponsive accounts receivable items: (1) Check collection after the period (you can’t just check the credit amount (recovery status) of accounts receivable, the key is to check the corresponding bank entry statement) (2) Check the original voucher (the most important thing is to prove the income -> the receipt signed by the customer) (3) check the mail, etc.
15. Inconsistencies->Investigation->Misstatement or non-misstatement->Explanation by the audited unit->Only inquire about insufficiency+observation inspection->If misstatement, submit for correction
16. If the replies do not match, there may not necessarily be a misstatement eg1. The customer has paid, but the company has not received it; 2. The goods are in transit, but the customer has not received them; goods back and forth)

ch10: Audit of the procurement and payment cycle

1. Purchasing and acceptance should be segregated, and acceptance and storage should be segregated
2. If the supplier’s invoice has not been received at the end of the month, the financial department needs to estimate the relevant liabilities based on the acceptance sheet and the purchase order (the delivery ticket has not arrived) -> determine the integrity of inventory and accounts payable
3. Practical case ! ! !
4. Due to untimely write-off, the balance of employee reserve funds of management personnel or sales personnel of the audited unit increased significantly at the end of the year -> other receivables (existence), management expenses and sales expenses (completeness)
5. Selling houses to executives at a low price (non-monetary employee benefits), but the minimum service period has not been stipulated, but the audited unit amortizes the expenses within the expected retirement period -> management expenses (completeness), long-term prepaid expenses (existence )
6. The audited entity canceled the share payment plan (equity settlement), but did not carry out accelerated vesting process -> management fee (completeness), capital reserve (completeness)
7. The audited unit did not accrue the product quality guarantee deposit, or after extending the warranty period, did not increase the accrual ratio accordingly -> sales expenses (integrity), estimated liabilities (integrity)
8. When the audited entity recognized the investment income of the joint venture, it did not offset the unrealized internal transaction gains and losses in the upstream and downstream transactions -> long-term equity investment (accuracy, valuation and allocation), investment income (accuracy)
9. Comprehensive question ! ! !
10. The approval and entry of supplier information revisions should achieve separation of duties; procurement and acceptance, acceptance and storage, procurement and storage should achieve separation of duties
11. The confirmation of accounts payable is not a procedure that "should" be implemented, because the risk of material misstatement related to accounts payable is often manifested as an underestimated risk, and the proof of the risk by relying on the confirmation procedure is relatively limited; at the same time, the implementation of Confirmation can be checked forward (completeness) or reversed (existence), and the specific path depends on the audit objective
12. Implement substantive procedures on accounts payable: (1) Since the more common risk of material misstatement in the procurement and payment cycle is the underestimation of accounts payable (accounts payable is not recorded), the CPA may need to Obtain an appropriate list of suppliers from the non-financial department (purchasing department) (sequence check->completeness->response to underestimation->discover unrecognized accounts payable outside the account), such as the current procurement list, all existing supplier lists etc., select samples for testing; (2) maintain full process control over the confirmation inquiry letter (3) compare the balance of the confirmation inquiry letter with the recorded amount, and check the supporting documents if there is any discrepancy (4) check all unanswered items Implement alternative procedures such as checking payment documents, purchasing documents (purchase orders, acceptance notes, invoices and contracts)
13. Reverse (most likely to be rewritten): Check whether the accounts payable has been included in the correct accounting period, and whether there are unaccounted accounts payable: (1) Increase or decrease of accounts payable in the current period (decrease -> check payable (2) Check the corresponding vouchers for the amount of the credit side of the accounts payable after the balance sheet date , pay attention to the date of the acceptance form and the purchase invoice, and confirm Whether the entry time is reasonable (may be delayed) (3) Obtain and check the account statement between the audited unit and its suppliers and the difference adjustment table prepared by the audited unit to determine the accuracy of the balance of accounts payable (there may be supplier (4) Check the bank statement and related payment vouchers for payment items after the balance sheet date , and ask internal or external personnel of the audited unit to find out whether there are accounts payable that have not been recorded in time (accounts payable Sometimes the audit unit may not confirm the accounts payable on the balance sheet date, but pay the arrears directly through bank transfers on the payment deadline in the future, so as to achieve the effect of clearing money and goods without debt ) (5) Combined with inventory supervision Check the inventory entry data (receipt form) of the audited unit before and after the balance sheet date , and check whether the relevant liabilities have been included in the correct accounting period (the day before -> find out whether there is no receipt of goods and unconfirmed inventory and Accounts payable; in the future -> whether there are items in transit that are not recognized thereby underestimating inventory and accounts payable)

• The reverse investigation of "accounting by certificate" is mainly directly related to the existence of accounts payable

ch11: Audit of production and inventory cycle

1. Practical case ! ! !
2. The audited unit deducted the sample income from the trial run against the cost of the production line -> fixed assets (accuracy, valuation and allocation), operating income and operating costs (completeness)
3. Received government subsidies related to the production line, the audited entity adopted the gross method, but included it in profit and loss at one time -> other income (incurrence), deferred income (completeness)
4. Comprehensive question
5. Inventory surveillance (obtaining audit evidence about the quantity and condition of inventory) can be used as a control test (observing the process of the audited entity's inventory (accuracy, valuation and apportionment) whether the inventory is depreciated, rights and obligations (ownership issues) determination to provide part of the audit evidence
6. If the inventory is important to the financial statements (eg manufacturing companies), it should (1) implement the supervision procedure at the inventory counting site (necessary procedure, unless it is not feasible -> if not feasible, an alternative procedure should be implemented) (2) for the ending inventory Documented implementation of audit procedures to determine whether they accurately reflect actual inventory count results
7. The certified public accountant may decide to only use inventory monitoring as a substantive procedure, which is more in line with the cost-effective principle
8. Inventory, review and compilation of inventory of the audited unit, CPA supervision, drawing and preparation of supervision work papers; CPAs should not perform the duties of the management on behalf of the management, otherwise the independence and unpredictability will be damaged
9. Certified public accountants should understand the internal control of the audited entity related to inventory
10. CPAs generally need to review or discuss their inventory counting procedures with the management; if they believe that the audited entity’s inventory counting procedures are deficient, the CPAs should request the audited entity to adjust
11. If the inventory count is carried out on a date other than the financial statement date, the certified public accountant shall implement other audit procedures in addition to the audit procedures related to inventory surveillance to obtain audit evidence and determine the inventory changes between the inventory count date and the financial statement date Is it being properly documented (check stock coming in and going out during this period and related documentation)
12. On the basis of obtaining a complete list of inventory storage locations (IPE), the certified public accountant can select an appropriate location for supervision according to the importance of storage in different locations and the assessment results of the risk of material misstatement related to inventory at each location, and Document the reasons for selecting these locations (to avoid lapses and risk of fraud); considering the risk of fraud, the CPA may decide to conduct surveillance of inventory at specific storage locations without prior notice, or at all storage locations on the same day Supervise inventory (on the basis of coordination, the location of supervision should not be temporarily modified due to management reasons)
13. The goal of inventory supervision (back): to obtain audit evidence on the quantity and status of the inventory on the balance sheet date and the reliability of the inventory counting procedures of the management, to check whether the quantity of the inventory is true and complete, whether it belongs to the audited unit, whether the inventory is Damaged, obsolete, obsolete, defective and shortage conditions
14. After the implementation of the observation procedure, if it is considered that the internal control design of the audited entity is well-designed and effectively implemented, and the inventory count is well-organized, the scope of the implementation of the draw-out procedure can be reduced accordingly
15. Inventory monitoring procedures (back): ①Evaluate the management’s instructions and procedures for recording and controlling the inventory count results ②Observe the implementation of the inventory count procedures formulated by the management ③Check the inventory Correction by the audit unit; and consider the potential scope and significance of the misstatement, if possible, expand the scope of inspection to reduce the occurrence of errors, that is, it is necessary to infer the population based on the sample; the audited unit can also be required to re-count)
16. Inventory measured by scales: ① Check the accuracy of the scales ② Combine the inspection and re-weighing procedures to check the conversion of weighing scales
17. Two-way drawing: When testing the inventory count results, the certified public accountant should select items from the inventory count records to trace to the physical inventory, and select items from the physical inventory to trace to the inventory records, so as to obtain the accuracy and completeness of the inventory records. Audit Evidence (IPE does not refer to assertions) (inventory records not statement items)
18. After inventory counting: Obtain and check the number records of filled, obsolete and unused inventory counting forms, determine whether they are serially numbered, find out whether all issued forms have been taken back, and check with the summary records of inventory counting
19. The ownership of the inventory consigned by a third party and the inventory that has been confirmed for sale but has not yet been shipped out of the warehouse does not belong to the audited entity and should not be included in the scope of inventory supervision
20. It is infeasible and unforeseeable to carry out inventory monitoring at the inventory counting site: ① Infeasible (caused by factors such as the nature of the inventory and storage location, for example, the inventory is stored in a location that poses a threat to the safety of certified public accountants eg radiation leakage, source of infection) -> An alternative procedure should be implemented -> if the alternative procedure is not feasible, consider issuing a non-unqualified opinion as required ② Unforeseeable: force majeure factors make it impossible to reach, implement or observe -> select another date for monitoring and audit transactions during the interval program
21. For the audit procedure of the inventory kept or controlled by the third party, pay special attention to the application of the confirmation procedure -> confirm the quantity and status of the inventory to the third party holding the inventory of the audited unit + other audit procedures (if feasible, supervision, Check the warehouse list, consider the reasonableness of the third party to keep the inventory, etc.)

Ch12: Audit of Monetary Funds

1. Cashiers are not allowed to concurrently perform audit work such as the preparation of bank deposit balance adjustment tables, accounting file storage, and account registration of income, expenditure, expenses, and creditor's rights and debts
2. Ask XXXX about the internal controls implemented in XX business; check the logic of the system to generate XXX
3. If the certified public accountant may judge based on the results of the risk assessment that it is not necessary to perform a control test on the cash inventory, and only implement substantive procedures (whether it is inventory monitoring or cash inventory monitoring , it may be used for control testing or control based on the assessed risk of material misstatement). substantive procedures, or both)
4. Inventory cash supervision: the cash teller and the accounting supervisor of the audited unit must participate, and the certified public accountant will conduct the supervision; the scope of supervision is generally all the cash managed by the various departments of the audited unit
5. Supervision time: (1) Check the stocktaking plan formulated by the audited unit to determine the stocktaking time (coordination). It is best to conduct a surprise inspection on the supervision of cash on hand, and the best time is to choose before going to work in the morning or when you get off work in the afternoon . Implement supervision
6. Perform audit procedures on the integrity of bank accounts: (1) Accompanied by corporate personnel, certified public accountants go to the People's Bank of China or the basic deposit account opening bank to inquire and print the "List of Bank Settlement Accounts Opened", and observe the bank staff's inquiries, Printing process, and check whether the bank RMB settlement account recorded in the books of the audited entity is complete (2) Combined with other detailed tests, pay attention to whether the bank account for receiving and paying in the original document is included in the list of opened bank accounts obtained by the certified public accountant
7. Two-way verification of bank statements and bank deposit journal records of the audited entity
8. Obtain and check the bank statement: (1) Obtain the bank statement with the bank seal of the audited unit. The certified public accountant should be alert to the authenticity of the bank statement. Control the whole process and stay alert to signs of fraud risk (2) Check the obtained bank statement balance with the bank journal balance. Check the statement and the bank confirmation letter to confirm whether they are consistent
9. Obtain and check the bank deposit balance adjustment table: (1) Check whether the adjusted bank deposit journal balance is consistent with the bank statement balance (2) Check whether the adjustment items have reasonable business reasons and signs of fraud -> the enterprise has not received cash, the enterprise Unpaid bank payment: check the bank statement after the period ; the bank has not received the enterprise, and the bank has not paid the enterprise: confirm whether there is a deadline for misreporting (3) pay attention to long-term unpaid accounts, and check whether there are misappropriation of funds and other matters (4) Pay special attention to payment abnormalities such as bank-payment and enterprise -payment , and enterprise-payment and bank-payment , and confirm whether there is any fraud (PS: failure of the handling personnel to enter the account in time is not an unpaid account)
10. Unpledged fixed deposit -> check the original account opening certificate to prevent the copy provided by the audited unit from being a copy of the original before being pledged or withdrawn
11. For the time deposits that have been pledged, check the copy of the time deposit certificate and check it with the corresponding pledge contract ; the relevant information of the time deposit should be confirmed by letter For time deposits, check and check the corresponding payment vouchers, bank statements or online banking records, etc.\\\\Analyze the rationality of interest income