You are here: Get Started > Audit US > Audit US - Audit Map

Audit US - Audit Map

The following table divides the audit process into steps. Its purpose is to provide practitioners with a simple road map for performing an audit. Note that the references to US GAAS and engagement forms are not comprehensive. In addition, this table does not specifically address all AU-C sections.

Planning and Risk Assessment Phase

# Description of audit step Relevant AU-C Audit US forms
1. Performing preliminary engagement activities - -
a) Consider your overall responsibilities when conducting an audit. 210 405
b) Perform client acceptance/continuance procedures required by AU-C 210. 210 405
c) Evaluate compliance with relevant ethical requirements, including independence. 210 405, 408
d) Understand the terms of the engagement, and obtain a signed engagement letter. 210 415
e) Make required communication with those charged with governance. 260 505
f) Consider the need for an engagement quality control review. 220 405
g) Perform other required planning procedures, including obtaining an understanding of the entity. 300, 315 505
2. Determine materiality - -
a) Determine materiality for the financial statements as a whole (overall materiality). 320 420
b) Determine performance materiality based on known risks. 320 420
3. Plan the risk assessment procedures to be performed - -
a) Use materiality to identify materiality (or potentially material) financial statements areas and disclosures and to assess the identified risks, risk of material misstatement due to fraud, and possible noncompliance with laws and regulations that might have a material effect on the financial statements. 320, 240, 250 FSA
b) Ask management about major changes (e.g., operations, systems, financing, people) and challenges (e.g. cash flow, regulations, competition, resources and staffing) faced since the last audit. 315 505
c) Obtain the most recent financial report or trial balance, and perform an analytical review. 315 515
d) Hold a team discussing involving the engagement partner and key team members to: - -

i. Orient the team members with an overview of entity operations, risk factors and key people.

300, 315 450

ii. Identify any issues relating to the applicable financial reporting framework to be used.

315 450

iii. Consider the susceptibility of financial statements areas and disclosures to material misstatement including fraud.

315 450

iv. Identify and plan the risk assessment procedures needed to identify/assess risk of material misstatement in the financial statements (Steps 4 to 6).

315 425, 505

e) Summarize the results of planning an overall audit strategy that specifies:

- -

i. Engagement requirements, time frames and team composition.

300 430

ii. Scope, timing and direction of the audit.

300 430

iii. Key risk factors identified and how they will be addressed.

300 430
f) If appropriate, communicate the planned scope/timing of the audit to management/those charged with governance or wait until Step 9 has been completed (when the risks of misstatement will have been identified and assessed). 260 431
4. Perform risk assessment procedures to identify/assess ENTITY - SPECIFIC risks and controls

(Consider the nature of operations, major changes, state of the economy, competition, financing, business plans, fraud, regulation, litigation, entity organization, governance and personnel.)

Use the risk assessment procedures to first identify the source of risks. Then for each source of risk:

- -
a) Identify the nature of the financial statements misstatement(s) that could occur and whether the risk is entity level (i.e., affects multiple assertions) or can be assigned to specific financial statements assertions. 315 560-7
b) Ensure the required risk assessment procedures (as specified in U.S. GAAS) are performed (such as for fraud, laws, and regulations, estimates, related parties, and going concern). 240, 250, 540, 550, 570 525, 530, 545, 547, 556
c) Assess the liklihood/magnitude of potential misstatements and whether they are significant risks. 315 560-7
d) For assessed risks where a material misstatement could occur:

i. Inquire (regarding one risk at a time) about relevant internal controls (if any) to treat the risk.

315 560-7

ii. If relevant controls exist, evaluate their design and implementation.

315 560-7
5. Perform risk assessment procedures to identify assess ENTITY LEVEL (PERVASIVE) risks and controls

(Consider management integrity and attitudes, governance, competence, potential for fraud, entity risk management, financial statements preparation, general IT activities and control monitoring)

Use the risk assessment procedures to identify and assess entity level (pervasive risks). For each entity level (pervasive risk) that applies:

- -
a) Inquire (regarding one risk at a time) about relevant internal controls (if any) to treat the risk. 315 565, 566
b) If relevant controls exist, evaluate their design and implementation. 315 565, 566
6. Perform risk assessment procedures to identify/assess TRANSACTIONAL risks and controls

For each major business process/cycle (revenues, purchases, payroll, etc.), identify what transactional risks could result in a material misstatement. For each transactional risk that applies:

- -
a) Inquire (regarding one risk at a time) about relevant internal controls (if any) to treat the risk. 315 570-582
b) If relevant controls exist, evaluate their design and implementation. 315 570-582
7. Conclude the risk assessment phase

Review and summarize the findings from performing Steps 4 to 6.

- -
a) Assess the Risks of material misstatement at the financial statements level (entity level/pervasive risks) and the assertion level (transactional risks). 315 FSA
b) Communicate significant deficiencies and material weaknesses in internal control to management and those charged with governance. 265 770, 777

Risk Response Phase

# Description of audit step Relevant AU-C Audit US forms
8. Design appropriate responses to the assessed risks

Review the assessed risks identified and summarized in the risk assessment phase.

-
a) Revise performance materiality for changes to assessed risks or for new risks identified. 320 420

b) Consider the need for a team discussion with the engagement partner and key team members to:

300 450

i. Revisit possible fraud risk scenarios, and determine the appropriate audit responses.

240 455

ii. Determine how best to respond to assessed risks at the financial statements and assertion levels.

240 FSA, 560-7
c) Customize (e.g., delete, revise or add) standard audit procedures to ensure work effort is directed toward high-risk areas and away from low-risk areas. - 430
d) Ensure the audit plan addresses material financial statements areas and disclosures; significant risks; significant control deficiencies; material weaknesses, going-concern uncertainties; related-party transactions; estimates; litigation, claims, assessments and noncompliance; use of journal entries; and subsequent events. - 450, 645, 650, 655, 665, 670
9. Finalize the audit plan - -
a) Finalize the overall response to assessed risks at the financial statements level (including fraud). 330 FSA
b) Finalize the plan for further audit procedures that respond to assessed risks at the assertion level. 330 A-UU, 1000-6000
c) Update the overall audit strategy started from Step 3. 300 430
d) Communicate the planned scope/timing of the audit to management/those charged with governance and material weakness and significant deficiencies in internal control identified (if not already communicated in Step 3). 265 431
10. Perform the planned (customized) procedures - -
a) Ensure all relevant audit evidence has been considered. 330 -
b) Ensure the financial statements agree or reconcile with the underlying accounting records. 330 -
c) Document the results of procedures and discussions of significant findings or issues with management/those charged with governance, including significant judgments made and conclusions reached. 230 725, 745
d) Ensure that sufficient appropriate audit evidence has been obtained. 330 -
11. Evaluate the evidence obtained - -
a) Perform a review of audit documentation and financial statements by someone other than the preparer. 220 -
b) Ensure the initial assessments of Risks of material misstatement at the financial statements and assertion levels remain appropriate. If not, document the reasons and any revisions to the audit procedures performed. 330 FSA/560-7
c) Consider whether the nature and circumstances of identified misstatements indicate that other misstatements may exist. If so, document any additional procedures performed. 450 700

Reporting Phase (forming an opinion)

# Description of audit step Relevant AU-C Audit US forms
12. Communicate with management/those charged with governance - -
a) Ensure identified misstatements have been communicated to management/those charged with governance along with a request for their correction. 450 700, 782-2
b) Document the reasons of management/those charged with governance for not making corrections and the impact on the audit opinion. 450 700
c) Communicate significant audit findings or issues to management/those charged with governance. 260 745, 775
d) Communicate any significant deficiencies and material weaknesses (not already reported) in internal control. 265 770
e) Evaluate the adequacy of the two-way communication with those charged with governance. 260 -
f) Evaluate the adequacy of the audit evidence obtained. 500, 501, 505 -
g) Obtain written management representations as of the date of the audit report. 580 780
13. Complete the audit file (including file reviews and an engagement quality control review, where applicable) - -
a) Ensure the financial statements have been prepared, in all material respects, in accordance with the requirements of the applicable financial reporting framework and documentation is complete. 330 710, 785
b) Ensure the significant judgments made and conclusions reached are appropriate. - 725
c) Evaluate the impact of any remaining uncorrected misstatement(s) on the audit opinion. 450 700
d) Perform final analytical procedures to corroborate the conclusions formed on financial statements components. 520 660
e) Update subsequent events work to the date of the audit report. 560 655
f) Ensure any review comments on file have been cleared. 220 -
g) Ensure all the required approvals to release the audit report have been obtained. - 730
h) Determine the date for final assembly of the engagement file (as per the policy in the firm’s quality assurance manual). 230 -
14. Form an audit opinion - -
a) Ensure reasonable assurance has been obtained regarding whether the financial statements are free from material misstatement due to fraud or error. 200 -
b) Express an opinion on the financial statements in accordance with the audit findings. 700 715
c) Sign/date the audit report after obtaining evidence of financial statements approval by the recognized authority. 700 -

This online help system applies to all CaseWare Audit, Review and Compilation products. Not all features are available in all products.