Audit US - Audit Map
The following table divides the audit process into steps. Its purpose is to provide practitioners with a simple road map for performing an audit. Note that the references to US GAAS and engagement forms are not comprehensive. In addition, this table does not specifically address all AU-C sections.
Planning and Risk Assessment Phase
| # | Description of audit step | Relevant AU-C | Audit US forms |
|---|---|---|---|
| 1. | Performing preliminary engagement activities | - | - |
| a) Consider your overall responsibilities when conducting an audit. | 210 | 405 | |
| b) Perform client acceptance/continuance procedures required by AU-C 210. | 210 | 405 | |
| c) Evaluate compliance with relevant ethical requirements, including independence. | 210 | 405, 408 | |
| d) Understand the terms of the engagement, and obtain a signed engagement letter. | 210 | 415 | |
| e) Make required communication with those charged with governance. | 260 | 505 | |
| f) Consider the need for an engagement quality control review. | 220 | 405 | |
| g) Perform other required planning procedures, including obtaining an understanding of the entity. | 300, 315 | 505 | |
| 2. | Determine materiality | - | - |
| a) Determine materiality for the financial statements as a whole (overall materiality). | 320 | 420 | |
| b) Determine performance materiality based on known risks. | 320 | 420 | |
| 3. | Plan the risk assessment procedures to be performed | - | - |
| a) Use materiality to identify materiality (or potentially material) financial statements areas and disclosures and to assess the identified risks, risk of material misstatement due to fraud, and possible noncompliance with laws and regulations that might have a material effect on the financial statements. | 320, 240, 250 | FSA | |
| b) Ask management about major changes (e.g., operations, systems, financing, people) and challenges (e.g. cash flow, regulations, competition, resources and staffing) faced since the last audit. | 315 | 505 | |
| c) Obtain the most recent financial report or trial balance, and perform an analytical review. | 315 | 515 | |
| d) Hold a team discussing involving the engagement partner and key team members to: | - | - | |
|
i. Orient the team members with an overview of entity operations, risk factors and key people. |
300, 315 | 450 | |
|
ii. Identify any issues relating to the applicable financial reporting framework to be used. |
315 | 450 | |
|
iii. Consider the susceptibility of financial statements areas and disclosures to material misstatement including fraud. |
315 | 450 | |
|
iv. Identify and plan the risk assessment procedures needed to identify/assess risk of material misstatement in the financial statements (Steps 4 to 6). |
315 | 425, 505 | |
|
e) Summarize the results of planning an overall audit strategy that specifies: |
- | - | |
|
i. Engagement requirements, time frames and team composition. |
300 | 430 | |
|
ii. Scope, timing and direction of the audit. |
300 | 430 | |
|
iii. Key risk factors identified and how they will be addressed. |
300 | 430 | |
| f) If appropriate, communicate the planned scope/timing of the audit to management/those charged with governance or wait until Step 9 has been completed (when the risks of misstatement will have been identified and assessed). | 260 | 431 | |
| 4. | Perform risk assessment procedures to identify/assess ENTITY - SPECIFIC risks and controls
(Consider the nature of operations, major changes, state of the economy, competition, financing, business plans, fraud, regulation, litigation, entity organization, governance and personnel.) Use the risk assessment procedures to first identify the source of risks. Then for each source of risk: |
- | - |
| a) Identify the nature of the financial statements misstatement(s) that could occur and whether the risk is entity level (i.e., affects multiple assertions) or can be assigned to specific financial statements assertions. | 315 | 560-7 | |
| b) Ensure the required risk assessment procedures (as specified in U.S. GAAS) are performed (such as for fraud, laws, and regulations, estimates, related parties, and going concern). | 240, 250, 540, 550, 570 | 525, 530, 545, 547, 556 | |
| c) Assess the liklihood/magnitude of potential misstatements and whether they are significant risks. | 315 | 560-7 | |
| d) For assessed risks where a material misstatement could occur: | |||
|
i. Inquire (regarding one risk at a time) about relevant internal controls (if any) to treat the risk. |
315 | 560-7 | |
|
ii. If relevant controls exist, evaluate their design and implementation. |
315 | 560-7 | |
| 5. | Perform risk assessment procedures to identify assess ENTITY LEVEL (PERVASIVE) risks and controls
(Consider management integrity and attitudes, governance, competence, potential for fraud, entity risk management, financial statements preparation, general IT activities and control monitoring) Use the risk assessment procedures to identify and assess entity level (pervasive risks). For each entity level (pervasive risk) that applies: |
- | - |
| a) Inquire (regarding one risk at a time) about relevant internal controls (if any) to treat the risk. | 315 | 565, 566 | |
| b) If relevant controls exist, evaluate their design and implementation. | 315 | 565, 566 | |
| 6. | Perform risk assessment procedures to identify/assess TRANSACTIONAL risks and controls
For each major business process/cycle (revenues, purchases, payroll, etc.), identify what transactional risks could result in a material misstatement. For each transactional risk that applies: |
- | - |
| a) Inquire (regarding one risk at a time) about relevant internal controls (if any) to treat the risk. | 315 | 570-582 | |
| b) If relevant controls exist, evaluate their design and implementation. | 315 | 570-582 | |
| 7. | Conclude the risk assessment phase
Review and summarize the findings from performing Steps 4 to 6. |
- | - |
| a) Assess the Risks of material misstatement at the financial statements level (entity level/pervasive risks) and the assertion level (transactional risks). | 315 | FSA | |
| b) Communicate significant deficiencies and material weaknesses in internal control to management and those charged with governance. | 265 | 770, 777 |
Risk Response Phase
| # | Description of audit step | Relevant AU-C | Audit US forms |
|---|---|---|---|
| 8. | Design appropriate responses to the assessed risks
Review the assessed risks identified and summarized in the risk assessment phase. |
|
- |
| a) Revise performance materiality for changes to assessed risks or for new risks identified. | 320 | 420 | |
|
b) Consider the need for a team discussion with the engagement partner and key team members to: |
300 | 450 | |
|
i. Revisit possible fraud risk scenarios, and determine the appropriate audit responses. |
240 | 455 | |
|
ii. Determine how best to respond to assessed risks at the financial statements and assertion levels. |
240 | FSA, 560-7 | |
| c) Customize (e.g., delete, revise or add) standard audit procedures to ensure work effort is directed toward high-risk areas and away from low-risk areas. | - | 430 | |
| d) Ensure the audit plan addresses material financial statements areas and disclosures; significant risks; significant control deficiencies; material weaknesses, going-concern uncertainties; related-party transactions; estimates; litigation, claims, assessments and noncompliance; use of journal entries; and subsequent events. | - | 450, 645, 650, 655, 665, 670 | |
| 9. | Finalize the audit plan | - | - |
| a) Finalize the overall response to assessed risks at the financial statements level (including fraud). | 330 | FSA | |
| b) Finalize the plan for further audit procedures that respond to assessed risks at the assertion level. | 330 | A-UU, 1000-6000 | |
| c) Update the overall audit strategy started from Step 3. | 300 | 430 | |
| d) Communicate the planned scope/timing of the audit to management/those charged with governance and material weakness and significant deficiencies in internal control identified (if not already communicated in Step 3). | 265 | 431 | |
| 10. | Perform the planned (customized) procedures | - | - |
| a) Ensure all relevant audit evidence has been considered. | 330 | - | |
| b) Ensure the financial statements agree or reconcile with the underlying accounting records. | 330 | - | |
| c) Document the results of procedures and discussions of significant findings or issues with management/those charged with governance, including significant judgments made and conclusions reached. | 230 | 725, 745 | |
| d) Ensure that sufficient appropriate audit evidence has been obtained. | 330 | - | |
| 11. | Evaluate the evidence obtained | - | - |
| a) Perform a review of audit documentation and financial statements by someone other than the preparer. | 220 | - | |
| b) Ensure the initial assessments of Risks of material misstatement at the financial statements and assertion levels remain appropriate. If not, document the reasons and any revisions to the audit procedures performed. | 330 | FSA/560-7 | |
| c) Consider whether the nature and circumstances of identified misstatements indicate that other misstatements may exist. If so, document any additional procedures performed. | 450 | 700 |
Reporting Phase (forming an opinion)
| # | Description of audit step | Relevant AU-C | Audit US forms |
|---|---|---|---|
| 12. | Communicate with management/those charged with governance | - | - |
| a) Ensure identified misstatements have been communicated to management/those charged with governance along with a request for their correction. | 450 | 700, 782-2 | |
| b) Document the reasons of management/those charged with governance for not making corrections and the impact on the audit opinion. | 450 | 700 | |
| c) Communicate significant audit findings or issues to management/those charged with governance. | 260 | 745, 775 | |
| d) Communicate any significant deficiencies and material weaknesses (not already reported) in internal control. | 265 | 770 | |
| e) Evaluate the adequacy of the two-way communication with those charged with governance. | 260 | - | |
| f) Evaluate the adequacy of the audit evidence obtained. | 500, 501, 505 | - | |
| g) Obtain written management representations as of the date of the audit report. | 580 | 780 | |
| 13. | Complete the audit file (including file reviews and an engagement quality control review, where applicable) | - | - |
| a) Ensure the financial statements have been prepared, in all material respects, in accordance with the requirements of the applicable financial reporting framework and documentation is complete. | 330 | 710, 785 | |
| b) Ensure the significant judgments made and conclusions reached are appropriate. | - | 725 | |
| c) Evaluate the impact of any remaining uncorrected misstatement(s) on the audit opinion. | 450 | 700 | |
| d) Perform final analytical procedures to corroborate the conclusions formed on financial statements components. | 520 | 660 | |
| e) Update subsequent events work to the date of the audit report. | 560 | 655 | |
| f) Ensure any review comments on file have been cleared. | 220 | - | |
| g) Ensure all the required approvals to release the audit report have been obtained. | - | 730 | |
| h) Determine the date for final assembly of the engagement file (as per the policy in the firm’s quality assurance manual). | 230 | - | |
| 14. | Form an audit opinion | - | - |
| a) Ensure reasonable assurance has been obtained regarding whether the financial statements are free from material misstatement due to fraud or error. | 200 | - | |
| b) Express an opinion on the financial statements in accordance with the audit findings. | 700 | 715 | |
| c) Sign/date the audit report after obtaining evidence of financial statements approval by the recognized authority. | 700 | - |
This online help system applies to all CaseWare Audit, Review and Compilation products. Not all features are available in all products.
Visit us: www.caseware.com | Follow us: 
© 2021 CaseWare International Inc. | Privacy | Terms of Use | Trademarks