Auditing

A BUSINESS RISK APPROACH

6e
Larry E. Rittenberg
University of Wisconsin–Madison

Bradley J. Schwieger
St. Cloud State University

Karla M. Johnstone
University of Wisconsin–Madison

Australia • Brazil • Canada • Mexico • Singapore • Spain • United Kingdom • United States


Auditing: A Business Risk Approach, 6e
Larry E. Rittenberg, Bradley J. Schwieger, Karla M. Johnstone

VP/Editorial Director:
Jack W. Calhoun

Manager, Editorial Media:
John Barans

Art Director:
Linda Helcher

Publisher:

Rob Dewey

Technology Project Manager:
Scott Hamilton

Internal Designers:
C Miller Design

Acquisitions Editor:
Matthew Filimonov

Associate Content Project Manager:
Joanna Grote

Cover Designer:
Stratton Design

Senior Developmental Editor:
Craig Avery

Senior Buyer:
Doug Wilke

Cover Image:
Purestock Media Bakery

Marketing Manager:
Kristen Hurd

Production House:

International Typesetting and Composition

Printer:
Edwards Brothers Ann Arbor, MI

COPYRIGHT © 2008, 2005
Thomson South-Western, a part of The
Thomson Corporation.Thomson, the Star
logo, and South-Western are trademarks
used herein under license.

ALL RIGHTS RESERVED.
No part of this work covered by the copyright hereon may be reproduced or used in
any form or by any means—graphic, electronic, or mechanical, including photocopying, recording, taping,Web distribution or
information storage and retrieval systems, or
in any other manner—without the written
permission of the publisher.

Library of Congress Control Number:
2007923689

Printed in the United States of America
1 2 3 4 5 10 09 08 07
Student Edition (Package)
ISBN 13: 978-0-324-37558-9
Student Edition (Package)
ISBN 10: 0-324-37558-1
Student Edition (Book)
ISBN 13: 978-0-324-65015-0
Student Edition (Book)

ISBN 10: 0-324-65015-9
CD ISBN 13: 978-0-324-37562-6
CD ISBN 10: 0-324-37562-X

For more information about our
products, contact us at:
Thomson Learning Academic Resource
Center
1-800-423-0563

For permission to use material from this
text or product, submit a request online
at .

Thomson Higher Education
5191 Natorp Boulevard
Mason, OH 45040
USA


PREFACE
THE AUDITING ENVIRONMENT has changed dramatically since we introduced
the fifth edition two short years ago. Auditors better understand their public
responsibilities.The Public Company Accounting Oversight Board (PCAOB)
and the U.S. Securities and Exchange Commission (SEC) have emerged as
major players in regulating the profession. Audit firms are challenged to find
efficient ways to integrate risk and control analysis into the design of audits of
financial statements and control systems. In our various professional roles, the
authors have been at the center of this change, and have infused the sixth edition with our unique knowledge of internal control evaluation and the integrated audit.
In the first edition, we raised two fundamental questions that ought to be

asked of all textbooks:
• Does the textbook cover the fundamental elements that all students should know?
• Does the textbook facilitate learning?

We also emphasize a third question that we have stressed from the very first
edition:
• Does the text encourage students to develop a reasoning process that facilitates
their growth in an audit and business environment that will continue to change?

We encourage each potential adopter to evaluate this text, as well as others, on
these dimensions.We believe that users will find that the sixth edition continues
to meet these standards. Since the first edition, we have believed that students must
understand frameworks for audit judgments—and then apply judgment within
those frameworks. Consequently, we have worked hard to increase the capacity of
the chapters to present these important conceptual frameworks, while the end-ofchapter assignment material is designed to challenge students to think and apply
these concepts, not just repeat them back to the instructor.

Addition of New Coauthor
We are pleased to announce Dr. Karla Johnstone, associate professor of accounting at the University of Wisconsin, as our first addition of a coauthor. Karla is
highly respected in the academic community with leading research on client
acceptance, risk analysis, and auditor judgment. She has the unique perspective
of a researcher who has been granted access to confidential firm acceptance and
discontinuance data at the highest levels of international public accounting firms.
In addition, she is a leading educator with a unique talent for facilitating group
work as a basis of learning, and for integrating ethics into the accounting and
audit curriculum.
Karla has been a welcome addition to the sixth edition. She has used her
knowledge as a user of previous editions to suggest ways in which to better
explain fundamental concepts. In addition, Karla has worked to:
• Add ethical dilemma cases at the end of selected chapters throughout the text

• Increase the number of group discussion cases especially designed to facilitate
learning
• Increase our coverage of fraud

All of these contributions help prepare students to learn to think like auditors
in a time of change, to be better attuned to business risks, and to be better prepared to work in groups.


iv

Preface

Major Themes in the Sixth Edition
The sixth edition continues the fundamental themes developed earlier, but we’ve
updated and changed the subtitle of the text to better reflect the fundamental
focus of the text: A Business Risk Approach. These themes are consistent with the
changing nature of the business and audit practice environment.
1. The sixth edition integrates the understanding of business risk and financial
reporting risk. We continue the overriding theme that a good auditor must first understand business risk.When we develop the business risk model and talk about internal controls, we show that it is important to answer the fundamental question: “What are we
trying to control?”The answer is: the risk of material misstatements.Thus, we demonstrate
that controls only exist within a risk context.The sixth edition continues the concept of
risk as an overarching theme throughout the text.
2. The sixth edition reflects changes in the regulatory environment. The current
regulatory environment has changed since the publication of the fifth edition. It now
includes new opinions on internal control over financial reporting, the role of the PCAOB
in both setting standards and performing inspections of audit firms, and the reemergence
of the Auditing Standards Board in setting standards for nonpublic companies. The sixth
edition shows how these changes affect auditor judgment and the audit engagement.
3. The sixth edition reflects the latest implementation of Sarbanes-Oxley (SOX).
Auditors, companies, and other stakeholders now have experience with the implementation of SOX, and especially Section 404.The text points the way through the implementation challenges of public companies as they meet the internal control objectives

contained in Section 404 of SOX.
4. The sixth edition provides a framework and a demonstration of an Integrated
Audit. The environment of today’s audit practice is filled with innovation and reflects
the integrated audit of financial statements and internal controls built on a thorough risk
assessment by the auditor. In a new Chapter 7, the sixth edition not only outlines the
rationale for the integrated audit, but also covers (a) ways in which it should be performed,
and (b) decisions that have to be made in performing such an audit. It develops the
nature of the integrated audit and talks about what is needed to implement it, including
a commitment by management for effective controls. Most importantly, it takes a holistic
view regarding improvements in the practice of auditing and develops expectations of
the challenges new auditors will face as their careers develop.
5. The sixth edition reflects pervasive changes in the technology environment in
which auditors work. Students who know how to use data analysis software—ACL or
other generalized audit software—and who can evaluate the efficacy and effectiveness of
computer controls will have a competitive advantage in their careers. By integrating
ACL software into homework and cases, and providing ACL at no additional charge
with each new copy of the text, the sixth edition helps students gain that competitive
edge.The text further challenges students to put their ACL assignments into a larger
context—to evaluate audit evidence on an integrated basis to explore the ways in which
audits can be both more effective and more efficient.
6. The sixth edition fully explores the fundamental role that auditing plays in
corporate governance. Auditing is a critical element in the functioning of the capital
market system.The sixth edition explores corporate governance as a foundation to
better understand the unique function of the audit.
7. The sixth edition continues to challenge students to expand their judgment
process:
• Discussion questions and problems emphasize application of the concepts developed
in each chapter.
• Group exercises have been better identified for advance assignment.
• Research questions allow students to expand their knowledge beyond the textbook

and introduce them to life-long learning.


v

Preface

Major Changes to the Sixth Edition
The nature of auditing has changed. Students entering the profession must find
ways to demonstrate their knowledge of controls and auditing to add value to
their audit engagements.While retaining the basic structure of the previous editions, there have been major changes to this edition, including the following:
1. A new and separate chapter on the integrated audit. Public accounting firms have struggled
with the need to gain efficiency through an integrated audit of controls and financial statements.This edition devotes a full chapter (chapter 7) to the concept of the integrated audit
and demonstrates how an integrated audit can drive efficiency in the audit process.
We’ve added significant end-of-chapter materials that allow students to think through an
integrated audit approach and demonstrate their knowledge of integrated audits.
2. Additional ethics cases. Several ethics cases have been added, particularly in the chapters
dealing with audit approaches to address account balances.The cases are derived from
real-world experiences and depict the dilemmas that students are likely to face in their
first few years in the profession.
3. Expansion of internal control coverage, principles, and attributes of control. The text
draws heavily on the recent COSO guidance for smaller businesses but is also applicable to larger businesses. The guidance emphasizes a “principles-based” approach to
designing and implementing internal controls over financial reporting. The new
material represents a conceptual improvement in the discussion of internal control
that has not existed in any prior textbook.
4. Internal control is presented as a process. The new guidance on internal control facilitates a process approach to internal control analysis.The process approach better ties into
risk factors and assists the auditor and management in more effectively mitigating the
risk of misleading financial reports.
5. Newest version of ACL. We include a CD containing Version 9 of ACL Desktop Education
Edition at no additional charge with every new copy of the text, and we’ve better integrated

ACL into our homework and cases. ACL is the most popular generalized audit software
on the market.The software enhances the analysis of cases that are couched in significant
account balances such as inventory and accounts receivable.A new fraud case has been
added using Benford’s Law.The exercises facilitate knowledge of how ACL or similar query
products should be used to enhance both audit effectiveness and audit efficiency.
6. Enhanced coverage of corporate governance. Corporate governance is emphasized
throughout the text as it relates to the audit function as well as to the auditor’s evaluation of the effectiveness of internal control over financial reporting.This places audit
thinking into its natural context.
7. Biltrite Computerized Practice Case is updated from the fifth edition and is integrated into the end-of-chapter materials rather than presented in a separate appendix at
the end of the textbook.This better integrates the case into chapters and their assignments.

Understanding
Auditor
Responsibilities

Understanding
the Risk Approach
to Auditing

Understanding
Audit Concepts
and Tools

Performing
Audits

Auditor
Reporting

New Pedagogy

The sixth edition features two new pedagogical elements that help students see
the larger picture of the audit process while providing additional detail and guidance on steps in that process.
New Audit Workflow Diagram at the start of each chapter provides an
overview of the seven phases in the audit process and shows where the chapter
fits within the overall sequence of audit planning, process, and reporting. For

Managing Audit
Firm Risk and
Minimizing Liabilities

Adding
Value


vi

Preface

Understanding Auditor Responsibilities

each chapter, the relevant stage in the audit workflow discussed in that chapter is
highlighted for reference.
New Workflow Detail Sidebars provide additional detail as well as specific
steps and procedure summaries within the audit performance phase.

For What:

Financial Statements
Internal Control Reports
Corporate Governance

Attributes Needed:

Ethics
Standards
Legal Responsibilities
High Quality DecisionMaking

Organization of the Sixth Edition
The sixth edition is organized around three important ideas: (a) because auditing
is an integral part of corporate governance, the profession must continue to win
the respect of the investing public (Chapters 1–3); (b) the business risk approach
is fundamental to efficient and effective auditing (Chapter 4); and (c) students
need to learn to apply judgment, not repeat definitions (Chapters 5–18).
Chapters 1-3: Understanding Auditor Responsibilities. The first three chapters
discuss the importance of audit and assurance services in the context of corporate governance and the economic market place. Chapter 3 introduces ethical principles derived from the SEC instead of just focusing on the rules
developed by the AICPA.
Chapter 4: Understanding the Risk Approach to Auditing. Chapter 4 introduces risk concepts and links them to internal control. The auditor’s understanding of risk facilitates the evaluation of internal controls.
Chapters 5-10: Understanding Audit Concepts and Tools. Chapter 5 develops
the concepts of audit evidence. It draws on the new Auditing Standards Board
standards in developing an assertion approach for testing transactions and
account balances. Increased attention is paid to determining the reliability of
evidence. Chapters 6-8 develop a structure for understanding and evaluating
internal controls, including approaches to using the computer as an audit tool.
The new Chapter 7 provides insight on how an integrated audit should be
performed. Chapter 9 provides an understanding of factors that make fraud
more likely to occur, going beyond a listing of the ‘red flags’ literature to present the fraud risk model. Numerous illustrations from corporate frauds are
used to illustrate needed audit approaches. Chapter 10 follows the development of these frameworks with a framework for answering the sufficiency of
evidence question and understanding how sampling can be used.
Chapters 11-16: Performing Audits. These chapters focus on the application
of the concepts developed earlier to assessing risk and testing account balances. Traditional audit areas such as accounts receivable and inventory are

covered.We continue the coverage of EDI and e-commerce environments, as
well as vendor-managed inventory (VMI). Students are asked to develop audit
programs that identify needed controls in these environments.The coverage is
expanded to cover high-risk areas that apparently have been overlooked on
some audit engagements. These include the need to review material journal
entries. We also expand the coverage of subjective estimates including an
in-depth discussion of auditing goodwill and fixed asset impairments.
Chapter 17: Auditor Reporting. Chapter 17 discusses audit and assurance
reports and provides a broad overview of fundamental precepts that underscore all reporting. Examples are given of various types of audit reports.
Chapter 18: Managing Audit Firm Risk and Minimizing Liabilities. Legal
liability remains important. However, Chapter 18 also considers the added
importance of the regulatory environment and the need for auditors to
operate in an environment in which the principles may not uniformly apply
for each jurisdiction in which the auditor performs services.
Chapter 19:Adding Value. Internal auditing is a dynamic and growing profession that is an integral part of public company compliance with the SarbanesOxley Act. The Institute of Internal Auditors has over 100,000 members in
countries across the globe. Internal auditing is a growing field for the public


Preface

accounting profession. We discuss the nature of internal auditing, which
focuses on providing value-added services to clients.
Biltrite Bicycle Case. Modules of this practice case are embedded in the endof-chapter material of related chapters. Excel worksheets needed to complete
the case appear on the Student Resources page of the product support Web
site (www.thomsonedu.com/accounting/rittenberg).
ACL Cases Appendix. The ACL Appendix at the end of the text contains an
overview of the ACL basic functions followed by a brief, illustrated tutorial to
help students learn how to use the basic features of Version 9 of the ACL
Desktop Education Edition.These are followed by four ACL cases:
1. Pell Grants, a fraud investigation case related to this student grant program

2. Benford’s Law case, a new fraud case dealing with employee expense reimbursements and the application of Benford’s Law of numbers
3. NSG Accounts Receivable, which includes an audit program of procedures for
which the students can use ACL and analyze the results
4. NSG Inventory, which requires students to develop an audit program and then
perform those procedures and analyze the results

Data files for these cases appear on the Student Resources page of the
product support Web site (www.thomsonedu.com/accounting/rittenberg).

Suitability for Alternate Presentation Formats
The sixth edition is designed to fit virtually all one-semester courses in auditing
or assurance services. While the text still emphasizes traditional financial statement audits, this edition develops the audit service within the context of a wider
array of assurance services. We have retained material in end-of-chapter appendices should the instructor wish to expand coverage of certain areas.

Supplements
The sixth edition contains a full range of supplements to aid instructors and students to get the most from the course.
Instructor’s Resource CD (IRCD). This all-in-one tool places all the
resources instructors need to plan and teach in one convenient tool: Solutions
Manual, PowerPoint® slides, Instructor’s Manual,Test Bank in Microsoft® Word,
and ExamView® testing software. ISBN 0-324-37559-X
• The Solutions Manual. This manual, written by the text authors, offers the highest
accuracy as it provides solutions for all end-of-chapter material, plus solutions to ACL
cases and the Biltrite Practice Case. The Solutions Manual is available on the IRCD and
is downloadable to instructors under password protection on the text web site.
• PowerPoint® Presentation Slides. Lectures come alive with these engaging
PowerPoint® slides that are interesting, visually stimulating, and paced for student
comprehension. These slides are ideal as lecture tools and provide a clear guide for
student study and note-taking. PowerPoint® slides are available on the IRCD and are
downloadable by chapter on the Instructor’s Resources page of the product web site.
• Instructor’s Manual. This manual contains all the resources instructors need to minimize

class preparation time while maximizing teaching effectiveness. Chapter overviews,
learning objectives, lecture notes with teaching suggestions, and guides to equip you
with the tools for positive outcomes throughout your course. The Instructor’s Manual
is available on the IRCD and downloadable from the product web site.
• Test Bank in Word. A proven Test Bank, found on the Instructor’s Resource CD, features
the questions instructors need to efficiently assess students’ comprehension. Bank in
word is available on the IRCD and downloadable from the product web site.

vii


viii

Preface

• ExamViewTM Computerized Testing Software. This easy-to-use test-creation program
contains all questions from the Test Bank, making it simple to customize tests to your
specific class needs as you edit or create questions and store customized exams. This
is an ideal tool for online testing. This software is available on the IRCD.

Product Web Site. Instructors and students can teach and understand auditing
and business risk topics with the help of this resource-rich text companion Web
site (www.thomsonedu.com/accounting/rittenberg). Students will find
chapter summaries, online quizzes, and other accounting resources for review, as
well as links to other valuable accounting Web sites. Instructors can easily download password-protected teaching resources and solutions.
Also featured are valuable links to other accounting web sites.

Acknowledgments
We are grateful to members of the staff at Thomson Learning for their help in
developing the sixth edition: Matt Filimonov, acquisitions editor; Craig Avery,

developmental editor; Kristen Hurd, marketing manager; Joanna Grote, content
project manager; and Linda Helcher, art director.
We are again grateful to our students and to the instructors who have used the
previous editions and have given their thoughtful feedback. We also wish to
thank John Rigsby (Mississippi State University) for his perceptive comments in
verification of the Solutions Manual.
We especially thank those who provided reviews and comments during the
development of the sixth edition:
Richard G. Brody, University of South Florida, St. Petersburg
Rafik Elias, California State University, Los Angeles
Terry G. Elliott, Morehead State University
Diana Franz, University of Toledo
Michele Henney, University of Oregon
Kristen Hockman, University of Missouri, Columbia
Laurence E. Johnson, Colorado State University
Ralph D. Licastro,The Pennsylvania State University
Roger D. Martin, University of Virginia
Brian W. Mayhew, University of Wisconsin, Madison
John T. Rigsby, Mississippi State University
Mike Shapeero, Bloomsburg University
Gene Smith, Eastern New Mexico University
Richard A.Turpen, University of Alabama at Birmingham
John M. Zink,Transylvania University

We are very grateful to ACL Services, Ltd., for permission to distribute its
software and tutorials, and for permission to reprint related images.
Larry E. Rittenburg
Bradley J. Schwieger
Karla M. Johnstone



ABOUT

THE

Larry E. Rittenberg
Larry E. Rittenberg, PhD, CPA, CIA, is the Ernst & Young Professor of Accounting
& Information Systems at the University of Wisconsin–Madison, where he
teaches courses in auditing and computer and operational auditing. He serves as
the Chairman of COSO (The Committee of Sponsoring Organizations of the
Treadway Commission) and has been instrumental in developing new guidance on
internal control. He has served as vice-chair of Professional Practices for the
Institute of Internal Auditors (IIA) and president of the IIA Research Foundation;
is a member of the Auditing Standards Committee of the AAA Auditing Section,
the AICPA’s Computer Audit Subcommittee, the Information Technology
Committee, and the Blue Ribbon Commission on Audit Committees. Professor
Rittenberg, a certified internal auditor, has served as staff auditor for Ernst & Young
and has coauthored five books and monographs and numerous articles. He is
married and is the father of two children. In January of 2007, he received the
“Outstanding Educator” award from the auditing section of the American
Accounting Association.

Bradley J. Schwieger
Bradley J. Schwieger, DBA, CPA, is the G.R.
Herberger Distinguished Professor of Business
and Accounting at St. Cloud State University.
He holds professional memberships in the
American Accounting Association (AAA), the
Audit Section of the AAA, the Twin Cities
Chapter of the Institute of Internal Auditors,

the AICPA, and the Minnesota Society of
CPAs. He was formerly a senior auditor with
Arthur Andersen & Co. He was a member of
the International Ethics Committee of the Institute of Internal Auditors. He has
written a number of journal articles in auditing. Professor Schwieger is married
and is the father of two children.

Karla M. Johnstone
Karla M. Johnstone, PhD, CPA, is an Associate Professor of Accounting &
Information Systems at the University of Wisconsin–Madison. She teaches
auditing, and her research investigates auditor decision-making, including auditors’ client acceptance and continuance decisions, how fraud risk affects audit
planning and audit fees, client-auditor negotiation, and audit budget-setting
processes. She has also published various articles on accounting curriculum effectiveness. Professor Johnstone serves on the editorial boards of several academic
journals and is active in the Auditing Section of the American Accounting
Association. She has worked in practice as a corporate accountant and as a staff
auditor for a CPA firm, and she was a doctoral fellow in residence at Coopers &
Lybrand. Professor Johnstone is married and is the mother of three children.

AUTHORS


This page intentionally left blank


BRIEF
CHAPTER 1:

Auditing: Integral to the Economy, 2
CHAPTER 2:


Corporate Governance, Audit Standards, 32
CHAPTER 3:

Understanding and Meeting Ethical
Expectations, 64
CHAPTER 4:

Audit Risk and a Client's Business Risk, 92
CHAPTER 5:

Audit Evidence: A Framework, 150
CHAPTER 6:

Internal Control over Financial Reporting, 188
CHAPTER 7:

Performing an Integrated Audit, 238
CHAPTER 8:

Computerized Systems: Risks, Controls,
and Opportunities, 278
CHAPTER 9:

Auditing for Fraud, 332
CHAPTER 10:

Audit Sampling, 382
CHAPTER 11:

Auditing Revenue and Related Accounts, 430

CHAPTER 12:

Audit of Acquisition Cycle and Inventory, 494
CHAPTER 13:

Audit of Cash and Other Liquid Assets, 538

CONTENTS


xii

Brief Contents
CHAPTER 14:

Audit of Long-Lived Assets and Related Expense
Accounts, 582
CHAPTER 15:

Audit of Acquisitions, Related Entity Transactions,
Long-Term Liabilities, and Equity, 610
CHAPTER 16:

Completing the Audit, 644
CHAPTER 17:

Communicating Audit and Attestation
Results, 678
CHAPTER 18:


Professional Liability, 726
CHAPTER 19:

Internal Auditing and Outsourcing, 756
ACL APPENDIX:

ACL Basics, Tutorial and Cases, 788
Case Index, 821
Index, 823


CONTENTS
CHAPTER 1:

Auditing: Integral
to the Economy, 2

enhanced role of audit committees, 40
Required Audit Communication to the Audit
Committee, 42

introduction, 3

audit standard setting, 44

increased demand for accountability, 10

overview of audit process:
a standards-based approach, 49


Auditing: A Special Function, 4
Auditing Defined, 5
The Need for Unbiased Reporting, 8
Need for Assurance, 9
Demand for Improved Corporate Governance, 10
Required Reporting on Internal Controls, 11
Audit Standard Setting and Auditor Independence, 12
Public Expectation of Auditors, 12
Audit Standard Setting Moved to a Quasi-Public Board, 12

scope of services: other assurance
services, 12
What Is Assurance?, 12

requirements to enter the public
accounting profession, 15
the providers of assurance services, 16
The Public Accounting Profession, 16
The Internal Audit Profession, 17
Governmental Auditing Profession, 18

professional and regulatory
organizations, 18

The Public Company Accounting Oversight Board, 18
The Securities and Exchange Commission, 19
The American Institute of Certified Public
Accountants, 19
Committee of Sponsoring Organizations, 19
Accounting Standard Setters, 19

State Boards of Accountancy, 20
The Institute of Internal Auditors, 20
The U.S. Government Accountability Office, 20
The Court System, 20

Summary, 21
Significant Terms, 21
Review Questions, 22
Multiple-Choice Questions, 24
Discussion and Research Questions, 25
Cases, 31
CHAPTER 2:

Corporate Governance, Audit
Standards, 32

corporate governance and auditing, 33
Corporate Governance Responsibilities, 34
Not a Perfect Storm, 37

the sarbanes-oxley act of 2002, 38

The PCAOB, 39
Auditor Independence Provisions, 39
Corporate Responsibility for Financial Reports, 40

Generally Accepted Auditing Standards, 44
Attestation Standards, 47
Future of Audit Standard Setting, 47


Planning the Audit, 49

Summary, 53
Significant Terms, 53
Review Questions, 54
Multiple-Choice Questions, 56
Discussion and Research Questions, 57
Cases, 63

CHAPTER 3:

Understanding and Meeting
Ethical Expectations, 64
introduction, 64

Corporate Culture, Ethics, and Organizational
Performance, 64
Accepting a Public Trust, 65
Unique Licensure for CPAs, 66

independence: a foundation
requirement, 66

Major Threats to Independence, 66
Managing Threats to Independence, 67
Sources of Independence Guidance, 69
SEC’s Principles for Judging Independence
and Prohibited Non-Audit Services, 69
AICPA Code of Professional Conduct, 70
AICPA’s Approach to Independence, 73


other important elements of a
professional code of ethics, 75

Integrity and Objectivity—Rule 102, 75
Confidentiality—Rule 301, 75
Contingent Fees—Rule 302, 77
Advertising and Other Forms of Solicitation—
Rule 502, 77
Commissions and Referral Fees—Rule 503, 77
Form of Organization and Name—Rule 505, 78
Enforcement of the Code, 78

ethical theories: resolving issues
that are not black or white, 78
Utilitarian Theory, 78
Rights Theory, 79
An Ethical Framework, 79
Applying the Ethical Framework to
the Consolidata Situation, 79


xiv

Contents

Summary, 81
Significant Terms, 81
Review Questions, 82
Multiple-Choice Questions, 83

Discussion and Research Questions, 84
Cases, 89
CHAPTER 4:

Audit Risk and a Client's
Business Risk, 92

nature of risk, 93
risk factors affecting the audit, 95
Engagement Risk, 95
Client Acceptance or Retention Decision, 95
Financial Reporting Risk, 98
Accepting New Clients: Minimizing Risk, 99

materiality and audit risk, 101
Materiality, 101

developing an understanding of
enterprise and financial reporting
risks, 105

Lessons Learned—The Lincoln
Savings and Loan Case, 105
Understanding Management’s Risk
Management Process, 108
Developing an Understanding of Business and Risks, 108
Preliminary Financial Statement Review:
Techniques and Expectations, 113
Risk Analysis and the Conduct of the Audit, 116


Summary, 117
Significant Terms, 117
Review Questions, 118
Multiple-Choice Questions, 120
Discussion and Research Questions, 122
Cases, 129
B I LT R I T E A P P E N D I X :

Biltrite: A Computerized Audit
Practice Case, 135

description of the practice case, 135
Description of the Company, 136

module i: assessment of inherent
risk, 147
Study of the Business and the Industry, 147
Requirements, 148

CHAPTER 5:

Audit Evidence:
A Framework, 150

overview of the audit model, 150
assertion model for financial
statement audits, 152

gathering sufficient, appropriate
evidence, 154

Sufficiency, 156
Reliability of Audit Evidence, 156
Nature of Audit Testing, 160
Audit Procedures, 161

audit programs and documenting
audit evidence, 167
Audit Program Development, 167
Documenting Audit Evidence, 168

auditing account balances affected
by management’s estimates, 173
Evidence, 173
Importance of Quality Review, 174

Summary, 174
Significant Terms, 174
Review Questions, 175
Multiple-Choice Questions, 176
Discussion and Research Questions, 178
Cases, 185

CHAPTER 6:

Internal Control over Financial
Reporting, 188
a framework for control, 189
COSO: Internal Control, Integrated
Framework, 189
The Need for Control, 190


internal control and financial
reporting, 191
Components of an Internal
Control System, 192
Control Environment, 194
Risk Identification and Assessment, 200
Control Activities, 200
Information and Communication, 202
Monitoring, 202

auditor evaluation of internal
controls, 204

Auditor Assessment of Internal Controls as a Basis
for Subsequent Audit Testing, 206
Linking of Financial Statement Assertions
to Specific Control Activities, 211

documenting the auditor’s
understanding of an organization’s
internal controls, 216
Summary, 219
Significant Terms, 219
Review Questions, 220
Multiple-Choice Questions, 222
Discussion and Research Questions, 224
Cases, 233



xv

Contents
CHAPTER 7:

Performing an Integrated
Audit, 238

introduction—expanded audit
requirements, 239
Framework for Audit Evidence in
an Integrated Audit, 239
Audit Report on Internal Control over
Financial Reporting, 240

planning the integrated audit, 245

A Top-Down, Risk-Based Approach, 246
Integrated Audit: Searching for Audit Efficiency, 250

conducting an integrated audit, 254
Evaluating Internal Control over Financial
Reporting, 255
Testing Control Activities, 257

example—integrated audit, 260

Identifying Material Account Balances and Processes, 260
Evaluating Design and Testing, 261
Auditor Testing of Controls, 262

Auditor Assessment of Controls and Implications
for the Financial Statement Audit, 263
Looking Forward: Reducing 404 Compliance Costs, 263

Summary, 264
Significant Terms, 264
Review Questions, 264
Multiple-Choice Questions, 266
Discussion and Research Questions, 267
Cases, 275

CHAPTER 8:

Computerized Systems: Risks,
Controls, and Opportunities, 278
introduction, 278
overview of computerized accounting
systems, 279
Identifying Types of Computer Software
and Associated Risks, 279
Interconnected Systems—The Virtual
Private Network, 281

general and application controls, 282

General Controls, 283
Program Development and Program Changes, 284
Controlling Access to Equipment, Data, and Programs, 284
Data Transmission Controls, 287
Application Controls, 287

Overview of Computer Controls Risk Assessment, 291

electronic commerce, 294

EDI: A Popular Type of E-Commerce, 295

computer-aided audit techniques, 297
Integrated Test Facility:Testing Correctness
of Processing, 297

Tracing Transactions through the System:The
Tagging and Testing Approach, 299
Selecting Recorded Data for Testing: Generalized
Audit Software, 300

audit approaches for e-commerce, 304
Risk Analysis, 304

Summary, 305
Significant Terms, 305
Review Questions, 306
Multiple-Choice Questions, 308
Discussion and Research Questions, 309
Cases, 317
B I LT R I T E P R AC T I C E C A S E ,

320

module ii: assessment of control risk, 320
Control Environment, Accounting Information System,

and Control Procedures, 320

CHAPTER 9:

Auditing for Fraud, 332

fraud and auditor responsibilities:
a historical evolution, 332

Magnitude of Fraud, 333
Fraud Defined, 334
Evolution of Fraud and Auditor Responsibility, 336
Financial Reporting Frauds—The Second
COSO Report, 338

auditing standards—more
responsibility, 339

A Proactive Approach to Fraud Detection, 339
Conducting the Financial Statement
Audit—Fraud Awareness, 340

audit procedures when fraud
risk is high, 357

Characteristics of Financial Reporting Frauds, 357
Characteristics of Defalcations, 358
Audit Procedure and Evidence Considerations, 359
Using the Computer to Analyze the Possibility
of Fraud, 362

Responsibilities for Detecting and Reporting
Illegal Acts, 363

forensic accounting, 363
Summary, 364
Significant Terms, 365
Review Questions, 365
Multiple-Choice Questions, 368
Discussion and Research Questions, 369
Cases, 377
CHAPTER 10:

Audit Sampling, 382
introduction, 382

Overview of Audit Sampling, 383


xvi

Contents

Non-Sampling and Sampling Risk, 384
Selecting a Sampling Approach, 386

testing control effectiveness
and compliance, 387
Attribute Estimation Sampling, 388
Nonstatistical Sampling, 397


sampling to test for account balance
misstatements, 397
Substantive Sampling Considerations, 397
Nonstatistical Sampling, 400
Probability Proportional to Size Sampling, 401
Error Evaluation Terminology, 406
No Misstatements in the Sample, 406
Misstatements in the Sample, 407
Frequent Misstatements Found, 409
Unacceptable Sample Results, 409
Comparison of Sample Evaluation—PPS
and Nonstatistical Sampling, 410

Summary, 411
Significant Terms, 411
Review Questions, 413
Multiple-Choice Questions, 414
Discussion and Research Questions, 415
Cases, 423

Audit Steps for an Integrated Audit, 444

example: an integrated audit of sales
and receivables, 445
Develop an Understanding of Internal
Controls, 445
Identify Important Controls, 445
Design and Perform Tests of Internal Controls, 446
Evaluate Accounts for Unusual Activity, 446
Determine Year-End Tests, 446


linking internal controls
and audit assertions, 447

Control Structure Regarding Returns, Allowances,
and Warranties, 449
Importance of Credit Policies Authorizing Sales, 449

substantive testing in the revenue
cycle, 452
Planning for Direct Tests of Transactions and
Account Balances, 453
Audit Objectives and Assertions, 453

substantive tests of revenue, 453

appendix 10a: effect of population size
(finite adjustment factor), 424
B I LT R I T E P R AC T I C E C A S E ,

auditing internal controls and
account balances—the integrated
audit of revenue, 442

427

module iii: control testing—sales
processing, 427
Requirements, 428


module iv: pps sampling—factory
equipment additions, 428
Requirements, 429

CHAPTER 11:

Auditing Revenue and Related
Accounts, 430
introduction, 431

The Cycle Approach, 431
Overview of the Revenue Cycle, 431

Substantive Tests of Accounts Receivable, 455
Standard Accounts Receivable Audit Procedures, 456
Related-Party Receivables, 464
Non-Current Receivables, 464
Sold, Discounted, and Pledged Receivables, 464
Few but Large Sales—Confirmation of Sales, 464
Fraud Indicators and Audit Procedures, 465
Allowance for Doubtful Accounts, 466

Summary, 467
Significant Terms, 467
Review Questions, 468
Multiple-Choice Questions, 470
Discussion and Research Questions, 473
Cases, 486

appendix 11a: regression analysis, 490

B I LT R I T E P R AC T I C E C A S E ,

module v: accounts receivable
aging analysis, 492
Requirements, 492

business risk and business
environment, 435

CHAPTER 12:

analytical analysis for possible
misstatements, 439

introduction, 494

Revenue Recognition, 435
Fraud Risk Factors—Revenue Recognition, 438

Comparison of Revenue Trend with
Industry Trends, 439
Compare Cash Flow from Operations with
Net Income, 440
Other Analytical Procedures, 440
Regression Analysis, 441

492

Audit of Acquisition Cycle and
Inventory, 494

Overview of the Acquisition Cycle, 494
Business Risk and Business Analysis, 495
Analytical Analysis for Misstatements, 496

audit of the acquisition cycle, 497
Overview of Control Procedures and
Control Risk Assessment, 497


xvii

Contents

Testing Controls over Accounts Payable
and Related Expenses, 501
Substantive Tests of Accounts Payable, 502
Audits of Expense Accounts, 503

integrated audit of inventory and cost
of goods sold, 506
Internal Controls for Inventory, 507
Key Processes and Risks, 507
Substantive Tests of Inventory and Cost of
Goods Sold, 510

module viii: dallas dollar
bank—bank reconciliation, 578
Requirements, 578

module ix: analysis of interbank

transfers, 578
Requirements, 578

module x: analysis of marketable
securities, 579

CHAPTER 14:

Audit of Long-Lived Assets and
Related Expense Accounts, 582
535

module vi: sales and purchases cutoff
tests, 535
Requirements, 535

module vii: search for unrecorded
liabilities, 535
Requirements, 536

CHAPTER 13:

Audit of Cash and Other
Liquid Assets, 538
introduction, 538

Overview of Cash Accounts Affected, 538
Types of Marketable Security Accounts, 539
Business Risk and Business Environment, 540
Planning for Audits of Cash and Marketable

Securities, 540

audit of cash, 543

Evaluating Control Risk: Cash Accounts, 543
Understanding and Testing Internal Controls, 546
Substantive Testing of Cash Balances, 546
Integrated Audit of Cash, 555

audit of marketable securities
and financial instruments, 556

Audits of Marketable Securities, 556
Audits of Commercial Paper, 556
Audits of Other Short-Term Securities, 556
Other Financial Instruments and Derivatives, 557
Application of Concepts: Audit of
Financial Hedges, 560

Summary, 562
Significant Terms, 563
Review Questions, 564
Multiple-Choice Questions, 565
Discussion and Research Questions, 567
Cases, 576

578

Requirements, 579


Summary, 517
Significant Terms, 517
Review Questions, 517
Multiple-Choice Questions, 520
Discussion and Research Questions, 522
Cases, 531
B I LT R I T E P R AC T I C E C A S E ,

B I LT R I T E P R AC T I C E C A S E ,

business risk and business
environment, 582
analytical analysis for possible
misstatements, 584

Analyze Industry Trends and Changes in Product Lines, 584
Analyze Depreciation for Consistency
and Economic Activity, 585

integrated audit of fixed assets
and related expenses, 585

Evaluating Control Risk and Control Effectiveness, 586
Controls for Intangible Assets, 586
Basic Audit Procedures and Impact of Auditor’s
Assessment of Internal Controls, 587
Tests of Property Additions and Disposals, 589
Asset Impairment, 592
Discontinued Operations, 593
Depreciation Expense and Accumulated

Depreciation, 593
First-Time Audits, 594

intangible assets, 594
natural resources, 595
leases: a special consideration, 596
Motivation to Lease, 596
Proper Accounting Treatment, 597
Audit Approach, 598

Summary, 598
Significant Terms, 598
Review Questions, 598
Multiple-Choice Questions, 600
Discussion and Research Questions, 601
Cases, 606
B I LT R I T E P R AC T I C E C A S E ,

608

biltrite bicycles, inc., 608
module xi: plant asset additions
and disposals, 608
Requirements, 608


xviii

Contents


CHAPTER 15:

Audit of Acquisitions, Related
Entity Transactions, Long-Term
Liabilities, and Equity, 610
business risk and business
environment, 611
mergers and acquisitions, 611

Acquisition—Asset Valuation Issues, 611
Testing for Goodwill Impairment, 614
Restructuring Charges: Good Business or an Opportunity
to Manipulate Reported Earnings, 618

transactions with related entities, 619
Accounting for Transactions with Related
Entities, 619
Related-Entity Transactions and Small Businesses, 620
Audit Approach for Related-Entity Transactions, 620
Variable Interest Entities, 621
Disclosure of Significant Relationships, 622

audits of long-term liabilities
and owner’s equity, 623

Liabilities with Significant Subjective Judgments, 623
Bonds and Stockholder’s Equity, 625

Summary, 628
Significant Terms, 629

Review Questions, 629
Multiple-Choice Questions, 630
Discussion and Research Questions, 632
Cases, 638
B I LT R I T E P R AC T I C E C A S E ,

Summary, 663
Significant Terms, 663
Review Questions, 664
Multiple-Choice Questions, 665
Discussion and Research Questions, 666
Cases, 671
B I LT R I T E P R AC T I C E C A S E ,

676

module xiv: working
trial balance, 676
CHAPTER 17:

Communicating Audit
and Attestation Results, 678
audit reports, 679

Expression of an Opinion, 679
Association with Financial Statements, 680
Types of Audit Reports, 680
Modifications of the Standard
Unqualified Report, 681
Modifications Not Affecting the Opinion, 682

Modifications Affecting the Opinion, 685
Reports on Comparative Statements, 690
International Reporting, 691
Summary of Audit Report Modification, 693

reviews and compilations, 693

Public/Non-Public Companies, 694
Procedures Common to All Levels of Service, 694
Reviews, 695
Compilations, 698

641

module xii: estimated liability
for product warranty, 641
Requirements, 641

module xiii: mortgage note payable
and note payable to bank two, 642
Requirements, 642

CHAPTER 16:

Completing the Audit, 644

assessing the quality of the audit, 645
Analytical Review of the Audit and
Financial Statements, 645
Concurring Partner Review, 645


other considerations in the final
review stage of the audit, 646

Contingencies, 646
Adequacy of Disclosures, 647
Management Representations, 649
Management Letter, 652
Evaluating the Effects of Substantive Testing Results, 652
Evaluating the Going Concern Assumption, 654
Review of Significant Estimates, 657
Communicating with the Audit Committee, 658
Subsequent Events, 659

reports on other financial
information, 699

Special Reports, 699
Interim Financial Information, 703
Financial Reports on the Internet, 705

the world of attestation services, 705
reports on other financial
and non-financial information, 706
Summary, 707
Significant Terms, 707
Review Questions, 708
Multiple-Choice Questions, 709
Discussion and Research Questions, 712
Case, 722

B I LT R I T E P R AC T I C E C A S E ,

724

module xv: audit report, 724
Requirements, 724

CHAPTER 18:

Professional Liability, 726
the legal environment, 726

Joint and Several Liability, 728
Audit Time and Fee Pressures, 728
Audits Viewed as an Insurance Policy, 728


Contents

Contingent-Fee Compensation for Lawyers, 728
Class Action Suits, 729

legal concepts, 729

Causes of Legal Action, 730
Parties That May Bring Suit Against Auditors, 730
Liability to Clients, 731
Common-Law Liability to Third Parties, 732
Statutory Liability to Third Parties, 734
Liability Issues of Multi-National CPA Firms, 737

Liability Impact of Internet Dissemination of Audited
Financial Information, 738
Summary of Auditor Liability to Third Parties, 738

approaches to mitigating
liability exposure, 738

Continuing Education Requirement, 738
Policies to Help Ensure Auditor Independence, 739
Prohibited Services, 739
Restrictions on Non-Audit Services for Audit
Clients, 739
Auditor Independence Programs, 740

quality control programs, 740
Quality Control Standards, 740
External Inspections/Peer Reviews, 740
Internal Peer Review, 741

defensive auditing, 741

Engagement Letters, 741
Client Screening, 741
Evaluating the Firm’s Limitations, 742
Maintaining Accurate and Complete Audit
Documentation, 742
Limited-Liability Partnerships, 742
Role of Insurance, 742
Tort Reform, 742


effect of court cases on auditing
standards and practice, 743
Engagement Letters, 743
Audit Procedures, 743
Subsequent Events, 744
Related-Entity Transactions, 744

Summary, 745
Significant Terms, 745
Review Questions, 746
Multiple-Choice Questions, 747
Discussion and Research Questions, 749
Cases, 753
CHAPTER 19:

Internal Auditing
and Outsourcing, 756

internal auditing: a unique
profession, 757

Internal Auditing Defined, 757
Internal Auditing and Regulatory Recommendations, 764

breadth of internal auditing, 765

Internal Auditing Contrasted with External Auditing, 765
Multitude of Internal Audit Groups, 765

Internal Audit Outsourcing, 767

Value-Added Internal Auditing, 767
Risk Analysis, 768
Information Reliability, 768
Control Effectiveness, 768
Effectiveness and Efficiency of Operations, 768
Regulatory and Other Compliance Audits, 772
Fraud Investigations, 773

internal auditing and
sarbanes-oxley, 773
internal audit standards
and the iia, 773
Internal Audit Standards, 773
IIA’s Code of Ethics, 774
Reporting Fraud, 775

Summary, 776
Significant Terms, 776
Review Questions, 777
Multiple-Choice Questions, 778
Discussion and Research Questions, 780
Cases, 786

ACL APPENDIX:

ACL Basics, Tutorial
and Cases, 788
data files, 788
getting started, 788
acl basics, 788


(1) Create a New Project, 789
(2) Open an Existing Project, 789
Basic Activities, 789
Delete Files, 792
Close Projects, 793

acl tutorial, 793

Start-Up, 793
Husky Tutorial Case, 793
Audit Procedures, 793

acl case 1—fraud, 815
acl case 2—benford’s law case, 815
Using ACL to Perform Benford Analysis, 816
The Case, 816
Required, 816

introduction to acl cases 3 and
4—accounts receivable and
inventory, 817
acl case 3—accounts receivable, 817
acl case 4—inventory, 819

Case Index, 821
Index, 823

xix



This page intentionally left blank


Dedication
The book is dedicated to our parents, who encouraged us and provided
support for our professional development, and to our wives, Kathleen
and Ellen Deane, for their love, patience, and help in encouraging us
to continue with this endeavor to assist in the development of
the next generation of professionals who pursue this
wonderful career.
Larry E. Rittenberg
Bradley J. Schwieger


This page intentionally left blank


Auditing

A BUSINESS RISK APPROACH

6e


CHAPTER

1

Auditing: Integral

to the Economy
LEARNING OBJECTIVES
Through studying this chapter, you will be able to:
•

Understand the important dimensions of reliable financial information for the efficient
functioning of economies.

•

Understand the demands for more timely information about both financial information
and the processes used to develop that information.

•

Understand how the public accounting profession has changed and how those
changes affect the nature of the audit process.

•

Understand the need for reporting on internal control over financial reporting and the
unique reporting requirements for publicly-held companies.

•

Describe the unique roles of internal, external, and governmental auditors in improving the reliability of financial information and the processes that lead to the recording and presentation of financial information.

•

Define the term “auditing” and describe its unique nature as an assurance service.


•

Identify and evaluate the factors that affect the credibility of parties performing
audit and assurance services.

•

Identify various users of financial data, the diversity of their perspectives, and the
need for objectivity in preparing financial data.

•

Describe the types of assurance (audit) reports that can be issued.

•

Identify the important regulatory bodies that affect the nature and quality of assurance services, as well as the scope of services provided.

CHAPTER OVERVIEW
The capital markets depend on accurate, reliable, and objective (neutral) data
that portray the economic nature of an entity’s business and in turn provide a
base to judge current progress toward long-term objectives. If the market does
not receive reliable data, investors lose confidence in the system, make poor
decisions, may lose a great deal of money, and ultimately, the system may fail.
It is a complex process. The Financial Accounting Standards Board (FASB) and
Governmental Accounting Standards Board (GASB) define accounting principles; management applies the accounting principles and develops systems of
internal control; and the auditing profession independently tests management’s
reports to ensure reliable reporting of financial information. But that is not
enough. Once a year is not sufficient! Investors and other users rely on information that is developed throughout the year. They want assurances that this

interim information, not just the annual financial statements, is also accurate.
The capital markets have responded by requiring reports on a company’s internal control over financial reporting for all public companies.
The auditor’s task is both difficult and crucially important. The auditor
must gather independent evidence to gain assurance that management’s
processes and reporting are reliable. In the United States, the quality of management control processes is judged with reference to the Committee of