Wiley Practitioner's Guide to GAAS 2020. Joanne M. Flood

       Exercising professional skepticism

       Evaluating audit evidence

       Considering programs and controls to address those risks

       Designing additional or different audit procedures to obtain more reliable evidence

       Obtaining additional corroboration of management’s responses or representations

      1 Evaluate the overall conduct of the audit.

      2 Adjust the nature, timing, and extent of audit procedures performed in response to identified risks.

      3 Perform certain procedures to address the risk that management will override controls.

      1 Assignment of personnel and supervision. The personnel assigned to the engagement should have the knowledge, skill, and experience necessary to address the auditor’s assessment of the level of risk of the engagement. The extent of supervision should also reflect the level of risk.

      2 Accounting principles. The auditor should evaluate management’s selection and application of significant accounting principles, particularly those relating to subjective measurements and complex transactions. The auditor should also consider whether the collective application of the principles indicates a bias that may create a material misstatement.

      3 Predictability of audit procedures. The auditor should vary procedures from year to year to create an element of unpredictability. For example, the auditor may perform unannounced procedures or use a different sampling method.

       The nature of procedures may need to be modified to provide more reliable and persuasive evidence, or to corroborate management’s representations. For example, the auditor may need to rely more on independent sources, physical observation of assets, or computer- assisted audit techniques (CAATs).

       The timing of procedures may need to be changed. For example, the auditor may decide to perform more procedures at year-end, rather than relying on tests from an interim date.

       The extent of procedures applied should reflect the assessment of fraud risk and may need to be adjusted. For example, the auditor may increase sample sizes, perform more detailed analytical procedures, or utilize more computer-assisted audit techniques.

       Perform unannounced or surprise procedures at locations.

       Ask that inventories be counted as closely as possible to the end of the reporting period.

       Orally confirm with major customers and suppliers in addition to sending written confirmations.

       Send confirm requests to a specific party in an organization.

       Perform substantive analytical procedures using disaggregated data, such as comparing gross profit or operating margins by location, line of business, or month to auditor-developed expectations.

       Interview personnel involved in areas where a fraud risk has been identified to get their views about the risk and how controls address the risk.

       Discuss with other independent auditors auditing other subsidiaries, divisions, or branches the extent of work that should be performed to address the risk of fraud resulting from transactions and activities among those components.

       If the work of an expert becomes particularly significant with respect to a financial statement item for which the assessed risk of misstatement due to fraud is high, perform additional procedures relating to some or all of the expert’s assumptions, methods, or findings to determine that the findings are not unreasonable, or engage another expert for that purpose.

       Perform audit procedures to analyze selected opening balance sheet accounts of previously audited financial statements to assess how certain issues involving accounting estimates and judgments (for example, an allowance for sales returns) were resolved with the benefit of hindsight.