Microsoft Audit Planning - 8 Steps

Parties are considered to be related if one party has the ability to control the other party or exercise significant influence over the other part in making financial and operating decisions (Rick Hayes et all, 1999).

Similarity the US Statement of Auditing Standard No. 45 also says that:

Affiliated companies, principal owners of the company or any other party which company deals where one of the parties can influence management or operating policies of the other (AICPA, AU 334).

Related Party Transaction most commonly refers to the transfer of resources or obligations between related parties regardless of whether a price is charged.

As per Form 10-K of Microsoft Corporation, under Part II, Item 8, page60 (Form 10-K, 2013), Microsoft have not adopted the recent accounting guidance including disclosure relating to intercompany transactions and such guidance will be effective for them with effect from July 01, 2014 and Under Part II, Item 8, page54 Form 10K, 2013), Notes to Financial Statements, The financial statements include the accounts of Microsoft Corporation and its subsidiaries, Intercompany transactions and balances have been eliminated. Therefore we assess Inherent risk as high as there are chances of lacking independence between involved parties in the transactions and the opportunities of engaging in fraudulent financial reporting.

Form 10-K, Part III, Item 10, Directors, Executive Officers and Corporate Governance

A list of our executive officers and biographical information appears in Part I, Item 1 of this Form 10-K. Information about our directors may be found under the caption “Our Director Nominees” in our Proxy Statement for the Annual Meeting of Shareholders to be held November 19, 2013 (the “Proxy Statement”). Information about our Audit Committee may be found under the caption “Board Committees” in the Proxy Statement. That information is incorporated herein by reference.

The information in the Proxy Statement set forth under the caption “Section 16(a) Beneficial Ownership Reporting Compliance” is incorporated herein by reference.

We have adopted the Microsoft Finance Code of Professional Conduct (the “finance code of ethics”), a code of ethics that applies to our Chief Executive Officer, Chief Financial Officer, Chief Accounting Officer and Corporate Controller, and other finance organization employees. The finance code of ethics is publicly available on our website at www.microsoft.com/investor/MSFinanceCode. If we make any substantive amendments to the finance code of ethics or grant any waiver, including any implicit waiver, from a provision of the code to our Chief Executive Officer, Chief Financial Officer, or Chief Accounting Officer and Corporate Controller, we will disclose the nature of the amendment or waiver on that website or in a report on Form 8-K.

Above information shows that Microsoft have effective board of directors to assist by ensuring the company takes only appropriate risks while the audit committee through oversight of financial reporting which can reduce the likelihood of overly aggressive accounting. However we should gain knowledge of the company’s code of ethics in order to disclose any amendments of the code of conduct which will have significant impact about the governance system, related integrity and ethical values of senior management.

Item 9A, Controls and Procedures, Page 90, Reports of Management on Internal Control over Financial Reporting, it states that

Microsoft Corporation has conducted an evaluation of the effectiveness of our internal control over financial reporting based on the framework in Internal Control – Integrated Framework (1992) issued by the Committee of Sponsoring Organizations of the Tread way Commission. Based on this evaluation, management concluded that the company’s internal control over financial reporting was effective as of June 30, 2013. There were no changes in our internal control over financial reporting during the quarter ended June 30, 2013 that have materially affected, or are reasonably likely to materially affect, our internal control over financial reporting. Deloitte & Touché LLP has audited our internal control over financial reporting as of June 30, 2013; their report is included in Item 9A. We can test by following up with their meeting of minutes to see if the responsibilities are being met.

Microsoft Corporation is a large organisation with many locations, millions of turnover yearly, high value of assets and high headcount of employees.

Other than the employees, shareholders and executive officers of the registrants whom are closely associated with Microsoft Corporation, there are other companies like Taiwan Semiconductor Manufacturing Company and IBM who supplies them with raw materials are deemed to be closely associated with the company, The suppliers’ income are based on the inventory turnover in Microsoft, the higher the inventory turnover, the better the revenue will be derive and cost of revenue will be increase which gives high profit on suppliers’ point of view.

The following names which were found on Form 10-K are also consider board of directors whom are closely associated with Microsoft Corporation. 

We, as an auditors, the knowledge of Microsoft’s objectives and strategies helps us to assess business risk and Inherent risk in the financial statements, and we have to understand the objectives related to compliance with law and regulations such as long terms notes and bond payable in order to have a better perspective of the organization and better assess Inherent risk. We have to make sure that any contingent liabilities have to be disclosure in the financial statement under notes to financial statement or notes to accounts. 

STEP 3: ASSESS CLIENT’S BUSINESS RISK

Client business risk is the risk that the client will fail to achieve its objectives. Most common factors affect Client and their environments are significant declines in the economy that threaten the cash flow or client failing to execute its strategies as well as its competitors. However, in auditor point of view, their primary concern is the risk of material misstatements in the financial statements occur due to client business risk. For example; Goodwill recorded in the acquisition may be impaired which affect the fair presentation in the financial statements if planned synergies by Microsoft Corporation do not develop. According to Form 10-K, Part IV, Item 15; we can tell that management of Microsoft Corporation have conducted thorough evaluations of business risks that affect financial reporting as per required by Sarbanes Oxley Act of 2002 so that it will be able to certify quarterly and annual financial statements and to evaluate the effectiveness of disclosure controls and procedures. It also ensures that material information about business risks are communicated to management and disclosure to external stakeholders such as investors. We can exchange information about the business risk and likelihood to material misstatement due to fraud or error.  (We have done a chart for Risk Factors Chart as per attached)

Microsoft Corporation’s operations and financial results are subject to various risks and uncertainties, including those described below, that could adversely affect our business, financial condition, results of operations, cash flows, and the trading price of our common stock. Table 3.1 summarizes the relationship between Microsoft’s business and industry and their business risk and auditor’s assessment of the risk of material financial statement misstatements.  From the chart, we able to know that Microsoft faces a high inherent risk due to technology changes, currency rate risk, contingent liabilities, competitor risk. By looking at the industry and its risk are not sufficient enough, therefore performing preliminary analytical procedures can help us to have better understanding towards Microsoft Company and assess the materiality of the business risk.

STEP 4: PERFORM PRELIMINARY ANALYTICAL PROCEDURES

We will perform analytical procedures by comparing client ratios to prior year and industry benchmarks to provide a significant performance of Microsoft Corporation. Such comparison can help us to identify the areas with increased risk of misstatements that will require further attention during the audit.

Liquidity related ratios are one of the most widespread indicators of a company's solvency. The current ratio shows the capacity of a company to meet current liabilities with all available current assets. Quick ratio describes solvency in the near future. Cash ratio shows if there is enough means for uninterrupted execution of current transactions. All three ratios for Microsoft Corporation are calculated in the following table.

For the whole period reviewed, the current ratio was observed to grow slightly from 2.60 to 2.71 (+0.11). On the last day of the period analysed (30.06.2013), the ratio demonstrates a very good value.

The quick ratio was equal to 2.56 on the last day of the period analysed. The quick ratio increased slightly (by 0.15) for the whole period reviewed. The value of the quick ratio can be specified as very good on 30 June, 2013. This means, Microsoft Corporation is seen to have a normal relationship between liquid assets (current assets minus inventory) and current liabilities (liabilities with a maturity of less than 1 year). Liquidity ratio of Microsoft shows us that on an average, Microsoft is able to settle its debts in the event of liquidation smoothly. They also have its ability to cover its short term assets into cash in the event of emergency and in a quick manner.

Similar to the two previous ratios, the cash ratio has a normal value (2.06) on 30 June, 2013 which demonstrates that the company has enough liquid assets (cash and cash equivalents) to meet current liabilities.

The profitability ratios given in the table have positive values as a result of the profitability of Microsoft Corporation's activities during the whole period analysed. The gross margin equalled 74% for the last year, that is somewhat lower (-2.2%) than the gross margin for the same period of the prior.

Profitability ratio of Microsoft indicates that they have the ability to generate earnings as compared to its expenses and other relevant costs & they are doing very well.

The profitability calculated by earnings before interest and taxes (Return on sales) is more important from a comparative analyses point of view. The return on sales was 0.35 or 34.7% per annum during the year, while the profit margin was 28.1% per annum.

During the entire period reviewed, the return on assets demonstrates a first-rate value of 15.3%.

The most important ratio of business profitability is the return on equity (ROE), which reflects the profitability of investments by the owners. During the last year, a return on equity was 30.1% per annum. It is a high rate, but it is influenced not only with factors inside the company, but also the economic environment where the company is located (inflation rate, interest rates, etc.)

In the following table, the calculated rates of turnover of assets and liabilities describe how fast prepaid assets and liabilities to suppliers, contractors and staff are affected. Turnover ratios have strong industry specifics and depend on activity. This is why an absolute value of the ratio does not permit making a qualitative assessment. In order to identify areas of specific risk, we will likely to focus on the liquidity activity ratios.

* Calculation in days. Ratio value is equal to 365 divided by days outstanding.

As compared to the industry average extracted from MSN home, the receivable turnover and Inventory turnover shows to be lower than the industry of 8.09 and 11.24 respectively. As both activity ratios are likely to be assessed as high inherent risk (Aren et al, 2014) and therefore likely warrant additional attention in the current year’s audit. 

To conclude these analytical procedures, as we can see there is not much of a difference between both years thus, it is very unlikely for any material misstatement that has occurred; we might need to re-perform such procedures by calculating the financial ratio if required during field work and if the control risk is high.

For a full detailed analysis report for Microsoft Corporation, please refer to the additional references notes under “Microsoft Corporation's Financial Condition Analysis”

STEP 5 SET MATERIALTY AND ASSESS AUDIT ACCEPTABLE RISK AND INHERENT RISK

Materiality is an omission or misstatement of accounting information that would influence or change a related user of the financial statement by the omission or misstatement (Aren ET. Al. 2006)

Step 1 & 2 – Involve Planning

Steps 3 to 5 - Involve evaluating results of tests.

Preliminary judgment about materiality is the maximum amount of which the auditor believes the statements could be misstated and still not affect the decisions of reasonable users. We should set a preliminary judgment about materiality to help place the appropriate evidence to accumulate.

Because of materiality is relative rather than absolute, it is necessary to have bases for establishing whether the misstatements are material.  Net income before taxes is often the primary base for evaluating materiality. After establishing a primary base, we will decide whether misstatement could materially affect the reasonableness of other bases such as current assets, total assets, current liabilities and owners' equity and we will be able to assess the inherent risk, acceptable audit risk, control risk to determine the level of fraud risk.

Percentage - 3-6% of net income before taxes will be used to establish materiality.

(a) Small performance materiality - easy to audit at low cost.                                                

(b) Large performance materiality - account is large and requires extensive sampling to audit.

(c) Large performance materiality - a percent of account can be verified at low cost, probably with analytical procedures.         

(d) Small performance materiality - most of balance is unchanged from prior year and audit of additions is relatively low cost.        

(e) Moderately large performance materiality - relatively large number of misstatements are expected.                         

(f) Not applicable - retained earnings is a residual account that is affected by the net amount of the misstatements in the other accounts.

STEP 6 ASSESS CONTROL RISK

Based on the Microsoft's report of Management on internal control over the financial reporting under form 10-K Item 9, Microsoft's internal control over financial reporting includes:

1. Maintaining records that in reasonable detail accurately and fairly stated;
2. providing reasonable assurance that transactions are recorded as necessary for preparation of our financial statements;
3. Providing reasonable assurance that receipts and expenditures of company assets are made in accordance with management authorization;
4. Providing reasonable assurance that unauthorized acquisition;
5. Use or disposition of company assets that could have a material effect on their financial statements would be prevented or detected on a timely basis.

“Management also conducted an evaluation of the effectiveness of their internal control over financial reporting was effective as of June 30, 2013 based on the framework in Internal Control - Integrated Framework (1992) and there were no changes in their internal control over financial reporting during the quarter ended June 30, 2013”. (FORM 10K, 2013)

Under Step 4 of the audit planning; we are more likely to have additional attention in Accounts Receivable, Inventory Turnover can lead to high inherent risk, however as explained in Step 5; the result from performance materiality also shows that large performance materiality - account is large and requires extensive sampling to audit are accounts receivable, accounts payable and Inventory Turnover, Moderately large performance materiality - relatively large number of misstatements are expected are Income Tax, goodwill and intangible assets accounts. Step 6 says that Microsoft internal Control is based on COSO framework and financial statements are required by Sarbanes Oxley Act of 2001, we can conclude that Microsoft has a good internal control environment as of now.  

Before testing the effectiveness of Internal Control of Microsoft Corporation, by understanding all the information based on Step 1 to 5, we set as:

High audit acceptable risk = Low Inherent Risk x Low Inherent Risk x High Planned Detection Risk

Although management’s assertion and the FORM 10K say that Microsoft has a good internal control, we will still have to perform test of controls by designing control risk matrix for each transaction-related to audit object such as completeness, occurrence, authorization, segregation of duties and see their assertion towards internal control is true and fair.  If the testing of control is good, we will have to perform lesser evidence on substantive testing if Microsoft satisfies the following 4 conditions:

“Test of control over operating effectiveness includes the following four procedures:

1.        Make inquiries of appropriate client personnel - make inquiries of how often the performance reviews are carried out to segregation of duties to discover if policies and procedures allow the carrying out of management objectives.

2.        Examine documents, records, and reports- examine the documents to make sure that they are complete and properly matched and that required signatures or initials are present.

3.        Observe control-related activities- observe how the company operates and procedures whether they have adequate separation of duties.

4.        Re-perform client procedures – Re-perform the control activity to see whether proper results were obtained.” (Aren et al, 2006)

---

STEP 7 GATHER INFORMATION TO ASSESS FRAUD RISK

Fraud is defined as an intention to misstate a company’s financial statements.  The 3 broad examples are asset misappropriation, corruption and fraudulent financial statements.  The new fraud standard, Statement on Auditing Standards no. 99, Consideration of Fraud in a Financial Statement Audit, is the cornerstone of the AICPA’s comprehensive antifraud and corporate responsibility program (SAS 99, 2002), it aims to have the auditor’s consideration of fraud seamlessly blended into the audit process and continually updated until the audit’s completion.

SAS no. 99 describes a process in which the auditor,

(1) Gathers information needed to identify risks of material misstatement due to fraud,

(2) Assesses these risks after taking into account an evaluation of the entity’s programs and controls and

 (3) Responds to the results.

In the case of Microsoft, they have a specifically dedicated team who go about identifying the types of fraud that can be committed by their employees. Although Microsoft’s internal control is good, but chances that fraud and errors can be made by employees of Microsoft is possible. In order to gather enough information to assess fraud risk, we will have to conduct a risk assessment and identify the most common fraud risk namely are Fraudulent financial reporting and Misappropriate of assets within Microsoft Corporation. We will assess if there is any fraud committed on financial statements intentionally and any unauthorized access to the assets or theft of confidential information by looking at the risk related incentives/pressure, opportunity to commit fraud.  As for risk factors related to attitudes/rationalism, we will become more aware when performing audit field work. The risk assessment must be au-fait with the company policies and procedures. Such members of the risk assessment team include personnel such as;

•        Accounting/Finance Personnel, who have been familiarized with the financial reporting process and internal controls.

•        Nonfinancial business unit and operations personnel, to leverage their knowledge of the day to day operations.

•         Legal and compliance personnel

•        Internal audit personnel

This is to prevent any form of mismanagement of funds from employees and also to prevent the preparers of the financial statements from cooking the books of the agency. Assessing the likelihood and significance of each potential fraud risk is a subjective process and not all fraud risks have a significant impact on companies. E.g. petty fraud is hard to identify and the impact is insignificant.

Other information include that of regulatory and legal misconduct, as well as the impact of Information Technology on fraud risk should be kept strictly private and confidential and shared with the board or audit committee (if any), else it should be shared with the senior management.

After identifying the risk, we have to assess “them” to determine where Microsoft‘s most vulnerable to material misstatement due to fraud, the types of frauds that are most likely to occur and how those material misstatements are likely to be concealed by using our intuition, judgment and experience to look for patterns in the identified fraud risks and consider whether the identified risks are related to either specific accounts or transactions or to the financial statements as a whole. Once we can link the identified risks to a specific account (or the financial statements taken as a whole), we then can design and perform more effective procedures, when assessing information about potential fraud risks, consider the type, significance, likelihood and pervasiveness of the risk.

Form 10K, Item 1A, Risk Factors extracted; Microsoft INC is able to list down the potential risk that will have significant impact to the industry and lead to fraud that might be happening in the future, therefore their internal control will be able to map the relevant risk to relevant controls and reduce the inherent and control risk to the minimum although certain residual/audit risks will still remain including the risk of management’s might overriding established controls.

Although Microsoft Corporation has a good internal control, (mentioned in Step 6), Good internal control assumed to have proper authorization process, separate aggregation of duties within Microsoft  which leads to low detection risk, low inherent risk, low fraud risk but that does not mean “zero fraud risk”.  According to SAS 99, we have to presume that improper revenue recognition is a fraud risk and identify the risks of management override of controls is a fraud risk. It is because most of the vast majority of fraudulent reporting schemes involved improper revenue recognition and risk of management override is unpredictable. 

STEP 8 DEVELOP OVERALL AUDIT STRATEGY AND AUDIT PROGRAM

We will be performing the following activities at the beginning of the current audit engagement:

• Carry out procedures regarding the acceptance and continuance of client relationships and the specific audit engagement (ISA 220)
• Evaluate ethical requirements, including independence, and, for initial audits, communicate with previous auditors. (IFAC, Code of Ethics and ISA 220)
• Establish an understanding of the strategy and terms of the engagement. (ISA 210)

We have to consider Microsoft’s continuance and ethical requirements including independence as a conditions and changes in circumstances may occur. (Step 1, Audit Planning).

The purpose of performing preliminary engagement activities is to ensure that we have considered any events or circumstances that may adversely affect ability to plan and perform the audit engagement to reduce audit risk to an acceptably low level.

The overall audit strategy for Microsoft Corporation (Low Control Risk, Low Inherent Risk, High Acceptable Audit Risk, High Planned Detection Risk)

Phase 1: Initial Audit (time allocated 25% of total time allocated, including preparation)

• Inspection of Documents
• Observation of specific controls (Physical stock count and compare with master file)
• Re-performance of the controls

Objective: To check if the control is effectiveness, if yes, less substantive testing.

Phase 2: Perform Testing (time allocated 50% of total time allocated)

• Test of Transactions on Sales and Receivable cycle, payments and purchases cycle, inventory and warehousing cycle, acquisition and capital cycle.
• Test on Balances on Sales and Receivable cycle, payments and purchases cycle, inventory and warehousing cycle, acquisition and capital cycle.
• Perform Analytical Procedures by making observation
• Precede more on compliance testing to make sure that their internal controls are consistent and minimal fraud risk.

Objective: To check for any possible misstatements over financial reporting, if no, check for contingent liability and commitment.

Phase 3 & 4: Reporting & Closure (time allocated 25% of total time allocated)

• Re-perform Analytical Procedures on each cycle to have final review of the report
• Perform additional test for presentation and disclosure (Check if there is any contingent liability or commitment); contingent liability has to be disclosure while commitment has to be adjust.
• Accumulate final evidence
• Evaluate results (Qualify or Unqualified or Unqualified with explanatory notes or adverse/disclaimer)
• Issue audit report
• Communicate with audit committee and management

Any computers that assist audit techniques may be used to test automated controls or data, Reports produced by IT may be used to test the effectiveness of IT general controls. “SAS 80 (AU 326) and SAS 109 (AU 319) provide guidance for auditors of entities that transmit process, maintain, or access significant information electronically”. It is designed to satisfy transaction-related and balance-related objectives and each transaction cycle will likely be evaluated using separate set of audit program.

3,650 words

TIMELINE FOR COMPLETION OF AUDIT ASSIGNMENT

TIMELINE FOR AUDIT PROJECT

---

REFERENCE LIST

AICPA Auditing Standards Executive Committee, Statement on Auditing Standard No. 7 (AU 315), Predecessor- Successor Communications’, paras 03 to 07, American Institute of Certified Public Accountants.

AICPA. (2012). Terms of Engagement. The Financial Reporting Framework. Par. 06a (01), 101.

AICPA Auditing Standards Board, Statement of Auditing Standards No. 45, Related Party Transactions (AU 334), paras 7 to 10, American Institute of Certified Public Accountants.

AICPA Auditing Standards Board, Statement of Auditing Standards No. 99, Consideration of Fraud in Financial Statement Audit (AU 316), paras 2 to12, American Institute of Certified Public Accountants

Aren A.A., Elder, R. J. and Beasley, M. 2012. Audit and Assurance Services. 15th ed. England: Prentice Hall. pg231.

Aren A.A., Elder, R. J. and Beasley, M. 2012. Audit and Assurance Services. 15th ed. England: Prentice Hall. Businesses and Processes, pg236.

Aren A.A., Elder, R. J. and Beasley, M. 2012. Audit and Assurance Services. 15th ed. England: Prentice Hall. Perform Preliminary Procedures, pg241.

Aren A.A., Elder, R. J. and Beasley, M. 2012. Audit and Assurance Services. 15th ed. England: Prentice Hall. Procedures on Tests of Controls, pg330.

IFAC Handbook Technical Pronouncements 1998, International Standards on Auditing No. 1 (SMN200), Objective and General Principles Governing an Audit of Financial Statements, para 2, International Federation of Accountants, New York, 1998.

IFAC Ethics Committee, Code of Ethics for Professional Accountants, Relations With Other Professional Accountants in Public Practice, Section 13, para 14 to 26, International Federation of Accountants, New York, July 1998.

IFAC Handbook Technical Pronouncements 1998, International Standards on Auditing No. 2 (SMN 210), Terms of Audit Engagements, para 2, International Federation of Accountants, New York, 1998.

IFAC Handbook Technical Pronouncements 1998, International Standards on Auditing No. 30 (SMN 310), Knowledge of the Business (AU 8030), para 2, International Federation of Accountants, New York, 1998

John D. Gill, J.D., CFE, Research director for the Association of Certified Fraud Examiners, Fraud Examiners Manual, Association of Certified Fraud Examiners, 2007

Microsoft Incorporated Company. (2013). Form 10-K. Available: .

The Auditing Practices Board, Statements of Auditing Standards, Statements of Auditing Standards 450, Opening Balances and Comparatives, para 14, The Auditing Practices Board, March 1995.

United States Securities Exchange and Commission, Annual report of perusal on Section 13 or 15(d) of the Securities Exchange Act of 1934 for the fiscal year ended 30 June 2013, Form 10-K, Microsoft Corporation

United States Securities Exchange and Commission, Annual report of perusal on Section 13 or 15(d) of the Securities Exchange Act of 1934 for the fiscal year ended 30 June 2013, Form 10-K, Microsoft Corporation, Financial Statements and Supplementary Data, Part II, Item 8, page 60.

United States Securities Exchange and Commission, Annual report of perusal on Section 13 or 15(d) of the Securities Exchange Act of 1934 for the fiscal year ended 30 June 2013, Form 10-K, Microsoft Corporation, Financial Statements and Supplementary Data,  Part II, Item 8, page 54.

United States Securities Exchange and Commission, Annual report of perusal on Section 13 or 15(d) of the Securities Exchange Act of 1934 for the fiscal year ended 30 June 2013, Form 10-K, Microsoft Corporation, Part III, Item 10, Directors, Executive Officers and Corporate Governance, page 92.

United States Securities Exchange and Commission, Annual report of perusal on Section 13 or 15(d) of the Securities Exchange Act of 1934 for the fiscal year ended 30 June 2013, Form 10-K, Microsoft Corporation, Part 1, Item 9A, Controls and Procedures, Page 90.

United States Securities Exchange and Commission, Annual report of perusal on Section 13 or 15(d) of the Securities Exchange Act of 1934 for the fiscal year ended 30 June 2013, Form 10-K, Microsoft Corporation, Part 1, Item 1, Page 12.

United States Securities Exchange and Commission, Annual report of perusal on Section 13 or 15(d) of the Securities Exchange Act of 1934 for the fiscal year ended 30 June 2013, Form 10-K, Microsoft Corporation, Part 5, Item 15, Page 95.

Rick Hayes, Arnold Schilder, Roger Dassen, Philip Wallage (1999). Principles of Auditing, An International Perspective. England: McGraw-Hill. p147.

Rick Hayes, Arnold Schilder, Roger Dassen, Philip Wallage (1999). Principles of Auditing, An International Perspective. England: McGraw-Hill. P100.

APPENDIX TABLE & OTHER INFORMATION

---