ACCT 304 AUDITING

(1)

ACCT 304 AUDITING

AUDIT PLANNING & CONTROL

(2)

Preliminary Engagement Activities

• Auditors perform the following activities at the beginning of the current audit engagement:

– Perform procedures regarding the continuance of the client relationship and the specific audit engagement.

– Evaluate compliance with ethical requirements, including independence.

– Establish an understanding of the terms of the engagement.

Dr. Bedi Mrs. Welbeck and Mr. Donkor Slide 2

(3)

Audit Planning

• Auditors plan the audit so that the engagement will be performed in an effective manner.

• Planning an audit involves establishing the overall audit strategy for the engagement and developing an audit plan or an audit programme, in order to reduce audit risk to an acceptably low level.

• Planning involves the engagement partner and other key members of the engagement team.

• Planning is not a discrete phase of an audit, but rather a continual and iterative process that often begins shortly after (or in

connection with) the completion of the previous audit and

continues until the completion of the current audit engagement.

(4)

Planning Activities

• The Overall Audit Strategy

• The Audit Plan or Programme

• Changes to Planning Decisions during the Course of the Audit

• Direction, Supervision and Review

• Documentation

• Communications with Those Charged with Governance and Management

(5)

Steps in Planning the Audit

Obtain

understanding of client’s business

and industry

Perform analytical procedures

Make preliminary judgments about materiality levels

Consider audit risk Develop

preliminary audit strategies for

significant assertions

Obtain

understanding of client’s internal control structure

(6)

Audit Planning Considerations

• The constitution of the engagement team.

• The plan for the discussion among engagement team members.

• The analytical procedures to be applied as risk assessment procedures.

• The means for obtaining a general understanding of the legal and regulatory framework applicable to the entity and how the entity is complying with

that framework.

• The determination of materiality.

• The involvement of experts.

• The performance of other risk assessment procedures prior to identifying and assessing the risks of material misstatement.

• Performing further audit procedures at the assertion level for classes of transactions, account balances, and disclosures that are responsive to risk of material misstatements.

(7)

Importance of Audit Planning

• Adequate planning helps to ensure that appropriate attention is

devoted to important areas of the audit, that potential problems are identified and resolved on a timely basis.

• Planning the audit engagement ensure that it is properly organized and managed in order to be performed in an effective and efficient manner.

• Adequate planning also assists in the proper assignment of work to members of the engagement team.

• It facilitates the direction and supervision of members of the engagement team.

• It also facilitates the review of their work, and assists, where applicable, in coordination of work done by other auditors of components and experts.

(8)

Materiality – ISA 320

• It is the concept used for distinguishing the trivial from the important.

• The standard (ISA 320) explains a material item as;

‘an item of information, or an aggregate of items, is material if it is probable that its omission or misstatement would

influence the decision of users taken on the basis of the financial statements’

• Materiality has a role to play at two main stages of the

audit: the planning stage and the report stage.

(9)

Materiality – ISA 320

• There are two levels of materiality to be considered:

- At the overall financial statement level

- At the individual balances and classes of transactions

• There is an inverse relationship between materiality and the level of audit risk. The higher the materiality level, the lower the audit risk, and vice versa.

• At the planning stage, materiality level is set low to

reduce the risk of undiscovered misstatement

(10)

Materiality – ISA 320

• Auditor must use judgment to estimate what level of precision is important to financial statement users.

• Estimate may be based on prior history and/or projected financial amounts.

• Typical “rules of thumb”:

– 5% of pretax income.

– ½% of revenues.

– ½% of total assets.

– 1% of total equity.

(11)

Materiality – ISA 320

• An Item May Be Material if it;

– Arises from an item incapable of being measured precisely, or from an inherently imprecise estimate.

– Conceals a change in the trend in earnings.

– Hides a failure to meet analysts' expectations.

– Changes a loss into income, or vice versa.

– 0Concerns a significant segment of the firm.

– Affects compliance with regulatory requirements.

– Increases management compensation through bonus plan

arrangements.

(12)

Understanding the Entity and its Environment

• Understanding the entity means gaining knowledge of the entity.

• A good understanding of the entity allows auditor to form a good frame of mind about the engagement and about the nature of accounting and reporting.

• Auditors obtain an understanding of the entity and its

environment, including its internal control, sufficient to identify and assess the risks of material misstatement of the financial

statements whether due to fraud or error, and sufficient to design and perform further audit procedures.

• Obtaining an understanding of the entity and its environment is an essential aspect of performing an audit.

(13)

Benefits of Understanding the Entity

• Establishing materiality and evaluating whether the judgment about materiality remains appropriate as the audit progresses.

• Considering the appropriateness of the selection and application of

accounting policies, and the adequacy of financial statement disclosures.

• Identifying areas where special audit consideration may be necessary, for example, related party transactions, the appropriateness of management’s use of the going concern assumption, or considering the business purpose of transactions.

• Developing expectations for use when performing analytical procedures.

• Designing and performing further audit procedures to reduce audit risk to an acceptably low level.

• Evaluating the sufficiency and appropriateness of audit evidence obtained, such as the appropriateness of assumptions and of management’s oral and written representations.

(14)

Specific Areas

• Industry, Regulatory and Other External Factors, including the Applicable Financial Reporting Framework

• Nature of the Entity, including the Entity’s Selection and Application of Accounting Policies

• Objectives and Strategies and the Related Business Risks that may Result in a Material Misstatement of the Financial Statements

• Measurement and Review of the Entity’s Financial Performance

• Internal Control

(15)

INTERNAL CONTROL

(16)

Internal Control

Internal control is a process, effected by an entity’s board of directors, management, and other personnel, which is designed to provide reasonable assurance regarding the achievement of objectives in one or more categories:

–Strategic – high-level goals, aligned with and supporting its mission

–Operations – effective and efficient use of its resources –Reporting – reliability of reporting

–Compliance – compliance with applicable laws and

regulations.

(17)

COSO Framework

Committee of sponsoring organization of the Treadway commission. (COSO)

The original COSO framework was outlined in a document: 1992 COSO Report:

Internal Control – An Integrated Framework.

• This document identifies what the commission believed to be the fundamental and essential objectives of any business or government entity

• The purpose of the framework;

– Outlines a unified approach for evaluating internal control systems that management has designed to:

• provide reasonable assurance of achieving corporate mission, objectives, goals and desired outcome,

• while adhering to laws and regulations and

• allow the company to accurately report successes and outcomes to the public and interested third parties.

– serves as a common basis for managements, directors, regulators, academics and others to better understand enterprise risk management, its benefits and limitations, and to effectively communicate about enterprise risk management

(18)

Components of Internal Control

• According to COSO, internal controls consist of five integrated components;

– the control environment.

– the entity’s risk assessment process.

– the information system, including the related business processes, relevant to financial reporting, and

communication.

– the control activities.

– Monitoring of controls.

(19)

Audit of Internal Control

• Planning the scope of the work

• Obtaining an understanding of internal control

• Evaluating the design & effectiveness of internal control

• Testing the operating effectiveness of internal control

• Assessing internal control deficiencies and reporting on overall effectiveness

• Integrating the audit of internal control with the audit

of the entity’s financial statements

(20)

Quality Control

• Quality control refers to the maintenance of standards of quality of goods and services

• A system to provide reasonable assurance that

– the auditor complies with applicable professional standards and regulatory and legal requirements; and

– reports and other deliverables issued by the auditor is appropriate in the circumstances

• International Standard on Quality Control (ISQC) 1

(21)

Elements of a System of Quality Control

• Leadership Responsibilities for Quality within the Firm

• Ethical Requirements

• Acceptance and Continuance of Client Relationships and Specific Engagements

• Human Resources

• Assignment of Engagement Teams

• Engagement Performance

• Engagement Quality Control Review

• Monitoring

(22)

Evidence Gathering and Documentation

(23)

Concept of Audit Evidence

• It is all the information used by the auditor in arriving at the conclusions on which the audit opinion is

based.

• It includes all the information contained in the accounting records underlying the financial

statements.

• It includes all audit evidence obtained from audit

procedures performed during the course of the audit.

• May include evidence from previous audit

(24)

Identify Management Assertions/declarations

• Do you remember “COVERMP”

• Financial statements provide seven (7) main assertions;

– “C” represents Completeness – “O” represents Occurrence – “V” represents Valuation – “E” represents Existence

– “R” represents Rights and Obligations – “M” represents Measurement

– “P” represents Presentation and Disclosure

(25)

Identify Management Assertions/declarations

The use of Assertions in obtaining audit declarations

Assertions used could be; About classes of transactions and events

• that all transactions and events that should have been recorded have been recorded- completeness and occurrence

• amounts relating to recorded transactions & events have been recorded appropriately – measurement

• about account balances at the period end

– assets, liabilities & equity interests exist – existence

– assets & liabilities are included in the FS at appropriate amounts – valuation

– Assets, liabilities and equity are truly that of the organization – rights and obligations

(26)

Identify Management Assertions/declarations

• About presentation and disclosure

₋ Financial information is appropriately presented &

described, & disclosures clearly expressed – p resentation and disclosure

₋ all disclosures have been included in the FS -

completeness

(27)

Sufficient and appropriate audit evidence

• Sufficiency is a measure of the quantity of audit evidence.

The quantity of audit evidence is affected by the risk of misstatement. The greater the risk, the more audit

evidence that may be required.

• Appropriateness is the measure of the quality of audit evidence; ie its relevance and reliability in providing support for, or detecting misstatements.

The higher the quality of evidence available, the less the

evidence that may be required.

(28)

Sufficient and appropriate audit evidence

• A given set of audit procedures may provide audit evidence relevant to some assertions, but not others eg inspection of records and documents related to the collection of receivables after the period may provide

evidence regarding existence and valuation but not cut-off.

• The auditor often obtains evidence from different sources or of different nature relevant to the same assertion, eg analyzing aged accounts

receivable and subsequent collection to obtain evidence relating to the valuation of provision for doubtful debts.

• Obtaining an evidence relating to a particular assertion is not a substitute for another assertion, eg evidence for the assertion of

physical existence of inventory cannot be a substitute for valuation of inventory.

(29)

Evidence Gathering and Documentation

• Generalisation of evidence (Reliability of Audit Evidence)

– Audit evidence is more reliable when it is obtained from independent sources outside the entity.

– Audit evidence that is generated internally is more reliable when the related controls imposed by the entity are effective.

– Audit evidence obtained directly by the auditor (for example, observation of the application of a control) is more reliable than audit evidence obtained indirectly or by inference (for example, inquiry about the application of a control).

– Audit evidence is more reliable when it exists in documentary form, whether paper, electronic, or other medium (for example, a contemporaneously

written record of a meeting is more reliable than a subsequent oral representation of the matters discussed).

– Audit evidence provided by original documents is more reliable than audit evidence provided by photocopies or facsimiles.

(30)

Reliability of Certain Types of Audit Evidence

TYPE EXAMPLE

Most •Physical

•Documentary

Inventory Observation

–External

–External/Internal –Internal

Bank Confirmation Purchase Invoice Sales Invoice

Least

•Client Representations Letter of Representations

R EL I AB IL I TY

(31)

Audit Procedures for Evidence Gathering

• The procedure adopted must allow the auditor to

– Understand the business and its environment including risk – Test controls

– Detect material misstatements

(32)

Substantive Test

• It is the test of details of transactions/balances and analytical procedures performed by the auditor to detect material misstatements in the account balance, transaction class and disclosure components of financial statements

• Types of substantive testing procedures are:

– Inspection of Records or Documents – Inspection of Tangible Assets

– Observation – Inquiry

– Confirmation – Recalculation – Re-performance

– Analytical Procedures: analysis of significant ratios and trends of relationships that are inconsistent with other relevant information or deviates from predictable amounts

(33)

Risk Assessment Procedures

• Inquiries of management and others within the entity.

• Analytical procedures.

• Observation and inspection.

• Discussions among the engagement team.

(34)

TEST OF CONTROLS

• It is a test directed towards the design or operation of an

internal control policy or procedure to assess its effectiveness in preventing or detecting material misstatement in the financial statement assertion. Also referred to as compliance test.

– Employs internal control questionnaires,

– Examining reports on the controls usually by the internal auditor – Inspection of documents supporting transactions

– Walk-through tests- in this case the auditor will initiate a transaction to see how well the system of control works.

– Observations – Inquiries

(35)

Obtaining and Evaluating Audit Evidence

Obtain evidential matter through audit procedures

Tests of controls Procedures to obtain

understanding of internal control

structure

Substantive tests:

Analytical procedures Details of transactions

Details of balances

Evaluate for sufficiency and

competence

Disclaim or qualify opinion as

appropriate

Express unqualified, qualified, or adverse opinion as appropriate Reasonable

basis for opinion?

Dual Purpose tests

No Yes

(36)

Other forms of Evidence Gathering

• Management Representation

– If management refuses to provide a representation that the auditor considers necessary, this constitutes a scope limitation and the

auditor should express a qualified opinion or a disclaimer of opinion

• Attendance at Physical Inventory Counting

• Inquiry Regarding Litigation and Claims

• Valuation and Disclosure of Long-term Investments

• Segment Information

• Related Parties

• External confirmations

(37)

External Confirmation

• Audit evidence is more reliable when it is obtained from independent sources outside the entity.

• Audit evidence obtained directly by the auditor is more reliable than audit evidence obtained indirectly or by inference.

• Audit evidence is more reliable when it exists in documentary form.

• Audit evidence provided by original documents is more reliable than audit evidence provided by photocopies or facsimiles.

• Forms of External Confirmation

– Positive – Negative

• Uses of External Confirmations

– Bank balances and other information from bankers.

– Accounts receivable balances.

– Stocks held by third parties at bonded warehouses for processing or on consignment.

– Property title deeds held by lawyers or financiers for safe custody or as security.

– Investments purchased from stockbrokers but not delivered at the balance sheet date.

– Loans from lenders.

– Accounts payable balances.

(38)

Audit Documentation

(39)

Audit Documentation

• The auditor must prepare, on a timely basis, audit documentation that provides:

– A sufficient and appropriate record of the basis for the auditor’s report.

– Evidence that the audit was performed in accordance with the applicable legal, regulatory and professional

requirements.

(40)

Purpose of Audit Documentation

• Assisting the audit team to plan and perform the audit.

• Assisting members of the audit team responsible for supervision to direct and supervise the audit work, and to discharge their review

responsibilities in accordance with ISA 220, “Quality Control for Audits of Historical Financial Information”.

• Enabling the audit team to be accountable for its work.

• Retaining a record of matters of continuing significance to future audits.

• Enabling an experienced auditor to conduct quality control reviews and inspections in accordance with ISQC 1, “Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements”.

• Enabling an experienced auditor to conduct external inspections in accordance with applicable legal, regulatory or other requirements.

(41)

Nature of Audit Documentation

• Audit documentation may be recorded on paper or on electronic or other media.

• It includes, for example,

– audit programs – Analyses

– issues memoranda

– summaries of significant matters

– letters of confirmation and representation

– checklists, and correspondence (including e-mail) concerning significant matters.

– Abstracts or copies of the entity’s records, for example, significant and specific contracts and agreements, may be included as part of audit documentation if considered appropriate

• The file must be properly outlined and referenced

• Documentation is a continuous process

(42)

The Audit Risk Model

(43)

43

What Is Audit Risk?

• Audit risk is the risk than an auditor may issue an unqualified opinion on materially misstated financial statements

• The auditor assesses engagement risk first, then sets audit risk

• Audit risk is inversely related to engagement risk

– If the auditor accepts a client with high engagement risk

• The auditor must conduct a more rigorous audit

• The auditor does this by setting audit risk at a low level

– If the auditor accepts a client with low engagement risk

• The auditor will set audit risk at a higher level

(44)

44

Audit Risk & Materiality

• Audit risk and engagement risk relate to factors that might encourage someone to challenge the auditor's work

• For example, transactions that might not be material to a "healthy" company might be material to financial statement users for a company on the brink of bankruptcy

• The following factors help integrate the concepts of risk and materiality:

– All audits involve sampling and cannot provide 100 percent assurance – Auditors must compete in an active marketplace for clients

– Auditors need to understand society's expectations of financial reporting and the audit process

– Auditors must identify the risky areas of a business to determine which accounts are more susceptible to material misstatement

– Auditors need to develop methodologies to allocate overall assessments of materiality to individual account balances

(45)

45

The Audit Risk Model

• The auditor sets desired audit risk based on assessed engagement risk AR = IR x CR x DR

• AR = Audit Risk

• IR = Inherent Risk

• CR = Control Risk

• DR = Detection Risk

• The audit risk model allows the auditor to consider the following:

– Complex or unusual transactions are more likely to recorded in error than are simple or recurring transactions

– Management may be motivated to misstate earnings or assets – Better internal controls mean a lesser likelihood of misstatement

– The amount and persuasiveness of audit evidence gathered should vary directly with the likelihood of material misstatements

(46)

46

The Audit Risk Model

Inherent Risk - Susceptibility of transactions to be recorded in error

– Inherent risk is higher for some items:

• Complex transactions are more likely to be misstated than simple transactions

• Estimated balances more likely to be misstated than fact based balances

– The auditor assesses inherent risk

Control Risk - Risk client controls will fail to prevent or detect a misstatement

– The quality of controls often varies between classes of transactions – The auditor assesses control risk

(47)

47

Environment Risk - inherent and control risks combined

– Reflects the likelihood of material misstatements occurring

Detection risk - risk audit procedures will fail to detect material misstatements

– Relates to the effectiveness of audit procedures and their application

– Detection risk is controlled by the auditor and is an integral part of audit planning

– The level of detection risk set directly determines the rigor of the substantive audit work performed

The Audit Risk Model

(48)

48

Audit Risk Model

(continued) AR = IR x CR x DR

• Audit risk is set inversely to the assessed level of engagement risk

• After audit risk is set, the auditor assesses inherent and control (environment) risks

• The auditor sets detection risk INVERSELY to environment risk

– Example, if the auditor is examining transactions with high inherent risk, or weak controls, the auditor will set a low detection risk

• Low detection risk means a low probability of NOT detecting material misstatements

– To achieve low detection risk, the auditor will have to perform more rigorous substantive testing

– For example, larger sample sizes, more reliable forms of evidence, assign more experienced auditors, closer supervision, greater year-end (rather than interim) testing

The audit risk model shows that the amount, nature, and timing of audit procedures depends on the level of audit risk an auditor assumes, and the level of client- related risks

(49)

49

Audit Risk Model: Limitations

Inherent risk is difficult to formally assess

– Audit risk is subjectively determined

– The model treats each risk component as separate and independent when clearly, this is not the case

– Audit technology is not so precise that each component can be accurately assessed

Because of these limitations, many auditors use the audit risk model as a functional, rather than

mathematical, model

(50)

Auditors Considerations;

in the audit of small entities and of environmental factors

(51)

Considerations in the audit of small entities

• International Auditing Practice Statement 1005

• Characteristic of small entities

– Few sources of income;

– Unsophisticated record-keeping; or

– Limited internal controls together with the potential for management override of controls.

(52)

Planning Consideration for Small Entities

• Materiality

• Related parties

• Subsequent events

• Going concern

• Fairs values and disclosures

• Audit evidence

(53)

Consideration of environmental factors

• International Auditing Practice Statement 1010

• Environmental may affect the financial statements in the following areas:

– The introduction of environmental laws and regulations may involve an impairment of assets and consequently a need to write down their carrying value.

– Failure to comply with legal requirements concerning environmental matters, such as emissions or waste disposal, or changes to legislation with retrospective effect, may require accrual of remediation, compensation or legal costs.

– Some entities, for example in the extraction industries (oil and gas exploration or mining), chemical manufacturers or waste management companies may incur environmental obligation as a direct by-product of their core businesses.

– Constructive obligations that stem from a voluntary initiative, for example an entity may have identified contamination of land and, although under no legal obligation, it may have decided to remedy the contamination, because of its concern for its long- term reputation and its relationship with the community

– An entity may need to disclose in the notes the existence of a contingent liability where the expense relating to environmental matters cannot be reasonably

estimated.

(54)