Notesale: Turn your study into money

Document Preview

Extracts from the notes are below, to see the PDF you'll receive please use the links above

---

Chapter 3: Planning and risk assessment

Not-for-profit organisations

Auditing of not-for-profit
organisations (NFPOs)
NFPOs: the audit approach

The purpose of an audit plan
Professional scepticism
Introduction to ISA 300

Fraud and the role of the external auditor

Planning an audit

The auditor‟s responsibilities relating to fraud

Contents of overall audit strategy and audit plan

Types of fraud

Interim audit and final audit
Additional considerations in initial audit engagements

Auditor’s Risk Assessment Process

Planning and
risk assessment

Fraud

Fraud risk factors relating to misstatements arising from
fraudulent financial reporting and misappropriation of assets
Examples of circumstances that indicate the possibility
of fraud

Understanding entity and its environment
Understanding accounting and I/C systems
The F/S assertions

Procedures to identify risk of material misstatement
due to fraud

Understanding business
and materiality

Communications to Management and TCWG\

Risk and materiality
Risk-based approach to auditing
Materiality

Audit risk

Responses to assessed risks: ISA 330
The audit risk model
Exam technique: identifying risks

Arrangements to be made with the predecessor auditor (e
...
to review his working papers)
Any major issues discussed with management in connection with initial selection as in auditor,
communication of these matters to TCWG and how these matters affect the overall audit
strategy and audit plan;
Procedures to obtain sufficient appropriate audit evidence regarding opening balances
Other procedures required by firm's system of quality control for initial audit
(e
...
, involvement of another partner or senior individual to review planning activities)

Additional considerations in initial audit engagements

·
Who will perform the audit work?
(Staffing)
·
When will the work be done?
(Timing)

plan sets out answers to
three questions (the '3Ws)

The purpose of
an audit plan

Benefits of interim and final audit
Interim audit
and final audit

·
What work is to be done?
(The scope of the audit)

interim audit procedures
final audit procedures

Planning an audit
An attitude that includes a questioning mind, being alert to conditions
which may indicate possible misstatement due to error or fraud, and a
critical assessment of audit evidence
·
Auditor should view what they are told with a skeptical attitude, and
consider whether it appears reasonable and whether it conflicts with any other
evidence
...


Contents of overall audit strategy and audit plan

Benefits of planning

Professional
scepticism

ISA 300 requires auditor
Introduction to
ISA 300

Involvement of key engagement team members
Preliminary engagement activities
Planning activities
Documentation

Section 1

TOE = terms of engagement
STD = scope, timing and direction
NTE = nature, time and extent
ASAP = audit strategy and audit plan

The overall audit strategy:
devote appropriate attention to important areas of audit

Documentation

Any significant changes made in above documents during
the audit along with reasons

identity and resolve potential problems on a timely basis
Benefits of
planning

properly organize and manage the audit

The audit plan; and

Facilitating direction, supervision and review of audit work
charateristics of engagement that defines its scope

assignment of engagement team members & audit work

reporting objectives - timing of audit and nature of
communications required
Planning activities

involve whole engagement team
procedures regarding continuance of client relationship
understand TOE
establish overall strategy that sets S,T,D

professional judgement
results of preliminary engagement activities

ISA 300
requirements

develop audit plan which includes description of NTE

NTE necessary

Introduction to
ISA 300

Procedures regarding continuance of client
This will involve establishing whether auditor

documenets of overall ASAP

o is competent to perform the engagement
Involvement of
key engagement
team members

o can comply with relevant ethical requirements
o has the capabilities, including time and resources,
to do so;
o has considered the integrity of client; and

Engagement partner and other key members of engagement
team should be involved in planning the audit
Proper discussion among engagement team members
to enhance efficiency and effectiveness of planning process
...


Preliminary
engagement
activities

o significant matters arisen during the current or
previous audit
Evaluate compliance with relevant ethical
requirements, including independence
o Auditor should remain compliant with ethical
requirements during audit
o Auditor should establish appropriate safeguards
against non-compliance,
o Engagement partner will need to provide the firm
with relevant information about the engagement to
enable the firm to evaluate independence requirements
Establishing an understanding of terms of engagement (ISA 210)

Contents of overall audit strategy and audit plan

The Overall Audit Strategy – Matters To Consider

Characteristics of the
engagements

·
·
·
·
·
·
·
·

Financial reporting framework
Industry-specific reporting requirements
Expected audit coverage
Nature of business segments
Availability of internal audit work
Use of service organisations
Effect of information technology on audit procedures
Availability of client personnel and data

Reporting objectives,
timing of the audit and
nature of communications

·
·
·
·

Entity’s timetable for reporting
Organisation of meetings with management and TCWG
...


·
·
·
·
·
·
·
·
·
·

Determination of materiality
Areas identified with higher risk of material misstatement
...

Need to maintain professional skepticism
...

Significant industry developments
Significant changes in AFRF
Other significant recent development

·
·
·

Selection of engagement team
Assignment of work to the team member
Engagement budgeting

Significant factors, preliminary
engagement activities, and
knowledge gained on other
engagements

Nature, timing and extent

Section 1

Interim audit and final audit

Interim audit procedures

Final audit procedures

Understanding the entity, assessing IR and identifying significant
matters which will be reflected in the subsequent ASAP
Recording, evaluating the design and testing the entity's system of I/C
Performing substantive testing to ensure the books and records are
a sound basis for performing the final audit
...


·

Helps reduce demand for audit staff during ‘busy season’

·

Earlier identification of significant matters

·

Shareholders and other users receive audited accounts earlier

·

Increased audit efficiency

“The higher the risk of material misstatement, the more likely it
is that auditor may decide it is more effective to perform
substantive procedures nearer to, or at, the period end rather
than at an earlier date
...


Analytical procedures

previous year and graphing trends
Observation and inspection
relevant industry, regulatory and other
external factors, including AFRF
nature of the entity

O-NAAM

Understanding entity
and its environment

identify and assess
risks of misstatement

factors

selection and application of accounting
policies,
entity‟s objectives, strategies and
business risks
measurement and review of
entity's financial performance

obtain an understanding of internal controls
Internal audit function‟s its responsibilities, organizational status, and
activitiesperformed, or to be performed

Understanding
accounting and
I/C systems

previous knowledge of the client
Auditor should try to reach a judgement
about how strong (or weak) I/C to make
a decision about amount of testing that
should be carried out
...


Understanding business
and materiality

establishing communications with internal audit function can
facilitate effective sharing of info
Definition
Occurrence
Completeness

The F/S assertions

classes of transactions and
events related disclosures

COCA-PC

Accuracy
Cut-off
Classification
Presentation

Categories of
assertions

Existence
Rights and obligations
account balances and
related disclosures

RACE-PC

Completeness
Accuracy, valuation and allocation
Classification:
Presentation

Risk and materiality
Audit risk approach
Materiality

Definition: Assertions
Representations by management, explicit or otherwise, that are embodied in the financial statements, as used by
the auditor to consider the different types of potential misstatements that may occur
...

Issues to consider are
Areas where risk of misstatement (error) appear
to exist, and nature of risk
When an error should be considered material, and
when it may be ignored
What aspects of audit will be most difficult to plan
because of high risk of misstatement
...

Setting materiality levels
...

High risk/material items will be audited in detail, but low risk/immaterial
items will receive less attention

Section 2: Understanding business and materiality

Every item in F/S is tested and vouched to supporting evidence
Substantive
approach

Approach is still in use for small entities with few transactions
This approach leads to over-auditing

Audit risk approach

Systems
approach

accounting systems are tested with less emphasis on testing of individual
transactions and balances
may also lead to over-auditing as auditor would also be testing less risky areas

Auditor identifies risks at planning stage
Risk based
approach

Prepare Audit strategy and audit plan to focus those risky areas
Most firms now use a mixture of the audit risk approach and a systems-based
approach

Section 2: Understanding business and materiality

Definition

"Info is material if its omission or misstatement could influence economic
decisions taken on the basis of F/S
...
g provisions)
make economic decisions based on f/s info
At the planning stage
determine materiality for the F/S as a whole
...
g PBT, T
...
exp , equity etc)
following
requirements

set lower threshold for some areas (if required)
performance materiality
As the audit progresses

the auditor must revise materiality if he becomes aware of
info not known to him at time of setting materiality levels
Documentation

must include details of all materiality levels set and any revision
of these levels as the audit progresses
...
g liquidity risk disclosures for bank)

Performance materiality is an amount(s) set by auditor at less
than materiality for F/S as a whole to reduce probability that
aggregate of uncorrected and undetected misstatements may
exceeds materiality of F/S as a whole

Section 2: Understanding business and materiality

AR= audit risk
CR= control risk
DR = detection risk
TOC = test of controls
SAAE = sufficient appropriate audit evidence

Risk-based approach to auditing
maintain an attitude of professional scepticism
assigning experienced staff
At F/S level

use of experts
Incorporating additional elements of unpredictability

Responses to assessed risks:

changing nature, timing and extent of audit procedures
TOC and/or
At assertion level
substantive procedures
...


The audit risk model
CR

Evidence about CR can be obtained through'TOC'
TOC may provide SAAE to justify a reduction in estimated CR, for
the purpose of audit planning
DR can be lowered by carrying out more tests in the audit
...


Exam technique: identifying risks

Audit Risk:
Risk that auditor expresses an inappropriate audit opinion when F/S are materially misstated
Inherent Risk:
Susceptibility of an assertion to a misstatement that could be material before consideration of any related
controls
Control Risk:
Risk that misstatement that could occur in an assertion and that could be material will not be prevented, or
detected and corrected, on a timely basis by entity's internal control
Detection Risk:
Risk that procedures performed by auditor to reduce audit risk to an acceptably low level will not detect a
misstatement that exists and that could be material
Section 3: Audit risk: ISA 330

Fraud and the role of the external auditor
Communications to Management and TCWG\
The auditor‟s responsibilities relating to fraud

Fraud

Examples of circumstances that indicate the possibility
of fraud

Types of fraud

Procedures to identify risk of material misstatement
due to fraud

Fraud risk factors relating to misstatements arising from
fraudulent financial reporting and misappropriation of assets

Section 4: Fraud - ISA 240

It is primarily responsibility of management to establish systems and controls to
prevent or detect fraud (and errors)

The auditor‟s responsibilities relating to fraud

The objectives of the auditor are to identify and assess the risks of material
misstatement and to obtain sufficient appropriate evidence about those risks
through audit procedures
Material misstatement in F/S may arise from error or fraud
Auditor must respond appropriately to fraud or suspected fraud identified during
audit
...
by ISA's:
 unless the auditor has reason to believe the contrary, he may accept records and documents as genuine; and
 where responses to inquiries of management are inconsistent, the auditor shall investigate the inconsistencies

Section 4: Fraud - ISA 240

Types of fraud

Fraudulent financial reporting

FAMM

Manipulating, forging or altering accounting
records or supporting documentation
Misrepresentation or intentional omission from
F/S of events or transactions
Intentional misapplication of accounting principles
relating to areas of F/S
It often involves management override of controls
using techniques as

PEPS

Misappropriation of assets
Embezzling receipts

Stealing physical assets (eg inventory) or intellectual property
(e
...
business secrets),
Causing an entity to pay for goods and services not received
(eg, fake purchases)
Using an entity's assets for personal use
...

Concealing, or not disclosing, facts that could affect F/S
Engaging in complex transactions structured to misrepresent
the financial position or financial performance of entity
Altering records& terms of significant and unusual transactions

Irrespective of the auditor‟s assessment of the risks of management override of controls, the auditor shall design and perform audit procedures to:
(a) Test the appropriateness of journal entries recorded
 Make inquiries of individuals involved in the financial reporting process
 Select journal entries and other adjustments made at end of the period;
 Consider the need to test journal entries
(b) Review accounting estimates for biases
 Evaluate the judgements and decisions made by management
 Retrospective review of management judgements and assumptions of prior year

Section 4: Fraud - ISA 240

Make inquiries of management in respect of
Their assessment of risk of material fraud
Their process in place to identity and respond to such risk
Any specific risk identified or suspected
Any communication in entity in respect of fraud

Procedures to identify risk of material
misstatement due to fraud

Make inquiries of management and others within entity as to whether they have
any knowledge of any actual, suspected or alleged frauds
Make inquiries of internal audit
Evaluate any unusual relationships identified in performing analytical procedures
Evaluate information from other risk assessment procedures

Section 4: Fraud - ISA 240

Fraud risk factors relating to misstatements
arising from FFR and MOA

Incentive or pressure
May exist when management is under pressure, from sources outside or inside
entity, to achieve an expected (and perhaps unrealistic) earnings target or financial
outcome
Perceived opportunity
May exist when an individual believes internal control can be overridden due to his
position or has knowledge of deficiencies in internal control
...

Unsupported or unauthorized balances or transactions
...

Evidence of unauthorized employees' access to systems and records
...

(e
...
receivables growing faster than revenues)
Inconsistent, vague, or implausible responses from management or employees
Unusual discrepancies between the entity's records and confirmation replies
Large numbers of credit entries and other adjustments made to accounts receivable

Conflicting or missing evidence including:
Unexplained or inadequately
explained differences between

Accounts receivable sub-ledger and control account, or
Customer statements and accounts receivable sub-ledger

Missing or non-existent cancelled cheques
...

Missing electronic evidence, inconsistent with entity's record retention policies

Examples of circumstances that
indicate the possibility of fraud

Fewer or greater responses to confirmations than anticipated
Inability to produce evidence of key systems development and program change
testing and implementation activities for current-year system changes and
deployments
Denial of access to records, facilities, certain employees customers, vendors, or
others etc
Undue time pressures imposed by management to resolve complex or contentious
issues
Complaints by management about conduct of audit
Management intimidation of engagement team members
Problematic or unusual relationships
between auditor and management including

Unusual delays by the entity in providing requested info
Unwillingness to facilitate auditor access to key electronic files for testing through
CAAT
An unwillingness to add or revise disclosures in F/S to make them more
understandable
An unwillingness to address identified deficiencies in internal control on a timely
basis

Unwillingness by management to permit auditor to meet privately with TCWG
Accounting policies that appear to be at variance with industry norms
Others
Frequent changes in accounting estimates without reasonable justification
Tolerance of violations of the entity's code of conduct

Section 4: Fraud - ISA 240

If auditor has obtained evidence that fraud exists or may exist, he should
communicate with appropriate level of management (at least one level
aboveperson suspected)

Communications to
Management and TCWG

Sometimes it is also appropriate for the auditor to communicate with TCWG
regarding an actual or suspected fraud
...
g

---