Week 4 Audit planning and Client evaluation and audit risk assessment.pptx
toammel
24 views
55 slides
Oct 06, 2024
Slide 1 of 55
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
About This Presentation
Week 4 Audit planning and Client evaluation and audit risk assessment
Slide Content
Week 4 Audit Risk Assessment
Learning objectives Appreciate the importance of audit risk assessment and why it is linked to financial statement assertions. Explain the importance of business risks in audit planning. Describe the procedures performed by an auditor to assess risk. Appreciate the importance of internal control to an entity and to its independent auditors. 2
Learning objectives Indicate the procedures for obtaining and documenting an understanding of the entity’s internal control. Explain why and how a preliminary assessment of control risk is made. Explain the importance of the concept of audit risk and its three components. 3
Management’s financial statement assertions Existence or occurrence Assets or liabilities of the entity exist at a given date and whether recorded transactions or events have occurred during the period. Completeness Transactions, events and accounts that should be presented in the financial statement are included. Cut-off All transactions, events and accounts have been recorded in the correct period. 4
Management’s financial statement assertions Rights and obligations Assets represent rights of the entity and liabilities are the obligations of the entity at a given date. Valuation and allocation Asset, liability, components have been included in the financial statements at the appropriate amounts. Accuracy Transactions have been appropriately recorded in the proper accounts. 5
Management’s financial statement assertions Presentation and disclosure Particular components of the financial statements are properly classified, described and disclosed. Refer to the textbook Table 9.1, page 363, for illustrations of each of these assertions. 6
Business risk assessment A business risk approach allows the auditor to: Identify threats faced by the organisation. Recognises that most business risks will eventually have an effect on the financial statements. Increase the chances of identifying risks of material misstatements in the financial reports Categories of business risk: Financial risk Operational risk Compliance risk 7
Risk assessment procedures Enquiries Management, staff, internal auditors, company bankers, legal advisors. Analytical procedures Provide a broad indication of the likelihood of possible errors. Observations and inspections Inspection of manuals, visiting business premises, observing procedures taking place. 8
Importance of internal control The Committee of Sponsoring Organisations (COSO) of the Treadway Commission defines internal control as: a process, effected by an entity’s board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories : Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations 9
Management responsibility Management must establish and maintain the entity's control structure, which aids management by ensuring: irregularities are prevented or detected and corrected; assets are safeguarded; financial records are accurately reflected; adherence to management policies; operational efficiency is promoted that prevents; and unnecessary duplication of effort. Because of its inherent limitations, an internal control structure cannot be regarded as completely effective, regardless of the care taken in its design and implementation. 10
Auditor responsibility ASA 315 para 12 states that: The auditor shall obtain an understanding of internal control relevant to the audit The auditor’s understanding of the internal control is then used to plan the audit and to determine the nature, timing and extent of tests to be performed. The above has to be done in the context of the internal control structure as defined in ASA 315. 11
The internal control system Five components: Control environment Risk assessment processes Information system Control activities Monitoring controls (ASA 315 paragraph A58) 12
Control environment Sets the tone of the entity towards control consciousness and includes: Enforcement of integrity and ethical values example : setting the ‘tone at the top’ of the entity by demonstrating integrity and ethical behaviour. C ommitment to competence example : adequate knowledge and skills at every level in the entity 13
Control environment Participation by those charged with governance Management’s philosophy and operating style example : approach to taking and monitoring business risks. Organisational structure Assignment of authority and responsibility Human resource policies and practices example : screening prospective employees. 14
Risk assessment Risk assessment is the process used to identify, analyse and manage the relevant risks which may affect the achievement of the entity’s objectives, including the preparation of financial statements. 15
Risk assessment Key factors include for examp le: changes in the operating environment new personnel new or revamped information systems rapid growth corporate restructuring expanded foreign operations All of the key factors have inherent risks with potential adverse financial consequences. 16
Information systems and communication Information systems consist of procedures and records established to: initiate, record, process and report an entity's transactions maintain accountability for the related assets, liabilities and equity A major focus is that transactions are handled in such a way that financial statements are presented fairly in accordance with accounting standards. 17
Control activities Control activities are policies and procedures that help ensure that management directives are carried out to address risks that threaten the achievement of entity objectives. 18
Control activities (examples include) Performance reviews Information processing controls example : general controls and application controls over input, processing and output in a computerised system. Physical controls Segregation of duties example : ensuring that individuals do not perform incompatible duties such as banking cash and performing bank reconciliations. 19
Information Processing Controls General controls (apply to systems as a whole): Organisational controls Systems development and maintenance controls Access controls Data and procedural controls Application controls (input, processing and output controls) Segregation of duties Physical controls Performance reviews 20
Monitoring Monitoring is the process by which the entity monitors t he quality of internal controls over time Involves assessing the design and operation of controls on a timely basis and taking the necessary corrective actions Ongoing monitoring activities could include: internal audit; continual management review of exception and operation reports; and review/response to customer complaints. 21
Limitations of control Cost versus benefits Management override Non-routine transactions Mistakes in judgment Collusion Breakdown Changes in conditions 22
Understanding internal control Issues can include: Identifying the types of potential misstatements that may occur example: where to look for potential errors and fraud Understanding factors that affect the risk of material misstatement example: revenue recognition issues in some entities Designing further audit procedures example : assess adequacy of risk assessment procedures and plan tests of controls. Testing general and application controls in computerised systems. 23
Procedures to obtain an understanding Procedures can include: reviewing previous experience with the entity being audited inquiries of management, supervisory and staff personnel inspection of documents and records observation of the entity’s activities and operations transaction walk-through reviews to confirm documented understanding 24
Documenting the understanding Internal Control Questionnaire (ICQ) Consists of a series of questions about accounting and control policies and procedures the auditor feels are necessary to prevent material misstatements in the financial statements. Flow chart Is a schematic diagram that uses standardised symbols, interconnecting flow lines and annotations to portray the steps involved in processing information through the information system. 25
Documenting the understanding Narrative memoranda May be used to supplement other forms of documentation by summarising the auditor’s overall understanding of the information system or specific control policies or procedures. 26
Preliminary assessment of Control Risk ASA 315 paragraph 25: The auditor shall identify and assess the risks of material misstatement at the financial report level, and the assertion level for classes of transactions, account balances and disclosures. Purpose of preliminary assessment Assessment to obtain a reasonable understanding of controls in place decide on appropriate audit strategy so as to design a detailed audit program. 27
Process of assessing control risk Use professional judgement to assess the control environment. Assess the design effectiveness of control procedures and their ability to prevent or correct misstatements. Assess whether controls were effectively applied throughout the period under audit. 28
The audit risk model Audit risk is the risk that the auditor gives an inappropriate audit opinion when the financial statement is materially misstated. In setting the desired audit risk, auditors seek an appropriate balance between the costs of an incorrect audit opinion and the costs of performing the additional audit procedures necessary to reduce audit risk. 29
Audit risk components Inherent risk (ASA 200) The possibility that a material misstatement could occur in an assertion, either individually or when aggregated with other misstatements, assuming there are no related controls. Inherent risk exists independently of the audit of financial statements and thus auditors cannot change the actual level of inherent risk. As defined by auditing standards, inherent risk is confined to the risk of material misstatements. 30
Audit risk components Control risk (ASA 200) Is the risk that a material misstatement could occur in an assertion, either individually or when aggregated with other misstatements, and not be prevented, detected, or corrected on a timely basis by the entity’s internal control structure? Control risk is a function of the effectiveness of the internal control structure as good controls reduce risk. 31
Audit risk components Detection risk (ASA 200) Is the risk that an auditor’s substantive procedures will not detect any material misstatements that exist in an assertion, either individually or when aggregated with other misstatements. It is a function of the effectiveness of substantive procedures and their application by an auditor and thus is fundamental to the amount of audit work undertaken. The level of detection risk is controllable by the auditor through: appropriate planning, direction, supervision and review variation in the nature, timing and extent of audit procedures effective performance of the audit procedures and evaluation of their results 32
The relationships among risk components An auditor’s objective is to achieve an acceptably low level of audit risk, as is practicable. Recognising the cost of performing audit procedures, there is an inverse relationship between the assessed levels of inherent and control risks and the level of detection risk that the auditor can accept Auditors, although unable to control inherent risk (IR) and control risk (CR), can assess these risks and design substantive procedures to produce an acceptable level of detection risk, thus reducing the audit risk to an acceptable level. 33
The relationships among risk components The audit risk model provides a framework for auditors to apply in responding to these assessed risks through their choice of audit procedures. The audit risk model expresses the relationship between the components audit risk (AR) as follows: AR = IR CR DR I.e. Audit risk = Inherent risk Control risk Detection risk 34
The relationships among risk components Auditor’s Assessment of Control Ri sk High Medium Low Auditor’s Assessment of Inherent Risk High Lowest Lower Medium Medium Lower Medium Higher Low Medium Highest Highest 35
Non-quantified audit risk model Auditors may use non-quantified expressions for risk. This is consistent with the quantified audit risk model, in that the acceptable levels of detection risk are inversely related to the assessments of inherent and control risks. If the assessments of control and inherent risks are both high, then the acceptable level of detection risk will generally have to be very low. 36
Non-quantified audit risk model That is, the risk that the auditor’s substantive procedures will not detect material misstatements will need to be low — which means more substantive testing by the auditor Conversely, if an auditor’s assessment of control and inherent risks are both low, then the acceptable level of detection risk can be high, i.e. the auditor’s substantive procedures can be reduced. 37
Materiality Materiality underlies the application of auditing standards and thus has a pervasive effect in a financial statement audit.Auditors must consider materiality in planning the audit and evaluating the extent of material misstatements. AASB 1031 ‘Materiality’ and states that materiality means: that information which, if omitted, misstated or not disclosed, has the potential to adversely affect decisions about the allocation of scarce resources made by users of the financial report or the discharge of accountability by the management, including the governing body of the entity
Auditing Standard ASA 320 Materiality and Audit Adjustments, addresses materiality from an audit perspective. In auditing, materiality pertains to the extent of misstatements (uncorrected errors, erroneous disclosures or omissions) that exist in the financial statements. Auditors plan and execute audits with a reasonable expectation of detecting material misstatements. The assessment of what is material is a matter of the auditors’ professional judgment of the needs of the reasonable person relying on the information. There is an inverse relationship between materiality and audit risk. Where the auditor considers there is a higher risk of misstatement, materiality will be set at a lower level.
Quantitative guidelines AASB 1031 highlights the importance of professional judgment,characteristics of the entity, and perceptions of the likely users’ information needs in making a materiality determination. It also provides guidance to assist in determining materiality. The following guidance is provided: an amount that is equal to or greater than 10% of the appropriate base amount is presumed to be material. an amount that is equal to or less than 5% of the appropriate base amount is presumed not to be material. the materiality of an amount between 5% and 10% is a matter of judgment.
Qualitative guidelines Relate to the causes of misstatements or to misstatements that do not have a quantifiable effect. A misstatement that is quantitatively immaterial may be qualitatively material. Examples of qualitative misstatements are: an inadequate or improper description of an accounting policy; a failure to disclose a breach of regulatory requirements; a change in accounting method which is likely to affect materially the results of subsequent financial years; corporate fraud; and a related party transaction or event requiring disclosure.
Audit strategies The audit strategy taken is an important decision that significantly affects the detailed work performed in the audit. The interrelationship amongst evidence, materiality and the components of audit risk affects the auditor’s decision on the type of strategy chosen. If the auditor assesses that appropriate controls do not exist or are likely to be ineffective, then a predominantly substantive approach will be adopted. Substantive procedures are those that substantiate the amounts recorded in the financial statements. They are normally costly to perform.
A more efficient audit can be performed if controls are judged to be effective enough to enable a reduction in the level of substantive procedures undertaken. An audit strategy that relies on internal controls to support the use of a reduced level of substantive procedures is sometimes referred to as a lower assessed level of control risk approach. This is not a single strategy, but a range of strategies determined by the relative effectiveness of applicable control procedures (combined with assessments of inherent risk and materiality).
The auditor must make four separate decisions before adopting such a strategy, and each decision (except the first) must be supported by relevant evidence: Is it cost-effective to adopt a lower assessed level of control risk strategy? Are control procedures effectively designed? Are control procedures effectively operated? Do the results of substantive procedures confirm the assessment of control risk?
The relationship between strategies and transaction classes The strategies are not intended to characterise the approach to an entire audit. Represent alternative approaches to auditing individual assertions. Often, however, a common strategy is applied to groups of account balance assertions affected by the same transaction class. The rationale is that many internal controls focus on the processing of a single type of transaction.Double entry means that each transaction class affects two or more account balances. For example : sales transactions relate to accounts receivable in the balance sheet and to sales in the profit and loss account.
Audit evidence Audit evidence means information used by the auditor in arriving at the conclusions on which the opinion is based. It consists of: underlying accounting data; and all corroborating information available to the auditor. Underlying accounting data includes : books of original entry; general and subsidiary ledgers; and related accounting manuals. also includes informal and memorandum records, such as worksheets, calculations and reconciliations.
Corroborating information Documents such as cheques, authorisations for direct bank transfers, invoices, contracts etc. Confirmations and other written representations. Information from inquiry, observations, inspection and physical examination. All other information obtained or developed by the auditor.
The auditing standard pertaining to evidence ASA 500 Audit Evidence states: The auditor should obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the audit opinion. The standard specifies that ‘sufficient’ (enough), ‘appropriate’ (relevant and reliable), audit evidence should be obtained to provide a ‘reasonable’ (rational) basis for an opinion.
Sufficiency of audit evidence Relates to the quantity of audit evidence. Factors that may affect the auditor’s judgment of sufficiency include: materiality and risk; economic factors; and the size and characteristics of the population. In general, more evidence is needed for accounts that are material to the financial statements. Relates to the quantity of audit evidence. Factors that may affect the auditor’s judgment of sufficiency include: materiality and risk; economic factors; and the size and characteristics of the population. In general, more evidence is needed for accounts that are material to the financial statements. Appropriateness of audit evidence
Types of Evidence Analytical Confirmations Documentary Written Representations Mathematical Oral Physical Electronic
In arriving at a professional judgment of reasonable assurance, the auditor is guided by the persuasiveness of the evidence. Given that professional judgment is involved, different auditors will not always reach identical conclusions about the quantity and quality of evidence needed to reach an opinion on financial statements.
Audit procedures Auditing procedures are methods and techniques used by the auditor to gather and evaluate audit evidence. In selecting a procedure, the auditor must take care to balance the potential effectiveness of the procedure in meeting specific objectives against the cost of performing the procedure. Methods and techniques used by auditor to gather evidence Inspection Tracing Observation Vouching Enquiry Confirmation Analytical Procedures Re-performance
Classification of auditing procedures Auditing procedures are usually classified by purpose into the following categories: Procedures to assess risks which include obtaining an understanding of the internal control structure Tests of controls Substantive procedures
Tests of controls Provide evidence about the effectiveness of the design and operations of internal control structure and procedures. Substantive Procedures Provide direct evidence as to the fairness of management’s financial statement assertions. This category of auditing procedure consists of: analytical procedures tests of details of transactions tests of details of balances Analytical procedures involve the use of comparisons to assess fairness; e.g. a comparison of an account balance with the previous year’s balance or a budgeted amount .
Tests of details of transactions involve examining support for the individual debits and credits posted to an account. Examples include vouching the debits in accounts receivable to entries in the sales journal and supporting sales invoices. Tests of details of balances involve examining support for the closing balance directly. Examples include confirming accounts receivable directly with the customer.
Tags
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 24
- Slides 55
- Age 420 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
28 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
30 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
28 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
26 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
27 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
29 views