Auditing study notes - Investec PDF

Preview

Summary

Comprehensive Auditing study notes ...

Description

Auditing Study Notes

CONTENTS A. Audit Overview

B. Pre-engagement Activities

C. Planning the Audit

D. Risks

E. Audit Strategy

F. Tests of Control

G. Substantive Procedures

H. ISA’s

I. Computer Auditing

A.

Completion of the Audit 2

A. AUDIT OVERVIEW

1. ENGAGEMENT ACTIVITIES • Focus on basics (client investigation/skills and resources and engagement letter. • Engagement letter: o Responsibility of the auditor and client o Duty to report reportable irregularity • Bring in ethical requirements, acceptance of clients, leadership responsibility etc. 2. PLANNING i. Risks • MUST describe the risk-i.e. what could go wrongI

Overall Level Affects all your accounts

At Assertion Level Affects a specific account 1. Identify the account 2. Describe the risk in terms of what could wrong and over/under statement 3. Link to assertions

This has a direct impact on your audit approach • What are the significant risks at overall and assertion level • Are there controls in place that mitigate these identified risks

YES:

NO:

Control Testing

Substantive Testing

NB: It can be that you will perform detailed test of controls and the substantive procedures for one assertion. 3

E.g. Inventory: • •

Component 1: controls over pricing=test of controls (valuation) Component 2: no controls over pricing=substantive procedures (valuation) Audit Strategy

• •

Overall level What will majority of audit procedures be? Test of controls or substantive procedures

ii.

Audit Plan • • •

Specific assertions for specific accounts Nature Amount

Planning Materiality

Exam technique-step by step what to discuss: 1. Consider the stability of your indicators. If unstable do not use. 2. Compare actual vs. budget figures. If budget similar to actual use budget. 3. Consider whether the SFP or P/L is more reflective of the business and why. Consider your audit risks. List your major audit risks e.g. integrity of management, control environment and indicate where audit risk increases then materiality decreases. 4. Perform the calculation. 5. Conclude on your materiality figure. iii.

Audit Approach

Exam technique-step by step what to discuss: 1. 2. 3. 4. 5. 6.

It is different for different accounts/balances (STATE). Assess your inherent risk (risk around the business). Obtain an understanding of the internal control environment (controls in place or not?). What type of approach are you going to follow-Substantive Procedures or Test of controls? Why? Necessary/Adds value/ possible/cost effective. Consider the use of CAATS (compatibility/availability in terms of staff and computer time) If computers-ALWAYS mention CAATS. 7. Use of experts (must mention). 8. Computers: discuss that both computerized and manual controls will be considered (state). 9. Discuss the impact of the controls on substantive procedures (Increase/decrease) and whether they will be detailed or audit review procedures. Less detailed/more substantive. 3. CONTROL TESTING • •

You have to understand the flow of information before you test it. A key/significant control: o Something of audit importance o Address the specific assertions on specific accounts o Controls that we as auditors want to rely on

4

More difficult questions in a paper include: 1. Identify key/significant controls that you will test as part of your audit procedures. o Exam technique: look for key/significant controls and then thereafter write down all controls. 2. Identify the controls you will rely on for specific assertions (i.e. you will have to link the control to the specific assertion that it relates to). • •

Remember that the consequences of a control weakness is a RISK, unless there are compensating controls. Remember the direction in which you are testing-you might identify a control for the opposite direction in which case it is useless for your purposes. Look for this especially when you are evaluating the working papers of somebody else.

Standard Controls (ALWAYS write down as they apply in every scenario-these are easy marks and should NEVER be lost) • • • • • •

Segregation of duties Management attitude towards controls Authorization of transactions Supervision and review Stationary controls Physical/safeguarding controls

4. APPROACH 1. Identify the accounts involved. 2. Determine the primary and secondary assertions (you want to focus your discussion on the primary assertions). 3. Prepare a reconciliation for the identified account and audit each part of it (OB/Movement/CB). 4. Must make your solution relevant to the specific questions that you are answering. 5. Link to CAATS. •

•

Using a CAAT to do substantive procedures is exactly the same as manual substantive procedures-you will just use the system to pull the required information for you. Generate a report showing movements.

Inventory with CAATS: • Generate a report of : o items not sold within past 6 months (slow moving) o cost price of stock o NAV of all stock items and compare to holding price o Exception report 5

5. COMPANIES ACT/ETHICS AND CORPORATE GOVERNANCE These sections need to be studied in detail! a) Companies Act and the link to substantive procedures • Audit compliance with the Act o Decisions (inspect minutes) o Authorization (inspect minutes) o Specific requirements (special resolution/court approval etc.) • Normal substantive procedures o Confirm/enquiry/inspection o Re-calculate o Recorded correctly in the AFS/registers o Disclosure is correct in terms of IFRS • Standard substantive procedures o Obtain management rep letter o GL=TB+AFS b) Corporate Governance • If a meeting takes place focus on the following: o Composition of the committee o How often they meet, is this correct? Look at dates o When they meet, is this correct? o What do they approve; do they have the authority to do that? o What should they be doing? Criticize 6. GENERAL EXAM TECHNIQUE •

• • • •

Use of colours when reading separates information in a manner that makes everything more manageable (risks/controls & weaknesses/Companies Act, Corporate Governance, ethics/procedures). Always write down the obvious things first. NEVER lose these easy marks! Remember to use diagrams to understand flows of documents and movements in account balances. Read the required carefully. You MUST spend time on auditing-on both exam technique/theory as well as doing questions.

6

B. PRE-ENGAGEMENT ACTIVITIES Reason for performing pre-engagement activities: • • • •

Legal liability for the auditors. Reputational risk. Can we offer a quality audit? Is there compliance with regulations, statutory requirements and ethics?

Sources to gather information: • • • • • •

Previous auditors Enquire from client Enquire from 3 rd parties Enquire from other auditors in the industry Press or media Back ground checks

Engagement acceptance procedures: Quality control for the firm • • • •

Partner has to perform the client screening and make decision to accept . Must have ethical conduct (integrity, objectivity, independence and professional behaviour) – e.g. audit fee. Policies and procedures – client acceptance (legal exposure/reputation/ high risk clients/client’s integrity). Independence of entire audit team (not only audit partner).

Quality control at the audit level • •

Partner must take responsibility for quality (partner must make a decision to accept). Independence: (Describe in detail: threat, safeguard etc.): o Self-interest: (audit fee maybe be too low to offer quality audit). o Self-review: (conflict in management function). o Familiarity threat: (long-time audit), also need to consider management’s expectations based on previous audits.

Perform a client investigation (NEW CLIENTS): Audit Level • •

Conflict of interest arising from other clients. Consider client’s integrity and business standing/risk: (ISQC 1 Par 29) o Nature of operations. o Communication with 3 rd parties (not only client). o Attitude of client. o Solvency level or future plans (takeovers, listing, cut backs). o History of law suits. o Inappropriate scope limitation – (consider limitation to gain access to group auditors working papers). 7

o o o o o o o o o o o

Difference of opinion with previous auditors. Reliance on other auditors or previous auditors. Any qualifications in prior years. Opinion shopping. Going concern. Fraud and error. JSE listed. Group structure of client. Control environment. Aggressive management style and accounting policies (may create risk of reportable irregularity). Compliance with Corporate Governance and Companies Act.

•

Consider Previous auditors competence and integrity: o Did not qualify the audit. o Did not report a Reportable Irregularity. o Non-compliance with quality control. o What are the effects on opening balances? o Confidentiality breaches. o Client uses their bank account. o No communication with us (current auditors). o Effect on prior year misstatements.

•

Vacancy available o Companies Act Sec 278 ! Removed at AGM. ! Special resolution. ! Special notice. ! No Reportable Irregularities. ! Existing auditors legally resigned & completed the statutory forms. o Otherwise there is no vacancy available Audit Fee o IRBA rules on fees. o Client willing/able to pay audit fee on time. o Link to going concern. o “Other services” in fee not allowed.

•

•

Determine if there is any professional reason not to accept the engagement – discuss with previous auditors: Procedures i.r.o CPC: o Enquire from management if auditor had been informed of the intention to replace him. o Obtain client’s permission to contact previous auditor. o Contact the auditor and enquire if professional reason not to accept the audit exists (in writing and place on file). o If auditor doesn’t respond within a reasonable period, write another letter in which request is repeated together with a statement that if he fails to respond it will be assumed that there is no reason not to accept the engagement. o If client doesn’t give permission then refuse the engagement.

8

Knowledge and skills •

•

• • •

• • •

Consider whether we have necessary: o Knowledge and skills (including IT skills), o Staff and time, o To offer a decent service and obtain reasonable assurance. Consider if we have experience in the industry: o Client listed overseas o US GAAP o Sarbanes Oxley Consider if we have resources and experience to evaluate CIS. Consider reliance on other auditors and experts. Compliance with ISA 620 o Consider whether reliance is justified. o Engagement conditions. o Procedures to review the work. Audit deadline can be met. Feasibility of the audit (no prior year working papers, reliance on opening balances). Knowledge on reporting requirements.

Conditions of the engagement: •

•

Upon accepting the engagement we should have confirmed the engagement and conditions per the engagement letter: o State the auditor’s responsibilities (type of engagement); o State the clients’ responsibilities; o Specify if any additional services are to be performed; o Responsibility for reporting a Reportable Irregularity if it were to arise; o Must be signed and dated. If use group letter (foreign company) remember Reportable Irregularities and Co’s Act and APA re limitation of liability might differ.)

Existing clients: • •

Conflict of interest Independence o Additional risks: Changes in ownership/management, litigation status, business practices.

Review engagements: •

The following potential misunderstandings need to be considered: o Level of assurance o Materiality o Inappropriate criteria o Rights to access of information o Confidentiality

9

C. PLANNING THE AUDIT OVERALL 1. Obtain an understanding of the entity and its environment: • Procedures: o Inquiries of management o Analytical procedures o Observation and inspection 2. Obtain an understanding of the accounting information and internal control system: • • • •

Procedures:

Control environment Entity’s risk management process The accounting information system Monitoring of controls

• • • • •

System walk through Enquiry Inspection Observation Prior year work papers

3. Identify and assess the risk of material misstatement at overall financial statement level: 4. Set Materiality: • Quantitative: Turnover 0.5% - 1% Gross Profit 1% - 2% Net Income 5% - 10% Total Assets 1% - 2% Equity 2% - 5% • Which numbers should be used? o Budget vs actual o Income statement vs balance sheet • Qualitative o Control environment o Integrity of management o Statutory requirements o Effectiveness of IC o Appropriateness of accounting policies o Problems and errors in prior year o Possibility of illegal transactions 5. Formulate an overall audit strategy: • Impact of Internal Controls on Substantive Procedures Can Rely Nature More analytical Timing Spread over year/early verification Extent Less

10

Can’t Rely More detailed Year-end/ no early verification More

• Nature: HOW? o Tests of control (TOC) ! Inspection, observation, inquiry, recalculation, re-performance ! Circumstances Reliance on Internal control SP aren’t enough Large volume of transactions Computer system (no audit trail) Complex system Cost effective o Substantive Procedures (SP) ! Detailed: Inspection, observation, inquiry, re-performance, recalculation and confirmation ! Analytical procedures • Timing: WHEN? o TOC – cover the whole period of reliance ! Consider length of period before retesting • Weak environment • Changes in controls ! Must test every 3 rd year o SP – mainly at year end ! If performed before then further tests and TOC must be performed • Extent: HOW MANY ITEMS? o TOC rely on: ! Frequency of control procedure ! Extent of reliance ! Length of time of audit reliance o SP big enough to: ! Limit detection risk & substantiate the audit opinion • Co-ordination o Client specific issues: ! Number of locations ! Staff availability ! Travel and housing o Dates/timing o Engagement team specifics: ! Experience, number of personnel ! CAATS ! QC requirements o Areas that need special attention ! Related parties ! Using work of expert, IA etc. o Communication with entity o Going concern o Previous audit findings and recommendations SIGNIFICANT ACCOUNTS: 1. Identify significant accounts and classes of transactions: • Quantitative materiality • Qualitative characteristics 2. Identify and asses risks of material misstatement: • Perform risk assessment procedures o Enquire of management 11

o Analytical procedures o Observation and enquiry o Test of internal controls 3. Set audit strategy specifically for that balance: • Audit approach: o Nature, Timing, Extent • Admin and organization o Inventory counts o Expert etc.

12

D. RISKS Audit: Risks Type of questions: 1. Identify the risks: a) At the overall financial statement level: • • • •

Think Fraud & Error Management integrity Disclosures Overstatements

b) At the assertion level: Think of issues to that specific account: • Legal • Statutory (allowed/authorized?) • Presentation & Disclosure • Accounting issues (1 st time using IFRS, give more detail here, think on both sides of the account-expense AND liability)

List of typical risks to look out for: 1. JSE (Listed, strict requirements) 2. New audit (inexperience with client) 3. Nature of the business (risky) 4. Going concern (ability?) 5. Tight deadline (pressures to overlook important risks) 6. Legal liability (affect going concern, undisclosed provisions) 7. Related party (transfer pricing, IAS 24 disclosure requirements met, consolidation accounting etc.) 8. Manipulation 9. Decentralized records 10. Control environment 11. Integrity 12. Fraud and error 13. Litigation 13

14. CIS (Computer Information Systems) Risks 15. Non-compliance with laws 16. Reportable irregularity 17. Non-compliance with IFRS 18. Change in year end 19. Holding company-Foreign Company 20. Foreign bank account 21. Listing on NYSE 22. Financial Services 23. Group (Consolidation process, related party transactions, Reliance on other auditors, intercompany transactions, Subsidiary’s ability to continue as going concern, CIS system) 24. New IT systems (controls, testing, balances transferred, unfamiliar, feasible, Back-ups, management involved, Going concern. Solvency) 25. Outsourcing What decreases Risks? 1. Competent Management 2. Commitment to controls 3. Compliance with law and regulations 4. Effective internal audit 5. Long term auditors=familiarity 6. Early verification-deadlines

14

Risk Trigger/Indicator The company is listed

New audit engagement

Nature of the business (state the naturepeg: IT related)

Risk-what could go wrong? • Strict JSE listing requirements –May lead to overstatement of revenue/assets to meet these requirements • IFRS compliant? • Not familiar with business-management take advantage of this lack knowledge • Opening balances may be misstated (name the accounts) • Not material in the prior year but cumulative effect and other misstatements may be material • Reliance on prior auditors • Competitive • Affected by the economy • Luxury items? • Increase in interest rates • Forex exposure • Low profit margins • Revenue complexity

Going concern

• •

Strict audit deadline

• •

Risk of legal liability (S 46 of APA) Manipulation of AFS due to take-overs etc.

• • • • •

Decentralized records and processing (controls)

• • • • •

Control environment is weak

• • • • • • •

Integrity of management

15

Losses, cash flows, working capital, 3 rd party reliance Financial losses: forex, impairment, gearing, illegal dividends Undetected subsequent events Understatement of provisions and creditors because might not be on time SAY why? Say howpunder/over statement Directors % of shares (link to IFRS 2) Related party transaction risk Manipulation of results due to performance evaluations=overstatement Difficult to audit Rely on other auditors Scope limitations Loss of documentation Non-compliance with the Companies Act (risk of reportable irregularity) Management is not committed to controls Segregation of duties Poor management styleautocratic/aggressive etc. Unwilling to adjust financials Importance of IT Dealing in illegal transactions Won’t adjust financials

Risk of fraud and error

• • • • • • • • • • • •

Litigation

Risks relating to Computer Information Systems (CIS)

• • • •

Companies Act contravention Corporate Governance concerns Risk of non-compliance with IFRS

• • • • • • • •

Change in year-end

Holding company is a foreign company

• • • • • Foreign Bank Account

• • • • • • • • •

Listing on NYSE

Group Audit

Financial Services

• • 16

Segregation of duties Non compliance with IFRS (say whyp) Work pressure Reliance on 3rd parties Incorrect accounting treatment Provisions not made Loss of data during conversion Staff not trained Not functioning correctly Integration of systems General computer controls weak Outsourcing-have to rely on a 3 rd party, difficult to test Decentralized (reliance on IT) Lack of physical...