Auditing summary - Lecture notes 1-12 PDF

Preview

Summary

notes...

Description

auditing exam advice: short questions: who is: *AASB Australian Accounting Standards Board (AASB) is an Australian Government agency that develops and maintains financial reporting standards applicable to entities in the private and public sectors of the Australian economy. * ASIC’s Australian Securities and Investments Commission’s (ASIC’s) role is to enforce and regulate company and financial services laws to protect Australian consumers, investors and creditors. The AASB uses a conceptual framework to develop and evaluate accounting standards. *FASB Financial Accounting Standards Board (FASB) is the independent, private-sector, not-for-profit organization based in Norwalk, Connecticut, that establishes financial accounting and reporting standards for public and private companies and not-for-profit organizations that follow Generally Accepted Accounting Principles (GAAP). *AUASB The Auditing and Assurance Standards Board (AUASB) is an independent, statutory agency responsible for developing standards and guidance for auditors and providers of other assurance services.*responsible for financial statements *who is responsible for financial statements Management is responsible for the preparation and presentation of appropriate accounts *auditor responsibility regarding financial statements. Auditors are responsible for reporting to company members on the directors’ financial report presented at the AGM. They say whether the financial report: is in accordance with the law, including compliance with accounting standards (s 296) provides a true and fair view (s 297).

*audit opinion Unqualified: financial statement are true and fair and in accordance with accounting standards. Qualified: financial statement are true and fair and in accordance with accounting standards, except for the effect of specific matter or matters. Issues describe in separate paragraph.

Disclaimer of opinion: auditor cannot reach an opinion overall on financial statements, therefore disclaims an opinion. Adverse opinion: financial statement are not present true and fair view and not in accordance with accounting standards.

*What exactly does an auditor do? An auditor is someone who prepares and examines financial records. They ensure that financial records are accurate and that taxes are paid properly and on time. They assess financial operations and work to help ensure that organizations run efficiently. *Who are the external auditors? External auditor. performs an audit in accordance with specific laws or rules on the financial statements of a company, government entity, other legal entity or organization, and who is independent of the entity being audited. *What is the responsibility of the auditor? The auditor has a responsibility to plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement, whether caused by error or fraud. 

What is the independent auditor?

An independent audit is an examination of the financial records, accounts, business transactions, accounting practices, and internal controls of a charitable nonprofit by an "independent" auditor *From AASB/IASB framework, the following four attributes of accounting information provide the basis for the audit function: relevance reliability comparability true and fair presentation. *More recent audit approaches: Financial risk approach The auditor considers relative financial risk and materiality in planning the audit, such that audit work is concentrated in areas where there is a higher risk of misstatement. Business risk approach (audit risk approach) As well as financial risk, the auditor considers business strategy, associated business risks and management’s plans to respond to changes in the business environment.  

*Who the auditor has an obligation to report to Auditor’s report is usually addressed to either the governing body and members. In addition to auditor’s report, auditor’s have reporting responsibilities to:

 management and the board of directors on anything prejudicial to the interests of shareholder  ASIC where there are reasonable grounds to suspect a significant contravention of the provision of the Corporations Act, or other contraventions that will not be adequately dealt with by comment in the auditor’s report or by notifying directors.

long questions: 1.what are the steps to select an audit. 2.audit risk model and how to use it? Definition Audit Risk is the risk that an auditor expresses an inappropriate opinion on the financial statements. Explanation Audit risk is the risk that an auditor issues an incorrect opinion on the financial statements. Examples of inappropriate audit opinions include the following: Issuing an unqualified audit report where a qualification is reasonably justified; Issuing a qualified audit opinion where no qualification is necessary; Failing to emphasize a significant matter in the audit report; Providing an opinion on financial statements where no such opinion may be reasonably given due to a significant limitation of scope in the performance of the audit. Model Audit Risk = Inherent Risk x Control Risk x Detection Risk Audit risk may be considered as the product of the various risks which may be encountered in the performance of the audit. In order to keep the overall audit risk of engagements below acceptable limit, the auditor must assess the level of risk pertaining to each component of audit risk. Components Explanation of the 3 elements of audit risk is as follows: Inherent Risk

Inherent Risk is the risk of a material misstatement in the financial statements arising due to error or omission as a result of factors other than the failure of controls (factors that may cause a misstatement due to absence or lapse of controls are considered separately in the assessment of control risk). Inherent risk is generally considered to be higher where a high degree of judgment and estimation is involved or where transactions of the entity are highly complex. For example, the inherent risk in the audit of a newly formed financial institution which has a significant trade and exposure in complex derivative instruments may be considered to be significantly higher as compared to the audit of a well established manufacturing concern operating in a relatively stable competitive environment.

Control Risk Control Risk is the risk of a material misstatement in the financial statements arising due to absence or failure in the operation of relevant controls of the entity. Organizations must have adequate internal controls in place to prevent and detect instances of fraud and error. Control risk is considered to be high where the audit entity does not have adequate internal controls to prevent and detect instances of fraud and error in the financial statements. Assessment of control risk may be higher for example in case of a small sized entity in which segregation of duties is not well defined and the financial statements are prepared by individuals who do not have the necessary technical knowledge of accounting and finance.

Detection Risk Detection Risk is the risk that the auditors fail to detect a material misstatement in the financial statements. An auditor must apply audit procedures to detect material misstatements in the financial statements whether due to fraud or error. Misapplication or omission of critical audit procedures may result in a material misstatement remaining undetected by the auditor. Some detection risk is always present due to the inherent limitations of the audit such as the use of sampling for the selection of transactions. Detection risk can be reduced by auditors by increasing the number of sampled transactions for detailed testing. Application Audit risk model is used by the auditors to manage the overall risk of an audit engagement. Auditors proceed by examining the inherent and control risks pertaining to an audit engagement while gaining an understanding of the entity and its environment. Detection risk forms the residual risk after taking into consideration the inherent and control risks pertaining to the audit engagement and the overall audit risk that the auditor is willing to accept.

Where the auditor's assessment of inherent and control risk is high, the detection risk is set at a lower level to keep the audit risk at an acceptable level. Lower detection risk may be achieved by increasing the sample size for audit testing. Conversely, where the auditor believes the inherent and control risks of an engagement to be low, detection risk is allowed to be set at a relatively higher level.

Example ABC is an audit and assurance firm which has recently accepted the audit of XYZ. During the planning of the audit, engagement manager has noted the following information regarding XYZ for consideration in the risk assessment of the assignment: XYZ is a listed company operating in the financial services sector XYZ has a large network of subsidiaries, associates and foreign branches The company does not have an internal audit department and its audit committee does not include any members with a background in finance as suggested in the corporate governance guidelines It is the firm's policy to keep the overall audit risk below 10% Inherent risk in the audit of XYZ's financial statements is particularly high because the entity is operating in a highly regularized sector and has a complex network of related entities which could be misrepresented in the financial statements in the absence of relevant financial controls. The first audit assignment is also inherently risky as the firm has relatively less understanding of the entity and its environment at this stage. The inherent risk for the audit may therefore be considered as high. Control risk involved in the audit also appears to be high since the company does not have proper oversight by a competent audit committee of financial aspects of the organization. The company also lacks an internal audit department which is a key control especially in a highly regulated environment. The control risk for the audit may therefore be considered as high. If inherent risk and control risk are assumed to be 60% each, detection risk has to be set at 27.8% in order to prevent the overall audit risk from exceeding 10%. Working Audit Risk = Inherent Risk x Control Risk x Detection Risk 0.10 = 0.60 x 0.60 x Detection Risk 0.10 = Detection Risk = 0.278 = 27.8% 0.36 Overview of the audit risk model 

Audit risk is the risk that the auditor will give an inappropriate audit opinion when the financial report is materially misstated.



Before issuing an opinion on the financial report, the auditor needs to reduce audit risk

to an acceptable level to ensure the opinion is reliable. Reducing audit risk 

An auditor reduces audit risk to an acceptable level by performing audit procedures until there is sufficient appropriate evidence for each assertion of each significant transaction class or account balance to provide reasonable assurance that the financial reports are not materially misstated.



The audit risk model focuses audit effort on those classes of transactions or balances (and the particular assertions) that are likely to contain material misstatements.

Components of audit risk (AR) There are three components (ASA 200/ISA 200): 1. Inherent risk (IR): Susceptibility of an assertion to material misstatement given inherent and environmental characteristics, but without regard to prescribed control procedures. 1. Control risk (CR): Risk that material misstatement might not be prevented or detected by internal control procedures. 1. Detection risk (DR): Risk that auditors’ substantive procedures will lead auditor to conclude no material misstatement exists when, in fact, one does. Risk of material misstatement Risk of material misstatement (RMM): Risk that financial report is materially misstated prior to audit. May exist at: 

overall financial report level for risks that relate pervasively to financial report as a whole and may affect many assertions (e.g. going concern risk)



assertion level for classes of transactions, balances and disclosures (ASA 200/ISA 200).

At assertion level, the RMM is a combination of inherent and control risk (inherently risky items will increase RMM, but this risk is reduced if proper controls implemented).

Reducing audit risk 

Auditors cannot change inherent risk.



Auditors cannot directly change control risk (can suggest changes to enhance control system for future periods). An auditor can obtain evidence to support an assessed level of control risk less than high (expect to rely on internal control) by examining control environment, risk assessment process, information system, control activities and monitoring of controls, and testing their effectiveness.

The auditor can alter the level of detection risk. Auditor can reduce detection risk and therefore audit risk by (ASA/ISA 200.A43): 

adequate planning



proper assignment of personnel to audit engagement team



application of professional scepticism



appropriate decisions on nature, timing and extent of audit procedures



effective performance of audit procedures and evaluation of results



supervision and review of audit work performed.

Business risk 

'Business risk' is defined as:

‘The risk that an entity’s business objectives will not be attained as a result of the external and internal factors, pressures and forces brought to bear on an entity and, ultimately, the risk associated with the entity’s survival and profitability.’



Requires extensive knowledge of client’s business and industry.

Types of audit test 

Tests of control



Substantive tests

Test of control 

An auditor performs tests of control to obtain evidence about whether the control activities of the internal control system are effective. Involves obtaining evidence about:  design of policies or procedures  operating effectiveness of these policies or procedures (implementation).



The tests are designed to provide evidence to support an assessment of control risk at a level below high (indicating reliance on the keys controls).

Substantive tests 

Performed on specific transactions and balances to see whether the dollar amount of an account balance is materially misstated.



These tests reduce detection risk.

Types of substantive tests 

Analytical procedures: involve the study and comparison of relationships between accounting data and related information.



Tests of details: obtaining evidence on the items (or details) included in an account balance or class of transactions:  substantive tests of transactions

 substantive tests of balances  substantive tests of disclosures.

3. how to use expert opinion and what you do before using expert opinion. Using the work of an expert or component auditor 

Given the complexity and highly specialised nature of many client operations, auditors often find they are unable to service clients effectively without specialist knowledge.



Experts can be internal or external to the audit firm.

Audit firms develop industry specialisations, have knowledge management systems supporting the specialisations and have employees designated as specialists by industry, function or technical area Ensuring that work by an expert is adequate An auditor should: 

assess capabilities and competence of the expert



assess objectivity of the expert



obtain an understanding of the work of the expert



evaluate the appropriateness of the work of the expert for the relevant assertion, by discussing or reviewing reasonableness of assumptions and methods used, considering relevance, completeness and accuracy of source data used, and considering consistency of expert’s work with results of other audit procedures.

Using the work of a component auditor 

Audit work for a client may also be undertaken by a number of different auditors (consider a consolidated entity with subsidiaries in many countries).



The principal auditor retains responsibility for the overall auditor’s opinion and must ensure the procedures used by component auditors are appropriate for the principal auditor’s purpose.

Use of expert: 

ASA/ISA 540.A96–A101 provides guidance for the consideration of whether specialised skills or knowledge are required.



If the valuation is undertaken by an independent expert, the auditor needs to be satisfied as to their skill, competence and objectivity.



The auditor vouches the valuer’s report, paying regard to the basis of valuation, and considers its appropriateness as a basis for determining the carrying amount of that class of assets in the financial report.

Types: 

ASA/ISA 700 covers the auditor’s responsibility to form an opinion on the financial report, and the form and content of unmodified auditor’s reports.



ASA/ISA 705 covers the types of modified opinions that can be issued:  qualified opinion  disclaimer of opinion, or  adverse opinion.



ASA/ISA 706 covers those situations where it is necessary to draw users’ attention to an issue by an:  Emphasis of Matter paragraph, or  Other Matter paragraph.

Circumstances giving rise to Emphasis of Matter 

ASA/ISA 706.A1 outlines circumstances in which Emphasis of Matter (EoM) can be issued:  uncertainty relating to the future outcome of exceptional litigation or regulatory action  early application of a new accounting standard that has a pervasive effect on the financial report in advance of its effective date, and

 a major catastrophe that has had, or continues to have, a significant effect on the entity’s financial position. 

Currently, approximately 90% of auditor’s reports in Australia containing EoM paragraphs relate to uncertainty regarding going concern status.

The management letter 

The management letter is a written communication between the auditor and management that is normally issued at the conclusion of the audit engagement.



This letter summarises the auditor’s recommendations resulting from their assessment of the entity’s business risk and inherent risk, and any recommended improvements in internal control.



The most critical discussions between the auditor and management concerns the form and content of the financial report.  If the accounting policies proposed by management differ materially from those the auditor believes are appropriate, an alternative presentation must be agreed on.

Additional communications in the auditor’s report: Emphasis of Matter 

In certain limited circumstances it is appropriate for the auditor to draw attention to or emphasise a matter that is appropriately presented or disclosed in the financial report and is considered relevant to users of the auditor’s report, but which, because of its nature, does not affect the auditor’s opinion.



The major examples would be where there is a disclosure in the notes to the financial report that the auditor considers to be complete and adequate, but important enough to bring to users’ attention.

Circumstances giving rise to Emphasis of Matter



ASA/ISA 706.A1 outlines circumstan...