Q1. A. Plan & Risk Ass - ACCA AAA PDF

Preview

Summary

ACCA AAA...

Description

ISA 315 Identifying and assessing the risks of material misstatement through understanding the entity and its environment identifies the main aspects of a client's business that must be considered in gaining an understanding of the company and its environment. This process is crucial to an auditor's assessment of the audit risks that it then seeks to reduce to an appropriate level during the audit. Industry, regulatory and other external factors: For instance, some industries require businesses to carry specific levels of capital (such as 'bonded' travel agents). An auditor would need to gain knowledge of these regulations to assess their impact on the audit. This could also affect audit planning. If a client operates in an industry with unusual accounting treatments (construction or insurance, for example), it would be wise to choose an audit team with experience of that industry. (2) Nature of the entity. An auditor must understand the legal structure of the entity (company or group). Complex ownership structures might increase the risk of misstatement – for instance if subsidiaries' results are not consolidated correctly. (3) Selection, application and reasons for changes of accounting policies. An auditor must understand the entity's accounting policies together with the reasons for them being selected. This would include consideration of whether or not they are in line with the applicable financial reporting framework. (4) Objectives, strategies and related business risks. Business risks are the risks that the company may not achieve its objectives. The main way this affects audit risk is that if there is a high risk of the company failing to meet its objectives (or if it adopts a risky strategy to try to meet them), there is a risk that the company may not be a going concern. Any financial statements prepared on the going concern basis would then be likely to be misstated. (5) Measurement and review of the entity's financial performance. The auditor should understand how the entity's performance is assessed, because management could seek to manipulate the results so that it looks like the company is doing better than it is. This might trigger bonus payments, for example. (6) Internal control. This is an absolutely crucial area in assessing audit risk, as the auditor may seek to place reliance on the entity's internal controls. The assessment of control risk would have a direct effect on audit strategy. This would include assessing the entity's control environment. ii) Procedures recommended (1) Inquiries of management. This would usually be the first place to start – management should be the best people to give the auditor information on the aspects of the company and its environment referred to in ISA 315. The auditor could also consult others, such as an internal audit department. (2) Analytical procedures. It is crucial to perform analytical procedures to gain an understanding of the major areas of the financial statements, as well as the dominant trends and anomalies (in financial information, and between financial and nonfinancial information). This will allow the auditor to assess the areas where there is a higher risk of material misstatement. (3) Observation. Observing internal control activities, for instance, could help to cement the auditor's understanding of how they operate. (4) Inspection. Documents such as business plans or internal control manuals may contain valuable information on how the entity operates. Inspecting these would supplement the inquiries already made of management. ii) Critical evaluation of audit plan The notes provided indicate that the audit has not been planned in line with the requirements of ISAs. Ethics – long association The IESBA Code of ethics states that a familiarity threat to independence may arise with longstanding audit clients. This appears to be the case here, as some analytical procedures have not been performed because of past experience with the client. It may be necessary to implement further safeguards to reduce this threat to an acceptable level. Analytical procedures The need for analytical procedures must be reviewed each year in line with the requirements of ISAs, including the need for procedures not done in previous years. No procedures have been performed on the statement of financial position, on the basis that there did not appear to be any significant movements. This is not an adequate reason for not performing more detailed procedures, but is in fact just an inadequate procedure itself. It may be the case that, given other changes in the accounts, movement would be expected in assets and liabilities, so 'no movement' is not in itself a sign that nothing is wrong. 220 Forecast accounts: Forecast accounts have been placed on file, but it is not clear if any procedures have been performed using them, for example to assess the adequacy of the going concern basis. Discussions have been held with management, but it is not clear whether the forecasts have been assessed in the light of these discussions. Controls testing: Management said there were no changes to internal controls in the year, but no walkthrough tests

were performed to verify whether this is in fact the case. Walkthrough tests should have been performed to ascertain whether controls are operating as described. The auditor is effectively relying on previous years' audit work which showed that the longstanding controls were adequate in the past. However, they may no longer be suitable. ISA 315 Identifying and assessing the risks of material misstatement through understanding the entity and its environment requires that the auditor obtain an understanding of the entity's internal controls. This has not been done here. Business risk: Business risk has been assessed as low on the basis that all divisions are 'operating normally'. However, ISA 315 requires that the auditor obtain evidence of the specific objectives and strategies of the entity, and of its performance in relation to these objectives. This does not appear to have been done. ISA 315 states that business risks need to be identified in relation to financial reporting. Without assessing specific business risks, this cannot be done. Moreover, past performance is not necessarily a guide to the future. No assessment appears to have been done of the business environment and of the risks it may pose to the entity. Risk assessment (material misstatement): ISA 315 requires that the risks of material misstatement be assessed both at the financial statement level and at the assertion level. No risk assessment appears to have been carried out at the assertion level. Property valuation/stage of completion: It is right that an expert be engaged to provide evidence regarding property valuations. In previous years this was an auditor's expert, this year it is a management's expert. ISA 500 Audit evidence requires that the competence, capabilities and objectivity of the management's be assessed. This has not been done here. The architect is newly qualified, which may cast doubt over whether she has sufficient experience and competence to do this work. The architect is employed by the entity, which according to ISA 500 is an indication that she may be less objective than if she were engaged for a specific task. Furthermore, there is a risk that the business owners, who intend to sell the business, may seek to inflate the valuations in order to achieve a better price on the sale. Therefore the architect's work cannot be relied upon for the purposes of the audit. An auditor's expert should be engaged to provide independent valuations. Office space rent: The IESBA Code of ethics states that gifts and hospitality may create a self-interest threat to independence. Suki & Co must assess the nature, value and intent of the offer. The fact that the rent is of a nominal amount means that the effective value of the gift is likely to be substantial. The intent is not clear, but it could be considered a bribe, given in the hope of obtaining an unmodified audit opinion before the sale of the company.1The offer should therefore be declined. Conclusion: The audit has been inadequately planned, and fails to meet the requirements of ISAs. There are also a number of ethical threats to Suki & Co's independence. Actions include possible further training for Tara Lafayette, and a reconsideration of the firm's ethical safeguards in place regarding long association with audit clients.

Materiality ISA 320 Materiality in planning and performing an audit requires that materiality be considered at all stages of an audit, and revised as necessary. Therefore fixing materiality at the planning stage would mean that Maple & Co's audits do not comply with ISAs. It is true that a higher materiality threshold would, all things being equal, result in smaller sample sizes and less audit work. However, materiality is a matter of judgement; the same materiality threshold cannot just be applied to all audits, since the circumstances of each engagement will be different. If inherent risk is higher, for instance, then it is likely that materiality will be set lower in order that audit quality remains consistent. Moreover, materiality reflects the level of audit engagement risk being taken on. Raising the materiality threshold in general would mean taking on more risk, and therefore reducing audit quality. Revising materiality: Auditors must reassess materiality if they become aware of new information that would have resulted in a different materiality level being set at the planning stage. Planning materiality is likely to have been based on draft financial statements, but during the course of the audit it could become clear that the final financial statements will be substantially different. For example, the carrying amount of assets held at fair value could be much lower than originally expected, which would affect the amounts in the statement of financial position. In that case, the auditor would need to set materiality again, on the basis of the actual results and position. Alternatively, something could happen during the audit, e.g. the client could decide to dispose of a subsidiary. This could change the appropriate materiality level, as well as performance materiality. The auditor should take this into account and revise materiality. Training: It is a requirement that qualified members are professionally competent to perform their work, which in an audit department means being up to date with the latest professional developments. Cutting CPD spending would make it harder to do this. Moreover, if staff are not up to date with the latest developments then it is likely that audit quality will be reduced, as they may not be fully aware of what is required of them. Cutting spending on the training of junior staff is not in itself a problem, however; staff must be competent to perform the work asked of them, and if training is not provided then this may not be the case. Further, ISQC 1 requires a firm to institute an internal culture that emphasizes quality; if training is not provided, then ISQC 1 may not be complied with.

Quicker audits: Guaranteeing quicker audits to clients is unprofessional, and may prejudice audit quality. It is not possible to determine in advance the work that needs to be done on an audit, and hence the length of time it will take to do it. Hence requiring that audits be completed more quickly may lead to a reduction in audit quality and increased risk being taken on. In addition, a guarantee that an audit be done quicker than last year will be inappropriate where there is a change of circumstances at a client resulting in more audit work needing to be done.

Factors to consider Guidance is provided in ISA 600 Special considerations – audits of group financial statements (including the work of component auditors). Brass Co is a significant component of the group, and Sidle & Co are component auditors. As group auditors we should obtain an understanding of the component auditor, focusing on: Whether Sidle & Co complies with ethical requirements Sidle & Co's professional competence Whether the group audit team will be able to be sufficiently involved in the component auditor's work Whether Sidle & Co works in a regulated environment Ethics: Sidle & Co should, per ISA 600, be subject to the same ethical requirements as the group auditor, irrespective of regulations applicable in Chocland. These are contained in the IESBA's Code of ethics for professional accountants and the ACCA's Code of ethics and conduct. Professional competence: As group auditor, Vegas & Co should check that Sidle & Co: Understand ISAs. Chocland audit regulations are not based on ISAs, so Vegas & Co must ensure that the work performed by Sidle & Co conforms to the requirements of ISAs. Have sufficient resources and skills to perform the necessary work. Various complex accounting issues will be involved in preparing the group accounts, such as the measurement of fair values on consolidation. The group auditor must assess whether Sidle & Co has the resources and skills to do this. Understand IFRSs. Chocland has not adopted IFRSs, and there is a risk that Sidle & Co is not competent to audit Brass Co's accounts after they have been adjusted to comply with IFRSs. Procedures to perform Obtaining and reviewing the ethical code adhered to by Sidle & Co, and comparing it to those followed by Vegas & Co Obtaining a statement from Sidle & Co that it has adhered to this code Establishing through discussion or questionnaire whether Sidle & Co is a member of an auditing regulatory body, and the professional qualifications issued by that body Obtaining confirmations from the professional body Sidle & Co belong to, or the authorities licensing it Determining through discussion whether Sidle & Co is a member of a network of audit firms Discussion of the audit methodology used by Sidle & Co in the audit of Brass Co, and compare it with those used under ISAs (e.g. how the risk of material misstatement is assessed) A questionnaire or checklist could be used to provide a summary of audit procedures used Ascertaining the quality control policies and procedures used by Sidle & Co, both firm-wide and those applied to individual audit engagements Requesting any results of monitoring or inspection visits conducted by the regulatory authority under which Sidle & Co operates Communicating to Sidle & Co an understanding of the assurances that our firm will expect to receive, to avoid any subsequent misunderstandings Subject: Sci-Tech planning Introduction: This memorandum explains the matters to be covered by the planning document for the Sci-Tech audit and the review assignment. Outsourcing/payroll expense: Outsourcing is the process of purchasing key functions from an outside supplier (service organisation). In other words, it is contracting-out certain functions, for example, internal audit, or information technology, or, in this case, the payroll function. Audit of salary expense – matters to consider The audit firm must ensure it follows the guidelines of ISA 402 Audit considerations relating to entities using a service organization. This requires them to consider an approach to parts of the audit affected by a service organization. Materiality: Salaries are 8.4% of revenue and are separately disclosed in the statement of profit or loss. In addition, an element of salary cost for research and development staff will be included in research and development costs. Salary costs are therefore material for the audit.

Audit approach: The fact that salary costs have been audited by systems audit in the past implies that when the payroll was carried out in-house, there was a good control environment and effective controls. As ProPay now control the payroll function, the auditors need to determine the audit approach they will take to salaries now. In order to continue with a systems approach, they will need to be satisfied that a good system of control over payroll exists at ProPay. If they are not so convinced, they may need to take a substantive approach. The fact that a company with good controls over its payroll is prepared to outsource to ProPay suggests that ProPay has good controls. However, the auditors must not rely on this assumption but determine this for themselves. Accessibility: In order to make the determinations discussed above, the auditors really need access to ProPay's books and records. However, they have been engaged by Sci-Tech, not ProPay. It is not certain that they will be granted such access. The auditors should ask Sci-Tech to request that its auditors are allowed access to Pro-Pay's records. If the auditors were involved in the process of obtaining the contract with Pro-Pay it is likely that such access has been negotiated. If not, it may have been overlooked. If such access is declined, the auditors will have to consider other means of gaining the assurance they require about ProPay's systems. They may be able to get this assurance from: Third-party reports about ProPay, such as the auditor's report of Pro-Pay or reports of any regulatory agency Other reports, such as ProPay's internal auditor's reports, if made available to clients Requested procedures by ProPay's external or internal auditors If the auditors are unable to obtain the assurance they require about ProPay's systems or access to records to carry out proposed substantive tests, this would constitute an inability to obtain sufficient appropriate audit evidence which would result in the need for a qualification. 336 Compliance: The auditors need to ensure that Sci-Tech is still fulfilling its legal obligations in respect of maintaining financial records in respect of payroll, despite the administrational burden being carried by Pro-Pay. Records: The auditors should determine whether Sci-Tech keep any payroll records or whether solely ProPay keep the records. If Sci-Tech kept some records, these would provide corroboration of the figures kept by ProPay.

Audit risk & Risk of material misstatement

Remember, the risk of material misstatement is inherent risk and control risk – so it is simply audit risk without considering detection risk issues. Questions in recent years have been very repetitive, with common issues being: ● Inaccurately estimated provisions ● Impaired assets (especially intangibles) ● Failure to disclose going concern threats ● Preparation of FS on a going concern basis when the company does not appear to be a going concern ● Overvalued inventory ● Revenue recognised too early ● Foreign exchange not retranslated correctly ● Newly listed companies forgetting the need to now disclose EPS and Segmental Results Example : LNA is a company that sells laptop computers to shops throughout the UK. Just over a year ago, LNA paid $1million for a 5-year exclusive right to sell the EK69 model in the UK market. Sales of the EK69 were excellent for the first few months, but sales have been falling in the last 2 months, partly because of repeated technical faults with the most recent batch sold. Audit Risk   

There is a risk auditor my not be able to catch Overstatement of Sales for first few months There is risk auditor my not be able to identify Impairment of inventory due to sales return which indicates inventory obsolesce also Provision of losses may be overlooked by the auditor. Provision should b created on the basis of loss of sales/in the form of sales returns.

        

Going concern issues - bad reputation of firm can loss upcoming future sales which can lead to going concern issues of a company can be overlooked by the auditor hence increases audit risk to identify going concern problems of a company. IT market is subject to change in frequent intervals. Too many new models/designs came very frequently in the market and 5 year is a hug time for one product specially in IT Industry which can make Co survival difficult and also increases going concern issues due to lack of demand and hence increases audit risk to identify this going concern problem. Lack of IT knowledge and IT Industry also increases audit detection risk that may not be able identify due to lack of IT Expertise. The 5-year right is an intangible asset ...