audit process isas

8/2/2019 Audit Process Isas

http://slidepdf.com/reader/full/audit-process-isas 1/96

Presentation by:

,



Clarity Project Overview Recognition at IAASB: standards need to be

understandable, clear, and capable of

consistent application To enhance the quality and uniformity of

practice worldwide

In 2004 , the IAASB began a comprehensiveprogram to enhance the clarity of ISAs

This program involved the application of new

drafting conventions to all ISAs, either:

as part of a substantive revision or;

through a limited redrafting , to reflect the newconventions and matters of clarity generally

2



Clarity Project Overview Contd’

On February 27, 2009, the Clarity Project

reached its completion Public Interest Oversi ht Board a roved

the due process for the last several

clarified ISAs

Auditors worldwide will now have access

36 newly updated and clarified ISAs

Control (ISQC)3



Changes Resulting from the Clarity Project

broadly comprise the following:

'

conducting an audit in accordance with ISAs; Settin an ob ective in each ISA and establishin the

auditor's obligation in relation to that objective;

Clarifying the obligations imposed on auditors by therequirements of the ISAs and the language used tocommunicate such requirements;

requirements an auditor needs to fulfill; and

understandability of the ISAs through structural anddrafting improvements 4



Structure of the ISAs Introduction : information regarding the

purpose, scope, and subject matter of the ISA

Objective : a clear statement of the objective ofthe auditor in the audit area

Definitions : for greater understanding of the

ISAs - a licable terms

Requirements : Each objective is supported byclearl stated re uirements - alwa s ex ressedby the phrase "the auditor shall."

A lication and Other Ex lanator Material :

what a requirement means or is intended tocover, or includes examples of procedures 5



ISAs to be coveredISAs to be covered

ISA 300 - Planning

ISA 315 - Understandin the

Entity and Its Environmentand Assessing the Risks of

ISA 330 - The Auditor’s

Procedures in Response to

-

Assessed Risks

ISA 500 - Audit Evidence

ISA 320 - Audit Materialit

6



u y

Assertions and discussion has been shiftedfrom ISA 500 to ISA 315

Appendix to ISA 315 reduced to 2 from 3 Elaborative discussion has been included on

control components

’sampling included in ISA 500

more specifically

7



A & C (A & C (Initial Initial Understanding the client environment and riskUnderstanding the client environment and risk assessmentassessment

AUDIT ACTIVITYAUDIT ACTIVITY SUMMARYSUMMARY

DD

CC

oo

llaann

ngagemen ngagemen

Overall auditOverall auditstrategystrategy

EntityEntityFinancialFinancialPerformancePerformance

Objectives/Objectives/

StrategiesStrategiesIndustry/Industry/RegulatoryRegulatory

InternalInternal

ControlControl

(Design/(Design/

oommmmuu

AccountinAccountin

Audit PlanAudit Plan risks)risks)

implemenimplemen

tation)tation)

PROCEDURESPROCEDURES ININ RESPONSERESPONSE TOTO ASSESSEDASSESSED RISKSRISKS

uu

mm

iiccaa

PoliciesPolicies

eerr

ff

controlcontrol ProceduresProcedures

to addressto addressrisk atrisk at

Sufficiency andSufficiency and

appropriatenessappropriatenessDocumentaDocumenta-- OverallOverall

eenn

tt

iioonn

oomm

proceduresprocedures

assertionassertionlevellevel

of evidenceof evidenceaa

tt

wwiitt

oonncc

Completion/Completion/ReviewsReviews

Sufficient/appropriateSufficient/appropriate auditaudit evidenceevidence ii

oo

hh

cc

uu

ddee

ReportReport

GoingGoing

concernconcern

SubsequentSubsequent

EventsEvents

vera rev ewvera rev ewof financialof financial

statementsstatements

Review/Review/

conclusionconclusion

nn

230230

ee

nntt

8



PLANNI NGPLANNI NG ANAN AUDI TAUDI T OFOF FI NANCI ALFI NANCI AL

STATEMENTSSTATEMENTS -- I SAI SA 3 0 0 3 0 0

99



e o e an m ng o

Pl nninOverall audit strategy/ audit plan Appropriate attention to important areas

eso u on o po en a pro ems on a me y as s

Performance in an effective and efficient manner

levels of capabilities and competence

Direction and supervision Coordination of work done by auditors of components and

experts

Continuing process not a discrete stage in audit

predictability

10



Involvement of Key Engagement

of the engagement team be involved in planningthe audit

Participating in the discussion among

engagement teamAOEM

Based on ex erience

Enhancing the efficiency and effectiveness ofaudit

11



re m nary ngagemen

Activities(at the beginning) ○ Procedures for the continuance of the client

○ Evaluate compliance with ethical requirements,

○ Understanding of the terms of the engagement

AOE

○ Identification of events/matters expected to adverselyaffect the planning/performance

○ No issue with : independence, management integrityand misunderstanding

○ Continuance procedures: Shortly after the previous

audit12



Planning Activitiesee veravera uu ra egyra egy

Objectives?Objectives?

e s e scope, m ng an rec on o e au

Guides the development of the audit plan

Scoping – characteristics of the engagement

Re ortin ob ectives – timin and nature ofcommunications

Significant factors necessary to direct the engagement

eam s e or s(Materiality, high risk areas, material areas)

Ascertain the nature, timing and extent of resourcesnecessary to perform the engagement

13



Planning Activities Cont’

TheThe OverallOverall AuditAudit StrategyStrategy Cont’ AOEM AOEM - - assistance assistance in in determining determining

The resources to deploy for specific audit areas - high riskareas, involvement of experts on complex matters

The amount of resources to allocate to specific audit areas:

the extent of review of other auditors’ work for group audits

the audit budget in hours to allocate to high risk areas The timing of deployment of these resources - at an interim

audit stage or at key cutoff dates

,

briefing and debriefing meetings

engagement partner and manager reviews (for example, on-site oro -s e

engagement quality control reviewsAudit Strategy for Smaller Entities needs not to be complex 14



Planning Activities Cont’

ee veravera uu ra egyra egy Cont’

Appendix Appendix - - Considerations Considerations in in developing developing audit audit strategy strategy

arac er s cs o e engagemen : eport ng ramewor , au t

coverage, components audit , reporting currency etc.

Reporting Objectives, Timing of the Audit, and Nature ofCommunications: reporting timetable, meeting schedules with

Governance, management, communications

, ,Knowledge Gained on Other Engagements: materiality, areas

with high risk of material misstatements, need to emphasize the team

mem ers o ma n a n ques on ng m n Nature, Timing and Extent of Resources : selection of

engagement team, allocation of work between team members,engagement budgeting etc.

Above items are examples and can also affect the audit plan 15



Planning Activities

Cont’ The Audit PlanThe Audit Plan

Ob ectives?Ob ectives?

to reduce audit risk to an acceptably low levelCoverage?Coverage?

Description of the nature, timing and extent of planned

risk assessment procedures (ISA(ISA 315315)) escr pt on o t e nature, t m ng an extent o p anne

further audit procedures at the assertion level (ISA(ISA 330330))

carried out so that the engagement complies with ISAs

Update strategy and plan as and when necessary

Necessary procedures for direction and supervision of the

engagement team members and review of their work16



ann ng c v es

Cont’ ont’

These are more detailed than strategy

,

performed by the engagement team

Planning for risk assessment procedures is done early

Some procedures may be executed early on someaccount balances or class of transactions

With the progress of audit changes may be needed

Direction and supervision of engagement team (S ize and complexity of the entity, Area of the audit, Assessed risks of material misstatement Ca abilities an com etence of team members)

ISA 220 - further guidance on direction/supervision/review 17



DocumentationDocumentation

Overall audit strategy

Significant changes to audit strategy/plan

(AOEM) (AOEM)

necessary for planning

an : e a e proce ures o e per orme – may be standard checklists etc

ma er en es : may e n e orm o a

memorandum 18



Additional Considerations in Initial Audit

Procedures required by ISA 220 regarding theacceptance

Communicating with the predecessor auditor,w ere t ere as een a c ange o au tors

(AOEM) (AOEM) Planning activities may need to be expanded:

If not prohibited – review of predecessor auditor’s

Discussion on major issues with those charged withovernance

Procedures on opening balances

Firm’s other procedures–involvement of another partner19



IDENTIFYINGIDENTIFYING AND AND ASSESSING ASSESSING THETHE RISKSRISKS OFOF

MATERIA LMATERIAL MISSTATEMENTMISSTATEMENT THROUGHTHROUGHUNDERSTANDINGUNDERSTANDING THETHE ENTITY ENTITY AND AND ITSITS ENVIRONMENTENVIRONMENT

2020



Objective

To identify and assess the risks of material

Whether due to fraud or error

At the financial statement and assertion levels

Through understanding the entity and itsenvironment

Including the entity’s internal control

Providing a basis for designing andimplementing responses to the assessed

risks of material misstatement

21



RISK ASSESSMENT PROCEDURES AND

Inquiries of management and others within theentity

Analytical procedures

Observation and inspection

Procedures performed for A & C may indicate risksPerformance of other engagements by the partner

Previous experience – changes to be reviewed to

assess relevanceDiscussions among the key engagement team –

susceptibility to material misstatements

22



RELATED ACTIVITIES (AOEM) (AOEM)

’ UnderstandingUnderstanding – – Why?Why? (Frame (Frame of of reference)reference)

Assess the risk of material misstatement

Establishing materiality A ro riateness of selection and a lication of

accounting policies & disclosures

Special audit consideration areas - going concern Developing expectations - analytical procedures

Responding to risks - designing and performing

ur er au proce ures Sufficiency and appropriateness of audit evidence

sese oo pro ess onapro ess ona u gmenu gmen – – eyey ac orac or

FraudFraud considerationsconsiderations – – separatelyseparately dealtdealt withwith inin ISAISA 24024023




’ AdditionalAdditional proceduresprocedures maymay includeinclude::

sources such as economic journals, analysts’ reports,banks or rating agencies, regulatory or financialpublications

Making enquiries from external legal council or

InquiriesInquiries fromfrom managementmanagement andand othersothers inin entityentity::

financial reporting (charged with governance, internal auditors, responsible for complex transactions,internal legal council, marketing and sales personnel)

24




’ AnalyticalAnalytical proceduresprocedures::

Broad initial indication

Unusual trends, ratios etc. – indication of fraud Smaller entities – non-availability of interim data (may

perform on availability of draft financial statements)

ObservationObservation andand inspectioninspection::

, ,

InformationInformation obtainedobtained inin priorprior periodsperiods::

DiscussionDiscussion amongamong thethe engagementengagement teamteam::

Mostly from more experienced to less experienced

Not necessary to include all – key members to be included

Smaller entities – responsibility of the engagement partner25



UNDERSTANDING THE ENTITY AND ITS

EntityEntity andand itsits environmentenvironment

Industr , re ulator , and other external factors, includin

the applicable financial reporting frameworkNature of the entity, including operations, ownership/ governance, nves men s, s s ruc ure

Entity’s process for selection and application of accounting

olicies

Objectives and strategies and the related businessbusiness risksrisksthat may result in a material misstatement of the financial

s a emen sMeasurement and review of the entity’s financialerformance

TheThe entity’sentity’s InternalInternal ControlsControls

DesignDesign andand implementationimplementation 26



THE ENTITY AND ITS ENVIRONMENT

Industry/regulatory and other external factors Industr :

○

Competition (demand, supply, capacity, price)○ Seasonal/cyclical Industry specific risks

○

Regulatory:

○ Accounting principles/industry specific practices

relevant experience

○ Regulatory framework (Financial sector)

○ Taxation

, , , ,

environmental requirements)

Public sector entities:

○ Laws, regulations and other authorities with specific effect

Other external factors:27



THE ENTITY AND ITS ENVIRONMENT (AOEM) (AOEM)

’ Nature of the Entity

Business operations: (few examples)

Revenue sources – manufacturing, whole sale, retail etc

Products/markets – market share, margins, competition, pricing

Conduct of operations – stages of manufacturing, segments

Alliances, joint ventures, outsourcing

Key customers (related parties)

Investments:

Acquisitions, mergers (planned or executed)

nanc ng:Group structure, debt structure, derivatives etc

Financial reporting:

Accounting practices, revenue recognition, inventories, fair value

Complex structure : risk of material misstatements 28




’ Selection and application of accounting

Methods to account for significant and unusual

The effect of significant accounting policies in

controversial or emer in areas for which there isa lack of authoritative guidance or consensus

Chan es in the entit ’s accountin olicies

Financial reporting standards and laws andregulations that are new to the entity and when andhow the entity will adopt such requirements

29




’ Objectives/strategies & related business risks

Industr develo ments – lack of ersonnel/ex ertise

New products and services – increased product liabilityExpansion of business – inaccurate assessment ofdemand

New accounting requirements – incomplete

Regulatory requirements – increased legal exposure

Current/ ros ective financin re uirements – loss of

financingUse of IT – incompatibility of systems and processes

Incomplete/improper implementation of a strategy

30




’ easurement an ev ew o t e nt ty s nanc a Performance Internal

Key ratios and operating statistics

Key performance indicators

mp oyee per ormance measures an ncen vecompensation policies

Trends

Use of forecasts, budgets and variance analysis

External

Analyst reports and credit rating reportsCompetitor analysis

Period-on-period financial performance (revenue growth,

profitability, leverage)31

ENTITY’ INTERNAL



ENTITY’ INTERNAL

Understanding of relevant controls

Mostly controls relevant to audit

All controls relevant to financialcontrols are relevant to audit

judgment

32



ENTITY’S INTERNAL CONTROLS Cont’

General Nature and Characteristics of Internal Control (AOEM) (AOEM)

Purpose of Internal Control

To address identified business risks that threatenthe achievement of any of the entity’s objectivesconcerning:

e a y o nanc a repor ng

Effectiveness and efficiency of operations

Smaller entities : may use less structured means

their objectives33




Extent of Understanding

Design

mp emen a on

(AOEM) (AOEM)

Inquiring of entity personnel

Observing the application of specific controls

nqu ry a one s not sufficient for such purposes

Inspecting documents and reports

Tracing transactions through the information system relevant tofinancial reporting

Understanding and assessing design/implementation is notexpected to give comfort on operating effectiveness – to be

In some IT based controls operating effectiveness may alsobe assess at this stage – due to consistency in application 35




Components

Control Environment

Shall obtain an understanding of the controlenvironment

Evaluate whether:

Management, with the oversight of those charged withgovernance, has created and maintained a culture ofhonesty and ethical behavior

collectively provide an appropriate foundation for theother components of internal control

Whether those other components are not undermined by

deficiencies in the control environment 36

ENTITY’S INTERNAL CONTROLS




Components

Elements: Communication and enforcement of integrity and ethical values

Commitment to competence

Participation by those charged with governance

’

Organizational structure

Assignment of authority and responsibility

uman resource po c es an prac ces

Procedures to obtain evidence:

In uiries

Corroboration through observation and inspection of documents

37





omponen s on Control Environment (AOEM) (AOEM) Cont’

Misstatements: Pervasive impact on risk assessment

Control consciousness is affected by Governance

Independent and active board can influence operating philosophy

May be a positive factor – addressing fraud risk

Smaller entities :

Governance structure may not be very formal

ess segrega on o u es may e compensa e roug ownermanager

Risk of overriding may be considered

arrangements, communications may not be formal/documented

Attitude, awareness and actions of the management are moreimportant 38





Components Cont’

Entity’s risk assessment process

The auditor shall obtain an understanding of whether theentity has a process for:

en y ng us ness r s s re evan o nanc a repor ng o ec ves

Estimating the significance of the risks

Assessing the likelihood of their occurrence Deciding about actions to address those risks

If such process exists – obtain an understanding

– the process?

If no rocess is not established – consider it is a ro riatein the circumstances

39





omponen s on Entity’s risk assessment process Cont’ (AOEM) (AOEM)

to be managed Appropriate process assists the auditor in identifying risks

of material misstatement

Appropriateness is a matter of judgment

ma er en es :

Unlikely to be an established risk assessment process in asmall entit

Risk identification by the management will be through directpersonal involvement in the business

Inquiry about identified risks and how they are addressed

by management is still necessary 40



ENTITY S INTERNAL CONTROLS Cont’

omponen s on The Information System, Including Related Business Processes,

Relevant to Financial Re ortin , and Communication Cont’ (AOEM) (AOEM)

Includes the accounting system – rectifications etc

reporting framework is accumulated, recorded, processed, summarizedand appropriately reported in the financial statements.

Standard : Sales, Purchases, accounting estimates

Non-standard : acquisition, impairments

Related business process : Result in transactions to be recorded, process and reported

Understanding process will help auditor to understand reporting systemCommunication : rovidin an

Smaller entities :

Are likely to be less sophisticated

understanding of individual roles andresponsibilities pertaining to internalcontrol over financial reporting 42





Components Cont’

Control activities

Shall obtain an understanding of control activities:

Relevant to the audit

ecessary o un ers an o assess e r s s o ma er amisstatement at the assertion level

Design further audit procedures responsive to assessed risks Understanding of all the control activities related to each

significant class of transactions, account balance, anddisclosure in the financial statements or to ever assertion

relevant to them is not required Understanding of how the entity has responded to risks

ar s ng rom

43





omponen s on Control activities Cont’ (AOEM) (AOEM)

directives are carried out Examples include relating to the following:

Authorization

Performance reviews

Physical controls

Segregation of duties

e evance: Relate to significant risks

Relate to risks for which substantive rocedures alone do not rovidesufficient appropriate audit evidence

Considered to be relevant in the judgment of the auditor 44





Components Cont’

Control activities Cont’

Auditor’s judgment is influenced by risk assessment

Auditor’s emphasis has to be on higher risk areas Knowled e about resence/absence hel s to devote a ro riate

attention

Use of IT affects the operation of control activities : General and

Application controlsSmaller entities :

Conceptually similar to larger entities

Some control activities may not be needed due to involvement of themanagement – approval of credit

re e y o e re a e o ma n ransac on cyc es – purc ases, revenueor employee cost

45





Components Cont’

Monitoring of Controls

Shall obtain an understanding of the major activities that the entity uses

to monitor internal control over financial reporting Including those related to those control activities relevant to the audit

Initiation of remedial actions to deficiencies in its controls

Internal Audit Function :

The nature of the internal audit function’s res onsibilities and how theinternal audit function fits in the entity’s organizational structure

The activities performed, or to be performed, by the internal auditfunction

Sources of information : Used in the entity’s monitoring activities

sufficiently reliable for the purpose

46





Components Cont’ Monitoring of Controls Cont’ (AOEM) (AOEM)

A process to assess the effectiveness of internal control performanceover time

Involves assessing the effectiveness of controls on a timely basis andtaking necessary remedial actions

Can be accomplished through: Ongoing activities

Separate evaluations A combination of the two

Ongoing monitoring activities are built into normal recurring activitiesand include regular management and supervisory activities

Management’s monitoring activities may include using information fromcommunications from external parties such as customer complaints andregulator comments

Smaller entities :

Close involvement in operations 47





Components Cont’

Monitoring of Controls Cont’

Internal Audit Function:

May be relevant and affect nature, timing and extent of audit

procedures

Internal control

Risk management

May be limited to the review of the economy, efficiency andeffectiveness of operations, for example, and accordingly, may not

’

Sources of information:

Monitoring may be based on incorrect information Example

n un erstan ng s requ re o : The sources of the information related to the entity’s monitoring activities

The basis upon which management considers the information to be sufficiently reliable48

IDENTIFYING AND ASSESSING THE RISK OF



MATERIAL MISSTATEMENT

RisksRisks assessmentassessment ofof materialmaterial misstatementmisstatement

At the financial statement level

At the assertion level for

classes of transactions Example

accoun a ances

and disclosures

ProcessProcess Identify risks

Relate - what can go wrong at the assertion level?

Consider magnitude - material misstatement of thefinancial statements

ons er e e oo – ma er a m ss a emen o efinancial statements

49

IDENTIFYING AND ASSESSING THE RISK OFMATERIAL MISSTATEMENT




’ Risks Risks assessment assessment of of material material misstatement misstatement at at financial financial statement statement level level (AOEM) (AOEM)

Risks that relate pervasively to the financial statements as a whole

Potentially affect many assertions Re resent circumstances that ma increase the risks of material

misstatement at the assertion level (management override)

May derive in particular from a deficient control environment (other

factors such as declinin economic conditionsFor example: deficiencies such as management’s lack of competencemay have a more pervasive effect on the financial statements and mayre uire an overall res onse b the auditor

Understanding of internal control may raise doubts about auditability: Serious concerns on management’s integrity - risk of management

misre resentations

Concerns about the condition and reliability of an entity’s records - unlikely toobtain sufficient appropriate audit evidence

50





’

Risks Risks assessment assessment of of material material misstatement misstatement at at assert on assert on eve eve

Risks at the assertion level for classes of transactions,,

because:

Such consideration directly assists in determining thenature, timing and extent of further audit procedures at theassertion level

The identified risks may relate more pervasively to thefinancial statements as a whole and potentially affect manyassertions

51



Use of assertions

Classes of transactions and events for the period

Occurrence

Completeness

Accuracy

Cutoff

ass ca on

Account balances at the period end

x s ence

Rights and obligations

Valuation and allocation 52

Use of assertions



Use of assertions

Cont’

Presentation and disclosure○ Occurrence and rights and obligations

○ Completeness

○ Classification and understandability

○

Accuracy and valuationNote that auditor :

May like to use different terms/assertions but the

aspects as given above should be covered May like to merge the assertions relating to for

the period and at the end of the period

For public sector – compliance with laws 53





’ Process Process of of identifying identifying risks risks of of material material misstatement misstatement (AOEM) (AOEM)

assessment

The risk assessment determines the nature, timing and extent of further

Appendix 2 conditions and events indicative of

existence of risks of material misstatement

Related Related controls controls to to assertions assertions (AOEM) (AOEM)

Controls (prevent, detect, correct) can also be identified to specificasser ons

Controls are identified in processes – multiple control activities maycover one assertion

Controls may have specific impact – physical counting of inventories onexistence and completeness

Controls may be indirect – review by sales manager for completeness 54

INDICATORS OF RISK MATERIALMAISSTATEMENT



MAISSTATEMENT

(Appendix 2) Operations in regions that are economically unstable

-

High degree of complex regulation

Constraints on the availability of capital and credit

Changes in the supply chain

moving into new lines of business Expanding into new locations

Changes in the entity such as large acquisitions or

reorganizations or other unusual events 55

INDICATORS OF RISK MATERIAL



MAISSTATEMENT

(Appendix 2) Cont’

Entities or business segments likely to be sold

Complex alliances and joint ventures

Use of off-balance-sheet finance, special-purposeent t es, an ot er comp ex nanc ng arrangements

Significant transactions with related parties

ac o personne w appropr a e accoun ng anfinancial reporting skills

executives

Weaknesses in internal control es eciall those notaddressed by management

56




MAISSTATEMENT(Appendix 2) Cont’

Inconsistencies between the entity’s IT strategy and itsbusiness strategies

Changes in the IT environment

nsta at on o s gn cant new systems re ate tofinancial reporting

’by regulatory or government bodies

Past misstatements histor of errors or a si nificant

amount of adjustments at period endSignificant amount of non-routine or non-systematictransactions including inter-company transactions and

large revenue transactions at period end 57




MAISSTATEMENT(Appendix 2) Cont’

Transactions that are recorded based on’managemen s n en , or examp e, e

refinancing, assets to be sold and classification of

Application of new accounting pronouncements

processes

Events or transactions that involve significant

measurement uncertainty, including accountingestimates

en ng t gat on an cont ngent a t es, or

example, sales warranties, financial guarantees 58





’ Risks Risks that that require require special special audit audit consideration consideration

Auditor shall determine whether any of the risks identifiedare, in the auditor’s judgment, a significant risk

Shall exclude the effects of identified controls related to the

Significant risk – An identified and assessed riskof material misstatement that, in the auditor’s

Shall consider at least the following:

, .

Risk of fraud;

Relate to recent significant economic, accounting or other developments

The complexity of transactions

Significant transactions with related parties

Subjectivity in the measurement – wide range of measurement uncertainty

Significant transactions outside the normal course of business 59





’ Risks Risks that that require require special special audit audit consideration consideration

Significant non-routine transactions or judgmental matters- - ,

nature (infrequent)

Judgmental matters - accounting estimates with significantmeasurement uncertainty

Significant non-routine transactions:

-

Greater manual intervention for data collection and processing Complex calculations or accounting principles

Significant judgmental matters :

May be subjective or complex, or require assumptions about theeffects of future events, for example, judgment about fair value 60




’ Risks Risks that that require require special special audit audit consideration consideration AOEM AOEM

Understanding controls related to significant risks

Assess whether and how management responds to therisks. Such responses might include:

Control activities such as a review of assumptions by senior

management or experts Documented processes for estimations

Approval by those charged with governance

-

Referral to appropriate experts (such as internal or external legalcounsel)

An assessment of potential effect and proposal to disclose in thefinancial statements

Failure b mana ement to im lement such controls is an61




’ Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate Audit Evidence

Automated processing with little or no manual

intervention

Audit evidence may be available only in electronicorm, an s su c ency an appropr a enessusually depend on the effectiveness of controls

The potential for improper initiation or alteration of

greater if appropriate controls are not operating

effectively 62




’ Revision of Risk Assessment

New information is inconsistent - shall revise theassessment and modify the further planned auditprocedures accordingly

(AOEM) (AOEM)

Risk assessment may be based on an expectationthat certain controls are operating effectively - testsof those controls revealed they were not operatinge ec ve y

During substantive procedures the auditor may

greater than the auditor’s risk assessments63

DOCUMENTATION



DOCUMENTATION

significant decisions reached

Key elements of the understanding obtained regarding:

each of the aspects of the entity and its environment

each of the internal control components

obtained

the risk assessment procedures performed

at the financial statement level and at the assertion level

The risks identified, and related controls about which theauditor has obtained an understanding

64

DOCUMENTATION(AOEM)(AOEM)



(AOEM) (AOEM) a er o pro ess ona u gmen Small entities - may be incorporated in documentation of the

overall strategy and audit plan

May be documented separately, or may be documented as part

of further procedures

the nature, size and complexity of the entity and its internal control

availability of information from the entity

audit methodology and technology used in the course of the audit

Uncomplicated businesses and processes - documentation maybe sim le in form and relativel brief.

An engagement team comprising less experienced individualsmay require more detailed documentation

,forward, updated as necessary to reflect changes in the entity’s

business or processes 65

ASSESSING THE RISK OF MATERIAL



ScenarioScenario BusinessBusiness RiskRisk AuditAudit RiskRisk ResponseResponse

Declining

industry

Business failure

Impairment ofassets

Valuation of

assets -impairment

Apply

impairment test

Managementbenefits linked

Misreporting toincrease

Misstatementof revenue

Extensivesubstantive

performance Recoverabilityof debts

receivables revenue/ receivables

operations license if non-compliance

intangiblesGoing concern

review of statusof compliance

conditions

66

THETHE AUDITOR’SAUDITOR’S RESPONSESRESPONSES TOTO



THETHE AUDITOR S AUDITOR S RESPONSESRESPONSES TOTO

ASSESSED ASSESSED RISKSRISKS

6767

THE AUDITOR’S RESPONSES TO



Overall responses

Audit procedures responsive to assessedrisks of material misstatement at theassertion level

Adequacy of Presentation and Disclosure

Evaluating the sufficiency and

appropriateness of audit evidence Documentation

68

OVERALL RESPONSE



Shall design and implemented overall responses

AOE

Emphasizing to the audit team the need to maintainprofessional skepticism

Assigning more experienced staff or those withspecial skills or using experts

rov ng more superv s on

Incorporating additional elements of unpredictability in

performed General chan es to the nature timin or extent of

audit procedures: (Performing substantive procedures at

period end instead of at an interim date) 69

OVERALL RESPONSE Cont’



AOEM Cont’

Auditor’s understandin of control environment shallaffect the design of overall responses

Effective control environment shall increase theconfidence

Deficiencies in control environment may be

More audit procedures at the period end

More substantive rocedures

More audit locations to be selected for audit Approaches:

Substantive approach – more substantive procedures

Combined approach – combination of test of controls and 70

AUDIT PROCEDURES RESPONSIVE TO ASSESSEDRISKS OF MATERIAL MISSTATEMENT AT THE



Design and perform procedures responsive to the

level

For designing procedures consider reasons of risksassessment:

Characteristics of relevant class of transactions, account balance or

disclosure – inherent risk Relevant controls (desire to test operating effectiveness of controls

– control risk)

risk

assessed risk and procedures to be performed

71

RISKS OF MATERIAL MISSTATEMENT AT THEASSERTION LEVEL



ASSERTION LEVEL

Cont’

AOEM

ApproachesApproaches:: testtest ofof controlcontrol oror substantivesubstantive oror combinedcombined

NatureNature

PurposePurpose:: Tests of controls or substantive procedures

TypeType:: Inspection, Observation, Inquiry, Confirmation,

eca cu a on, e-per ormance, na y ca proce ures

TimingTiming

ExtentExtentQuantit

72




Cont’

AOE

NatureNature

combinationcombination (high(high riskrisk ofof completenesscompleteness ofof termstermsofof contractcontract – – inspectioninspection ofof documentdocument andand directdirectconfirmation)confirmation)

ReasonsReasons areare alsoalso importantimportant::

LowerLower inherentinherent riskrisk –– substantivesubstantive analyticalanalytical proceduresprocedures LowerLower riskrisk duedue toto expectedexpected controlscontrols – – testingtesting operatingoperating

proceduresprocedures..

73




Cont’ TimingTiming AOEM

– – substantivesubstantive proceduresprocedures atat thethe yearyear endend oror unannouncedunannounced(fraud)(fraud)

EarlyEarly performanceperformance ofof proceduresprocedures – – timelytimely identificationidentification ofofsignificantsignificant mattersmatters

, Agreeing the financial statements to the accounting records

Adjustments for preparing the financial statements

Relevant factors to decide timing of procedures : The control environment

The nature of the risk

The period or date to which the audit evidence relates 74




Cont’ ExtentExtent AOEM

DeterminedDetermined onon thethe basisbasis ofof::

MaterialityMateriality

AssessedAssessed levellevel ofof riskrisk

HigherHigher thethe riskrisk moremore isis thethe extentextent

CAATsCAATs cancan bebe usedused forfor electronicelectronic transactionstransactions HigherHigher riskrisk – – increaseincrease quantityquantity oror obtainobtain moremore relevantrelevant

evidenceevidence (more(more testtest ofof detailsdetails oror thirdthird partyparty confirmation)confirmation)

Public Public Sector Sector

Auditor’sAuditor’s mandatemandate maymay affectaffect thethe nature,nature, timingtiming andand extentextent

Smaller Smaller entities entities

PrimarilPrimaril substantivesubstantive roceduresrocedures 75

TEST OF CONTROLS



SufficientSufficient appropriateappropriate evidenceevidence forfor operatingoperating effectivenesseffectiveness ofof controlscontrols::

OperatingOperating effectivenesseffectiveness isis expectedexpected andand toto bebe testedtested toto carrycarry outout

SubstantiveSubstantive proceduresprocedures alonealone cannotcannot provideprovide assuranceassurance

GreaterGreater isis thethe reliancereliance toto bebe placedplaced – – moremore persuasivepersuasive evidenceevidence isis

AOEM

OnlyOnly toto bebe performedperformed onon controlscontrols expectedexpected toto prevent,prevent, detectdetect andand

correccorrec ma er ama er a m ss a emenm ss a emen aa asser onasser on eveeve

SubstantiallySubstantially differentdifferent controlscontrols inin differentdifferent periodsperiods – – considerconsiderseparatelyseparately

MayMay bebe testedtested atat thethe timetime ofof obtainingobtaining understandingunderstanding ofof designdesign andand

effectivenesseffectiveness

CertainCertain understandingunderstanding proceduresprocedures maymay provideprovide evidenceevidence forforoperatingoperating effectivenesseffectiveness alsoalso (Budgeting(Budgeting processprocess ofof anan entity)entity)

DualDual purposepurpose testtest cancan alsoalso bebe performedperformed – – concurrentconcurrent performanceperformance ofof

testtest ofof controlscontrols andand substantivesubstantive proceduresprocedures 76

TEST OF CONTROLS

Cont’ NatureNature andand extentextent ofof testtest ofof controlscontrols



Perform other audit procedures in combination with inquiry including:

How the controls were applied at relevant times during the period

By whom or by what means they were applied

Controls to be tested depend upon other controls (indirect controls) -,

AOEM

Inquiry with inspection/re-performance is good combination instead of

–

More persuasive audit evidence is needed – increase extent of testing

Further considerations:

The frequency of the performance of the control

The length of time

The expected rate of deviation from a control

The relevance and reliability of the audit evidence to be obtained

The extent to which audit evidence is obtained from tests of other controls

IndirectIndirect controlscontrols :: useuse ofof reportreport andand accuracyaccuracy ofof inputsinputs toto reportreport 77

TEST OF CONTROLS

Cont’ TiminTimin ofof testtest ofof controlscontrols



For a particular time or during the period

AOEM

UsingUsing auditaudit evidenceevidence duringduring anan interiminterim periodperiod

Shall:

Obtain evidence about significant changes subsequent to the interim period

Additional audit evidence to be obtained for the remaining period

AOEM

Relevant factors - for the period remaining after an interim period:

Significance of the assessed risks

The s ecific controls and si nificant chan es to them

Degree to which audit evidence for the operating effectiveness obtained

The length of the remaining period

The extent auditor intends to reduce further substantive rocedures

The control environment

Extend tests of controls over the remaining period or testing theentit ’s monitorin of controls 78

TEST OF CONTROLS

Cont’



Factors to be considered:

Effectiveness of other elements (control environment etc.)

Risks arising from the characteristics of the control (manual or

automated) Effectiveness of general IT controls

Effectiveness of the control (application, deviations, personnelchanges)

Chan in circumstances Risks of material misstatement and the extent of reliance on the control

Establish continuing relevance - perform inquiry combinedw o serva on or nspec on:

Changes - shall test the controls in the current audit

No changes:

○ Test the controls at least once in every third audit

○ Test some controls each audit to avoid testing all controls in a single audit

period with no testing of controls in the subsequent two audit periods 79

TEST OF CONTROLS

Cont’ UsinUsin auditaudit evidenceevidence obtainedobtained durindurin reviousrevious auditsaudits Cont’



AOEM

Controls that have changed from previous audits

differently may still have relevance while data accumulation differently

may not

Higher the risk of material misstatement, or the greater the relianceon controls, the shorter the time period elapsed, if any, is likely to be.

actors t at may ecrease t e per o or retest ng a contro :

A deficient control environment/monitoring of controls

A significant manual element to the relevant controls

Personnel changes that significantly affect the application of the control

Changing circumstances that indicate the need for changes in the control

Deficient general IT controls

Testing some of those controls in each audit provides corroboratinginformation about the continuing effectiveness of the control

environment 80

TEST OF CONTROLS

Cont’ Evaluatin the O eratin Effectiveness of Controls



Assess! misstatements detected by substantive procedures indicatethat controls are not operating effectively

-tested are effective

Deviations ? make specific inquiries to understand matters and their,

Q 1: Tests of controls an appropriate basis for reliance on the controls

Q 2: Additional tests of controls are necessary

substantive procedures

AOEM

–

Some deviations may occur - may be caused by factors: Changes in key personnel

gn can seasona uc ua ons n vo ume o ransac ons

Human error

Detected rate of deviation with expected may indicate non-reliance 81

SUBSTANTIVE PROCEDURES

Irres ective of the assessed risks of material misstatement the auditor



shall design and perform substantive procedures for each material classof transactions, account balance, and disclosure

Consider! external confirmation rocedures are to be erformed assubstantive audit procedures

AOEM

The auditor’s assessment of risk is judgmental and so may not identify allrisks of material misstatement

override

Nature and Extent of Substantive Procedures

,

Only substantive analytical procedures will be sufficient - support from testsof controls

Onl tests of details – directional testin for assertions

A combination of substantive analytical procedures and tests of details

Specific discussions on external confirmation in para A48 to A51.82

SUBSTANTIVE PROCEDURES Cont’



Timing of Substantive Procedures

interim date: u v p u , w

controls for the intervening period

Unexpected misstatements - assessment ofr s an e p anne na ure, m ng o ex enof substantive procedures covering the

y

83

ADEQUACY OF PRESENTATION AND DISCLOSURE



Perform audit procedures to evaluate whether :

The overall presentation of the financial statements

Is in accordance with the applicable financial reporting framework

AOEM

Individual financial statements are presented in a manner that reflectsthe appropriate:

Classification and description of financial information

Form

Arrangement

Content of the financial statements and their appended notes

This includes, for example:

the terminology used

the amount of detail given

the classification of items in the statements

the bases of amounts set forth

84

EVALUATING THE SUFFICIENCY AND APPROPRIATENESSOF AUDIT EVIDENCE : e assessments o t e r s s o mater a m sstatement at t e



assertion level remain appropriate?

Q 2: Sufficient appropriate audit evidence has been obtained?

No Answer! shall attempt to obtain further audit evidence

Unable to obtain sufficient appropriate audit evidence - qualified opinionor disclaimer of an opinion on the financial statements

AOEM

Factors influencing the judgment as to what constitutes sufficient

a ro riate audit evidence : Significance of the potential misstatement in the assertion and the likelihood of its

having a material effect, individually or aggregated with other potential misstatements,on the financial statements

’

Experience gained during previous audits with respect to similar potentialmisstatements

Results of audit procedures performed, including whether such audit proceduresidentified specific instances of fraud or error

Source and reliability of the available information

Persuasiveness of the audit evidence’

85

DOCUMENTATION

e overa responses o a ress e assesse r s s o ma er a



misstatement at the financial statement level, and the nature, timing and

extent of the further audit procedures performed

The linkage of those procedures with the assessed risks at theassertion level

The results of the audit procedures, including the conclusions wherethese are not otherwise clear

To use audit evidence about the operating effectiveness of controlsobtained in previous audits - the conclusions reached about relying onsuch controls that were tested in a previous audit

Documentation shall demonstrate that the financial statements agree orreconcile with the underlying accounting records

AOEM

The form and extent of audit documentation - matter of professional judgment, and is influenced by:

The nature, size and complexity of the entity and its internal control

Availability of information from the entity

Audit methodolo and technolo used in the audit 86

ISA 500 AUDIT EVIDENCEISA 500 AUDIT EVIDENCE



8787

OBJECTIVE



The ob ective of the auditor is to desi nand perform audit procedures in such a

sufficient appropriate audit evidence to

conclusions on which to base theau or s op n on.

Definitions from ISA

88

SUFFICIENT APPROPRIATE AUDIT



The auditor shall design and perform audit procedures that areappropriate in the circumstances for the purpose of obtainingsufficient appropriate audit evidence

AOEM

performed

Accounting records are the important source of such evidence

and those which contradicts management assertions – managementrefusal to provide representations is also an evidence

Appropriateness: quality The reliability of evidence is influenced by its source (internal

/external)

89

AUDIT PROCEDURES FOR OBTAINING AUDIT



u ev ence o raw reasona e

conclusions on which to base the auditor’sop n on s o a ne y per orm ng:

Risk assessment procedures

Further audit procedures, which comprise

○ Tests of controls, when required by the ISAs or

○ Substantive procedures, including tests of detailsand substantive anal tical rocedures

90

AUDIT PROCEDURES FOR OBTAINING AUDIT



Inspection of Tangible Assetsservat on

Inquiry

External Confirmation

Recalculation

Re-performance

91

INFORMATION TO BE USED AS AUDIT

Consider :



Consider : Relevance

AOEM

Relevance

With specific procedure or assertion

Reliability

Generalizations about the reliabilit of audit evidence: More reliable if obtained independent sources outside the entity

Reliability of internally generated increased with effective relevant controls

reliable than obtained indirectly or by inference (inquiry about the

application of a control)

In documentary form (paper, electronic, or other medium) more reliablethan orally (minutes vs oral presentation)

Provided by original documents more reliable than provided by

photocopies or facsimiles etc 92

INFORMATION TO BE USED AS AUDIT

Management’s expert



Management s expert

Shall, to the extent necessary:

,

Obtain an understanding of the work of that expert

Evaluate the appropriateness of that expert’s work as audit evidence for

AOEM

Very elaborative and detailed discussion in paras A34 to A48.

Information produced by the entity

Evaluate whether the information is sufficiently reliable for theauditor’s purposes, including, as necessary in the circumstances:

Obtaining audit evidence about the accuracy and completeness

Evaluating whether the information is sufficiently precise and detailed forthe auditor’s purposes

AOEM

Very elaborative and detailed discussion in paras A49 to A51.93

SELECTING ITEMS FOR TESTING TO OBTAIN

Shall determine means of selecting items for testing that are effective



Shall determine means of selecting items for testing that are effectivein meeting the purpose of the audit procedure

AOEM

The means available to the auditor for selecting items for testing are: Selectin all items 100% examination

Selecting specific items

Audit sampling

Is unlikely in the case of tests of controls

More common for tests of details

-

High value or key items

All items over a certain amount

Audit Sampling Discussed in ISA 530.16

94

INCONSISTENCY IN, OR DOUBTS OVER,

If:



If:

audit evidence obtained from one source is inconsistent with that obtainedrom ano er

the auditor has doubts over the reliability of information to be used as audit

evidence

to resolve the matter

Consider the effect of the matter, if any, on other aspects of the audit

AOEM Inconsistency may raise doubts on reliability of evidence from once

source. May be the case :

Responses to inquiries of management, internal audit, and others are

inconsistent

Inconsistent responses of those charged with governance andmanagement

ISA 230: requires specific documentation for inconsistent information

from auditor’s final conclusion regarding a significant matter 95



ues ons

96

audit process isas

Documents