ipcc paper 6 auditing and assurance chapter 4 · pdf fileidentifying and assessing the risk...
TRANSCRIPT
IPCC Paper 6 Auditing and Assurance Chapter 4 CA.Kamal Garg
A mechanism to ensure the compliance with organisation policies and procedures;
In particular ensure that:
• Assets are safeguarded; • Frauds and errors are prevented & detected; • Recording all transactions in books of account
Control Environment: overall attitude, actions & awareness of Management towards Internal Control System (ICS);
Control Procedures: designed to achieve desired ICS objectives
Under SA 200(R), evaluation of ICS is one of the basic principles governing an audit
SA 315Title:
Identifying and Assessing the Risk of Material Misstatement Through Understanding the Entity and its Environment
Business Risk: A risk resulting from significant:
Conditions
Events
Circumstances
Actions, or
Inactions that could adversely affect an entity’s ability to achieve its objectives and execute its strategies
Internal Control: 1. The process designed, implemented and
maintained by those charged with governance, management and other personnel;
2. To provide reasonable assurance about the achievement of an entity’s objectives with regard to: ◦ Reliability of financial reporting; ◦ Effectiveness and efficiency of operations; ◦ Safeguarding of assets; ◦ Compliance with applicable laws & regulations
Inherent Limitations: Management position to override controls;
Human error;
Circumvention through collusion;
Unusual transactions;
Nature of MIS (cost, skill etc.)
Letter of Weakness: A written communication to management made by the auditor about significant deficiencies in control system
A concept related to Organisational Independence; Employees perspective Essentials of Good Internal Check System: 1. Define authorities/ duties & responsibilities; 2. Division of responsibilities as per abilities; 3. Single work amongst different employees; 4. Regular job rotation; 5. Instruction manuals; 6. More usage of electronic system; 7. Various correspondence under proper authority; 8. Daily cash receipts for daily bank deposit Very Important Point = Everything under Authorisation(s)
These are the procedures which are performed to obtain understanding of entity’s environment and internal control;
Help in identifying and assessing risks of material misstatements at financial statements and/ or assertions levels;
However, they do not provide sufficient appropriate audit evidence to base the audit opinion (this means these procedures merely are indicators of presence of material risks)
Inquiry: 1. Those charged with Governance; 2. Internal Audit personnel; 3. Employees; 4. Legal Counsel; 5. Marketing & Sales personnel
Analytical Procedures (SA 520); Observation of entity’s operations, reports,
premises, etc.; Discussion with management and Obtaining
knowledge about the business
Sources of obtaining the Knowledge: 1. Previous experience with entity & industry; 2. Discussions with directors/ customers/ suppliers/
internal audit personnel/ legal advisors, etc.; 3. Visits to entity premises; 4. Industry or Entity publications, for example,
surveys, annual reports, etc.
Matters to be covered while obtaining knowledge of the business:
General Economic factors such as monetary and fiscal policy;
Industry factors such as technology, business risk, etc.;
Entity Factors such as: 1. Management and ownership; 2. Financial performance; 3. Regulatory requirements; 4. Business of the entity
Audit in CIS Environment/ EDP Audit; Documentation: Auditor should document 1. Discussions and significant decisions therein; 2. Key elements of understanding about entity
and its internal control environment; 3. Identified and assessed risk of material
misstatement; 4. Related controls for the risk identified
Audit Trail (i.e. tracing of sequence of transactions from beginning to end);
Visual Observation; Automatic execution of transactions; High Level Languages; Storage media vulnerability; Changes in programmes
EDP/ IT/ CIS Controls
General Controls Application Controls
Administrative Controls
System Development
Controls Procedural Controls
Ensure discipline in
routine operations and admin functions
Ensure the usage of updated
technology with
adequate people’s support
Clerical Controls
Programmed Controls
Ensure accurate and timely processing of
transactions
Input Processing Output
Black Box Approach
Input Processing Output
White Box Approach
Overall response include: Emphasizing the need to maintain professional
skepticism; 1. Assigning more experienced staff/ experts; 2. Incorporating unpredictability about further audit
procedures to be performed; 3. Widening the scope of audit 4. Changing the nature, timing and extent of audit
procedures
The nature timing and extent of planned audit procedures is a way of describing the contents of the audit program for an audit engagement.
Nature: The nature of a planned audit procedure refers to both the type of procedure and method used to gather the evidence.
Timing: The timing of a planned audit procedure refers to when the audit procedure is to be performed.
Audit procedures may be performed prior to balance date (e.g. during interim visits), on balance date or after balance date (e.g. during final visit).
Extent: The extent of planned audit procedures simply refers to the extent of the nature of the procedures.
For example, How many purchases invoices require
vouching? How many computations (e.g. quantity on hand
x unit cost) should be checked?
The internal audit function constitutes a separate component of internal control with the objective of determining whether other internal controls are well designed and properly evaluated;
To facilitate the accumulation of the information necessary for the proper review and evaluation of internal controls, the auditor can use one of the following to help him to know and assimilate and evaluate the same:
1. Narrative Record: a complete and exhaustive description of the system as found in operation by the auditor
2. Check List: a series of instructions or questions which a member of the auditing staff must follow to answer.
3. Internal Control Questionnaire: a comprehensive series of questions concerning internal controls. Most widely used
4. Flow Chart: a graphic presentation of each part of the company’s system of internal control.
Clause 4 (IV) : Internal Control System Commensurate with the size of the
company and nature of its business – Identify major weaknesses, if any.
Continuing failure to correct major weakness
Clause 4 (VII) : Internal Audit (Applicability??)
Commensurate with nature & size of business
1. Listed Company; 2. Other Companies having: Paid Up Capital (+) Reserves > Rs. 50 Lakhs
(as at the commencement of F.Y.); OR Past 3 yrs. Avg. Turnover > Rs. 5 Crores
Subjective concept and involves exercise of professional judgement;
Materiality can be applied both at planning level and performance level;
Judgement of materiality level helps in determining the nature, timing and extent of audit procedures
Benchmark = Percentage often applied as a starting point in determining materiality of Financial Statements (F.S.).;
Audit Risk vs. Audit Materiality = Inverse Relation Identification of Benchmark depends upon
the following factors: 1. F.S. elements (e.g. assets, liabilities, equity,
revenue, expense); 2. The purpose of evaluating financial performance; 3. Entity’s ownership and capital structure
Difference between:
Amounts, classification, presentation or disclosure of a reported F.S. item;
and
Amounts, classification, presentation or disclosure of a F.S. item as required
under applicable financial reporting framework
Misstatement can arise from error or fraud;
It also include those adjustments that in auditor’s opinion are necessary for True & Fair view;
The auditor shall accumulate misstatements identified during the audit, unless trivial;
Apply 320 (Revised);
Communicate and get corrected the misstatements;
Take written MR and do documentation
• when there is no doubt; Factual
• when differences are there on account of management estimates/ accounting policies vis-à-vis auditor’s judgement;
Judgemental
• when differences may arise due to sampling Projected
CAP RIDE: C = Compliance with regulatory and contractual
requirements; AP = Accounting Policies selection & application; R = Related parties transactions; I = Information in other documents accompanying
audited F.S. (like MDA Report, LR, etc.); D = Detailed analysis of F.S. (ratios etc.); E = Economic & Industry Conditions