risk assessment and the governmental audit
Post on 31-Jan-2016
Embed Size (px)
DESCRIPTIONRisk Assessment and the Governmental Audit. Presented to:Connecticut Society of CPA’s Date:May 14, 2008 Presented by:Christian J. Rogers, CPA, Shareholder. Today’s Agenda. Brief discussion of each of the new risk assessment standards (“Risk Assessment Suite”), SAS’s 104 - 111 - PowerPoint PPT Presentation
Risk Assessment and the Governmental AuditPresented to:Connecticut Society of CPAsDate:May 14, 2008Presented by:Christian J. Rogers, CPA, Shareholder
Todays AgendaBrief discussion of each of the new risk assessment standards (Risk Assessment Suite), SASs 104 - 111Purpose and objectives of the new standardsMajor changes to current practiceAssessing risks of material misstatementProcedures to perform in response to assessed risksAudit documentationWrap-upQuestions
Risk Assessment SuiteSAS No. 104, Amendment to SAS No. 1 (Codification of Auditing Standards and Procedures)Expands the definition of reasonable assurance (as cited in the Auditors Opinion) as a high level of assurance.
Risk Assessment SuiteSAS No. 105, Amendment to SAS 95, Generally Accepted Auditing StandardsReflects new usage of terms required by SAS No. 102.
Second standard of fieldwork modified as follows:Expands scope from internal control to the entity and its environment, including its internal controlExtends purpose from planning the audit to assessing the risk of material misstatement of the financial statements whether due to error or fraudTests to be performed is replaced with further audit procedures
Risk Assessment SuiteSAS 105 (Continued)Third standard of fieldwork is modified as follows:Eliminates reference to specific audit procedures (inspection, observation, inquiries and confirmation); reference is to audit proceduresCompetent evidential matter is replaced with Appropriate audit evidenceAppropriate is defined in SAS 106 (para. 6)
Risk Assessment SuiteSAS No. 106, Audit Evidence (Amends SAS 31, Evidential Matter)Provides guidance regarding concepts underlying the third standard of fieldwork:The auditor must obtain sufficient appropriate audit evidence by performing audit procedures to afford a reasonable basis for an opinion regarding the financial statements under audit.
Risk Assessment SuiteSAS No. 106, Audit Evidence (Continued)Defines audit evidenceDefines and discusses relevant assertions and their use in risk assessment and designing appropriate further audit proceduresDiscusses qualitative aspects in determining the sufficiency and appropriateness of audit evidenceDescribes various audit procedures and discusses purposes for which they may be performed
Risk Assessment SuiteSAS No. 107, Audit Risk and Materiality (Amends SAS 47) Provides guidance on auditors consideration of AR and materiality in a financial statement audit in accordance with GAAS
Auditor must consider audit risk and must determine materiality for the financial statements as a whole to:Determine extent and nature of risk assessment proceduresIdentify and assess the risks of material misstatementDetermine the nature, timing and extent of further audit proceduresEvaluate whether the financial statements (taken as a whole) are presented, in all material respects, in conformity with GAAP
AR should be considered at the:Overall financial statement levelRelevant assertions related to individual account balances, classes of transactions and disclosure level
Risk Assessment SuiteSAS 107 (Continued)AR at the financial statement level often relate to control environmentFraudCompetence of managementRelated party transactionsAR at the individual account balance, class of transactions and disclosure level consists of 2 components:Combined riskInherent risk (IR)Control risk (CR)Detection risk (DR)
Risk Assessment SuiteSAS No. 107 (Continued)Determination of materiality is a matter of professional judgmentBased on needs of users of financial statementsMateriality involves quantitative and qualitative characteristicsThe auditor must accumulate and respond to both known and likely misstatements
Risk Assessment SuiteSAS 107 (Continued)Auditor must consider the effect (both individually and in the aggregate) of misstatements (known and likely) not corrected by the clientAuditor should reassess materiality that was determined during planningAdditional procedures may need to be applied to support opinion
Risk Assessment SuiteSAS 108, Planning and Supervision (amends SAS 1 and SAS 22)The first standard of fieldwork states:The auditor must adequately plan the work and must properly supervise any assistantsThis statement establishes standards and provides guidance when conducting a GAAS auditPlanning and supervision is a continuous process
Risk Assessment SuiteSAS 108 (Continued)Addresses the following:Appointment of the independent auditorEstablishing written understanding with clientPreliminary engagement activitiesOverall audit strategyAudit planExtent of involvement of specialistsCommunication with those CWG and managementAdditional considerations in initial audits
Risk Assessment SuiteSAS 109, Understanding the Entity and Its Environment and Assessing Risks of Material Misstatement (amends, along with SAS 110, SAS 55)This statement establishes standards and provides guidance about implementing the 2nd standard of fieldworkThe auditor must obtain a sufficient understanding of the entity and its environment, including internal control, to assess the risk of material misstatement of the financial statements whether due to error or fraud, and to design the nature, timing and extent of further audit procedures
Risk Assessment SuiteSAS 109 (Continued)In summary, SAS 109 addressesRisk assessment procedures and sources of information about the entity and its environment, including ICUnderstanding the entity and its environment, including ICAssessing the risks of material misstatementDocumentation
Risk Assessment SuiteSAS 109 (Continued)Areas of significant risk require special attentionOften relate to non-routine transactions and judgmental mattersWe will discuss this standard in greater detail in a little while
Risk Assessment SuiteSAS 110, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (amends, along with SAS 109, SAS 55)Provides standards and guidance regarding concepts underlying the third standard of fieldwork, which states:The auditor must obtain sufficient appropriate audit evidence by performing audit procedures to afford a reasonable basis for an opinion regarding the financial statements under audit.
Risk Assessment SuiteSAS 110 (Continued)Determination of overall responsesDesigning and performing further audit proceduresEvaluating whether the risk assessments remain appropriate and to conclude whether sufficient appropriate audit evidence has been obtainedDocumentationWe will discuss this standard in greater detail in a little while
Risk Assessment SuiteSAS 111, Amendment to SAS 39, Audit SamplingProvides enhanced guidance on tolerable misstatement. Generally, misstatement in an account should be less than materiality to allow for aggregation in final assessment.
Purpose and ObjectivesThe Purpose of the New Standards
To enhance the auditors performance and, as a result, increase the effectiveness of audits
Purpose and ObjectivesThe Objectives of the New Standards
Requiring a more in-depth understanding of the entity and its environment, including its internal control (IC), to identify the risks of material misstatement and what the entity is doing to mitigate themRequiring a more rigorous assessment of the risks of material misstatement based on our understanding of the entity and its ICImproving linkage between the assessed risks and the nature, timing and extent of audit procedures performed in response to those risks
Major Changes to Current PracticeMajor ChangesOne size does not fit allProcedures/audit programs must be tailoredRisk assessment at the assertion levelDefault to maximum control risk is no longer permittedPotential for higher level (more experienced) staff required during planning and risk assessment stages (dependent upon your current process)
Assessing Risks of Material Misstatement ( RMM)Where do we begin?Step 1 - Risk assessment procedures and sources of information about the entity and its environment, including ICStep 2 Understanding the entity and its environment, including its IC
Lets get into the details
Assessing RMMRisk Assessment ProceduresInquiries of management and othersAnalytical proceduresObservation and inspectionDiscussion among audit teamOther considerations
Lets discuss each of these in further detail
Assessing RMMInquiries of management and othersThose charged with governanceInternal auditorsEmployees who initiate, authorize, process or record complex or unusual transactionsIn-house legal counselSales or production personnelExternal partiesInvestment managers and financial advisorsAttorneysRating agenciesRegulatory bodies
Assessing RMMAnalytical ProceduresSAS No. 56 provides guidanceAssist in identifying the existence of unusual:Transactions or eventsAmountsRatiosTrends
Assessing RMMAnalytical Procedures (Continued)Expectations should be developed, for example:Expected change as a result of budgetExpected change as a result of new revenue streamResults is usually only a broad indication about whether or not a MM existsConsider results with other information gathered
Assessing RMMObservation and InspectionMay support inquiries of management and other and provide additional informationObservation of activities and operationInspection of records and internal control manualsReading reports prepared by management:Interim financial statementsBudget documents
Assessing RMMObservation and Inspection (Continued)Reading reports (i.e., minutes to meetings) prepared by those charged with governanceInternal audit reportsFacility sit