ACCT3014 Lecture03 s12013 Upload

8/22/2019 ACCT3014 Lecture03 s12013 Upload

1/24

Business School

Auditing and Assurance

Audit Process

Audit Planning Procedures

Understanding the Company and

Assessing Business Risk

The University of SydneyBusiness School

WELCOME

ACCT3014 - Auditing and AssuranceSemester 1, 2013

Week 3 LecturePlanning the Audit


2/24

2

Lecture Outline

How does the Audit Process work? Why is Audit Planning crucial in the audit?

Why does the Auditor have to Understand the Client?

Why does the Auditor have to assess Business Risk?


3/24

Planning the Audit, the Steps

3

ASA 300 Planning an Audit of a Financial Reportprovidesthe guidelines for the auditor to follow:


4/24

Audit Process

Audit involves various stages

- Pre-engagement/Procedures covering acceptance of a new audit

- Planning, that is establishing an overall audit strategy-Developing an audit plan

- Evidence Collection and Evaluation (cov ered in L ecture 6)

- Opinion Forming and Reporting (covered in Lecture 12)

4


5/24

5

LEVELS OF RISK

ENGAGEMENT RISK (Audit Firm)

BUSINESS RISK (Client)

AUDIT RISK (IR / CR/ DR)

(Financial Report / Accounts / Assertion)

ENGAGEMENT RISK (Audit Firm)

BUSINESS RISK (Client)

AUDIT RISK (IR / CR/ DR)

(Financial Report / Accounts / Assertion)

Pre-engagement stage of Audit Process

Planning stage of Audit Process


6/24

Engagement Risk: Client Evaluation/Ethical &Legal Considerations

6

Client Evaluation

Ethical considerations

Legal considerations

Use of External Experts / other auditors


7/24

Introduction to Business RiskUnderstanding the Entity

7

To plan an audit, the auditor should obtain an

understanding of the entity and its environment, to

understand events, transactions and practices that may

have a significant effect on the financial statements

This understanding provides a framework for planning

an overall audit approach that responds to the unique

characteristics of the entity


8/24

ASA 315 - Identifying and Assessing the Risk of Material Misstatement

through Understanding the Entity and Its Environment

Risk assessm ent commences at a business level which inc ludes

potent ial business r isk aris ing from :

External factors (refer ASA 315.11(a) and A17-A22)

- industry (e.g. market and competition, cyclical/seasonalactivity, technological developments)

- regulatory environment (legislation and regulation;

applicable accounting framework and industry-specific

principles; taxation; government policies such as tariffs,trade restrictions; environmental requirements; and other

factors such as level of economic activity, interest risks,

inflation, FX fluctuation)

8


9/24

ASA 315 (cont.)

Nature of the entity (refer ASA 315.11(b) and A23-A27)- business operations such as nature of revenue sources,

products/services/markets, e-commerce involvement, geographic

dispersion, key customers/suppliers, employment issues, R & D, related

parties

- investments such as acquisitions/mergers/disposal of business activities,

capital investment

- financing including group structure, debt structure, use of derivative

instruments

- financial reporting such as accounting principles, revenue recognition,

accounting for fair value, FX issues, unusual or complex transactions

9


10/24

ASA 315 (cont.)

Nature of the entity (refer ASA 315.11(b) and A23-A27)- business operations such as nature of revenue sources,

products/services/markets, e-commerce involvement, geographic

dispersion, key customers/suppliers, employment issues, R & D, related

parties

- investments such as acquisitions/mergers/disposal of business activities,

capital investment

- financing including group structure, debt structure, use of derivative

instruments

- financial reporting such as accounting principles, revenue recognition,

accounting for fair value, FX issues, unusual or complex transactions

10


11/24

Auditors Measurement and Review of Financials

11

Such measures from an audit perspective would include:

- Key ratios and operating statistics

- Key performance indicators

- Employee performance measures- Industry trends

- Forecasts, budgets and variance analysis

- Analyst reports and credit rating reports

Analytical procedures involve a study and comparison of relationships

among data to identify expected or unexpected fluctuations and

other unusual items

Refer ASA 520 Analytical Procedures ...more in future Lecture


12/24

Information about the ClientsBusiness (refer to ASA 315.6-10 and A6-A14)

Visit premisesAnnual reports

Minutes of meetings

Internal meeting reports

Prior years audit work papers

Firm personnel who provide non audit services

Discussions with client management and staff

Policy and procedures manual

Trade journals and magazines

Economy in general

12


13/2413

The Auditors Business Risk Approach

Recent years have called for Auditors to better understand the Business Risks that the Client

is facing, and accordingly identify and respond to those business risks:

A business risk approach allows the auditor to:

Identify threats faced by the organisation

Recognises that most business risks will eventually have an effect on the

financial statements

Increase the chances of identifying risks ofmaterial misstatements in the financial reports


14/24

BR Categories

Financial risk- funds availability, constraints on credit, complexfinancing arrangements...

Operational risk-changes in supply chain, lack of competent personnel,changes in IT environment, changes in key management...

Compliance risk- environmental breaches, exposures to litigation,contingent liability exposure...

Refer ASA315 Appendix 2 for further examples

14

Business Risk Categories


15/2415

Business Risk Audit Procedures

Enquiries

- Management, staff, internal auditors, company

bankers, legal advisors

Analytical procedures

- Provide a broad indication of the likelihood of possible

errors

Observations and inspections

- Inspection of manuals, visiting business premises,observing procedures taking place

See ASA 315 sections 5-10 for further information


16/24

Audit Risk (ASA 200, para. 13(c)

The risk that the auditor expresses an inappropriate audit opinionwhen the financial report is materially misstated (i.e. the auditor

does not detect/report such misstatement).

A Key Issue Would the key financial account be over or

understated as a result of the Business Risk identified.

Note that achieved audit risk needs to be kept to an acceptably low

level (ASA 500.A6), i.e. reasonable/high level of assurance provided

to the users.In setting the desired audit risk, auditors seek an appropriate

balance between the costs of an incorrect audit opinion and the

costs of performing the additional audit procedures necessary to

reduce audit risk

16


17/24

Audit Risk and its Components

Control Risk (CR)

The risk of an assertion being materially misstatedbecause controls will not prevent, or detect and

correct, errors on a timely basis. CR is the impact of the

presence or absence of ef fective internal controldesigned to mitigate entity's business risks.

Inherent Risk (IR)

The susceptibility of an assertion to materialmisstatement, assuming there are no related controls. IR

factors are generally business risks (BR) affecting a

specific account assertion.

Overall level(i.e. the risks that affect

the financial report as awhole)

Risk at the assertion level has two components

Audit Risk

Audit risk (AR) is a function of:

Assertion levelfor classes of

transactions, accountbalances and

disclosures

Must be assessed at two levels

The risk of material misstatement of

the financial report

The risk that the auditor will not

detect the material misstatement(Detection Risk (DR))

Reduced by proper plann ing,

assignment of staff, professional

scepticism and supervision and

review

17


18/24


18

Inh erent r isk (ASA 200)Is the possibility that a material misstatement could occur in an

assertion, either individually or when aggregated with other

misstatements, assuming there are no related controls

Inherent risk exists independently of the audit of financial

statements and thus auditors cannot change the actual level ofinherent risk

Contro l r isk (ASA 200)

Is the risk that a material misstatement could occur in an assertion,

either individually or when aggregated with other misstatements,

and not be prevented, detected, or corrected on a timely basis bythe entitys internal control structure?

Control risk is a function of the effectiveness of the internal control

structure as good controls reduce risk


19/24


19

Detectio n ri sk (ASA 200) Is the risk that an auditors substantive procedures will not detect

any material misstatements that exist in an assertion, eitherindividually or when aggregated with other misstatements

a function of the effectiveness of substantive procedures and theirapplication by an auditor and thus is fundamental to the amount ofaudit work undertaken

actual level of detection risk is controllable by the auditor through:

- appropriate planning, direction, supervision and review

- variation in the nature, timing and extent of audit procedures

- effective performance of the audit procedures and evaluation oftheir results


20/24

Audit Risk Components Relationship?

20

An auditors objective is to achieve an acceptably lowlevel of audit risk, as is practicable

Recognising the cost of performing audit procedures,

there is an inverse relationship between the assessed

levels of inherent and control risks and the level ofdetection risk that the auditor can accept

Auditors, although unable to control inherent risk (IR)

and control risk (CR), can assess these risks and

design substantive procedures to produce anacceptable level of detection risk, thus reducing the

audit risk to an acceptable level

Audit risk model: AR = IR CR DR

choice of audit procedures important!


21/24

The Audit Process

DETERMINE

RESIDUAL

AUDIT RISK

RESPOND TO

AUDIT RISKASAs 315, 330, 500

ASSESS CLIENTCONTROLS

ASA315

UNDERSTAND THE BUSINESS

ASSESS BUSINESS RISKASA315

Including the

likelihood of fraud

(ASA 240) and

non-compliance

with laws and

regulations(ASA 250)

At financial statement level/

account assertion level

(AR = fn IR.CR.DR per ASA 200)

Respond to audit risk by linking risks to specific

procedures that address the risk at the account and

assertion level after considering compensating

internal controls21

External Factors (industry, regulatory, economic)

Internal Factors (nature of the entity, entitys objectives and strategies)


22/24

Lecture Discussion Question

(a) Explain why it is important to read the board minutes early in theengagement.

(b) Identify the types of information that you would expect to be

documented in the directors' board minutes that are likely to be

relevant to the auditor.

Discuss how this information will impact on business risk evaluation

and audit plan.

22


23/24

23

Deloitte Audit Plan sample

http://www.deloitte.com/view/en_LU/lu/industries/psf/psf-service-offering-along-development/external-audit/index.htm


24/24

What's on Next Week

More on Business Risk Assessment Introduction to the term Assertions

Why is the Auditor interested in Internal Controls?

What are the Components of Internal Controls?

Which Internal Controls are relevant to the Audit linking to the conceptassertions?

As an introduction to Internal Controls please consider:

1. A control is any action taken by management, the board, and other

parties to manage risk and increase the likelihood that establishedobjectives and goals will be achieved.

2. Management plans, organizes, and directs the performance of

sufficient actions to provide reasonable assurance that objectives

and goals will be achieved.

Date post:	08-Aug-2018
Category:	Documents
Upload:	thomashong313
View:	218 times
Download:	0 times

ACCT3014 Lecture03 s12013 Upload

Documents