Date post: | 08-Aug-2018 |
Category: |
Documents |
Upload: | thomashong313 |
View: | 218 times |
Download: | 0 times |
of 24
8/22/2019 ACCT3014 Lecture03 s12013 Upload
1/24
Business School
Auditing and Assurance
Audit Process
Audit Planning Procedures
Understanding the Company and
Assessing Business Risk
The University of SydneyBusiness School
WELCOME
ACCT3014 - Auditing and AssuranceSemester 1, 2013
Week 3 LecturePlanning the Audit
8/22/2019 ACCT3014 Lecture03 s12013 Upload
2/24
2
Lecture Outline
How does the Audit Process work? Why is Audit Planning crucial in the audit?
Why does the Auditor have to Understand the Client?
Why does the Auditor have to assess Business Risk?
8/22/2019 ACCT3014 Lecture03 s12013 Upload
3/24
Planning the Audit, the Steps
3
ASA 300 Planning an Audit of a Financial Reportprovidesthe guidelines for the auditor to follow:
8/22/2019 ACCT3014 Lecture03 s12013 Upload
4/24
Audit Process
Audit involves various stages
- Pre-engagement/Procedures covering acceptance of a new audit
- Planning, that is establishing an overall audit strategy-Developing an audit plan
- Evidence Collection and Evaluation (cov ered in L ecture 6)
- Opinion Forming and Reporting (covered in Lecture 12)
4
8/22/2019 ACCT3014 Lecture03 s12013 Upload
5/24
5
LEVELS OF RISK
ENGAGEMENT RISK (Audit Firm)
BUSINESS RISK (Client)
AUDIT RISK (IR / CR/ DR)
(Financial Report / Accounts / Assertion)
ENGAGEMENT RISK (Audit Firm)
BUSINESS RISK (Client)
AUDIT RISK (IR / CR/ DR)
(Financial Report / Accounts / Assertion)
Pre-engagement stage of Audit Process
Planning stage of Audit Process
8/22/2019 ACCT3014 Lecture03 s12013 Upload
6/24
Engagement Risk: Client Evaluation/Ethical &Legal Considerations
6
Client Evaluation
Ethical considerations
Legal considerations
Use of External Experts / other auditors
8/22/2019 ACCT3014 Lecture03 s12013 Upload
7/24
Introduction to Business RiskUnderstanding the Entity
7
To plan an audit, the auditor should obtain an
understanding of the entity and its environment, to
understand events, transactions and practices that may
have a significant effect on the financial statements
This understanding provides a framework for planning
an overall audit approach that responds to the unique
characteristics of the entity
8/22/2019 ACCT3014 Lecture03 s12013 Upload
8/24
ASA 315 - Identifying and Assessing the Risk of Material Misstatement
through Understanding the Entity and Its Environment
Risk assessm ent commences at a business level which inc ludes
potent ial business r isk aris ing from :
External factors (refer ASA 315.11(a) and A17-A22)
- industry (e.g. market and competition, cyclical/seasonalactivity, technological developments)
- regulatory environment (legislation and regulation;
applicable accounting framework and industry-specific
principles; taxation; government policies such as tariffs,trade restrictions; environmental requirements; and other
factors such as level of economic activity, interest risks,
inflation, FX fluctuation)
8
8/22/2019 ACCT3014 Lecture03 s12013 Upload
9/24
ASA 315 (cont.)
Nature of the entity (refer ASA 315.11(b) and A23-A27)- business operations such as nature of revenue sources,
products/services/markets, e-commerce involvement, geographic
dispersion, key customers/suppliers, employment issues, R & D, related
parties
- investments such as acquisitions/mergers/disposal of business activities,
capital investment
- financing including group structure, debt structure, use of derivative
instruments
- financial reporting such as accounting principles, revenue recognition,
accounting for fair value, FX issues, unusual or complex transactions
9
8/22/2019 ACCT3014 Lecture03 s12013 Upload
10/24
ASA 315 (cont.)
Nature of the entity (refer ASA 315.11(b) and A23-A27)- business operations such as nature of revenue sources,
products/services/markets, e-commerce involvement, geographic
dispersion, key customers/suppliers, employment issues, R & D, related
parties
- investments such as acquisitions/mergers/disposal of business activities,
capital investment
- financing including group structure, debt structure, use of derivative
instruments
- financial reporting such as accounting principles, revenue recognition,
accounting for fair value, FX issues, unusual or complex transactions
10
8/22/2019 ACCT3014 Lecture03 s12013 Upload
11/24
Auditors Measurement and Review of Financials
11
Such measures from an audit perspective would include:
- Key ratios and operating statistics
- Key performance indicators
- Employee performance measures- Industry trends
- Forecasts, budgets and variance analysis
- Analyst reports and credit rating reports
Analytical procedures involve a study and comparison of relationships
among data to identify expected or unexpected fluctuations and
other unusual items
Refer ASA 520 Analytical Procedures ...more in future Lecture
8/22/2019 ACCT3014 Lecture03 s12013 Upload
12/24
Information about the ClientsBusiness (refer to ASA 315.6-10 and A6-A14)
Visit premisesAnnual reports
Minutes of meetings
Internal meeting reports
Prior years audit work papers
Firm personnel who provide non audit services
Discussions with client management and staff
Policy and procedures manual
Trade journals and magazines
Economy in general
12
8/22/2019 ACCT3014 Lecture03 s12013 Upload
13/2413
The Auditors Business Risk Approach
Recent years have called for Auditors to better understand the Business Risks that the Client
is facing, and accordingly identify and respond to those business risks:
A business risk approach allows the auditor to:
Identify threats faced by the organisation
Recognises that most business risks will eventually have an effect on the
financial statements
Increase the chances of identifying risks ofmaterial misstatements in the financial reports
8/22/2019 ACCT3014 Lecture03 s12013 Upload
14/24
BR Categories
Financial risk- funds availability, constraints on credit, complexfinancing arrangements...
Operational risk-changes in supply chain, lack of competent personnel,changes in IT environment, changes in key management...
Compliance risk- environmental breaches, exposures to litigation,contingent liability exposure...
Refer ASA315 Appendix 2 for further examples
14
Business Risk Categories
8/22/2019 ACCT3014 Lecture03 s12013 Upload
15/2415
Business Risk Audit Procedures
Enquiries
- Management, staff, internal auditors, company
bankers, legal advisors
Analytical procedures
- Provide a broad indication of the likelihood of possible
errors
Observations and inspections
- Inspection of manuals, visiting business premises,observing procedures taking place
See ASA 315 sections 5-10 for further information
8/22/2019 ACCT3014 Lecture03 s12013 Upload
16/24
Audit Risk (ASA 200, para. 13(c)
The risk that the auditor expresses an inappropriate audit opinionwhen the financial report is materially misstated (i.e. the auditor
does not detect/report such misstatement).
A Key Issue Would the key financial account be over or
understated as a result of the Business Risk identified.
Note that achieved audit risk needs to be kept to an acceptably low
level (ASA 500.A6), i.e. reasonable/high level of assurance provided
to the users.In setting the desired audit risk, auditors seek an appropriate
balance between the costs of an incorrect audit opinion and the
costs of performing the additional audit procedures necessary to
reduce audit risk
16
8/22/2019 ACCT3014 Lecture03 s12013 Upload
17/24
Audit Risk and its Components
Control Risk (CR)
The risk of an assertion being materially misstatedbecause controls will not prevent, or detect and
correct, errors on a timely basis. CR is the impact of the
presence or absence of ef fective internal controldesigned to mitigate entity's business risks.
Inherent Risk (IR)
The susceptibility of an assertion to materialmisstatement, assuming there are no related controls. IR
factors are generally business risks (BR) affecting a
specific account assertion.
Overall level(i.e. the risks that affect
the financial report as awhole)
Risk at the assertion level has two components
Audit Risk
Audit risk (AR) is a function of:
Assertion levelfor classes of
transactions, accountbalances and
disclosures
Must be assessed at two levels
The risk of material misstatement of
the financial report
The risk that the auditor will not
detect the material misstatement(Detection Risk (DR))
Reduced by proper plann ing,
assignment of staff, professional
scepticism and supervision and
review
17
8/22/2019 ACCT3014 Lecture03 s12013 Upload
18/24
Audit Risk and its Components
18
Inh erent r isk (ASA 200)Is the possibility that a material misstatement could occur in an
assertion, either individually or when aggregated with other
misstatements, assuming there are no related controls
Inherent risk exists independently of the audit of financial
statements and thus auditors cannot change the actual level ofinherent risk
Contro l r isk (ASA 200)
Is the risk that a material misstatement could occur in an assertion,
either individually or when aggregated with other misstatements,
and not be prevented, detected, or corrected on a timely basis bythe entitys internal control structure?
Control risk is a function of the effectiveness of the internal control
structure as good controls reduce risk
8/22/2019 ACCT3014 Lecture03 s12013 Upload
19/24
Audit Risk and its Components
19
Detectio n ri sk (ASA 200) Is the risk that an auditors substantive procedures will not detect
any material misstatements that exist in an assertion, eitherindividually or when aggregated with other misstatements
a function of the effectiveness of substantive procedures and theirapplication by an auditor and thus is fundamental to the amount ofaudit work undertaken
actual level of detection risk is controllable by the auditor through:
- appropriate planning, direction, supervision and review
- variation in the nature, timing and extent of audit procedures
- effective performance of the audit procedures and evaluation oftheir results
8/22/2019 ACCT3014 Lecture03 s12013 Upload
20/24
Audit Risk Components Relationship?
20
An auditors objective is to achieve an acceptably lowlevel of audit risk, as is practicable
Recognising the cost of performing audit procedures,
there is an inverse relationship between the assessed
levels of inherent and control risks and the level ofdetection risk that the auditor can accept
Auditors, although unable to control inherent risk (IR)
and control risk (CR), can assess these risks and
design substantive procedures to produce anacceptable level of detection risk, thus reducing the
audit risk to an acceptable level
Audit risk model: AR = IR CR DR
choice of audit procedures important!
8/22/2019 ACCT3014 Lecture03 s12013 Upload
21/24
The Audit Process
DETERMINE
RESIDUAL
AUDIT RISK
RESPOND TO
AUDIT RISKASAs 315, 330, 500
ASSESS CLIENTCONTROLS
ASA315
UNDERSTAND THE BUSINESS
ASSESS BUSINESS RISKASA315
Including the
likelihood of fraud
(ASA 240) and
non-compliance
with laws and
regulations(ASA 250)
At financial statement level/
account assertion level
(AR = fn IR.CR.DR per ASA 200)
Respond to audit risk by linking risks to specific
procedures that address the risk at the account and
assertion level after considering compensating
internal controls21
External Factors (industry, regulatory, economic)
Internal Factors (nature of the entity, entitys objectives and strategies)
8/22/2019 ACCT3014 Lecture03 s12013 Upload
22/24
Lecture Discussion Question
(a) Explain why it is important to read the board minutes early in theengagement.
(b) Identify the types of information that you would expect to be
documented in the directors' board minutes that are likely to be
relevant to the auditor.
Discuss how this information will impact on business risk evaluation
and audit plan.
22
8/22/2019 ACCT3014 Lecture03 s12013 Upload
23/24
23
Deloitte Audit Plan sample
http://www.deloitte.com/view/en_LU/lu/industries/psf/psf-service-offering-along-development/external-audit/index.htm
8/22/2019 ACCT3014 Lecture03 s12013 Upload
24/24
What's on Next Week
More on Business Risk Assessment Introduction to the term Assertions
Why is the Auditor interested in Internal Controls?
What are the Components of Internal Controls?
Which Internal Controls are relevant to the Audit linking to the conceptassertions?
As an introduction to Internal Controls please consider:
1. A control is any action taken by management, the board, and other
parties to manage risk and increase the likelihood that establishedobjectives and goals will be achieved.
2. Management plans, organizes, and directs the performance of
sufficient actions to provide reasonable assurance that objectives
and goals will be achieved.