SYLLABUS AREA B- Planning Flashcards
What is the purpose of planning? What are its benefits?
Purpose:
The objective of the auditor is to plan the audit so that it will be performed in an effective manner.
Taylor Swift once said if you fail to plan you plan to fail.
Audits are potentially complex, risky and expensive processes.
Benefits:
Planning the audit ensures that the risk of performing a poor quality audit and ultimately issuing an inappropriate audit Opinion is reduced to an acceptable level.
The benefits:
• appropriate attention is given to important areas of the audit.
• Identifies and resolves potential problems on a timely basis.
• Organises and manages the audit so that it is performed in an effective and efficient manner.
• Selects team members with appropriate capabilities and competencies.
• facilitates Direction and supervision of the team and review of their work.
• Effectively coordinates the work of others, such as experts and internal audit.
Why must the audit be conducted in accordance with ISAs?
Mnemonic: RM,CQ
In order to achieve the overall objectives of the auditor, the audit must be conducted in accordance with ISAs.
Conducting the audit in accordance with ISAs:
• Ensures that the auditor is fulfilling all of their responsibilities.
• Allows a user to have as much confidence in one auditor’s opinion as another’s and therefore to rely on one audited set of financial statements to the same extent that they rely on another.
• Ensures that the quality of audits internationally, is maintained to a high standard (thereby upholding the reputation of the profession).
• Provides a measure to assess the standard of an auditor’s work (necessary when determining their suitability as an authorised practitioner).
What is professional judgement?
Use of knowledge experience training when making subjective decisions
What happens if a risk is uncovered in a later stage of the audit?
PMA- procedures must be adapted.
Although risk assessment is a fundamental element of the planning process, risks can be uncovered at any stage of the audit and procedures must be adapted in light of revelations that indicate further risks of material misstatement. It is, ultimately, the responsibility of the most senior reviewer (usually the engagement partner) to confirm that the risk of material misstatement has been reduced to an acceptable level.
What does the audit planning process look like?
Planning consists of a number of elements. They can be summarised as:
• Preliminary engagement activities:
– Perform procedures regarding the continuance of the client engagement.
– Evaluating compliance with ethical requirements.
– Ensuring there are no misunderstandings with the client as to the terms of the engagement.
• Planning activities:
– Developing the audit strategy
– Developing an audit plan.
The audit strategy and the audit plan must be documented in the audit working papers. Any updates to them must also be documented.
What are the contents of the audit strategy document?
The audit strategy sets the scope, timing and direction of the audit. (STD)
Main contents are:
1) Nature of resources (team members, budget, experts)
-Extent of resources ( how many team members, how much work each member will do)
2)reporting objectives, timing and nature of communication (timetable for reporting of both interim and final audit, organising meeting with client to discuss audit issues, timing of audit team meetings and review of work to be performed)
3)important factors affecting audit
Materiality
Professional skepticism
4) preliminary activites and knowledge from previous engagements
Management attitude, volume of transactions, any business developments.
-when to deploy these resources
HOW
-How the resources are managed, directed and supervised, including the timings of meetings, debriefs and reviews.
What is the audit plan and what does it include?
Once the audit strategy has been established, the next stage is to develop a specific, detailed plan to address how the various matters identified in the overall strategy will be applied.
The strategy sets the overall approach to the audit, the plan fills in the operational details of how the strategy is to be achieved.
The audit plan should include specific descriptions of:
• The nature, timing and extent of risk assessment procedures.
• The nature, timing and extent of further audit procedures, including:
– What audit procedures are to be carried out
– Who should do them
– How much work should be done (sample sizes, etc.)
– When the work should be done (interim vs. final)
• Any other procedures necessary to conform to ISAs.
What is the difference between audit strategy and audit plan?
Audit strategy sets the scope, direction of audit and determines its development.
Audit plan has more level of detail and shows how the overall strategy will be implemented
What is interim and final audit?
interim audit and final audit are two stages of the same audit. The audit work is done in two stages, some in mid year and some work at year end.
For an interim audit to be justified the client normally needs to be of a sufficient size because this may increase costs. However, an interim audit should improve risk assessment and make final procedures more efficient.
What is the impact of interim audit work on the final audit?
• If the controls tested at the interim stage provided evidence that control risk is low, fewer substantive procedures can be performed.
• If substantive procedures were performed at the interim stage, fewer procedures will be required at the final audit in general.
• As fewer procedures are being performed, the final audit will require less time to perform.
• The auditor’s report can be signed closer to the year-end resulting in more timely reporting to shareholders.
• If the interim audit identified areas of increased risk, for example, controls were found not to be working effectively, increased substantive procedures will be required at the final audit.
What is the difference in timing of interim and final audit?
Interim audit: completed part way through a client’s accounting year.
Early enough not to interfere with year-end procedures at the client and to give adequate warning of specific problems that need to be addressed in planning the final audit.
Late enough to enable sufficient work to be done to ease the pressure on the final audit.
Final audit:
Takes place after the year-end at a time agreed with the client which enables them to file their financial statements with the relevant authorities by the required deadline.
Generally a client would not want the auditor to be performing the audit at the year-end as this will cause disruption for the client’s year- end procedures.
What is the purpose of interim and final audit?
interim:
Allows the auditor to spread out their procedures and enables more effective planning for the final stage of the audit.
Useful when there is increased detection risk due to a tight reporting deadline.
Final :
To obtain sufficient appropriate evidence in respect of the financial statements to enable the auditor’s report to be issued.
The auditor’s report will be issued once the final audit complete and this signifies the end of the audit.
What type of works is perform in an interim audit?
• Documenting systems
• Evaluating controls.
Additional activities that can be performed include:
• Test specific and complete material
transactions, e.g. purchasing new non-current assets
• Test transactions such as sales,
purchases and payroll for the year to date
• Assess risks that will impact work
conducted at the final audit
• Attend perpetual inventory counts.
What type of work is performed in a final audit?
• Statement of financial position balances which will only be known at the year-end.
• Transaction testing for transactions that have occurred since the interim audit took place.
• Year-end journals which may include adjustments to the transactions tested at the interim audit.
• Obtaining evidence that the controls tested at the interim audit have continued to operate during the period since the interim audit took place.
• Completion activities such as the going
concern and subsequent events reviews, overall review of the financial statements and communication of misstatements with management and those charged with governance.
Define fraud
Fraud is an intentional act by one or more individuals among management, those charged with governance, employees or third parties, involving the use of deception to obtain an unjust or illegal advantage.
What are the two types of fraud?
Fraud can be split into two types:
• Fraudulent financial reporting – deliberately misstating the financial statements to make the company’s performance or position look better/worse than it actually is.
• Misappropriation – the theft of a company’s assets such as cash or inventory.
What is an error?
An error can be defined as an unintentional misstatement in financial statements, including the omission of amounts or disclosures, such as the following:
• A mistake in gathering and processing data from which financial statements are prepared.
• An incorrect accounting estimate arising from oversight or a misinterpretation of facts.
• A mistake in the application of accounting principles relating to measurement, recognition, classification, presentation or disclosure.
What is a director’s responsibility in respect to fraud and how can they fulfil it?
The primary responsibility for the prevention and detection of fraud rests with those charged with governance and the management of an entity. This is achieved by:
•Implementing an effective system of internal control, reducing opportunities for fraud to take place and increasing the likelihood of detection (and punishment)
-Creating a culture of honesty, ethical behaviour, and active oversight by those charged with governance.
The directors should be aware of the potential for fraud and this should feature as an element of their risk assessment and corporate governance procedures.
The audit committee should review these procedures to ensure that they are in place and working effectively.
This will normally be done in conjunction with the internal auditors.
How can internal auditors help detect fraud?
Internal auditors can help management fulfil their responsibilities in respect of fraud and error. Typical functions the internal auditor can perform include:
• Testing the effectiveness of the internal controls at preventing and detecting fraud and error and provide recommendations for improvements to the controls.
• Performing fraud investigations to identify:
– how the fraud was committed
– the extent of the fraud
– provide recommendations on how to prevent the fraud from happening again.
• Performing surprise asset counts to identify misappropriation.
The presence of an internal audit department may act as a deterrent to fraud in
itself as there is a greater chance of being discovered
What are the factors that affect the auditors ability to detect fraud?
The ability to detect fraud depends on the skill of the perpetrator, collusion, relative size of amounts manipulated, and the seniority of the people involved. [ISA 240, 6]
What are the two main responsibilities of the external auditor in respect to fraud?
1) Assess the risk of material misstatement due to fraud
2) Respond to the assessed risks.
How should an auditor assess risk of fraud?
The auditor should:
• Obtain reasonable assurance that the financial statements are free from material misstatement, whether caused by fraud or error.
• Apply professional scepticism and remain alert to the possibility that fraud could take place.
This means that the auditor must recognise the possibility that a material misstatement due to fraud could occur, regardless of the auditor’s prior experience of the client’s integrity and honesty.
• Consider the potential for management override of controls and recognise that audit procedures that are effective for detecting error may not be effective for detecting fraud.
This can be achieved by performing the following procedures:
• Discuss the susceptibility of the client’s financial statements to material misstatement due to fraud with the engagement team.
– Consider any incentives to commit fraud such as profit related bonuses or applications for finance.
– Opportunities to commit fraud such as ineffective internal controls.
– Management’s attitude e.g. disputes with the auditor over auditing matters or failure to remedy known deficiencies.
• Enquire of management about their processes for identifying and responding to the risk of fraud.
• Enquire of management, internal auditors and those charged with governance if they are aware of any actual or suspected fraudulent activity.
• Consideration of relationships identified during analytical procedures.
How should auditor respond to assessed risks?
The following procedures must be performed:
•
Review journal entries made to identify manipulation of figures recorded or unauthorised journal adjustments:
– – –
Enquire of those involved in financial reporting about unusual activity relating to adjustments.
Select journal entries and adjustments made at the end of the reporting period.
Consider the need to test journal entries throughout the period. [ISA 240, 32a]
• Review management estimates for evidence of bias:
– Evaluate the reasonableness of judgments and whether they indicate
any bias on behalf of management.
– Perform a retrospective review of management judgments reflected in the prior year.
[ISA 240, 32b]
• Review transactions outside the normal course of business, or transactions which appear unusual and assess whether they are indicative of fraudulent financial reporting.
[ISA 240, 32c]
• Obtain written representation from management and those charged with governance that they:
– Acknowledge their responsibility for internal controls to prevent and detect fraud.
– Have disclosed to the auditor the results of management’s fraud risk assessment.
– Have disclosed to the auditor any known or suspected frauds.
– Have disclosed to the auditor any allegations of fraud affecting the entity’s financial statements.
[ISA 240, 39]
There is an unavoidable risk that some material misstatements may not be detected even if properly planned in accordance with ISAs as fraud is likely to be concealed. [ISA 240, 5]
The ability to detect fraud depends on the skill of the perpetrator, collusion, relative size of amounts manipulated, and the seniority of the people involved. [ISA 240, 6]
How is the auditor supposed to report fraud and error?
• If the auditor identifies a fraud they must communicate the matter on a timely basis to the appropriate level of management (i.e. those with the primary responsibility for prevention and detection of fraud). [ISA 240, 40]
• If the suspected fraud involves management the auditor must communicate the matter to those charged with governance. If the auditor has doubts about the integrity of those charged with governance they should seek legal advice regarding an appropriate course of action.
[ISA 240, 41]
• In addition to these responsibilities the auditor must also consider whether they have a responsibility to report the occurrence of a suspicion to a party outside the entity. Whilst the auditor does have an ethical duty to maintain confidentiality, it is likely that any legal responsibility will take precedence. In these circumstances it is advisable to seek legal advice. [ISA 240, 43]
• If the fraud has a material impact on the financial statements the auditor’s report will be modified. When the auditor’s report is modified, the auditor will explain why it has been modified and this will make the shareholders aware of the fraud.
