Lecture 5 - Main Audit Concepts and Planning The Audit
Lecture 5 - Main Audit Concepts and Planning The Audit
Lecture 5 - Main Audit Concepts and Planning The Audit
1
Learning objectives
After studying this lecture, students should be able to:
State what the general objective is in planning an audit
Give the standard planning procedures.
Understand the knowledge of a client’s business required to plan the audit.
Discuss the relevant aspects of understanding the entity and its environment
Describe what is done during initial interviews, discussions and site visits
with the client
Know how legal obligations of the client are investigated
Identify the steps in the strategy-oriented framework for understanding the
entity.
List the different types of risk that auditors must assess in planning
Define each type of risk
2
Learning objectives
After studying this lecture, students should be able to:
Know the auditor’s definition of ‘materiality’
Illustrate the conditions that determine materiality.
Understand the difference between financial statement fraud and
misappropriation of assets.
Discuss the ‘fraud triangle’ factors that may lead to fraud.
Identify responses to fraud assessment.
Grasp the role of the auditor’s expert in the audit.
Be acquainted with the relationship between the external auditor and the
auditee’s internal auditor.
Be aware of the audit procedures when the entity uses third-party service
organisations for activities that impact the financial statements.
Comprehend inherent risk and the procedures to assess it.
Be familiar with the planning memorandum and audit plan
3
CONTENT
5.1. Planning Objective and Procedures
5.2. Understanding the Entity and its Environment
5.3. Audit Risk Model
5.4. Materiality
5.5. Fraud and Irregularities
5.6. Using the Work of Others and Considering Auditee Use of
Service Organisations
5.7. Inherent Risk Assessment
5.8. Internal control and Control risk assessment
5.9. Other Planning Activities
4
5.1. PLANNING OBJECTIVE AND PROCEDURES
5
5.1. PLANNING OBJECTIVE AND PROCEDURES
Planning Objective
6
5.1. PLANNING OBJECTIVE AND PROCEDURES
Planning Procedures
The planning procedures are:
1. Perform audit procedures to understand the entity and its
environment, including the entity’s internal control.
2 Assess the risks of material misstatements of the financial
statements.
3. Determine materiality.
4. Prepare the planning memorandum and audit programme
containing the auditor’s response to the identified risks
7
5.2. UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT
8
5.2. UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT
9
5.2. UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT
Continuing Client
If the client is a continuing one, prior year’s working papers are reviewed
and reliance can be placed on the observations from prior periods.
The client’s permanent audit file frequently contains information on
company history and records of most important accounting policies in
previous years. However, before relying on existing working papers, the
auditor needs to make sure that there have been no significant changes in the
relevant aspects of the client’s entity or environment
10
5.2. UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT
11
5.3.AUDIT RISK MODEL
Assessment Tasks
- Even though such risks are likely to eventually have an impact on an entity’s
financial statements, not every business risk will translate directly in a risk of
a material misstatement in the financial statements, which is often referred to
as audit risk.
14
5.3.AUDIT RISK MODEL
Audit Risk:
* Audit risk is the risk that the auditor gives an inappropriate audit opinion
when the financial statements are materially misstated.
* Audit risk is a measure the reliability of the information used by the
accounting system is, i.e. how much reliance can be put on it. The higher the
audit risk, the more evidence must be gathered in order for the auditor to
obtain sufficient assurance as a basis for expressing an opinion on the
financial statements
* Audit risk has three components: inherent risk, control risk and detection
risk
15
5.3.AUDIT RISK MODEL
Audit Risk
Risk of Risk that the Auditors
Audit Risk Material * Fail to
= Misstatement Detect the
Misstatement
17
5.3.AUDIT RISK MODEL
Audit Risk
Model
AR
DR
IR
CR
Implications
» Assuming constant, sufficiently low AR, detection
risk is inversely related to IR and CR
Assessment
of Inherent Medium Low Medium High
Risk
Materiality
Slide 5- 13
5.4. MATERIALITY
Materiality
Materiality is a relative rather than absolute
concept
Materiality includes both quantitative and qualitative
consideration (size and nature of the misstatement)
5.4. MATERIALITY
Evaluating Materiality
Quantitative materiality level
No official guidelines within auditing standards
Bases for evaluating Materiality
5-10% of Net Income before Taxes
½-1% of Total Assets
½-1% of Total Revenue
1- 2% of Equity
Auditor add up all individually immaterial
misstatements in order to detect material
misstatement in aggregate.
5.4. MATERIALITY
Materiality
Evaluating Materiality
Qualitative Considerations
- Amount involve fraud are usually more important than
unintentional errors of equal dollar amounts => reflect on
honest and reliability of management.
- Misstatements that are otherwise minor may be material if
there are consequences influenced related significant
accounts
- Misstatements that are otherwise material if they affect
a trend in earning.
- Note: Materiality is a matter of Professional Judgement
5.5. FRAUD AND IRREGULARITIES
What is Fraud?
Fraud is an intentional act by one or more individuals among
management, those charged with governance, employees, or
third parties, involving the use of deception to obtain an unjust
or illegal advantage.
Two types (In the context of auditing ):
» Misstatements resulting from fraudulent financial
reporting
» Misstatements resulting from misappropriation of
assets.
5.5. FRAUD AND IRREGULARITIES
Types of Fraud
Fraudulent Financial Reporting (“management
fraud”)
Misrepresentation in, or intentional omission from, the
financial statements of events, transactions, or other
significant information
Manipulation, falsification or alteration of records or
documents from which financial statements are prepared
Intentional misapplication of accounting principles
relating to amounts, classification, manner of
presentation, or disclosures.
Slide 5-
28
5.5. FRAUD AND IRREGULARITIES
Slide 5-
29
Bookkeeping
scandals
October
16,
June 20, 2002 September, 2003 March 28, 2002
2001
Issue: Off-Balance Issue: Financial Issue: Financial Issue: Financial
Sheet Accountingand Reporting Fraud Reporting Fraud Reporting Fraud
Financial Reporting and inappropriate and embezzlement
Fraud consolidation
Impact: $9 billion
Impact: $3 billion in unreported Impact: $2.5
Impact: $ millions
in undisclosed expenses billion of hidden
Slide 5-
losses in overstated
debt
30 earnings
5.5. FRAUD AND IRREGULARITIES
Causes of Fraud
– Fraud Triangle
Attitudes/Rationalizations
Fraud
Triangl
e
Incentive/Pressures Opportunities
Slide 5-
31
5.5. FRAUD AND IRREGULARITIES
What is Error?
Unintentional mistakes in financial
information such as:
Errors of commission: mathematical or clerical mistakes in
the recording and accounting data;
Errors of omission: transactions, events is left out of an
accounting statement by mistake.
Errors of principle: misapplication or misunderstanding of
accounting policies unintentionally. Ex: wrong allocation
between different accounts, wrong valuation of assets,…
Slide 5-
32
5.5. FRAUD AND IRREGULARITIES
Slide 5-
33
5.5. FRAUD AND IRREGULARITIES
Responsibility for
Prevention & Detection
Management Responsibility
The primary responsibility for the prevention and
detection of fraud and error rests with both those
charged with governance and the management of an
entity. The respective responsibilities may vary from
entity to entity.
The management is responsible for establishing and
maintain policies and procedures by implementing
and ensuring continued operation of internal
control, which are designed to detect and prevent
fraud and error.
5.5. FRAUD AND IRREGULARITIES
Responsibility for
Prevention & Detection
Auditor’s Responsibility
The auditor should consider the risk of material
misstatements in the financial statements resulting from fraud
or error.
ISA 620 ‘Using the Work of an Auditor’s Expert’ deals with the
auditor’s responsibilities relating to the work of an auditor’s expert
when that work is used to assist the auditor in obtaining sufficient
appropriate audit evidence.
An auditor’s expert is an individual or organisation possessing
expertise in a field other than accounting or auditing, whose work in
that field is used by the auditor to assist the auditor in obtaining
sufficient appropriate audit evidence.
An auditor’s expert may be either an auditor’s internal expert (who is a
partner or staff, including temporary staff, of the auditor’s firm or a
network firm), or an auditor’s external expert.
36
5.6. USING THE WORK OF OTHERS AND
CONSIDERING AUDITEE USE OF SERVICE ORGANISATIONS
Using the Work of the Auditee’s Internal Auditors
ISA 610 ‘Using the Work of Internal Auditors’ deals with the external
auditor’s responsibilities relating to the internal audit function when the
external auditor has determined that the internal audit function is likely to be
relevant to the audit.
The internal audit function is an appraisal activity established or provided as
a service to the entity. Its functions include, amongst other things,
examining, evaluating and monitoring the adequacy and effectiveness of
internal control.
The external auditor has sole responsibility for the audit opinion expressed,
and that responsibility is not reduced by the external auditor’s use of the
work of the internal auditors
37
5.6. USING THE WORK OF OTHERS AND
CONSIDERING AUDITEE USE OF SERVICE ORGANISATIONS
Audit Considerations Relating to an Auditee Using a Service Organisation
ISA 402 ‘Audit Considerations Relating to an Entity Using a Service
Organisation’ discusses the external auditor’s responsibility to obtain
sufficient appropriate audit evidence when an auditee uses the services of
one or more service organisations.
A service organisation is a third-party organisation (or segment of a third-
party organisation) that provides services to user entities that are part of
those entities’ information systems relevant to financial reporting.
38
5.6. USING THE WORK OF OTHERS AND
CONSIDERING AUDITEE USE OF SERVICE ORGANISATIONS
Audit Considerations Relating to an Auditee Using a Service Organisation
A service organisation’s services are part of a user entity’s information
system if these services affect any of the following:
■ The classes of transactions in the auditee’s operations that are significant to
their financial statements.
■ The procedures, within both information technology (IT) and manual
systems, by which the entity’s transactions are initiated, recorded, processed,
corrected, transferred to the general ledger and reported in the financial
statements.
■ The related accounting records supporting information and specific accounts
in the user entity’s financial statements.
■ The financial reporting process used to prepare the user entity’s financial
statements, including significant accounting estimates and disclosures.
■ Controls surrounding journal entries, including non-standard journal entries
used to record non-recurring, unusual transactions or adjustments
39
5.6. USING THE WORK OF OTHERS AND
CONSIDERING AUDITEE USE OF SERVICE ORGANISATIONS
Audit Considerations Relating to an Auditee Using a Service Organisation
40
5.7. INHERENT RISK ASSESSMENT
41
5.7. INHERENT RISK ASSESSMENT
42
5.8. INTERNAL CONTROL AND CONTROL RISK ASSESSMENT
Internal control
A system of internal control consists of policies and
procedures designed to provide management with
reasonable assurance that the company achieves its
objectives and goals.
48
5.9. OTHER PLANNING ACTIVITIES
49