AUE3701 BEST EXAM REVISION SUMMARY SCORE BETTER GRADES WITH 100%.

AUE3701 BEST EXAM REVISION SUMMARY SCORE BETTER GRADES WITH 100%. Preliminary engagement activities • Perform a client investigation • Determine the skills, competencies and resources required • Establish the terms of the engagement Why do we need to perform preliminary engagement activities? Which standards govern this decision? There are 2 main ISAs which deal with this area, namely; • ISA 220 ‘Quality control for an audit of financial statements’ and • ISQC1, the international standard on quality control. Due to the important nature of this decision, ISQC 1 states that the responsibility for client acceptance and continuance decisions should rest with the firm’s managing partner. Step 1: Perform a client Investigation • ISA 220 and ISQC1 requires that the firm considers the integrity of the client’s principal owners, key management, and those charged with the governance of the entity. In order to accomplish this, the firm should consider the following factors:  Are there any ethical reasons as to why the engagement should not be accepted/continued? Of particular importance here is the requirement that the auditor be independent. In addition to independence, consideration should be given as to whether there are any potential conflicts of interest. (ISA 220 par A16) Consider the entity’s business standing risk ie the business reputation of the principal owners of the client, key management, as well as those charged with the governance of the entity. Consider the company’s ability to pay the audit fees. How do we get all this information? Step 2: Determine the skills, competencies and resources required • Paragraphs A8 – A11 of ISA 220 instruct us to consider the following when determining the skills and competence requirements: • Do we have sufficient audit team members available in relation to the size of the client (in other words, the necessary resources)? • Can we compile an audit team with the necessary knowledge and experience? • Can we compile an audit team with the necessary technical skills and competence or are we going to have to rely on the work of an expert and/or other third parties to complete the audit? (ISAs 600, 610 and 620)? • Are we going to be able to meet the audit deadline? • Are we going to be able to comply with the quality control requirements of SAAPS 1 and ISQC 1? Step 3: Establish the terms of the engagement. • The terms of any audit engagement are contained in the Letter of Engagement. This document is extremely important as it forms the contractual relationship between the auditor and his client and sets out, inter alia, the nature of the engagement as well as the responsibilities of the parties involved. Past paper practice • UNISA CTA 2008 adapted – a and b Planning an audit Let us look where we are in the whole audit process • Preliminary audit engagements • Planning an audit • Obtaining audit evidence • Perform test of controls and substantive procedures • Evaluation, reporting and conclusion Planning an audit • Planning an audit of financial statements • Understanding the entity and its environment • Identification and assessment of risk • The auditor’s responsibility relating to fraud • Consideration of laws and regulations in an audit of financial statements • Materiality • The overall audit strategy • The audit plan • Audit documentation • Communicating deficiencies in internal control to those charged with governance and management The benefits (aka the role) of proper planning of the audit • Appropriate attention being devoted to important areas; • Ensuring that potential problem areas are identified upfront; • Ensuring that the audit is organized and managed in an effective and efficient manner; • Ensuring that team members with the appropriate experience and expertise are allocated to the audit; • Ensuring that work is properly delegated to assistants and reviewed; and • Ensuring that work performed by other auditors and experts is co‐ordinated. Remember •AR = IR x CR x DR Risk of material misstatement • The higher the risk of material misstatement, the lower the detection risk needs to be. • How do we lower the detection risk?.... • By doing more procedures Step 1 ‐ Obtaining an understanding of the entity • Objective: is for the auditor to obtain a sufficient understanding of the entity and the environment in which it operates, including the entity’s accounting and internal control systems, in order to enable him to identify and assess any risks of material misstatement at both the financial statement and the assertion level. Auditor must obtain an understanding of the following aspects EXTERNAL FACTORS • Industry factors; • Regulatory factors ; and • Other external factors eg economic factors, including the applicable financial reporting framework. Internal factors (ie the nature of the entity) • It’s business operations; • It’s ownership and governance structures; • Planned and actual investments made, including any investments in special purpose entities; and • The manner in which the entity is structured and financed. The entity’s selection and application of accounting policies, including any changes thereto. The entity’s objectives, strategies, and related business risks. The measurement and review of the entity’s financial performance. Remember… • Audit Risk = Inherent Risk x Control Risk x Detection Risk • The reason we perform this step in the planning stage of the audit process is to enable us to assess the Inherent Risk related to our client. Client’s accounting and internal control systems • Once the auditor has obtained an understanding of the entity, including the environment in which it operates, he needs to gain an understanding of his client’s accounting and internal control systems. • It is important to remember that the implementation of an accounting system is not in itself sufficient to ensure that proper records are being kept. To set up an effective accounting system, management need to implement additional control procedures to ensure that the financial information that is being recorded is complete, accurate and valid. In other words…. An effective accounting system = Accounting system + Internal controls. For this reason, the auditor needs to gain an understanding of both the accounting and internal control systems. You will also recall from your undergraduate studies, that any system of internal control comprises the following components: • The Control Environment. • The entity’s Risk Assessment Process. • The Accounting Information System. • The Control Activities. • The Monitoring of the Controls. Component: Description of component: Control environment. This refers to management’s attitude and awareness towards the importance of internal control. It is often referred to as ‘the tone at the top.’ Risk assessment process. This is the process followed by management to:  Identify;  Analyse; and  Respond, to any risks facing the organisation. Component: Description of component: Information system, including the related business processes. This comprises both the manual and computerised functions by means of which the entity gathers, processes and accounts for information. Control activities. These comprise the techniques, methods and principles that are necessary for the application of internal control. Monitoring of controls. This involves management’s consideration on a regular basis of whether the controls are indeed operating as they were intended to. NB NB The reason we perform this step in the planning stage of the audit process is to enable us to assess the Control Risk related to our client. Step 2 Assess the risk of material misstatement in the financial statements Why? The International Standards on Auditing require a Risk‐ based audit approach to be followed. This approach entails the auditor identifying the risks that could lead to the financial statements being materially misstated, and then responding to these risks by adjusting his audit approach accordingly (nature, timing and extent of the tests of control and substantive procedures) to limit the audit risk to an acceptable level. Audit risk • You will recall, that audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. • Audit risk is a function of: Material misstatement (consisting of the two components, inherent and control risk); and Detection risk. Remember… Also, always remember that Detection Risk has an inverse relationship to the product of Inherent and Control Risk (or the risk of material misstatement). Business risk These are risks resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entity’s ability to achieve it’s objectives and execute it’s strategies, or from the setting of inappropriate objectives and strategies. These risks are therefore clearly different to audit risk. Do we need to be concerned with business risks? • Management are responsible for identifying and addressing business risks. • The auditor is only concerned with those risks which will affect the financial statements. • However, the auditor will also consider business risks as they will have an impact on the risk of material misstatement at the overall financial statement level. What is a significant risk? A significant risk is an identified and assessed risk of material misstatement that, in the auditor’s opinion, requires special audit consideration. How do we assess the risk of material misstatement? ISA 315 requires the auditor to consider the risk of material misstatement at two levels, namely at: • The overall financial statement level; and • The assertion level. Overall financial statement level The risk of material misstatement at the overall financial statement level is the risk which affects the financial statements as a whole and which potentially affects multiple accounts which make up the financial statements. • For example, if the management of your client lacks integrity, the audit as a whole will inherently be more risky. Assertion level Once the auditor has identified the risks at the overall financial statement level, he needs to consider how these risks might affect the assertions which are embodied in the financial statements. (This is the consideration of the risks at the assertion level). The following needs to be taken into account… • The susceptibility of accounts to misstatement; for example, when an entity wants to obtain financing from the bank or when inventory is imported • The complexity of the underlying transactions; for example sale and leaseback, contract accounting, invoicing in foreign currency by foreign suppliers • The degree of judgment involved in determining account balances; for example the use of estimates when determining a balance in the financial statements • The susceptibility of assets to loss or misappropriation; for example assets that are highly desirable and moveable, such as cash (for example the completeness of cash from cash sales) • The conclusion of unusual and complex transactions; for example a once‐off forward exchange contract for goods sold to foreign customers or factoring of trade receivables • Transactions not subjected to routine processing; for example a once‐off forward exchange contract for goods sold to foreign customers Financial statement assertions ‘Income statement:’ ‘Balance sheet:’ Completeness Completeness Accuracy Valuation Occurrence Existence Cut‐off Rights (Assets)/Obligations (Liabilities) Classification For example Should the auditor’s client be experiencing a cashflow problem and wish to apply for additional financing from a bank: • The risk at the overall financial statement level is that revenue and assets may be overstated, while liabilities and expenses might be understated. • The risk at the assertion level is that Sales may be overstated by the inclusion of say, for example, fictitious sales in turnover. Step 3 ‐ Audit strategy • The audit strategy is established just after conducting risk assessment procedures. The overall audit strategy gives a preliminary idea of what the scope, timing and direction of the audit will be and what resources will be needed on the audit. (a)Scope. (ie the range of activities to be performed by the auditor) Examples include:  The applicable financial reporting framework.  Any industry‐specific reporting requirements, for example, compliance with JSE regulations.  Any applicable government regulations.  Number of locations to be audited etc. (b) Timing. (ie the timing when audit procedures should be performed) For example: • Before year end (Early verification and roll‐ forward procedures); • At year‐end. (c) Direction. (ie the areas of focus.) Obviously we would want to focus on the areas where there is a high risk of material misstatement. Step 4 ‐ Audit plan • The audit plan is more detailed than the overall audit strategy • It includes the concepts of nature, timing and extent of planned risk assessment procedures, • further audit procedures at the assertion level and • other planned audit procedures (ISA 300 paragraph 9) Nature • type of audit approach and further procedures that should be adopted. • The auditor has two options, namely: a Combined approach or a fully Substantive Approach Timing • This relates to when the audit procedures will be performed. Extent • Extent relates to how many items should be tested i.e. the sample size. • Sample sizes will obviously be larger where risk is higher. • Another way of looking at it is, the more reliance to be placed on the test performed, the larger the sample size should be. Past paper practice • AUE303R October 2011 question 1 and 2 • CTA 2008 adapted – c and d • AUE304S May/June 2012 Question 1 and 2 Audit documentation If it is not documented……. IT IS NOT DONE.