Audit Workshop Part 2 12 December 2009

Transcription

1 Audit Workshop Part 2 12 December 2009 Nelson Lam 林智遠 MBA MSc BBA ACA ACS CFA CPA(Aust) CPA(US) FCCA FCPA(Practising) MSCA Nelson Consulting Limited 1 Agenda for Part 1 and Part 2 Planning Risk assessment Risk response Preliminary engagement activities Planning activities iti Understanding the entity and its environment Identify and assess risks of material misstatements Design and implement e auditor s responses to assessed risks Nelson Consulting Limited 2 1

2 Agenda for Part 2 International Standards on Quality Control (ISQCs) (only ISQC 1 issued so far) Recap of Part 1 Risk response Design and implement e auditor s responses to assessed risks Nelson Consulting Limited 3 Overview International Standards on Quality Control (ISQCs) (only ISQC 1 issued so far) International Framework for Assurance Engagements Audits and Reviews of Historical Financial Information Other Assurance Engagements Related Services International Standards on Auditing (ISAs) International Standards on Review Engagements(ISREs) International Standards on Assurance Engagements (ISAEs) International Standards on Related Services (ISRSs) International Auditing Practice Statements (IAPSs) International Review Engagement Practice Statements (IREPSs) International Assurance Engagements Practice Statements (IAEPSs) International Related Services Practice Statements (IRSPSs) Nelson Consulting Limited 4 2

3 ISQC 1 International Standards on Quality Control (ISQCs) (only ISQC 1 issued so far) International Standards on Auditing (ISAs) ISQC 1 Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagement to establish basic principles and essential and to provide guidance regarding a firm s responsibilities for its system of quality control for audits and reviews of historical financial information, and for other assurance and related services engagements Nelson Consulting Limited 5 ISQC 1 ISQC 1 requires: The firm should establish a system of quality control designed to provide it with reasonable assurance that the firm and its personnel comply with professional standards and regulatory and legal requirements, and that reports issued by the firm or engagement partners are appropriate in the circumstances Nelson Consulting Limited 6 3

4 ISQC 1 ISQC 1 requires: The firm s system of quality control should include policies and addressing each of the following elements: a) Leadership responsibilities for quality within the firm b) Ethical requirements c) Acceptance and continuance of client relationships and specific engagements d) Human resources e) Engagement performance f) Monitoring Quality Manual Promote internal culture CEO or Managing partner(s) assume ultimate responsibility Integrity of the client Competent to perform the job Comply with ethical requirement Sufficient and competent personnel committed to ethics Each job with appropriate staff Significant new requirements Nelson Consulting Limited 7 ISQC 1 Engagement Performance The firm s policies and on engagement performance should include: Consultation Engagement Quality Control Review Documentation Consultation policies and should be established and designed to provide it with reasonable assurance that: a) Appropriate consultation takes place on difficult or contentious matters; b) Sufficient resources are available to enable appropriate consultation to take place; c) The nature and scope of such consultations are documented; and d) Conclusions resulting from consultations are documented and implemented Nelson Consulting Limited 8 4

5 ISQC 1 Engagement Performance The firm s policies and on engagement performance should include: Engagement Quality Control Review The firm should establish policies and requiring, for appropriate engagements, an engagement quality control review that provides an objective evaluation of the significant judgments made by the engagement team and the conclusions reached in formulating the report Nelson Consulting Limited 9 ISQC 1 Engagement Performance The firm s policies and on engagement performance should include: Require an EQC Reviewer Similar to a 2nd partner to have 2nd review For all audits of financial statements of Engagement Quality listed entities (set criteria for other audits) Control Review Not to issue auditor s report until the completion of EQC Review Such policies & should: a) Require an engagement quality control review for all audits of financial statements of listed entities; b) Set out criteria against which all other audits and reviews of historical financial information, and other assurance and related services engagements should be evaluated to determine whether an engagement quality control review should be performed; and c) Require an engagement quality control review for all engagements meeting the criteria established in compliance with subparagraph (b) Nelson Consulting Limited 10 5

6 ISQC 1 Engagement Performance The firm s policies and on engagement performance should include: Engagement Quality Control Review The firm s policies and should address the appointment of engagement quality control reviewers and establish their eligibility through: a) The technical qualifications required to perform the role, including the necessary experience and authority; and b) The degree to which an engagement quality control reviewer can be consulted on the engagement without compromising the reviewer s objectivity Nelson Consulting Limited 11 ISQC 1 Engagement Performance The firm s policies and on engagement performance should include: To complete the assembly of final engagement files on a timely basis after the engagement reports have been finalized Observe local laws and regulations In or audit, no more than 60 days after the date of auditor s report Documentation For the retention of documentation for a period sufficient to meet the needs of the firm or as required by law or regulation the retention period ordinarily is no shorter than 5 years from the date of the auditor s report, or, if later, the date of the group auditor s report Nelson Consulting Limited 12 6

7 ISQC 1 Monitoring Policies and for monitoring should include an ongoing consideration and evaluation of the firm s system of quality control, including a periodic inspection of a selection of completed engagements. Ongoing Evaluation Quality Assurance Review (QAR) Nelson Consulting Limited 13 ISQC 1 Monitoring Periodic inspection of a selection of completed engagement Termed as Quality Assurance Review (QAR) in Practice Review Self-assessment Questionnaire Ordinarily performed on a cyclical basis Engagements selected for inspection include at least one engagement for each engagement partner over an inspection cycle, which ordinarily spans no more than three years Includes the selection of individual engagements, some of which may be selected without prior notification to the engagement team Those inspecting the engagements ( the monitor ) are not involved in performing the engagement or the engagement quality control review (EQCR) Small firm may wish to use a qualified external person or another firm to carry out that QAR Quality Assurance Review (QAR) Nelson Consulting Limited 14 7

8 Agenda for Part 2 Recap of Part Nelson Consulting Limited 15 Risk Assessment Overview Perform risk assessment To gather information about Understanding the entity and its environment The entity and its environment Internal control Relevant industry, regulatory, and other external factors The nature of the entity The entity s selection & application of accounting policies The entity s objectives & strategies & those related business risks Measurement and review of the entity s financial performance The entity s internal control Nelson Consulting Limited 16 Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam 8

9 Risk Assessment Overview Perform risk assessment To gather information about Understanding the entity and its environment The entity and its environment Internal control Identify and assess risks of material misstatements Financial statement level Assertion level Nelson Consulting Limited Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam 17 Risk Assessment Overview Identify and assess risks of material misstatements Financial statement level Assertion level Can risks be related to specific assertions? Yes Describe what can go wrong at assertion level No Significant risk? Nelson Consulting Limited Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam 18 9

10 Risk Assessment and Responses Risk assessment Risk response Understanding the entity and its environment Identify and assess risks of material misstatements Design and implement e auditor s responses to assessed risks Nelson Consulting Limited 19 Today s Agenda Risk response Design and implement e auditor s responses to assessed risks Nelson Consulting Limited 20 10

11 Responses to Assessed Risks Identify and assess risks of material misstatements Financial statement level Assertion level The auditor has a responsibility to design and implement responses to the risks of material misstatement identified and assessed by the auditor ISA 315 specifically states that: The objective of the auditor is to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement, through designing and implementing appropriate responses to those risks Nelson Consulting Limited 21 Responses to Assessed Risks Identify and assess risks of material misstatements Financial statement level Assertion level Can risks be related to specific assertions? Yes Describe what can go wrong at assertion level No No Significant Yes risk? Overall Response Responses specifically to significant risk Nelson Consulting Limited Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam 22 11

12 Overall Responses Identify and assess risks of material misstatements Financial statement level Can risks be related to specific assertions? The auditor shall design and implement overall responses to address the assessed risks of material misstatement at the financial statement level. (ISA 330.5) No Overall Response Nelson Consulting Limited 23 Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam Overall Responses Activity Identify and assess risks of material misstatements Financial statement level Can risks be related to specific assertions? No Activity 6 Audit Response Referring to Activity 3 and based on the Case of ABC and the assessment on the risks of material misstatements at the financial statement level Determine the appropriate p responses to the assessed risks. Overall Response Nelson Consulting Limited 24 12

13 Overall Responses Example Overall responses to address the assessed risks of material misstatement at the financial statement level may include: Emphasizing to the audit team the need to maintain professional skepticism. Assigning more experienced staff or those with special skills or using experts. Providing more supervision. Incorporating additional elements of unpredictability in the selection of further audit to be performed. Making general changes to the nature, timing, or extent of audit, for example: performing substantive at the period end instead of at an interim date; or modifying the nature of audit to obtain more persuasive audit evidence. Overall Response Nelson Consulting Limited 25 Overall Responses The assessment of the risks of material misstatement at the financial statement level, and thereby the auditor s overall responses, is affected by the auditor s understanding of the control environment. An effective control environment may allow the auditor to have more confidence in internal control and the reliability of audit evidence generated internally within the entity and thus, for example, allow the auditor to conduct some audit at an interim date rather than at the period end. Deficiencies in the control environment, however, have the opposite effect. Overall Response Nelson Consulting Limited 26 13

14 Overall Responses Example If there are weaknesses in the control environment, how would they affect the auditor s overall response? If there are weaknesses in the control environment, the auditor ordinarily conducts more audit as of the period end rather than at an interim date, seeks more extensive audit evidence from substantive, modifies the nature of audit to obtain more persuasive audit evidence, or increases the number of locations to be included in the audit scope. It may also have a significant bearing on the auditor s general approach, for example, an emphasis on substantive (substantive approach), or Overall an approach Response that uses tests of controls as well as substantive (combined approach) Nelson Consulting Limited 27 Responses to Risks at Assertion Identify and assess risks of material misstatements Financial statement level Assertion level Can risks be related to specific assertions? Yes Describe what can go wrong at assertion level No Significant risk? Yes Responses specifically to significant risk Nelson Consulting Limited Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam 28 14

15 Further Audit Procedures (FAP) The auditor shall design and perform further audit whose nature, timing, and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level. (ISA 330.6) Nelson Consulting Limited 29 Further Audit Procedures (FAP) Assertions used by the auditor fall into the following categories: About Classes of Transactions and Events for the period under audit Occurrence Completeness Accuracy Cutoff Classification About Account Balances at the period end Existence Rights and obligations Completeness Valuation and allocation About Presentation and Disclosure Occurrence and rights and obligations Completeness Classification and understandability Accuracy and valuation Class of Transactions Account Balances Presentation and Disclosure Nelson Consulting Limited 30 15

16 Further Audit Procedures (FAP) Guide to Using International Standards on Auditing in the Audits of Small- and Medium-sized Entities (by IFAC SMPC): To make the use of assertions a little easier to apply to smaller entities, the Guide has combined the assertions into 4 combined assertions as follows: Combined Assertions Classes of Transactions Account Balances Presentation and Disclosure Existence Occurrence Existence Occurrence Completeness Completeness Completeness Completeness Accuracy and Cut-off Accuracy Cut-off Rights and obligations Accuracy Rights and Classification obligations Classification and understandability Valuation Valuation and Valuation allocation Nelson Consulting Limited 31 Further Audit Procedures (FAP) Nelson Consulting Limited 32 16

17 Further Audit Procedures (FAP) Activity Identify and assess risks of material misstatements Assertion level Activity 7 Risk at Assertion Level and Audit Response Based on the Case of ABC in Activity 3 and 5 and regarding the consignment sales of ABC: Describe the (including risk assessment and further audit ) you would perform in relation to the consignment sales Nelson Consulting Limited 33 Further Audit Procedures (FAP) The auditor s assessment of the identified risks at the assertion level provides a basis for considering the appropriate audit approach for designing and performing further audit. Often the auditor may determine that a combined approach is an effective approach, such approach would use tests of the operating effectiveness of controls and substantive. In some cases, only performing tests of controls may achieve a good response to the assessed risk at an assertion. In other cases, performing only substantive is appropriate for an assertions and the relevant control is not considered in risk assessment (say, no relevant effective controls have been identified or such test of control may be inefficient) Nelson Consulting Limited 34 17

18 Further Audit Procedures (FAP) The auditor s assessment of the identified risks at the assertion level Assessed Risk Nature Material class of transactions, account balance and disclosure For each material class of transactions, account balance, and disclosure, the auditor shall design and perform substantive (as required by ISA , to be discussed in detail later) Timing Extent Nelson Consulting Limited 35 Further Audit Procedures (FAP) Designing and performing further audit whose nature, timing, and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level provides a clear linkage between the nature, timing, and extent of the auditor s further audit and the risk assessment. Nature Timing Extent Nelson Consulting Limited 36 18

19 Further Audit Procedures (FAP) The nature, timing and extent of FAPs Nature refers to their purpose and their type Purpose: tests of controls or substantive Type: inspection, observation, inquiry, confirmation, recalculation, re-performance, or analytical Timing refers to When audit are performance (at interim date, at period end, or after period end), or The period or date to which the audit evidence applies Extent t refers to The quantity of a specific audit performance to be performed, for example, a sample size or the no. of observations of a control activity Nature Timing Extent Nelson Consulting Limited 37 Further Audit Procedures (FAP) In designing the further audit to be performed, the auditor shall: a. Consider the reasons for the assessment given to the risk of material misstatement at the assertion level for each class of transactions, account balance, and disclosure, including: i. The likelihood of material misstatement due to the particular characteristics of the relevant class of transactions, account balance, or disclosure (that is, the inherent risk); and ii. Whether the risk assessment takes account of relevant controls (that is, the control risk), thereby requiring the auditor to obtain audit evidence to determine whether the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive ); and b. Obtain more persuasive audit evidence the higher the auditor s assessment of risk. (ISA 330.7) Nelson Consulting Limited 38 19

20 Further Audit Procedures (FAP) Example The higher the auditor s assessment of risk, the more reliable and relevant, for example, third party evidence, or evidence sought by the auditor from substantive The higher the auditor s assessment of risk, the more likely or effective to perform nearer to, or at, the period end rather than at an earlier date, or to perform unannounced or at unpredictable time The higher the auditor s assessment of risk, the more quantity of a specific procedure originally performed Nature Timing Extent Nelson Consulting Limited 39 Further Audit Procedures (FAP) FAPs (from the nature perspective) are divided into: Test of controls Substance Certain requirements are imposed by ISA 330 on performing these two kinds of Nature Timing Extent Tests of Substantive Procedures Nelson Consulting Limited 40 20

21 FAP Tests of The auditor shall design and perform tests of controls to obtain sufficient appropriate audit evidence as to the operating effectiveness of relevant controls if: a. The auditor s assessment of risks of material misstatement at the assertion level includes an expectation that the controls are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive ); or b. Substantive alone cannot provide sufficient appropriate audit evidence at the assertion level. (ISA 330.8) Expectation of Effective Substantive Procedures Alone Ineffective Tests of Nelson Consulting Limited 41 FAP Tests of Test of controls is an audit procedure designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level. In designing and performing tests of controls, the auditor shall obtain more persuasive audit evidence the greater the reliance the auditor places on the effectiveness of a control. (ISA 330.9) Expectation of Effective Substantive Procedures Alone Ineffective Tests of Nelson Consulting Limited 42 21

22 FAP Tests of Activity Activity 8 Considerations Specific to Smaller Entities Discuss how tests of control can be applied in small entities Tests of Nelson Consulting Limited 43 FAP Tests of In the case of small entities, there may not be many control activities that could be identified by the auditor, or the extent to which their existence or operation have been documented by the entity may be limited. In such cases, it may be more efficient for the auditor to perform further audit that are primarily substantive. In some rare cases, however, the absence of control activities or of other components of control may make it impossible to obtain sufficient appropriate p audit evidence. Tests of Nelson Consulting Limited 44 22

23 FAP Tests of Testing the operating effectiveness of controls is different from obtaining an understanding of and evaluating the design and implementation of controls. However, the same types of audit are used. When obtaining audit evidence of implementation by performing risk assessment, the auditor determines that the relevant controls exist and that the entity is using them. When performing tests of the operating effectiveness of controls, the auditor obtains audit evidence that controls operate effectively. Tests of Nelson Consulting Limited 45 FAP Tests of In designing and performing tests of controls, the auditor shall: a. Perform other audit in combination with inquiry to obtain audit evidence about the operating effectiveness of the controls, including: i. How the controls were applied at relevant times during the period under audit; ii. The consistency with which they were applied; and iii. By whom or by what means they were applied. b. Determine whether the controls to be tested depend upon other controls (indirect controls) and, if so, whether it is necessary to obtain audit evidence supporting the effective operation of those indirect controls. (ISA ) Nature Tests of Nelson Consulting Limited 46 23

24 FAP Tests of An auditor may inquire about and observe the entity s for opening the mail and processing cash receipts to test the operating effectiveness of controls over cash receipts. Because an observation is pertinent only at the point in time at which it is made, the auditor ordinarily supplements the observation with inquiries of entity personnel, and may also inspect documentation about the operation of such controls at other times during the audit period in order to obtain sufficient appropriate audit evidence. Example Nature Tests of Nelson Consulting Limited 47 FAP Tests of Documentation of operation may not exist for some factors in the control environment, such as assignment of authority and responsibility, or for some types of control activities, such as control activities performed by a computer. In such circumstances, audit evidence about operating effectiveness may be obtained through inquiry in combination with other audit such as observation or the use of CAAT. Example Nature Tests of Nelson Consulting Limited 48 24

25 FAP Tests of As well as the degree of reliance on controls, matters the auditor may consider in determining the extent of tests of controls include the following: The frequency of the performance of the control by the entity during the period. The length of time during the audit period that the auditor is relying on the operating effectiveness of the control. The expected rate of deviation from a control. The relevance and reliability of the audit evidence to be obtained regarding the operating effectiveness of the control at the assertion level. The extent to which audit evidence is obtained from tests of other controls related to the assertion. Extent Tests of Nelson Consulting Limited 49 FAP Tests of The more the auditor relies on the operating effectiveness of controls in the assessment of risk, the greater is the extent of the auditor s tests of controls. The rate of expected deviation from a control increases, the auditor increases the extent of testing of the control. However, the auditor considers whether the rate of expected deviation indicates that the control will not be sufficient to reduce the risk of material misstatement at the assertion level to that assessed by the auditor. If the rate of expected deviation is expected to be too high, the auditor may determine that tests of controls for a particular assertion may not be effective. Example Extent Tests of Nelson Consulting Limited 50 25

26 FAP Tests of Example Because of the inherent consistency of IT processing, it may not be necessary to increase the extent of testing of an automated control an automated control can be expected to function consistently unless the program (including the tables, files, or other permanent data used by the program) is changed Once the auditor determines that an automated control is functioning as intended, the auditor may consider performing tests to determine that the control continues to function effectively. Such tests might include determining that: Changes to the program are not made without being subject to the appropriate program change controls; The authorized version of the program is used for processing transactions; and Other relevant general controls are effective. Extent Tests of Nelson Consulting Limited 51 FAP Tests of The auditor shall test controls for the particular time, or throughout the period, for which the auditor intends to rely on those controls (subject to evidence obtained in interim and significant risks), in order to provide an appropriate basis for the auditor s intended reliance. (ISA ) Timing Tests of Nelson Consulting Limited 52 26

27 FAP Tests of The timing of tests of controls depends on the auditor s objective and determines the period of reliance on those controls. If the auditor tests controls at a particular time, the auditor only obtains audit evidence that the controls operated effectively at that time e.g. physical inventory count at period end If the auditor tests controls throughout a period the auditor obtains audit evidence of the effectiveness of the operation of the controls during that period e.g. inventory delivery control over the period Example Timing Tests of Nelson Consulting Limited 53 FAP Tests of If the auditor obtains audit evidence about the operating effectiveness of controls during an interim period, the auditor shall: a. Obtain audit evidence about significant changes to those controls subsequent to the interim period; and b. Determine the additional audit evidence to be obtained for the remaining period. (ISA ) Timing Tests of Nelson Consulting Limited 54 27

28 FAP Tests of Example Relevant factors in determining what additional audit evidence to obtain about controls that were operating during the period remaining after an interim period, include: The significance of the assessed risks of material misstatement at the assertion level. The specific controls that were tested during the interim period, and significant changes to them since they were tested, including changes in the information system, processes, and personnel. The degree to which audit evidence about the operating Timing effectiveness of those controls was obtained. The length of the remaining period. The extent to which the auditor intends to reduce further substantive based on the reliance of controls. The control environment. Tests of Nelson Consulting Limited 55 FAP Tests of Activity Activity 9 Using Audit Evidence Obtained in Previous Audits PN CPA Limited tested a company s controls of operating effectiveness in previous audit and had drawn a conclusion on its effectiveness last year. Can PN CPA Limited rely on the audit evidence obtained in the current year s audit? Timing Tests of Nelson Consulting Limited 56 28

29 FAP Tests of In determining whether it is appropriate to use audit evidence about the operating effectiveness of controls obtained in previous audits, and, if so, the length of the time period that may elapse before retesting a control, the auditor shall consider the following: a. The effectiveness of other elements of internal control, including the control environment, the entity s monitoring of controls, and the entity s risk assessment process; b. The risks arising from the characteristics of the control, including whether it is manual or automated; Timing c. The effectiveness of general IT-controls; d. The effectiveness of the control and its application by the entity, including the nature and extent of deviations in the application of the control noted in previous audits, and whether there have been personnel changes that significantly affect the application of the control; e. Whether the lack of a change in a particular control poses a risk due to changing circumstances; and Tests of f. The risks of material misstatement and the extent of reliance on the control Nelson Consulting Limited 57 FAP Tests of If the auditor plans to use audit evidence from a previous audit about the operating effectiveness of specific controls, the auditor shall establish the continuing relevance of that evidence by obtaining audit evidence about whether significant changes in those controls have occurred subsequent to the previous audit. (ISA ) Timing Changed Not Changed Tests of Nelson Consulting Limited 58 29

30 FAP Tests of The auditor shall obtain the evidence by performing inquiry combined with observation or inspection, to confirm the understanding of those specific controls, and: a. If there have been changes that affect the continuing relevance of the audit evidence from the previous audit, the auditor shall test the controls in the current audit. b. If there have not been such changes, the auditor shall test the controls at least once in Timing every third audit, and shall test some controls each audit to avoid the possibility of testing all the controls on which the auditor intends to rely in a single audit period with no testing ti of controls in the subsequent two audit periods. (ISA ) Test controls in current audit Test once every third audit and test some controls each audit Changed Not Changed Tests of Nelson Consulting Limited 59 FAP Tests of Factors that may decrease the period for retesting a control, or result in not relying on audit evidence obtained in previous audits at all, include the following: A deficient control environment. Deficient monitoring of controls. A significant manual element to the relevant controls. Personnel changes that significantly affect the application of the control. Changing circumstances that indicate the need for changes in the control. Deficient general IT-controls. Example Timing Tests of Nelson Consulting Limited 60 30

31 FAP Tests of If the auditor plans to rely on controls over a risk the auditor has determined to be a significant risk, the auditor shall test those controls in the current period. (ISA ) Assertion level Describe what can go wrong at assertion level Significant risk? Yes Audit evidence from prior year deemed not sufficient Test should be performed in the current period Responses specifically to significant risk Nelson Consulting Limited Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam 61 FAP Tests of When evaluating the operating effectiveness of relevant controls, the auditor shall evaluate whether misstatements that have been detected by substantive indicate that controls are not operating effectively. The absence of misstatements detected by substantive, however, does not provide audit evidence that controls related to the assertion being tested are effective. (ISA ) Tests of Nelson Consulting Limited 62 31

32 FAP Tests of If deviations from controls upon which the auditor intends to rely are detected, the auditor shall make specific inquiries to understand these matters and their potential consequences, and determine whether: a. The tests of controls that have been performed provide an appropriate basis for reliance on the controls; b. Additional tests of controls are necessary; or c. The potential risks of misstatement need to be addressed using substantive. (ISA ) Tests of Nelson Consulting Limited 63 FAP Substantive Procedures Substantive procedure is an audit procedure designed to detect material misstatements at the assertion level. comprise: i. Tests of details (of classes of transactions, account balances, and disclosures); and ii. Substantive analytical. Substantive Procedures Nelson Consulting Limited 64 32

33 FAP Substantive Procedures Irrespective of the assessed risks of material misstatement, the auditor shall design and perform substantive for each material class of transactions, account balance, and disclosure. (ISA ) The auditor shall consider whether external confirmation are to be performed as substantive audit. (ISA ) Substantive Procedures Nelson Consulting Limited 65 FAP Substantive Procedures The auditor s substantive shall include the following audit related to the financial statement closing process: a. Agreeing or reconciling the financial statements with the underlying accounting records; and b. Examining material journal entries and other adjustments made during the course of preparing the financial statements.(isa ) Substantive Procedures Nelson Consulting Limited 66 33

34 FAP Substantive Procedures If the auditor has determined that an assessed risk of material misstatement at the assertion level is a significant risk, the auditor shall perform substantive that are specifically responsive to that risk. When the approach to a significant risk consists only of substantive, those shall include tests of details. (ISA ) Assertion level Describe what can go wrong at assertion level Significant risk? Yes Perform substantive that are specifically responsive to that risk Responses specifically to significant risk Nelson Consulting Limited Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam 67 FAP Substantive Procedures Example The auditor identifies that the management is under pressure to meet earning expectation, discuss any implication on sales and suggest relevant substantive. If the auditor identifies that management is under pressure to meet earnings expectations there may be a risk that management is inflating sales by improperly recognizing revenue related to sales agreements with terms that preclude revenue recognition or by invoicing sales before shipment. In these circumstances, the auditor may, for example, design external confirmations not only to confirm outstanding amounts, but also to confirm the details of the sales agreements, including date, any rights of return and delivery terms. In addition, the auditor may find it effective to supplement such external confirmations with inquiries of non-financial personnel in the entity regarding any changes in sales agreements and delivery terms. Substantive Procedures Nelson Consulting Limited 68 34

35 FAP Substantive Procedures Substantive analytical are generally more applicable to large volumes of transactions that tend to be predictable over time. Tests of details are ordinarily more appropriate to obtain audit evidence regarding certain assertions about account balances, including existence and valuation. Nature In some situations, for example, the auditor may determine that performing only substantive ti analytical l is responsive to the assessed risk of material misstatement for a class of transactions where the auditor s assessment of risk is supported by obtaining audit evidence from performance of tests of the operating effectiveness of controls Substantive Procedures Nelson Consulting Limited 69 FAP Substantive Procedures Example Can substantive be performed at an interim date? In some circumstances, the auditor may determine that it is effective to perform substantive at an interim date, and to compare and reconcile information concerning the balance at the period end with the comparable information at the interim date to: a. Identify amounts that appear unusual; b. Investigate any such amounts; and c. Perform substantive analytical or tests of details to test the intervening period. Timing Substantive Procedures Nelson Consulting Limited 70 35

36 FAP Substantive Procedures If substantive are performed at an interim date, the auditor shall cover the remaining period by performing: a. substantive, combined with tests of controls for the intervening period; or b. if the auditor determines that it is sufficient, further substantive only that provide a reasonable basis for extending the audit conclusions from the interim date to the period end. (ISA ) Timing Substantive Procedures Nelson Consulting Limited 71 FAP Substantive Procedures If misstatements that the auditor did not expect when assessing the risks of material misstatement are detected at an interim date, the auditor shall evaluate whether the related assessment of risk and the planned nature, timing, or extent of substantive covering the remaining period need to be modified. (ISA ) Timing Substantive Procedures Nelson Consulting Limited 72 36

37 FAP Substantive Procedures The greater the risk of material misstatement, the greater the extent of substantive. However, increasing the extent of an audit procedure is appropriate only if the audit procedure itself is relevant to the specific risk. In designing tests of details, the extent of testing is ordinarily thought of in terms of the sample size, which is affected by the risk of material misstatement. However, the auditor also considers other matters, including whether it is more effective to use other selective means of testing, such as selecting large or unusual items from a population as opposed to performing representative sampling or stratifying the population into homogeneous subpopulations for sampling. Extent Nelson Consulting Limited 73 FAP and Assessed Risks Activity Identify and assess risks of material misstatements Assertion level Activity 10 Linkage between Assessed Risks and Auditor s Response Based on the answers of Activity 5 and 7, discuss whether the documentation for the risk of material misstatement assessed on consignment sales has met the requirements of ISA 330. Suggest further documentation and amend, if any, the documentation to meet the requirement Nelson Consulting Limited 74 37

38 Responses to Assessed Risks Identify and assess risks of material misstatements Financial statement level Assertion level Can risks be related to specific assertions? Yes Describe what can go wrong at assertion level No No Significant Yes risk? Overall Response Responses specifically to significant risk Nelson Consulting Limited Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam 75 Presentation and Disclosure Adequacy of Presentation and Disclosure The auditor shall perform audit to evaluate whether the overall presentation of the financial statements, including the related disclosures, is in accordance with the applicable financial reporting framework. (ISA ) Nelson Consulting Limited 76 38

39 Presentation and Disclosure Example Evaluating the overall presentation of the financial statements, including the related disclosures, relates to whether the individual financial statements are presented in a manner that reflects the appropriate classification and description of financial information, and the form, arrangement, and content of the financial statements and their appended notes. This includes, for example, the terminology used, the amount of detail given, the classification of items in the statements, and the bases of amounts set forth Nelson Consulting Limited 77 Audit Process Overview Audit Process Planning Preliminary engagement activities Planning activities iti Risk assessment Risk response Reviewing and reporting Understanding the entity and its environment Identify and assess risks of material misstatements Design and implement e auditor s responses to assessed risks Overall reviewing Drawing conclusions and reporting An audit is a cumulative and iterative process Nelson Consulting Limited Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam 78 39

40 Evaluate Sufficiency and Appropriateness Based on the audit performed and the audit evidence obtained, the auditor shall evaluate before the conclusion of the audit whether the assessments of the risks of material misstatement at the assertion level remain appropriate. (ISA ) The auditor shall conclude whether sufficient appropriate audit evidence has been obtained. In forming an opinion, the auditor shall consider all relevant audit evidence, regardless of whether it appears to corroborate or to contradict the assertions in the financial statements. (ISA ) An audit is a cumulative and iterative process Nelson Consulting Limited 79 Evaluate Sufficiency and Appropriateness If the auditor has not obtained sufficient appropriate audit evidence as to a material financial statement assertion, the auditor shall attempt to obtain further audit evidence. If the auditor is unable to obtain sufficient appropriate audit evidence, the auditor shall express a qualified opinion or disclaim an opinion on the financial statements. (ISA ) Nelson Consulting Limited 80 40

41 Evaluate Sufficiency and Appropriateness Example The extent of misstatements that the auditor detects by performing substantive may alter the auditor s judgment about the risk assessments and may indicate a material weakness in internal control The auditor may become aware of discrepancies in accounting records, or conflicting or missing evidence. Analytical performed at the overall review stage of the audit may indicate a previously unrecognized risk of material misstatement. In such circumstances, the auditor may need to reevaluate the planned audit based on the revised consideration of assessed risks for all or some of the classes of transactions, account balances, or disclosures and related assertions Nelson Consulting Limited 81 Documentation The auditor shall include in the audit documentation: a. The overall responses to address the assessed risks of material misstatement at the financial statement level, and the nature, timing, and extent of the further audit performed; b. The linkage of those with the assessed risks at the assertion level; and c. The results of the audit, including the conclusions where these are not otherwise clear. (ISA ) Nelson Consulting Limited 82 41

42 Documentation If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in previous audits, the auditor shall include in the audit documentation the conclusions reached about relying on such controls that were tested in a previous audit. (ISA ) The auditor s documentation shall demonstrate that the financial statements agree or reconcile with the underlying accounting records. (ISA ) Nelson Consulting Limited 83 Documentation Sample Assessing Risks of Material Misstatement and Linkage to Auditor s Response (A. Financial Statement Level) Assessing Risks of Material Misstatement and Linkage to Auditor s Response (B. Assertion level ) Nelson Consulting Limited 84 42

43 Overall Responses Linked to Risks Example Description of the issues identified Risk resulted Significant risk (Y/N) Overall Responses Nelson Consulting Limited 85 Overall Responses Linked to Risks Example Description of the issues identified Risk resulted Significant risk (Y/N) Yes Overall Responses 1. The entity is an The financial Yes The audit team is reminded owner-managed statements might to maintain professional private entity and thus have been prepared scepticism in performing lacking formal internal control system. inaccurately. the engagement. 2. The computer in recording and preparing the financial information has been upgraded. The financial information might have not been properly transferred to the new computer. Yes (Non- routine) More experienced audit staff is assigned to the engagement. Audit staff with experience and knowledge in computer data and source information transfer is assigned to the audit team Nelson Consulting Limited 86 43

44 FAP Linked to Assessed Risks Example Issues and Risks identified Relevant Assertions Significant risk (Y/N) Further Audit Procedures (Audit Responses) Nelson Consulting Limited 87 FAP Linked to Assessed Risks Example Issues and Risks identified Relevant Assertions Significant risk (Y/N) Further Audit Procedures (Audit Responses) 1. Property acquired in Rights and Yes Land search performed in Shanghai Shanghai during the year Obligations (non-routine) Physical inspection and count on property, plant and equipment to be performed 2. No property has been acquired before and the owner and staff have no knowledge on accounting new Accuracy, Valuation, Classification Yes (non-routine) Consider the appropriateness of accounting policy on property adopted Check cost of acquisition to the sale and purchase agreement and property p match with the payment Verify the calculation of depreciation independently Review the entity s impairment review Nelson Consulting Limited 88 44

45 Sample File Structure Planning, Control and Administration Understanding of the Entity Documentation required Financial statements & auditor s report In the past? Preliminary engagement activities Overall audit strategy and audit plan Subsequent event review and going concern review An understanding of the entity An understanding of other aspects of an entity Consideration of law and regulations Risk Assessment Further Audit Procedures Assessing risks (at financial statement level and at assertion level) Linkage to overall response and further audit Audit divided into sections and include Tests of control Substantive In the past? Audit on impairment of assets, accounting estimates and fair value measurement Nelson Consulting Limited 89 Audit Process Overview Audit Process Planning Preliminary engagement activities Planning activities iti Risk assessment Risk response Reviewing and reporting Understanding the entity and its environment Identify and assess risks of material misstatements Design and implement e auditor s responses to assessed risks Overall reviewing Drawing conclusions and reporting An audit is a cumulative and iterative process Nelson Consulting Limited Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam 90 45

46 ISA 705 and 706 Standard unqualified opinion is still specified in ISA 700 Modified opinion was originally under ISA 701 The clarity project separates the requirements of ISA 701 into ISA 705 Modifications to the Opinion in the Independent Auditor s Report ISA 706 Emphasis of Matter and Other Matter Paragraphs in the Independent Auditor s Report Nelson Consulting Limited 91 ISA 705 ISA 705 Modifications to the Opinion in the Independent Auditor s Report deals with the auditor s responsibility to issue an appropriate report in circumstances when, in forming an opinion in accordance with ISA 700, the auditor concludes that a modification to the auditor s opinion on the financial statements is necessary Nelson Consulting Limited 92 46

47 ISA 705 ISA 705 sets out the objective of the auditor is to express clearly an appropriately modified opinion on the financial statements that is necessary when: a. The auditor concludes, based on the audit evidence obtained, that the financial statements as a whole are not free from material misstatement; or b. The auditor is unable to obtain sufficient appropriate audit evidence to conclude that the financial statements as a whole are free from material misstatement. Disagreement Limitation Nelson Consulting Limited 93 ISA 705 ISA 705 also specifically includes: Nature of Matter Giving Rise to the Modification Financial statements are materially misstated Inability to obtain sufficient appropriate audit evidence Auditor s Judgment about the Pervasiveness of the Effects or Possible Effects on the Financial Statement Material but Not Pervasive Material and Pervasive Qualified Opinion Adverse Opinion Qualified Opinion Disclaimer Opinion Nelson Consulting Limited 94 47

48 ISA 705 ISA 705 clearly defined the meaning of pervasive: A term used, in the context of misstatements, to describe the effects on the financial statements of misstatements or the possible effects on the financial statements of misstatements, if any, that are undetected due to an inability to obtain sufficient appropriate audit evidence. Pervasive effects on the financial statements are those that, in the auditor s judgment: i. Are not confined to specific elements, accounts or items of the financial statements; ii. If so confined, represent or could represent a substantial proportion of the financial i statements; t t or iii. In relation to disclosures, are fundamental to users understanding of the financial statements Nelson Consulting Limited 95 ISA 705 ISA 705 newly requires: If, after accepting the engagement, the auditor becomes aware that management has imposed a limitation on the scope of the audit that the auditor considers likely to result in the need to express a qualified opinion or to disclaim an opinion on the financial statements, the auditor shall request that management remove the limitation. If management refuses to remove the limitation, the auditor shall communicate the matter to those charged with governance, unless all of those charged with governance are involved in managing the entity, and determine whether it is possible to perform alternative to obtain sufficient appropriate audit evidence Nelson Consulting Limited 96 48