Transcript
UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT
AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT
Introduction
The standard requires that auditor should obtain an understanding of the entity and its environment, including its internal control, sufficient to identify and assess the risks of material misstatement of the financial statements whether due to fraud or error, and sufficient to design and perform other audit procedures.
The standard provides guidance on the following:
Risk assessment procedures and sources of information about the entity and its environment including its internal control.
Understanding the entity and its environment, including its internal control.
Assessing the risk of material misstatement.
Communicating with those charged with governance and management.
Documentation.
Risk Assessment Procedures and Sources of Information about the Entity and Its Environment Including Its Internal Control
Risk Assessment Procedures & Sources of Information
The auditor should perform the following risk assessment procedures to obtain an understanding of the entity and its environment, including its internal controls.
Inquiries of management and others within the entity;
Analytical procedures; and
Observation and inspection.
The auditor is not required to apply all the risk assessment procedures for each aspect of the understanding required. However, all the above risk assessment procedures are applied in the course of obtaining the required understanding.
In addition to the above procedures, the auditor may obtain information by making inquiries of the entity’s legal counsel or of valuation experts that the entity has used. Reviewing information obtained from external sources such as reports by analysts, banks, or rating agencies, trade and economic journals or regulatory or financial publications may also be useful in obtaining information about the entity.
a) Inquiries
The auditor obtains information from management and those responsible for financial reporting. However, useful information can be obtained from others within the entity like production staff, internal audit personnel and other employees. Inquiries from others may provide an auditor with the following information:
Inquiries directed towards those charged with governance may help the auditor understand the environment in which the financial statements are prepared. (such persons include the representatives of board of directors, Chief finance officers who are responsible of designing internal control)
Inquiries directed towards internal audit personnel may relate to their activities concerning the monitoring and effectiveness of the entity’s internal control and whether management has satisfactorily responded to any findings from these activities.
Inquiries of employees involved in initiating, processing or recording complex or unusual transactions (like; accounts managers etc.) may help the auditor in evaluating the appropriateness of the selection and application of certain accounting policies.
Inquiries directed towards in-house legal counsel (like; company secretary, legal advisor etc.) may relate to such matters as litigation, compliance with laws and regulations, knowledge of fraud or suspected fraud affecting the entity, warranties, post-sales obligations, arrangements (such as joint ventures) with business partners and the meaning of contract terms.
Inquiries directed towards marketing or sales personnel may relate to changes in the entity’s marketing strategies, sales trends, or contractual arrangements with its customers.
Analytical procedures
These include ratio analysis, trend analysis, and common size analysis of financial as well as non financial information pertaining to the entity.
These procedures enable auditor to identify situation where significant fluctuations exist, relationships are not present as per expectations or unexpected relationships exist.
Observation and Inspection (walk through procedures)
It may support inquiries of management and others and also provide information about the entity and its environment. Such audit procedures ordinarily include the following:
Observation of entity activities and operations
Inspection of documents (such as business plans and strategies), records and internal control manuals.
Reading reports prepared by management (such as quarterly management reports and interim financial statements) and those charged with governance (such as minutes of board of directors’ meetings).
Visits to the entity’s premises and plant facilities.
Tracing transactions through the information system relevant to financial reporting (walk- through).
Discussion among the Audit Team
The members of the engagement team should discuss the susceptibility of the entity’s financial statements to materials misstatements. Such discussion would foster sharing of knowledge and exchange of information.
UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT
AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT
2. Understanding the Entity and Its Environment, including Its Internal Control
The auditor’s understanding of the entity and its environment consists of an understanding of the following aspects:
Industry, regulatory, and other external factors, including the applicable financial reporting framework (like; insurance companies, leasing companies, banking companies, textile industry etc.).
Nature of the entity, including the entity’s selection and application of accounting policies (like; sugar, textile, hotel, tourism, services, etc.).
Objectives and strategies and the related business risks that may result in a material misstatement of the financial statements (like; growth maximization, cost effectiveness, quality leadership, downsizing, etc.).
Measurement and review of the entity’s financial performance.
Internal control.
Industry, regulatory and other External Factors, including the Applicable Financial
Reporting Framework
The auditor should obtain information about these. Such knowledge includes information about competitors, suppliers, customers, technological developments, the regulatory environment, legal and political environment and the environmental requirements affecting the industry and the entity. The auditor should also consider general economic conditions.
Examples of matters an auditor may consider include the following:
Industry conditions
The market and competition, including demand, capacity, and price competition.
Cyclical or seasonal activity
Product technology relating to the entity’s products
Regulatory environment
Accounting principles and industry specific practices
Regulatory framework, for a regulated industry (like; baking sector)
Legislation and regulation that significantly affect the entity’s operations
Regulatory requirements (like; labor laws, minimum wage rate)
Direct supervisory activities (like; NAB, Excise & taxation Dept)
Taxation (corporate and other)
Government policies currently affecting the conduct of the entity’s business.
Monetary, including foreign exchange controls
Fiscal
Financial incentives (for example, government aid programs)
Tariffs, trade restrictions
Environmental requirements affecting the industry and the entity’s business.
Other external factors currently affecting the entity’s business.
General level of economic activity (for example, recession, growth)
Interest rates and availability of financing
Inflation currency revaluation.
Nature of the Entity
The nature of an entity refers to the entity’s operations, its ownership and governance, the types of investments that it is making and plans to make, the way that the entity is structured and how it is financed.
An understanding of the nature of an entity enables the auditor to understand the classes of transactions, account balances, and disclosures to be expected in the financial statements.
The auditor should obtain an understanding of the accounting policies selected and their application. It includes understanding the methods to account for significant and unusual transactions, the effect of significant accounting policies in controversial areas and changes in accounting policies. The auditor should assess appropriateness, of accounting policies selected and their consistency with financial reporting framework and industry practice.
Examples of matters an auditor may consider include the following:
Business Operations
Nature of Business (for example, manufacturer, wholesaler, banking, insurance or other financial services, import/export trading, utility, transportation and technology products and services.
Products or services and markets (for example, major customers and contracts, terms of payment, profit margins, market share, competitors, exports, pricing policies, reputation of products, warranties, order book, trends, marketing strategy and objectives, manufacturing processes).
Conduct of operations (for example, stages and methods of production, business segments, delivery of products and services, details of declining or expanding operations).
Alliances, joint ventures and outsourcing activities
Involvement in electronic commerce, including internet sales and marketing activities.
Geographic dispersion and industry segmentation.
Location of production facilities, warehouses, and offices.
Key customers.
Important supplies of goods and services (for example, long-term contracts, stability of supply, terms of payment, imports, methods of delivery such as “just-in-time”).
Employment (for example, by location, supply, wage levels, union contracts, pension and other post employment benefits, stock option or incentive bonus arrangements, and government regulation related to employment matters).
Research and development activities and expenditures.
Transactions with related parties.
Investments
Acquisitions, mergers or disposals of business activities (planned or recently executed).
Investments and dispositions of securities and loans.
Capital investment activities, including investments in plant and equipment and technology, and any recent or planned changes.
Investments in non-consolidated entities, including partnerships, joint ventures and special-purpose entities.
Financing
Group structure – major subsidiaries and associated entities, including consolidated and non-consolidated structures.
Debt structure, including covenants, restrictions, guarantees, and off-balance-sheet financing arrangements.
Leasing of property, plant or equipment for use in the business.
Beneficial owners (local, foreign, business reputation and experience)
Related parties
Use of derivative financial instruments.
Financial Reporting
Accounting principles and industry specific practices.
Revenue recognition practices.
Accounting for fair values.
Inventories (for example, locations, quantities).
Foreign currency assets, liabilities and transactions.
Industry-specific significant categories (for example, loans and investments for banks, accounts receivable and inventory for manufacturers, research and development for pharmaceuticals).
Accounting for unusual or complex transactions including those in controversial or emerging areas (for example, accounting for stock-based compensation).
Financial statement presentation and disclosure.
UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT
AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT
2. Understanding the Entity and Its Environment, including Its Internal Control
The auditor’s understanding of the entity and its environment consists of an understanding of the following aspects:
Industry, regulatory, and other external factors, including the applicable financial reporting framework (like; insurance companies, leasing companies, banking companies, textile industry etc.).
Nature of the entity, including the entity’s selection and application of accounting policies (like; sugar, textile, hotel, tourism, services, etc.).
Objectives and strategies and the related business risks that may result in a material misstatement of the financial statements (like; growth maximization, cost effectiveness, quality leadership, downsizing, etc.).
Measurement and review of the entity’s financial performance.
Internal control.
Industry, regulatory and other External Factors, including the Applicable Financial
Reporting Framework
The auditor should obtain information about these. Such knowledge includes information about competitors, suppliers, customers, technological developments, the regulatory environment, legal and political environment and the environmental requirements affecting the industry and the entity. The auditor should also consider general economic conditions.
Examples of matters an auditor may consider include the following:
Industry conditions
The market and competition, including demand, capacity, and price competition.
Cyclical or seasonal activity
Product technology relating to the entity’s products
Energy supply and cost
Regulatory environment
Accounting principles and industry specific practices
Regulatory framework, for a regulated industry (like; baking sector)
Legislation and regulation that significantly affect the entity’s operations
Regulatory requirements (like; labor laws, minimum wage rate)
Direct supervisory activities (like; NAB, Excise & taxation Dept)
Taxation (corporate and other)
Government policies currently affecting the conduct of the entity’s business.
Monetary, including foreign exchange controls
Fiscal
Financial incentives (for example, government aid programs)
Tariffs, trade restrictions
Environmental requirements affecting the industry and the entity’s business.
Other external factors currently affecting the entity’s business.
General level of economic activity (for example, recession, growth)
Interest rates and availability of financing
Inflation currency revaluation.
Nature of the Entity
The nature of an entity refers to the entity’s operations, its ownership and governance, the types of investments that it is making and plans to make, the way that the entity is structured and how it is financed transactions, account balances, and disclosures to be expected in the financial statements.
The auditor should obtain an understanding of the accounting policies selected and their application. It includes understanding the methods to account for significant and unusual transactions, the effect of significant accounting policies in controversial areas and changes in accounting policies. The auditor should assess appropriateness, of accounting policies selected and their consistency with financial reporting framework and industry practice.
Examples of matters an auditor may consider include the following:
Business Operations
Nature of Business (for example, manufacturer, wholesaler, banking, insurance or other financial services, import/export trading, utility, transportation and technology products and services.
Products or services and markets (for example, major customers and contracts, terms of payment, profit margins, market share, competitors, exports, pricing policies, reputation of products, warranties, order book, trends, marketing strategy and objectives, manufacturing processes).
Conduct of operations (for example, stages and methods of production, business segments, delivery of products and services, details of declining or expanding operations).
Alliances, joint ventures and outsourcing activities
Involvement in electronic commerce, including internet sales and marketing activities.
Geographic dispersion and industry segmentation.
Location of production facilities, warehouses, and offices.
Key customers.
Important supplies of goods and services (for example, long-term contracts, stability of supply, terms of payment, imports, methods of delivery such as “just-in-time”).
Employment (for example, by location, supply, wage levels, union contracts, pension and other post employment benefits, stock option or incentive bonus arrangements, and government regulation related to employment matters).
Research and development activities and expenditures.
Transactions with related parties.
Investments
Acquisitions, mergers or disposals of business activities (planned or recently executed).
Investments and dispositions of securities and loans.
Capital investment activities, including investments in plant and equipment and technology, and any recent or planned changes.
Investments in non-consolidated entities, including partnerships, joint ventures and special-purpose entities.
Financing
Group structure – major subsidiaries and associated entities, including consolidated and non-consolidated structures.
Debt structure, including covenants, restrictions, guarantees, and off-balance-sheet financing arrangements.
Leasing of property, plant or equipment for use in the business.
Beneficial owners (local, foreign, business reputation and experience)
Related parties
Use of derivative financial instruments.
Financial Reporting
Accounting principles and industry specific practices.
Revenue recognition practices.
Accounting for fair values.
Inventories (for example, locations, quantities).
Foreign currency assets, liabilities and transactions.
Industry-specific significant categories (for example, loans and investments for banks, accounts receivable and inventory for manufacturers, research and development for pharmaceuticals).
Accounting for unusual or complex transactions including those in controversial or emerging areas (for example, accounting for stock-based compensation).
Financial statement presentation and disclosure.
RECAP
Sources of Obtaining Understanding
Auditor obtains an understanding of the entity and environment, including its internal control through:
Risk assessment procedures and sources of information about the entity and its environment including its internal control.
Understanding the entity and its environment, including its internal control.
Assessing the risk of material misstatement.
Communicating with those charged with governance and management.
Documentation
Risk Assessment Procedures & Sources of Information
Risk assessment procedures to obtain an understanding a) Inquiries directed towards:
Those charged with governance
Internal audit personnel
Middle management (employees)
Legal counsel
Marketing or sales personnel
Analytical procedures
Financial
Non financial
Observation and inspection of:
Observations of Activities and operations
Inspection of Documents and records
Reading Management reports
Visit to premises and plant facilities
Understanding the Entity and Its Environment, Including Its Internal Control
The auditor’s understanding of the entity and its environment consists of an understanding of the following aspects:
External Factors:
Industry conditions
Regulatory environment
Macroeconomic level factors
Nature of the entity:
Business operations
Investments
Financing
Financial reporting
Objectives and strategies and the related business risks
Potential related business risk at existence of objective:
Industry developments
New products and services
Expansion of the business
New accounting requirements
Regulatory requirements
Current and prospective financing requirements
Use of IT
Potential related business risk at implementing a strategies:
Effects leading to new accounting requirements Measurement and review of the entity’s financial performance.
Internal control.
Understanding the Entity and Its Environment, including Its Internal Control
The auditor’s understanding of the entity and its environment consists of an understanding of the following aspects:
Industry, regulatory, and other external factors, including the applicable financial reporting framework (like; insurance companies, leasing companies, banking companies, textile industry etc.).
Nature of the entity, including the entity’s selection and application of accounting policies (like; sugar, textile, hotel, tourism, services, etc.).
Objectives and strategies and the related business risks that may result in a material misstatement of the financial statements (like; growth maximization, cost effectiveness, quality leadership, downsizing, etc.).
Measurement and review of the entity’s financial performance.
Internal control.
Objectives and Strategies and Related Business Risks
The auditor should obtain an understanding of the entity’s objectives and strategies and the related business risks that may result in material misstatement of the financial statements.
Business Risk is the risk that objectives and strategies would not be met
Examples of matters an auditor may consider include the following:
Existence of objectives with reference to:
Industry developments (a potential related business risk might be, for example, that the entity does not have the personnel or expertise to deal with the changes like technological changes in the industry).
New products and services (a potential related business risk might be, for example, that there is increased product liability).
Expansion of the business (a potential related business risk might be, for example, that the demand has not been accurately estimated).
New accounting requirements (a potential related business risk might be, for example, incomplete or improper implementation, or increased costs).
Regulatory requirements (a potential related business risk might be, for example that there is increased legal exposure).
Current and prospective financing requirements (a potential related business risk might be, for example, the loss of financing due to the entity’s inability to meet requirements).
Use of IT (a potential related business risk might be, for example, that systems and processes are incompatible).
Effects of implementing a strategy, particularly any effects that will lead to new accounting requirements (a potential related business risk might be, for example, incomplete or improper implementation)
The auditor should keep in mind that business risk is broader than the risk of material misstatement. Business risks, at times, do not cause any misstatement in the financial statements but affect the going concern.
Conditions and events that may indicate risks of material misstatements are as follows:
The following are examples of conditions and events that may indicate the existence of risks of material misstatement. The examples provided cover a broad range of conditions and events; however, not all conditions and events are relevant to every audit engagement and the list of examples is not necessarily complete.
Operations in regions that are economically unstable, for example, countries with significant currency devaluation or highly inflationary economies.
Operations exposed to volatile markets, for example, futures trading.
High degree of complex regulation.
Going concern and liquidity issues including loss of significant customers.
Constraints on the availability of capital and credit.
Changes in the industry in which the entity operates.
Changes in the supply chain.
Developing or offering new products or services, or moving into new lines of business.
Expanding into new locations.
Changes in the entity such as large acquisitions or reorganizations or other unusual events.
Entities or business segments likely to be sold.
Complex alliances and joint ventures.
Use of off-balance-sheet finance, special-purpose entities, and other complex financing arrangements.
Significant transactions with related parties.
Lack of personnel with appropriate accounting and financial reporting skills.
Changes in key personnel including departure of key executive.
Weaknesses in internal control, especially those not addressed by management.
Inconsistencies between the entity’s IT strategy and its business strategies.
Changes in the IT environment.
Installation of significant new IT systems related to financial reporting.
Inquiries into the entity’s operations or financial results by regulatory or government bodies.
Past misstatements, history of errors or a significant amount of adjustments at period end.
Significant amount of non-routine or non-systematic transactions including inter-company transactions and large revenue transactions at period end.
Transactions that are recorded based on management’s intent, for example, debt refinancing, assets to be sold and classification of marketable securities.
Application of new accounting pronouncements.
Accounting measurements that involve complex processes.
Events or transactions that involve significant measurement uncertainty, including accounting estimates.
Pending litigation and contingent liabilities for example, sales warranties, financial guarantees and environmental remediation.
Measurement and Review of the Entity’s Financial Performance
The auditor should obtain an understanding of the measurement and review of the entity’s financial performance. Performance measures, internal and external, sometimes create pressures on the entity and motivate management to misstate the financial statements.
Internally generated information may highlight entity’s position vis-à-vis, its competitors and reports from credit rating agencies and analysts may provide information useful to the auditors understanding of the entity and its environments.
Examples of matters an auditor may consider include the following:
Key ratios and operating statistics
Key performance indicators
Employee performance measures and incentive compensation policies.
Trends
Use of forecasts, budgets and variance analysis
Analyst reports and credit rating reports
Competitor analysis
Period –on-period financial performance (revenue growth, profitability leverage)
Internal Control
Understanding of Internal Control is used by the auditor to identify types of potential misstatements and to consider factors that affect the risks of material misstatements and design the nature, timing and extent of further audit procedures.
Definition of internal control
Internal controls is the process designed and effected by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations. It follows that internal control is designed and implemented to address identified business risks that threaten the achievement of any of these objectives.
Components of internal control
The control environment
The entity’s risk assessment process
The information system, including the related business processes relevant to financial reporting and communication.
Control activities
Monitoring of controls
e) Internal Control.
Understanding of Internal Control is used by the auditor
to identify types of potential misstatements;
to consider factors that affect the risks of material misstatements; and
to design the nature, timing and extent of further audit procedures.
Definition of Internal Control
Internal control is the process designed and affected by those charged with governance, management, and other personnel ………..
to provide reasonable assurance about the achievement of the entity’s objectives with regard to:
Reliability of financial reporting,
Effectiveness and efficiency of operations and
Compliance with applicable laws and regulations.
It follows that internal control is designed and implemented to address identified business risks that threaten the achievement of any of these objectives.
Components of Internal Control
The control environment
The entity’s risk assessment process
The information system, including the related business processes relevant to financial reporting and communication.
Control activities
Monitoring of controls
The Control Environment
It encompasses the following elements:
Communication and enforcement of integrity and ethical values.
Commitment to competence
Participation by those charged with governance
Management’s philosophy and operating style
Organizational structure
Human resource policies and practices
Auditor should evaluate how these components have been incorporated into the entity’s processes.
The Entity’s Risk Assessment Process
It is the process of identifying and responding to business risks that affect entity’s financial reporting. Such process includes how management:
identifies risks that affect entity’s ability to produce financial statement that give true and fair view,
estimates their significance,
estimates likelihood of their occurrence and
Decides upon actions to manage them.
Risks relevant to financial reporting include:
– internal events, and
– external events and circumstance
That may occur and adversely affect an entity’s ability to:
initiate,
record,
process, and
report the financial information.
Risks can arise due to circumstances such as the following: (internal/external)
Changes in operating environment
New personnel
New or revamped information systems
Rapid growth
New technology
New business models, product or activities
Corporate restructurings
Expanded foreign operations
New accounting pronouncements
Information system, including the related business processes, relevant to financial reporting and communication
The information system consists of:
infrastructure (physical and hardware components),
software
people
procedures and
data
Infrastructure and software will be absent, or have less significance, in systems that are exclusively or primarily manual. Many information systems make extensive use of IT.
Importance of Information System
Accordingly, an information system encompasses methods and records that:
Identify and record all valid transaction.
Describe on a timely basis the transaction in sufficient detail to permit proper classification of transactions for financial reporting.
Measure the value of transactions in a manner that permits recording their proper monetary value in the financial statements.
Determine the time period in which transactions occurred to permit recording of transactions in the proper accounting period.
Present properly the transactions and related disclosures in the financial statements.
Communication
Communication involves:
– providing an understanding of individual roles and responsibilities pertaining to internalcontrol,
– understanding roles of others and
– doing exception reporting to higher level management.
Communication takes such forms as:
– policy manuals,
– accounting and financial reporting manuals and memorandum.
It may also be made
– electronically,
– orally and
– through the actions of management
iv) Control Activities
Control activities include:
Performance reviews
Information processing
Physical controls
Segregations of duties
Performance reviews
These control activities include:
– reviews and analyses of actual performance versus budgets, forecasts, and prior period performance;
– relating different sets of data- operating or financial - to one another, together withanalyses of the relationships and investigative and corrective actions;
– comparing internal datawith external sources of information; and
– review of functional or activity performance, such as a bank's Consumer loan manager'sreview of reports by branch, region, and loan type for loan approvals and collections
Information processing
A variety of controls are performed to check accuracy, completeness, and authorization of transactions.
The two broad groupings of information systems control activities are:
application controls and
general IT controls.
Application controls apply to the processing of individual applications. These controls help ensure that transactions occurred, are authorized, and are completely and accurately recorded and processed.
General IT-controls commonly include controls over data center and network operations; system software acquisition, change and maintenance; access security; and application system acquisition, development, and maintenance. These controls apply to main-frame, mini-frame and end-user environments.
c) Physical controls
These activities encompass the:
physical security of assets, including adequate safeguards such as secured facilities access to assets and records;
authorization for access to computer programs and data files; and
periodic counting and comparison with amounts shown on control records (for example comparing the results of cash, security and inventory counts with accounting records).
Segregation of duties
Assigning different people the responsibilities of authorizing transactions, recording transactions, and maintaining custody of assets is intended to reduce the opportunities to allow any person to be in a position to both commit and conceal errors or fraud in the normal course of the person's duties. Examples of segregation of duties include reporting, reviewing and approving reconciliations, and approval and control of documents.
Monitoring of Control
The auditor should obtain an understanding of the major types of activities that
the entity uses to monitor internal control over financial reporting, and
how the entity initiates corrective actions to its controls.
Monitoring means and includes:
Ensuring that internal controls are operating as intended.
– If monitoring is not done, people may stop performing the functions they are required to perform.
– It also involves assessing the quality of internal control performance over times.
– Monitoring may be ongoing activities, separate evaluations or a combination of the two. Monitoring includes:
Supervisions, functions of managers
Internal audit
Communication from external parties indicating areas requiring
Assessing the Risk of Material Misstatement
The auditor should identify and assess the risks of material misstatement at the financial statement level, and at the assertion level for classes of transactions, account balances, and disclosures. For this purpose, the auditor:
Identifies risks throughout the process of obtaining an understanding of the entity and its environment, including relevant controls that relate to the risks, and by considering the classes of transactions, account balances, and disclosures in the financial statements.
Relates the identified risks to what can go wrong at the assertion level;
Considers whether the risks are of a magnitude that could result in a material misstatement of the financial statements; and
Considers the likelihood that the risks could result in a material misstatement of the financial statements.
Significant Risks that require Special Audit Considerations
Significant risks
These relate to:
non-routine transactions (unusual)
judgmental matters (e.g. accounting estimates)
non-routine transactions arising from matters such as:
greater management intervention to specify the accounting treatment
greater manual intervention for data collection and processing
complex calculations or accounting principles.
For significant risks, to the extent the auditor has not already done so, the auditor should evaluate the design of the entity’s related controls, including relevant control activities, and determine whether they have been implemented.
If management has not appropriately responded by implementing controls over significant risks and if, as a result, the auditor judges that there is a material weakness in the entity’s internal control, the auditor communicates this matter to those charged with governance as required in paragraph 8. In these circumstances, the auditor also considers the implications for the auditor’s risk assessment.
Risks for which substantive procedures alone do not provide sufficient appropriate audit evidence
As part of the risk assessment as described in the above paragraph, the auditor should evaluate the design and determine the implementation of the entity’s controls, including relevant control activities, over those risks for which, in the auditor’s judgment, it is not possible or practicable to reduce the risks of material misstatement at the assertion level to an acceptably low level with audit evidence obtained only from substantive procedures.
Examples of situations where the auditor may find it impossible to design effective substantive procedures that by themselves provide sufficient appropriate audit evidence that certain assertions are not materially misstated include the following:
An entity that conducts its business using IT to initiate orders for the purchase and delivery of goods based on predetermined rules of what to order and in what quantities and to pay the related accounts payable based on system-generated decisions initiated upon the confirmed receipt of goods and terms of payment. No other documentation of orders placed or goods received is produced or maintained, other than through the IT system.
An entity that provides services to customers via electronic media (for example, an Internet service provider or a telecommunications company) and uses IT to create log of the services provided to its customers, initiate and process its billings for the services and automatically record such amounts in electronic accounting records that are part of the system used to produce the entity’s financial statements.
Revision of Risk Assessment
While performing tests of controls or substantive procedures auditor finds that controls are not performing effectively and misstatements found are not in accordance with expectations of misstatements, the auditor should revise his assessment of risk and modify the further planned audit procedures.
Communicating with those Charged with Governance and Management
The auditor should make those charged with governance or management aware, as soon as practicable, and at an appropriate level of responsibility, of material weaknesses in the design or implementation of internal control which have come to the auditor’s attention.
5. Documentation
The auditor should document:
The discussion among the engagement team regarding the susceptibility of the entity’s financial statements to material misstatement due to error or fraud, and the significant decisions reached;
Key elements of the understanding obtained regarding each of the aspects of the entity and its environment, including each of the internal control components, to assess the risks of material misstatement of the financial statements; the sources of information from which the understanding was obtained; and the risk assessment procedures;
The identified and assessed risks of material misstatement at the financial statement level and at the assertion level; and
The risks identified and related controls evaluated.
ASSIGNMENT
Match each term or phrase on the left with the best description on the right. Descriptions may be used once, more than once, or not at all.
Control environment.
Management's philosophy
Functioning of the audit committee.
Identify and record all valid transactions.
Permit proper classification of transactions.
Segregation of duties.
Adequate documents and records.
Pre-numbered receiving reports
Preparation of reliable financial reports.
Reconciliation
Accounting system.
Adequate documents and record.
Control procedures.
Element of the internal control structure.
Factor that affect control environment.
Financial statement assertion.
Independent check on performance.
internal controls objective.
Fill in the blanks by selecting the most appropriate word/phrase:
Memberscan appoint the auditors if they are not appointed by theDirectorswithin 60 days ofincorporation.
SECP, directors, the company, members
Directors, members, SECP, the company
The part of the Statutory Report which relates to the Receipt and Payments is required to be certified by the auditors.
First extraordinary general meeting, statutory report, Annual General Meeting, First AGM
Receipts and Payments, Financial Statements, Balance Sheet, Income Statement
