Klaus 2015Audit and Assurance1. Prepare for Planning and Initial Procedures2. Identifying Risks and Developing Strategy3. Develop Audit Approach and Gather Evidence4. Finalise the Audit IASB/IASC IAS IFRS IAASB IFAC - ISAAura Roadmap1. Understand Organiser, Materiality, Scoping, Planning Activities2. Assess Risks and Respond Audit Risks, Controls, gather Evidence, Delivery Centre3. Review and Conclude Evidence Review, Explanation, Significant Matters, Misstatements, CD/W LOG, Completion ActivitiesAudit Risk Components (IR+CR = RoMM) (Audit evidence mitigates the RoMM) Inherent Risk Normal, Elevated, Significant Control Risk Expected Controls Reliance None, Partial, High Detection Risk Planned Substantive Evidence Low, Medium, HighMateriality various benchmarks and percentages of benchmark. (pbt, ebitda, total assets, net assets, total revenues or total expenses; 1% to 10% etc) Overall Materiality Our assessment of materiality at the overall financial statement level Performance Materiality- Materiality at assertion level in relation to classes of transactions, account balances, and disclosures De Minimis SUM posting level Amount below which potential audit adjustments need not be accumulatedPerformance materiality determines nature, timing, extent of further audit procedures, takes into account aggregation risk of individually immaterial misstatement. Overall materiality is specific to company and industry, states maximum amount of misstatement that could exist before information in financial statements is considered misleading. ISA AssertionPwC AssertionBS or P&L

AccuracyAccuracy (A)P&L

CompletenessCompleteness (C)P&L + BS

Cut-OffCut-off (CO)P&L

ExistenceExistence / Occurrence (E/O)P&L

OccurrenceBS

ClassificationPresentation and Disclosure (P&D)

Understandability

Rights and ObligationsRights and Obligations (R&O)

Valuation and Allocation Valuation (V)

Audit Documentation Audit Evidence must be: Sufficient Appropriate reliable, relevantMore reliableLess Reliable

Original documents, auditor obtained/written/external evidencePhotocopies/fax, audit evidence indirect oral evidence client generated

PSCENTPurposeThe Purpose of the procedure should be clear.

SourceAll documents must indicate their Source, e.g. Obtained from client.

ConclusionConclusions should be documented for every audit procedure.

ExtentDocumentation should be sufficient for an experienced auditor with no previous connection with the engagement to understand the nature, timing and Extent of the procedures performed, the evidence obtained, and the conclusions reached.

NatureDocument the Nature of auditing procedures, e.g. involving the inspection of documents and confirmations, including tests of operating effectiveness of controls and Tests of Details.

TimelyDocumentation should be completed and reviewed on a Timely basis.

PwC Audit ProcessPrepare for Planning and Initial Procedures Acceptance and continuance assessment Agreeing the terms of the engagement between us and the client Building the engagement team Attending team planning meetings Required planning procedures Plan for planning, risk assessment, audit approachIdentifying Risks and Developing Strategy Control environment, risk assessment, information systems, control activities, process for monitoring controls. Walkthroughs Show me meeting, what controls are in place, who implements them? Who can write/cash cheques? Who performances bank reconciliation? Significant risk An inherent risk, that in our judgement, requires special audit consideration in terms of the nature, timing, or extent of testing, because of: the nature of the risk, the likely magnitude of the potential misstatements (including the possibility that the risk may give rise to multiple misstatements and the likelihood of the risks occurring. In assessing whether a significant risk exists, we do not consider the effects of controls related to the risks. A significant risk is a higher risk than an elevated or normal risk. Normal Risk The Inherent risk related to relatively routine, non-complex transactions that tend to be subject to systematic processing and require little management judgment. Although it is considered that there is a risk, it is judged that there are no elevated or special factors relating to the nature, the likely magnitude of the potential misstatements or the likelihood of the risk occurring. In assessing whether a normal risk exists, we do not consider the effects of controls related to the risk. Risks that are less than normal are not considered risks of material misstatement. Elevated Risk An inherent risk, that in our judgement, requires additional audit consideration beyond what would be required for a normal risk, but which does not rise to the level of a significant risk, because of its nature, the likely magnitude of potential misstatements that could result from it or the likelihood of the risk occurring. Elevated risks frequently will be risks that we will discuss with management and those charged with governance of the entity, but that do not rise to the level of a significant risk. In assessing whether a risk is elevated, the auditor does not consider the effect of controls related to the risk. Respond to Risk, and Gather EvidenceObtaining audit evidence Bucket Tier 1 Controls testing Tier 2 Test of details or Substantive analytics (Generally, perform tests of details for significant risks) Tier 3 Evaluate whether further evidence is necessary from tests of details and/or substantive analyticsFinalise the Audit Overall conclusion analytics Uncorrected misstatements Read directors report Review significant matters Identify subsequent events Management representation letter (issued no later than date of audit work completion by client to auditor declaring in writing that the financial statements and other presentations to the auditor are sufficient and appropriate and without omission of material facts to the financial statements, to the best of the managements knowledge) Financial statement procedures Sign audit opinion Debrief audit Archive audit file Client communications Ethics Professional Scepticism sufficiency, validity and reliability of audit evidence obtained. Being alert to unusual circumstances requiring further inquiry or audit evidence that contradicts or brings into question the reliability of documents and responses to inquiries from management. Open mind about the honesty of integrity of management and those charged with governance until inquiries are concluded. Alert to unusual circumstances Questioning mind Question reliability of documentsDetermine Course of Action: (AF.28)1. Recognise the event, decision or issue2. Think before you act3. Decide on a course of action4. Test your decision5. Proceed with confidenceTOPIC1. Technical and Professional Competence and Due Care2. Objectivity 3. Professional Behaviour4. Integrity5. Confidentiality Threats and Safeguards Self-interest Self-review Advocacy Management Intimidation FamiliarityDelivery Centres and Envoy (AF.31) AFS Monitoring and Review Template Preparation for - Engagement letters, Group instructions, Management representation letter, audit opinion Analytics assistance computing calculations and variances, providing research information to use in setting expectations Central Entity Service (CES) Maintenance Knowledge Management Company background management, SWOT analysis, etc. Aura Set-up, Maintenance and Support External Confirmations Financial Statements FSQCsFSQC Financial Statements quality check Do prior year figures agree to prior year statements? Do figures cast /cross cast Are figures internal consistent Are all necessary disclosures included Spelling/grammar Do current year figures agree to what weve audited in Aura

Fraud Fraud is an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage. Fraud may take the form of: -Fraudulent financial reporting; and-Misappropriation of assets Error is an unintentional misstatement in financial statement, including the omission of an amount or disclosure, such as the following: a mistake in gathering or processing data from which financial statements are prepared; an incorrect accounting estimate arising from oversight or misinterpretation of facts and a mistake in the application of accounting principles relating to measurement, recognition, classification presentation or disclosure. An auditors objective (ISA 240 UK&I) is to identify and assess the risk of material misstatement of the financial statements due to fraud, obtain sufficient appropriate audit evidence regarding the assessed risk of material misstatement due to fraud, through designing and implementing appropriate responses; and respond appropriately to fraud or suspected fraud identified during the audit.Fraud Triangle Why commit fraud? Generally there are 3 Conditions present when fraud occurs.1. Incentives/Pressures2. Opportunities3. Rationalisation/Attitude

What to do if you suspect a fraud:DoDont

Tell your manager or engagement leader, ensure the relevant documents are safe, consult someone in PwC may have come across a similar situationTip off the client, keep things to yourself, play detective without proper consultation, be fooled or manipulated by the client

The Audit Trail1. In scope FSLI Agreeing the FSLI to Cash Lead Schedule2. Initial trial balance Agreeing the Cash LS to the Initial Trial Balance3. Risk assessment- Documenting the Risk Assessment and EGA via Audit Risks and Gather Evidence views 4. Response to risk (EGA)5. Workpapers (Electronic & Paper) (+4) Agreeing the Cash LS to the bank reconciliation, agreeing the BR to the bank statement, agreeing the bank statement to the bank confirmation6. Final trial balance Agreeing the cash lead schedule to the Final Trial BalanceInternal Audit Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisations operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management and control processes. Role of the internal auditor: Review of accounting and internal control systems. Examination of financial and operating information. Review of the economy, efficiency and effectiveness of operations. Review of compliance with laws and regulations etc. Review of the implementation of corporate objectives. Identification of business and financial risks. Monitoring risk management policies and strategies. IIA (Institute of Internal Auditors)1. Code of Ethics Principles, Rules of Conduct2. International Standards for the Professional Practice of Internal Auditing, performance standards.ORCA PwC risk assessment process, approach based on business risk1. Objectives2. Risks3. Controls4. Alignment Are controls in line with risks?Information Processing Objectives CAVR = Completeness, Accuracy, Validity, Restricted AccessLines of defence:1. Business Management day-to-day2. Compliance risk management3. Audit (Independent) includes external auditors/external assuranceInternal Audit ServiceSub-service

OutsourcingFull outsourcing, directed outsourcing

Co-SourcingSignificant co-sourcing, co-sourcing

Internal Audit Advisory servicesExternal Quality Assessments (EQAs)/Internal Audit Effectiveness Reviews, Internal Audit Advisory Services, Secondments (stand alone)

Outsourced no in-house internal audit resource and no Head of Internal Audit (HIA) within the organisation. Directed outsourcing client exerts significant direction In relation to the internal audit plan or work delivered. Co-Sourced if the client has its own in-house HIA. Significant PwC delivers a significant proportion of the internal audit effort. Internal Audit Advisory services Clients may wish to engage PwC to deliver other internal audit services without outsourcing their internal audit function or engaging PwC to deliver co-sourced internal audit assignments. Stand-alone secondments also come under this heading (where they are not part of co-sourced engagements), but PwC staff may also second to the clients part of co-sourced engagements. (AA.49)Document the following when we find exceptions: details of the control weakness found the root cause the potential risks arising as a result of that issue the risk rating an action planCommon root causes people systems internal environment external factorsRisk Ratings Critical, High, Medium, Low, Advisory

Stages1) Foundation Confirm stakeholder needs and expectations are reflected in the objectives of the internal audit function as set out in the internal audit charter.2) Planning Develop an internal audit plan that addresses the needs and expectations of the stakeholders and the key risks of the organisation. 3) Fieldwork Obtain sufficient evidence to achieve the objectives of the internal audit review.4) Reporting Report the internal audit results, including practical and value-added recommendations, clearly and concisely.5) Quality Establish a stronger link between the strategic focus of internal audit and value drivers of its key stakeholders and measure commitment to highest levels of quality, continuous evaluation and overall internal audit effectiveness. Fieldwork - determine audit approach to be used Value protection approaches are focussed on assessing the design and operating effectiveness of controls. Value enhancement approaches are focussed on efficiency gains ,process performance, and/or monetary savings

Internal ControlsIndirect Entity level controlsEntity level controls that do not directly relate to any specific FSLI/business processes or assertions and, therefore, would not by themselves prevent or detect on a timely basis material misstatements to assertion(s) at the FSLI level. They may, however, contribute to the effectiveness of controls.

Direct Entity level controlsTypically operate at least at the sub-process level, that is, at a level higher than transaction level controls, and, when performed effectively, at a sufficient level of precision to adequately prevent, or detect and correct on a timely basis, material misstatements related to one or more relevant assertions for FSLIs/business processes. An example is a business performance review.

Information Technology General Controls (ITGCs)Policies and procedures that are used to manage the IT activities and computer environment relate to many applications and support the effective functioning of application controls by helping to verify the continued proper operation of information systems.

Transaction level controlsTransaction level controls are control activities over the initiation, recording, processing and reporting of transactions designed to operate at a level of precision that would prevent, or detect and correct on a timely basis, misstatements related to one or more relevant assertions for a FSLI/business process. Transaction level controls can be either detective (stock cycle counts) or preventive (authorisation for a payment run) in nature. They often include manual application, (physical sign off) automated application (password access) or IT dependent manual controls (running an aged debt report from the system for manual review and sign-off)

Nature of controls tests1. Inquiry Inquiry alone will not provide sufficient evidence. We require further corroboration, reports, manuals or other documents used in or generated by the performance of the control. Should always be used as the first step to any of the other techniques.2. Observation Appropriate where there is no documentation of the operation of a control, like segregation of duties. Is also useful for physical controls, for example, seeing that the warehouse door is locked or that blank checks are safeguarded. We need to consider that the control we observe might not be performed in the same manner when we are not present.3. Inspection This is often used often used to determine whether manual controls, like the follow-up of exception reports, are being performed. Absence of evidence may indicate that the control is not operating as prescribed and further procedures will be necessary to determine whether there is in fact an effective control. 4. Re-performance provides the best evidence. Used when a combination of inquiry, observation and inspection of evidence does not provide sufficient, appropriate audit evidence that a control is operating effectively. However, if extensive re-performance is likely to be necessary, we reconsider whether it is efficient to perform tests of controls to restrict the scope of substantive testing. Control AttributesAttribute DescriptionValues

FrequencyHow often. Can be driven by a schedule or by an event. Annual, Quarterly, Monthly, Weekly, Daily, Multiple times per day

IT-dependentAutomated, IT-dependent, Manual. It-dependent controls are manual control activities which rely on system generated reports and data.Automated, It-dependent, Manual

Time of error detectionPreventive controls are control activities which prevent incorrect financial information from being recorded, processed, or reported. Detective controls are controls which detect incorrectly recorded, processed or reported transactions.Preventive, Detective

Internal Control framework1. Monitoring being carried out correctly2. Information & Communication - Infrastructure and communication throughout the organisation3. Control Activities Policies and procedures carried out to achieve those management objectives4. Risk Assessment assess risks, determine how and whether to manage those risks5. Control Environment Attitude, behaviour, culture, awarenessControl activities occur at all levels, in all functions throughout the organisation operations, financial reporting, compliance

Substantive Analytical procedures and Employee Costs1. Planning Stage risk assessment analytics used at planning, mandatory. RISK ASSESSMENT2. Evidence stage substantive analytics, not mandatory. SUBSTANTIVE ANALYTICS3. Completion stage conclusion analytics, mandatory. OVERALL CONCLUSION4 Step Process1. Assess reliability of data, and develop a independent expectation. Ex. Ensure you have ITGCs evidence. 2. Define a significant difference of threshold. Tolerable threshold is usually based on materiality. You must quantify the tolerable threshold, not simply applying a percentage variance between the expectation and actual. If you disaggregate two revenue streams for your analytics, and performance materiality is your threshold, you cannot apply full performance materiality to each disaggregated element. 3. Compute difference. You must compute the difference between your original expectation and the actual client figures.4. Investigate significant differences and draw conclusions. You must investigate all differences from your expectation. You must explain the full variance from expectation to actual, not just the variance above the threshold. Evidence must be corroborated sufficiently and independently with evidence obtained to support client explanations for variancesYou can use this for Depreciation expense, Payroll and Interest income / expense. Outside of these three areas, the substantive analytics check point (AA.28) must be used. Substantive analytical procedures: Scanning Reasonableness Trend analysis Ratio Regression.

1. Determine suitability, assess reliability of underlying data and develop and independent expectation2. Define a significant difference or threshold. 3. Compute differences4. Investigate significant differences and corroborate with evidence

Test of Details1. Targeted Testing aims at establishing if there is a material monetary misstatement, items to be tested are selected based on monetary value or higher risk, applied to either a specific part of an account or the whole of the account, results should not be projected to the untested items in a population, preferred method of testing at PwC.2. Accept-reject Testing Used when we are interested in a particular attribute or characteristic, used when we are not testing monetary values, used when we do not project misstatements to the entire population. 3. Audit Sampling (Non-statistical sampling)- Application of auditing procedures to a representative group of less than 100% of the items for the purpose of evaluating the entire population tested. Usually used on populations with homogeneous items when we cannot target any items and based on risk or coverage. Can be applied in combination with Targeted testing. Six steps for targeted testing:1. State the test objective(s) (ex. Confirm A/C receivable balance)2. Define the population (is population complete?)3. Define misstatement and audit procedures.4. Document basis for selection.5. Document results of testing performed. 6. Evaluate misstatement.

Five stages for accept-reject testing Random =/= Haphazard1. Determine and document the assertion(s) that are being tested. 2. Define the population. Ex. All sales recorded in last week of year. 3. Define Exceptions. What would we reject?4. Determine the number of items to test and select items for testing. Tolerable exceptions.5. Perform testing and evaluate results. Any rejected? New pop, more testing otherwise if insufficient consult senior.Eight steps for Audit Sampling1. Determine test objective(s).2. Define the population and sampling unit.3. Define misstatement.4. Determine sample size.5. Determine sample selection method. 6. Perform testing. 7. Project misstatements to the population. (Homogeneous!)8. Evaluate results.Two Step Revenue TestingDetermine if pre-conditions met. Then partial or full target testing. Must meet 5 preconditions. 1) Risk assessed at normal and no specific fraud risks identified.2) Do not anticipate misstatements based on prior year results.3) Level of target testing already performed.4) Evidence related to A/R is moderate or high.5) Other procedures performed on the presumed risk of fraud. Cash and Cash EquivalentsDescription

Balance per cash book200,000

Bank charges not in cash book(2,000)

Un-presented cheques20,000

Outstanding deposits(12,000)

Cheques run prior to year-end and un-cleared10,000

Balance per bank statement216,000

Auditing a bank reconciliation top tips (AF.60)TestAssertions

Bank accounts are approvedExistence (of bank and cash assets)

Signatories are authorisedExistence (of bank and cash assets)

Bank reconciliations are performedCompleteness (of bank and cash assets)Accuracy (of related P&L transactions from reconciling cash items)Existence/Occurrence Rights and ObligationsValuation

Wire transfers are reviewed and approvedAccuracy (of related cash transaction)Existence (of bank and cash assets)

Tests of Details and related assertions TestAssertions

Test bank reconciliationsCompleteness (of bank and cash assets)Accuracy (of related P&L transactions from reconciling cash items)Cut-off (of bank and cash assets)Existence (of bank and cash assets)

Test bank account transfersCompleteness (of bank and cash assets)Cut-off (of transfer transaction)

Test translation of foreign currencyValuation (of bank and cash assets)

Test cash on handAccuracy (of related P&L transactions from reconciling cash items)Existence (of bank and cash assets)

Confirm bank accounts and special arrangementsCompleteness (of bank and cash assets)Accuracy (of related P&L transactions from reconciling cash items)Cut-off (of related P&L transactions)Existence (of bank and cash assets)Rights & Obligations (to bank and cash assets)Presentation & Disclosure (of bank and cash assets)

Inventory - The Importance of Inventory counts1) To the client Inventory is normally their biggest liquid asset. They not only need to manage the investment but they also need to ensure that they manage Inventory level so that they can meet customer needs / orders on a timely basis performing inventory counts help them to manage their inventory levels. Inventory counts represent a strong deterrent to theft. Inventory counts verify the quantity of inventory which, after valuation, will be included in the financial statements. 2) To the audit Inventory is often a material area on the balance and has a direct effect on the profit or loss for the year. Inventory counts provide a strong source of audit evidence for Existence, as inventory can easily be misstated and depending on the type of inventory there may be potential for fraud through misappropriation. Attendance at the inventory count is compulsory in many countries. 3) To you You cant repeat the inventory count later if you have a query or forget something. You must get everything right at the inventory count. It may be your first job alone. You may need to take decisions or react quickly to circumstances. You may need to make decisions under pressure from client staff. Attending the inventory count gives you an opportunity to tour the clients site and gain a good understanding of the clients business. You will probably come into close contact with client staff outside the financial department and, therefore, can develop your understanding of the business and build networks outside the finance function. Common EGAs PPE1) Lead Schedule2) Obtain movement schedule and detailed listings3) Test additions4) Test disposalsPurchases and Payable1. Ordering (Purchase Order)2. Receipt of goods / service (Goods received note)3. Receipt of invoice (Purchase Invoice)4. Recording of expense (P&L) or stock (B/S) and creditor (B/S) (Journal)5. Cash payment (Remittance advice)Controls (Authorisation, Review, Matching) Are all purchases included? Are we liable to pay the year-end creditor? Have pre year-end purchases been recorded post year-end? Are creditors due in less than or more than one year?It is important to understand the entire flow of transactions from when they are initiated to the accounting records that capture them. The walkthrough enables you to identify the points within the companys process at which a material misstatement could arise. There should be controls in place to address these risks. It is necessary to identify/confirm all the attributes of the control activities that the company has implemented. Through walkthrough, we can better understand how IT affects the transactional flow and what the relevant IT dependencies are. A walkthrough is performed by following the flow of an actual transaction using the clients documents and IT systems. At the point where the important processing procedures occur we should ask sufficiently probing questions that allow a complete understanding of the process under consideration. During the walkthrough we verify the implementation of control activities through a combination of inquiry, observation and examination.

Search for Unrecorded LiabilitiesLiabilities and related expenses are more likely to be understated or omitted from the accounts than overstated because the account balances usually consist of items that have been reviewed and approved as valid payables before being recorded and because efforts to improve timeliness of financial reporting may result in a failure to completely and accurately recognise all valid liabilities and expenses. We typically perform a search for unrecorded liabilities as part of a financial statement audit to obtain evidence that liabilities and expenses are not understated (completeness). Testing Targeted testing of cash disbursements made subsequent to year end, unpaid invoices and open receiving documents May involve targeting both significant value invoices and those subject to higher risk of exclusion (close to year-end or certain vendors) How long after year-end should our search for unrecorded liabilities extend? ->Professional judgment. When target testing a subsequent payment, the payment may relate to multiple invoices. Should we examine evidence for all invoices or is there another way to structure the targeted test? What audit work should be performed on the untested portion of the population of subsequent disbursements, unpaid invoices and open receiving documents? Factors to consider in determining the time period for the search for unrecorded liabilities: RoMM related to the completeness of liabilities and expenses, history of misstatements due to cut-off errors, length of time the client keeps its accounts open after year-end to process transactions, typical invoice payment terms for suppliers and service providers and the clients payment practices, effectiveness of controls, possibility that there may be material unrecorded liabilities only settled after the selected time period, sufficiency of audit evidence obtained through substantive analytics and other tests of details that provide comfort on the completeness, accuracy, and existence/occurrence of liabilities and expenses. EGAAssertions

Accounts Payable Lead SchedulePresentation and Disclosure

Accounts Payable Test accounts payable reconciliationCompleteness, Accuracy, Cut-off, Existence/Occurrence

Accounts Payable Search for unrecorded liabilitiesCompleteness, Accuracy, Valuation, Rights &obligations and Cut-off

Accounts Payable Test inventory receipts cut-offCompleteness and Cut-off

Accounts Payable Verify information for disclosuresPresentation & Disclosures

Revenue and Receivables1. Ordering (Customer Order)2. Dispatch (Goods Despatched Note)3. Invoicing (Sales Invoice)4. Recording of sale (P&L) and debtor (B&S) (Journal)5. Cash Receipt (Remittance Advice)Controls (Authorisation, Review, Matching Are all sales transactions genuine? Have sales returns been included Is the customer going to pay the debt? Are sales genuine and in the correct period? Have foreign currency balances been converted properly?EGAAssertions

Accounts Receivable Lead SchedulePresentation and Disclosure

Accounts Receivable Test accounts receivable reconciliationValuation

Accounts Receivable Confirm accounts receivableCompleteness, Accuracy, Existence/Occurrence, Rights & Obligations

Accounts Receivable Test sales/accounts receivable cut-offCompleteness and Cut-off

Accounts Receivable Verify information for disclosuresPresentation & Disclosures