Chapter 6 Audit Planning and Risk Assessment Learning Objectives 1. Learn the steps of the planning...
-
Upload
alban-underwood -
Category
Documents
-
view
218 -
download
0
Transcript of Chapter 6 Audit Planning and Risk Assessment Learning Objectives 1. Learn the steps of the planning...
Learning Objectives
1. Learn the steps of the planning process for an integrated audit.
2. Become familiar with the components that impact the audit strategy and audit plan.
3. Understand the relationship of risk assessment, materiality, and planning.
4. Define the Fraud Triangle and recognize fraud risk factors.
5. Identify triggers for reevaluating the audit strategy and audit plan.
6. Summarize important information that is documented as part of audit planning.
7. Identify changes that can be made to audit approaches for higher risk areas.
8. Explain different types of audit activities and their purposes.
One Engagement
Planning for an integrated audit must achieve the objectives of both audits – opinion on the financial statements and opinion on ICFR
Auditor needs sufficient evidence to Assess risk Address ICFR effectiveness
For an ICFR opinion in a financial statement audit For decision on how much to rely on ICFR in a
financial statement audit Address fairness of the financial statements
Overview of Planning
Audit planning is a continuous process; the audit plan may need to be adjusted as new information is obtained
Risk assessment is integrated throughout, including assessing fraud risk
Steps in planning Establishing the audit strategy Planning the audit resources Develop the audit plan Communication on planning
Overall Audit Strategy
Big picture of the audit; auditors can do this before they do audit procedures based on Experience in and knowledge of the industry Information gained through client acceptance
process Previous audit engagements, such as quarterly
reviews Components of the audit strategy
Scope of the engagement Timing Materiality and risk Fraud risk
Audit Strategy: Scope of the Engagement
What are deliverables for this particular client?
How much and what type of work does the auditor need to do?
When and where does the work need to be done?
How should the work be scaled to fit the size, environment and complexity of the audit client?
Audit Strategy: Scope of the EngagementClient attributes that affect scope: Accounting presentation
Is the presentation US GAAP, IFRS, GASB, statutory based, other?
Entity structure Is it public or privately owned? Is it a parent or subsidiary? Does it have
multiple locations, and if so what is the materiality at the other locations?
Information technology Complexity of the system? Entity level and application controls?
Client outsourcing How important are outsourced services? How will audit address the
service provider?
Work of others How will this affect the nature, timing and extent of audit procedures?
First year vs. continuing audits
Audit Strategy: Timing
Client events that create audit deadlines Key dates for communication with
management, Audit Committee and Board of Directors
SEC deadlines for filing quarterly and annually Date at which other auditors will supply or need
audit reports Requirements of other regulators
Are audit resources (human resources) available in the right combinations at the right times?
Audit Strategy: Materiality and Risk
Materiality …the magnitude of an omission or
misstatement of accounting information that, in the light of surrounding circumstances, makes it probably that the judgment of a reasonable person relying on the information would have been changed or influenced by the omission or misstatements
Audit Strategy: Materiality and Risk
Auditors assess materiality based on whether the issue would influence the economic decisions of users with certain qualifications Appropriate knowledge Willingness to study the financial statements Understand the concept of materiality Understand measurement issues like estimates
and judgments Will make appropriate economic decisions
using the financial statements
Audit Strategy: Materiality and RiskTop Down Approach What amount is material at the financial statement level? What accounts and disclosures are significant to the financial
statements? What assertions are relevant to the significant accounts and
disclosures? What could go wrong to cause a material misstatement or omission
related to each relevant assertion in each significant account or disclosure?
Is there a control in place that is intended to prevent that event (the risk) from occurring or that will detect it on a timely basis? If yes, is the control designed sufficiently well that (if it operates effectively) it will prevent or detect the risk? If yes, does the control operate well enough (effectively) to prevent or detect the risk?
Are there any material misstatements or omissions in any significant accounts or disclosures?
Audit Strategy: Materiality and Risk Materiality includes both quantitative and
qualitative aspects; something might not be material from a quantitative perspective but have qualitative characteristics that make it material regardless of amount. Management fraud is an example of something that is material regardless of amount.
Significant risks are risks in the business that are important enough to require special audit consideration. When auditing a non-public company that does not require an ICFR opinion the auditor may not choose to rely on internal controls when planning tests of balances. Even in that situation, the auditor must identify and assess the impact of significant risks.
Audit Strategy: Materiality and Risk
Materiality Set at financial statement level and at
account balance level Planning concepts of materiality:
Tolerable misstatement (for account balances) Tolerable rate of error (for ICFR) Qualitative materiality
Auditor judgment Benchmarks or rule of thumb, or quantitative
analysis to set planning materiality
Audit Strategy: Materiality and Risk
The auditor decides what tolerable misstatement is for an account balance and tolerable rate of error is for a control.
The auditor conducts the planned audit procedures to test the account balance. In general, if the conclusion is that the account balance misstatement is less than the tolerable misstatement the auditor accepts the account balance.
If a control is effectively designed, the auditor conducts the planned audit procedures to test the operating effectiveness of the control. In general, if the conclusion is that the control’s failure rate is less than the tolerable rate of error, then the auditor concludes that the control is effective.
Audit Strategy: Fraud Risk
Preliminary assessment of fraud risk during planning; brainstorming session
Responsibility to maintain professional skepticism
Fraud Triangle: incentive, opportunity, rationalization
Auditor specifically tests the operating effectiveness of anti-fraud controls
Audit planning also includes client’s risk of illegal acts that could materially impact the financial statements
Audit Strategy: Fraud Risk
Anti-fraud controls include those: Over significant, unusual transactions
particularly late or unusual journal entries Over journal entries and adjustments made
in the period-end financial reporting process Over related party transactions Related to significant management estimates That mitigate incentives for, and pressures
on management to falsify or inappropriately manage financial results
Audit Strategy
Recent significant developments Recurring engagement: events since the last
audit New engagement: events since the client was
accepted Can be internal events or external developments Auditor spends more time on these issues
Sources of information for the audit strategy Client acceptance and continuance activities Understanding the client’s system Other engagements for the client
Planning meeting and planning memorandum
Planning the Audit Resources
Assignments of the audit team
Timing of audit workHigh-risk areasEngagement budget
Audit Resources: Assignments The work must be planned and any assistants
must be properly supervised; required by auditing standards and quality control standards Supervision includes instruction and review
The firm should match jobs to individuals based on difficulty and complexity of the job and experience and expertise of the individual
How much time of people at which levels does the audit require? Sometimes there is a trade-off – a person with greater
skills can perform the task faster and better, will require less instruction and the review will be easier
Audit Resources: Timing
Terms Interim procedures, interim date Busy season
Timing of procedures in audit plan is for best effectiveness and efficiency.
Interim work helps Discover problems earlier so the client can fix them or the auditor
can plan to spend more time on them during year end work When the client does not retain records or not in the original format
Some work must be done at or after year end ICFR audit work on the client’s year end financial reporting process Agreeing financial statements to the accounting records Examining adjustments made when preparing the financial
statements
Audit Resources: Timing
Roll forward audit procedures When procedures performed at an interim date
have to be carried forward through fiscal year end Applies to ICFR work for financial statement
and ICFR audits Does a control that was tested at an interim date
continue to operate in the same way (either good or bad) through the end of the year?
Applies to financial statement audit work Reconcile an account balance tested at an interim
date with the year end account balance
Audit Resources: High Risk Areas Based on risk assessment procedures More audit effort is directed toward high risk areas
e.g., more tests, more experienced staff, specialists Specialist: a person or firm possessing special skill or knowledge in
a particular field other than accounting or auditing Can work for client, CPA firm or may be an outsider Audit evaluates qualifications and work of specialist before using
it If specialist’s work is unreasonable, auditor does more work Examples: actuaries, appraisers, engineers, environmental
consultants, geologists, lawyers A professional particularly knowledgeable about IT may be needed
Computer system is pervasive and critical to operations; is new, recently changed, complex; uses emerging technology; used for e-commerce
Audit Resources: High Risk Areas
IT expert’s potential contributions to the audit Determining the effect of IT on the audit Understanding the IT controls Designing and performing tests of IT
controls Designing and performing IT-related or
IT-based substantive procedures
Audit Resources: Engagement Budget Audit planning includes preparing a preliminary time budget
Detailed by areas of the audit Indicates anticipated time of professionals at various
experience levels for each area Purposes and uses of a time budget
Planning engagements Evaluating staff Managing the firm
Audit professionals track and report time spent on the engagement Firm can compare budget with actual outcomes Budgeted to actual is used for billing, evaluating staff
performance and bidding on future engagements
Develop the Audit Plan
Nature, timing and extent of audit procedures
Top down approach Different types of audit
procedures
Audit Plan: Nature, Timing and Extent First the auditor has to know:
Management assertions (which requires knowing which accounts are important), materiality, risk, timing driven by client specifics
Terms are used a lot; meaning is simple: Nature is type of test, control or substantive, and
which specific audit procedures is to be performed Timing is when it is to be performed;
considerations are having audit resources available, evidence availability, being able to test the period for which evidence is needed
Extent is quantity of testing to be performed
Audit Plan: Nature, Timing and Extent Nature: Tests of controls
For ICFR audit, the auditor must test controls For financial statement audit, auditor tests those controls that
are to be relied upon – for entire period of planned reliance If a significant account, type of transaction, or disclosure is
susceptible to material misstatement, the auditor defines what causes that susceptibility. If a control exists that is effectively designed to prevent or detect the event that will cause the account or disclosure to be materially misstated, the auditor plans how to test the controls operating effectiveness.
Nature: Substantive Procedures Purpose is straightforward, tests are planned to detect material
misstatements that exist in the financial statements Nature: Types of procedures to obtain audit evidence
Inspection, observation, inquiry, external confirmation, recalculation, reperformance, analytical procedures
Audit Plan: Nature, Timing and Extent
Extent: If test are properly designed for the audit issue being evaluated, the assumption is that more testing provides more evidence.
Extent considerations includes sampling decisions
Discussed more in later chapters Properly designed sampling approaches can
provide sufficient evidence to permit the auditor to draw valid conclusions without examining all the transactions
Audit Plan: Top Down Approach
How to plan substantive audit steps…identify, assess and decide upon: Significant accounts, transactions or
disclosures Relevant assertions for them Risks of material misstatement related to
those assertions Substantive audit procedures to address
those possible material misstatements
Audit Plan: Top Down Approach
How to plan control audit steps…identify, assess and decide upon: Significant accounts, transactions or
disclosures Relevant assertions for them Risks of material misstatement related to
those assertions Causes of the risks Controls that address the causes of the risks Tests of the controls
Audit Plan: Types of Audit Procedures Audit evidence: an accumulation of activities,
documents and information that persuades the auditor to have reasonable assurance that management’s assertions are appropriate.
AS 5, to test controls: Inquiries, inspection of documents, observation,
reperformance Walkthrough is the term for tracing a transaction
through initiation, authorization, processing and recording.
Walkthroughs are used to understand the system and assess design effectiveness
Audit Plan: Types of Audit Procedures
Audit procedures for a financial statement audit include those listed by AS 5 for controls, and more: Inspection of records, documents, tangible
assets Observation Inquiry External confirmation Recalculation Reperformance Analytical procedures
Communication on Planning
After initial audit planning, auditor may meet with management
Auditor may provide an overview of the plan for the audit
Auditor provides general information about scope and timing, but not a level of detail that would compromise the audit’s effectiveness
Other Independent Auditors vs. “Others”
Sometimes more than one independent auditor works on an audit Auditor who does the most is called the principle
auditor Principle auditor must decide whether it was
sufficiently involved in the work of the other firm to take responsibility for the conclusions on that work
Impacts the audit report “Work of others” guidance does not address
the principal auditor – other auditors situation
Deciding to Rely on the Work of Others
In deciding whether to rely on the work of others in planning and executing the audit, the auditor must evaluate The individual who performed the work
Competence objectivity
The subject matter or target of the work performed Materiality Risk associated with controls Subjectivity of the evaluations in the procedures
Effect on the Independent Auditor’s Work
The auditor will be very careful in deciding whether to use the work of others that has been done on the control environment since that work has such a big impact on other decisions in the audit.
When a account, disclosure or control is associated with greater risk (including because of materiality) the auditor performs more work personally and relies less on the work of others.
The work of others may cause the auditor to change the nature, timing and extent of audit procedures; can result in either more or less audit attention to a particular area.
Effect on the Independent Auditor’s Work The auditor relies less on the work of others if more
judgment is required to determine whether a misstatement is important or a control is performing effectively.
The auditor does more work personally on controls over period-end financial reporting because problems in this process present significant risk of misstatement to the financial statements.
Accounts that incorporate important estimates or judgments made by management require more personal work by the auditor and less use of the work of others; e.g., revenue recognition, collectibility of receivables, appropriate accounting for derivatives.
Effect on the Independent Auditor’s Work
If an account is susceptible to management override the auditor relies less on the work of others.
Some accounts may have a low enough risk of material misstatement that the auditor may choose to rely on the work of others rather than performing procedures; possibilities are existence of cash, prepaid assets and fixed asset additions.
High risk and judgment needs can cause the auditor to perform more audit work in addition to that performed by others; examples are Valuations requiring significant estimates Related party transactions, contingencies, uncertainties,
subsequent events
Evaluating and Testing Other’s Work Auditor must decide how much evaluation and testing
to do on the work of others; professional judgment How much will the work of others affect audit
decisions? How competent and objective is the other person? What were the accounts and controls the other
person worked on? Procedures to test work of others
Examine some of the controls, transactions or balances that others examined and compare results
Examine controls, transactions or balances similar to the ones examined by others and compare results
Audit Impact of Work of Others The auditor can consider the work of others in
planning and performing audit procedures; can either increase or decrease audit work because of the work of others and results
Others can actually provide direct assistance on the audit; auditor must: Assess competence and objectivity Supervise, review, evaluate, and test work Inform works on responsibilities, objectives of
procedures, important accounting and auditing matters, need to report significant findings to the auditor
Copyright
“Copyright © 2011 John Wiley & Sons, Inc. All rights reserved. Reproduction or translation of this work beyond that permitted in Section 117 of the 1976 United States Copyright Act without the express written permission of the copyright owner is unlawful. Request for further information should be addressed to the Permissions Department, John Wiley & Sons, Inc. The purchaser may make back-up copies for his/her own use only and not for distribution or resale. The Publisher assumes no responsibility for errors, omissions, or damages, caused by the use of these programs or from the use of the information contained herein.”