Planning the Audit/Assessing Risks and Response to Risks

2222

Presented by s

Mrs Marie Louise Teng Hing Voon, FCA

Partner BDO Mauritius

Member of Audit Practice Review Panel

at the

Financial Reporting Council

Planning - ISA 300

Assessing Risks - ISA 315

Responses to Risks - ISA 330

2222

PLANNING

WELCOME AND INTRODUCTIONPage 3Page 3

Overall audit strategy & develop an audit plan

1.Involvement of Key Team

Members

2.Preliminary Engagement

Activities

3. Planning Activities 4.

Documentation

5. Considerations

- Initial engagements

2222

3.1 Develop Audit Plan

Ethical requirements compliance

3.0 Establish audit strategy

-Scope-Reporting objectives-Results of preliminary activities

- ResourcesUnderstanding

terms of engagement

- Nature, timing and

extent of risk assessment procedures (ISA 315)

3. Planning Activities

2.Perform Continuance Procedures –

ISA 220

1. Engagement Team

Discussion

Further procedures –

Assertion level ( ISA 330)

2222

IDENTIFYING & ASSESSING RISKS – ISA 315

2222

APPROACH

• Risk Assessment Procedures

• Understand the entity and its environment, including internal control

• Identify & Assess Risks of Material Mistatements

IDENTIFY RISKPage 6

Identify and assess risk

2222

AUDIT RISK MODEL

Audit risk

Controlrisk

Inherent risk Detection risk

Risk of material misstatement

Page 7IDENTIFY RISKPage 7IDENTIFY RISK 222

2

Page 8

THE AUDIT RISK MODEL

Controlrisk

Inherent risk Detection risk

Understand the

business

Understand and assess

controls

Our response

222

IDENTIFY RISKPage 9

RISK TERMINOLOGY

Engagement level

Assertion level

Financial statement level responses /

actions

Significant RMM RMM

RMM Level

Identify

Assess

Respond

Potential RMM

Significant RMM RMM

Significant Normal

Audit Response

Audit Response

222

Engagement level AND ASSERTION LEVEL RISKSEngagement level

• Pervasively to F/S as a whole

• Not confined to specific elements, accounts or items of F/S

• Make us to change our overall behaviours and testing strategy relating to the audit as a whole

Assertion level

• Relate to classes of transactions, account balances or disclosures

IDENTIFY RISKPage 10

2222

IDENTIFY RISKPage 11

RISK ASSESSMENT PROCEDURES

• Basis for identification and assessment of risks

• Shall include:

1. Inquiries from management and others

2. Analytical Procedures

3. Observation and Inspection

Page 11IDENTIFY RISK 222

2

UNDERSTAND THE ENTITY

• Industry factors

• Regulatory factors

• Other external factors

• Business operations

• Investing activities

• Financing activities

• Financial reporting

• Fraud

Pro

fessio

nal

Jud

gem

en

tPotential RMMs?

Page 12IDENTIFY RISK 222

2

Page 13

InternalControl

MonitoringMonitoring

Control Environment

Control Environment

RiskAssessment

RiskAssessment

ControlActivities

ControlActivities

Information&

Communications

Information&

Communications

COMPONENTS OF INTERNAL CONTROL

Page 13IDENTIFY RISK 222

2

IDENTIFY RISKPage 14

UNDERSTAND INTERNAL CONTROL

•Control environment

•Risk assessment

• Information and communications- IT Environment

- IT General Controls

•Monitoring

Pro

fessio

nal

Jud

gem

en

tPotential RMMs

2222

UNDERSTAND INTERNAL CONTROL

• Visits to the client's premises

• Discussions with management and staff

• Interviews with management’s expert

• Inspection of minutes

• Review of internal audit reports

• Observation

Page 15IDENTIFY RISK 222

2

IDENTIFY RISKPage 16

UNDERSTAND INTERNAL CONTROL

• Corroborating inquiries of others within the entity

• Observing the application of specific controls

• Inspecting documents

• Reviewing reports

2222

UNDERSTAND THE INFORMATION SYSTEM

• Document information systems in use by the entity for financial reporting

• Determines if the system is ‘complex’ or not

• Obtain understanding of IS, including related business processes, relevant to financial reporting.

IDENTIFY RISKPage 17

2222

DOCUMENTATION

• ETD to susceptibility of entity’s F/S to material misstatement

• Key elements of understanding obtained – entity and control components

• Identified and assessed RMM – F/S & Assertion Level

• Risks identified and related controlsIDENTIFY RISKPage 18

2222

RESPONSES TO ASSESSED RISKS – ISA 330

2222

RESPONSES TO ASSESSED RISKS

• Audit Procedures responsive to the Assessed RMM @ F/S Level & @ Assertion Level

• Adequacy of Presentation and Disclosure

• Evaluate Sufficiency and Appropriateness of Audit Evidence

• Documentation

Page 20

DESIGN AUDIT RESPONSE 2222

• Design tests of controls - Expectation that controls are operating effectively

- Substantive procedures alone not provide enough assurance

• Timing of Tests

• Evidence obtained at interim and previous audits

• Test controls over significant risks

Page 21DESIGN AUDIT RESPONSE

TESTS OF CONTROLS

2222

SUBSTANTIVE PROCEDURES

• External confirmations?

• SAP – F/S Closure Process- F/s to underlying records

- J/entries, Other adjustments

• SAPs specifically responsive to significant risk @ assertion level

• Timing of SAPs

Page 22DESIGN AUDIT RESPONSE 222

2

LEVELS OF SAP ASSURANCE

Page 23DESIGN AUDIT RESPONSE 222

2

Page 24

GENERAL FINANCIAL STATEMENT AREAS

DESIGN AUDIT RESPONSE 2222

RECAP – AUDIT RESPONSE

• Our audit strategy and tests should be responsive to our risk assessment and tailored to reflect the facts and circumstances of the engagement

• Audit strategy is determined by judgement and a mix of ToCs, SAPs and/or OSPs

• Document - responses to address risks-Nature, timing & extent of procedures

- results of procedures

- Effectiveness of controls

- F/S procedures

Page 25DESIGN AUDIT RESPONSE 222

2