Professional Documents
Culture Documents
Lecture 3
TUTOR:
1
ISA 300 AUDIT PLANNING
2
Planning procedures:
1 1. Systems
1 3. Accounting policies
1 4. Management
3
ISA 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND
ASSESSING THE RISK OF MATERIAL MISSTATEMENT.
315.2 The auditor must obtain an understanding of the entity and its
environment, including internal controls, so that they can identify and assess
the risks of material misstatement on financial statements due to fraud or
error and design and perform further audit procedures.
Procedures to follow:-
• Enquiry of management
• Analytical procedures.
• Observation and inspection.
4
ISA 400 RISK ASSESSMENT
1. Business Risk
2. Audit Risk.
1. Business Risks
Business risk is the risk that the business will fail to meet its objective.
• Financial risk which arises from the company activities such as going
concern problems, overtrading, credit risk, interest risk, currency risk
and breakdown of accounting systems.
• Operational risk arising from the operation of the business such as lost
business opportunities, loss of physical assets and lack of business
orders.
• Compliance risk arising from non-compliances with laws and
regulations such as breach of companies acts, and health and safety
regulations.
2. Audit risk is the risk that the auditor come to an invalid conclusion in
audit report and come to an incorrect opinion that either:
5
There are two types of audit risks:-
1. Inherent risk
2. Control risk
1. Inherent risk is the risk that misstatement will occur due to factors
inherent in the company’s business or environment or the nature of
individual transaction or balance. It is the risk attached to an assertion
that could cause a material misstatement. Certain assertions, related
classes of transactions and account balances such as stock are more
prone to risk.
6
1 2. Control risk is the risk that a misstatement could occur in an account
balance or class of transactions and that could be material either
individually or when aggregated with misstatement in other balance or
class, would not be detected and corrected on timely basis, by the
accounting and internal control systems.
2 This is the risk that the client’s internal control system will not prevent
errors occurring or will not detect them after the occurrence so that
they may be prevented.
7
ISA 320 AUDIT MATERIALITY
Auditors must consider materiality and its relationship to audit risk when
conducting and audit.
Quantitative materiality
1
2 An item is material if it is :-
3
4 > 5-10% of profit before tax
5 > ½– 1% of turnover
8
1 > 1 – 2% of gross total assets
1 Qualitative materiality
2
3 The nature of an item which is immaterial in size could be material if it
is :-
4
5 1. Illegal payment or otherwise immaterial amounts could be material.
Material contingency could rise and results in a material loss of assets
or revenue.
6
7 2. Inadequate or improper description of an accounting policy could be
material. Users of the financial statements could be misled.
9
Assessing Risk: ISA 330 The auditor's procedures in response to
assessed risks
10
ISA 330 indicates that the auditor must determine the nature and extent of
audit evidence to be obtained from the performance of substantive
procedures in response to the related assessment of the risk of material
misstatement. This varies depending on the assessment of inherent and
control risks, and that, irrespective of the assessed risk of material
misstatement, the auditor designs and performs substantive procedures for
each material class of transactions, account balance, and disclosure and that
the assessed levels of inherent and control risk cannot be sufficiently low to
eliminate the need to perform any substantive procedures.
The higher the auditor’s assessment of inherent and control risk, the more
reliable and relevant is the audit evidence the auditor needs to obtain from
the performance of substantive procedures. The use of confirmation
procedures may be effective in providing sufficient appropriate audit
evidence.
On the other hand, the assessed risk of material misstatement and the level
of inherent and control risk is low, the less assurance the auditor needs from
substantive procedures. For example, if an entity has a loan that it is
repaying according to an agreed schedule, the terms of which the auditor has
confirmed in previous years and the other work carried out by the auditor
including tests of controls indicates that the terms of the loan have not
10
changed, this means that the risk of material misstatement level of inherent
and control risk is low, and the auditor can limit substantive procedures to
testing details of the payments made, rather than again confirming the
balance directly with the lender.
11
to conduct some audit procedures at an interim date rather than at period
end.
The auditor should design and perform further audit procedures whose
nature, timing,
and extent are responsive to the assessed risks of material misstatement at
the
assertion level.
12
The auditor’s assessment of the identified risks at the assertion level provides
a basis for considering the appropriate audit approach for designing and
performing further audit procedures.
1. Test of controls
In some cases, the auditor may determine that only by performing tests of
controls will he achieve an effective response to the assessed risk of material
misstatement for a particular assertion. Tests of control are an audit
procedure designed to evaluate the operating effectiveness of controls in
preventing, or detecting and correcting, material misstatements at the
assertion level. The auditor designs tests of controls to obtain sufficient
appropriate audit evidence that the controls operated effectively throughout
the period of reliance. Matters the auditor may consider in determining the
extent of the auditor’s tests of controls include the following:
• The frequency of the performance of the control by the entity during the
period.
• The length of time during the audit period that the auditor is relying on the
operating
effectiveness of the control.
13
• The relevance and reliability of the audit evidence to be obtained in
supporting that
the control prevents, or detects and corrects, material misstatements at the
assertion
level.
• The extent to which audit evidence is obtained from tests of other controls
related to the assertion.
14
In most cases, audit evidence from a previous audit’s substantive procedures
provides little or no audit evidence for the current period.
Exceptions:-
* A legal opinion obtained in a previous audit related to the structure of a
securitization to which no changes have occurred, may be relevant in the
current period. In such cases, it may be appropriate to use audit evidence
from a previous audit’s substantive procedures if that evidence and the
related subject matter have not fundamentally changed, and audit
procedures have been performed during the current period to establish its
continuing relevance.
15
Performing substantive procedures at an interim date without undertaking
additional
procedures at a later date increase the risk that the auditor will not detect
misstatements that may exist at the period end.
Documentation
The form and extent of audit documentation is a matter of professional
judgment, and is
influenced by the nature, size and complexity of the entity and its internal
control, availability of information from the entity and the audit methodology
and technology used in the audit.
1. The objective of the auditor is to identify and assess the risks of material
misstatement,
16
whether due to fraud or error, at the financial statement and assertion levels,
through
understanding the entity and its environment, including the entity’s internal
control, thereby providing a basis for designing and implementing responses
to the assessed risks of material misstatement.
17
* Confirming that they have disclosed to the auditor, their own
assessment of risk of fraud and any knowledge of fraud or suspected
fraud.
7. Report
* To appropriate level management if auditor has identified fraud or is
suspicious of fraud.
* To those charged with governance if fraud involves management,
significant employees and third parties.
* To regulators if there is a statutory duty.
18
(c) Employed by the entity; or
(d) Employed by the auditor.
When the auditor uses the work of an expert employed by the auditor, that
work is used in the employee’s capacity as an expert rather than as an
assistant on the audit.
The auditor should obtain sufficient appropriate audit evidence that the scope
of the expert’s work is adequate for the purposes of the audit.
1. When issuing an unqualified report, the auditor should not refer to the
work of an
19
expert. Such a reference might be misunderstood to be a qualification of the
auditor’s
opinion or a division of responsibilities.
20