AC2401 Assurance and Auditing Bible

AC3101 ASSURANCE & AUDITING | BY SAMUEL WYSTAN
THE EPIC AC3101 ASSURANCE & AUDITING NOTES

PART I - INTRODUCTION TO ASSURANCE & F/S AUDITING
INTRODUCTION TO ASSURANCE AND F/S AUDITING
An engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the
Assurance
intended users other than the responsible party about the outcome of the evaluation or measurement of a subject
matter against criteria.
Auditing
A subset of assurance; a systematic process of objectively obtaining and evaluating evidence regarding assertions about
economic actions and events to ascertain the degree of correspondence between those assertions and established
criteria and; communicating the results to interested users. It bridges the lack of trust between buyers and sellers.
Overview of the Principal- Agent Relationship Leading to the Demand for Auditing
The Principal- Agent Relationship
Agent usually has more information. Hence, role of auditor: determine whether reports prepared by the
manager conform to the contract's provision. Reduce information risk [risk that information circulated by a
company's management will be false or misleading,
To reduce problem: manager may have agree to some monitoring provisions to assure he/she will not misuse
resources.
Level of Assurance
Reasonable Assurance Engagement (High Level)– “ Audit “

Level of Assurance
 Practitioner gathers sufficient appropriate evidence to enable him to express his conclusion in a positive form
 E.g. “In our opinion, management’s assertions are fairly presented”
Limited Assurance Engagement (Moderate Level)– “ Review “
 Practitioner gathers sufficient appropriate evidence to enable him to express his conclusion in a negative form
 E.g. “ In our opinion, nothing has come to our attention that causes us to believe that management’s assertions are
not fairly presented”
1
Types of Assurance
Assertion- Based Engagement
 Evaluation or measurement of the subject matter is performed by the responsible party.

 Subject matter info is made available to the intended users in the form of an assertion by responsible party.
 E.g. F/S Audits, External Assurance on Sustainability Reporting
 Practitioner depend on responsible party to prepare report and intended user also have a copy of the report
Types of Assurance
Direct Reporting Engagement
 Practitioner either directly performs the evaluation or measurement of the subject matter, or obtains a
representation from the responsible party that has performed the evaluation or measurement that is not available
to the intended users.
 Subject matter info is provided to the intended users in the assurance report
 E.g. Compliance and Operational Audits (where no assertions are made by the responsible party to intended users)
 Intended users=no report + practitioner prepare report instead of responsible party
Overview of the Financial Statement Audit Process

Overview of the Financial Statement Audit Process
Audit Risk
Audit Risk
 Audit Risk is the risk that the Auditor expresses an inappropriate audit opinion when the financial statements are
materially misstated.
To be covered later.
Audit Evidence
Audit Evidence
All the information used by the Auditor in arriving at the conclusions on which the audit opinion is based, and
includes the information contained in the accounting records underlying the financial statements and other
information.
To be covered later.
2
THE FINANCIAL STATEMENT AUDITING ENVIRONMENT

THE AUDITING PROFESSION
Profession
Profession
 A disciplined group of individuals who adhere to high ethical standards and uphold themselves to, and are
accepted by, the public as possessing special knowledge and skills in a widely recognized, organized body of
learning derived from education and training at a high level, and who are prepared to exercise this knowledge and
these skills in the interest of others.
Characteristics of a Profession
[K] Skill based on theoretical Knowledge

Characteristics
[E] Extensive period of education

[T] Testing competency
[T] Institutionalized training or period of Internship
[L] Licensed Practitioners
[E] Work Autonomy Environment
[A] Professional Associations
[C] Code of Ethics
Some Auditing- Related Professional Associations
Institute of Singapore Chartered The ISCA is the national professional body for accountants in
Accountants Singapore. It sets out to develop, support and enhance the
(ISCA) integrity, status and interests of the accountancy profession in
Formerly ICPAS Singapore.
Association of Chartered Certified ACCA is a leading international accountancy body. The ACCA
Accountants (ACCA) qualification is recognised and is treated in other countries as being
equivalent to their local qualification.
Other Countries Other professional bodies for different countries around the world
 American Institute of CPAs (AICPA)
 Institute of Chartered Accountants in
England and Wales (ICAEW)
 CPA Australia
The Institute of Internal Auditors (IIA) The IIA is recognized as the internal audit profession's leader in
Professional Associations
certification, education, research, and technical guidance.

Role of IAs in internal control and corporate governance:
- IAs help an organization complete its objectives by bringing a
systematic, disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance processes.
- IAs report to the management or (ideally) to the entity’s audit
committee or board of directors.
- IAs can be staffed entirely in-house, co-sourced or outsourced to
typically an audit firm.
The International Organization of Supreme INTOSAI is a worldwide affiliation of governmental entities. Its
Audit Institutions (INTOSAI) members are the Chief Financial Controller/Comptroller
General/Auditor General Offices of nations.
Association of Certified Fraud Examiners ACFE is the world's largest anti-fraud organization and premier
(ACFE) provider of anti-fraud training and education. ACFE helps reduce
business fraud worldwide and inspire public confidence in the integrity
and objectivity within the profession.
Information Systems Audit and Control ISACA is a nonprofit, independent association that advocates for
Association (ISACA) professionals involved in information security, assurance, risk
Focuses on internal controls surrounding the management and governance. It engages in the development,
information system. adoption and use of globally accepted, industry-leading knowledge
and practices for information systems.
3
REGULATION IN SINGAPORE
Difference between Certified Public Accountant and Chartered Accountant in Singapore?
Chartered Accountant of Singapore (CA(Singapore))
 The Chartered Accountant of Singapore (CA (Singapore)) title is protected under the Singapore Accountancy
Commission (SAC) Act and the Singapore Qualification Programme (SQP).
 SQP is a pathway to obtain the CA (Singapore) designation is owned by the SAC, a statutory board of the Singapore
Chartered Accountants
Government.
 The SQP comprises 3 components, namely: academic base, professional programme and practical experience. To
attain the CA (Singapore) designation, Candidates will have to complete 3 years of relevant practical work
experience, under the supervision of an Approved Mentor, and with a Training Agreement at an Accredited
Training Organization (ATO)
 The ISCA is also the Administrator of the SQP. ISCA works closely with the SAC in raising the profile of the SQP,
helping it to attain international recognition, and promote it as the educational pathway of choice for professional
accountants.
Certified Public Accountant
 No longer used widely in Singapore because of the name change: An accountant - previously known as a CPA - will now
be called a Chartered Accountant of Singapore. All CPA Singapore holders will be automatically converted to the CA
Singapore designation in July 2013.
1. Government Regulation
Accounting and Corporate Regulatory Authority (ACRA) Singapore

Regulation in Singapore
 National regulator of business entities and public accountants in Singapore and plays the role of facilitator for their
development.
 ACRA undertakes the oversight of issuance of Singapore Standards of Auditing.
2. Self Regulation by the Professional Association (i.e. ISCA) Government regulation has stricter regulation
and more public oversight. International Standards
Institute of Singapore Chartered Accountants on Auditing more comprehensive.
 ISCA’s Auditing and Assurance Standards Committee (AASC) manages the due process of localizing the standards
issued by ACRA.
REGULATION IN USA
 Sarbanes-Oxley Act (SOX) is a legislation passed by the U.S. Congress to protect shareholders and the general public
SOX
from accounting errors and fraudulent practices in the enterprise, as well as improve the accuracy of corporate
disclosures.
Securities and Exchange Commission (SEC)
 The government agency that regulates disclosure of information for an initial public offering of securities and on-
going reporting by companies whose securities are listed and traded on a US stock exchange.
 Oversees the Public Company Accounting Oversight Board (PCAOB):
Regulation in USA
o The PCAOB is a nonprofit corporation established by Congress through the Sarbanes-Oxley Act (2002) to oversee
the audits of public companies in order to protect the interests of investors and further the public interest in
the preparation of informative, accurate and independent audit reports.
o The PCAOB also oversees the audits of broker-dealers, including compliance reports filed pursuant to federal
securities laws, to promote investor protection.
Financial Accounting Standards Board (FASB)
 A privately-funded, independent board consisting of accounting professionals who establish and communicate
standards of financial accounting and reporting in the United States. FASB standards, known as Generally
Accepted Accounting Principles (US GAAP), govern the preparation of corporate financial reports and are
recognized as authoritative by the SEC.
4
INTERNATIONAL STANDARDS AND ORGANIZATIONS
International Standards and Organizations
International IFAC is the global organization for the accountancy profession. It establishes international
Federation of standards on ethics, auditing and assurance, accounting education, and public-sector
Accountants (IFAC) accounting through its independent standard-setting boards:
International Auditing and IAASB is the board (funded by IFAC) that develops and
Assurance Standards Board issues standards:
(IAASB)
 International Standards of Auditing (ISAs) are
professional standards for the performance of
financial auditing of financial information.
 International Standards on Review Engagements
(ISRE) apply in the review of historical financial
information.
 International Standards on Assurance Engagements
(ISAE) apply in assurance engagements other than
audits or reviews of historical financial information.
 International Standards on Related Services (ISRS)
International Standards and Organizations
apply to compilation engagements and engagements

to apply agreed upon procedures to financial
information.
 International Standards on Quality Control (ISQC)
apply for all the engagement standards (ISA, ISRE,
ISAE, ISRS)
International Ethics IESBA develops and issues ethical standards and guidance
Standards Board for for use by professional accountants:
Accountants (IESBA)  The Code of Ethics for Professional Accountants
International Public Sector IPSAS develops and issues standards for use by public
Accounting Standards Board sector entities around the world in the preparation of
(IPSAS) financial statements.
International Accounting IAESB develops and issues standards in the area of
Education Standards Board professional accounting education that prescribe technical
(IAESB) competence and professional skills, values, ethics, and
attitudes.
 To ensure the activities of the IFAC and the independent boards are responsive to public
interest, an international Public Interest Oversight Board (PIOB) was established to
oversee the standard-setting process:
Public Interest  PIOB is an international body that oversees the IFAC and seeks to improve the quality
Oversight Board and public interest focus of the IFAC standards in areas of Audit, education and ethics.
(PIOB)  Members of PIOB are nominated by regulators and related organizations.
 Before a standard is finalized, the PIOB must approve that the standard-setting has
followed a due process, including that the standard-setting was sufficiently responsive to
the needs and perceptions of various stakeholders.
International  IASB is an independent, privately-funded accounting standard-setter that is responsible for
Accounting the development and publication of International Financial Reporting Standards (IFRS)
Standards Board and for approving interpretations of IFRS.
(IASB)  Their predecessor is the International Accounting Standards Committee (IASC) and
supersedes their old International Accounting Standards (IAS).
5
MANDATORY AUDIT REQUIREMENTS IN SINGAPORE
Mandatory Audit in Singapore S201, section 14A - True and Fair override
Mandatory Audit in SG
'... need not comply with that requirement (of Accounting Standards) to the
Companies Act, Section 201: extent that this is necessary for them to give a true and fair value of the matter.'
Directors of every Company to present at AGM audited profit/loss account and balance sheet that comply with
the requirements of the Accounting Standards and give a true and fair view of the profit and loss and state of
affairs of the Company respectively
Holding Companies to present audited balance sheet of the holding Company and Consolidated profit/loss account
and balance sheet.
Exemption from Audit
Companies Act, Section 205B/C:
 A Company is exempt from Audit requirements (above) if it is:

o Dormant (at the time of formation or since the previous financial year)
o An Exempt Private Company (<20 shareholders and no corporate shareholders) with revenue not exceeding
the prescribed amount (defined in Regulation 89A of Companies Regulations) of $5,000,000 for financial year
Audit Exemption
starting on/after 1 June 2004.
[*] Proposed Change to the Small Company criteria
A Small Company is defined as private company that fulfills 2 of 3 criteria
1. Total Annual Revenue of not more than 10 million

*For a company which is part of a group:
(a) the company must qualify as a small company; and
2. Total Gross Assets of not more than 10 million (b) entire group must be a 'small group' to qualify for
the audit exemption
3. No. of employees not more than 50
 The above includes subsidiaries; therefore have to do Consolidation first.
Objective and Scope of Financial Statement Audit

Objective/Scope
Singapore Standards on Auditing (SSA) 200:
 To enhance the degree of confidence of intended users in the financial statements

 Through the express of an opinion by the Auditor on whether the financial statements are presented fairly, in all
material respects, or give a true and fair view in accordance with an applicable financial reporting framework
 By obtaining reasonable assurance about whether the financial statements as a whole are free from material
misstatement, whether due to fraud or error.
SOCEITY’S EXPECTATIONS AND THE AUDITOR’S RESPONSIBILITIES

The Audit Expectation Gap
6
Audit Expectation Gap
 The difference between the actual and expected performance of an Auditor, also defined as ‘the difference
between what the public and financial statement users believe Auditors are responsible for and what Auditors
themselves believe their responsibilities are’.
 Some measures that the profession has taken to narrow the Audit Expectation Gap: Education (e.g. more
information), Improving Auditing Standards
Loss of confidence and trust by society could be explained by the audit expectation- performance gap.
The gap has 2 components: a ‘reasonableness gap’ which is the responsibilities society unreasonably expects auditors to
perform. Responsibilities reasonably expected of auditors should be that which is cost-beneficial for auditors to perform;
unreasonable expectations would be things such as guarantee FS are completely accurate or is financially sound.
Performance gap has two components: deficient standards gap (duties reasonably expected but not required of
auditors based on their existing duties). That is, duties that extend beyond auditors current legal and professional
responsibilities. For example, requiring auditors to disclose in the audit report, or to an appropriate authority, matters of
concern encountered during an audit – such as effectiveness of company’s internal controls; reliability of information
relating to the company on the internet.
Profession
Deficient performance gap: society perceiving auditors not to perform the responsibilities required of them to the
expected standard.
To narrow unreasonable expectations: one primary way is thru educating the users on what an audit can accomplish
within reasonable time and cost constraints; to that end, the auditor’s report explains what is management’s
responsibility and auditor’s responsibility. The enhanced auditor report further clarifies the responsibilities (refer them to
seminar 4); involvement of public in standard setting process (AASC for example, has public members).
To narrow deficient standards: improved auditing standards to better align auditor’s responsibilities with society’s
reasonable expectations (hence, the clarity project was undertaken by IAASB and now we have the clarified auditing
standards); enhanced auditor reporting;
To narrow deficient performance: can enhance monitoring of auditor’s performance (such as the PMP by ACRA); better
training of auditors (CPE requirements, SQP, new standards for registering as a public accountant); and more stringent
quality control over audit (SSQC 1)
JUDGMENT IN AUDITS
Role and Importance of Judgment in Audits
 Auditor needs to exercise judgment throughout the Audit, such as:
Judgment in Auditing
o Client Acceptance and Continuance

o Setting of Audit Fees
o Determining Materiality Level
o Assessing Audit Risks
o Designing Audit Strategy and Plan
o Evaluating Audit Evidence
o Determining Audit Opinion
Impairment of Judgments
Impairment of Judgment
 Auditor's Judgment could be impaired by:

o Motivational Biases resulting from Threats to Fundamental Principles (to be covered later) (i.e.
Self-Review, Self-Interest, Advocacy, Familiarity, Intimidation)
o Cognitive Biases resulting from the use of Heuristics such as

– Framing (how a question is phrased)
– Availability (ease of retrieval from memory)
– Representativeness (use of stereotypes)
– Anchoring and Adjustment
– Confirmation
7
Framing
 Frames are mental structures that we use, usually subconsciously, to simplify, organize and guide our
understanding of a situation.
 They shape our perspectives and determine the information that we will see as relevant or irrelevant, important or
unimportant. Frames are necessary and helpful, but the problem is that we often are not aware of the perspective
or frame we are using.
Availability
 Availability Heuristic is the tendency for decision-makers to consider information that is easily retrievable from
memory as being more likely, more relevant and more important for a judgment.
 The information that is most ‘available’ to our memory may unduly influence estimates, probability assessments
and other professional judgments.
 E.g. Having just encountered a client involved in Fraud/misappropriation of cash, an Auditor pays disproportionate
attention in the Audit of Cash in the current engagement
Confirmation
Cognitive Biases
 Confirmation is the tendency for decision-makers to seek for and give more weight to information that is consistent
with their initial beliefs or preferences.
 After receiving confirmatory evidence, decision-makers often are confident that they have/will be able to find
adequate evidence to support their belief.
 E.g. Auditors tend to be prone to over-relying on management’s explanation for a significant difference between the
Auditor's Expectation and Management’s Recorded Values, even when the client’s explanation is inadequate.
Representativeness
 Representativeness Heuristic is the tendency for decision-makers to compare information to their mental prototypes
(i.e. stereotypes)
 E.g. Having known the Management are highly-learned people with MBA educational background from top business
schools, an Auditor concludes that Fraud Risk factor is low
 E.g. Believing that the internal controls should be working well, an Auditor disregards his ad-hoc observations that
there were lacking in segregation of duties on certain occasions in the purchasing function.
Anchoring and Adjustment
 Anchoring is the tendency for decision-makers to make assessments by starting from an initial numerical value and
then to adjust insufficiently away from that value in forming a final judgment.
 E.g. Management’s estimate/unaudited account balance can serve as an Anchor. The Auditor is charged with
objectively assessing the fairness of an account balance.
 E.g. When setting preliminary materiality at the planning phase, the Auditor apply a rate of 10% on PBT (the same
basis used as in the previous year’s Audit), even though there are significant increase in the business risks.
Ways to Counter Cognitive Biases
 Decision aids (e.g. Checklists)

 Awareness training
 Breakdown complex tasks into smaller tasks (e.g. Nature of Business/Products, Inherent Risks, Internal Controls)
 Develop alternative explanations
 Justification of decisions
 Group decision- making
1. Utilitarianism: Interests of all parties affected should be considered and not just one’s own self-interest. Also
Ethical Behaviour
recognizes the trade-offs between the benefits and burdens of alternative actions
2. Rights-based approach: Individuals have certain rights and other individuals have a duty to respect those rights
(However, note that it is difficult to satisfy all rights of all affected parties)
Theories of
3. Justice-based approach: Each person has a right to have the maximum degree of personal freedom that is still
compatible with the liberty of others + social and economic actions should be to everyone’s advantage and the
benefits available to all
8
MISSTATEMENTS
Misstatement
 SSA 200: A difference between the amount, classification, presentation, or disclosure of a reported financial
statement item and that required for it to be in accordance with the applicable financial reporting framework
 Can arise from either errors or frauds and can be either immaterial, material OR material and pervasive.
Material Misstatements
Misstatement
 SSA 320(2): Misstatements, including omissions, are considered to be material if they, individually or in aggregate,
could reasonably be expected to influence the economic decisions of users taken on the basis of the financial
statements.
 Judgments about materiality are made in light of surrounding circumstances, and are affected by the size or nature
of a misstatement, or a combination of both.
Pervasive Misstatements
 Misstatements so serious and severe that they are not confined to specific elements, accounts or items of the
financial statements.
 Or, if they are confined, they represent or could represent a substantial proportion of the financial statements.
 Or, in relation to disclosures, are fundamental to user’s understanding of the financial statements.
QUALITY OF AUDIT / AUDIT FAILURE
 In A Framework for Audit Quality by the IAASB, they adopt the view that a quality Audit is likely to be achieved
when the Auditor’s opinion on the financial statements can be relied upon as it was based on sufficient
Quality of Audit
appropriate Audit evidence obtained by an engagement team that:

o Exhibited appropriate values, ethics and attitudes;
o Was sufficiently knowledgeable and experienced and had sufficient time allocated to perform the Audit work;
o Applied a rigorous Audit process and quality control procedures;
o Provided valuable and timely reports; and
o Interacted appropriately with a variety of different stakeholders
Audit Failure may arise in the event of poor Audit Quality.
Inputs
Inputs are grouped into the following input factors:
(a) The values, ethics and attitudes of auditors, which in turn, are influenced by the culture prevailing within the audit firm; and
(b) The knowledge, skills, and experience of auditors and the time allocated for them to perform the audit.
Within these input factors, quality attributes are further organized between those that apply directly at:
(a) The audit engagement level;
Factors Affecting Audit Quality
(b) The level of an audit firm, and therefore indirectly to all audits undertaken by that audit firm; and
(c) The national (or jurisdictional) level and therefore indirectly to all audit firms operating in that country and the audits they
undertake.
The inputs to audit quality will be influenced by the context in which an audit is performed, the interactions with key
stakeholders and the outputs. For example, laws and regulations (context) may require specific reports (output) that influence
the skills (input) utilized.
Process
The rigor of the audit process and quality control procedures impact audit quality.
Outputs
Outputs include reports and information that are formally prepared and presented by one party to another, as well as outputs
that arise from the auditing process that are generally not visible to those outside the audited organization. For example, these
may include improvements to the entity’s financial reporting practices and internal control over financial reporting, that may
result from auditor findings.
The outputs from the audit are often determined by the context, including legislative requirements.
While some stakeholders can influence the nature of the outputs, others have less influence.
9
Indeed, for some stakeholders, such as investors in listed companies, the auditor’s report is the primary output.
Key Interactions within the Financial Reporting Supply Chain

While each separate stakeholder in the financial reporting supply chain plays an important role in supporting high-quality
financial reporting, the way in which the stakeholders interact can have a particular impact on audit quality. These interactions,
including both formal and informal communications, will be influenced by the context in which the audit is performed and allow
a dynamic relationship to exist between inputs and outputs.
For example, discussions between the auditor and the audit committee of a listed company at the planning stage can influence
the use of specialist skills (input) and the form and content of the auditor’s report to those charged with governance (output). In
contrast, for privately owned businesses, there may be close proximity to the owners during the course of the audit. In these
circumstances, there may be frequent informal communications, which contribute to audit quality.
Contextual Factors
There are a number of environmental – or contextual – factors, such as laws and regulations and corporate governance, which
have the potential to impact the nature and quality of financial reporting and, directly or indirectly, audit quality. Where
appropriate, auditors respond to these factors when determining how best to obtain sufficient appropriate audit evidence.
Audit Failure
 Causes of Audit Failure can be due to: Lack of Competence, Lack of Due Care, Lack of Experience, Laziness, Self-
Rationalization, Lack of Integrity, Lack of Objectivity, Conflicts of Interest
Outcome- Based Examples:
 The financial statements are found to be materially misstated after the Auditor has issued an Unqualified Audit
Opinion.
 The company goes bankrupt in less than 12 months after financial year end, but the Auditors’ report did not
highlight any going-concern uncertainty when in fact there were several that existed.
Process- Based Examples:

Audit Failure
Auditors found to have close relationship with client

 Auditors issued an Unqualified Audit Opinion without obtaining sufficient appropriate evidence.
One can argue that a negative audit outcome does not necessarily imply an audit failure. This is consistent with the
profession’s position that an audit provides only reasonable (not absolute) assurance that the f/s is free from material
misstatements, and that the audit does not provide assurance on the future viability of the entity. However, this position may
not be accepted by the public due to unreasonable expectations.
In contrast, a “process-based” definition of audit failure is consistent with the court’s practice of examining the audit process
to determine whether the auditor has been negligent (i.e., not met reasonable expectations). Thus, a negative audit outcome
may provide prima facie, but not conclusive, evidence of an audit failure.
Consequences of Audit Failure

 For the Profession:
 For Auditors/Audit Firms: o Loss of Confidence and Trust by Society
o Legal Liability
o Loss of Reputation and Future Business
o Disciplinary Actions by Regulators
1
0
QUALITY CONTROLS OVER AUDIT FIRMS & ENGAGEMENTS
SSA 220: Quality Control for an Audit of Financial Statements (Engagement Specific)
Addresses quality control for the Engagement Team. It requires Engagement Teams to implement quality controls
procedures for every Audit. Provide the firm with relevant information to enable the function of the firm's system of
quality control relating to independence.
i.e. specifically requires engagement partner to take responsibility for the overall quality audit
Singapore Standard on Quality Control (SSQC) 1:
Addresses a firm’s system of quality control to provide reasonable assurance that the firm and personnel comply
with professional standards and applicable legal and regulatory requirements and compliance with those policies.
Elements of systems of quality control:

1. Leadership responsibilities for quality within the firm: policies and procedures designed to promote an internal culture
recognizing that quality is essential in performance engagements.
 Responsible for overall compliance
 Responsible for individual audit engagements
 Resources devoted to development, documentation and support regarding audit quality control
 Effective communication between compliance partner and other engagement partners to enhance quality control
2. Relevant ethical requirements: Policies and procedures designed to provide the firm with reasonable assurance that the firm
and its personnel comply with relevant ethical requirements, including independence requirements, and that is notified of
breaches of independence requirements, and that is able to take appropriate actions to resolve such situations
 Adoption of ACRA (IFAC) Code or equivalent
 Staff awareness
 ‘Ethics’ partner
 Potential threats to independence
 Communicate requirements to staff
 Prompt identification of breaches and circumstances and relationship that may pose a threat
 Safeguards and action taken to resolve matters
3. Acceptance and continuance of client relationships and specific engagements: The firm should establish policies and
procedures for the acceptance and continuance of client relationships and specific engagements, designed to provide the firm
with reasonable assurance that it will undertake or continue relationships and engagements only when the firm:
a. is competent to perform the engagement and has the capabilities, including time and resources, to do so; (Ref: par. A11)
b. can comply with legal and relevant ethical requirements; and
c. has considered the integrity of the client and does not have information that would lead it to conclude that the client lacks
integrity. (Ref: par. A12– A13)
 Clients gained and lost
 Risk assessments before accepting appointments
 Procedure before accepting assignment
 Engagement letters
 High risk clients
 Policy on withdrawal
4. Human resources: The firm should establish policies and procedures designed to provide it with reasonable assurance that
it has sufficient personnel with the competence, capabilities, and commitment to ethical principles necessary to:
a. perform engagements in accordance with professional standards and applicable legal and regulatory requirements and
b. enable the firm to issue reports that are appropriate in the circumstances. (Ref: par. A17 – A24)
 Staff used in the conduct of audit
 Firm’s assessment of adequacy of suitable staff resources
 Policies and procedures on:
 Recruitment
 Performance evaluation
 Capabilities and competence
 Career development
Quality of Audit
 Remuneration
 Review of personnel files
 References
 Job descriptions
 Appraisals
 Appropriate training to meet needs
10
5. Engagement performance: The firm should establish policies and procedures designed to provide it with reasonable
assurance that engagements are performed in accordance with professional standards and applicable legal and regulatory
requirements and that the firm issues reports that are appropriate in the circumstances
 Audit methodology
 Procedure for engagement partner to inform team of responsibilities, background information, planning issues and
audit approach
 Supervision by engagement partner
 Review procedures
 Consultation
 Assembly of final engagement files
 Documentation
6. Monitoring: Established monitoring process designed to provide the firm with reasonable assurance that the policies and
procedures relating to the system of quality control are relevant, adequate and operating effectively.
 Review of firm’s system of quality control
 Periodic “cold” reviews of engagement files
 Issue of an inappropriate report
 Complaints regarding non-compliance with professional standards and firm’s own system of quality control
10
Code of Ethics (ACRA and IFAC/IESBA)
 Establishes fundamental principles

 Provides a conceptual framework to comply with those principles, which requires auditors to:
o Identify threats (circumstances or relationships) that may compromise one’s ability to comply with
fundamental principles and one’s independence
o Evaluate the significance of the threats identified
o Apply safeguards (actions or measures), where necessary, to eliminate or reduce threats to an acceptable
level (based on what a reasonable and informed third party would likely conclude)
o If no appropriate safeguards are available, eliminate the circumstance or relationship creating the threats, or
decline or terminate the Audit engagement.
 For the purpose of AC3101, we will make reference to IFAC/IESBA Code. Singapore’s Code is ‘backdated’.
Fundamental Explanation (DETAILED)

Principle
Integrity A professional accountant should be straightforward and honest in all professional and business
relationships
Objectivity A professional accountant shall not allow bias, conflict of interest or undue influence of others to override
professional or business judgements
Professional A professional accountant shall maintain professional knowledge and skill at the level required to ensure
Code of Ethics
Competence that a client or employer receives competent professional services based on current developments in
and Due Care practice, legislation and techniques and act diligently [make sound judgment] and in accordance with
applicable technical and professional standards.
Confidentiality A professional accountant shall respect the confidentiality of information acquired as a result of
professional and business relationships and not disclose any such information to third parties without
proper and specific authority, unless there is a legal or professional right or duty to disclose, nor use the
information for the personal advantage of the professional accountant or third parties.
Professional A professional accountant shall comply with relevant laws and regulations and avoid any action that
Behaviour discredits the profession
10
IESBA CODE OF ETHICS FOR PROFESSIONAL ACCOUNTANTS
Organization and Content of IESBA 2013
Part A: General Application of the Code
 Section 100 Introduction and Fundamental Principles

 Section 110 Integrity
 Section 120 Objectivity
 Section 130 Professional Competence and Due Care
 Section 140 Confidentiality
 Section 150 Professional Behaviour
Part B: Professional Accountants in Public Practice

Content of IESBA Code of Ethics
 Section 200 Introduction

 Section 210 Professional Appointment
 Section 220 Conflicts of Interest
 Section 230 Second Opinions
 Section 240 Fees and Other Types of Remuneration
 Section 250 Marketing Professional Services
 Section 260 Gifts and Hospitality
 Section 270 Custody of Clients Assets
 Section 280 Objectivity – All Services
 Section 290 Independence – Audit and Review Engagements
 Section 291 Independence – Other Assurance Engagements
Part C: Professional Accountants in Business
 Section 300 Introduction

 Section 310 Conflicts of Interest
 Section 320 Preparation and Reporting of Information
 Section 330 Acting with Sufficient Expertise
 Section 340 Financial Interests, Compensation and Incentives Linked to Financial Reporting and Decision Making
 Section 350 Inducements
Section 290: Independence – Audit and Review Engagements

The IESBA Code of Ethics for Professional Accountants requires the practitioners in performing audits (and reviews) to be
both independent in mind and appearance as defined as follows:
290.6a Independence of Mind

Independence
 The state of mind that permits the expression of a conclusion without being affected by influences that
compromise professional judgment, thereby allowing an individual to act with integrity and exercise objectivity
and professional skepticism.
290.6b Independence in Appearance
 The avoidance of facts and circumstances that are so significant that a reasonable and informed third party would
be likely to conclude, weighing all the specific facts and circumstances, that a firm’s, or a member of the audit
team’s, integrity, objectivity or professional skepticism has been compromised.
Refer to Page 42 of IESBA for Table of Contents of all Independence- Related situations
Threats to Fundamental Principles
A circumstance or relationship may create more than one threat, and a threat may affect compliance with more than one
fundamental principle. Memory Tip: Si.r. A.f.i.”
11
(a) Self-Interest Threat – the threat that a financial or other interest will inappropriately influence the professional
accountant’s judgment or behavior; Examples
 A member of the assurance team having a direct financial interest in the assurance client.
 A firm having undue dependence on total fees from a client.
 A member of the assurance team having a significant close business relationship with an assurance client.
 A firm being concerned about the possibility of losing a significant client.
 A member of the audit team entering into employment negotiations with the audit client.
 A firm entering into a contingent fee arrangement relating to an assurance engagement.
 A professional accountant discovering a significant error when evaluating the results of a previous professional
service performed by a member of his own firm.
(b) Self-Review Threat – the threat that a professional accountant will not appropriately evaluate the results of a previous
judgment made or service performed by himself, or by another individual within his firm or employing organization, on
which he will rely when forming a judgment as part of providing a current service;
 A firm issuing an assurance report on the effectiveness of the operation of financial systems after designing or
implementing the systems.
 A firm having prepared the original data used to generate records that are the subject matter of the assurance
engagement.
 A member of the assurance team being, or having recently been, a director or officer of the client.
 A member of the assurance team being, or having recently been, employed by the client in a position to exert
significant influence over the subject matter of the engagement.
 The firm performing a service for an assurance client that directly affects the subject matter information of the
assurance engagement.
(c) Advocacy Threat – the threat of promoting a client’s or employer’s position till his objectivity is compromised;
 The client or firm promoting shares in an audit client.

 A professional accountant acting as an advocate on behalf of his client in litigation or disputes with third parties.
(d) Familiarity Threat ─ the threat that due to a long or close relationship with a client or employer, a professional
accountant will be too sympathetic to their interests or too accepting of their work;
 Senior personnel having a long association with the assurance client.

 A member of the engagement team having a close family member who is a director or officer of the client.
 A member of the engagement team having a close or immediate family member who is an employee of the client
who is in a position to exert significant influence over the subject matter of the engagement.
 A director or officer of the client or an employee in a position to exert significant influence over the subject matter
of the engagement having recently served as the engagement partner.
 Accepting gifts or preferential treatment from a client, unless the value is trivial or inconsequential.
(e) Intimidation Threat – the threat that a professional accountant will be deterred from acting objectively because of
actual or perceived pressures, including attempts to exercise undue influence over the professional accountant.
 A firm being threatened with dismissal from a client engagement.

 An audit client indicating that it will not award a planned non- assurance contract to the firm if the firm continues to
disagree with the client’s accounting treatment for a particular transaction.
 A firm being threatened with litigation by the client.
 A firm being pressured to reduce inappropriately the extent of work performed in order to reduce fees.
 A professional accountant feeling pressured to agree with the judgment of a client employee because the employee
has more expertise on the matter in question.
 A professional accountant being informed by his Audit Partner that a planned promotion will not occur unless he
agrees with an audit client’s inappropriate accounting treatment.
 Client CFO happens to be your ex- Partner in the firm.
12
ACRA/IFAC Independence and the Conceptual Framework Approach

The Approach
Step 1: Identify Threats to Independence

Step 2: Evaluate the significance of the threats identified.
Step 3: Apply Safeguards, when necessary, to eliminate the threats or reduce them to an acceptable level.
If the Practitioner determines that appropriate Safeguards are not available/cannot be applied to eliminate the threat
or reduce them to an acceptable level, then he shall eliminate the circumstance/relationship creating the threats, or
decline or terminate the Audit Engagement.
Safeguards
1. Created by Profession, Legislation or Regulation
 Educational, training and experience requirements for entry into the profession.
 Continuing professional development requirements.
 Corporate governance regulations.
 Professional standards.
 Professional or regulatory monitoring and disciplinary procedures.
2. Created in the Work Environment
a. Firm- Wide Safeguards
 Leadership of the firm that stresses the importance of compliance with the fundamental principles.
 Leadership of the firm that establishes the expectation that assurance team will act in the public interest.
 Policies and procedures to implement and monitor quality control of engagements.
 Documented policies regarding the need to identify threats to compliance with the fundamental principles, evaluate
the significance of those threats, and apply safeguards to eliminate or reduce the threats to an acceptable level or,
when appropriate safeguards are not available or cannot be applied, terminate or decline the relevant
engagement.
 Documented internal policies and procedures requiring compliance with the fundamental principles.
Safeguards
 Policies and procedures that will enable the identification of interests or relationships between the firm or members
of engagement teams and clients.
 Policies and procedures to monitor and, if necessary, manage the reliance on revenue received from a single client.
 Using different partners and engagement teams with separate reporting lines for the provision of non-assurance
services to an assurance client.
 Policies and procedures to prohibit individuals who are not members of an engagement team from inappropriately
influencing the outcome of the engagement.
 Timely communication of a firm’s policies and procedures, including any changes to them, to all partners and
professional staff, and appropriate training and education on such policies and procedures.
 Designating a member of senior management to be responsible for overseeing the adequate functioning of the
firm’s quality control system.
 Advising partners/professional staff of assurance clients and related entities from which independence is required.
 A disciplinary mechanism to promote compliance with policies and procedures.
 Published policies and procedures to encourage and empower staff to communicate to senior levels within the firm
any issue relating to compliance with the fundamental principles that concerns them.
b. Engagement- Specific Safeguards
 Having a professional accountant who was not involved with the assurance/non- assurance service review the
assurance/non- assurance work performed or otherwise advise as necessary.
 Consulting an independent third party, such as a committee of independent directors, a professional regulatory
body or another professional accountant.
 Discussing ethical issues with those charged with governance of the client.
 Disclosing to those charged with governance of client the nature of services provided and extent of fees charged.
 Involving another firm to perform or re- perform part of the engagement.
 Rotating senior assurance team personnel.
13
PART II – THE AUDIT PROCESS
OVERVIEW OF THE AUDIT PROCESS
The Audit Process
Stage 0: Understanding of Client & Environment
Stage 1: Client Acceptance & Continuance
Stage 2: Preliminary Engagement Activity

2.1 Determining the Audit Engagement Team Requirements
2.2 Ensuring that the Audit Team / Firm are in compliance with Ethical and
Independence Requirements
2.3 Establishing an Understanding with the Entity
Stage 3: Plan the Audit

3.1 Overall Audit Strategy and Plan
3.2 Supervision of the Audit
3.3 Consider Types of Audit Tests
3.4 Determine Materiality
3.5 Auditor's Risk Assessment / Audit Risk Model
3.6 Consider Management Assertions
3.7 Plan for Gathering Audit Evidence
Stage 4: Consider Internal Controls

4.1 Obtain understanding of Internal Controls
The Audit Process
4.2 Assess Control Risks and Decide whether to rely on Controls

4.3 For Reliance Strategy – Plan and Perform Test of Controls
4.4 For Reliance Strategy – Set Control Risks based on Test of Controls
4.5 Perform Substantive Procedures based on level of Control Risk
Spotlight on: Controls in a Computerized Environment
Spotlight on: Audit Sampling
Stage 5: Audit Business Processes & Related Accounts

5.1 Auditing the Revenue Process
5.2 Auditing the Purchasing Process
5.3 Auditing the Inventory Management Process
5.4 Auditing the Human Resource Process
5.5 Auditing the PPE Management Process
5.6 Auditing Investments
5.7 Auditing Intangible Assets and Goodwill
5.8 Auditing Prepaid Expenses
5.9 Auditing Long--Term Debt
5.10 Auditing Shareholders’ Equity
5.11 Auditing Cash
Stage 6: Complete the Audit

6.1 Review for Contingencies
6.2 Review for Commitments
6.3 Review for Subsequent Events
6.4 Final Evaluation of Audit Evidence
6.5 Communications with TCWG and Management
Stage 7: Evaluate Results and Issue Audit Report (Audit Opinion)
14
STAGE 1: CLIENT ACCEPTANCE AND CONTINUANCE

CLIENT ACCEPTANCE / CONTINUANCE
Client Acceptance
SSA 220(A8) states that the following information assists the engagement partner in determining if the conclusions
reached regarding acceptance/ continuance of client relationships and Audit Engagements are appropriate:
Client Acceptance
 The Integrity of the Principal Owners, Key Management and those charged with Governance of the entity
 Whether the Engagement Team is Competent to perform the Audit Engagement and has the necessary
capabilities, including time and resources;
 Whether the firm and the Engagement Team can comply with relevant ethical requirements; and
 Significant matters that have arisen during the current or previous Audit Engagement, and their implications for
continuing the relationship.
 Minimum likelihood that auditors would associate with clients who lack integrity [Increase risk, RMM may exist and
not detected]
Procedures for Evaluating a Prospective Client
1. Obtain and Review available financial information (Annual Reports, Interim Financial Statements, Income Tax
Procedures for Evaluating
Returns, etc.)
2. Inquire of Third Parties (e.g. Client's Bankers, Lawyers, Credit Agencies, Business Community) regarding any
Prospective Client
Information concerning the Integrity of the Prospective Client and its Management
3. Communicate with the predecessor Auditor about whether there were any disagreements about Accounting
Policies, Audit Procedures or similar significant matters.
4. Consider whether the Prospective Client has any circumstances that will require special attention or that may
represent unusual business or Audit risks, such as litigation or going-concern issues.
5. Determine if the firm is independent of the entity and able to provide the desired service.
6. Determine if the firm has the necessary technical skills/knowledge of the industry to complete the engagement.
7. Determine if acceptance of the entity would violate any applicable regulatory or ethical requirements such as
those in the IESBA Code of Ethics for Professional Accountants.
Client Continuance
Continuance
Client
 Evaluate periodically whether to continue their relationship with current clients.

 This evaluation may take place at or near the completion of an Audit or when some significant event occurs.
 Consider: Any conflicts over accounting/auditing issues? Or Dispute over Fees?
STAGE 2: PRELIMINARY ENGAGEMENT ACTIVITIES

STAGE 2.1 DETERMINING THE AUDIT ENGAGEMENT TEAM REQUIREMENTS
*Engagement team are entitled to rely on the firm's systems in executing their responsibilities
Determine Team Req.
 Audit firms need to ensure that their engagements are completed by Auditors having the proper degree of
technical training and proficiency given the circumstances of the entity.
 Factors that should be considered in determining staffing requirements include:
o Engagement Size and Complexity
o Level of Risk (If high, maybe need more senior/experienced Auditors)
o Any Special Expertise Required (e.g. Banking/Insurance/Casino or Sophisticated IT processes)
o Personnel Availability
o Timing of Work to be performed
STAGE 2.2 ENSURING THAT THE AUDIT TEAM AND AUDIT FIRM ARE IN COMPLIANCE WITH
ETHICAL AND INDEPENDENCE REQUIREMENTS [Independence refer to page 20]
Ensure Compliance
 Auditing Standards require the Auditors comply with the profession’s ethical requirements, especially that of
Independence. The legal and regulatory requirements in the jurisdiction and the IESBA Code of Ethics prescribe the
relevant requirements.
 At the Engagement Level, the Partner should ensure that all individuals assigned to the Engagement are
independent of the entity (review Annual Independence Reports in Database etc.)
 Other examples include being Objective when evaluating activities developed by Consultancy branch of our firm,
not taking on a client until all prior year’s fees/AR are paid as it may impair Independence etc…
15
STAGE 2.3 ESTABLISHING AN UNDERSTANDING WITH THE ENTITY
 The Auditor should establish an understanding with the entity about the Terms of Engagement (documented in
the Engagement Letter). This understanding reduces the risk that either party may misinterpret what is expected
or required of the other party.
 In establishing an understanding with the entity, three topics should be discussed:
1. The  The Objective and Scope of the Audit

Engagement  Auditor's Responsibilities and Limitations
Letter  Management’s Responsibilities
 Fees
Establish Understanding with Entity
 Reporting
 Additional things like arrangements involving the use of experts/internal Auditors, explanation
of the Auditor's responsibilities to communicate Audit matters of governance interest with
those charged with governance, additional services to be provided relating to regulatory
requirements, arrangements regarding other services (e.g. consulting, tax) etc…
2. Using the  If the entity has a Internal Audit Function (IAF), Auditor may use their work as evidence and
Work of request IAF assistance in conducting the Audit (if direct assistance is not prohibited by
Internal law/regulation)
Auditors  The Auditor first needs to obtain an understanding of the IAF, including information about the
activities that it performs and whether they are relevant to the Audit of financial statements.
 The Auditor must evaluate:
o The extent to which the IAF’s organizational status and relevant policies and procedures
support the objectivity of the internal Auditors.
o The level of competence of the IAF
o Whether the IAF has a quality, systematic and disciplined approach.
3. The Role  Can be Supervisory Boards (Two-tier Board Structure) or Board of Directors (Single Board
of Those Structure) or an Audit Committee (Large/Public Entities)
Charged  Communicate with those charged with governance before the Engagement starts, to establish a
With communication process and discuss matters such as Auditor's Responsibilities, Significant
Governance Accounting Policies of the Entity, Overview of the planned Scope and Timing of the Audit and
Compliance matters etc.
Preconditions for an Audit
SSA 210.6b Auditor has to obtain the agreement from Management that it acknowledges and understands its
responsibility:
i. For the preparation of financial statements in accordance with the applicable financial reporting framework,
including where relevant their fair presentation
ii. For such internal control as management determines is necessary to enable the preparation of financial
statements that are free from material misstatement, whether due to fraud or error; and
Preconditions for Audit
iii. To provide the Auditor with:

a. Access to all information of which management is aware that is relevant to the preparation of the
financial statements such as records, documentations etc.
b. Additional information that the Auditor may request from Management for the purpose of the Audit;
c. Unrestricted Access to persons within the entity from whom the Auditor determines it necessary to
obtain Audit Evidence.
If Preconditions Not Met
SSA 210.8 states that if the preconditions for an Audit are not present, the Auditor shall discuss the matter with
Management. Unless required by law/regulation to do so, the Auditor shall not accept the proposed Audit
Engagement.
SSA 210.7 states that if management or those charged with governance impose a limitation on the scope of the
Auditor's work in terms of a proposed Audit Engagement such that the Auditor believes the limitation will result in the
Auditor Disclaiming an Opinion on the financial statements, the Auditor shall not accept such a limited engagement as
an Audit Engagement, unless required by law/regulation to do so.
20
STAGE 3: PLANNING THE AUDIT

STAGE 3.1 OVERALL AUDIT STRATEGY AND PLAN
Audit Strategy
Audit Strategy

and Plan
Engagement Planning involves all the issues that an Auditor should consider in developing an Overall Audit
Strategy for conducting the Audit, which will help in determining what resources are needed for the engagement.
 Determine the Scope of the Engagement, Ascertain reporting objectives to plan the timing of the Audit, Consider
the factors that will determine the focus of the Engagement Team’s Efforts etc.
Audit Plan
 The Audit Plan is more detailed than the Audit Strategy.
 In the Audit Plan, Auditor documents a description of Nature, Timing and Extent of the planned Audit Procedures
To be used in order to comply with Auditing Standards and to conduct the Audit effectively and efficiently.
Audit Plan
 Audit plan should consider how to conduct the engagement in an effective and efficient manner and develop an overall
audit strategy which will help to determine what resources are needed to perform the engagement.
 Quintessentially, the Auditor should be guided by the results of the Entity Acceptance/Continuance Process,
Procedures performed to gain the understanding of the entity and the Preliminary Engagement Activities. The
Auditor should modify the overall Audit Strategy and Audit Plan as necessary if circumstances change significantly
during the course of the Audit.
Additional Steps that should be performed include:
 Assess Business Risks

Additional Steps
 Establish Materiality
 Consider Multi- Locations/Business Units
 Assess the need for Experts
 Consider Non--Compliance with Laws and Regulations
 Identify Related Parties
 Consider Additional Value- Added Services
 Document the Overall Audit Strategy and Audit Plan
STAGE 3.2 SUPERVISION OF THE AUDIT
 Engagement Partner has the overall responsibility for the engagement and its performance and should supervise
the Audit Engagement Team so that the work is performed as directed and supports the conclusions reached.

Audit Strategy and Plan
Inform Engagement Team members of their responsibilities, including:

o Objectives of Procedures that they are to perform
o Nature, Timing, Extent of the Procedures they are to perform
o Matters that could affect the procedures to be performed or the evaluation of the results of those procedures
 Direct Engagement Team members to bring any significant accounting/auditing issues that they identify to the
attention of the Engagement Partner so they can evaluate those issues and determine appropriate actions
 Review the work of Engagement Team members to evaluate whether
o The work was performed and documented
o The objectives of the procedures were achieved
o The results of the work support the conclusions reached.
21
STAGE 3.3 CONSIDER TYPES OF AUDIT TESTS
A. RISK ASSESSMENT PROCEDURES
 Used to obtain an understanding of the entity and its external/internal environment to access the risks of material
misstatement at the financial statement and relevant assertion levels.
 Includes Inquiries of Management and Others, Preliminary Analytical Procedures, Observation, Inspection etc.
B. TEST OF CONTROLS
 Used to test the operating effectiveness of controls in preventing, or detecting and correcting, material
misstatements at the relevant assertion level.
 Includes Inquiries of Management and Others, Inspection of Documents, Observation of Application of Controls,
Walk-throughs (Tracing), Reperformance of Application of Controls by Auditors etc.
C. SUBSTANTIVE PROCEDURES
Types of Audit Tests
 Used to detect material misstatements at the relevant assertion level.

 There are two Categories of Substantive Procedures:
a. Test of Details
There are two types of Test of Details:
i. Substantive Tests of Transactions: Test for errors/fraud in individual transactions.
ii. Tests of Details of Account Balances and Disclosures: Focus on items that are contained in the ending
financial statement account balances and disclosures.
b. Substantive Analytical Procedures

 Analytical Procedures means evaluations of financial information through analysis of plausible relationships
(e.g. examination of trends and ratios) among both financial and non-financial data.
 Analytical Procedures also encompass the investigation, if necessary, of identified fluctuations or relationships
that are inconsistent with other relevant information or that differ from expected values by a significant amt.
D. DUAL-PURPOSE TESTS
 Tests of transactions that are designed to both evaluate the effectiveness of controls and detect material
misstatements simultaneously  Enhance audit efficiency
SPOTLIGHT ON: ANALYTICAL PROCEDURES

 Preliminary Analytical Procedures: Used in the Risk Assessment to better understand the business and to plan the
Nature, Timing, Extent of Audit Procedures to be used. SSA 315.6

Purpose
Substantive Analytical Procedures: Used to obtain evidence about particular assertions related to account
balances or classes of transactions. If control ineffective, more substantive procedure and vice versa.
 Final Analytical Procedures: Used as an overall review of the financial information in the final review stage of the
Audit. SSA 520.6
 Consists of evaluation of financial info through analysis of plausible rs among both financial and non-financial data
 Help auditor understand the entity’s business, directing attention to high-risk areas, identifying audit issues that might
not be apparent, providing audit evidence and assisting in the evaluation of audit results
 Commonly used to gather substantive evidence as they are effective at detecting misstatements
 Types
Major Relatively inexpensive
of Analytical test
Procedures
1. Trend  Analysis of changes in an account over time.
 Objectives andtheSimple
Analysis facts & trend
circumstances will dictatelast
analysis compares the year’s
type ofaccount
analytical procedure
balance (‘theused to from anwith
expectation’) expectation
the
Types
and the
(Evaluative) techniques in investigating
current balance. significant difference.
 Trend Analysis can also encompass multiple time periods and includes comparing recorded
trends with budget amounts and with competitor and industry information.
 Predictability and precision depends on number of time periods
22
2. Ratio Analysis  Comparison, across time or benchmarks, of relationships between financial statement
accounts (e.g. ROE) or between an account and non-financial data (e.g. sales per item)
 Industry or competitor ratios are often used to benchmark the entity’s performance
 Also includes ‘common-size analysis’, which is the conversion of financial statement amounts
into Percentages (%).
 More effective than trend analysis in detecting risks and potential MM
(Evaluative)  As comparisons of rs be accounts and operating data are more likely to identify unusual
more effective than
trend analysis patterns than analysis focused on individual account.
3.  Development of a model to form an Expectation using financial data, non-financial data, or

Reasonableness both, or test account balances or changes in account balances between accounting periods.
Analysis (e.g. Depreciation exp can be modeled by taking book value/average useful life)
(Predictive)  Due to forming an explicit expectation, this analysis forms a more precise expectation than
trend/ratio analysis
Usefulness Depends On:
 Assessed risk of material misstatement: Higher Risk Greater Reliance on Test of Details
Usefulness
 Precision of Expectation , which is affected by:

o Degree of Disaggregation (e.g. by Period/Product Line)
o Predictability of Relationships (e.g. Recurring) greater plausibility and predictability = more precise the
expectation
 Availability of Relevant and Reliable Data (e.g. Industry Results, Non- Financial Information)
Investigation of unexpected results from analytical procedures:

SSA 520 para 7
• Ordinarily begins with inquiries of management
• Corroboration of management’s responses
• Consider need for other audit procedures if explanation not adequate
At planning stage, the auditor usually starts with analysis of aggregated data. The results provide a broad indication of
possible material misstatement and areas where further audit procedures are required.
Substantive
Analytical
Procedures
- Can be used to test all transactions and balance assertions except rights & obligations
23
- More effective at identifying certain types of MM than testing individual transactions
(eg. detecting omissions than providing detailed evidence)
- Key points are:

 Some assertions are more amendable to examination through AP than others
 Auditor must ensure that AP performed is appropriate for assertion tested
Final Analytical - Used to assit the auditor in assessing the conclusions reached and evaluating the overall FS presentation
Procedure
- This requires reviewing trial balance, FS and notes to:
 Judge the adequacy of evidence (appropriateness) gathered to support any unusal/unexpected
balances investigated during the audit
 Determine if any other unusal balances or rs have not been investigated
Substantive Develop an Expectation

Analytical
Procedures – - Expectation can be developed from:
 Financial & operating data
Step 1:  Budgets & forecasts
Expectation
 Industry publications
 Competitor information
 Management’s analyses
 Analysts’ reports
- Precision of expectation
 Measure of the potential effectiveness of an analytical procedure
 Represent degree of reliance that can be placed on the procedure
 Measure of how closely the expectation approximates the ‘correct’ but unknown amount
 Assertion tested requires a low level of detection risk, the expectation needs to be precise, the more
extensive & expensive the audit procedures to develop the expectation
 this results in cost-benefit trade-off
Disaggregation
- The more detailed the level which an expectation is formed, the greater the precision
- Eg. Expectation formed using monthly data will be more precise than expectations formed using annual
data.
- AP conducted to provide substantive evidence normally cannot perform at aggregated levels

(eg. annual data, total
- s)
 As Misstatements are difficult to detect due to offsetting trends/activities that can mask risks and MM
Plausibility & Predictability of the rs being studied

- More plausible & predictable the rs, the more precise the expectation
- Many factors (changes in biz/industry) influence the predictability of rs bw financial and non-financial data
- Eg. Income statement tend to be more predictable than balance sheet items
 Income statement accounts involve transactions over a period of time
 Balance sheet accounts represent amounts at specific point in time
Data Reliability
- More reliable the available data, the more precise the expectation
24
- Reliability depends on:
 Independence of evidence source
 Effectiveness of internal control
 Auditor’s direct personal knowledge
 Data subjected to audit in current/prior period
 When expectation is developed from multiple sources of data
- Eg. Nature & extent of AP at planning stage of a small entity audit may be limited due to the lack of reliable
interim or monthly financial info at that point in time
Type of AP used to form an Expectation

- Least precise – Most precise:
Trend > Ratio > Reasonableness Analysis
Examples of Expectation formed by AP

- Lack of knowledge (entity’s biz & industry), auditor will be unable to develop appropriate expectation or
properly evaluate the results of AP
1. Comparison of CY financial info with comparable PY after consideration of known changes
2. Comparison of CY financial info with budgets, projections and forecasts
3. Comparison of financial info with industry data
4. RS of financial info to non-financial info
5. Plotting trends over multiple periods
Step 2: - Size of tolerable difference depends on:
Tolerable  Significance of the account
Difference  Desired degree of reliance on the substantive analytical procedure
 Level of disaggregation in the amount being tested
 Precision of expectation
- Tolerable difference (eg. 5% of entity’s recorded amount)always lower than performance materiality
Step 3: - Determine if the difference b/w auditor’s expected amount and the recorded amount exceeds auditor’s
Compare tolerable difference.
expectation to
the recorded - Observed difference < Tolerable difference, auditor accepts the account. Otherwise, auditor must
amount investigate the difference using other AP
Step 4: - Differences identified by substantive AP indicate an increased likelihood of MM

Investigate the
difference - More precise the expectation, the greater the likelihood the difference is a MM
greater than the
tolerable - Important investigation of the difference – Inquiry of entity’s personnel
difference
- 4 possible causes of difference:
 Legitimate accounting change (common)
 Economic conditions or events (common)
 Error
 Fraud
Conditions indicative of Fraud and Fraud risk factors

Three conditions are generally present when material misstatement due to fraud occur:
1. Management or other employees have incentive or are under pressure that provides a reason to commit
fraud
2. Circumstance exist that provide an opportunity for a fraud to be carried out
3. Those involved are able to rationalize omitting a fraudulent act. Some individuals possess an attitude,
character or set of ethical values that allow them to knowingly and intentionally commit a dishonest act.
These three factors referred to as the fraud risk triangle. [pg 121]
25
- If difference is due to error or fraud, entity may provide with plausible but untrue biz explanation. Hence,
effectiveness of SAP in identifying MM is enhanced when (idpt consideration) auditors develop potential
explanation before obtaining personnel explanation based on:
 Previous experience with entity
 Other audit work performed
 Discussion with members of the engagement team
- Auditor re-examines and understands the various rs in financial and non-financial data.
- Indpt consideration for potential explanation is more impt for more significant accounts (higher degree of
assurance is desired from SAP); and must be followed up and resolved through
 Quantification
Involves determining if the explanation or error can explain the observed difference.
Auditor should quantify the amount that could be explained
(Eg. entity employee may offer the explanation that the significant increase in inventory over prior
years is due to 12% increase in raw material prices.
Auditor should compute the effects of raw materials price increase and determine the extent to which
the price increase explains/not explain the increase in the overall inventory account)
 Corroboration; and
By obtaining sufficient appropriate audit evidence linking the explanation to the difference and
substantiating that the info supporting the explanation is reliable, and should be of same quality as test
of details evidence.
(include examination of supporting evidence, inquires of indpt persons and evaluating evidence
obtained from other audit procedures)
 Evaluation
Evaluate the results of SAP to conclude if the desired level of assurance has been achieved.
YES. Auditor make notes of the proposed adjustment

(SAP provide evidence that MM exists and can to the entity’s FS
be sufficiently quantified)
NO Tests of details should be performed.
(SAP performed didn’t provide desired level of
assurance)
Investigation of - Planning AP (Risk Assessment Procedures)
differences  Auditor is not required to obtain corroborative evidence as PAP is not intended to provide substantive
audit evidence regarding specific assertions
for AP used as  Rather, auditor consider if PAP need to be revised.

Risk Assessment
Procedures  Eg. To address increased risk posed by the spike in inventory, auditor may decide to expand the number
(Planning) & of items tested during the observation of year-end physical inventory count
Final Analytical
Procedures - Final AP
 Auditor investigates unexpected differences by going to the working papers to determine if sufficient
appropriate evidence has already been gathered to explain the difference (rather than going to entity’s
personnel for explanation)
 If auditor cannot find sufficient evidecne within the working papers, auditor would formulate possible
explanations, conduct additional testing and seek explanation from entity’s personnel.
Documentation - SAP used as for significant FS assertion, auditor should document:

Requirements  The expectation and how it was developed
 Results of the comparison of the expectation to the recorded amounts
or ratios developed from recorded amounts
26
 Any additional AP performed in response to any significant differences identified
Example:
SAP to test reasonableness of interest expense.

Reported Interest expenses = $983
Total loan balance = $19,242
Step1: Develop an expectation
Interest rates recorded on the loan statements have remained stable over the year, fluctuating between 5-5.5%.
Auditor uses average interest rate of 5.25%,

Expectation of interest expense = Average interest rate x Total loan balance
= 0.0525 x $19,242 = $1,010
Step 2: Define a tolerable difference
As interest expense is a predictable account, the info used to form the expectation is deemed reliable; auditor set the tolerable
difference at 5% of recorded interest expense.
Tolerable difference = 0.05 x $983 = $49.15

Compare expectation to recorded value
Difference = $1,010 - $938 = $27
Step 3: | (Expectation – Recorded value) | vs Tolerable difference
$27 < $49.15; auditor will accept the interest expense account is fairly stated
$50 > $49.15; auditor will need to investigate the difference
Step 4: Investigate the difference
Month-end model: Auditor will examine loan activity within each month to determine if there was significant variation in the balance that
was not accounted for by month-end model.
Inquire of management about the cause of the difference providing a plausible explanation (interest expense include ST loans interest
expense that were only outstanding for a few days at a time)
Step 5: Auditing standards require auditor to obtain corroborating evidence
If the personnel’s explanation and corroborative evidence are adequate to resolve difference, auditor can accept the amount as fairly
stated.
5. Selected financial ratios useful as AP

Comparing - Useful benchmarks
entity’s ratio with - Limitations:
industry averages  Use of different accounting policies for valuing inventories or calculating
depreciation
 Industry data may not be available in sufficient detail for a particular entity
 Industry data may not capture operating and geographical factors that may be
specific to entity
 MM may not significantly affect certain ratios, particularly true for activity ratios
 Cannot evaluate financial ratio in isolation
 Ratio favorable due to its unfavorable components. Hence, auditor may draw
incorrect conclusion if he didn’t examine related ratios
27
STAGE 3.4 DETERMINE MATERIALITY
Materiality
 SSA 320(2): Misstatements, including omissions, are considered to be material if they, individually or in the
aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the
financial statements.
Materiality
 Judgments about materiality are made in light of surrounding circumstances, and are affected by the size or nature
of a misstatement, or a combination of both.
 SSA 320(A1): Materiality and Audit Risk are considered throughout the Audit, in particular when:
o Identifying and Assessing the Risks of Material Misstatement (SSA 315)
o Determining the Nature, Timing and Extent of further Audit Procedures. (SSA 330)
o Evaluating the effect of uncorrected misstatements, if any, on the financial statements and in forming the
opinion in the Auditor's Report (SSA 700)
 SSA 320.10: When establishing the overall audit strategy, the auditor shall determine materiality:
 For the financial statements as a whole
 Where applicable, for particular classes of transactions, account balances or disclosures for which misstatements of
lesser amounts than materiality for the FS as a whole could reasonably be expected to influence the economic
decisions of users taken on the basis of the FS, due to circumstances such as (SSA 320.A11):
 Law, regulation or applicable financial reporting framework affecting users’ expectations (e.g., related party
transactions, directors’ remuneration).
 Key disclosures in relation to the industry in which entity operates (e.g., R&D costs for a pharmaceutical
company).
 Attention focused on particular aspect of entity’s business that is separately disclosed in the FS (e.g., business
segments).
Materiality for the financial statements as a whole


SSA 320 (A4-5, A8, A14)
 Typically use a percentage applied to a chosen benchmark as a starting point in determining materiality for the
financial statements as a whole (a matter of professional judgment!)
 Factors affecting choice of benchmark:
 Focus of users (e.g., financial performance)
 Nature of entity (e.g., industry, source of finance)
 Volatility of benchmark
 Profit before tax from continuing operations is often used for profit-oriented entities
 Materiality may need to be revised as the audit progress due to changes in circumstance
Performance materiality
SSA 320 (9 & A13):
 Performance materiality means the amount(s) set by the auditor at less than materiality for the financial statements as a
whole (and, where applicable, for particular classes of transactions, account balances or disclosures) to reduce to an
appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds
materiality.
 The determination of performance materiality is not a simple mechanical calculation and involves the exercise of
professional judgment.
IFAC Guide to Using ISAs in the Audits of SMEs (Vol 2, page 61): proposes a rule of thumb of between 60% (higher risk of
material misstatement) and 85% (lower risk of material misstatement) of overall or specific materiality
28
STEP 1 (DURING THE AUDIT PLANNING STAGE): DETERMINE OVERALL MATERIALITY
 SSA 320 (A3-4, A7, A13): Overall Materiality is the maximum amount by which the Auditor believes the financial
statements could be misstated and still not affect the decisions of users.
 It may need to be revised as the Audit progresses due to changes in circumstance.
 Auditing standards require the Auditor to establish a Materiality Amount for the financial statements as a whole
and for particular classes of transactions, account balances or disclosures.
Rules of Thumb for Planning Materiality

Benchmark Range of Percentages
Applied to Base Relative Advantages
Profit/(Loss) Before Tax 3 – 10 % Relevance
Total Assets 0.25 – 2 % Predictability / Stability
Total Revenues 0.5 – 5 % Stability
Net assets 3 – 5% Stability
Total Equity 1–5% Stability
Deciding the Benchmark
o Difficulties also arise in using profit as a benchmark when the entity is close to breaking even or experiencing a
loss. Thus, with fluctuating profit, using an average of the prior 3-years profit or another base such as Total
\ Assets/Total Revenues may provide a more stable benchmark from year-to-year.
Steps in Applying Materiality
o For Non- Profit- Organizations, Total Revenues/Total Expenses might be more appropriate benchmarks. For
Asset- Based Entities (e.g. Investment Funds), Net Assets would be a more appropriate benchmark.
Deciding the %
o Lower the percentage (more strict; easier to exceed) if there is high risk of fraud; material misstatements in
prior years; entity close to violating a covenants in a loan agreement; entity operating in a highly volatile
environment; small amounts may cause the entity to miss forecasted revenue/earnings etc…
o Consider all the above and the quantitative amounts may be adjusted for the qualitative factors
IFAC Guide to Using ISAs in the Audits of SMEs (Vol 2, page 61): proposes rules of thumb of 3-7% for profit from continuing
operations, 1-3% for revenue, expenditures or assets, and 3-5% for equity.
STEP 2 (DURING THE AUDIT PLANNING STAGE): DETERMINE PERFORMANCE MATERIALITY
 SSA 320 (9, 11, A12) In practice, Auditors commonly set Performance Materiality (PM) for each account at
between 50 and 75% of Overall Materiality (OM). This results in total combined PM that is greater than OM so
most firms cap the size of Combined/Aggregated PM to a multiple of OM (e.g. 4 times)
 This is because it is inefficient for the Auditor to simply subdivide Materiality proportionally to each account,
resulting in unnecessarily low PM levels. The lower the Performance Materiality, the more extensive the required
Audit Testing will be.
Deciding the %
 In addition to those discussed in Overall Materiality, Lower the percentage if there is high risk of misstatement
within the account balance/class of transaction/disclosure; if there is increased number of accounting issues that
require significant judgment and/or more estimates with high estimation uncertainty; a history of significant
deficiencies and/or a high number of deficiencies in internal control; high turnover of senior management or key
financial reporting personnel.
29
STEP 3 (NEAR THE END OF AUDIT): EVALUATE AUDIT FINDINGS
 SSA 450.11 The Auditor shall determine whether uncorrected misstatements are material, individually or in
aggregate, considering
o Size and Nature of the misstatements
o Particular circumstances of their occurrence
o Effect of uncorrected misstatements related to prior periods
Steps in Applying Materiality
 SSA 450 The Auditor shall

o Accumulate misstatements identified during the Audit, other than those that are clearly trivial
o Evaluate if identified misstatements require revision to overall Audit Strategy and Audit Plan
o Communicate identified misstatements with management and request for correction
o Evaluate the effect of uncorrected misstatements on the FS (after updating materiality where necessary)
o Communicate uncorrected misstatements with those charged with governance (TCWG) and request for
correction
o Request written representation from management and TCWG that effects of uncorrected misstatements are
immaterial, individually and in aggregate, to the FS as a whole
o Modify the audit opinion if uncorrected misstatements are material, individually or in aggregate.
o If one of the entries were in excess of the performance materiality for an account balance, or if the aggregated
misstatements were greater than overall materiality, the entity would have to adjust the financial statements or
the auditor would have to issue a qualified or adverse opinion.
Nature of Misstatements SSA 450:A3

Nature of Misstatements
Factual Misstatements About which there is no doubt
Judgmental Misstatements Related to Management’s selection or application of accounting policies or
Nature of Misstatements
judgments concerning accounting estimates that the Auditor considers

inappropriate or unreasonable.
Projected Misstatements Related to the Auditor's best estimate of misstatements based on projection of
identified misstatements from Audit samples to entire populations
Examples of Circumstances that may render a Misstatement Material SSA 450.A16
The extent to which the misstatement:
 Affects compliance with regulatory requirements, debt covenants or other contractual requirements
 Masks a change in earnings or other trends
 Affects ratios used to evaluate the entity’s financial position, results of operations or cash flows
 Affects significant segment information presented in the financial statements
 Increases management compensation (e.g. by meeting bonus criteria)
Relationship Between Materiality and Audit Risk

Relationship Between Materiality and Audit Risk
 The effect of setting Materiality limits at different levels on Audit Risk and Planned Audit Procedures.
30
STAGE 3.5 AUDITOR'S RISK ASSESSMENT (TO RMM AND SET DR
(TOIN AUDIT RISK MODEL) A &
S
S
E
S
S
SSA 200:

As the basis for the auditor's opinion, SSAs require the auditor to obtain reasonable assurance about whether the FS as a whole

are free from material misstatement, whether due to fraud or error.

Reasonable assurance is a high level of assurance. It is obtained when the auditor obtain appropriate audit evidence to reduce
audit risk to an acceptably low level
 Audit risk is a function of RMM: The risk that the FS are materially misstated prior to the audit. May exist at overall FS level
Audit Riskpervasively
(relate is the risktothat
FS asthe Auditor
a whole expresses affect
and potentially an inappropriate audit
many assertions) or opinion when
at assertion levelthe financial statements are
materially misstated. (Issue an unmodified opinion on materially
 At assertion level, RMM consists of inherent and control risk. misstated financial statements)
o Audit Risk = Inherent Risk (IR) x Control Risk (CR) x Detection Risk (DR)
o Risk of Material Misstatements (RMM) = IR x CR
Inherent Risk (IR): The susceptibility of a Management Assertion (about a class of transactions, account balance or
disclosure) to a misstatement that could be material (either individually or when aggregated with other misstatements)
before consideration of any related or internal controls.
Control Risk (CR): The risk that a misstatement that could occur in a Management Assertion (about a class of
transactions, account balance or disclosure) and that could be material (individually or when aggregated with other
misstatements), will not be Prevented, or Detected and Corrected on a timely basis by the entity’s internal control.
Detection Risk (DR)
Audit Risk
The risk that the procedures performed by the Auditor to reduce Audit Risk to an acceptably low level will not detect
a misstatement that exists and that could be material (either individually or when aggregated with other
misstatements)
Relates to the Nature, Timing and Extent of Auditors' procedures determined by Auditors to reduce Audit Risk to an
acceptably low level. SSA 200
Is a function of the effectiveness of an Audit Procedure and its application by Auditors, which may be affected by
factors such as: Adequate Planning, Proper assignment of personnel to the engagement team, Application of
profession skepticism, Supervision and review of the Audit work performed.
Not possible to reduce to 0 because:
o Sampling Risk: Auditor will never examine 100% of the class of transactions/ account balances
o NonSampling Risk: Erroneous conclusion as a result of human error. Auditor might select an inappropriate audit
procedure / misapply the appropriate audit procedure / misinterpret the audit results / judgment bias
DR has an inverse relationship to IR x CR. [Planned DR = Planned AR / RMM (IR x CR]
o If Auditor judges a client’s IR x CR to be high, he31would set a lower DR in order to achieve the planned level of
Audit Risk and vice versa.
STEP 1 PERFORM PRELIMINARY RISK ASSESSMENT PROCEDURES
1. Inquiries of Management and Others

 The Auditor obtains information about the entity and its environment through preliminary inquiry.
 Entity Personnel (Internal Audit, Employees involved in initiating, processing or recording complex/unusual
transactions, Inhouse Legal Counsel, Production/Marketing/Sales)
 Others Outside the Entity
Auditor's Risk Assessment
2. Analytical Procedure
 The Auditor conducts preliminary analytical procedures to evaluate financial information and analysis plausible
relationships between financial and nonfinancial data. These procedures assist the Auditor in understanding the entity
and its environment and identify areas that may represent specific risks relevant to the Audit.
 Helpful in identifying unusual transactions or events, amounts, ratios and trends that might have implications for
Audit planning.
 To be discussed in other chapter.
3. Observation or Inspection
 Reading reports prepared by Management, TCWG, Internal Audit function
 Visits to the entity’s premises and plant facilities
 Read about industry development and trends, read the current year’s interim financial statements and review
regulatory or financial publications.
 Preliminary observation of entity activities and operations.
 Preliminary inspection of documents, records, internal control manuals
32
STEP 2 UNDERSTANDING THE ENTITY & ITS ENVIRONMENT
 The goal of this process is to assess the business risks faced by the entity and how those risks are controlled or not
controlled by the entity. (Refer to previous Diagram)
 The Auditor's understanding of the entity and its environment includes knowledge about the following categories:
Client’s Business Risk
 The risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely
affect an entity’s ability to achieve its objectives and execute its strategies, or from the setting of inappropriate
objectives and strategies. SSA 315
Why assess Client’s Business Risk?
 Business Risks includes any external/internal factors, pressures, forces that bear on the entity’s ability to survive
and be profitable.
 Hence, there are implications for the Auditor:
o Risk of Materiality Misstatement (Inherent and Control Risk) SSA 315
o Auditor's Business Risk (Engagement Risk)
o Financial Statement Expectations SSA 520
o Going- Concern Risks SSA 570
o Value- added Advice and Services
 SSA 315 (11): Auditor is required to obtain an understanding of the entity and its environment, including the
entity’s internal control:
o Relevant industry, regulatory and other external factors
o Nature of the entity, including its ownership and governance, operating, investing and financing activities
o Selection and application of accounting policies
o Objectives and strategies and those related business risks that may result in risks of misstatement
o Measurement and review of entity's financial performance
Auditor's business risk (also called engagement risk): the risk that auditor is exposed to loss or injury to professional practice from
litigation, adverse publicity or other events arising in connection with financial statements audited and report on.
33
Techniques for Assessing Business Risk

1. PESTLE Analysis
Political  Government Stability  Employment Law  Trade Treaties
 Taxation Laws  Mergers Law  Environmental Law
 Industrial Policies  Infrastructure  Corruption / Wars
Economic  Inflation  Employment  Disposable Income
 Growth Rate  Business Cycle  Labor Costs
 Trends
Social  Demographics  Income Distribution  Level of Education
 Attitude to Work/Leisure  Cultural Norms  Population Growth
 Ethnic/Religious Factors  Social Mobility
Technological  New Developments  Technological Transfer  Technological
 R&D Efforts  Communications Obsolescence
 Accessibility
Legal  Law Enforcement  Regional Laws  Judiciary System
 Patent Laws
Environmental  Resource Management  Energy Availability  Workforce Health
 Climate Change
2. Porter’s Five Forces

Auditor's Risk Assessment
34
3. SWOT Analysis
Types of Business Risk
1. Strategic (internal) Risk: They are the risks associated with the operations of that particular industry. These kind of
risks arise from
o Business Environment: Buyers and sellers interacting to buy and sell goods and services, changes in supply
and demand, competitive structures and introduction of new technologies.(small portfolio, mkt strategy
o Transaction: Assets relocation of mergers and acquisitions, spin-offs, alliances and joint ventures. Emphasis on
wrong products, inappropriate acquisitions etc.
o Investor Relations: Strategy for communicating with individuals who have invested in the business.
2. Financial (internal) Risk [*]: These are the risks associated with the financial structure and transactions of the
particular industry.
3. Operational (internal) Risk: These are the risks associated with the operational and administrative procedures of
the particular industry, which are very common in today's generation. They could be flaws in the way business is
carried on, its processes and systems (e.g. poor labor-relations, loss of key employees, reliance on few suppliers or
Types of Business Risks
customers, lack of R&D, excess supply in inventory)
4. Compliance Risk (Legal Risk): These are risks associated with the need to comply with the rules and regulations of
the government.
5. Other Risks
o Governance (internal) Risk: Poor or inadequate Corporate Governance
o Natural Disasters: Acts of God and Hazards such as Floods, Fire.
o IT Risk: Any risk related to Information Technology.
o Reputational Risk: A risk of loss resulting from damages to a firm's reputation, in lost revenue; increased
operating, capital or regulatory costs; or destruction of shareholder value, consequent to an adverse or
potentially criminal event even if the company is not found guilty. Adverse events typically associated with
reputation risk include ethics, safety, security, sustainability, quality, and innovation. Reputational risk can be
a matter of corporate trust.
o Political Risk: A type of risk faced by investors, corporations, and governments. It is a risk that can be
understood and managed with reasoned foresight and investment. Broadly, political risk refers to the
complications businesses and governments may face as a result of what are commonly referred to as political
decisions—or “any political change that alters the expected outcome and value of a given economic action by
changing the probability of achieving business objectives”
35
[*] Financial Risk
a. Asset-backed Risk: Risk that the changes in one or more assets that support an asset-backed security will
significantly impacts the value of the supported security. Risks include interest rate, term modification, and
prepayment risk.
b. Credit Risk: Credit risk, also called default risk, is the risk associated with a borrower going into default (not
making payments as promised). Investor losses include lost principal and interest, decreased cash flow, and
increased collection costs. An investor can also assume credit risk through direct or indirect use of leverage. For
example, an investor may purchase an investment using margin. Or an investment may directly or indirectly use
or rely on repo, forward commitment, or derivative instruments
o Refinancing Risk: Possibility that a borrower cannot refinance by borrowing to repay existing
c. Foreign Investment Risk: Risk of rapid and extreme changes in value due to: smaller markets;
differing accounting, reporting, or auditing standards; nationalization, expropriation or confiscatory
taxation; economic conflict; or political or diplomatic changes. Valuation, liquidity, and regulatory issues may
also add to foreign investment risk.
d. Financial Operation Risk: Risk incurred by an organization’s internal activities.

o Model Risk: Risk of loss resulting from using models to make decisions, initially and frequently referring to
valuing financial securities
o Legal Risk
Types of Business Risk - Financial Risk
o Political Risk
o Valuation Risk: The financial risk that an asset is overvalued and is worth less than expected when it
matures or is sold. Factors contributing to valuation risk can include incomplete data, market instability,
financial modeling uncertainties and poor data analysis by the people responsible for determining the
value of the asset. This risk can be a concern for investors, lenders, financial regulators and other people
involved in the financial markets. Overvalued assets can create losses for their owners and lead to
reputational risks; potentially impacting credit ratings, funding costs and the management structures of
financial institutions.
e. Liquidity Risk: This is the risk that a given security or asset cannot be traded quickly enough in the market to
prevent a loss (or make the required profit).
f. Market Risk
o Equity Risk is the risk that stock prices in general (not related to a particular company or industry) or
the implied volatility will change.
o Interest Rate Risk is the risk that interest rates or the implied volatility will change.
o Currency Risk is the risk that foreign exchange rates or the implied volatility will change, which affects, for
example, the value of an asset held in that currency.
o Commodity Risk is the risk that commodity prices (e.g. corn, copper, crude oil) or implied volatility will
change.
g. Other Risks
o Reputational Risk
o Volatility Risk: The risk of a change of price of a portfolio as a result of changes in the volatility of a risk
factor. It usually applies to portfolios of derivatives instruments, where the volatility of its underlying is a
major influencer of prices.
o Settlement Risk: The risk that a counterparty does not deliver a security or its value in cash as per
agreement when the security was traded after the other counterparty or counterparties have already
delivered security or cash value as per the trade agreement.
o Profit Risk: A risk management tool that focuses on understanding concentrations within the income
statement and assessing the risk associated with those concentrations from a net income perspective.
o Systemic Risk: The risk of collapse of an entire financial system or entire market, as opposed to risk
associated with any one individual entity, group or component of a system that can be contained therein
without harming the entire system.
STEP 3 IDENTIFY BUSINESS RISKS THAT MAY RESULT IN MATERIAL MISSTATEMENTS IN F/S
 The Auditor identifies Business Risks that may result in Material Misstatements.
36
STEP 4 EVALUATE THE ENTITY’S RISK ASSESSMENT PROCESS (IE HOW MANAGEMENT
RESPONDS TO THOSE BUSINESS RISKS) AND OBTAIN EVIDENCE ON ITS IMPLEMENTATION
 Management has a responsibility to identify, control and mitigate Business Risks that may affect the Entity’s ability
to achieve its Objectives. The Auditor should obtain information on the Management’s Risk Assessment process
and whether it is operating effectively.
o If the Entity’s response to the identified risks are adequate, the RMM may be reduced.
o If the Entity’s response to the identified risks are inadequate, the RMM may be increased.
o If the Entity does not have any response to identified risks, then the Auditor must develop tests to determine
if any misstatements are present in the related class of transactions or account balance.
STEP 5 ASSESS THE RISK OF MATERIAL MISSTATEMENT (DUE TO ERROR / FRAUD)
 To assess the RMM, the Auditor must consider how the identified risks could result in a Material Misstatement in
the Financial Statements. This includes considering how the Entity’s Risk Assessment Process may affect the
magnitude and likelihood of potential misstatements.
 SSA 315 (27-28) As part of Risk Assessment, Auditors shall determine whether any risks identified are significant
risks, including:
o Fraud
o Significant economic, accounting or other developments
o Complex transactions
o Significant transactions with related parties
o Financial information involving high measurement subjectivity or uncertainty.
o Significant transactions outside normal course of business or otherwise appear unusual.
 Such risks are associated with a higher RMM because they often involve significant non-routine transactions or
judgmental matters, and are less subject to routine controls.
 Misstatements can be due to:

o Error
o Fraud (tend to be more difficult to detect as it is well--concealed) – More difficult to detect.
 Fraud can be classified into two types:

1. Misstatements arising from Fraudulent Financial Reporting
o Manipulation, falsification, alteration of accounting records or supporting documents from which
financial statements are prepared.
o Misrepresentation in, or intentional omission from, the financial statements of events, transactions or
other significant information.
o Intentional misapplication of accounting policies relating to amounts, classification, manner of
presentation or disclosure.
2. Misstatements arising from Misappropriation of Assets (Defalcation)
o Embezzling cash received.
o Stealing assets and intellectual property.
o Causing the entity to pay for goods/services not received.
SPOTLIGHT ON: THE FRAUD RISK ASSESSMENT PROCESS
Auditor's Responsibility & Objectives
 The primary responsibility for Prevention and Detection of Fraud rests with Management and TCWG.
Fraud
 Auditor conducting an audit is responsible for obtaining reasonable assurance that the FS taken as a whole are
free from material misstatement, whether caused by fraud or error.
 In relation to RMM due to fraud, the Auditor's Objectives are:

o Identify and assess RMM due to fraud
o Design and implement appropriate responses
o Respond appropriately to identified or suspected fraud
30
SSA 240 Requirements for Auditors on Fraud

Maintain Professional Auditor must recognize the possibility that a material misstatement due to fraud could
Skepticism exist, notwithstanding the Auditor's past experience of the honesty and integrity of the
entity’s management and TCWG.
Discussion among the Place emphasis on how/where the entity’s financial statements may be susceptible to
Engagement Team material misstatement due to fraud and how fraud might occur.
Perform Relevant Risk a. Enquire Management, TCWG and Others (e.g. Internal Auditors)
Assessment Procedures - Find out their Fraud Risk Management process
and Related Activities - Knowledge of actual, suspected or alleged fraud.
b. Apply Analytical Procedures to identify unusual/unexpected relationships that may

be indicative of fraud
c. Consider other information (e.g. from client acceptance process or other

engagements) that may be indicative of fraud.
d. Evaluate Fraud Risk Factors (Appendix 1, SSA 240) [Fraud risk triangle: incentive,
opportunity, rationalization]
Identification and  At the F/S Level and at the Assertion Level
Assessment of the RMM  Base on a presumption that there are risks of Fraud in the Revenue Recognition
due to Fraud process and Management Override of Controls
Responses to the  At the F/S Level (Overall Responses) – SSA 240 (A28)
Assessed RMM due to o Assignment of more experienced staff/ experts with special skills or use experts
Fraud o Closer/more supervision
o Emphasizing to the audit team the need to maintain professional skepticism
o Incorporating additional elements of unpredictability in the selection of further
audit procedures to be performed
o Making general changes to the nature, timing, or extent of audit procedures,
for example: performing substantive procedures at the period end instead of at
an interim date; or modifying the nature of audit procedures to obtain more
Fraud
persuasive audit evidence

 At the Assertion Level – SSA 240 (A30, Appendix 2)
o Nature, timing and extent of further Audit procedures responsive to the
assessed risk of material misstatement
 Nature: Purpose (e.g. tests of controls vs substantive procedures) and
type (e.g. confirmation vs substantive analytical procedures)
 Timing (e.g. at interim date vs period end)
 Extent (e.g. sample size, frequency of observation)
Perform Audit  Perform audit procedues to address risk of management override of controls:
Procedures  Test appropriateness of journal entries and other adjustments
 Review accouting estimates for bias
 Assess business rationale of significant transactions
 Obtain written representations from MGT and TCWG:

 Acknowledgement of responsibility for IC ro prevent and detect fraud
 Results of management’s assessment of RMM due to fraud
 Any known, alleged or suspected fraud
Evaluation of Audit  If the auditor identifies a misstatement, whether material or not, and the auditor
Evidence has reason to believe that it is or may be the result of fraud and that management
is involved, the auditor shall reevaluate the assessment of the RMM due to fraud
and its resulting impact on the nature, timing and extent of audit procedures to
respond to the assessed risks.
 The auditor shall also consider whether circumstances or conditions indicate
possible collusion involving employees, management or third parties when
reconsidering the reliability of evidence previously obtained.
Consider if Auditor  Determine the professional/legal responsibilities applicable in the circumstances,
Unable To Continue the including whether there is a requirement for the Auditor to report to the person
Engagement who made the Audit appointment / regulatory authorities
 Consider if it is appropriate to withdraw from the engagement, where withdrawal
is possible
38
Obtain Written  Acknowledgement of responsibility for internal controls to prevent/detect fraud.
Representations from  Results of Management’s assessment of RMM due to fraud
Management / TCWG  Any known, alleged or suspected fraud.
Communications to  Communicate on a timely basis to Management / TCWG.
Management / TCWG  Discuss with them the Nature, Timing, Extent of Audit Procedures necessary to
complete the Audit
Consideration of laws  Non-compliance with laws and regulations may have material effect on FS
and regulations because:
• Some laws and regulations have direct effect on the determination of material
amounts and disclosures in FS (e.g., tax laws, disclosures required by SGX
regulations) Auditor needs to obtain sufficient appropriate evidence regarding
compliance with these laws and regulations
• Non-compliance with certain laws and regulations may lead to material

penalties, and restrictions to, or inability to continue, operations Auditor needs
to perform audit procedures to identify instances of non-compliance with
these laws and regulations (e.g., inquiry of MGT and TCWG, and inspection of
correspondences with relevant authorities)
Communications to  Legal responsibilities of Auditor may override the duty of Confidentiality.
Regulatory and
Enforcement Authorities  Auditor's Responsibility to Report Non- Compliance with Companies Act
Under the CA s207(9), Auditor has to report the matter in writing to the Registrar,
if he is satisfied that (a) there has been a breach or non-observance of any of the
provisions in the CA and (b) the matter not / will not be adequately dealt with by
Directors.
 Auditor's Responsibility to Report Fraud

Under the CA s207(9A), if the Auditor of a Public Company has reason to believe
that a serious offence involving Fraud or Dishonesty (offence imprisonment of
more than 2 years and value of property involved more than $20k) is being/has
been committee, he shall immediately report the matter to the Minister.
 Auditor's Other Reporting Responsibilities for Fraud / Terrorism

(continued) EP200 (reiterating the former SAP1):
o Auditors need to take the possibility of money laundering and terrorism
financing into account (SAP 1 para 21)
o Auditors need to be sufficiently aware of the main provisions of the anti-
money laundering and anti- terrorism financing legislation (para 44)
o Mandatory Reporting/Tip- Offs for all Professional Accountants.
Consideration of Related  SSA 550 Audit Significance of Related Parties (RP) and RP Transactions include:
Parties o Risk from inappropriate accounting
o Risk from non--identification or non- disclosure
- Inherent difficulty in identifying undisclosed RPs/RPTs (management
themselves may be unaware; esp. if framework does not req. disclosure)
o Heightened Risk of Fraud-- RPs present greater opportunities for
Fraud
collusion, concealment, manipulation by management

- RPs involved in a number of corporate reporting scandals in recent
times.
 SSA 315 Risk-based Approach requires a thorough understanding of RPs and RPTs to
identify and assess risks.
o Consider RPs in Engagement Team Discussion
o Inquire into changes in RPs from prior period, nature of RP relationships and
type and purpose of RPTs
o Understand controls to identify, account for, and disclose RPs and RPTs; and
to authorize and approve significant RPTs
o Determine whether any of the assessed risks are significant
o Respond appropriately to assessed risks.
39
STEP 6 AUDITOR'S RESPONSE TO ASSESSED RMM
Response to Assessed RMM at the F/S Level
SSA 330 (5, A1-3): Auditor shall design and implement overall responses to address the assessed RMM at the FS level,
including:
 Emphasizing to the Audit team the need to maintain Professional Skepticism

 Assigning more Experienced staff or those with special Skills or use of Experts
 Providing more Supervision
 Incorporating additional elements of Unpredictability in the selection of further Audit Procedures to be performed
Making general changes to the Nature, Timing, Extent of Audit Procedures

(e.g. performing substantive procedures at the period end instead of at an interim date; or modifying the nature of
Audit Procedures to obtain more persuasive Audit Evidence)
Response to Assessed RMM at the Assertion Level
SSA 330 (6, A4-16): Auditor shall design and perform further Audit Procedures whose Nature, Timing and Extent are
based on and are responsive to the assessed RMM at the Assertion Level:
 Nature: Purpose (e.g. Tests of Control vs Substantive Procedures) and Type (e.g. Confirmation vs Substantive
Analytical Procedures)
 Timing: (e.g. At Interim Date vs Period End)
 Extent: (e.g. Sample Size, Frequency of Observation)
40
41
STAGE 3.6 CONSIDER MANAGEMENT ASSERTIONS
Overview of Management Assertions
 Management is responsible for the fair presentation of the financial statements. Assertions are representations by
Management that are embodied in the financial statements.
 Used by Auditor to consider the different types of potential misstatements that may occur.
Categories of Assertions
Classes of Account Balances at the end Presentation and Disclosure
Transactions/Events during of the period
the period
Occurrence Transactions and events that Disclosed events,
have been recorded have transactions and other
occurred and pertain to the matters have occurred and
entity. pertained to the entity.
Existence Assets, Liabilities, Equity
Interests exist.
Rights & The entity holds or controls The rights and obligations
Obligations the rights to Assets and have been disclosed in the
Overview of Management Assertions
Liabilities are the obligations financial statements.

of the entity.
Completeness All transactions and events All Assets, Liabilities and All disclosures that should
that should have been Equity Interests that should have been included in the
recorded have been have been recorded have financial statements have
recorded. been recorded. been included.
Accuracy Amounts and other data Financial and other
relating to recorded information is disclosed fairly
transactions and events have and at appropriate amounts.
been recorded appropriately
in accordance to the financial
reporting framework
standards and methods.
Valuation & Assets, Liabilities and Equity
Allocation Interests are included in the
financial statements at
appropriate amounts, and
any resulting valuation or
allocation adjustments are
appropriately recorded.
Cutoff Transactions and events have
been recorded in the correct
accounting period.
Classification Transactions and events have Financial information is
been recorded in the proper appropriately presented and
account. described, and disclosures
are expressed clearly.
Understandability
42
ASSERTIONS ABOUT CLASSES OF TRANSACTIONS (P&L)
Occurrence VS Completeness
 Occurrence assertion relates to whether all recorded transactions have occurred and pertained to the entity.
 For e.g. Management asserts that all revenue transactions recorded during the period were valid but entity’s
personnel might have incentives to record fictitious transactions, resulting in an Overstatement in the related
account. Sometimes referred as validity.
 Completeness assertion relates to whether all transactions that occurred during the period have been recorded.
 For e.g. If the entity fails to record a valid revenue transaction that ought to be recorded, it will result in an
Assertions about Classes of Transactions
Understatement of the related account.
Accuracy
 Accuracy assertion addresses whether amounts and other data relating to recorded transactions have been
recorded in appropriate amounts.
 Financial reporting frameworks establish the appropriate method for recording a transaction. For e.g. FRS states
that the amount recorded for the cost of a new machine includes all directly attributable costs necessary to bring
the machine to its required working condition.
Cut- Off
 Cut- Off assertion relates to whether transactions have been recorded in the correct accounting period.
 For e.g. Auditor may want to test proper cut-off of revenue transactions at 31-Dec-2015. The Auditor can examine a
sample of shipping documents/sale invoices for a few days before and after year-end to test whether the sale
transactions have been recorded in the proper period.
Classification
 Classification assertion is concerned with whether transactions and events have been recorded in the proper
accounts.
 For e.g. Management asserts that Maintenance costs to repair a machine that do not add to its usefulness are
properly charged to the Repairs and Maintenance Expense account instead of the Machine Asset account.
ASSERTIONS ABOUT ACCOUNT BALANCES (BALANCE SHEET)
Existence
 Existence assertion addresses whether ending balances of Assets, Liabilities and Equity included in the financial
Assertions about Account Balances
statements actually exist at the date of the financial statements.

 For e.g. Management asserts that Inventory shown on balance sheet exists and is available for sale.
Rights and Obligations
 Rights (Assets) & Obligations (Liabilities) assertion addresses whether the entity holds or controls the rights to
assets and that liabilities are the obligations of the entity.
 For e.g. Amounts capitalized for leases reflect assertions that the entity has rights to leased property and that the
corresponding lease liability represents an obligation of the entity.
Completeness
 Completeness assertion addresses whether all Assets, Liabilities and Equity Interests that should have been
included as ending balances on the financial statements have been included.
 For e.g. Management implicitly asserts that the ending balance shown for Accounts Payable on the Balance Sheet
includes all such liabilities as of the balance sheet date.
43
Valuation and Allocation
 Valuation and Allocation assertion addresses whether Assets, Liabilities and Equity Interests included in the
financial statements are at appropriate amounts, and any resulting adjustments are appropriately recorded.
 For e.g. For Valuation, Management asserts that inventory is carried at the lower of cost or NRV on the Balance
Sheet. For Allocation, Management asserts that the cost of PPE is systematically allocated to appropriate
accounting periods by recognizing Depreciation Expense.
ASSERTIONS ABOUT PRESENTATION & DISCLOSURE
Occurrence & Rights and Disclosure
 Occurrence & Rights and Disclosure assertions address whether disclosed events, transactions and other matters
have occurred and pertained to the entity.
 For e.g. When Management presents capitalized lease transactions on the Balance Sheet as leased assets, the related
liabilities as long-term debts, and the related note, it is asserting that a lease transaction occurred, it has a right to
the leased asset and it owes the related lease obligation to the lessor.
Assertions about Presentation & Disclosure
Completeness
 Completeness assertion relates to whether all disclosures that should have been included in the financial
statements have been included.
 Therefore, Management asserts that no material disclosures have been omitted from the notes and other
disclosures accompanying the financial statements.
Classification and Understandability
 Classification and Understandability addresses whether the financial information is appropriately presented and
described, and disclosures and clearly expressed.
 For e.g. Management asserts that the portion of long-term debt shown as a current liability will mature in the current
year. Similarly, Management asserts that all major restrictions on the entity resulting from debt covenants are disclosed
in notes and are able to be understood by the users of the financial information.
Accuracy & Valuation
 Accuracy & Valuation assertions addresses whether financial and other information is disclosed fairly and at
appropriate amounts.
 For e.g. When Management discloses the FV of Securities, it is asserting that these financial instruments are
properly valued in accordance with the applicable financial reporting framework. In addition, Management may
disclose in a note other information related to financial instruments.
Management assertions for the accounts receivable balance. [example]
Assertions Possible misstatement Example of audit procedures
Existence Fictitious customer Confirm AR
Rights and onligations Receivables have been sold or factored Inquire of management whether
receivables have been sold
Completeness Customer accounts are not recorded Agree of total AR subsidiary ledger to
AR control account
Valuation and allocation Delinquent receivable carried at full Test the adequacy of the allowance of
amount doubtful accounts
44
STAGE 3.7 PLAN FOR GATHERING AUDIT EVIDENCE
Audit Evidence (SSA 500(5))

Audit Evidence
 The information used by the Auditor in arriving at the conclusions on which the Audit Opinion is based, and it
includes the information contained in the accounting records underlying the financial statements and other
information.
 The following concepts of Audit Evidence are important to understanding the conduct of the Audit:
1. NATURE OF AUDIT EVIDENCE
 The nature of the evidence refers to the form or type of information, which includes accounting records and other
available information.
o Accounting Records: Includes the records of initial entries and supporting records, such as records of
1. Nature
electronic funds transfers; invoices; contracts; the general and subsidiary ledgers, journal entries and other
adjustments to the financial statements that are not reflected in formal journal entries; and records such as
worksheets/spreadsheets supporting cost allocations, computations, reconciliations and disclosures.
o Other Information: Includes the minutes of meetings; confirmation from third parties; analysts’ reports;
comparable data about competitors (for benchmarking); controls manuals; information obtained by the
Auditor from such Audit Procedures as Inquiry, Observation and Inspection; and other information developed
by/available to the Auditor that permits the Auditor to reach conclusions through valid reasoning.
2. THE SUFFICIENCY & APPROPRIATENESS OF AUDIT EVIDENCE
SSA 500(6): The Auditor should obtain sufficient appropriate evidence to be able to draw reasonable conclusions on
which to base the Audit Opinion. SSA 200(A48): The matter of difficulty, time or cost is not in itself a valid basis for the
Auditor to omit an Audit Procedure for which there is no alternative or to be satisfied with Audit Evidence that is less than
persuasive.
 Sufficiency: The measure of the quantity of Audit Evidence.

 Appropriateness: The measure of the quality of Audit Evidence.
 The Auditor must consider both concepts when assessing risks and designing Audit Procedures. Both are
interrelated and have an inverse relationship:
o Greater risk of material misstatement More Quantity of Audit Evidence required.
o Higher Quality of Audit Evidence Lower Quantity of Audit Evidence required.
2. Sufficiency and Appropriateness
Obtaining more evidence may not compensate for its poor quality.
 Evidence is considered appropriate when it provides information that is both relevant and reliable:
o Relevant: Relevance of Audit Evidence refers to its relationship to the assertion being tested. If the Auditor
relies on evidence that is unrelated to the assertion, he may reach an incorrect conclusion about the
assertion.
Relevant + Reliability = Appropriateness = a measure of the quality of audit evidence.
o Reliability: Reliability refers to whether a particular type of evidence can be relied upon to signal the true
state of an assertion.
– Independence of Source: Evidence obtained by the Auditor from an independent source outside the
entity is usually viewed as more reliable than evidence obtained solely from within the entity.
More reliable
Document obtained directly by Auditor that originate outside the Client (e.g. Direct Bank confirmation)
Document obtained by the Auditor from the Client that originated from outside (e.g. Bank Statements)
Documents originating inside the Client but which circulates outside (e.g. Cancelled Cheques)
Documents originating inside the Client and never circulated outside (e.g. Cash Book)
– Effectiveness of Internal Control: Weak Internal Control 

High Control Risk 
Accounting System
more likely to be unreliable (and vice versa)
– Auditor’s Direct Personal Knowledge: Generally, evidence obtained by Auditor is more reliable.
– Nature of Evidence: Documentary evidence more reliable than Oral form.
– Original Documents: Originals are more reliable than photocopies.
3. THE EVALUATION OF AUDITEVIDENCE

3. Evaluation
 Auditor must be thorough, unbiased in evaluation and remain objective.

 Requires understanding of the (i) Types of Evidence Available and (ii) Relative Reliability of Available Evidence.
 Evidence Triangulation (SSA 500(A8)): Consistent evidence from different sources more Assurance.
45
SPOTLIGHT ON: AUDIT PROCEDURES
 AC3101
Audit Procedures are specific acts ASSURANCEby
performed & the
AUDITING | BYto
Auditor SAMUEL WYSTAN
gather evidence about whether specific assertions are
being met. There are three categories of Audit Procedures and serve the following purposes:
Risk Assessment Procedures Used to obtain an understanding of the entity and its external/internal environment
to access the risks of material misstatement at the financial statement and relevant
assertion levels.
Tests of Controls Used to test the operating effectiveness of controls in preventing, or detecting and
inverse r/s w substantive test. correcting, material misstatements at the relevant assertion level.
Audit Procedures
If already show control procedures ineffective and there is an increase in risk of

material misstatement, increase extent of substantive testing because test of control
alr. Show control ineffective.
Substantive Procedures Used to detect material misstatements at the relevant assertion level.
Two Categories: Test of Details (of Classes of Transactions, Account Balances,
Disclosures) and Substantive Analytical Review Procedures
Analytical  Consists of evaluations through analysis of plausible relationships among financial/non- financial
Review data. Involves comparison of recorded values with expectations by auditor.
Procedures  Effective and efficient form of Audit Evidence.
External Audit Evidence obtained by Auditor as a direct written response from a Confirming Third- Party.
Information Confirmed Source of Confirmation
Confirmation
Cash Balance Bank
Existence,
Account Receivable Customers
completeness
Inventory on Consignment Consignee
Accounts Payable Individual Vendors (Suppliers)
Insurance Coverage Insurance Company
Contingent Liability Lawyer
Collateral for Loan Creditor
Inquiry  Seeking information of knowledgeable persons within the entity.
 Usually to understand entity and its environment (i.e. internal controls)
Types of Audit Procedures
 Inquiry alone ordinarily does not provide sufficient Audit Evidence, and requires additional
collaborative evidence to support the responses.
Inspection Inspection Reliability of Records or Documents (Internal/External)
of Records  Internal documents: Generated and maintained within the entity [Less reliable ]
and  External documents (generally more reliable) has two forms:
Documents o Documents originating within the entity but circulated to independent
sources outside (e.g. remittance advices returned with cash receipts from
customer payment and payroll payments)
o Documents generated outside the entity but included in the entity’s
accounting records. (e.g. bank statements, vendors’ invoices)
Direction of Testing
 Vouching (Occurrence) – From Journal Ledger to Source Document: This
approach provides evidence that the items included in the accounting records
have occurred. (e.g. Auditor examine a sample of sales transactions from sales
journal to ensure that sales are not fictitious.)
 Tracing (Completeness) – From Source Document to Journal Ledger: Ensures
that transactions that occurred are indeed recorded in the accounting records.
(e.g. Auditor selects a sample of shipping documents and traces them to the
related sales invoices and then to the sales journal)
Inspection  Physical Inspection (Existence) of the Assets. (e.g., counting Cash on Hand,
of Tangible examining Inventory Stock, Marketable Securities, Fixed Assets)
Assets  Physical Inspection (Valuation) of the Assets. (e.g. Identifying items that are
obsolete or slow-moving)
Observation  Looking at a process or procedure being performed by others. The actions being observed
typically do not leave an Audit trail that can be tested by examining documents
 However, not very reliable and requires additional corroborating evidence.
46
RecalcUlation  Checking the mathematical accuracy of documents through manual/use of IT (i.e. Computer-
Assisted Audit Techniques)
 Includes footing, crossfooting, reconciling subsidiary ledgers to account balances and testing
postings from journals to ledgers.
 Highly reliable as the Auditor creates the evidence.
Reperformance  Independent execution by the Auditor of procedures/controls originally performed by
Company personnel. Highly reliable as Auditor creates the evidence.
Scanning  Review of accounting data for large/unusual items, non- standard journal entries.
Designing
Designing the Audit Procedure
 Nature, Timing, Extent of Audit Procedures need to respond to the assessed risks of material misstatement at the
assertion level.
Relying on the Work of Others
 Auditors may rely on the work of others during an Audit:

o Internal Auditors – SSA 610
o Component Auditors (in a Group Audit for JV, Overseas Subsidiaries etc.) – SSA 600
o Experts (e.g. IT, Legal, Valuation Specialists etc.) – SSA 620
Relying on the Work of Others
Using the Work of Experts
SSA 620(12): An Auditor should:
 Assess capabilities and competence of the expert

 Assess objectivity of the expert
 Obtain an understanding of the expert’s field of expertise and work performed
 Evaluate the adequacy of the expert’s work, including:
o Relevance and Reasonableness of expert’s findings and conclusions, and their consistency with other Audit
evidence
o Relevance and Reasonableness of assumptions and methods used
o Relevance, Completeness and Accuracy of Source Data used
 E.g. Internal Auditors: Some of their work performed may be directly relevant to External Auditors’ work.
But before the decision to use Internal Auditors’ work, the External Auditors must evaluate the internal Auditors’
objectivity and competence first.
Hierarchy of Evidence Reliability

Hierarchy of Evidence Reliability
Best Physical Evidence – Inspection of Tangible Assets

External Confirmations
Inspection of External Documentation
Recalculations / Reperformance
Good Inspection of Internal Documentation (Strong Internal Control)
Analytical Review Procedures (Strong Internal Control)
Observation
Client Inquiry done rigorously
Weak Inspection of Internal Documentation (Poor Internal Control)
Analytical Review Procedures (Poor Internal Control)
Client Inquiry done informally
47
SPOTLIGHT ON: AUDIT DOCUMENTATION
Definition
Audit Documentation
 Audit Documentation consists of the record of Audit Procedures performed, relevant Audit Evidence obtained and
conclusions the Auditor reached, aka the ‘Audit File’ or ‘Working Papers’. It is like the ‘story’ of the Audit.
Objectives of Audit Documentation
1. To provide Principal support for the representation in the Auditor’s Report that the Audit was conducted in
accordance with Auditing Standards and applicable legal and regulatory requirements
2. To aid in the planning, performance and supervision of the Audit
3. To provide the basis for the review of the quality of the work by providing written documentation of the evidence
supporting the Auditor’s significant conclusions.
i.e. to provide a sufficient and appropriate record of the basis for the auditor's report
Objectives
How Much Documentation is Required?
SSA 230(8): The Auditor shall prepare Audit Documentation that is sufficient to enable an experienced Auditor, having
no previous connection with the Audit, to understand:
(a) The nature, timing and extent of the Audit Procedures performed to comply with the SSAs and applicable legal and
regulatory requirements.
(b) The results of the Audit Procedures performed and the Audit Evidence obtained; and
(c) Significant matters arising during the Audit, the Conclusions reached thereon, and significant professional
judgments made in reaching those Conclusions.
Content of Audit Documentation
 Most Audit firms maintain

PermanentAudit Documentation in two types of files: Current
Contain historical data about the entity that are of Includes information and data related specifically to the
continuing relevance to the Audit. Current Year’s Engagement.
Copies of Corporate Charter Copy of Financial Statements and Auditor’s Report
Content
Charts of Accounts Overall Audit Strategy / Audit Plan

Organizational Chart Minutes of Important Meetings
Copies of Important Contracts (Pension, Union, Leases..) Working Trial Balance
Documentation of Internal Control (Flowcharts) Adjusting and Reclassification of Journal Entries
Terms of Stock/Bond Issues Working papers supporting financial statement accts.
Prior Years’ Analytical Procedure results And more…
40
STAGE 4: INTERNAL CONTROL

INTERNAL CONTROL
Internal Control TB(pg 189)
 COSO Internal Control Integrated Framework: Internal Control is a process designed and effected by an entity’s
Board of Directors, Management and Other Personnel to provide reasonable assurance that the organization’s
Objectives are being met in the following categories:
o Reliability, timeliness and transparency of internal and external, non- financial and financial reporting
o Effectiveness and efficiency of operations, including safeguarding of assets
o Compliance with applicable laws and regulations
 SSA 315(12): most controls relevant to the audit are likely to relate to financial reporting
Five Interrelated components of COSO’s Internal control:

o Control environment
o Risk assessment
o Control activities
o Information and communication
o Monitoring
Control environment
SSA 315 A77-78; Appendix 1
 Includes the governance and management functions and the attitudes, awareness, and actions of those charged with
governance and management concerning the entity’s internal control and its importance in the entity.
 Auditor should consider: Communication and enforcement of integrity and ethical values
o Commitment to competence
o Participation by those charged with governance
Internal Control
o Management’s philosophy and operating style

o Organizational structure
o Assignment of authority and responsibility
o Human resource policies and practices
Audit Committee: Companies Act 201B:

(1) Every listed company shall have an AC.[5/2004]
(2) An AC shall be appointed by the directors from among their number (pursuant to a resolution of the board of directors) and
shall be composed of 3 or more members of whom a majority shall not be
(a) executive directors of the company or any related corporation;
(b) a spouse, parent, brother, sister, son or adopted son or daughter or adopted daughter of an executive director of the
company or of any related corporation; or
(c) Any person having a relationship which, in the opinion of the board of directors, would interfere with the exercise of
independent judgment in carrying out the functions of an AC.
(3) The members of an AC shall elect a chairman from among their number who is not an executive director or employee of the
company or any related corporation.
Functions of AC: Companies Act 201B (5): The functions of an AC shall be:
(a) to review —
(i) with the auditor, the audit plan;
(ii) with the auditor, his evaluation of the system of internal accounting controls;
(iii) with the auditor, his audit report;
(iv) the assistance given by the company’s officers to the auditor;
(v) the scope and results of the internal audit procedures; and
(vi) the financial statements of the company and, if it is a parent company, the consolidated financial statements, submitted
to it by the company or the parent company, and thereafter to submit them to the directors of the company or parent
company; and[Act 36 of 2014 wef 01/07/2015]
(b) to nominate a person or persons as auditor, notwithstanding anything contained in the constitution or under section 205,[
Act 36 of 2014 wef 03/01/2016]
Together with such other functions as may be agreed to by the audit committee and the board of directors.
41
Auditors and AC Meetings: Companies Act 201B:

(6) The auditor has the right to appear and be heard at any meeting of the audit committee and shall appear before the
committee when required to do so by the committee.
(7) Upon the request of the auditor, the chairman of the audit committee shall convene a meeting of the committee to consider
any matters the auditor believes should be brought to the attention of the directors or shareholders.
Types of Control Activities: SSA 315 Appendix 1

Control activities are defined by policies and procedures that help ensure that management’s directive are carried out and
implemented to address risks identified in the risk assessment process. Can be preventive, detective or corrective in nature.
o Performance reviews
o Information processing
o Physical controls
 Physical security of assets including adequate safeguards e.g. secure facilities to protect against theft of
assets or records
 Authorization for access to computer programs and data files
 Periodic counting and comparison with amount shown on control records.
o Segregation of duties Authorisation x Custody x Recording
Management’s Responsibility for Internal Control
 SSA 200 (A2): An audit in accordance with SSAs is conducted on the premise that Management and TCWG have
acknowledged and understand their responsibility for:
o Preparation of f/s in accordance with the applicable financial reporting framework; and
o Such internal control determined by them to be necessary for preparation of f/s that are free from material
misstatement, whether due to fraud or error.
 Companies Act (S199, 2A): Every public company and every subsidiary of a public company shall devise and
maintain a system of internal accounting controls sufficient to provide a reasonable assurance that
o Assets are safeguarded against loss from unauthorized use or disposition; and
o Transactions are properly authorised and recorded to permit the preparation of true and fair profit and loss
accounts and balance-sheets and to maintain accountability of assets.
Reporting on internal control

Code of Corporate Governance 2012 (principle 11):
 The Board should comment on the adequacy and effectiveness of the internal controls, including financial,
operational, compliance and information technology controls, and risk management systems, in the company's Annual
Report
SGX listing rules 1207(10) and 1204 (10):

 Board to opine, with the concurrence of AC, on the adequacy of ICs, addressing financial, operational, compliance in
the annual report.
Underscore the Important role of those charged with corporate governance!
Auditor's Responsibility for Internal Control
 SSA 315 (12): Obtain an understanding of internal control relevant to the Audit when identifying and assessing the
risks of material misstatement.
 SSA 265: Communicate identified control deficiencies to TCWG and management that are of sufficient importance
to merit their respective attention.
 In some jurisdictions (e.g. USA) but not others (e.g. Singapore), Auditors are required to express an opinion on the
effectiveness of internal controls over financial reporting for public companies.
42
STAGE 4.1
Understanding Internal Controls OBTAINING UNDERSTANDING OF INTERNAL CONTROLS
 Auditor needs to evaluate the design of controls relevant to the Audit and determine whether they have been
implemented.
 Typical Audit Procedures used include:
o Inquiry of Entity’s Personnel
o Observing Application of Specific Controls
o Inspecting Documents and Reports
o Tracing transactions through the information system relevant to financial reporting (‘walkthrough’)
STAGE 4.2 ASSESS CONTROL RISK AND DECIDE WHETHER TO RELY ON CONTROLS
Control Risk assessed at Maximum (Substantive Strategy):
 Auditor do not intend to rely on the entity’s internal controls to reduce substantive testing because he concludes
Assess Control Risk
that Internal Controls are not effectively designed or implemented (hence reliance strategy is not justified), and/or
a Substantive Strategy is more efficient
Control Risk assessed at below Maximum (Reliance Strategy):
 Auditor intends to rely on the entity’s Internal Controls to reduce substantive testing. Need to test operating
effectiveness of controls to assess if the “achieved ” level of control risk is in line with the “planned” control risk
(i.e. whether preliminary assessment of control risk is supported)
43
STAGE 4.3 FOR RELIANCE STRATEGY – PLAN & PERFORM TEST OF CONTROLS
 SSA 330 (8): Auditor shall test the operating effectiveness of relevant controls if:
• Auditor’s assessment of risks of material misstatement at the assertion level includes an expectation that the controls
are operating effectively (that is, the auditor intends to rely on the operating effectiveness of controls in determining the
nature, timing and extent of substantive procedures); OR
• Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level (e.g., for highly
Test of Controls
automated systems)
 Auditor uses a combination of Audit Procedures to test control effectiveness:

o Inquiry, Inspection of Documents, Observation and Reperformance
 Auditor should also consider:

o Who performs the control
o How well was the control performed
o How consistent was the control applied throughout the period of intended reliance
o Potential risk factors, such as:
– Changes in personnel
– Seasonal fluctuations in volume of transactions
STAGE 4.4 FOR RELIANCE STRATEGY - SET CONTROL RISK BASED ON THE TEST OF CONTROLS
STAGE 4.5 PERFORM SUBSTANTIVE PROCEDURES BASED ON THE LEVEL OF CONTROL RISK
 The Nature, Timing and Extent of Substantive Procedures will vary for different entities as a function of the
Detection Risk Level.
Example Entity 1 Entity 2

High RMM (IR x CR) and Low DR Low RMM (IR x CR) and High DR
Substantive Procedures
Nature Audit tests for all significant Audit assertions Corroborative Audit tests using the following types of
using the following types of Audit Audit tests:
procedures: o Physical examination (conducted at an interim
o Physical Examination (Conducted at date)
year end – stronger) o Analytical procedures
o Review of external documents o Substantive tests of transactions and balances
o Confirmation
o Reperformance
Timing All significant work completed at year- end Interim and year--end
Extent Extensive testing of significant accounts or Limited testing of accounts or transactions
transactions
Assertions about classes of transactions and events and related control activities
Assertions Control activities
Occurrence and existence Segregation of duties, pre-numbered documents accounted for, daily/monthly reconciliation of
subsidiary records with independent reviews
Completeness Segregation of duties, pre-numbered documents accounted for
Accuracy Internal verification of amounts and calculations, monthly reconciliation of subsidiary records by an
independent person
Authorization General and specific authorization of transactions at important control points
Cut-off Procedures for prompt recording of transactions, internal review and verification
Classification Charts of accounts, internal review and verification.
44
LIMITATIONS OF INTERNAL CONTROLS

SSA 330 (18): Irrespective of the assessed risk of material misstatement, the auditor shall design and perform substantive
Limitations of Internal
procedures for each material class of transactions, account balance, and disclosure.
Why?
 Human Errors or Mistakes
Control
 Collusion
o E.G. An individual who received cash from customers collude with the one recording receipts in
customer’s record to steal cash
 Management Override of Internal Control
o Employees listen to employers in fear of losing job, or enter side-agreement to alter T&C hence affect
revenue recognition. Thus, senior management involvement = question on management’s integrity.
 Auditor’s risk assessment judgmental
Deficiency:
Communication of deficiencies in internal
(1) A control designed, implemented or operated in such a way that it is unable to prevent, or detect and correct,
misstatements in the financial statements on a timely basis; or
(2) a control necessary to prevent, or detect and correct, misstatements in the financial statements on a timely basis is
missing.
Significant Deficiency:
control
A significant deficiency in internal control is a deficiency or combination of deficiencies in internal control that, in the
auditor’s professional judgement, is of sufficient importance to merit the attention of those charged with governance.
Communication:
SSA 265: Auditor shall communicate in writing significant control deficiencies [Depends not only on whether misstatement
has occurred but also on likelihood and potential magnitude of misstatement] to those charged with governance and
management. The auditor shall also communicate to management other control deficiencies judged to be of sufficient
importance to merit management’s attention.
SPOTLIGHT ON: CONTROLS IN AN COMPUTERIZED ENVIRONMENT

Issues introduced in a Computerized Environment
1. Input Errors
Issues
2. Systematic vs Random Processing Errors

3. Lack of Audit Trail
4. Inappropriate access to computer files and programs
5. Reduced human involvement in processing transactions
The risk assessment process should consider external and internal events and circumstances that may arise and adversely
Entity’s Risk Assessment
affect the entity’s ability to initiate, record, process and report financial data consistent with the assertions of management in
the financial statements.
Process of IT
Client business risk can arise or change due to the following circumstances:
Changes in the operating environment New or revamped information systems New business models,
products, or activities
New personnel New technology Rapid growth
Corporate restructuring Expanded international growth New accounting

pronouncements
An effective accounting system gives appropriate consideration to establishing methods and records that will:
Information Systems and
1. Identify and record all valid transactions.

Communication
2. Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions for financial
reporting.
3. Measure the value of transactions in a manner that permits recording their proper monetary value in the financial
statements.
4. Determine the time period in which transactions occurred to permit recording of transactions in the proper accounting
period.
5. Properly present the transactions and related disclosures in the financial statements
45
computerised systems
Two main categories:
Levels of control in 1. User controls
– Those controls established and maintained by departments whose processing is performed by computer.
2. IT controls
– Those controls established and maintained at the location of the computer, for example in data-processing
departments.
Implications of IT/CIS for Auditor's Risk Assessments
 SSA 315 (11d): Auditor shall obtain an understanding of the entity’s objectives and strategies, and those
related business risks that may result in risks of material misstatement.
 SSA 315 (Appendix 2): Examples of events and conditions that may indicate risk of material misstatement:
o Inconsistencies between the entity’s IT strategy and its business strategies
o Changes in the IT environment
o Installation of significant new IT systems related to financial reporting
 SSA 315 (A55-56): IT can improve an entity’s internal control (e.g. by enhancing consistency of information
processing, segregation of duties)
o However, IT can also pose specific risks to internal control (e.g., risks of unauthorized access or change to
data and programs.
Implications
 SSA 315 (21): In understanding the entity‘s control activities, the auditor shall obtain an understanding of how
the entity has responded to risks arising from IT.
 SSA 315 (18): The auditor shall obtain an understanding of the information system, including the related business
processes, relevant to financial reporting
 SSA 315 (A63-64):

•IT can improve an entity’s internal control (e.g., by enhancing consistency of information processing, segregation of
duties)
•However, IT can also pose specific risks to internal control (e.g., risks of unauthorized access or change to data and
programs)
 SSA 315 (21): In understanding the entity‘s control activities, the auditor shall obtain an understanding of how the
entity has responded to risks arising from IT.
 SSA 315 (A104-106): Controls over IT systems include:

• General controls
• Application controls
Auditor should examine general controls first as it concerns protection over data files, security.
46
General Controls
 Policies and procedures that relate to all applications and support the effective functioning of application
controls
 Deficiencies will affect processing of various types of transactions
 Manual and computer controls that relate to all or many computerised accounting applications. These provide a
reasonable level of assurance that overall objectives of internal control are achieved.
 Includes segregation of duties, control over programs, control over data
 Examples include controls over:

o Systems development, acquisition, change and maintenance (e.g., proper authorization, testing,
documentation, user involvement)
o Computer operations
– Segregation of duties (systems analysts, programmers, operators, librarian)
– Regular backups of programs and data
o Access security (physical and logical access controls, access logs)
 Use locked doors, authorization cards, physical recognition etc.,
 Protection against fire/water
o Data center and network operations: risk usually occur when there is change in computer systems
 prevent unauthorized access,
 operation system logs -> regularly review to ensure no unauthorized activities
 ensure correct files provided for specific application
 files properly maintained
 backups and recovery procedures exists
Application Controls
 Manual or automated controls over input, processing and output of individual applications to help ensure
transactions are authorized and processed accurately and completely
 The reliance that can be placed on application controls often depends on the reliability of the general controls.
 Application controls contribute to achievement of specific control objectives that the auditor considers in tests of
controls.
 Examples include:
o Batch controls (e.g., record count, control totals)
o Data validation controls (e.g., validity, range, limit, reasonableness, sequence tests)
o Data capture controls for and/or source documentation, direct data entry: occurrence, completeness,
accuracy
o Processing controls
o Output controls: controls to minimized unauthorized use of outputs
o Error controls: ensure errors are handled appropriately.
47
Segregation of duties within IT
Duty Positions within IT department
Knowledge: those with an understanding of systems and • IT manager
programs • System analyst
• Application programmmers
Access: those with access to the computer, production • Computer operators

programs and data files • Data-entry clerks (no access to computer console, data
control records or programs)
• Data-control clerks (no access to computer console)
• Librarian (no access to computer console)
• System programmers*
* The position of system programmer must have sufficient access to perform the function. However, system programmers
should have no detailed knowledge of the company’s accounting systems or application programs.
General controls
Control over programs

Major risk relates to unauthorised use of programs or changes to programs.
• Controls of interest to auditor include controls over:
– Development or acquisition of new programs
– Changes to existing programs
– Access to programs; and
– The use of specialised systems software.
• Modifications or access should be appropriately authorised, approved and tested.
Control over Data

• Control procedures in user departments to ensure restricted access (e.g. key passes, locks).
• Control procedures in IT departments at input and processing stage.
• Restriction of access to data files (e.g. password).
• Use of librarian function or software.
Other general control

• These include controls that back up hardware, software and files and ensure recovery when computer is installed or
particular files or programs are damaged.
• These do not normally have an effect on the auditor’s control risk assessment.
48
User controls
• Control totals: detect errors in input or processing. Generally, there are three types:
– Financial totals
– Record totals
– Hash totals
• Review and reconciliation of data by users.
• Formal error correction and resubmission procedures.
• Authorisation controls help ensure that only valid transactions and batches of transactions are processed.
IT controls
• Usually classified into the following categories:
– Input controls
 Batch data preparation
o Control totals
o Key verification
Application controls
o Key entry validation

 Programmed input validation controls:
o Check digits
o Limit or reasonableness tests
o Field tests
o Valid code tests
 Limit test, range test, sequence check, existence (validity) test, field test, sign test, check-digit verification
– File controls
 Internal file labels – computer-readable data that identifies content of file
 External file labels – printed or handwritten labels attached to disk or tape
– Processing controls
 Programmed control procedures include:
 Use of programmed control activities such as reasonableness or limit tests and use of redundant program
calculations.
 Checking numerical sequence of records.
 Comparing related fields.
 Run-to-run control totals: Control totals accumulated during processing are compared to input totals and
previous computer-run totals.
– Output controls
 Includes: Restricted distribution, Automatic dating of reports, Page numbering, End-of-report messages
application control
• Auditor should start by examining general controls.

Relationship b/w
• If general controls are unreliable, an auditor has little confidence in programmed application controls and reduced
general and
confidence in manual application controls → auditor takes more substantive approach to the audit.
• If general controls are reliable, an auditor makes a preliminary evaluation of application controls. If reliance on application
controls is then planned, a more detailed evaluation of these controls is made → auditor determines appropriate degree of
testing of controls and substantive testing.
Impact on Audit Strategy
Auditing ‘Around’ the Computer
 Auditor treats the computer system as a “black box” and performs tests on inputs and outputs of the system
Impact on Audit Strategy
 May be appropriate for less complex IT systems with existence of ‘hard copy’ audit trail
Auditing ‘Through’ the Computer
 Auditor directly tests IT controls, usually with the help of Computer Assisted Audit Techniques (CAATs)
 SSA 330 (8) requires Auditors to test the operating effectiveness of relevant controls if substantive procedures
alone cannot provide sufficient appropriate audit evidence at the assertion level (e.g. for highly automated
systems)
Deciding When To Use Each Approach

Around The Computer Through The Computer
Complexity of Processing Computer used for relatively simple Computer applications are more
calculations. complex in nature.
49
Implementation of Computer Less extensive. More extensive.
Controls
Existence of Source Documents and Existence of ‘hard copy’ (paper) Source documents exist in electronic
Audit Trail source documents or Audit trail. format.
Results of one stage of computerized
processing are used as inputs in
subsequent stages of processing.
Computer Assisted Audit Techniques
 Generalized Audit Software (e.g. ACL)

CAATs
 Specialized / Custom Audit Software

 Test Data
 Integrated Test Facility (e.g. Test data in Client Environment for about 1 year)
 Parallel Stimulation (e.g. write a similar client programme – may be costly)
internal control form IT
1. Consistent application of predefined business rules and performance of complex calculations in processing large
Potential benefits to
volume of transactions or data

2. Greater timeliness, availability and accuracy of information
3. Facilitation of additional analysis of information for enhanced internal decision making
4. Greater ability to prevent or detect circumvention control
5. Greater ability to monitor the entity’s activities, policies and procedures on a timely basis
6. Enhanced segregation of duties thru security controls, applications, databases and operating systems
Risks to internal control
1. Reliance on systems or programs that, unknown to the management, inaccurately process data, process inaccurate
data or both
2. Unauthorized access to data-> destruction or improper changes to data including recording of unauthorized or non-
form IT
existent transactions or inaccurate recording of transactions

3. Unauthorized changes to data in master file or systems/programs
4. Failure to make necessary changes to systems/programs
5. Inappropriate manual intervention
6. Potential loss of data
Data Validation Control Description

Limit Test Ensure numerical value does not exceed predetermined value
Range Test Ensure value in field falls within allowable range of values
Sequence Check Determine if input data are in proper numerical/alphabetical seq
Existence (validity) Test Test of ID number /code by comparison to file or table containing
valid ID numbers or codes
Field Test Ensure it contains either all numerical or alphabetical characters
Sign Test Ensure data in field have proper arithmetic sign
Check-digit Verification Numerical value computed to provide assurance that original
value was not altered
50

AC2401 Assurance and Auditing Bible

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AC2401 Assurance and Auditing Bible

Uploaded by

Copyright:

Available Formats

AC3101 ASSURANCE & AUDITING | BY SAMUEL WYSTAN

THE EPIC AC3101 ASSURANCE & AUDITING NOTES

Reasonable Assurance Engagement (High Level)– “ Audit “

Limited Assurance Engagement (Moderate Level)– “ Review “

Assertion-­ Based Engagement

 Evaluation or measurement of the subject matter is performed by the responsible party.

Direct Reporting Engagement

Overview of the Financial Statement Audit Process

THE FINANCIAL STATEMENT AUDITING ENVIRONMENT

[K] Skill based on theoretical Knowledge

[E] Extensive period of education

Some Auditing-­ Related Professional Associations

certification, education, research, and technical guidance.

Difference between Certified Public Accountant and Chartered Accountant in Singapore?

Chartered Accountant of Singapore (CA(Singapore))

Certified Public Accountant

Accounting and Corporate Regulatory Authority (ACRA) Singapore

Securities and Exchange Commission (SEC)

Financial Accounting Standards Board (FASB)

International Standards and Organizations

apply to compilation engagements and engagements

Exemption from Audit

Companies Act, Section 205B/C:

 A Company is exempt from Audit requirements (above) if it is:

starting on/after 1 June 2004.

[*] Proposed Change to the Small Company criteria

A Small Company is defined as private company that fulfills 2 of 3 criteria

1. Total Annual Revenue of not more than 10 million

 The above includes subsidiaries; therefore have to do Consolidation first.

Objective and Scope of Financial Statement Audit

Singapore Standards on Auditing (SSA) 200:

 To enhance the degree of confidence of intended users in the financial statements

SOCEITY’S EXPECTATIONS AND THE AUDITOR’S RESPONSIBILITIES

Audit Expectation Gap

o Client Acceptance and Continuance

 Auditor's Judgment could be impaired by:

o Cognitive Biases resulting from the use of Heuristics such as

Anchoring and Adjustment

Ways to Counter Cognitive Biases

 Decision aids (e.g. Checklists)

QUALITY OF AUDIT / AUDIT FAILURE

appropriate Audit evidence obtained by an engagement team that:

Key Interactions within the Financial Reporting Supply Chain

Outcome-­ Based Examples:

Process-­ Based Examples:

Auditors found to have close relationship with client

Consequences of Audit Failure

Singapore Standard on Quality Control (SSQC) 1:

Elements of systems of quality control:

 Establishes fundamental principles

Fundamental Explanation (DETAILED)

Organization and Content of IESBA 2013

Part A: General Application of the Code

 Section 100 Introduction and Fundamental Principles

Part B: Professional Accountants in Public Practice

 Section 200 Introduction

Part C: Professional Accountants in Business

 Section 300 Introduction

Section 290: Independence – Audit and Review Engagements

290.6a Independence of Mind

290.6b Independence in Appearance

 The client or firm promoting shares in an audit client.

 Senior personnel having a long association with the assurance client.

Assertion- Based Engagement

Some Auditing- Related Professional Associations

Outcome- Based Examples:

Process- Based Examples:

a. Firm- Wide Safeguards

b. Engagement- Specific Safeguards

3.  Development of a model to form an Expectation using financial data, non-financial data, or