Professional Documents
Culture Documents
Auditors must make special considerations at the planning stage when they are
auditing an entity for the first time, whether because the entity has never
required an audit before, or because the entity has simply changed auditor.
New audits generally require a little more work than recurring engagements.
But it is important to note that this is not because the auditor needs to do a first-
time audit more thoroughly than other audits. Rather, it is because there are
specific risks in relation to an auditor's relative lack of knowledge of new audit
clients.
The auditor shall obtain sufficient appropriate audit evidence about whether
the opening balances contain misstatements that materially affect the current
period's financial statements by:
(a) Determining whether the prior period's closing balances have been correctly
brought forward to the current period or, when appropriate, have been
restated;
(b) Determining whether the opening balances reflect the application of
appropriate accounting policies; and
Read the most recent set of financial statements and predecessor's auditor's
report for information relevant to opening balances
If the prior period auditor's report was modified, pay particular attention in the
current period to the matter which resulted in the modification
Prior period not audited (ie first time being audited
Collection or payment of opening accounts receivable or payable
Observation of current physical inventory count and reconciliation back to
opening quantities ('roll back')
Other Matter
The financial statements of the Company for the year ended December 31, 20X0
were audited by another auditor who expressed an unmodified opinion on those
statements on March 31, 20X1.
(ISA 510
If there was a modification to the opinion and this is still relevant in the current
period, the auditor expresses a modified opinion in this year's auditor's report
in line with ISA 705 and ISA 710
(ISA 510: para. 13). Otherwise, the opinion would be modified under the
following circumstances:
If there was a modification to the opinion and this is still relevant in the
current period, the auditor expresses a modified opinion in this year's auditor's
report in line with ISA 705 and ISA 710
(ISA 510: para. 13). Otherwise, the opinion would be modified under the
following circumstances:
Unable to obtain sufficient Qualified 'except for' or
appropriate evidence about the disclaimer of opinion
opening balances
Opening balances contain material Qualified 'except for' or
misstatements affecting current adverse opinion
period (either not corrected or not
adequately disclosed)
This includes the possibility that
accounting policies may not be
consistently applied or accounted
for/disclosed properly in the new
year.
User entity: An entity that uses a service organisation and whose financial
statements are being audited.
User auditor: An auditor who audits and reports on the financial statements of
a user entity.
Service auditor: An auditor who, at the request of the service organisation,
provides an assurance report on the controls of a service organisation.
(ii) A report by the service auditor with the objective of conveying reasonable
assurance that includes the service auditor's opinion on the description of the
service organisation's system, control objectives and related controls and the
suitability of the design of the controls to achieve the specified control
objectives.
Type 2 report: A report on the description, design and operating effectiveness
of controls at a service organisation. It comprises:
(i) A description, prepared by management of the service organisation, of the
service organisation's system, control objectives and related controls, their
design and implementation as at a specified date or throughout a specified
period and, in some cases, their operating effectiveness throughout a specified
period; and
(ii) A report by the service auditor with the objective of conveying reasonable
assurance that includes:
(a) The service auditor's opinion on the description of the service organisation's
system, control objectives and related controls, the suitability of the design of
the controls to achieve the
specified control objectives, and the operating effectiveness of the controls; and
(b) A description of the service auditor's tests of the controls and the results
thereof.
A user entity may use a service organisation that executes transactions and
maintains related accountability for them or records transactions and
processes related data
(eg a computer systems service organisation). Such an organisation may also
carry out facilities management work or even asset management on behalf of
a user.
ISA 402 requires the user auditor to obtain an understanding of the nature
and significance of the services provided by the service organisation, starting
with the extent of the relationship between user entity and service organisation:
(a) When the services provided by the service organisation are limited to
recording and processing user entity transactions and the user entity
retains authorisation and maintenance of accountability, the user entity may
be able to implement effective policies and procedures within its organisation.
(b) When the service organisation executes the user entity's transactions and
maintains accountability, the user entity may deem it necessary to rely on
policies and procedures at the service organisation. In such cases, the auditor
needs to design procedures that allow it to manage audit risk effectively.
The auditor needs to understand how a user entity uses the services of the
service organisation, including:
The nature and significance of the service provided, including the effect on
the controls at the user entity
The nature and materiality of the transactions processed or accounts/financial
reporting processes affected
The degree of interaction between the user entity and the service
organisation
The nature of the relationship between the two, including the contractual
terms
If the service organisation maintains accounting records for the user entity,
whether the
arrangements affect the auditors' responsibility to report concerning accounting
records
Sources of information include:
User manuals
System overviews
Technical manuals
The contract/service level agreement
Reports by the service organisations, internal auditors or regulatory
authorities
Reports by the service organisation auditor
(ISA 402: paras. 9 and A1)
Obtaining evidence on the quality of a service organisations' controls
The user auditor must evaluate the controls at the user entity that relate to the
service organisation and determine whether this gives the auditor sufficient
understanding to provide a basis for assessing risks of material misstatement in
the user entity financial statements.
If the auditor concludes that this is insufficient, they must carry out one of the
following four activities.
Obtain Type 1 or Type 2 report from the service organisation, if available
Contact the service organisation to get specific information (with
permission)
Visit the service organisation and perform procedures to obtain the
information (with permission)
Use another auditor to perform procedures at the service organisation (with
permission)
It is likely that the auditor will be able to obtain a Type 1 or 2 report, and this
will be the most straightforward option. If this action is taken, the auditor needs
to be sure that:
The service organisation's auditor is competent and objective
The standards under which the report was issued are adequate for the user
entity's auditor's purposes
The report is for an appropriate date (that is, it covers the period the user
entity is reporting on)
The evidence it is based on is sufficient and appropriate for the user entity's
auditor's understanding of the internal controls
If complementary user entity controls are relevant to the user entity, the
auditor has obtained an understanding of these
Again. Obtaining type 2 report is more likely the option, in which entity auditor
has to
Check that the report is made up to an appropriate date
Ensure that they have tested complimentary controls at the user entity if
necessary
Check the adequacy of the time period covered by the tests of controls and
the time elapsed since those tests of controls were performed
Ensure the tests of controls performed for the purposes of the report are
relevant and provide sufficient appropriate audit evidence for the user entity
auditors' purposes
The auditor must also make enquiries of management if they are aware or
suspect any fraud, non-compliance with law and regulations or uncorrected
misstatements at the service organisation that could affect the financial
statements of the user entity and evaluate the impact of any matters on their
procedures and report.
Reporting
The key issue to remember is that if the user auditor cannot obtain sufficient
appropriate evidence about the impact of the service organisation on the user
entity, the auditor must modify the auditor's report, as the scope of the audit has
been limited.