Professional Documents
Culture Documents
Class Notes 6-8
Class Notes 6-8
PLANNING
1. Importance of planning:-
ISA 300 paragraph 2 "The auditor should plan the audit so that the engagement will be
performed in an effective manner"
a) selecting right staff members and ensure that they are effectively employed
e) Enabling deadlines to be met so that there is time for due consideration of the important issues
Timing of:-
1. Audit reports (final, interim, mgt & those charged with governance)
a) Interim visits to document systems, evaluate controls in addition to some detailed lists (eg purchase
& disposal of non current assets)
b) Final visits focuses on statement of FS areas and finalization of FS & audit report
2) Reporting deadlines (if very tight may be audit up to 11 months then "roll forward" to the
statement of financial position date)
3) Start early enough in order not to interfere with y/e procedures and give adequate
warning of specific problems
4) Finalize late enough to enable sufficient work to be done to ease the pressure on the final
audit
3. Direction covers issues as preliminary:-
a) Assessment of materiality
c) Identification of material a/c balances & components (divisions, branches, subsidiary of the CO)
f) Recent developments and their impact on client's industry, regulatory and financial reporting
requirements
4. For small entities audit strategy shouldn't be complex with smaller audit team for better coordination &
communication between staff members
Ref to ISA 240 pare 24"the auditor should maintain an attitude of professional skepticism throughout the
audit", this means the auditor:-
(iv) Lead to reduced reliance on internally generated evidence and increased reliance on externally/
(v) If mgt is suspected to be involved with fraud this will reduce reliance on mgt representation letter
e) Do we need experts?
7. Audit plan
c) A planning meeting is required by ISA 315 para 14 "the members of the engagement team should
discuss the susceptibility of the entity's financial statements to material misstatements". This would enable
audit team assess risk levels and risk of fraud.
Both client & planning meeting enables audit team discuss initial analytical procedures findings the level of
risk to be assessed.
d) Analytical procedures:
(i) It is one of audit skills which help an auditor understand the client's business and changes in the
business, to identify risk and to plan other audit procedures.
(ii) It include comparison of data on FS with prior periods, budgets, forecasts and similar industries
10. Materiality
a) ISA 320 para 3 "Information is material if it is omission or misstatement could influence the economic
decisions of users taken on the basis of the FS"
1. Triggers a threshold
2. Indicates future developments or other significant events
3. An accounting treatment which might be glossed over because the amount is small
(ii) Affect auditors procedures that should be designed to reduce risk of material misstatement to an
acceptable level
d) The assessment of what is material is a matter of professional judgment therefore firms use different
measures to quantify materiality
(iv) % of equity
a) ISA 530 para 12 "the maximum error in a population that the auditor is willing to accept"
b) Concerns the population being tested not like materiality that concerns FS as a whole
c) It is related to auditors judgment about materiality therefore considered at planning stage & for
substantive procedures
(i) Permanent file: contains all relevant information related to client's business (KOB) obtained during
planning stage that is relevant for more than one audit exercise (e.g. title deeds, names of
mgt/SH/charged with governance..)
(ii) Current file: contains all documents and evidence related to current audit (planning, completion,
statement of FS position and income statement areas)
Chapter 7
Risk
1. Risk:-
Auditor carries out a set of standard procedures and tests regardless of the
particular nature of the client
Auditor plans the audit around the risks that the client's FS may contain
misstatements
Audits conducted under ISAs must follow the risk-based approach as this affects
a) the way audits are planned (identify likelihood of errors & misstatements occurring
in FS and plan audit work that addresses the same)
b) the sources of assurance (errors are discovered as early as possible, audits are
carried out most efficiently therefore minimizing the chance of issuing incorrect
opinion)
c) the nature of audit evidence gathered and procedures carried out (reduce chance of
getting sued, good understanding of risks of fraud and assess if the client is a going
concern
d) the amount of evidence gathered (reduce chance of getting sued, good
understanding of risks of fraud and assess if the client is a going concern)
Audit risk: the risk that the auditor expresses an inappropriate audit opinion when
the FS are materially misstated
Also referred to as residual risk which refers to acceptable audit risk, i.e. it indicates
the auditor's willingness to accept that the FS may be materially misstated after the
audit is completed and an unqualified (clean) opinion was issued.
If the auditor decides to lower audit risk, it means that he wants to be more certain
that the financial statements are not materially misstated.
o Audit Risk (AR)= Inherent Risk (IR) * Control Risk (CR)* Detection Risk
(DR)
Whereas:-
Sampling Risk: ISA 530 Para 7 " arises from the possibility that the auditor's
conclusion, based on a sample may be different from the conclusion reached if the
entire population were subjected to the same audit procedure
The later will determine the extent of audit procedures e.g. sample
sizes for audit tests
Chapter 8
In the United States many organizations have adopted the internal control concepts presented
in the report of the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
Published in 1992, the COSO report defines internal control as:
A process, effected by an entity's board of directors, management and other personnel, designed to
provide reasonable assurance regarding the achievement of objectives in the following categories:
ISA 315 describes IC as consisting of five essential components (it is a CRIME not to have good
IC)
1. C Control activities
1.1. Control activities include the policies and procedures maintained by an organization to address risk-
prone areas
1.2. Control activities can be referred to as ACCA MAPS whereas:-
1.2.1. A Approval
1.2.2. C Computer Controls
1.2.3. C Comparison
1.2.4. A Arithmetic controls
1.2.5. M Maintain and review control accounts
1.2.6. A Account reconciliation
1.2.7. P Physical controls
1.2.8. S Segregation of duties
1.3. The above can be recommended to a client's system as control activities provide safeguards to
prevent wrong actions from occurring
2. R Risk assessment
2.1. Risk assessment refers to the identification, analysis, and mgt of uncertainty facing the organization
2.2. Risk assessment focuses on the uncertainties in meeting the organization's financial, compliance, and
operational objectives
2.3. Changes in personnel, new product lines, or rapid expansion could affect an organization's risks
3. I Information and communication
3.1. ISA 315 states "the auditor should obtain an understanding of the information system, including the
related business processes, relevant to financial reporting"
3.2. Auditor should have an understanding to enable him form an opinion on whether FS include material
misstatements in the FS
3.3. Information and communication encompasses the identification, capture, and exchange of financial,
operational, and compliance information in a timely manner
4. M Monitoring
4.1. Monitoring refers to the assessment of the quality of internal control therefore Mgt must monitor
controls to be sure that they are effective
4.2. Manual or IT-based systems?
4.3. Informal monitoring activities might include mgt's checking with subordinates to see if objectives are
being met.
4.4. Formal monitoring activity would be an assessment of internal control system by the organization's
internal auditors
5. E The control environment:
5.1. Defined in ISA 315 as being made up of the right attitude of organization's mgt (e.g. ethical values,
commitment to competence, organizational structure….etc)-
5.2. The control environment provides discipline and structure for the other components (sets the tone for
the organization)
5.3. Factors of control environment include employees' integrity, organization's commitment to
competence, mgt's philosophy and operating style, and the attention and direction of the board of
directors and its audit committee.
5.4. Computer based controls are divided into:-
5.4.1. Application controls: these are built into the system e.g. arithmetic checks
5.4.2. General controls: these are policies and procedures related to applications e.g. backup
procedures
Sources of Info:-
o Previous knowledge/ experience
o Client's staff
o Client's system manuals
o Walk-through tests (where transactions are traced through the system to confirm our
understanding)
Documenting the system (large, complex, small, simple….etc):-
o Narrative notes
o Flowcharts
o Organizational charts
o Internal Control Questionnaire ICQ (client's staff questioned and systems documentation
reviewed to establish which controls exist))
o Internal Control Evaluation Questionnaire ICE (client's staff asked about existing controls
which achieve specific objectives therefore evaluating whether IC objectives are met or not)
5. ISA 315 defines "Performance review" as the process in practicing firms to monitor performance on audits
and other assignments
6. Auditor reliance on ICS
6.1. Auditor needs to assess if he is relying on ICS
6.2. If yes, effectiveness of ICS to be examined
6.3. If auditor's exercise revealed that ICS are operating as expected then:
6.3.1. we may rely on them BUT it is advisable not to rely on them, and
6.3.2. to get assurance/ confirmation from other sources through testing the controls to see if they
are indeed operating effectively
6.4. If tests of controls concluded that ICSs are not effective, then:
6.4.1. we need to assess whether risk of misstatement is at an acceptable level (immaterial)
6.4.2. May need to change the original audit plan. This can be achieved through:-
6.4.2.1. Alternative sources (external confirmation, analytical procedures, mgt representations)
6.4.2.1.1. Carry out substantive procedures by increasing extent of testing (i.e. looking at
a very high proportion of transactions for direct verification rather than relying on
the operation of controls)
6.4.2.1.2. ISA 330 states "Extent includes the quantity o f a specific audit procedure to be
performed, for example, a sample risk or the number of observations of a control
activity. The extent of an audit procedure is determined by the judgment of the
auditor after considering the materiality, the assessed risk , and the degree of
assurance of the auditor plans to obtain….."
7. The "nitty- gritty" of controls
7.1. Each accounting system should have:-
7.1.1. Control objectives: objectives that ICS is seeking to achieve
7.1.2. Control Procedures: procedures in place to ensure that controls are achieved
7.2. Auditor carries out tests of control: to generate evidence on the operation of controls
7.3. Sales cycle:-
7.3.1. Orders Dispatch goods Record sales Receive payment Record cash
7.3.2. For detailed control objectives & procedures please refer to text book pages 235-239
7.3.3. Test your understanding 1 page 239-240
7.4. Purchases System:-
7.4.1. Orders Receiving goods Receiving the invoice Payment
7.4.2. Please refer to detailed control objectives on your text book pages 240-244
7.4.3. Test your understanding 2 page 244-245
7.5. Wages & Salaries System:-
7.5.1. New Employees Wages/ Salries & deductions Leaves
7.5.2. Please refer to detailed control objectives on your text book pages 245-249
7.5.3. Test your understanding 3 page 249-250
7.6. Inventory:-
7.6.1. Inventory levels Raw materials Finished Goods Returned
Goods Inventory count
7.6.2. Please refer to detailed control objectives on your text book pages 251-254
7.7. Capital & Revenue expenditure:-
7.7.1. Expenditures for subtantial amounts therefore to be budgeted and approved by very senior mgt
7.7.2. Record details on assets register (supplier, price, location, responsible employee…etc)
7.7.3. Regular assets check/count against register
7.7.4. Ownership documents safely stored (registration or title deed documents)
7.7.5. Sale price based on fair value (check similar items or price guides)
7.7.6. Variance analysis for regular revenue expense items
7.8. Bank and Cash:-
7.8.1. Possible control procedures include:-
7.8.1.1. Cash balances are safeguarded
7.8.1.2. Minimum cash balances kept
7.8.1.3. Withdraw money from banak accounts for authorised purposes
7.8.2. Control tests over:-
7.8.2.1. Cash receipts
7.8.2.2. Cash payments
7.8.2.3. Bank reconciliations
7.8.2.4. Petty cash
8. Reporting to those charged with governance
8.1. Material weaknesses on internal controls to be reported in writing to audit committee (if any) or mgt
as agreed with auditors
8.2. This has traditionally been known as management letter or report to mgt and usually sent at end of
the audit process
8.3. It is not a comprehensive report but addresses weaknesses highlighted during the audit
8.4. The formal structure consists of:-
8.4.1. a covering letter
8.4.2. an appendix of:-
8.4.2.1. observed weaknesses,
8.4.2.2. possible risks/ consequences
8.4.2.3. & recommendation to improve current practice (who should carry control procedures
and when)