Professional Documents
Culture Documents
Auditing 1A
AUA 3751
Bachelor of Accounting (Honours)
Copyright
Copyright©2017 University of Namibia. All rights reserved. No part of this publication may be
reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic,
mechanical, photocopying, recording or otherwise without the prior permission of the publishers.
Re-branding Statement
We herewith acknowledge that this material/content was produced by the Centre for External Studies
at the University of Namibia which has been renamed CODeL.
CONTACT PERSONS
The name and contact details of your lecturers and facilitators will be provided during the
first contact session.
Lecturer
Programme
leader
Secretary
MODULE OUTCOMES
Upon completion of this module you should be able to
On completion of the module the student should be able to:
Understand the functioning of the different operating systems in a business, with specific
reference to:
PRECONDITIONS
AUA 3751 requires that you have successfully completed CAFE3691 & 3692. You must
successfully complete AUA 2751 & AUA 3752 to continue with AUA 3870.
STUDY MATERIAL
Prescribed books
Jackson & Stent, Auditing Notes for South African Students, Eighth Edition.
STUDY ICONS
ACTION VERBS
Below is a list of key verbs that are typically used in questions and instructions. Study these
action verbs in detail and make sure that you understand the meaning of each.
Criticise Indicate whether or not you agree or disagree with a specific statement;
describe exactly what you are agreeing/disgareeing with and provide
reasons for your viewpoints.
Motivate State reasons for your opinion on a particular matter - try to convince the
reader of your point of view.
Name Briefly provide the information without getting into too much detail.
Explain Make clear or interpret a concept in your own words; you must demonstrate
through your explanation that you understand the concept. Where possible,
use examples in your explanation.
PROOF OF PARTICIPATION
As per Faculty regulations, attendance list will be taken during the contact sessions.
EXAMINATION
As per Faculty regulations; will be communicated through Centre for External Studies (CES).
Copying of text from other learners or from other sources (for instance the study guide,
prescribed material or directly from the internet) is not allowed – only brief quotations are
allowed and then only if indicated as such.
You should reformulate existing text and use your own words to explain what you have
read. It is not acceptable to retype existing text and just acknowledge the source in a
footnote – you should be able to relate the idea or concept, without repeating the original
author to the letter.
The aim of the assignments is not the reproduction of existing material, but to ascertain
whether you have the ability to integrate existing texts, add your own interpretation and/or
critique of the texts and offer a creative solution to existing problems.
This study unit is based on Auditing Notes, Chapter 1 and the relevant audit
standard, namely: ISA 200.
Approximate study time required for this unit: You will need approximately
10 hours to complete this Study Unit.
This study unit is based on Auditing Notes, Chapter 1, section 1 and the
relevant auditing standard, namely: ISA 200.
10
- What is an auditor?
- Why do we need auditors?
- How do they perform their duties/functions in light of the need?
The last question will be covered over a number of study units that encompass some
aspects as follows:
! The responsibilities of the auditor " to be covered partly in the Code of Conduct,
Chapter 2, Study Unit 2.
! The Auditors’ Toolbox: What tools does the auditor use to perform an audit? " This will
be covered as part of Chapter 5 & 6, Study Unit 3 & 4.
! What is the relevance of Audit Evidence and how does an audit assess the credibility of
financial information based on the evidence gathered. This will be partly covered also in
Chapter 5 & 6, Study Unit 3 & 4
Stakeholders are those parties who have a stake (interest) in a certain entity, whether it is a
bank, a shareholder, a supplier.
In the case of the bank, they may have provided financing to the entity and thus have an
interest in the entity to see whether they will be able to pay back their Loan, i.e. will the bank
be able to receive interest and the repayment of capital on the Loan they provided?
In the case of the shareholder, these are the owners of the company and thus they may
have an interest in the entity in seeing whether their initial investment in the entity is growing.
Or asking the question whether they should withdraw their investment.
‘Audit’ comes from the Latin word: ‘audire’, which means to hear or listen. Before the
profession was developed as it is today, a farm manager would be held responsible to
manage a farm and report to the owner of the farm. As such an account would be given
11
In the same light, in today’s terms the Board of Directors are held responsible to manage
and report on the operations of a company. The shareholders are the owners of the
company. They would provide their report in the form of Financial Statements, which would
be reviewed and inspected by the auditor. He would in the process of reviewing the financial
information question the company’s staff and gather information.
1. External Auditors – they provide an opinion on the AFS. These are not employees
of the company they provide assurance on.
2. Internal Auditors – test usually the effectiveness of internal controls & procedures.
These can either be contracted or employed by the company they are providing
assurance on.
3. Government auditors – usually the Auditor General, these are usually also
employed by the entity they are providing assurance on.
4. Forensic Auditors – they investigate mismanagement, fraud or related theft. These
are not employed by the company they provide assurance to.
5. Special Purpose Auditors – they deal with a particular field, such as Environmental
Compliance, VAT Audits. These can either be employed or only contracted by the
company they provide assurance to.
- Integrity
- Objectivity
- Professional Competence & due care
- Confidentiality
- Professional behaviour
12
Ask yourself the question, what would be the impact of a medium sized company being
audited and that of another company, of similar size & industry, not being audited?
Some considerations that would be the result of the company being audited versus the other
that is not audited:
Refer to the next page for a table that indicates the differences between the two.
13
DEFINITION: DEFINITION:
14
Reasonable Assurance – where the auditor does not certify or confirm the absolute
assurance or correctness of the financial statements.
This type of assurance provides an opinion only on the Fair presentation of information.
Fair presentation again means that the AFS are free of material misstatements.
Which concludes that if the auditor provides an opinion that provides only reasonable
assurance, he would be concerned mainly only with material misstatements.
So the opinion is only to certify that there are no significant errors that could influence the
decision making of users. It does not certify that the AFS are in all aspects correct.
Whereas absolute assurance means that the financial statements are in all aspects 100%
correct, it’s almost like a guarantee that there are no misstatements.
This is the complete opposite of what the auditor wishes to achieve. He would give an
opinion to ensure that the biggest mistakes are addressed and therefore the AFS as a whole
seem reasonable.
15
Consider if there would be another type of income generated, e.g. income from monthly
newsletters.
If you would compare the two types of income, the interest earned would be significant to the
income earned from newsletters as the Bank’s primary income generator is the interest, not
the newsletters. Thus you would well imagine that the most significant account, i.e. larger of
the two is the interest income.
Let’s say now there is a misstatement on both of these accounts, each misstatement makes
up 10% of the total account. So if interest income is material in relation to the newsletter
income, which of the misstatements would most likely also be material?
The misstatement of the interest income account would be more material than the other
account. Thus which misstatement could have an impact on the economic decision of users?
That which is materially misstated.
Some factors limit the auditors ability to give absolute assurance, these are:
(1) Use of testing – the auditor uses a technique called sampling, where only a selected
no. of transactions are tested out of an entire population. This primarily relates to the
lack of time. As time equates to money in the profession, the more time the auditor
would spend, the more costly it would be.
(2) Inherent limitations of accounting and internal control systems – the computer
environment and controls environment can fail to detect or prevent Fraud or Errors.
(3) Audit evidence is persuasive rather than conclusive – there would be a
document in place providing evidence of a transaction, but when the transaction
occurred we did not necessarily witness it. In other words, the document persuades
us that the transaction occurred, but it is not conclusive as we did not witness it
ourselves.
(4) Subjectivity in AFS & auditors approach – Judgement is applied when assessing
impairment, or when assessing the provision for bad debts. The Extent (how much)
and Timing (when) of the tests can differ between auditors.
Non-statutory engagement refers to other required audits that form part of an agreement.
E.g. Part of a Merger, the auditors need to audit the valuation of the Company being
merged, or part of a finance agreement, the auditors can verify the financial condition of the
16
Read & study carefully this section, as only the basic concepts are noted, and not
discussed in detail.
Auditing Postulates are hypothesises or claims that suggest the basis for thinking/reasoning
of the auditing profession.
These postulates are derived from Mautz & Sharaf from their book: “The philosophy of
Auditing”. The terms were coined 50 years ago.
(1) Both the auditor and the client have the same objective (common desire) in regard
to fair presentation.
This postulate says that in order for the auditor to do what he is required to do, he must
be able to rely on Managements’ integrity, that they will not want to manipulate the AFS.
In light of past few years’ developments, the profession has places more emphasis in
applying professional scepticism during the audit than ever before.
The opinion given by the auditor can only be relied upon if that opinion is free of bias, i.e.
independent. He/she has to be seen as independent and ‘be’ independent.
(3) Professional status (the knowledge, capabilities, and qualities) of the auditor brings
with it the responsibilities.
To provide service before personal interest, to act with due care, to serve efficiently and
with competence.
This means that the information provided to test, that it is possible to verify that
information, i.e. that there is enough evidence to support the transactions, that there is an
audit trail.
E.g. a payment by cheque normally requires the approval of 2 staff members of senior
management. This would reduce the likelihood fraudulent payments.
17
This postulate means that where a generally accepted framework is applied it would result
in fair presentation. This would then not be those personal preferences.
This further would allow consistency in practice and makes a company comparable.
(7) That what is held true in the past will hold true in the Future
In assessing judgements about the future, historical evidence is used for this purpose.
(8) AFS for audit are free of collusive and other irregularities
The objective of an auditor is to form an opinion on the AFS not to search for Fraud.
It is shortening the content into one phrase or sentence and allows you to recall the
information by using the phrase in an exam or test situation.
The Acronym needs to be something catchy and something that you would remember, that
would make more sense to you, as you need to recall it.
18
- RIFF DOCH
- FFOR CHID
- CROH FFID (Like Crawford)
Remember you can use this in any other subject for whatever combination. The technique
remains the same.
So when you come to the test, exam, during the test when needed, scribble down as you
plan your answer, to make sure you cover all the requirements (when so requested).
REVISION
1. Revise your understanding of what you learned against the following
concepts/quizzes:
f) Reasonable assurance
g) Material misstatement
WHY?
19
3. Complete the diagram below by marking those financial assertions that will be addressed
during an audit of Property, Plant and Equipment as opposed to a review engagement and
indicate the level of assurance provided.
Existence
Valuation
Allocation
Completeness
Level of assurance
ANSWER:
Existence Yes No
Valuation Yes No
Completeness Yes No
20
This study unit is based on Auditing Notes, Chapter 1, section 2 and the
relevant auditing standard, namely: ISA 200.
21
a) highly specialised skills and services (Received appropriate education & training in
the field)
b) to protect the profession & public against incompetence or unethical behaviour, thus
regulations were established to ensure:
! Admission is strict and regulated
! Organisation was created to improve services
! A code of ethical conduct is adopted
c) Intellectual & ethical commitment
! Service motive should be priority and not purely financial gain
! Peer evaluation is important (It maintains high standard of quality and
consistency)
Examples of such groups of professional standing are SAICA (South African Institute of
Chartered Accountants and ICAN (Institute of Chartered Accountants Namibia).
SAICA is registered with International Federation of Accountants (IFAC), they look after the
interest of professional accountants.
Once all the requirements are met, one can be registered and use the designation CA (SA).
Out of the above exposure in the training contract, TIPP allows more auditing exposure,
whereas TOPP allows more Cost accounting, Financial Management exposure.
Thus based on these services, if one is in the auditing service, one needs to be registered
with IRBA.
22
For ethics and conduct to be maintained, the auditor needs to adhere to:
For skill to be maintained, amongst other by proving (once registered) a minimum number of
CPD (Continuous Professional Development) hours are spent on Training and research,
thus keeping up to date with changes in the accounting environment.
Important legislation, regulations & standards need to be known and applied by the
Auditor. The auditor must understand why it is important to understand the legislation and
know when and where they apply. Otherwise, the objective of providing professional
services at a level of skill and competence expected from the profession is not adhered to.
23
This study unit is based on Auditing Notes, Chapter 1, section 3 and the
relevant auditing standard, namely: ISA 200.
24
Each have a role to play in the engagement and each have responsibilities as part of their
function which they fulfil.
In order to protect investors and the economic system, rules and regulations were laid down,
which resulted in formulating the Companies’ Act.
25
This individual who is responsible for the audit is name the “designated auditor”.
The ISAs provide guidance from the start of an audit, which relates to considerations of
accepting a client up to completion and reporting when the opinion is drafted and concluded.
Management have certain representations that they make to the shareholders about the
Assets, equity, liabilities, income and expenses (transactions and events), which we refer to
Managements’ Assertions.
26
All A/L which should have been recorded All Trans./Events which should have been
have been recorded. recorded have been recorded.
E.g. Financial position as at 31/12/2014 – E.g. Financial year end is: 31/12/14
it is a snapshot of one particular date.
Period of year: 01/01/14 – 31/12/14 (entire
12 months)
To ensure that the disclosure made is: Trans./events recorded in proper accounts.
27
28
This study unit is based on Auditing Notes, Chapter 2, and the relevant code
of professional conduct.
! Know and discuss the different threats to independence that can occur
! Be able to respond systematically to such threats by applying safeguards
! Know and be able to apply the rules regarding chartered accountants in public practice
! Know the disciplinary rules
29
The SAICA Code of professional conduct " this is applicable to chartered accountants.
The IRBA code of Professional conduct " this is applicable to registered auditors.
Why would there be two codes? Most chartered accountants are not registered auditors
(with IRBA), as they do not conduct audits, and did not specialise in auditing, by following
training in the TIPP route. See comments under Unit 1.
The codes are consistent in all material aspects with the International Federation of
Accountants’ (IFAC) code, except that the SAICA code has an additional section, Section C,
Chartered accountants in business. This section will not be dealt with in detail in the manual.
Refer to Chapter 2, part C, of Auditing Notes.
To apply one set of rules of moral value is not always possible due to differences in race,
religion or culture.
One needs to consider the facts on a case by case basis, which is what is called a
conceptual framework approach.
The principles one needs to ask for the above consideration is:
30
For each principle and threat, read through Part A of Auditing notes, Chapter 2.
1. Integrity
2. Objectivity
3. Professional competence & due care
4. Confidentiality
5. Professional Behaviour
The code then provides an approach which chartered accountants should adopt to ensure
that they comply with the fundamental principles.
Due to the reasons mentioned above, the conceptual framework approach requires to
approach each situation as follows:
FUNDAMENTAL PRINCIPLES
1. Integrity
What is it? It is being straightforward, honest, truthful, fair in business and professional
relationships
Code requires that chartered accountants should not be associated to information that is
believed to be false, misleading or provided to them recklessly.
2. Objectivity
What is it? It is being free of bias, free of conflict of interest, free of undue influence in
professional judgement. (Even where judgement would be seen to or perceived to be seen
as clouded)
What is it? There are two components that make up this principle:
31
4. Confidentiality
We may not use confidential information for own advantage or for the advantage of a third
party.
CAs must maintain confidentiality in social circles " Sometimes people want to show off
knowledge but this is very dangerous as it can lead to a breach of this principle.
Duty of confidentiality in light of the business relationship remains applicable even after such
professional relationship ends.
Disclosure is only permitted when it is required by Law, or one has a professional duty to do
so.
5. Professional Behaviour
The duty to
There are 5 types of threats. Each of these depend on the matter at hand as to what the
cause of the threat is. We will look at what these threats are and when to identify them.
(1) Self-interest threat " Deals with when the CA (or someone closely related) has a
financial interest or other interest involved that could influence his ability to comply to the
fundamental principles of the code. (E.g. the A owns significant amount of shares in his/her
client)
(2) Self-review threat "this threat relates to the evaluation of ones’ own work. (E.g. if the
CA draws up the financial accounts of the client as well as performs an audit on those
financial accounts of the same client)
32
(4) Familiarity threat " a threat that may arise where, due to a close relationship, a CA
becomes too sympathetic to the interest of other (the client). (E.g. the CA fails to report a
fraud at a client as the perpetrator is a close friend of the CA. This threatens objectivity &
integrity)
(5) Intimidation threat " Threats that may occur where the CA is prevented from acting
objectively, by receiving actual or perceived threats. (E.g. where the client threatens the CA
with resignation)
For the threats discussed above, refer to Auditing notes for more examples.
Unless the treats identified is clearly insignificant, a CA must apply safeguards to eliminate
or reduce such threats to an acceptable level.
In some exceptional cases there may be no suitable safeguard, where the only option left
remaining for the CA is to withdraw from the engagement or relationship.
Refer to Auditing notes chapter 2, page 2/13 – 2/15 for practical examples.
Note, this is important as it will assist you to understand the application of being
able to:
33
(C) Safeguards
2. ENGAGEMENT ACCEPTANCE
34
1. Apply Quality control policies & procedures adopted by the firm" ISA 220
requires that there be procedures in place to evaluate whether the firm has
the capabilities, competence, time and resources to undertake the new
engagement.
2. Amongst other, safeguards may include:
a. Engaging experts or other auditors (after suitable screening)
b. Setting realistic time frames
c. Ensuring the engagement team consists of the correct mix of skills
and experience necessary
d. Thoroughly investigating the client’s business and its complexities.
What are the reasons for the change in the professional appointment, i.e. replacing
another CA?
One must consider, whether there are any confidentiality considerations, and what are the
responsibilities to other professional accountants. E.g. where a previous accountant is
replaced by another, he/she may be angry at the newly appointed accountant, but this still
means that he/she must co-operate with and not criticise the new accountant.
(C) Safeguards
1. Needs clients’ permission to discuss the clients’ affairs with the previous
accountant
2. Ask the previous accountant of circumstances we may need to be made
aware of.
3. The previous accountant has the duty to provide the correct information
4. Of both accountants a senior, experienced partner needs to be put in charge
of the transition of the engagement so as to avoid conflict situations and
ensure the transition is smooth and professional.
35
Consider where the interest of the Audit Firm may conflict with interest of a client?
Where the audit firm may audit two clients that are in direct competition to one another, it
may create threats to objectivity and confidentiality.
(C) Safeguards
1. Notify the parties of the potential conflict of such business interest, in order to
get consent to continue offering such services.
2. Use separate engagement teams (especially where the clients we audit are in
direct competition to one another)
3. Confidentiality agreements to be signed by the employees and partners of the
firm.
4. Set clear guidelines regarding confidentiality and professional behaviour
A CA may be asked to give a second opinion on some aspect of work which has been
carried out for an entity which is not an existing client.
Where the CA is not supplied with the same set of facts and evidence as to the existing
accountant he may be at threat to professional competence and due care. E.g. the matter
which a second opinion is sought is how a complex merger which is subject to various
conditions should be treated in the financial statements. The proposed accountant gives his
opinion without being aware of the full extent of the various conditions. His opinion is then
discredited, and he appears incompetent.
(C) Safeguards
1. Obtaining from the client and precise written explanation as to why the
second opinion is needed
36
As a CA, you are entitled to a fair remuneration – but this needs to be appropriate
Where the Fees are too low " we are unable to perform the engagement in accordance with
the standards. This threatens our ability to apply professional competence and due care and
to remain objective considering the audit is under pressure of limited funds. This also
threatens our integrity.
Where the fees are fixed fees for which the time spent could vary significantly " the same
threats as above would apply.
(C) Safeguards
2. CONTINGENCY FEES
37
Gives rise to self-interest threat to objectivity as the CA could be more concerned in the fee
earned, than quality of services offered. It may also be a threat to integrity, professional
behaviour if the CA does anything illegal to maximise his/her contingent fee.
(C) Safeguards
Contingency fees are not permitted for assurance engagement. Thus the safeguards will not
be addressed.
3. REFERRAL FEES
A CA may receive or pay a fair referral fee or commission but must ensure that such
fees do not compromise the fundamental principles.
Dishonest, exaggerated, obnoxious, critical (towards other audit firms) claims are threats to
integrity and professional behaviour. E.g. an audit firm places an advertisement in the
financial press which claims they audit “numerous listed companies” (When in actual fact the
audit firm only has one client that is a listed company), has the best audit approach and
employees are the “most highly skilled qualified” staff for the job.
This clearly is exaggeration and does not reflect a truthful and professional manner of
marketing.
38
1. Apply the requirements of ISA 220R Quality control " All proposed
advertising is reviewed & authorised by a suitable committee
2. Creating written communication as to what is acceptable and what is not
acceptable.
A CA may not take custody of a clients’ assets (money or otherwise) unless it’s
permitted to do so by law. The chartered accountant must ensure that the assets do
not come from an illegal source, and are not used for purposes other than agreed to.
These must be kept separately identifiable.
The custody of clients’ assets may result in the misuse of the clients’ assets, or the client
may be trying to launder illegal money through the firm. This can result in threating the
fundamental principles of integrity, professional behaviour and objectivity.
(C) Safeguards
If one where to accept the custody of a clients’ assets, the following safeguards could be
implemented:
Independent in mind means that one must be free of bias, or undue influence in ones’ own
judgement. Independent in appearance means that one must also be perceived to be free
39
Determining whether the threat is clearly insignificant, one can ask the following questions:
Refer to Auditing notes chapter 2, page 2/24 – 2/35 for comprehensive illustrative
examples.
Note, this is important as it will assist you to understand the application of being
able to:
! Is the contravention of the ‘Auditing Profession Act’ and any other Act,
! Dishonesty, as a registered member, including:
o Theft, Fraud, perjury, bribery, corruption
o If the above has been committed during the time of carrying out work and
duties.
o In relation to any office of trust
! Failure to perform work with reasonable care and skill
! Evasion of any tax etc.
! Failing to account separately clients possessions
! Divulging confidential information
40
# A caution or reprimand
# A fine not exceeding N$100 000
# A suspension of the right to practice for a specific period, or
# Cancellation or registration and removal of practitioner’s name from register
The sentence will depend on the severity of the crime, i.e. improper conduct.
41
This study unit is based on Auditing Notes, Chapter 5, and the relevant ISA
standards, ISA 315, ISA 530 and ISA 500.
43
44
The stages of the audit process are illustrated in the table below:
AUDIT
PROCEDURES ISA’s
Perform Perform tests of controls
500,501,505,510,520
substantive (combined approach)
,530,540,545,550,58
procedures ISA 315R, 330R, 500
0,600,610,620,IAP’s
10005,1010,1012,
1013, SAAPS Evaluate results Evaluate results
4&SAAPS 1100
COMPLETION Conclude (ISA 330R, 560, 570, SAAPS4), formulate an audit opinion (ISA
700,701) and report (ISA 710, 720, 800, ISRE 2400, ISRSs 4400, 4410, SAAPS 2,
SAAPS 3)
45
Namibia follows the example and guideline of South Africa. South Africa has adopted the
IFAC auditing standards. As you can see above there are many activities that form part of
the auditing process. These activities are guided by the ISAs as to how the audit process is
to be conducted. These statements do not contain detailed list of procedures but rather
objectives and comments as to how that can be achieved.
Study and review the background on each stage in detail in Chapter 6, the
introductory section.
46
This study unit is based on Auditing Notes, Chapter 5, section 1 and the
relevant auditing standard, namely: ISA 315.
47
We are all exposed to certain ‘internal controls’ every day of our lives. E.g. when you draw
money from the ATM, the machine asks you for a PIN. Or when you enter a train, you are
required to present a valid ticket in order to enter the train.
The Bank is protecting the customer and themselves against the risk of theft.
The risks relating to issuing train tickets may not be that obvious. There are two components
to this matter. Firstly, a ticket or receipt is a “proof of purchase” which provides the customer
with a means of protecting himself from the risk of being wrongly accused of taking a free
ride. Secondly, the issuing of a ticket or receipt will be one of a number of controls which the
business selling the ticket or issuing the receipt, implements to address the risk that its
employee makes a sale for which there is no record of and seals the “proceeds”.
The purpose of internal control is to address the risk of something undesirable, unintended
or illegal from occurring.
Risks in a business would have to be identified in order to formulate the most appropriate set
of internal controls. These would include addressing the risks associated with such matters
as:
! Safeguarding the assets of the company, e.g. inventory, from theft or damage
! Preventing fraud
! Complying with the laws and regulations applicable to the entity
! Producing reliable financial information necessary to run the business and satisfy the
financial reporting requirements, e.g. the AFS
! Operating the business efficiently and effectively
If responsibility of managing a business lies with the Board of Directors, they are then also
seen primarily responsible for the effective functioning of internal controls. Ultimately all
employees are responsible but the primary responsibility lies with those charged with
governance.
! The Board of Directors will have overall responsibility and accountability, especially
for identifying the risk of the business which need to be addressed.
48
Internal controls have limitations that would reduce the effectiveness thereof, thus they are
best applied in combination with other controls.
TO SUMMARISE:
Internal controls:
! Is a process
! Effected by people
! Are not the sole responsibility of management
! Are not static
! Are not fool proof
! It’s not a case of a single control addressing a single risk.
$ The cost of applying the control should not exceed the expected benefits to be
derived (cost/benefit)
$ The tendency for internal control to be directed at routine transactions rather than
non-routing transactions
$ The potential for human error due to carelessness, distraction, mistakes of
judgement and the misunderstanding of instructions
$ The possibility of circumvention of internal controls through the collusion of a
member of management, or an employee, with parties outside or inside the company
$ The possibility that a person responsible for exercising an internal control could
abuse that responsibility, for example, a member of management overriding an
internal control
$ The possibility that procedures may become inadequate due to changes in
conditions and therefore, compliance with procedures may deteriorate.
49
50
For each component, study the detail and background in Chapter 5, for
subsection 4.
Out of the above it is evident that the general characteristics of a good internal control
environment can be summarised as follows:
! Using the technique of acronyms we can create a phrase such as DISCCC. This
will allow you to remember the general characteristics of a good internal control
environment.
ISA 315 - “identifying and assessing the risks of material misstatement through
understanding the entity and it’s environment” states that the auditor needs to identify and
assess the risks of material misstatement. Thus the auditor may be interested in the entity’s
risk assessment process as this will enable the auditor in obtaining further knowledge of the
entity. ISA 315 also requires the auditor to obtain an understanding of the entities’ internal
control environment by evaluating the entity according to the 5 components of internal
control.
REVISION
The objectives of this study Unit are laid out below:
1. Briefly discuss the elements of the control environment that may be relevant when
obtaining an understanding of the control environment.
2. Explain when a control would be relevant to the audit as well as the auditor’s reaction with
regard to the relevant controls.
52
MONITORING OF CONTROLS
Supervision over daily activities by
senior personnel
Checking of work by independent
personnel
53
This study unit is based on Auditing Notes, Chapter 5, section 2 and the
relevant auditing standard, namely: ISA 315.
54
ISA 500 – ‘Audit Evidence’, states that “the auditor should obtain sufficient, appropriate audit
evidence to be able to draw reasonable conclusions on which to base the audit opinion.” The
key term here is “sufficient appropriate audit evidence”.
Sufficiency of evidence translates to ‘quantity of audit evidence. Thus, the auditor must
consider whether he/she obtained enough audit evidence to support the audit opinion.
Some factors can cause complications to the quantity of evidence, such as:
Thus at the end of the day an auditor needs to apply professional judgement as to what
entails ‘sufficient’ audit evidence to support their opinion. This would translate to the “extent”
of testing as determined in an audit plan. This will be dealt with in more detail when we come
to audit planning.
The appropriateness of audit evidence relates to the quality of audit evidence. This can be
broken down further into two components:
1. Reliability of evidence, i.e. looking at the source from which the evidence is obtained
and its nature (what type of evidence is it).
2. Relevance of the evidence – relevance to the assertion that is being audited
(a) Reliability
The more the evidence is obtained from external parties (external to the entity that is being
audited) the more reliable it is, obviously the primary consideration is always to consider
whether the company/person from which the evidence is obtained is competent, reliable and
trustworthy.
55
MOST
SOURCE EXPLANATION
RELIABLE
Evidence developed by
E.g. the auditor would personally inspect
1 the auditor is most
a document/asset.
reliable
*Note – in all of the cases one needs to consider whether the parties providing the
information (this includes the client, point 5) are independent, reputable and competent,
otherwise it will diminish the reliability of that information obtained.
(b) Relevance
The relevance of audit evidence is important to consider what assertion the auditor is trying
to address with the audit procedure. Audit Assertions will be dealt with in more detail in the
next subsection. Maybe spend 5 minutes to have a look at the table of the assertions per
item on page 55.
56
As you can see your ‘procedure’, or activity, is driven by your objective. The objective is
finding out how much groceries/stock is left in the kitchen. The activity is then linked to the
objective, i.e. meaning you will then have to do something that meets that objective.
In the same way in auditing, the ‘objective’ of a procedure is the ‘assertion’ you would want
to address. And the ‘activity’ is what we call the audit procedure to meet that objective.
Thus if we come back to executing procedures that are relevant, will it be relevant to your
objective if you count your petty cash in the teller?
No -> as this will address a totally different procedure or assertion. Therefore you would
probably have to go and do a stock count, or inspection in the kitchen’s pantry/storeroom to
determine what you have left and what food items have expired.
Lastly, what you have to remember is that a single procedure will not necessarily be relevant
to only one assertion, but again the procedure may provide evidence relevant to a number of
assertions.
Although these factors are not the end and be all, one needs to apply professional
judgement in determining whether evidence is sufficient and appropriate. The following
factors would indicate matters that can influence this decision:
1. The assessment of inherent and controls risk of the entity -> The higher the risk
assessed (to be covered under ‘Planning’), the more evidence from more reliable
sources is required
2. The materiality of the item being examined-> the materiality equates to the
significance and ‘size’ of the account, thus it is presumed that it will more likely
contain material misstatements. Thus the auditor will be more concerned in obtained
sufficient, appropriate audit evidence.
3. Experience gained during previous audits -> as the auditor gains an understanding
and of the client and the business, he/she will be able to identify potential problem
areas and allow better focused attention on the audit.
4. Results of audit procedures already conducted -> E.g. testing the existence of
debtors proved highly successful, the auditor may consider limiting further tests on
the same account and assertion. The opposite also applies.
5. Source and reliability of information available -> The auditor’s first choice is to
obtain the best reliable evidence possible, yet if this is not possible, he/she may need
to obtain additional ‘less reliable’ evidence to be in a position to form an opinion.
6. The persuasiveness of the audit evidence -> E.g. evidence gathered in one
section of the audit which is supported or corroborated by evidence from another
section of the audit will be more persuasive than had the evidence contradicted itself.
57
Audit evidence is obtained by performing certain of what we call ‘audit procedures’. These
procedures are made up of the following:
! Risk assessment procedures (this is usually conducted during the planning and
completion stages of the audit)
! Further audit procedures, the majority makes up the centre stage of the audit, these
are combined in one of 2 options:
1. Combined Approach =>Where a combination of tests of controls (these test
the internal controls implemented in the system of the client) and substantive
procedures (the form of procedures are slightly different than tests of controls)
2. Substantive Approach => Where primarily only substantive procedures are
performed to obtain audit evidence
[Note: You can never perform only tests of controls; you need to perform at
least some substantive procedures as required by ISA. We will look at the
reason for this a bit later]
When we refer to ‘substantive procedures’ it includes two forms thereof: Tests of detail and
substantive analytical procedures.
ISA 315 – “Identifying and assessing the risks of material misstatements through
understanding the entity and its environment”, states what assertions are relevant to what
part of the financial statements.
Study the categories, assertions and meaning thereof under ISA 315 in
Chapter 5.
Note, when you summarise the assertion, you can also rephrase each to
state a question, as the assertions essentially translate into the objectives of
the auditor.
When it is referred to as transactions & events it refers to the ‘Income Statement’ or the
statement of comprehensive Income, as this indicates the results and transactions that have
been generated over a 12 month period (representing the 12 months of the financial year of
the client). Thus the assertions are different to that of Assets, Liabilities, as these only
represent balances as at a certain point in time. It is like a ‘snapshot’ of the year-end at that
date what the balances of the business are. As a business generates its profits from how
much income it earned and what expenses have been deducted, it is important for the
shareholders to know,
58
In the same way we can ask the relevant questions on the Balances. Now what makes up
the Balances? Think back to financial accounting, this would be your Assets, liabilities,
equity interest. Are the assertions the same for the balances as for the income statement?
No, not necessarily, the objective is different in each case, so some of the assertions may be
applied to both, yet you would phrase the objective differently.
If we can summarise the relevance of each assertion per category, the following table would
apply:
Presentation &
Assertion Transactions/events Balances
disclosure
Occurrence ! !
Completeness ! ! !
Accuracy ! !
Cut-off !
Classification ! !
Existence !
Study the examples 1 &2 given under this subsection, Financial Statements
assertions, and ensure you understand the application thereof.
Note, that If you rephrase the assertion to be as a question it will assist you
with the application thereof to each line item.
You must first understand the meaning of an assertion before you can apply
it to the line-item.
59
State the characteristics of a good internal controls environment using the technique given:
DISCCC
_________________________________________________________________________
State the reliability of evidence according to its Hierarchy of most reliable to least reliable
_________________________________________________________________________
60
1 Occurrence
2 Completeness
3 Accuracy
4 Cut-off
5 Classification
1 Existence
3 Completeness
Valuations &
4
Allocation
Answers are obtained from the Study book and its material.
61
This study unit is based on Auditing Notes, Chapter 5, section 3 and the
relevant auditing standard, namely: ISA 315.
! State what are the procedures the auditor uses to gain audit evidence
! briefly explain why the auditor performs test of controls
! explain what is “risk of material misstatement”.
! State the procedures to be carried out for each form of audit procedure separately
! understand why we still need to perform substantive procedure, and what influences
this decision
! state the difference between vouching and verifying
62
Risk of material misstatement is a risk of a ‘significant error’, i.e. what is the risk of
something being wrong in the financial statements that is significant, not just correctness but
validity, or in other words all the assertions as listed in unit 3.2.
Remember the auditor issues an opinion to say that the financial statements are fairly
presented, i.e. that they are reasonable within the conditions set out for the audit. This is
what we call reasonable assurance. The conditions are determined by something like a
materiality level, what is material and what is not material for the purposes of the audit. Refer
to page 14.
Now, back with the example of the cafeteria, there are many cash transactions happening as
sales are being made, right? So what is the risk on Sales? Incomplete sales, i.e. that not all
sales that have taken place have been recorded as cash may have been misappropriated
(stolen). Thus risk assessment indicates to us where we need to focus our resources and
attention to.
So by performing audit procedures and gathering evidence about a certain risk, we are
minimising that risk to an acceptable level. This is done until the risk determined during
planning is reduced to such an extent that we can issue an opinion
As previously mentioned there are certain audit procedures to gather audit evidence by
performing:
The procedures for carrying out the above are laid out in a table below:
63
% HOW: Requires use of verb (action) - which should describe action. Avoid use of
“ensure” or “check”!!!
% WHY: Sets out the reason for the audit procedure with regards to audit objective.
EXAMPLE:
Inspect minutes of director’s meetings to confirm that the purchase of motor vehicles was
authorized.
(3) “confirm, that transaction was authorized” – reason for audit objective (WHY)
64
Accounting System
• Credit Sales & Controls
• Increase Debtor
Transaction Balance
• Perform customer
credit check • Increase Sales
• Check Credit Limit
• Manager to
Authorize
Transactions Balances & Total
A transaction is generated by a sale that took place on credit. Just as if you were to walk into
Mr Price and buy clothes on your account. Mr Price has generated a credit sale to you, but
on your account. That would entail checking whether you are still within your credit limit, and
where it is exceeded the manager usually needs to authorise such credit.
This transaction was in other words subjected to certain controls put in place relating to
credit sales. These controls occur usually in and around the accounting system.
The ultimate entry would be to Increase Mr Price’s Sales Account, and increase their
Debtors;you.
As you can see if these controls are not functioning properly, you could get incorrect or
invalid information that forms part of your ‘output’, the financial statements. Thus the auditor
is interested in seeing how effective the controls are and are they suitably designed to
prevent or detect errors.
The auditor will thus want to test the accounting system and related controls to identify
whether they produce reliable balances and totals. These tests are what we call tests of
Controls.
If the auditor has determined that the control environment is strong (partly determined after
our risk assessment) he/she may want to decide to rely on the controls and perform tests of
controls. Thus as deemed that the controls are strong, the auditor is more confident that the
balances and totals are fair and hence will need to spend less time on verifying
(substantiating) the balances and totals.
65
Successful tests of controls will reduce the extent, and possibly, change the nature of
substantive tests, but cannot eliminate the need to perform substantive tests.
As mentioned, substantive procedures can be clearly distinguished between two types, test
of detail or analytical procedures.
Vouching " relates to the audit of transactions. This could include obtaining evidence about
a line item of its primary assertions, e.g. on a sales transaction, this would include inspecting
documentation, enquiring of certain discounts allowed, test the arithmetical accuracy of an
invoice by re-computation.
Verify " relates to the audit of balances. This e.g. would include verifying the debtors
balance by means of written debtors’ confirmation, make enquiries as to how the allowance
of Bad debts was calculated, and re-preforming the aging of debtors.
66
This study unit is based on Auditing Notes, Chapter 5, section 4 and the
relevant auditing standard, namely: ISA 530.
67
We the auditor applies sampling, the evidence gathered is not the only evidence gathered,
we may perform analytical procedures to corroborate our findings.
Once the test has been performed and a conclusion was reached on the sample, we still
need to extrapolate the results of the sample over the entire population. This is because the
sample only is a representation of the population. If our opinion is formed over the
population, we must make sure our conclusion relates to the population. Remember we
talked about reasonable assurance (revisit Unit 1). Reasonable assurance refers to that
there are no material misstatements, i.e. no material/significant errors. We do not give an
opinion on absolute assurance. The reason for this is that we do not test the entire
population but we draw a sample out of it.
We must remember that some items, due to the nature of the account/population the entire
population may need to be tested. These are things e.g. like Directors’ Loans, or Minutes of
Meetings, as these are subject to Corporate Governance - and Company’s Act requirements
that are relevant regardless how large or small the matter may be. E.g. if an unauthorised
Loan was granted to a Director that does not meet the requirements of the Companies’ Act,
yet it may only be N$1000, it still becomes a reportable matter. This is what we call the
nature of a misstatement.
Part 2 Definitions
ISA 530 – “Audit Sampling” provides the following definitions:
WORD MEANING
Audit Sampling “applying audit procedures to less than 100% of the items within a
population, such that all units have a chance of selection”
Population “Means the entire set of data from which a sample is selected and
about which the auditor wishes to draw conclusions. E.g., all items
included in an account balance or a class of transactions are
populations. A population may be divided into strata, or sub-
populations, with each stratum being examined separately.
68
Overestimating the audit – test of controls are less effective than they
actually are, or a material error exists when in fact it does not. This
would affect audit effectiveness and usually lead to additional work
being carried out.
Non-sampling The risk that the auditor arrives at a wrong conclusion for a reason not
risk related to sampling risk. E.g. He has applied the sampling plan
incorrectly, misunderstood the results of the sampling exercise.
Sampling unit Means the individual items constituting a population, e.g. cheques
listed on deposit slips, credit entries on Bank statements, sales
invoices.
Statistical Means following any approach that has the following characteristics:
sampling
! random selection of a sample, and
! use of probability theory to evaluate sample results, including
measurement of sampling risk
If a sample does not have the above characteristics it’s what we call a
non-statistical sampling method.
Tolerable rate of “A number or percentage set by the auditor in respect of which the
deviation auditor seeks to obtain an appropriate level of assurance that the
number/percentage set by the auditor is not exceeded by actual
deviations in the population.
69
The internal control environment is what represents the controls implemented by the client
that you are auditing. The test of controls are the tests you as the auditor are performing on
the controls implemented at the client to determine whether they function properly, i.e.
whether they were effective in their objective.
Let’s say the client has implemented a control where payments are being authorised. The
objective of the control is to ensure a payment request is supported by an invoice (and proof
of delivery – goods received note) so as to ensure all payments that are made are valid, i.e.
a service was rendered and no unauthorised payments are made. The control is
‘authorisation’ of the Financial Manager. The population would be all the expenses noted or
then all the payments made on the Bank Statement. Out of this population we would then go
and select certain payments on certain criteria, whether by nature or amount. Our audit
procedure would be a test of control (as we are testing the control), of inspecting every
cheque (cheque requisition) or EFT proof of payment for the Financial Managers’
authorisation.
Thus you can see a sample is used for when we want to perform audit procedures on a
certain population, whether we would perform test of controls or substantive procedures.
70
Imagine you have a population of 20 transactions, of which you need to select all with the
value of N$10,000 or more, with the given set of errors found:
71
The units in the population are 20 items. The random selection based on predetermined
criteria amounts to 10 items in the sample. The error rate is determined at 1.16%
(14,000/1,203,900).
So, N$14,000 errors were found in this sample. Of which the sample totalled, N$ 1,203,900.
This makes up 1.16% of total errors (misstatement) of the sample. If we were to extrapolate
that to the population, this would equate to 1.16% of 1,256,300, totalling a misstatement over
the population of N$ 14,609. This would then have to be assessed whether as auditors we
can tolerate (i.e. accept) this error rate or not.
Revisit the above section carefully and ensure you understand each concept/term and are
able to apply it.
72
73
This study unit is based on Auditing Notes, Chapter 6, and the relevant ISA
standard, ISA 315, ISA 530 and ISA 500.
PLANNING
Part 1 Introduction……………………….…………………..…………………………………………………………………………….88
Part 4 Materiality………….…………..………………………………………………........................................................91
74
Part 3 Other audit procedures carried out to satisfy the requirements of the ISA’s …………………………97
! Discuss the objectives of quality control policies and procedures to achieve these, both
at the level of the firm and at the engagement level:
a) Leadership responsibilities for quality within the firm;
b) Ethical requirements;
c) Acceptance and continuance of client relationships and specific engagements;
d) Human resources;
e) Engagement performance; and
f) Monitoring.
! Name and briefly discuss the issues that should be addressed as part of quality control
at the level of individual audits; and
! Discuss in detail the elements that relate to engagement performance at the level of
individual audits.
! define audit risk;
! discuss in detail the components of audit risk;
! discuss in detail the interaction between the different components of audit risk and the
effect on audit procedures; and
! in a case study, distinguish between matters that will affect inherent vs. control risk.
! briefly state the reasons why an auditor would perform engagement activities
! name the method of obtaining the engagement activity information as well as the
sources from which it will be obtained
75
76
77
Professional
Staff
- Seniors
- Juniors
The purpose of this section is to establish standards and provide guidance on quality control.
This standard is not necessarily applicable to a specific audit, but rather applicable to the
audit firm/auditor that is performing the audit. It entails the manner and environment in which
the audit is being conducted.
It is important that auditors perform high quality audits for a number of reasons. Reputation
for high quality work is likely to attract additional clients and therefore help the practice to
grow and develop. In addition, if the audit work performed is of a high quality, this will give a
lower chance of the auditors falling into a trap of negligence claims by third parties, which
could be costly and can cause serious damage to the reputation of the organization.
Quality control and review procedures are important in the subject of modern auditing.
Quality control policies and procedures should be implemented at both the level of the audit
firm and on individual audits.
78
There are two documents on quality control that you should be aware of:
! ISA 220 Quality Control for Audits of Historical Financial Information: This
document has a narrower scope, giving guidance to audit firm personnel regarding
quality control procedures to be followed during the course of an audit engagement.
One partner in the firm should be primarily responsible for each audit (the
engagement partner) and they are responsible for the overall quality of the
engagement.
Thus ISQC 1 is concerned with quality at the firm level, while ISA 220 is concerned with
quality at the engagement level.
The firm should establish policies and procedures designed to promote an internal culture
based on the recognition that quality is essential in performing engagements.
79
The firm should establish policies and procedures designed to provide it with reasonable
assurance that the firm and its personnel comply with relevant ethical requirements.
The firm's policies and procedures should emphasize the fundamental principles of the IFAC
Code of Ethics and reinforce them through:
3. Independence
The firm should establish policies and procedures designed to provide it with reasonable
assurance that the firm, its personnel and, where applicable, others subject to independence
requirements (including experts contracted by the firm and network firm personnel), maintain
independence where required by the IFAC Code and national ethical requirements.
At least annually, the firm should obtain written confirmation of compliance with its policies
and procedures on independence from all firm personnel required to be independent by the
IFAC Code and national ethical requirements.
The firm should establish policies and procedures for the acceptance and continuance of
client relationships and specific engagements, designed to provide it with reasonable
assurance that it will only undertake or continue relationships and engagements where it:
! has considered the integrity of the client and does not have information that would
lead it to conclude that the client lacks integrity;
! is competent to perform the engagement and has the capabilities, time and
resources to do so; and
! can comply with ethical requirements.
5. Human resources
The firm should establish policies and procedures designed to provide it with reasonable
assurance that it has sufficient personnel with the capabilities, competence, and commitment
to ethical principles necessary to perform its engagements in accordance with professional
standards and regulatory and legal requirements and to enable the firm or engagement
partners to issue reports that are appropriate in the circumstances.
! Capabilities; ! Competence;
80
Audit work is to be assigned to personnel who have the degree of technical training
and proficiency required in the circumstances.
b) Engagement performance
The firm should establish policies and procedures designed to provide it with
reasonable assurance that engagements are performed in accordance with
professional standards and regulatory and legal requirements, and that the firm or
the engagement partner issue reports that are appropriate in the circumstances.
The firm should establish policies and procedures designed to provide it with
reasonable assurance that:
81
This review is performed prior to signing the opinion and is often referred to as a 'hot'
review.
6. Monitoring
The firm should establish policies and procedures designed to provide it with reasonable
assurance that the policies and procedures relating to the system of quality control are
relevant, adequate, operating effectively and complied with in practice. Such policies and
procedures should include an ongoing consideration and evaluation of the firm’s system of
quality control, including a periodic inspection of a selection of completed engagements.
The purpose of monitoring compliance with quality control policies and procedures is to
provide an evaluation of:
The firm entrusts responsibility for the monitoring process to a partner or partners or other
persons with sufficient and appropriate experience and authority in the firm to assume that
responsibility.
The monitoring process is focused on completed engagements where the audit report has
already been signed and is often referred to as a 'cold' review.
82
Part 5 Conclusion
$ Quality control is a fundamental issue for all audit firms.
$ The main source of guidance for firms in relation to quality control comes from ISQC
1 which details the specific elements of a system of quality control.
$ ISA 220 provides additional guidance by applying ISQC 1 to specific engagements.
REVISION
(a) Audit firm as a whole (ISQC1)
83
84
This study unit is based on Auditing Notes, Chapter 6, section 2 and the
relevant auditing standard, namely: ISA 210, 220 and ISQC1.
! briefly state the reasons why an auditor would perform engagement activities
! name the method of obtaining the engagement activity information as well as the
sources from which it will be obtained
! State the necessity and the minimum steps of establishing a letter of engagement
! State the preconditions of an audit
! Name at least five circumstances that will lead to the issuance of a new engagement
letter of a recurring audit
! Discuss in detail the steps required for setting the terms of the engagement
! State some of the procedures to gather “preliminary engagement” information
! Briefly explain the considerations you would have to apply when complying to ISA 220
and ISQC1, when it comes to considering the appointment of a new or existing client
! State what are some of the considerations you would have to evaluate whether you
would accept a new business client or continue a business relationship with an existing
client
85
Remember that the audit firm is like a business. If that business belongs to you, you would
most likely not want to enter into a business relationship that could result in non-payment of
your services, or worse a law suit. Thus in the same light you would consider as an audit firm
whether you would want to enter into (or continue with an existing client) a business
relationship.
1. As an audit firm, we must consider the integrity of the clients’ main owners, key
management and those charged with governance. We would look at client matters
such as:
1.1. Their business reputation of those noted above
1.2. Their business practices
1.3. The clients’ attitude toward paying audit fees
86
3. Can we as the audit firm comply with ethical requirements? We would evaluate
matters such as:
3.1. Any (potential) conflicts of interest between the firm and the client.
3.2. Are there any threats to independence of the firm, the engagement partner,
engagement team and the client? Have adequate safeguards been put in place?
3.3. Are there any other situations that may lead to the contravention of the Code of
Professional conduct?
The last point indicates matter that are of a concern under Study Unit 2, the code of
Professional Conduct.
& In order to be in compliance with the Code of Conduct, we need to communicate with
the previous auditor.
& We need to hold discussions with staff and key management of the client, i.e. senior
financial personnel, audit committee etc.
& Hold enquiries with the clients’ bankers, lawyers on any matters we may need to be
made aware of. (Remember in this case it is important to seek permission from the
client beforehand before these are contacted)
& Conduct background searches on the clients
& Review any other documentation that is available by the prospective client, whether
made public or provided by them
& Enquire & analyse whether the firm (and its staff) and the client is independent (see
above)
87
This letter, once signed by the client, provides confirmation of agreeing to the terms and
conditions of the agreement.
The relevant ISA is ISA 210 – Agreeing the terms of audit engagements, states that “the
auditor shall agree the terms of the audit engagement with management or those charged
with governance”. This translates that it is the right of the auditor to determine how the audit
will be conducted.
Study the sections and steps carefully in the book in Chapter 6, subsection 1.
88
REVISION
You are a partner in the auditing firm MKP Incorporated. The directors of NW Build
approached you to perform their audit in future. The company is a wholesaler in building
material.
During a meeting with the directors of the company, they informed you that they are not
satisfied with the existing auditors, as they failed to identify an error in the creditors during
the previous audit. You explained to them that an audit can only provide reasonable
assurance that financial statements are free of material misstatement.
You have already, as part of your procedures with regard to engagement activities,
determined that MKP Incorporated possesses the necessary knowledge and skill to perform
NW Build’s audit.
Name the additional procedures that you will perform as part of your engagement activities
to determine whether or not you should accept the audit of NW Build
89
90
This study unit is based on Auditing Notes, Chapter 6, section 3 and the
relevant auditing standard, namely: ISA 300.
91
92
The document in which this is formulated is called an audit strategy and audit plan, of which
we will look at more detail later. These documents are not fixed, in other words as the
circumstances change on an audit, the plan/strategy can be amended as it becomes
necessary.
You can imagine that before we create an audit strategy or plan, we need a great deal of
information about the client before we can formulate our approach. We have to obtain an
understanding of the client and its business before we can formulate a response to the risks
assessed for the audit.
So as part of our planning process we need to gather information, assess that information as
to say is it risky, not risky, are we willing to accept the risk, or do we have to do something
about it. If you think what risk means, it means hazard, threat or danger, it does not mean
something DID actually go wrong, it just means something CAN POTENTIALLY go wrong.
So in the context of auditing, that entails financial and control risks. Our responses to those
risks assessed are our audit procedures. Using our terminology, that would mean assessing
the risk of material misstatement at assertions level and overall Financial Statement level
and creating a document in which our response to that risk is laid out. The audit strategy
encompasses responses primarily to the risk of material misstatement at overall Financial
Statement level. The audit plan primarily encompasses responses to the risk of material
misstatement at the assertion level.
93
Information-gathering stage
Stage 1, Understanding the entity and its environment
Information-analysis stage
Stage 2, Assess the risk of material misstatement in the financial statements
Documentation stage
Stage 4, Establish the overall audit strategy
Material accounts
- Organisational aspects
Non-material accounts
94
! Materiality
! Risk assessment on Financial Statement level (F/S Level), presence of
significant risks
! Impact of the assessed risk of Material misstatement on our direction,
supervision and review , e.g. high risk at F/S Level may require more
experienced staff assigned
! Management’s attitude towards controls
! Volume of transactions
! Significant developments in business
95
The audit plan encompasses the nature, timing and extent of our audit.
ISA 300 requires that the audit plan must contain at least the following:
# A description of the nature, timing & extent of the planned risk assessment
procedures.
# A description of the nature, timing and extent of planned further audit procedures
at the assertion level for each material class of transactions, account balance and
disclosure
# Any other audit procedures which may be required to comply with the ISAs
# A plan regarding the nature, timing & extent of the direction, supervision and
review of the audit team.
Audit Plan
Material Accounts
Non-Material Accounts
Part 4 Materiality
In order to determine what is material or immaterial (non-material), we have to ask the
question: “What is material?” This is done during stage 2 of the audit, see above.
So far the auditor has gathered information on various aspects of the client. Now he will
consider whether what he knows about the client will lead him to believe that there is a risk
of material misstatement of the AFS, i.e. the auditor will evaluate the effect that any identified
weaknesses will have on the Financial Statement assertions.
96
1. Inherent risk " This is a ‘built-in’ risk in the financial statements. Implemented
controls have no impact on this.
2. Control Risk " These are risks that relate to the function and design of the internal
control environment, refer to unit 3.1.
3. Detection Risk " This risk is the risk that the auditor may not detect a material
misstatement resulting in issuing an inappropriate opinion
The auditor assesses the risk by performing risk assessment procedures to form an
understanding of the level of risk involved on the client. This is called risk of material
misstatement. This is the risk that something, due to certain factors, can be materially
misstated. Our response thereto is to conduct audit procedures.
There is an inverse relationship between Inherent Risk, Control Risk and Detection Risk. If
Inherent Risk (IR) and Control Risk (CR) are high, the detection risk MUST be set at low.
This is affected by means of ensuring we perform a quality audit, in other words effectively
planning the audit so as to reduce the risk of material misstatement (IR & CR) to an
acceptable level. (Thus the risk that something material remains undetected is reduced).
The Risk of material misstatement, under the auditor’s control, consists only of the Inherent
risk and the Control risk. The detection risk is not under his/her control.
E.g. an account balance was arrived at using complex calculations. The internal controls
implemented around that account don’t address the problem of the complex calculations.
What is the verdict? The risk of material misstatement is high due to the ‘complex
calculations’ – thus there is an increased likelihood of a misstatement (error) as the
calculations are complex (difficult). The auditor is aware of the matter because of good
planning, thus he/she is able to design audit procedures to address the matter. It is in his/her
control.
97
More detailed examples on risk indicators are available in Chapter 7 of the Auditing Notes
Book.
99
This study unit is based on Auditing Notes, Chapter 6, section 4 and the
relevant auditing standard, namely: ISA 330, 315,500.
! State what are the types of audit procedures used to respond to the risk of material
misstatement
! Identify some of the overall responses at financial statement level
! State what are some of the additional audit procedures required to respond to
assessed risk
100
This means that the responses are primarily focused on addressing the pervasive impact of
risks at the overall F/S level, and then it is further directed at risk at assertion level. Thus the
overall responses are not really procedures but rather general actions to deal with the risk at
financial statement level.
To achieve the above, he/she will make use of the tools in his/her toolbox, these are
recapped as follows:
! Inspection ! Recalculation
! Inquiry ! Re-performance
! External confirmation
101
102
This study unit is based on Auditing Notes, Chapter 6, section 5 and the
relevant auditing standard, namely: ISA 330, 450, 700.
103
If evidence was obtained that contradicts one another, the auditor needs to seek further
evidence in order to make an appropriate conclusion. If the auditor is unable to obtain
sufficient appropriate audit evidence, a qualified opinion or a disclaimer of opinion will have
to be issued.
1. Factual misstatement " Those misstatements that have been specifically identified
and about which there is no doubt, whether subjective or objective
2. Judgemental misstatement" Are those misstatements where estimation is
involved. Its where the matter, whether estimate or policy is open for interpretation.
The professional judgment of the auditor and the judgment of the client differ. E.g.
creating an allowance for bad debts would require 20% of the total debtors plus a full
provision of those older than 90 days. The client may apply his judgement in this, yet
the auditor may believe that recoverability becomes questionable already at 60 days
overdue and may want to include all the debtors already at 60 days overdue. In other
words, the client’s assessment of the provision is lower than that of the auditor. But
each has exercised their judgement. (Yet if the accounting policy applied is applied
incorrectly, regardless of interpretation, it is a factual misstatement)
3. Projected misstatement" This is the auditor’s best estimate of an amount of
misstatement found in a sample taken from that population. (Refer to sampling
above, where the extrapolated amount would exceed our tolerable misstatement)
1. The factual misstatement" will allow more leverage with the client to ensure that
the client adjusts the AFS, where this is material. If it is not adjusted, it could modify
the audit report.
104
Remember requesting the client to adjust the AFS, will depend on the materiality levels
determined by the auditor.
! The AFS adequately disclose significant accounting policies selected & applied by
the client
! The Accounting estimates applied are reasonable (considering the auditors’
background knowledge of the client, its industry and business)
! The information presented, is it relevant, reliable, understandable and comparable?
! Are adequate disclosures provided " so that users can understand what happened
during the year
! Is the correct and appropriate terminology applied in the AFS
! Has compliance been met in terms of statutory requirements and regulation, e.g.
listing requirements?
! Do the AFS achieve fair presentation?
The evaluations described above would usually be conducted by a senior member of the
audit team. The engagement partner would then consider, based on the audit evidence
gathered, what type of an audit opinion should be issued.
105