Chapter One - Horizon

Summary

This Chapter presents an overview of Horizon – Grant Thornton’s audit methodology.

Overview of Horizon
1.1 This Chapter presents an overview of Horizon – Grant Thornton's audit
methodology. Although Horizon is the same regardless of the size or type of entity, the
procedures selected and the extent of work performed will vary considerably for each
audit. Horizon is Grant Thornton’s means of complying with firm policies and
professional standards, including the standards established by IFAC.

1.2 The following flowchart depicts the principal components of the Horizon
methodology. It is not intended to suggest that the audit is a linear process.
 Identify Risks Evaluate Risks Respond to Risks

Understand the Perform

entity and its Perform Evaluate risk
preliminary
environment inquiries indicators
analytics

Identify matters
impacting the
financial
statements

Link matters
to financial
statement risks
and assertions
Additional matters identified during execution

Material Identify
misstatement is Yes controls that
reasonably respond to
possible? the risks

No

Perform
walkthroughs

Assess
inherent risk

Perform
appropriate Perform tests
substantive of controls
procedures

1.3 As the chart depicts, Horizon’s principal components consist of:

 identifying financial statement risks
 evaluating the likelihood that those risks could cause a material
misstatement
 responding to the identified risks
Identifying Financial Statement Risks

Understanding the Entity and its Environment

1.4 Horizon requires an understanding of the entity and its environment, including its
internal control. This understanding helps the audit team:
 identify where misstatements could occur in the financial
statements
 tailor audit procedures to achieve an effective audit
 determine whether special skills are needed to achieve the audit
objectives

1.5 Obtaining an understanding of the entity and its environment is a dynamic process
that occurs throughout the entire audit. It is the work done by the audit team to
understand how the entity fulfills its objectives and how the transactions are captured
and recorded in the financial statements. The audit team should be in a position to know
not only what risks the entity may face, but where those risks will manifest themselves
in the financial statements.

1.6 The procedures performed by the audit team to obtain this understanding are called
the risk assessment procedures. While the risk assessment procedures are performed
primarily to obtain the understanding of the entity and its environment, they may also
provide evidence to support some of the financial statement assertions.

1.7 An understanding of the entity also helps the audit team provide constructive
recommendations to clients. An important aspect of the audit is for the firm’s clients to
perceive it as a value-added process that helps them monitor the success and
effectiveness of their business.

Risk Assessment Procedures

1.8 The audit process has three phases: planning, execution, and completion. While all
three phases are important to achieving a quality audit, the planning phase is
particularly important because that is where risks are identified and audit procedures
are designed to respond to identified risks. It is in the planning phase where the
understanding of the entity and the skills and experience of the audit team come
together to create a tailored audit program that addresses the risks of each
engagement.

1.9 In Horizon, performing risk assessment procedures means that the audit team:
 captures information about the entity and its environment, including
its outsourced activities, IT profile, operating structure and nature of its
revenues
 makes inquiries of management, internal auditors, and those
charged with governance
 makes inquiries of others in the entity, as needed
  determines materiality
 performs preliminary analytical procedures
 evaluates the inherent risk indicators
 captures entity-level controls
 identifies significant cycles
 captures information about the accounting system

1.10 Risk assessment procedures are concentrated at the beginning of the audit,
but they also could occur during the execution phase of the audit as the audit team
reacts to findings.

1.11 As the risk assessment procedures are performed, the audit team acquires a
great deal of knowledge about the entity and its environment. This knowledge results in
the identification of conditions and events that may or may not affect the financial
statements. Horizon refers to these conditions and events as “matters.” Matters are the
bridge between the understanding obtained in performing the risk assessment
procedures and the risks that could cause the financial statements to be materially
misstated.

Financial Statement Risks

1.12 Horizon is designed to detect material misstatements in the financial

statements. The risk of failing to detect a material misstatement is managed by the work
performed by the audit team. The nature, timing, and extent of this work are directly
proportionate to the risks of material misstatements and where they are more likely to
occur. That is why the proper identification of risk is very important in the Horizon
methodology.

1.13 The financial statement risks generally fall into four broad categories. These
are:
 accounting errors
 financial reporting errors
 fraud
 going concern

1.14 Accounting errors occur when people make mistakes or the system is poorly
designed. Financial reporting errors are mistakes or omissions in the financial
statements, including disclosures. Fraud includes both fraudulent financial reporting and
misappropriation of assets. Finally, there are risks associated with the entity’s ability to
continue as a going concern.

1.15 While it is helpful to think of risks in such broad terms, it is difficult to focus
audit effort at this level. Accordingly, Horizon further classifies these broad risks into
specific risks at the financial statement assertion level. This allows Horizon to suggest
an appropriate response when a risk is identified by the audit team.
1.16 Audit attention is focused on those financial statement risks that are more
likely to cause a material misstatement. Because the risk assessment process is such
an important aspect of Horizon, the audit partner and manager are required to actively
participate in the process.

Matters

1.17 As described above, Horizon uses the term “matters” to describe the
conditions and events identified in performing the risk assessment procedures that may
have an impact on the financial statements. Voyager identifies matters based on the
industry and information entered by the audit team. Matters can also be added by the
audit team.

1.18 Matters are the bridge between the information gathered by the audit team in
obtaining an understanding of the entity and its environment to the financial statement
assertions and the risks that could cause material misstatements.

1.19 Matters themselves are not the end objective. As previously stated, they are
simply the way Horizon connects the information learned about the entity and its
environment to financial statement risks. The ultimate objective is to identify the
financial statement risks that could cause the financial statements to be materially
misstated.

Transaction Cycles

1.20 Financial statement elements are the individual transactions and balances that
collectively make up the financial statements. Sales and receivables are two examples
of financial statement elements. In understanding a business process, financial
statement elements are not independent items. There is a relationship among various
income and expense accounts and balance sheet accounts. An example is sales,
accounts receivable and cash receipts. Accounts receivable exist because sales occur
and are realized when converted to cash upon receipt of consideration from a customer.
These groupings of accounts are called cycles to reflect normal business processes,
double entry bookkeeping, and the functioning of accounting and control systems.

1.21 Horizon utilizes the cycle approach in designing an audit program. This
permits consideration of the interrelationships between income and expense accounts
and their corresponding balance sheet accounts in designing an audit strategy.

1.22 The Horizon methodology only requires audit procedures to be performed on

accounts within significant transaction cycles. A significant cycle is one that contains
accounts that are quantitatively or qualitatively material to the financial statements.
Quantitative materiality is determined by the audit team and generally includes all
accounts greater than tolerable error. Qualitatively material accounts may not be large,
but they represent a risk due to other factors such as related party implications.
1.23 This is not to say that Horizon requires the same level of audit effort for every
account in a significant cycle. Designating a cycle as being significant is the starting
point and the audit team will later identify the financial statement risks within the cycle
and how to respond to them.

Financial Statement Assertions

1.24 Assertions are representations by management that are embodied in the

financial statements. The assertions used in Horizon are:
 existence or occurrence
 completeness
 cut-off
 rights and obligations
 valuation or allocation (gross and net)
 presentation and disclosure

1.25 In Horizon, specific financial statement risks are grouped within the relevant
assertion where they could manifest themselves. The audit team identifies the pertinent
risks and, based on the likelihood that such risks could cause a material misstatement,
develops an appropriate response.

Evaluating the Likelihood that Risks Could Cause Material Misstatements

1.26 After the audit team identifies the financial statement risks that could cause a
material misstatement in the financial statements, the audit team must then evaluate
which of the identified risks are more likely to cause a material misstatement. This may
prove to be a challenging aspect of the risk assessment process for the audit team.
Because the impact of this evaluation on the audit strategy is so significant, it is
essential that the partner or the manager be part of this process.

1.27 Horizon is designed to focus audit effort on assertions that pose the greatest
risk. This requires the audit team to first identify the specific risks within an assertion
that could cause a material misstatement. Next, because the same degree of risk of
material misstatement does not necessarily apply to all the identified risks within an
assertion, the audit team must make a judgment about the likelihood that each risk
could cause a material misstatement. Accordingly, Horizon categorizes risks as those
that are reasonably possible and those that are not reasonably possible.

1.28 A risk is “reasonably possible” when the likelihood of a material misstatement

occurring is more than remote. When the audit team believes that a material
misstatement is not very likely in a particular account, then the associated risks are
remote (not reasonably possible).

1.29 Risk of material misstatement is implicit in all financial statements and

therefore every audit will have risks that are reasonably possible. Designating a risk as
reasonably possible does not mean that the audit team expects to find material errors or
fraud. However, it does cause the documentation to reflect the possibility that material
errors or fraud could be present.

Responding to Identified Risks

Reasonably Possible Risks

1.30 As previously mentioned, reasonably possible risks are those where the
likelihood of a material misstatement occurring is more than remote. To respond to a
reasonably possible risk, the audit team should first understand how the entity responds
to the risk.

1.31 The entity responds to a risk by establishing internal controls. Internal controls
are the policies and procedures that the entity implements to produce accurate financial
statements and protect its assets. For risks assessed as being reasonably possible, the
audit team should obtain an understanding of these controls before an adequate
response can be designed. To understand internal control, the audit team:
 captures the controls
 evaluates their design
 verifies they are implemented

1.32 When controls are designed effectively and implemented, testing them to
determine whether they operate effectively will frequently be the most effective and
efficient response to a particular risk.

1.33 The audit team should assess inherent risk for each assertion with reasonably
possible risks. Inherent risk is the susceptibility of an assertion to material misstatement,
assuming there are no related internal controls. This risk is greater for some assertions
and related classes of transactions, account balances or disclosures than for others. For
example, cash transactions are generally more susceptible to theft than certain
inventories. Complex calculations are more likely to be materially misstated than simple
calculations. Accounts consisting of amounts derived from accounting estimates will
have greater risk of misstatement than accounts consisting of relatively routine, factual
data.

1.34 Ordinarily, audit teams will assess inherent risk as either medium or high since
it is not logical to assess inherent risk as low for an assertion that contains reasonably
possible risks. In rare cases where the audit team considers the proper assessment of
inherent risk for an assertion to be low, therefore requiring only a minimal response to
the risks within that assertion, it is likely that the associated risks were incorrectly
assessed as being reasonably possible.

1.35 The last step in responding to reasonably possible risks is to determine the
nature, timing and extent of the substantive procedures to perform. The audit team
makes these judgments by using their understanding of the controls (including whether
they operate effectively) and the inherent risk assessment of the relevant assertion.
Horizon uses that information (inherent risk and intended control reliance) to suggest an
audit program that the audit team tailors to appropriately respond to the risks.

Not Reasonably Possible Risks

1.36 As mentioned previously, Horizon requires an audit response for all significant
cycles. The audit team may judge that a transaction cycle has no reasonably possible
risks even though it may contain material monetary amounts.

1.37 When the risk of material misstatement is not reasonably possible, the audit
team may decide that substantive procedures alone will appropriately reduce the risk of
a material misstatement to an acceptably low level. Further, the substantive procedures
performed in response to not reasonably possible risks are ordinarily less extensive
than those procedures required for reasonably possible risks. For example, the risk of
material misstatement for the risk “capital asset activity not valid” may be addressed by
performing procedures such as scanning and vouching large and unusual additions
whereas sampling might be appropriate if the risk were assessed as reasonably
possible.
Exhibit 1.1 - Financial Statement Assertions
E1 Horizon uses the following financial statement assertions:

Existence or Occurrence

E2 Assertions about existence or occurrence deal with whether assets or liabilities

exist at a given date (referred to as existence), and whether recorded transactions have
in fact occurred during a given period (referred to as occurrence). The audit of the
existence and occurrence assertions is essentially concerned with establishing that
balances within transaction cycles are not overstated.

Completeness

E3 Assertions about completeness deal with whether all balances and

transactions that should be presented in the financial statements are properly recorded.
The audit of the completeness assertion is essentially concerned with establishing that
balances within transaction cycles are not understated.

Cut-off

E4 Assertions about cut-off deal with whether all assets, liabilities, income and
expenses are reported in the appropriate period. Cut-off is a separate assertion
because the substantive procedures to verify it are typically different from those applied
to the other components of completeness.

Rights and Obligations

E5 Assertions about rights and obligations deal with whether the entity has rights
to assets (i.e., whether the entity has ownership and title to assets) and liabilities
represent all the entity’s obligations at a given date. These assertions relate to whether
the entity was, in actuality, party to a transaction, and whether the transaction was for
valid business purposes.

E6 Rights and obligations assertions may in many cases be inseparable from the
existence and completeness assertions, and do not normally require separate audit
attention. However, where an entity deals with assets, liabilities or transactions
pertaining to other parties, this may not be so.

Valuation

E7 Assertions about valuation deal with whether assets and liabilities are included
in the financial statements at appropriate amounts. Horizon subdivides the valuation
assertion for asset and liability accounts into “gross” and “net.” Valuation “gross” deals
with recording or allocating the proper amounts and valuation “net” deals with
recognizing appropriate impairment adjustments. Because the required responses to
financial statement risks associated with “gross” and “net” are typically different, the
valuation assertion in Horizon is separated into two assertions: valuation-gross and
valuation-net.

Presentation and Disclosure

E8 Assertions about presentation and disclosure deal with whether particular

items in the financial statements are properly classified, described, and disclosed.

E9 Presentation and disclosure assertions are considered during the course of

the audit by procedures that call for gathering information that is necessary to determine
that disclosures are complete. In addition, many firms use a financial statement
disclosure checklist, generally completed at the conclusion of the audit, to assist in
determining that disclosures are complete. The presentation and disclosure guidelines
may vary considerably from country to country.