Module 3 Topic 1 UTS

1
yd ney
y S
lo g
h n o ne y
o f Tec y S y d
s i ty o l og
iv er ch n
Co
p y r ig h
t Un
MODULE 3 n i v e r s it y of Te
h t U
r ig
C opy
Topic 1 – Understanding the y d ne y
client and introduction to risk Te ch n o l og y S
y of
r s it
n i ve
h t U
r ig
C opy
© Dr Amanda White - University of Technology Sydney
2
yd ney
S
f Tec
h n o lo g y
If you fail to plan,Sydney
o gy
t Un
iv er s i ty
you are planning o f Te
c h to
no l o
fail
y r ig h y
rs it
p iv e
Co U n Benjamin Franklin
ri ght
o py
C
Topic 1.1 – Audit planning l og y S y d ne y
n o
Te ch
y of
r s it
n i ve
h t U
r ig
C opy
3
yd ney
y S
g
The auditingTecstandards – 300 series h n o lo
S y d ne y
o f y
s i ty o l og
iv er e ch n
t Un of T
y r ig h r s it y
p e
Co U n i v
h t
r ig
C opy
ne y
S y d
og y
n o l
Te ch
y of
r s it
n i ve
h t U
r ig
C opy
4
yd ney
y S
g
ASA300.2 –Tewhy
c do we need planning? h n o lo
S y d ne y
o f y
s i ty o l og
iv er e ch n
• Devote h Un
t appropriate attention to important areas of the o f T
y ri g s it y
p e r
Coaudit. U n iv
r i g ht
• Identify and resolve potential problems o pyon a timely basis.
C
• Organise and manage the audit engagement so that it is
ne y
performed in an effective and efficient manner. S y d
og y
n o l
• Assisting in the selection of engagement e ch
of T
s it y
• Facilitating the direction and supervision of engagement iv e
r
n
team members and the review of their work. g h tU
yr i
p
Co
5
yd ney
y S
g
Who does the
Te c planning? h n o lo
S y d ne y
o f y
r s i ty o l og
iv e ch n
n
• Theigengagement partner and other key members of T e
f the
h tU y o
p y r
engagement team shall be involved in planning r
the
e sit audit,
Co U n iv
including planning and participating in the g t
hdiscussion
r i
o py
among engagement team members.C (ASA300.5)
• Who are key members?
• They should check the independence and ethical d n ey
y Sy
clearance of all team members. o l og
e c hn
• We don’t start planning until we have a signed o fT
r s i ty
engagement letter! n iv
e
h tU
p y rig
Co
6
yd ney
y S
g
What is included
Te c in the audit plan? h n o lo
S y d ne y
o f y
• We call the s i ty
rplan an audit ___________ o l og
iv e ch n
n Te
• Nature, g h t Utiming and extent of the audit evidence required y o f
p y ri e r s it
Co U n iv
• Nature = ______ audit procedures are going i g ht to be used to
py r
gather the evidence. C o
• Timing = ______ the audit procedures and evidence will
be gathered ne y
S y d
• Extent = ________ evidence will be gathered o l og y
ch n
Te
of
r s i ty
• There will be a plan for every account e
or group Uofnivaccounts
in the financial statements r i g ht
o py
C
7
yd ney
y S
g
What does planning
Te c the audit involve? h n o lo
S y d ne y
o f y
r s i ty o l og
ve315 ch n
Understanding • iASA
n Te
U of
y ght
the client
ri • You need to know everything about your client
r s it y
o p i v e
C U n
h t
• ASA 315 r ig
Identifying the
ROMMs
opy
• 2 sources – inherent risks and control risks
C
• Assess IR and CR
Apply the
ne y
Audit Risk • Determine the Detection Risk
S y d
Model
og y
n o l
T e ch
Develop a f
ostrategy
t y
• ASA 330 – Design your audit
si in your audit
response to r
and approach – document
e
the risks programs niv
g h tU
i
pyr
Co
8
yd ney
y S
g
The standard
Te c is a bit confusing h n o lo
S y d ne y
o f y
r s i ty o l og
• It tells auditors iv e they have to identify Risks of Material ech n
U n fT
h t
Misstatements (ROMMs) (para 13 & 14) o
p y rig r s i ty
C o n iv e
• And then it instructs auditors to gather information h tU to
i g
understand the client o pyr
C
• But in reality – you do these in reverse – so that is how we d ne y

S y
are going to work through the process in this module. l og y
n o
Te ch
of
r s i ty
• Audits are risk-based - identifying and assessingnrisks iv e is
critical to the audit process g h tU
i
o pyr
C
9
yd ney
y S
lo g
h n o ne y
o f Tec y S y d
s i ty o l og
iv er e ch n
t Un of T
y r ig h r s it y
p e
Co U n i v
h t
r ig
opy
Topic 1.2 – Understanding the C
entity l og y S y d ne y
n o
Te ch
y of
r s it
n i ve
h t U
r ig
C opy
10
yd ney
y S
g
What do weTeneed
c to know? h n o lo
S y d ne y
o f y
s i ty o l og
iv er e ch n
t Un of T
y r ig h r s it y
p e
Co U n i v
h t
The entity
Its
p y rig
Co
environment
ne y
S y d
Applicable
og y
Financial
System of
n o l
Reporting
internal Te ch
control y of
Framework r s it
n i ve
h t U
r ig
C opy
11
yd ney
y S
g
What do weTeneed
c to know? h n o lo
The entity
Its
S y d ne y
o f and (iii) environment
y
The entity ASA315.19(a)(i)
r s it y o l og
e ch n
U
• Organisational n iv structure f T e
g h t o
Applicable
y
ri sit Financial
System of
p y er internal
Co
• Ownership
Un
iv Reporting
Framework
control
t
• Governance y r ig h
p
Co
• Business model
Students should read
• How much IT is integrated into the business more on this in ASA315ey
model yd n
y S
lo g
• Performance measures – internal and external
h n o
f Tec
y o
r s it
n i ve
h t U
r ig
C opy
12
yd ney
y S
g
What do weTeneed
c to know? h n o lo
The entity
Its
S y d ne y
o f ASA315.19(a)(ii) environment
y
The entity’s environment
r s it y o l og
e ch n
• Industry U n iv f T e
g ht o
Applicable
y
r i sit Financial
System of
o p•y Competitive environment? iv er Reporting

internal
C Un Framework
control
t
• Supplier & customer relationships
y r ig h
p
• Technological developments Co
• Regulatory environment
• Legislation and regulation – incl tax more on this in ASA315ey
• Other govt policy that may affect the entity yd n
y S
lo g
• Other factors h n o
f Tec
• General economic conditions y o
r s it
• Interest rates & financing
n i ve
• Inflation h t U
r ig
C opy
13
yd ney
y S
g
What do weTeneed
c to know? h n o lo
The entity
Its
S y d ne y
y of environment
og y
rs it n o l
Applicable n iv e
financial reporting framework T e ch
Ut o f
ig h
Applicable
ASA315.19(b)
y r y
sit Financial
System of
o
C•
p iv er Reporting
internal
Un
control
Which accounting jurisdiction is the entity t
Framework
reporting in? Australia? EU? US? y r ig h

p
Co
• Accounting policy choices by the entity
• Reasons for changes in accounting policy choice
ne y
S y d
og y
n o l
Te ch
y of
r s it
n i ve
h t U
r ig
C opy
14
yd ney
y S
g
What do weTeneed
c to know? h n o lo
The entity
Its
S y d ne y
y of environment
og y
rs it n o l
n ive of internal control ASA315.21-27
Entity’s systems T e ch
U t o f
ig h
Applicable
y r y
sit Financial
System of
Co
p iv er Reporting
internal
Un
control
Framework
t
y r ig h
p
Co
more on this in ASA315ey
yd n
y S
lo g
h n o
f Tec
y o
r s it
n i ve
h t U
r ig
C opy
15
yd ney
y S
lo g
h n o ne y
o f Tec y S y d
s i ty o l og
iv er e ch n
t Un of T
y r ig h r s it y
p e
Co U n i v
h t
r ig
opy
Topic 1.3.1 – Identifying the C
ROMMs l og y S y d ne y
n o
BUSINESS RISKS Te ch
y of
r s it
n i ve
h t U
r ig
C opy
16
yd ney
How do we identify l o g the most likely places y S
ey
h no n
for misstatements?
i ty
o f Te c
(errors or fraud) o lo
g y S y d
e rs ch n
• What n iv Te
g h tare
U the Business Risks?
y of
p
iy r e r s it
o i v
•CBusiness risks = risks that management won’t t U n meet the
y r ig h
objectives of shareholders. For ASXClisted
op entities ______
• Brainstorming risks with the audit team
ne y
S y d
og y
n o l
• But these don’t always result in ROMMs Te ch
y of
r s it
ni
• We need to narrow it down to the __________t URISKS ve
rig h
o p y
C
Inherent Risk vs. Business Risk
• Business Risk (IR): The risk that the entity will fail to
achieve it’s business objectives.
• This is different to Inherent Risk which focuses on the
risk of material misstatement (i.e. significant error or
fraud) within the financial report. E.g. incorrect values
or information or omission of significant information)
– Business risk is very broad and not all business risks
result in risks of material misstatement.
Not all Not all

inherent Inherent Business business
risks are risks risks risks are
business inherent
risks risks
Copyright © 2015 McGraw-Hill Education (Australia) Pty Ltd Gay & Simnett, Auditing and Assurance Services in Australia, 6e
18
yd ney
y S
lo g
h n o ne y
o f Tec y S y d
s i ty o l og
iv er e ch n
t Un of T
y r ig h r s it y
p e
Co U n i v
h t
r ig
opy
n o
INHERENT RISKS Te ch
y of
r s it
n i ve
h t U
r ig
C opy
19
yd ney
y S
g
What is an inherent
Te c risk? h n o lo
S y d ne y
o f y
r s i ty o l og
iv e ch n
• Inherent n Te
g h t U risk is described as the susceptibility of an y o f
p y ri
assertion about a class of transaction, account e r s it
balance or
Co n iv
disclosure to a misstatement that couldybe g h tU
material, either
r i
p
individually or when aggregated withCoother misstatements,
before consideration of any related controls. ASA315.4
• Something that has a greater chance of there being an d n ey
error, mistake or fraud y Sy
o l og
c hn
• Quantitative or qualitative of T
e
s it y
ve r
n i
h t U
r ig
C opy
20
yd ney
y S
g
What might Tindicate
ec
an inherent risk? h n o lo
S y d ne y
o f y
s i ty o l og
iv er e ch n
ht Un of T
Inherent
p y r i g risk factor Example r s it y
Co i v e
U n
Complexity r ig h t
C opy
Subjectivity
Change y
y d ne
S
Uncertainty o l og y
ch n
e
Management bias it y of T
r s
i ve
Fraud risk factor h t U n
r ig
C opy
21
yd ney
y S
g
Are all IRs going
Te c to be important? h n o lo
S y d ne y
o f y
s i ty o l og
iv er e ch n
t Un of T
y r ig h r s it y
p e
Co U n i v
h t
r ig
C opy
ne y
S y d
og y
n o l
Te ch
y of
r s it
n i ve
h t U
r ig
C opy
22
yd ney
y S
o g
What does ASA315.31-32 e c hn o l mean in plain English? y d ne y
o fT y S
r s i ty o l og
iv e ch n
n Te
g h tU y of
p y ri e r s it
Co U n i v
h t
r ig
C opy
Likelihood
ne y
S y d
og y
n o l
Te ch
y of
r s it
n i ve
h t U
r ig
C opy
Magnitude
Significant Risks (i.e. Inherent Risk)
The Auditor must determine whether any identified risk is a
‘significant risk’, being a risk of material misstatement
that requires special audit consideration’.
Factors to consider include:
• The risk of fraud and/or Going concern considerations
• Relationship to recent significant economic, accounting or other
developments that require specific attention
• Complexity of the transactions
• Involvement of significant transactions with related parties
• Degree of subjectivity in measuring financial information
• Whether significant transactions are unusual or outside the
normal course of business for the entity.
24
yd ney
y S
lo g
h n o ne y
o f Tec y S y d
s i ty o l og
iv er e ch n
t Un of T
y r ig h r s it y
p e
Co U n i v
h t
r ig
opy
n o
CONSIDERING THE RISK OF FRAUD Te ch
y of
r s it
n i ve
h t U
r ig
C opy
25
yd ney
y S
lo g
h n o ne y
o f Tec y S y d
r s i ty o l og
iv e ch n
• Reminder n Te
g h t U from ASA200.11 y of
p y ri e r s it
C o n i v
h t U
r ig
C opy
ne y
S y d
og y
• We have a specific standard on fraud – ASA ____ n o l
Te ch
y of
r s it
n i ve
h t U
r ig
C opy
26
yd ney
y S
g
What is fraud?
Tec
h n o lo
S y d ne y
o f y
s i ty o l og
iv er e ch n
t Un of T
y r ig h r s it y
p e
Co U n i v
Fraud h t
r ig
C opy
Misstatements
ne y
Error S y d
og y
n o l
Te ch
y of
r s it
n i ve
h t U
r ig
C opy
Two Types of Fraud
• Fraudulent Financial Reporting may involve:
– Manipulation, falsification or alteration of records
– Suppression or omission of the effects of transactions from
records or documents
– Recording of transactions without substance
– Intentional misapplication of accounting policies.
• Misappropriation of Assets may involve:

– Embezzling receipts
– Stealing assets
– Causing an entity to pay for goods not received
– Using an entity’s assets for personal use.

28
yd ney
y S
lo g
Responsibilities
f Te
c h n o
S y d ne y
y o og y
rs it n o l
MANAGEMENT
n iv e AUDITOR Te ch
tU g h y o f
y
• Designr i internal controls to • Professional scepticismv– sit aware of
rbe
op
Cprevent ni
e
/ detect fraud the potential for fraud
ht U
r i g
• Discuss theo py
potential sources with the
C
team
• Ask management about their y
processes for preventing fraud y d ne
y S
o l og
• Investigate any potential risk factors ch n
Te
• If a risk factor exists – gather audit t y of
e r si
evidence
U n iv
r i g ht
o py
C
29
yd ney
y S
g
Fraud Risk Triangle
Te c (Cressey 1973) h n o lo
S y d ne y
o f y
s i ty o l og
iv er e ch n
t Un of T
y r ig h r s it y
p e
Co U n i v
h t
r ig
C opy
ne y
S y d
og y
n o l
Te ch
y of
r s it
n i ve
h t U
r ig
C opy
30
yd ney
y S
g
What about TControl
ec
Risks? h n o lo
S y d ne y
o f y
r s i ty o l og
iv e ch n
• We igknow n Te
h t U that ROMMs come from Inherent Risks or of
y r ty rs i
CoControl
p Risks n iv e
U
• When will we look at Control Risks? opyri ght
C
ne y
Control risks are covered y S y d
l og
in this Module, but in a e ch n o
of T
different Topic r s it y
n i ve
h t U
r ig
C opy
31
yd ney
y S
lo g
h n o ne y
o f Tec y S y d
s i ty o l og
iv er e ch n
t Un of T
y r ig h r s it y
p e
Co U n i v
h t
r ig
opy
Topic 1.4 Audit planning and C
strategy l og y S y d ne y
n o
Te ch
y of
r s it
n i ve
h t U
r ig
C opy
32
yd ney
The outcome ofologathering
g all of this y S
y
hn ne
information
it y o about
fTe c
risk o l og y S y d
e rs ch n
• Inherent n iv Te
g h t U Risk assessment – Low, Medium or High?y of
p y ri e r s it
•CoControl Risk assessment – Low, Medium ort UHigh? n iv
rig h
o p y
C
• Use this information in the audit risk model to determine
the Detection Risk y
y d ne
y S
o l og
ch n
• DR will help the auditor design their audit strategy – how of Te
will they gather the evidence they require? si t y
e r
iv n
U
r i ght
C opy
Impact of Increased Risk of
Misstatement on Audit Plan
• Risk Assessment is very important as it determines
the Audit Plan/Strategy. An audit focuses more effort
(time and resources) on those accounts/areas that are
at greater risk of material misstatement, and less
time and resources expended on auditing accounts at
low risk of material misstatement.
Audit Planning
• The planning stage has two aspects:
1. Developing an Overall Audit Strategy: sets the
overall scope and direction of the audit.
Lower Predominantly
Assessed level Mixed
Approach Substantive-
of Control Risk based
Control-based Approach
Approach
(More control testing (More substantive
performed and less testing and less/no
substantive testing) control testing)
Audit strategy may be anywhere along this continuum.
35
yd ney
Audit strategynoloand
g detection risk y S
y
h ne
o f Tec y S y d
s i ty o l og
iv er e ch n
t Un of T
y r ig h r s it y
p e
Co U n i v
h t
r ig
C opy
ne y
S y d
og y
n o l
Te ch
y of
r s it
n i ve
h t U
r ig
C opy
36
yd ney
y S
g
Audit strategy
Te c and audit planning h n o lo
S y d ne y
o f y
r s i ty o l og
iv e ch n
• Create n Te
g h t Uan overall strategy for the audit y of
p y ri e r s it
C o n i v
h t U
y r ig
• Audit programs for various accountsCshould
o p be customised
based on the IR and CR
ne y
Account ROMMs Strategy S y d
og y
Sales / Acc Rec Low n o l
Te ch
Inventory High y of
r s it
n i ve
PPE Medium t U
r ig h
C opy
37
yd ney
y S
g
To recap Tec
h n o lo
S y d ne y
o f y
s i ty o l og
iv er e ch n
• Werigneed
ht Un
to understand the client of T
s it y
opy ni v e r
•COtherwise we cannot assess the level of Inherent h t U Risk
i g
(or Control risk – but we’ll look at thato pyra different Topic)
in
C
• We then determine the Detection Risk (DR) – this drives
our audit strategy d ne y
S y
og y
n o l
Te ch
• Up next – other ways to identify potential ROMMs y of
r s it
n i ve
h t U
r ig
C opy

Module 3 Topic 1 UTS

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Module 3 Topic 1 UTS

Uploaded by

Copyright:

Available Formats

1

Topic 1 – Understanding the y d ne y

client and introduction to risk Te ch n o l og y S

Topic 1.1 – Audit planning l og y S y d ne y

• But in reality – you do these in reverse – so that is how we d ne y

o p•y Competitive environment? iv er Reporting

reporting in? Australia? EU? US? y r ig h

Not all Not all

• Misappropriation of Assets may involve:

– Causing an entity to pay for goods not received

– Using an entity’s assets for personal use.

Audit strategy may be anywhere along this continuum.

You might also like