Auditing Summary

Week 1
What is Audit?
- Control → independent opinion about FS
- Verification → inspection of documents
- Inspections
- Review = do negative opinion on FS
- Audit = do opinion on FS
- Standards (changing a lot) → auditor has to understand IFRS, local requirements,
USgaap standards
Standards
- IAASB (International Auditing and Assurance Standards Board)
- ISAs (International Standards on Auditing
- additional local standards but basics standards are the same everywhere
4 Phases of an Audit
1. Acceptance
- need to accept the new client
- get a lot of information about client
- a lot of investigation and accept that you will be their audit if there is enough
information
- if you miss information → problem
2. Planning
- What is the clients business
- review of FS from previous year
- make a strategy
- what do I have to do to be able to get evidence to give an opinion
- not fixed, make changes
3. Testing
- more hours investing
- controls
- inventory counts
- 50% of the audit time
4. Completion
- when testing is finished → sufficient?
- conclude on FS
- what is the impact on my conclusion (something wrong or something auditor
couldn't see)
- personal responsibility
ISA 200
- deals with independent auditor´s overall responsibilities when conducting an
audit of FS in accordance with ISAs
- sets out the overall objectives of the independent auditor, and explains the
nature and scope of an audit designed to enable the independent auditor to meet
those objectives
- explains the scope, authority and structure of the ISAs and includes requirements
establishing the general responsibilities of the independent auditor applicable in all
audits, including the obligation to comply with the ISAs
- Shareholders choose the auditor
- audit: on a FS <-> assurance: can be anything
- responsibility for preparing and presenting FS is from the board of entity →
supervisory board needs to agree → audit opinion: if you have a fraud the first
responsible is the board/management
- ISAs are written in the context of an audit of financial statements by an auditor.
Purpose of an Audit
- to enhance the degree of confidence of intended users (shareholder, investors,
consumer,... → people who decide on FS are given more support if FS is realistic) in
the FS (ISA 200.3)
- To form an independent opinion on the financial statements of the audited entity
- achieved by the expression of an opinion by the auditor on whether the FS are
prepared, in all material respects, in accordance with the an applicable financial
reporting framework (ISA 200.3)
- audit of FS does not relieve management or those charged with governance of
their responsibilities (ISA 200.4)
Why do we perform an Audit?

- users of FS
- legal and regulatory requirements
- depends on size if its mandatory to be audited
- investment fund who want to invest want an audit for that company
Reasonable assurance
- = high level of assurance (ISA 200.5)
- obtained when the auditor has obtained sufficient appropriate audit evidence to
reduce audit risk (that is, the risk that the auditor expresses an inappropriate
opinion when the financial statements are materially misstated) to an acceptably low
level (ISA 200.5)
- auditor is not expected to, and cannot, reduce audit risk to zero and cannot
therefore obtain absolute assurance that the FS are free from material
misstatement due to fraud or error
- inherent limitations of an audit arise from (ISA 200.45):
- nature of financial reporting
- nature of audit procedures
- need for the audit to be conducted within a reasonable period of time and at a
reasonable cost
Materiality
- in general, misstatements, including commissions, are considered to be material if,
individually or in the aggregate, they could reasonably be expected to influence
the economic decisions of users taken on the basis of the FS (ISA 200.6)
- quantitative part easy to determine
- qualitative part is more difficult
Misstatement
- Difference between the amount, classification, presentation, or disclosure of a
reported financial statement item and the amount, classification, presentation, or
disclosure that is required for the item to be in accordance with the applicable
financial reporting framework
- Misstatements can arise from error or fraud (ISA 200.13i) (difference is intention)
- do you have benefit? → yes → fraud
Responsibilities of the Auditor

- auditor is not responsible for the detection of misstatements that are not material
to the FS as a whole (ISA 200.6)
- ethical requirements
- maintain an attitude of professional skepticism
- apply professional judgment
- sufficient appropriate audit evidence (if you have a judgment you need to understand
why you have this judgment, need to have lot of evidence) and audit risk
What is independence?
- not if you are an employee, if you do different business with this company, shares,
strong relationships
- Independence of Mind
- The state of mind that permits the expression of a conclusion without being
affected by influences that compromise professional judgment, thereby
allowing an individual to act with integrity, and exercise objectivity and
professional skepticism
- Independence in appearance
- The avoidance of facts and circumstances that are so significant that a
reasonable and informed third party would be likely to conclude, weighing all
the specific facts and circumstances, that a firm’s, or a member of the audit or
assurance team’s, integrity, objectivity or professional skepticism has been
compromised
- The auditor’s independence from the entity safeguards the auditor’s ability to form an
audit opinion without being affected by influences that might compromise that
opinion
- Independence enhances the auditor’s ability to act with integrity, to be objective
and to maintain an attitude of professional skepticism
Ethical Requirements Relating to an Audit of Financial Statements

- Code of Ethics for Professional Accountants (IESBA Code)
The fundamental principles with which the auditor is required to comply by the IESBA
Code are:
a) Integrity → need to see if we can accept client
b) Objectivity
c) Professional competence and due care
d) Confidentiality → cannot discuss with anyone
e) Professional behavior
Maintain an attitude of professional skepticism
- “Professional skepticism is an attitude that includes a questioning mind, being alert
to conditions which may indicate possible misstatement due to error or fraud, and a
critical assessment of audit evidence”
- be sceptical
- Our responsibility is to challenge, probe and prod management in a questioning
manner throughout the audit. And these actions and considerations need to be
appropriately documented to evidence how we exercised professional skepticism.
- Exercising professional skepticism relies on effective communication and
consultation when appropriate. If you sense something is not right or there is a
potential red flag, then escalate your concerns to the Engagement Partner, who may
then consult others, as appropriate
- when doubts → ask colleague
Professional skepticism - Key elements

- Attributes: The auditor must possess the knowledge, skill and competencies
needed to perform their responsibilities
- Mindset: The auditor approaches their work with an impartial and diligent mindset.
They do not assume that management and those charged with governance are
honest or dishonest, but also recognize the possibility of fraud, misstatement or
misrepresentation exists
- Application: The auditor applies the mindset, together with relevant professional
expertise, to the gathering and evaluation of evidence to perform a robust risk
assessment, plan the audit to respond to the risks identified, ensure appropriate
direction and supervision, and diligently gather and evaluate audit evidence
- Consider how you will exercise professional skepticism throughout the audit and
remain alert to red flags, and how this will be evidenced in the audit documentation
- Consider whether the attitudes and behaviors of management and TCWG raise
potential red flags
- If a red flag is identified, take appropriate actions
- Skepticism is about quality, not quantity
- Skepticism is about asking the right questions, not simply a lot of them, and
about not accepting the first answer
- It is also clearly about having the experience to recognize what can go wrong, and
the structures in place to ensure that those without that experience– junior audit staff
– learn to apply it from those who do
Professional skepticism - Examples

- Audit evidence that contradicts other audit evidence obtained
- Information that brings into question the reliability of documents and responses to
inquiries to be used as audit evidence
- Conditions that may indicate possible fraud
- Circumstances that suggest the need for audit procedures in addition to those
required by the ISAs
- Overlooking unusual circumstances.
- Over generalizing when drawing conclusions from audit observations.
- Using inappropriate assumptions in determining the nature, timing and extent of the
audit procedures and evaluating the results thereof
Apply professional judgment
- The application of relevant training, knowledge and experience, within the context
provided by auditing, accounting and ethical standards, in making informed
decisions about the courses of action that are appropriate in the circumstances of
the audit engagement (ISA 200.13k) → inventory, warranty provisions, big assets
that are not on books: HR (no value on assets), brand
- cash if negative → something is wrong
- Examples
- Materiality and audit risk
- The nature, timing and extent of audit procedures used to meet the
requirements of the ISAs and gather audit evidence
- Evaluating whether sufficient appropriate audit evidence has been obtained,
and whether more needs to be done to achieve the objectives of the ISAs and
thereby, the overall objectives of the auditor
- The evaluation of management’s judgments in applying the entity’s applicable
financial reporting framework
- The drawing of conclusions based on the audit evidence obtained, for
example, assessing the reasonableness of the estimates made by
management in preparing the financial statements
Audit Evidence
- Information used by the auditor in arriving at the conclusions on which the
auditor’s opinion is based. Audit evidence includes both information contained in the
accounting records underlying the financial statements and other information (ISA
200.13b)
- Sufficiency of audit evidence is the measure of the quantity of audit evidence. The
quantity of the audit evidence needed is affected by the auditor’s assessment of the
risks of material misstatement and also by the quality of such audit evidence (ISA
200.13b)
- Sufficiency
- The higher the assessed risks, the more audit evidence is likely to be
required;
- The higher the quality, the less may be required
- Appropriateness of audit evidence is the measure of the quality of audit evidence;
that is, its relevance and its reliability in providing support for the conclusions on
which the auditor’s opinion is based (ISA 200.13b)
- Appropriateness: The reliability of evidence is influenced by its source and by its
nature, and is dependent on the individual circumstances under which it is obtained
Responsibilities of management
- For the preparation of the financial statements in accordance with the applicable
financial reporting framework, including, where relevant, their fair presentation;
- For such internal control as management and, where appropriate, those charged with
governance determine is necessary to enable the preparation of financial statements
that are free from material misstatement, whether due to fraud or error; and
- To provide the auditor with:
a) Access to all information of which management and, where appropriate, those
charged with governance are aware that is relevant to the preparation of the
financial statements such as records, documentation and other matters;
b) Additional information that the auditor may request from management and, where
appropriate, those charged with governance for the purpose of the audit; and
c) Unrestricted access to persons within the entity from whom the auditor
determines it necessary to obtain audit evidence (ISA 200.13l)
Independent audit report

- An opinion on whether the financial statements are prepared, in all material respects,
in accordance with an applicable financial reporting framework.
Internal (not so independent) vs. external reviews
Read FS Daimler
Week 2
Auditing Standards
- International Auditing and Assurance Standards Boars: IAASB
- International Standards on Auditing (ISA)
- Public COmpany Accounting Oversight Board (PCAOB)
- Auditing Standards (AS)
- United States General Accepted Auditing Standards (US GAAS)
- Statements on Auditing Standards (SAS)
Accounting Standards
- International Accounting Standards Board (IASB)
- International Financial Reporting Standards (IFRS/IAS)
- European Financial Reporting Advisory Group
- Endorses IFRS for EU countries
Complete set of financial statements

- a statement of financial position as at the end of the period; (position at a specific
moment, assets, liabilities, equity)
- Assets:
- Liability: to thief parties, responsibility, you have to pay back
- Equity: company does not have to pay back, the higher equity the more value
the company probably has
- a statement of profit or loss and other comprehensive income for the period; (income
statement)
- a statement of changes in equity for the period;
- pay dividends (reduction on equity)
- a statement of cash flows for the period;
- where money comes in and out
- operating negative/very small cashflow = company is losing money →
interest to invest is low, no loans
- investing cashflow = investment → negative amounts you have invested <->
positive, assets are sold
- notes, comprising material accounting policy information and other explanatory
information;
- comparative information in respect of the preceding period
- a statement of financial position as at the beginning of the preceding period when an
entity applies an accounting policy retrospectively or makes a retrospective
restatement of items in its financial statements, or when it reclassifies items in its
Qualitative characteristics of useful financial information

- Relevance
- Faithful representation
- Comparability
- Verifiability
- Timeliness
- Understandability
Going concern assumption
- Going concern basis unless:
- Business expected to cease
- No realistic alternative but to liquidate
- Disclosures if material uncertainties regarding ability to continue as going concern
- Management assesses ability to continue as going concern
- Disclosures if not prepared on going concern basis:
- Basis on which prepared
- Reason for such basis
Judgements and estimation uncertainty

- Judgements in applying accounting policies with significant effects on amounts
recognized
- Key assumptions about the future and key sources of estimation uncertainty
Comparative Information
- Does comparative information agree with the amounts and disclosures presented in
the prior period (provided no restatements)?
- at least one year, mostly 3 or 4 years
- Have consistent accounting policies been applied in the current and comparative
period (provided no policy changes)?
Statement of financial position presentation

- Present assets and liabilities in the statement of financial position as:
- Current / non-current
- Broadly in order of liquidity when reliable and more relevant
Current vs non-current
- Assets current if:
- Used in normal operating cycle
- Held primarily for trading purposes
- Expected to be realised within 12 months
- Cash or cash equivalent
- Assets non-current if its not current = definition
- Liabilities current if:
- To be settled in normal operating cycle
- Held primarily for trading purposes
- Due to be settled within 12 months
- No unconditional right to defer settlement for at least 12 months
Materiality (ISA 320.2)

- Misstatements, including omissions, are considered to be material if, individually or
in the aggregate, they could reasonably be expected to influence the economic
decisions of users taken on the basis of the financial statements.
- Judgments about materiality are made in light of surrounding circumstances, and
are affected by the size or nature of a misstatement, or a combination of both;
and
- Judgments about matters that are material to users of the financial statements are
based on a consideration of the common financial information needs of users as
a group. The possible effect of misstatements on specific individual users, whose
needs may vary widely, is not considered

- The auditor’s determination of materiality is a matter of professional judgment
- It is reasonable for the auditor to assume that users:
- Have a reasonable knowledge of business and economic activities and
accounting and a willingness to study the information in the financial
statements with reasonable diligence
- Understand that financial statements are prepared, presented and audited to
levels of materiality
- Recognize the uncertainties inherent in the measurement of amounts based
on the use of estimates, judgment and the consideration of future events;
- Make reasonable economic decisions on the basis of the information in the
financial statements

- The materiality determined when planning the audit does not necessarily establish an
amount below which uncorrected misstatements, individually or in the aggregate,
will always be evaluated as immaterial.
Steps: 0. Choose benchmark

- gross benchmarks: gross profit, total assets, total revenues
- net benchmarks:
1. Determine overall materiality
2. Determine performance materiality → reduce risk you find a lot of small errors that
may be relevant
3. determine lower specific materiality
4. determine clearly trivial threshold (ISA 450)
5. group audits determine component materiality
6. accumulate misstatements
7. evaluate misstatements, based on size and nature
8. reassess overall materiality → mandatory, number is not the final number (estimation
of budget company has → need to confirm amount you used is the right amount)
9. communicate with those charged with governance = supervisory board
Determining Overall Materiality

- Steps to determine materiality:
- Choosing the appropriate benchmark;
- Determining a level (usually a percentage) of this benchmark; and
- Justifying the choices (ie, explaining the judgement).
- Other practical challenges:
- Whether to set a specific level of materiality for individual balances, classes of
transactions or disclosures; and
- Short and long periods of account.
→ the higher materiality the less work
Choosing the appropriate benchmark
- Nature of the entity and the industry in which it operates and whether users focus on
particular items in the financial statements (ex: volatibility)
- Examples of benchmarks that can be used:
- Profit before tax
- Total revenue
- Gross profit and total expenses
- Total equity or net assets value
Determining a level (usually a percentage) of this benchmark

- Examples ISA 320.A7
- Profit oriented manufacturing business (5% of profit before tax from
continuing operations)
- Not-for-profit entity (1% of total revenue or expenses)
Determining performance materiality

- The amount(s) set by auditors at below overall materiality to reduce to an
appropriately low level the probability that the aggregate of uncorrected and
undetected misstatements exceeds overall materiality - working materiality (ISA
320.9).
- to reduce the aggregation risk (the risk that the aggregate of uncorrected and
undetected misstatements individually below materiality will exceed
materiality for the financial statements as a whole) to an acceptable level; and
- to provide a safety net against the risk of undetected misstatements
- Entity A
The auditors do not anticipate any adjustments will be needed as there is a very
strong control environment and management consistently applies effective control
procedures.
- Entity B
Has a weak control environment and the auditors anticipate they will identify
numerous areas requiring adjustment.
- starting point materiality is the same (benchmark, percentage users are the same) →
down the steps you will have higher percentage for Entity __ and lower percentage
for Entitiy __
- downsize materiality of my work because i am expecting a lot of errors → more work,
if confidence on environment → closer to materiality
- While overall materiality will be similar, clearly the risk in the second entity is
greater and performance materiality should therefore be lower.
- The higher the assessed risk, the lower the percentage. Typically the percentages
range from 75% (low risk) to 50% (high risk).
Everytime you change the benchmark → Explain!
Examples: What did the auditor do and include in the independent auditors report?
Assertions
- Representations by management, explicit or otherwise, that are embodied in the
financial statements, as used by the auditor to consider the different types of
potential misstatements that may occur.
- Representations, explicit or otherwise, with respect to the recognition,
measurement, presentation and disclosure of information in the financial
statements which are inherent in management representing that the financial
statements are prepared in accordance with the applicable financial reporting
framework. Assertions are used by the auditor to consider the different types of
potential misstatements that may occur when identifying, assessing and
responding to the risks of material misstatement.
- An assertion about a class of transactions, account balance or disclosure is relevant
when it has an identified risk of material misstatement. The determination of whether
an assertion is a relevant assertion is made before consideration of any related
controls
- (ISA 315.A190)
- Account balances and related disclosures at the period end:
- Existence: starting point = accounting books
Assets, liabilities, and equity interests exist
- Rights and obligations:
The entity holds or controls the rights to assets, and liabilities are the
obligations of the entity
- Completeness: starting point = warehouse, counting assets/inventory,
… → am I missing something?
All assets, liabilities and equity interests that should have been
recorded have been recorded, and all related disclosures that should
have been included in the financial statements have been included
- Accuracy (is the amount booked, the right amount), valuation (asset
bought for 10 but only can sell it for 9 now → value decline →
adjustment, common on asset side) and allocation
Assets, liabilities, and equity interests have been included in the
financial statements at appropriate amounts and any resulting
valuation or allocation adjustments have been appropriately recorded,
and related disclosures have been appropriately measured and
described.
- Classification
Assets, liabilities, and equity interests have been recorded in the
proper accounts
- Presentation
Assets, liabilities, and equity interests are appropriately aggregated or
disaggregated and clearly described, and related disclosures are
relevant and understandable in the context of the requirements of the
applicable financial reporting framework
Daimler AG Continuation
- Classes of transactions and events and related disclosures for the period under
audit:
- Occurrence: company sells a car, wants to confirm if transaction occurs →
need license, plaid, insurance → see when was plaid issued (did transaction
(=responsibilities have changed from one to another person) occur?) higher
risk when transaction is close to budget
Transactions and events that have been recorded or disclosed, have
occurred, and such transactions and events pertain pertain to the entity
- Completeness
All transactions and events that should have been recorded have been
recorded, and all related disclosures that should have been included in the
financial statements have been included.
- Accuracy
Amounts and other data relating to recorded transactions and events have
been recorded appropriately, and related disclosures have been appropriately
measured and described
- Cutoff: → University fee: too much money for the year if already paid for
january
Transactions and events have been recorded in the correct accounting period
- Classification: amount is right but wrong situation
Transactions and events have been recorded in the proper accounts
- Presentation:
Transactions and events are appropriately aggregated or disaggregated and
clearly described, and related disclosures are relevant and understandable in
the context of the requirements of the applicable financial reporting framework
- Assertions about other disclosures: The assertions presented in previous slides,
adapted as appropriate.
Daimler AG Continuation
Daimler
- expected to have a lot of fixed assets
- check existence of intangible assets: if software → ask to see software working
- provision has a lot of judgment
First step materiality → thinking about 6 assertions → considering the one we consider →
plan procedures
Week 3

- Misstatements, including omissions, are considered to be material if, individually or in
the aggregate, they could reasonably be expected to influence the economic
decisions of users taken on the basis of the financial statements.
- misstatement below materiality → most of the time not but it may have, depends on
the impact on FS as a whole
Choosing a benchmark (ISA 320.A3)

- listed company → profit before tax, because taxes are different from country to
country and company to company
- startups, non profit companies, tech, companies (pharmaceutical) that need a lot of
development→ not profit before tax
- Factors that may affect the identification of an appropriate benchmark include the
following:
- The elements of the financial statements (for example, assets, liabilities,
equity, revenue, expenses);
- Whether there are items on which the attention of the users of the
particular entity’s financial statements tends to be focused (for example,
for the purpose of evaluating financial performance users may tend to focus
on profit, revenue or net assets);
- The nature of the entity, where the entity is in its life cycle, and the
industry and economic environment in which the entity operates;
- The entity’s ownership structure and the way it is financed (for example,
if an entity is financed solely by debt rather than equity, users may put more
emphasis on assets, and claims on them, than on the entity’s earnings);
→ ownership relevant ___ and
- The relative volatility of the benchmark. → if company has high volatility →
____
- e.g. NOVA → total revenues; total assets by investment funds (invest in real
properties)
- sometime take away exceptional de- or increases
- (ISA 320.A4/A5)
- When profit before tax from continuing operations is volatile, other
benchmarks may be more appropriate, such as gross profit or total
revenues.
- Circumstances that give rise to an exceptional decrease or increase in
such profit may lead the auditor to conclude that materiality for the financial
statements as a whole is more appropriately determined using a normalized
profit before tax from continuing operations figure based on past results.
- Expected benchmark → .5 and 3% → the more complex the less
- If net benchmark → 3 to 10%
Performance Materiality (ISA 320.9)
- Purpose: we only get samples, can be that we don't see a lot of small things
- Performance materiality means the amount or amounts set by the auditor at less than
materiality for the financial statements as a whole to reduce to an appropriately low
level the probability that the aggregate of uncorrected and undetected
misstatements exceeds materiality for the financial statements as a whole.
- It is affected by the auditor’s understanding of the entity, updated during the
performance of the risk assessment procedures; and the nature and extent of
misstatements identified in previous audits and thereby the auditor’s expectations
in relation to misstatements in the current period.
Clearly trivial amount (ISA 450.5 and 450.A2)

- = amount after analyzing quality factors we my ignore it (about 5% of materiality)
- The auditor shall accumulate misstatements identified during the audit, other than
those that are clearly trivial.
- The auditor may designate an amount below which misstatements would be clearly
trivial and would not need to be accumulated because the auditor expects that the
accumulation of such amounts clearly would not have a material effect on the
financial statements. “Clearly trivial” is not another expression for “not material.”
Matters that are clearly trivial will be of a wholly different (smaller) order of magnitude
than materiality determined in accordance with ISA 320, and will be matters that are
clearly inconsequential, whether taken individually or in aggregate and whether
judged by any criteria of size, nature or circumstances. When there is any
uncertainty about whether one or more items are clearly trivial, the matter is
considered not to be clearly trivial.
Materiality Part
Assertion Examples Slides

- Existence → not invoices, don´t see if asset exists or not (IS: Occurrence) accounting
books but not bank statement
- Completeness → everything that was booked is there (same for BS and IS) bank
statement but not accounting books
- Accuracy → right or wrong (has the balance been booked by amount it had to be
booked, same for BS and IS)
- Valuation and Accuracy difference: impairments, if something is broken → __; e.g.
goodwill = what I pay more compared to fair value of company because of synergies,
because in future will get revenue that will compensate money you paid more
Audit Risk
= giving the wrong opinion. There are no material misstatements but there are. (not detecting
something that is not there)
= The risk that the auditor expresses an inappropriate audit opinion when the financial
statements are materially misstated. (ISA 200.13c)
Risk of Material Misstatement = The risk that the financial statements are materially
misstated prior to audit. (ISA 200.13n) divided into
- Inherent Risk = The susceptibility of an assertion about a class of transaction,
account balance or disclosure to a misstatement that could be material, either
individually or when aggregated with other misstatements, before consideration of
any related controls. (ISA 200.13n(i)) (has to do with type, Lidl low inherent risk, Bank
cash on bank low inherent risk)
- Higher for some assertions
- Privison: something is uncertain, its a judgment
- more estimations and assumptions
- goodwill
- Complex calculations
- Accounts consisting of amounts derived from accounting estimates
that are subject to significant estimation uncertainty
- Technological developments - Inventory
- Control Risk = The risk that a misstatement that could occur in an assertion about a
class of transaction, account balance or disclosure and that could be material, either
individually or when aggregated with other misstatements, will not be prevented, or
detected and corrected, on a timely basis by the entity’s internal control. (ISA
200.13n(ii)) (we can not manage them)
- Internal control, no matter how well designed and operated, can only reduce,
but not eliminate, risks of material misstatement in the financial statements,
because of the inherent limitations of internal control. Examples:
- Human errors or mistakes
- Controls being circumvented by collusion or inappropriate
management override
Detection Risk
= The risk that the procedures performed by the auditor to reduce audit risk to an acceptably
low level will not detect a misstatement that exists and that could be material, either
individually or when aggregated with other misstatements. (ISA 200.13e)
(Risk the auditor manages)
Audit Risk
= The assessment of risks is a matter of professional judgment, rather than a matter capable
of precise measurement. Audit risk does not include the risk that the auditor might express
an opinion that the financial statements are materially misstated when they are not. This
risk is ordinarily insignificant.
- it is little that I have a misstatement that doesn't exists
Audit Work: do we test every transaction? no → we audit based on risk
Types of Testing
- Controls Testing
- Substantive Testing
it is possible to have audit that has no control testing → substantive needs to be testes
always
Tests of Controls
- An audit procedure designed to evaluate the operating effectiveness of controls in
preventing, or detecting and correcting, material misstatements at the assertion
level. → how can we see if control is used
- The auditor’s assessment of risk of material misstatement at the assertion level
includes an expectation that the controls are operating effectively; or,
- Substantive procedures alone cannot provide sufficient appropriate audit evidence at
the assertion level.
Risk Umbrella Analogy

- Imagine a rainy day of risk!
- We perform audit procedures to obtain reasonable assurance that the financial
statements are free from material misstatement
Audit Evidence
- if misstatements haven't been catched by control environment
- Significant inherent risk and ineffective controls = — More substantive procedures.
- Significant inherent risk and effective controls = — Test controls and possibly reduce
substantive procedures.
- Non-significant inherent risk and effective controls = — May test controls and perform
less substantive procedures.
Preventative vs. Detective

- Controls may be preventative or detective:
- Preventative controls – prevent an error from occurring that could result in a
misstatement of the financial statements.
- Detective controls – detect and correct an error that has already occurred
that could result in a misstatement of the financial statements.
- Risk of control environment? management override of controls is a risk
always there
What Type of Controls are These?

1. All employee salary increases are approved by the HR Director before being entered into
the SAP system.
- Prevent → HR director could overwrite the control = risk (person on top of control can
overwrite the control)
2. On a monthly basis, the Payroll Manager reviews edit reports for all changes made to the
payroll master-file in the SAP system.
Key Points
- Controls are the actions taken by management to prevent or detect and correct
material misstatements.
- Effective controls may enable us to reduce the amount of substantive procedures
that we need to perform.
- Preventative controls prevent misstatements from occurring. Detective controls
detect and correct misstatements that have occurred.
Nature of Controls Matching Activity
A. The system only allows the Payroll Supervisor or Payroll Manager to make changes
to Payroll data → Manual Control
B. Management reviews a system generates report of all employees who did not submit
their timesheets by 5 pm on Fridays → Automated Control
C. The Payroll Manager checks that any salary increases have been appropriately
approved → Manual Control with Automated Component
Control testing
- Design
- Implementation
- Operating effectiveness
Evaluating Controls: Design and Implementation

= if the way control takes place makes sense, does ist prevent/detect what its supposed to
detect/prevent? Mandatory when you have fraud risk or significant inherent risk
- Design
Involves considering whether the control, individually or in combination with other
controls, is capable of effectively preventing, or detecting and correcting, material
misstatements
- Implementation
Involves considering that the control exists and that the entity is using it
- Procedures performed to evaluate design and implementation include:
- Inquiry of entity personal
- Observing the application of specific controls
- Inspecting documents and reports
- Tracing transactions through the information system relevant to financial
reporting
- Inquiry alone is not sufficient
Factors to Consider when Testing Operating Effectiveness of Controls

- Type
- Procedures used to obtain audit evidence:
- Inquiry
- Observation
- Inspection
- Re-performance
- Recalculation
- Extent
- The quantity to be performed.
- Timing
- When the audit procedures will be performed.de
Extent
- Frequency of the performance of the control by the entity during the period
- Daily
- Weekly
- Monthly
- Annual
- More than daily
- Length of time during the audit period that the auditor is relying on the operating
effectiveness of the control
- Expected rate of deviation from a control
- Relevance and reliability of the audit evidence to be obtained
- Extent to which audit evidence is obtained from tests of other controls related to the
assertion
Examples of controls
Treasury
- Counting cash
- Bank reconciliation
- Segregation of duties
- System access
- Authorization for transactions
Cost of sales – sale of goods
- Exception/ edit report review - changes to supplier data
- Authorization of new suppliers and changes to supplier data
- Authorization of purchase orders
- Sequential numbering of purchase orders
- System access
- Delivery checks on goods received
- Preparation of a goods received note
- 3 way match – purchases (invoice vs goods received vs order)
- KPI review - expenses
- Review of reconciliation of accounts payable to supplier statements
- Management review of payment file or cheque run
- Management review of goods received not invoiced
- Inventory counts – annual or cycle
Property, plant and equipment
- Management review of PPE additions
- Management review of depreciation expense
- System configuration for depreciation calculations
- System access
- Physical inspection of PPE
- Authorization of PPE disposals or retirements
Inventory
- Delivery checks on goods dispatched
- Reconciliation of quantity invoiced to quantity shipped
- Exception/ edit report review - changes to supplier data
- Authorization of new suppliers and changes to supplier data
- Sequential numbering of purchase orders
- System access
- 3 way match
- KPI review – expenses
- Exception/ edit report review - missing goods received notes
Personnel expenses
- Preparation of payroll reconciliation
- Review of payroll reconciliation
- KPI review - payroll tax/ social security deductions
- System configuration for payroll calculations
- Authorization of payroll payments
- Authorization of payroll data for processing
- Authorization of payroll change forms
- Exception/ edit report review - payroll data
- KPI review - personnel expenses
- System access
Revenue from sales
- Authorization of changes to master price list
- System access
- Credit approval
- Exception/ edit report review - changes to customer data
- System configuration for input of sales orders
- Sequential numbering of sales orders
- Exception/ edit report review - master price list overrides
- Authorization of credit limit overrides
- Exception/ edit report review - sales orders exceeding credit limits
- Sequential numbering of goods dispatch notes
- Delivery checks on goods dispatched
- Authorization of credit notes
Trade receivables
- System access
- Credit approval
- Exception/ edit report review - changes to customer data
- Authorization of credit limit overrides
- Cash receipts reconciliation
- Credit control
- Review of bank reconciliation
Week 4
Phase of an audit
- Acceptance
- Planning & Strategy
- Testing
- Completion/Conclusion
Key Points
- Controls are the actions taken by management to prevent or detect and correct
material misstatements.
- Effective controls may enable us to reduce the amount of substantive procedures
that we need to perform.
- Preventative controls prevent misstatements from occurring.
- Detective controls detect and correct misstatements that have occurred.
Substantive Testing
- Irrespective of the assessed risks of material misstatement, the auditor shall design
and perform substantive procedures for each material class of transactions,
account balance, and disclosure (ISA 330.18). This requirement reflects the facts
that:
a) the auditor’s assessment of risk is judgmental and so may not identify all risks of
material misstatement; and
b) there are inherent limitations to internal control, including management override.
(ISA 330.A42)
- takes usually more time than the other one
Substantive Procedure
- An audit procedure designed to detect material misstatements at the assertion level
(ISA 330.4a).
Types of Substantive Procedures

- Substantive Analytical Procedures “SAP”
- Tests of Details “ToD” most common
High inherent risk → if company doesn't have control in place, high risk of mistakes
Found never material misstatement of share capital
for each account that is above materiality I have to perform substantive procedure
To get evidence of existence → evident count
Substantive Procedure
- An audit procedure designed to detect material misstatements at the assertion level
(ISA 330.4a)
- Depending on the circumstances, the auditor may determine that:
- Performing only substantive analytical procedures will be sufficient to
reduce audit risk to an acceptably low level. For example, where the auditor’s
assessment of risk is supported by audit evidence from tests of controls.
- Only tests of details are appropriate.
- A combination of substantive analytical procedures and tests of details
are most responsive to the assessed risks.
(ISA 330.A43)
Audit Procedures
What do audit procedures provide? EVIDENCE
Substantive Analytical Procedures

- Are generally more applicable to large volumes of transactions that tend to be
predictable over time (ISA 330.A44)
Designing a Substantive Analytical Procedure (“SAP”)

1. Determine the suitability
2. Evaluate the reliability of the data → cannot assume that information is good, need to test
3. Develop an expectation
4. Determine the amount of any difference (on FS)
Determine the suitability

- Expectation that relationships among data exist and continue in the absence of
known conditions to the contrary. If controls over a process are deficient, the auditor
may place more reliance on tests of details rather than on substantive analytical
procedures.
- For example, where an entity has a known number of employees at fixed rates of pay
throughout the period, it may be possible for the auditor to use this data to estimate
the total payroll costs for the period with a high degree of accuracy, thereby providing
audit evidence for a significant item in the financial statements and reducing the need
to perform tests of details on the payroll.
Reliability of the data ,,

- The reliability of data is influenced by its source and nature and is dependent on the
circumstances under which it is obtained. Auditor should consider:
- Source of the information available.
- Comparability of the information available.
- Nature and relevance of the information available.
- Controls over the preparation of the information that are designed to ensure
its completeness, accuracy and validity.

Develop an expectation
- Develop an expectation of recorded amounts or ratios and evaluate whether the
expectation is sufficiently precise to identify a misstatement that, individually or when
aggregated with other misstatements, may cause the financial statements to be
materially misstated.
Acceptable difference
- Determine the amount of any difference of recorded amounts from expected values
that is acceptable without further investigation.
- As the assessed risk increases, the amount of difference considered acceptable
without investigation decreases in order to achieve the desired level of persuasive
evidence.
SAP – Example - Payroll

- Base expectation on the relevant data and relationships among data such as the
average number of employees during the current period and the average payroll
expense per employee for the prior period.
Example Slides
- 20000 payroll
- 55 employees → are they really working for the company?
- 3% you need evidence → board meeting its okay, if not sample of employees to see
if on average they have an increase by 3%
- 1.4 million income statement → acceptable different is lower so the caption is not
materialistic → more/other work/substantive testing → investigate why there are
differences, e.g., because of: hiring/firing people during the year
- 1.3 million → acceptable difference is higher → it is on the range → conclude that
caption is not material mistaken
SAP – Other examples

- Trade receivables substantive analytical (predictive) → payment days
- Revenue substantive analytical (predictive)
- Warranties provision substantive analytical (trend)
- Expenses substantive analytical (predictive)
- Interest income and expense from working capital bank accounts substantive
analytical (predictive) → read contracts, interest rates, estimation
Test of Details
- In designing tests of details, the extent of testing is ordinarily thought of in terms of
the sample size. However, other matters are also relevant, including whether it is
more effective to use other selective means of testing (ISA 330.A47).
- In selecting items for testing, the auditor is required to determine the relevance and
reliability of information to be used as audit evidence; the other aspect of
effectiveness (sufficiency) is an important consideration in selecting items to test (ISA
500.A52).
- Selecting Items:
- Entire Population
- 100% examination may be appropriate when, for example:
- The population constitutes a small number of large value
items;
- There is a significant risk and other means do not provide
sufficient appropriate audit evidence; or
- The repetitive nature of a calculation or other process
performed automatically by an information system makes a
100% examination cost effective.
- Examples
- Fixed assets additions - Acquisition of 5 airplanes
- 3 trade debtors account
- 10 sales during the year
- 4 employees
- Specific Items
- The judgmental selection of specific items is subject to non-sampling
risk. Specific items selected may include:
- High value or key items (example: for example, items that
are suspicious, unusual, particularly risk-prone or that have a
history of error)
- All items over a certain amount (verify a large proportion of
the total amount of a class of transactions or account balance)
- Items to obtain information - The auditor may examine items
to obtain information about matters such as the nature of the
entity or the nature of transactions.
- Selective examination of specific items from a class of transactions or
account balance does not constitute audit sampling. The results of
audit procedures applied to items selected in this way cannot be
projected to the entire population; accordingly, selective examination
of specific items does not provide audit evidence concerning the
remainder of the population.
- Substantive Sampling
Audit Sampling
- Application of audit procedures to less than 100% of items within a population of
audit relevance such that all sampling units have a chance of selection in order to
provide the auditor with a reasonable basis on which to draw conclusions about the
entire population.
- The sampling units might be physical items (for example, checks listed on deposit
slips, credit entries on bank statements, sales invoices or debtors’ balances) or
monetary units.
Sampling risk
- The risk that the auditor’s conclusion based on a sample may be different from the
conclusion if the entire population were subjected to the same audit procedure.
- The auditor shall determine a sample size sufficient to reduce sampling risk to an
acceptably low level.
Tolerable misstatement
- The auditor determines tolerable misstatement in order to address the risk that the
aggregate of individually immaterial misstatements may cause the financial
statements to be materially misstated and provide a margin for possible undetected
misstatements.
- Tolerable misstatement is the application of performance materiality, to a
particular sampling procedure. Tolerable misstatement may be the same amount or
an amount lower than performance materiality.
Statistical sampling
- An approach to sampling that has the following characteristics:
i. Random selection of the sample items; and
ii. The use of probability theory to evaluate sample results, including measurement of
sampling risk.
- The decision whether to use a statistical or non-statistical sampling approach is a
matter for the auditor’s judgment; however, sample size is not a valid criterion to
distinguish between statistical and non-statistical approaches
Sample Selection Methods (DON'T HAVE TO KNOW FOR EXAM)

- Random selection (applied through random number generators, for example,
random number tables).
- Systematic selection, in which the number of sampling units in the population is
divided by the sample size to give a sampling interval, for example 50, and having
determined a starting point within the first 50, each 50th sampling unit thereafter is
selected. Although the starting point may be determined haphazardly, the sample is
more likely to be truly random if it is determined by use of a computerized random
number generator or random number tables. When using systematic selection, the
auditor would need to determine that sampling units within the population are not
structured in such a way that the sampling interval corresponds with a particular
pattern in the population.
- Monetary Unit Sampling is a type of value-weighted selection in which sample size,
selection and evaluation results in a conclusion in monetary amounts.
- Haphazard selection, in which the auditor selects the sample without following a
structured technique. Although no structured technique is used, the auditor would
nonetheless avoid any conscious bias or predictability (for example, avoiding difficult
to locate items, or always choosing or avoiding the first or last entries on a page) and
thus attempt to ensure that all items in the population have a chance of selection.
Haphazard selection is not appropriate when using statistical sampling.
- Block selection involves selection of a block(s) of contiguous items from within the
population. Block selection cannot ordinarily be used in audit sampling because most
populations are structured such that items in a sequence can be expected to have
similar characteristics to each other, but different characteristics from items
elsewhere in the population. Although in some circumstances it may be an
appropriate audit procedure to examine a block of items, it would rarely be an
appropriate sample selection technique when the auditor intends to draw valid
inferences about the entire population based on the sample.
For each assertion we have to plan a substantive plan → test whole population specific
items or sample? → audit procedures → dont have to conclude, since we dont have this
information!
Example
- fixed assets at NOVA → a lot of items, not feasible to do all items → specific items
(building & land because its higher value → use notes what it is)
- completeness → go to register and go to books and see if there is everything
- existence →
- accuracy → see invoices that matches the building
- valuation → if you go to building and its damaged → problem of valuation
- obligations and rights → rights, does nova has the right to have the building → ask
for contract if owner of building is really nova
- classification → invoices
- presentation → accounting books require to disclose a lot of information → USE
KPMG Disclosure checklist
Not a lot of definitions → just explain ASSUMPTIONS because there are no side information
of company
expects that caption of substantive procedures in IS revenue in BS inventory/cash/fixed
assets (no intangible is more difficult)
Specific ISAs – Audit Evidence

- ISA 500 – Audit Evidence
- ISA 501 – Audit Evidence – Specific Considerations for selected items
—Inventory
—Litigation and claims
—Segment information
- ISA 505 – External Confirmations
- ISA 510 – Initial Audit Engagements – Opening Balances
- ISA 540 – Auditing Accounting Estimates
- ISA 550 – Related Parties
- ISA 560 – Subsequent Events
- ISA 570 – Going Concern
- ISA 580 – Written Representations
ISA 500 – Audit Evidence

- Audit evidence is more reliable when it is obtained from independent sources outside
the entity.
- Audit evidence obtained directly by the auditor is more reliable than audit evidence
obtained indirectly or by inference.
- Audit evidence is more reliable when it exists in documentary form, whether paper,
electronic or other medium.
ISA 501 – Audit Evidence Inventory

- If inventory is material to the financial statements, the auditor shall obtain sufficient
appropriate audit evidence regarding the existence and condition of inventory by:
a) Attendance at physical inventory counting, unless impracticable, to:
i. Evaluate management’s instructions and procedures for recording and controlling
the results of the entity’s physical inventory counting;
ii. Observe the performance of management’s count procedures;
iii. Inspect the inventory; and iv. Perform test counts; and
b) Performing audit procedures over the entity’s final inventory records to determine
whether they accurately reflect actual inventory count results.
ISA 501 – Litigation and Claims

- The auditor shall design and perform audit procedures in order to identify litigation
and claims involving the entity which may give rise to a risk of material misstatement,
including:
a) Inquiry of management and, where applicable, others within the entity, including
in-house legal counsel;
b) Reviewing minutes of meetings of those charged with governance and
correspondence between the entity and its external legal counsel; and
c) Reviewing legal expense accounts.
- The auditor shall do so through a letter of inquiry, prepared by management and
sent by the auditor, requesting the entity’s external legal counsel to communicate
directly with the auditor
ISA 505 – External Confirmations

- Audit evidence obtained as a direct written response to the auditor from a third party
(the confirming party), in paper form, or by electronic or other medium.
- When using external confirmation procedures, the auditor shall maintain control over
external confirmation requests, including:
a) Determining the information to be confirmed or requested;
b) Selecting the appropriate confirming party;
c) Designing the confirmation requests, including determining that requests are
properly addressed and contain return information for responses to be sent directly to
the auditor; and
d) Sending the requests, including follow-up requests when applicable, to the
confirming party.
ISA 510 – Initial audit engagements

- An engagement in which either:
i. The financial statements for the prior period were not audited; or
ii. The financial statements for the prior period were audited by a predecessor
auditor.
- The auditor shall obtain sufficient appropriate audit evidence about whether the
opening balances contain misstatements that materially affect the current period’s
financial statements by:
a) Determining whether the prior period’s closing balances have been correctly
brought forward to the current period or, when appropriate, have been restated;
b) Determining whether the opening balances reflect the application of appropriate
accounting policies; and
c) Performing one or more of the following:
- i. Where the prior year financial statements were audited, reviewing the
predecessor auditor’s working papers to obtain evidence regarding the
opening balances;
- ii. Evaluating whether audit procedures performed in the current period
provide evidence relevant to the opening balances; or
- iii. Performing specific audit procedures to obtain evidence regarding the
opening balances.
ISA 560 – Subsequent Events

- The auditor shall perform audit procedures designed to obtain sufficient appropriate
audit evidence that all events occurring between the date of the financial
statements and the date of the auditor’s report that require adjustment of, or
disclosure in, the financial statements have been identified.
- two FD approval: by management/board and by shareholders
- board approved FS auditor does auditing report → shareholders approve with audit
report FS
Subsequent events (cont.)

- Examples of audit procedures:
- Inspection of available books and records, including bank statements;
- Read the entity’s latest available budgets, cash flow forecasts and other
related management reports for periods after the date of the financial
statements;
- Inquire, or extend previous oral or written inquiries, of the entity’s legal
counsel concerning litigation and claims; or
- Consider whether written representations covering particular subsequent
events may be necessary to support other audit evidence and thereby obtain
sufficient appropriate audit evidence.
- Facts Which Become Known to the Auditor after the Date of the
Auditor’s Report but before the Date the Financial Statements Are
Issued
- The auditor has no obligation to perform any audit procedures
regarding the financial statements after the date of the auditor’s report.
- Facts Which Become Known to the Auditor after the Financial
Statements Have Been Issued
- After the financial statements have been issued, the auditor has no
obligation to perform any audit procedures regarding such financial
statements.
not a choice but a requirement!

Examples of adjusting events
- The settlement after the reporting period of a court case that confirms that the entity
had a present obligation at the end of the reporting period.
- The entity adjusts any previously recognised provision related to this court case in
accordance with IAS 37 Provisions, Contingent Liabilities and Contingent Assets or
recognises a new provision.
- The entity does not merely disclose a contingent liability because the settlement
provides additional evidence that would be considered in accordance with paragraph
16 of IAS 37.
- The receipt of information after the reporting period indicating that an asset was
impaired at the end of the reporting period, or that the amount of a previously
recognised impairment loss for that asset needs to be adjusted.
- The bankruptcy of a customer that occurs after the reporting period date usually
confirms that a loss existed at the end of the reporting period on a loan and that the
entity needs to adjust the carrying amount of the loan.
- The sale of inventories after the reporting period may give evidence about their net
reliable value at the end of the reporting period.
- The determination after the reporting period of the cost of assets purchased, or the
proceeds from assets sold, before the end of the reporting period.
- The determination after the reporting period of the amount of profit sharing or bonus
payments, if the entity had a present legal or constructive obligation at the end of the
reporting period to make such payments as a result of events before that date (see
IAS 19 Employee Benefits).
- The discovery of fraud or errors that show that the financial statements are incorrect.
- Decline in market value of investments between the end of the reporting period and
the date when the financial statements are authorized for issue.
Examples of non - adjusting events that would result in disclosure

- A major business combination after the reporting period (IFRS 3 Business
Combinations requires specific disclosures in such cases) or disposing of a major
subsidiary.
- Announcing a plan to discontinue an operation.
- Major purchases of assets, classification of assets as held for sale in accordance
with IFRS 5 Non -current Assets Held for Sale and Discontinued Operations, other
disposals of assets, or expropriation of major assets by government.
- The destruction of a major production plant by a fire after the reporting period.
- Announcing, or commencing the implementation of, a major restructuring (see IAS
37).
- Major ordinary share transactions and potential ordinary share transactions after the
reporting period (IAS 33 Earnings per Share requires an entity to disclose a
description of such transactions, other than when such transactions involve
capitalisation or bonus issues, share splits or reverse share splits all of which are
required to be adjusted under IAS 33).
- Abnormally large changes after the reporting period in asset prices or foreign
exchange rates.
- Changes in tax rates or tax laws enacted or announced after the reporting period that
have a significant effect on current and deferred tax assets and liabilities (see IAS 12
Income Taxes).
- Entering into significant commitments or contingent liabilities, for example, by issuing
significant guarantees.
- Commencing major litigation arising solely out of events that occurred after the
reporting period.
ISA 570 – Going concern

- management of company is responsible to prepare this assessment
- The auditor’s responsibilities are to obtain sufficient appropriate audit evidence
regarding, and conclude on, the appropriateness of management’s use of the
going concern basis of accounting in the preparation of the financial statements,
and to conclude, based on the audit evidence obtained, whether a material
uncertainty exists about the entity’s ability to continue as a going concern.
Going concern assumption (ISA 570)

- Going concern basis unless:
— Business expected to cease
— No realistic alternative but to liquidate
- Disclosures if material uncertainties regarding ability to continue as going concern
- Management has the responsibility to assess the ability to continue as going concern
- Disclosures if not prepared on going concern basis:
— Basis on which prepared
— Reason for such basis
Responsibility of the auditor (ISA 570)

- Examples of events or conditions that, individually or collectively, may cast significant
doubt on the entity’s ability to continue as a going concern (ISA 570.A3).
- Financial
- Operating
- Other
- Financial
- Net liability or net current liability position.
- Fixed-term borrowings approaching maturity without realistic prospects of
renewal or repayment; or excessive reliance on shortterm borrowings to
finance long-term assets.
- Indications of withdrawal of financial support by creditors.
- Negative operating cash flows indicated by historical or prospective financial
statements.
- Adverse key financial ratios.
- Substantial operating losses or significant deterioration in the value of assets
used to generate cash flows.
- Arrears or discontinuance of dividends.
- Inability to pay creditors on due dates.
- Inability to comply with the terms of loan agreements.
- Change from credit to cash-on-delivery transactions with suppliers.
- Inability to obtain financing for essential new product development or other
essential investments.
- Operating
- Management intentions to liquidate the entity or to cease operations.
- Loss of key management without replacement.
- Loss of a major market, key customer(s), franchise, license, or principal
supplier(s).
- Labor difficulties.
- Shortages of important supplies.
- Emergence of a highly successful competitor.
Slides
Appendix: Examples of substantive procedures

- Cash and cash equivalents
- Bank reconciliation at period end
- Bank confirmations
- Cash on-hand count
- Cash and cash equivalents presentation
- Inventories (see ISA 501)
- Inventory count attendance - performing test counts
- Reconciliation between final inventory count list and book records
- Valuation of inventories (ex: goods that have expiration date, low turnover,
etc.)
- Pricing test
- Sending confirmation letter for stock held by third parties
- Property, plant and equipment
- PPE additions
- PPE - internally capitalized costs procedure
- Inspection of PPE - vouch from system to asset
- Physical asset inspection – trace from asset to PPE system
- Inspection of land and buildings title deeds
- Examine repairs and maintenance expense
- Valuation of property, plant and equipment’s fair value
- PPE - residual values
- PPE disposals
- PPE Recalculation of depreciation
- Trade receivables
- Trade receivables confirmations
- Trade receivables - after date cash receipts
- Allowance for impairment of trade receivables
- Trade receivables foreign currency translation
- Credit notes subsequent testing
- Classification of trade receivables credit balance
Week 5
Closing Process
Substantive Procedures Related to the Financial Statement Closing Process

a) Agreeing or reconciling the financial statements with the underlying accounting records;
and
b) Examining material journal entries and other adjustments made during the course of
preparing the financial statements.
Substantive Procedures Responsive to Significant Risks

- If the auditor has determined that an assessed risk of material misstatement at the
assertion level is a significant risk, the auditor shall perform substantive procedures
that are specifically responsive to that risk. When the approach to a significant risk
consists only of substantive procedures, those procedures shall include tests of
details.
Adequacy of Presentation and Disclosure

- The auditor shall perform audit procedures to evaluate whether the overall
presentation of the financial statements, including the related disclosures, is in
accordance with the applicable financial reporting framework (examples: the
terminology used, the amount of detail given, the classification of items in the
statements, and the bases of amounts set forth).
Evaluating the Sufficiency and Appropriateness of Audit Evidence

- The auditor shall conclude whether sufficient appropriate audit evidence has been
obtained.
- If the auditor has not obtained sufficient appropriate audit evidence as to a material
financial statement assertion, the auditor shall attempt to obtain further audit
evidence.
- If the auditor is unable to obtain sufficient appropriate audit evidence, the auditor
shall express a qualified opinion or disclaim an opinion on the financial statements.
Documentation
- The auditor shall include in the audit documentation:
a) The overall responses to address the assessed risks of material misstatement at
the financial statement level, and the nature, timing and extent of the further audit
procedures performed;
b) The linkage of those procedures with the assessed risks at the assertion level; and
c) The results of the audit procedures, including the conclusions where these are not
otherwise clear.
- The auditor’s documentation shall demonstrate that the financial statements agree or
reconcile with the underlying accounting records.
Timely Audit Documentation

- Why do you think timely audit documentation is required?
- If it’s not documented it’s not done.
Audit Misstatements
Types of Audit Misstatements
Consideration of Identified Misstatements

- A misstatement may not be an isolated occurrence.
- If the aggregate of misstatements accumulated during the audit approaches
materiality determined in accordance with ISA 320, there may be a greater than
acceptably low level of risk that possible undetected misstatements, when taken with
the aggregate of misstatements accumulated during the audit, could exceed
materiality.
- Undetected misstatements could exist because of the presence of sampling risk and
non-sampling risk.
Communication and Correction of Misstatements

- The auditor shall communicate on a timely basis all misstatements accumulated
during the audit with the appropriate level of management (the one that has
responsibility and authority to evaluate the misstatements and to take the necessary
action), unless prohibited by law or regulation
- If management refuses to correct some or all of the misstatements communicated by
the auditor, the auditor shall obtain an understanding of management’s reasons for
not making the corrections and shall take that understanding into account when
evaluating whether the financial statements as a whole are free from material
misstatement.
Evaluating the Effect of Uncorrected Misstatements

- The auditor shall determine whether uncorrected misstatements are material,
individually or in aggregate. In making this determination, the auditor shall consider:
- The size and nature of the misstatements, both in relation to particular classes of
transactions, account balances or disclosures and the financial statements as a
whole, and the particular circumstances of their occurrence; and
- The effect of uncorrected misstatements related to prior periods on the relevant
classes of transactions, account balances or disclosures, and the financial
statements as a whole.
- If an individual misstatement is judged to be material, it is unlikely that it can be offset
by other misstatements. Example:
- If revenue has been materially overstated, the financial statements as a whole
will be materially misstated, even if the effect of the misstatement on earnings
is completely offset by an equivalent overstatement of expenses.
- The circumstances related to some misstatements may cause the auditor to evaluate
them as material, individually or when considered together with other misstatements
accumulated during the audit, even if they are lower than materiality for the financial
statements as a whole
- Examples of circumstances that may affect the evaluation include the extent to which
the misstatement:
- Affects compliance with regulatory requirements;
- Affects compliance with debt covenants or other contractual requirements;
- Relates to the incorrect selection or application of an accounting policy that
has an immaterial effect on the current period’s financial statements but is
likely to have a material effect on future periods’ financial statements;
- Masks a change in earnings or other trends, especially in the context of
general economic and industry conditions;
- Affects ratios used to evaluate the entity’s financial position, results of
operations or cash flows;
- Affects segment information presented in the financial statements;
- Has the effect of increasing management compensation, for example, by ensuring
that the requirements for the award of bonuses or other incentives are satisfied;
- Affects other information that will be communicated in documents containing the
audited financial statements;
- Relates to items involving particular parties (for example, whether external parties to
the transaction are related to members of the entity’s management);
- Is an omission of information not specifically required by the applicable financial
reporting framework but which, in the judgment of the auditor, is important to the
users’ understanding of the financial position, financial performance or cash flows of
the entity
Communication with Those Charged with Governance

- The auditor shall communicate with those charged with governance uncorrected
misstatements and the effect that they, individually or in aggregate, may have on the
opinion in the auditor’s report, unless prohibited by law or regulation.
- The auditor shall also communicate with those charged with governance the effect of
uncorrected misstatements related to prior periods on the relevant classes of
transactions, account balances or disclosures, and the financial statements as a
whole.
Written Representations (ISA 580)

- The auditor shall request a written representation from management and, where
appropriate, those charged with governance whether they believe the effects of
uncorrected misstatements are immaterial, individually and in aggregate, to the
financial statements as a whole.
Exercises
Fraud (ISA 240)
Slides
Fraud risk factors As per ISA 240.11(b):

- “Events or conditions that indicate an incentive or pressure to commit fraud or
provide an opportunity to commit fraud.”
Incentive/Pressure Examples
- Pressure to achieve an expected (and perhaps unrealistic) earnings target or
financial outcome.
- Consequences for failing to meet financial targets and/or goals is significant.
- Living an extravagant lifestyle.
Opportunity Examples
- Poor segregation of duties
- Lack of oversight
- Ability to override internal controls
Rationalization Examples
- It is a big company, they will not miss it (‘victimless crime’).
- Everybody does it.
- It is just temporary until things get better.
- I am not being treated fairly.
Who is Responsible for Detecting and Preventing Fraud?

- “The primary responsibility for the detection and prevention of fraud rests with both
those charged with governance of the entity and management.” (ISA 240.4)
Auditor’s Responsibilities in Relation to Fraud

- Obtaining reasonable assurance that financial statements taken as a whole are free
from material misstatement, whether caused by fraud or error.
- Maintaining professional skepticism.
- Consider potential for management override of controls.
- Recognize that audit procedures that are effective for detecting error, may not be
effective in detecting fraud.
Slides
Preparing for reporting - ISAs

- ISA 700 - Forming an opinion and reporting on financial statements
- ISA 701 – Communicating Key Audit Matters in the Independent Auditor’s Report
- ISA 705 (Revised) – Modifications to the Opinion in the Independent Auditor’s Report
- ISA 706 (Revised) – Emphasis of Matter Paragraphs and Other Matter Paragraphs
in the Independent Auditor’s Report
- ISA 710, Comparative Information― Corresponding Figures and Comparative
Financial Statements
- The auditor has obtained reasonable assurance about whether the financial
statements as a whole are free from material misstatement, whether due to fraud or
error:
- The auditor’s conclusion, in accordance with ISA 330, whether sufficient
appropriate audit evidence has been obtained;
- The auditor’s conclusion, in accordance with ISA 450, whether uncorrected
misstatements are material, individually or in aggregate;
- Evaluate whether the financial statements are prepared, in all material
respects, in accordance with the requirements of the applicable financial
reporting framework;
Exercise Set
Week 6
FRAUD (ISA 240)
Frauf Triangle
Who is Responsible for Detecting and Preventing Fraud?

- “The primary responsibility for the detection and prevention of fraud rests with both
those charged with governance of the entity and management.” (ISA 240.4)
Auditor’s Responsibilities in Relation to Fraud

- Obtaining reasonable assurance that financial statements taken as a whole are free
from material misstatement, whether caused by fraud or error.
- Maintaining professional skepticism.
- Consider potential for management override of controls.
- Recognize that audit procedures that are effective for detecting error, may not be
effective in detecting fraud.
Preparing for reporting

- The auditor has obtained reasonable assurance about whether the financial
statements as a whole are free from material misstatement, whether due to fraud or
error:
- The auditor’s conclusion, in accordance with ISA 330, whether sufficient
appropriate audit evidence has been obtained;
- The auditor’s conclusion, in accordance with ISA 450, whether uncorrected
misstatements are material, individually or in aggregate;
- Evaluate whether the financial statements are prepared, in all material
respects, in accordance with the requirements of the applicable financial
reporting framework;
- In particular:
- The financial statements adequately disclose the significant accounting
policies selected and applied;
- The accounting policies selected and applied are consistent with the
applicable financial reporting framework and are appropriate;
- The accounting estimates made by management are reasonable;
- The information presented in the financial statements is relevant, reliable,
comparable, and understandable;
- The financial statements provide adequate disclosures to enable the intended users
to understand the effect of material transactions and events on the information
conveyed in the financial statements;
- The terminology used in the financial statements, including the title of each financial
statement, is appropriate;
- Evaluate whether the financial statements adequately refer to or describe the
applicable financial reporting framework.
Opinion
- If the auditor:
- Concludes that, based on the audit evidence obtained, the financial
statements as a whole are not free from material misstatement; or
- Is unable to obtain sufficient appropriate audit evidence to conclude that the
financial statements as a whole are free from material misstatement,
- the auditor shall modify the opinion in the auditor’s report in accordance with ISA 705
(Revised).
Independent Auditor’s Report

- Title
- Addressee (to shareholders)
- Auditor’s Opinion
- Basis for opinion
- Going concern (if applicable)
- Key Audit Matters (if applicable)
- Responsibilities for the Financial Statements
- Auditor’s Responsibilities for the Audit of the Financial Statements
- Other Reporting Responsibilities
- Name of the Engagement Partner
- Signature of the Auditor
- Auditor’s Address
- Date of the Auditor’s Report
Slides
Types of Audit Opinions
- Unqualified Opinion
- Qualified Opinion
- Disagreements (misstatements or non compliance with accounting
requirements)
- Scope limitations
- Adverse Opinion
- Disclaimer of Opinion
Unqualified Opinion
- Often called a clean opinion, an unqualified opinion is an audit report that is issued
when an auditor determines that the financial statements are free of material
misstatements.
Qualified Opinion
- In situations when a company’s financial records have not been maintained in
accordance with GAAP but no misrepresentations are identified, an auditor will issue
a qualified opinion. The writing of a qualified opinion is extremely similar to that of an
unqualified opinion. A qualified opinion, however, will include an additional paragraph
that highlights the reason why the audit report is not unqualified.
Qualification
- Disagreement
… except for the effects of the matter(s) described in the Basis for Qualified Opinion
section…
- Scope limitation
… except for the possible effects of the matter(s) described in the Basis for Qualified
Opinion section ...
Slides Example ISA 705
Inability to Obtain Sufficient Appropriate Audit Evidence

- Circumstances beyond the control of the entity;
- The entity’s accounting records have been destroyed.
- The accounting records of a significant component have been seized
indefinitely by governmental authorities.
- Circumstances relating to the nature or timing of the auditor’s work;
- The entity is required to use the equity method of accounting for an
associated entity, and the auditor is unable to obtain sufficient appropriate
audit evidence about the latter’s financial information to evaluate whether the
equity method has been appropriately applied.
- The timing of the auditor’s appointment is such that the auditor is unable to
observe the counting of the physical inventories.
- The auditor determines that performing substantive procedures alone is not
sufficient, but the entity’s controls are not effective.
- Limitations imposed by management.
- Management prevents the auditor from observing the counting of the physical
inventory.
- Management prevents the auditor from requesting external confirmation of
specific account balances.
Adverse Opinion
- The auditor shall express an adverse opinion when the auditor, having obtained
sufficient appropriate audit evidence, concludes that misstatements, individually or in
the aggregate, are both material and pervasive to the financial statements.
Slides
Disclaimer of Opinion
- The auditor shall disclaim an opinion when the auditor is unable to obtain sufficient
appropriate audit evidence on which to base the opinion, and the auditor concludes
that the possible effects on the financial statements of undetected misstatements, if
any, could be both material and pervasive.
Slides
Types of Audit Opinions (cont.)
Pervasive
- Pervasive effects on the financial statements are those that, in the auditor’s
judgment:
- Are not confined to specific elements, accounts or items of the financial
statements;
- If so confined, represent or could represent a substantial proportion of the
financial statements; or
- In relation to disclosures, are fundamental to users’ understanding of the
financial statements.
Material uncertainty related to going concern
- going concern: accounting requirement → make assumption that continue without

uncertainties if they have uncertainties they need to disclose
Emphasis of Matter
- A paragraph included in the auditor’s report that refers to a matter appropriately
presented or disclosed in the financial statements that, in the auditor’s judgment, is of
such importance that it is fundamental to users’ understanding of the financial
statements.
- Indicate that the auditor’s opinion is not modified in respect of the matter
emphasized. → Examples
- An uncertainty relating to the future outcome of exceptional litigation or
regulatory action.
- A significant subsequent event that occurs between the date of the financial
statements and the date of the auditor’s report.
- Early application (where permitted) of a new accounting standard that has a
material effect on the financial statements.
- A major catastrophe that has had, or continues to have, a significant effect on
the entity’s financial position.
Emphasis of Matter – Examples ISA 706
Other Matter paragraph

- A paragraph included in the auditor’s report that refers to a matter other than those
presented or disclosed in the financial statements that, in the auditor’s judgment, is
relevant to users’ understanding of the audit, the auditor’s responsibilities or the
auditor’s report.
- Examples:
- Prior Period Financial Statements Audited by a Predecessor Auditor
- Prior Period Financial Statements Not Audited
Other matter – Examples ISA 706
Appendix

Auditing Summary

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Auditing Summary

Uploaded by

Copyright:

Available Formats

Week 1

Why do we perform an Audit?

Responsibilities of the Auditor

Ethical Requirements Relating to an Audit of Financial Statements

Professional skepticism - Key elements

Professional skepticism - Examples

Independent audit report

Internal (not so independent) vs. external reviews

Complete set of financial statements

Qualitative characteristics of useful financial information

Judgements and estimation uncertainty

Statement of financial position presentation

Materiality (ISA 320.2)

Materiality (ISA 320.4)

Materiality (ISA 320.6)

Steps: 0. Choose benchmark

Determining Overall Materiality

Determining a level (usually a percentage) of this benchmark

Determining performance materiality

Everytime you change the benchmark → Explain!

Materiality (ISA 320.2)

Choosing a benchmark (ISA 320.A3)

Clearly trivial amount (ISA 450.5 and 450.A2)

Assertion Examples Slides

Audit Work: do we test every transaction? no → we audit based on risk

Risk Umbrella Analogy

Preventative vs. Detective

What Type of Controls are These?

Evaluating Controls: Design and Implementation

Factors to Consider when Testing Operating Effectiveness of Controls

Types of Substantive Procedures

Substantive Analytical Procedures

Designing a Substantive Analytical Procedure (“SAP”)

Determine the suitability

Reliability of the data ,,

SAP – Example - Payroll

SAP – Other examples

Sample Selection Methods (DON'T HAVE TO KNOW FOR EXAM)

Specific ISAs – Audit Evidence

ISA 500 – Audit Evidence

ISA 501 – Audit Evidence Inventory

​ISA 501 – Litigation and Claims

ISA 505 – External Confirmations

ISA 510 – Initial audit engagements

ISA 560 – Subsequent Events

Subsequent events (cont.)

not a choice but a requirement!

Examples of non - adjusting events that would result in disclosure

ISA 570 – Going concern

Going concern assumption (ISA 570)

Responsibility of the auditor (ISA 570)

Appendix: Examples of substantive procedures

Substantive Procedures Related to the Financial Statement Closing Process

Substantive Procedures Responsive to Significant Risks

Adequacy of Presentation and Disclosure

Evaluating the Sufficiency and Appropriateness of Audit Evidence

Timely Audit Documentation

Types of Audit Misstatements

Consideration of Identified Misstatements

Communication and Correction of Misstatements

Evaluating the Effect of Uncorrected Misstatements

Communication with Those Charged with Governance

Written Representations (ISA 580)

ISA 501 – Litigation and Claims