Professional Documents
Culture Documents
ACC 218 Introduction To Audit Theory
ACC 218 Introduction To Audit Theory
ACC 218 Introduction To Audit Theory
Audit – term derived from Latin word “Audire” meaning “to hear”.
- An independent examination and expression of opinion by a duly appointed auditor on whether
the financial statement are true and fair
Independent – auditor shld be remote/ independent from enterprise he is reviewing
Opinion – an auditor gives an opinion on financial statement. Does not certify or
guarantee fin states are accurate or free from error or irregularity
- Misconception that auditor detects or prevents fraud or error. (not correct)
Duly appointed auditor – appointed according to legal rules of the country.
- Shareholders appoint board of directors to run the entity on their behalf hence principal agent
relationship created
- Differences in interest
- Distance of separation
- Information asymmetry
- Need to verify reports made by management to shareholders and other users of fin states
- Hence need for independent party to audit and express an independent opinion
- Independent review increases confidence in fin states.
- both auditor and management of entity are agents of the shareholder
Types of Audits
Main catergories
- statutory audit
- non statutory
Other catergories
- external audit
- internal audit
- operational audit
- value for money
- social audit
- environmental audit
- compliance audit
- systems audit
- tax audit
Audit postulates
- Concepts observable to be relevant to a course of study
- Based on good practice
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Audit Regulation
3 sets of rules
- code of ethics
- ISAs
- co. law
IFAC
- IFAC code of ethics
- IAASB - ISAs & ISQCSs
Auditor's duties
- form an audit opinion whether finstats true & fair, prepared in accordance with applicable
reporting framework
- issue an audit opinion
Auditor eligibility
- professional body membership - ACCA, ICAZ
- PAAB registration
Exclusion
- director
- employee
- business partner
Exclusion by ethics
- business relationship
- personal relationship
- long association with client
- fee dependency
- non audit services provided
Auditor appointment
- by SH
- by directors but require SH approval at AGM
Tenure
- AGM until next AGM
- automatic annual renewal
Auditor removal
make arrangements that ensure:
- auditor has sufficiently secure tenure of office
- incumbent auditor removed where doubts exist about their continuing ability to discharge their
duties effectively
NB. Auditor usually resign where working relationship becomes difficult, submit statement of
circumstances surrounding their resignation
Auditor rights
During audit / continued appointment
- access to records, bks
- receive infor. & explanations necessary for audit
- receive AGM notice
- be heard at such mtgs on matters of concern
On resignation
- request EGM to explain circum. of resignation
- require co. to circulate circum. of resignation
<<<<<<<<<<<<<< >>>>>>>>>>>>>>
Ethics
for assurance services, prof. ethics incr. confidence, reduce risk for client.
threats
NB. for each threat, explain how indep. compromised, offer safeguards
> advocacy
- legal services
- corporate finance services
- contingent fees
- dealing in client shares
> familiarity
- family & personal relationships
- audit partner leaving firm to join client
- acting for prolonged periods > 5 yrs
safeguards
- created by profession - edn, training, experience requirements to practice, CPD, CG
regulations, prof. stds, monitoring, external review of work & reports
NB. discipline thru fines, membership suspension / withdrawal
- in work environment - oversight structures, strong ICE, strong ethical leadership, policies &
procedures to promote QC
- by individuals - keeping broader perspective, complying with CPD requirements, close contact
with prof. body
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
IA = assurance service
Ensure that
- ICS operating effectively
- IC effective
- agreed procedures being followed
- non financial & financial infor. produced = sound & reliable
Provided:
- IA fn = sufficiently resourced
- IA fn well organized
> uses well dvped practices
> uses competent staff
- IA fn = indep. & objective
IA fn: Limitations
- reporting system, where CIA reports to FD, instead of AC
- scope of work - where FD decides scope of IA work
- audit work - FD interference in IA work
- length of service of IA staff - long engagements causes familiarity threat to indep.
- CIA appointment - by CEO instead of AC
NB:
- variation of stds - use ISAs
- expectations gap - IA fn role vs perceived role
- people don't understand IA role - watch dog
IA fn
IA fn
Considerations
- scale of operation
- diversity of business
- complexity of business
- staff compliment size
- CBA
- compliance with regulatory requirements
IA fn - Outsourcing
Adv.
- greater focus on cost & efficiency
- broader source of expertise
- reduce staff turnover risk
- provide specialist & expensive skills usually difficult to retain
- skills required temporarily at reasonable cost
- contracting incr. indep.
- less mgt time re approval, training, dvpt
- access to new techn. without significant investment
Disadv.
- conflict of int. where EA = IA
- pressure on indep. arising from cost, intimidation threat
- lack of business knowledge, objectives, culture,
- increased cost over time
- inflexibility due to lack of permanent presence
- compromised std of performance once contract secured
- unclear, overlapping roles with EA
- lack of mgt training & dvpt
IA fn approach to audits
- ID key risk areas
- determine risk mitigation strategies
- test of controls
- determine effectiveness of controls
- conclusion & recommendation
VFM audits
- economy re resources
- efficiency re cost
- effectiveness re attaining objectives
<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
2 broad approaches
1. Procedural
- use of std procedures & tests regardless of particular nature of client
2. Risk-based
- auditor plans audit around risks that client finstats may contain mat. misstatement, whether due
to fraud or error.
- audit involve diff. priorities, tests, require diff. time lengths.
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Audit Assurance
a) Either
Reasonable - statutory - free from material misstatements - true ((not factually incorrect)) & fair
((clear, distinct, plain, unbiased, impartial, just, equitable))
result = +ve assurance,
Or
Tripartite engagement
- user - intended user of reports
- responsible party - BoD - {subject matter = co. perf., subject infor. = annual finstats}
- practitioner - auditor - issues: competence, independence,
suitable criteria = IASs, IFRSs, ISAs.
professional scepticism
sufficient audit evidence
audit report
NB. Examines
<<<<<<<<<<<<<<<<<<<<<<<<< >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Appropriate Sufficient
Sufficiency considerations
M – Materiality
E- Effectiveness of controls
R- Results from other procedures
R - Risk assessment
E – Experience
R – Reliability of source
Reliability considerations
1) External vs internal – independence, on letterhead (external more reliable than internal)
2) Documented vs Oral – minutes, title deeds, receipts, contracts (documented more reliable)
3) Original vs copies – (original more authentic than copies)
4) Auditor generated vs Client generated – (auditor generated more reliable than client
generated)
5) Effectiveness of Internal controls – (i.e. comparison of Econet vs GMB Int. Controls)
Relevance considerations
- Evidence gathered should contribute to the ultimate obj. of the audit
- Evidence gathered to address fin states assertions.
Theory of AE
Authoritarianism – evidence based on testimony of others, ie. 3rd parties, subsidiary etc.
Mysticism – evidence built through intuition. After goin through documented work, auditor gains
insight
Rationalism – evidence built from acceptance of reason as source. Eg recalculations to confirm
value or process.
Empericism – evidence built through sense experience. Use of all 5 senses during audit ie. Smell
of meat inventory during a stock take
Pragmatism – evidence gathered when issues viewed from practical point of view
Storage of evidence
Disc, cd, dvd, flash, hard drive, hard copy or any format it comes in
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Materiality, ISA320
ie. information is material if its omission / misstatement could influence econ. decisions of users
taken on basis of those finstats
- NB. Concerns finstats as whole as opposed to TE which concerns ppltn being tested
By size
By nature
- triggers a threshold
- indicates future dvpts / other significant events
- disclosure compulsory
Why key
- true & fair argument
- need to reduce risk of mat. misstatement
- decide on materiality b4 audit procedures
Implications of materiality
- examine all items material
- design test to ensure nothing material omitted
- NB. Immaterial errors put together add up to material misstatement
TE,
ISA 530 para 12
ie. max. error in ppltn that auditor is willing to accept
- auditor will accept certain #of instances of failure to apply control procedure & still conclude
that procedure = operating properly
- considered at planning stage, & for substantive procedures, = related to auditor's judgement
about materiality
- Classified into two (1) permanent files and (2) current files, updated annually
- or summarized in separate memorandum
Permanent file - (Files of continuing importance from year to year. Long term documents)
Contents of file:
- Details of those charged with governance & Shareholders of co.
- Systems info
- co. & ind. background info
- Directors service contracts
- Investments
- Title deeds
- Copies of founding documents
- Copies of statutory and legal regulations
- Contacts & agreements
- Etc
NB. cross ref.
Current file – (contains files & Audit Evidence for current year audit)
Contents of file:
- Current year financial statements
- Extract of minutes
- External confirmation letters
- Management representations
- Internal control tests working papers
- Risk assessment
- Materiality
- Audit planning infor
- Staffing budgets
- Audit program
- Audit procedures
- Audit evidence
- Conclusions
- Etc
PS: more working papers does not mean a better file. The thicker the file the more challenging.
<<<<<<<<<<<<<<<<<<<<<<<<<<<, >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Risk
Professional Skepticism
||
Risk Assessment
||
CR. ||. IR. ||. DR
NB.
- risk can be uncovered at planning stage
- risk can be reappraised
- review & completion phase can confirm that risk of mat. misstatement has been reduced to
acceptable level
Types of risk
Audit Risk
ie. risk that auditor expresses an inappropriate audit opinion when finstats are materially
misstated - stating finstats are true & fair opinion when in fact they aren't
AR = IR by CR by DR
IR - entity risk
- risk due to nature of co. & it's transactions
NB. Requires thorough KoB, how business affects finstats, discuss matters in planning mtg
- at acct bal. & assertion level
- assets susceptible to misappropriation
- complex accting process
- accting bal. derived thru estimation, judgement
- unsettled transactions
- unusual complex transactions
- accruals
- fraud & error
CR - entity risk
- risk due to co.'s IC not strong enough to prevent, detect, correct risk of errors & misstatement
DR
- risk that auditor's procedures don't pick up material misstatements
Control thru
- efficient, proper audit planning
- use of well trained personnel
- efficient program of substantive testing
- proper scrutiny
- adequate review
Sampling risk,
ISA 530 par 7
- risk that sample not representative
- sub set of DR
ie. risk arising from possibility that auditor's conclusion, based on sample may be different from
conclusion reached if entire ppltn were subjected to same audit procedure.
Non-sampling risk
- misinterpreting test results
- using inappropriate procedures
- auditor mislead by client representation
- failing to investigate transaction / bal.
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Internal Controls
ICS
I.e. whole network of systems est. in orgn to provide reasonable assurance that orgn.al assets are
protected & obj. are achieved
- components
- control activities
- how controls operate
- testing controls
- RTM
IC obj.
- orderly & efficient conduct of business
- safeguard business assets, optimal use, protection from misappropriation , fraud, misuse, theft
- fraud prevention & detection
- completeness, accuracy, validity of accting records
- timely presentation of fin. info for effective decision making
Why ICS matter for auditor
- assess their reliability for prep. of fin stats
- design suitable audit precedures
System - purposes
- data collection
- summarization
- fin stats & mgt info production
Auditor perspective
- more reliable ICS >>>>>>>>>> reduced Audit Risk
IC components
ISA 315
>> control activities
- approval, authorization
- validity - authorization, real transactions
- completeness - all transactions, timely recording, correct cut off
- accuracy - correct amt, allocation, summarization, posting
- computer controls - passwords, backup, anti- virus
- comparisons - budget v actual, benchmarking, variances review & investigation
- arithmetic controls - seq. checks, recalc.
- maintain & review control accts
- acct reconciliations
- physical control - safes, restricted access
- segreg. of duties
>> monitoring
- to ensure continually effective
>> environ
- right mgt attitude
- commitment to competence
- participation by those charged with governance
- mgt philosophy & operating style
- mgt awareness & action
- organizational structure
- assignment of responsibility
- HR policies & practices
Test of Controls
ie. compliance testing
- contrast with substantive procedure - trying to gain assurance directly about accuracy of figure
in fin stats
Est. system
- previous exp. / knowledge
- client representation
- systems manuals
- walk-thru tests
Documenting system
- narrative notes
- flow charts
- organogram - depicts roles, responsibilities, reporting lines
- IC qtnnaire
- ICE qtnnaire
IC - limitations
- human error in use of judgement
- processing errors & mistakes
- staff collusion in circumventing controls
- mgt override of controls
Pre-Engagement Activities
Audit Strategy
Audit strategies
> Balance sheet
Planning > System based
> Transaction cycle
> Risk based
Test of Controls Audit Plan
Evidence
Risk Assessment
Substantive tests
Evaluation Risk Response
Conclusion
Pre-engagement Activities
Relationship analysis
Is auditor willing to accept client
Risk associated with accepting the client, (professional risk, reputational risk &
financial risk)
Clarity on responsibilities of each party
Contractual obligations (of client & of auditor)
Expectation (of client and of auditor) (expectations gap to be addressed)
Pre-conditions for an audit ISA210-para6
Fin. Reporting framework – is it acceptable? (IFRSs & ISAs)
Management to acknowledge responsibility for
- Preparation of fin states
- Internal controls
Management to provide auditor with information or access to info
Contact previous Auditor
Request permission from client
Denied decline audit nomination
If permission
Engagement letter
Sent by auditor to client
Indication of acceptance of engagement by auditor
Specifics – auditor’s duties & responsibilities
- Terms of the audit engagement
- scope
- stds
- not absolute assurance
- mgt letter
- fees
- audit objective
- mgt responsibilities
- deadlines
- complaints procedures
<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Need for planning - to assess & reduce risk of material misstatement of finstats
- people resources - require right team for the assignment
- timing - work fully completed in time for review process, deadlines met
- focus - work focused on material risk areas
- ID potential problem areas
- amt & nature of work - appropriate for the assignment
Audit strategy
KoB>>>>>>>>Risk Assessment<<<<<<<<<<<<AP
Scope
- what's applicable financial reporting framework?
- IFRSs, IASs
- ind. special reporting requirements - listed corporations, banks, insurance co.s
- group audits
Timing
>> deadlines for
- final reporting
- interim reporting
- RTM
- reports to those charged with governance
>> timing of
- interim & final audit visits
NB.
- early enough not to interfere with client y/e procedures & to afford adequate warning of
specific problems
- late enough to enable sufficient work to be done to ease pressure on final audit
Direction
- preliminary materiality assessment
- preliminary ID of high risk areas
- preliminary ID of material components & acct bal.
Possible strategies
- interim / final
- substantive / controls
- AR / test of details
Audit plan
= fn ( risk, materiality)
Decision required
- what audit procedures
- who does them
- how much AE
- when AE required
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<, >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Management assertions
- Management responsible for preparation of fin states. (Prepared in compliance with accounting
frameworks i.e. IFRS & IAS)
-by presenting fin states for audit, management is making assertion regarding recognition,
measurement, presentation and disclosure
-objective of auditor is to check whether management assertions implied in the fin states are correct/ in
compliance with IFRS & IASs (Auditor complies with audit frameworks ISAs)
Assertions classified either as Account balance (balance sheet) assertion or Transaction balance (Income
statement) assertion or both.
- all transactions, events, assets, liabilities, equity, interests & disclosure have bn
recorded
C- Cut off – transactions accounted for in the period in which they relate
A- (LEAVE BLANK)
O- Occurance – transactions recorded shld have taken place & shld relate to the entity
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Audit procedures are applied to assertions to obtain audit evidence. Eg evidence on EXISTANCE of stock
can be obtained by OBSERVING a stock count & INSPECTION of quality.
ACCRONYM – AEIOU
A- Analytical procedures – statistical, mathematical and ratio analysis. Review plausible relationships,
check consistence, comparisons, helps understand the business, overview review after completing audit
etc… eg insolvency rations, gearing ratios etc
E- Enquiry – systematic investigation/ search for knowledge esp from 3rd party external to the org i.e
bank balance confirmations, asset valuators, debtors confirmations. etc
<<<<<<<<<<<<<<<<<<<<<<<<<<<< >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Reporting
Internal reporting
Reporting to those charged with governance
- material weaknesses
- form, timing, recipients agreed at engagement time
- Report To Management (RTM) - weakness, consequence, recommendation in tabular format
Reporting on controls
- report not comprehensive list of weaknesses
- no responsibility to 3 parties
- pvt & confid.
- not for external circulation,
External reporting
1) Unmodified/ unqualified opinion Standard – fin states are true & fair
Disclaimer – worst
Pervasive implies issue has multiple repercussions e.g affect PBT, Tax, PAT
Qualification reasons