Professional Documents
Culture Documents
AUDIT CAP2 Session 3 2021_2022
AUDIT CAP2 Session 3 2021_2022
Assurance - Session 3
ISA 300, ISA 315, ISA 330, ISA 500
Agenda
RoI students – the above standards are International Standards on Auditing (Ireland)
NI students – the above standards are International Standards on Auditing (UK)
Key learning outcomes
Benefits of planning –
• Ensuring adequate attention is devoted to important areas on a timely
basis.
• Auditor identifies and resolves potential problems on a timely basis.
• Helps in performing the audit in an effective and efficient manner.
• Ensures selection of engagement team members with appropriate skills.
• Facilitates direction and supervision of engagement team.
At the beginning of the audit engagement, the auditor will perform the following
procedures:
The engagement partner and other key members of the engagement team
should be involved in planning the audit.
• Auditor will establish an overall audit strategy that sets out the scope, timing
and direction of the audit. After the strategy the audit plan is formulated.
• Multiple locations?
• Group audits?
Deadlines for:
• Final reporting
• Interim report (if applicable)
• Reports to management
• Reports to those charged with governance
The timing of:
Direction –
The ‘direction’ of the audit covers the overall approach and concerns such
issues as:
Consider:
• Characteristics of engagement;
After the strategy, the auditor shall develop an overall audit plan covering:
• Nature, timing and extent of planned audit procedures at the assertion level; and
The auditor can update the overall strategy and the audit plan at any stage during the
audit. It is not set in stone!
• Determination of materiality
Possible Strategies –
Procedures
• We will review these in more detail
over the coming sessions
Please note that the above is not a complete or comprehensive list of planning procedures
This standard was revised in 2020 with the intention to improve the auditors focus on risk. Key
revisions:
• It introduced the concept of ‘scalability’ to improve the standard’s applicability to entities across
a wide spectrum of circumstances and complexities
• Improved discussion of IT within client's systems and the auditors use of data analytics to
perform audit procedures
• Increased focus on ‘professional scepticism’
• More emphasis and guidance on the use of internal audit (if applicable)
Control Monitoring
Risk Assessment Control Activities IT System
Environment Activities
• Reconciliation
Understanding of the information system including the business processes relevant financial reporting**
• Evaluating whether:
i. Management, with the oversight of TCWG, has created and maintained a
culture of honesty and ethical behavior;
ii. The control environment provides an appropriate foundation for the other
components of the entity’s system of internal control considering the nature
and complexity of the entity; and
iii. Control deficiencies identified in the control environment undermine the
other components of the entity’s system of internal control.
© Chartered Accountants Ireland
ISA 315 - Understanding the Components of the Entity’s
System of Internal Control – Entity Risk Assessment
Process
Control Monitoring
Risk Assessment Control Activities IT System
Environment Activities
iii.The financial reporting process used to prepare the entity’s financial statements,
including disclosures; and
iv. The entity’s resources, including the IT environment, relevant to (a)(i) to (a)(iii) above;
b. Understanding how the entity communicates significant matters that support the preparation
of the financial statements and related reporting responsibilities in the information system and
other components of the system of internal control:
i. Between people within the entity, including how financial reporting roles and
responsibilities are communicated;
ii. Between management and those charged with governance; and
iii. With external parties, such as those with regulatory authorities;
c. Evaluating whether the entity’s information system and communication appropriately support
the preparation of the entity’s financial statements in accordance with the applicable financial
reporting framework.
© Chartered Accountants Ireland
ISA 315 - Understanding the Components of the Entity’s
System of Internal Control – Monitoring of the System
of Internal Control
Control Monitoring
Risk Assessment Control Activities IT System
Environment Activities
Examples of enquiries:
• Management and TCWG may provide insight into the oversight of the FS preparation
• In-house legal counsel about litigation, compliance with laws and regulations, fraud
etc.
Analytical procedures –
• Analytical procedures may include both financial and non-financial information such
as the relationship between sales and square footage of selling space or volume of
goods sold.
• Analytical procedures may help identify the existence of unusual transactions ratios
and trends that might indicate matters that have an audit implication.
Examples:
• Observe the entities operations and inspect internal documents, records and internal control
manuals.
• Information obtained from external sources such as trade and economic journals; reports by
analysts, banks, or rating agencies; regulatory or financial publications etc.
• The behaviors and actions of management or those charged with governance (such as the
observation of an audit committee meeting)
The determination of which of the assessed risks of material misstatement are close to the upper
end of the spectrum of inherent risk, and are therefore significant risks, is a matter of professional
judgment
Revision of risk assessment – If the auditor's assessment of risk changes during the course of the audit, the
auditor will revise the risk assessment and modify the planned audit procedures to address the new risk
assessment.
© Chartered Accountants Ireland
ISA 330 – The auditor’s response
to assed risk – Session 3.3
ISA 330 – The auditor’s responses to assessed
risk
• ISA 315 helps the auditor get an understanding of the entity and hence identify
risks of material misstatement.
• ISA 330 gives guidance to the auditor to design suitable procedures to address the
risks that have been identified.
• Simply put, ISA 315 asks the auditor what can go wrong with this audit? ISA 330 -
now that you know what can go wrong with the audit what are you going to do about
it?
• What procedures are you going to design and what evidence are you going to
obtain?
© Chartered Accountants Ireland
ISA 330 – The auditor’s responses to assessed
risk
• The auditor must design and perform audit procedures whose nature, timing and
extent are based on the risks identified.
• These procedures must be responsive to the risks that have been identified.
➢ Whether a risk assessment takes into account controls that address the risk of
material misstatement whereby the auditor would need to test the operating
effectiveness of those controls (control risk– Session 2)
Tests of control –
Substantive tests –
• If the auditor does not get sufficient evidence by performing tests of controls
and hence concludes that the controls are not effective, then the auditor
would proceed and perform an extensive amount of substantive procedures.
It is possible to perform tests of controls as part of the interim audit and if the
auditor has done this they need to consider:
Audit
Strategy
Controls effective,
less substantive
testing
Substantive Rely on
Testing Controls Controls not effective,
extensive substantive
testing
Analytical Tests of
Procedures Detail
• Audit Evidence is anything that the auditor will use and rely upon in forming
his/her opinion
Sufficient –
• How much evidence is needed?
• Depends on auditors judgment
Appropriate –
• Refers to relevant and reliable evidence
• Depends upon nature of transaction or balance being tested AND the
assertion being tested. Persuasive not conclusive (opinion, not certificate)
• Not absolute assurance on F/S
• Procedures are designed to reduce risk NOT eliminate it
The assertions are important because they have an impact on how the auditor
gathers evidence. Remember that the audit evidence required depends on both:
This can all be simplified down to four key questions that the auditor needs to answer:
• Occurrence • Completeness
• Existence 4. Is it disclosed properly?
• Rights and obligations
• Classification
• Cut-off
• Allocation
2. Is it included at the right value? • Presentation
• Accuracy
• Valuation
Factors to consider:
• Obtained directly by auditor vs indirectly
• Documentary vs. Oral
• Original vs. copies