3: Process: Planning Flashcards
What are the two elements of the planning process?
Audit Strategy
- determines scope, timing and direction of audit and determines the development of the audit plan
Audit Plan
- shows how the overall strategy will be implemented
What are the 6 key components of the audit strategy?
- understanding the entity and its environment
- materiality
- risk assessment
- nature, extent and timing of audit procedures
- direction, supervision and review of work
- other matters (ie. budget and fee)
What are the 6 things that audit planning ensures?
- attention is paid to the most important areas
- potential problems are identified
- audit is properly organised and managed
- work is assigned to the appropriate member of the audit team
- appropriate direction and supervision of audit team members
- reviews by more senior auditors are facilitated
The auditor is responsible for carrying out these procedures in order to obtain sufficient appropriate audit evidence to support their opinion. May be discussed with client
Why should an auditor get an understanding of an entity?
Because ISA 315 requires it!
- to assess risk
- to help design and perform audit procedures
- to develop the audit strategy and plan
What does the ISA 315 consider to be important aspects in gaining an understanding of the business?
- industry, regulatory, other external factors, including the applicable financial reporting framework
- nature of the entity, including the entity’s selection and application of accounting policies
- objectives and strategies and the business risks that may result in a material misstatement of the statements
- measurement and review of the entity’s financial performance
- internal controls
What does ISA 315 require the auditor to understand about the entity’s financial reporting framework?
- accounting principles and industry-specific practices
- revenue recognition
- accounting for financial instruments
- foreign currency assets, liabilities and transactions
- accounting for unusual or complex transactions
What does the ISA 315 require the auditor understands about the client’s accounting policies?
- methods used to recognise, measure, present and disclose significant and unusual transactions
- effect of significant accounting policies in controversial or emerging areas for which there is a lack or authoritative guidance or consensus
- changes in the environment ie. tax changes that may necessity a change in policies
- financial reporting standards/ laws / regulations that are new to an entity
How does the auditor get the info they need to understand the business?
- enquiries of management and other client staff
- analytical procedures
- observation of processes
- inspection of documents or assets
- prior knowledge of the client
- discussions among the audit team
Define materiality and performance materiality
An expression of the relative significance of a particular matter in the context of the financial statements as a whole
A matter is material if its omission of misstatement could influence the economic decision of users taken on the basis of the financial statements
Performance materiality: amount set to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality as a whole
How is materiality decided?
Depends on the auditor’s judgement
- may be material because of size.
- may be material because of nature. ie. transactions between company and its directors must be disclosed and is material in nature
What are the materiality thresholds to use for the exam?
Profit before tax - 5-10%
Revenue - 0.5-1%
Total assets - 1-2%
What are the benefits of risk assessing?
- audit is more efficient with work directed to problem areas
- fewer inappropriate opinions
- fewer negligence claims against auditor
Risk should be assessed continually throughout the audit
Define audit risk?
The risk that the auditor arrives at an inappropriate opinion.
ie. says the statements give a true and fair view but there is actually a material misstatement
What is the audit risk model?
Audit risk = inherent risk x control risk x detection risk
Define the three types of risk that are in audit risk?
Inherent risk = susceptibility of an assertion to a misstatement that could be material. Could be individual or aggregated
Control risk = risk that a material misstatement would not be prevented, detected or corrected by control systems
Detection risk = risk that the auditor would not detect a misstatement that could be material. Could be due to insufficient work, inappropriate work or poor judgement
What are the three levels inherent risk is reviewed at?
Industry level
- affects the whole industry
- ie. highly regulated industry like banking
Entity level
- affects whole entity
- ie. company may not be going concern
Balance level
- isolated to a particular account balance
- ie. Items that are complex or subjective
Auditors need to determine where on the spectrum of risk the inherent risk lies
What are the risk factors that should be used to determine the significance of a risk?
- complexity
- subjectivity
- change
- uncertainty
- susceptibility to misstatement due to management bias or other fraud factors
Unusual transactions or matters of director judgement are higher risk
What are the risk factors that should be used to determine the significance of a risk?
- complexity
- subjectivity
- change
- uncertainty
- susceptibility to misstatement due to management bias or other fraud factors
Unusual transactions or matters of director judgement are higher risk
Two categories of sustainability risk?
- Physical risks
- arise from the physical effects of climate change - Transition risks
- relate to social and economic shifts to a low-carbon economy such as changes to policy, regulation, technology and market
What are the big 5 climate risks to organisation?
- Business not complying with climate change regulations, which could lead to fines, loss of licence or being forced to close
- Sectorial risks, ie. agriculture/crop failure
- Loses investors if not climate friendly
- Traditional business unable to adapt
- Direct threat as a result of climate change
Risk: adverse weather
Business risk
RoMM?
Damaged and/or destroyed crops
Manipulation of FS to avoid reporting reduced profit margins
Risk: greenhouse gas emissions
Business risk?
RoMM?
Imposed switch to more environmentally friendly farming
Uncertainty over asset values and revenue risks
Risk: consumer demand for more renewable energy forms
Business risk?
RoMM?
Change to products sold
Existing inventory and assets may not be viable, leading to possible overstatement (and inability to adapt and not a going concern)
Define fraud and error
Fraud: an intentional act involving the use of deception to obtain an unjust or illegal advantage
Error: an unintentional misstatement in the financial statements, including the omission of amounts of disclosures
What are the two categories of fraud?
- Misappropriation of assets - theft.
- ie. the creation of ghost employees to divert company funds into a personal bank account - Fraudulent financial reporting
- intentionally manipulating the statements to deceive users
Who is responsible for fraud?
The prevention and detection of fraud rests with those charged with governance of an entity and management
Achieved through design and implementation of effective internal controls
Is fraud a greater risk then error, and how is fraud risk dealt with?
Yes, because of the potentially sophisticated nature of the schemess
There must be a discussion amongst the engagement team about how the entity might be susceptible to fraud, and it must include an exchange of ideas
The RA must include risk of fraud, and the audit plan must have responses to these risks
What is a related party?
An individual or organisation that is influenced by, or has influence over, the entity.
Dealing with related parties increases the potential for the financial results to be manipulated.
Problems with related parties?
- They are difficult to identify
- Directors may be reluctant to disclosure transactions
- Transactions may not be easy to identify as they are not separate from ‘normal’ transactions
- Transactions may be concealed for fraudulent purposes
What are analytical procedures?
The evaluation of financial information through analysis of plausible relationships among data
Comparing data sets basically, with calculations!
Also includes the investigation of identified fluctuations or relationships that differ from what’s expected by a significant amount
How would analytical procedures be used in the planning stage?
Used to identify risk
Used as a substantive procedure to gather audit evidence
Used to form an overall conclusion on statements
Has limitations: require sound knowledge of the entity, experienced staff and reliable data
The four steps to carrying out analytical procedures?
- Understand the business
- Develop an expectation
- Compare actual to expectation
- Unexpected variations = risk
What are sources of information for analytical procedures?
- interim accounts
- budgets
- management accounts
- VAT returns
- board minutes
- non-financial information
- discussion or correspondence with client
- industry knowledge
