ACCT3600 Lec 2 Planning the Audit, Business Risk, Analytical Procedures, Internal Controls

Question 1

What are the 4 steps in the AUDIT PROCESS?

Answer 1

1. Pre-engagement procedures for acceptance of a new audit
2. Planning overall audit strategy
   - Key: given the limited resources of the external auditor, what are the priority areas to be audited?
3. Evidence collection and evaluation
4. Audit opinion formulation and reporting

Question 2

What are the 7 steps for ACCEPTING a new audit?

Answer 2

1. Obtain new client
2. Obtain ethical clearance from previous auditor
3. Evaluate integrity of management
   - by making inquiries to 3rd parties such as solicitors and bankers.
4. Evaluate own independence
   - e.g. relatives in client company
5. Assess technical competence to perform audit
6. Decide to accept / reject
7. Prepare engagement letter

Question 3

What is ENGAGEMENT RISK?

What causes engagement risk?

Answer 3

Reputation damage or litigation arising in connection with a financial report audit.

• unethical client
• client’s business more risky by nature e.g. tobacco, gambling

Question 4

What is AUDIT RISK? What is it a combination of? What is the order of risk?

Answer 4

Risk that the auditor will give an INAPPROPRIATE OPINION when the financial report is MATERIALLY MISSTATED.

(1) inherent risk, (2) control risk, (3) detection risk.

Question 5

What is INHERENT RISK?

Give an example, and explain how it affects the audit strategy.

Answer 5

The susceptibility of an assertion about a class of transactions, account balances or disclosure to material misstatement given the INHERENT AND ENVIRONMENTAL CHARACTERISTICS, but without regard to related internal controls.

e.g. Apple iPhone - valuable small portable products - easily stolen inventory - internal control barcode may reduce risk a bit - auditor might have to take more doing inventory stock take.

Question 6

What is CONTROL RISK?

What are some considerations?

Answer 6

The risk that a material misstatement in an assertion about a class of transactions, account balance or disclosure MAY NOT BE PREVENTED OR PROMPTLY DETECTED AND CORRECTED BY ENTITY’S INTERNAL CONTROL.

• Does an IC policy exist?
• Do staff comply with the policy?
• Regardless of a policy working last yr, is it still an effective policy for the yr under review? (e.g. new division, new IT system so policy needs updating).

Question 7

What is DETECTION RISK?

Answer 7

The risk that an AUDITOR’S SUBSTANTIVE PROCEDURES performed to reduce audit risk to an ACCEPTABLY LOW LEVEL will not detect a material misstatement.

Question 8

PLANNING requires auditor to gain an understanding of the entity and its environment. What does this knowledge include? (4)

Answer 8

1. industry and related regulations
2. nature of the entity including operations; ownership and governance structure; and way entity is structured
3. entity’s selection and application of accounting policies
4. Objectives, strategies and related business risks.

Question 9

What is BUSINESS RISK?

Answer 9

Risk entity’s BUSINESS OBJECTIVES WILL NOT BE ATTAINED as a result of INTERNAL AND EXTERNAL FORCES and, ultimately, the risk associated with the entity’s PROFITABILITY AND SURVIVAL.

Question 10

Why is it important to analyze business risk?

Give an example about declining profitability?

Answer 10

Some business risk translates into audit risk!

e.g. Auditor does not care about declining profitability per se (not a management consultant), but declining profitability may increase management incentive for earnings manipulation LEADING TO MATERIAL MISSTATEMENT OF THE FINANCIAL REPORTS.

Question 11

What are the 3 business risk categories?

Answer 11

1. Financial risk
   - funds availability, constraints on credit, complex financing arrangements…
2. Operational risk
   - changes in supply chain, lack of competent personnel, changes in IT environment, changes in key management, uncontrolled growth, corporate governance breakdown…
3. Compliance risk
   - environmental breaches, exposures to litigation, contingent liability exposure…

examples in lec slide to do.

Question 12

Give some examples of business risks?

Answer 12

• Operations in economically unstable countries with significant currency devaluations or high inflation.
• Operations exposed to volatile markets e.g. futures trading.
• Operations subject to a high degree of complex regulation.
• Going concern and liquidity issues due to loss of some significant customers.
• Constraints on the availability of capital and credit.
• Changes in the industry in which entity operates.
• Changes in supply chain.
• Developing or offering new products / services, or moving into new lines of businesses.
• Expanding into new locations.
• Changes in entity such as large acquisitions or re-organisations.
• Entities or business segments likely to be sold.
• Existence of complex alliances and joint ventures.
• Use of off-balance-sheet finance, special purpose entities, and other complex financing arrangements.
• Significant transactions with related parties.
• Changes in key personnel / executives.
• Deficiencies in internal control, especially those not addressed by management.
• Installation of significant new IT systems related to financial reporting.
• Enquirers into entity’s operations or financial results by regulatory or gov bodies.
• Past misstatements, history of errors, or a significant amount of adjustments at period end.
• Significant amount of non-routine or non-systematic transactions including inter company transactions and large revenue transactions at period end.
• Transactions that are recorded based on management’s intent e.g. debt refinancing, assets to be sold, classification of marketable securities.
• Application of new accounting policies.
• Accounting measurements that involve complex processes.
• Events or transactions that involve significant measurement uncertainty, including accounting estimates.
• Pending litigation and contingent liabilities e.g. sales warranties, financial guarantees and environmental remediation.

Question 13

The business risk analysis approach requires ANALYTICAL PROCEDURES to be used during the planning stage of the audit. Why?

Answer 13

Helps identify anomalies / areas requiring investigation…

Question 14

How do you conduct analytical procedures?

Answer 14

1. Compare linked accounts,

2. Are the ratio’s trending in the right direction?

Question 15

Give some examples of LINKED ACCOUNTS in analytical procedures?

Answer 15

• Liability increase - interest exp increase
• Sales increase - COGS increase - Inventory decrease
• Wages exp increase - workers compensation exp increase - workers provision increase
• No. employees increase - wages increase

Example in lec slide to do.

Question 16

INTERNAL CONTROLS are designed to reduce business risk which threaten……

Answer 16

1. reliability of the entity’s financial reporting
2. effectiveness and efficiency of the entity’s operations
3. compliance with applicable laws and regulations.

Question 17

Why can’t internal control’s assure a reliable financial report?

Answer 17

Inherent limitations:
*control breakdowns as a result of the actions of careless or fatigued staff, or intentional collusion

• possibility of management override
• the existence of non-routine transactions where internal controls were not devised.

Question 18

What does the concept of REASONABLE ASSURANCE recognize?

Answer 18

That in some cases, cost of management establishing / maintaining controls can outweigh benefits.

e.g. separation of duties requires more staff.

Question 19

Give some examples of internal controls?

Answer 19

• performance reviews (e.g. comparing actual with budget)
• IT controls (e.g. password?)
• physical controls (e.g. locked storerooms for inventory)
• segregation of duties at each phase of the transaction cycle.