Ch 4 - Planning an audit (basics) Flashcards
What are the benefits of planning an audit?
Attention is devoted to important areas
- i.e. areas that are more likely to include material errors
Potential problems are identified and resolved on a timely basis
Audit is organised to ensure it is performed in an effective and efficient way
As this allows a profit to be made
Staff with appropriate level of competence can be selected
Facilitates direction, supervision and review of audit work
Aids co-ordination of work done by auditors of components or experts
E.g. if one auditor does consolidated FS, they might not have done indiv FS so would work with auditor of indiv FS to help understand
Why is it important that an Audit is organised to ensure it is performed in an effective and efficient way?
Allows for profit to be made
What must an auditor do at the strat of an audit?
ISA 300 requires the auditor to
- plan the audit engagement
- establish and document an overall audit strategy and a detailed audit plan
Is the overall audit strategy and detailed audit plan set in stone in planning?
No, These documents should be updated as necessary as the audit progresses
How is an overall audit strategy done for clients?
This is specific to each indiv client
What does the audit strategy cover?
the main general areas of planning such as The entity and its env Materiality Preliminary analytical procedures Risk assessment Audit approach Co-ordination of the audit
What are the main general areas of planning?
The entity and its env Materiality Preliminary analytical procedures Risk assessment Audit approach Co-ordination of the audit
What must be co-ordinated in the audit strategy?
Timing Teams Locations Budgets Deadlines
How can auditors assess risk properly?
only possible with a thorough understanding of the client
Why is it important for an auditor to understand the entity and its env?
ISA 315 and 330 require the auditor to assess risk, which is only possible with a thorough understanding of the client
An understanding of the entity and its env underpins all the benefits of planning we saw earlier in the chapter
What are the 4 forms of obtaining understanding of an entity and its env?
Firm
You
Client
Other
How can the firm understand an entity and its env?
Partner
Manager briefing
Industry experts
Last years team
How can you understand an entity and its env?
Through past experience
How can the client help the auditor to understand an entity and its env?
Discussion
Observation
Watch what they actually do to see how it works
Website/brochures
Helps determine their aims
E.g. if they want to be listed soon or show huge growth, may require more attention to sales figures
Analytical procedures
Draft figures for the current year can be a good indicator
What other things help the auditor to understand an entity and its env?
Industry surveys Compare to competitors Credit reference agencies Companies House Internet search
What areas must the auditor understand?
Environment - Laws and regulations - Industry conditions Entity - Operations - Ownership and governance - Investments -Structure & finance - Accounting policies - Objectives and strategies - System of internal control - Use of outsourcing
Define materiality
ISA 320 states that info is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the FS
Materiality is therefore a matter of professional judgement
What is materiality a matter of?
Materiality is therefore a matter of professional judgement
What are the general thresholds for materiality?
0.5-1% of revenue
5-10% of profit before tax
1-2% of gross assets
Give some examples of materiality by nature
- Matters relating to directors or related party transactions which are required to be disclosed in FS regardless of their value
- Small amounts that impact on critical points
Examples
Change a profit to a loss
Net assets to net liabilities
Affect thresholds such as whether a company is a small or medium sized company under CA
Descriptions which are misleading
E.g. of accounting policies
What is performance materiality?
Performance materiality is an amount set at less than materiality for FS as a whole, to reduce the risk that the aggregate of smaller misstatements in the indiv acc balances or classes of transactions could exceed materiality for the FS as a whole
What is the purpose of performance materiality?
to reduce the risk that the aggregate of smaller misstatements in the indiv acc balances or classes of transactions could exceed materiality for the FS as a whole
Why and when are analytical procedures used?
During planning
To identify risks
What are the 3 uses of analytical procedures?
During planning, help to identify risks
Can be used as a form of substantive procedures to gather audit evidence (ISA 520)
Must be used to assist in forming an overall conclusion on the FS (ISA 520)
Why are analytical procedures useful at the planning stage?
To give an overall perspective on the FS using both financial and non-financial data
What are the limitations to analytical procedures?
Require sound knowledge/experience in the entity, which may be limited on a first year audit
Experienced staff may be required to carry them out
Quality of the analytical procedures depends on the reliability of the source data
How do you perform analytical procedures?
Understand the business
Develop an expectation
Compare actual to expectation
Unexpected variations create risk
How can analytical procedures be formed?
Analytical procedures can be performed using simple trends or complex calculations predicting figures in the FS
Acc ratios can be used
How do you calc and what is the interpretation of
Gross profit margin
Gross profit/revenue * 100%
Assess profitability before taking OH into acc
How do you calc and what is the interpretation of operating margin?
Operatingprofit/ revenue * 100%
Assess profitability after taking OH into acc
How do you calc and what is the interpretation of
return on capital employed?
Operating profit / equity + debt * 100%
Measure how effectively resources are used to generate profit
What are the 3 key performance ratios?
Gross profit margin
Operatin margin
Return on capital employed
What are the 2 key ST liquidity ratios?
Current ratio
Quick ratio
How do you calc and what is the interpretation of
Current ratio
current assets / current liabilities
Assess ability to pay current liabilities from current assets
How do you calc and what is the interpretation of
Quick ratio
Current assets less inv / current liability = assesses ability to pay current liabilities from reasonably liquid assets
What are the 2 solvency ratios?
Gearing ratio
Interest cover
How do you calc and what is the interpretation of
Gearing ratio
Net debt / equity
Assess reliance on external finance
How do you calc and what is the interpretation of
Interest cover
Profit before interest payable / interest payable
Assess ability to pay interest charges
What are the 3 key efficiency ratios?
Trade receivables collection period
Inventory holding period
Trade payables payment period
How do you calc and what is the interpretation of
Trade receivables collection period
Trade receivables / revenue * 365
Assess average time taken to collect cash from credit customers
How do you calc and what is the interpretation of
Inventory holding period
Inventory / CoS * 365
Assess the average length of time inv held
How do you calc and what is the interpretation of
Trade payables payment period
Trade payables / purchases * 365
Average time taken for suppliers to pay
What is business risk?
risk that could adversely affect an entity’s ability to achieve its objectives and execute its strategies
What are the types of business risk?
Financial
Operational
Compliance based
Who should manage business risk?
DIRECTORS
When are auditors related to business risks
Auditors are ONLY interested in business risks that impact the FS
What is audit risk?
risk that the auditor expresses an inappropriate opinion on the FS
Audit risk = inherent risk x control risk x detection risk
What is entity risk?
risk that the FS are materially misstated and is made up of
Inherent risk
Control risk
Detection risk
What is inherent risk?
susceptibility of the assertion about transactions, balances or disclosure to a misstatement which could be material, assuming there were no related internal costs
What is control risk?
risk that a misstatement isn’t prevented, detected or corrected by an entity’s internal control systems
What is detection risk?
risk that procedures performed by an auditor doesn’t detect a misstatement that exists and is made up of
Sampling risk
Non-sampling risk
What is sampling risk?
risk that the conclusion drawn from the results of a sample test is diff to the conclusion that would’ve been drawn had the whole population been tested
What is non-sampling risk
risk of drawing the wrong conclusions for other reasons than sampling
What are the signif risk areas that requite special audit consideration?
Fraud Related party transactions Subjective items Complex items Unusual transactions
What risks must an auditor identify?
ISA 315 requires the auditor to identify specific risks arising at each audit client
What are the specific risks that are common in most audits?
Management override
Risk i present in every audit engagement
Management is in a unique position to manipulate acc records so audits must assess the risk during the planning stage
Journals
Fraudulent activity may be carried out using inappropriate or unauthorised journal entries
Auditor should test journal entries for
Unusual items
Round number entries
Journals made by indivs who don’t normally do so
Journals made outside office hours
Postings to suspense accounts
Revenue recognition
Risk of misstatement is higher where management reward is linked to revenue or profit
Cyber security
What is management override risk?
Risk is present in every audit engagement
Management is in a unique position to manipulate acc records so audits must assess the risk during the planning stage
What is journal risk and how should they be tested?
Fraudulent activity may be carried out using inappropriate or unauthorised journal entries
Auditor should test journal entries for
Unusual items
Round number entries
Journals made by indivs who don’t normally do so
Journals made outside office hours
Postings to suspense accounts
What is revenue recognition risk?
Risk of misstatement is higher where management reward is linked to revenue or profit
In the audit approach, how should an auditor reduce the audit risk to suitable level?
Determine overall responses to assessed risk at the FS level
Perform audit procedures to response to a assessed risks at the assertion level
What are involved in the overall responses of reducing audit risk to an acceptable level?
Emphasise staff need to maintain professional scepticism
Assign extra/more experienced staff
Use the work of experts, internal auditors and other auditors
Provide more supervision on the audit
Incorporate more unpredictability into audit procedures
What are involved in the responses at assertion level of reducing audit risk to an acceptable level?
Adjust the nature,natures tent and timing of procedures in response to assessed risks
Nature: type of test
Extent: how much testing
Timing: during the year, at the y.e and after y.e
What must the auditor assess when planning to rely on the work of others?
General assessment
Consider whether third party is competent and independent
Specific assessment
Consider whether the piece of work on which the auditor wants to place reliance on is suitable for this purpose
What is the specific assessment required when the auditor intends to rely on info from others ?
Consider whether the piece of work on which the auditor wants to place reliance on is suitable for this purpose
What is the general assessment required when the auditor intends to rely on info from others ?
Consider whether third party is competent and independent
What must an auditor do if they expect controls to be effective?
Test controls
if found to be effective, do limited substantive testing
If not found, do significantly substantive testing
What must an auditor do if they don’t expect controls to be effective?
Carry out substantive testing
i.e. analytical procedures and tests of detail
What action is required when signif substantive testing is required?
Analytical procedures
Tests of detail
What must be done when carrying out limited substantive testing?
Perform some substantive testing due to inherent limitations of control
What should the audit plan be guided by?
Overall audit strategy
What should the audit plan include a description of?
Nature, extent and timing of planned risk assessment procedures
Nature, extent and timing of further audit procedures at the assertion level
HOWEVER Plan will develop over time, so the auditor doesn’t play how to audit indiv acc balances until they have considered the results of their risk assessment procedures
Audit plan should be modified where necessary in response to new info, or the results of audit testing carried out
Why is an audit plan not rigid?
Plan will develop over time, so the auditor doesn’t play how to audit indiv acc balances until they have considered the results of their risk assessment procedures
Audit plan should be modified where necessary in response to new info, or the results of audit testing carried out
When must an audit plan be modified?
where necessary in response to new info, or the results of audit testing carried out
What is cyber security?
Cyber security protects systems, networks and data in cyberspace
What does cyber security include?
The protection of data from unauthorised modification, disclosure or destruction
The protection of the info systems from failure
Why is cyber security v important for most orgs?
Increasing use of technology and constantly evolving risk makes this v important for most organisations
What are the key risk areas for entity’s IT system?
Hacking Fraudulent theft of funds Deliberate sabotage E.g. commercial espionage/malicious damage Viruses, malware and other corruption Denial of Service attacks
What are the risks for businesses that auditors must react to?
Reputational damage
Breaches of data protection legislation leading to fines
Misstatements in FS
What should IT security controls cover?
prevention, detection, deterrance and recovery procedures
What practical measures are included in IT security controls?
Business continuity planning
Measure to ensure the business can continue in the event of a disaster/system failure
Systems access control
Protection of systems and detection of unauthorised activity
Systems development maintenance
IT projects should be conducted securely and development/maintenance should ensure systems/data are protected
Physical and env security
Prevention of unauthorised access, damage, theft or interference with assets/systems
Compliance
Monitor compliance with legal requirements and organisational policies
Personnel security
Recruitment of trustworthy employees, training and reporting arrangements
Security organisation
Clear reporting lines and responsibility for info security
Computer and network management
Protection of system integrity (e.g. from viruses/malware) and info especially when exchanged between organisations
Asset classification and control
Assign ownership of info assets
Security policy
Written policy available to all employees
What does business continuity planning do?
Measure to ensure the business can continue in the event of a disaster/system failure
What does systems access control do?
Protection of systems and detection of unauthorised activity
What does systems development maintenance do?
IT projects should be conducted securely and development/maintenance should ensure systems/data are protected
What is physical and env security?
Prevention of unauthorised access, damage, theft or interference with assets/systems
What is personnel security?
Recruitment of trustworthy employees, training and reporting arrangements
What are computer and network management?
Protection of system integrity (e.g. from viruses/malware) and info especially when exchanged between organisations
What is security policy?
Written policy available to all employees
What is cloud computing
allowing users to access data from any location
What are the benefits of cloud computing?
Creates cost savings compared to traditional IT storage on site
What are the disadvantages of cloud computing?
passes on control of data to a cloud-service provider
Creates danger that inadequate cyber security could lead to data being lost, corrupted stolen
What must auditors consider re cloud computing?
consider whether the cloud-based service provider’s controls are reliable