Chapter 11 - Performing an audit engagement Flashcards
What are audit procedures?
Audit procedures are the specific techniques and steps auditors use to obtain audit evidence about the accuracy, completeness, and validity of an entity’s financial statements. These procedures help auditors assess the risks of material misstatement and determine whether the financial reports are presented fairly in accordance with applicable accounting standards.
What are the two categories of audit procedures? Briefly define each
- Control testing - process of evaluating whether a company’s internal controls are properly designed and operating effectively to prevent or detect material misstatements in the financial statements.
- Substantive procedures - procedures performed by auditors to detect material misstatements in financial statements. These tests are designed to gather direct evidence about the accuracy, completeness, and validity of financial statement balances and transactions.
Outline and explain the table that can be used to determine the types of audit procedures required to obtain sufficient appropriate audit evidence about specific assertions
This table helps auditors select appropriate procedures based on the type of evidence they need to collect and the assertions they need to test.
VERB (the action) This column suggests the type of procedure to use (e.g., “Inspect”, “Recalculate”, “Observe”).
WHAT (are you looking at) This clarifies the subject of the procedure, like a document, control, or estimate.
WHY (are you doing it?)
This links the procedure to specific audit assertions, like:
* Existence
* Completeness
* Accuracy
* Valuation
* Rights and obligations
* Presentation and disclosure
Outline the method that can be used to determine the types of audit procedures required to obtain sufficient appropriate audit evidence about specific assertions
-
Identify the Assertion You Need to Test
For example, if you’re auditing inventory, the key assertions might be existence and valuation. -
Look at the “WHY” Column
Find the audit assertions you’re targeting. For example:
* For existence: Consider procedures like Inspect, Observe, Confirm.
* For valuation: Consider Enquire, Examine, Recalculate. -
Move Left to the “WHAT” Column
Decide what documents, estimates, or controls you should examine. For example:
* For inventory existence, stock records or stock counts -
Design Procedures - Combine
Combine the three columns into practical audit procudures like:
* “Inspect the physical inventory count sheets to ensure existence and completeness
Where can you find a list of suitable audit procedures to test a range of assertions in financial statements?
This list is covered in Chapter 0a - Audit Procedures
What types of entities are most commonly audited, and what are the exceptions? Explain why these exceptions are considered ‘special’.
The majority of audits are conducted for non-specialised, profit-orientated entities. These are standard businesses that follow general auditing rules and are not subject to industry-specific regulations.
However, some entities are considered ‘special’ due to the nature of their operations or regulatory environment. These include:
* Entities subject to extra regulations, such as banks, insurers, or charities.
* Entities governed by professional rules, such as solicitors.
These exceptions are considered special because they operate under additional regulatory or professional frameworks. A
NOTE: Knowledge of special auditing guidance falls outside the scope of the syllabus
Do these ‘special’ entities still require a normal statutory audit?
Many of these entities require a ‘normal’ statutory audit as well as any additional requirements upon them
What must auditors consider when auditing ‘special’ entities in terms of risk and the resulting audit approach?
When auditing ‘special’ entities, auditors must carefully consider the unique risks associated with the nature and structure of these organisations. These risks influence the design and focus of the audit approach.
The nature of the business plays a critical role in determining audit risks and the type of procedures to be performed. For instance:
* A small charity may have limited internal controls, which increases the risk of misstatement. In such cases, a substantive approach—relying more on detailed testing of transactions and balances—may be more appropriate.
* In contrast, a large financial services company may be highly reliant on IT systems and automated controls. Here, it may be impractical or insufficient to take a purely substantive approach, and auditors must place greater emphasis on testing the effectiveness of internal IT controls.
Ultimately, auditors must tailor their risk assessment and audit procedures to fit the specific characteristics and risks of the entity being audited.
During an audit engagement, what third-party work may auditors rely on?
- Internal auditors
- Experts
- Component Auditors
What is an internal audit department? Briefly outline their key responsibilities
An internal audit department is an independent function within an organisation that evaluates and improves the effectiveness of risk management, internal controls, and governance processes.
Key Responsibilities:
* Reviewing internal controls to ensure they are effective and properly implemented.
* Assessing risk management processes and recommending improvements.
* Evaluating compliance with laws, regulations, and internal policies.
* Monitoring operational efficiency and identifying areas for improvement.
* Reporting findings to management and the audit committee to support decision-making.
Internal audit provides assurance to management that systems are working effectively, but they do not perform external audit functions or give an audit opinion on financial statements.
In what ways can internal auditors support the external auditor during an audit engagement, and what limitations apply?
Internal auditors can assist external auditors in several ways during an audit engagement, including:
Planning
Internal auditors can assist in the identification and assessment of risk and the documentation of internal controls. This:
* gives the external auditor valuable insight into the organisation’s control environment early in the audit.
* allows for a more informed and focused risk assessment, helping the external auditor identify high-risk areas that require greater attention.
* can reduce duplication of work by leveraging existing documentation prepared by internal audit, improving audit efficiency.
Interim Testing
Internal audit may perform internal control tests or walkthroughs during the financial year (before year-end), which the external auditor may choose to rely on. This
* allows the external auditor to place reliance on internal testing already completed, reducing the need to repeat the same work.
* can help in spreading the audit workload over the year, improving audit timing and resource planning.
* provides early warning of control failures or risks, allowing the external auditor to respond proactively in their audit approach.
However, direct assistance from internal auditors in performing specific substantive audit procedures is prohibited under ISA 610 (UK & Ireland) if the area is material or involves significant judgement.
While the work of internal auditors can reduce, modify, or alter the timing of external audit procedures, it can never replace them entirely. The external auditor always retains full responsibility for the audit opinion.
What must external audit ensure before relying on the work of internal audit?
External auditors must assess whether the internal audit function is adequate by evaluating the following:
- Objectivity – Who internal auditors report to, any restrictions on their work, and whether management acts on their recommendations. Internal auditors must be free from bias or undue influence. If they report to management instead of the audit committee, or if restrictions are placed on their work, their independence may be compromised. Without objectivity, their conclusions may not be reliable for external audit purposes.
- Competence – Whether internal auditors have sufficient resources, training, and professional knowledge. Internal auditors need the right technical training, knowledge, and qualifications to perform quality audit work. If they lack competence, their findings may be flawed or incomplete, which could mislead the external auditor and result in an incorrect audit opinion.
- Systematic and Disciplined Approach – Whether their work is properly planned, supervised, documented, and based on sufficient appropriate evidence. The internal audit work must be properly planned, supervised, reviewed, and documented, following professional standards. This ensures that the work is robust, conclusions are well-supported, and the external auditor can rely on it as valid audit evidence.
If any of these factors are missing, the external auditor should not place reliance on internal audit work. Even when all criteria are met, the external auditor must still perform their own evaluation procedures to confirm the internal audit work is appropriate for their specific audit needs.
In what situations may an auditor use the work of an expert, and why is this necessary? Provide examples.
Auditors may need to rely on the work of an expert when the audit involves areas that require specialised knowledge or expertise beyond the auditor’s own training in accounting and auditing. This ensures that conclusions drawn in complex or technical areas are reliable and supported by professional judgment.
Examples of when expert involvement is necessary:
* Valuation of complex financial instruments or unique asset types (e.g. derivatives, intangibles)
* Actuarial calculations related to insurance or employee benefit liabilities
* Estimation of oil, gas, or mineral reserves, requiring geological or industry expertise
* Environmental liability valuation, often needing environmental science input
* Interpretation of legal contracts, laws, and regulations, where a legal expert’s opinion is required
* Analysis of complex or unusual tax compliance issues, needing specialised tax knowledge
By involving an expert in such cases, the auditor can obtain sufficient appropriate audit evidence and avoid drawing conclusions in areas where they lack the necessary competence.
What are the two types of experts that could arise in an audit engagement? Define each
- An Auditor’s Expert - An auditor’s expert is an individual or organisation with specialist knowledge in a field outside of accounting or auditing, engaged by the auditor to provide expertise that supports the auditor in obtaining sufficient appropriate audit evidence. For example: A property valuer helping the auditor verify the fair value of investment properties.
- A Management’s Expert - An individual or organisation with expertise in a field other than accounting or auditing, engaged by the management of an entity, whose work is used by the entity (management) to assist in preparing the financial statements. For example: An actuary calculating pension liabilities for inclusion in the financial statements.
What must the external auditor consider before relying on the work of a management’s expert, and why?
- Nature, scope and objectives of the expert’s work: The auditor must understand what the expert was engaged to do and ensure it is relevant to the area under audit. If the objectives are too limited or unrelated to material financial statement items, the work may not provide appropriate audit evidence.
- Employment status of the expert: The auditor should assess whether the expert is employed by the entity or is an external party. An external expert is typically more independent, whereas an internal expert may be influenced by management, reducing the reliability of their work.
- Management’s ability to influence or control the expert: Auditors must evaluate the level of influence management may have over the expert. Excessive influence or control could compromise the expert’s objectivity and create a risk of biased or manipulated conclusions.
- Competence and capabilities of the expert: It is essential to determine whether the expert has the appropriate qualifications, training, and experience in their field. A lack of competence increases the risk of errors or inappropriate judgments in the expert’s work.
- Compliance with technical performance standards: The auditor should consider whether the expert adheres to recognised industry or professional standards. This enhances the quality and credibility of the work, making it more suitable as audit evidence.
What is a component auditor?
A component auditor is an auditor who performs audit work on a component of a group entity, such as a subsidiary, division, branch, or joint venture, for the purposes of a group audit.
They may be part of the same audit firm as the group auditor or a different firm altogether. The group auditor uses the work of the component auditor to help form an opinion on the consolidated financial statements of the group.
In a group audit, what are the responsibilities of the group auditor and the component auditor?
The group auditor is responsible for auditing the parent company and for forming an opinion on the consolidated group financial statements.
However, the group auditor may not audit every component (e.g. subsidiaries) of the group. In such cases, component auditors are used to audit specific subsidiaries or divisions.
The group auditor must assess the competence and independence of component auditors and evaluate their work to ensure it is adequate for group audit purposes.
What must the group auditor consider before relying on the work of a component auditor, and why?
- Ethical understanding and independence – The group auditor must assess whether the component auditor understands and applies ethical principles, including independence. This is important because lack of independence can lead to biased or unreliable audit work.
- Competence of the component auditor – The group auditor should evaluate the qualifications, experience, and resources of the component auditor. This ensures they can perform appropriate and reliable audit procedures.
- Ability to work collaboratively – The group auditor needs to determine if effective communication and cooperation with the component auditor is possible. This helps ensure sufficient and appropriate audit evidence is obtained for the group audit.
- Regulatory environment – The group auditor should understand the legal and regulatory environment the component auditor operates in. This is important as differences in standards could affect the quality or acceptability of their audit work.
- Access to working papers – The group auditor must ensure they have access to the component auditor’s documentation or detailed summaries. This allows proper evaluation of the audit evidence and conclusions reached.
- Materiality and risk of the component – The auditor should consider how financially significant or high-risk the component is to the group. Greater materiality or risk means greater attention must be paid to the component auditor’s work.
- Instructions and oversight – Clear instructions must be provided to the component auditor, and their work must be reviewed. This ensures consistency and quality across the group audit.
Why is the auditing of accounting estimates particularly risky?
Auditing accounting estimates carries significant risk due to a combination of inherent risks (which are built into the nature of estimates) and control risks (relating to how estimates are developed, reviewed, and
Inherent risks:
* Estimation uncertainty – Many estimates depend on events that will only be known in the future (e.g. legal outcomes, asset values). This uncertainty makes it difficult for auditors to determine whether the assumptions used are reasonable.
- Complexity – Some estimates, such as those involving financial instruments or pension obligations, require complex mathematical models or forecasting techniques. Auditors may find it challenging to fully understand and test these models.
- Subjectivity – Estimates often involve management judgement (e.g. useful lives of assets, impairment assumptions). Because these judgements are not objectively verifiable, they create a higher risk of unintentional error or bias.
- Management bias – Management may have incentives to manipulate estimates, for example, to smooth earnings, meet targets, or trigger performance bonuses. This intentional bias increases the risk of material misstatement.
- Financial statement impact – Certain estimates can significantly affect the financial statements (e.g. provisions, asset valuations). Because of their size or influence, even small errors or changes in assumptions can distort the financial results.
- Changes in estimation approach – Management might change the method or assumptions used to produce a more favourable outcome (e.g. higher profit or lower liability), especially if prior estimates proved overly conservative or aggressive. Such changes may not always be justifiable and require close scrutiny.
Control Risks:
* Estimation methods – If the methods used to calculate estimates are inconsistent, poorly designed, or not updated for changing conditions, the output may be inaccurate or inappropriate for the current reporting period.
- Reliability of source data – Estimates are only as good as the data that supports them. If data is outdated, incomplete, or inaccurate, the estimate itself will be flawed, even if the method is sound.
- Objectivity of preparer – If the person responsible for creating the estimate has a vested interest in the outcome or reports directly to management, there is a greater risk that the estimate will be biased or manipulated.
- Credibility of experts used – When management relies on external or internal experts (e.g. actuaries, valuers), the auditor must assess whether these experts are qualified, reputable, and free from conflicts of interest to ensure their conclusions are reliable.
- Segregation of duties – Effective internal controls require that no single individual is responsible for preparing, reviewing, and approving estimates. A lack of segregation can lead to undetected errors or intentional misstatements.
- Change controls – Organisations should have formal procedures for reviewing and approving changes to estimation techniques. Weak or absent change controls could allow inappropriate or unjustified alterations, undermining the consistency and reliability of estimates year on year.
What approaches can auditors take when auditing accounting estimates, and why are these necessary?
Auditors may apply a range of approaches to audit accounting estimates, each designed to address the risk of material misstatement due to the inherent uncertainty, subjectivity, and potential bias in estimates. These include:
- Test the controls – Auditors evaluate whether the entity’s internal controls around estimates have been designed and operated effectively. For example, was the estimate reviewed and approved by management or the audit committee? Effective controls reduce audit risk and may allow reliance on the estimate.
- Consider subsequent events – Events occurring after the year-end may provide insight into the reasonableness of an estimate. For instance, a receivable balance estimated at year-end could be confirmed by a payment received shortly after the reporting date.
- Consider historical accuracy – Auditors compare past estimates to actual outcomes to assess whether management has a track record of producing reliable estimates. A pattern of inaccuracy may indicate a risk of bias or error in current estimates.
- Consider compliance with the relevant accounting standard – Some accounting standards (e.g. IFRS or UK GAAP) specify how estimates should be calculated. Auditors must check that the methods and assumptions used comply with these requirements and that prohibited techniques haven’t been used.
- Be sceptical – Auditors are required to exercise professional scepticism, especially with estimates that involve significant judgement. They should challenge management’s assumptions and consider whether alternative techniques or inputs might produce materially different outcomes.
- Verification of data used by management – Auditors must verify the completeness, accuracy, and relevance of the data inputs used to generate estimates. Even if the method is sound, using flawed data can result in materially misstated estimates.
- Assess management’s expert – Where management uses a specialist (e.g. actuary, valuer), the auditor should assess the expert’s competence, objectivity, and the reasonableness of their methods and assumptions. If there are doubts, the auditor may engage their own expert for independent input.
- Create an auditor’s point estimate – Auditors may independently calculate their own estimate using available data and assumptions, either to compare to management’s figure or as a way to validate it. If their estimate materially differs, this may indicate a problem with management’s estimate.
- Ensure related disclosure is adequate – Many accounting estimates require detailed disclosure (e.g. assumptions, methodology, sensitivity analysis). Auditors must ensure that disclosures are complete and comply with accounting standards so users of the financial statements understand the uncertainty involved.
- Inclusion in written representation letter – Given the level of judgement involved, auditors should obtain written confirmation from management acknowledging their responsibility for the estimates and confirming that the assumptions used are reasonable and complete.
