Chapter 5 Planning an audit (development) Flashcards
1.1 Audit procedures to address audit risk
Audit procedures contain three elements: action (ISA 500), source (people, assets, and documents) and objective (relevant to ISA 315 assertions).
1.2 Data analytics routines
The auditor may decide to use data analytics routines in order to obtain audit evidence. The ICAEW publication Data Analytics for external auditors includes a list of commonly performed data analytics routines including:
- Comparing the last time an item was bought with the last time it was sold, for cost/NRV purposes
- Inventory ageing and how many days inventory is in stock by item
- Receivables and payables aging and the reduction in overdue debt over time by customer
- Analyses of revenue trends split by product or region
- Analyses of gross margins and sales, highlighting items with negative margins
- Matches of orders to cash and purchases to payments
- ‘Can do did do testing’ of user codes to test whether segregation of duties is appropriate, and whether any inappropriate combinations of users have been involved in processing transactions
- Detailed recalculations of depreciation on fixed assets by item
- Analysis of capital expenditure vs repairs and maintenance
- Three-way matches between purchase/sales orders, goods received/despatched notes and invoices
In practice the most common uses for data analytics tools can be risk analysis, transactions/control testing, analytical procedures, to support judgements made and to confirm business insights.
1.3 Data visualisations
They are used as a key component of the risk identification and analysis process. An entity’s data is fed into the auditor’s data analytics software. The information is then presented to the auditor using a simple highly visual format allowing for investigations to continue. This should be studied whilst bearing in mind the auditor’s understanding of the entity. AI or other automated tools can be used by the auditor in a similar way. The can be used as a starting point to assess where further investigation work is required.
1.4 Accounting estimates
ISA 540 provides an updated guidance on areas such as leasing, revenue and financial instruments. Management are responsible for preparing the accounts and making accurate estimates within them. Auditors are responsible for obtaining sufficient appropriate audit evidence of estimates.
Accounting estimates are monetary amounts which are subject to estimation uncertainty. Estimation uncertainty is susceptibility to an inherent lack of precision in measurement. This can be due to inherent limitations in the preparer’s knowledge. Common estimates are inventory obsolescence, depreciation of PPE, valuation of financial instruments, pending litigation, fair value of assets/liabilities, impairment, non-monetary exchanges, and revenue of long term contracts.
ISA 540 states estimates should be reasonable and financial reporting requirements should be applied correctly. Not all estimates involve a high degree of uncertainty. The revision of the standard introduced the idea of a spectrum of inherent risk. Both inherent and control risk are separately accessed, and the level of professional scepticism increases with inherent risk. Data and assumptions must be clearly distinguished at all times. ISA 540 states an entity’s accounting estimates consists of understanding the entity and understanding the entity’s internal control.
The auditors risk assessment focuses on inherent risk factors such as the degree of uncertainty within an estimate and how subjective and complex the matter is.
1.5 Responses to assessed risks
An auditors point estimate/range is the amount developed in evaluating management’s point estimate. A point estimate is the management selected amount for recognition or disclosure in the accounts as an accounting estimate. The core of ISA 540 is that the auditor must either obtain evidence of subsequent events, test how management made the estimate and develop their own estimate.
The auditor must make a final assessment of how reasonable the accounting estimate is, based on audit evidence gathered.
2.1 Going concern – accounting requirements
If there are doubts over the company’s ability to continue as a going concern, they must be disclosed in the accounts. If the company is not a going concern, the accounts should be prepared on a liquidation or break up basis. The effects of using the liquidation or break up basis on the accounts are no long term assets or liabilities are recognised, assets valued at recoverable amount and provisions may be required for new costs such as redundancies.
2.2 Audit issues
ISA 570 sets out requirements for the auditor in relation to going concern. Directors are responsible for preparation of accounts under the appropriate basis and making any necessary disclosures. They must complete a going concern assessment to ascertain whether the going concern assumption is accurate. ISA 570 states that the auditor’s responsibility is to obtain evidence relation to whether a material uncertainty exists (re going concern) and the appropriateness of management’s use of the going concern basis for accounting.
Planning: auditor should consider events or conditions that case doubt on the entity’s ability to continue as a going concern. An understanding of the entity, its operating environment and internal control systems must be gained. The process of identifying and addressing business risks should be considered as this links closely to going concern.
Evidence: the auditor needs evidence to determine whether or not a material uncertainty exists. Involves making enquiries of management and consideration of a management bias risk should be made. Procedures are likely to include review of future plans including financial forecasts, review of company’s borrowing facilities and other finance (considering whether any loan covenants are likely to be breached) and review of minutes of board/management meetings.
4.1 Reliance on the work of others – general principles
The auditor can place reliance on the work of third parties when forming an opinion on the accounts. The auditor still has sole responsibility for forming that opinion. They may reply on internal audit, expert, auditors of subsidiaries and a service organisation
4.2 Internal audit
The external auditor needs to understand and document client systems, they may place reliance upon the work performed by internal audit on reviewing internal control systems. ISA 610 sets out the procedures that needs to be carried by the auditor before placing reliance on internal audit as general assessment, specific assessment and conclude.
- Assess the internal audit function: objectivity (consider status and reporting lines), competence (consider resources, training, and proficiency) and systematic and disciplined approach (consider planning, supervision, review, documentation, and QC for internal audit work).
- Assess the specific work: whether the work was properly planned, performed, supervised, reviewed, and documented. Whether there is sufficient appropriate evidence to support the auditor’s conclusions and whether the conclusions reached are appropriate.
- Conclude: the external auditor should test the work of internal audit, and may observe their procedures, in order to conclude on the adequacy of their work for the purpose of the external audit. Extend their own procedures if they conclude the internal audit work is not adequate.
ISA 610 does not allow auditors to use internal audit for direct assistance (perform procedures under the direction, supervision, and review of the external auditors). Where the audit committee monitors the work of internal audit, the external audits can review this process. Performance indicators for assessing this work include progress compared to planned work, recommendations accepted as a percentage of recommendations made, total time taken for an assignment compared to plan, number of reports produced within target dates and feedback from users of internal audit.
4.3 Experts
An auditor’s expertise in accounting may not be sufficient to allow them to audit item in the accounts. Experts can be involved in interpretation of legal contracts, valuation of land and buildings and financial instruments, analysis of complex tax issues and designing procedures and evaluating results of data analytics.
An auditors experts is an individual or organisation whose work is used by the auditor to assist in obtaining sufficient audit evidence. A management’s expert’s work is used by the entity to assist in the preparation of the accounts. ISA 620 sets out the procedures that the external auditor should carry out before placing reliance on the work done by an auditor’s expert, that being general assessment, specific assessment and conclude.
Under ISA 620 (auditor’s expert) assess the competence, capabilities, and objectivity of the report (still bound by FRC’s ethical standard and must be independent), obtain understanding of the field of expertise of the expert, agree the nature and scope of the work and lastly evaluate the adequacy of the experts work.
Under ISA 500 (management’s expert) assess the competence capabilities and objectivity of the expert, obtain an understanding of the work of the expert, and evaluate the appropriateness of the work as audit evidence for the relevant assertions.
4.4 Service organisations
Some companies outsource processes and operations to third-party organisations for example payroll or facilities management. ISA 402 requires that where an auditor discovers their client has outsourced operations to a service organisation, the auditor should obtain an understanding of the outsourced services, consider access to sources of evidence, and assess the risks arising. Service organisations typically obtain assurance reports over the adequacy of their internal controls.
4.5 Group audits
When an auditor accepts an engagement to audit the accounts of a parent company, they are responsible for formatting an opinion on two sets of accounts, that being the parent company’s accounts and the consolidated accounts of the group.
If the group auditor does not audit all of the companies of the group, they need to place reliance on the component auditors to form an opinion on the accounts. ISA 600 sets out the requirements in relation to group audits. The group engagement partner is responsible for forming an opinion on the group accounts, so need to consider prior to acceptance whether the auditor can obtain sufficient audit evidence. Materiality should be determined for the group financial statements and the component accounts.
- General assessment: understanding the component auditor includes an assessment of compliance with ethical requirements such as independence, professional competence, whether the group audit team are involved in the work of the component auditor to obtain evidence and applicable regulation for the component auditor.
- Specific assessment: group audit team should communicate its requirements to the component auditor and request communication from the component auditor
- Conclude: the group auditor should evaluate/review work performed by the component auditor. If the work performed is not adequate, the group auditor should determine which additional procedures need to be performed
ISA 600 sets out the matters that should be communicated between group auditor and component auditor.
Group audit team communications to component auditor shall include work to perform, form and content of communications, request confirmation that component auditor will cooperate, ethical requirements relevant to the group audit, component materiality, significant risks that are relevant to the component audit and list of related parties.
Component auditor communications to group audit team shall include confirmation of compliance with ethical requirements, confirmation of compliance with group audit team requirements, identification of the financial information on which the component auditor reports, information on non-compliance, list of uncorrected misstatements, indicators of management bias and overall findings and opinion.