Beruflich Dokumente
Kultur Dokumente
Approaches to Audit
Audit risk:
“ The auditor obtains and evaluates evidence to
obtain reasonable assurance about whether the
financial statements give a true and fair view (or
are presented fairly in all material respects) in
accordance with the applicable financial reporting
framework. The concept of reasonable assurance
acknowledges that there is a risk the audit
opinion is inappropriate. The risk that the auditor
expresses an inappropriate audit opinion when the
financial statements are materially misstated is
known as “audit risk
risk””.”
(ISA 200, 14)
Acceptable audit risk:
Risk of Material
Detection risk
Misstatement
Audit risk
Inherent risk
“ the susceptibility of an assertion to a
misstatement that could be material, either
individually or when aggregated with other
misstatements, assuming that there are no
related controls.”
(ISA, 200, 20)
Inherent risk factors:
• Pervasive / entity level
– Nature of the business, industry & economy.
– The integrity, quality and experience of management.
– Special pressures.
• Local / assertions level
– Complexity of transaction / calculation.
– Judgement / estimation required.
– Specific technological change / product obsolescence.
– Assets susceptible to misappropriation.
– Make up of population.
– Non-routine transactions.
– Related parties.
Audit risk - the components (ISA 200):
Risk of Material
Detection risk
Misstatement
Audit risk
Control risk:
“ the risk that a misstatement that could
occur in an assertion and that could be
material, either individually or when
aggregated with misstatements, will not be
prevented, or detected and corrected, on a
timely basis, by the entity ’ s internal
control
control.”
(ISA, 200, 20)
Risk of Material
Detection risk
Misstatement
Audit risk
Detection risk:
“ the risk that auditor will not detect a
misstatement that exists in an assertion that could
be material, either individually or when aggregated
with other misstatements.”
(ISA, 200, 22)
• A function of the design and implementation of
audit procedures:
– Sampling risk
– Design risk
– Application risk
– Interpretation risk
The PwC Approach – identifying &
responding to risk (2000)
• TeamAsset … allows each audit team to build
a tailored audit program from planning to
completion stages by selecting client-specific
risks from a “library” of risks. Each risk that is
selected by the auditor for inclusion in the
client audit file is linked to the identification of
a set of suggested procedures at a given control
risk level that will mitigate the identified risk.”
(Winograd, et al., (2000))
Risk assessment: structure & judgment
“ Instead of viewing an audit as a series of closely
coordinated technical steps, it may be informative to
view it as a social enterprise that relies on language
and certain imbedded perspectives in order to
understand the client organization and to make it
understandable.
Our empirical findings strongly suggest that an
audit firm ’ s philosophical position with respect to
structure, influences what client characteristics audit
team members see as important in assessing
inherent risk.”
(Dirsmith & Haskins, “Inherent risk assessment & audit firm technology”, AOS, 1991, p.82)
The components of audit risk
X X
AR = IR CR DR
AR - Audit risk
DR - Detection risk
IR - Inherent risk
CR - Control risk
The components of audit risk
X X
AAR = IR CR PDR
X X
2% = 50% 50% ?%
AAR = IR X CR X PDR
X X
2% = 50% 50% 8%
AAR = IR X CR X PDR
X X
2% = 100% 100% 2%
For a given level of audit risk, the greater the risk of material
misstatement (IR x CR), the less detection risk can be accepted.
AAR = IR X CR X PDR
X X
Low = High High Low
AAR
PDR =
IR X CR
5%
PDR
X
= 50% 40%
PDR 25%
=
Risk, materiality & substantive audit evidence
AAR IR CR
Materiality
|
PDR Tolerable
misstatement
Planned
substantive
audit
Materiality:
• “Information is material if its omission could
influence the economic decisions of users taken on
the basis of the financial statements. …”
(ISA 320.3)
“The objective of an audit of financial statements is
to enable the auditor to express an opinion whether
the financial statements are prepared in all material
respects, in accordance with an applicable financial
reporting framework. The assessment of what is
material is a matter of professional judgement.
judgement.””
(ISA 320.4)
Materiality - levels:
1997 1994-97
$M $M
5% of net incom e 5.25 20.78
10% of net incom e 10.50 41.55
1% of total assets 234.22 161.91
1.5% of total assets 352.33 242.87
1% of Sales revenue 202.73 129.34
1.5% of Sales revenue 304.10 194.01
Conservative blend 147.40 104.01
non-conservative blend 221.98 159.48
The Entity
Entity’’s Monitoring
The information Control
risk of
system activities
assessment controls
ISA, 315, 43
The control environment (ISA 315, 67-69):
• Governance & management philosophy,
attitudes, awareness & action in respect of
controls.
– Communication and enforcement of integrity &
ethical values.
– Methods of imposing control, including board &
internal audit functions.
– Commitment to competence - personnel policies &
practices.
– Organisational structure & methods of assigning
authority & responsibility (including segregation of
duties and supervisory controls).
Elements of Internal Control
The Entity
Entity’’s Monitoring
The information Control
risk of
system activities
assessment controls
The Entity
Entity’’s Risk Assessment Process
“The auditor should obtain an understanding
of the entity’s process for identifying business
risks relevant to financial reporting objectives
and deciding about actions to address those
risks, and the results thereof.”
(ISA, 315, 76)
Information System,
YES
NO
Understand & document internal
Assume high control risk, control: design and operation
and move on to planning
substantive testing Assess control risk
Test controls
• Existence
• Rights & Obligations
• Occurrence
• Completeness
• Valuation & allocation
• Measurement, accuracy & cut-off
• Classification, presentation & disclosure
(ISA, 500, 17)
Transaction Related Assertions & Objectives: Sales
M an agem en t S p e c ific a u d it o b je c tiv e s
a s s e r tio n s
O ccu rren ce R e c o rd e d s a le s a re fo r d is p a tc h e s
m a d e to re a l c u s to m e rs
C o m p le te n e s s A ll s a le s tra n s a c tio n s a re re c o rd e d
M easu rem en t S a le s a re re c o rd e d a t p ro p e r
a m o u n t a n d a llo c a te d to th e c o rre c t
p e rio d .
R e c o rd e d s a le s a re fo r th e a m o u n t
o f g o o d s d is p a tc h e d , c o rre c tly
b ille d & re c o rd e d .
S a le s tra n s a c tio n s a re p ro p e rly
c la s s ifie d .
S a le s tra n s a c tio n s a re re c o rd e d o n
c o rre c t d a te s .
P r e s e n ta tio n S e g m e n ta l a n a ly s is is p ro p e rly
& d is c lo s u r e c o m p ile d a n d d is c lo s e d .
Understand & document internal
control: design and operation
• Evaluate previous experience.
• Inquiry of client - various levels, note
developments.
• Review client's policy and system
documentation.
• Examine documents & records.
• Observe activities.
• Transaction walk through.
Understand & document internal
control: design and operation
• Narrative.
• Flowchart.
• Internal control questionnaire.
Internal control questionnaire: Sales
Recorded sales are for goods dispatched to
real customers (occurrence):
• Is the recording of sales supported by authorized
dispatch documents and approved customer
orders?
• Is customer credit approved by a responsible
person and is access to alter credit limit files
restricted?
• Is a prenumbered written dispatch note required
before any goods leave store?
Internal control questionnaire: Sales
All existing sales transactions are recorded
(completenness
completenness): ):
• Is a record of dispatches maintained?
• Are dispatch documents controlled in a way that
helps ensure that all dispatches are billed?
• Are dispatch documents prenumbered and
accounted for?
• Are sales invoices prenumbered and accounted
for?
Internal control questionnaire: Sales
Recorded sales are for the amount of goods
dispatched and are correctly billed and
recorded (measurement):
• Is there independent comparison of quantities on
dispatch notes and on sales invoices?
• Is an authorized price list used and is access to
amend the price list restricted?
• Are monthly statements sent to customers?
• Is there independent comparison of dates on
dispatch documents and dates of recorded sales?
Internal control questionnaire: Sales
and so on
Assess control risk
– 22 people charged
Audit planning –
understanding the
client
Audit Planning:
• Adequate planning helps to ensure that
appropriate attention is devoted to important
areas of the audit, that potential problems are
identified and resolved on a timely basis and
that the audit engagement is properly
organized and managed in order to be
performed in an effective and efficient
manner.
(ISA, 300, 4)
Audit Planning – stages:
• “Similar
Similar to a traditional auditor, the BMP auditor is
concerned about assessing the three components of
audit risk - inherent, control and detection risk. The
BMP auditor, however grounds his judgments in a
much broader view of the client than does an auditor
following a transaction-detail audit approach. He uses
more holistic perspectives to frame the assessment of the
validity of the financial statements taken as a whole, and
the account balances contained therein.”
(Bell, et.al., (1997))
KPMG Business Measurement Process (BMP) Approach