Revision Week

Auditing and Assurance 2

21 Mar 2019
THE SEARCH OF EVIDENCE
Audit is a search for evidence to enable an opinion to be
formed

• Audit evidence collected from audited entity and

independent sources.

• Auditors collect audit evidence using inquiry, inspection,

observation, confirmation, recalculation, re-performance,

analytical procedures

• Sufficient appropriate audit evidence

• Sufficiency and appropriateness related – the higher the

quality the less may be required.

3
Assertions about classes of transactions and events for period
under audit

i. Occurrence – transactions and events that have been

recorded have occurred and pertain to the entity

ii. Completeness – all transactions and events that should

have been recorded have been recorded

iii. Accuracy – amounts and other data relating to recorded

transactions and events have been recorded appropriately

iv. Cut-off – transactions and events have been recorded in

the correct accounting period
5
Assertions about account balances at the period end

i. Existence – assets, liabilities, and equity interests

Exist

ii. Rights and obligations – the entity holds or controls the rights to
assets, and liabilities are the obligations of the entity

iii. Completeness – all assets, liabilities and equity interests that should
have been recorded have been recorded

iv. Valuation and allocation – assets, liabilities, and equity interests are
included in the financial statements at appropriate amounts and any
resulting valuation or allocation adjustments are appropriately
recorded
6
Assertions about presentation and disclosure

i. Occurrence and rights and obligations – Disclosed events,

transactions, and other matters have occurred and pertain to the
entity

ii. Completeness – all disclosures that should have been included in

the financial statements have been included

iii. Classification and understandability – financial information is

appropriately presented and described, and disclosures are
clearly expressed

iv. Accuracy and valuation – financial and other information are

disclosed fairly and at appropriate amounts
7
Role of management assertions in the audit process

• The importance of management assertions is that (reframed)

they form audit objectives

• Assertion: All trade receivables shown in the financial

statements are collectable

• Audit objective: To prove within reason that all trade

receivables shown in the financial statements are collectable

• Suggested audit step to prove collectability: Test amounts

received from credit customers after the year-end
8
Reliability of audit evidence (grades of audit evidence)

• Reliability of audit evidence increases when from independent sources outside the entity (particularly
from professional persons).

• Reliability of audit evidence generated internally increases when related controls on preparation and
maintenance are effective.

• Audit evidence obtained directly by the auditor more reliable than evidence obtained indirectly or by
inference.

• Audit evidence in documentary form more reliable than oral evidence.

• Audit evidence provided by original documents is more reliable than copies, reliability of which depends
on controls over preparation and maintenance.

• Evidence created in normal course of business is better than evidence specially created to satisfy the
auditor.

• Best-informed source of evidence normally management of the company but lack of independence
reduces its value.

• Evidence about future particularly difficult to obtain and less reliable than evidence about past events.

• Evidence may be upgraded by skilful use of corroborative evidence.

9
INTERNAL AUDIT
Internal audit: definition (Chartered Institute of Internal
Auditors)

• Internal auditing is an independent, objective assurance

and consulting activity designed to add value and improve
an organization’s operations.

• It helps an organization accomplish its objectives by

bringing a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control and
governance processes.

11
How to make the internal audit function effective

• Support of top management.

• Independence of the internal auditor from parts of the

organization subject to audit.

• Appointment of motivated staff with good educational

background, combined with continuing education and training.

• Steps to ensure that staff behave in a professional way.

• Avoidance of ‘short-stay syndrome’.

12
Reliance on internal audit by the external auditor

• Planning extent of reliance on internal audit.

• Assessment of objectivity, competence and exercise of due

professional care by internal auditors.

• Extent of reliance:
• Scope decision.

• External auditor to audit all material matters where significant risk of

misstatement.

• Agree timing and extent of internal audit work and record decision in
audit files.

13
The responsibility of external auditor when relying on work of
internal audit

Irrespective of the degree of autonomy and objectivity of the

internal audit function, such function is not independent of
the entity as is required of the external auditor when
expressing an opinion on financial statements. The external
auditor has sole responsibility for the audit opinion
expressed, and that responsibility is not reduced by the
external auditor’s use of the work of the internal auditors.’
(ISA 610, para 4)
14
Outsourcing of internal audit work

Some organizations employ professional firms to

provide an audit function whether external or
internal.

15
TESTING AND EVALUATION OF
SYSTEMS
Definitions
Tests of controls and substantive testing (1) - Para A4 ISA 330

‘The auditor’s assessment of the identified risks at the assertion level provides a basis for
considering the appropriate audit approach for designing and performing further audit
procedures. For example, the auditor may determine that:

(a) Only by performing tests of controls may the auditor achieve an effective response to
the assessed risk of material misstatement for a particular assertion;

(b) Performing only substantive procedures is appropriate for particular assertions and
therefore, the auditor excludes the effect of controls from the relevant risk assessment.
This may be because the auditor’s risk assessment procedures have not identified any
effective controls relevant to the assertion, or because testing controls would be
inefficient and therefore the auditor does not intend to rely on the operating
effectiveness of controls in determining the nature, timing and extent of substantive
procedures; or

(c) A combined approach using both tests of controls and substantive procedures is an
effective approach.’ 18
Tests of controls and substantive testing (2)

• Para 18 ISA 330:

‘Irrespective of the assessed risks of material misstatement, the auditor shall

design and perform substantive procedures for each material class of transactions,
account balance, and disclosure.’

• Para A43:

‘Depending on the circumstances, the auditor may determine that:

• Performing only substantive analytical procedures will be sufficient to reduce

audit risk to an acceptably low level. For example, where the auditor’s
assessment of risk is supported by audit evidence from tests of controls.

• Only tests of details (a substantive procedure) are appropriate.

• A combination of substantive analytical procedures and tests of details are

most responsive to the assessed risks.’
19
Important note on recording systems, tests of control and
substantive procedures

1. Determine system and controls in place - walk-through tests - tracing a few transactions through
financial reporting system.

• Select sales order from credit customer and trace it to (a) granting credit decision (b) despatch note
(c) sales invoice (d) entry in trade receivables account (e) entry in inventory movement record.

• Objective: NOT to prove ALL transactions properly recorded but to understand system, record it,
and see if entity has appropriate controls.

• Para A13 ISA 315 (walk through tests in existing client): ‘The auditor is required to determine
whether information obtained in prior periods remains relevant, if the auditor intends to use that
information for the purposes of the current audit. This is because changes in the control
environment, for example, may affect the relevance of information obtained in the prior year. To
determine whether changes have occurred that may affect the relevance of such information, the
auditor may make inquiries and perform other appropriate audit procedures, such as walk-
throughs of relevant systems.’

20
Important note on recording systems, tests of control and
substantive procedures

2. Auditors have to decide whether the system appears strong

enough for them to rely on it in arriving at conclusions.
• Auditors perform tests of control to satisfy themselves initial
conclusion about system is valid. Auditors might select 20 sales
despatch notes and trace in the same way as for walk-through test.
• Objective: to enable them to decide if they can in fact rely upon
the system and controls.

• Tests of controls and substantive tests of detail may be carried

out at the same time = dual purpose test.

21
Relationship: walk through tests, tests of
controls and substantive testing
Examples of tests of controls
• Tests of information/audit trail.

• Testing outputs on a restricted basis.

• Interviews with company staff (inquiry) using interviewing style

conducive to getting people to be open with them.

• Observing staff at work (observation), keeping eyes open and not

assuming staff will always operate in the manner they have told you
they do.

• Re-performance of control procedures.

• Examination of management reviews.

• Testing reliability of budgets prepared by management.

23
SUBSTANTIVE TESTING
Substantive testing of transactions, balances,
disclosures

• Substantive procedure – an audit procedure designed to detect

material misstatements at the assertion level. Substantive procedures
comprise:
i. Tests of details (of classes of transactions, account balances, and
disclosures); and

ii. Substantive analytical procedures.

• Reasons why substantive tests always performed:

1. Auditor’s assessment of risk judgemental: may not be sufficiently
precise to identify all risks of material misstatement .

2. Inherent limitations to internal control including management override.

25
The use of computer-assisted audit techniques (CAATs)

CAATs may enable more extensive testing of electronic

transactions and account files, which may be useful when
the auditor decides to modify the extent of testing, for
example, in responding to the risks of material
misstatement due to fraud. Such techniques can be used
to select sample transactions from key electronic files, to
sort transactions with specific characteristics, or to test an
entire population instead of a sample. (ISA 330, para 16)
26
Communication of audit matters to TCWG(management letter)

• One objective of communicating to TCWG is:

To provide TCWG with timely observations arising from the audit that
are significant and relevant to their responsibility to oversee the
financial reporting process.
• The directors and others charged with governance have duty to
ensure internal controls are adequate – auditor informs them as
soon as possible of any weaknesses. This will help auditors in
fulfilling their duties if weaknesses are remedied. Weaknesses are
likely to result in increased audit time and TCWG should be informed
of the reasons.
27
Management letter

• Management letter has a title and intended recipients clearly stated.

• The introduction explains why the letter came to be written.

• Responsible officials with whom the memorandum has been discussed.

• If auditor no reason to doubt integrity of officials, say so.

• A section stating the main conclusions.

• The main conclusions are then followed by detailed comments: brief

description, possible consequences and recommendations.

• Minor matters already cleared with management should not clutter the report.

• Auditors indicate willingness to discuss matters at greater length with TCWG and
asks for a response.

28
Further matters of importance relating to the management
letter

1. May be circumstances where not appropriate to discuss findings

direct with management, if integrity or competence is in question.

2. Where small entities have insufficient staff for full segregation of

duties – letter emphasizes importance of supervision by
management.

3. Auditors report weaknesses that have resulted or may result in

misstatements in financial statements.

4. If no remedial action taken re significant weaknesses in controls

raised previously, current letter to refer to it. Auditor to ask why no
remedial action taken.
29
SAMPLING AND MATERIALITY
Audit sampling and materiality

• Audit sampling is one method auditors use to gather evidence

to reach an opinion on financial statements. When auditors
select transactions, documents, accounts balances for testing
they take a sample, using audit sampling as a technique.

• Materiality is vital concept when auditors seek to determine

company’s financial statements give a true and fair view.
Without an idea of what level of misstatement in financial
statements would be misleading, auditors would not be able to
evaluate the importance of misstatements discovered during
audit testing.
31
What is sampling?

• Auditors wish to be reasonably certain that audit

conclusions are soundly based at reasonable cost. Audit
sampling is used to achieve both aims and auditors select
a sample from a population

• The objective of sampling: ‘to provide a reasonable basis

for the auditor to draw conclusions about the population
from which the sample is selected’ (ISA 530).

32
Designing and selecting the sample for
testing

Auditors may use either:

• Judgemental sampling, or

• Statistical sampling
33
Judgemental sampling

• Auditors use judgement in selection of samples and their

interpretation.
• Judgement has to be exercised in both statistical and non-
statistical sampling.
• But non-statistical sampling is said to be judgemental
sampling because all aspects of sampling require exercise of
judgement.
• Problem with judgemental sampling is that characteristics of
sample do not necessarily reveal characteristics of population.
34
Statistical sampling

1. For sample to be representative must be homogeneity in the population – often

different degrees of risk in items in population. Examples of lack of
homogeneity:

• Transactions not subjected to same internal controls, e.g. large

transactions treated differently from small, or controls more lax in one
part of period.
• Balances in a population may have widely different values.

• Because of lack of homogeneity – common practice to stratify and to

treat different strata as different populations.
2. Sample can only be truly representative if it is taken from the whole population.

35
Sample selection methodology

• Random sampling
This method tries to ensure that each item in the population has the
same chance of selection as any other item

• Systematic or interval sampling

Possibly employs random starting point and then selects every nth
item – provides cover throughout a population but only same effect
as random sampling if errors spread randomly throughout population.

• Block or cluster sampling (non-statistical)

Involves selection of a block of transactions and testing for the
existence of some criteria.
36
Comparative advantages of statistical and non-statistical
sampling

• Advantage of statistical sampling: auditors make explicit

judgements on confidence level, expected error rate and
tolerable error rate, to ensure they adopt methodical approach

• Disadvantages include:
• More time consuming and costly than non-statistical sampling.

• Documents must be separately identified for selection.

• Statistical sampling is more difficult to understand, but specialized

computer statistical sampling packages may get round this problem.

37
Materiality – introduction
• Financial statements do not give a true and fair view when
misstatements are significant or material.
• Misstatements, including omissions are considered to be material if
they, individually or in the aggregate, could reasonably be expected
to influence the economic decisions of users taken on the basis of
the financial statements. Judgements about materiality are made
in the light of surrounding circumstances, and are affected by the
size or nature of a misstatement, or a combination of both.
• Materiality and size are related but factors other than size may be
important.
38
Materiality in the financial statements
• Auditors often set materiality in terms of % of company’s profit figure.

• Materiality level and amount of evidence auditors need are related – lower the materiality
level the greater quantity of evidence that auditors must acquire – and the greater cost.

• Most common profit figure is profit before tax or profit before tax from continuing
operations.

• Materiality levels may be set for other figures, such as total assets and net assets.

• Auditors often calculate materiality levels on a number of different criteria and then
decide on appropriate materiality levels for different aspects of the audit.

• Auditors should give same stress to under- and overstatements.

• Other aspects of materiality in relation to profit include:

• The trend in profits over the last few years.

• The effect of the profit figure on important ratios.

• External influences.

39
Materiality at the planning stage
• Auditors set materiality levels at planning stage in context of audit risk: consider material
individual items.

• Auditors assess general risks and component risk, assigning materiality, depending on:
• Importance of heading

• Nature

• Auditors’ past experience

• Trend in a/c balance.

• To reduce probability that total of uncorrected and undetected misstatements is greater

than set materiality, auditors may set performance materiality lower.

• Audit firm may decrease component materiality if inherent or control risk high, thereby
influencing nature and scope of work.

• Audit firms may reduce component materiality level when arriving at tolerable level to be
prudent or because of evidence from other tests.

• Auditors should record decisions on materiality in audit files – at planning stage in audit
planning memorandum. 40
Materiality during the audit

• Auditors may change views on materiality level for account balances if significant
changes in figures or as a result of audit evidence.

• Auditors extrapolate from test results. Closer value of misstatements found to set
materiality level, more likely sum of detected and undetected misstatements will
exceed materiality. May extend tests.

• If auditors’ estimate of misstatements exceeds materiality, consider nature, discuss

with management and determine if adjustment of financial statements appropriate. If
management not willing to adjust, auditors ascertain the reasons and decide on action.

• Auditor document misstatements above trivial amount, both corrected and

uncorrected.

• Audit committee should also receive from the auditors a list of the misstatements
found during audit

41
Nature of misstatements found

Auditors will be interested in the following features:

• The size and incidence of misstatements discovered.

• If the misstatements exhibit some pattern.

• If the errors or misstatements relate to factual matters or to matters of opinion.

• If the misstatements found relate to matters that are illegal.

• If there is any suspicion that some of the misstatements may have arisen because of
fraud by employees.

• If similar misstatements have been discovered in previous years’ audits of this client.

• If the misstatements affect only balance sheet items or whether they affect the profit
and loss account.

42
Some qualitative issues

Auditors need to have regard to the following

considerations.
• Whether the item is required to be disclosed by law or by
professional requirements.

• Improper disclosure of accounting policies.

• Improper classifications in the financial statements.

43
FRAUD AND FINANCIAL SHENANIGANS
Introduction to fraud

• Fraud: ‘Intentional act by one or more individuals among

management, those charged with governance, employees
or third parties, involving the use of deception to obtain
an unjust or illegal advantage.’ (ISA 240)
• Managerial fraud or fraud by TCWG:
• important in context of the financial statements

• more difficult for the auditors to detect.

• Fraud can involve participation of third parties.

45
Responsibility for fraud detection

• ISA 210 – management responsible for such internal control that

they determine ‘is necessary to enable the preparation of
financial statements that are free from material misstatement,
whether due to fraud or error’.
• ISA 240 – objectives of auditor: ‘To identify and assess the risks of
material misstatement of the financial statements due to fraud’
and ‘to obtain sufficient appropriate audit evidence regarding the
assessed risks of material misstatement due to fraud, through
designing and implementing appropriate responses.’

46
Responsibility for fraud detection – broad audit approach

• Get management estimate of extent to which financial

statements materially misstated by fraud.
• Determine entity procedures to identify and respond to risks of
fraud – tone set.
• Maintain attitude of professional scepticism during planning –
possibility of fraud.
• Plan and conduct audit tests to limit possibility that material
fraud goes undetected.
• Consider factors increasing possibility of fraud.
47
Why fraud is difficult to detect

• Inherent limitations in audit techniques and tests, including

sampling.
• Use of deceit, collusion and other means to conceal well-
planned and executed fraud (often by individuals with
responsible role in company).
• Fact that auditors only required to arrive at an opinion on the
financial statements (evidence in terms of persuasiveness)
rather than give a guarantee.
• Limit to effectiveness of internal controls.
48
Fraudulent financial reporting achieved by…

• Manipulation, falsification, suppression or

alteration of accounting documents or records.
• Misrepresentation or omission of transactions or
events.
• Misapplication of accounting principles.
• Inappropriate classification or disclosure in the
accounts.
49
Pressure to misrepresent financial performance may be high

• Poor financial performance

• Pressure from markets

• Directors wish to show growth continuing

• Company expanding by acquiring other companies, directors

have incentive to show policy resulted in group continuing
to be profitable

• Where company has liquidity problems and directors do not

want shareholders or the markets to become aware of this
50
Auditor identifies higher than usual risk
• Determine how directors and TCWG fulfil fraud detection responsibilities.

• Management/internal auditors aware of fraud?

• Internal audit conducted work to detect fraud? Test results.

• How TCWG determine risk detection procedures and responses to risks.

• Assess inherent risk – focus on factors advancing fraud.

• Increase scope and variety of tests.

• Suitably qualified staff assigned to audit.

• Audit tests to contain an element of unpredictability.

• Subjective areas – management judgement/influence.

• Areas where override of internal controls might occur.

• Personnel characteristics: autocratic and authoritarian directors – staff poorly

qualified/lacking motivation – individuals paid according to results – individuals
allowed too much authority – high turnover of staff. 51
Change in approach to fraud

• Greater focus on material misstatements of financial

statements.
• Acknowledging greater risk to auditor lies in failure to
detect misstatements rather than failure to detect the
theft of inventories or cash.
• Misappropriation of assets unlikely to be sufficiently
material to distort the truth and fairness of the
financial statements.
52
Reporting fraud and error internally
Auditors’ procedures:

• Be aware of facts and ensure understood situation correctly.

• Discuss with management or audit committee.

• TCWG to take action on reported suspicions of fraud/error.

• Document process until satisfactory resolution.

• Obtain copies of false documents, if any.

Responsibilities of the directors:

• Develop appropriate control environment.

• Establish strong and effective internal controls.

• Encourage strong ethical environment.

• Establish audit committee to whom the auditors can report.

• Conduct review of effectiveness of company’s internal controls; report to shareholders.

53
Financial shenanigans
Actions taken by management that mislead investors about a
company’s financial performance or economic health
Earnings manipulation
shenanigans
• Recording revenue too soon

• Recording bogus revenue

• Boosting income using one-time or unsustainable activities

• Shifting current expenses to a later period

• Employing other techniques to hide expenses or losses

• Shifting current income to a later period

• Shifting future expenses to an earlier period

Cash flow shenanigans
• Shifting financing cash inflows to the operating section
• Shifting normal operating cash outflows to the investing
section
• Inflating operating cash flow using acquisitions or disposals
• Boosting operating cash flow using unsustainable activities