Professional Documents
Culture Documents
Audit Risk Components (IR+CR = RoMM) (Audit evidence mitigates the RoMM)
Materiality various benchmarks and percentages of benchmark. (pbt, ebitda, total assets, net assets, total
revenues or total expenses; 1% to 10% etc)
Overall Materiality Our assessment of materiality at the overall financial statement level
Performance Materiality- Materiality at assertion level in relation to classes of transactions, account
balances, and disclosures
De Minimis SUM posting level Amount below which potential audit adjustments need not be
accumulated
Performance materiality determines nature, timing, extent of further audit procedures, takes into account
aggregation risk of individually immaterial misstatement. Overall materiality is specific to company and
industry, states maximum amount of misstatement that could exist before information in financial statements is
considered misleading.
ISA Assertion
Accuracy
Completeness
Cut-Of
Existence
Occurrence
Classification
Understandability
Rights and Obligations
Valuation and Allocation
PwC Assertion
Accuracy (A)
Completeness (C)
Cut-of (CO)
Existence / Occurrence (E/O)
BS or P&L
P&L
P&L + BS
P&L
P&L
BS
Audit Documentation
Audit Evidence must be:
Sufficient
Appropriate reliable, relevant
More reliable
Original documents, auditor obtained/written/external
evidence
Less Reliable
Photocopies/fax, audit evidence indirect oral evidence
client generated
Klaus 2015
PSCENT
Purpose
Source
Conclusion
Extent
Nature
Timely
Identifying Risks and Developing Strategy Control environment, risk assessment, information systems, control
activities, process for monitoring controls. Walkthroughs Show me meeting, what controls are in place, who
implements them? Who can write/cash cheques? Who performances bank reconciliation?
Significant risk An inherent risk, that in our judgement, requires special audit consideration in terms
of the nature, timing, or extent of testing, because of: the nature of the risk, the likely magnitude of
the potential misstatements (including the possibility that the risk may give rise to multiple
misstatements and the likelihood of the risks occurring. In assessing whether a significant risk exists,
we do not consider the efects of controls related to the risks. A significant risk is a higher risk than an
elevated or normal risk.
Normal Risk The Inherent risk related to relatively routine, non-complex transactions that tend to be
subject to systematic processing and require little management judgment. Although it is considered
that there is a risk, it is judged that there are no elevated or special factors relating to the nature, the
likely magnitude of the potential misstatements or the likelihood of the risk occurring. In assessing
whether a normal risk exists, we do not consider the efects of controls related to the risk. Risks that
are less than normal are not considered risks of material misstatement.
Elevated Risk An inherent risk, that in our judgement, requires additional audit consideration beyond
what would be required for a normal risk, but which does not rise to the level of a significant risk,
because of its nature, the likely magnitude of potential misstatements that could result from it or the
likelihood of the risk occurring. Elevated risks frequently will be risks that we will discuss with
management and those charged with governance of the entity, but that do not rise to the level of a
significant risk. In assessing whether a risk is elevated, the auditor does not consider the efect of
controls related to the risk.
Klaus 2015
sufficient and appropriate and without omission of material facts to the financial statements, to the
best of the managements knowledge)
Financial statement procedures
Sign audit opinion
Debrief audit
Archive audit file
Client communications
Ethics
Professional Scepticism sufficiency, validity and reliability of audit evidence obtained. Being alert to unusual
circumstances requiring further inquiry or audit evidence that contradicts or brings into question the reliability
of documents and responses to inquiries from management.
Open mind about the honesty of integrity of management and those charged with governance until
inquiries are concluded.
Alert to unusual circumstances
Questioning mind
Question reliability of documents
TOPIC
1.
2.
3.
4.
5.
Self-interest
Self-review
Advocacy
Management
Intimidation
Familiarity
Klaus 2015
Fraud
Fraud is an intentional act by one or more individuals among management, those charged with
governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal
advantage. Fraud may take the form of:
-Fraudulent financial reporting; and
-Misappropriation of assets
Error is an unintentional misstatement in financial statement, including the omission of an amount or
disclosure, such as the following: a mistake in gathering or processing data from which financial
statements are prepared; an incorrect accounting estimate arising from oversight or misinterpretation
of facts and a mistake in the application of accounting principles relating to measurement, recognition,
classification presentation or disclosure.
An auditors objective (ISA 240 UK&I) is to identify and assess the risk of material misstatement of the
financial statements due to fraud, obtain sufficient appropriate audit evidence regarding the assessed
risk of material misstatement due to fraud, through designing and implementing appropriate
responses; and respond appropriately to fraud or suspected fraud identified during the audit.
Fraud Triangle Why commit fraud? Generally there are 3 Conditions present when fraud occurs.
1.
2.
3.
Incentives/Pressures
Opportunities
Rationalisation/Attitude
What to do if you suspect a fraud:
Do
Tell your manager or engagement leader, ensure the
relevant documents are safe, consult someone in
PwC may have come across a similar situation
The Audit Trail
1.
2.
3.
4.
5.
6.
Dont
Tip of the client, keep things to yourself, play
detective without proper consultation, be fooled or
manipulated by the client
Internal Audit Internal auditing is an independent, objective assurance and consulting activity designed to
add value and improve an organisations operations. It helps an organisation accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve the efectiveness of governance, risk
management and control processes.
Role of the internal auditor:
Objectives
Risks
Controls
Alignment Are controls in line with risks?
Klaus 2015
Lines of defence:
1.
2.
3.
Sub-service
Full outsourcing, directed outsourcing
Significant co-sourcing, co-sourcing
External Quality Assessments (EQAs)/Internal Audit
Efectiveness Reviews, Internal Audit Advisory
Services, Secondments (stand alone)
Outsourced no in-house internal audit resource and no Head of Internal Audit (HIA) within the
organisation. Directed outsourcing client exerts significant direction In relation to the internal audit
plan or work delivered.
Co-Sourced if the client has its own in-house HIA. Significant PwC delivers a significant proportion of
the internal audit efort.
Internal Audit Advisory services Clients may wish to engage PwC to deliver other internal audit
services without outsourcing their internal audit function or engaging PwC to deliver co-sourced
internal audit assignments. Stand-alone secondments also come under this heading (where they are
not part of co-sourced engagements), but PwC staf may also second to the clients part of co-sourced
engagements. (AA.49)
people
systems
internal environment
external factors
Stages
1)
2)
3)
4)
5)
Foundation Confirm stakeholder needs and expectations are reflected in the objectives of the internal
audit function as set out in the internal audit charter.
Planning Develop an internal audit plan that addresses the needs and expectations of the
stakeholders and the key risks of the organisation.
Fieldwork Obtain sufficient evidence to achieve the objectives of the internal audit review.
Reporting Report the internal audit results, including practical and value-added recommendations,
clearly and concisely.
Quality Establish a stronger link between the strategic focus of internal audit and value drivers of its
key stakeholders and measure commitment to highest levels of quality, continuous evaluation and
overall internal audit efectiveness.
Value protection approaches are focussed on assessing the design and operating effectiveness
of controls.
Value enhancement approaches are focussed on efficiency gains ,process performance, and/or
monetary savings
Internal Controls
Klaus 2015
Information Technology
General Controls (ITGCs)
2.
3.
4.
Inquiry Inquiry alone will not provide sufficient evidence. We require further corroboration, reports,
manuals or other documents used in or generated by the performance of the control. Should always be
used as the first step to any of the other techniques.
Observation Appropriate where there is no documentation of the operation of a control, like segregation
of duties. Is also useful for physical controls, for example, seeing that the warehouse door is locked or that
blank checks are safeguarded. We need to consider that the control we observe might not be performed in
the same manner when we are not present.
Inspection This is often used often used to determine whether manual controls, like the follow-up of
exception reports, are being performed. Absence of evidence may indicate that the control is not operating
as prescribed and further procedures will be necessary to determine whether there is in fact an efective
control.
Re-performance provides the best evidence. Used when a combination of inquiry, observation and
inspection of evidence does not provide sufficient, appropriate audit evidence that a control is operating
efectively. However, if extensive re-performance is likely to be necessary, we reconsider whether it is
efficient to perform tests of controls to restrict the scope of substantive testing.
Control Attributes
Attribute
Frequency
Description
How often. Can be driven by a schedule or by an
event.
IT-dependent
Time of error
detection
Values
Annual, Quarterly, Monthly,
Weekly, Daily, Multiple times per
day
Automated, It-dependent, Manual
Preventive, Detective
Klaus 2015
4.
5.
Risk Assessment assess risks, determine how and whether to manage those risks
Control Environment Attitude, behaviour, culture, awareness
Control activities occur at all levels, in all functions throughout the organisation operations, financial
reporting, compliance
Planning Stage risk assessment analytics used at planning, mandatory. RISK ASSESSMENT
Evidence stage substantive analytics, not mandatory. SUBSTANTIVE ANALYTICS
Completion stage conclusion analytics, mandatory. OVERALL CONCLUSION
4 Step Process
1.
2.
3.
4.
Assess reliability of data, and develop a independent expectation. Ex. Ensure you have ITGCs evidence.
Define a significant diference of threshold. Tolerable threshold is usually based on materiality. You must
quantify the tolerable threshold, not simply applying a percentage variance between the expectation and
actual. If you disaggregate two revenue streams for your analytics, and performance materiality is your
threshold, you cannot apply full performance materiality to each disaggregated element.
Compute diference. You must compute the diference between your original expectation and the actual
client figures.
Investigate significant diferences and draw conclusions. You must investigate all diferences from your
expectation. You must explain the full variance from expectation to actual, not just the variance above the
threshold. Evidence must be corroborated sufficiently and independently with evidence obtained to
support client explanations for variances
You can use this for Depreciation expense, Payroll and Interest income / expense. Outside of these three areas,
the substantive analytics check point (AA.28) must be used.
Substantive analytical procedures:
1.
2.
3.
4.
Scanning
Reasonableness
Trend analysis
Ratio
Regression.
Determine suitability, assess reliability of underlying data and develop and independent expectation
Define a significant diference or threshold.
Compute diferences
Investigate significant diferences and corroborate with evidence
Test of Details
1.
2.
3.
Targeted Testing aims at establishing if there is a material monetary misstatement, items to be tested are
selected based on monetary value or higher risk, applied to either a specific part of an account or the
whole of the account, results should not be projected to the untested items in a population, preferred
method of testing at PwC.
Accept-reject Testing Used when we are interested in a particular attribute or characteristic, used when
we are not testing monetary values, used when we do not project misstatements to the entire population.
Audit Sampling (Non-statistical sampling)- Application of auditing procedures to a representative group of
less than 100% of the items for the purpose of evaluating the entire population tested. Usually used on
populations with homogeneous items when we cannot target any items and based on risk or coverage. Can
be applied in combination with Targeted testing.
Klaus 2015
200,000
(2,000)
20,000
(12,000)
10,000
216,000
Assertions
Existence (of bank and cash assets)
Existence (of bank and cash assets)
Completeness (of bank and cash assets)
Accuracy (of related P&L transactions from reconciling cash items)
Existence/Occurrence
Rights and Obligations
Valuation
Accuracy (of related cash transaction)
Existence (of bank and cash assets)
Klaus 2015
Assertions
Completeness (of bank and cash assets)
Accuracy (of related P&L transactions from reconciling cash items)
Cut-of (of bank and cash assets)
Existence (of bank and cash assets)
Completeness (of bank and cash assets)
Cut-of (of transfer transaction)
Valuation (of bank and cash assets)
2)
3)
To the client Inventory is normally their biggest liquid asset. They not only need to manage the
investment but they also need to ensure that they manage Inventory level so that they can meet
customer needs / orders on a timely basis performing inventory counts help them to manage their
inventory levels. Inventory counts represent a strong deterrent to theft. Inventory counts verify the
quantity of inventory which, after valuation, will be included in the financial statements.
To the audit Inventory is often a material area on the balance and has a direct efect on the profit or
loss for the year. Inventory counts provide a strong source of audit evidence for Existence, as
inventory can easily be misstated and depending on the type of inventory there may be potential for
fraud through misappropriation. Attendance at the inventory count is compulsory in many countries.
To you You cant repeat the inventory count later if you have a query or forget something. You must
get everything right at the inventory count. It may be your first job alone. You may need to take
decisions or react quickly to circumstances. You may need to make decisions under pressure from
client staf. Attending the inventory count gives you an opportunity to tour the clients site and gain a
good understanding of the clients business. You will probably come into close contact with client staf
outside the financial department and, therefore, can develop your understanding of the business and
build networks outside the finance function.
Lead Schedule
Obtain movement schedule and detailed listings
Test additions
Test disposals
It is important to understand the entire flow of transactions from when they are initiated to the accounting
records that capture them. The walkthrough enables you to identify the points within the companys process at
which a material misstatement could arise. There should be controls in place to address these risks. It is
Klaus 2015
necessary to identify/confirm all the attributes of the control activities that the company has implemented.
Through walkthrough, we can better understand how IT afects the transactional flow and what the relevant IT
dependencies are. A walkthrough is performed by following the flow of an actual transaction using the clients
documents and IT systems. At the point where the important processing procedures occur we should ask
sufficiently probing questions that allow a complete understanding of the process under consideration. During
the walkthrough we verify the implementation of control activities through a combination of inquiry,
observation and examination.
Targeted testing of cash disbursements made subsequent to year end, unpaid invoices and open
receiving documents
May involve targeting both significant value invoices and those subject to higher risk of exclusion
(close to year-end or certain vendors)
How long after year-end should our search for unrecorded liabilities extend? ->Professional judgment.
When target testing a subsequent payment, the payment may relate to multiple invoices. Should we
examine evidence for all invoices or is there another way to structure the targeted test? What audit
work should be performed on the untested portion of the population of subsequent disbursements,
unpaid invoices and open receiving documents?
Factors to consider in determining the time period for the search for unrecorded liabilities: RoMM
related to the completeness of liabilities and expenses, history of misstatements due to cut-of errors,
length of time the client keeps its accounts open after year-end to process transactions, typical invoice
payment terms for suppliers and service providers and the clients payment practices, efectiveness of
controls, possibility that there may be material unrecorded liabilities only settled after the selected
time period, sufficiency of audit evidence obtained through substantive analytics and other tests of
details that provide comfort on the completeness, accuracy, and existence/occurrence of liabilities and
expenses.
EGA
Accounts Payable Lead Schedule
Accounts Payable Test accounts payable
reconciliation
Accounts Payable Search for unrecorded liabilities
Accounts Payable Test inventory receipts cut-of
Accounts Payable Verify information for disclosures
Assertions
Presentation and Disclosure
Completeness, Accuracy, Cut-of,
Existence/Occurrence
Completeness, Accuracy, Valuation, Rights
&obligations and Cut-of
Completeness and Cut-of
Presentation & Disclosures
EGA
Klaus 2015