Professional Documents
Culture Documents
WELCOME
ACCT3014 - Auditing and Assurance
Semester 1, 2013
Week 4 Lecture More on Planning the Audit, and the importance of Internal Controls
Assessing Business Risk Internal Controls and Assessment
Business Risk
Which of the following best describes Business Risk? a) The risk that the financial errors contain material errors b) The risk that the company will not achieve its objectives c) The risk of the auditor forming the wrong opinion d) Economic factors that may cause cash outflows from the company Which of the following is correct relating to risk? a) Understanding BR is the responsibility of directors only b) Only internal auditors need to understand business risks c) External auditors should concern themselves with audit risk only d) Auditors should identify significant risks to be covered in their audit work
Lecture Outline
Linking of Business Risk to a key general ledger account
What are Assertions and linking the Business Risk to the applicable key account and then the relevant assertion
Internal Controls What are they and why important
External Factors (Industry, regulatory, economic) Internal Factors (Company's Objectives, Nature..) Assess Fraud Risk and Non-compliance with Laws etc Significant business risks may increase the risk of material misstatement and these are the risks that the Auditor needs to address Auditor needs to then understand Internal Controls and evaluate whether they address/minimise the BRs identified as key by the Auditor
Some BR
Internal Controls
The BR Approach is about identifying significant BR and using appropriate audit procedures to plan and conduct the audit.....its an iterative process
4
Material Misstatement Risk that the financial Statements have material/significant Errors in them
Control Risk Risk that the Companys Internal Controls will not prevent or detect and correct errors
Inverse relationship Material Misstatement Risk that the financial Statements have material/significant Errors in them
Audit Risk: Risk that the Auditor gives an inappropriate audit opinion On the Financial Statements that contain material misstatements
5
If Yes
For An Income Statement some of the assertions change By example Sales Existence becomes Occurrence Valuation becomes accuracy
7
Assertion
Definition
Example
Existence
Do Assets and Liabilities actually exist? Are they real? Important when the Auditor believes that there is a risk of overstatement Have the Assets & Liabilities been accounted for? Are you sure that they have been recorded? Have the Assets, Liabilities and Equity accounts been recorded at their correct amounts? Are the recorded assets owned by the client? Are the recorded liabilities commitments of the client? Risk when the Auditor believes that A/L are not owned by the client.
PPE Inventory
Completeness
Definition
Did the revenue or expense transaction actually take place? Auditor concerned with the risk of overstatement where events are recorded but did not actually occur Are you sure that revenues and expenses have been recorded? Risk of understatement often when expenses incurred but not recorded Are the Revenues and Expenses recorded at the correct amounts?
Example
Sales Revenue
Completeness
Revenue Expenses
Accuracy
Cut-Off Classification
Are transactions recorded in the correct accounting period? Auditors tests whether revenue and expenses are recorded in proper accounts
Revenue All items but in particular expenses as high risk incorrectly capitalised
9
Given Assertions are important to ensure Managements correct reporting of financial data in the financial statements, it is critical that company rules are in place to achieve this goal. Thus the rules, the Internal controls, are important to both Management (charged with the requirement to safeguard the assets and resources of the operation), and also the Auditor (charged to provide reasonable assurance as to the True and Fairness of Managements financial reports)
10
2.1 Obtain knowledge of the business ASA 315 (including ASA 250) 2.1.1 Preliminary analytical procedures 2.2 Appraisal of risks, including fraud risk (ASA 240) going concern (ASA 570) ASA 315 2.3 Estimate of materiality 2.4 Review of control components 2.4.1 Preliminary evaluation of control environment 2.5 Develop overall audit plan (i.e. develop an audit strategy) in response to risks ASA 330 2.5.1 Determine reliance on internal controls 2.5.2 Determine extent and nature of testing 2.5.3 Write audit plan 2.6 Assignment of staff
Internal Control=Management Responsibility Management (not the auditor), must establish and maintain the entity's control structure Control structure aids management to ensure:
irregularities are prevented or detected and corrected assets are safeguarded financial records are accurately reflected adherence to management policies operational efficiency is promoted that prevents unnecessary duplication of effort
Because of its inherent limitations, an internal control structure cannot be regarded as completely effective, regardless of the care taken in its design and implementation
2. The rules need to change (updated or amended) as the company activities change.
1. Important if a new business division is started or acquired
2.
3.
IT systems change
If there are restructuring issues (staff sacked impacts segregation of duties)
3. A key rule segregation of duties costs money (more staff). So even if the rule would protect assets or information, Management may decide not to implement the rule based on a cost benefit analysis. 4. Both management and the external auditor need to know if a rule is working. Having a rule but it not operating means the rule does not exist.
15
the control environment the entities risk assessment process the information system, including related business processes control activities monitoring of controls
communication and enforcement of integrity and ethical values commitment to competence participation by those charged with governance managements philosophy and operating style organisational structure assignment of authority and responsibility human resource policies and practices
Information System Including Related Business Processes (ASA 315.18 and A81-A87)
Auditor obtains an understanding of:
classes of transactions
procedures (including IT) by which transactions are initiated, recorded, processed, and reported in the financial report related accounting records
how the information system captures events/ conditions other than classes of transactions financial reporting processes used to prepare the financial report controls over journal entries, non-recurring/unusual transactions, adjustments
Partial Internal Control Questionnaire for Sales What are the controls, and who is involved.
Client_________________________________________________________________Audit Date _________________________ Auditor ______________ Date Completed____________ Reviewed by ___________ Date Completed______________________
Objective (italic) and question Sales A. Recorded sales are for shipments actually made to non-fictitious customers 1. Is the recording of sales supported by authorised shipping documents and approved customer orders? B. Sales transactions are properly authorised. 1. Is the customer's credit approved by a responsible official? 2. Is a prenumbered written shipping order required for any merchandise to leave the premises? 3. Is an authorised price list used? C. Existing sales transactions are recorded. 1. Is a recoed of shipments maintained? 2. Is the shipping document controlled from the office in a manner that helps ensure that all shipments are billed? 3. Are shipping documents prenumbered and accounted for? 4. Are sales invoices prenumbered and accounted for? D. Recorded sales are for the amount of goods ordered and are correctly billed and recorded. 1. Is there independent comparison of the quantity on the shipping document to sales 2. IS there internal verification, extensions, pricing, and footing of sales invoices? 3. Are monthly statements sent to customers? E. Sales transactions are properly classified. 1. Is there independent comparison of dates on shipping documents to dates recorded? F. Sales are recorded on a timely basis. 1. Is there independent comparison of dates on shipping documents to dates recorded? G. Sales transactions are properly included in the subsidiary records and correctly summarised. 1. Are journals independently footed and traced to the general ledger and subsidiary records? 2. Is there a monthly reconciliation of the accounts receivable subsidiary records to the general ledger?
Yes
Answer No N/A
Prenumbered but not accounted for additional substantive testing required By Pam Dilley, controlled by Chulick By Pam Dilley
All sales are on account and there is only one sales account There is a weakness in the system and additional substantive testing required
22
Monitoring is the process by which the entity monitors the quality of internal controls over time Involves assessing the design and operation of controls on a timely basis and taking the necessary corrective actions Ongoing monitoring activities could include: - internal audit - continual management review of exception and operation reports - review/response to customer complaints
The auditors emphasis is on identifying and obtaining an understanding of control activities that address the areas of significant risk, i.e. areas where the auditor considers that material misstatements are more likely to occur (i.e. IC relevant to the audit as per ASA 315.A89). i.e. mitigating controls
(iii)
(iv)
In your BR Approach for the following identified risks in Woolworths , Determine a PRACTICAL Internal Control procedure that would mitigate the risk:
Overpayment of overtime to casual employees
Materiality
Audit Evidence, linking to ASSERTIONS and Procedures! The reliability of audit evidence is influenced by its source and nature. For example, management may use a broker quote to support a fair value measurement; however, when the quote is obtained from the institution that initially sold the instrument, this evidence may be less objective and may need to be supplemented with evidence from one or more other brokers
www.ifac.org/download/staff_audit_practice_alert.pdf
27