Audit Process _ Risk Assessment

Document Sample
Audit Process _ Risk Assessment Powered By Docstoc
					C:\Docstoc\Working\pdf\f91708f2-05e0-487d-a29a-01b78eec67f7.doc


Assurance concept and audit process
A. Management assertions and audit objectives


What are Assertions?
They are statements about the “state of being”.
In order for the auditor to be able to attest to an assertion, it is necessary to have
objectively determined criteria as a reference against which the assertion may be
assessed.
Two major areas of assertions –
a. Financial statement assertions and;
b. Assertions in other assurance services.


HKSA 500– the auditor is concerned with the following assertions:
For example:    Debtor $250,000
    Existence - The persons who owe the company at balance sheet date
    Occurrence - A sale occurred during the financial period
    Completeness - All items happened in the particular period are included in this
     particular period
    Valuation – Appropriate value at the balance sheet date
    Measurement - The transactions making up this balance were recorded for the
     correct amount and in the correct accounting period.
    Disclosure – In accordance with applicable regulations and legislation
    Rights and Obligations – Legal right to receive or pay


Audit procedures and evidence
Audit program is a list of audit procedures used in corroborating a particular
account. Common audit procedures outlined:
    Inspection – Examining documents or records
    Observation – Watching a process or procedure
    Inquiry and confirmation – Seeking information from knowledgeable persons.
    Computation – Checking the arithmetical accuracy.
    Analytical review – Studying ratios and investigating unusual trends.

Audit evidence
Evidence is “information” which can be used to support our ultimate opinion.
Sufficiency is a measure of the quantity of evidence obtained.
Appropriate – the evidence must be relevant to our opinion.
C:\Docstoc\Working\pdf\f91708f2-05e0-487d-a29a-01b78eec67f7.doc


Assurance concept and audit process
B. Evaluating strategic business risk – framework for audit planning


Overview of the audit risk model
Auditor business risk – it is the auditor’s exposure to loss or injury to the
professional practice from litigation, adverse publicity or other events arising
in connection with financial report audit.


The auditor carries out audit procedures until audit risk is low enough to
issue an opinion. In planning the audit procedures in each area, the auditor
can choose:
 Those designed to provide reasonable assurance that inherent nature of the
     item and the internal control structure are such that the risk of a material
     statement in the financial report is low; or
    Those designed to validate an item directly, so that the auditor has
     reasonable assurance that material misstatement in the areas will be
     detected.


Component of audit risk
Audit risk is made up of three components:
1. Inherent risk: the susceptibility of an assertion to material misstatement
   given the inherent and environmental characteristics, but without regard
   to prescribed control procedures.
     For example, cash is more susceptible to theft than an inventory of cement.


2.   Control risk: the risk that a material misstatement in an assertion may
     not be prevented or not be promptly detected by prescribed internal
     control polices and procedures.
     For example, poor controls over the custody of inventory increase the possibly of theft.


3.   Detection risk: the risk that an auditor’s substantive procedure will lead
     the auditor to conclude that a material misstatement does not exist when
     the acct balance or class of transaction is actually materially misstated.
C:\Docstoc\Working\pdf\f91708f2-05e0-487d-a29a-01b78eec67f7.doc




Assurance concept and audit process
Evaluating strategic business risk – framework for audit planning



Figure Audit risk, graphically depicted
C:\Docstoc\Working\pdf\f91708f2-05e0-487d-a29a-01b78eec67f7.doc




                                  Inhere
                                                                            Misstatements
                                  nt risk
                                                                            likely to occur in
                                                                            client’s FR




                  Misstatemen

                  t that bypass

                  controls
                                            Control Risk




                 Misstatement s caught

                 by auditors


                                                           Detection risk



                         Audit risk – Misstatements
                         undetected by auditor




Assurance concept and audit process
Evaluating strategic business risk – framework for audit planning


Inherent risk:
Five factors which affect inherent risk at the financial level:
C:\Docstoc\Working\pdf\f91708f2-05e0-487d-a29a-01b78eec67f7.doc


1.   Integrity of management
     If management lacks integrity, they are more likely to be prepared poor
     reputation in the business community. Lack of integrity may be indicated
     by attempts to limit the auditor’s access to people or information;


2.   Management experience, knowledge and changes during the period
     Inexperience of management and its lack of knowledge may affect the
     preparation of the financial report. When the auditor observes frequent
     personnel turnover in important management positions, inherent risk
     increases because honest individuals are likely to resign their
     management positions rather than perpetuate some type of fraud.


3.   Unusual pressure on management
     There may be incentives for management to misstate the financial report.
         Facing cash flow problems;
         Poor liquidity;
         Poor operating results
         If management compensation schemes are tied to earnings or share
          prices, there is an incentive for management to misstate the result in
          order to obtain a bonus.


4.   Nature of the entity’s business
     For example, while the new economy or Internet companies have
     potential advantages, until they establish a reputation and a reliable
     revenue source they will be inherently risky.
     There are also factors associated with the nature of the entity’s business.
     If the entity has a complex capital structure, this will increase inherent
     risk. The existence of related-party transactions would also increase
     inherent risk as the transactions are not with an independent party.


5.   Factors affecting the industry in which the entity operates
     Changes in economic and competitive conditions would be expected to
     have a major impact on the inherent risk of an entity,
Assurance concept and audit process
Evaluating strategic business risk – framework for audit planning


Computer Information Risk (CIS):
Six Red flag areas that will increase inherent risk in relation to CIS:
C:\Docstoc\Working\pdf\f91708f2-05e0-487d-a29a-01b78eec67f7.doc


1.   Significant change in CIS – Conversion of a new system or the new
     system may not be able to be delivered.


2.   Insufficient CIS skills and resources – The skills of staff should be
     relevant and current so that they can operate and understand the system.


3.   Lack of entity support and focus – Senior mgt needs to demonstrate their
     accountability for CIS by appropriate committee and involvement.


4.   High dependence on CIS – An entity that requires CIS to support its core
     business from an operational perspective has a higher level of inherent
     risk than an entity that depends on CIS only to produce their financial
     information.


5.   Reliance on external CIS – Outsourcing CIS operation may mean that
     changes to response time, service and capacity affect the user’s ability to
     meet customer needs.


6.   Reliability and complexity of CIS – The more complex the system the
     greater the risk of errors or misinterpretation.


There is potential impact of e-commerce on strategic business risk and its
effect on inherent risk.
Three major categories of risk – increase inherent risk
      Risks arising through the nature of the relationship with e-commerce
          trading partners
         Risks related to the recording and processing of transactions initiated
          through e-commerce.
         Pervasive e-commerce business risks such as technical competency
          required by staff, computer crime and computer viruses.




Topic 5 – Evaluating strategic business risk – framework for audit planning

Inherent risk at account balance and class of transaction level


Six factors outlined
C:\Docstoc\Working\pdf\f91708f2-05e0-487d-a29a-01b78eec67f7.doc


1.   Accounts likely to require adjustment
2.   Complexity of underlying transactions
3.   Judgment involved in determining account balances
4.   Susceptibility of assets to loss or misappropriation
5.   Occurrence of unusual and complex transactions, particularly at or near
     year end.
6.   Transactions not subject to ordinary processing


Monroe et al. – Five most important inherent risk factors at the account
balances and class of transactions level were:
     The results from previous audits indicate that many errors are made
         in the recording of accounts receivable;
     There is a substantial number of accounts receivable that are
         significantly overdue;
         The company has a history of inventory pricing errors;
         Management estimates for the provision for doubtful debts have not
          been accurate in the past; and
         The company has a history of inventory cut-off problems.


Materiality
The Auditors use the materiality in two ways:
1. In evaluating the presentation of financial data (material in accounting);
    and
2. In deciding question involving the planning and execution of the audit
    program (material in auditing)


Rules of thumbs for planning materiality:
Common bases                  Range of % applied to base Relative advantage
Net profit                    5 –10                               Relevance
Total revenue                 0.5 –1                              Stability
Total assets                  0.5- 1                              Predictability /stable
Equity                        1-2                                 Stability


Case - Inherent risk of a financial planning and investment service company

a.   Contrast inherent risk and control risk
Normally, the inherent risk assessment is independent from control risk and is not
affected by the control risk assessment of client’s internal control system.
C:\Docstoc\Working\pdf\f91708f2-05e0-487d-a29a-01b78eec67f7.doc


However, there are events or factors may affect both inherent and control risk.


Does Corporate governance - the poor management due to lack of experience,
knowledge or change during the year - would affect the control risk?


Management is responsible for preparing financial information which is an accurate
and fair presentation of the financial position of the organization. Corporate
governance is the system or process by which companies are direct and controlled.
It is concerned primary with management and stewardship issues including
“Maintaining the integrity of the internal control structure and the MIS”.


It is note from AUS 402.14that the management experience and knowledge and
changes during the financial period would affect the inherent risk as inexperience of
management and its lack of knowledge may affect the preparation of the financial
report.


If a single person dominates the entity’s operating and financing decision, there is a
higher risk that a material misstatement could occur than the decisions are reviewed
by the entity’s board of directors or audit committee. Good corporate governance
structure would reduce the inherent risk of the financial report. Moreover, poor
corporate governance would affect the control risk with the poor internal control
structure in terms of:


1. Control environment – AUS 402.04 states that the control environment includes
   management’s overall attitude, awareness and actions regarding internal control
   and its importance in the entity.
2. Information system - AUS402 includes the information system as part of the
   internal control structure. Information must be identified, captured and
   exchanged in a form and timeframe that enables entity personnel to carry out
   their responsibility.
3. Control procedure – It encompass both policies and procedures established by
   management to ensure its derivates are carried out.
Case 7.14 - Inherent risk of a financial planning and
investment service company
b. Inherent risk factors


Background information
Rich fast Pty Ltd is a large firm that provides financial planning services and
C:\Docstoc\Working\pdf\f91708f2-05e0-487d-a29a-01b78eec67f7.doc


investment advice to the general public.


Notes from the meetings are reproduced below;
1. Ms Nomer expects us to get “up to speed” with Richfast Pty Limited’s operation
    ASAP. She has instructed her staff to co-operate fully with us and to answer any
    queries we may have.


Factors affect inherent risk – The integrity of management is good as Ms. Nomer lets
the auditor’s access to people or information. The co-operation of staff to answer
any query of the auditor may have in order to get “up to speed” of client’s operation
would affect the inherent risk.


Since the auditor could understand the complexity of underlying transaction with
their staff ‘s explanation, the auditor might reduce the inherent risk of the audit. If
the management’s demand is unreasonable e.g. attempt to limit the auditor’s access
to people or information during the preliminary risk assessment stage, the inherent
risk is increased.


2. Ms. Nomer was quite impressed with the prior audit firm although she felt they
    were a bit too keen to sell her additional services.


Factors affect inherent risk – Professional queries from prior auditors would help
current auditors to assess the inherent risk. In accessing inherent risk at the account
balance or class of transactions level, the auditor makes a focused consideration on
the implications of the auditor’s understanding of the client.


If the account that was found to be misstated in previous audit, it is likely to contain
similar misstatement in the current years. The auditor should assess inherent risk
as being higher in the accounts where the past misstatements have occurred.




Case - Inherent risk of a financial planning and
Investment service company
b. Inherent risk factors


3. Richfast Pty Limited has branches in each capital city. These branches report to
    head office monthly via a standard set of management reports submitted by
C:\Docstoc\Working\pdf\f91708f2-05e0-487d-a29a-01b78eec67f7.doc


   secure mail.


Factors affect inherent risk – Complexity of underlying transactions are characterized
by difficult calculations or a complex accounting standard. They are more prone to
error than simple repetitive transactions.


Since the branches report to head office via a standard set of management report, the
complexity is reduced and the transactions are subject to ordinary processing with
secured mail.


4. In the past, the branches largely ‘did their own thing’ as regards accounting and
   accounting records. However, this resulted in many problems at year-end.
   Software consultants were engaged at the beginning of the year end and have
   installed a networked accounting package that all branches now use. The system
   appears to be functioning well.


Factors affect inherent risk – Significant changes in CIS would increase inherent risk.
Errors may occur through incorrect conversion of a new system or because
information in the previous system is unacceptable to the new system. The new
system may not be able to be delivered.


Integration of accounting information with the new network accounting package
setup in year-end would increase the inherent risk as the delivery of new computer
system is not ascertained and the transaction occurred at year-end.




Case 7.14 - Inherent risk of a financial planning and
Investment service company
b. Inherent risk factors


5. Richfast Pty Limited is privately owned by around 60 principals. Shareholdings
   vary according to seniority. Some principles have salary and drawings paid
C:\Docstoc\Working\pdf\f91708f2-05e0-487d-a29a-01b78eec67f7.doc


   directly to their private companies. Ms Nomer doesn’t get involved in this.
   Another firm of accountants, BSD & Co., handles this aspect of the business,
   including the maintenance of statutory registers.


Factors affect inherent risk – nature of business entity also associated with inherent
risk at the financial report level. If the entity has a complex capital structure, this
will increase inherent risk.


As the calculation of salary and accounting entry of principal’s drawing involve
judgment in determining accounting balance, it is a higher of inherent risk. However,
the complex of transaction and judgment of balances are greatly reduced and
eliminated by employing another accounting firm to handle this aspect of business
and the maintenance of statutory registers.


6. Richfast Pty Limited is generally seen as lagging behind the market leaders in the
   industries; the firm tends to be seen as a bit old-fashioned and conservative.


Factors affect inherent risk – Changes in economic and competitive conditions would
be expected to have a major impact on the inherent risk of an entity. The
competition within the industry can affect the entity’s pricing policies, credit terms
and warranties.


Since Richfast is generally seen as lagging behind the market leader, the competitive
condition due to price-cutting strategy of the leader to gain market share would not
affect Richfast’s as there is no inventory kept by Richfast. However, the
conservative and old-fashion style of Richfast might reduce the inherent risk in the
financial planning and investment advice industry as they have over 60 Principal
around the world.




Case - Inherent risk of a financial planning and
Investment service company
b. Inherent risk factors


7. Richfast Pty Limited’s general purpose financial report is quite complex, but an
   unqualified audit report has been issued every year an audit has been carried
C:\Docstoc\Working\pdf\f91708f2-05e0-487d-a29a-01b78eec67f7.doc


   out.


Factors affect inherent risk – The complex of general purpose financial report is a
inherent risk as transactions characterized by a complex accounting standard are
more prone to error than simple repetitive transactions.


The unqualified auditor report could not reduce the inherent risk of complexity of
underlying transaction. However, the correct statement found in previous audits
confirm that the inherent risk from accounts likely to be misstatement would be
reduced if “there are no material audit adjustment at year end.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:29
posted:8/26/2012
language:English
pages:12