6-1 Copyright 2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services...

6-1Copyright 2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger SimnettSlides prepared by Roger Simnett

Chapter 6

Planning, Knowledge of the Business and

Evaluating Business Risk


Learning Objective 1:

Client Acceptance


Acceptance and continuance evaluation procedures

• Procedures carried out before accepting a new client or continuing with an existing client include:

– Reviewing financial information regarding the client;– Making inquiries of third parties such as solicitors and

bankers;– Communicating with previous auditor;– Ensuring that the firm has technical expertise to carry out

audit; and– Ensuring accepting engagement will not conflict with the

profession’s code of professional conduct.


Communication with previous auditor

• Communication ensures that the interests of shareholders, the incoming auditor and existing auditor are protected. It allows the existing auditor to advise the prospective auditor of any professional matters they should be aware of before accepting the engagement.

• Nominated incoming auditor should request client’s permission to communicate with previous auditor;

• If client refuses permission, normally decline nomination; and

• If permission is granted, the nominated auditor asks previous auditor for all information necessary to decide whether nomination should be accepted.


Engagement Letters

• These letters are from the auditor to the client that document the arrangements and confirm the auditor’s acceptance of the appointment and should include:

– Objectives and scope of audit;– Responsibility of management for financial report;– Form of any reports;– An explanation of the extent to which an audit can be

relied upon to detect material misstatement; and– Auditor’s right of unrestricted access to records,

documents and other information necessary to complete audit.



Audit Planning

• The planning stage is a very important stage of the audit and involves two aspects:

– Audit plan - outlines the expected scope and conduct of audit; and

– Audit program - directs the nature, timing and extent of audit procedures.



Major steps in the audit process

• In every audit of a financial report there are seven identifiable stages. These stages are:

– Obtaining knowledge of the client’s business;– Understanding internal controls;– Assessing risks of material misstatement;– Responses to assessed risks;– Performing tests of controls;– Performing substantive procedures; and– Completion and review.


Developing an Overall Audit Strategy

• Overall audit strategy details the general evidence requirements for forming an opinion and initial decision as to the nature, timing and extent of audit procedures.

• Interrelationship between materiality, audit risk and what constitutes sufficient appropriate audit evidence impacts on auditor’s strategy.

• Audit strategies can range from a lower assessed level of control risk approach to a predominantly substantive approach.



Lower assessed level of

control risk

Predominantly substantive

approach

Audit strategy may be anywhere along this continuum

Range of audit strategies


Lower assessed level of control risk approach

• If internal control is well designed and expected to be highly effective, audit strategy will include:

– Low or medium assessed level of control risks;– Extensive understanding of relevant parts of internal

control;– Extensive tests of control; and– Reduced level of substantive audit procedures, based on

planned acceptable level of detection risk being high or medium.


Predominantly substantive approach

• If the auditor believes adequate controls do not exist or might be ineffective or testing controls are not cost effective, audit strategy will be to:

– Use a planned assessed level of control risk of high;– Plan to obtain a minimum understanding of internal

control;– Plan no tests of control; and– Plan extensive substantive audit procedures based on

planned acceptable level of detection risk of low or medium.


Impact of business risk assessment on audit strategy

• Substantial time is spent on the planning stage and on developing an expectation of what the entity’s financial report should look like. Audit strategy might include:

– Increased use of sophisticated analytical procedures;– Undertaking tests of controls for routine transactions;– Increased substantive testing for non-routine transactions;

and– Reduced detailed substantive testing if financial report is

in accordance with auditor’s expectations.


Preparing detailed audit programs

• An audit program is a detailed list of audit procedures that need to be applied to a particular balance or class of transactions to implement the audit strategy.


Purpose of detailed audit programs

• Programs should provide:– Evidence of proper planning of work;– Guidance for inexperienced staff;– Evidence of work performed;– A means of controlling time spent on the engagement;

and– Evidence of consideration of internal control structure in

relation to proposed audit procedures.


Contents of audit program

• An audit program will outline the following characteristics of audit procedures:

– Nature - particular audit procedures to use and particular items to which a procedure will be applied;

– Extent - number of items to which procedures will be applied, and number of different tests to be performed; and

– Timing - appropriate time to perform the procedure.


Assigning and Scheduling Audit Staff

• Activities entailed include:– Coordinating assistance of client entity personnel;– Determining the extent of involvement of consultants,

specialists and internal auditors; and– Establishing and co-ordinating staffing requirements.



Knowledge of the Client’s Business

• Purpose – help to assess business risk, assist the auditor to identify events, transactions, practices and risks that might have a significant effect on financial report, particularly on the appropriateness of accounting policies adopted and the reasonableness of assumptions and estimates incorporated in client’s financial report.



Procedures for obtaining an understanding of a client’s business

• These include:– Reviewing the auditor’s previous experience with the

client and industry;– Discussion with client personnel, other advisers or

previous auditors of the entity;– Reviewing the industry or government publications and

legislations;– Visiting the client’s premises; and– Reviewing documentation produced by the client.


Steps in planning the audit


Knowledge obtained by the auditor

• An auditor should obtain an understanding of:

– Client’s organisational structure;

– Client’s operational and legal structure; and

– Relevant industry and economic conditions.


Business Risk

• Business risk can be defined as: – Risk that an entity’s business objectives will not be

attained as a result of external and internal forces brought to bear on an entity and, ultimately, the risk associated with the entity’s profitability and survival.



The relationship between client business risk and the global, local and internal

environments


Assessing business risk

• The auditor must obtain a thorough understanding of the industry, including:

– Profitability and structure of the industry;– Relationship between the industry and the broad

economic and business environment;– Critical issues facing the industry; and– Significant industry business risks.


Assessing business risk (cont.)

• The auditor must also understand how the entity fits within the industry, including:

– Entity’s position within the industry in terms of profitability and market share;

– Opportunities and plans the entity has for increasing or maintaining profitability and market share;

– Threats to the entity’s position in the industry;– Ways in which the entity deals with customers and

competitors; and– Methods the entity uses to measure and monitor its

performance.


Overview of the audit risk standards

Perform risk assessment procedures to understand the entity and its environment.

See AUS 402.06-99/ ASA 315.10-116

(ISA 315.06-99)

Assess the risks of material misstatement at the financial report level and at assertion level.

See AUS 402.100-119/ ASA 315.117-140

(ISA 315.100-119)

Respond to the risks at the financial report level and assertion level.

See AUS 406.04-21/ ASA 330.08-28

(ISA 330.04-21)

Perform further audit procedures that are clearly linked to risks at the assertion level.

See AUS 406.22-65/ ASA 330.29-89

(ISA 330.22-65)

Evaluate whether sufficient and appropriate audit evidence has been obtained.

See AUS 406.66-72/ ASA 330.90-98

(ISA 330.66-72)

and AUS 502/ ASA 500 (ISA 500)


Techniques for assessing business risk – SWOT analysis

S trengths — Internal aspects that can improve competitive situation.

W eaknesses — Internal aspects, vulnerability to competitors’ strategic moves.

O pportunities — Environmental aspects that can improve entity’s situation relative to competitors.

T hreats — Environmental aspects that can undermine entity’s competitive situation.


Techniques for assessing business risk (cont.) – PEST analysis

Identifies:

P olitical E conomic S ocial T echnological

…..influences on entity.


Techniques for assessing business risk (cont.) – Value-chain approach

• This approach disaggregates an entity into strategically important activities in order to:

– Understand client’s strategic advantages;– Understand risks that threaten attainment of business

objectives;– Understand key processes and related competencies

needed to realise strategic advantages;– Measure and benchmark process performance; and– Document an understanding of the client’s ability to create

value and generate future cash flows by using a client business model, process analyses, key performance indicators and a business risk profile.


Response to assessed risks

• An auditor should determine overall responses to assessed risks at financial report level, and perform audit procedures at the assertion level. Responses at financial report level include:

– assigning more experienced staff;– using experts; and– incorporating unpredictability into selection of further audit

procedures.


Performing further audit procedures at the assertion level

• An auditor must consider:– Significance of the risk.– Likelihood of misstatement occurring.– Nature of specific controls.– Whether auditor expects to obtain evidence to determine

if entity’s controls are effective in preventing or detecting and correcting, material misstatement (planned control risk < HIGH).


Analytical Procedures

• Analytical procedures involve the use of ratios, trend analysis and operating statistics for comparison with internal and external data.

• Can be used at all stages of the audit:– e.g. in planning stage as a form of evidence or as a final

review.

• At this stage we concentrate on use of analytical procedures in planning.



Analytical procedures at the planning stage

• A risk analysis approach requires analytical procedures to be used during the planning stage of the audit.

• Allows the auditor to understand the business and identify areas of potential risk, thereby assisting in the determination of the nature, timing and extent of audit procedures.


Analytical procedures used in planning the audit

More complex procedures:• Time series modelling• Regression analysis• Financial modelling

Simple procedures:• Simple comparisons• Ratio analysis• Common-size statements• Trend statements• Time series analysis


Analytical procedures most commonly used in planning

• Comparison of current balances in the financial report with balances of prior periods, and budgeted amounts (simple comparisons);

• Computation of ratios and percentage relationships for comparison with prior years, budgets and industry averages (ratio analysis); and

• Significant variations from expectations indicate areas requiring investigation.


Ratios commonly used at the planning stage

• 1. Short-term liquidity– Current ratio (current assets to current liabilities);– Quick asset ratio (liquid assets to current liabilities); and– Operating cash flow ratio (cash from operations to current liabilities).

• 2. Activity– Receivables turnover (net sales to average accounts receivable); and– Inventory turnover (cost of goods sold to average inventory).

• 3. Profitability– Gross profit and net profit ratio (gross profit or net profit to net sales);– Return on total assets (net profit to total assets); and– Return on shareholders’ equity (net profit to ordinary shareholders’

equity).• 4. Solvency

– Debt equity ratio (long and short term debt to shareholders’ equity); and– Times interest earned (net profit to annual interest expense).


Common-size statements

• Express balance sheet components as a percentage of total assets and income statement components as a percentage of total revenue.


Trend statements• Each item is expressed as a percentage of its own level

from a base year, thus allowing focus on trend rather than absolute magnitude of dollar charge.


Reliability of data used in analytical procedures

• Data from an independent source outside the entity are generally more reliable than internal data.

• Data from a system with effective internal controls are more reliable than data from a poorly controlled system.

• Data audited in the previous year or in the current audit are more reliable than unaudited data.

• Data from a variety of sources that corroborate each other are more reliable than data from only one source.

• Data from the department within the entity that is responsible for the amount being audited are generally less reliable than data from another department.


Plausibility, predictability and precision of analytical relationships

• Relationships in a stable environment are more predictable than relationships in a dynamic, changing environment.

• Relationships involving income statement amounts (transactions over a period of time) tend to be more predictable than relationships involving only balance sheet accounts (amounts at a point in time).


Plausibility, predictability and precision of analytical relationships (cont.)

• Direct relationships are more predictable than indirect relationships.

• Disaggregated relationships are more precise and show clearer relationships than combined or aggregated relationships.

• Relationships involving transactions subject to management discretion are less predictable than those not subject to such discretion.


Examination of significant fluctuations of analytical procedures

• Each significant fluctuation (deviation from expected amount) must be investigated;

• An auditor must also be alert to the possibility that an absence of expected fluctuation might require investigation;

• Deviations from an expected amount should be discussed with management;

• Reasonableness of explanations provided by management should be considered; and

• An auditor might have to consider impact of fluctuations on audit program and other audit tests.

6-1 Copyright 2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services...

Documents

Transcript of 6-1 Copyright 2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services...