Embed Size (px)
Citation preview
AAA318 Audit and Assurance Notes
Unit 1: Assurance framework Introduction
• Assurance = any type of work that provides confidence to the users
• External assurance = provision of an independent report by an assurance practitioner on information that is prepared by one party for the benefit of another party
Assurance framework
• International framework by International Auditing and Assurance Standards Board (IAASB) - Defines assurance engagements and identifies objectives of the two type of
assurance engagements that a practitioner may perform (reasonable and limited assurance engagements)
- Distinguishes assurance engagements from other engagements - Sets out preconditions relevant to considering whether to accept or continue an
assurance engagement - Identifies and discusses the five elements of assurance engagements - Outlines several important principles relevant to performing assurance engagements
Elements of an assurance engagement
• Elements of an assurance engagement: - Three-party relationship involving practitioner, responsible party, and intended users - Appropriate underlying subject matter - Suitable criteria (e.g. IFRS) - Sufficient appropriate evidence (information obtained by the auditor during the
course of an audit) - Written assurance report in the form appropriate to reasonable assurance
engagement or a limited assurance engagement (independent auditor’s report in financial statement audit)
• Relationship between the parties:
- Attestation and direct engagements
• Audits of financial statements and reviews of historical financial information = attestation engagements
• Attestation engagement = party other than the practitioner measures or evaluates the underlying subject matter against the criteria and often present the underlying subject matter in a report or statement
• Direct engagement = practitioner is also the measurer or evaluator of the underlying subject matter against the criteria, and they apply assurance skills and techniques to obtain sufficient appropriate evidence about the information - Responsible party does not present the subject matter information in a report - Assurance practitioner reports directly on subject matter and provided intended
users with an assurance report Levels of assurance
• International framework two type of assurance engagements: - Reasonable assurance engagements - Limited assurance engagements
• Higher the level of assurance required → greater the quality and quantity of evidence gathered → more confidence users can have
• Relationship between levels of assurance and degree of confidence:
- Assurance skills and techniques
• Applying professional scepticism and judgement
• Planning and performing an assurance engagement, including obtaining and evaluating evidence
• Understanding information systems and role and limitations of internal control
• Linking the consideration of materiality and engagement risks to the nature, timing and extent of procedures
• Applying procedures as appropriate to the engagement
• Systematic documentation practices and report-writing skills Other services performed by assurance practitioners Due diligence engagements
• Investigate financial results, or operational activities
• Assurance practitioner uses their assurance skills in reviewing documentation, conducting discussions with senior management, and analysing both historical and forecast financial information
• Scope of work → agreement between practitioner and client Consulting or advisory engagements
• Relate to design and development of new methods, approaches and strategies
• May include implementation of new systems and processes
• Do not provide a conclusion or assurance and are not within the scope of the IAASB pronouncements
• Combination of activities related to: - Setting objectives and defining problems or opportunities - Fact-finding, evaluating alternatives and developing recommendations - Communicating results
- Implementing the recommendations and following up International and national auditing and assurance pronouncements
Overview of international Standard-setting
• International Federation of Accountants (IFAC) = global organisation for the accountancy profession - Objective → develop and enhance a coordinated worldwide accounting profession
with harmonised Standards - Oversees International Auditing and Assurance Standards Board (IAASB) and
International Ethics Standards Board of Accountants (IESBA)
International Body Responsibilities
IFAC - Protects the public interest by supporting development of all sectors of profession internationally
IAASB - Independent standard setting board that serves public interest by setting high-quality Standards for auditing, quality control, review, other assurance, and related services
- Facilitates convergence of international and national Standards
IESBA - Independent standard setting board that serves the public by developing and issuing high-quality ethical Standards
- IESBA code
• International auditing and assurance pronouncements
• Applicable international Standards
• IAASB Engagement Standards: - International Standards on Auditing (ISAs) - International Standards on Review Engagements (ISREs) - International Standards on Assurance Engagements (ISAEs) - International Standards on Related Services (ISRSs)
• Issues International Standards on Quality Control (ISQCs) and non-authoritative material Standards applicable to audits of historical financial information (ISAs)
• General purpose financial statements (GPFS) → meet the common financial information needs of a wide variety of users
Standards applicable to reviews of historical financial information (ISREs)
• Practitioners use the ISREs and a limited level of assurance provided
Standards applicable to other assurance engagements (ISAEs)
• Prospective financial position, performance and cash flows for which the subject matter information may be the recognition, measurement, presentation and disclosure of the prospective financial information presented in a financial forecast
• Performance of an entity for which the subject matter information may be the key indicator of efficiency and effectiveness
• Entity’s IT controls for which the subject matter information may be the entity’s statement of the effectiveness of IT controls
• Entity’s compliance with environmental laws for which the subject matter information may be a statement of compliance with the environmental laws
Standards applicable to agreed-upon procedures and other related service engagements (ISRSs)
• Require certain procedures to be performed by an assurance practitioner but does not require an assurance
• Factual findings are outlined in a report National reporting and auditing requirements Australian auditing and assurance pronouncements
• Auditing and Assurance Standards Board (AUASB) = responsible for developing, issuing and maintaining auditing and assurance standards - Independent, statutory agency of Australian Government
• Professional and Ethical Standards → set by Accounting Professional and Ethical Standards Board (APESB)
• Australia’s auditing and assurance professional and ethical standards largely follow their international equivalents issued by the IAASB and IESBA.
• • Australian equivalents to IAASB standards:
- ISQC1 = Australian Standard on Quality Control 1 (ASQC 1) - ISAs = Australian Auditing Standards (ASAs) - ISREs = Australian Standards on Review Engagements (ASREs) - ISAEs = Australian Standards on Assurance Engagements (ASAEs) - ISRSs = Australian Standard on Related Services (ASRSs)
Differences between International Standards and Australian Standards
• Conformity with International Standards on Auditing outlines the difference at the beginning of each Standard
• ‘Aus’ prefix is used for paragraphs added in Australian Standards Complying with Auditing and Assurance Standards
• Single set of Auditing and Assurance Standards issued by AUASB Assurance engagements performed under the Corporations Act
• s. 307A requires practitioners to comply with AUASB Standards
• Audits are enforced by ASIC
• ASA 101 → AUASB standards have the force of law for the purposes of the Corporations Act
• Each ASA comprises of mandatory components and explanatory material - Mandatory components = impose a legal and/or professional obligation on auditors
for audit or review engagements
• ASA 101 sets out the requirement for the auditor to consider the whole text of an accounting standard
Other assurance engagements
• APES 210 requires members of CA to comply with AUASB Standards
• Enforceable by professional accounting bodies
• Also requires: - Observe and comply with public interest obligations and independence
requirements are set out in APES 110 - Comply with auditing and assurance Standards
Other Australian pronouncements
• AUASB Guidance Statements (GSs) → non-mandatory guidance on specific matters Corporations Act 2001 (Cth)
• Requires certain entities registered under the Act to prepare an annual financial report (s. 292) and have it audited (s. 301) - Disclosing entities - Public companies - Large proprietary companies - Registered schemes
• Financial report must include (s. 295(1)): - Financial statements for the year and related notes - Director’s declaration about the statements and notes
• When conducting an audit or review under the Corporations Act, auditor must comply with: - Forming an opinion as to whether the financial report is in accordance with
Accounting Standards and gives a true and fair view (s. 307(a)) - Conducting the engagement in accordance with Auditing Standards (s. 307A) - Retaining work papers for seven years after the date of the audit report to which
they relate (s. 307B) - Providing the directors of the client with an independence declaration (s. 307C) - Reporting to members of the client as to whether the financial report is in
accordance with the Corporations Act (s. 308(1)) - Reporting to ASIC any contraventions and suspected contraventions of the
Corporations Act during the conduct of an audit (s. 311) Registered company auditor (RCA) and Authorised audit company (AAC) registration
• Auditor must be a RCA to audit companies under the Corporations Act
• RCA requires auditor to satisfy the requirements of s. 1280 of the Corporations Act
• AAC registration is covered by s. 1299B of the Corporations Act ASIC class orders – exemptions from specified financial reporting and audit requirements
• Commonly entail extensive prerequisites for any entity that wishes to apply for relief ACNC Act
• Australian Charities and Not-for-profit Commission = independent national regulator of charities
• Australian Charities and Not-for-profit Commission Act 2012 (Cth) = sets out the objects and functions of the ACNC and the framework for the registration and regulation of charities
• Audit or review is based on size of the charity based on annual revenue - Large charity = must have financial report audited and submit it and an auditor’s
report to ACNC - Medium = must submit financial report, but can choose to have it reviewed or
audited Auditor’s objectives and responsibilities in conducting an audit
Auditor’s overall objectives
• Outlined is ISA 200
• Purpose of an audit = enhance the degree of confidence of intended users in financial statements
• User of audited financial statements must have confidence that the auditor has worked to a suitable standard and that a quality audit has been performed
Requirements in conducting an audit
• Ethics
• Professional scepticism
• Professional judgement
• Sufficient appropriate audit evidence and audit risk
• Conduct of an audit in accordance with ISAs Ethics
• Comply with relevant ethical requirements (including those related to independence)
• International level → IESBA’s Code of Ethics for Professional Accountants Professional scepticism
• Professional scepticism = attitude that includes having a questioning mind, being alert to conditions that may indicate possible misstatement due to error or fraud, and critically assessing audit evidence
Professional judgement
• Professional judgement in planning and performing an audit
• Important regarding decisions that involve the following: - Assessing materiality and audit risk - Determining the nature, timing and extent of audit procedures to gather audit
evidence - Evaluating whether sufficient appropriate audit evidence has been obtained - Evaluating management’s judgement’s in applying the entity’s financial reporting
framework - Drawing conclusions based on evidence obtained - Forming an audit opinion
• Center for Audit Quality (CAQ):
- • Identify and define the issue:
- Identification of the issue involves careful analysis of the situation, and often discussion with others
- Impact on financial statements? - Level of complexity inherent in the issue? - Level of uncertainty that impacts the outcome? - Impact on planned audit procedures? - Any related issues that may need to be considered?
• Gather the facts and information and identify the relevant literature: - Relevant literature = financial reporting Standards or the audit firm’s internal
guidance - Critically assesses evidence - Exercise professional scepticism in evaluating the evidence that potentially conflicts
information given by management
• Perform the analysis and identify potential alternatives: - Consider potential alternatives and evaluate the outcome of each alternative - Avoid common judgement tendencies, traps and biases that may impair a decision
• Making the decision: - Assess whether they have followed the judgement process and adequately
considered all the information
• Review and complete the documentation and rationale for the conclusion: Sufficient appropriate audit evidence and audit risk
• Obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level to enable them to draw reasonable occlusions on which to base the audit opinion
• Audit evidence is commonly sources from clients’ accounting records, discussions with the client and external sources (e.g. banks, share registries and lawyers)
• • Sufficiency → assessed risk of material misstatement and quality of evidence
• Audit procedures and reliability of audit evidence:
Procedure Reliability
Inspection - Dependent on source and nature of the evidence
Observation - Reliability is increased as the auditor obtains evidence directly
- Limited to the point in time at which observation takes place
External confirmation
- Obtaining written confirmations from external parties has high level of reliability
Recalculation - Increased as auditor obtains the evidence directly
Reperformance - Increased as auditor obtains the evidence directly
Analytical procedures
- Increased when controls over the preparation of the underlying information are effective
Enquiry - Not as reliable as documentary evidence - Cannot rely on enquiry alone to provide sufficient,
appropriate evidence
• Audit risk: - Risk that the auditor expresses an unmodified opinion when the financial statements
are materially misstated - Audit engagement provides reasonable assurance (not absolute assurance),
therefore auditor does not test all transactions - Audit risk model
- - Inherent risk = susceptibility of an assertion about an account or disclosure to a
material misstatement ▪ Assessed before consideration of any related controls ▪ Higher for some assertions and some accounts
- Control risk = material misstatement will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control
- Risk of material misstatement = inherent risk + control risk - Detection risk = procedures performed by the auditor to reduce audit risk to an
acceptably low level will not detect a material misstatement ▪ Only component of audit risk model that is controlled by the auditor
• Relationship between risk and audit evidence:
- - Risk of material misstatement increases → auditor needs to obtain more, and better
quality audit evidence - Higher quality evidence can reduce the quantity of evidence, however quantity
cannot make up for quality Conduct of an audit in accordance with ISAs
• Must comply with all ISAs that are relevant to the audit, unless the entire ISA is not relevant
Audit documentation
• Only way for the auditor to prove they have done the work is by documenting what they have done
• ISA 230 → guiding principle for audit documentation - Audit documentation must be specific enough that an experienced auditor with no
previous connection to the audit can understand the work that was done, why it was done, the results and the conclusion drawn
• Auditing Standards specify the minimum requirements for what needs to be documented
Digitalisation of audit documentation
• More common for audit files to be completely electronic
• Dilemma if data sets or just the results should be included in the audit files
• Software used can be used as a tool for automating some audit tasks, and a repository for electronic audit files
The audit process
• Current issues in audit
• Most current developments are driven internationally by the IAASB Auditor reporting
• Changes to auditor reporting by AUASB on or after 15 Dec 2016: - Reordering the report, with audit opinion now being required first - Revised description of the responsibilities of management and the auditor - Enhanced auditor reporting on going concern - New reporting requirements for listed entities - New section setting out auditors’ responsibilities relating to other information
• Benefits form new and revised Standards: - Increased transparency and informational value - Increased insights into the audit - Enhanced communication between auditor and investors, and between auditor and
those charged with governance - Increased attention from management and those charged with governance to the
disclosures in the financial statements - Increased focus by auditor on matters to be reported
Auditing disclosures
• IAASB issued in July 2015 → Addressing Disclosures in the Audit of Financial Statements – Revised ISAs and Related Conforming Amendments
