Chartered Accountants Audit Conference Application of Complex Auditing Standards

Chartered Accountants Audit Conference

Application of Complex Auditing Standards

charteredaccountants.com.au

Christin Schaller FCA

Principal

Red Square Training and Consulting Pty Limited02 9948 8686

Application of complex auditing standards

> ASAs in force for financial periods commencing on/after 1 July 2006

> Corporations Act audits/reviews – standards legally enforceable via ASIC

> all other audits/reviews – standards enforced by professional bodies (eg via Institute’s Quality Review program)


> ASAs reflect a business risk approach:

• understand environment and operations

• assess risks arising

• identify assertions at risk

• design and perform procedures

• evaluate evidence obtained


Three key standards covered today:

1. ASA 230: Audit Documentation

2. ASA 315: Understanding the Entity and its Environment and Assessing the Risks of Material Misstatement

3. ASA 330: The Auditor’s Procedures in Response to Assessed Risks

> purpose is to establish mandatory requirements and provide guidance on documentation

Key mandatory requirements:

> overall: provide a basis for your audit report and evidence the audit was performed in accordance with ASAs

1. ASA 230: Audit documentation


> documentation should enable an experienced auditor to understand the work performed

> record the identifying characteristics of specific items/matters being tested

> document discussions of significant matters

> document contradictory information and how this was addressed

Heading Style

Body copy

> Bullet style


> where factors outside your control prevent you from complying with a mandatory requirement, need to document:

- circumstances and reason

- alternative procedures


> record who performed work and date performed, and who reviewed the work and the date/extent of review

> complete the audit file on a timely basis after the audit report


> once the file is completed, no documentation shall be deleted or discarded before the end of the retention period (7 years)

> any modifications to the file need to be documented

> need to adopt procedures for maintaining documentation (also a requirement of APES 320)

2. ASA 315: Understanding the entity/risks

> purpose is to establish mandatory requirements and provide guidance on obtaining an understanding of the entity and its environment in assessing the risks of material misstatement in a financial report audit

2. ASA 315: Understanding the entity/risks

Deals with 5 key issues:

i. risk assessment procedures, including internal controls

ii. understanding the entity and its environment, including internal controls

iii. assessing the risks of material misstatement (RMM), including identifying significant risks

iv. communicating with management/those charged with governance

v. documentation

2. ASA 315: Understanding the entity/risksi. Risk assessment procedures

Perform the following risk assessment procedures to obtain an understanding of the entity, its environment, and its controls:

a) inquiries of management/staff

b) analytical procedures

c) observation and inspection

2. ASA 315: Understanding the entity/risksi. Risk assessment procedures

> the members of the audit team should discuss the susceptibility of the entity’s financial report to material misstatements.

> the discussion needs to be documented, including any significant decisions reached.

2. ASA 315: Understanding the entity/risksii. The entity & environment, including controls

You need to obtain an understanding of:

> relevant industry, regulatory, and other external factors including the applicable financial reporting framework, and

> the nature of the entity

> the entity’s accounting policies and whether they are appropriate


> obtain an understanding of the entity’s objectives and strategies, and the related business risks that may result in material misstatements.


> obtain an understanding of internal control relevant to the audit: this comprises five elements

a) the control environment

b) the entity’s risk assessment process

c) the information system

d) control activities

e) monitoring of controls


a) the control environment


b) the entity’s process for identifying and acting on business risks relevant to financial reporting objectives

2. ASA 315: Understanding the entity/risksii. The entity & environment, including controlsc) the information system relevant to financial reporting,

including:

- the significant classes of transactions

- the procedures by which those transactions are initiated, recorded, processed and reported

- the related accounting records

- how the system captures significant events

- the financial reporting process


d) control activities, sufficient to assess the RMM at the assertion level and to design further audit procedures responsive to assessed risks


e) the major types of activities the entity uses to monitor and correct controls

2. ASA 315: Understanding the entity/risksiii. Assessing the risk of material misstatements (RMM)

> using the information obtained thus far, identify and assess the RMM at the financial report level, and at the assertion level for classes of transactions, account balances and disclosures.


> as part of the risk assessment, determine which of the risks identified are risks that require special audit consideration (such risks are defined as ‘significant risks’)


> for significant risks, evaluate the design of the entity’s related controls and determine whether they have been implemented.

> to determine implementation, it is most likely you will need to test controls (select sample etc)

2. ASA 315: Understanding the entity/risksiii. Assessing the risk of material misstatements (RMM)> as part of the risk assessment, evaluate the entity’s controls

over those risks for which it is not possible or practicable to reduce the risks of material misstatement at the assertion level to an acceptably low level with audit evidence obtained only from substantive procedures.

2. ASA 315: Understanding the entity/risksiv. Communicating with management

> make those charged with governance/management aware, as soon as practicable, of material weaknesses in internal control.

2. ASA 315: Understanding the entity/risksv. Documentation

Matters to be documented include:

> discussions amongst the audit team

> key elements of the understanding obtained of the entity, including each of the internal control components, and the risk of material misstatements

> the assessed risk of material misstatement at the financial report and assertion level

> risk areas where substantive procedures did not provide sufficient evidence, and the related controls evaluated

3. ASA 330: Procedures in response to risks

> purpose is to establish mandatory requirements and provide guidance on determining overall responses and designing and performing further audit procedures to respond to the assessed RMM at the financial report and assertion levels

3. ASA 330: Procedures in response to risks

Deals with 4 key issues:

i. introduction/ overall responses (to assessed risks)

ii. audit procedures responsive to risks of material misstatement at the assertion level

iii. evaluating the sufficiency and appropriateness of audit evidence obtained

iv. documentation

3. ASA 330: Procedures in response to risksi. Introduction/overall responses

> in order to reduce audit risk to an acceptably low level, determine overall responses to assessed risks at the financial report level

> i.e., choose your overall audit approach.

3. ASA 330: Procedures in response to risksii. Audit procedures responsive to risks

> in determining the audit procedures, consider inherent and control risk, as this will affect the procedures selected.


> when your assessment of risks of material misstatement at the assertion level includes an expectation that controls are operating effectively, you need to perform tests of control

> also need to test controls related to significant audit risks


> when you obtain audit evidence about the effectiveness of controls during an interim period, you should determine what additional evidence should be obtained for the remaining period.


> irrespective of the assessed risk of material misstatement, you should design and perform substantive procedures for each material class of transactions, account balance and disclosure.

3. ASA 330: Procedures in response to risksiii. Evaluating audit evidence

> conclude whether sufficient appropriate audit evidence has been obtained to reduce to an acceptably low level the risk of material misstatement in the financial report.

3. ASA 330: Procedures in response to risksiv. Documentation

> document the overall responses to address the assessed risks, the further audit procedures, the link of those procedures with the assessed risks at the assertion level, and the results of audit procedures.

Heading Style

Body copy

> Bullet style


In summary remember:

> standards now reflect a business risk approach

> greater emphasis on understanding the entity and its environment

> document what you do: ‘If it’s not documented it’s not done.’

Documents

Chartered Accountants Audit Conference Application of Complex Auditing Standards