Audit Engagements Questionnaire


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Audit Engagements Questionnaire

  1. 1. Quality Review Program Review of Engagements Questionnaire Audit Engagements To be completed for audits of financial reporting periods commencing on or after 1 July 2006 Review Code: «reviewId» Date questionnaire completed: What type of entity was audited? (For publicly listed entities and superannuation fund audits, please use separate questionnaire.) Engagement reference code: Company Non-corporate disclosing entity Revenue and/or assets of engagement: • public not listed (including company Other unincorporated body limited by guarantee) Engagement year end: • large proprietary Solicitor’s trust account • small proprietary Real estate agent trust account Initial that client consent has been sighted: Other (please specify) Was this an honorary audit? • Yes • No Auditquestionnaire January 2008 Page 1 of 15
  2. 2. About this questionnaire This questionnaire has been designed to help you, the reviewer, assess whether the audit under review was conducted in accordance with Australian Auditing Standards, and other relevant professional standards and legislation. Throughout the questionnaire the questions in bold relate to mandatory elements of the Auditing Standards and other professional standards or to matters required by legislation. You must answer yes or no to these questions, or explain why they do not relate to this audit engagement. References have been included to assist you. The questions in normal print relate to the audit procedures which a practice would commonly carry out to comply with Auditing Standards. We suggest you start with an overall review of the whole audit, which will enable you to answer most of the questions. From this review identify one significant audit risk, and examine this area in detail. Question 5.7 asks for your assessment of this area. You should then have enough information to make your overall assessment of the audit in Section 7. 1. Audit independence and quality control Reviewer's Comments 1.1 Is there evidence the engagement partner formed and documented a conclusion on compliance with independence requirements that applied to this engagement? ASA 220.15 1.2 Were any threats to independence identified for this engagement which were clearly not insignificant? APES 110 (290.23) If no, go to 1.5. Situations which may give rise to threats to independence include: • financial interest in clients; • loans or guarantees to or from the client; • close business relationships with the client or its directors/ employees; • close family or personal relationships with the client’s directors/employees; • employment of ex-partners or staff with the client, or client staff with the firm; • serving as an officer or director of the client; • long association of senior personnel with the client; • provision of non-assurance services to the client; and • dependence of the firm on the client for a significant portion of the firm’s fees.
  3. 3. 1.3 If yes, have the threat/s and related safeguards been documented? APES 110 (290.27) (Note that not all threats can be eliminated or reduced to an acceptable level.) 1.4 Have the threats and related safeguards been notified to the assurance practice? APES 320.19 and .20 (Not appropriate for small practices.) 1.5 Did the firm provide any bookkeeping services to the client? If so, how was the self-review threat reduced to an acceptable level? APES 110 (290.158) The firm may provide a non-listed audit client with accounting and bookkeeping services provided any self- review threat is reduced to an acceptable level. See also independence questions in Section 5 of the Quality Control for Firms Questionnaire. 1.6 (a) Was this audit carried out under the Corporations Act 2001? (b) If yes: (i) were the general and specific independence requirements of the Act complied with? An overview of these requirements is given in the Quality Control for Firms Questionnaire and the Questionnaire for the Review of a Practice with an Internal Review Program. (ii) was an independence declaration issued to the directors in accordance with s.307C? 2. Planning 2.1 Is there written evidence that the practice considered the client relationship before commencing this audit? APES 320.28, ASA 220.17 2.2 Is there evidence that the auditor and the client agreed on the terms of the engagement? ASA 210 requires the auditor to agree on the engagement terms, record them in writing and forward them to the entity. ASA 210.05
  4. 4. Where the terms of the engagement have changed, has the auditor agreed on the new terms with the client and confirmed them in writing? ASA 210.25 2.3 Does it appear all members of the audit team (including the engagement partner) had the necessary capabilities, competence and time to perform this engagement? APES 320.44; ASA 220.23 2.4 Did the auditor perform analytical procedures as risk assessment procedures at the planning stage of the audit? ASA 520.12 Did the auditor consider whether unusual or unexpected relationships might indicate a risk of material misstatement due to fraud? ASA 240.57 2.5 Has the auditor established and documented an overall strategy for the audit? ASA 300.12 This ordinarily involves: • determining the scope of the engagement • ascertaining the reporting objectives of the engagement • considering factors such as risk areas and internal control. Has the auditor made a preliminary assessment of materiality? ASA 320.12 2.6 Has the auditor developed and documented an audit plan for the audit? ASA 300.18 The audit plan is more detailed than the audit strategy and ordinarily includes: • a description of the nature, timing and extent of planned risk assessment procedures • a description of the nature, timing and extent of planned further procedures at the assertion level • other procedures such as plans for obtaining solicitor’s confirmation letters. For small audits, the audit strategy and the audit plan may be integrated.
  5. 5. 2.7 Where the audit is being performed pursuant to a statute other than the Corporations Act 2001 (eg solicitor’s trust account, Local Government Act) have the audit strategy and plan been constructed to assess compliance with those statutes? 2.8 Is there evidence the engagement team discussed the susceptibility of the financial report to material misstatements, including from fraud? ASA 315.20; ASA 240.30 & .32 3. Risk Assessment and Internal Controls 3.1 To the extent appropriate for this client, has the practice documented its understanding of: (a) relevant industry, regulatory and other external factors including the applicable financial reporting framework and relevant laws and regulations? ASA 315.28; ASA 250.20, .23 (b) the nature of the entity? ASA 315.32 (c) the entity’s selection and application of accounting policies? ASA 315.36 (d) the entity’s objectives and strategies and the related business risks that may result in a material misstatement in the financial report? ASA 315.39 (e) the measurement and review of the entity’s financial performance? ASA 315.45 3.2 ASA 315 requires auditors to obtain an understanding of internal control relevant to the audit. It divides internal control into five components, with specific mandatory requirements applicable to each. The five components are: • the control environment • the entity’s risk assessment process • the information system • control activities • monitoring of controls
  6. 6. Internal controls that are ‘relevant to the audit’ are generally those that relate to the entity’s objective of preparing a financial report for external purposes. ASA 315.60 To the extent appropriate for this client, has the practice documented: (a) its understanding of the entity’s control environment? ASA 315.79 (b) the entity’s process for identifying business risks relevant to financial reporting objectives and deciding about actions to address those risks? ASA 315.89 (c) the information system relevant to financial reporting, including the following (ASA 315.95, .103): (i) the classes of transactions in the entity’s operations that are significant to the financial report? (ii) the procedures by which those transactions are initiated, recorded, processed and reported in the financial report? (iii) the related accounting records, supporting information and specific accounts in the financial report? (iv) how the information system captures events and conditions that are significant to the financial report (eg impairment of assets)? (v) the financial reporting process used to prepare the entity’s financial report, including significant accounting estimates and disclosures? (vi) how the entity communicates financial reporting roles and responsibilities related to financial reporting? (d) control activities sufficient to enable it to (ASA 315.105): (i) assess the risks of material misstatement at the assertion level? (ii) design further audit procedures responsive to assessed risks? (Control activities include authorisation, information processing, physical controls and segregation of duties.)
  7. 7. (e) the major types of activities that the entity uses to monitor internal control over financial reporting and how the entity initiates corrective action to its controls? ASA 315.113 3.3 Has the practice documented the inquiries made of management and those charged with governance with regard to fraud? ASA 240.38, .42, .50 3.4 Has the practice identified, assessed and documented the risks of material misstatement (including fraud) at the financial report level and at the assertion level for classes of transactions, account balances and disclosures? ASA 315.117; ASA 240.61 3.5 As part of risk assessment: (a) has the practice identified and documented any risks where it is not possible to obtain sufficient evidence only from substantive procedures? ASA 315.135 (b) for any such risks, has the practice evaluated the design of the related controls and determined whether they have been implemented (i.e. performed tests of controls)? Have these tests been documented? ASA 315.135 3.6 As part of the risk assessment, have significant audit risks been identified and documented? (Significant audit risks are expected to arise on most audits. Where there is a risk of material misstatement due to fraud (especially in relation to revenue recognition), this must be classified as a significant audit risk.) ASA 315.126; ASA 240.61 3.7 For any significant audit risks, has the practice: (a) evaluated the design of the related controls and determined whether they have been implemented? ASA 315.132; ASA 240.61 (b) planned substantive procedures that are specifically responsive to that risk? ASA 330.71; ASA 240.65 4. Audit evidence
  8. 8. 4.1 Are there audit working papers on file? ASA 230.05 If compilation workpapers are being used to support the audit opinion, they must contain evidence of the audit procedures carried out. 4.2 Was the final engagement file(s) compiled within 60 days of the audit report being finalised? APES 320.73a; ASA 230.28 4.3 Are the audit working papers sufficiently complete and detailed to provide an understanding of the audit? ASA 230.11 Was the audit conducted in accordance with the audit plan and the audit program? Are the steps in the audit program signed off? Does it appear changes were made to the audit plan and/or audit program during the audit, where appropriate? Are working papers adequate? Consider the following: • indexing; • cross-referencing; • initials; • dating; • sources of information indicated; • the meaning of tick marks included; • purpose of client prepared schedules indicated; and • apparently insignificant areas were not over-audited. Can you trace the amounts from the audited lead schedules, or equivalent, to the final financial report? 4.4 Is there evidence that audit procedures were performed to ensure all material events occurring after balance date and up to the date of the audit report were identified? ASA 560.08 4.5 Where the practice has used information produced by the entity (eg. ageing analysis of receivables) to perform procedures, has evidence been obtained about the accuracy and completeness of the information? ASA 500.14
  9. 9. Specific areas If the auditor did not carry out the specific procedures in questions 4.6 to 4.17 as the area did not exist or was not material, note this next to the question. 4.6 Have external confirmations been used to verify relevant balances (eg receivables)? ASA 505.05 If not, has sufficient appropriate alternative evidence been obtained? 4.7 Where inventory was material, did the auditor attend the physical inventory count? ASA 501.11 If not, did the auditor take or observe some physical counts on an alternative date and, when necessary, perform audit procedures on intervening transactions? ASA 501.13 4.8 Did the auditor obtain evidence about compliance with those laws and regulations likely to have an effect on the determination of material amounts and disclosures in the financial report? ASA 250.24 4.9 Where material legal matters existed, did the auditor endeavour to obtain written representations from all lawyers with whom management consulted? ASA 508.11 4.10 Has the auditor performed procedures designed to obtain evidence regarding the identification and disclosure of related parties and related party transactions? ASA 550.05 4.11 Did the auditor endeavour to obtain written management representations: • where other sufficient appropriate evidence did not exist? ASA 580.09 • in relation to fraud? ASA 240.96 • in relation to compliance with laws and regulations? ASA 250.29
  10. 10. 4.12 Is there a bank audit certificate dated before the audit report? AGS 1002.03 If not, did the auditor obtain sufficient, appropriate audit evidence in relation to bank balances and treasury operations (if any)? 4.13 Were audit procedures performed which were specifically responsive to risks assessed at the planning stage? ASA 330.12 4.14 Where the auditor planned to rely on controls, were tests of controls performed? ASA 330.30, .33, .38 4.15 Have assertions been used to design and perform audit procedures? ASA 500.20 4.16 In determining sample sizes, did the auditor consider whether sampling risk was reduced to an acceptably low level? ASA 530.45 Sampling risk arises from the possibility that the auditor’s conclusions, based on a sample, may be different from the conclusion reached if the entire population was tested. Sample sizes may be determined statistically or judgementally. 4.17 Did the auditor record the identifying characteristics (eg invoice numbers, dates and amounts) of the specific items or matters being tested? ASA 230.14 4.18 Does it appear appropriate security and confidentiality was maintained over the engagement workpapers? APES 320.73d; ASA 230.37
  11. 11. 5. Assessment of audit evidence 5.1 Do the audit working papers record: • the results of the audit procedures and the evidence obtained; and • significant matters arising during the audit and the conclusions reached thereon? ASA 230.11 5.2 Is there evidence that: • the financial report was agreed to the underlying accounting records? • material journal entries/adjustments were examined? ASA 240.80; ASA 330.69 • accounting estimates were reviewed for bias? ASA 240.80 5.3 Were uncorrected misstatements assessed to determine whether they were material either individually or in aggregate? ASA 320.27 Did the auditor consider whether misstatements identified could be indicative of fraud? ASA 240.91 Did the auditor inform those charged with governance of any uncorrected misstatements that were determined by management to be immaterial? ASA 260.17 5.4 Was management’s assessment of the going concern assumption evaluated and documented at the final stage of the audit? ASA 570.22 5.5 Were analytical review procedures applied and documented at the final stage of the audit? ASA 520.25 Did the practice consider whether analytical procedures indicated a previously unrecognised risk of material misstatement due to fraud? ASA 240.89
  12. 12. 5.6 Does it appear the engagement partner took responsibility for the direction, supervision and performance of the engagement in accordance with Auditing Standards? ASA 220.25 Ordinarily this involves, for example: • informing members of the audit team of their responsibilities • tracking the progress of the engagement • addressing significant issues arising during the engagement • determining review responsibilities on the basis that more experienced team members review work performed by less experienced team members. 5.7 Select one significant audit risk (or if none, select a material account) and review this area in detail. Audit area: • Were audit assertions at risk identified, and were substantive procedures performed that were responsive to that risk? • Was there an appropriate review of the information system and related internal controls? • Were tests performed to ensure controls related to the significant audit risk had been implemented? • Was the extent of reliance on controls to reduce substantive testing appropriate under the circumstances? • Were the substantive audit procedures selected efficient? • Was appropriate use made of computer audit specialists in the evaluation of controls? • Were the results from computer audit testing incorporated into the audit files? • Do the work papers adequately document the work performed and the conclusions reached? • Do the work papers adequately document the resolution of all significant issues? • Were any errors or weaknesses found dealt with appropriately, given their impact on: • audit strategy/plan and risk assessment? • audit scope? • extent of testing? • assessment of misstatements?
  13. 13. 5.8 If the auditor also prepared the financial report, did the auditor ensure that client management accepted responsibility for the preparation and presentation of the financial report? ASA 200.42, .45; ASA 580.07 How did the auditor ensure management accepted responsibility? 6. Reporting 6.1 Is there evidence the engagement partner reviewed the audit documentation and was satisfied sufficient, appropriate audit evidence had been obtained prior to the audit report being issued? ASA 220.30 6.2 Does the audit report contain the following elements: • title including the word ‘independent’? • addressed as required by the circumstances of the engagement? • an introductory paragraph clearly identifying the entity whose financial report has been audited, the title/page numbers of the financial statements that comprise the financial report (including, where relevant, the Director’s Declaration) and specifying the date and period covered by the financial report? • a statement that those charged with governance are responsible for the preparation and presentation of the financial report? • a description of the auditor’s responsibilities, including a description of an audit? • if relevant, a section headed ‘basis for qualification’ clearly setting out the qualification? • a section headed ‘auditor’s opinion’ or ‘qualified auditor’s opinion’? • if relevant, a section describing any emphasis of matter relevant to the auditor’s report? • date signed in the name of the appointed auditor? ASA 700; ASA 701 If there is a modification (qualification or emphasis of matter), does it appear the type of modification is in accordance with ASA 701?
  14. 14. For a reporting entity: Is the financial report presented in accordance with: • applicable Accounting Standards; and • other requirements for the type of entity being audited? SMO (IFAC statement of member obligations) 1.19. For a non-reporting entity: Do the financial report and the audit report clearly state: • that the financial report is a special purpose report; • the purpose for which it has been prepared; and • the extent to which Accounting Standards have, or have not, been adopted? 6.3 Is the audit report based on the audit evidence in the audit working papers? ASA 700.15 Is the audit report dated after the date of the audit working papers? 6.4 Were significant matters (including fraud, suspected fraud, material weaknesses in control or non-compliance with laws and regulations) reported to management and/or those charged with governance? ASA 260.05; ASA 240.99, .101, .106, .108; ASA 250.34, .40, .42, .43. Were the matters reported in written form? If reported orally, was this documented (eg via meeting minutes)? Was there evidence of follow up of matters identified in previous audits? If previously reported matters were not corrected, was their impact considered in the audit strategy and audit plan? 6.5 Have any suspected (significant) contraventions of the Corporations Act been reported to ASIC? s.311 of the Corporations Act and ASIC Practice Note 34 Contraventions include: • attempts by the audit client to manipulate or mislead a member of the audit team; • attempts by the audit client to interfere with the proper conduct of the audit; • insolvent trading; • failure to comply with accounting standards;
  15. 15. • fraud by officers or employees of the client. 7. Overall assessment Answer “no” unless there is evidence that the engagement was unsatisfactory. Based on your review of the audit engagement, is there any indication that: 7.1 the audit was not conducted in accordance with Australian Auditing Standards? 7.2 the audit opinion was not based on sufficient appropriate audit evidence?