SlideShare a Scribd company logo
1 of 91
Download to read offline
INTERNATIONAL 
AUDITING 
STANDARDS 
ð 
MINEURE 
ECR 
II 
2013-­‐2014 
– 
ERIC 
VAN 
HOOF 
MANON 
CUYLITS
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
2 
OBJECTIVE 
OF 
THIS 
COURSE 
Ø Being 
able 
to 
understand 
the 
ISA 
framework 
and 
explain 
the 
broad 
content 
of 
the 
ISA 
standards 
(concept 
based 
understanding). 
è 
ISA 
= 
International 
Standards 
on 
Auditing 
Ø Understanding 
the 
role 
of 
the 
auditor 
Ø Being 
able 
to 
judge 
the 
content 
and 
extent 
of 
an 
audit 
opinion 
for 
real 
life 
cases 
o Critical 
reading 
of 
non-­‐appropriate 
opinions: 
we 
will 
receive 
reports 
and 
will 
have 
to 
say 
why 
it 
isn’t 
appropriate. 
o Critical 
judgment 
of 
what 
can 
and 
cannot 
be 
certified: 
there’s 
a 
need 
for 
a 
reference 
point 
in 
order 
to 
be 
able 
to 
certify 
o Critical 
understanding 
of 
the 
work 
hiding 
being 
an 
opinion 
(understanding 
of 
the 
audit 
methodology). 
NEED 
FOR 
A 
REFERENCE 
POINT 
TO 
CERTIFY 
Example 
of 
a 
lobbying 
company 
representing 
the 
timeshare 
industry 
(2 
persons 
can 
buy 
a 
house 
together, 
½ 
each). 
They 
represent 
the 
interest 
of 
this 
industry 
and 
want 
the 
auditor 
to 
certify 
that 
the 
claims 
they 
receive 
are 
not 
important. 
This 
is 
something 
the 
auditor 
can’t 
certify 
because 
there’s 
no 
reference 
point. 
You 
can’t 
certify 
something 
if 
there’s 
no 
reference 
point. 
They 
need 
to 
create 
a 
reference 
framework. 
DIFFERENCE 
BETWEEN 
THE 
TIME 
BEFORE 
WE 
HAD 
THE 
ISA 
AND 
NOW 
WE 
HAVE 
IT 
BEFORE 
TODAY 
What 
do 
we 
start 
with 
? 
We 
started 
with 
the 
first 
thing 
: 
tangible 
assets, 
etc. 
looking 
at 
the 
figures. 
We 
start 
with 
the 
risk 
assessment, 
not 
with 
the 
figures; 
it’s 
a 
completely 
different 
way 
to 
look 
at 
things. 
Accumulation 
of 
a 
number 
of 
things 
è 
inherent 
risk, 
multiplied 
by 
the 
control 
risk 
(internal 
controls 
set 
up 
by 
the 
company 
could 
not 
…) 
multiplied 
by 
the 
non 
detection 
risk. 
AR 
= 
IR 
x 
ICR 
x 
NDR 
• Audit 
Risk 
(AR) 
• Inherent 
Risk 
(IR): 
it 
can’t 
be 
changed 
by 
the 
auditor, 
it’s 
inherent 
to 
transactions 
• Internal 
Control 
Risk 
(ICR): 
it 
can’t 
be 
changed 
by 
the 
auditor 
• Non-­‐Detection 
Risk 
(NDR): 
The 
only 
thing 
that 
can 
be 
changed 
is 
the 
non-­‐detection 
risk. 
The 
auditor 
usually 
says 
he 
accepts 
an 
audit 
risk 
of 
5%. 
The 
IR 
and 
ICR 
can’t 
be 
changed; 
therefore, 
the 
auditor 
will 
determine 
the 
level 
of 
non-­‐detection 
risk 
“needed” 
in 
order 
to 
have 
5%. 
He 
does 
more 
or 
less 
audit 
procedures 
in 
order 
to 
work 
on 
the 
non-­‐detection 
risk. 
The 
risk 
assessment 
is 
therefore 
really 
important.
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
3 
è 
Why 
do 
we 
multiply 
the 
risks? 
Because 
they 
are 
dependent 
from 
each 
other, 
they 
influence 
each 
other. 
If 
there’s 
a 
very 
high 
Inherent 
Risk 
because 
there 
are 
many 
transactions, 
the 
Internal 
Control 
Risk 
might 
be 
high 
also 
because 
the 
internal 
controller 
might 
says 
he 
doesn’t 
understand 
all 
those 
transactions. 
EVALUATION 
Ø Written 
exam: 
Very 
practical 
exam 
1. Concept 
based 
MCQ 
questions 
2. Concept 
based 
open 
ended 
questions 
3. Real 
life 
case 
study 
è 
Financial 
Statement 
of 
a 
real 
company 
+ 
management 
report 
that 
goes 
with 
it: 
we 
receive 
problems 
that 
we 
can 
see 
during 
an 
audit 
activity 
Ø Will 
aim 
at 
showing 
that 
you 
master 
the 
concepts 
and 
conceptual 
framework 
Ø Will 
also 
aim 
at 
showing 
that 
you 
can 
apply 
the 
concepts 
to 
a 
real 
life 
case 
study 
Ø Will 
focus 
for 
the 
case 
study 
on 
the 
impact 
of 
risk 
assessment 
audit 
procedures 
on 
the 
audit 
opinion 
DOCUMENTATION 
Ø Slides 
Ø Clarified 
ISA 
Standards, 
freely 
accessible 
on 
the 
following 
website 
www.ibr-­‐ire.be 
or 
on 
the 
IFAC 
website 
Ø Case 
studies 
Ø Additional 
non 
mandatory 
reading 
o Handbook 
of 
International 
Standards 
on 
Auditing, 
Assurance 
and 
Ethics 
Pronouncements, 
IFAC. 
Intern 
Federation 
of 
Accountants 
o List 
of 
key 
terms 
from 
ISA 
standards, 
refer 
to 
www.ibr-­‐ire.be
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
4 
OVERVIEW 
OF 
LECTURES 
1. Introduction-­‐ 
Assurance, 
roles, 
framework 
2. Types 
of 
reports 
(ISA, 
ISRE, 
ISAE, 
ISRS) 
3. Types 
of 
opinion 
based 
on 
standards 
4. Code 
of 
Ethics 
and 
Quality 
Control 
(ISQC1) 
also 
an 
international 
standard 
5. Audit 
methodology 
and 
linked 
ISA 
standards. 
Practical 
side 
6. Special 
topics, 
such 
as: 
a. Fraud 
b. Using 
work 
of 
others 
Example: 
Actuaries: 
They 
are 
experts 
who 
help 
to 
determine 
the 
pensions 
provisions: 
they 
do 
mathematical 
calculus 
to 
determine 
the 
pension 
of 
the 
employees 
in 
the 
future. 
It’s 
a 
very 
technical 
calculation. 
Auditors 
might 
need 
to 
use 
their 
work, 
to 
rely 
on 
them. 
There’s 
a 
standard 
explaining 
how 
to 
do 
when 
you 
have 
to 
rely 
on 
the 
work 
of 
experts. 
There 
are 
another 
standards 
for 
when 
you 
have 
to 
rely 
on 
the 
work 
of 
internal 
auditors, 
and 
what 
you 
should 
do 
before 
you 
agree 
to 
rely 
on 
their 
work. 
c. Audit 
of 
the 
IT 
environment 
IT 
audits: 
there 
are 
no 
companies 
that 
don’t 
have 
an 
IT 
platform 
anymore. 
Most 
of 
them 
are 
using 
ERP. 
It’s 
important 
to 
assess 
the 
risks 
around 
and 
inside 
the 
machines 
in 
order 
to 
do 
well. 
You 
test 
the 
IT 
general 
control: 
who 
can 
access 
it, 
etc. 
è 
access 
control. 
You 
also 
check 
the 
program 
control, 
etc. 
d. Going 
concern. 
This 
is 
very 
important 
because 
in 
this 
time 
of 
financial 
crisis, 
a 
lot 
of 
companies 
are 
going 
bankrupt 
and 
the 
owners, 
managers 
etc. 
are 
often 
the 
first 
blamed, 
but 
also 
the 
auditor. 
A 
standard 
gives 
the 
responsibilities 
of 
auditors. 
Fraud 
is 
a 
very 
important 
topic 
also, 
it’s 
important 
to 
talk 
about 
it 
and 
about 
responsibilities. 
e. Belgian 
context 
We 
will 
have 
a 
look 
at 
the 
Belgian 
context 
in 
parallel 
with 
the 
International 
Standards. 
In 
Belgium 
ISA 
is 
applicable 
but 
it’s 
not 
the 
case 
in 
many 
countries 
yet. 
7. Case 
studies 
AUDIT 
METHODOLOGY 
Ø The 
following 
aspects 
will 
be 
dealt 
with 
o Planning 
of 
audit 
o Risk 
identification 
and 
analysis 
(risk 
formula) 
o Materiality. 
o Auditing 
techniques 
and 
evidence 
§ Analytical 
review 
(a) 
§ Test 
of 
controls 
(b) 
§ Test 
of 
transactions 
(c) 
Testing 
specific 
transaction 
§ Substantive 
audit 
procedures 
(d) 
o Conclusion 
and 
Audit 
reports
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
5 
Audit 
methodology: 
1. 1st 
step: 
Planning 
of 
the 
audit 
2. 2nd 
step: 
Risk 
identification 
and 
analysis 
based 
on 
the 
risk 
formula: 
identify 
the 
risk 
and 
then 
assess 
them 
3. 3rd 
step: 
Materiality: 
calculation 
of 
the 
materiality: 
it’s 
linked 
to 
the 
concept 
that 
it’s 
impossible 
for 
an 
auditor 
to 
assess 
every 
transaction. 
They 
do 
sampling: 
based 
on 
the 
risk 
assessment, 
they 
are 
going 
to 
test 
certain 
transactions. 
The 
materiality 
helps 
deciding 
from 
what 
level 
do 
we 
select 
a 
transaction 
etc. 
è 
Audit 
opinion: 
the 
auditor 
determines 
a 
certain 
level 
of 
error 
(in 
euros) 
that 
he 
agrees 
to 
tolerate. 
E.g.: 
“I 
can 
tolerate 
in 
terms 
of 
my 
risk 
of 
going 
in 
prison, 
a 
risk 
of 
5 
million”. 
4. 4th 
step: 
Audit 
Technique 
and 
evidence: 
This 
step 
finalizes 
the 
risk 
assessment: 
it 
gives 
a 
toolbox 
of 
different 
procedures 
an 
auditor 
can 
apply. 
a. Analytical 
review: 
this 
step 
is 
about 
comparing 
figures 
(non 
auditor 
figures) 
from 
now 
with 
the 
one 
already 
audited 
in 
the 
past. 
Ex: 
comparison 
of 
the 
rental 
income 
from 
this 
year 
with 
the 
one 
form 
last 
year, 
or 
the 
budget 
in 
the 
previous 
year 
and 
the 
budget 
now 
b. Test 
of 
controls: 
testing 
the 
internal 
controls 
that 
management 
has 
put 
in 
place 
c. Test 
of 
transactions: 
test 
of 
very 
specific 
transactions 
è 
on 
the 
basis 
of 
underlying 
evidences: 
contracts, 
invoices, 
etc. 
d. Substantive 
audit 
procedures: 
done 
on 
bigger 
samples 
of 
transactions 
Audit: 
you 
take 
the 
responsibility 
as 
an 
auditor. 
You 
are 
the 
one 
who 
determines 
what 
you 
need 
to 
do 
in 
order 
to 
give 
a 
non-­‐qualified 
opinion. 
You 
don’t 
say 
that 
the 
numbers 
are 
right, 
you 
just 
say: 
“I 
reconcile 
this 
number 
with 
this 
one 
and 
it 
matches”. 
In 
an 
audit 
procedure, 
the 
risk 
is 
determined 
by 
the 
auditor 
himself, 
while 
in 
the 
case 
of 
the 
“agreed 
upon 
procedure”, 
the 
risk 
is 
determined 
by 
the 
client 
himself. 
ISA 
STANDARDS 
– 
HISTORY 
Ø ISA 
standards 
started 
as 
benchmarks 
and 
need 
to 
be 
implemented 
country 
by 
country 
in 
national 
law 
IAS 
started 
as 
a 
benchmark. 
A 
number 
of 
years 
ago, 
the 
economy 
was 
getting 
more 
and 
more 
global 
è 
people 
wanted 
to 
be 
able 
to 
compare 
an 
audit 
report 
in 
the 
US, 
in 
Belgium, 
etc. 
That’s 
how 
International 
Standards 
on 
Audit 
came 
up. 
They 
have 
been 
set 
up 
by 
IFAAC 
as 
a 
standard. 
At 
that 
stage 
they 
were 
not 
mandatory; 
it 
was 
only 
a 
benchmark. 
They 
were 
not 
made 
mandatory 
because 
there 
was 
no 
stabilized 
framework 
for 
a 
number 
of 
years, 
but 
last 
10 
years 
it 
became 
very 
stable 
è 
many 
countries 
have 
made 
it 
mandatory. 
In 
Belgium 
it’s 
only 
mandatory 
since 
2012 
for 
listed 
companies 
(very 
recent), 
and 
it’s 
going 
to 
be 
made 
mandatory 
for 
non-­‐listed 
company 
from 
2014.
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
6 
Ø In 
November 
2003; 
reform 
for 
enhancing 
confidence 
on 
the 
profession 
è 
this 
reform 
was 
based 
on 
the 
program 
that 
came 
out 
of 
the 
Enron 
Fraud: 
especially 
in 
the 
US 
o Additional 
transparency 
in 
how 
standards 
are 
established 
è 
additional 
transparency 
was 
wished 
o Increased 
input 
from 
regulators 
and 
public 
o Monitoring 
from 
regulators 
o “Oversight” 
structure 
put 
in 
place 
§ Public 
Interest 
oversight 
Board 
(Feb 
2005, 
institutionals 
and 
regulators) 
§ Monitoring 
Group 
(dialog 
and 
information 
vehicle 
for 
the 
PIOB) 
§ IFAC 
Regulatory 
Liaison 
Group 
Ø Standards 
were 
clarified 
in 
2009: 
there’s 
been 
a 
clarification 
process 
in 
2009: 
We 
now 
have 
new 
standard, 
revised 
standards 
and 
rephrased 
standards, 
with 
a 
certain 
structure 
put 
in 
it. 
(cf. 
schema 
“ISA 
clarification 
impact) 
Ø ISA/ISRE 
standards 
are 
mandatory 
in 
Belgium 
from 
December 
2012 
(listed 
companies) 
and 
from 
2014 
(non-­‐listed 
companies) 
Ø ISAE/ISRS 
normally 
applicable 
as 
from 
reports 
emitted 
after 
15 
December 
2014 
Ø Specific 
standards 
applicable 
in 
Belgium 
on 
top 
of 
ISA/ISRE 
have 
been 
compiled 
separately 
by 
IRE 
ISA 
CLARIFICATION 
IMPACT 
(2009) 
• ISAs 
from 
755 
pages 
to 
855 
pages: 
the 
number 
of 
pages 
increases. 
• Mandatory 
procedures: 
some 
mandatory 
procedures 
are 
put. 
Before 
those 
procedures 
were 
called 
“deemed 
procedures”, 
which 
means 
those 
procedures 
were 
necessary. 
Deemed 
= 
+/-­‐ 
mandatory. 
o >520 
mandatory 
procedures 
vs. 
430 
deemed 
procedures 
o Certain 
new 
obligations 
(in 
green) 
and 
changes 
in 
existing 
obligations 
(in 
yellow 
and 
pink) 
o Obligations 
more 
explicit 
and 
applicable 
to 
all 
audits 
+ 
more 
detailed. 
o Certain 
new 
obligations 
for 
group 
audits 
è 
comptes 
consolidés 
par 
rapport 
aux 
comptes 
légaux 
statutaires. 
• Effective 
for 
audits 
of 
periods 
ending 
as 
from 
14 
December 
2010 
(IFAC 
– 
Internal 
Federation 
of 
Accountants) 
è 
International 
Obligations 
effective 
from 
2010. 
That 
doesn’t 
mean 
anything 
for 
countries 
because 
they 
decide 
themselves 
when 
ISAs 
become 
applicable 
in 
the 
country. 
ISA 
isn’t 
the 
only 
existing 
standard. 
• In 
Belgium 
applicable 
from 
2012 
for 
the 
listed 
companies 
and 
from 
2014 
for 
the 
other 
companies
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
7 
ISA 
General 
principles 
Risk 
analisis 
and 
audit 
response 
Audit 
evidence 
Using 
the 
work 
of 
others 
Conclusions 
and 
reporting 
Specific 
matters 
200 
300 
500 
600 
700 
800 
210 
315 
501 
610 
705 
805 
220 
320 
505 
620 
706 
810 
230 
330 
510 
710 
240 
402 
520 
720 
250 
450 
530 
• NEW 
STANDARD 
• REVISED 
STANDARD 
• REPHRASED 
STANDARD 
260 
540 
was 
540/545 
265 
550 
560 
570 
580
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
INTRODUCTION-­‐ 
ASSURANCE, 
ROLES, 
8 
FRAMEWORK 
WHAT 
IS 
ASSURANCE? 
Everywhere 
we 
talk 
about 
assurance 
è 
giving 
assurance 
is 
the 
job 
of 
the 
auditor. 
The 
outcome 
is 
the 
audit 
report 
where 
the 
auditor 
gives 
assurance. 
Ø The 
assurance 
is 
“an 
engagement 
in 
which 
a 
practitioner 
expresses 
a 
conclusion 
designed 
to 
enhance 
the 
degree 
of 
confidence 
of 
the 
intended 
users 
other 
than 
the 
responsible 
party 
about 
the 
outcome 
of 
the 
evaluation 
or 
measurement 
of 
a 
subject 
matter 
against 
criteria” 
(International 
audit 
and 
Assurance 
Standards 
Board 
HandBook) 
Ø In 
simple 
terms, 
giving 
assurance 
means: 
offering 
an 
opinion 
about 
specific 
information 
so 
that 
the 
users 
of 
that 
information 
are 
able 
to 
make 
confident 
decisions. 
o Specific 
information 
= 
reference 
framework 
WHO 
ARE 
THE 
PARTIES 
INVOLVED? 
The 
three 
parties 
involved: 
Ø The 
practitioner: 
it’s 
the 
auditor, 
the 
reviewer 
of 
the 
information 
Ø The 
intended 
users 
of 
the 
information, 
of 
financial 
statements 
= 
o Shareholders: 
you 
have 
to 
report 
to 
them 
o Banks, 
if 
you 
are 
indebted 
o Employees 
o Suppliers 
and 
clients 
potentially, 
especially 
regarding 
the 
going 
concern1 
issue 
o Investors 
(// 
shareholders) 
o Tax 
authorities 
The 
responsible 
party: 
the 
preparer 
of 
the 
financial 
information: 
as 
an 
auditor 
you 
can’t 
prepare 
that. 
The 
principle 
is 
that 
the 
people 
preparing 
the 
financial 
statements 
are 
the 
accountant 
basically, 
under 
the 
responsibility 
of 
the 
CEO 
and 
the 
board 
of 
directors. 
The 
auditor 
can’t 
assess 
and 
audit 
something 
that 
he 
prepared 
himself 
è 
independence 
problem! 
There 
are 
specific 
information 
that 
need 
a 
reference 
framework 
for 
the 
auditor 
to 
be 
able 
to 
give 
an 
opinion. 
If 
an 
error 
doesn’t 
change 
the 
decision 
of 
the 
auditor, 
then 
it 
is 
not 
material. 
1 
Going 
concern 
= 
continuité 
d’exploitation
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
9 
Role 
of 
the 
parties 
involved: 
Ø Be 
competent: 
the 
profession 
is 
regulated 
therefore. 
Ø Be 
objective 
and 
independent: 
that’s 
set 
in 
the 
law. 
Ex: 
the 
auditor 
can’t 
have 
shares 
in 
its 
client 
because 
he 
would 
also 
be 
an 
intended 
user 
then. 
In 
Belgium, 
one 
to 
one 
rule 
is 
that 
you 
cannot 
do 
services 
that 
are 
not 
non-­‐audit 
services 
for 
an 
amount 
higher 
than 
the 
one 
of 
the 
audit 
services. 
Ex: 
the 
amount 
for 
services 
at 
the 
level 
of 
tax 
transfers 
etc. 
can’t 
be 
higher 
than 
the 
amount 
for 
audit 
services. 
Only 
country 
where 
this 
strict 
rule 
is 
applicable. 
Regarding 
the 
independence 
problematic, 
some 
people 
say 
that 
auditors 
should 
not 
even 
be 
paid 
by 
their 
clients. 
Ø Follow 
certain 
expected 
standards 
of 
performance: 
THE 
PRACTITIONER 
(AUDITOR) 
AND 
ROLE 
The 
role 
of 
the 
auditor 
has 
come 
under 
increased 
scrutiny 
over 
the 
last 
thirty 
years 
due 
to 
an 
increase 
in 
high 
profile, 
economically 
damaging 
fraud 
cases. 
The 
most 
high 
profile 
case, 
and 
the 
catalyst 
for 
regulatory 
change, 
was 
the 
collapse 
of 
Enron 
and 
its 
auditor 
Arthur 
Andersen. 
In 
order 
to 
try 
and 
regain 
trust 
in 
the 
auditing 
profession 
national 
and 
international 
standard 
setters 
and 
regulators 
have 
tried 
to 
introduce 
three 
initiatives: 
1. Harmonization 
of 
auditing 
procedures, 
so 
that 
users 
of 
audit 
services 
are 
confident 
in 
the 
nature 
of 
audits 
being 
conducted 
around 
the 
world 
è 
harmonization 
of 
the 
auditing 
standards 
2. A 
focus 
on 
audit 
quality, 
so 
that 
the 
expectations 
of 
users 
are 
met. 
In 
the 
US 
they 
have 
the 
SEC 
(= 
Stock 
Exchange 
Commission), 
which 
is 
the 
same 
as 
FSMA 
in 
Belgium 
but 
more 
powerful. 
In 
Belgium, 
the 
FSMA 
can’t 
come 
and 
look 
at 
the 
auditor’s 
files, 
it 
can 
only 
ask 
for 
a 
report. 
3. Adherence 
to 
a 
strict 
ethical 
conduct, 
to 
try 
and 
improve 
the 
perception 
of 
auditors 
as 
independent, 
unbiased 
service 
providers. 
There’s 
a 
code 
of 
ethics 
that 
needs 
to 
be 
complied 
for 
the 
ISAs. 
!!!FRAMEWORK 
OF 
THE 
ISA!!!
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
10 
We 
can 
see 
that 
there 
are 
different 
layers. 
• 1st 
layer: 
IFAC 
code 
of 
ethics 
for 
professional 
practitioners. 
They 
first 
created 
a 
code 
of 
ethics 
that 
applies 
to 
anyone 
• 2nd 
layer: 
Services 
covered 
by 
the 
standards 
and 
recommendations. 
Those 
are 
the 
services 
that 
an 
auditor 
can 
perform: 
they 
are 
standardized. 
o Structure 
of 
the 
Standards 
of 
Assurance 
Engagements: 
assurance 
engagement 
and 
other 
engagements 
è 
the 
auditor 
can 
give 
assurance 
or 
not 
(= 
agreed 
upon 
procedures). 
è 
2 
possible 
engagements/things 
to 
do: 
§ Audit 
and 
review 
of 
historical 
financial 
information: 
there’s 
a 
need 
for 
historical 
financial 
information 
(it’s 
not 
about 
the 
forecasts: 
no 
prospective 
information). 
Here 
the 
standards 
are: 
o ISA 
§ IAPS: 
interpretation 
of 
ISAs 
o ISRE: 
IS 
for 
Review 
Engagement 
(= 
revue 
limitée) 
è 
you 
can 
have 
an 
audit 
or 
a 
limited 
review, 
the 
difference 
between 
those 
2 
is 
the 
assurance 
you 
give. 
The 
review 
engagement 
gives 
a 
limited 
assurance. 
The 
difference 
between 
an 
audit 
and 
a 
limited 
review 
is 
the 
fact 
that 
an 
audit 
gives 
a 
positive 
conclusion. 
Ex: 
“This 
financial 
statements 
are 
true 
and 
fair 
view 
of 
reality”; 
however, 
the 
limited 
review 
gives 
a 
negative 
opinion: 
it 
doesn’t 
mean 
that 
it’s 
bad, 
but 
the 
auditor 
is 
going 
to 
phrase 
it 
in 
a 
negative 
sense. 
§ IREPS: 
interpretation 
of 
ISRE 
§ Assurance 
engagements 
other 
than 
audit 
and 
reviews 
of 
historical 
financial 
information: 
o ISAE 
§ IAEPS 
o Related 
services: 
§ ISRS: 
agreed 
upon 
procedure 
è 
the 
auditor 
doesn’t 
give 
assurance: 
the 
client 
says 
what 
they 
are 
going 
to 
do. 
At 
the 
end 
of 
the 
report 
he 
gives 
conclusions 
but 
you 
don’t 
conclude 
on 
the 
global 
set 
of 
procedures. 
• ISRSPS: 
box 
for 
recommendations 
that 
come 
on 
top 
of 
the 
standards 
EXAM: 
QUESTION 
CHAQUE 
ANNEE: 
comparison 
between 
audit 
and 
limited 
review 
and 
about 
those 
subjects. 
Ø Limited 
review: 
the 
auditor 
stops 
at 
the 
analytical 
review. 
He 
goes 
to 
the 
client 
and 
says; 
look 
at 
the 
figures… 
The 
limited 
Review 
consists 
in 
taking 
the 
figures, 
and 
compare 
them 
to 
something 
before, 
to 
the 
budget, 
and 
understanding 
the 
figures, 
etc. 
è 
based 
on 
that 
the 
auditor 
makes 
an 
opinion. 
Ø Audit: 
in 
the 
audit 
the 
auditor 
doesn’t 
stop 
at 
comparison 
but 
he’s 
also 
going 
to 
check 
the 
evidences 
that 
are 
behind 
the 
figures 
(physical 
inventory 
take, 
look 
at 
the 
fixed 
assets, 
etc., 
underlying 
documents, 
contracts, 
etc.) 
the 
audit 
goes 
much 
further 
than 
the 
Limited 
Review.
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
Ex: 
mid 
size 
company: 
it 
takes 
2-­‐3 
weeks 
for 
an 
audit 
but 
only 
3 
days 
for 
a 
limited 
review 
if 
the 
client 
is 
well 
known. 
The 
limited 
review 
is 
shorter 
but 
the 
auditor 
also 
gives 
limited 
assurance. 
11 
è 
It’s 
important 
to 
know 
this 
framework 
in 
order 
to 
know 
where 
you 
are 
in 
this 
chart. 
Limited 
Review 
or 
audit? 
The 
work 
behind 
it 
is 
really 
different. 
You 
can 
give 
assurance 
on 
other 
things 
than 
historical 
financial 
information. 
è 
Statistics 
of 
claims 
for 
example. 
If 
there’s 
a 
reference 
framework 
behind 
it 
we 
can 
give 
assurance 
on 
it. 
èTrue 
and 
fair 
view. 
Audit 
Limited 
Review 
The 
auditor 
gives 
a 
reasonable 
assurance 
The 
auditor 
does 
not 
give 
a 
reasonable 
assurance 
è 
limited 
assurance 
Positive 
conclusion 
Negative 
conclusion 
The 
auditor 
checks 
further 
than 
in 
the 
case 
of 
the 
limited 
review 
The 
limited 
review 
is 
not 
going 
as 
far 
as 
the 
audit 
is, 
it 
stops 
at 
the 
analytical 
review 
stage 
More 
physical 
testing: 
checking 
invoices, 
inventories, 
etc. 
No 
physical 
testing, 
you 
check 
the 
known 
figures 
of 
the 
company 
and 
compare 
it 
to 
other 
figures 
It 
lasts 
2-­‐3 
weeks 
It 
lasts 
3 
days 
+/-­‐
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
12 
THE 
REGULATORY 
GUIDANCE 
TO 
BE 
FOLLOWED 
The 
practitioners 
now 
have 
to 
follow 
four 
sets 
of 
regulatory 
guidance: 
1. Auditing 
Standards 
a. Setting 
auditing 
standards 
b. International 
standards 
Issued 
by 
IAASB: 
the 
Framework 
2. The 
Code 
of 
Ethics 
a. Part 
A 
b. Part 
B 
3. National 
corporate 
law 
a. Example 
of 
national 
laws. 
Company 
Act, 
IRE 
b. National 
Regulatory 
bodies 
role 
4. International 
Standards 
on 
Quality 
Control 
(ISQCs) 
1. 
AUDITING 
STANDARDS 
IFAC 
(International 
Federation 
of 
Accountants) 
IAASB 
(International 
Auditing 
and 
Assurance 
Standard 
Board) 
ISA, 
ISREs, 
ISAEs 
ISQCSs 
The 
IFAC 
is 
setting 
the 
auditing 
standards. 
They 
are 
issuing 
international 
standards 
on 
auditing, 
other 
assurance, 
etc. 
The 
next 
step 
is 
that 
standards 
need 
to 
be 
made 
mandatory 
by 
the 
country 
itself 
A. 
SETTING 
AUDITING 
STANDARDS 
IFAC 
: 
Ø The 
International 
federation 
of 
Accountants 
(IFAc) 
is 
the 
global 
organization 
for 
the 
accountancy 
profession. 
It 
was 
formed 
in 
1977 
and 
is 
based 
in 
New 
York. 
IFAC 
has 
more 
than 
163 
member 
bodies 
of 
accountants, 
representing 
2,5 
million 
of 
accountants 
from 
123 
separate 
countries. 
Ø IFAC’s 
overall 
mission 
to 
serve 
the 
public 
interest, 
strengthen 
the 
worldwide 
accountancy 
profession, 
and 
contribute 
to 
the 
development 
of 
strong 
international 
economies 
by 
establishing 
and 
promoting 
adherence 
to 
high-­‐quality 
professional 
standards. 
Ø One 
of 
the 
subsidiary 
boards 
of 
IFAC 
is 
the 
International 
Audit 
and 
assurance 
Standard 
Board 
(IAASB). 
It 
is 
their 
responsibility 
to 
develop 
and 
promote
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
International 
Standards 
of 
Auditing 
(ISA’s). 
There 
are 
currently 
36 
ISA’s 
and 
one 
International 
Standard 
of 
Quality 
Control. 
13 
Ø IRE: 
Belgian 
representative 
part 
of 
IFAC. 
B. 
ISA 
ISSUED 
BY 
IAASB: 
THE 
FRAMEWORK 
1. International 
standards 
on 
Auditing 
(ISAs) 
are 
to 
be 
applied 
in 
the 
audit 
of 
historical 
financial 
information 
2. International 
Standards 
on 
Review 
Engagements 
(ISREs) 
are 
to 
be 
applied 
in 
the 
review 
of 
historical 
financial 
information 
3. International 
Standards 
on 
Assurance 
Engagement 
(ISAEs) 
are 
to 
be 
applied 
in 
assurance 
engagements 
other 
than 
audits 
or 
reviews 
of 
historical 
financial 
information 
4. International 
Standards 
on 
Related 
services 
(ISRSs) 
are 
to 
be 
applied 
to 
compilation 
engagements, 
engagements 
to 
apply 
agreed 
upon 
procedures 
to 
information 
and 
other 
related 
services 
engagements 
as 
specified 
by 
the 
IAASB. 
2. 
THE 
IFAC 
CODE 
OF 
ETHICS 
FOR 
PROFESSIONAL 
ACCOUNTANTS 
The 
code 
of 
Ethics, 
which 
establishes 
fundamentals 
ethical 
principles 
for 
professional 
accountants. 
Ø Part 
A 
of 
the 
code 
sets 
out 
the 
fundamental 
ethical 
principles 
that 
all 
professional 
accountants 
are 
required 
to 
observe, 
including: 
1. Integrity 
of 
the 
auditor 
2. Objectivity 
of 
the 
auditor 
3. Professional 
competence 
and 
due 
care 
of 
the 
auditor 
4. Confidentiality 
of 
the 
auditor 
5. Professional 
behavior 
of 
the 
auditor 
Ø Part 
B 
of 
the 
code 
which 
applies 
only 
to 
professional 
accountants 
in 
public 
practice 
(“practitioners”), 
includes 
a 
conceptual 
approach 
to 
independence. 
è 
not 
applicable 
to 
an 
internal 
auditor 
(while 
part 
A 
is) 
3. 
NATIONAL 
CORPORATE 
LAW 
a. Example 
of 
national 
laws/ 
guidance 
include 
a. The 
companies 
Act 
2006 
in 
the 
UK 
b. The 
Sarbanes 
Oxley 
Act 
in 
the 
US 
(enforcing 
standards 
of 
corporate 
internal 
controls) 
b. National 
Regulatory 
bodies 
role 
Ø Enforce 
the 
implementation 
of 
auditing 
standards 
Ø Have 
disciplinary 
powers 
to 
enforce 
quality 
of 
audit 
work 
Ø Have 
rights 
to 
inspect 
audit 
files 
to 
monitor 
audit 
quality
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
14 
Note: 
Most 
audits 
carried 
out 
in 
EU 
member 
states 
are 
now 
carried 
out 
in 
accordance 
with 
ISA’s. 
THE 
IAASB 
INTERNATIONAL 
FRAMEWORK: 
TWO 
TYPES 
OF 
ASSURANCE 
ENGAGEMENT 
4000-­‐4699 
INTERNATIONAL 
STANDARDS 
ON 
RELATED 
SERVICES 
(ISRSS) 
Objective 
of 
an 
Agreed-­‐Upon 
Procedures 
Engagement 
Ø The 
objective 
of 
an 
agreed-­‐upon 
procedures 
engagement 
is 
for 
the 
auditor 
to 
carry 
out 
procedures 
of 
an 
audit 
nature 
to 
which 
the 
auditor 
and 
the 
entity 
and 
any 
appropriate 
third 
parties 
have 
agreed 
and 
to 
report 
on 
factual 
findings 
Ø As 
the 
auditor 
simply 
provides 
a 
report 
of 
the 
factual 
findings 
of 
agreed-­‐upon 
procedures, 
no 
assurance 
is 
expressed. 
Instead, 
users 
of 
the 
report 
assess 
for 
themselves 
the 
procedures 
and 
findings 
reported 
by 
the 
auditor 
and 
draw 
their 
own 
conclusions 
from 
the 
auditor’s 
work. 
Ø The 
report 
is 
restricted 
to 
those 
parties 
that 
have 
agreed 
to 
the 
procedures 
to 
be 
performed 
since 
others, 
unaware 
of 
the 
reasons 
for 
the 
procedures, 
may 
misinterpret 
the 
results.
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
TYPES 
OF 
REPORTS 
( ISA, 
ISRE, 
ISAE, 
15 
ISRS) 
AUDIT 
PROCESS: 
DIFFERENT 
STEPS 
WHICH 
ARE 
THE 
DIFFERENT 
TASKS 
PERFORMED 
BY 
AN 
AUDITOR 
WHEN 
PERFORMING 
AN 
AUDIT 
OF 
EXTERNAL 
OPERATIONS? 
(From 
signature 
of 
the 
engagement 
letter 
until 
submission 
of 
final 
report) 
PREPARATION 
OF 
THE 
MISSION 
1. Reception 
of 
the 
engagement 
letter2 
(before 
you 
start 
the 
job) 
2. Confirm 
the 
date 
of 
performance 
of 
the 
audit 
with 
the 
audited 
entity 
3. Secure 
logistics 
and 
make 
practical 
arrangements 
4. Starting 
date 
of 
the 
fieldwork 
(including 
opening 
meeting) 
Engagement 
letter 
= 
It’s 
a 
contract 
between 
the 
auditor 
and 
the 
client. 
It 
includes 
: 
• The 
fees: 
how 
much 
you 
are 
going 
to 
charge 
the 
client. 
In 
Belgium 
it 
needs 
to 
be 
a 
fixed 
fee 
for 
3 
years. 
• The 
number 
of 
hours 
you 
are 
going 
to 
spend 
on 
the 
audit: 
the 
estimation 
at 
the 
beginning 
is 
very 
important: 
if 
you 
estimate 
that 
you 
are 
going 
to 
spend 
200 
hours 
on 
the 
audit 
and 
you 
spend 
500 
instead, 
it 
is 
problematic. 
• How 
you 
are 
going 
to 
be 
doing 
your 
audit. 
• What 
are 
the 
responsibilities 
of 
the 
management, 
the 
board 
of 
director 
and 
the 
auditor 
• The 
applicable 
laws 
• The 
general 
terms 
and 
conditions 
• The 
time 
of 
the 
audit: 
when 
you 
are 
going 
to 
do 
it. 
• The 
output 
of 
the 
auditor’s 
work: 
an 
audit 
report. 
An 
audit 
report 
is 
based 
on 
the 
ISA, 
but 
you 
can 
say 
to 
your 
client 
that 
you 
are 
going 
to 
give 
a 
management 
letter… 
• The 
standards 
of 
auditing 
that 
you 
are 
going 
to 
use 
but 
also 
the 
framework. 
In 
Belgium 
the 
framework 
normally 
is 
BGaap 
for 
non 
listed 
companies 
and 
IFRS 
for 
listed 
companies. 
Before 
the 
start 
of 
the 
audit, 
the 
engagement 
letter 
has 
to 
be 
signed. 
2 
Engagement 
letter 
= 
lettre 
de 
mission 
è 
concept 
important 
(EXAM)
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
16 
EXECUTION 
OF 
THE 
AUDIT 
Starting 
date 
of 
the 
fieldwork 
1. Step 
1: 
Planning 
the 
audit 
2. Step 
2: 
Assessment 
of 
the 
activity 
and 
its 
risks 
& 
Determination 
of 
the 
audit 
strategy 
3. Step 
3: 
Performance 
of 
the 
audit 
procedures 
(once 
you 
have 
your 
strategy: 
link 
with 
the 
audit 
risk 
formula) 
4. Step 
4: 
Assessment 
of 
the 
results 
and 
conclusion 
on 
the 
audit. 
Closing 
meeting 
and 
submission 
of 
Debriefing 
memorandum 
Client 
acceptance 
procedure: 
“can 
we 
accept 
the 
client 
as 
ours?” 
We 
check 
if 
the 
client 
isn’t 
too 
risky, 
through 
databases. 
STEP 
1: 
PLANNING 
THE 
AUDIT 
OBJECTIVES 
Ø Obtain 
a 
clear 
understanding 
of 
the 
requirements 
Ø Understand 
the 
specific 
contractual 
documents3 
Ø Identify 
potential 
risky 
areas 
Ø Identify 
specific 
aspects 
relevant 
for 
the 
audit 
Ø Preparation 
of 
the 
audit 
strategy 
UNDERSTAND 
THE 
AUDITEE’S 
ACTIVITIES 
Objective 
= 
Identify 
main 
risk 
areas 
When 
you 
start 
to 
understand 
the 
activity, 
there 
are 
internal 
and 
external 
factors 
of 
risk: 
Ø External 
factors: 
statutory 
duties, 
regulations, 
the 
economic 
situation 
of 
the 
country, 
etc. 
Ø Internal 
factors: 
existence 
of 
an 
internal 
audit 
department 
within 
the 
audited 
entity, 
the 
governance, 
etc. 
3 
permanent 
file: 
there 
are 
permanent 
things 
(statuts 
de 
la 
société, 
its 
biggest 
contracts, 
etc.) 
Tasks 
of 
the 
auditor 
Variable 
duration 
Generally 
performed 
before 
and 
at 
the 
beginning 
of 
the 
audit 
fieldwork 
(or 
during 
identification 
visit)
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
17 
Type 
of 
questions 
to 
look 
at: 
Ø What 
are 
the 
activities 
and 
connected 
risks? 
Ø What 
is 
the 
type 
of 
organisation 
to 
be 
audited? 
Ø What 
are 
the 
main 
accounting 
policies? 
Ø Are 
there 
potential 
issues 
about 
certain 
aspects? 
Ø Industry 
requirements? 
Ø ... 
ASSESS 
THE 
CONTROL 
ENVIRONMENT 
It’s 
good 
to 
have 
a 
good 
internal 
control 
but 
it 
is 
not 
enough 
è 
you 
have 
to 
test 
if 
that 
control 
is 
working. 
Throughout 
the 
years 
the 
control 
must 
have 
worked. 
Based 
on 
that, 
you 
determine 
your 
Inherent 
Risk 
on 
existent 
fixed 
asset, 
etc., 
you 
check 
that 
the 
control 
is 
working. 
Objectives 
= 
Ø Understand 
the 
structure 
of 
the 
company 
to 
be 
audited 
Ø Identify 
elements 
of 
risks 
linked 
to 
the 
internal 
control 
structure 
Sources: 
Ø Interviews 
with 
people 
in 
charge 
of 
the 
audited 
entity 
Ø Interviews 
with 
operational 
and 
financial 
managers 
Ø Reading 
reports 
and 
minutes 
(financial, 
activity 
reports, 
previous 
audit 
reports, 
etc.) 
Control 
environment 
is 
characterised 
by 
a 
combination 
of: 
Ø Management 
style 
of 
the 
people 
in 
charge 
Ø Sensitivity 
of 
the 
people 
in 
charge 
to 
internal 
control 
Ø Internal 
control 
system 
adopted 
by 
people 
in 
charge 
Ø Other 
influences 
DETERMINE 
THE 
MATERIALITY 
We 
determine 
a 
materiality 
level 
because 
we 
cannot 
audit 
every 
single 
transaction 
obviously. 
Furthermore, 
we 
can 
still 
live 
with 
a 
certain 
number 
of 
(small) 
errors. 
The 
materiality 
is 
the 
level 
of 
error/change 
under 
which 
a 
user 
of 
the 
financial 
statement 
is 
not 
going 
to 
change 
his 
opinion, 
his 
decision 
making. 
Objectives 
= 
Ø Connected 
to 
the 
principle 
of 
"true 
and 
fair 
view"; 
Ø Determine 
the 
sample 
size 
for 
substantive 
testing 
Ø Basis 
for 
interpretation 
of 
audit 
results 
"An 
error 
may 
be 
judged 
material 
if 
knowledge 
of 
it 
would 
influence 
the 
user 
of 
the 
financial 
information"
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
Calculation: 
The 
way 
materiality 
is 
calculated 
is 
judgemental. 
Here 
we 
have 
two 
ideas, 
but 
how 
materiality 
is 
going 
to 
be 
calculated 
depends 
on 
the 
auditor. 
We 
take 
a 
range 
because 
depending 
on 
the 
company’s 
level 
of 
risk 
we’ll 
choose 
a 
lower 
or 
higher 
materiality. 
If 
the 
company’s 
very 
risky, 
we’ll 
tend 
to 
choose 
a 
lower 
materiality 
(example: 
5% 
of 
the 
pretax 
income) 
18 
Ø Between 
5% 
and 
10% 
of 
pretax 
income 
Ø Between 
0,5% 
and 
1% 
of 
turnover 
We 
can 
choose 
to 
determine 
the 
materiality 
through 
the 
pretax 
income 
or 
the 
turnover 
for 
example. 
Once 
you 
have 
the 
materiality 
it 
allows 
you 
to 
know 
on 
which 
accounts 
you 
are 
going 
to 
work 
etc. 
It 
will 
help 
you 
to 
determine 
your 
vouching 
limit4: 
the 
level 
of 
materiality 
you 
are 
going 
to 
apply 
to 
a 
specific 
invoice, 
a 
specific 
transaction. 
There 
are 
3 
levels 
existing: 
(see 
later) 
1. The 
materiality 
= 
global 
error 
in 
the 
Financial 
Statements. 
2. The 
tolerable 
error 
= 
the 
materiality 
is 
determined 
depending 
on 
the 
full 
Financial 
Statements, 
while 
the 
tolerable 
error 
is 
defined 
depending 
on 
the 
significant 
accounts. 
It’s 
calculated 
by 
taking 
50% 
of 
the 
materiality. 
We 
calculate 
it 
because 
we 
know 
that 
we 
could 
have 
many 
errors 
that 
accumulated 
together 
would 
reach 
an 
amount 
higher 
than 
the 
materiality. 
That’s 
the 
reason 
why 
we 
always 
have 
to 
determine 
different 
levels 
of 
materiality. 
3. The 
adjustment 
level: 
it’s 
the 
amount 
as 
from 
which 
you 
are 
going 
to 
be 
accumulating 
errors 
è 
adjustment 
list. 
ACD 
level 
(Time 
of 
the 
procedure 
è 
transactions 
of 
the 
month 
of 
December? 
March? 
…? 
When 
are 
you 
going 
to 
do 
the 
procedures?) 
DETERMINATE 
THE 
SIGNIGICANT 
ACCOUNTS 
Objective 
= 
Determine 
whether 
some 
specific 
procedures 
should 
be 
applied 
for 
"significant" 
accounts 
Criteria: 
Ø Amount 
Ø Nature 
of 
the 
account(depending 
on 
the 
objectives); 
Ø Complexity 
and 
homogeneity; 
Ø Predisposition 
to 
manipulations 
or 
proneness 
to 
losses; 
Ø Problems 
or 
errors 
identified 
in 
previous 
audits 
4 
Within 
the 
audit 
program 
there’s 
a 
need 
to 
describe 
the 
nature 
but 
also 
the 
extent 
of 
the 
procedure 
(we’ll 
see 
that 
later) 
= 
the 
vouching 
limit 
(it 
is 
the 
extent 
of 
the 
procedure)
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
19 
PREPARE 
THE 
AUDIT 
PROGRAMME 
Objectives 
= 
Ø Complete 
description 
of 
the 
work 
that 
is 
to 
be 
performed; 
Ø Justification 
of 
the 
appropriateness 
of 
the 
auditor's 
work 
with 
requirements 
of 
the 
ToR's 
Ø Prepared 
by 
audit 
team 
based 
on 
info 
collected 
during 
planning 
phase 
+ 
requirements 
of 
the 
client 
Ø Approved 
by 
Audit 
Partner 
Per 
account, 
there 
are 
a 
number 
of 
assertions 
(= 
audit 
objectives). 
è 
Audit 
procedures 
will 
be 
designed 
to 
respond 
to 
specific 
audit 
objectives: 
Assertion 
Existence 
Each 
and 
every 
transaction 
is 
real 
Here 
we 
check 
the 
fact 
that 
it 
exists. 
If 
a 
machinery 
or 
plant 
is 
worth 
3 
millions, 
we 
have 
to 
check 
there 
physically 
are 
machinery 
and 
plants 
existing 
for 
that 
amount. 
Valuation 
Each 
and 
every 
transaction 
is 
correctly 
valued 
The 
fact 
that 
it 
physically 
exists 
is 
not 
sufficient; 
it 
also 
has 
to 
be 
well 
valued. 
The 
amount 
has 
to 
be 
well 
valued 
in 
books 
Cut-­‐off 
Each 
and 
every 
transaction 
is 
recorded 
in 
the 
proper 
period 
“Are 
the 
accounting 
transactions 
written 
in 
the 
good 
period?” 
Classification 
Each 
and 
every 
transaction 
is 
correctly 
classified 
“Has 
it 
been 
accounted 
in 
the 
right 
account?” 
Completeness 
All 
the 
transactions 
that 
should 
be 
recorded 
have 
been 
recorded 
Verify 
that 
all 
the 
transactions 
have 
been 
accounted 
for 
How 
do 
we 
check 
that? 
Check 
Existence 
If 
we 
check 
the 
Financial 
Statements 
once 
a 
year 
(31 
December), 
we 
are 
going 
to 
do 
a 
physical 
observation 
è 
we 
send 
someone 
to 
see 
if 
the 
machinery 
etc. 
really 
exists. 
Valuation 
We 
see 
the 
value 
of 
that 
machine 
on 
invoice. 
Is 
the 
invoice 
also 
a 
good 
document 
to 
look 
at 
for 
checking 
at 
the 
existence? 
No 
because 
the 
timing, 
classification 
etc. 
can 
be 
wrong. 
After 
the 
invoice, 
there’s 
depreciation 
so 
we 
need 
to 
analyze 
the 
depreciation 
to 
see 
if 
it 
works 
correctly. 
Cut-­‐off 
The 
machine 
has 
to 
be 
accounted 
for 
when 
it 
has 
been 
delivered 
Classification 
The 
auditor 
can 
check 
on 
the 
delivery 
note, 
the 
invoice, 
purchase 
order,… 
to 
know 
exactly 
what 
asset 
it 
is 
Completeness 
Most 
difficult 
one 
è 
physical 
existence 
is 
one 
of 
the 
possible 
test 
+ 
sequence 
of 
deliveries 
(everything 
delivered 
is 
in 
the 
book, 
etc.) 
è 
BUT 
they 
might 
be 
hiding 
something 
from 
you.
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
20 
BALANCE 
SHEET 
ACTIFS 
PASSIFS 
We 
are 
more 
concerned 
about 
existence 
than 
about 
completeness, 
for 
the 
left 
hand 
side 
of 
the 
Balance 
Sheet 
For 
the 
right 
hand 
side 
of 
the 
Balance 
Sheet 
it’s 
the 
opposite, 
we 
are 
more 
concerned 
about 
completeness! 
It’s 
more 
problematic 
if 
we 
forget 
a 
liability 
than 
if 
we 
forget 
an 
asset 
AUDIT 
TECHNIQUES 
– 
SUMMARY 
Key 
words 
for 
the 
auditor 
– 
Step 
1: 
STEP 
2: 
ASSESSMENT 
OF 
THE 
ACTIVITY 
AND 
ITS 
RISKS 
AND 
DETERMINATION 
OF 
THE 
AUDIT 
STRATEGY 
Objectives: 
Ø Understand 
and 
evaluate 
internal 
control 
risks 
Ø Determine 
inherent 
risks 
Ø Determine 
internal 
control 
risks 
o Determine 
final 
Audit 
strategy 
o Decide 
on 
extent 
of 
audit 
procedures 
Performed 
during 
the 
first 
two 
days 
of 
the 
audit 
fieldwork 
AUDIT 
RISK 
AR 
= 
IR 
x 
ICR 
x 
NDR 
è 
Everything 
is 
going 
to 
be 
based 
on 
that 
formula. 
AR 
= 
IR 
x 
ICR 
x 
NDR 
is 
the 
formula 
you 
apply 
to 
each 
significant 
account. 
Audit 
risk 
= 
“risk 
that 
the 
auditor 
concludes 
that 
the 
financial 
statements 
he 
has 
audited 
contain 
no 
significant 
errors, 
although 
they 
do 
contain 
such 
errors”.
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
Audit 
Risk 
= 
something 
that 
we 
will 
be 
fixing 
ourselves. 
We 
usually 
accept 
an 
Audit 
Risk 
(AR) 
of 
5%. 
We 
need 
to 
go 
further. 
21 
1ST 
THING 
TO 
DO: 
DETERMINE 
THE 
INHERENT 
RISK 
(IR) 
Inherent 
Risk 
= 
"Likelihood 
of 
significant 
inaccuracies 
due 
to 
a 
fraud 
or 
error, 
independently 
of 
the 
existing 
specific 
internal 
control 
procedures" 
Depends 
on: 
Ø Quality 
of 
the 
personnel 
responsible 
Ø General 
internal 
organisation 
Ø Economic 
& 
financial 
situation 
of 
the 
country 
Ø General 
risk 
linked 
to 
the 
type 
of 
transaction 
The 
inherent 
risk 
will 
always 
be 
assessed 
as 
higher 
or 
lower 
Example: 
tangible 
fixed 
assets: 
è 
We 
audit 
a 
company: 
Spadel 
(making 
water 
bottles). 
The 
tangible 
fixed 
assets 
represent 
an 
important 
amount. 
How 
do 
we 
determine 
the 
inherent 
risk 
of 
the 
tangible 
fixed 
assets? 
Based 
on 
feeling, 
professional 
judgment, 
the 
number 
of 
transactions 
going 
through 
that 
account 
and 
their 
complexity, 
etc. 
we 
are 
going 
to 
determine 
whether 
the 
risk 
is 
high 
or 
low. 
2ND 
THING 
TO 
DETERMINE: 
DETERMINE 
THE 
INTERNAL 
CONTROL 
RISK 
(ICR) 
Internal 
Control 
Risk 
= 
"likelihood 
that 
the 
internal 
control 
system 
does 
not 
prevent 
or 
detect 
significant 
inaccuracies 
due 
to 
a 
fraud 
or 
error" 
Depends 
on: 
Ø Organisational 
structure 
followed 
for 
project 
management 
and 
connected 
potential 
risks; 
Ø Main 
aspects 
related 
to 
personnel 
management 
Ø Accounting 
system 
used 
to 
record 
and 
report 
the 
expenses 
and 
revenues. 
Ø Supervision/governance 
measures 
Ø Prevention 
>< 
Detection 
internal 
controls 
put 
in 
place 
The 
Internal 
Control 
Risk 
will 
always 
be 
assessed 
as 
minimum, 
moderate 
or 
maximum.
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
22 
PRELIMINARY 
ASSESSMENT 
OF 
THE 
INTERNAL 
CONTROL 
RISK 
Internal 
Control 
Risk 
= 
Risk 
that 
the 
internal 
controls 
of 
the 
company 
are 
not 
picking 
up 
the 
materiality 
of 
the 
account. 
è 
“What’s 
the 
risk 
that 
the 
umbrella 
is 
not 
stopping 
the 
rain? 
How 
do 
we 
determine 
the 
ICR?” 
There 
are 
shortcuts 
possible 
in 
assessing 
the 
internal 
control 
risk: 
if 
a 
few 
people 
are 
doing 
everything, 
you 
can 
choose 
to 
not 
test 
internal 
controls 
è 
you 
determine 
your 
ICR 
as 
being 
at 
its 
maximum. 
We’re 
not 
going 
to 
test 
all 
the 
controls 
because 
they 
are 
not 
working 
properly 
anyway. 
è 
The 
auditor 
goes 
straight 
on 
executing 
his 
audit 
program. 
There 
are 
2 
options 
when 
one 
are 
trying 
to 
assess 
internal 
controllers: 
-­‐ Test 
of 
the 
controls: 
end 
up 
with 
an 
assessment 
of 
internal 
control 
being 
low 
or 
high 
è 
you 
spend 
time 
on 
testing 
the 
controls, 
hoping 
that 
its 
going 
to 
lower 
your 
risk 
etc. 
You 
might 
not 
be 
allowed 
to 
lower 
the 
risk 
and 
then 
you 
have 
to 
do 
twice 
more 
work 
-­‐ Final 
assessment: 
you 
can 
skip 
the 
control 
and 
decide 
to 
not 
test 
the 
Internal 
Control, 
and 
go 
straight 
to 
the 
audit.
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
23 
3RD 
THING 
TO 
DO: 
COMBINED 
RISK 
ASSESSMENT 
(CRA) 
Then 
you 
make 
a 
combined 
risk 
assessment 
(CRA) 
for 
each 
significant 
amount 
that 
we 
are 
looking 
at. 
è 
Combination 
of 
the 
inherent 
risk 
and 
internal 
control 
risk 
= 
colour 
in 
the 
box. 
Evaluation 
du 
risque 
inhérent 
(Inherent 
Risk) 
par 
l’auditeur 
Evaluation 
du 
risque 
de 
contrôle 
interne 
(Internal 
Control 
Risk) 
par 
l’auditeur 
Maximum 
Moderate 
Minimum 
Low 
Minimum 
Faible 
Moyen 
High 
Faible 
Moyen 
Elevé 
Basically 
that’s 
how 
we 
determine 
the 
2 
first 
part 
of 
the 
formula 
(IR 
and 
ICR). 
Then 
we 
have 
to 
determine 
the 
NDR. 
Auditors 
can 
determine 
it 
themselves 
(it’s 
the 
only 
one 
they 
can). 
Depending 
on 
the 
IR 
and 
ICR 
being 
high 
or 
low, 
they 
have 
to 
reduce 
the 
NDR 
or 
accept 
a 
high 
NDR. 
If 
the 
Combined 
Risk 
Assessment 
(CRA) 
is 
very 
high 
we’ll 
have 
to 
reduce 
the 
NDR 
è 
by 
doing 
a 
lot 
of 
audit 
procedures. 
If 
the 
CRA 
is 
very 
low 
(very 
low 
risk 
for 
an 
error 
to 
appear 
in 
the 
financial 
statements) 
è 
accept 
a 
higher 
NDR: 
less 
audit 
procedures. 
4TH 
THING 
TO 
DETERMINE: 
THE 
NON-­‐DETECTION 
RISK 
Non-­‐detection 
risk 
= 
“Likelihood 
that 
the 
external 
auditor 
does 
not 
detect 
significant 
inaccuracies 
by 
means 
of 
his/her 
audit 
procedures”. 
è 
That’s 
how 
you 
determine 
your 
final 
audit 
program 
Ø Only 
criteria 
that 
can 
be 
influenced 
by 
the 
auditor 
Ø Will 
be 
directly 
impacted 
by 
the 
extent 
of 
substantive 
procedures 
applied 
Ø Allows 
for 
a 
reduction 
of 
the 
audit 
Risk 
Combined 
Risk 
Assessment 
NDR 
should 
be 
Scope 
of 
the 
substantive 
tests 
Volume 
of 
proof 
needed 
High 
Minimal 
Estimation 
High 
Moderate 
Low 
Extended 
Average 
Low 
Moderate 
Detection 
Low 
Minimal 
High 
Minimal 
Minimal 
The 
scope 
of 
our 
testing 
should 
be 
at 
the 
level 
of 
our 
estimations. 
Ø If 
the 
CRA 
is 
high, 
we 
expect 
a 
very 
high 
probability 
that 
there 
are 
going 
to 
be 
errors 
in 
the 
accounts. 
è 
It 
means 
we’ll 
need 
a 
lot 
of 
procedures. 
Ø If 
the 
CRA 
is 
moderate: 
it 
means 
the 
NDR 
is 
low 
o Audit 
procedures 
are 
going 
to 
be 
extended, 
o Low 
level 
of 
materiality 
and 
o The 
volume 
of 
proof 
needed 
will 
be 
average. 
Testing 
is 
detective 
è 
trying 
to 
detect 
the 
errors.
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
24 
DETERMINATION 
OF 
THE 
AUDIT 
STRATEGY 
Sets: 
-­‐ Scope 
-­‐ Timing 
-­‐ Type 
of 
audit 
procedures 
-­‐ Extent 
of 
substantive 
tests 
è 
Documented 
in 
the 
final 
audit 
programme 
AUDIT 
PROCESS 
– 
SUMMARY 
Key 
words 
for 
the 
auditor 
– 
Step 
2: 
STEP 
3: 
PERFORMING 
THE 
AUDIT 
PROCEDURE 
Objectives: 
• Perform 
Audit 
procedures 
determined 
in 
Step 
2. 
When 
performing 
the 
audit 
procedure, 
you 
are 
fully 
in 
the 
case 
of 
the 
Non-­‐Detection 
Risk. 
• Execute 
the 
procedures 
as 
per 
the 
audit 
program 
• Basis 
for 
formulation 
of 
the 
Audit 
Opinion 
Ø Decrease 
the 
Non-­‐Detection 
Risk 
Ø Hold 
the 
audit 
risk 
at 
a 
low 
level 
Performed 
throughout 
the 
audit 
fieldwork
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
25 
DIFFERENT 
TYPES 
OF 
AUDIT 
PROCEDURES 
General 
Audit 
Procedures 
= 
Audit 
procedures, 
general 
in 
nature 
and 
necessary 
to 
verify 
certain 
contractual 
aspects 
or 
to 
comply 
with 
professional 
standards 
The 
general 
audit 
procedures 
are 
not 
specific 
to 
certain 
accounts. 
There 
are 
some 
ISA 
statements 
talking 
about 
those 
GAPs. 
Ex: 
getting 
an 
engagement 
letter, 
a 
representation 
letter 
= 
GAP. 
• Engagement 
letter5 
= 
contract 
between 
auditor 
and 
client 
(before 
you 
start 
the 
audit) 
• Representation 
letter 
= 
letter 
in 
which 
the 
company 
or 
management 
states 
they 
have 
not 
hidden 
anything 
from 
the 
auditor. 
This 
letter 
appears 
at 
the 
end 
of 
the 
audit 
and 
is 
always 
dated 
at 
the 
same 
date 
than 
the 
audit 
report. 
It 
states: 
“I 
confirm 
that 
I 
have 
given 
you 
everything 
I 
had, 
that 
I 
am 
not 
hiding 
anything 
from 
the 
auditor 
etc.” 
+ 
all 
the 
adjustments 
(Cours 
manquant 
06/10) 
Examples: 
ü Review 
of 
the 
general 
& 
specific 
conditions 
of 
important 
contracts 
and 
legislation 
ü Review 
the 
bank 
statements 
in 
search 
of 
unusual 
items 
ü Check 
of 
proper 
reconciliation 
between 
financial 
reports 
and 
accounting 
ü Confirmations 
(bank, 
lawyers) 
ü Obtain 
the 
Representation 
letter 
from 
the 
Auditee 
ü Independence 
related 
procedures 
ü Etc. 
Analytical 
and 
data 
analysis 
procedures 
= 
Logical 
tests 
of 
relationships 
between 
numbers, 
aimed 
at 
reviewing 
whether 
the 
numbers 
reported 
in 
the 
financial 
statements 
are 
reasonable 
è 
Trends 
/ 
ratios 
/ 
examination 
of 
variations 
3 
levels 
of 
confidence: 
Minimal 
>< 
Corroborative 
>< 
Persuasive 
5 
EXAM: 
what 
is 
the 
difference 
between 
engagement 
and 
representation 
letter
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
26 
Substantive 
tests 
applied 
on 
financial 
data 
= 
Verification 
of 
the 
supporting 
documents 
Examples: 
• Physical 
observation 
(inspection 
of 
fixed 
assets), 
• Check 
of 
payments, 
• Review 
of 
the 
invoices, 
• Testing 
the 
respect 
of 
tendering 
and 
awarding 
procedures 
for 
a 
sample 
of 
contracts, 
• Testing 
the 
expenses 
to 
the 
invoices 
and 
bank 
documents, 
• Recalculation, 
etc. 
Key 
items 
>< 
Representative 
sample 
Key 
– 
items 
Representative 
sample 
= 
Items 
selected 
by 
the 
auditor 
on 
a 
judgmental 
basis 
because 
of: 
• Significant 
amount 
• Risky 
transaction 
• Unusual 
transaction 
• Etc. 
à 
No 
extrapolation 
allowed 
= 
Items 
selected 
based 
on 
statistical 
sampling 
à 
Extrapolation 
allowed 
INTRODUCTION 
TO 
STATISTICAL 
SAMPLING 
OBJECTIVE 
Non-­‐Detection 
Risk 
can 
be 
reduced: 
• By 
performing 
analytical 
review 
procedures 
• By 
performing 
substantive 
tests 
on 
key-­‐items 
AND 
must 
be 
completed 
by: 
• Performing 
substantive 
tests 
on 
a 
representative 
sample
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
27 
à 
Objectives 
of 
statistical 
sampling 
= 
• Determine 
sample 
size 
• Further 
reduce 
Non-­‐Detection 
Risk 
DEFINITIONS 
Population 
= 
• All 
data 
• Basis 
for 
sampling 
E.g. 
for 
account 
receivable 
= 
The 
full 
accounts 
receivable 
sub 
ledger 
at 
the 
of 
the 
period 
Stratification 
= 
division 
of 
the 
population 
into 
sub-­‐population 
SIZE 
OF 
THE 
SAMPLE 
E.g. 
for 
accounts 
receivable 
= 
Intra-­‐group 
transactions 
(푃표푝푢푙푎푡푖표푛 € − 푘푒푦 푖푡푒푚푠 €) 
푀푎푡푒푟푖푎푙푖푡푦 € 
ART6 
Multiplicator 
includes 
the 
following 
elements: 
• Assessment 
of 
Inherent 
Risk 
(IR) 
• Assessment 
of 
Internal 
Control 
Risk 
(ICR) 
• Level 
of 
confidence 
reached 
through 
analytical 
review 
procedures 
• Type 
of 
sampling 
method 
• The 
statistical 
level 
of 
confidence 
(generally 
95%) 
6 
ART 
= 
Audit 
Risk 
Table 
∗ 퐴푅푇 푚푢푙푡푖푝푙푖푐푎푡표푟 
IR 
& 
ICR 
= 
CRA
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
28 
TWO 
METHODS 
OF 
SELECTION 
OF 
SAMPLE 
1. Random 
Number 
Sampling 
= 
a. all 
items 
of 
a 
population 
have 
an 
equal 
probability 
of 
being 
selected 
b. often 
easier 
to 
carry 
out 
2. Monetary 
Unit 
Sampling 
(MUS) 
= 
a. chance 
of 
one 
item 
to 
be 
selected 
is 
proportional 
to 
its 
monetary 
value 
b. maximises 
the 
coverage 
in 
terms 
of 
monetary 
value 
and 
allows 
a 
smaller 
sample 
size 
è 
Audit 
Risk 
Table 
and 
sample 
size 
will 
depend 
on 
the 
method 
chosen 
RANDOM 
NUMBER 
SAMPLING 
VS. 
MONETARY 
UNIT 
SAMPLING 
EXAMPLE 
Calculate 
the 
sample 
size 
for 
overheads 
expenses 
for 
the 
period 
2003-­‐2004 
Assumptions: 
ü Materiality 
2% 
of 
total 
expenditures 
= 
200.000 
€ 
ü No 
analytical 
procedures 
possible 
à 
level 
of 
confidence 
= 
minimal 
ü 18 
key 
items 
for 
a 
total 
of 
425.689 
€ 
à 
20% 
of 
the 
sub-­‐population 
ü Random 
number 
sampling 
method 
ü IR 
and 
ICR 
regarded 
as 
high 
(2.157.256€ − 425.689€) 
200.000€ 
∗ 3,6 = 32 푖푡푒푚푠
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
29 
PERFORMING 
THE 
AUDIT 
PROCEDURE 
– 
SUMMARY 
Key 
words 
for 
the 
auditor 
– 
Step 
3: 
STEP 
4: 
CONCLUSION 
OF 
THE 
AUDIT 
Objectives: 
• Summarise 
and 
quantify 
audit 
findings 
• Verification 
of 
general 
coherence 
of 
the 
audit 
• Preparation 
of 
the 
debriefing 
memorandum 
è 
Basis 
for 
preparation 
of 
audit 
report 
Performed 
at 
the 
end 
of 
the 
fieldwork 
ANALYSIS 
AND 
QUANTIFICATION 
OF 
FINDINGS 
QUANTIFICATION 
OF 
ERRORS 
• Identified 
with 
analytical 
review 
procedures 
o Cannot 
be 
used 
to 
estimate 
the 
error 
o Further 
investigation 
/ 
analysis 
needed 
• Identified 
on 
key-­‐items 
o Reported 
individually 
in 
the 
audit 
report 
• Identified 
on 
representative 
sample 
o May 
be 
extrapolated 
to 
the 
sub-­‐population 
Extrapolation 
-­‐ 
some 
rules 
• Only 
on 
representative 
sample 
• Extrapolation 
method 
consistent 
with 
sampling 
method 
• Qualitative 
aspect 
of 
errors 
must 
be 
taken 
into 
account 
• Separate 
extrapolation 
for 
each 
sub-­‐population
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
30 
EXAMPLE 
OF 
EXTRAPOLATION 
– 
OVERHEAD 
EXPENSES 
Basis Audited Errors 
identified 
TYPE 
OF 
ERRORS 
AND 
THEIR 
CONSEQUENCES 
Intentional 
errors 
vs. 
formal 
errors 
• Intentional 
errors 
= 
cover 
potential 
fraud 
and/or 
irregularities 
à 
Should 
be 
reported 
to 
governance 
as 
soon 
as 
possible 
• Formal 
errors 
= 
insufficient 
documentation, 
lack 
of 
clarity, 
incompliance 
with 
contractual 
basis, 
etc.. 
Recurring 
errors 
or 
not 
Ø May 
be 
necessary 
to 
extend 
audit 
procedures 
in 
risky 
area 
Ø Risk 
assessment 
may 
need 
to 
be 
revised 
Ø Enlarge 
sample 
for 
risky 
sub-­‐population 
REASSESSMENT 
OF 
THE 
SAMPLE 
CONNECTED 
RISK 
High 
error 
rate 
+ 
recurrent 
errors 
= 
Sign 
of 
internal 
control 
weaknesses 
Ø CRA 
must 
be 
reassessed 
Ø Calculation 
of 
revised 
sample 
size 
Should 
the 
conclusions 
be 
inconsistent 
with 
preliminary 
assessment 
of 
internal 
control 
system, 
the 
auditor 
will 
have 
to 
recalculate 
his/her 
sample. 
AUDIT 
REPORT 
PROCEDURES 
& 
REQUIREMENTS 
Reporting 
requirements: 
Reminder: 
The 
objective 
of 
an 
audit 
is 
to 
enable 
the 
Auditor 
to 
express 
an 
opinion 
and 
issue 
a 
report 
in 
accordance 
with 
the 
requirements 
of 
the 
Commission 
• In 
accordance 
with 
the 
ISA's 
FORMAT 
& 
CONTENT 
Different 
possible 
audit 
opinions: 
Ø Unqualified 
(clean) 
opinion: 
It’s 
OK! 
This 
is 
the 
most 
desirable 
opinion 
type. 
"…the 
Financial 
Report 
gives 
a 
true 
and 
fair 
view, 
in 
all 
material 
respects, 
of 
the 
results 
and 
financial 
position” 
% Extrapolation 
Key-items 425.689 € 425.689 € 156.335 € 36,7 % 156.335 € 
Representative 
1.731.567 € 150.387 € 21.569 € 14,4 % 248.347 € 
sample 
Total 2.157.256 € 576.076 € 177.904 € 404.682 €
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
31 
Ø Qualified 
opinion: 
It’s 
OK 
except 
for… 
This 
happens 
more 
than 
we 
expect! …the 
Financial 
Report 
gives 
a 
true 
and 
fair 
view, 
in 
all 
material 
respects, 
of 
the 
results 
and 
financial 
position 
Except 
for 
an 
error 
on 
a 
specific 
account 
... 
“ 
Ø Adverse 
opinion: 
It’s 
not 
OK! 
Not 
desirable 
BUT 
not 
very 
frequent. 
"… 
the 
Financial 
Report 
does 
not 
give 
a 
true 
and 
fair 
view, 
in 
all 
material 
respects, 
of 
the 
results 
and 
financial 
position 
... 
“ 
Ø Disclaimer 
of 
opinion: 
I 
don’t 
know! 
Not 
desirable 
BUT 
occur 
sometimes. 
"…the 
Auditor 
is 
unable 
to 
express 
an 
opinion." 
Significant 
scope 
limitation 
è 
the 
auditor 
cannot 
obtain 
sufficient 
audit 
evidence. 
CONCLUSION 
OF 
THE 
AUDIT 
– 
SUMMARY 
Key 
words 
for 
the 
auditor 
– 
Step 
4:
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
32 
AUDIT 
PROCESS 
(ILLUSTRATIVE) 
Planning 
and 
risk 
identification 
Strategy 
and 
risk 
assessment 
Execution 
Conclusion 
and 
reporting 
Complete 
preliminary 
engagement 
activities 
Identify 
SCOTs, 
significant 
disclosures 
processes 
& 
related 
IT 
applications 
Execute 
tests 
of 
controls 
Prepare 
summary 
of 
audit 
differences 
Understand 
the 
business 
Understand 
SCOTs 
& 
Sig 
disclosures 
processes 
Understand 
and 
evaluate 
the 
FSCP 
Execute 
tests 
of 
journal 
entries 
and 
perform 
other 
mandatory 
fraud 
procedures 
Perform 
financial 
statement 
procedures 
Determine 
the 
need 
for 
specialized 
skills 
on 
the 
team 
Perform 
walkthrough 
Understand 
entity-­‐level 
controls 
Select 
controls 
to 
test 
Understand 
ITGCs 
Update 
tests 
of 
controls 
Update 
tests 
of 
ITGCs 
Prepare 
the 
summary 
review 
memorandum 
Design 
and 
execute 
tests 
of 
ITGCs 
Evaluate 
ITGCs 
Identify 
risk 
of 
material 
misstatement 
due 
to 
fraud 
and 
determine 
responses 
Make 
combined 
risk 
assessment 
(CRA) 
Perform 
substantive 
procedures 
Perform 
overall 
review 
and 
approval 
Determine 
Performance 
Materiality 
(PM), 
Tolerable 
Error 
(TE) 
and 
SAD 
nominal 
amounts 
Design 
tests 
of 
controls 
Prepare 
and 
deliver 
client 
communication 
Design 
test 
of 
journal 
entries 
and 
other 
mandatory 
fraud 
procedures 
Identify 
significant 
accounts 
and 
disclosures 
and 
relevant 
assertions 
Design 
substantive 
procedures 
Plan 
general 
audit 
procedures 
Perform 
General 
audit 
procedures 
Complete 
documentation 
and 
archive 
engagement 
Prepare 
audit 
and 
strategies 
memorandum 
Understand 
service 
requirements, 
determine 
audit 
scope 
and 
establish 
the 
team 
Team 
planning 
event 
and 
discussion 
of 
fraud 
and 
error 
Post-­‐interim 
event 
Wrap-­‐up 
the 
engagement 
Reassess 
combined 
risk 
assessments
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
33 
MATERIALITY 
AGENDA 
Ø Introduction 
Ø Definition 
– 
concepts 
Ø Determining 
overall 
materiality 
level 
Ø Assessing 
errors 
at 
the 
end 
of 
the 
audit 
Ø ISA 
320 
Ø Questions 
Ø Practical 
examples 
INTRODUCTION 
Ø Audit 
risk 
= 
risk 
that 
the 
auditor 
certifies 
financial 
statements 
that 
contains 
material 
errors 
due 
to 
fraud 
or 
errors 
Ø “Risk 
of 
material 
misstatements” 
exists 
both 
on 
financial 
statements 
taken 
as 
a 
whole 
as 
at 
the 
level 
of 
significant 
accounts 
and 
disclosures 
=> 
judgment 
needed 
(it’s 
not 
merely 
a 
mathematical 
exercise!) 
DEFINITION 
Ø Materiality 
is 
defined 
as 
“the 
size 
of 
an 
error 
in 
the 
financial 
statements 
which 
in 
all 
probability 
would 
influence 
the 
judgement 
of 
a 
reasonable 
user 
of 
these 
financial 
statements”. 
Ø Errors 
include 
amongst 
others 
omissions 
and 
wrong 
presentations. 
Ø Reasonable 
users 
are 
people 
that 
are 
no 
specialists 
in 
accounting 
but 
have 
a 
basic 
knowledge 
of 
the 
principles 
used 
to 
prepare 
financial 
statements: 
o A 
certain 
knowledge 
of 
accounting 
is 
needed; 
o They 
need 
to 
understand 
that 
materiality 
levels 
are 
used 
during 
an 
audit; 
o They 
need 
to 
acknowledge 
that 
a 
certain 
level 
of 
‘judgement’ 
is 
used 
when 
preparing 
financial 
statements. 
Ø Materiality 
or 
“material 
importance” 
therefore 
has 
a 
direct 
impact 
on 
the 
auditor’s 
opinion 
on 
the 
financial 
statements. 
In 
case 
there 
are 
no 
material 
misstatements 
-­‐> 
unqualified 
opinion. 
In 
case 
of 
material 
misstatements 
-­‐> 
qualified 
opinion 
or 
negative 
opinion 
(depending 
on 
the 
number 
and 
size 
of 
the 
misstatements); 
Ø Auditor 
needs 
to 
determine 
materiality 
levels 
for 
his 
audit 
and 
these 
levels 
will 
be 
used 
for 
testing 
purposes 
(determining 
the 
extent 
of 
testing) 
and 
for 
reporting 
purposes 
(accumulating 
the 
adjustments 
in 
a 
”summary 
of 
unadjusted 
differences” 
and 
determining 
the 
type 
of 
opinion 
based 
on 
his 
professional 
judgement) 
; 
Ø Different 
levels 
of 
materiality 
(overall 
materiality, 
tolerable 
error, 
adjustment 
level)
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
34 
DETERMINING 
THE 
MATERIALITY 
LEVEL 
Ø Will 
be 
done 
during 
the 
planning 
phase; 
Ø Can 
and 
needs 
to 
be 
adjusted 
during 
the 
execution 
of 
testing 
based 
on 
results 
obtained; 
Ø The 
lower 
the 
materiality, 
the 
more 
testing 
(cfr. 
risk 
formula); 
Ø Materiality 
is 
a 
relative 
concept. 
The 
importance 
of 
an 
error 
will 
depend 
on 
its 
relative 
importance 
as 
compared 
to 
the 
financial 
statements 
taken 
as 
a 
whole. 
An 
error 
of 
1 
million 
will 
be 
material 
in 
an 
entity 
with 
a 
balance 
sheet 
of 
20 
million 
but 
not 
in 
an 
entity 
with 
a 
balance 
sheet 
of 
20 
billion; 
Ø Different 
data 
can 
be 
used 
and 
audit 
firms 
generally 
use 
a 
different 
basis 
from 
other 
audit 
firms. 
There 
are 
no 
specific 
guidelines 
coming 
from 
professional 
organisations 
since 
there’s 
a 
risk 
that 
auditors 
would 
automatically 
use 
these 
guidelines 
rather 
then 
taking 
into 
account 
the 
specific 
sitauation 
of 
the 
audited 
entity; 
Ø There 
are 
nevertheless 
some 
“rules 
of 
fist”: 
o Entities 
for 
profit: 
5% 
to 
10% 
of 
the 
pretax 
income, 
0,5% 
to 
1% 
of 
total 
sales, 
5% 
of 
EBITDA,…; 
o Non 
for 
profit 
entities: 
0,5% 
to 
1% 
of 
revenues. 
Ø Examples: 
o Non 
for 
profit 
organisations: 
rather 
use 
total 
revenue 
or 
total 
expense 
as 
a 
benchmark; 
o You 
can 
exclude 
exceptional 
items 
out 
of 
the 
profit 
before 
taxes; 
o Insurance 
companies: 
use 
net 
assets 
as 
a 
benchmark; 
o Holdings: 
usually 
net 
assets 
or 
total 
assets 
LEVELS 
Ø Overal 
materiality 
or 
“planing 
materiality” 
– 
at 
level 
of 
financial 
statements 
(PM) 
Ø Tolerable 
error 
– 
at 
level 
of 
a 
significant 
account 
(for 
reporting) 
– 
TE 
(generally 
50% 
or 
75% 
of 
PM) 
– 
used 
for 
testing 
and 
reporting 
Ø Adjusting 
difference 
– 
level 
as 
from 
which 
an 
error 
is 
taken 
to 
the 
summary 
of 
unadjusted 
audit 
differences 
– 
SAD 
level 
(for 
example 
5% 
of 
PM) 
– 
used 
for 
reporting 
only 
Ø Takes 
into 
account 
that 
more 
than 
one 
error 
can 
appear 
and 
those 
errors 
can 
accumulate 
3 
levels 
of 
materiality: 
Ø 1st 
level: 
Materiality 
Ø 2nd 
level: 
Tolerable 
error: 
50% 
of 
materiality 
Ø 3rd 
level: 
ACD 
level
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
35 
ASSESSING 
ERRORS 
Ø After 
performing 
the 
audit 
procedures, 
the 
auditor 
will 
have 
a 
view 
of 
the 
individual 
and 
total 
errors 
in 
the 
financial 
statements 
taken 
as 
a 
whole 
but 
also 
per 
significant 
account; 
Ø These 
errors 
are 
added 
up 
and 
compared 
to 
the 
overall 
materiality 
level 
determined 
at 
the 
start 
of 
the 
audit. 
Based 
on 
this 
exercise, 
the 
auditor 
will 
determine 
the 
impact 
of 
these 
errors 
on 
his 
opinion. 
ISA 
320 
– 
AUDIT 
MATERIALITY 
Ø Materiality: 
matter 
of 
professional 
judgement; 
Ø Both 
qualitative 
and 
quantitive 
misstatements; 
Ø Materiality 
to 
be 
determined 
at 
overall 
financial 
statement 
level 
and 
in 
relation 
to 
classes 
of 
transactions, 
account 
balances 
and 
disclosures; 
Ø Inverse 
relationship 
between 
materiality 
and 
the 
level 
of 
audit 
risk; 
Ø Assessment 
required 
whether 
the 
aggregate 
of 
uncorrected 
misstatements 
that 
have 
been 
identified 
during 
the 
audit 
is 
material; 
Ø If 
the 
aggregate 
of 
uncorrected 
misstatements 
approaches 
the 
materiality 
level, 
the 
auditor 
must 
consider 
whether 
it 
is 
likely 
that 
undetected 
misstatements 
could 
lead 
to 
exceeding 
the 
materiality 
level; 
è 
Audit 
risk 
can 
be 
reduced 
by 
performing 
additional 
procedures 
or 
by 
requesting 
management 
to 
adjust 
the 
financial 
statements 
QUESTIONS 
Ø Can 
we 
communicate 
our 
materiality 
levels 
to 
the 
auditee? 
Ø What 
about 
a 
condensed 
accounting 
year 
or 
quarterly 
reporting? 
Ø Why 
does 
the 
auditor 
determine 
materiality? 
Ø What 
about 
consolidated 
financial 
statements? 
o Example: 
group 
with 
20 
subsidiaries 
in 
20 
different 
countries 
with 
sales 
of 
EUR 
1 
million 
each 
and 
a 
profit 
before 
taxes 
of 
EUR 
100.000 
each 
o Consolidated 
revenue 
is 
EUR 
20 
million 
and 
consolidated 
profit 
before 
taxes 
is 
EUR 
2 
million 
o Expected 
materiality 
based 
on 
consolidated 
figures 
is 
EUR 
100.000 
o Can 
this 
materiality 
level 
be 
used 
for 
each 
entity? 
o Allocation 
of 
materiality 
needed
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
36 
PRACTICAL 
EXAMPLES 
EXAMPLE 
1 
Given: 
Ø Sales: 
10.000 
€ 
Ø Profit 
before 
taxes: 
1.000€ 
Ø Net 
assets: 
50 
€ 
Ø Accounts 
receivable: 
1.500 
€ 
Ø Allowance 
for 
doubtful 
debt 
understated 
with: 
40€ 
Is 
this 
material? 
EXAMPLE 
2 
Given 
for 
Year 
1 
Given 
for 
Year 
2 
Ø Sales: 
EUR 
10.000 
Ø Pretax 
income: 
EUR 
1.000 
Ø Net 
assets: 
EUR 
1.500 
Ø Accounts 
receivable: 
EUR 
1.500 
Ø Allowance 
for 
doubtful 
debt 
understated 
with 
EUR 
40 
Ø Sales: 
EUR 
10.000 
Ø Pretax 
income 
: 
EUR 
100 
Ø Net 
assets: 
EUR 
1.600 
Ø Accounts 
receivable: 
EUR 
1.500 
Ø Allowance 
for 
doubtful 
debt 
still 
understated 
with 
EUR 
40 
Ø Material 
error 
in 
year 
1 
? 
Ø Material 
error 
in 
year 
2 
? 
EXAMPLE 
3 
Given: 
Ø Sales: 
EUR 
10.000 
Ø EBITDA: 
EUR 
1.000 
Ø Net 
debt: 
EUR 
3.000 
Ø Covenant: 
net 
debt/EBITDA 
max 
3 
Ø Allowance 
for 
doubtful 
debt 
understated 
with 
EUR 
20 
Material? 
EXAMPLE 
4 
Given: 
Ø Sales: 
EUR 
10.000 
Ø Operating 
profit: 
EUR 
1.000 
Ø Balance 
sheet 
total: 
EUR 
5.000 
Ø Leasingcontract 
signed 
for 
a 
new 
machine: 
o Acquisition 
cost: 
EUR 
2.500 
o Yearly 
rent: 
EUR 
300 
in 
expense 
as 
rent 
(account 
61) 
o Lifespan 
= 
duration 
of 
the 
contract= 
10 
years 
o Analysis 
shows 
that 
this 
is 
a 
finance 
lease 
and 
not 
an 
operational 
lease 
Material 
?
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
37 
EXAMPLE 
5 
Given: 
Ø Sales: 
EUR 
10.000 
Ø Operating 
profit: 
EUR 
1.000 
Ø Balance 
sheet 
total: 
EUR 
5.000 
Ø Audit 
fees 
amount 
to 
EUR 
25 
and 
are 
correctly 
accounted 
for 
but 
not 
disclosed 
in 
the 
notes 
to 
the 
financials 
in 
Vol. 
5.15 
Material?7 
Audit 
Fees 
are 
in 
the 
P&L 
but 
you 
don’t 
see 
it 
there. 
25 
euros 
not 
disclosed 
in 
an 
appendix 
is 
not 
going 
to 
change 
the 
true 
and 
fair 
view, 
the 
amount 
is 
too 
small. 
We 
will 
try 
to 
push 
the 
client 
to 
change 
that, 
telling 
him 
that 
financials 
are 
not 
corrects, 
he 
has 
to 
give 
that 
information. 
EXAMPLE 
6 
Given: 
Ø Sales: 
EUR 
10.000 
Ø Operating 
profit: 
EUR 
1.000 
Ø Balance 
sheet 
total: 
EUR 
5.000 
Ø Depreciation: 
EUR 
300 
Ø Depreciation 
% 
used 
on 
buildings: 
3% 
Ø In 
the 
disclosures 
(accounting 
policies) 
it 
says 
5% 
is 
used 
as 
depreciation 
on 
buildings 
Material? 
300 
= 
3% 
of 
the 
total 
value 
of 
the 
building 
è 
P&L. 
But 
in 
the 
disclosure 
it 
says 
it’s 
5% 
that 
we 
are 
using 
è 
we 
are 
not 
using 
the 
percentage 
that 
we 
should 
be 
using, 
following 
the 
accounting 
policies 8 . 
There’s 
an 
issue, 
an 
error 
of 
200. 
200 
is 
material 
because 
the 
materiality 
is 
between 
5% 
& 
10% 
of 
1000, 
so 
between 
50 
and 
100, 
and 
200 
is 
> 
than 
that. 
è 
200 
is 
in 
any 
case 
material. 
EXAMPLE 
7 
Given: 
Ø Sales: 
EUR 
10.000 
Ø Operating 
profit: 
EUR 
1.000 
Ø Balance 
sheet 
total: 
EUR 
7.500 
Ø Provisions 
(account 
16): 
EUR 
75 
Ø Provisions 
for 
early 
retirement 
not 
accounted 
for 
in 
an 
amountof 
EUR 
25 
Material? 
7 
Dans 
les 
annexes 
au 
compte 
normalement 
il 
y 
a 
des 
honoraires 
d’audit 
(audit 
fees) 
pour 
donner 
des 
informations 
supplémentaires 
aux 
lecteurs. 
Dans 
une 
des 
annexes 
il 
manque 
cette 
information. 
Ici, 
les 
honoraires 
de 
25 
sont 
bien 
notes. 
8 
accounting 
policies 
= 
regles 
d’évaluation
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
38 
Ø Liability 
side 
of 
the 
B/S: 
o Provisions 
for 
75 
euros. 
o Provisions 
that 
should 
have 
been 
booked 
but 
haven’t: 
error 
of 
25. 
è 
Not 
material 
EXAMPLE 
8 
Given: 
Ø Sales: 
EUR 
10.000 
Ø Operating 
profit: 
EUR 
1.000 
Ø Net 
assets: 
EUR 
1.500 
Ø Balance 
sheet 
total: 
EUR 
7.500 
Ø Intangible 
assets: 
EUR 
0 
Ø Tangible 
assets 
amount 
to 
EUR 
2.000 
of 
which 
EUR 
1.500 
relate 
to 
software 
Material? 
Normally 
softwares 
are 
intangible 
fixed 
assets 
è 
This 
error 
is 
on 
significant 
account 
intangible 
asset 
and 
tangible 
asset 
è 
Material 
if 
you 
compare 
it 
to 
anything 
P&L 
driven 
but 
it’s 
only 
a 
balance 
sheet 
effect… 
would 
it 
change 
the 
view 
of 
a 
FS 
user? 
2 
solutions 
-­‐ It 
is 
important 
-­‐ It 
is 
not 
It 
depends 
on 
the 
context 
of 
the 
company 
but 
we 
will 
probably 
say 
that 
it’s 
material 
because 
we 
have 
big 
amounts 
here. 
1500 
è 
part 
of 
other 
audit 
procedures 
that 
we 
will 
do. 
EXAMPLE 
9 
Given: 
Ø Sales: 
EUR 
10.000 
Ø Operating 
profit: 
EUR 
5.000 
Ø Net 
assets: 
EUR 
6.500 
Ø Balance 
sheet 
total: 
EUR 
8.000 
Ø Credit 
note 
to 
be 
issued9 
not 
accrued 
for 
in 
an 
amount 
of 
EUR 
200 
Material? 
That’s 
equity 
Credit 
note 
to 
be 
issued 
should 
have 
been 
put 
in 
the 
B/S 
but 
200 
euros 
doesn’t 
look 
material 
Ø // 
Pretax 
income 
= 
one 
of 
the 
most 
important 
indicator 
è 
not 
material 
Ø // 
Total 
of 
the 
B/S 
è 
not 
material 
9 
= 
Note 
de 
crédit 
à 
établir
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
39 
EXAMPLE 
10 
Given: 
Ø Sales: 
EUR 
10.000 
Ø Operating 
profit: 
EUR 
5.000 
Ø Net 
assets: 
EUR 
6.50 
Ø Legal 
reserve: 
EUR 
25 
Ø Profit 
after 
taxes: 
2.000 
Ø Profit 
is 
fully 
distributed 
to 
the 
shareholders 
Problem? 
Ø Low 
equity 
value, 
& 
Ø Low 
net 
asset 
value 
Ø Legal 
Reserve 
= 
25 
euros 
Ø Profit 
fully 
distributed 
to 
the 
shareholders 
Normally 
before 
we 
distribute 
net 
profit, 
net 
income, 
we 
have 
to 
put 
5% 
in 
the 
legal 
reserve. 
Distributing 
everything 
is 
not 
correct. 
Material? 
It 
might 
be. 
It’s 
difficult 
to 
determine 
without 
knowing 
how 
is 
the 
equity 
build 
up. 
Anyway 
in 
the 
second 
part 
of 
the 
audit 
opinion 
we’ll 
say 
that 
the 
company’s 
law 
has 
not 
been 
respected. 
We 
should 
qualify 
in 
that 
case 
è 
qualified 
opinion 
EXAMPLE 
11 
Given: 
Ø Sales: 
EUR 
10.000 
Ø Net 
assets: 
EUR 
1.000 
Ø Profit 
before 
taxes: 
EUR 
1.500 
Ø Account 
61 
includes 
EUR 
50 
of 
secret 
commissions. 
Tax 
risk: 
fine 
of 
309% 
Material? 
Tax 
risk 
on 
the 
amount 
of 
50 
with 
a 
fine 
of 
309 
%. 
If 
the 
probability 
of 
the 
tax 
risk 
is 
> 
50%, 
then 
you 
qualify. 
If 
we 
believe 
>50% 
chances 
that 
it 
materializes, 
then 
we 
qualify.
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
Services 
covered 
by 
the 
standards 
and 
recommendations 
Related 
Services 
ISRS 
4000-­‐4699 
ISRSPS 
4700-­‐4999 
ISQC 
1-­‐99 
International 
Standards 
on 
Quality 
Control 
40 
ISQC1 
AND 
I SA200-­‐260 
ISQC1: 
International 
Standard 
Quality 
Control 
1 
è 
n°1 
because 
there’s 
only 
one 
so 
far. 
IFAC 
-­‐ 
Code 
of 
ethics 
for 
professional 
practitioners 
Structure 
of 
the 
Standards 
for 
Assurance 
Engagements 
Audit 
and 
review 
of 
historical 
Qinancial 
information 
ISA 
100-­‐999 
IAPS 
1000-­‐1999 
ISRE 
2000-­‐2699 
IREPS 
2700-­‐2999 
Assurance 
engagements 
other 
than 
audits 
and 
reviews 
of 
historical 
Qinancial 
information 
ISAE 
3000-­‐3699 
IAEPS 
3700-­‐3999 
Ø The 
international 
Standard 
on 
Quality 
Control 
(ISQC) 
deals 
with 
a 
firm’s 
responsibilities 
for 
it’s 
system 
of 
quality 
control 
for 
audits 
and 
reviews 
of 
financial 
statements, 
and 
other 
assurance 
and 
related 
services 
engagements. 
Ø This 
ISQC 
applies 
to 
all 
firms 
of 
professional 
accountants 
in 
respect 
of 
audits 
and 
reviews 
of 
financial 
statements, 
and 
other 
assurance 
and 
related 
services 
engagements. 
The 
nature 
and 
extent 
of 
the 
policies 
and 
procedures 
developed 
by 
an 
individual 
firm 
to 
comply 
with 
this 
ISQC 
will 
depend 
on 
various 
factors 
such 
as 
the 
size 
and 
operating 
characteristics 
of 
the 
firm, 
and 
whether 
it 
is 
part 
of 
a 
network. 
è 
The 
ISQC1 
applies 
to 
all 
engagements. 
It 
deals 
with 
the 
firms’ 
responsibility 
for 
quality 
control. 
One 
person 
must 
be 
responsible 
of 
this 
and 
has 
to 
put 
in 
place 
a 
system 
of 
quality 
control.
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
41 
ELEMENTS 
OF 
A 
SYSTEM 
OF 
QUALITY 
CONTROL 
The 
firm 
shall 
establish 
and 
maintain 
a 
system 
of 
quality 
control 
that 
includes 
policies 
and 
procedures 
that 
address 
each 
of 
the 
following 
elements: 
Ø Leadership 
responsibilities 
for 
quality 
within 
the 
firm: 
responsible 
for 
the 
quality 
control 
at 
the 
top 
level 
Ø Relevant 
ethical 
requirements: 
so 
that 
everybody 
have 
to 
have 
a 
set 
of 
values 
within 
the 
company 
Ø Acceptance 
and 
continuance 
of 
client 
relationships 
and 
specific 
engagements: 
the 
first 
time 
the 
auditor 
accepts 
a 
client, 
he 
has 
to 
go 
through 
an 
acceptance 
procedure. 
Then 
every 
year 
he 
has 
to 
do 
a 
client 
continuance, 
to 
see 
if 
the 
client 
still 
complies 
with 
the 
criteria. 
è 
Continue 
engagement 
= 
a 
job. 
è 
Engagement 
acceptance: 
necessary, 
when 
you 
have 
accepted 
there 
are 
some 
services 
that 
you 
can’t 
do: 
for 
example 
you 
can’t 
be 
the 
accountant 
for 
a 
client 
where 
you 
are 
an 
auditor, 
you 
would 
be 
auditing 
what 
you 
do. 
Ø Human 
resources: 
how 
do 
you 
make 
sure 
your 
people 
are 
trained 
on 
a 
continual 
basis, 
your 
people 
are 
ethical, 
etc.? 
What 
are 
your 
recruitment 
procedures? 
Are 
you 
recruiting 
the 
right 
persons? 
Etc. 
Ø Monitoring: 
need 
to 
make 
sure 
that 
the 
quality 
get 
monitored 
on 
a 
regular 
basis 
All 
that 
needs 
to 
be 
documented: 
The 
firm 
shall 
document 
its 
policies 
and 
procedures 
and 
communicate 
them 
to 
the 
firm’s 
personnel. 
LEADERSHIP 
RESPONSIBILITIES 
FOR 
QUALITY 
WITHIN 
THE 
FIRM 
The 
firm 
shall 
establish 
policies 
and 
procedures 
designed 
to 
promote 
an 
internal 
culture 
recognizing 
that 
quality 
is 
essential 
in 
performing 
engagement. 
Such 
policies 
and 
procedures 
shall 
require 
the 
firm’s 
chief 
executive 
officer 
(or 
equivalent) 
or, 
if 
appropriate, 
the 
firm’s 
managing 
board 
of 
partners 
(or 
equivalent) 
to 
assume 
ultimate 
responsibility 
for 
the 
firm’s 
system 
of 
quality 
control. 
RELEVANT 
ETHICAL 
REQUIREMENTS 
Independence 
Ø The 
firm 
shall 
establish 
policies 
and 
procedures 
designed 
to 
provide 
it 
with 
reasonable 
assurance 
that 
the 
firm, 
its 
personnel 
and, 
where 
applicable, 
others 
subject 
to 
independence 
where 
required 
by 
relevant 
ethical 
requirements 
: 
Ø Policies 
and 
procedures 
that 
are 
required 
to 
independence 
Ø Engagement 
partners 
to 
provide 
the 
firm 
with 
relevant 
information 
about 
client 
engagements, 
including 
the 
scope 
of 
services, 
to 
enable 
the 
firm 
to 
evaluate 
the 
overall 
impact, 
if 
any, 
on 
independence 
requirements 
Ø Personnel 
to 
promptly 
notify 
the 
firm 
of 
circumstances 
and 
relationships 
that 
create 
a 
threat 
to 
independence 
so 
that 
appropriate 
action 
can 
be 
taken 
Ø The 
firm 
maintains 
and 
updates 
its 
records 
relating 
to 
independence 
Ø The 
firm 
takes 
appropriate 
action 
regarding 
identified 
threats 
to 
independence 
that 
are 
not 
at 
an 
acceptable 
level.
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
42 
ACCEPTANCE 
AND 
CONTINUANCE 
OF 
CLIENT 
RELATIONSHIP 
AND 
SPECIFIC 
ENGAGEMENT 
Ø Competence, 
Capabilities 
and 
resources: 
An 
audit 
team 
that 
has 
never 
been 
auditing 
a 
bank 
should 
not 
be 
assigned 
totally 
alone 
è 
rather 
not 
accept 
the 
client. 
Ø Integrity 
of 
client: 
Industry 
of 
pornography, 
you 
might 
not 
accept 
the 
client 
(integrity 
issue) 
Ø Continuance 
of 
Client 
Relationship 
Ø Withdrawal: 
What 
do 
we 
do 
when 
withdrawal 
of 
the 
client? 
Ø Considerations 
Specific 
to 
Public 
Sector 
Audit 
Organizations 
HUMAN 
RESOURCES 
Ø Recruitment 
Ø Performance 
of 
the 
people 
evaluation: 
how 
is 
it 
done? 
We 
need 
to 
make 
sure 
that 
in 
the 
performance 
review, 
quality 
is 
assessed 
and 
not 
only 
commercial 
etc. 
you 
can’t 
make 
an 
exception 
on 
quality. 
Ø Capabilities, 
including 
time 
to 
perform 
assignments 
Ø Competence 
Ø Career 
development 
Ø Promotion 
Ø Compensation 
Ø The 
estimation 
of 
personnel 
needs 
ENGAGEMENT 
PERFORMANCE 
Ø Consistency 
in 
the 
Quality 
of 
Engagement 
Performance 
Ø Supervision: 
always 
reviewed 
by 
a 
second 
person 
Ø Review 
Ø Consultation: 
need 
to 
make 
sure 
that 
you 
address 
the 
possibility 
of 
consulting 
MONITORING 
Ø Monitoring 
the 
Firm’s 
Quality 
Control 
Policies 
and 
Procedures: 
make 
sure 
your 
Quality 
Control 
etc. 
are 
monitored 
on 
a 
regular 
basis 
è 
complaints 
or 
allegation, 
etc. 
Ø Communicating 
Deficiencies 
Ø Complaints 
and 
Allegations 
Example: 
GMS 
system 
(= 
software) 
è 
need 
to 
declare 
all 
the 
investments 
you 
have: 
database. 
The 
company 
can 
check 
and 
see 
we 
don’t 
have 
shares 
In 
our 
client’s 
company, 
etc. 
ISQC1 
applies 
to 
all 
engagements. 
Now: 
more 
specific
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
43 
DOCUMENTATION 
OF 
THE 
SYSTEM 
OF 
QUALITY 
CONTROL 
Ø The 
form 
and 
content 
of 
documentation 
evidencing 
the 
operation 
of 
each 
of 
the 
elements 
of 
the 
system 
of 
quality 
control 
is 
a 
matter 
of 
judgment 
and 
depends 
on 
a 
number 
of 
factors, 
including 
the 
following 
o The 
size 
of 
the 
firm 
and 
the 
number 
of 
offices 
o The 
nature 
and 
complexity 
of 
the 
firm’s 
practice 
and 
organization 
Ø For 
example, 
large 
firms 
may 
use 
electronic 
databases 
to 
document 
matters 
such 
as 
independence 
confirmations, 
performance 
evaluations 
and 
the 
results 
of 
monitoring 
inspections. 
ISA 
200: 
OVERALL 
OBJECTIVE 
OF 
THE 
INDEPENDENT 
AUDITOR 
AND 
THE 
CONDUCT 
OF 
AN 
AUDIT 
IN 
ACCORDANCE 
WITH 
INTERNATIONAL 
STANDARDS 
ON 
AUDITING 
This 
International 
standard 
on 
Auditing 
(ISA) 
deals 
with 
the 
Overall 
Objectives 
of 
the 
Auditor 
In 
conducting 
an 
audit 
of 
financial 
statements, 
the 
overall 
objectives 
of 
the 
auditor 
are: 
Ø The 
obtain 
reasonable 
assurance 
(reasonable 
assurance 
is 
not 
an 
absolute 
level 
of 
assurance) 
about 
whether 
the 
financial 
statements 
as 
a 
whole 
are 
free 
from 
materiel 
misstatement, 
whether 
due 
to 
fraud 
or 
error, 
there 
by 
enabling 
the 
auditor 
to 
express 
an 
opinion 
on 
whether 
the 
financial 
statements 
are 
prepared, 
in 
all 
material 
respects, 
in 
accordance 
with 
an 
applicable 
financial 
reporting 
framework 
Ø To 
report 
on 
the 
financial 
statements, 
and 
communicate 
as 
required 
by 
the 
ISA’s, 
in 
accordance 
with 
the 
auditor’s 
findings. 
Ø In 
all 
cases 
when 
reasonable 
assurance 
cannot 
be 
obtained 
and 
a 
qualified 
opinion 
in 
the 
auditor’s 
report 
is 
insufficient 
in 
the 
circumstances 
for 
purposes 
of 
reporting 
to 
the 
intended 
users 
of 
the 
financial 
statements, 
the 
ISAs 
require 
that 
the 
auditor 
disclaim 
an 
opinion 
or 
withdraw 
(or 
resign) 
from 
the 
engagement, 
where 
withdrawal 
is 
possible 
under 
applicable 
law 
or 
regulation. 
ISA 
200 
REQUIREMENTS 
ESTABLISHING 
THE 
GENERAL 
RESPONSIBILITIES 
OF 
THE 
INDEPENDENT 
AUDITOR 
Ø Ethical 
Requirements 
Relating 
to 
an 
audit 
of 
Financial 
statements 
Ø Professional 
Skepticism 
Ø Professional 
Judgment 
Ø Sufficient 
Appropriate 
Audit 
Evidence 
and 
Audit 
Risk 
Ø Conduct 
of 
an 
Audit 
in 
Accordance 
with 
ISAs 
ISA 
210: 
AGREEING 
THE 
TERMS 
OF 
AUDIT 
ENGAGEMENTS 
Ø This 
International 
Standard 
on 
auditing 
(ISA) 
deals 
with 
the 
auditor’s 
responsibilities 
in 
agreeing 
the 
terms 
of 
the 
audit 
engagement 
with 
management 
and, 
where 
appropriate, 
those 
charged 
with 
governance. 
This 
includes 
establishing 
that 
certain 
preconditions 
for 
an 
audit, 
responsibility 
for 
which 
rests 
with 
management 
and, 
where 
appropriate, 
those 
charged 
with 
governance, 
are 
present.
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
44 
ISA 
210 
REQUIREMENTS 
Ø Preconditions 
for 
an 
Audit 
Ø Agreement 
on 
Audit 
Engagement 
Terms 
Ø Recurring 
Audits 
Ø Acceptance 
of 
a 
change 
in 
Term 
of 
the 
Audit 
Engagement 
Ø Additional 
Considerations 
in 
Engagement 
Acceptance 
ISA 
210: 
PRECONDITIONS 
FOR 
AN 
AUDIT 
Ø Determining 
the 
Acceptability 
of 
the 
financial 
reporting 
framework 
Ø Financial 
reporting 
frameworks 
prescribed 
by 
law 
or 
regulation 
Ø Jurisdictions 
that 
do 
not 
have 
standards 
setting 
organizations 
or 
prescribed 
financial 
reporting 
frameworks 
Ø Agreement 
of 
the 
Responsibilities 
of 
Management 
Ø Preparation 
of 
the 
Financial 
Statement 
and 
internal 
control 
ISA 
210: 
AGREEMENT 
ON 
AUDIT 
ENGAGEMENT 
TERMS 
An 
audit 
engagement 
letter 
mentions 
the 
responsibility 
of 
the 
management 
& 
of 
the 
auditor 
An 
Audit 
engagement 
letter 
may 
make 
reference 
to 
the 
following: 
Ø The 
scope 
of 
the 
audit 
Ø The 
form 
of 
any 
other 
communication 
of 
results 
of 
the 
audit 
engagement 
Ø Because 
of 
inherent 
limitations 
of 
an 
audit 
and 
internal 
control, 
an 
unavoidable 
risk 
that 
some 
material 
misstatements 
may 
not 
be 
detected 
exists. 
Ø The 
expectation 
that 
the 
management 
will 
provide 
written 
representations 
Ø The 
agreement 
of 
management 
to 
make 
available 
to 
the 
auditor 
draft 
financial 
statements 
and 
any 
accompanying 
other 
information 
in 
time 
to 
allow 
the 
auditor 
to 
complete 
the 
audit 
in 
accordance 
with 
the 
proposed 
timetable 
Ø The 
agreement 
of 
management 
to 
inform 
the 
auditor 
of 
facts 
that 
may 
affect 
the 
financial 
statements, 
of 
which 
management 
may 
become 
aware 
during 
the 
period 
from 
the 
date 
of 
the 
auditor’s 
report 
to 
the 
date 
the 
financial 
statements 
are 
issued 
Ø The 
basis 
on 
which 
fees 
are 
computed 
and 
any 
billing 
arrangements 
Ø A 
request 
for 
management 
to 
acknowledge 
receipt 
of 
the 
audit 
engagement 
letter 
and 
to 
agree 
to 
the 
terms 
of 
the 
engagement 
outlined 
therein. 
AUDITS 
OF 
COMPONENTS 
When 
the 
auditor 
of 
a 
parent 
entity 
is 
also 
the 
auditor 
of 
a 
component, 
the 
factors 
that 
may 
influence 
the 
decision 
whether 
to 
send 
a 
separate 
audit 
engagement 
letter 
to 
the 
component 
include 
the 
following: 
Ø Who 
appoints 
the 
component 
auditor 
Ø Whether 
a 
separate 
auditor’s 
report 
is 
to 
be 
issued 
on 
the 
component 
Ø Legal 
requirements 
in 
relation 
to 
audit 
appointments 
Ø 
Degree 
of 
ownership 
by 
parent 
Ø Degree 
of 
independence 
of 
the 
component 
management 
from 
the 
parent 
entity
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
45 
ISA 
230 
AUDIT 
DOCUMENTATION 
Anything 
not 
documented 
is 
considered 
as 
not 
done: 
having 
it 
in 
your 
head 
is 
not 
sufficient. 
Everything 
has 
to 
be 
documented. 
The 
rule 
is 
that 
someone 
should 
be 
able 
to 
re-­‐do 
what 
the 
auditor 
has 
done 
based 
on 
the 
audit 
documentation. 
Furthermore, 
the 
documentation 
has 
to 
be 
kept 
for 
10 
years. 
On 
top 
of 
ISAs, 
there 
are 
regulations. 
This 
international 
Standard 
on 
Auditing 
(ISA) 
deals 
with 
the 
auditor’s 
responsibility 
to 
prepare 
audit 
documentation 
for 
an 
audit 
of 
financial 
statements. 
The 
appendix 
lists 
other 
ISAs 
that 
contain 
specific 
documentation 
requirements 
and 
guidance. 
The 
specific 
documentation 
requirements 
of 
other 
ISAs 
do 
not 
limit 
the 
application 
of 
this 
ISA. 
Law 
or 
regulation 
may 
establish 
additional 
documentation 
requirements. 
ISA 
230 
REQUIREMENTS 
Ø Timely 
Preparation 
of 
Audit 
Documentation 
Ø Documentation 
of 
the 
Audit 
procedures 
Performed 
and 
Audit 
Evidence 
obtained 
Ø Assembly 
of 
the 
Final 
Audit 
File 
ISA 
230 
DOCUMENTATION 
OF 
THE 
AUDIT 
PROCEDURES 
PERFORMED 
AND 
AUDIT 
EVIDENCE 
OBTAINED 
The 
auditor 
shall 
prepare 
audit 
documentation 
that 
enable 
an 
experienced 
auditor 
to 
understand 
the 
following: 
Ø The 
nature, 
timing 
and 
extent 
of 
the 
audit 
procedures 
Ø The 
results 
of 
the 
audit 
procedures 
performed, 
and 
the 
audit 
evidence 
obtained 
Ø Significant 
matters 
arising 
during 
the 
audit, 
the 
conclusions 
reached 
thereon 
Ø In 
exceptional 
circumstances, 
why 
the 
auditor 
judges 
it 
necessary 
to 
depart 
from 
a 
relevant 
requirement 
in 
an 
ISA 
Ø Matters 
Arising 
after 
the 
Date 
of 
the 
Auditor’s 
Report 
ISA 
230 
ASSEMBLY 
OF 
THE 
FINAL 
AUDIT 
FILE 
Ø The 
auditor 
shall 
assemble 
the 
audit 
documentation 
in 
an 
audit 
file 
and 
complete 
the 
administrative 
process 
of 
assembling 
the 
final 
audit 
file 
on 
a 
timely 
basis 
after 
the 
date 
of 
the 
auditor’s 
report 
Ø After 
the 
assembly 
of 
the 
final 
audit 
file 
has 
been 
completed, 
the 
auditor 
shall 
not 
delete 
or 
discard 
audit 
documentation 
of 
any 
nature 
before 
the 
end 
of 
its 
retention 
period 
Ø In 
circumstances 
where 
the 
auditor 
finds 
it 
necessary 
to 
modify 
existing 
audit 
documentation 
or 
add 
new 
audit 
documentation 
after 
the 
assembly 
of 
the 
final 
audit 
file 
has 
been 
completed, 
the 
auditor 
shall, 
regardless 
of 
the 
nature 
of 
the 
modifications 
or 
additions, 
document: 
o The 
specific 
reasons 
for 
making 
them 
o When 
and 
by 
whom 
they 
were 
made 
and 
reviewed
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
46 
ISA 
240 
THE 
AUDITOR’S 
RESPONSIBILITIES 
RELATING 
TO 
FRAUD 
IN 
AN 
AUDIT 
OF 
FINANCIAL 
STATEMENTS 
This 
ISA 
is 
a 
very 
important 
one. 
We’ll 
see 
it 
later. 
This 
ISA 
deals 
with 
the 
auditor’s 
responsibilities 
relating 
to 
fraud 
in 
an 
audit 
of 
financial 
statements. 
Specifically, 
it 
expands 
on 
how 
ISA 
315 
and 
ISA 
330 
are 
to 
be 
applied 
in 
relation 
to 
risks 
of 
material 
misstatement 
due 
to 
fraud 
Ø Characteristics 
of 
Fraud 
Ø Responsibility 
for 
the 
prevention 
and 
detection 
of 
fraud 
Ø Responsibility 
of 
the 
auditor 
Ø Professional 
skepticism 
Ø Discussion 
among 
the 
engagement 
team 
Ø Risk 
assessment 
procedures 
and 
related 
activities 
Ø Management’s 
assessment 
of 
the 
risk 
Ø The 
auditor 
shall 
make 
inquiries 
of 
management 
Ø Unusual 
or 
unexpected 
relationship 
identified 
Ø Evaluation 
of 
fraud 
risk 
factors 
Ø Identification 
and 
assessment 
of 
the 
risk 
of 
material 
misstatement 
due 
to 
fraud 
Ø Responses 
to 
the 
assessed 
risks 
of 
material 
misstatement 
due 
to 
fraud 
o Overall 
responses 
o Audit 
procedures 
responsive 
to 
assessed 
risks 
of 
material 
misstatement 
due 
to 
fraud 
at 
the 
assertion 
level 
o Audit 
procedures 
responsive 
to 
risks 
related 
to 
management 
override 
of 
controls 
ISA 
250 
CONSIDERATION 
OF 
LAWS 
AND 
REGULATION 
IN 
AN 
AUDIT 
OF 
FINANCIAL 
STATEMENTS 
There’s 
a 
specific 
ISA 
taking 
into 
consideration 
laws 
and 
regulations. 
Example: 
tax 
laws 
are 
important 
è 
which 
laws 
the 
company 
has 
to 
comply 
with? 
Etc. 
è 
it’s 
a 
checklist. 
Tax 
= 
VAT, 
custom 
duties, 
company 
taxes 
Ø Effect 
of 
laws 
and 
regulations 
Ø Responsibility 
for 
compliance 
with 
laws 
and 
regulations 
o Management’s 
responsibility 
o Auditor’s 
responsibility 
Ø The 
auditor’s 
consideration 
of 
compliance 
with 
laws 
and 
regulations 
Ø Audit 
procedures 
when 
Non-­‐compliance 
is 
identified 
or 
suspected 
Ø Reporting 
of 
identified 
or 
suspected 
non-­‐compliance 
Ø Documentation
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
ISA 
260 
COMMUNICATION 
WITH 
THOSE 
CHARGED 
WITH 
GOVERNANCE 
OF 
47 
THE 
COMPANY 
Ø Those 
charged 
with 
governance 
Ø Those 
charged 
with 
governance-­‐The 
person 
or 
organization 
with 
responsibility 
for 
overseeing 
the 
strategic 
direction 
of 
the 
entity 
and 
obligations 
related 
to 
the 
accountability 
of 
the 
entity. 
Ø Matters 
to 
be 
communicated 
Ø Planned 
scope 
and 
timing 
of 
the 
audit 
Ø Significant 
findings 
from 
the 
audit 
Ø Auditor 
independence 
Ø The 
communication 
process 
Ø Establishing 
the 
communication 
process 
Ø Forms 
of 
communication 
Ø Timing 
of 
communication 
s 
Ø Adequacy 
of 
the 
communication 
process 
Ø Documentation
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
48 
????? 
≠ 
steps 
of 
the 
audit 
methodology 
(last 
time). 
Yellow: 
first 
combined 
risk 
assessment 
(slide 
audit 
process) 
Test 
of 
the 
controls 
to 
confirm 
that 
your 
risk 
assessment 
(preliminary) 
is 
valid. 
Based 
on 
the 
combined 
risk 
assessment 
è 
substantive 
procedures 
+ 
general 
audit 
procedures. 
????? 
CASE 
STUDY-­‐ 
SERVIER 
BENELUX
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
IT 
SPECIALIST 
INVOLVEMENT 
IN 
THE 
1. Application 
controls 
2. IT 
general 
controls 
(wider 
than 
application 
è 
how 
do 
we 
do 
when 
we 
want 
to 
change 
something 
(process)? 
49 
AUDIT 
Agenda: 
Ø The 
IT 
Specialist 
Approach: 
we 
use 
IT 
specialists 
because 
most 
of 
the 
transactions 
are 
done 
through 
IT. 
Ø IT 
Environment 
Checklist 
(ITEC) 
& 
Technology 
Summary 
(Techsum): 
o ITEC 
= 
a 
number 
of 
ways 
to 
document 
what 
auditors 
are 
doing 
o TECHSUM 
= 
what 
technology 
the 
client 
uses 
and 
how 
it’s 
affecting 
the 
business 
Ø Application 
Control 
Review 
Ø IT 
General 
Controls 
(ITGC) 
Ø Data 
Analysis: 
electronic 
evidence 
obtained 
through 
the 
system 
Ø Summary 
THE 
THREE 
MAIN 
AREAS 
OF 
FOCUS: 
THE 
IT 
PYRAMID 
Integration 
of 
the 
IT 
audit 
team 
at 
three 
main 
levels: 
Ø Obtaining 
an 
understanding 
of 
the 
IT 
environment 
(and 
changes 
to 
it) 
and 
assess 
the 
inherent 
risks 
attached 
Ø Testing 
of 
the 
(semi-­‐) 
automated 
application 
controls 
Ø Test 
IT 
General 
Controls 
over 
applications 
(and 
Operating 
Systems 
/ 
Databases). 
IT 
Environment 
(document) 
Application 
controls 
(test1) 
IT 
General 
Controls 
(test2) 
2 
types 
of 
control 
in 
the 
IT 
system: 
controls 
and 
it 
affects 
it) 
Ex: 
change 
management 
ISA 
600 
= 
making 
use 
of 
an 
expert 
if 
you 
don’t 
have 
your 
own 
IT 
specialist 
in 
the 
audit 
team 
STEPS: 
1 
2 
3
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
50 
THREE 
PARTS 
OF 
IT-­‐RELATED 
WORK: 
THE 
BIG 
PICTURE 
1. The 
IT 
Environment 
Ø Identify 
business 
and 
inherent 
risks: 
o Risk 
formula 
– 
part 
1 
è 
IT 
= 
part 
of 
the 
inherent 
risks 
Ø Impact 
on 
internal 
control 
at 
entity 
level 
(not 
at 
a 
process 
level) 
è 
ex: 
if 
there’s 
only 
one 
person 
in 
the 
IT 
department 
in 
a 
company 
with 
a 
complex 
system 
Ø Regulatory 
requirements: 
companies 
are 
part 
of 
an 
industry 
where 
IT 
has 
to 
comply 
with 
regulatory 
requirements 
Ø To 
link 
the 
significant 
business 
processes 
with 
applications 
(Techsum) 
o TechSum 
= 
document: 
Technology 
Summary. 
It 
says 
which 
software, 
platform 
is 
used 
for 
each 
process 
2. Application 
controls 
Those 
controls 
happen 
at 
the 
transaction 
level. 
They’re: 
Ø Either 
manual 
controls, 
as 
for 
example 
comparing 
2 
things 
è 
you 
have 
to 
test 
it 
much 
more: 
if 
a 
machine 
does 
it 
right 
once, 
it 
will 
do 
it 
right 
all 
the 
time, 
which 
is 
not 
the 
case 
of 
a 
person 
Ø Or 
manual 
controls 
depending 
on 
IT 
control, 
as 
for 
example 
reconciling 
a 
document 
from 
the 
IT 
system 
with 
another 
one 
è 
you 
do 
it 
by 
testing 
the 
IT 
system 
Ø Or 
else, 
fully 
automated 
controls 
(made 
by 
the 
machine) 
è 
you 
do 
it 
by 
testing 
the 
IT 
system 
Focus 
on 
controls 
(including 
IT-­‐dependent 
manual 
controls) 
that 
deal 
with 
control 
risk 
for 
each 
relevant 
assertion 
relating 
to 
the 
significant 
accounts 
3. IT 
General 
Controls 
= 
Controls 
around 
the 
machine. 
Example: 
access 
rights 
test 
è 
if 
wrong, 
anybody 
can 
do 
anything 
and 
the 
situation 
is 
bad. 
Focus 
on 
IT 
General 
Controls 
relating 
to 
application 
controls 
in 
order 
to 
attain 
reasonable 
assurance 
on 
them 
è 
If 
change 
management 
is 
not 
done 
properly, 
application 
controls 
won’t 
be 
done 
properly 
because 
anybody 
can 
change 
it. 
Combined 
risk 
assessment 
Value 
observation
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
51 
IT 
SPECIALIST 
APPROACH 
LINK 
WITH 
SIGNIFICANT 
ACCOUNTS 
è 
1st 
part 
= 
INHERENT 
RISK: 
it 
gives 
indications 
about 
the 
IR 
First 
Part: 
Ø ITEC: 
how 
we 
document 
what 
we 
see 
in 
the 
IT 
environment 
è 
based 
on 
that 
you 
decide 
if 
you 
have 
a 
low 
or 
high 
IR 
Ø Internal 
control 
and 
fraud 
(checklist): 
affected 
by 
the 
ITEC 
è 
2nd 
part 
+ 
3rd 
part 
= 
CONTROL 
RISK: 
we 
look 
at 
what 
control 
we 
have 
in 
place 
Second 
Part: 
Ø We 
start 
with 
significant 
accounts 
Ø è 
Each 
account 
is 
linked 
to 
a 
process 
(example: 
accounts 
receivable 
linked 
to 
the 
sale 
process). 
Ø After, 
we 
look 
at 
what 
could 
go 
wrong 
(WCGW) 
Ø WCGW 
is 
linked 
with 
3 
types 
of 
controls 
Third 
Part: 
Ø IT 
General 
Control: 
documentation 
in 
the 
checklist 
DITGC 
Ø DITGC 
= 
Documentation 
of 
the 
IT 
General 
Control
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
52 
IT 
SPECIALIST 
APPROACH 
IN 
THE 
AUDIT 
METHODOLOGY 
Which 
are 
the 
audit 
activities 
where 
the 
IT 
specialist 
will 
be 
involved? 
Ø 3. 
The 
IT 
specialist 
needs 
to 
understand 
the 
IT 
of 
the 
client. 
Ø 4. 
It 
is 
done 
by 
filling 
the 
ITEC 
and 
the 
TechSum 
Ø 5. 
Based 
on 
conclusions, 
we 
have 
to 
adapt 
the 
audit 
program 
Ø 7. 
è 
“Test 
of 
ones” 
= 
1 
test 
of 
automated 
Ø 6. 
But 
now 
from 
an 
IT 
general 
controls 
perspective 
è 
At 
this 
stage, 
they 
are 
not 
looking 
at 
data 
yet: 
there 
are 
no 
data 
tests. 
There 
are 
only 
control 
environment 
and 
IR
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
See 
if 
application 
control 
work 
Electronic 
Audit 
Evidence: 
Any 
document 
that 
comes 
out 
of 
the 
system 
& 
that 
you 
want 
to 
rely 
on. 
è 
pièce 
justificative 
éléctronique 
(that 
comes 
out 
of 
the 
system) 
53 
THE 
PURPOSE 
OF 
ITGC 
WORK 
Most 
companies 
are 
working 
with 
EAE 
now. 
As 
an 
auditor, 
you 
have 
to 
stay 
sceptical: 
you 
can’t 
rely 
on 
something 
coming 
directly 
from 
the 
system. 
IT 
CONTROL 
TESTING 
AN 
OVERVIEW
Manon 
Cuylits 
International 
Standards 
on 
Audit 
2013-­‐2014 
ECRII: 
Eric 
van 
Hoof 
54 
There 
are 
different 
control 
types: 
Ø Detection 
controls 
Ex: 
print 
a 
list 
showing 
all 
the 
transactions 
> 
10.000.000 
€ 
and 
then 
you 
check 
if 
it’s 
possible 
Ø Prevention 
controls 
(better 
than 
detection 
controls) 
Ex: 
the 
system 
blocks 
if 
you 
try 
to 
put 
a 
transaction 
in 
it 
> 
10.000.000 
€ 
(impossible) 
è 
IT 
General 
Controls 
It’s 
another 
way 
to 
classify 
manual 
controls/ 
IT 
dependent 
controls 
and 
fully 
automated 
controls. 
EXAMPLE 
Ø Balance 
Sheet 
& 
Income 
Statement 
= 
The 
Financial 
Statements 
the 
auditor 
tries 
to 
certify 
Ø Account: 
Accounts 
Payable10 
= 
significant 
accounts 
Ø Process: 
Purchasing 
= 
purchase 
process 
related 
to 
the 
accounts 
payable 
Ø WCGW: 
Invoice 
does 
not 
equal 
delivery 
does 
not 
equal 
order 
Ø Control: 
3 
ways 
match 
to 
control 
the 
WCGW: 
matching 
between: 
o The 
purchase 
o The 
delivery 
note 
o The 
invoice 
è 
It’s 
an 
application 
control 
Application 
control 
IT 
General 
Control 
Ø SAP: 
the 
transactions 
happens 
in 
an 
SAP 
Ø Oracle 
DB: 
it’s 
a 
database 
Ø UNIX 
Ø Change 
management 
Ø Access 
management 
If 
not 
right, 
you 
can’t 
extrapolate 
that 
the 
rest 
is 
right 
Either 
you 
test 
manually, 
meaning 
you 
have 
to 
test 
a 
lot, 
or 
you 
ask 
the 
IT 
specialist 
to 
check 
the 
IT 
system. 
10 
Accounts 
payable 
= 
dettes 
commerciales
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)
International Auditing Standards (ISA)

More Related Content

What's hot

AUDIT REPORT [ AUDITING ]
AUDIT REPORT [ AUDITING ]AUDIT REPORT [ AUDITING ]
AUDIT REPORT [ AUDITING ]Rakshit Porwal
 
Internal Control Questionnaires (ICQs)
Internal Control Questionnaires (ICQs)Internal Control Questionnaires (ICQs)
Internal Control Questionnaires (ICQs)Ahmad Tariq Bhatti
 
Unit 1 Introduction to Auditing
Unit 1 Introduction to AuditingUnit 1 Introduction to Auditing
Unit 1 Introduction to AuditingRadhika Gohel
 
forensic accounting india
forensic accounting indiaforensic accounting india
forensic accounting indiaMayank Garg
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment PresentationEMAC Consulting Group
 
Chapter 3 -Audit evidence
Chapter   3 -Audit evidenceChapter   3 -Audit evidence
Chapter 3 -Audit evidenceSaidiBuyera
 
Chapter 1 -introduction to auditing
Chapter   1 -introduction to auditingChapter   1 -introduction to auditing
Chapter 1 -introduction to auditingSaidiBuyera
 
International Standards on Auditing - Summarized
International Standards on Auditing - SummarizedInternational Standards on Auditing - Summarized
International Standards on Auditing - SummarizedFawad Hassan
 
audit sampling notes
audit sampling notesaudit sampling notes
audit sampling notesstudent
 
Client Evaluation and Planning the Audit Lecture slide chapter 8
Client Evaluation and Planning the Audit Lecture slide chapter 8Client Evaluation and Planning the Audit Lecture slide chapter 8
Client Evaluation and Planning the Audit Lecture slide chapter 8Sazzad Hossain, ITP, MBA, CSCA™
 
Internal control & compliance of bank
Internal control & compliance of bankInternal control & compliance of bank
Internal control & compliance of bankMohammad Robiul
 
STANDARDS ON AUDITING
STANDARDS ON AUDITINGSTANDARDS ON AUDITING
STANDARDS ON AUDITINGANMOL GULATI
 
White paper on ICFR/IFC with implementation approach
White paper on ICFR/IFC with implementation approachWhite paper on ICFR/IFC with implementation approach
White paper on ICFR/IFC with implementation approachChandan Goyal
 
Forensic accounting ppt (2)
Forensic accounting ppt (2)Forensic accounting ppt (2)
Forensic accounting ppt (2)Shriya Gupta
 

What's hot (20)

AUDIT REPORT [ AUDITING ]
AUDIT REPORT [ AUDITING ]AUDIT REPORT [ AUDITING ]
AUDIT REPORT [ AUDITING ]
 
Chapter 12 - Designing Substantive Procedures
Chapter 12 - Designing Substantive ProceduresChapter 12 - Designing Substantive Procedures
Chapter 12 - Designing Substantive Procedures
 
Internal Control Questionnaires (ICQs)
Internal Control Questionnaires (ICQs)Internal Control Questionnaires (ICQs)
Internal Control Questionnaires (ICQs)
 
Unit 1 Introduction to Auditing
Unit 1 Introduction to AuditingUnit 1 Introduction to Auditing
Unit 1 Introduction to Auditing
 
forensic accounting india
forensic accounting indiaforensic accounting india
forensic accounting india
 
Auditing In Computer Environment Presentation
Auditing In Computer Environment PresentationAuditing In Computer Environment Presentation
Auditing In Computer Environment Presentation
 
Chapter 3 -Audit evidence
Chapter   3 -Audit evidenceChapter   3 -Audit evidence
Chapter 3 -Audit evidence
 
Chapter 1 -introduction to auditing
Chapter   1 -introduction to auditingChapter   1 -introduction to auditing
Chapter 1 -introduction to auditing
 
Audit Evidence Presentation
Audit Evidence PresentationAudit Evidence Presentation
Audit Evidence Presentation
 
International Standards on Auditing - Summarized
International Standards on Auditing - SummarizedInternational Standards on Auditing - Summarized
International Standards on Auditing - Summarized
 
audit sampling notes
audit sampling notesaudit sampling notes
audit sampling notes
 
Ch 13. substantive procedures
Ch 13. substantive proceduresCh 13. substantive procedures
Ch 13. substantive procedures
 
Client Evaluation and Planning the Audit Lecture slide chapter 8
Client Evaluation and Planning the Audit Lecture slide chapter 8Client Evaluation and Planning the Audit Lecture slide chapter 8
Client Evaluation and Planning the Audit Lecture slide chapter 8
 
Internal control & compliance of bank
Internal control & compliance of bankInternal control & compliance of bank
Internal control & compliance of bank
 
STANDARDS ON AUDITING
STANDARDS ON AUDITINGSTANDARDS ON AUDITING
STANDARDS ON AUDITING
 
Audit, investigation & forensic accounting: Exploring the nexus
Audit, investigation & forensic accounting: Exploring the nexusAudit, investigation & forensic accounting: Exploring the nexus
Audit, investigation & forensic accounting: Exploring the nexus
 
IMPLEMENTATION OF FORENSIC ACCOUNTING ON FRAUD DETECTION: CASE STUDY OF LAGOS...
IMPLEMENTATION OF FORENSIC ACCOUNTING ON FRAUD DETECTION: CASE STUDY OF LAGOS...IMPLEMENTATION OF FORENSIC ACCOUNTING ON FRAUD DETECTION: CASE STUDY OF LAGOS...
IMPLEMENTATION OF FORENSIC ACCOUNTING ON FRAUD DETECTION: CASE STUDY OF LAGOS...
 
White paper on ICFR/IFC with implementation approach
White paper on ICFR/IFC with implementation approachWhite paper on ICFR/IFC with implementation approach
White paper on ICFR/IFC with implementation approach
 
Forensic accounting ppt (2)
Forensic accounting ppt (2)Forensic accounting ppt (2)
Forensic accounting ppt (2)
 
Audit report
Audit reportAudit report
Audit report
 

Viewers also liked

Hanrick Curran Audit Training - Sampling for Audit Evidence - June 2013
Hanrick Curran Audit Training - Sampling for Audit Evidence - June 2013Hanrick Curran Audit Training - Sampling for Audit Evidence - June 2013
Hanrick Curran Audit Training - Sampling for Audit Evidence - June 2013Matthew Green
 
Perform audit testing in excel: Monetary Unit Sampling Method
Perform audit testing in excel: Monetary Unit Sampling MethodPerform audit testing in excel: Monetary Unit Sampling Method
Perform audit testing in excel: Monetary Unit Sampling MethodTao Li CPA,CA
 
Presentation 2 - Planning and Internal Control Evaluation
Presentation 2 - Planning and Internal Control EvaluationPresentation 2 - Planning and Internal Control Evaluation
Presentation 2 - Planning and Internal Control EvaluationMarzanur Rahman
 
S.E.M.P.E.R. : System, Energy, Materiality, Program, Education, Research
S.E.M.P.E.R. :  System, Energy, Materiality, Program, Education, ResearchS.E.M.P.E.R. :  System, Energy, Materiality, Program, Education, Research
S.E.M.P.E.R. : System, Energy, Materiality, Program, Education, Researchvictoria meyers
 
A014 2010-iaasb-handbook-isa-260
A014 2010-iaasb-handbook-isa-260A014 2010-iaasb-handbook-isa-260
A014 2010-iaasb-handbook-isa-260RS NAVARRO
 
Entity Level Controls And
Entity Level Controls AndEntity Level Controls And
Entity Level Controls Andmkosinsk
 
Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Yasir Khan
 
Data Analysis for Audit Training (2016.06)
Data Analysis for Audit Training (2016.06)Data Analysis for Audit Training (2016.06)
Data Analysis for Audit Training (2016.06)Matthew Green
 
Excel Pivot Tables and Graphing for Auditors
Excel Pivot Tables and Graphing for AuditorsExcel Pivot Tables and Graphing for Auditors
Excel Pivot Tables and Graphing for AuditorsJim Kaplan CIA CFE
 
Advance Auditing & Professional Ethics by Sumit Aggarwal
Advance Auditing & Professional Ethics by Sumit AggarwalAdvance Auditing & Professional Ethics by Sumit Aggarwal
Advance Auditing & Professional Ethics by Sumit AggarwalSUMIT AGGARWAL FCA
 
Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Sagar Rahurkar
 
Finance Department COSO Implementation Memo
Finance Department COSO Implementation MemoFinance Department COSO Implementation Memo
Finance Department COSO Implementation MemoTownofAddison
 
Security and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasySecurity and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasyHelpSystems
 

Viewers also liked (20)

ISA 315
ISA 315ISA 315
ISA 315
 
Hanrick Curran Audit Training - Sampling for Audit Evidence - June 2013
Hanrick Curran Audit Training - Sampling for Audit Evidence - June 2013Hanrick Curran Audit Training - Sampling for Audit Evidence - June 2013
Hanrick Curran Audit Training - Sampling for Audit Evidence - June 2013
 
Materiality
MaterialityMateriality
Materiality
 
Perform audit testing in excel: Monetary Unit Sampling Method
Perform audit testing in excel: Monetary Unit Sampling MethodPerform audit testing in excel: Monetary Unit Sampling Method
Perform audit testing in excel: Monetary Unit Sampling Method
 
Presentation 2 - Planning and Internal Control Evaluation
Presentation 2 - Planning and Internal Control EvaluationPresentation 2 - Planning and Internal Control Evaluation
Presentation 2 - Planning and Internal Control Evaluation
 
S.E.M.P.E.R. : System, Energy, Materiality, Program, Education, Research
S.E.M.P.E.R. :  System, Energy, Materiality, Program, Education, ResearchS.E.M.P.E.R. :  System, Energy, Materiality, Program, Education, Research
S.E.M.P.E.R. : System, Energy, Materiality, Program, Education, Research
 
A014 2010-iaasb-handbook-isa-260
A014 2010-iaasb-handbook-isa-260A014 2010-iaasb-handbook-isa-260
A014 2010-iaasb-handbook-isa-260
 
Audit rizkie hafizzah
Audit rizkie hafizzahAudit rizkie hafizzah
Audit rizkie hafizzah
 
Entity Level Controls And
Entity Level Controls AndEntity Level Controls And
Entity Level Controls And
 
Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2
 
Audits of SMEs - Sometimes Less is More
Audits of SMEs - Sometimes Less is MoreAudits of SMEs - Sometimes Less is More
Audits of SMEs - Sometimes Less is More
 
ISA DOSSIER 1
ISA  DOSSIER 1ISA  DOSSIER 1
ISA DOSSIER 1
 
Data Analysis for Audit Training (2016.06)
Data Analysis for Audit Training (2016.06)Data Analysis for Audit Training (2016.06)
Data Analysis for Audit Training (2016.06)
 
Excel Pivot Tables and Graphing for Auditors
Excel Pivot Tables and Graphing for AuditorsExcel Pivot Tables and Graphing for Auditors
Excel Pivot Tables and Graphing for Auditors
 
Advance Auditing & Professional Ethics by Sumit Aggarwal
Advance Auditing & Professional Ethics by Sumit AggarwalAdvance Auditing & Professional Ethics by Sumit Aggarwal
Advance Auditing & Professional Ethics by Sumit Aggarwal
 
IFAC Guide to Compilation Engagements
IFAC Guide to Compilation EngagementsIFAC Guide to Compilation Engagements
IFAC Guide to Compilation Engagements
 
Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000
 
ISA Guide Orientation Slides
ISA Guide Orientation SlidesISA Guide Orientation Slides
ISA Guide Orientation Slides
 
Finance Department COSO Implementation Memo
Finance Department COSO Implementation MemoFinance Department COSO Implementation Memo
Finance Department COSO Implementation Memo
 
Security and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made EasySecurity and Audit Report Sign-Off—Made Easy
Security and Audit Report Sign-Off—Made Easy
 

Similar to International Auditing Standards (ISA)

Audit And Assurance Class Notes
Audit And Assurance Class NotesAudit And Assurance Class Notes
Audit And Assurance Class NotesSandra Valenzuela
 
Insurance Risk and Operations 2015
Insurance Risk and Operations 2015Insurance Risk and Operations 2015
Insurance Risk and Operations 2015Anthony Siggers
 
Chapter Assurance ( London college of business and economics).docx
Chapter Assurance ( London college of business and economics).docxChapter Assurance ( London college of business and economics).docx
Chapter Assurance ( London college of business and economics).docxshamima46
 
1 2Cheat Sheet on Evidence and DocumentationACC491J.docx
1     2Cheat Sheet on Evidence and DocumentationACC491J.docx1     2Cheat Sheet on Evidence and DocumentationACC491J.docx
1 2Cheat Sheet on Evidence and DocumentationACC491J.docxhoney725342
 
The Auditor’s Responsibility To Consider Fraud And Error...
The Auditor’s Responsibility To Consider Fraud And Error...The Auditor’s Responsibility To Consider Fraud And Error...
The Auditor’s Responsibility To Consider Fraud And Error...Tina Jordan
 
Case Study Of Rajendra K Goel &Amp; Company
Case Study Of Rajendra K Goel &Amp; CompanyCase Study Of Rajendra K Goel &Amp; Company
Case Study Of Rajendra K Goel &Amp; CompanyNicole Fields
 
Size, complexity and nature of the organisation – a key to effective audit
Size, complexity and nature of the organisation – a key to effective auditSize, complexity and nature of the organisation – a key to effective audit
Size, complexity and nature of the organisation – a key to effective auditPECB
 
AUDIT AND ASSURANCE (INTERNATIONAL UK) ACCA COURSE NOTES DECEMBER 2014 EXAM...
AUDIT AND ASSURANCE (INTERNATIONAL   UK) ACCA COURSE NOTES DECEMBER 2014 EXAM...AUDIT AND ASSURANCE (INTERNATIONAL   UK) ACCA COURSE NOTES DECEMBER 2014 EXAM...
AUDIT AND ASSURANCE (INTERNATIONAL UK) ACCA COURSE NOTES DECEMBER 2014 EXAM...Joshua Gorinson
 
Risk-Assessment-and-Internal-Control.pdf
Risk-Assessment-and-Internal-Control.pdfRisk-Assessment-and-Internal-Control.pdf
Risk-Assessment-and-Internal-Control.pdfBestInsurance2
 
The 'Never before examined initiative': Navigating the SEC Examination Process
The 'Never before examined initiative': Navigating the SEC Examination Process The 'Never before examined initiative': Navigating the SEC Examination Process
The 'Never before examined initiative': Navigating the SEC Examination Process Cordium
 
Acc 490 entire course
Acc 490 entire courseAcc 490 entire course
Acc 490 entire courseacatnicy1981
 
Ch7 Quiz Questions And Solutions
Ch7 Quiz Questions And SolutionsCh7 Quiz Questions And Solutions
Ch7 Quiz Questions And SolutionsSamantha Caldwell
 

Similar to International Auditing Standards (ISA) (20)

Audit Committee
Audit CommitteeAudit Committee
Audit Committee
 
Audit Fee
Audit FeeAudit Fee
Audit Fee
 
North Face
North FaceNorth Face
North Face
 
Audit And Assurance Class Notes
Audit And Assurance Class NotesAudit And Assurance Class Notes
Audit And Assurance Class Notes
 
Insurance Risk and Operations 2015
Insurance Risk and Operations 2015Insurance Risk and Operations 2015
Insurance Risk and Operations 2015
 
Chapter Assurance ( London college of business and economics).docx
Chapter Assurance ( London college of business and economics).docxChapter Assurance ( London college of business and economics).docx
Chapter Assurance ( London college of business and economics).docx
 
1 2Cheat Sheet on Evidence and DocumentationACC491J.docx
1     2Cheat Sheet on Evidence and DocumentationACC491J.docx1     2Cheat Sheet on Evidence and DocumentationACC491J.docx
1 2Cheat Sheet on Evidence and DocumentationACC491J.docx
 
The Auditor’s Responsibility To Consider Fraud And Error...
The Auditor’s Responsibility To Consider Fraud And Error...The Auditor’s Responsibility To Consider Fraud And Error...
The Auditor’s Responsibility To Consider Fraud And Error...
 
Case Study Of Rajendra K Goel &Amp; Company
Case Study Of Rajendra K Goel &Amp; CompanyCase Study Of Rajendra K Goel &Amp; Company
Case Study Of Rajendra K Goel &Amp; Company
 
Size, complexity and nature of the organisation – a key to effective audit
Size, complexity and nature of the organisation – a key to effective auditSize, complexity and nature of the organisation – a key to effective audit
Size, complexity and nature of the organisation – a key to effective audit
 
AUDIT AND ASSURANCE (INTERNATIONAL UK) ACCA COURSE NOTES DECEMBER 2014 EXAM...
AUDIT AND ASSURANCE (INTERNATIONAL   UK) ACCA COURSE NOTES DECEMBER 2014 EXAM...AUDIT AND ASSURANCE (INTERNATIONAL   UK) ACCA COURSE NOTES DECEMBER 2014 EXAM...
AUDIT AND ASSURANCE (INTERNATIONAL UK) ACCA COURSE NOTES DECEMBER 2014 EXAM...
 
Risk-Assessment-and-Internal-Control.pdf
Risk-Assessment-and-Internal-Control.pdfRisk-Assessment-and-Internal-Control.pdf
Risk-Assessment-and-Internal-Control.pdf
 
Good practices of SAIs to control and audit fraud, Kjell Larsson, Algiers 8-9...
Good practices of SAIs to control and audit fraud, Kjell Larsson, Algiers 8-9...Good practices of SAIs to control and audit fraud, Kjell Larsson, Algiers 8-9...
Good practices of SAIs to control and audit fraud, Kjell Larsson, Algiers 8-9...
 
The 'Never before examined initiative': Navigating the SEC Examination Process
The 'Never before examined initiative': Navigating the SEC Examination Process The 'Never before examined initiative': Navigating the SEC Examination Process
The 'Never before examined initiative': Navigating the SEC Examination Process
 
Safety audit
Safety audit Safety audit
Safety audit
 
Advanced auditing lecture lecture 1.pptx
Advanced auditing lecture lecture 1.pptxAdvanced auditing lecture lecture 1.pptx
Advanced auditing lecture lecture 1.pptx
 
Audit process
Audit processAudit process
Audit process
 
Acc 490 entire course
Acc 490 entire courseAcc 490 entire course
Acc 490 entire course
 
Nextcard Case Essay
Nextcard Case EssayNextcard Case Essay
Nextcard Case Essay
 
Ch7 Quiz Questions And Solutions
Ch7 Quiz Questions And SolutionsCh7 Quiz Questions And Solutions
Ch7 Quiz Questions And Solutions
 

More from Manon Cuylits

L'influence du prix du cannabis sur sa consommation
L'influence du prix du cannabis sur sa consommationL'influence du prix du cannabis sur sa consommation
L'influence du prix du cannabis sur sa consommationManon Cuylits
 
Mémoire: l'approche par les risques - parallèle avec le risque fiscal
Mémoire: l'approche par les risques - parallèle avec le risque fiscalMémoire: l'approche par les risques - parallèle avec le risque fiscal
Mémoire: l'approche par les risques - parallèle avec le risque fiscalManon Cuylits
 
Gestion financière
Gestion financièreGestion financière
Gestion financièreManon Cuylits
 
Analyse des organisations
Analyse des organisationsAnalyse des organisations
Analyse des organisationsManon Cuylits
 
Les compagnies d’assurance et les fonds de pension
Les compagnies d’assurance et les fonds de pensionLes compagnies d’assurance et les fonds de pension
Les compagnies d’assurance et les fonds de pensionManon Cuylits
 
La régulation des institutions financières en matière de risque
La régulation des institutions financières en matière de risqueLa régulation des institutions financières en matière de risque
La régulation des institutions financières en matière de risqueManon Cuylits
 
Management accounting control
Management accounting control Management accounting control
Management accounting control Manon Cuylits
 
Gestion des Ressources Humaines
Gestion des Ressources HumainesGestion des Ressources Humaines
Gestion des Ressources HumainesManon Cuylits
 
Fiscalité d'entreprise partie 2
Fiscalité d'entreprise partie 2Fiscalité d'entreprise partie 2
Fiscalité d'entreprise partie 2Manon Cuylits
 
Fiscalité d'entreprise partie 1
Fiscalité d'entreprise partie 1Fiscalité d'entreprise partie 1
Fiscalité d'entreprise partie 1Manon Cuylits
 
Finances d'entreprise
Finances d'entrepriseFinances d'entreprise
Finances d'entrepriseManon Cuylits
 
Concepts d'économie et & marchés financiers
Concepts d'économie et & marchés financiersConcepts d'économie et & marchés financiers
Concepts d'économie et & marchés financiersManon Cuylits
 
Fed contre BCE: le match des politiques monétaires face à la crise
Fed contre BCE: le match des politiques monétaires face à la criseFed contre BCE: le match des politiques monétaires face à la crise
Fed contre BCE: le match des politiques monétaires face à la criseManon Cuylits
 
Role des autorités monétaires
Role des autorités monétairesRole des autorités monétaires
Role des autorités monétairesManon Cuylits
 
Les indicateurs de croissance économique
Les indicateurs de croissance économiqueLes indicateurs de croissance économique
Les indicateurs de croissance économiqueManon Cuylits
 
Economie et marchés financiers - Les indicateurs de prix
Economie et marchés financiers - Les indicateurs de prixEconomie et marchés financiers - Les indicateurs de prix
Economie et marchés financiers - Les indicateurs de prixManon Cuylits
 
E-business - développement
E-business - développementE-business - développement
E-business - développementManon Cuylits
 
Topic 5 mitigation options
Topic 5   mitigation optionsTopic 5   mitigation options
Topic 5 mitigation optionsManon Cuylits
 

More from Manon Cuylits (20)

L'influence du prix du cannabis sur sa consommation
L'influence du prix du cannabis sur sa consommationL'influence du prix du cannabis sur sa consommation
L'influence du prix du cannabis sur sa consommation
 
Mémoire: l'approche par les risques - parallèle avec le risque fiscal
Mémoire: l'approche par les risques - parallèle avec le risque fiscalMémoire: l'approche par les risques - parallèle avec le risque fiscal
Mémoire: l'approche par les risques - parallèle avec le risque fiscal
 
Gestion financière
Gestion financièreGestion financière
Gestion financière
 
Analyse des organisations
Analyse des organisationsAnalyse des organisations
Analyse des organisations
 
Les banques
Les banquesLes banques
Les banques
 
Les compagnies d’assurance et les fonds de pension
Les compagnies d’assurance et les fonds de pensionLes compagnies d’assurance et les fonds de pension
Les compagnies d’assurance et les fonds de pension
 
La régulation des institutions financières en matière de risque
La régulation des institutions financières en matière de risqueLa régulation des institutions financières en matière de risque
La régulation des institutions financières en matière de risque
 
Management accounting control
Management accounting control Management accounting control
Management accounting control
 
Gestion des Ressources Humaines
Gestion des Ressources HumainesGestion des Ressources Humaines
Gestion des Ressources Humaines
 
Fiscalité d'entreprise partie 2
Fiscalité d'entreprise partie 2Fiscalité d'entreprise partie 2
Fiscalité d'entreprise partie 2
 
Fiscalité d'entreprise partie 1
Fiscalité d'entreprise partie 1Fiscalité d'entreprise partie 1
Fiscalité d'entreprise partie 1
 
Finances d'entreprise
Finances d'entrepriseFinances d'entreprise
Finances d'entreprise
 
Ethique & RSE
Ethique & RSE Ethique & RSE
Ethique & RSE
 
Concepts d'économie et & marchés financiers
Concepts d'économie et & marchés financiersConcepts d'économie et & marchés financiers
Concepts d'économie et & marchés financiers
 
Fed contre BCE: le match des politiques monétaires face à la crise
Fed contre BCE: le match des politiques monétaires face à la criseFed contre BCE: le match des politiques monétaires face à la crise
Fed contre BCE: le match des politiques monétaires face à la crise
 
Role des autorités monétaires
Role des autorités monétairesRole des autorités monétaires
Role des autorités monétaires
 
Les indicateurs de croissance économique
Les indicateurs de croissance économiqueLes indicateurs de croissance économique
Les indicateurs de croissance économique
 
Economie et marchés financiers - Les indicateurs de prix
Economie et marchés financiers - Les indicateurs de prixEconomie et marchés financiers - Les indicateurs de prix
Economie et marchés financiers - Les indicateurs de prix
 
E-business - développement
E-business - développementE-business - développement
E-business - développement
 
Topic 5 mitigation options
Topic 5   mitigation optionsTopic 5   mitigation options
Topic 5 mitigation options
 

Recently uploaded

Black magic specialist in pakistan usa dubai oman karachi multan canada londo...
Black magic specialist in pakistan usa dubai oman karachi multan canada londo...Black magic specialist in pakistan usa dubai oman karachi multan canada londo...
Black magic specialist in pakistan usa dubai oman karachi multan canada londo...batoole333
 
amil baba kala jadu expert uk amil baba kala jadu removal uk amil baba in mal...
amil baba kala jadu expert uk amil baba kala jadu removal uk amil baba in mal...amil baba kala jadu expert uk amil baba kala jadu removal uk amil baba in mal...
amil baba kala jadu expert uk amil baba kala jadu removal uk amil baba in mal...israjan914
 
1. Elemental Economics - Introduction to mining
1. Elemental Economics - Introduction to mining1. Elemental Economics - Introduction to mining
1. Elemental Economics - Introduction to miningNeal Brewster
 
Slideshare - ONS Economic Forum Slidepack - 13 May 2024.pptx
Slideshare - ONS Economic Forum Slidepack - 13 May 2024.pptxSlideshare - ONS Economic Forum Slidepack - 13 May 2024.pptx
Slideshare - ONS Economic Forum Slidepack - 13 May 2024.pptxOffice for National Statistics
 
asli amil baba bengali black magic kala jadu expert in uk usa canada france c...
asli amil baba bengali black magic kala jadu expert in uk usa canada france c...asli amil baba bengali black magic kala jadu expert in uk usa canada france c...
asli amil baba bengali black magic kala jadu expert in uk usa canada france c...israjan914
 
Benefits & Risk Of Stock Loans
Benefits & Risk Of Stock LoansBenefits & Risk Of Stock Loans
Benefits & Risk Of Stock LoansMartinRowse
 
Lion One Corporate Presentation May 2024
Lion One Corporate Presentation May 2024Lion One Corporate Presentation May 2024
Lion One Corporate Presentation May 2024Adnet Communications
 
Amil baba powerful kala jadu in islamabad rawalpindi - Amil baba in lahore Am...
Amil baba powerful kala jadu in islamabad rawalpindi - Amil baba in lahore Am...Amil baba powerful kala jadu in islamabad rawalpindi - Amil baba in lahore Am...
Amil baba powerful kala jadu in islamabad rawalpindi - Amil baba in lahore Am...batoole333
 
No 1 Top Love marriage specialist baba ji amil baba kala ilam powerful vashik...
No 1 Top Love marriage specialist baba ji amil baba kala ilam powerful vashik...No 1 Top Love marriage specialist baba ji amil baba kala ilam powerful vashik...
No 1 Top Love marriage specialist baba ji amil baba kala ilam powerful vashik...batoole333
 
一比一原版(Concordia毕业证书)康卡迪亚大学毕业证成绩单学位证书
一比一原版(Concordia毕业证书)康卡迪亚大学毕业证成绩单学位证书一比一原版(Concordia毕业证书)康卡迪亚大学毕业证成绩单学位证书
一比一原版(Concordia毕业证书)康卡迪亚大学毕业证成绩单学位证书atedyxc
 
Retail sector trends for 2024 | European Business Review
Retail sector trends for 2024  | European Business ReviewRetail sector trends for 2024  | European Business Review
Retail sector trends for 2024 | European Business ReviewAntonis Zairis
 
black magic removal amil baba in pakistan karachi islamabad america canada uk...
black magic removal amil baba in pakistan karachi islamabad america canada uk...black magic removal amil baba in pakistan karachi islamabad america canada uk...
black magic removal amil baba in pakistan karachi islamabad america canada uk...batoole333
 
Pitch-deck CopyFinancial and MemberForex.ppsx
Pitch-deck CopyFinancial and MemberForex.ppsxPitch-deck CopyFinancial and MemberForex.ppsx
Pitch-deck CopyFinancial and MemberForex.ppsxFuadS2
 
FEW OF THE DEVELOPMENTS FOUND IN LESOTHO
FEW OF THE DEVELOPMENTS FOUND IN LESOTHOFEW OF THE DEVELOPMENTS FOUND IN LESOTHO
FEW OF THE DEVELOPMENTS FOUND IN LESOTHOMantsepisengTubatsi
 
GIFT City Overview India's Gateway to Global Finance
GIFT City Overview  India's Gateway to Global FinanceGIFT City Overview  India's Gateway to Global Finance
GIFT City Overview India's Gateway to Global FinanceGaurav Kanudawala
 
TriStar Gold- 05-13-2024 corporate presentation
TriStar Gold- 05-13-2024 corporate presentationTriStar Gold- 05-13-2024 corporate presentation
TriStar Gold- 05-13-2024 corporate presentationAdnet Communications
 
一比一原版(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单学位证书
一比一原版(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单学位证书一比一原版(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单学位证书
一比一原版(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单学位证书atedyxc
 
Production and Cost of the firm with curves
Production and Cost of the firm with curvesProduction and Cost of the firm with curves
Production and Cost of the firm with curvesArifa Saeed
 
najoomi asli amil baba kala jadu expert rawalpindi bangladesh uk usa
najoomi asli amil baba kala jadu expert rawalpindi bangladesh uk usanajoomi asli amil baba kala jadu expert rawalpindi bangladesh uk usa
najoomi asli amil baba kala jadu expert rawalpindi bangladesh uk usabatoole333
 

Recently uploaded (20)

Black magic specialist in pakistan usa dubai oman karachi multan canada londo...
Black magic specialist in pakistan usa dubai oman karachi multan canada londo...Black magic specialist in pakistan usa dubai oman karachi multan canada londo...
Black magic specialist in pakistan usa dubai oman karachi multan canada londo...
 
amil baba kala jadu expert uk amil baba kala jadu removal uk amil baba in mal...
amil baba kala jadu expert uk amil baba kala jadu removal uk amil baba in mal...amil baba kala jadu expert uk amil baba kala jadu removal uk amil baba in mal...
amil baba kala jadu expert uk amil baba kala jadu removal uk amil baba in mal...
 
1. Elemental Economics - Introduction to mining
1. Elemental Economics - Introduction to mining1. Elemental Economics - Introduction to mining
1. Elemental Economics - Introduction to mining
 
Slideshare - ONS Economic Forum Slidepack - 13 May 2024.pptx
Slideshare - ONS Economic Forum Slidepack - 13 May 2024.pptxSlideshare - ONS Economic Forum Slidepack - 13 May 2024.pptx
Slideshare - ONS Economic Forum Slidepack - 13 May 2024.pptx
 
asli amil baba bengali black magic kala jadu expert in uk usa canada france c...
asli amil baba bengali black magic kala jadu expert in uk usa canada france c...asli amil baba bengali black magic kala jadu expert in uk usa canada france c...
asli amil baba bengali black magic kala jadu expert in uk usa canada france c...
 
Benefits & Risk Of Stock Loans
Benefits & Risk Of Stock LoansBenefits & Risk Of Stock Loans
Benefits & Risk Of Stock Loans
 
Lion One Corporate Presentation May 2024
Lion One Corporate Presentation May 2024Lion One Corporate Presentation May 2024
Lion One Corporate Presentation May 2024
 
STRATEGIC MANAGEMENT VIETTEL TELECOM GROUP
STRATEGIC MANAGEMENT VIETTEL TELECOM GROUPSTRATEGIC MANAGEMENT VIETTEL TELECOM GROUP
STRATEGIC MANAGEMENT VIETTEL TELECOM GROUP
 
Amil baba powerful kala jadu in islamabad rawalpindi - Amil baba in lahore Am...
Amil baba powerful kala jadu in islamabad rawalpindi - Amil baba in lahore Am...Amil baba powerful kala jadu in islamabad rawalpindi - Amil baba in lahore Am...
Amil baba powerful kala jadu in islamabad rawalpindi - Amil baba in lahore Am...
 
No 1 Top Love marriage specialist baba ji amil baba kala ilam powerful vashik...
No 1 Top Love marriage specialist baba ji amil baba kala ilam powerful vashik...No 1 Top Love marriage specialist baba ji amil baba kala ilam powerful vashik...
No 1 Top Love marriage specialist baba ji amil baba kala ilam powerful vashik...
 
一比一原版(Concordia毕业证书)康卡迪亚大学毕业证成绩单学位证书
一比一原版(Concordia毕业证书)康卡迪亚大学毕业证成绩单学位证书一比一原版(Concordia毕业证书)康卡迪亚大学毕业证成绩单学位证书
一比一原版(Concordia毕业证书)康卡迪亚大学毕业证成绩单学位证书
 
Retail sector trends for 2024 | European Business Review
Retail sector trends for 2024  | European Business ReviewRetail sector trends for 2024  | European Business Review
Retail sector trends for 2024 | European Business Review
 
black magic removal amil baba in pakistan karachi islamabad america canada uk...
black magic removal amil baba in pakistan karachi islamabad america canada uk...black magic removal amil baba in pakistan karachi islamabad america canada uk...
black magic removal amil baba in pakistan karachi islamabad america canada uk...
 
Pitch-deck CopyFinancial and MemberForex.ppsx
Pitch-deck CopyFinancial and MemberForex.ppsxPitch-deck CopyFinancial and MemberForex.ppsx
Pitch-deck CopyFinancial and MemberForex.ppsx
 
FEW OF THE DEVELOPMENTS FOUND IN LESOTHO
FEW OF THE DEVELOPMENTS FOUND IN LESOTHOFEW OF THE DEVELOPMENTS FOUND IN LESOTHO
FEW OF THE DEVELOPMENTS FOUND IN LESOTHO
 
GIFT City Overview India's Gateway to Global Finance
GIFT City Overview  India's Gateway to Global FinanceGIFT City Overview  India's Gateway to Global Finance
GIFT City Overview India's Gateway to Global Finance
 
TriStar Gold- 05-13-2024 corporate presentation
TriStar Gold- 05-13-2024 corporate presentationTriStar Gold- 05-13-2024 corporate presentation
TriStar Gold- 05-13-2024 corporate presentation
 
一比一原版(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单学位证书
一比一原版(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单学位证书一比一原版(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单学位证书
一比一原版(WashU毕业证书)圣路易斯华盛顿大学毕业证成绩单学位证书
 
Production and Cost of the firm with curves
Production and Cost of the firm with curvesProduction and Cost of the firm with curves
Production and Cost of the firm with curves
 
najoomi asli amil baba kala jadu expert rawalpindi bangladesh uk usa
najoomi asli amil baba kala jadu expert rawalpindi bangladesh uk usanajoomi asli amil baba kala jadu expert rawalpindi bangladesh uk usa
najoomi asli amil baba kala jadu expert rawalpindi bangladesh uk usa
 

International Auditing Standards (ISA)

  • 1. INTERNATIONAL AUDITING STANDARDS ð MINEURE ECR II 2013-­‐2014 – ERIC VAN HOOF MANON CUYLITS
  • 2. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 2 OBJECTIVE OF THIS COURSE Ø Being able to understand the ISA framework and explain the broad content of the ISA standards (concept based understanding). è ISA = International Standards on Auditing Ø Understanding the role of the auditor Ø Being able to judge the content and extent of an audit opinion for real life cases o Critical reading of non-­‐appropriate opinions: we will receive reports and will have to say why it isn’t appropriate. o Critical judgment of what can and cannot be certified: there’s a need for a reference point in order to be able to certify o Critical understanding of the work hiding being an opinion (understanding of the audit methodology). NEED FOR A REFERENCE POINT TO CERTIFY Example of a lobbying company representing the timeshare industry (2 persons can buy a house together, ½ each). They represent the interest of this industry and want the auditor to certify that the claims they receive are not important. This is something the auditor can’t certify because there’s no reference point. You can’t certify something if there’s no reference point. They need to create a reference framework. DIFFERENCE BETWEEN THE TIME BEFORE WE HAD THE ISA AND NOW WE HAVE IT BEFORE TODAY What do we start with ? We started with the first thing : tangible assets, etc. looking at the figures. We start with the risk assessment, not with the figures; it’s a completely different way to look at things. Accumulation of a number of things è inherent risk, multiplied by the control risk (internal controls set up by the company could not …) multiplied by the non detection risk. AR = IR x ICR x NDR • Audit Risk (AR) • Inherent Risk (IR): it can’t be changed by the auditor, it’s inherent to transactions • Internal Control Risk (ICR): it can’t be changed by the auditor • Non-­‐Detection Risk (NDR): The only thing that can be changed is the non-­‐detection risk. The auditor usually says he accepts an audit risk of 5%. The IR and ICR can’t be changed; therefore, the auditor will determine the level of non-­‐detection risk “needed” in order to have 5%. He does more or less audit procedures in order to work on the non-­‐detection risk. The risk assessment is therefore really important.
  • 3. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 3 è Why do we multiply the risks? Because they are dependent from each other, they influence each other. If there’s a very high Inherent Risk because there are many transactions, the Internal Control Risk might be high also because the internal controller might says he doesn’t understand all those transactions. EVALUATION Ø Written exam: Very practical exam 1. Concept based MCQ questions 2. Concept based open ended questions 3. Real life case study è Financial Statement of a real company + management report that goes with it: we receive problems that we can see during an audit activity Ø Will aim at showing that you master the concepts and conceptual framework Ø Will also aim at showing that you can apply the concepts to a real life case study Ø Will focus for the case study on the impact of risk assessment audit procedures on the audit opinion DOCUMENTATION Ø Slides Ø Clarified ISA Standards, freely accessible on the following website www.ibr-­‐ire.be or on the IFAC website Ø Case studies Ø Additional non mandatory reading o Handbook of International Standards on Auditing, Assurance and Ethics Pronouncements, IFAC. Intern Federation of Accountants o List of key terms from ISA standards, refer to www.ibr-­‐ire.be
  • 4. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 4 OVERVIEW OF LECTURES 1. Introduction-­‐ Assurance, roles, framework 2. Types of reports (ISA, ISRE, ISAE, ISRS) 3. Types of opinion based on standards 4. Code of Ethics and Quality Control (ISQC1) also an international standard 5. Audit methodology and linked ISA standards. Practical side 6. Special topics, such as: a. Fraud b. Using work of others Example: Actuaries: They are experts who help to determine the pensions provisions: they do mathematical calculus to determine the pension of the employees in the future. It’s a very technical calculation. Auditors might need to use their work, to rely on them. There’s a standard explaining how to do when you have to rely on the work of experts. There are another standards for when you have to rely on the work of internal auditors, and what you should do before you agree to rely on their work. c. Audit of the IT environment IT audits: there are no companies that don’t have an IT platform anymore. Most of them are using ERP. It’s important to assess the risks around and inside the machines in order to do well. You test the IT general control: who can access it, etc. è access control. You also check the program control, etc. d. Going concern. This is very important because in this time of financial crisis, a lot of companies are going bankrupt and the owners, managers etc. are often the first blamed, but also the auditor. A standard gives the responsibilities of auditors. Fraud is a very important topic also, it’s important to talk about it and about responsibilities. e. Belgian context We will have a look at the Belgian context in parallel with the International Standards. In Belgium ISA is applicable but it’s not the case in many countries yet. 7. Case studies AUDIT METHODOLOGY Ø The following aspects will be dealt with o Planning of audit o Risk identification and analysis (risk formula) o Materiality. o Auditing techniques and evidence § Analytical review (a) § Test of controls (b) § Test of transactions (c) Testing specific transaction § Substantive audit procedures (d) o Conclusion and Audit reports
  • 5. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 5 Audit methodology: 1. 1st step: Planning of the audit 2. 2nd step: Risk identification and analysis based on the risk formula: identify the risk and then assess them 3. 3rd step: Materiality: calculation of the materiality: it’s linked to the concept that it’s impossible for an auditor to assess every transaction. They do sampling: based on the risk assessment, they are going to test certain transactions. The materiality helps deciding from what level do we select a transaction etc. è Audit opinion: the auditor determines a certain level of error (in euros) that he agrees to tolerate. E.g.: “I can tolerate in terms of my risk of going in prison, a risk of 5 million”. 4. 4th step: Audit Technique and evidence: This step finalizes the risk assessment: it gives a toolbox of different procedures an auditor can apply. a. Analytical review: this step is about comparing figures (non auditor figures) from now with the one already audited in the past. Ex: comparison of the rental income from this year with the one form last year, or the budget in the previous year and the budget now b. Test of controls: testing the internal controls that management has put in place c. Test of transactions: test of very specific transactions è on the basis of underlying evidences: contracts, invoices, etc. d. Substantive audit procedures: done on bigger samples of transactions Audit: you take the responsibility as an auditor. You are the one who determines what you need to do in order to give a non-­‐qualified opinion. You don’t say that the numbers are right, you just say: “I reconcile this number with this one and it matches”. In an audit procedure, the risk is determined by the auditor himself, while in the case of the “agreed upon procedure”, the risk is determined by the client himself. ISA STANDARDS – HISTORY Ø ISA standards started as benchmarks and need to be implemented country by country in national law IAS started as a benchmark. A number of years ago, the economy was getting more and more global è people wanted to be able to compare an audit report in the US, in Belgium, etc. That’s how International Standards on Audit came up. They have been set up by IFAAC as a standard. At that stage they were not mandatory; it was only a benchmark. They were not made mandatory because there was no stabilized framework for a number of years, but last 10 years it became very stable è many countries have made it mandatory. In Belgium it’s only mandatory since 2012 for listed companies (very recent), and it’s going to be made mandatory for non-­‐listed company from 2014.
  • 6. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 6 Ø In November 2003; reform for enhancing confidence on the profession è this reform was based on the program that came out of the Enron Fraud: especially in the US o Additional transparency in how standards are established è additional transparency was wished o Increased input from regulators and public o Monitoring from regulators o “Oversight” structure put in place § Public Interest oversight Board (Feb 2005, institutionals and regulators) § Monitoring Group (dialog and information vehicle for the PIOB) § IFAC Regulatory Liaison Group Ø Standards were clarified in 2009: there’s been a clarification process in 2009: We now have new standard, revised standards and rephrased standards, with a certain structure put in it. (cf. schema “ISA clarification impact) Ø ISA/ISRE standards are mandatory in Belgium from December 2012 (listed companies) and from 2014 (non-­‐listed companies) Ø ISAE/ISRS normally applicable as from reports emitted after 15 December 2014 Ø Specific standards applicable in Belgium on top of ISA/ISRE have been compiled separately by IRE ISA CLARIFICATION IMPACT (2009) • ISAs from 755 pages to 855 pages: the number of pages increases. • Mandatory procedures: some mandatory procedures are put. Before those procedures were called “deemed procedures”, which means those procedures were necessary. Deemed = +/-­‐ mandatory. o >520 mandatory procedures vs. 430 deemed procedures o Certain new obligations (in green) and changes in existing obligations (in yellow and pink) o Obligations more explicit and applicable to all audits + more detailed. o Certain new obligations for group audits è comptes consolidés par rapport aux comptes légaux statutaires. • Effective for audits of periods ending as from 14 December 2010 (IFAC – Internal Federation of Accountants) è International Obligations effective from 2010. That doesn’t mean anything for countries because they decide themselves when ISAs become applicable in the country. ISA isn’t the only existing standard. • In Belgium applicable from 2012 for the listed companies and from 2014 for the other companies
  • 7. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 7 ISA General principles Risk analisis and audit response Audit evidence Using the work of others Conclusions and reporting Specific matters 200 300 500 600 700 800 210 315 501 610 705 805 220 320 505 620 706 810 230 330 510 710 240 402 520 720 250 450 530 • NEW STANDARD • REVISED STANDARD • REPHRASED STANDARD 260 540 was 540/545 265 550 560 570 580
  • 8. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof INTRODUCTION-­‐ ASSURANCE, ROLES, 8 FRAMEWORK WHAT IS ASSURANCE? Everywhere we talk about assurance è giving assurance is the job of the auditor. The outcome is the audit report where the auditor gives assurance. Ø The assurance is “an engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria” (International audit and Assurance Standards Board HandBook) Ø In simple terms, giving assurance means: offering an opinion about specific information so that the users of that information are able to make confident decisions. o Specific information = reference framework WHO ARE THE PARTIES INVOLVED? The three parties involved: Ø The practitioner: it’s the auditor, the reviewer of the information Ø The intended users of the information, of financial statements = o Shareholders: you have to report to them o Banks, if you are indebted o Employees o Suppliers and clients potentially, especially regarding the going concern1 issue o Investors (// shareholders) o Tax authorities The responsible party: the preparer of the financial information: as an auditor you can’t prepare that. The principle is that the people preparing the financial statements are the accountant basically, under the responsibility of the CEO and the board of directors. The auditor can’t assess and audit something that he prepared himself è independence problem! There are specific information that need a reference framework for the auditor to be able to give an opinion. If an error doesn’t change the decision of the auditor, then it is not material. 1 Going concern = continuité d’exploitation
  • 9. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 9 Role of the parties involved: Ø Be competent: the profession is regulated therefore. Ø Be objective and independent: that’s set in the law. Ex: the auditor can’t have shares in its client because he would also be an intended user then. In Belgium, one to one rule is that you cannot do services that are not non-­‐audit services for an amount higher than the one of the audit services. Ex: the amount for services at the level of tax transfers etc. can’t be higher than the amount for audit services. Only country where this strict rule is applicable. Regarding the independence problematic, some people say that auditors should not even be paid by their clients. Ø Follow certain expected standards of performance: THE PRACTITIONER (AUDITOR) AND ROLE The role of the auditor has come under increased scrutiny over the last thirty years due to an increase in high profile, economically damaging fraud cases. The most high profile case, and the catalyst for regulatory change, was the collapse of Enron and its auditor Arthur Andersen. In order to try and regain trust in the auditing profession national and international standard setters and regulators have tried to introduce three initiatives: 1. Harmonization of auditing procedures, so that users of audit services are confident in the nature of audits being conducted around the world è harmonization of the auditing standards 2. A focus on audit quality, so that the expectations of users are met. In the US they have the SEC (= Stock Exchange Commission), which is the same as FSMA in Belgium but more powerful. In Belgium, the FSMA can’t come and look at the auditor’s files, it can only ask for a report. 3. Adherence to a strict ethical conduct, to try and improve the perception of auditors as independent, unbiased service providers. There’s a code of ethics that needs to be complied for the ISAs. !!!FRAMEWORK OF THE ISA!!!
  • 10. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 10 We can see that there are different layers. • 1st layer: IFAC code of ethics for professional practitioners. They first created a code of ethics that applies to anyone • 2nd layer: Services covered by the standards and recommendations. Those are the services that an auditor can perform: they are standardized. o Structure of the Standards of Assurance Engagements: assurance engagement and other engagements è the auditor can give assurance or not (= agreed upon procedures). è 2 possible engagements/things to do: § Audit and review of historical financial information: there’s a need for historical financial information (it’s not about the forecasts: no prospective information). Here the standards are: o ISA § IAPS: interpretation of ISAs o ISRE: IS for Review Engagement (= revue limitée) è you can have an audit or a limited review, the difference between those 2 is the assurance you give. The review engagement gives a limited assurance. The difference between an audit and a limited review is the fact that an audit gives a positive conclusion. Ex: “This financial statements are true and fair view of reality”; however, the limited review gives a negative opinion: it doesn’t mean that it’s bad, but the auditor is going to phrase it in a negative sense. § IREPS: interpretation of ISRE § Assurance engagements other than audit and reviews of historical financial information: o ISAE § IAEPS o Related services: § ISRS: agreed upon procedure è the auditor doesn’t give assurance: the client says what they are going to do. At the end of the report he gives conclusions but you don’t conclude on the global set of procedures. • ISRSPS: box for recommendations that come on top of the standards EXAM: QUESTION CHAQUE ANNEE: comparison between audit and limited review and about those subjects. Ø Limited review: the auditor stops at the analytical review. He goes to the client and says; look at the figures… The limited Review consists in taking the figures, and compare them to something before, to the budget, and understanding the figures, etc. è based on that the auditor makes an opinion. Ø Audit: in the audit the auditor doesn’t stop at comparison but he’s also going to check the evidences that are behind the figures (physical inventory take, look at the fixed assets, etc., underlying documents, contracts, etc.) the audit goes much further than the Limited Review.
  • 11. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof Ex: mid size company: it takes 2-­‐3 weeks for an audit but only 3 days for a limited review if the client is well known. The limited review is shorter but the auditor also gives limited assurance. 11 è It’s important to know this framework in order to know where you are in this chart. Limited Review or audit? The work behind it is really different. You can give assurance on other things than historical financial information. è Statistics of claims for example. If there’s a reference framework behind it we can give assurance on it. èTrue and fair view. Audit Limited Review The auditor gives a reasonable assurance The auditor does not give a reasonable assurance è limited assurance Positive conclusion Negative conclusion The auditor checks further than in the case of the limited review The limited review is not going as far as the audit is, it stops at the analytical review stage More physical testing: checking invoices, inventories, etc. No physical testing, you check the known figures of the company and compare it to other figures It lasts 2-­‐3 weeks It lasts 3 days +/-­‐
  • 12. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 12 THE REGULATORY GUIDANCE TO BE FOLLOWED The practitioners now have to follow four sets of regulatory guidance: 1. Auditing Standards a. Setting auditing standards b. International standards Issued by IAASB: the Framework 2. The Code of Ethics a. Part A b. Part B 3. National corporate law a. Example of national laws. Company Act, IRE b. National Regulatory bodies role 4. International Standards on Quality Control (ISQCs) 1. AUDITING STANDARDS IFAC (International Federation of Accountants) IAASB (International Auditing and Assurance Standard Board) ISA, ISREs, ISAEs ISQCSs The IFAC is setting the auditing standards. They are issuing international standards on auditing, other assurance, etc. The next step is that standards need to be made mandatory by the country itself A. SETTING AUDITING STANDARDS IFAC : Ø The International federation of Accountants (IFAc) is the global organization for the accountancy profession. It was formed in 1977 and is based in New York. IFAC has more than 163 member bodies of accountants, representing 2,5 million of accountants from 123 separate countries. Ø IFAC’s overall mission to serve the public interest, strengthen the worldwide accountancy profession, and contribute to the development of strong international economies by establishing and promoting adherence to high-­‐quality professional standards. Ø One of the subsidiary boards of IFAC is the International Audit and assurance Standard Board (IAASB). It is their responsibility to develop and promote
  • 13. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof International Standards of Auditing (ISA’s). There are currently 36 ISA’s and one International Standard of Quality Control. 13 Ø IRE: Belgian representative part of IFAC. B. ISA ISSUED BY IAASB: THE FRAMEWORK 1. International standards on Auditing (ISAs) are to be applied in the audit of historical financial information 2. International Standards on Review Engagements (ISREs) are to be applied in the review of historical financial information 3. International Standards on Assurance Engagement (ISAEs) are to be applied in assurance engagements other than audits or reviews of historical financial information 4. International Standards on Related services (ISRSs) are to be applied to compilation engagements, engagements to apply agreed upon procedures to information and other related services engagements as specified by the IAASB. 2. THE IFAC CODE OF ETHICS FOR PROFESSIONAL ACCOUNTANTS The code of Ethics, which establishes fundamentals ethical principles for professional accountants. Ø Part A of the code sets out the fundamental ethical principles that all professional accountants are required to observe, including: 1. Integrity of the auditor 2. Objectivity of the auditor 3. Professional competence and due care of the auditor 4. Confidentiality of the auditor 5. Professional behavior of the auditor Ø Part B of the code which applies only to professional accountants in public practice (“practitioners”), includes a conceptual approach to independence. è not applicable to an internal auditor (while part A is) 3. NATIONAL CORPORATE LAW a. Example of national laws/ guidance include a. The companies Act 2006 in the UK b. The Sarbanes Oxley Act in the US (enforcing standards of corporate internal controls) b. National Regulatory bodies role Ø Enforce the implementation of auditing standards Ø Have disciplinary powers to enforce quality of audit work Ø Have rights to inspect audit files to monitor audit quality
  • 14. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 14 Note: Most audits carried out in EU member states are now carried out in accordance with ISA’s. THE IAASB INTERNATIONAL FRAMEWORK: TWO TYPES OF ASSURANCE ENGAGEMENT 4000-­‐4699 INTERNATIONAL STANDARDS ON RELATED SERVICES (ISRSS) Objective of an Agreed-­‐Upon Procedures Engagement Ø The objective of an agreed-­‐upon procedures engagement is for the auditor to carry out procedures of an audit nature to which the auditor and the entity and any appropriate third parties have agreed and to report on factual findings Ø As the auditor simply provides a report of the factual findings of agreed-­‐upon procedures, no assurance is expressed. Instead, users of the report assess for themselves the procedures and findings reported by the auditor and draw their own conclusions from the auditor’s work. Ø The report is restricted to those parties that have agreed to the procedures to be performed since others, unaware of the reasons for the procedures, may misinterpret the results.
  • 15. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof TYPES OF REPORTS ( ISA, ISRE, ISAE, 15 ISRS) AUDIT PROCESS: DIFFERENT STEPS WHICH ARE THE DIFFERENT TASKS PERFORMED BY AN AUDITOR WHEN PERFORMING AN AUDIT OF EXTERNAL OPERATIONS? (From signature of the engagement letter until submission of final report) PREPARATION OF THE MISSION 1. Reception of the engagement letter2 (before you start the job) 2. Confirm the date of performance of the audit with the audited entity 3. Secure logistics and make practical arrangements 4. Starting date of the fieldwork (including opening meeting) Engagement letter = It’s a contract between the auditor and the client. It includes : • The fees: how much you are going to charge the client. In Belgium it needs to be a fixed fee for 3 years. • The number of hours you are going to spend on the audit: the estimation at the beginning is very important: if you estimate that you are going to spend 200 hours on the audit and you spend 500 instead, it is problematic. • How you are going to be doing your audit. • What are the responsibilities of the management, the board of director and the auditor • The applicable laws • The general terms and conditions • The time of the audit: when you are going to do it. • The output of the auditor’s work: an audit report. An audit report is based on the ISA, but you can say to your client that you are going to give a management letter… • The standards of auditing that you are going to use but also the framework. In Belgium the framework normally is BGaap for non listed companies and IFRS for listed companies. Before the start of the audit, the engagement letter has to be signed. 2 Engagement letter = lettre de mission è concept important (EXAM)
  • 16. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 16 EXECUTION OF THE AUDIT Starting date of the fieldwork 1. Step 1: Planning the audit 2. Step 2: Assessment of the activity and its risks & Determination of the audit strategy 3. Step 3: Performance of the audit procedures (once you have your strategy: link with the audit risk formula) 4. Step 4: Assessment of the results and conclusion on the audit. Closing meeting and submission of Debriefing memorandum Client acceptance procedure: “can we accept the client as ours?” We check if the client isn’t too risky, through databases. STEP 1: PLANNING THE AUDIT OBJECTIVES Ø Obtain a clear understanding of the requirements Ø Understand the specific contractual documents3 Ø Identify potential risky areas Ø Identify specific aspects relevant for the audit Ø Preparation of the audit strategy UNDERSTAND THE AUDITEE’S ACTIVITIES Objective = Identify main risk areas When you start to understand the activity, there are internal and external factors of risk: Ø External factors: statutory duties, regulations, the economic situation of the country, etc. Ø Internal factors: existence of an internal audit department within the audited entity, the governance, etc. 3 permanent file: there are permanent things (statuts de la société, its biggest contracts, etc.) Tasks of the auditor Variable duration Generally performed before and at the beginning of the audit fieldwork (or during identification visit)
  • 17. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 17 Type of questions to look at: Ø What are the activities and connected risks? Ø What is the type of organisation to be audited? Ø What are the main accounting policies? Ø Are there potential issues about certain aspects? Ø Industry requirements? Ø ... ASSESS THE CONTROL ENVIRONMENT It’s good to have a good internal control but it is not enough è you have to test if that control is working. Throughout the years the control must have worked. Based on that, you determine your Inherent Risk on existent fixed asset, etc., you check that the control is working. Objectives = Ø Understand the structure of the company to be audited Ø Identify elements of risks linked to the internal control structure Sources: Ø Interviews with people in charge of the audited entity Ø Interviews with operational and financial managers Ø Reading reports and minutes (financial, activity reports, previous audit reports, etc.) Control environment is characterised by a combination of: Ø Management style of the people in charge Ø Sensitivity of the people in charge to internal control Ø Internal control system adopted by people in charge Ø Other influences DETERMINE THE MATERIALITY We determine a materiality level because we cannot audit every single transaction obviously. Furthermore, we can still live with a certain number of (small) errors. The materiality is the level of error/change under which a user of the financial statement is not going to change his opinion, his decision making. Objectives = Ø Connected to the principle of "true and fair view"; Ø Determine the sample size for substantive testing Ø Basis for interpretation of audit results "An error may be judged material if knowledge of it would influence the user of the financial information"
  • 18. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof Calculation: The way materiality is calculated is judgemental. Here we have two ideas, but how materiality is going to be calculated depends on the auditor. We take a range because depending on the company’s level of risk we’ll choose a lower or higher materiality. If the company’s very risky, we’ll tend to choose a lower materiality (example: 5% of the pretax income) 18 Ø Between 5% and 10% of pretax income Ø Between 0,5% and 1% of turnover We can choose to determine the materiality through the pretax income or the turnover for example. Once you have the materiality it allows you to know on which accounts you are going to work etc. It will help you to determine your vouching limit4: the level of materiality you are going to apply to a specific invoice, a specific transaction. There are 3 levels existing: (see later) 1. The materiality = global error in the Financial Statements. 2. The tolerable error = the materiality is determined depending on the full Financial Statements, while the tolerable error is defined depending on the significant accounts. It’s calculated by taking 50% of the materiality. We calculate it because we know that we could have many errors that accumulated together would reach an amount higher than the materiality. That’s the reason why we always have to determine different levels of materiality. 3. The adjustment level: it’s the amount as from which you are going to be accumulating errors è adjustment list. ACD level (Time of the procedure è transactions of the month of December? March? …? When are you going to do the procedures?) DETERMINATE THE SIGNIGICANT ACCOUNTS Objective = Determine whether some specific procedures should be applied for "significant" accounts Criteria: Ø Amount Ø Nature of the account(depending on the objectives); Ø Complexity and homogeneity; Ø Predisposition to manipulations or proneness to losses; Ø Problems or errors identified in previous audits 4 Within the audit program there’s a need to describe the nature but also the extent of the procedure (we’ll see that later) = the vouching limit (it is the extent of the procedure)
  • 19. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 19 PREPARE THE AUDIT PROGRAMME Objectives = Ø Complete description of the work that is to be performed; Ø Justification of the appropriateness of the auditor's work with requirements of the ToR's Ø Prepared by audit team based on info collected during planning phase + requirements of the client Ø Approved by Audit Partner Per account, there are a number of assertions (= audit objectives). è Audit procedures will be designed to respond to specific audit objectives: Assertion Existence Each and every transaction is real Here we check the fact that it exists. If a machinery or plant is worth 3 millions, we have to check there physically are machinery and plants existing for that amount. Valuation Each and every transaction is correctly valued The fact that it physically exists is not sufficient; it also has to be well valued. The amount has to be well valued in books Cut-­‐off Each and every transaction is recorded in the proper period “Are the accounting transactions written in the good period?” Classification Each and every transaction is correctly classified “Has it been accounted in the right account?” Completeness All the transactions that should be recorded have been recorded Verify that all the transactions have been accounted for How do we check that? Check Existence If we check the Financial Statements once a year (31 December), we are going to do a physical observation è we send someone to see if the machinery etc. really exists. Valuation We see the value of that machine on invoice. Is the invoice also a good document to look at for checking at the existence? No because the timing, classification etc. can be wrong. After the invoice, there’s depreciation so we need to analyze the depreciation to see if it works correctly. Cut-­‐off The machine has to be accounted for when it has been delivered Classification The auditor can check on the delivery note, the invoice, purchase order,… to know exactly what asset it is Completeness Most difficult one è physical existence is one of the possible test + sequence of deliveries (everything delivered is in the book, etc.) è BUT they might be hiding something from you.
  • 20. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 20 BALANCE SHEET ACTIFS PASSIFS We are more concerned about existence than about completeness, for the left hand side of the Balance Sheet For the right hand side of the Balance Sheet it’s the opposite, we are more concerned about completeness! It’s more problematic if we forget a liability than if we forget an asset AUDIT TECHNIQUES – SUMMARY Key words for the auditor – Step 1: STEP 2: ASSESSMENT OF THE ACTIVITY AND ITS RISKS AND DETERMINATION OF THE AUDIT STRATEGY Objectives: Ø Understand and evaluate internal control risks Ø Determine inherent risks Ø Determine internal control risks o Determine final Audit strategy o Decide on extent of audit procedures Performed during the first two days of the audit fieldwork AUDIT RISK AR = IR x ICR x NDR è Everything is going to be based on that formula. AR = IR x ICR x NDR is the formula you apply to each significant account. Audit risk = “risk that the auditor concludes that the financial statements he has audited contain no significant errors, although they do contain such errors”.
  • 21. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof Audit Risk = something that we will be fixing ourselves. We usually accept an Audit Risk (AR) of 5%. We need to go further. 21 1ST THING TO DO: DETERMINE THE INHERENT RISK (IR) Inherent Risk = "Likelihood of significant inaccuracies due to a fraud or error, independently of the existing specific internal control procedures" Depends on: Ø Quality of the personnel responsible Ø General internal organisation Ø Economic & financial situation of the country Ø General risk linked to the type of transaction The inherent risk will always be assessed as higher or lower Example: tangible fixed assets: è We audit a company: Spadel (making water bottles). The tangible fixed assets represent an important amount. How do we determine the inherent risk of the tangible fixed assets? Based on feeling, professional judgment, the number of transactions going through that account and their complexity, etc. we are going to determine whether the risk is high or low. 2ND THING TO DETERMINE: DETERMINE THE INTERNAL CONTROL RISK (ICR) Internal Control Risk = "likelihood that the internal control system does not prevent or detect significant inaccuracies due to a fraud or error" Depends on: Ø Organisational structure followed for project management and connected potential risks; Ø Main aspects related to personnel management Ø Accounting system used to record and report the expenses and revenues. Ø Supervision/governance measures Ø Prevention >< Detection internal controls put in place The Internal Control Risk will always be assessed as minimum, moderate or maximum.
  • 22. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 22 PRELIMINARY ASSESSMENT OF THE INTERNAL CONTROL RISK Internal Control Risk = Risk that the internal controls of the company are not picking up the materiality of the account. è “What’s the risk that the umbrella is not stopping the rain? How do we determine the ICR?” There are shortcuts possible in assessing the internal control risk: if a few people are doing everything, you can choose to not test internal controls è you determine your ICR as being at its maximum. We’re not going to test all the controls because they are not working properly anyway. è The auditor goes straight on executing his audit program. There are 2 options when one are trying to assess internal controllers: -­‐ Test of the controls: end up with an assessment of internal control being low or high è you spend time on testing the controls, hoping that its going to lower your risk etc. You might not be allowed to lower the risk and then you have to do twice more work -­‐ Final assessment: you can skip the control and decide to not test the Internal Control, and go straight to the audit.
  • 23. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 23 3RD THING TO DO: COMBINED RISK ASSESSMENT (CRA) Then you make a combined risk assessment (CRA) for each significant amount that we are looking at. è Combination of the inherent risk and internal control risk = colour in the box. Evaluation du risque inhérent (Inherent Risk) par l’auditeur Evaluation du risque de contrôle interne (Internal Control Risk) par l’auditeur Maximum Moderate Minimum Low Minimum Faible Moyen High Faible Moyen Elevé Basically that’s how we determine the 2 first part of the formula (IR and ICR). Then we have to determine the NDR. Auditors can determine it themselves (it’s the only one they can). Depending on the IR and ICR being high or low, they have to reduce the NDR or accept a high NDR. If the Combined Risk Assessment (CRA) is very high we’ll have to reduce the NDR è by doing a lot of audit procedures. If the CRA is very low (very low risk for an error to appear in the financial statements) è accept a higher NDR: less audit procedures. 4TH THING TO DETERMINE: THE NON-­‐DETECTION RISK Non-­‐detection risk = “Likelihood that the external auditor does not detect significant inaccuracies by means of his/her audit procedures”. è That’s how you determine your final audit program Ø Only criteria that can be influenced by the auditor Ø Will be directly impacted by the extent of substantive procedures applied Ø Allows for a reduction of the audit Risk Combined Risk Assessment NDR should be Scope of the substantive tests Volume of proof needed High Minimal Estimation High Moderate Low Extended Average Low Moderate Detection Low Minimal High Minimal Minimal The scope of our testing should be at the level of our estimations. Ø If the CRA is high, we expect a very high probability that there are going to be errors in the accounts. è It means we’ll need a lot of procedures. Ø If the CRA is moderate: it means the NDR is low o Audit procedures are going to be extended, o Low level of materiality and o The volume of proof needed will be average. Testing is detective è trying to detect the errors.
  • 24. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 24 DETERMINATION OF THE AUDIT STRATEGY Sets: -­‐ Scope -­‐ Timing -­‐ Type of audit procedures -­‐ Extent of substantive tests è Documented in the final audit programme AUDIT PROCESS – SUMMARY Key words for the auditor – Step 2: STEP 3: PERFORMING THE AUDIT PROCEDURE Objectives: • Perform Audit procedures determined in Step 2. When performing the audit procedure, you are fully in the case of the Non-­‐Detection Risk. • Execute the procedures as per the audit program • Basis for formulation of the Audit Opinion Ø Decrease the Non-­‐Detection Risk Ø Hold the audit risk at a low level Performed throughout the audit fieldwork
  • 25. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 25 DIFFERENT TYPES OF AUDIT PROCEDURES General Audit Procedures = Audit procedures, general in nature and necessary to verify certain contractual aspects or to comply with professional standards The general audit procedures are not specific to certain accounts. There are some ISA statements talking about those GAPs. Ex: getting an engagement letter, a representation letter = GAP. • Engagement letter5 = contract between auditor and client (before you start the audit) • Representation letter = letter in which the company or management states they have not hidden anything from the auditor. This letter appears at the end of the audit and is always dated at the same date than the audit report. It states: “I confirm that I have given you everything I had, that I am not hiding anything from the auditor etc.” + all the adjustments (Cours manquant 06/10) Examples: ü Review of the general & specific conditions of important contracts and legislation ü Review the bank statements in search of unusual items ü Check of proper reconciliation between financial reports and accounting ü Confirmations (bank, lawyers) ü Obtain the Representation letter from the Auditee ü Independence related procedures ü Etc. Analytical and data analysis procedures = Logical tests of relationships between numbers, aimed at reviewing whether the numbers reported in the financial statements are reasonable è Trends / ratios / examination of variations 3 levels of confidence: Minimal >< Corroborative >< Persuasive 5 EXAM: what is the difference between engagement and representation letter
  • 26. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 26 Substantive tests applied on financial data = Verification of the supporting documents Examples: • Physical observation (inspection of fixed assets), • Check of payments, • Review of the invoices, • Testing the respect of tendering and awarding procedures for a sample of contracts, • Testing the expenses to the invoices and bank documents, • Recalculation, etc. Key items >< Representative sample Key – items Representative sample = Items selected by the auditor on a judgmental basis because of: • Significant amount • Risky transaction • Unusual transaction • Etc. à No extrapolation allowed = Items selected based on statistical sampling à Extrapolation allowed INTRODUCTION TO STATISTICAL SAMPLING OBJECTIVE Non-­‐Detection Risk can be reduced: • By performing analytical review procedures • By performing substantive tests on key-­‐items AND must be completed by: • Performing substantive tests on a representative sample
  • 27. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 27 à Objectives of statistical sampling = • Determine sample size • Further reduce Non-­‐Detection Risk DEFINITIONS Population = • All data • Basis for sampling E.g. for account receivable = The full accounts receivable sub ledger at the of the period Stratification = division of the population into sub-­‐population SIZE OF THE SAMPLE E.g. for accounts receivable = Intra-­‐group transactions (푃표푝푢푙푎푡푖표푛 € − 푘푒푦 푖푡푒푚푠 €) 푀푎푡푒푟푖푎푙푖푡푦 € ART6 Multiplicator includes the following elements: • Assessment of Inherent Risk (IR) • Assessment of Internal Control Risk (ICR) • Level of confidence reached through analytical review procedures • Type of sampling method • The statistical level of confidence (generally 95%) 6 ART = Audit Risk Table ∗ 퐴푅푇 푚푢푙푡푖푝푙푖푐푎푡표푟 IR & ICR = CRA
  • 28. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 28 TWO METHODS OF SELECTION OF SAMPLE 1. Random Number Sampling = a. all items of a population have an equal probability of being selected b. often easier to carry out 2. Monetary Unit Sampling (MUS) = a. chance of one item to be selected is proportional to its monetary value b. maximises the coverage in terms of monetary value and allows a smaller sample size è Audit Risk Table and sample size will depend on the method chosen RANDOM NUMBER SAMPLING VS. MONETARY UNIT SAMPLING EXAMPLE Calculate the sample size for overheads expenses for the period 2003-­‐2004 Assumptions: ü Materiality 2% of total expenditures = 200.000 € ü No analytical procedures possible à level of confidence = minimal ü 18 key items for a total of 425.689 € à 20% of the sub-­‐population ü Random number sampling method ü IR and ICR regarded as high (2.157.256€ − 425.689€) 200.000€ ∗ 3,6 = 32 푖푡푒푚푠
  • 29. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 29 PERFORMING THE AUDIT PROCEDURE – SUMMARY Key words for the auditor – Step 3: STEP 4: CONCLUSION OF THE AUDIT Objectives: • Summarise and quantify audit findings • Verification of general coherence of the audit • Preparation of the debriefing memorandum è Basis for preparation of audit report Performed at the end of the fieldwork ANALYSIS AND QUANTIFICATION OF FINDINGS QUANTIFICATION OF ERRORS • Identified with analytical review procedures o Cannot be used to estimate the error o Further investigation / analysis needed • Identified on key-­‐items o Reported individually in the audit report • Identified on representative sample o May be extrapolated to the sub-­‐population Extrapolation -­‐ some rules • Only on representative sample • Extrapolation method consistent with sampling method • Qualitative aspect of errors must be taken into account • Separate extrapolation for each sub-­‐population
  • 30. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 30 EXAMPLE OF EXTRAPOLATION – OVERHEAD EXPENSES Basis Audited Errors identified TYPE OF ERRORS AND THEIR CONSEQUENCES Intentional errors vs. formal errors • Intentional errors = cover potential fraud and/or irregularities à Should be reported to governance as soon as possible • Formal errors = insufficient documentation, lack of clarity, incompliance with contractual basis, etc.. Recurring errors or not Ø May be necessary to extend audit procedures in risky area Ø Risk assessment may need to be revised Ø Enlarge sample for risky sub-­‐population REASSESSMENT OF THE SAMPLE CONNECTED RISK High error rate + recurrent errors = Sign of internal control weaknesses Ø CRA must be reassessed Ø Calculation of revised sample size Should the conclusions be inconsistent with preliminary assessment of internal control system, the auditor will have to recalculate his/her sample. AUDIT REPORT PROCEDURES & REQUIREMENTS Reporting requirements: Reminder: The objective of an audit is to enable the Auditor to express an opinion and issue a report in accordance with the requirements of the Commission • In accordance with the ISA's FORMAT & CONTENT Different possible audit opinions: Ø Unqualified (clean) opinion: It’s OK! This is the most desirable opinion type. "…the Financial Report gives a true and fair view, in all material respects, of the results and financial position” % Extrapolation Key-items 425.689 € 425.689 € 156.335 € 36,7 % 156.335 € Representative 1.731.567 € 150.387 € 21.569 € 14,4 % 248.347 € sample Total 2.157.256 € 576.076 € 177.904 € 404.682 €
  • 31. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 31 Ø Qualified opinion: It’s OK except for… This happens more than we expect! …the Financial Report gives a true and fair view, in all material respects, of the results and financial position Except for an error on a specific account ... “ Ø Adverse opinion: It’s not OK! Not desirable BUT not very frequent. "… the Financial Report does not give a true and fair view, in all material respects, of the results and financial position ... “ Ø Disclaimer of opinion: I don’t know! Not desirable BUT occur sometimes. "…the Auditor is unable to express an opinion." Significant scope limitation è the auditor cannot obtain sufficient audit evidence. CONCLUSION OF THE AUDIT – SUMMARY Key words for the auditor – Step 4:
  • 32. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 32 AUDIT PROCESS (ILLUSTRATIVE) Planning and risk identification Strategy and risk assessment Execution Conclusion and reporting Complete preliminary engagement activities Identify SCOTs, significant disclosures processes & related IT applications Execute tests of controls Prepare summary of audit differences Understand the business Understand SCOTs & Sig disclosures processes Understand and evaluate the FSCP Execute tests of journal entries and perform other mandatory fraud procedures Perform financial statement procedures Determine the need for specialized skills on the team Perform walkthrough Understand entity-­‐level controls Select controls to test Understand ITGCs Update tests of controls Update tests of ITGCs Prepare the summary review memorandum Design and execute tests of ITGCs Evaluate ITGCs Identify risk of material misstatement due to fraud and determine responses Make combined risk assessment (CRA) Perform substantive procedures Perform overall review and approval Determine Performance Materiality (PM), Tolerable Error (TE) and SAD nominal amounts Design tests of controls Prepare and deliver client communication Design test of journal entries and other mandatory fraud procedures Identify significant accounts and disclosures and relevant assertions Design substantive procedures Plan general audit procedures Perform General audit procedures Complete documentation and archive engagement Prepare audit and strategies memorandum Understand service requirements, determine audit scope and establish the team Team planning event and discussion of fraud and error Post-­‐interim event Wrap-­‐up the engagement Reassess combined risk assessments
  • 33. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 33 MATERIALITY AGENDA Ø Introduction Ø Definition – concepts Ø Determining overall materiality level Ø Assessing errors at the end of the audit Ø ISA 320 Ø Questions Ø Practical examples INTRODUCTION Ø Audit risk = risk that the auditor certifies financial statements that contains material errors due to fraud or errors Ø “Risk of material misstatements” exists both on financial statements taken as a whole as at the level of significant accounts and disclosures => judgment needed (it’s not merely a mathematical exercise!) DEFINITION Ø Materiality is defined as “the size of an error in the financial statements which in all probability would influence the judgement of a reasonable user of these financial statements”. Ø Errors include amongst others omissions and wrong presentations. Ø Reasonable users are people that are no specialists in accounting but have a basic knowledge of the principles used to prepare financial statements: o A certain knowledge of accounting is needed; o They need to understand that materiality levels are used during an audit; o They need to acknowledge that a certain level of ‘judgement’ is used when preparing financial statements. Ø Materiality or “material importance” therefore has a direct impact on the auditor’s opinion on the financial statements. In case there are no material misstatements -­‐> unqualified opinion. In case of material misstatements -­‐> qualified opinion or negative opinion (depending on the number and size of the misstatements); Ø Auditor needs to determine materiality levels for his audit and these levels will be used for testing purposes (determining the extent of testing) and for reporting purposes (accumulating the adjustments in a ”summary of unadjusted differences” and determining the type of opinion based on his professional judgement) ; Ø Different levels of materiality (overall materiality, tolerable error, adjustment level)
  • 34. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 34 DETERMINING THE MATERIALITY LEVEL Ø Will be done during the planning phase; Ø Can and needs to be adjusted during the execution of testing based on results obtained; Ø The lower the materiality, the more testing (cfr. risk formula); Ø Materiality is a relative concept. The importance of an error will depend on its relative importance as compared to the financial statements taken as a whole. An error of 1 million will be material in an entity with a balance sheet of 20 million but not in an entity with a balance sheet of 20 billion; Ø Different data can be used and audit firms generally use a different basis from other audit firms. There are no specific guidelines coming from professional organisations since there’s a risk that auditors would automatically use these guidelines rather then taking into account the specific sitauation of the audited entity; Ø There are nevertheless some “rules of fist”: o Entities for profit: 5% to 10% of the pretax income, 0,5% to 1% of total sales, 5% of EBITDA,…; o Non for profit entities: 0,5% to 1% of revenues. Ø Examples: o Non for profit organisations: rather use total revenue or total expense as a benchmark; o You can exclude exceptional items out of the profit before taxes; o Insurance companies: use net assets as a benchmark; o Holdings: usually net assets or total assets LEVELS Ø Overal materiality or “planing materiality” – at level of financial statements (PM) Ø Tolerable error – at level of a significant account (for reporting) – TE (generally 50% or 75% of PM) – used for testing and reporting Ø Adjusting difference – level as from which an error is taken to the summary of unadjusted audit differences – SAD level (for example 5% of PM) – used for reporting only Ø Takes into account that more than one error can appear and those errors can accumulate 3 levels of materiality: Ø 1st level: Materiality Ø 2nd level: Tolerable error: 50% of materiality Ø 3rd level: ACD level
  • 35. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 35 ASSESSING ERRORS Ø After performing the audit procedures, the auditor will have a view of the individual and total errors in the financial statements taken as a whole but also per significant account; Ø These errors are added up and compared to the overall materiality level determined at the start of the audit. Based on this exercise, the auditor will determine the impact of these errors on his opinion. ISA 320 – AUDIT MATERIALITY Ø Materiality: matter of professional judgement; Ø Both qualitative and quantitive misstatements; Ø Materiality to be determined at overall financial statement level and in relation to classes of transactions, account balances and disclosures; Ø Inverse relationship between materiality and the level of audit risk; Ø Assessment required whether the aggregate of uncorrected misstatements that have been identified during the audit is material; Ø If the aggregate of uncorrected misstatements approaches the materiality level, the auditor must consider whether it is likely that undetected misstatements could lead to exceeding the materiality level; è Audit risk can be reduced by performing additional procedures or by requesting management to adjust the financial statements QUESTIONS Ø Can we communicate our materiality levels to the auditee? Ø What about a condensed accounting year or quarterly reporting? Ø Why does the auditor determine materiality? Ø What about consolidated financial statements? o Example: group with 20 subsidiaries in 20 different countries with sales of EUR 1 million each and a profit before taxes of EUR 100.000 each o Consolidated revenue is EUR 20 million and consolidated profit before taxes is EUR 2 million o Expected materiality based on consolidated figures is EUR 100.000 o Can this materiality level be used for each entity? o Allocation of materiality needed
  • 36. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 36 PRACTICAL EXAMPLES EXAMPLE 1 Given: Ø Sales: 10.000 € Ø Profit before taxes: 1.000€ Ø Net assets: 50 € Ø Accounts receivable: 1.500 € Ø Allowance for doubtful debt understated with: 40€ Is this material? EXAMPLE 2 Given for Year 1 Given for Year 2 Ø Sales: EUR 10.000 Ø Pretax income: EUR 1.000 Ø Net assets: EUR 1.500 Ø Accounts receivable: EUR 1.500 Ø Allowance for doubtful debt understated with EUR 40 Ø Sales: EUR 10.000 Ø Pretax income : EUR 100 Ø Net assets: EUR 1.600 Ø Accounts receivable: EUR 1.500 Ø Allowance for doubtful debt still understated with EUR 40 Ø Material error in year 1 ? Ø Material error in year 2 ? EXAMPLE 3 Given: Ø Sales: EUR 10.000 Ø EBITDA: EUR 1.000 Ø Net debt: EUR 3.000 Ø Covenant: net debt/EBITDA max 3 Ø Allowance for doubtful debt understated with EUR 20 Material? EXAMPLE 4 Given: Ø Sales: EUR 10.000 Ø Operating profit: EUR 1.000 Ø Balance sheet total: EUR 5.000 Ø Leasingcontract signed for a new machine: o Acquisition cost: EUR 2.500 o Yearly rent: EUR 300 in expense as rent (account 61) o Lifespan = duration of the contract= 10 years o Analysis shows that this is a finance lease and not an operational lease Material ?
  • 37. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 37 EXAMPLE 5 Given: Ø Sales: EUR 10.000 Ø Operating profit: EUR 1.000 Ø Balance sheet total: EUR 5.000 Ø Audit fees amount to EUR 25 and are correctly accounted for but not disclosed in the notes to the financials in Vol. 5.15 Material?7 Audit Fees are in the P&L but you don’t see it there. 25 euros not disclosed in an appendix is not going to change the true and fair view, the amount is too small. We will try to push the client to change that, telling him that financials are not corrects, he has to give that information. EXAMPLE 6 Given: Ø Sales: EUR 10.000 Ø Operating profit: EUR 1.000 Ø Balance sheet total: EUR 5.000 Ø Depreciation: EUR 300 Ø Depreciation % used on buildings: 3% Ø In the disclosures (accounting policies) it says 5% is used as depreciation on buildings Material? 300 = 3% of the total value of the building è P&L. But in the disclosure it says it’s 5% that we are using è we are not using the percentage that we should be using, following the accounting policies 8 . There’s an issue, an error of 200. 200 is material because the materiality is between 5% & 10% of 1000, so between 50 and 100, and 200 is > than that. è 200 is in any case material. EXAMPLE 7 Given: Ø Sales: EUR 10.000 Ø Operating profit: EUR 1.000 Ø Balance sheet total: EUR 7.500 Ø Provisions (account 16): EUR 75 Ø Provisions for early retirement not accounted for in an amountof EUR 25 Material? 7 Dans les annexes au compte normalement il y a des honoraires d’audit (audit fees) pour donner des informations supplémentaires aux lecteurs. Dans une des annexes il manque cette information. Ici, les honoraires de 25 sont bien notes. 8 accounting policies = regles d’évaluation
  • 38. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 38 Ø Liability side of the B/S: o Provisions for 75 euros. o Provisions that should have been booked but haven’t: error of 25. è Not material EXAMPLE 8 Given: Ø Sales: EUR 10.000 Ø Operating profit: EUR 1.000 Ø Net assets: EUR 1.500 Ø Balance sheet total: EUR 7.500 Ø Intangible assets: EUR 0 Ø Tangible assets amount to EUR 2.000 of which EUR 1.500 relate to software Material? Normally softwares are intangible fixed assets è This error is on significant account intangible asset and tangible asset è Material if you compare it to anything P&L driven but it’s only a balance sheet effect… would it change the view of a FS user? 2 solutions -­‐ It is important -­‐ It is not It depends on the context of the company but we will probably say that it’s material because we have big amounts here. 1500 è part of other audit procedures that we will do. EXAMPLE 9 Given: Ø Sales: EUR 10.000 Ø Operating profit: EUR 5.000 Ø Net assets: EUR 6.500 Ø Balance sheet total: EUR 8.000 Ø Credit note to be issued9 not accrued for in an amount of EUR 200 Material? That’s equity Credit note to be issued should have been put in the B/S but 200 euros doesn’t look material Ø // Pretax income = one of the most important indicator è not material Ø // Total of the B/S è not material 9 = Note de crédit à établir
  • 39. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 39 EXAMPLE 10 Given: Ø Sales: EUR 10.000 Ø Operating profit: EUR 5.000 Ø Net assets: EUR 6.50 Ø Legal reserve: EUR 25 Ø Profit after taxes: 2.000 Ø Profit is fully distributed to the shareholders Problem? Ø Low equity value, & Ø Low net asset value Ø Legal Reserve = 25 euros Ø Profit fully distributed to the shareholders Normally before we distribute net profit, net income, we have to put 5% in the legal reserve. Distributing everything is not correct. Material? It might be. It’s difficult to determine without knowing how is the equity build up. Anyway in the second part of the audit opinion we’ll say that the company’s law has not been respected. We should qualify in that case è qualified opinion EXAMPLE 11 Given: Ø Sales: EUR 10.000 Ø Net assets: EUR 1.000 Ø Profit before taxes: EUR 1.500 Ø Account 61 includes EUR 50 of secret commissions. Tax risk: fine of 309% Material? Tax risk on the amount of 50 with a fine of 309 %. If the probability of the tax risk is > 50%, then you qualify. If we believe >50% chances that it materializes, then we qualify.
  • 40. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof Services covered by the standards and recommendations Related Services ISRS 4000-­‐4699 ISRSPS 4700-­‐4999 ISQC 1-­‐99 International Standards on Quality Control 40 ISQC1 AND I SA200-­‐260 ISQC1: International Standard Quality Control 1 è n°1 because there’s only one so far. IFAC -­‐ Code of ethics for professional practitioners Structure of the Standards for Assurance Engagements Audit and review of historical Qinancial information ISA 100-­‐999 IAPS 1000-­‐1999 ISRE 2000-­‐2699 IREPS 2700-­‐2999 Assurance engagements other than audits and reviews of historical Qinancial information ISAE 3000-­‐3699 IAEPS 3700-­‐3999 Ø The international Standard on Quality Control (ISQC) deals with a firm’s responsibilities for it’s system of quality control for audits and reviews of financial statements, and other assurance and related services engagements. Ø This ISQC applies to all firms of professional accountants in respect of audits and reviews of financial statements, and other assurance and related services engagements. The nature and extent of the policies and procedures developed by an individual firm to comply with this ISQC will depend on various factors such as the size and operating characteristics of the firm, and whether it is part of a network. è The ISQC1 applies to all engagements. It deals with the firms’ responsibility for quality control. One person must be responsible of this and has to put in place a system of quality control.
  • 41. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 41 ELEMENTS OF A SYSTEM OF QUALITY CONTROL The firm shall establish and maintain a system of quality control that includes policies and procedures that address each of the following elements: Ø Leadership responsibilities for quality within the firm: responsible for the quality control at the top level Ø Relevant ethical requirements: so that everybody have to have a set of values within the company Ø Acceptance and continuance of client relationships and specific engagements: the first time the auditor accepts a client, he has to go through an acceptance procedure. Then every year he has to do a client continuance, to see if the client still complies with the criteria. è Continue engagement = a job. è Engagement acceptance: necessary, when you have accepted there are some services that you can’t do: for example you can’t be the accountant for a client where you are an auditor, you would be auditing what you do. Ø Human resources: how do you make sure your people are trained on a continual basis, your people are ethical, etc.? What are your recruitment procedures? Are you recruiting the right persons? Etc. Ø Monitoring: need to make sure that the quality get monitored on a regular basis All that needs to be documented: The firm shall document its policies and procedures and communicate them to the firm’s personnel. LEADERSHIP RESPONSIBILITIES FOR QUALITY WITHIN THE FIRM The firm shall establish policies and procedures designed to promote an internal culture recognizing that quality is essential in performing engagement. Such policies and procedures shall require the firm’s chief executive officer (or equivalent) or, if appropriate, the firm’s managing board of partners (or equivalent) to assume ultimate responsibility for the firm’s system of quality control. RELEVANT ETHICAL REQUIREMENTS Independence Ø The firm shall establish policies and procedures designed to provide it with reasonable assurance that the firm, its personnel and, where applicable, others subject to independence where required by relevant ethical requirements : Ø Policies and procedures that are required to independence Ø Engagement partners to provide the firm with relevant information about client engagements, including the scope of services, to enable the firm to evaluate the overall impact, if any, on independence requirements Ø Personnel to promptly notify the firm of circumstances and relationships that create a threat to independence so that appropriate action can be taken Ø The firm maintains and updates its records relating to independence Ø The firm takes appropriate action regarding identified threats to independence that are not at an acceptable level.
  • 42. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 42 ACCEPTANCE AND CONTINUANCE OF CLIENT RELATIONSHIP AND SPECIFIC ENGAGEMENT Ø Competence, Capabilities and resources: An audit team that has never been auditing a bank should not be assigned totally alone è rather not accept the client. Ø Integrity of client: Industry of pornography, you might not accept the client (integrity issue) Ø Continuance of Client Relationship Ø Withdrawal: What do we do when withdrawal of the client? Ø Considerations Specific to Public Sector Audit Organizations HUMAN RESOURCES Ø Recruitment Ø Performance of the people evaluation: how is it done? We need to make sure that in the performance review, quality is assessed and not only commercial etc. you can’t make an exception on quality. Ø Capabilities, including time to perform assignments Ø Competence Ø Career development Ø Promotion Ø Compensation Ø The estimation of personnel needs ENGAGEMENT PERFORMANCE Ø Consistency in the Quality of Engagement Performance Ø Supervision: always reviewed by a second person Ø Review Ø Consultation: need to make sure that you address the possibility of consulting MONITORING Ø Monitoring the Firm’s Quality Control Policies and Procedures: make sure your Quality Control etc. are monitored on a regular basis è complaints or allegation, etc. Ø Communicating Deficiencies Ø Complaints and Allegations Example: GMS system (= software) è need to declare all the investments you have: database. The company can check and see we don’t have shares In our client’s company, etc. ISQC1 applies to all engagements. Now: more specific
  • 43. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 43 DOCUMENTATION OF THE SYSTEM OF QUALITY CONTROL Ø The form and content of documentation evidencing the operation of each of the elements of the system of quality control is a matter of judgment and depends on a number of factors, including the following o The size of the firm and the number of offices o The nature and complexity of the firm’s practice and organization Ø For example, large firms may use electronic databases to document matters such as independence confirmations, performance evaluations and the results of monitoring inspections. ISA 200: OVERALL OBJECTIVE OF THE INDEPENDENT AUDITOR AND THE CONDUCT OF AN AUDIT IN ACCORDANCE WITH INTERNATIONAL STANDARDS ON AUDITING This International standard on Auditing (ISA) deals with the Overall Objectives of the Auditor In conducting an audit of financial statements, the overall objectives of the auditor are: Ø The obtain reasonable assurance (reasonable assurance is not an absolute level of assurance) about whether the financial statements as a whole are free from materiel misstatement, whether due to fraud or error, there by enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework Ø To report on the financial statements, and communicate as required by the ISA’s, in accordance with the auditor’s findings. Ø In all cases when reasonable assurance cannot be obtained and a qualified opinion in the auditor’s report is insufficient in the circumstances for purposes of reporting to the intended users of the financial statements, the ISAs require that the auditor disclaim an opinion or withdraw (or resign) from the engagement, where withdrawal is possible under applicable law or regulation. ISA 200 REQUIREMENTS ESTABLISHING THE GENERAL RESPONSIBILITIES OF THE INDEPENDENT AUDITOR Ø Ethical Requirements Relating to an audit of Financial statements Ø Professional Skepticism Ø Professional Judgment Ø Sufficient Appropriate Audit Evidence and Audit Risk Ø Conduct of an Audit in Accordance with ISAs ISA 210: AGREEING THE TERMS OF AUDIT ENGAGEMENTS Ø This International Standard on auditing (ISA) deals with the auditor’s responsibilities in agreeing the terms of the audit engagement with management and, where appropriate, those charged with governance. This includes establishing that certain preconditions for an audit, responsibility for which rests with management and, where appropriate, those charged with governance, are present.
  • 44. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 44 ISA 210 REQUIREMENTS Ø Preconditions for an Audit Ø Agreement on Audit Engagement Terms Ø Recurring Audits Ø Acceptance of a change in Term of the Audit Engagement Ø Additional Considerations in Engagement Acceptance ISA 210: PRECONDITIONS FOR AN AUDIT Ø Determining the Acceptability of the financial reporting framework Ø Financial reporting frameworks prescribed by law or regulation Ø Jurisdictions that do not have standards setting organizations or prescribed financial reporting frameworks Ø Agreement of the Responsibilities of Management Ø Preparation of the Financial Statement and internal control ISA 210: AGREEMENT ON AUDIT ENGAGEMENT TERMS An audit engagement letter mentions the responsibility of the management & of the auditor An Audit engagement letter may make reference to the following: Ø The scope of the audit Ø The form of any other communication of results of the audit engagement Ø Because of inherent limitations of an audit and internal control, an unavoidable risk that some material misstatements may not be detected exists. Ø The expectation that the management will provide written representations Ø The agreement of management to make available to the auditor draft financial statements and any accompanying other information in time to allow the auditor to complete the audit in accordance with the proposed timetable Ø The agreement of management to inform the auditor of facts that may affect the financial statements, of which management may become aware during the period from the date of the auditor’s report to the date the financial statements are issued Ø The basis on which fees are computed and any billing arrangements Ø A request for management to acknowledge receipt of the audit engagement letter and to agree to the terms of the engagement outlined therein. AUDITS OF COMPONENTS When the auditor of a parent entity is also the auditor of a component, the factors that may influence the decision whether to send a separate audit engagement letter to the component include the following: Ø Who appoints the component auditor Ø Whether a separate auditor’s report is to be issued on the component Ø Legal requirements in relation to audit appointments Ø Degree of ownership by parent Ø Degree of independence of the component management from the parent entity
  • 45. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 45 ISA 230 AUDIT DOCUMENTATION Anything not documented is considered as not done: having it in your head is not sufficient. Everything has to be documented. The rule is that someone should be able to re-­‐do what the auditor has done based on the audit documentation. Furthermore, the documentation has to be kept for 10 years. On top of ISAs, there are regulations. This international Standard on Auditing (ISA) deals with the auditor’s responsibility to prepare audit documentation for an audit of financial statements. The appendix lists other ISAs that contain specific documentation requirements and guidance. The specific documentation requirements of other ISAs do not limit the application of this ISA. Law or regulation may establish additional documentation requirements. ISA 230 REQUIREMENTS Ø Timely Preparation of Audit Documentation Ø Documentation of the Audit procedures Performed and Audit Evidence obtained Ø Assembly of the Final Audit File ISA 230 DOCUMENTATION OF THE AUDIT PROCEDURES PERFORMED AND AUDIT EVIDENCE OBTAINED The auditor shall prepare audit documentation that enable an experienced auditor to understand the following: Ø The nature, timing and extent of the audit procedures Ø The results of the audit procedures performed, and the audit evidence obtained Ø Significant matters arising during the audit, the conclusions reached thereon Ø In exceptional circumstances, why the auditor judges it necessary to depart from a relevant requirement in an ISA Ø Matters Arising after the Date of the Auditor’s Report ISA 230 ASSEMBLY OF THE FINAL AUDIT FILE Ø The auditor shall assemble the audit documentation in an audit file and complete the administrative process of assembling the final audit file on a timely basis after the date of the auditor’s report Ø After the assembly of the final audit file has been completed, the auditor shall not delete or discard audit documentation of any nature before the end of its retention period Ø In circumstances where the auditor finds it necessary to modify existing audit documentation or add new audit documentation after the assembly of the final audit file has been completed, the auditor shall, regardless of the nature of the modifications or additions, document: o The specific reasons for making them o When and by whom they were made and reviewed
  • 46. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 46 ISA 240 THE AUDITOR’S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS This ISA is a very important one. We’ll see it later. This ISA deals with the auditor’s responsibilities relating to fraud in an audit of financial statements. Specifically, it expands on how ISA 315 and ISA 330 are to be applied in relation to risks of material misstatement due to fraud Ø Characteristics of Fraud Ø Responsibility for the prevention and detection of fraud Ø Responsibility of the auditor Ø Professional skepticism Ø Discussion among the engagement team Ø Risk assessment procedures and related activities Ø Management’s assessment of the risk Ø The auditor shall make inquiries of management Ø Unusual or unexpected relationship identified Ø Evaluation of fraud risk factors Ø Identification and assessment of the risk of material misstatement due to fraud Ø Responses to the assessed risks of material misstatement due to fraud o Overall responses o Audit procedures responsive to assessed risks of material misstatement due to fraud at the assertion level o Audit procedures responsive to risks related to management override of controls ISA 250 CONSIDERATION OF LAWS AND REGULATION IN AN AUDIT OF FINANCIAL STATEMENTS There’s a specific ISA taking into consideration laws and regulations. Example: tax laws are important è which laws the company has to comply with? Etc. è it’s a checklist. Tax = VAT, custom duties, company taxes Ø Effect of laws and regulations Ø Responsibility for compliance with laws and regulations o Management’s responsibility o Auditor’s responsibility Ø The auditor’s consideration of compliance with laws and regulations Ø Audit procedures when Non-­‐compliance is identified or suspected Ø Reporting of identified or suspected non-­‐compliance Ø Documentation
  • 47. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof ISA 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE OF 47 THE COMPANY Ø Those charged with governance Ø Those charged with governance-­‐The person or organization with responsibility for overseeing the strategic direction of the entity and obligations related to the accountability of the entity. Ø Matters to be communicated Ø Planned scope and timing of the audit Ø Significant findings from the audit Ø Auditor independence Ø The communication process Ø Establishing the communication process Ø Forms of communication Ø Timing of communication s Ø Adequacy of the communication process Ø Documentation
  • 48. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 48 ????? ≠ steps of the audit methodology (last time). Yellow: first combined risk assessment (slide audit process) Test of the controls to confirm that your risk assessment (preliminary) is valid. Based on the combined risk assessment è substantive procedures + general audit procedures. ????? CASE STUDY-­‐ SERVIER BENELUX
  • 49. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof IT SPECIALIST INVOLVEMENT IN THE 1. Application controls 2. IT general controls (wider than application è how do we do when we want to change something (process)? 49 AUDIT Agenda: Ø The IT Specialist Approach: we use IT specialists because most of the transactions are done through IT. Ø IT Environment Checklist (ITEC) & Technology Summary (Techsum): o ITEC = a number of ways to document what auditors are doing o TECHSUM = what technology the client uses and how it’s affecting the business Ø Application Control Review Ø IT General Controls (ITGC) Ø Data Analysis: electronic evidence obtained through the system Ø Summary THE THREE MAIN AREAS OF FOCUS: THE IT PYRAMID Integration of the IT audit team at three main levels: Ø Obtaining an understanding of the IT environment (and changes to it) and assess the inherent risks attached Ø Testing of the (semi-­‐) automated application controls Ø Test IT General Controls over applications (and Operating Systems / Databases). IT Environment (document) Application controls (test1) IT General Controls (test2) 2 types of control in the IT system: controls and it affects it) Ex: change management ISA 600 = making use of an expert if you don’t have your own IT specialist in the audit team STEPS: 1 2 3
  • 50. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 50 THREE PARTS OF IT-­‐RELATED WORK: THE BIG PICTURE 1. The IT Environment Ø Identify business and inherent risks: o Risk formula – part 1 è IT = part of the inherent risks Ø Impact on internal control at entity level (not at a process level) è ex: if there’s only one person in the IT department in a company with a complex system Ø Regulatory requirements: companies are part of an industry where IT has to comply with regulatory requirements Ø To link the significant business processes with applications (Techsum) o TechSum = document: Technology Summary. It says which software, platform is used for each process 2. Application controls Those controls happen at the transaction level. They’re: Ø Either manual controls, as for example comparing 2 things è you have to test it much more: if a machine does it right once, it will do it right all the time, which is not the case of a person Ø Or manual controls depending on IT control, as for example reconciling a document from the IT system with another one è you do it by testing the IT system Ø Or else, fully automated controls (made by the machine) è you do it by testing the IT system Focus on controls (including IT-­‐dependent manual controls) that deal with control risk for each relevant assertion relating to the significant accounts 3. IT General Controls = Controls around the machine. Example: access rights test è if wrong, anybody can do anything and the situation is bad. Focus on IT General Controls relating to application controls in order to attain reasonable assurance on them è If change management is not done properly, application controls won’t be done properly because anybody can change it. Combined risk assessment Value observation
  • 51. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 51 IT SPECIALIST APPROACH LINK WITH SIGNIFICANT ACCOUNTS è 1st part = INHERENT RISK: it gives indications about the IR First Part: Ø ITEC: how we document what we see in the IT environment è based on that you decide if you have a low or high IR Ø Internal control and fraud (checklist): affected by the ITEC è 2nd part + 3rd part = CONTROL RISK: we look at what control we have in place Second Part: Ø We start with significant accounts Ø è Each account is linked to a process (example: accounts receivable linked to the sale process). Ø After, we look at what could go wrong (WCGW) Ø WCGW is linked with 3 types of controls Third Part: Ø IT General Control: documentation in the checklist DITGC Ø DITGC = Documentation of the IT General Control
  • 52. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 52 IT SPECIALIST APPROACH IN THE AUDIT METHODOLOGY Which are the audit activities where the IT specialist will be involved? Ø 3. The IT specialist needs to understand the IT of the client. Ø 4. It is done by filling the ITEC and the TechSum Ø 5. Based on conclusions, we have to adapt the audit program Ø 7. è “Test of ones” = 1 test of automated Ø 6. But now from an IT general controls perspective è At this stage, they are not looking at data yet: there are no data tests. There are only control environment and IR
  • 53. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof See if application control work Electronic Audit Evidence: Any document that comes out of the system & that you want to rely on. è pièce justificative éléctronique (that comes out of the system) 53 THE PURPOSE OF ITGC WORK Most companies are working with EAE now. As an auditor, you have to stay sceptical: you can’t rely on something coming directly from the system. IT CONTROL TESTING AN OVERVIEW
  • 54. Manon Cuylits International Standards on Audit 2013-­‐2014 ECRII: Eric van Hoof 54 There are different control types: Ø Detection controls Ex: print a list showing all the transactions > 10.000.000 € and then you check if it’s possible Ø Prevention controls (better than detection controls) Ex: the system blocks if you try to put a transaction in it > 10.000.000 € (impossible) è IT General Controls It’s another way to classify manual controls/ IT dependent controls and fully automated controls. EXAMPLE Ø Balance Sheet & Income Statement = The Financial Statements the auditor tries to certify Ø Account: Accounts Payable10 = significant accounts Ø Process: Purchasing = purchase process related to the accounts payable Ø WCGW: Invoice does not equal delivery does not equal order Ø Control: 3 ways match to control the WCGW: matching between: o The purchase o The delivery note o The invoice è It’s an application control Application control IT General Control Ø SAP: the transactions happens in an SAP Ø Oracle DB: it’s a database Ø UNIX Ø Change management Ø Access management If not right, you can’t extrapolate that the rest is right Either you test manually, meaning you have to test a lot, or you ask the IT specialist to check the IT system. 10 Accounts payable = dettes commerciales