Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Proportionate Application of ISA™ and ISQC™ 1


Published on

Presentation by Manoj Fadnis , SMP Committee Member, for SCA Sri Lanka-SAFA-IFAC SMP Regional Forum, January 26, 2016.

Published in: Business
  • Be the first to comment

Proportionate Application of ISA™ and ISQC™ 1

  1. 1. Page 1 | Confidential and Proprietary Information EMPOWERING ASIA’S SMALL & MEDIUM BUSINESS HUB Manoj Fadnis SMP Committee Member Proportionate Application of ISA™ and ISQC™ 1 CA Sri Lanka-SAFA-IFAC SMP Regional Forum January 26, 2016
  2. 2. Page 2 | Confidential and Proprietary Information OVERALL OBJECTIVES OF AN AUDITOR Obtain reasonable assurance on Financial Statements • Free from material misstatements • Prepared in accordance with financial reporting framework Report & Communicate • Report on financial statements • Communicate as required in ISAs
  3. 3. Page 3 | Confidential and Proprietary Information HOW A STANDARD HELPS THE AUDITOR express an appropriate opinion designed to support the auditor in obtaining reasonable assurance about the financial statements Objectives, requirements and application and other explanatory material
  4. 4. Page 4 | Confidential and Proprietary Information WHEN TO APPLY A STANDARD ISA is effective; and The circumstances addressed in the ISA exist Auditor to have an understanding of the entire text of an ISA to apply it properly
  5. 5. Page 5 | Confidential and Proprietary Information HOW TO USE ISAs IN AUDIT ENGAGEMENT • Use the OBJECTIVE/s as base for audit planning • Understand the link between OBJECTIVE/s and REQUIREMENTS • Identify what needs to be accomplished • Identify the appropriate means of doing so; and • Evaluate whether more needs to be done to achieve the Objective • Understand interrelationship between various ISAs
  6. 6. Page 6 | Confidential and Proprietary Information ISAs vis a vis PROPRTIONAL APPLICATION Proportional application is from the perspective of auditee (ie SME) and not the auditor (ie SMP) Where relevant, ISAs contain additional considerations for SMEs Additional considerations DO NOT override the OBJECTIVES of an ISA Responsibility of the auditor to apply and comply with the requirements of the ISA is NOT reduced
  7. 7. Page 7 | Confidential and Proprietary Information • ISAs are designed by the IAASB to be usable for entities of all sizes, all types and in all jurisdictions. Application guidance sets out specific ways in which relevant standard might be applied to an SME. • This can be both indicating a simpler approach or a particular challenge. For instance, ISA 315 on risk assessment points out both that in a smaller entity the active involvement of an owner-manager may mitigate certain risks such as those arising from lack of segregation of duties in a small entity but may increase other risks such as risk of override of controls. • Majority of documentation requirements for ISA audits are set out in ISA 230 with requirements for specific areas set out in specific standards Proportionate Application—ISA
  8. 8. Page 8 | Confidential and Proprietary Information • It is possible to take a proportionate approach to documentation of an audit • ISA 230 requires documentation should enable an experienced auditor, having no previous connection with the audit, to understand what has been done. It does not require documentation of every matter considered or professional judgment made or every last thought by the auditor. Test is whether an experienced auditor can understand what has been done, not whether someone with no knowledge of auditing can. • ISA 200 makes it clear there is no requirement to apply an ISA or those individual requirements of an ISA which are not relevant to the audit. If he does not use the work of an expert or there is no internal audit function, then he does not need to justify why he has not applied ISA 610/620 Proportionate Application—ISA (cont.)
  9. 9. Page 9 | Confidential and Proprietary Information SME—DEFINITION IN ISA 200 One or more of these Straightf orward or uncompl icated transacti ons Simple record- keeping Few business /product lines Few internal controls Few levels of manage ment Few employe es with wide range of duties Concentration of ownership and management in a small number of individuals Qualitative characteristics, not exhaustive
  10. 10. Page 10 | Confidential and Proprietary Information PROPORTIONALITY IN SPECIFIC ISA ONWARD SLIDES WILL GIVE AN OVERVIEW OF PROPORTIONALITY IN VARIOUS ISA (these slides are not intended to be an exhaustive list of smaller entity audit considerations envisaged in ISA)
  11. 11. Page 11 | Confidential and Proprietary Information ISA 230—AUDIT DOCUMENTATION Pre-conditions for an audit Requirement—In order to establish whether the preconditions for an audit are present, the auditor shall, inter alia, obtain the agreement of management that it acknowledges and understands its responsibility. Proportional Application—When a third party has assisted with the preparation of the financial statements, remind management that the preparation of the financial statements in accordance with the applicable financial reporting framework remains management’s responsibility.
  12. 12. Page 12 | Confidential and Proprietary Information ISA 230—AUDIT DOCUMENTATION Form, Content, and Extent of Documentation Requirement: The auditor shall prepare audit documentation that is sufficient to enable an experienced auditor, having no previous connection with the audit, to understand: (a) The nature, timing, and extent of the audit procedures performed to comply with the SAs and applicable legal and regulatory requirements; (b) The results of the audit procedures performed, and the audit evidence obtained; and (c) Significant matters arising during the audit, the conclusions reached thereon, and significant professional judgments made in reaching those conclusions.
  13. 13. Page 13 | Confidential and Proprietary Information Proportional Application • Audit documentation generally less extensive than that for the audit of a larger entity. • Where the engagement partner performs all the audit work, the documentation will not include matters that might have to be documented solely to inform or instruct members of an engagement team, or to provide evidence of review by other members of the team • It may be helpful and efficient to record various aspects of the audit together in a single document, with cross references to supporting working papers as appropriate.
  14. 14. Page 14 | Confidential and Proprietary Information ISA 240: THE AUDITOR’S RESPONSIBILITIES RELATING TO FRAUD Evaluation of Fraud Risk Factors Requirement—The auditor shall evaluate whether the information obtained from the other risk assessment procedures and related activities performed indicates that one or more fraud risk factors are present. While fraud risk factors may not necessarily indicate the existence of fraud, they have often been present in circumstances where frauds have occurred and therefore may indicate risks of material misstatement due to fraud. Proportional Application—In SMEs, some or all of these considerations may be inapplicable or less relevant. In some SMEs, the need for management authorization can compensate for otherwise deficient controls and reduce the risk of employee fraud.
  15. 15. Page 15 | Confidential and Proprietary Information ISA 265: COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL Requirement—The auditor shall communicate in writing significant deficiencies in internal control identified during the audit to those charged with governance on a timely basis. Application—In the case of audits of smaller entities, the auditor may communicate in a less structured manner with those charged with governance than in the case of larger entities.
  16. 16. Page 16 | Confidential and Proprietary Information ISA 300: PLANNING AN AUDIT OF FINANCIAL STATEMENTS Planning Activities Requirement—In establishing the overall audit strategy, the auditor shall ascertain the nature, timing and extent of resources necessary to perform the engagement. Proportional Application—The entire audit may be conducted by a very small audit team, say, the engagement partner working with one engagement team member. With a smaller team, co-ordination of, and communication between, team members are easier. Establishing the overall audit strategy for the audit of a small entity need not be a complex or time-consuming exercise; it varies according to the size of the entity, the complexity of the audit, and the size of the engagement team.
  17. 17. Page 17 | Confidential and Proprietary Information Direction, supervision and review Requirement—The auditor shall plan the nature, timing and extent of direction and supervision of engagement team members and the review of their work. Proportional Application—When an audit is carried out entirely by the engagement partner, questions of direction and supervision of engagement team members and review of their work do not arise. Forming an objective view on the appropriateness of the judgments made in the course of the audit can present practical problems when the same individual also performs the entire audit. When particularly complex or unusual issues are involved, and the audit is performed by a sole practitioner, it may be desirable to consult with other suitably- experienced auditors or the auditor’s professional body
  18. 18. Page 18 | Confidential and Proprietary Information ISA 315: Identifying And Assessing The Risk Of Material Misstatement Through Understanding The Entity And Its Environment Analytical Procedures Requirements—Risk Assessment procedures shall include Analytical procedures Proportional Application—Some SMEs may not have interim or monthly financial information for analytical procedures. The auditor may need to plan to perform analytical procedures to identify and assess the risks of material misstatement when an early draft of the entity’s financial statements is available
  19. 19. Page 19 | Confidential and Proprietary Information Discussion among engagement team Requirements—The engagement partner and other key engagement team members shall discuss the susceptibility of the entity’s financial statements to material misstatement, and the application of the applicable financial reporting framework to the entity’s facts and circumstances. The engagement partner shall determine which matters are to be communicated to engagement team members not involved in the discussion. Proportional Application—Many small audits are carried out entirely by the engagement partner. In such situations, it is the engagement partner who, having personally conducted the planning of the audit, would be responsible for considering the susceptibility of the entity’s financial statements to material misstatement due to fraud or error.
  20. 20. Page 20 | Confidential and Proprietary Information Measurement and review of the entity’s financial performance Requirement—The auditor shall obtain an understanding of, inter alia, the measurement and review of the entity’s financial performance. Proportional Application—Smaller entities often do not have processes to measure and review financial performance. Inquiry of management may reveal that it relies on certain key indicators for evaluating financial performance and taking appropriate action. If such inquiry indicates an absence of performance measurement or review, there may be an increased risk of misstatements not being detected and corrected.
  21. 21. Page 21 | Confidential and Proprietary Information Limitations of internal control Requirement—The auditor shall obtain an understanding of internal control relevant to the audit. Proportional Application—SMEs often have fewer employees which may limit the extent to which segregation of duties is practicable. However, the owner- manager may be able to exercise more effective oversight than in a larger entity. This oversight may compensate for the generally more limited opportunities for segregation of duties.
  22. 22. Page 22 | Confidential and Proprietary Information Obtaining understanding of control environment Proportional Application • Those charged with governance in small entities may not include an independent or outside member, and the role of governance may be undertaken directly by the owner-manager where there are no other owners. • The nature of the control environment may also influence the significance of other controls, or their absence. • Audit evidence for elements of the control environment in SMEs may not be available in documentary form • Attitudes, awareness and actions of management or the owner-manager are of particular importance to the auditor’s understanding of a smaller entity’s control environment.
  23. 23. Page 23 | Confidential and Proprietary Information Obtaining understanding of the information system, including the related business processes, relevant to financial reporting, and communication Proportional Application • Information systems and related business processes relevant to financial reporting in small entities are likely to be less sophisticated than in larger entities, but their role is just as significant. • SMEs with active management involvement may not need extensive descriptions of accounting procedures, sophisticated accounting records, or written policies. • Understanding the entity’s systems and processes may therefore be easier in an audit of smaller entities, and may be more dependent on inquiry than on review of documentation.
  24. 24. Page 24 | Confidential and Proprietary Information Obtaining understanding of control activities relevant to audit Proportional Application • The concepts underlying control activities in SMEs would be similar to those in larger entities, but the formality with which they operate may vary. • Certain types of control activities are not relevant to SMEs because of controls applied by management. • Control activities relevant to the audit of a smaller entity are likely to relate to the main transaction cycles such as revenues, purchases and employment expenses
  25. 25. Page 25 | Confidential and Proprietary Information Obtaining an understanding—monitoring of controls Proportional Application—Management’s monitoring of control is often accomplished by management’s or the owner-manager’s close involvement in operations. This involvement often will identify significant variances from expectations and inaccuracies in financial data leading to remedial action to the control
  26. 26. Page 26 | Confidential and Proprietary Information SA 330: THE AUDITOR’S RESPONSES TO ASSESSED RISKS Audit Procedures Responsive to the Assessed Risks of Material Misstatement at the Assertion Level Requirement—In designing the further audit procedures to be performed, the auditor shall consider the reasons for the assessment given to the risk of material misstatement at the assertion level for each class of transactions, account balance, and disclosure and obtain more persuasive audit evidence the higher the auditor’s assessment of risk. Proportional Application—There may not be many control activities that could be identified by the auditor, or the extent to which their existence or operation have been documented by the entity may be limited. In such cases, it may be more efficient for the auditor to perform further audit procedures that are primarily substantive procedures. In some rare cases, however, the absence of control activities or of other components of control may make it impossible to obtain sufficient appropriate audit evidence.
  27. 27. Page 27 | Confidential and Proprietary Information SA 550: RELATED PARTIES Understanding the Entity’s Related Party Relationships and Transactions Proportional Application • TCWG may not include an outside member, and the role of governance may be undertaken directly by the owner-manager where no other owner exists. • Control activities likely to be less formal and undocumented processes for dealing with related party relationships and transactions. • An owner-manager may mitigate some of the risks arising from related party transactions, or potentially increase those risks, through active involvement in all the main aspects of the transactions. • Auditor may obtain an understanding through inquiry of management combined with other procedures, such as observation of management’s oversight and review activities, and inspection of available relevant documentation.
  28. 28. Page 28 | Confidential and Proprietary Information Identified Significant Related Party Transactions outside the Entity’s Normal Course of Business Proportional application • SME may not have the same controls provided by different levels of authority and approval that may exist in a larger entity. • Auditor may rely to a lesser degree on authorization and approval for audit evidence regarding the validity of significant related party transactions outside the entity’s normal course of business. • Instead, consider performing other audit procedures such as – inspecting relevant documents, – confirming specific aspects of the transactions with relevant parties – observing the owner-manager’s involvement with the transactions
  29. 29. Page 29 | Confidential and Proprietary Information SA 570: GOING CONCERN The period of Management’s Assessment Requirement—The auditor shall evaluate management’s assessment of the entity’s ability to continue as a going concern. Proportional Application—SMEs may not have prepared a detailed assessment of the entity’s ability to continue as a going concern, but instead may rely on in- depth knowledge of the business and anticipated future prospects. • Auditor may discuss the medium and long-term financing of the entity with management, provided that management’s contentions can be corroborated by sufficient documentary evidence and are not inconsistent with the auditor’s understanding of the entity. • Continued support by owner-managers is often important to smaller entities’ ability to continue as a going concern. Where a small entity is largely financed by a loan from the owner-manager, it may be important that these funds are not withdrawn.
  30. 30. Page 30 | Confidential and Proprietary Information NOT AMENABLE TO PROPORTIONAL APPLICATION IN SMEs Include: • ISA 250—Consideration of Laws and Regulations in an Audit of Financial Statements • ISA 450—Evaluation of Misstatements Identified During the Audit • ISA 500—Audit Evidence • ISA 700, 705 & 706 – relating to formation of auditor’s opinion and contents of an audit report
  31. 31. Page 31 | Confidential and Proprietary Information ISQC 1: PROPORTIONAL APPLICATION TO SMPs • Applicability of ISQC 1—Compliance not expected for requirements that do not apply to smaller firms/sole proprietors • Documentation of QC Policies—Documentation and communication of policies and procedures for smaller firms may be less formal and extensive than for larger firms • Human Resources—Smaller firms, in particular, may employ less formal methods of evaluating the performance of their personnel
  32. 32. Page 32 | Confidential and Proprietary Information • Consultation—SMP needing to consult externally, for example, a firm without appropriate internal resources, may take advantage of advisory services provided by Other firms; Professional and regulatory bodies; or Commercial organizations that provide relevant quality control services. • Engagement QC Reviewer – Engagement partner in SMP may not to able be avoid involvement in selecting the engagement quality control reviewer. – Suitably qualified external persons may be contracted SMP identifies engagements requiring engagement QC reviews. Alternatively, some sole practitioners or small firms may wish to use other firms to facilitate engagement quality control reviews
  33. 33. Page 33 | Confidential and Proprietary Information • Monitoring – In SMPs, monitoring procedures may need to be performed by individuals who are responsible for design and implementation of the firm’s QC policies and procedures, or who may be involved in performing the engagement quality control review. – SMP with a limited number of persons may choose to use a suitably qualified external person or another firm to carry out engagement inspections and other monitoring procedures. – Alternatively, SMP may establish arrangements to share resources with other appropriate organizations to facilitate monitoring activities.
  34. 34. Page 34 | Confidential and Proprietary Information • Complaints & Allegations – In SMPs, the partner supervising the investigation not be same as the engagement partner for the engagement. – SMPs may use the services of a suitably qualified external person or another firm to carry out the investigation into complaints and allegations – SMPs may use more informal methods in the documentation of their systems of quality control such as manual notes, checklists and forms.
  35. 35. Page 35 | Confidential and Proprietary Information Knowledge Sharing—Implementation ISA Guide Volume 1 • Fundamental concepts of a risk-based audit in conformance with the ISAs ISA Guide Volume 2 • Practical guidance on performing SME audits. Includes two illustrative case studies—one of an SME audit and one of a micro-entity audit
  36. 36. Page 36 | Confidential and Proprietary Information Knowledge Sharing—Implementation (cont) • QC Guide • Helps SMPs apply ISQC 1 proportionately and efficiently. Includes guidance, case study, two sample QC manuals and checklists • Reference, training, customize manuals and checklists
  37. 37. Page 37 | Confidential and Proprietary Information • Global Knowledge Gateway • News, views, resources, thought leadership— Knowledge Sharing • 10 topic areas including Audit & Assurance, Practice Management and Ethics • IFAC Global Knowledge Gateway I
  38. 38. Page 38 | Confidential and Proprietary Information IFAC Global Knowledge Gateway II
  39. 39. Page 39 | Confidential and Proprietary Information IAASB ENHANCING AUDIT QUALITY ITC • The IAASB has released its Invitation to Comment, Enhancing Audit Quality in the Public Interest: A Focus on Professional Skepticism, Quality Control and Group Audits (the ITC). • The comment period is open through May 16, 2016.
  40. 40. Page 40 | Confidential and Proprietary Information References—IAASB • Staff Q&A, Applying ISAs Proportionately with the Size and Complexity of an Entity: resources/staff-questions-answers-applying-isas-proportionately- size-and-complexity-ent • Staff Q&A, Applying ISQC 1 Proportionately with the Nature and Size of a Firm: %20ISQC%201%20Proportionality_FINAL.pdf • The Clarified ISAs—Findings from the Post-Implementation Review: findings-post-implementation-review
  41. 41. Page 41 | Confidential and Proprietary Information References—Knowledge Sharing/Implementation • Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities (Third Edition) (incl. companion manual and slides): auditing-audits-small-and-medium-sized-en • Guide to Quality Control for Small- and Medium-Sized Practices (Third Edition) (incl. companion manual and slides): quality-control-small-and-medium-sized-practices-third-edition-0 • Boosting the Quality and Efficiency of Smaller Entity Audits article: smaller-entity-audits • Tips for Cost-Effective ISA Application article: resources/tips-cost-effective-isa-application • Tips for Cost-Effective ISQC 1 Application article:
  42. 42.