Audit planning and risk assessment


Published on

Published in: Economy & Finance, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Audit planning and risk assessment

  1. 1. Audit Planning With Analytical Procedures, Risk, and Materiality Edward A. Dion County Auditor's Office
  2. 2. Audit Planning <ul><li>Audit planning tools used to guide and direct audit work are classified as </li></ul><ul><ul><li>preliminary risk assessment, </li></ul></ul><ul><ul><li>preliminary materiality decisions, </li></ul></ul><ul><ul><li>preliminary analytical procedures, and </li></ul></ul><ul><ul><li>audit programs </li></ul></ul>
  3. 3. The Audit Risk Model <ul><li>Audit risk is the probability that an auditor will give an inappropriate opinion on financial statements. The auditing profession has no official standard for an acceptable level of overall audit risk, except that it should be “acceptably low.” </li></ul>
  4. 4. The Audit Risk Model (Client) <ul><li>Inherent risk is the probability that material misstatements have occurred in transactions entering the accounting system used to prepare financial statements. </li></ul><ul><li>Control risk is the probability that the client's internal control system will fail to detect material misstatements. Control risk should not be assessed so low that complete reliance is on controls and no other audit work is performed. </li></ul>
  5. 5. The Audit Risk Model (Auditor) <ul><li>Detection risk is the probability that audit procedures will fail to produce evidence of material misstatements. </li></ul><ul><li>Detection risk is realized when substantive procedures fail to detect material misstatements. </li></ul><ul><li>Substantive procedures include </li></ul><ul><ul><ul><ul><li>audit of the details of transactions or balances, and </li></ul></ul></ul></ul><ul><ul><ul><ul><li>analytical procedures. </li></ul></ul></ul></ul>
  6. 6. The Audit Risk Model <ul><li>Audit risk can be expressed in the following model which assumes the elements to be independent: </li></ul><ul><ul><li>Audit risk (AR) = Inherent risk (IR) x Control risk (CR) x Detection risk (DR). </li></ul></ul>
  7. 7. The Audit Risk Model <ul><li>DR = (Detection risk) </li></ul><ul><li>AR (Audit risk) </li></ul><ul><li>(IR x CR) (Inherent risk x Control risk) </li></ul>
  8. 8. Preliminary Assessment of Planning Materiality <ul><li>Materiality is considered to be the largest amount of uncorrected dollar misstatement that could exist in published financial statements, yet still be fairly presented in conformity with GAAP (i.e., not misleading). </li></ul>
  9. 9. Planning Materiality <ul><li>Some of the common factors auditors use in making judgment are </li></ul><ul><ul><li>absolute size, </li></ul></ul><ul><ul><li>relative size, </li></ul></ul><ul><ul><li>nature of the item or issue, </li></ul></ul><ul><ul><li>circumstances, </li></ul></ul><ul><ul><li>uncertainty, and </li></ul></ul><ul><ul><li>cumulative effects. </li></ul></ul>
  10. 10. Assignment of Materiality <ul><li>Bottoms-up approach—judging materiality amounts in each account separately, then combining them to determine the overall effect. </li></ul><ul><li>Top-down approach—judging an overall material amount for the financial statements and then allocating it to particular accounts. </li></ul>
  11. 11. Planning Materiality <ul><li>The concept of materiality is used by auditors as a guide </li></ul><ul><ul><ul><li>to planning the audit program, </li></ul></ul></ul><ul><ul><ul><li>to evaluation of the evidence, and </li></ul></ul></ul><ul><ul><ul><li>for making decisions about the audit report. </li></ul></ul></ul>
  12. 12. Preliminary Analytical Procedures <ul><li>Analytical procedures must be applied in the beginning stages of each audit. </li></ul><ul><li>Preliminary analytical procedures are primarily attention directing. </li></ul>
  13. 13. Preliminary Analytical Procedures <ul><li>Five general types of procedures for analysis of current year account balance are as follows: </li></ul><ul><ul><li>Compare to balances for one or more comparable periods. </li></ul></ul><ul><ul><li>Compare to anticipated results (budget and forecasts). </li></ul></ul><ul><ul><li>Evaluate relationships to other current-year balances for conformity with predictable patterns. </li></ul></ul><ul><ul><li>Compare with similar industry information. </li></ul></ul><ul><ul><li>Study relationships with relevant non–financial information. </li></ul></ul>
  14. 14. Audit Programs <ul><li>An internal control program contains procedures to obtain an understanding of the client's business and management's control structure, and for assessing the inherent and control risk. </li></ul><ul><li>A balance-audit program contains substantive procedures for gathering direct evidence about the five assertions about dollar amounts in the account balances </li></ul>
  15. 15. Internal Control Evaluation: Assessing Control Risk <ul><li>The Second Standard of Field Work </li></ul><ul><ul><li>A sufficient understanding of the internal control structure is to be obtained to plan the audit and to determine the nature, timing, and extent of tests to be performed. </li></ul></ul><ul><ul><li>How will the auditor's understanding of the internal control structure influence the nature, timing, and extent of audit tests? </li></ul></ul><ul><ul><li>The Audit Risk Model (Assessment of Control Risk) AR = IR x CR x DR Competence of Evidential Matter (AU326.19b.): The more effective the internal control structure, the more assurance it provides about the reliability of the accounting data and financial statements. </li></ul></ul>
  16. 16. Internal Control Components. <ul><li>Control environment </li></ul><ul><li>Risk assessment </li></ul><ul><li>Control activities </li></ul><ul><li>Control monitoring </li></ul><ul><li>Control information and communication </li></ul>
  17. 17. Management versus Auditor Responsibility <ul><li>Management is responsible for establishing and maintaining components of the entity's internal control. </li></ul><ul><li>External and internal auditors are responsible for evaluating existing internal controls and assessing the related control risk. </li></ul>
  18. 18. General Categories of Internal Control Errors, Irregularities, and Misstatements <ul><li>Invalid transactions are recorded (validity). </li></ul><ul><li>Valid transactions are omitted from the accounts (completeness). </li></ul><ul><li>Unauthorized transactions are executed and recorded (authorization). </li></ul><ul><li>Transaction amounts are inaccurate (accuracy). </li></ul><ul><li>Transactions are classified in the wrong accounts (classification). </li></ul><ul><li>Transaction accounting and posting is incorrect (accounting/posting). Transactions are recorded in the wrong period (proper period). </li></ul>
  19. 19. Internal Control Deficiencies <ul><li>Reportable Conditions </li></ul><ul><ul><li>Reportable conditions represent significant deficiencies in the design or operation of the internal controls that could adversely affect the organization's ability to record, process, summarize, and report financial data in the financial statements. (AU32) </li></ul></ul><ul><li>Material Weaknesses . </li></ul><ul><ul><li>A material weakness in internal control, which is a more serious reportable condition, is a condition in which internal controls do not adequately lower the risk level of material errors in the financial statements and may not be found on a timely basis by employees of the entity. (AU325) </li></ul></ul>
  20. 20. The Auditor’s Evaluation Process <ul><li>Understand a client's financial reporting controls. </li></ul><ul><li>Document the understanding. </li></ul><ul><li>Assess the control risk. </li></ul><ul><li>Use the control risk assessment to plan remaining audit work. </li></ul>
  21. 21. Control Objectives <ul><li>Validity. Ensure that recorded transactions are the ones that should have been recorded. </li></ul><ul><li>Completeness. Ensure that valid transactions are not omitted entirely from the accounting records. </li></ul><ul><li>Authorization. Ensure that transactions are approved before they are recorded. </li></ul><ul><li>Accuracy. Ensure that dollar amounts are figured correctly. </li></ul><ul><li>Classification. Ensure that transactions are recorded in the right accounts. </li></ul><ul><li>Accounting and Posting. Ensure that the accounting process for a transaction is completely performed and in conformity with GAAP. </li></ul><ul><li>Proper period. Ensure that transactions are accounted for in the period in which they occur. </li></ul>
  22. 22. Control Risk Assessment <ul><li>General Control Considerations. Proper segregation of responsibilities for authorization, custody, recording and reconciliation. </li></ul><ul><li>Persons who handle cash should be insured under a fidelity bond. </li></ul><ul><li>Provide for detail error-checking activities. </li></ul><ul><li>Information about the control system can be gathered by an internal control questionnaire, a “walk-through” or a “sample of one.” </li></ul>
  23. 23. Detail Test of Controls Audit Procedures <ul><li>The general control objectives (validity, completeness, authorization, accuracy, classification, accounting and posting, and proper period recording) must be related to the revenue cycle activities. </li></ul>
  24. 24. Detail Test of Controls Audit Procedures <ul><li>Detail tests of control procedures include </li></ul><ul><ul><li>identification of the data population from which a sample will be selected for audit, and </li></ul></ul><ul><ul><li>the action to be taken to produce relevant evidence (the action involves vouching, tracing, observing, scanning, and recalculation). </li></ul></ul><ul><li>Test of controls audit procedures can be used to audit the accounting transactions in two directions: </li></ul><ul><ul><li>Completeness </li></ul></ul><ul><ul><li>Validity. </li></ul></ul>
  25. 25. Control Risk Assessment (completed) <ul><li>Summary: Control Risk Assessment and the Audit Risk Model AR = IR x CR x DR </li></ul>
  26. 26. Substantive Testing <ul><li>Existence/Occurrence </li></ul><ul><li>Completeness </li></ul><ul><li>Valuation </li></ul><ul><li>Rights/Obligations </li></ul><ul><li>Presentation and Disclosure </li></ul><ul><li>Confirmations </li></ul>
  27. 27. Confirmation of Accounts and Notes Receivable <ul><li>Positive confirmation </li></ul><ul><li>Negative confirmation </li></ul>
  28. 28. Confirmation Evidence Issues <ul><li>Assertions </li></ul><ul><li>Negative v. Positive </li></ul><ul><li>Respondent </li></ul><ul><li>Facsimile responses (faxes) </li></ul><ul><li>Alternative Procedures </li></ul>
  29. 29. Bank Reconciliations <ul><li>Accounts Receivable Lapping </li></ul><ul><ul><li>Lapping is the process whereby an employee takes receipts and attempts to cover up by using later receipts to credit accounts of customers from which receipts were taken. </li></ul></ul><ul><li>Check Kiting </li></ul><ul><ul><li>Check kiting is the practice of building up apparent balances in one bank account based on uncollected checks drawn against similar accounts in other banks. </li></ul></ul>
  30. 30. Bank Reconciliations <ul><ul><li>Proof of Cash The “proof of cash” is a reconciliation in which the bank balance, the bank report of cash deposited, and the bank report of cash paid are all reconciled to the client's general ledger. </li></ul></ul>