SlideShare a Scribd company logo

Risk-Assessment-.pptx

Download as PPTX, PDF
S
Siraj332397

Audit

Data & Analytics
1 of 63
Insert Presentation Title Here Challenging Risk Assessment in Planning an Audit – PLANNING THE AUDIT FOR EFFECTIVENESS AND EFFICIENCY Annette Eustice, CPA, CGFM 231.627.8381 annette.eustice@rehmann.com March 5, 2017
OBJECTIVE • Risk assessment is a key requirement in the planning phase of an audit. The objective of this presentation is to provide the participant with a brief overview of the risk assessment planning process of an audit, documentation requirements, and how to best plan an audit around the conclusions developed from the risk assessment planning process.
EXAMPLES OF CHALLENGES IN RISK ASSESSMENT • Risks identified - no audit response • Risks identified in planning are not considered in the risk assessment. • Fraud risks identified are not reflected in risk assessment and no audit response is prepared. • Areas identified as significant in other planning are not identified as significant in the risk assessment planning.
EXAMPLES OF CHALLENGES IN RISK ASSESSMENT • Audit responses crafted to address identified risks are not reflected in the audit program. • Audit procedures to be performed (added) which are documented in risk assessment are not added in the audit program (tailoring). • Low risk areas identified during risk assessment as areas being addressed using a limited approach and to be documented on a lead sheet are actually supported by a formal audit program with basic or extended procedures in the audit program.
WHAT WOULD YOU DO IF? • You had unlimited time to complete an audit and the client was willing to pay you an unlimited amount to do it right? • You have a fixed fee contract of $20,000 and 100 hours to complete the engagement
WHAT IS RISK ASSESSMENT? Audit Procedures • Concentrate audit effort in high risk areas – Inherent risk – Control risk • Perform less extensive procedures in low risk areas Linkage Risk Assessment • Obtain an understanding of the client, including internal control • Identify and assess risks of material misstatement of the financial statements • Evaluate both overall risks and risks that affect only specific assertions
The Cycle of Risk Assessment • Assess risks at the FS level • Develop an audit strategy • Assess risks at the relevant assertion level • Test controls (if applicable) • Develop a detailed audit plan • Substantive Audit Procedures • Engagement Team Discussion • Materiality • Risk Assessment Procedures • Understand the entity and its environment, including internal control • Client acceptance/continuance • Establishing an understanding with the client. Preliminary Engagement Activities Planning and Risk Assessment Procedures Assessing Risk and Developing Responses Perform Further Audit Procedures
Client Acceptance/Continuance Consider:  Nature and purpose of engagement  Client’s reputation, integrity, and competence  Communication with predecessor  Compliance with ethical requirements, including independence  Adequacy of accounting records  Firm resources and competence  Engagement economics  Other risk concerns
Planning and Risk Assessment Procedures Perform a retrospective review of accounting estimates Understand the entity and its environment, including internal control Perform risk assessment procedures Determine materiality Hold an engagement team discussion
Engagement Team Discussion  Discuss the susceptibility of the financial statements to material misstatement  Consider fraud risks and risks of error  Include:  Critical issues and areas of significant audit risk  Areas susceptible to management override of controls  Unusual accounting practices  Important control systems  Materiality considerations  Need to exercise professional skepticism  Business risks  Fraud considerations
Engagement Team Discussion (cont.)  Attendance: Auditor with final responsibility Key members of engagement team Tax Personnel Concurring Reviewers  Document: How the discussion occurred, the subject matter, who participated, and decisions about planned responses
Materiality • Apply professional judgment • Consider decisions that users make • Use appropriate benchmarks, such as % of assets or revenue • Re-evaluate materiality as the audit progresses. If lower, reconsider: Level of performance materiality Adequacy of procedures
Materiality • Document: Materiality at the financial statement level If applicable, materiality level(s) for particular transaction classes, account balances, or disclosures Performance materiality Factors considered in their determination Any revisions made during the audit
Perform Risk Assessment Procedures Two categories of audit procedures: Risk Assessment Procedures Further Audit Procedures Both Provide Audit Evidence
Risk Assessment Procedures Risk Assessment Procedures Inquiry Observation and Inspection Analytical Procedures
Risk Assessment Procedures • Performed to obtain an understanding of the entity and its environment, including internal control, for the purpose of assessing risks • All of the procedures should be performed • Inquiry alone is not sufficient to understand internal control • Provide audit evidence
Required Inquiries  Inquire about:  Fraud  Related parties  Accounting estimates  Compliance with laws and regulations  Service organizations
Observation and Inspection • Inspect documents and records • Read internal reports and minutes • Read external information • Visit premises and plant facilities • Trace transactions through the system (walkthroughs)
Analytical Procedures • Preliminary analytical procedures • Analytical procedures related to revenue required by AU-C 240 • To enhance understanding of the business and identify potential risk areas
Understanding the Entity and Its Environment • Perform risk assessment procedures (inquiry, analytics, observation, and inspection) to gather information about: Industry, regulatory, and other external factors Nature of the entity Objectives, strategies, and related business risks Measurement and review of the entity’s financial performance Selection and application of accounting policies
Understanding the Entity and Its Environment • Consider the presence of fraud risk factors • Update information obtained in prior years by performing risk assessment procedures to determine if the information has changed
Understanding Internal Control Control Environment Risk Assessment Information and Communication Monitoring Control Activities 22
Understanding Internal Control • Understand design and implementation • Perform inquiry, observation, and inspection • Inquiry alone is not sufficient to understand the design and implementation of controls 23
Understanding Internal Control • Evaluate the design and implementation of controls— Related to significant risks Related to risks that cannot be tested effectively using substantive procedures alone • Understand— How the incorrect processing of transactions is resolved How detail is reconciled to the general ledger for material accounts 24
Understanding Internal Control • Document the following: Understanding of internal control components Sources of information Procedures performed Controls evaluated related to significant risks and risks for which substantive procedures alone are not effective
Understanding Internal Control Document the processing of transactions for each significant transaction class Document the financial close and reporting process
Identifying Significant Transaction Classes • Transaction classes that present a reasonable possibility of material misstatement of the financial statements or disclosures based on: Volume of activity Size and composition of accounts Types of transactions Presence of fraud risks or other significant risks Changes from the prior period
Understanding Significant Transaction Classes • How are transactions initiated and authorized? • How are transactions recorded and processed? • How are transactions reconciled? • What reports are generated and how are they used?
Understanding Significant Transaction Classes • Consider control objectives: Completeness: All transactions are recorded Occurrence: All recorded transactions occurred and pertain to the entity Accuracy: Transactions are recorded in the proper amount Classification: Transactions are recorded in the proper account Cutoff: Transactions are recorded in the proper period
Documenting Significant Transaction Classes • Narrative description • Focus on key controls and control objectives related to identified risks • How are control objectives achieved? • What controls are in place to address significant or fraud risks? • Are controls properly designed and implemented?
Performing Walkthroughs • Select one or a few transactions • Trace from initial creation of the source document to final posting in the general ledger • Inspect documents and records used in processing, make inquiries, and observe procedures being performed
Tests of Controls • Perform tests of controls if: Relying on them to reduce the risk assessment Substantive tests alone are not adequate • Inquiry alone is not sufficient for testing controls 32
Tests of Controls • Rotational tests of controls are permitted: Obtain evidence about whether the controls have changed using inquiry, observation, and inspection If controls have changed, rotation is not appropriate Test a control at least once every three years If several controls are rotationally tested, test some controls each year If relying on controls for significant risks, controls must be tested in the current year 33
Retrospective Review of Accounting Estimates • Performed to evaluate: Effectiveness of management’s estimation process Information relevant to current year estimates The need for disclosure The existence of possible management bias
Assessing Risks and Developing Responses Develop the detailed audit plan Assess risks at the relevant assertion level Develop the overall audit strategy Assess risks at the financial statement level
Assess Risks at the Financial Statement Level • Identify risks that are pervasive to the financial statements and potentially affect many assertions • Assess the risk of material misstatement at the financial statement level • Develop overall responses • Document the risk assessment and the responses 36
Develop the Overall Audit Strategy • Characteristics of the engagement that define its scope • Reporting objectives of the engagement • Important factors that determine audit focus • Resources needed to perform the audit 37
Factors That Determine Audit Focus • Materiality levels • Overall risks and responses • Preliminary identification of high risk audit areas • Preliminary identification of material locations and accounts • Whether you plan to test controls • Composition and deployment of the audit team 38
Assess Risks at the Relevant Assertion Level • Identify risks of material misstatement (due to error or fraud) for specific— Account balances Transaction classes Disclosures • Consider what can go wrong at the relevant assertion level 39
Assess Risks at the Relevant Assertion Level Account Balances, Transaction Classes, Disclosures Existence or Occurrence Completeness Rights or Obligations Valuation or Allocation Accuracy or Classification Cutoff 40
Assess Risks at the Relevant Assertion Level • Assessing risks at the assertion level Are the risks of a magnitude that could result in material misstatement? What is the likelihood that the risks could result in material misstatement? • Likelihood is a function of: Inherent risk Control risk • Need a basis for the assessment 41
Assess Risks at the Relevant Assertion Level • Identify significant risks that require special audit consideration Fraud risks Other significant risks • Significant risks often relate to: Significant economic, accounting, or other developments Complex, non-routine, or judgmental matters Transactions with related parties 42
Assess Risks at the Relevant Assertion Level • Identify risks for which substantive procedures alone are not adequate • Revise the risk assessment and reconsider planned audit procedures if audit evidence contradicts the original risk assessment
Assess Risks at the Relevant Assertion Level • Document the following: Risk assessment at the relevant assertion level Basis for the assessment Significant risks Risks for which substantive procedures alone are not adequate 44
The Detailed Audit Plan • The nature, timing, and extent of further audit procedures to respond to the risk assessment (i.e., the audit program) • Provides linkage between the risk assessment and the responses at the assertion level 45
Tailoring the Audit Programs • No audit program • Used for insignificant audit areas with low RMM Low RMM • Primarily substantive analytics • Some tests of details (required by SASs) Low to Moderate RMM • Tests of details and extended analytics • For audit areas or assertions with higher risk Moderate to High RMM
Performing Further Audit Procedures Further Audit Procedures Tests of Controls Substantive Procedures Substantive Procedures Tests of Details Substantive Analytical Procedures 47
Substantive Procedures • Test all relevant assertions for material account balances, transaction classes, and disclosures • Perform procedures specifically to address significant risks • Substantive analytical procedures alone are not sufficient for significant risks 48
Substantive Procedures • Perform the following substantive procedures in all audits: Agree the financial statements and notes to the accounting records Examine material journal entries and other adjustments made when preparing the financial statements Procedures required by AU-C 240 to address the risk of management override of controls 49
IMPACT OF THE CLARITY STANDARDS (AU-C-300) • Engagement partner has to be involved in the planning of the audit and must include key members of the audit team. • The auditor has to plan the nature, timing and extent of the supervision of the team and the review of its work. Planning the supervision and review wasn’t explicit before. • Auditor has to document the audit strategy and the reasons for changes in the audit strategy or audit plan.
IMPACT OF THE CLARITY STANDARDS – Auditor was expected to consider all other non-audit services. Now it requires considering ONLY the engagement partner’s prior engagements for the entity. AU-300.08
IMPACT OF THE CLARITY STANDARDS – In addition to the features that didn’t change, the auditor is now required to specifically consider whether the control environment promotes a culture of honesty. AU-C-315.15 – Auditor has to specifically consider whether the lack of a risk assessment process is a material weakness or significant deficiency. This was implicit in SAS No. 115, but is explicit here. AU-C-315.18 – The auditor has to specifically consider the internal audit function, if there is one, in assessing risk. AU-C-315.24
IMPACT OF THE CLARITY STANDARDS – Auditor was expected to consider all other non-audit services. Now it requires considering ONLY the engagement partner’s prior engagements for the entity. AU 314.13 – Audit team discussion was to include critical issues and need for skepticism. Skepticism still applies but does not required to be explicitly discussed. AU 314.18-19 – Auditor had to consider the reliability and precision of information used in performance measures. AU 314.38 – Auditor was required to understand reconciliation procedures for significant accounts – now only for material accounts. AU 314.90
IMPACT OF THE CLARITY STANDARDS – The auditor should revise FS materiality during the audit in light of information that would have suggested a different amount if the auditor had the information when originally calculating materiality. Implied before but explicit now. AU-C-320.12 – The auditor has to document separate materiality levels for transaction classes, account balances, or disclosures when he or she determines that otherwise immaterial misstatements in them would affect the decision of users. AU-C-320.14
IMPACT OF THE CLARITY STANDARDS – The auditor should obtain more persuasive evidence the higher the risk assessment. AU-C-330.07 – When tests of controls reveal deviations, the auditor should make specific inquiries to understand the consequences of deviations and determine whether there is a basis for reliance, whether additional tests are necessary, and whether the risk of material misstatement needs to be addressed through substantive procedures. AU-C-330.17 – Accounts receivable should be confirmed. This was only presumption under SAS 67. AU-C-330.20
IMPACT OF THE CLARITY STANDARDS – If unexpected misstatements are found at an interim date, the auditor should determine whether the plan should be modified. AU-C-330.22 – The method of item selection should be effective to meet the purpose of the procedure. AU-C-330.23
1. Can you use a standard audit program? An auditor can use a standard program as the core of the procedures to be applied rather than starting with a blank piece of paper. But, the programs have to be tailored to address the risks specific to the engagement. On recurring engagements, it is reasonable to use the prior year’s audit programs as a starting point and revise them for new conditions or to introduce additional efficiencies or an element of unpredictability.
2. Who should attend a planning meeting? • The standards do not specify who should attend, but some auditors recommend that, when practical, all members of the team participate in the discussion. There are advantages to this • Everyone, including the newest staff, can learn from the partner’s perspective. • In many cases, the partner has the most perspective on the business. • The manager and in-charge have knowledge that the partner may not have. • Each team member who participated in the prior engagement has a different perspective to bring to the table. • Even staff level people may know things, such as available reports or systems information, that more senior people may have forgotten or not be as familiar with. The standards DO state that the Partner and Key Members of the Audit Team should be involved in planning.
3. Are walkthroughs required on all controls? Every year? AU-C-315.14 says the auditor should evaluate the design of controls and determine whether they have been implemented. Implementation means that the control exists and the entity is using it. So, the auditor has to apply a procedure – a walk through – to make sure the controls that he or she understands to be in existence have been put into operation. However, AU- C315.A68 notes that assessing implementation of an ineffectively-designed control is of little use, so walkthroughs of those controls are unnecessary. Assessing effectiveness of the controls’ design before determining implementation can limit walkthroughs to only those controls that appear to be effective. • On the other hand, if controls are deemed ineffective, the auditor has to consider the ramifications in assessing risk and has to consider whether the control weaknesses have to be reported to management and those charged with governance.
4. If the entire audit is conducted by the Engagement Partner, is documentation of the engagement team discussion necessary? AU-C230 A19 says that in such an audit, the documentation need not include items that serve solely to inform or instruct members of the engagement team or evidence review of the work. (This acknowledgement is new to SAS 122). Accordingly, the discussion does not have to be documented. But risks identified and the responses to them would still have to be documented.
5. Is the calculation of performance materiality the same as for tolerable misstatement? There is no new requirement, merely a new term. The same factors for performance materiality are used for tolerable misstatement.
6. Did the clarification standards raise the bar on the need to confirm accounts receivable? SAS 67 did not contain an explicit requirement to confirm accounts receivable. The standard stopped just short of a requirement; it said that unless any of three conditions are present, there is a presumption that receivables would be confirmed. The auditor could overcome this presumption, but had to document how the presumption was overcome. Under the clarified standard, it is a requirement, if the auditor does not comply, he or she has to document how, in the absence of obtaining accounts receivable confirmations, the intent of the requirement was achieved. So, while the standard technically raises the bar, it is unlikely to cause much change in practice. •
Questions? Annette Eustice, Principal Cheboygan Office of Rehmann 231.627.8381 (work) 231.290.2780 (mobile) annette.eustice@rehmann.com

Recommended

SFC Plan of engagement
SFC Plan of engagementSFC Plan of engagement
SFC Plan of engagementJonathan Lamboi
 
Internal control
Internal controlInternal control
Internal controlSALIH AHMED ISLAM
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal AuditKaran Puri
 
Internal Control
Internal ControlInternal Control
Internal ControlSalih Islam
 
Internal audit RBIA and Lifecyle approach
Internal audit RBIA and Lifecyle approachInternal audit RBIA and Lifecyle approach
Internal audit RBIA and Lifecyle approachsubbusai82
 
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.pptSiraj332397
 
Completing the Audit - Module 1 part 2.ppt
Completing the Audit - Module 1 part 2.pptCompleting the Audit - Module 1 part 2.ppt
Completing the Audit - Module 1 part 2.pptnicolauscopernicus3
 
Argannoo Odiitii Auditing-Degu Desta (3).pptx
Argannoo Odiitii Auditing-Degu Desta (3).pptxArgannoo Odiitii Auditing-Degu Desta (3).pptx
Argannoo Odiitii Auditing-Degu Desta (3).pptxmiadjafar463
 

Recommended

SFC Plan of engagement
SFC Plan of engagementSFC Plan of engagement
SFC Plan of engagementJonathan Lamboi
 
Internal control
Internal controlInternal control
Internal controlSALIH AHMED ISLAM
 
Standards of Internal Audit
Standards of Internal AuditStandards of Internal Audit
Standards of Internal AuditKaran Puri
 
Internal Control
Internal ControlInternal Control
Internal ControlSalih Islam
 
Internal audit RBIA and Lifecyle approach
Internal audit RBIA and Lifecyle approachInternal audit RBIA and Lifecyle approach
Internal audit RBIA and Lifecyle approachsubbusai82
 
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.ppt
0210-RISK-BASED-AUDIT-APPROACH-new-20211020142926.pptSiraj332397
 
Completing the Audit - Module 1 part 2.ppt
Completing the Audit - Module 1 part 2.pptCompleting the Audit - Module 1 part 2.ppt
Completing the Audit - Module 1 part 2.pptnicolauscopernicus3
 
Argannoo Odiitii Auditing-Degu Desta (3).pptx
Argannoo Odiitii Auditing-Degu Desta (3).pptxArgannoo Odiitii Auditing-Degu Desta (3).pptx
Argannoo Odiitii Auditing-Degu Desta (3).pptxmiadjafar463
 
Chapter 7
Chapter 7Chapter 7
Chapter 7EasyStudy3
 
Chapter 7
Chapter 7Chapter 7
Chapter 7EasyStudy3
 
Practical approach to auditing v2
Practical approach to auditing v2Practical approach to auditing v2
Practical approach to auditing v2Edu Umechukwu
 
Risk Based Approach to Auditing Financial Statements.pptx
Risk Based Approach to Auditing Financial Statements.pptxRisk Based Approach to Auditing Financial Statements.pptx
Risk Based Approach to Auditing Financial Statements.pptxhesnib
 
Internal controls
Internal controlsInternal controls
Internal controlsGeetali Tare
 
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - JordanAuditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - JordanEng. A.karam Al Malkawi
 
Audit practice manual of ICMA Pakistan By: Tariq Mahmood FCA, ACMA
Audit practice manual of ICMA Pakistan By: Tariq Mahmood FCA, ACMAAudit practice manual of ICMA Pakistan By: Tariq Mahmood FCA, ACMA
Audit practice manual of ICMA Pakistan By: Tariq Mahmood FCA, ACMAmichrist75
 
AUDIT-PLANNING.pptx
AUDIT-PLANNING.pptxAUDIT-PLANNING.pptx
AUDIT-PLANNING.pptxKennethNinalga
 
The EISA Audit Presentation
The EISA Audit PresentationThe EISA Audit Presentation
The EISA Audit PresentationSenthil Kumar Manian (Amirtham)
 
6. audit techniques
6. audit techniques6. audit techniques
6. audit techniquesSyed Osama Rizvi
 
kainat aiman wajiha QUALITY ,MANAGEW,MANE TO.pptx
kainat aiman wajiha QUALITY ,MANAGEW,MANE TO.pptxkainat aiman wajiha QUALITY ,MANAGEW,MANE TO.pptx
kainat aiman wajiha QUALITY ,MANAGEW,MANE TO.pptxalihassanfarooq19
 
Final (international standard on auditing 315)
Final (international standard on auditing 315)Final (international standard on auditing 315)
Final (international standard on auditing 315)Usama Abid
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsNimonik
 
Compliance Basics Presentation
Compliance Basics PresentationCompliance Basics Presentation
Compliance Basics PresentationCompliagent
 
International Standards on Auditing - Cayman Funds (2017)
International Standards on Auditing - Cayman Funds (2017)International Standards on Auditing - Cayman Funds (2017)
International Standards on Auditing - Cayman Funds (2017)David Walker
 
Evaluation_Training.pptx
Evaluation_Training.pptxEvaluation_Training.pptx
Evaluation_Training.pptxlovelampsys
 
PECB Webinar: The significance of auditing in maintaining a certified ISO 900...
PECB Webinar: The significance of auditing in maintaining a certified ISO 900...PECB Webinar: The significance of auditing in maintaining a certified ISO 900...
PECB Webinar: The significance of auditing in maintaining a certified ISO 900...PECB
 
Audit Report Writing
Audit Report WritingAudit Report Writing
Audit Report WritingMira Anuar
 
unit 5.pptx
unit 5.pptxunit 5.pptx
unit 5.pptxGadisaFitala
 
Compliance Capability
Compliance CapabilityCompliance Capability
Compliance Capabilitynikatmalik
 
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改atducpo
 

More Related Content

Similar to Risk-Assessment-.pptx

Practical approach to auditing v2
Practical approach to auditing v2Practical approach to auditing v2
Practical approach to auditing v2Edu Umechukwu
 
Risk Based Approach to Auditing Financial Statements.pptx
Risk Based Approach to Auditing Financial Statements.pptxRisk Based Approach to Auditing Financial Statements.pptx
Risk Based Approach to Auditing Financial Statements.pptxhesnib
 
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - JordanAuditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - JordanEng. A.karam Al Malkawi
 
Audit practice manual of ICMA Pakistan By: Tariq Mahmood FCA, ACMA
Audit practice manual of ICMA Pakistan By: Tariq Mahmood FCA, ACMAAudit practice manual of ICMA Pakistan By: Tariq Mahmood FCA, ACMA
Audit practice manual of ICMA Pakistan By: Tariq Mahmood FCA, ACMAmichrist75
 
kainat aiman wajiha QUALITY ,MANAGEW,MANE TO.pptx
kainat aiman wajiha QUALITY ,MANAGEW,MANE TO.pptxkainat aiman wajiha QUALITY ,MANAGEW,MANE TO.pptx
kainat aiman wajiha QUALITY ,MANAGEW,MANE TO.pptxalihassanfarooq19
 
Final (international standard on auditing 315)
Final (international standard on auditing 315)Final (international standard on auditing 315)
Final (international standard on auditing 315)Usama Abid
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsNimonik
 
Compliance Basics Presentation
Compliance Basics PresentationCompliance Basics Presentation
Compliance Basics PresentationCompliagent
 
International Standards on Auditing - Cayman Funds (2017)
International Standards on Auditing - Cayman Funds (2017)International Standards on Auditing - Cayman Funds (2017)
International Standards on Auditing - Cayman Funds (2017)David Walker
 
Evaluation_Training.pptx
Evaluation_Training.pptxEvaluation_Training.pptx
Evaluation_Training.pptxlovelampsys
 
PECB Webinar: The significance of auditing in maintaining a certified ISO 900...
PECB Webinar: The significance of auditing in maintaining a certified ISO 900...PECB Webinar: The significance of auditing in maintaining a certified ISO 900...
PECB Webinar: The significance of auditing in maintaining a certified ISO 900...PECB
 
Audit Report Writing
Audit Report WritingAudit Report Writing
Audit Report WritingMira Anuar
 
Compliance Capability
Compliance CapabilityCompliance Capability
Compliance Capabilitynikatmalik
 

Similar to Risk-Assessment-.pptx (20)

Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
Practical approach to auditing v2
Practical approach to auditing v2Practical approach to auditing v2
Practical approach to auditing v2
 
Risk Based Approach to Auditing Financial Statements.pptx
Risk Based Approach to Auditing Financial Statements.pptxRisk Based Approach to Auditing Financial Statements.pptx
Risk Based Approach to Auditing Financial Statements.pptx
 
Internal controls
Internal controlsInternal controls
Internal controls
 
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - JordanAuditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
Auditing Management systems based on ISO19011 By Eng. Karam Malkawi - Jordan
 
Audit practice manual of ICMA Pakistan By: Tariq Mahmood FCA, ACMA
Audit practice manual of ICMA Pakistan By: Tariq Mahmood FCA, ACMAAudit practice manual of ICMA Pakistan By: Tariq Mahmood FCA, ACMA
Audit practice manual of ICMA Pakistan By: Tariq Mahmood FCA, ACMA
 
AUDIT-PLANNING.pptx
AUDIT-PLANNING.pptxAUDIT-PLANNING.pptx
AUDIT-PLANNING.pptx
 
The EISA Audit Presentation
The EISA Audit PresentationThe EISA Audit Presentation
The EISA Audit Presentation
 
6. audit techniques
6. audit techniques6. audit techniques
6. audit techniques
 
kainat aiman wajiha QUALITY ,MANAGEW,MANE TO.pptx
kainat aiman wajiha QUALITY ,MANAGEW,MANE TO.pptxkainat aiman wajiha QUALITY ,MANAGEW,MANE TO.pptx
kainat aiman wajiha QUALITY ,MANAGEW,MANE TO.pptx
 
Final (international standard on auditing 315)
Final (international standard on auditing 315)Final (international standard on auditing 315)
Final (international standard on auditing 315)
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
 
Compliance Basics Presentation
Compliance Basics PresentationCompliance Basics Presentation
Compliance Basics Presentation
 
International Standards on Auditing - Cayman Funds (2017)
International Standards on Auditing - Cayman Funds (2017)International Standards on Auditing - Cayman Funds (2017)
International Standards on Auditing - Cayman Funds (2017)
 
Evaluation_Training.pptx
Evaluation_Training.pptxEvaluation_Training.pptx
Evaluation_Training.pptx
 
PECB Webinar: The significance of auditing in maintaining a certified ISO 900...
PECB Webinar: The significance of auditing in maintaining a certified ISO 900...PECB Webinar: The significance of auditing in maintaining a certified ISO 900...
PECB Webinar: The significance of auditing in maintaining a certified ISO 900...
 
Audit Report Writing
Audit Report WritingAudit Report Writing
Audit Report Writing
 
unit 5.pptx
unit 5.pptxunit 5.pptx
unit 5.pptx
 
Compliance Capability
Compliance CapabilityCompliance Capability
Compliance Capability
 

Recently uploaded

代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改atducpo
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...Suhani Kapoor
 
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...Suhani Kapoor
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfLars Albertsson
 
VIP High Class Call Girls Bikaner Anushka 8250192130 Independent Escort Servi...
VIP High Class Call Girls Bikaner Anushka 8250192130 Independent Escort Servi...VIP High Class Call Girls Bikaner Anushka 8250192130 Independent Escort Servi...
VIP High Class Call Girls Bikaner Anushka 8250192130 Independent Escort Servi...Suhani Kapoor
 
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...Florian Roscheck
 
Ukraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSUkraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSAishani27
 
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiLow Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiSuhani Kapoor
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一ffjhghh
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz1
 
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls DubaiDubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls Dubaihf8803863
 
Log Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptxLog Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptxJohnnyPlasten
 
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiVIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiSuhani Kapoor
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfMarinCaroMartnezBerg
 
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...Pooja Nehwal
 

Recently uploaded (20)

꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
꧁❤ Aerocity Call Girls Service Aerocity Delhi ❤꧂ 9999965857 ☎️ Hard And Sexy ...
 
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
 
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
 
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
VIP High Class Call Girls Jamshedpur Anushka 8250192130 Independent Escort Se...
 
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
 
Schema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdfSchema on read is obsolete. Welcome metaprogramming..pdf
Schema on read is obsolete. Welcome metaprogramming..pdf
 
VIP High Class Call Girls Bikaner Anushka 8250192130 Independent Escort Servi...
VIP High Class Call Girls Bikaner Anushka 8250192130 Independent Escort Servi...VIP High Class Call Girls Bikaner Anushka 8250192130 Independent Escort Servi...
VIP High Class Call Girls Bikaner Anushka 8250192130 Independent Escort Servi...
 
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...From idea to production in a day – Leveraging Azure ML and Streamlit to build...
From idea to production in a day – Leveraging Azure ML and Streamlit to build...
 
Ukraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICSUkraine War presentation: KNOW THE BASICS
Ukraine War presentation: KNOW THE BASICS
 
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiLow Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signals
 
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls DubaiDubai Call Girls Wifey O52&786472 Call Girls Dubai
Dubai Call Girls Wifey O52&786472 Call Girls Dubai
 
Log Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptxLog Analysis using OSSEC sasoasasasas.pptx
Log Analysis using OSSEC sasoasasasas.pptx
 
E-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptxE-Commerce Order PredictionShraddha Kamble.pptx
E-Commerce Order PredictionShraddha Kamble.pptx
 
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service AmravatiVIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
VIP Call Girls in Amravati Aarohi 8250192130 Independent Escort Service Amravati
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
 
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Decoding Loan Approval: Predictive Modeling in Action
Decoding Loan Approval: Predictive Modeling in ActionDecoding Loan Approval: Predictive Modeling in Action
Decoding Loan Approval: Predictive Modeling in Action
 
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
 

Risk-Assessment-.pptx

  • 1. Insert Presentation Title Here Challenging Risk Assessment in Planning an Audit – PLANNING THE AUDIT FOR EFFECTIVENESS AND EFFICIENCY Annette Eustice, CPA, CGFM 231.627.8381 annette.eustice@rehmann.com March 5, 2017
  • 2. OBJECTIVE • Risk assessment is a key requirement in the planning phase of an audit. The objective of this presentation is to provide the participant with a brief overview of the risk assessment planning process of an audit, documentation requirements, and how to best plan an audit around the conclusions developed from the risk assessment planning process.
  • 3. EXAMPLES OF CHALLENGES IN RISK ASSESSMENT • Risks identified - no audit response • Risks identified in planning are not considered in the risk assessment. • Fraud risks identified are not reflected in risk assessment and no audit response is prepared. • Areas identified as significant in other planning are not identified as significant in the risk assessment planning.
  • 4. EXAMPLES OF CHALLENGES IN RISK ASSESSMENT • Audit responses crafted to address identified risks are not reflected in the audit program. • Audit procedures to be performed (added) which are documented in risk assessment are not added in the audit program (tailoring). • Low risk areas identified during risk assessment as areas being addressed using a limited approach and to be documented on a lead sheet are actually supported by a formal audit program with basic or extended procedures in the audit program.
  • 5. WHAT WOULD YOU DO IF? • You had unlimited time to complete an audit and the client was willing to pay you an unlimited amount to do it right? • You have a fixed fee contract of $20,000 and 100 hours to complete the engagement
  • 6. WHAT IS RISK ASSESSMENT? Audit Procedures • Concentrate audit effort in high risk areas – Inherent risk – Control risk • Perform less extensive procedures in low risk areas Linkage Risk Assessment • Obtain an understanding of the client, including internal control • Identify and assess risks of material misstatement of the financial statements • Evaluate both overall risks and risks that affect only specific assertions
  • 7. The Cycle of Risk Assessment • Assess risks at the FS level • Develop an audit strategy • Assess risks at the relevant assertion level • Test controls (if applicable) • Develop a detailed audit plan • Substantive Audit Procedures • Engagement Team Discussion • Materiality • Risk Assessment Procedures • Understand the entity and its environment, including internal control • Client acceptance/continuance • Establishing an understanding with the client. Preliminary Engagement Activities Planning and Risk Assessment Procedures Assessing Risk and Developing Responses Perform Further Audit Procedures
  • 8. Client Acceptance/Continuance Consider:  Nature and purpose of engagement  Client’s reputation, integrity, and competence  Communication with predecessor  Compliance with ethical requirements, including independence  Adequacy of accounting records  Firm resources and competence  Engagement economics  Other risk concerns
  • 9. Planning and Risk Assessment Procedures Perform a retrospective review of accounting estimates Understand the entity and its environment, including internal control Perform risk assessment procedures Determine materiality Hold an engagement team discussion
  • 10. Engagement Team Discussion  Discuss the susceptibility of the financial statements to material misstatement  Consider fraud risks and risks of error  Include:  Critical issues and areas of significant audit risk  Areas susceptible to management override of controls  Unusual accounting practices  Important control systems  Materiality considerations  Need to exercise professional skepticism  Business risks  Fraud considerations
  • 11. Engagement Team Discussion (cont.)  Attendance: Auditor with final responsibility Key members of engagement team Tax Personnel Concurring Reviewers  Document: How the discussion occurred, the subject matter, who participated, and decisions about planned responses
  • 12. Materiality • Apply professional judgment • Consider decisions that users make • Use appropriate benchmarks, such as % of assets or revenue • Re-evaluate materiality as the audit progresses. If lower, reconsider: Level of performance materiality Adequacy of procedures
  • 13. Materiality • Document: Materiality at the financial statement level If applicable, materiality level(s) for particular transaction classes, account balances, or disclosures Performance materiality Factors considered in their determination Any revisions made during the audit
  • 14. Perform Risk Assessment Procedures Two categories of audit procedures: Risk Assessment Procedures Further Audit Procedures Both Provide Audit Evidence
  • 16. Risk Assessment Procedures • Performed to obtain an understanding of the entity and its environment, including internal control, for the purpose of assessing risks • All of the procedures should be performed • Inquiry alone is not sufficient to understand internal control • Provide audit evidence
  • 17. Required Inquiries  Inquire about:  Fraud  Related parties  Accounting estimates  Compliance with laws and regulations  Service organizations
  • 18. Observation and Inspection • Inspect documents and records • Read internal reports and minutes • Read external information • Visit premises and plant facilities • Trace transactions through the system (walkthroughs)
  • 19. Analytical Procedures • Preliminary analytical procedures • Analytical procedures related to revenue required by AU-C 240 • To enhance understanding of the business and identify potential risk areas
  • 20. Understanding the Entity and Its Environment • Perform risk assessment procedures (inquiry, analytics, observation, and inspection) to gather information about: Industry, regulatory, and other external factors Nature of the entity Objectives, strategies, and related business risks Measurement and review of the entity’s financial performance Selection and application of accounting policies
  • 21. Understanding the Entity and Its Environment • Consider the presence of fraud risk factors • Update information obtained in prior years by performing risk assessment procedures to determine if the information has changed
  • 22. Understanding Internal Control Control Environment Risk Assessment Information and Communication Monitoring Control Activities 22
  • 23. Understanding Internal Control • Understand design and implementation • Perform inquiry, observation, and inspection • Inquiry alone is not sufficient to understand the design and implementation of controls 23
  • 24. Understanding Internal Control • Evaluate the design and implementation of controls— Related to significant risks Related to risks that cannot be tested effectively using substantive procedures alone • Understand— How the incorrect processing of transactions is resolved How detail is reconciled to the general ledger for material accounts 24
  • 25. Understanding Internal Control • Document the following: Understanding of internal control components Sources of information Procedures performed Controls evaluated related to significant risks and risks for which substantive procedures alone are not effective
  • 26. Understanding Internal Control Document the processing of transactions for each significant transaction class Document the financial close and reporting process
  • 27. Identifying Significant Transaction Classes • Transaction classes that present a reasonable possibility of material misstatement of the financial statements or disclosures based on: Volume of activity Size and composition of accounts Types of transactions Presence of fraud risks or other significant risks Changes from the prior period
  • 28. Understanding Significant Transaction Classes • How are transactions initiated and authorized? • How are transactions recorded and processed? • How are transactions reconciled? • What reports are generated and how are they used?
  • 29. Understanding Significant Transaction Classes • Consider control objectives: Completeness: All transactions are recorded Occurrence: All recorded transactions occurred and pertain to the entity Accuracy: Transactions are recorded in the proper amount Classification: Transactions are recorded in the proper account Cutoff: Transactions are recorded in the proper period
  • 30. Documenting Significant Transaction Classes • Narrative description • Focus on key controls and control objectives related to identified risks • How are control objectives achieved? • What controls are in place to address significant or fraud risks? • Are controls properly designed and implemented?
  • 31. Performing Walkthroughs • Select one or a few transactions • Trace from initial creation of the source document to final posting in the general ledger • Inspect documents and records used in processing, make inquiries, and observe procedures being performed
  • 32. Tests of Controls • Perform tests of controls if: Relying on them to reduce the risk assessment Substantive tests alone are not adequate • Inquiry alone is not sufficient for testing controls 32
  • 33. Tests of Controls • Rotational tests of controls are permitted: Obtain evidence about whether the controls have changed using inquiry, observation, and inspection If controls have changed, rotation is not appropriate Test a control at least once every three years If several controls are rotationally tested, test some controls each year If relying on controls for significant risks, controls must be tested in the current year 33
  • 34. Retrospective Review of Accounting Estimates • Performed to evaluate: Effectiveness of management’s estimation process Information relevant to current year estimates The need for disclosure The existence of possible management bias
  • 35. Assessing Risks and Developing Responses Develop the detailed audit plan Assess risks at the relevant assertion level Develop the overall audit strategy Assess risks at the financial statement level
  • 36. Assess Risks at the Financial Statement Level • Identify risks that are pervasive to the financial statements and potentially affect many assertions • Assess the risk of material misstatement at the financial statement level • Develop overall responses • Document the risk assessment and the responses 36
  • 37. Develop the Overall Audit Strategy • Characteristics of the engagement that define its scope • Reporting objectives of the engagement • Important factors that determine audit focus • Resources needed to perform the audit 37
  • 38. Factors That Determine Audit Focus • Materiality levels • Overall risks and responses • Preliminary identification of high risk audit areas • Preliminary identification of material locations and accounts • Whether you plan to test controls • Composition and deployment of the audit team 38
  • 39. Assess Risks at the Relevant Assertion Level • Identify risks of material misstatement (due to error or fraud) for specific— Account balances Transaction classes Disclosures • Consider what can go wrong at the relevant assertion level 39
  • 40. Assess Risks at the Relevant Assertion Level Account Balances, Transaction Classes, Disclosures Existence or Occurrence Completeness Rights or Obligations Valuation or Allocation Accuracy or Classification Cutoff 40
  • 41. Assess Risks at the Relevant Assertion Level • Assessing risks at the assertion level Are the risks of a magnitude that could result in material misstatement? What is the likelihood that the risks could result in material misstatement? • Likelihood is a function of: Inherent risk Control risk • Need a basis for the assessment 41
  • 42. Assess Risks at the Relevant Assertion Level • Identify significant risks that require special audit consideration Fraud risks Other significant risks • Significant risks often relate to: Significant economic, accounting, or other developments Complex, non-routine, or judgmental matters Transactions with related parties 42
  • 43. Assess Risks at the Relevant Assertion Level • Identify risks for which substantive procedures alone are not adequate • Revise the risk assessment and reconsider planned audit procedures if audit evidence contradicts the original risk assessment
  • 44. Assess Risks at the Relevant Assertion Level • Document the following: Risk assessment at the relevant assertion level Basis for the assessment Significant risks Risks for which substantive procedures alone are not adequate 44
  • 45. The Detailed Audit Plan • The nature, timing, and extent of further audit procedures to respond to the risk assessment (i.e., the audit program) • Provides linkage between the risk assessment and the responses at the assertion level 45
  • 46. Tailoring the Audit Programs • No audit program • Used for insignificant audit areas with low RMM Low RMM • Primarily substantive analytics • Some tests of details (required by SASs) Low to Moderate RMM • Tests of details and extended analytics • For audit areas or assertions with higher risk Moderate to High RMM
  • 47. Performing Further Audit Procedures Further Audit Procedures Tests of Controls Substantive Procedures Substantive Procedures Tests of Details Substantive Analytical Procedures 47
  • 48. Substantive Procedures • Test all relevant assertions for material account balances, transaction classes, and disclosures • Perform procedures specifically to address significant risks • Substantive analytical procedures alone are not sufficient for significant risks 48
  • 49. Substantive Procedures • Perform the following substantive procedures in all audits: Agree the financial statements and notes to the accounting records Examine material journal entries and other adjustments made when preparing the financial statements Procedures required by AU-C 240 to address the risk of management override of controls 49
  • 50. IMPACT OF THE CLARITY STANDARDS (AU-C-300) • Engagement partner has to be involved in the planning of the audit and must include key members of the audit team. • The auditor has to plan the nature, timing and extent of the supervision of the team and the review of its work. Planning the supervision and review wasn’t explicit before. • Auditor has to document the audit strategy and the reasons for changes in the audit strategy or audit plan.
  • 51. IMPACT OF THE CLARITY STANDARDS – Auditor was expected to consider all other non-audit services. Now it requires considering ONLY the engagement partner’s prior engagements for the entity. AU-300.08
  • 52. IMPACT OF THE CLARITY STANDARDS – In addition to the features that didn’t change, the auditor is now required to specifically consider whether the control environment promotes a culture of honesty. AU-C-315.15 – Auditor has to specifically consider whether the lack of a risk assessment process is a material weakness or significant deficiency. This was implicit in SAS No. 115, but is explicit here. AU-C-315.18 – The auditor has to specifically consider the internal audit function, if there is one, in assessing risk. AU-C-315.24
  • 53. IMPACT OF THE CLARITY STANDARDS – Auditor was expected to consider all other non-audit services. Now it requires considering ONLY the engagement partner’s prior engagements for the entity. AU 314.13 – Audit team discussion was to include critical issues and need for skepticism. Skepticism still applies but does not required to be explicitly discussed. AU 314.18-19 – Auditor had to consider the reliability and precision of information used in performance measures. AU 314.38 – Auditor was required to understand reconciliation procedures for significant accounts – now only for material accounts. AU 314.90
  • 54. IMPACT OF THE CLARITY STANDARDS – The auditor should revise FS materiality during the audit in light of information that would have suggested a different amount if the auditor had the information when originally calculating materiality. Implied before but explicit now. AU-C-320.12 – The auditor has to document separate materiality levels for transaction classes, account balances, or disclosures when he or she determines that otherwise immaterial misstatements in them would affect the decision of users. AU-C-320.14
  • 55. IMPACT OF THE CLARITY STANDARDS – The auditor should obtain more persuasive evidence the higher the risk assessment. AU-C-330.07 – When tests of controls reveal deviations, the auditor should make specific inquiries to understand the consequences of deviations and determine whether there is a basis for reliance, whether additional tests are necessary, and whether the risk of material misstatement needs to be addressed through substantive procedures. AU-C-330.17 – Accounts receivable should be confirmed. This was only presumption under SAS 67. AU-C-330.20
  • 56. IMPACT OF THE CLARITY STANDARDS – If unexpected misstatements are found at an interim date, the auditor should determine whether the plan should be modified. AU-C-330.22 – The method of item selection should be effective to meet the purpose of the procedure. AU-C-330.23
  • 57. 1. Can you use a standard audit program? An auditor can use a standard program as the core of the procedures to be applied rather than starting with a blank piece of paper. But, the programs have to be tailored to address the risks specific to the engagement. On recurring engagements, it is reasonable to use the prior year’s audit programs as a starting point and revise them for new conditions or to introduce additional efficiencies or an element of unpredictability.
  • 58. 2. Who should attend a planning meeting? • The standards do not specify who should attend, but some auditors recommend that, when practical, all members of the team participate in the discussion. There are advantages to this • Everyone, including the newest staff, can learn from the partner’s perspective. • In many cases, the partner has the most perspective on the business. • The manager and in-charge have knowledge that the partner may not have. • Each team member who participated in the prior engagement has a different perspective to bring to the table. • Even staff level people may know things, such as available reports or systems information, that more senior people may have forgotten or not be as familiar with. The standards DO state that the Partner and Key Members of the Audit Team should be involved in planning.
  • 59. 3. Are walkthroughs required on all controls? Every year? AU-C-315.14 says the auditor should evaluate the design of controls and determine whether they have been implemented. Implementation means that the control exists and the entity is using it. So, the auditor has to apply a procedure – a walk through – to make sure the controls that he or she understands to be in existence have been put into operation. However, AU- C315.A68 notes that assessing implementation of an ineffectively-designed control is of little use, so walkthroughs of those controls are unnecessary. Assessing effectiveness of the controls’ design before determining implementation can limit walkthroughs to only those controls that appear to be effective. • On the other hand, if controls are deemed ineffective, the auditor has to consider the ramifications in assessing risk and has to consider whether the control weaknesses have to be reported to management and those charged with governance.
  • 60. 4. If the entire audit is conducted by the Engagement Partner, is documentation of the engagement team discussion necessary? AU-C230 A19 says that in such an audit, the documentation need not include items that serve solely to inform or instruct members of the engagement team or evidence review of the work. (This acknowledgement is new to SAS 122). Accordingly, the discussion does not have to be documented. But risks identified and the responses to them would still have to be documented.
  • 61. 5. Is the calculation of performance materiality the same as for tolerable misstatement? There is no new requirement, merely a new term. The same factors for performance materiality are used for tolerable misstatement.
  • 62. 6. Did the clarification standards raise the bar on the need to confirm accounts receivable? SAS 67 did not contain an explicit requirement to confirm accounts receivable. The standard stopped just short of a requirement; it said that unless any of three conditions are present, there is a presumption that receivables would be confirmed. The auditor could overcome this presumption, but had to document how the presumption was overcome. Under the clarified standard, it is a requirement, if the auditor does not comply, he or she has to document how, in the absence of obtaining accounts receivable confirmations, the intent of the requirement was achieved. So, while the standard technically raises the bar, it is unlikely to cause much change in practice. •
  • 63. Questions? Annette Eustice, Principal Cheboygan Office of Rehmann 231.627.8381 (work) 231.290.2780 (mobile) annette.eustice@rehmann.com