Engagement and Quality Control Standards - An Overview

1
Engagement and Quality Control Standards - An
Overview
Session III
2
An Overview of Engagement and Quality Control
Standards

• Authority and Preface
• Standards on Quality Control (SQCs)
• Framework for Assurance Engagements
• Engagement Standards
• Standards on Auditing - 100 - 999
• 100 199 Introductory Matters
• 200 - 299 General Principles Responsibilities
• 300 499 Risk Assessment Response to Assessed
  Risks
• 500 599 Audit Evidence
• 600 699 Using Work of Others
• 700 799 Audit Conclusions Reporting
• 800 899 Specialised Areas
• 2000 2699 Standards on Review Engagements
  (SREs)
• 3000 3699 Standards on Assurance Engagements
  (SAEs)
• 4400 4699 Standards on Related Services (SRSs)

3
Contd./

• Standards on Review Engagements 2000 - 2699
• 2400 Engagements to Review Financial Statements
• Standards on Assurance Engagements 3000 3699
• 3000 3399 Applicable to all assurance
  engagements
• 3400 3699 Subject Specific Standards
• 3400 The Examination of Prospective Financial
  Information
• Standards on Related Services 4400 4699
• 4400 Engagements to Perform Agree upon
  Procedures regarding Financial Information
• 4410 Engagements to Compile Financial
  Information

4
Authority and Preface

5
Preface to the Standards on Quality Control,
Auditing, Review, Other Assurance and Related
Services

• Introduction
• Revised Preface Facilitates understanding of the
  pronouncements issued by AASB under the authority
  of the Council
• ICAIs commitment to the goal of providing high
  quality accountancy services, acceptable world
  wide
• Develops and promulgates technical standards and
  other professional literature
• Effective from April 1, 2008

6
Relationship with IAASB

• ICAI is a founder member of IFAC
• Membership obligation convergence with
  International Standards issued by IAASB of IFAC

7
Whats new about Standards Issued by AASB

• AASs concept done away with. Engagement
  Standards concept introduced.

Standards on Quality Control(SQCs)
Engagement Standards
Stds. on Assurance Engagements(SAEs)
Stds. on Auditing(SAs)
Stds. on Review Engagements(SREs)
Stds. on Related Services(SRSs)
8
Standards on Auditing (SAs)

• Mandatory
• Applied in audit of Financial Statements by an
  independent auditor
• Expression of opinion
• Objective of Audit is to obtain reasonable
  assurance.
• Unable to fulfill objective of an audit, SAs
  requires the auditor to
• Modify his audit opinion
• Withdraw from the engagement
• Materially in compliance with financial reporting
  framework
• Reasonable assurance

9
Format of SAs

• Until now Running text

10
New Format of SAs - IAASB Clarity Convention
SA
Section II Application Material
Section I Requirements section

• Objective
• Introductory
• Definitions
• Requirements
• Represented by
• use of SHALL

• Explanatory guidance
• Appendices

11
Other Significant Aspects

• Compliance with SAs
• Mandatory
• Departure only if alternate audit procedures
  achieve objective of SAs
• Document reasons for departure
• Document alternative procedures
• Report to draw attention
• SA not applicable if situation outlined in SA is
  absent.
• Document alternative procedures performed

12
Standards on Quality Control

• Apply to firms
• In respect of all their services falling under
  the Engagement Standards issue by AASB

13
Other Standards

• Old format continues
• Standard portion in BOLD use of SHOULD
• Explanatory guidance in plain
• Running text

14
New Framework

• Structure of Engagement Standards issued by AASB

Chartered Accountants Act, 1949, Code of Ethics
and other relevant pronouncements of the ICAI
Standards on Quality Control (SQCs)
Services covered by the pronouncements of AASB
Related Services
Assurance Services
Framework for Assurance Engagements
Audits and reviews of historical financial
information
Assurance Engagements other than audits or
reviews of historical financial information
Standards on Auditing (SAs)100 - 999
Standards on Review Engagements (SREs) 2000 - 2699
Standards on Assurance Engagements (SAEs)3000 -
3699
Standards on Related Services (SRSs)4000 - 4699
15
Standard on Quality Control (SQC) 1Quality
Control for Firms that Perform Audits Reviews
of Historical Financial Information, and Other
Assurance Related Services Engagements-
Effective from April 1, 2009
16
Objective

• Firms responsibility for its system of quality
  of control for
• audits and reviews of historical financial
  information
• Other assurance and related services engagements
• Note
• Quality control responsibility of firm personnel
  for specific engagements set out in other
  Standards, e.g., AAS 17.

17
System of Quality Control

• All firms to have system of quality control that
  provides reasonable assurance that
• Firm personnel comply with professional
  standards, regulatory legal requirements.
• Reports issued by partners are appropriate in the
  circumstances.

18
Elements of System of Quality Control

• Leadership responsibilities for QC
• Ethical requirements
• Client acceptance/ continuance
• Human resources
• Engagement performance
• Monitoring

19

• Document QC policies procedures
• Description of QC policies
• Objectives to be achieved therefrom
• Communicate to all firm personnel
• All responsible for quality
• All expected to comply
• Obtain feedback on QC system from personnel

20
I. Leadership Responsibilities for QC

• Firm to design policies/ procedures
• To promote internal culture
• Require CEO/ managing partner to assume ultimate
  responsibility for QC
• Leaders to recognise quality precedes business
  objectives
• Assign management responsibilities appropriately
• HR policies to demonstrate firms QC commitment
• Sufficient resources for development,
  documentation support of QC policies
  procedures
• Person delegated the QC responsibility by CEO/
  Managing partner to have sufficient appropriate
  experience ability, necessary authority to
  assume responsibility

21
II. Ethical Requirements

• Establish policies procedures ? reasonable
  assurance
• Firm personnel comply with relevant ethical
  requirements
• Fundamental ethical principles
• Integrity
• Objectivity
• Professional competence due care
• Confidentiality
• Professional behaviour
• Ethical requirements enshrine INDEPENDENCE
• Contd./

22
Independence

• Establish policies procedures ? reasonable
  assurance that
• Maintenance of independence by relevant personnel
• Firm notified of breaches of independence
  requirements
• Policies procedures should enable
• Communication of independence requirements to
  personnel others
• Identification evaluation of circumstances/
  relationships threatening independence
• Take appropriate action for elimination/
  reduction of threats/ withdrawal from engagement
• Resolution of breaches of independence
• Contd./

23

• Contd./
• Policies/ procedures should require

24

• Contd./
• Annual written confirmation as to compliance with
  independence requirements
• Familiarity threat
• Created by using same senior personnel on
  assurance engagements
• Create policies procedures
• Criteria for need for safeguards to reduce
  familiarity threat
• Audit of FS of listed entities rotation of
  engagement partner at least every 7 years

25
III. Client Acceptance Continuance

• Establish policies/ procedures ? reasonable
  assurance that clients are accepted/ continued
  only where
• Client integrity has been considered no
  information top conclude that client lacks
  integrity
• Firm competent to perform engagement
  capability, time resources
• Can comply with ethical requirements
• Document how issues were resolved
• Contd./.

26
Withdrawal from Engagement

• Policies to address following issues
• Discussion with appropriate level of management
  those charged with governance
• If withdrawal necessary, discuss with management
  those charged with governance
• Professional/ regulatory requirement to
• Not to withdraw, or
• Report withdrawal from engagement and/ or client
  relationship
• Documentation of significant issues,
  consultations, conclusions, basis fro conclusions

27
IV. Human Resources

• Establish policies/ procedures ? reasonable
  assurance
• Sufficient personnel with capabilities,
  competence commitment to ethical principles
• Enable firm/ partners to issue reports
  appropriate in circumstances
• Issues to be addressed by HR policies

28
Assignment of Engagement Teams

• Responsibility for each engagement to be assigned
  to engagement partner.
• Policies/ procedures to ensure that
• Identity role of engagement partner
  communicated to key personnel of client
  management those charged with governance.
• Engagement partner is capable competent has
  time authority for engagement.
• Responsibility of engagement partner clearly
  defined communicated to him/ her.
• Assign appropriate staff
• Assessment of staff capability competence
• Contd./.

29
V. Engagement Performance

• Establish policies/ procedures ? reasonable
  assurance
• Compliance with professional standards
• Compliance with laws/ regulations
• Engagement partner issues reports appropriate in
  the circumstances
• Aspects to be addressed by policies
• Briefing engagement teams
• Process for complying with engagement standards
• Process of supervision, staff training coaching
• Contd./.

30

• Contd./
• Methods of reviewing work, judgments, form of
  reports
• Appropriate documentation of work performed of
  timing extent of review
• Processes to keep all policies/ procedures
  current
• Important aspects of engagement performance
• Supervision
• Review
• Consultation
• Differences of opinion
• Engagement QC review
• Nature, timing extent of EQC review
• Eligibility criteria for EQC reviewer
• Documentation of EQC review
• Engagement documentation
• Assembly of final audit file
• Confidentiality, safe custody, accessibility of
  engagement documentation
• Documentation retention
• Documentation ownership
• Contd./

31
VI. Monitoring

• Policies procedures ? reasonable assurance that
  QC policies/ procedures are
• Relevant
• Adequate
• Operating effectively
• Complied with in practice
• Involves on going consideration evaluation of
  QC system, includes periodic inspection of
  completed assignments.

32

• contd./..
• Communicate results of monitoring to engagement
  partners, CEO, managing partner other
  appropriate individuals at least annually.
• Communication to include
• A description of the monitoring procedures
  performed.
• The conclusions drawn from the monitoring
  procedures.
• Where relevant, a description of systemic,
  repetitive or other significant deficiencies and
  of the actions taken to resolve or amend those
  deficiencies.
• Contd./

33

• Contd./
• For network firms
• Monitoring system to be in accordance with SQC
• At least annually, the network communicates the
  overall scope, extent and results of the
  monitoring process to appropriate individuals
  within the network firms
• The network communicates promptly any identified
  deficiencies in the quality control system to
  appropriate individuals within the relevant
  network firm or firms so that the necessary
  action can be taken and
• Engagement partners in the network firms are
  entitled to rely on the results of the monitoring
  process implemented within the network, unless
  the firms or the network advises otherwise.
• Contd./

34
VII. Documentation

• Policies/ procedures for documentation to provide
  evidence of operation of each element of QC
  system
• Form content factors to consider
• size of the firm and the number of offices.
• degree of authority both personnel and offices
  have.
• nature and complexity of the firms practice and
  organization.
• Retention
• Time period sufficient to permit evaluation of
  firms compliance with QC system.
• Longer period, if required by law.

35
Framework for Assurance EngagementsEffective
from April 1, 2008
36
FRAMEWORK FOR ASSURANCE ENGAGEMENTS

• Introduction
• Definition and objective of Assurance Engagements
• Scope of framework
• Engagement acceptance ? criteria
• Elements of assurance engagements
• Inappropriate use of practitioners name

37
Scope

• What this Framework Defines
• Elements of Assurance Engagements
• Objectives of Assurance Engagements
• Engagements to which Framework applies
• Useful for
• Professional Accountants in Public Practice
• Users of assurance reports and responsible
  parties
• AASB Engagement Standards to be consistent with
  the Framework
• Framework Does Not Apply to
• All non-assurance engagements
• Agreed-upon Procedures
• Compilation
• Preparation of Tax returns
• Consulting engagements-Management on Tax
  Consulting

38
Assurance Engagement
Subject matter
Criteria
evaluation
outcome
Practitioner
Responsible party
Evidence gathering
Opinion
Enhanced confidence
Assurance Report
Intended users
39
Engagement Circumstances

• Terms of engagement
• Characteristic of subject matter
• Criteria
• Needs of intended users
• Characteristics of Responsible Party
• Environment of Relevant Party
• Other matters
• Events
• Transactions
• Conditions
• Practices

40
Elements of Assurance Engagement

• Three party relationship
• Appropriate subject matter
• Suitable criteria
• Sufficient appropriate evidence
• Written assurance report

41
Engagement Standards
42
An Overview of Engagement Standards

• Engagement Standards
• Standards on Auditing - 100 - 999
• 100 199 Introductory Matters
• 200 - 299 General Principles Responsibilities
  (9)
• 300 499 Risk Assessment Response to Assessed
  Risks (5)
• 500 599 Audit Evidence (11)
• 600 699 Using Work of Others (3)
• 700 799 Audit Conclusions Reporting (2)
• 800 899 Specialised Areas
• 2000 2699- Standards on Review Engagements
  (SREs) (1)
• 3000 3699- Standards on Assurance Engagements
  (SAEs) (1)
• 4400 4699- Standards on Related Services (SRSs)
  (2)

43
200 - 299 General Principles and Responsibilities

• SA 200 Basic Principles Governing an Audit
• SA 200A Objective and Scope of the Audit of
  Financial Statements
• SA 220 Quality Control for Audit Work
• Revised SA 230 - Audit Documentation
• Revised SA 240 - The Auditors Responsibilities
  Relating to Fraud in an Audit of Financial
  Statements
• Revised SA 250 - The Auditors Responsibilities
  Relating to Laws and Regulation in an Audit of
  Financial Statements
• SA 210 - Terms of Audit Engagement
• Revised SA 260 - Communication with Those Charged
  with Governance
• SA 299 - Responsibility of Joint Auditors

Hitherto known as SA 230, Documentation Hithe
rto known as SA 240, The Auditors
Responsibility to Consider Fraud and Error in an
Audit of Financial Statements Hitherto known
as SA 250, Consideration of the Laws and
Regulations in an Audit of Financial
Statements Hitherto known as SA 260,
Communications of Audit Matters to Those Charged
with Governance
44
SA 200, Basic Principles Governing an Audit

• Integrity, Objectivity and Independence
• Confidentiality
• Skills and Competence
• Work Performed by Others
• Documentation
• Planning
• Audit Evidence
• Accounting System and Internal Control
• Audit Conclusions and Reporting
• Effective from April 1, 1985

45
SA 200A, Objective and Scope of Audit

• Objective of audit is to express an opinion.
• Auditors opinion is neither an assurance as to
  the future viability nor reflects the efficiency
  or effectiveness with which the Management has
  conducted the affairs.
• Scope of Audit.
• Effective from April 1, 1985

46
SA 210, Terms of Audit Engagement

• To agree on the terms of the engagement and
  changes, if any Auditor and the client
• Auditor to send an engagement letter before the
  commencement of engagement
• Avoid any misunderstanding between the client and
  the auditor
• Provide written confirmation of
• Acceptance of appointment
• Scope of Audit
• Form of Report
• Effective from April 1, 2003

47
SA 210 Contd

• Nature of Audit
• Managements responsibility
• Unrestricted access to records and information
• Audit Process is subject of Peer Review Process
• Fees and billing arrangements
• Planning arrangements
• Reference to Management representations
• Arrangements concerning the involvement of
• Internal auditors
• Other auditors and Experts
• Arrangements with previous auditor
• Any restriction on auditors liability.

48
SA 210 Contd

• Normally, no need for sending the letter every
  year. However, annual review is must
• Factors to be considered for sending a new letter
• Change in terms of engagement before completion
  of audit to provide different levels of assurance
• Change in circumstances
• Misunderstanding as to the nature of auditor or
  related service
• Restriction on scope of the engagement.

49
SA 220, Quality Control

• Quality Control Policies Audit Firms Level
• Professional Requirements
• Skills and Competence
• Assignment
• Delegation
• Consultation
• Acceptance and Retention of clients
• Monitoring
• Quality control policies Individual Audit Level
• Direction
• Supervision
• Review
• Effective from April 1, 1999

50
Revised SA 230, Audit Documentation

• Coverage
• Introduction-Scope Effective Date
• Objective
• Definitions
• Requirements/ Application Guidance
• Timely Preparation of Audit Documentation
• Documentation of the Audit Procedures Performed
  and Audit Evidence Obtained
• Assembly of the Final Audit File- Timely basis
  after date of audit report-Within 60 days (SQC 1)
• Retention period 10 years from date of audit
  report
• Ownership of Documentation-Unless otherwise
  specified, property of the Auditor.
• Effective from April 1, 2009

51
ContdAudit Documentation

• Record of
• audit procedures performed
• relevant audit evidence obtained
• conclusions reached
• Also known as working papers, work papers

52
Scope
To be adapted to audits of other
historical fin info
Auditors responsibility to prepare audit
dox for an audit of FS
Scope
Specific dox requirements of other SAs do not
limit application of this SA
LR may establish additional requirements
53
Nature Purpose
Evidence of basis for conclusion re achievement
of overall objectives
Evidence of audit planning performance as
per SAs LR
54
Compliance with SAs and LR

• Compliance with SA 230 normally results in
  sufficient appropriate audit dox.
• Absence of specific dox requirements in an SA
  does not necessarily mean NIL dox wrt that SA.
• Not necessary/ practicable to document every
  matter.
• Professional skepticism cannot be document but
  demonstrated through dox.
• Document discussion with TCWG and Mgt. on
  significant matters
• Not restricted to records prepared by auditor
• Document how the inconsistency was addressed
• No need to retain incorrect/ superseded dox.

55
Revised SA 240, The Auditors Responsibility
Relating to Fraud in an Audit of Financial
Statements

• Coverage
• Scope- Deals with auditors responsibilities
  relating to fraud in audit of FS
• Objectives
• Definitions
• Requirements
• Application and Other Explanatory Material
• Appendices
• Effective from April 1, 2009

Responsibility for Fraud Prevention- TCWG Mgt.
Responsibility of Auditor- Obtain reasonable
assurance that FS are free of material
misstatements, exercise Professional skepticism
56
Frauds to Consider
Incentive/ pressure
Frauds
Intentional omission of amounts/ disclosures
Theft of assets
Fraudulent financial reporting
Misappropriation of Assets
Perceived Opportunity
Ability to Rationalise
57
Objectives of the Auditor

• Identify and assess risks of material
  misstatements due to fraud
• Obtain sufficient appropriate audit evidence
  about assessed risks
• Respond appropriately to identified/ suspected
  fraud

58

• Fraud
• intentional act
• one or more persons
• use of deception
• obtain unjust advantage
• Fraud Risk factors indicate
• Incentive/ pressure to commit fraud
• Provide opportunity for fraud

59
Requirements

• Professional skepticism
• Discussion among engagement team
• Risk Assessment Procedures and Related Activities
• Identification assessment of risks of material
  misstatements- Financial statement level- at
  assertion level, classes of transactions, account
  balances, disclosures
• Responses to assessed risks of material
  misstatement
• Evaluation of audit evidence
• Auditor unable to continue engagement
• Management representations
• Communications to management and those charged
  with governance
• Communication to regulatory authorities- Seek
  legal advice to determine appropriate course
  having regard to PUBLIC INTEREST
• Documentation

60
Revised SA 250, The Auditors Responsibilities
relating to Laws and Regulations in an Audit of
Financial Statements

• Coverage
• Introduction
• Scope
• Effective date
• Objectives
• Definition
• Requirements
• Responsibility for compliance with LR
• Auditors consideration of laws regulations
• Auditors procedures when non compliance is
  identified/ suspected
• Reporting of identified/ suspected non
  compliance- to TCWG Mgt., Regulator and in the
  audit report
• Documentation
• Effective from April 1, 2009

61
Scope

• Compliance with legal regulatory F/W.
• LR having direct effect on FS
• LR to be complied with when undertaking business
• Non compliance may result in
• penalties/ fines/litigation
• Going concern issues
• Does not apply to assurance engagements where
  testing reporting on compliance with LR is the
  specific objective.

Non-Compliance- acts of omission or commission,
either intentional or unintentional, which are
contrary to the prevailing laws or regulations.
Does not include personal misconduct (unrelated
to the business activities of the entity) by
TCWG, Mgt., employees of the entity. Mgt
responsible for non-compliance Under oversight of
TCWG
62
Auditors Responsibility

• Auditor responsible for obtaining reasonable
  assurance that FS taken as a whole are free from
  MMS whether by fraud or error
• SA assists auditor in identifying material
  misstats in FS due to non compliance
• Auditor is not, responsible for preventing non
  compliance and cannot be expected to detect non-
  compliance with all L R

63
Responsibility w.r.t. different types of LR
Types of LR
A
B
Direct effect on material amounts disclosures
in FS
Fundamental impact on operations Going Concern
Undertake specified procedures to help identify
non compliance that may impact FS
Exercise professional skepticism
Obtain SAAE re compliance
64
Auditors Consideration of LR
Obtain general understanding of LR framework
and compliance
Obtain SAAE for A
Professional skepticism
Perform audit procedures for B
Request Mgt/ TCWG for WR
Non compliance identified/ suspected
YES
NO
Further Audit Procedures
END
65
Revised SA 260, Communication with Those Charged
with Governance

• Coverage
• Introduction
• Scope of this ISA
• Effective Date
• Objectives
• Definitions
• Requirements
• Those Charged with Governance
• Matters to be Communicated -Auditors resp in
  relation to FS audit, Planned Scope and timing of
  audit and Significant findings from the audit
• The Communication Process
• Documentation
• Application and Other Explanatory Material
• The Role of Communication
• Those Charged with Governance
• Matters to be Communicated
• The Communication Process
• Documentation
• Effective from April 1, 2009

66
Provides a framework for auditors commn with
TCWG, and identifies some specific matters
Auditors resp to communicate with TCWG
Scope
may also be applicable to audits of other
historical financial information
This SA does not preclude the auditor
from communicating any other matters to TCWG
67
Communicate with TCWG responsibilities of
auditor and planned scope and timing of audit
Obtain from TCWG info relevant to audit
Auditors Objectives
Provide TCWG with timely observations
significant and relevant in r/o final
reporting process
Promote effective two-way communication b/w
auditor and TCWG
68
Role of Communication
Effective two-way communication is imp in
oversee financial reporting process thereby
reducing risks of material misstatement
understanding matters related to audit and
developing a constructive working
relationship and maintaining independence and
objectivity
obtaining info relevant to audit
69
Forms of Communication

• Oral communication not adequate
• Communicate in writing with TCWG regarding
  significant findings from the audit and auditor
  independence
• Written communication need not include all
  matters that arose during the tenure of auditor
• Communicate with TCWG on a timely basis.

70
SA 299, Responsibility of Joint Auditors

• Jt auditors to mutually divide areas of work
  between themselves and/or do it jointly this to
  be documented and communicated to client
• Findings by one affecting work of others or
  likely to require discussion/disclosure to be
  communicated to them in writing before
  finalisation
• Each JT. Auditor determines nature, timing,
  extent of audit procedures for his area
• Effective from April 1, 1996

71
300 499 Risk Assessment Response to Assessed
Risks

• Revised SA 300-Planning an Audit of Financial
  Statements
• SA 315-Identifying and Assessing the Risks of
  Material Misstatement through Understanding the
  Entity and Its Environment
• SA 320 Audit Materiality
• SA 300 - The Auditors Responses to Assessed
  Risks
• SA 402 Audit Considerations Relating to
  Entities Using Service Organisations

Hitherto known as SA 300, Audit Planning Due
to issuance of this Standard (along with SA 330)
, the existing Standard on Auditing (SA) 310,
Knowledge of the Business, SA 400, Risk
Assessments and Internal Control, and SA 401,
Auditing in a Computer Information Systems
Environment, issued in June 2002, April 2000 and
January 2003, respectively, stands withdrawn.
72
Revised SA 300, Planning an Audit of Financial
Statements

• Scope-Auditors responsibility to plan audit of
  FS
• Objective- Plan an audit so that engagement is
  performed in an effective manner
• Requirements
• Application Other Explanatory Material
• Appendix
• Effective from April 1, 2008

73
Requirements

• Involvement of key engagement team members
• Preliminary engagement activities- procedures
  required under SA 220, Compliance with ethical
  requirements and establish understanding of terms
  of engagement, SA 210
• Planning activities- establish overall strategy
  to set the scope, timing direction of audit
  plan
• Documentation- Overall audit strategy, Audit plan
  and Significant changes to overall audit
  strategy/ audit plan
• Additional considerations in initial audit
  engagement- Perform procedures under SA 220,
  Communicate with predecessor auditor, prepare
  audit strategy

74
SA 315, Identifying and Assessing the Risk of
Material Misstatements through Understanding the
Entity Its Environment

• Coverage
• Introduction
• Scope
• Effective Date
• Objective
• Definitions
• Requirements
• Risk Assessment Procedures and Related
  Activities- Establish frame of reference for
  Assessing risk of material misstatements in FS
• The Required Understanding of the Entity and Its
  Environment, including Internal Control
• Identifying and Assessing the Risks of Material
  Misstatement
• Material Weakness in Internal Control
• Documentation
• Application Guidance
• Appendices
• Effective from April 1, 2008

75
Scope

• Auditors responsibility to identify assess
  risks of material misstatements in financial
  statements
• Through understanding
• The entity
• Its environment
• Its internal controls

76
Objective of the Auditor
Understand the entity
Entitys internalcontrols
Entitysenvironment
Identify assess risk of material misstatements
Error
Fraud
Financial statement Assertion level
Design implement responses to assessed risk
Reduce risk to acceptably low level
77
RAPs Types
Information from other engagements done for the
entity
Information from client acceptance or
continuance process
78
Entity Its Environment
Review Performance
Operations
Structure financing
Investments
79
Internal Controls

• Purpose
• Reliable financial reporting
• Efficiency/ effectiveness of operations
• Compliance with laws regulations
• Safeguarding of assets
• Design, implementation maintenance varies with
  size complexity of entity
• Limitations
• Faulty human judgment
• Collusion among employees and/ or management
• Management override of controls
• Costs vs benefits
• Judgments as to nature extent of risk assumed
  vis a vis controls

80
Internal Controls Manual vs Automated
81
Understanding Controls Relevant to Audit

• Factors to consider- Materiality, Significance of
  related risk, Size of entity, Nature of entitys
  business, Diversity complexity of entitys
  operations, Circumstances applicable internal
  controls, How a specific control prevent/ detects
  corrects misstatements
• Nature extent of understanding controls
  relevant to audit- Evaluate the design of these
  controls Determine their implementation
• Procedures
• Inquiry of entity personnel
• Observing application of specific controls
• Inspecting documents reports
• Tracing transactions through information system
  relevant to financial reporting.
• Understanding ICs alone not sufficient to test
  operating effectiveness unless there is some
  automation to ensure consistency

82
Internal Control Components
83
Control Environment Elements
Contd./.
84
Entitys RAPs Elements Risk Factors
New personnel
Change in operating environment
New technology
New/ revamped info system
New business model/ activities
Rapid growth
Corporate restructuring
New technology
New accounting pronouncements
Expanded foreign operations
85
Information System
Relevant ISs
Appropriately measure value of transactions for
proper recording of monetary value
Identify record all valid transactions
Timely detailed description of transactions
for proper classification
Proper presentation disclosures
Determine time period for transaction for
recording in right accounting period
86
Control Activities relevant to Audit (CARA)
relevant procedures
CARA relevant procedures
Information processes
Performance reviews
Segregation of duties
Physical controls
87
IT Risks Controls
88
Monitoring Controls important aspects

• Process to assess effectiveness of IC performance
  over time.
• Involves assessing effectiveness of controls on a
  timely basis taking necessary corrective
  actions.
• Done by separate evaluations ongoing activities
• Internal audit
• Communication from external parties (eg.
  regulators)
• Understand
• Major monitoring activities
• Sources of information used in monitoring
  activities
• Basis upon which management assesses reliability
  of information

89
Identifying Assessing Risks of Material
Misstatement
RISKS
At Financial Statement Level
At Assertion Level
Presentation Disclosure
During the year
At the year end

• Relate pervasively to FS
• Potentially affect many assertions not
  specific to an assertion
• Represent circumstances that increase risk at
  assertion level
• Arise from weak controlenvironment

• Occurrence
• Completeness
• Classification Understandability
• Accuracy valuation

• Existence
• Rights obligations
• Completeness
• Valuation Allocation of resources

• Occurrence
• Completeness
• Accuracy
• Cut-off
• Classification

90
Identifying Assessing Risks of Material
Misstatement Audit aspects

• Auditors procedures
• Identify risks understanding the entity its
  environment
• Assess identified risks
• Evaluate their effect on financial statements
• Relate identified risks to possible misstatement
  at assertion level
• Consider relevant controls relate them to
  assertions
• Consider likelihood of misstatement(s) magnitude

91
Special Aspects of Risks

• Risks requiring special audit consideration
  Significant Risks
• Depend upon auditors judgment
• Effects of relevant controls is excluded
• Factors to consider
• Fraud risk?
• Relate to recent significant economic/
  accounting/ other developments?
• Complexity of transactions!?
• Transactions with related parties?
• Subjectivity in measurement of financial
  information?
• Outside normal course of business?
• Contd./

92
Identifying Significant Risks
93
Controls related to Significant Risks

• Understand
• Whether entity has designed implemented
  controls for significant risks
• How management responds to these risks
• Control activities reviews by senior
  management/ experts
• Documentation of the process for estimation
• Approval by those charge with governance
• Assessment of one-off events
• Inappropriate response of management to
  significant risk ? material weakness in IC

94

• Risks for which substantive procedure alone do
  not suffice
• Depend on auditors judgment
• May relate to inaccurate/ incomplete automated
  recording of routine significant classes of
  transactions
• Substantive procedures not possible in fully
  automated accounting system
• Audit evidence available in electronic form only
• Sufficiency appropriateness of audit evidence
  depends upon its accuracy completeness
• potential for misstatement is greater if
  appropriate controls do not operate effectively

95
Revision of Risk Assessment
Evidence from further audit procedures
New Information
Inconsistency with original audit evidence
Revise the assessment
Modify planned audit procedures
96
Material Weakness in Internal Control

• Types
• Risks of material misstatement identified by
  auditor but not controlled by entity/ control is
  inadequate
• Weakness in entitys RAPs
• Absence of entitys RAPs, where there should have
  been one
• Could be in controls that prevent/ detect
  correct frauds/ errors.
• Weakness could be in design, implementation,
  maintenance
• Communicate on timely basis to management those
  charged with governance

97
SA 320, Audit Materiality

• Materiality to be considered in relation to audit
  risk
• Materiality to be considered for
• Determining nature, timing and extent of audit
  procedures
• Evaluating the effect of misstatements
• Evaluate whether effect of aggregate uncorrected
  misstatements (known and likely) on FSs is
  material
• If so, and Management refuses to adjust the
  financials, qualified or adverse opinion is
  required
• Effective from April 1, 1996

98
SA 330, The Auditors Response to Assessed Risks

• Introduction
• Scope- Auditors responsibility to design
  implement responses to risk of material
  misstatements identified assessed in accordance
  with SA 315.
• Effective Date
• Objective-Obtain sufficient appropriate evidence
  re assessed risk of material misstatement through
  designing implementing appropriate responses to
  risks
• Definitions
• Requirements
• Overall responses- Designed implemented to
  address risk of material misstatement at
  Financial Statement level, affected by auditors
  understanding of control environment
• Audit Procedures
• Adequacy of presentation disclosures- Evaluate
  whether overall presentation of financial
  statements disclosures is in accordance with
  applicable financial reporting framework
• Sufficiency appropriateness of audit evidence
• Documentation
• Application Other Explanatory Material
• Effective from April 1, 2008

99
Audit Procedures Responsive to Risks at Assertion
Level

• Design perform audit procedures to address
  identified risk of material misstatement at
  assertion level.
• Nature, timing extent of audit procedures
  should be based on this identified risk
• Audit Procedures responsive to Risks at Assertion
  Level
• Nature means purpose type
• Timing means when it is performed or period/ date
  to which audit evidence applies
• Extent means quantity to be performed
• Match between nature, timing extent of audit
  procedures assessed risk at assertion level
  links auditors further procedures risk
  assessment
• Designing further audit procedures
• Consider reason for assessment given to risk at
  assertion level
• Obtain more persuasive audit evidence the higher
  the auditors assessment of risk

100
Tests of Controls

• Perform tests of controls (ToC) at assertion
  level when
• Auditors expects controls are operating
  effectively.
• Substantive procedures alone cannot provide
  sufficient appropriate audit evidence
• ToC different from understanding evaluating
  design implementation of controls
• But same type of audit procedures used, so ToC
  can be done while obtaining understanding of IC
• ToC may be done simultaneously with Test of
  Details (ToD) DUAL PURPOSE TEST
• Difficulty in designing effective substantive
  procedures perform ToC
• Entity uses IT in operations no documentation
  of transactions is generated/ maintained except
  through IT system
• In designing performing ToC, obtain more
  persuasive audit evidence to be able to place
  greater reliance on effectiveness of controls
  contd./.

101
Tests of Controls Nature Extent-I

• In designing performing ToC
• Perform other procedures in combination with
  inquiry for evidence re control effectiveness
• How controls were applied at relevant times
  during audit period
• Consistency in application
• By whom/ what means they were applied
• Whether controls to be tested depend upon
  INDIRECT CONTROLS controls over accuracy of
  information
• Necessity to obtain audit evidence regarding
  Indirect Controls?

102
Tests of Controls Nature Extent-II

• IT systems inherently consistent ?increased
  testing of automated control may not be necessary
• But check that
• Changes to programs are not made without
  subjecting to program change control
• Authorised version of program is used
• Other relevant general controls are effective
• Timing
• Reliance at a point of time test controls at
  point of time
• Reliance over a period of time

103
Using Audit Evidence Obtained During Interim
Period

• Reliance on audit evidence re operating
  effectiveness of controls at interim period
• Obtain evidence re significant changes to those
  controls subsequent to interim period
• Determine additional audit evidence to be
  obtained for the remaining period May test
  entitys monitoring of control for remaining
  period
• Using Audit Evidence Obtained in Previous Audits
• Factors to consider before retesting operating
  effectiveness
• Effectiveness of other elements of IC, including
  control environment, entitys monitoring of
  controls, entitys RAPs
• Risks from characteristics of controls manual/
  automated
• Effectiveness of general IT controls
• Effectiveness of control its application by
  entity
• Whether lack of change in a control poses risk
• Risks of material misstatement extent of
  reliance on the control

104
Using Audit Evidence Obtained in Previous
Audits

• Before using evidence from previous audit
• Establish continuous relevance of that evidence
• Understand whether there is any change in
  relevant controls
• (Inquiry Observation Inspection)
• If change in control test controls in current
  audit
• If no change
• Test every third audit
• Test some controls each audit
• Use professional judgment
• Greater reliance on controls/ higher risk of
  material misstatement ? shorter time span
  between retesting.

105
Controls Over Significant Risks

• Controls over a significant risk should be tested
  in the current period

106
Evaluating Operating Effectiveness of Controls

• Evaluate whether material misstatements detected
  by substantive procedures indicate controls are
  not working effectively
• Non detection of misstatements is not an evidence
  that relevant controls are effective
• Deviation from controls inevitable but make
  specific inquiries to understand the matter
  potential consequences determine if
• ToC performed provide appropriate basis for
  reliance on controls
• Additional ToC are necessary
• Potential risk of misstatement to be addressed
  using substantive procedures
• Compare detected rate of deviation vis a vis
  expected rate of deviation
• Evaluate if ToC has identified a material
  weakness in operating effectiveness
• Communicate material weakness to management
  those charged with governance on a timely basis.

107
Substantive Procedures

• Irrespective of assessed risk of material
  misstatement, design perform substantive
  procedures for each material class of
  transactions, account balance disclosures
• Assessment of risk is judgmental so auditor may
  not identify all risks
• Inherent limitations of IC
• Substantive APs used more in case of large
  volumes of data that tend to be predictable over
  time.
• Extent of substantive procedures increased if
  results of ToC are not satisfactory
• Nature of risk assertion is relevant to design
  ToD
• Designing ToD ? Sample size
• Contd./.

108
Substantive Procedures

• Responsive to Significant Risks
• Substantive procedures should be specifically
  responsive to that significant risk
• Include ToD
• Timing of Substantive Procedures
• Audit evidence from substantive procedures of
  previous audit provides no evidence for current
  period
• At interim date cover the balance period by
• Substantive procedures combined with ToC or
• Only substantive procedures (depending on
  auditors judgment)
• Contd./..

109
Substantive Procedures Contd./..

• Interim date APs between interim period period
  end
• Whether the period end balances are reasonably
  predictable with respect to amount, relative
  significance composition
• Whether entitys procedures for analysing
  adjusting classes of transactions/ account
  balances are reasonably predictable.
• Whether information system relevant to financial
  reporting will provide information sufficient to
  permit investigation of
• Unusual/ significant transactions
• Other causes of significant fluctuations/ absence
  of expected fluctuations
• Changes in composition of classes of
  transactions/ account balances

110
Substantive Procedures Contd./..

• If unexpected misstatements are detected,
  evaluate need to modify related assessment of
  risk planned nature, timing extent of
  substantive procedures covering remaining period
• Modification of audit procedures may include
  extending/ re-performance of interim date
  procedures

111
Sufficiency Appropriateness of Audit
Evidence

• Before conclusion of audit, evaluate whether
  assessment of risk of material misstatement at
  assertion level remain appropriate
• Auditor cannot assume that an instance of fraud/
  error is an isolated occurrence
• Sufficiency appropriateness consider all
  relevant audit evidence, regardless of whether it
  appears to corroborate or to contradict
  assertions in financial statements
• Unable to obtain sufficient appropriate audit
  evidence qualified/ disclaimer opinion

112
SA 402, Use of Service Organisations

• If reliance on work done by a service
  organisation is significant, obtain sufficient
  information to evaluate its impact on
  accounting/control systems
• Assess control risk as high unless tests of
  controls allow for a lower risk
• In using report of service organisation auditor,
  evaluate his competence if he is not a CA
• Effective from April 1, 2003
• Contd

113
SA 402, Use of Service Organisations

• Assess scope of work done by service organisation
  auditor and nature and content of his report to
  decide on its usefulness
• Evaluate whether nature, timing and extent of
  tests performed by service organisation auditor
  provide adequate evidence to support (client
  auditors) assessed level of control risk
• No reference to be made of service organisation
  auditors report in (client auditors) audit
  report

114
500 599 Audit Evidence

• Revised SA 500-Audit Evidence
• SA 501 Audit Evidence Additional
  Considerations for Specific Items
• SA 505 External Confirmations
• SA 510-Initial EngagementsOpening Balances
• SA 520 Analytical Procedures
• Revised SA 530-Audit Sampling
• Revised SA 540-Auditing Accounting Estimates,
  Including Fair Value Accounting Estimates, and
  Related Disclosures
• SA 550 -Related Parties
• Revised SA 560-Subsequent Events
• Revised SA 570-Going Concern
• Revised SA 580-Written Representations

Hitherto known as SA 500, Audit
Evidence Hitherto known as SA 530, Audit
Sampling Hitherto known as SA 540, Auditing
of Accounting Estimates Hitherto known as SA
560, Subsequent Events Hitherto known as
SA 570, Going Concern Hitherto known as
SA 580, Representations by Management
115
Revised SA 500, Audit Evidence

• Introduction
• Scope of SA
• Effective date
• Objective
• Definitions
• Requirements
• Sufficient Appropriate Audit Evidence (SAAE)-
  Design and perform audit procedures appropriate
  in circumstances for obtaining SAAE, use
  professional judgment to decide if SAAE has been
  obtained.
• Information to be used as audit evidence- When
  designing performing audit procedures, consider
  relevance reliability of information to be used
  as audit evidence
• Selecting items for testing to obtain audit
  evidence-audit sampling as per SA 530
• Inconsistency/ doubts over reliability of audit
  evidence-Determine modifications/ additions
  required to audit procedures and effect on other
  aspects of audit- Documentation as per SA 230
  (Revised)
• Application guidance
• Effective from April 1, 2009

116
Scope
Explains
Deals
Audit Evidence wrt audit of FS
Auditors Responsibility
SA 500 is applicable to all Audit Evidence
Design audit procedures to obtain SAAE
Draw reasonable conclusions to base audit opinion
117
Objective of the Auditor

• Design perform audit procedures
• In such a way that
• Enable him to obtain SAAE
• To be able to draw reasonable conclusions
• On which to obtain audit evidence

118
Obtaining Audit Evidence - I
Inquiry alone, ordinarily, does not provide SAAE
119
Obtaining Audit Evidence - II

• Obtained by performing
• Risk assessment procedures AND
• Further audit procedures
• Tests of controls
• Substantive procedures
• Tests of details
• Substantive analytical procedures
• Nature and timing of audit procedures affected
  by
• Availability of audit evidence in electronic form
  only
• Availability of audit evidence at certain points/
  periods in time

120
Audit Evidence Prepared by Managements Expert

• Having regard to the significance of such work to
  audit
• Evaluate competence, capabilities objectivity
  of expert
• Obtain an understanding of his work
• Evaluate appropriateness of his work as audit
  evidence

121
Evaluate Reliability of Information Produced by
Entity

• Obtain audit evidence about the accuracy and
  completeness of the information and
• Concurrently with actual audit procedures where
  obtaining audit evidence is integral part of
  audit procedures
• ToC over preparation maintenance of information
• Evaluate whether the information is sufficiently
  precise and detailed for the auditors purposes.

122
SA 501, Audit Evidence Additional Consideration
for Specific Items

• Attendance at Physical Inventory Counting
• Primary responsibility of Management
• Attend unless impracticable due to nature and
  location
• Unable to attend due to unforeseen circumstances
  Observe physical count on alternative date and
  perform alternative procedures
• Management Representation
• Scope limitation in case of existence / qualified
  opinion in case of improper disclosure.
• Effective from April 1, 2005

123
SA 501 Contd..

• Inquiry Regarding Litigation and Claims
• Obtain awareness of any litigation and claim
  involving the entity.
• Communication of entitys lawyers directly with
  the auditor.
• Meeting with the lawyer Disagreement between
  the Management and lawyer
• Management Representation

124
SA 501
Contd.

• Valuation and Disclosure of Long-Term Investment
• Valuation and disclosure
• Management Representation
• Qualified / Disclaimer of opinion
• Segment Information
• Appropriate disclosure of segment information as
  per the financial reporting framework.
• Management Representation
• Qualified/Disclosure

125
SA 510, Opening Balances

• For new engagements auditor to ensure
• Correct b/f of prior period closing balances
• Opening balances b/f are free of misstatements
• Appropriate accounting policies are consistently
  applied
• If sufficient appropriate evidence is not
  obtained for integrity of opening balances, or if
  effect of any material misstatements therein is
  not duly accounted/disclosed, express qualified
  or adverse opinion or disclaimer as considered
  appropriate