ebook img

Guide to Using International Standards on Auditing in the Audits PDF

399 Pages·2007·6.69 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Guide to Using International Standards on Auditing in the Audits

Small and Implementation Guide Medium December 2007 Practices Committee Guide to Using International Standards on Auditing in the Audits of Small- and Medium- sized Entities The mission of the International Federation of Accountants (IFAC) is to serve the public interest, strengthen the accountancy profession worldwide and contribute to the development of strong international economies by establishing and promoting adherence to high-quality professional standards, furthering the international convergence of such standards and speaking out on public interest issues where the profession’s expertise is most relevant. Copies of this document may be downloaded free of charge from the IFAC website at http://www.ifac.org. Small and Medium Practices Committee International Federation of Accountants 545 Fifth Avenue, 14th Floor New York, NY 10017 USA Copyright © December 2007 by the International Federation of Accountants (IFAC). All rights reserved. Permission is granted to make copies of this work provided that such copies are for use in academic classrooms or for personal use and are not sold or disseminated and provided that each copy bears the following credit line: “Copyright © December 2007 by the International Federation of Accountants (IFAC). All rights reserved. Used with permission of IFAC. Contact [email protected] for permission to reproduce, store or transmit this document.” Otherwise, written permission from IFAC is required to reproduce, store or transmit, or to make other similar uses of, this document, except as permitted by law. Contact [email protected]. ISBN: 978-1-934779-07-1 Table of Contents Page Preface 1 Request for Comments 2 How to Use the Guide 5 Customization of the Guide..........................................................................................................5 Translation.......................................................................................................................5 Currency...........................................................................................................................5 National Adaptation.........................................................................................................5 Content and Organization.............................................................................................................6 Summary of Content........................................................................................................6 Appendices.......................................................................................................................7 Summary of Organization................................................................................................7 Glossary of Terms............................................................................................................8 Acronyms Used in the Guide........................................................................................................8 Other Terms Used in the Guide....................................................................................................9 Anti-fraud Controls..........................................................................................................9 Senior Management.........................................................................................................9 Those Charged with Governance.....................................................................................9 Owner-manager.............................................................................................................10 IAASB Pronouncements................................................................................................10 Cross-references.............................................................................................................11 The Audit Process.......................................................................................................................13 A Road Map to the Guide..............................................................................................14 Introduction to the Case Study 15 Dephta Furniture Inc...................................................................................................................15 Industry Trends..............................................................................................................15 Governance....................................................................................................................16 Employees......................................................................................................................16 Ownership......................................................................................................................17 Operations...................................................................................................................................18 Sales...............................................................................................................................19 Information Technology................................................................................................20 Human Resources..........................................................................................................20 Payroll............................................................................................................................20 Purchasing and Production............................................................................................21 Finance...........................................................................................................................21 Appendix A Dephta Inc. Income Statement – Prepared by management.....................23 Appendix B Dephta Inc. Balance Sheet – Prepared by management...........................24 i GUIDE TO USING INTERNATIONAL STANDARDS ON AUDITING IN THE AUDITS OF SMALL- AND MEDIUM-SIZED ENTITIES Part A Basic Concepts 1.1 What is a Risk-based Audit? 27 1.1.1 Overview........................................................................................................................27 Reasonable Assurance...................................................................................................27 Audit Risk......................................................................................................................28 Assertions.......................................................................................................................28 1.1.2 Audit Risk Components.................................................................................................30 1.1.3 Interrelationship of Audit Risk Components.................................................................32 1.1.4 The Risk-based Approach..............................................................................................32 Risk Assessment............................................................................................................33 1.1.5 Risk Response................................................................................................................35 1.1.6 Reporting.......................................................................................................................36 1.1.7 Summary........................................................................................................................37 1.2 Nature of Internal Control 39 1.2.1 Overview........................................................................................................................39 Definition of Internal Control........................................................................................39 1.2.2 Internal Control Objectives............................................................................................39 1.2.3 Internal Control Components.........................................................................................40 The Five Components of Internal Control.....................................................................40 1.2.4 The Control Environment..............................................................................................41 1.2.5 Risk Assessment............................................................................................................43 1.2.6 Information System (Including the Related Business Processes, Relevant to Financial Reporting, and Communication).................................................44 1.2.7 Control Activities...........................................................................................................46 1.2.8 Monitoring of Controls..................................................................................................47 1.2.9 Levels of Internal Control..............................................................................................48 1.2.10 Information Technology Controls..................................................................................50 General IT Controls.......................................................................................................51 IT Application Controls.................................................................................................52 1.2.11 Business Process Controls.............................................................................................52 1.3 Financial Statement Assertions 55 1.3.1 Overview........................................................................................................................55 1.3.2 Description of Assertions...............................................................................................56 1.3.3 Combined Assertions.....................................................................................................57 1.3.4 Using Assertions in Auditing.........................................................................................58 Considering Types of Potential Misstatement...............................................................58 Assessing Risks of Material Misstatement....................................................................59 Designing Audit Procedures..........................................................................................59 ii TABLE OF CONTENTS Part B Risk Assessment 2.1 Understanding the Entity 63 2.1.1 Overview........................................................................................................................63 2.1.2 Sources of Information..................................................................................................67 2.1.3 Scope of Understanding Required.................................................................................68 2.1.4 Classifying the Information Obtained............................................................................73 Sources of Risk..............................................................................................................73 2.1.5 Documentation...............................................................................................................74 Case Study — Understanding the Entity....................................................................................75 2.2 What are Risk Assessment Procedures? 79 2.2.1 Overview........................................................................................................................79 2.2.2 Nature of Evidence Obtained.........................................................................................80 2.2.3 Required Procedures......................................................................................................80 2.2.4 Inquiries of Management and Others.............................................................................81 2.2.5 Analytical Procedures....................................................................................................82 2.2.6 Observation and Inspection............................................................................................83 2.2.7 Other Risk Assessment Procedures...............................................................................83 Case Study — Risk Assessment Procedures...............................................................................85 2.3 Client Acceptance and Continuance 87 2.3.1 Overview........................................................................................................................87 2.3.2 Acceptance and Continuance Procedures......................................................................89 Background Checks.......................................................................................................90 2.3.3 Terms of Engagement....................................................................................................91 Updating the Engagement Letter...................................................................................92 Case Study — Client Acceptance and Continuance...................................................................93 2.4 Overall Audit Strategy 97 2.4.1 Overview........................................................................................................................97 2.4.2 Developing the Overall Audit Strategy........................................................................100 Learn from the Prior Year’s Experience......................................................................101 2.4.3 The Four Planning Steps..............................................................................................101 Step 1 – Gather Information........................................................................................102 Step 2 – Assess the RMM at the Financial Statement Level.......................................104 Step 3 – Develop Overall Responses...........................................................................105 Step 4 – Develop a Resource Management Plan.........................................................105 2.4.4 Communicating the Plan with Management and Those Charged with Governance...107 2.4.5 Documentation.............................................................................................................107 Case Study — Overall Audit Strategy......................................................................................109 iii GUIDE TO USING INTERNATIONAL STANDARDS ON AUDITING IN THE AUDITS OF SMALL- AND MEDIUM-SIZED ENTITIES 2.5 Materiality 111 2.5.1 Overview......................................................................................................................111 2.5.2 Required Materiality Levels........................................................................................113 2.5.3 Materiality and Audit Risk..........................................................................................114 Risks of Material Misstatement...................................................................................114 Detection Risk..............................................................................................................115 2.5.4 Determining Materiality Levels...................................................................................116 Qualitative and Quantitative Considerations...............................................................116 Materiality Level for the Financial Statements as a Whole.........................................117 Materiality Levels for Particular Classes of Transactions, Account Balances, or Disclosures........................................................................................................118 2.5.5 Materiality Levels and Audit Risk...............................................................................118 2.5.6 Starting Points for Determining Materiality Levels.....................................................119 2.5.7 Other Considerations...................................................................................................120 Communicating to Management and Those Charged with Governance.....................120 Updating Materiality....................................................................................................120 Reducing Materiality Level from Previous Period......................................................120 Case Study — Materiality.........................................................................................................121 2.6 Audit Team Discussions 123 2.6.1 Overview......................................................................................................................123 2.6.2 Communication Among Audit Team Members...........................................................124 2.6.3 Audit Team Planning Meeting.....................................................................................125 Case Study — Audit Team Discussions...................................................................................128 2.7 Business Risks 131 2.7.1 Overview......................................................................................................................131 2.7.2 Risk Factors.................................................................................................................132 2.7.3 The Entity’s Risk Assessment Process........................................................................134 Identification of Risks..................................................................................................134 2.7.4 Assessment of Risks....................................................................................................136 Likelihood of Risk Occurrence....................................................................................136 Monetary Impact of Risk Occurrence..........................................................................136 2.7.5 Documentation of Risks...............................................................................................138 Case Study — Business Risks..................................................................................................140 2.8 Fraud Risks 141 2.8.1 Overview......................................................................................................................141 2.8.2 Fraud............................................................................................................................143 The Fraud Triangle......................................................................................................144 2.8.3 Audit Team Discussions..............................................................................................145 Professional Skepticism...............................................................................................145 iv TABLE OF CONTENTS 2.8.4 Identification of Fraud Risk Factors............................................................................146 Examples of Fraud Risk Factors..................................................................................147 2.8.5 Assessment of Fraud Risk............................................................................................151 Documentation.............................................................................................................151 Case Study — Fraud Risks.......................................................................................................153 2.9 Significant Risks 155 2.9.1 Overview......................................................................................................................155 2.9.2 Determination of Significant Risks..............................................................................156 2.9.3 Areas to Consider.........................................................................................................157 2.9.4 Responding to Significant Risks..................................................................................159 Internal Control Design and Implementation Should be Evaluated.............................159 Reliance on Evidence Attained in Previous Audits Not Allowed................................159 Substantive Procedures Should Specifically Respond to the Identified Risk..............159 Substantive Analytical Procedures Alone are not a Sufficient Response....................160 Case Study — Significant Risks...............................................................................................161 2.10 Internal Control 163 2.10.1 Overview......................................................................................................................163 2.10.2 Internal Control in Smaller Entities.............................................................................165 Management Override.................................................................................................165 Auditability..................................................................................................................165 2.10.3 Required Understanding of Internal Control...............................................................166 Risk Assessment Procedures........................................................................................166 Limitations of Internal Control....................................................................................166 Testing Operational Effectiveness...............................................................................167 Management Representations about Internal Control..................................................167 2.10.4 Relevant Internal Control.............................................................................................167 Relevant Controls........................................................................................................168 2.10.5 Required Scope of Understanding...............................................................................170 The Five Internal Control Elements.............................................................................171 Case Study — Internal Control.................................................................................................172 2.11 Assessing Internal Control Design and Implementation 173 2.11.1 Overview......................................................................................................................173 2.11.2 Control Design.............................................................................................................174 Risk/Control Mapping.................................................................................................174 2.11.3 A Four Step Process.....................................................................................................176 Step 1 — Identify What Risks Require Mitigation......................................................177 Step 2 — Document Relevant Internal Control...........................................................178 Step 3 — Assess Control Implementation...................................................................181 Step 4 — Assess Internal Control Design....................................................................182 v GUIDE TO USING INTERNATIONAL STANDARDS ON AUDITING IN THE AUDITS OF SMALL- AND MEDIUM-SIZED ENTITIES 2.11.4 Material Weaknesses in Control..................................................................................183 Case Study — Assessing Internal Control Design and Implementation...................................184 2.12 Assessing the Risks of Material Misstatement 193 2.12.1 Overview......................................................................................................................193 2.12.2 Documentation.............................................................................................................194 Pervasive Risks............................................................................................................195 2.12.3 Factors to Consider in Assessing Risks.......................................................................195 Assumptions.................................................................................................................196 Internal Control Weaknesses.......................................................................................196 2.12.4 Communicating Internal Control Weaknesses.............................................................197 2.12.5 Revision of Risk Assessment.......................................................................................197 Case Study — Assessing the Risks of Material Misstatement.................................................198 Part C Risk Response 3.1 Detailed Audit Plan 201 3.1.1 Overview......................................................................................................................201 3.1.2 Responding to Assessed Risks.....................................................................................202 Nature of Assessed Risks.............................................................................................203 Use of Tests of Controls..............................................................................................203 Need for Unpredictability............................................................................................204 Other Basic or Required Audit Procedures..................................................................204 3.1.3 Design of Audit Procedures.........................................................................................204 3.1.4 Timing of Procedures...................................................................................................206 Before or at the Period End?........................................................................................206 After Period End..........................................................................................................207 3.1.5 Extent of Procedures....................................................................................................207 The Audit Toolbox.......................................................................................................207 Substantive Procedures................................................................................................208 Substantive Sampling..................................................................................................208 Extended Substantive Procedures................................................................................208 Tests of Controls..........................................................................................................209 Procedures that Address Specific and Significant Risks.............................................209 Substantive Analytical Procedures..............................................................................209 3.1.6 Documenting the Audit Plan........................................................................................209 3.1.7 Communication of the Plan.........................................................................................210 Case Study — Detailed Audit Plan...........................................................................................211 vi TABLE OF CONTENTS 3.2 Tests of Controls 213 3.2.1 Overview......................................................................................................................213 Purpose........................................................................................................................214 3.2.2 Designing Tests of Controls.........................................................................................215 Indirect Internal Controls.............................................................................................217 Automated Controls.....................................................................................................217 3.2.3 Timing of Tests of Controls.........................................................................................217 3.2.4 Rotational Control Testing...........................................................................................218 3.2.5 Documentation.............................................................................................................219 Case Study — Tests of Controls...............................................................................................222 3.3 Substantive Procedures 223 3.3.1 Overview......................................................................................................................223 Tests of Details............................................................................................................224 Substantive Analytical Procedures..............................................................................224 3.3.2 Designing Substantive Procedures...............................................................................225 Required Substantive Procedures................................................................................225 Use of Assertions in Selecting Samples.......................................................................225 3.3.3 Timing..........................................................................................................................226 Performing Substantive Procedures at an Interim Date...............................................226 Procedures to Address the Period between the Interim Date and Period End.............226 Use of Substantive Procedures Performed in Prior Periods.........................................226 3.3.4 Responding to the Risk of Fraud.................................................................................226 3.3.5 Accounting Estimates..................................................................................................229 Determining Whether Management’s Estimates are Reasonable................................229 3.3.6 Substantive Analytical Procedures..............................................................................230 Techniques...................................................................................................................231 Differences from Expectations....................................................................................233 Other Analytical Procedures........................................................................................234 3.3.7 Use in Forming an Opinion.........................................................................................234 Purpose........................................................................................................................234 Case Study — Substantive Tests..............................................................................................235 3.4 Summary of ISAs not Addressed Elsewhere 237 3.4.1 Overview......................................................................................................................237 3.4.2 ISA 250 — Consideration of Laws and Regulations in an Audit of Financial Statements .....................................................................................................................................238 Audit Findings.............................................................................................................239 3.4.3 ISA 402 — Audit Considerations Relating to Entities Using Service Organizations 239 Audit Requirements.....................................................................................................239 vii GUIDE TO USING INTERNATIONAL STANDARDS ON AUDITING IN THE AUDITS OF SMALL- AND MEDIUM-SIZED ENTITIES 3.4.4 ISA 501 — Audit Evidence – Additional Considerations for Specific Items..............241 Attendance at Physical Inventory Counting.................................................................241 Inquiry Regarding Litigation and Claims....................................................................242 Valuation and Disclosure of Long-term Investments..................................................243 Segment Information...................................................................................................243 3.4.5 ISA 505 — External Confirmations............................................................................244 3.4.6 ISA 510 — Initial Engagements – Opening Balances.................................................245 3.4.7 ISA 545 — Auditing Fair Value Measurements and Disclosures...............................246 Management Representations......................................................................................248 3.4.8 ISA 550 — Related Parties..........................................................................................248 Audit Conclusions and Reporting................................................................................250 3.4.9 ISA 560 — Subsequent Events....................................................................................251 Facts Discovered After the Date of the Auditor’s Report but Before the Financial Statements are Issued.......................................................................252 Facts Discovered After the Financial Statements Have Been Issued..........................252 3.4.10 ISA 570 — Going Concern..........................................................................................253 3.4.11 ISA 600 — Using the Work of Another Auditor.........................................................254 Reporting.....................................................................................................................256 3.4.12 ISA 620 — Using the Work of an Expert....................................................................256 Reporting.....................................................................................................................258 3.5 Extent of Testing 259 3.5.1 Overview......................................................................................................................259 3.5.2 Sufficient Appropriate Audit Evidence.......................................................................260 3.5.3 Types of Audit Tests....................................................................................................261 Sampling......................................................................................................................262 3.5.4 The Use of Assertions in Testing.................................................................................264 Extent of Tests of Controls..........................................................................................264 Discovery or Attribute Sampling.................................................................................265 3.5.5 Extent of Substantive Procedures................................................................................266 Example 1 — Sampling Accounts Receivable Balances.............................................268 Example 2 — Sampling Accounts Receivable Balances.............................................269 Example 3 – Sampling Purchase Invoices...................................................................270 Selection of Confidence Factors..................................................................................270 3.5.6 Extent of Substantive Analytical Procedures...............................................................271 3.5.7 Adequacy of Presentation and Disclosure...................................................................271 Case Study — Extent of Testing...............................................................................................273 viii

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.