Chartered Accountants Audit Conference Application of Complex Auditing Standards charteredaccountants.com.au Christin Schaller FCA Principal Red Square Training and Consulting Pty Limited
Application of complex auditing standards >ASAs in force for financial periods commencing on/after 1 July 2006 >Corporations Act audits/reviews – standards legally enforceable via ASIC >all other audits/reviews – standards enforced by professional bodies (eg via Institute’s Quality Review program)
Application of complex auditing standards >ASAs reflect a business risk approach: understand environment and operations assess risks arising identify assertions at risk design and perform procedures evaluate evidence obtained
Application of complex auditing standards Three key standards covered today: 1.ASA 230: Audit Documentation 2.ASA 315: Understanding the Entity and its Environment and Assessing the Risks of Material Misstatement 3.ASA 330: The Auditor’s Procedures in Response to Assessed Risks
>purpose is to establish mandatory requirements and provide guidance on documentation Key mandatory requirements: >overall: provide a basis for your audit report and evidence the audit was performed in accordance with ASAs 1. ASA 230: Audit documentation
>documentation should enable an experienced auditor to understand the work performed >record the identifying characteristics of specific items/matters being tested >document discussions of significant matters >document contradictory information and how this was addressed
Heading Style Body copy > Bullet style 1. ASA 230: Audit documentation >where factors outside your control prevent you from complying with a mandatory requirement, need to document: -circumstances and reason -alternative procedures
1. ASA 230: Audit documentation >record who performed work and date performed, and who reviewed the work and the date/extent of review >complete the audit file on a timely basis after the audit report
1. ASA 230: Audit documentation >once the file is completed, no documentation shall be deleted or discarded before the end of the retention period (7 years) >any modifications to the file need to be documented >need to adopt procedures for maintaining documentation (also a requirement of APES 320)
2. ASA 315: Understanding the entity/risks >purpose is to establish mandatory requirements and provide guidance on obtaining an understanding of the entity and its environment in assessing the risks of material misstatement in a financial report audit
2. ASA 315: Understanding the entity/risks Deals with 5 key issues: i.risk assessment procedures, including internal controls ii.understanding the entity and its environment, including internal controls iii.assessing the risks of material misstatement (RMM), including identifying significant risks iv.communicating with management/those charged with governance v.documentation
2. ASA 315: Understanding the entity/risks i.Risk assessment procedures Perform the following risk assessment procedures to obtain an understanding of the entity, its environment, and its controls: a) inquiries of management/staff b) analytical procedures c) observation and inspection
2. ASA 315: Understanding the entity/risks i.Risk assessment procedures >the members of the audit team should discuss the susceptibility of the entity’s financial report to material misstatements. >the discussion needs to be documented, including any significant decisions reached.
2. ASA 315: Understanding the entity/risks ii.The entity & environment, including controls You need to obtain an understanding of: >relevant industry, regulatory, and other external factors including the applicable financial reporting framework, and >the nature of the entity >the entity’s accounting policies and whether they are appropriate
2. ASA 315: Understanding the entity/risks ii.The entity & environment, including controls >obtain an understanding of the entity’s objectives and strategies, and the related business risks that may result in material misstatements.
2. ASA 315: Understanding the entity/risks ii.The entity & environment, including controls >obtain an understanding of internal control relevant to the audit: this comprises five elements a)the control environment b)the entity’s risk assessment process c)the information system d)control activities e)monitoring of controls
2. ASA 315: Understanding the entity/risks ii.The entity & environment, including controls a)the control environment
2. ASA 315: Understanding the entity/risks ii.The entity & environment, including controls b)the entity’s process for identifying and acting on business risks relevant to financial reporting objectives
2. ASA 315: Understanding the entity/risks ii.The entity & environment, including controls c)the information system relevant to financial reporting, including: -the significant classes of transactions -the procedures by which those transactions are initiated, recorded, processed and reported -the related accounting records -how the system captures significant events -the financial reporting process
2. ASA 315: Understanding the entity/risks ii.The entity & environment, including controls d)control activities, sufficient to assess the RMM at the assertion level and to design further audit procedures responsive to assessed risks
2. ASA 315: Understanding the entity/risks ii.The entity & environment, including controls e)the major types of activities the entity uses to monitor and correct controls
2. ASA 315: Understanding the entity/risks iii.Assessing the risk of material misstatements (RMM) >using the information obtained thus far, identify and assess the RMM at the financial report level, and at the assertion level for classes of transactions, account balances and disclosures.
2. ASA 315: Understanding the entity/risks iii.Assessing the risk of material misstatements (RMM) >as part of the risk assessment, determine which of the risks identified are risks that require special audit consideration (such risks are defined as ‘significant risks’)
2. ASA 315: Understanding the entity/risks iii.Assessing the risk of material misstatements (RMM) >for significant risks, evaluate the design of the entity’s related controls and determine whether they have been implemented. >to determine implementation, it is most likely you will need to test controls (select sample etc)
2. ASA 315: Understanding the entity/risks iii.Assessing the risk of material misstatements (RMM) >as part of the risk assessment, evaluate the entity’s controls over those risks for which it is not possible or practicable to reduce the risks of material misstatement at the assertion level to an acceptably low level with audit evidence obtained only from substantive procedures.
2. ASA 315: Understanding the entity/risks iv.Communicating with management >make those charged with governance/management aware, as soon as practicable, of material weaknesses in internal control.
2. ASA 315: Understanding the entity/risks v.Documentation Matters to be documented include: >discussions amongst the audit team >key elements of the understanding obtained of the entity, including each of the internal control components, and the risk of material misstatements >the assessed risk of material misstatement at the financial report and assertion level >risk areas where substantive procedures did not provide sufficient evidence, and the related controls evaluated
3. ASA 330: Procedures in response to risks >purpose is to establish mandatory requirements and provide guidance on determining overall responses and designing and performing further audit procedures to respond to the assessed RMM at the financial report and assertion levels
3. ASA 330: Procedures in response to risks Deals with 4 key issues: i.introduction/ overall responses (to assessed risks) ii.audit procedures responsive to risks of material misstatement at the assertion level iii.evaluating the sufficiency and appropriateness of audit evidence obtained iv.documentation
3. ASA 330: Procedures in response to risks i.Introduction/overall responses >in order to reduce audit risk to an acceptably low level, determine overall responses to assessed risks at the financial report level >i.e., choose your overall audit approach.
3. ASA 330: Procedures in response to risks ii.Audit procedures responsive to risks >in determining the audit procedures, consider inherent and control risk, as this will affect the procedures selected.
3. ASA 330: Procedures in response to risks ii.Audit procedures responsive to risks >when your assessment of risks of material misstatement at the assertion level includes an expectation that controls are operating effectively, you need to perform tests of control >also need to test controls related to significant audit risks
3. ASA 330: Procedures in response to risks ii.Audit procedures responsive to risks >when you obtain audit evidence about the effectiveness of controls during an interim period, you should determine what additional evidence should be obtained for the remaining period.
3. ASA 330: Procedures in response to risks ii.Audit procedures responsive to risks >irrespective of the assessed risk of material misstatement, you should design and perform substantive procedures for each material class of transactions, account balance and disclosure.
3. ASA 330: Procedures in response to risks iii.Evaluating audit evidence >conclude whether sufficient appropriate audit evidence has been obtained to reduce to an acceptably low level the risk of material misstatement in the financial report.
3. ASA 330: Procedures in response to risks iv.Documentation >document the overall responses to address the assessed risks, the further audit procedures, the link of those procedures with the assessed risks at the assertion level, and the results of audit procedures.
Heading Style Body copy > Bullet style Application of complex auditing standards In summary remember: >standards now reflect a business risk approach >greater emphasis on understanding the entity and its environment >document what you do: ‘If it’s not documented it’s not done.’