1. Understanding the entity
Fam workshop

2. Objectives of the session on understanding the entity
At the end of the session you will be able to understand how you should go about identifying risks from various sources

3. Overview of understanding the entity
AUDIT STEPS
DOCUMENTATION
STEP 1. General information
about the entity
STEP 2. The entity’s governance
structure
STEP 3. The legal framework of the entity
STEP 4. The operational environment of the entity
STEP 5. Fraud considerations
STEP 6. The entity’s internal controls
STEP 7. Other relevant
considerations
STEP 8. Transactions and
balances
UE 1. Understanding the entity:
General information
Governance structures
Legal framework of the entity
The operational environment
Fraud considerations
The entity’s internal controls
Other considerations as litigations and
claims, related parties, service entities,
going concern, risks from prior years,
Lead schedule and analytical review
UE 2. Quality control questionnaire

4. KP-1. Experiences from previous audits
What experiences can we share from previous years (RAM) or from FAM pilots?

5. KP 2. General and operational information
Type and mandate of entity
Address
Key personnel
Review auditee’s strategies, budgets, minutes of management meetings

6. Kp 3: The entity’s governance structure
Obtain information on governance structures
Who are those charged with governance?
What are their responsibilities?
Are there other committees – i.e. audit committee
What other oversight structures are there?

7. KP 4. Legislative framework
In line with ISSAI 1250 identify laws and regulations with a direct effect on the financial statements.
Financial reporting framework and accounting policies

8. ISSAI 1250 The focus of the financial auditor is:
To perform audit procedures and obtain evidence regarding compliance with laws and regulations which have a direct material effect on the financial statements. This is done with the intention of identifying non-compliances.
To respond appropriately to non-compliance or suspected noncompliance.

9. How can we do it
Identify and read high level financial laws and identify sections which may directly and materially affect the FS.
Look at audited FS items and disclosures and identify specific acts which may impact on these.
Identify any specific act which may be applicable can be included in the risk assessment on assertion level for the component.

10. ISSAI 250 v ISSAI 4000
ISSAI 250 deals with the auditor’s responsibility to consider laws and regulations in an audit of financial statements. The ISA does not apply to other assurance engagements in which the auditor is specifically engaged to test and report separately on compliance with specific laws or regulations (ISSAI 4000)

11. Step 5. Understand fraud risks
What is fraud risk?
Fraud risk refers to the possibility that there may be intentional misstatements in the financial statements.
Two types of fraud:
fraudulent financial reporting and
misappropriation of assets
Auditors responsibilities regarding fraud
Obtain reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error

12. Responsibilities Auditors responsibilities regarding fraud
Obtain reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error
Management’s responsibilities regarding fraud
primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management
Create a strong culture of ethics, placing a emphasis on fraud prevention
Auditors responsibilities regarding fraud
The primary responsibility for the prevention and detection of fraud rests with
both those charged with governance of the entity and management

13. What should management do to prevent and detect fraud?
Assess fraud risks regularly (risk assessment)
Implement internal controls to mitigate the risk of fraud, processes for identifying and responding to the risks of fraud.
Actual, suspected or alleged fraud affecting the entity identified and actions are taken
Promote a culture of ethical behaviour throughout the organisation

14. What should auditors do?
Obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud (UE 1.)
Design and implement appropriate responses to the identified risk. (RA 1 and 3)

15. Red Flags
Red flags are anomalies that point to symptoms or indicators that are to be associated with fraud. For example:
Invoices without matching orders (Occurrence or validity of expenditure)
Payments have been made without matching invoices (Occurrence or validity of expenditure)
Documents may be lost due to poor document management (unintentional)
Documents may not exist or destroyed to cover up invalid payments (intentional, fraudulent)

16. Responses to fraud
If any fraud is discovered during the audit, it must be communicated to those charged with governance and management.
Fraud risks are considered to be SIGNIFICANT for the audit

17. KP 6. Internal controlS Manual controls Based on COSO
The control environment;
The entity’s risk assessment process;
The information system, including the related processes, relevant to financial reporting, and communication;
Control activities; and
Monitoring of controls.
IT controls checklist
Basic general control review

18. kP 7. other considerations
Litigations and claims against the entity
Significance – provisions raised
Service organisations – outsourced functions which are relevant to the financial statements
Examples
What to do when the outsourced function is relevant?
Find evidence of the internal controls reducing the RMM
Use the audit report of the service organisation
Perform tests of controls at the service org.

19. KP 8. Lead schedule / Analytical review
Identify the transactions and balances audited from the financial statements
Link the financial statements to the audit work
Keep it up to date
Analytical reviews
Compare current year figures to budget and prior year.
Understand large changes to figures and identify risks
Important: keep the Lead schedule updated to correlate with the latest audited financial statements.

20. Exercise – group discussion
From the information in the case study of Council A complete the relevant parts of the UE 1 working paper.
Draw conclusions on risks identified. Conclude whether the risks are pervasive or can be linked to an audit component.
For the Lead schedule:
The overall materiality for the audit is $4,15 million.
Identify which expenditre components you would audit.
Identify which items you would consider not auditing or combining with others.

21. KP-9 Quality control review
Working paper UE 1. can be completed by auditors and reviewed by Team leader and/or audit manager.
Second level reviewer should focus attention on the adequacy or audit work and conclusions drawn on risks
Third level reviewer should focus on pervasive risks, fraud risks and the audit coverage of the AFS

22. Understanding the entity
conclusion
Understanding the entity
What have we done during understanding the entity?
What are the next steps?