PCAS training 19 11 2015

RISK BASED APPROACH TOFINANCIAL STATEMENTS AUDITING

USING PRIVATE COMPANY AUDITING SYSTEM (PCAS), PRODUCT OF CCH (UK)

Presented by:

Ransford Armah ACCA, MSc

Asst. ManagerQuality Assurance Monitoring

OBJECTIVE OF THE TRAININGParticipants are expected to gain practical knowledge on • The meaning and reason for financial statements auditing• The meaning of professional scepticism • The legal & regulatory framework of auditing • Key stages of an audit• Financial Statements audit process• Planning the audit• Permanent Audit File using PCAS• Audit risk assessment using PCAS• Materiality• The planning meeting • QC, the PCAS approach• Auditor independence• Systems documentation

OBJECTIVE OF THE TRAININGParticipants are expected to gain practical knowledge on

• Test of controls, compliance testing, substantive test using PCAS

• Preparation of lead schedules and other test documentations.

Meaning and reasons for financial statements auditing

A financial statements audit is the examination of an entity's financial statements and accompanying disclosures by an independent auditor. The result of this examination is a report by the auditor, attesting to the fairness of presentation of the financial statements and related disclosures.

The auditor's report must accompany the financial statements when they are issued to the intended recipients.

The purpose of a financial statements audit is to add credibility to the reported financial position and performance of a business

Meaning and reasons for financial statements auditingWhat is true and fair view?

True information is factual and conforms with reality, not false. In addition the information conforms with required standards and law. The accounts have been correctly extracted from the books and

records.

Fair information is free from discrimination and bias and in compliance with expected standards and rules. The accounts should reflect the commercial substance of the

company’s underlying transactions.

Meaning and reasons for financial statements auditingObjectives of Auditing

Primary Objective (main objective) To produce a report by the auditor of his opinion of the truth and

fairness of financial statements so that any person reading or using them can have belief in them.

Secondary To detect errors and fraud ( Consider materiality) To prevent errors and fraud by the deterrent effect of the audit To provide spin- off effects. The auditor will be able to assist his

clients with accounting , systems, taxation , financial , and other problems.

PROFESSIONAL SCEPTICISM

In carrying out his work the auditor should adopt an attitude of professional skepticism, recognizing that circumstances may exist which cause the financial statements to be materially misstated, i.e. professional skepticism, ISA, makes it clear that, even where auditors assess that the risk of litigation or adverse publicity are very low, they must still perform sufficient procedures according to auditing standards, i.e. there can never be a reason for carrying out an audit of a lower quality than that demanded by the ISA’s, not even fee pressure.

The purpose of the independent audit is to ensure that the financial statements are OBJECTIVE, FREE from BIAS and MANIPULATION and RELEVANT to the need of users.

LEGAL FRAMEWORK OF AUDITING

The work of an auditor is regulated by two sources Statues, the Companies Act 1963 (Act 179) International Standards on Auditing (issued by IFAC) Other standards issued by the IASB The professional standards and ethical

principles that govern auditors’ responsibilities are Integrity Objectivity Independence Professional competence and due care Professional behavior Confidentiality

LEGAL & REGULATORY FRAMEWORK OF AUDITING

KEY STAGES OF AN AUDIT

Client acceptance and continuance, ISQC 1.Establish the terms of the engagement, ISA 210Plan the audit, ISA300 - 450Consider internal control & other regulatory frameworks, ISA 250aObtain audit evidence,ISA500 - 620Report findingsISA 700 – 720, ISA 250b-265

follow firm’s A&C procedures in firms ISQC 1 documentation.

ToR, fees considerations, follow firms ISQC 1 engagement procedures.

analytical review, risk assessment, materiality, Risk response, evaluate

misstatements etc.ICQ, test of controls, consider best

practice, company’s regulatory framework etc. analytical review, ledgers, transaction,

acct. balances, reconciliations, confirmations, fair valuation, related

parties, going concern etc. Opinion letter, management letter.

THE FINANCIAL STATEMENTS AUDIT PROCESS

Planning the audit

• Understanding the organisation

• Risk assessment

• Materiality

Document accounting & internal controls systems

• Systems Documentation

• Gain physical assess to systems

Test the accounting and internal controls systems

• Test of controls

• Compliance tests

Test the financial statements

• Substantive testing

• Third party confirmations

• Expert opinion

Review the financial statements

• Hot file review

• Second reviewer

• Proof reading• Disclosure

checklist• EQCR

Express an opinion

• Unqualified• Qualified• Disclaimer /

denial• Adverse

PLANNING THE AUDIT understanding the organization, the PCAS approach

Planning the audit


• Risk assessment

• Materiality

For first time audit, complete the Permanent Audit File (PAF) and attach all relevant and available documentary evidences.

For subsequent audits, update the PAF with the necessary changes and sign off. Reviewer should also sign off.

All changes must be discussed at the team briefing meeting and documented.

Other information such as newspaper publications, correspondences, meeting notes, extracts from board minutes must also be kept in the PAF and referenced to the “Current Audit File”.

Understanding the organisation

Select “ YES” to all the relevant PAF documentations that are applicable, then click

“refresh ISA Programme”

LEGAL FRAMEWORK OF AUDITINGPAF 01 is the PAF index to all the templates referred to in PAF 02 – PAF 13Some of the PAF templates may require additional supporting documentations. These must be scanned separately and kept in a separate folder and reference to the PCAS programme.

LEGAL FRAMEWORK OF AUDITINGTHE PERMANENT AUDIT FILE (PAF) INDEX

PERMANENT AUDIT FILE INDEX

1 General information1.1 Background information (PAF02) 1.2 Details of bankers and professional

advisors (PAF03)

1.3 Know Your Client Checklist (PAF04) 1.4 Register of laws and regulations (PAF05) 1.5 Details of related parties (PAF06) 1.6 Significant accounting policies (PAF07) 1.7 Significant accounting estimates (PAF13) 1.8 Copy of current detailed risk

assessment

1.9

LEGAL FRAMEWORK OF AUDITINGTHE PERMANENT AUDIT FILE (PAF)

2 Engagement details2.1 Letter of engagement

2.2 Authorisations

2.3 Special instructions from client

2.4 Special instructions from group auditors

2.5 Copy of resolution re: appointment

2.6 New client checklist (PAF08) 2.7 Register of non audit services (PAF10) 2.8 Register of involvement in the audit (PAF11) 2.9


3 Accounting systems3.1Organisation chart 3.2Review of design and

implementation of controls

3.3 Internal Control Questionnaire 3.4Systems notes (PAF09)

3.5Letters of comment (copies) 3.6


4 Statutory information4.1List of shareholders 4.2Details of mortgages/charges

4.3Directors’ interests in shares and debentures

4.4Copy annual return 4.5Copy elective resolutions 4.6Memorandum and Articles of

Association

4.7Specified asset locked bodies (for CIC clients only) (PAF12)

4.8


5 Taxation (if no separate tax permanent file)

5.1 Direct tax elections

5.2 Indirect tax elections and certificates 5.3 Market values 6 April 1965 and 31

March 1982

5.4 Advance Corporation Tax details 5.5 PAYE dispensations 5.6 Relief claims (e.g. rollover) 5.7


6 Assets6.1Details of freehold/leasehold properties 6.2Details of location of title deeds 6.3Details of plant etc. (where no fixed asset

register exists) 6.4Details of intangible assets 6.5 Investments in subsidiaries and associated

undertakings 6.6Details of professional

valuations 6.7Details of insurance values

and cover 6.8


7 Contracts and agreements

7.1Details of contracts and agreements with index 7.2Details of share options 7.3Bank overdraft or loan facilities, security and

covenants 7.4Details of other

loans 7.5


8 Correspondence and information of continuing interest

8.1 Index

9 Accounts

9.1Signed copies of full accounts 9.2Signed copies of abbreviated accounts 9.3Company accounts disclosure checklist


10 ReviewYear File updated by Reviewed by

PLANNING THE AUDIT assessing risk, the PCAS approach

Planning the audit


• Risk assessment

• Materiality

C8.1 – General Risk Assessment

C8.2 – Financial Statements Risk Action Plan

C8.3 - Assertions Risk Action Plan

C8.4 – Risk Response Summery

C9.1 – Fraud Risk Factor Risk Assessment

PLANNING THE AUDIT assessing risk, the PCAS approach cont’d




Any risks that are assessed as 'medium' or 'high' should normally be carried forward to C8.2 or C8.3 as appropriate. Where this is not the case a full explanation should be given as to how the risk will be managed.






Note. An explanation must be given where the risk of fraud in relation to revenue recognition is not assessed as high.


PLANNING THE AUDIT assessing risk, the alternative approach

PCAS UNIVERSITYFINANCIAL RISK ASSESSMENT TEMPLATES

FY2013 FY2012

FS Item (Use details from notes) GH¢ GH¢ Difference

%'tage change

Management Response

Risk (H,M,L)

Justification for risk Audit Approach WP Ref.

FS & assession level risks

PLANNING THE AUDIT assessing risk, the alternative approach

PCAS UNIVERSITYFINANCIAL RISK ASSESSMENT TEMPLATES

FY2013 FY2012

FS Item (Use details from notes) GH¢ GH¢ Difference

%'tage change

Management Response

Risk (H,M,L)

Justification for risk Audit Approach WP Ref.

Tuition Revenue 1

Tuition Fees 3,000,241 2,751,747 248,494 8% Increase in fees L

8% increase in tuition fees was

effected in 2013Check number of new

students admitted.Examination Fees 56,506 44,044 12,462 22%Admission Fees 28,631 10,761 17,870 62%Project Work Fees 39,090 8,413 30,677 78%Computer User Fees 52,107 28,737 23,370 45%Registration Fees 53,712 45,794 7,918 15%Graduation Fees 120,712 45,681 75,031 62%

FS & assession level risks

PLANNING THE AUDIT materiality

Planning the audit


• Risk assessment

• Materiality

According to ISA 320:

Information is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements.

Materiality depends on the size of the item or error judged in the particular circumstances of its omission or misstatement.

Thus, materiality provides a threshold or cut-off point rather than being a primary qualitative characteristic which information must have if it is to be useful.

Materiality

PLANNING THE AUDIT materiality

Golden rule:The higher the risk, the lower the materiality level and the higher the percentage coverage.

Thus:

The threshold (materiality) should be lowered for high risk areas in order to achieve a greater coverage of that particular risk area.

The threshold (materiality) should be raised for low risk areas in order to avoid spending too much time on particular low-risk area.

PLANNING THE AUDIT materiality, the PCAS approach






PLANNING THE AUDIT the planning meeting, the PCAS checklist (C5.1)

The engagement partner and other key members of the engagement team shall be involved in the planning, including participating in the discussion among engagement team members; ISA 300.5.

The engagement team discussion must include specific consideration of the susceptibility of the financial statements to material misstatement due to fraud or error that could result from the entities related party relationships and transactions. ISA 550.12


Comments WP Ref1 Record the names of all audit staff in attendance. 2 Record the date of the meeting. 3 Discuss the susceptibility of the entity's financial statements to material

statement, recording:

a) the risks identified; b) the financial statements assertion(s) impacted; and c) its reference in the Identified Risks database.

4 Discuss the susceptibility of the entity's financial statements to material misstatement, using the Fraud Risk Factors checklist if required, recording:

C9.1

a) the risks identified; b) the financial statements assertion(s) impacted; and c) its reference in the Identified Risks database.

5 Confirm that the discussion included consideration of the possibility of fraud in relation to:

a) Revenue recognition; b) Management override of controls; c) Related party relationships and transactions;

6 Record any other matters raised by the engagement team that impact the audit strategy.


PLANNING THE AUDIT quality control, the PCAS approach (C12)

Comments WP Ref1 Consider whether there is a need under the firm's

procedures or ethical requirements for an engagement quality control review by a second partner or external consultants.

2 Agree the timing and scope of the review with the partner (or other external consultants) who will be undertaking it.

3 Confirm that the time budget and completion timetable have been updated accordingly.

4 Where applicable, have points raised in a cold review of the previous year been incorporated into this period's planning?

PLANNING THE AUDIT sample size planning, the PCAS approach (C13.2)

SAMPLE SIZE PLANNING

Objective

number

Extensive

analytical

review to be used?

Tests of effective-ness of internal controls

to be used?

Effective-ness of internal controls sample

size

Substantive

procedures to be used?

Substantive

procedures

sample size

Comments

E Intangible assets F Tangible fixed

assets

G Investments to group and associated undertakings

H Other investments I Stock

PLANNING THE AUDIT independence, the PCAS checklist (C2.1)

Firms independence on clients: Before any engagement is agreed, the firm must assess her independence of the client and on the engagement. This can be done by using the checklist C2.1 provided in the PCAS.

Audit team independence on the audit client:The team must confirm their independence on the client and the audit engagement.

Employees independence on firms audit clients:All other client facing staff must complete and submit the annual independent declaration form and submit same to the managing partner.

SYSTEMS DOCUMENTATION




In order to document internal controls effectively, the auditors must understand the flow of transactions, how they are initiated, recorded, authorized, processed, and reported.

Auditors must also identify and document the risks within the process, including fraud risk, and the controls that should be implemented to manage those risks.

auditors must also determine which controls are necessary to the process, activity, or system under review in light of the risk profile.




Systems documentation


Where the organisation does not have an Internal Controls Manual, document existing internal controls systems using the:

1. Internal Controls Questionnaires (PCAS C5.2) 2. Flow Charts (refer to templates)3. Narrative Descriptions (refer to templates) (through interview with management / schedule officers)

Review documented controls against standard controls or best practice in light of the organisations risk profile and note observations.



Example of flow chart




Gain physical access to the computerized system


Note:

If your client uses a computerized accounting system, always, obtain a special access to the system and check the internal controls embedded in the system.

If you do not have expertise in the use of your client’s accounting system, consult.

If in doubt consult!!!

TESTING THE INTERNAL CONTROLS

Test of controls, compliance testing

Test the accounting and internal controls systems

• Test of controls

• Compliance tests

Test documented internal controls through observation and enquiries and document any adverse findings.

Review controls against statutory and standard procedures and note any adverse findings.

Check controls against identified fraud risks in specific trust areas and ensure that the risks are mitigated by the controls and note any adverse findings for management discussions.

Test the organization compliance with their own internal controls by testing selected transactions against the documented controls.

OBTAINING AUDIT EVIDENCEsubstantive testing, third party confirmations & expert opinion

Test the financial statements

• Substantive testing

• Third party confirmations

• Expert opinion

In respect of audit evidence ISA 500.9 states:

When using information produced by the entity, the auditor shall evaluate whether the information is sufficiently reliable for the auditor's purposes, including as necessary in the circumstances:

(a)Obtaining audit evidence about the accuracy and completeness of the information; and

(b) Evaluating whether the information is sufficiently precise and detailed for the auditor's purposes.

OBTAINING AUDIT EVIDENCEsubstantive testing, third party confirmations & expert opinionISA 500.6: Assertions used by the auditor are as follows:

1. Assertions about classes of transactions and events for the period under audit:

a. Occurrence - transactions and events that have been recorded have occurred and pertain to the entity.

b. Completeness - all transactions and events that should have been recorded have been recorded.

c. Accuracy - amounts and other data relating to recorded transactions and events have been recorded appropriately.

d. Cut-off - transactions and events have been recorded in the correct accounting period.

e. Classification - transactions and events have been recorded in the proper accounts.


ISA 500.6: Assertions used by the auditor are as follows:

2. Assertions about account balances at the period end:

(i) Existence - assets, liabilities, and equity interests exist. (ii) Rights and obligations - the entity holds or controls the rights to assets, and liabilities are the obligations of the entity. (iii) Completeness - all assets, liabilities and equity interests that should have been recorded have been recorded. (iv) Valuation and allocation - assets, liabilities, and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded.


ISA 500.6: Assertions used by the auditor are as follows:

3. Assertions about presentation and disclosure:

(i) Occurrence and rights and obligations - disclosed events, transactions, and other matters have occurred and pertain to the entity. (ii) Completeness - all disclosures that should have been included in the financial statements have been included. (iii) Classification and understandability - financial information is appropriately presented and described, and disclosures are clearly expressed. (iv) Accuracy and valuation - financial and other information are disclosed fairly and at appropriate amounts. (ISA 315.A111)

OBTAINING AUDIT EVIDENCEsubstantive testing, third party confirmations & expert opinionKEY POINTS:

Audit objectives are the auditor's method of defining and testing those assertions. Audit tests must be designed to meet each of the above financial statements assertions.

Some of these assertions are often more inherently risky than others. For example, it is often the case that the 'Completeness' and 'Valuation' assertions are more risky from an auditing point of view than (say) the 'Existence' assertion. Accordingly, specific risk assessments should not be restricted to just considering the balance as a whole.

The key to an efficient audit lies in appreciating where the risks truly lie in terms of the underlying assertions within a particular balance and focussing the audit work accordingly.


• At the commencement of each audit programme section there is a summary sheet setting out the audit objectives for that audit area and how the audit tests are assigned to meet those objectives.

• By keeping specific audit objectives in mind, audit tests can be efficiently directed to meet them.

• If any tailoring of the programme is done, the audit objectives should be cross-referenced to the tailored programme to ensure that they continue to be met by the revised/new programme.

• If additional or alternative tests are carried out, these should likewise be cross-referenced to the audit objectives.

• This should ensure that these tests also meet the objectives set.


• A conclusion should be drawn for each audit area. This is vitally important. Not only should the summary sheet be concluded upon, but for each main test within each area there should be stated:

the aim/objective of the tests; the work performed; the results obtained; and the conclusion reached.

OBTAINING AUDIT EVIDENCEsubstantive test, third party confirmations & expert opinion

1. Prepare lead schedules to agree with draft FS, trial balance and Nominal Ledgers.

2. Prepare subsidiary schedules to agree with Nominal ledgers and trial balance.

3. Conduct detailed test of transactions on ledger using the test criteria provided in the PCAS audit programme.

4. Where the need be, obtain confirmations from third party, e.g. debtors, creditors etc.

5. For highly technical areas, obtain expert opinions.

CASE STUDY

Documents

PCAS training 19 11 2015