Upload
ransford-armah
View
340
Download
9
Embed Size (px)
Citation preview
RISK BASED APPROACH TOFINANCIAL STATEMENTS AUDITING
USING PRIVATE COMPANY AUDITING SYSTEM (PCAS), PRODUCT OF CCH (UK)
Presented by:
Ransford Armah ACCA, MSc
Asst. ManagerQuality Assurance Monitoring
OBJECTIVE OF THE TRAININGParticipants are expected to gain practical knowledge on • The meaning and reason for financial statements auditing• The meaning of professional scepticism • The legal & regulatory framework of auditing • Key stages of an audit• Financial Statements audit process• Planning the audit• Permanent Audit File using PCAS• Audit risk assessment using PCAS• Materiality• The planning meeting • QC, the PCAS approach• Auditor independence• Systems documentation
OBJECTIVE OF THE TRAININGParticipants are expected to gain practical knowledge on
• Test of controls, compliance testing, substantive test using PCAS
• Preparation of lead schedules and other test documentations.
Meaning and reasons for financial statements auditing
A financial statements audit is the examination of an entity's financial statements and accompanying disclosures by an independent auditor. The result of this examination is a report by the auditor, attesting to the fairness of presentation of the financial statements and related disclosures.
The auditor's report must accompany the financial statements when they are issued to the intended recipients.
The purpose of a financial statements audit is to add credibility to the reported financial position and performance of a business
Meaning and reasons for financial statements auditingWhat is true and fair view?
True information is factual and conforms with reality, not false. In addition the information conforms with required standards and law. The accounts have been correctly extracted from the books and
records.
Fair information is free from discrimination and bias and in compliance with expected standards and rules. The accounts should reflect the commercial substance of the
company’s underlying transactions.
Meaning and reasons for financial statements auditingObjectives of Auditing
Primary Objective (main objective) To produce a report by the auditor of his opinion of the truth and
fairness of financial statements so that any person reading or using them can have belief in them.
Secondary To detect errors and fraud ( Consider materiality) To prevent errors and fraud by the deterrent effect of the audit To provide spin- off effects. The auditor will be able to assist his
clients with accounting , systems, taxation , financial , and other problems.
PROFESSIONAL SCEPTICISM
In carrying out his work the auditor should adopt an attitude of professional skepticism, recognizing that circumstances may exist which cause the financial statements to be materially misstated, i.e. professional skepticism, ISA, makes it clear that, even where auditors assess that the risk of litigation or adverse publicity are very low, they must still perform sufficient procedures according to auditing standards, i.e. there can never be a reason for carrying out an audit of a lower quality than that demanded by the ISA’s, not even fee pressure.
The purpose of the independent audit is to ensure that the financial statements are OBJECTIVE, FREE from BIAS and MANIPULATION and RELEVANT to the need of users.
LEGAL FRAMEWORK OF AUDITING
The work of an auditor is regulated by two sources Statues, the Companies Act 1963 (Act 179) International Standards on Auditing (issued by IFAC) Other standards issued by the IASB The professional standards and ethical
principles that govern auditors’ responsibilities are Integrity Objectivity Independence Professional competence and due care Professional behavior Confidentiality
LEGAL & REGULATORY FRAMEWORK OF AUDITING
KEY STAGES OF AN AUDIT
Client acceptance and continuance, ISQC 1.Establish the terms of the engagement, ISA 210Plan the audit, ISA300 - 450Consider internal control & other regulatory frameworks, ISA 250aObtain audit evidence,ISA500 - 620Report findingsISA 700 – 720, ISA 250b-265
follow firm’s A&C procedures in firms ISQC 1 documentation.
ToR, fees considerations, follow firms ISQC 1 engagement procedures.
analytical review, risk assessment, materiality, Risk response, evaluate
misstatements etc.ICQ, test of controls, consider best
practice, company’s regulatory framework etc. analytical review, ledgers, transaction,
acct. balances, reconciliations, confirmations, fair valuation, related
parties, going concern etc. Opinion letter, management letter.
THE FINANCIAL STATEMENTS AUDIT PROCESS
Planning the audit
• Understanding the organisation
• Risk assessment
• Materiality
Document accounting & internal controls systems
• Systems Documentation
• Gain physical assess to systems
Test the accounting and internal controls systems
• Test of controls
• Compliance tests
Test the financial statements
• Substantive testing
• Third party confirmations
• Expert opinion
Review the financial statements
• Hot file review
• Second reviewer
• Proof reading• Disclosure
checklist• EQCR
Express an opinion
• Unqualified• Qualified• Disclaimer /
denial• Adverse
PLANNING THE AUDIT understanding the organization, the PCAS approach
Planning the audit
• Understanding the organisation
• Risk assessment
• Materiality
For first time audit, complete the Permanent Audit File (PAF) and attach all relevant and available documentary evidences.
For subsequent audits, update the PAF with the necessary changes and sign off. Reviewer should also sign off.
All changes must be discussed at the team briefing meeting and documented.
Other information such as newspaper publications, correspondences, meeting notes, extracts from board minutes must also be kept in the PAF and referenced to the “Current Audit File”.
Understanding the organisation
Select “ YES” to all the relevant PAF documentations that are applicable, then click
“refresh ISA Programme”
LEGAL FRAMEWORK OF AUDITINGPAF 01 is the PAF index to all the templates referred to in PAF 02 – PAF 13Some of the PAF templates may require additional supporting documentations. These must be scanned separately and kept in a separate folder and reference to the PCAS programme.
LEGAL FRAMEWORK OF AUDITINGTHE PERMANENT AUDIT FILE (PAF) INDEX
PERMANENT AUDIT FILE INDEX
1 General information1.1 Background information (PAF02) 1.2 Details of bankers and professional
advisors (PAF03)
1.3 Know Your Client Checklist (PAF04) 1.4 Register of laws and regulations (PAF05) 1.5 Details of related parties (PAF06) 1.6 Significant accounting policies (PAF07) 1.7 Significant accounting estimates (PAF13) 1.8 Copy of current detailed risk
assessment
1.9
LEGAL FRAMEWORK OF AUDITINGTHE PERMANENT AUDIT FILE (PAF)
2 Engagement details2.1 Letter of engagement
2.2 Authorisations
2.3 Special instructions from client
2.4 Special instructions from group auditors
2.5 Copy of resolution re: appointment
2.6 New client checklist (PAF08) 2.7 Register of non audit services (PAF10) 2.8 Register of involvement in the audit (PAF11) 2.9
LEGAL FRAMEWORK OF AUDITINGTHE PERMANENT AUDIT FILE (PAF)
3 Accounting systems3.1Organisation chart 3.2Review of design and
implementation of controls
3.3 Internal Control Questionnaire 3.4Systems notes (PAF09)
3.5Letters of comment (copies) 3.6
LEGAL FRAMEWORK OF AUDITINGTHE PERMANENT AUDIT FILE (PAF)
4 Statutory information4.1List of shareholders 4.2Details of mortgages/charges
4.3Directors’ interests in shares and debentures
4.4Copy annual return 4.5Copy elective resolutions 4.6Memorandum and Articles of
Association
4.7Specified asset locked bodies (for CIC clients only) (PAF12)
4.8
LEGAL FRAMEWORK OF AUDITINGTHE PERMANENT AUDIT FILE (PAF)
5 Taxation (if no separate tax permanent file)
5.1 Direct tax elections
5.2 Indirect tax elections and certificates 5.3 Market values 6 April 1965 and 31
March 1982
5.4 Advance Corporation Tax details 5.5 PAYE dispensations 5.6 Relief claims (e.g. rollover) 5.7
LEGAL FRAMEWORK OF AUDITINGTHE PERMANENT AUDIT FILE (PAF)
6 Assets6.1Details of freehold/leasehold properties 6.2Details of location of title deeds 6.3Details of plant etc. (where no fixed asset
register exists) 6.4Details of intangible assets 6.5 Investments in subsidiaries and associated
undertakings 6.6Details of professional
valuations 6.7Details of insurance values
and cover 6.8
LEGAL FRAMEWORK OF AUDITINGTHE PERMANENT AUDIT FILE (PAF)
7 Contracts and agreements
7.1Details of contracts and agreements with index 7.2Details of share options 7.3Bank overdraft or loan facilities, security and
covenants 7.4Details of other
loans 7.5
LEGAL FRAMEWORK OF AUDITINGTHE PERMANENT AUDIT FILE (PAF)
8 Correspondence and information of continuing interest
8.1 Index
9 Accounts
9.1Signed copies of full accounts 9.2Signed copies of abbreviated accounts 9.3Company accounts disclosure checklist
LEGAL FRAMEWORK OF AUDITINGTHE PERMANENT AUDIT FILE (PAF)
10 ReviewYear File updated by Reviewed by
PLANNING THE AUDIT assessing risk, the PCAS approach
Planning the audit
• Understanding the organisation
• Risk assessment
• Materiality
C8.1 – General Risk Assessment
C8.2 – Financial Statements Risk Action Plan
C8.3 - Assertions Risk Action Plan
C8.4 – Risk Response Summery
C9.1 – Fraud Risk Factor Risk Assessment
PLANNING THE AUDIT assessing risk, the PCAS approach cont’d
C8.1 – General Risk Assessment
PLANNING THE AUDIT assessing risk, the PCAS approach cont’d
C8.1 – General Risk Assessment
Any risks that are assessed as 'medium' or 'high' should normally be carried forward to C8.2 or C8.3 as appropriate. Where this is not the case a full explanation should be given as to how the risk will be managed.
PLANNING THE AUDIT assessing risk, the PCAS approach cont’d
PLANNING THE AUDIT assessing risk, the PCAS approach cont’d
PLANNING THE AUDIT assessing risk, the PCAS approach cont’d
PLANNING THE AUDIT assessing risk, the PCAS approach cont’d
PLANNING THE AUDIT assessing risk, the PCAS approach cont’d
Note. An explanation must be given where the risk of fraud in relation to revenue recognition is not assessed as high.
PLANNING THE AUDIT assessing risk, the PCAS approach cont’d
PLANNING THE AUDIT assessing risk, the alternative approach
PCAS UNIVERSITYFINANCIAL RISK ASSESSMENT TEMPLATES
FY2013 FY2012
FS Item (Use details from notes) GH¢ GH¢ Difference
%'tage change
Management Response
Risk (H,M,L)
Justification for risk Audit Approach WP Ref.
FS & assession level risks
PLANNING THE AUDIT assessing risk, the alternative approach
PCAS UNIVERSITYFINANCIAL RISK ASSESSMENT TEMPLATES
FY2013 FY2012
FS Item (Use details from notes) GH¢ GH¢ Difference
%'tage change
Management Response
Risk (H,M,L)
Justification for risk Audit Approach WP Ref.
Tuition Revenue 1
Tuition Fees 3,000,241 2,751,747 248,494 8% Increase in fees L
8% increase in tuition fees was
effected in 2013Check number of new
students admitted.Examination Fees 56,506 44,044 12,462 22%Admission Fees 28,631 10,761 17,870 62%Project Work Fees 39,090 8,413 30,677 78%Computer User Fees 52,107 28,737 23,370 45%Registration Fees 53,712 45,794 7,918 15%Graduation Fees 120,712 45,681 75,031 62%
FS & assession level risks
PLANNING THE AUDIT materiality
Planning the audit
• Understanding the organisation
• Risk assessment
• Materiality
According to ISA 320:
Information is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements.
Materiality depends on the size of the item or error judged in the particular circumstances of its omission or misstatement.
Thus, materiality provides a threshold or cut-off point rather than being a primary qualitative characteristic which information must have if it is to be useful.
Materiality
PLANNING THE AUDIT materiality
Golden rule:The higher the risk, the lower the materiality level and the higher the percentage coverage.
Thus:
The threshold (materiality) should be lowered for high risk areas in order to achieve a greater coverage of that particular risk area.
The threshold (materiality) should be raised for low risk areas in order to avoid spending too much time on particular low-risk area.
PLANNING THE AUDIT materiality, the PCAS approach
PLANNING THE AUDIT materiality, the PCAS approach
PLANNING THE AUDIT materiality, the PCAS approach
PLANNING THE AUDIT materiality, the PCAS approach
PLANNING THE AUDIT materiality, the PCAS approach
PLANNING THE AUDIT materiality, the PCAS approach
PLANNING THE AUDIT the planning meeting, the PCAS checklist (C5.1)
The engagement partner and other key members of the engagement team shall be involved in the planning, including participating in the discussion among engagement team members; ISA 300.5.
The engagement team discussion must include specific consideration of the susceptibility of the financial statements to material misstatement due to fraud or error that could result from the entities related party relationships and transactions. ISA 550.12
PLANNING THE AUDIT the planning meeting, the PCAS checklist (C5.1)
Comments WP Ref1 Record the names of all audit staff in attendance. 2 Record the date of the meeting. 3 Discuss the susceptibility of the entity's financial statements to material
statement, recording:
a) the risks identified; b) the financial statements assertion(s) impacted; and c) its reference in the Identified Risks database.
4 Discuss the susceptibility of the entity's financial statements to material misstatement, using the Fraud Risk Factors checklist if required, recording:
C9.1
a) the risks identified; b) the financial statements assertion(s) impacted; and c) its reference in the Identified Risks database.
5 Confirm that the discussion included consideration of the possibility of fraud in relation to:
a) Revenue recognition; b) Management override of controls; c) Related party relationships and transactions;
6 Record any other matters raised by the engagement team that impact the audit strategy.
PLANNING THE AUDIT the planning meeting, the PCAS checklist (C5.1)
PLANNING THE AUDIT quality control, the PCAS approach (C12)
Comments WP Ref1 Consider whether there is a need under the firm's
procedures or ethical requirements for an engagement quality control review by a second partner or external consultants.
2 Agree the timing and scope of the review with the partner (or other external consultants) who will be undertaking it.
3 Confirm that the time budget and completion timetable have been updated accordingly.
4 Where applicable, have points raised in a cold review of the previous year been incorporated into this period's planning?
PLANNING THE AUDIT sample size planning, the PCAS approach (C13.2)
SAMPLE SIZE PLANNING
Objective
number
Extensive
analytical
review to be used?
Tests of effective-ness of internal controls
to be used?
Effective-ness of internal controls sample
size
Substantive
procedures to be used?
Substantive
procedures
sample size
Comments
E Intangible assets F Tangible fixed
assets
G Investments to group and associated undertakings
H Other investments I Stock
PLANNING THE AUDIT independence, the PCAS checklist (C2.1)
Firms independence on clients: Before any engagement is agreed, the firm must assess her independence of the client and on the engagement. This can be done by using the checklist C2.1 provided in the PCAS.
Audit team independence on the audit client:The team must confirm their independence on the client and the audit engagement.
Employees independence on firms audit clients:All other client facing staff must complete and submit the annual independent declaration form and submit same to the managing partner.
SYSTEMS DOCUMENTATION
Document accounting & internal controls systems
• Systems Documentation
• Gain physical assess to systems
In order to document internal controls effectively, the auditors must understand the flow of transactions, how they are initiated, recorded, authorized, processed, and reported.
Auditors must also identify and document the risks within the process, including fraud risk, and the controls that should be implemented to manage those risks.
auditors must also determine which controls are necessary to the process, activity, or system under review in light of the risk profile.
Document accounting & internal controls systems
• Systems Documentation
• Gain physical assess to systems
Systems documentation
SYSTEMS DOCUMENTATION
Where the organisation does not have an Internal Controls Manual, document existing internal controls systems using the:
1. Internal Controls Questionnaires (PCAS C5.2) 2. Flow Charts (refer to templates)3. Narrative Descriptions (refer to templates) (through interview with management / schedule officers)
Review documented controls against standard controls or best practice in light of the organisations risk profile and note observations.
SYSTEMS DOCUMENTATION
SYSTEMS DOCUMENTATION
Example of flow chart
Document accounting & internal controls systems
• Systems Documentation
• Gain physical assess to systems
Gain physical access to the computerized system
SYSTEMS DOCUMENTATION
Note:
If your client uses a computerized accounting system, always, obtain a special access to the system and check the internal controls embedded in the system.
If you do not have expertise in the use of your client’s accounting system, consult.
If in doubt consult!!!
TESTING THE INTERNAL CONTROLS
Test of controls, compliance testing
Test the accounting and internal controls systems
• Test of controls
• Compliance tests
Test documented internal controls through observation and enquiries and document any adverse findings.
Review controls against statutory and standard procedures and note any adverse findings.
Check controls against identified fraud risks in specific trust areas and ensure that the risks are mitigated by the controls and note any adverse findings for management discussions.
Test the organization compliance with their own internal controls by testing selected transactions against the documented controls.
OBTAINING AUDIT EVIDENCEsubstantive testing, third party confirmations & expert opinion
Test the financial statements
• Substantive testing
• Third party confirmations
• Expert opinion
In respect of audit evidence ISA 500.9 states:
When using information produced by the entity, the auditor shall evaluate whether the information is sufficiently reliable for the auditor's purposes, including as necessary in the circumstances:
(a)Obtaining audit evidence about the accuracy and completeness of the information; and
(b) Evaluating whether the information is sufficiently precise and detailed for the auditor's purposes.
OBTAINING AUDIT EVIDENCEsubstantive testing, third party confirmations & expert opinionISA 500.6: Assertions used by the auditor are as follows:
1. Assertions about classes of transactions and events for the period under audit:
a. Occurrence - transactions and events that have been recorded have occurred and pertain to the entity.
b. Completeness - all transactions and events that should have been recorded have been recorded.
c. Accuracy - amounts and other data relating to recorded transactions and events have been recorded appropriately.
d. Cut-off - transactions and events have been recorded in the correct accounting period.
e. Classification - transactions and events have been recorded in the proper accounts.
OBTAINING AUDIT EVIDENCEsubstantive testing, third party confirmations & expert opinion
ISA 500.6: Assertions used by the auditor are as follows:
2. Assertions about account balances at the period end:
(i) Existence - assets, liabilities, and equity interests exist. (ii) Rights and obligations - the entity holds or controls the rights to assets, and liabilities are the obligations of the entity. (iii) Completeness - all assets, liabilities and equity interests that should have been recorded have been recorded. (iv) Valuation and allocation - assets, liabilities, and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded.
OBTAINING AUDIT EVIDENCEsubstantive testing, third party confirmations & expert opinion
ISA 500.6: Assertions used by the auditor are as follows:
3. Assertions about presentation and disclosure:
(i) Occurrence and rights and obligations - disclosed events, transactions, and other matters have occurred and pertain to the entity. (ii) Completeness - all disclosures that should have been included in the financial statements have been included. (iii) Classification and understandability - financial information is appropriately presented and described, and disclosures are clearly expressed. (iv) Accuracy and valuation - financial and other information are disclosed fairly and at appropriate amounts. (ISA 315.A111)
OBTAINING AUDIT EVIDENCEsubstantive testing, third party confirmations & expert opinionKEY POINTS:
Audit objectives are the auditor's method of defining and testing those assertions. Audit tests must be designed to meet each of the above financial statements assertions.
Some of these assertions are often more inherently risky than others. For example, it is often the case that the 'Completeness' and 'Valuation' assertions are more risky from an auditing point of view than (say) the 'Existence' assertion. Accordingly, specific risk assessments should not be restricted to just considering the balance as a whole.
The key to an efficient audit lies in appreciating where the risks truly lie in terms of the underlying assertions within a particular balance and focussing the audit work accordingly.
OBTAINING AUDIT EVIDENCEsubstantive testing, third party confirmations & expert opinionKEY POINTS:
• At the commencement of each audit programme section there is a summary sheet setting out the audit objectives for that audit area and how the audit tests are assigned to meet those objectives.
• By keeping specific audit objectives in mind, audit tests can be efficiently directed to meet them.
• If any tailoring of the programme is done, the audit objectives should be cross-referenced to the tailored programme to ensure that they continue to be met by the revised/new programme.
• If additional or alternative tests are carried out, these should likewise be cross-referenced to the audit objectives.
• This should ensure that these tests also meet the objectives set.
OBTAINING AUDIT EVIDENCEsubstantive testing, third party confirmations & expert opinionKEY POINTS:
• A conclusion should be drawn for each audit area. This is vitally important. Not only should the summary sheet be concluded upon, but for each main test within each area there should be stated:
the aim/objective of the tests; the work performed; the results obtained; and the conclusion reached.
OBTAINING AUDIT EVIDENCEsubstantive test, third party confirmations & expert opinion
1. Prepare lead schedules to agree with draft FS, trial balance and Nominal Ledgers.
2. Prepare subsidiary schedules to agree with Nominal ledgers and trial balance.
3. Conduct detailed test of transactions on ledger using the test criteria provided in the PCAS audit programme.
4. Where the need be, obtain confirmations from third party, e.g. debtors, creditors etc.
5. For highly technical areas, obtain expert opinions.
CASE STUDY