CHAPTER 1: INTRODUCTION AND OVERVIEW OF AUDIT AND ASSURANCE

WHAT IS AUDIT?

An assurance engagement (or service) is defined as ‘an engagement in which an assurance practitioner aims to obtain sufficient
appropriate evidence in order to express a conclusion designed to enhance the degree of confidence of the intended users other
than the responsible party about the outcome of the measurement or evaluation of an underlying subject matter against
criteria.’

• Assurance engagement: audit

• Assurance practitioner: auditor or audit firm
• Conclusion: auditor’s report/output of audit
• Intended users: the people for whom the assurance practitioner prepares the report
o banks, investors, stakeholder (normally existing shareholders)
• Responsible party: the person or organisation responsible for the preparation of subject matter
o the company/ auditee, board of directors → management (CEO, CFO)
• Subject matter: financial reports/financial statements
• Criteria: the rules or principles by which the subject matter is being evaluated
o consistency with IFRS, AASBs, auditing standards

Auditing requires professional judgement, professional scepticism and due care. These require expertise and experience.
Sources of demand for audit and assurance services: remoteness – shareholders have a separation from the financial accounts,
complexity and competing incentives.

ASSURANCE SERVICES

1. FINANCIAL REPORT AUDIT – FOCUS OF THIS UNIT

An engagement designed to express an opinion about whether the report is prepared in all material respects in accordance with
a financial reporting framework (ASA 200, para. 11; ISA 200, para 11)
Conducted to enhance the reliability and credibility of the information included in a financial report.

Limitations of audit:
• there is no guarantee that the financial report is free from error or fraud
• the nature of the audit procedures and processes are required to be performed within a reasonable period and at a
reasonable cost (ASA 200)
• judgement is required in the process of preparation of the financial statements

2. COMPLIANCE AUDIT
• Involves gathering evidence to ascertain whether rules, policies, procedures, laws and regulations have been followed.
• A tax audit is an example of a compliance audit.

3. PERFORMANCE AUDIT
• Refers to the economy, efficiency and effectiveness of an organisation’s activities.
• Usually done by internal auditors or can be outsourced to external auditors.

4. COMPREHENSIVE AUDIT
• Combines elements of financial report audit, compliance audit and performance audit.
• Often occur in the public sector.

5. INTERNAL AUDIT
• Provides assurance about various aspects of an organisation’s activities.
• Often contain elements of performance audits, compliance audits, internal control assessments and reviews.

6. CORPORATE SOCIAL RESPONSIBILITY (CSR) AU DIT

• Includes voluntary reporting about environmental, employee and social subject matter.
• Incorporates both financial and non-financial information.
• Quantification of green gas emissions (GHG): Assurance Engagements on Greenhouse Gas Statements (ASAE 3410)
• There is no legal requirement to disclose CSR, assurance makes them more reliable
LEVELS OF ASSURANCE

Reasonable level of assurance » positive assurance expression

e.g. Financial Statement Audit

• The auditor has conducted sufficient tests and obtained appropriate and sufficient evidence to conclude positively that
the information that is assured is (or is not) reliable
• Detailed testing of a client’s control procedures and/or transactions and accounts have been conducted to satisfy that
the information being assured is fairly presented
Limited level of assurance » negative assurance expression
e.g. Review of a company’s half-year financial report

• Auditor has done adequate work to report whether or not anything came to their attention that would lead them to
believe that the information that is assured is not true and fair.
• Can’t say whether reports are in accordance to law, but can say that nothing makes them believe otherwise
No assurance » no assurance given
e.g. Agreed-upon procedures engagement

• The auditor does not report an opinion – merely report on the findings and the facts of their findings.
• The client determines the nature, timing and extent of evidence gathered and then draws their own conclusions about
these findings
12 months statements – the information becomes less relevant as time goes on
6-month audits help increase the relevance and reliability of the information.

DIFFERENT AUDIT OPINIONS

Unmodified:

• Unqualified or clean opinion = when the auditor believes the financial report is true and fair
• Financial report is true and fair, presents fairly the financial position of the company, information complies with AAS
and Corporations Act
• Clean bill of health

Modified:

• Qualified, adverse or disclaimer of opinion

• Modifications that do not affect the auditor’s opinion
o Emphasis of matter: draws the attention of the reader to an issue that the auditor believes has been
adequately and accurately explained in a note to the financial report. The purpose is to ensure that the reader
pays appropriate attention to the issue when reading the financial report
• Modifications that affect the auditor’s opinion:
o Qualified opinion: given when there are reservations about the ‘truth and fairness’ of the financial statements
This can include a qualified or ‘except for’ opinion, occurring when issues are material but not pervasive.
▪ when the auditor believes that ‘except for’ the effects of a matter that is explaining in the audit
report, the financial report can be relied upon by the reader.
o Adverse opinion: would arise when financial report is misstated and is material and pervasive
o Disclaimer of opinion: arise
when there is an inability to
obtain sufficient appropriate
audit evidence to base their
opinion, and concludes that the
effects on the financial report
could be material and
pervasive.

AUDIT REPORT STRUCTURE (ASA700)

Report on the Audit of the Financial Report

• Opinion
o True and fair view of financial position / performance
 o Compliance with Corporations Regulations 2001
• Basis for Opinion
o ASA
o Independence
• Key Audit Matters (ASA701)
o Matters of most significance in the audit
• Other Information
o Unaudited Information in the annual report
• Responsibilities of the Directors for the Financial Report
o Preparation of the financial report
• Auditor’s Responsibilities for the Audit of the Financial Report
o Obtain reasonable assurance

Report on the Remuneration Report

• Opinion on the Remuneration Report

o Compliance with section 300A of the Corporations Act 2001
• Responsibilities
o Directors: preparation of the remuneration report
o Auditors: express an opinion

PREPARERS AND AUDITORS

It is the responsibility of those charged with governance to prepare the financial statements. The information should be:

• Relevant
• Reliable
• Comparable
• Understandable
• True and fair

Auditor has responsibilities relating to the audit: skills of the auditor

• Professional scepticism: maintaining independent of the entity and having a questioning mind to thoroughly investigate
all evidence presented.
• Professional judgement: use of judgement based on level of expertise, knowledge and training obtained by the auditor.
• Due care: being diligent, applying standards and documenting each stage of the audit process.

DEMAND FOR AUDIT AND ASSURANCE SERVICES

The users of the financial statements are not limited to the shareholders or owners of the business.
Other users include:
• Potential investors
• Suppliers
• Customers
• Lenders
• Employees
• Government
• Public

Sources of Demand:

1. Remoteness: users do not have access to information themselves.

2. Complexity: users do not have knowledge to be able to make disclosure choices.
3. Competing incentives: users may find it difficult to identify when the incentives of management have been over-
represented.
4. Reliability: as decisions are being made based on information presented, it is important that it be reliable.
THEORETICAL FRAMEWORKS

1. Agency Theory: information asymmetry and agency relationship

• Agency theory tells us that due to the remoteness of the owners from the entity, the complexity of items included in
the financial report and competing incentives between the owners and managers, the owners (principals) have an
incentive to hire an auditor (incur a monitoring cost) to assess the truth and fairness of the information contained in
the financial report prepared by their managers (agents).
• Managers also have an incentive to hire an auditor to demonstrate to their shareholders that they have prepared true
and fair financial reports free of fraud and error.

2. Information Hypothesis

• The information hypothesis tells us that due to the demand for reliable, high-quality information, various user groups
including shareholders, banks and other lenders will demand that financial reports be audited to aid their decision
making.

3. Insurance Hypothesis

• The insurance hypothesis tells us that investors will demand that financial reports be audited as a way of insuring
against some of their loss should their investment fail.

THE ROLE OF REGULATORS AND REGULATIONS

• Financial Reporting Council (FRC)

• Auditing and Assurance Standards Board (AUASB)
• Accounting Professional and Ethical Standards Board (APESB)
• International Auditing and Assurance Standards Board (IAASB)
• Australian Securities and Investments Commission (ASIC)
• Australian Securities Exchange (ASX)
• Companies Auditors and Liquidators Disciplinary Board (CALDB)
• Professional Bodies (CPA Australia, CA ANZ, IPA)

Corporations Act

• Provides guidance on conducting audit of financial reports.

• This includes that certain accounts need to be audited (s. 301,) the audit report stating whether it is true and fair & in
accordance with accounting standards (s. 307,) standards must be applied (s. 307A,) retention of audit working papers
(s. 307B,) and independence declaration (s. 307C.)

CLERP 9

• Significant changes brought about from 1 July 2004 including auditing standards having ‘force of law.’
• Other changes include:
o Disclosure of non-audit services provided by auditor.
o Enhanced independence and employment requirements.
o Partner rotation

AUDIT EXPECTATION GAP

The audit expectation gap is the difference between the expectations of assurance providers and financial report or other users.

Can be caused by unrealistic user expectations

including:

• The auditor providing a complete

assurance.
• The auditor guaranteeing future viability
of entity.
• An unqualified opinion denotes complete
accuracy.
• The auditor will find all frauds.
The expectation gap can be reduced by:

• Auditors performing their duties appropriately

• Undertaking peer reviews of work performed
• Reviewing and updating auditing standards.
• Educating the public.
• Enhanced reporting explaining audit processes and levels of opinion auditors provide to the entity.
• Greater attention to the risk of material fraud occurring.

WEEK 2: ETHICS, LEGAL LIABILITY AND CLIENT ACCEPTANCE

FUNDAMENTAL PRINCIPLES OF PROFESSIONA L ETHICS (ICPOP)

All members of the professional accounting bodies are to comply with the fundamental ethical principles (APES 110, s100.4).

Integrity Be straightforward, honest, do not mislead

Confidentiality
Professional Competence/ Due Care
Objectivity/Independence
Professional Behaviour
Refrain from disclosing information, maintaining confidentiality – either
deliberate or inadvertent
Maintain knowledge, skill, due care/diligence
Do not let personal feelings, bias, prejudice influence professional
judgement. Remain independent and not influenced by any personal beliefs
Compliance with rules and regulations, do not make false claims and
undermine reputation of others

AUDITOR INDEPENDENCE

• Independence = the ability to act with integrity, objectivity and with professional scepticism (questioning mind)
• Lack of auditor independence impacts on credibility and reliability of the financial report
• The auditor must be, and be seen to be, independent
There are two forms of independence:

• Independence of mind
o The ability to act with integrity, objectivity and professional scepticism.
o The ability to make a decision that is free from bias, personal beliefs and client pressures.
o Independence of mind is also referred to as actual independence.
• Independence in appearance
o the belief that independence of mind has been achieved.
o It is not enough for an auditor to be independent of mind; they must also be seen to be independent.
o Auditors must consider their actions carefully and ensure that nothing is done to compromise their
independence both of mind and in appearance.
o Independence in appearance is also referred to as perceived independence.

THREATS TO AUDITOR INDEPENDENCE

Threat How does it Examples Safeguards

occur?
- Bank account held with the client - Policies and procedures within an
Self Interest Occurs if the
- Shares owned in the client accounting for identifying any staff
audit firm or its
staff have - A loan to or from the client with financial interest in an
- Fee dependence – where fees from a assurance client
financial interest
client form a significant portion of all - Regular review of assurance and
in audit client
fees of the firm other fees earned from each client
- Close business relationship with the in comparison to total fees from all
client assurance clients
- An audit partner is concerned about - Minimising the provision of non-
losing a prestigious client audit services to assurance clients
- Policies and procedures prohibiting
business relationships with clients
 Self Review Occurs when the - Assurance team member has recently - Minimising provision of non-audit
assurance team been an employee or director of the services to assurance clients
- When providing non-audit services,
need to form an client
ensuring that the client is
opinion on their - Preparing information for the client that
own work or work is then assured responsible for overseeing and
done by others in - Performing services for the client that guiding the work and making any
final decisions regarding the
their firm are then assured
outcomes of that work
- Asked to evaluated the effectiveness of
a system that a colleague in the firm - Having a cooling off period before
and audit partner can be employed
implemented on behalf of the client
in a senior role at an audit client
Advocacy Occurs when the - Encouraging others to buy client’s - Policies and procedures prohibiting
audit firm or staff shares or bonds business relationships with clients
- Policies and procedures prohibiting
act or is believed - Representing client in negotiations with
representation of clients in any
to act on behalf third party
disputes or legal matter
of the assurance - Representing client in a legal dispute
client - Can lead to questioning of auditor’s - Rotating staff assigned to clients so
that they don’t spend too much
objectivity
time at any one client’s premises
Familiarity Occurs when - Long association between assurance - Partner and staff rotation policies
close firm and client - Education regarding the acceptance
of gifts and hospitality from
relationships exist - Long association between assurance
assurance clients, providing
or develop firm and client personnel
examples of what is acceptable and
between - Close personal relationships between
assurance firm assurance firm staff and senior client what isn’t
- Procedures when assigning staff to
and client personnel
assurance clients ensuring no close
Assurance staff - Acceptance of gifts or hospitality by
members of assurance team from the personal relationships exist
can become too between assurance team members
client (other than minor tokens or
sensitive to the and client personnel
gestures)
needs of clients - Education regarding socialising with
and lose - A director is on the board of an audit
client who was until recently the client personnel
objectivity
engagement partner on the audit
Intimidation Occurs when the - Treat that the client will different - Avoidance of fee dependence
assurance team assurance firm next year - Appropriate corporate governance
structures within clients, such as an
feels threatened - Undue pressure to reduce audit hours
audit committee to liaise with
by the client to reduce fees paid or meet an
senior assurance team members
unrealistic deadline
- Audit firm is threatened with litigation and client management
- Adherence to stringent procedures
by client
regarding removal of assurance
- Undue pressure on the audit team to
allow them to use an inappropriate providers
accounting technique

AUDITOR INDEPENDENCE SAFEGUARDS

• Safeguards are mechanisms that have been developed by the accounting profession, legislators, regulators, clients and
accounting firms
• They are used to minimise the risk that a threat will surface (eg. through education) and to deal with a threat when it
becomes apparent (eg. through reporting processes within assurance firm)
• Created by profession, legislation or regulation
o Quality control standards
o Code of ethics
o Legislative requirement to be independent
• Created by clients
o Corporate governance – audit committee (entirely independent of audit firm and firm itself)
o Policies and procedures – to safeguard auditors independence
• Created by accounting firms
o Quality control procedures –to ensure quality of service
o Client acceptance and continuance
AUDITOR’S RELATIONSHIPS WITH OTHERS

Shareholders:
• The audit report is addressed to the shareholders of the company being audited.
• Shareholders rely on the audit report and the opinion contained within it to inform them about the reliability of the
information provided by the management of their company in the financial report.
• Shareholders also maintain the formal responsibility of appointment of auditor.
• Attendance at AGM
Board of Directors:
• The board of directors represents the shareholders and oversees the activities of a company and its management.
• A board will generally comprise a mixture of executive and nonexecutive directors.
• Executive directors are also part of the company’s management team; they are full-time employees of the company.
• Non-executive directors are not part of the company’s management team; their involvement is limited to preparing for
and attending board meetings and relevant board committee meetings.
• It is the directors’ responsibility to ensure that the financial report is prepared so as to provide a true and fair view.
Audit Committee:
• an audit committee acts on behalf of the full board of directors to ensure that the financial report is true and fair and
that the external auditor has access to all records and other evidence required to form their opinion.
• Top 500 listed companies must have audit committee, top 300 must follow ASX guidelines
• An audit committee can improve the efficiency of achieving truth and fairness of the financial report.
• Independent of the remainder of the board
• Members are able to read and understand the contents of the financial report.
• members have some understanding of the accounting policies used by the company and can communicate easily with
the auditor about those choices.
• The role of internal audit (and internal auditors) is determined by those charged with governance, ideally the audit
committee.
Internal Auditors:
• The external auditor views the internal audit function as part of the company being audited and, as such, the internal
audit function can never be wholly independent of the company.
• External auditor can reduce scope of testing if effective internal audit function (asa 610: isa 610).
• The final opinion on the truth and fairness of the financial report remains with the external auditor
• responsibile for gathering and evaluating sufficient appropriate audit evidence to form that opinion.
• Consider various internal audit characteristics including: the objectivity, technical competence and due professional
care of the internal audit function and the effectiveness of communication between internal and external audit.

ATTENDANCE AT AGM
External auditor is required to attend listed company’s AGM (Corp Act 2001, section 250RA)
Guidance GS 010:

• Written questions to the auditor before the AGM

o For shareholders (entitled to cast vote) of listed companies
o About the content of the audit report or the conduct of the audit
• Questions to the auditor at the AGM
o Additional possible topic for questions are accounting policies of the company and independence of the
auditor
• Auditor to be involved in the AGM planning process to discuss whether there are issues likely to be of interest for the
AGM participants.

LEGAL LIABILITY

External auditors must exercise due care, be diligent in applying standards and documenting work. This means that the auditor
must be diligent in applying technical and professional standards, and document each stage in the audit process. If the auditor is
found to be negligent (to have not exercised due care) they may be sued for damages by their client or a third party.

Auditor can be found negligent and liable for damages under tort law if its established that:

1. A duty of care was owed by the auditor

2. There was a breach of the duty of care
3. A loss was suffered as a consequence of that breach
LIABILITY TO CLIENTS:
• Liability under either contract or tort law
• Negligence: failed in performance of audit by being careless and breaching duty of care
• Contract: failed duty of care implicit in acting as auditor and explicit in engagement letter
• Case law shows change in definition of ‘reasonable’ care and skill over time as standards change
• A client must prove that the auditor owes them a duty of care. A client can establish that its auditor owes them a duty
of care using either the tort of negligence or contract law. Under the tort of negligence, the client must prove that the
auditor failed in the performance of their audit by being careless and breaching their duty of care. Under contract law,
the client must establish that the auditor breached the duty of care to their client that is implicit in agreeing to act as
auditor, and made explicit in an engagement letter.
• Key Cases
o London and General Bank Ltd (1895)
o Kingston Cotton Mill (1896)
o Pacific Acceptance (1970)
o HIH Royal Commission Report (2003)
o Centro Properties Group (2011-12)

Contributory negligence applied in AWA (1992) case: If directors are also negligent, auditor and client (management) is held
accountable in proportion to their guilt

LIABILITY TO THIRD PARTIES:

• No contract between auditor and third parties, they must rely on tort law and show duty of care
• Duty of care less likely with third parties
• Key cases:
o Candler (1951) - auditors liable to third parties that the auditors know their clients will show the accounts to
o Scott Group (1978) - auditors liable to third parties that they can reasonably foresee may rely on the financial
report of their client
o Caparo (1990) - reasonable proximity between auditor and third parties, auditor must be aware of third party
group and the decisions they intend to make
o Columbia Coffee and Tea (1992) - audit firm had manual stating they acknowledge that third parties would rely
on audited accounts
o Esanda (1997) - Judge argued against Columbia finding; Australian High Court ruled that for a third party to
establish duty of care, they must show:
▪ The report was prepared on the basis that it would be communicated to a third party
▪ The report was likely to be relied upon by that third party
▪ The third party ran the risk of suffering a loss if the report was negligently prepared
▪ Third parties can request privity letter

HOW TO AVOID LITIGATION

• Hire competent staff, regular training
• Comply with ethical and auditor regulations
• Implement policies and procedures:
o Client acceptance
o Staff allocation
o Ethical and independence issue identification and rectification
o Adequate work documentation
o Gather adequate and appropriate evidence to support opinion
• Meet with client’s audit committee to discuss significant issues arising in audit
• Follow up any significant weaknesses in client’s internal control procedures from previous year audit

CLIENT ACCEPTANCE AND CONTINUANCE

The first stage of any audit is the client acceptance or continuance decision. While the decision to take on a new client is more
detailed than the decision to continue with an existing client, they have much in common.

1. ASSESS CLIENT INTEGRITY - AUDITOR SHOULD CONSIDER:

• Reputation of client, management, directors, key stakeholders
• Client’s reason for switching auditor
• Client’s attitude to risk exposure and management
 • Client’s attitude to using internal controls to mitigate risk
• Appropriateness of the client’s interpretation of accounting rules
• Client’s willingness to allow auditor full access to information required to form an opinion
• Client’s attitude and willingness to pay fair amount for audit work

Auditor can obtain information from:

• Prior auditor (with client’s permission, APES 110),

• Client personnel,
• Third parties,
• Key competitors
• Review of press articles

2. ASSESS AUDIT FIRM’S ABILITY TO MEET ETHICAL REQUIREMENTS AND SERVICE CLIENT
Ethical Requirements:

• consideration must be given to any threats to compliance with the fundamental principles of professional ethics
(integrity, objectivity, professional competence and due care, confidentiality and professional behaviour) (APES 110
s.210).
• Threats to the fundamental principles of professional ethics will occur if the prospective client is dishonest, involved in
illegal activities, or aggressive in its interpretations of accounting rules.
• An audit firm should not accept an entity as a new client if it is concerned about any of these issues.
• To ensure professional competence and due care, an audit firm must make certain that it has the staff available at the
time required to complete the audit (client acceptance decision).
• The audit firm must ensure that its audit staff have the knowledge and competence required to conduct the audit. The
auditor must have access to independent experts if required.
• To ensure that it is independent of prospective and continuing clients, the audit firm must review the threats to
independence, described earlier, and make certain that safeguards are put in place to limit or remove those threats.
They should decline appointment if the threat is insurmountable.

3. PREPARE CLIENT ENGAGEMENT LETTER:

• An engagement letter is prepared by an auditor and acknowledged by a client before the commencement of an audit.
• It is a form of contract between an auditor and their client. It is not necessary to send a new engagement letter each
year for a continuing client, unless the terms of the engagement change significantly.
• The purpose of an engagement letter is to set out the terms of the audit engagement, to avoid any misunderstandings
between the auditor and their client.
• The letter will confirm the obligations of the client and the auditor in accordance with the Corporations Act. While the
engagement letter can expand upon the requirements that appear in legislation and standards, it cannot limit or
contradict those requirements.
• The engagement letter explains scope of audit, timing of various aspects of audit, overview of client responsibilities and
confirms auditor’s right of access to information, independence considerations.
• It also sets fees for the audit to be conducted.

Structure of Letter:
• Addressees: Directors of the company
• Objective and scope of the audit
– Obtain reasonable assurance that FS is free from material misstatements
• Responsibilities of the auditor
– Assessment of the risk of material misstatement
– No opinion on the effectiveness of the internal control system
– Appropriateness of accounting policies used by management
– Appropriate use of the going concern assumption by management
• Responsibilities of the management
– Preparation of the financial report
– Suitability of the internal control system for the preparation of the financial report
– Provide access to all FS related documents and to all persons within the entity
– Write and sign representation letters upon request
• Fee arrangements
• Other Matters under the Corporations Act 2001
– Independence
– Annual general meetings: pass on written questions
• Presentation of Audited Financial Report on the Internet
WEEK 3: RISK ASSESSMENT I

STAGES OF AN AUDIT

1. Risk Assessment phase

• gaining an understanding of the client
• identifying factors that may impact the risk of a material misstatement in the financial report
• performing a risk and materiality
assessment and developing an audit
strategy.
• The risk of a material misstatement
is the risk that the financial report
includes a significant error or fraud.
• Need to plan the audit by assessing
risk to reduce audit risk to an
acceptably low level.

Elements of preliminary risk assessment

o Understand the client – the sector that you’re auditing makes a significant difference to the audit
o Internal controls – need to know what controls are being implemented
o Significant accounts – what are their
biggest revenue and expense accounts
2. Risk response phase
• Performance of detailed tests of control and
substantive testing of transactions and accounts
o tests of control
o Substantive testing
3. Reporting phase
• Evaluation of the results detailed in testing in light
of the auditor’s understanding of their client
• forming an opinion on the truth and fairness of the
client’s financial report
• Conclusion and forming an opinion

STAGES OF THE AUDIT:

• Risk response involves detailed tests of controls and substantive testing of transactions and accounts
o If an auditor plans to rely on their client’s system of internal controls, they will conduct tests of control
(discussed in chapter 8).
o An auditor will conduct detailed substantive tests of transactions throughout the year and detailed substantive
tests of balances recorded at year end (discussed in chapters 9, 10 and 11).
o This detailed testing provides the evidence that the auditor requires to determine whether the financial report
is true and fair (discussed in chapter 12).
• Reporting involves evaluating results of detailed testing in light of the auditor’s understanding of their client and
forming an opinion on the truth and fairness of the client’s financial report.
o The final phase of the audit involves drawing conclusions based upon the evidence gathered and arriving at an
opinion regarding the truth and fairness of the financial report.
o The auditor’s opinion is expressed in the audit report (see chapter 12).
o At this stage of the audit, an auditor will draw on their understanding of the client, their detailed knowledge of
the risks faced by the client and the conclusions drawn when testing the client’s controls, transactions and
account balances.

GAINING UNDERSTANDING OF THE CLIENT

According to ASA 315; ISA 315, gaining an understanding of the client is necessary to assess the risk that the financial report
contains a material misstatement due to:

• The nature of the client’s business • The client’s customers and suppliers
• The industry in which the client operates • The regulatory environment in which the client
• The level of competition within that industry operates
ENTITY LEVEL:
•Ownership structure – how the firm is owned will impact the
business
•Major suppliers
•Major customers
•International transactions – what proportion of transactions are in
foreign currency
•Capacity to adapt to changes in technology
•Client relations with employees
•Warranties and discounts
•Client reputation and operating
•Sources of financing – going concern, ability to pay upcoming debts

INDUSTRY LEVEL:
•Level of competition – the more competitive the industry, the more
pressure on clients profits
•Clients reputation
•Government support
•Government regulation
•Level of demand for products

ECONOMY LEVEL:
•Economic upturns – companies are under pressure to perform as well
as or better than competition, s/h’s expect consistent improvement in
profits
•Economic downturns – companies may purposely understate profits
•Changes in interest rates
•Currency fluctuations

FRAUD RISK

During the risk assessment phase, the Auditor must assess risk of material misstatement due to fraud.

Auditor will adopt an attitude of professional scepticism to ensure that any indicator of a potential fraud is properly
investigated.

• Maintaining an independent questioning mind

• Search thoroughly for corroborating evidence to validate information provided by the client
• Don’t just rely on past experience with client
Make sure that your clients numbers make sense with industry averages.

Indicators (red flags) of possible fraud:

• High turnover of key employees

• Key finance personnel refusing to take leave
• Overly dominant management
• Poor compensation practices
• Inadequate training programs
• Complex business structure
• No, or ineffective, internal audit
• High turnover of auditors
• Unusual transactions
• Weak internal controls
FRAUD TRIANGLE

Two types of fraud:

1. Financial reporting fraud Opportunity

• Improper asset values, unrecorded liabilities
• Delaying expenses, bringing forward revenues
• Fictitious revenues, understating expenses
The Fraud
• Inappropriate application of accounting principles
Triangle
2. Misappropriation of assets fraud
• Using company credit card for personal items
• Failure to remove ex-employees from payroll
• Unauthorised discounts or refunds to customers Incentives/ Attitudes/
Pressures Rationalisation
• Theft of stock or other assets

GOING CONCERN RISK:

• Auditor must consider whether it is appropriate to assume that

client will remain a going concern (ASA 570; ISA 570)
• Going concern justifies valuing assets on basis they will continue to be used in business and liabilities paid when due
• Remaining a going concern is the responsibility of the client
• Auditor must obtain sufficient appropriate evidence to assess validity of going concern assumption
• Auditor makes professional judgement about going concern risk, based on risk indicators

ASA 570; ISA 570 has list of going concern risk indicators, examples include:

• Significant debt/equity ratio

• Long term loans due, no alternative finance
• Prolonged losses, inability to pay debts when due
• Loss of significant customer, supplier problems
• High staff turnover, loss of key personnel, strikes
• Problems of obtaining raw materials, inputs
• Poor growth planning, inadequate risk management
• Being under investigation for non-compliance
• Competitive pressures, drought etc.

Why is it important?

• Auditor is required to assess client efforts to identify going concern risk factors
• Auditor should obtain evidence of effect of risk factors on client and its ability to continue as going concern
• If going concern is in doubt, undertake additional audit procedures
o Assess cash flow, revenues, expenses, interim results
o Review debt contracts, board meeting minutes
o Discussions with client management and lawyers

Mitigating going concern risk:

• Auditor should also consider factors that mitigate (reduce) going concern risk such as:
o Letter of guarantee from parent company
o Availability of assets or segment of business for sale for cash
o Ability to raise funds through share issue or borrowing
• Consider adequacy of client disclosures in financial report about going concern issues

CORPORATE GOVERNANCE

Corporate governance is the rules, systems and processes within companies used to guide and control activities
eg. board of directors, audit committee

• Used to monitor actions of staff and assess level of risk faced

• Controls used to reduce identified risks and ensure future viability of the company

ASX principles and recommendations for listed companies

• Companies required to disclose their compliance, ‘if not, why not?’

IT ENVIRONMENT

• Auditor should consider particular risks faced by client related to IT (ASA 315; ISA 315), for example:
• Unauthorised access to computers, software, data
o Need security, passwords to prevent distorted data
• Errors in programs
o Can occur if not thoroughly tested before implementation, or mistakes made when changing programs
o Restrict program change rights to authorised personnel
o Programs need to be suitable for client requirements
• Lack of backup and loss of data
o Client should have appropriate IT installation and security procedures, and training for staff

CLOSING PROCEDURES

• Client closes accounts when preparing financial reports at year-end

o Revenue and expense accounts should include all transactions for the year, and none that relate to other
periods
o Accrued assets and liabilities should be complete
o Assets and liabilities should include all relevant items
• An auditor is concerned that transactions and events have been recorded in the correct accounting period
• Auditor faces risk that client closing procedures are inadequate
• Audit procedures to assess adequacy of client closing procedures:
o Assess adequacy of client interim reporting procedures
o Check accuracy of accrual calculations
o Analyse results to assess reasonableness
o Consider pressures on client to overstate profit or report smoothed income
o Trace transactions around year-end to documents to determine appropriate dates

WEEK 4: RISK ASSESSMENT II

AUDIT RISK

• The risk that an auditor expresses an inappropriate audit opinion when a financial report is materially misstated (ASA
200).
• This means the auditor gives an opinion that the financial report is true and fair when it contains a significant error or
fraud.
o Audit risk can never be zero (it would require needing to check every single transaction, cost a lot of money in
order to reach completely zero risk).
o Audit risk is reduced during the risk response phase by identifying the key risks and adjusting audit effort
accordingly.

AR = (Inherent Risk x Control Risk) → Client Specific x Detection Risk

INHERENT RISK
• Risks that exist due to the way things are done at a firm
• The susceptibility of an assertion to a misstatement that could be material either individually or when aggregated with
other misstatements, assuming there are no related controls
• Identification of accounts and related assertions most at risk of material misstatement.
• Assertions are statements made by management about recognition, measurement, presentation and disclosure of
items in financial report and notes
• Examples:
• Inventory items on the balance sheet actually exist
• Inventory items are valued correctly

Risks are more significant when they involve:

• Fraud
• Related to significant economic or accounting developments
• Complex transactions
• Significant related party transactions
• Significant subjectivity in measurement of financial information
• Significant transactions outside the client’s normal course of business
CONTROL RISK
The risk that a client’s system of internal controls (eg. policies and procedures – manual and IT )will not prevent or detect a
material misstatement

RISK OF MATERIAL MISSTATEMENT (RMM)

• Inherent + control risk combined
• Auditor plans to undertake detailed testing of each identified account:
• Based on auditor’s assessments of riskiness of account and related assertions, and effectiveness of the client’s system
of internal controls.

DETECTION RISK
• The risk that the auditor’s testing procedures will not be effective in detecting a material misstatement
• Auditor will plan and perform their audit to reduce audit risk to an acceptably low level (ASA 200; ISA 200).
• There is an inverse relationship between IR and CR combined (RMM), and DR
o i.e. if RMM is high, detection risk should be low (more testing will be done)
o If they do a lot of work – detection risk is low
o If they do little work – detection risk if high

AUDIT RISK MODEL

AR = f (IR, CR, DR)
Risk of material misstatement (RMM) existing in client’s financial report and at assertion level comprises both IR and CR
(RMM = IR + CR)

MATERIALITY

• Materiality guides audit planning, testing and assessment of information in financial reports.
• Information is material if it impacts on the decision-making process of the users of the financial reports.
• Can be at the financial report level – planning materiality or account level – performance materiality
• Information can also be considered material because of its nature or magnitude:
o Material due to nature – qualitatively material
o Material due to magnitude – quantitatively material
• Any errors with fraud are material by nature regardless of size

Qualitative materiality factors

• Nature of the item for example:

o Fraud
o Non-compliance with laws
o Related party transactions
o Change of accounting methods

Quantitative materiality factors

• Magnitude of the item

o Express as a percentage of relevant base figure
o Use of professional judgement
o Guidelines:
o 5% – 10% of profit before tax
o 0.5% – 1% of assets
o 0.5% – 1% of revenue

Setting Materiality:

• Auditors uses professional judgement when setting planning materiality.

• Inverse relationship between materiality and risk
o Lower materiality % adopted if client is higher risk
• Setting lower materiality level during risk assessment increases the quality and quantity of evidence required to be
gathered
o More items fall into material category at lower level
 o For example, if materiality is set at $100,000, all items above $100,000 are material; if materiality is set at
$50,000, all items above $50,000 are material
• During the risk assessment phase the auditor determines a materiality level used throughout their audit testing
• This is a dollar amount calculated on a key number in the client's financial statements:
o Profit before tax (do not use if co makes a loss)
o Total assets
o Equity (net assets)
o Revenue
o Cash flows from operating activities
• AR = f (IR, CR, DR)
• Whether the auditor selects the lower, higher or an in between % will depend on the RMM in the entity
o High RMM, then auditor will have lower materiality and test more items
• If IR and CR are HIGH what happens to Materiality?
o Planning materiality will be set LOW (i.e. closer to 5% of an appropriate base)
o There is an inverse relationship between RMM and materiality

STEPS IN DECIDING MATERIALITY

1. Assess inherent risk (high, medium, low)
2. Assess control risk (high, medium, low)
3. Determine detection risk (high, medium, low)
4. Determine appropriate base
5. Set materiality % based on level of detection risk
6. Calculate $ value of materiality

AUDIT STRATEGY

Auditors must establish an overall audit strategy (ASA 300; ISA 300)

• Sets scope, timing, and direction of the audit

• Provides basis for developing detailed audit plan
• Is based on preliminary assessments of IR and CR

Essentially, its either substantive testing or testing controls. In reality, a mix of these strategies are implemented – but one my
be more dominant.

Substantive approach

Controls Approach

CLIENT PERFORMANCE MEASURES

As part of gaining an understanding of the client, the auditor should learn how their client measures its own performance
Client uses key performance indicators (KPIs) to monitor and assess its performance and staff performance, and KPIs can be
written into contracts between client and others
Auditor needs to understand what client focuses on, and what is potentially at risk of misstatement
PROFITABILITY
• Profit by division, branch, manager etc.
• Price earnings ratio (P/E)
• Earnings per share (EPS)
o Decline could signal pressure on management
• Cash Earning per share (CEPS)
• Inventory turnover
o Decline could signal overvalued stock

LIQUIDITY
• Ability of company to meet its cash needs in short and long term
• Ratios can be written into debt contracts (as covenants) and restrict client’s actions
• Client potentially under pressure to misstate accounts included in ratios

ANALYTICAL PROCEDURES

• Evaluation of financial information by studying plausible links among both financial and non-financial data (ASA 520; ISA
520)
• Identify fluctuations in accounts that are inconsistent with auditor’s expectations based on their understanding of the
client
• Analytical procedures can be conducted throughout audit
o Risk assessment phase – risk identification
o Risk response phase – estimating account balances
o Reporting – overall review

SIMPLE COMPARISONS
• Account balance with previous year, budget
TREND ANALYSIS (HORIZONTAL ANALYSIS)
• Comparison of account balances over time
• Select base year, restate all accounts in subsequent years as a % of that base
For both techniques, the auditor should factor in client and economic changes, and form expectations of reasonable changes in
balances over time
COMMON-SIZE ANALYSIS (VERTICAL ANALYSIS)
• Comparison of account balances to single line item
• Balance sheet – express each item as % of total assets
• Income statement – express each item as % of sales
• Using analysis over several years, auditor can see how each account contributes to totals, and how this changes over
time
RATIO ANALYSIS
• Assess relationship between various financial report balances, and between them and non-financial items
• Profitability ratios
• Liquidity ratios
• Solvency ratios
Factors to consider when conducting analytical procedures
• Has client data been audited? Is external data reliable?
• Poor controls would signal higher risk in relying on analytical procedures
• Change in accounting methods could distort data
• Auditor may have access to half-year results only
• Reliability of budget setting process – is client continually missing budgeted targets?
• Are industry comparisons valid?
WEEK 5: AUDIT EVIDENCE

AUDIT ASSERTIONS

• Those charged with governance of an entity are responsible for ensuring that the financial report gives a true and fair
view of the entity and its operations
• Management make assertions about each account and related note disclosures
• Assertions are statements regarding the recognition, measurement, presentation and disclosure of items included in the
financial report

ASA 315 (ISA 315) requires auditors to use assertions when assessing the risk of material misstatement and designing audit
procedures
This means that auditors need to gather sufficient appropriate evidence about each assertion for each transaction and account
balance or disclosure

There are three categories of assertions:

▪ Classes of transactions and events (P/L) – revenue, expense
▪ Account balances (B/S) – a/c receivable, inventory, cash, PPE, a/c payable
▪ Presentation and disclosure (not covered in unit)

CLASSES OF TRANSACTIONS AND EVENTS (P/L)

Occurrence Transactions and events that have been recorded and have occurred and pertain to the REAL
entity
Completeness All transactions and events that should have been recorded, have indeed been recorded ALL
Accuracy Amounts and other data relating to recorded transactions and events have been recorded $ value
appropriately
Cut-off Transactions and events have been recorded in the correct accounting period Time
Normally test around the year end
Classification Transactions and events have been recorded in the proper account Dr/Cr
correct
• Spend more time testing occurrence, accuracy and cut off

ACCOUNT BALANCES (B/S)

Existence Assets, liabilities and equity interests exist REAL
Rights and The entity holds or controls the right to assets and liabilities are obligations to the entity
Obligations
Completeness All assets, liabilities and equity interests that should have been recorded, have indeed been ALL
recorded
Valuation and Assets, liabilities and equity interests are included in the financial report at appropriate Accurate
Allocation amounts and any resulting valuation and allocation adjustments are appropriately recorded $ Value

AUDIT EVIDENCE

• Evidence is the information that an auditor uses when arriving at their opinion on the truth and fairness of the client’s
financial report (ASA 500)
• Auditors must gather sufficient appropriate evidence
o Sufficiency relates to the quantity of evidence
o Appropriateness relates to the quality of evidence
• Audit risk determines what evidence is required

External Documentary Computational Physical Electronic

Representations Verbal evidence
confirmations evidence evidence evidence evidence
1. EXTERNAL CONFIRMATIONS
• is sent directly by an auditor to a third party, who is asked to respond to the auditor on the matter
• Examples include:
o Banks: confirm cash balances, securities, loans.
o Lawyers: confirm documents being held.
o Creditors: confirm amount owed, terms, by client.
o Debtors: confirm amount owed to client.
o Others: confirm description and quantity of assets held.
• Positive form: reply in all circumstances
o Weakness: Cannot know how carefully (if at all) other party checked their records
• Negative form: reply if information incorrect
o Weakness: Hard to interpret non-response
• Always choose to get positive form confirmations

2. DOCUMENTARY EVIDENCE
• An auditor can
o Verify information in client’s records by reading documents to confirm existence, rights and obligations
(“vouching”), or
o Trace from documents to clients records to confirm classification, accuracy, completeness (“tracing”)
o Re-perform the process of source documents
• Examples:
o Invoices
o suppliers’ statements
o bank statements
o minutes of meetings
o correspondence
o legal agreements
• Can be internally or externally generated (outsourced to other countries )

3. REPRESENTATIONS
• Result of an inquiry made or verbal discussion
• Need written confirmation, not verbal
• An auditor can request a written legal representation
• Legal representation letter is sent by client to its lawyers to complete and return directly to auditor
o Can include opinions on legal matters, details of disagreements with client etc (ASA 502; ISA 501)
• An auditor can request a written management representation
• Management representation letter contains acknowledgement of management’s responsibilities, undertaking about
legal compliance, confirmation of discussions
o Auditor still needs to gather other evidence
o ASA 580; ISA 580

4. VERBAL EVIDENCE
• Auditor documents discussions with client management and staff
• Used to gain understanding of internal controls; corroborate other evidence
• Ask questions about the client’s company and their systems
• Make inquiries and observations of the company
5. COMPUTATIONAL EVIDENCE
• Auditor checks mathematical accuracy
• Re-adding the entries
• Re-computing complex re-calculations
• Verifying formulae

6. PHYSICAL EVIDENCE
• Gathered by inspecting assets, to assess condition, to reconcile to client’s records
• Traces details of tangible assets on hand back to the recorded amount.
• Inspects a client’s physical assets.

7. ELECTRONIC EVIDENCE
• Includes data held on client’s computer, emails to auditor, and scans and faxes
• No paper trail
• Auditor needs to consider quality of client’s computer system when assessing reliability of this evidence

EVIDENCE GATHERING PROCEDURES

Guidance about primary evidence gathering techniques contained in ASA 500; ISA 500

Procedure
Inspection of records Inspect for evidence that procedures have been correctly executed, used when conducting
and documents substantive testing (cut off, rights and obligations and occurrence)
Inspection of tangible Provide evidence that they exist and appear to be in good repair or damaged or past their use-by-
assets date. (existence, val and all, completeness)
Observation of client Evidence of a process t the time the auditor observes it being carried out.
staff/procedures
Enquiry Gaining understanding of client and corroborating evidence gathered throughout the audit. If
evidence is important, auditor will document it formally.
Recalculations Used to check the mathematical accuracy of the clients filed and records. (use CAATs).
Re-performance Following a process used by a client, reperform to check controls effectiveness or estimates are
correct.
Analytical procedures Used to appraise relationships between financial and non financial information.
Confirmations Written enquiries made by auditors of third parties. Used to obtain evidence about particular items
included in a client’s records.

PERSUASIVENESS OF AUDIT EVIDENCE

• Auditor is seeking evidence to corroborate client’s recorded transactions and balances
• Greater corroboration is provided by more persuasive evidence
• Evidence types vary in persuasiveness
• Least to most persuasive:
o Evidence generated internally by client (least persuasive)
▪ Includes records of cheques, copies of invoices and statements sent to customers, purchase orders,
client’s policies and procedures, contracts, minutes of meetings, journals, ledgers, trial balances,
spreadsheets, worksheets, reconciliations, calculations and computations
▪ Could be held in paper or electronic form
▪ Least persuasive because it is possible that client could manipulate or omit this type of evidence
o Evidence generated externally, held by client
▪ Includes supplier invoices and statements, customer orders, bank statements, contracts, lease
agreements, tax assessments
▪ Originals are more persuasive than photocopies
▪ More persuasive than internally generated evidence because it is produced by third parties
▪ Still possible that client could omit or tamper with evidence
▪ Third party is involved
 o Externally generated evidence sent directly to the auditor (most persuasive)
▪ Includes bank confirmations, debtors’ confirmations, correspondence with client’s lawyers, experts
valuations
▪ Most reliable type of evidence because it is independent of client
▪ Client has no opportunity to alter evidence
▪ More reliable when external party is considered to be more reliable, trustworthy, independent of
client

USING WORK OF AN EXPERT

• Auditor may engage expert to help in audit when auditor does not possess required skills and knowledge to assess item
• Expert could be member of audit team, audit firm, client, or independent
• ASA 620; ISA 620 provides guidance
o Is expert required?
o Determining scope of work for expert
o Selecting expert – assessing objectivity, capability of expert
o Assessing work of expert
o Auditor is responsible for drawing conclusions

Assessing need to use an expert. Consider:

• Knowledge of audit team
• Significance and complexity of item being assessed
• Availability of appropriate alternative corroborating evidence
The less knowledge held by audit team, the greater risk of material misstatement and less corroborating evidence available, the
more likely an expert required
Determining scope of work to be carried out
• Auditor must set nature, timing and extent of work
• Use written instructions covering issues expert will report on, and how work will be used by auditor
Assessing capability/objectivity of expert
• Consider expert’s qualifications, membership of professional body, reputation in the field, experience
• More objective if not connected to client
Assessing the expert’s report
1. Report should be understandable to non-expert
2. Include process, assumptions, data used by expert
3. Auditor considers consistency with other information
Responsibility for the conclusion
• Auditor to assess the quality of the evidence provided by an expert and determine whether it is reliable and objective.
• Auditor will determine the need for an expert, the scope of the expert’s work and the competence and objectivity of
the expert.

USING WORK OF ANOTHER AUDITOR

• Group engagement partner responsible for signing audit report, but may use other auditors, especially for remote
locations
• Consider capacity of component auditors to undertake the work (ASA 600; ISA 600)
• Component auditor’s work must be to same standard as group engagement partner
o More need for transparency of the external auditors
o Objectivity
o Gathering sufficient appropriate evidence
• Same scope as use of expert
WEEK 6: SAMPLING AND OVERVIEW OF THE RISK RESPONSE PHASE OF THE AUDIT

AUDIT SAMPLING

• Sampling is required whenever the auditor doesn’t test the entire group of transactions or all items in a balance
• There are too many items to test
• Sample of items should be representative of the population
• Audit risk is impacted by sampling risk and non-sampling risk

SAMPLING RISK
The risk that the sample chosen by the auditor is not representative of the population available for testing and causes the
auditor to arrive at an inappropriate conclusion
Consequences of sampling risk: ineffective and inefficient audit

Sampling risk and test of controls Implications for audit

False Positive: The risk that the auditor concludes that the
clients system of internal controls is effective when it is
ineffective
False Negative: The risk that the auditor concludes that the
clients system of internal controls is ineffective when it is
effective
Increased audit risk – risk that the audit will be ineffective
Ignoring a high risk area
Increase audit effort where not required – risk that the audit
will be inefficient
Giving attention to the wrong area

Substantive testing Implications for audit

False Positive: The risk that the auditor concludes that a Increased audit risk – risk that the audit will be ineffective
material misstatement doesn’t exist when it does
False Negative: The risk that the auditor concludes that a Increased audit effort where not required– risk that the audit
material misstatement exists when it doesn’t will be inefficient

NON SAMPLING RISK:

The risk that auditor arrives at an inappropriate conclusion for a reason unrelated to sampling issues

The auditor could:

• Use inappropriate audit procedures

• Rely too heavily on unreliable evidence
• Fail to gather evidence on most relevant assertion
• Spend too little time testing high risk accounts or critical controls

When testing controls – non-sampling risk is the risk that the auditor designs tests that are ineffective and do not provide
evidence that a control is operating properly

When conducting substantive testing – non-sampling risk that can be an auditor relies too heavily on less persuasive evidence.
Also, spending too much time on modest assertions and too little time on the most important assertions.

SAMPLING METHODS

Statistical sampling: involves random selection of sample and probability theory to evaluate the results, including sampling risk

• allows measurement of sampling risk

• can be costly

Non statistical sampling: allows auditor to use professional judgement to select sample items

• more likely to be used when account is low risk and corroborating evidence available
• lower cost

Sampling methods: Includes random selection, systematic selection, haphazard selection, block selection and judgement
selection.
Random selection:

• Person selecting the sample cannot influence choice of items

• Each item has an equal chance at being selected
• Sample can be stratified before selecting random sample to increase efficiency
o Stratify (subdivide) population of transactions into different size ranges, then take samples from each stratum
o Reduce total sample size required for testing
• Eg. using robot to choose samples

Systematic selection:

• Divide number of items in population by sample size, giving sample interval (n), select starting point and take every nth
item
• Risk that items are listed in a way that every nth item is related, can randomly order first
o Step 1: Calculate the sample interval: no of items in population/sample size
o Step 2: Give every item in population chance of selection
by choosing a random number (random start) within range of 1 and sampling interval (in this example, 500),
e.g. 217.
o Step 3: Continue to add sampling interval to random start, and identify items to be sampled, e.g. item nos.
217, 717, 1217. . .9217, 9717.

Haphazard selection

• Auditor doesn’t use methodical technique

• Not random sampling because personal bias could affect choice

Block selection

• Select items grouped together

• Sequence of items may make this inappropriate
• Non statistical method

Judgemental selection

• Auditor chooses items based on judgement

• E.g. After a new computer system installed – may want to test technology controls
• Non statistical methods commonly used for low risk accounts

FACTORS TO CONSIDER WHEN SELECTING A SAMPLE

1. Assess Control risk (CR)

2. Set Detection risk (DR)
3. Set planning materiality (PM)
4. Select appropriate population for testing
5. Define ‘error’ for test, set ‘tolerable error’ and confidence level required

When determining size of sample for controls testing, ASA 530; ISA 530 requires auditor to consider:

1. Larger sample size if auditor intends to rely more heavily on that control to reduce substantive testing
2. Smaller sample size if auditor is willing to tolerate a higher deviation rate for that control
3. Larger sample size if auditor expects the population to have a higher rate of deviation for that control
4. Larger sample size if auditor requires greater confidence that the control is operating effectively (i.e. lower control risk)
5. Very little change to sample size if population has more sampling units

Factor Effect on Sample Size

An increase in the extent to which the auditor’s assessment takes into account relevant controls Increase
An increase in the tolerable rate of deviation Decrease
An increase in the expected rate of deviation of the population to be tested Increase
An increase in the auditor’s desired level of assurance that the tolerable rate of deviation is not Increase
exceeded by the actual rate of deviation in the population
An increase in the number of sampling units in the population Negligible
When determining size of sample for substantive testing, ASA 530; ISA 530 requires auditor to consider:

1. Larger sample size if auditor assesses risk of material misstatement as greater (higher IR, CR)
2. Smaller sample size if auditor also using other substantive procedures for same assertion
3. Larger sample size if auditor requires greater confidence from results of tests (requires lower DR)
4. Smaller sample size if auditor is willing to accept greater total error (higher tolerable misstatement)
5. Greater sample size if auditor expects to find greater misstatement in population
6. Smaller sample size if auditor using stratification of population
7. Very little change to sample size if population has more sampling units

Factor Effect on Sample Size

An increase in the auditor’s assessment of the risk of material misstatement Increase
An increase in the use of other substantive procedures directed at the same assertion Decrease
An increase in the auditors desired level of assurance that tolerable misstatement is not exceeded Increase
by actual misstatement in the population.
An increase in tolerable misstatement Decrease
An increase in the amount of misstatement the auditor expects to find in the population Increase
Stratification of the population where appropriate Decrease
The number of sampling units in the population Negligible

EVALUATING SAMPLE TEST RESULTS

• When testing controls, an auditor will consider whether the results of their tests applied to a sample provide evidence
that the control is effective within the entire population.
• When conducting tests of transactions/balances, an auditor will consider whether the results of their tests applied to a
sample provide evidence that the class of transaction or account balance is fairly stated
• If errors are found in sample, calculate for population
o Deviation rate for control (controls testing) = proportion of departures allowed within the sample
o Misstatement of balance or class of transactions (substantive testing)

If a sample of representative of the population (eg. 20 sales invoices are representative of 10,000 sales invoices)

1. Conclude deviation from controls in sample is at same rate as deviation from controls in population
• Is deviation rate tolerable?
• More testing required?
2. Project monetary errors in sample to
population
• First remove unique errors
• Consider if sample stratified
• Projected error = (dollar size of error /
dollar size of sample) x dollar size of
population or stratum
• Is total projected error tolerable?
• More testing required?

TESTS OF CONTROLS AND SUBSTANTIVE PROCEDURES

• AUDIT PLAN is based on AUDIT STRATEGY

• Audit strategy is developed after gaining an understanding of the client’s business (inherent risk) and its internal control
structures (control risk)
• Audit strategy provides the basis for developing a detailed audit program
• Emphasis on (1) tests of controls and (2) substantive procedures depends on client’s risk of material misstatement

Audit Inherent Control Risk Detection risk Audit strategy

Risk = f Risk
Bad client High High Low Predominantly
» No tests of Increased reliance on substantive tests of substantive audit
controls transactions and account balances strategy
» more substantive testing
 Good client Low Low High Lower assessed level
» Increased Reduced reliance on substantive tests of of control risk audit
reliance on tests of transactions and account balances strategy
controls » more control testing

TESTS OF CONTROLS
• Preliminary assessment of control risk (CR) is made after gaining an understanding of client during planning stage
• Tests of controls are performed on controls identified during gaining understanding phase
o To obtain evidence that controls effectively and consistently throughout period
o Auditor can reduce reliance on substantive testing only if tests confirm CR is not high
• Controls testing procedures include:
o Inspection of documents for evidence of authorisation
o Inspection of documents for evidence that details included have been checked by appropriate client personnel
o Observation of client personnel performing various tasks, such as opening mail and conducting a stocktake
o Enquiry of client personnel about how they perform their tasks
o Re-performing control procedures to test their effectiveness

SUBSTANTIVE TESTING – 3 TYPES OF SUBSTANTIVE PROCEDURES

1) Substantive tests of transactions
2) Substantive tests of balances
3) Analytical procedures
• When CR is lower, auditor can rely more on analytical procedures and less on detailed substantive tests of transactions
and balances
o Analytical procedures are more efficient and place greater reliance on client’s accounting records
• Examples of substantive procedures:
o Confirmation from client’s bank regarding interest rates on borrowings (tests accuracy assertion for interest
expense)
o Inspecting documents to verify date of transactions posted around year-end (cut-off assertion)
o Inspecting suppliers’ invoices to verify amounts recorded as purchases (completeness assertion)
o Confirmation from debtors for amount owed (existence assertion)
o Recalculating wages payable (valuation and allocation assertion)
• Examples of analytical procedures:
o Estimate depreciation expense by multiplying average depreciation rate by asset balance (accuracy assertion)
o Compare inventory balances for this year and last year (existence, completeness and valuation and allocation
assertions)
o Estimate theatre revenue by multiplying average ticket price x number of seats in theatre x average proportion
of seats sold per session x number of sessions per week x weeks per year (occurrence and accuracy assertions)

NATURE, TIMING AND EXTENT OF AUDIT TE STING

Nature, timing and extent of testing varies depending on audit strategy adopted and type of testing

• Nature of audit testing

o The purpose of the test (control or substantive test, which assertion is being tested)
o The procedure used (inspection, observation, enquiry, confirmation, recalculation, re-performance or
analytical procedure)
• Timing of audit testing
o Date that audit evidence relates to, and
o Stage of audit when procedures are performed
o Interim testing usually done for:
▪ Control testing
▪ Low risk accounts
o Year-end testing usually done for:
▪ High risk accounts
▪ Accounts affected by high deviations in control tests
▪ Cut-off assertion
• Extent of audit testing
o Refers to amount of audit evidence gathered and size of sample
o Increase extent of control testing when adopting lower assessed level of control risk strategy
o Reduce extent of substantive testing when control testing confirms lower CR
o Do little or no control testing when adopting predominantly substantive strategy
DRAWING CONCLUSIONS
• After gathering all of the evidence required via tests of controls and substantive testing, the auditor will arrive at
conclusions for each assertion and each account.
• Management, audit committees and/or board of directors will be informed of identified misstatements by the auditors.
• The lead partner will form an opinion regarding the truth and fairness of their client’s financial report.

DOCUMENTATION

• Auditor must document each stage of the audit in working papers (ASA 230; ISA 230)
o Provides evidence of work completed, details evidence gathered to support opinion
o Include in a working paper
▪ Client name
▪ audit period
▪ Title of contents of paper
▪ file reference
▪ Details of preparer, reviewer
▪ Cross references to other documents
• PERMANENT FILE
o Client information and documentation that apply to more than one audit
o e.g. client address, key personnel, long term contracts
o Main accounting policies, results of prior audits
o Copies of prior period financial reports
• CURRENT FILE
o Client information and documentation that apply to current audit
o Evidence gathered for this audit
o Include correspondence between the auditor and their client.

WEEK 7: CLIENT’S INTERNAL CONTROLS

• Internal control encompasses the entity’s resources, systems, processes, culture, structure and tasks
• When controls are effective, the entity is more likely to achieve its strategic and operating objectives
• The auditor focuses on controls with a direct impact on the entity’s financial reporting, compliance and asset
safeguarding (ASA 315; ISA 315)
• “Internal control is the process designed, implemented and maintained by those charged with governance,
management and other personnel to provide reasonable assurance about the achievement of the entity’s objectives
with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with
applicable laws and regulations” (AUASB Glossary)
• Systems and processes designed and implemented to address business risks that threaten:
o Effective and efficient operations
o Reliable financial reporting
o Compliance with applicable laws and regulations
OBJECTIVES OF INTERNAL CONTROLS

1. Auditor aims to gain an understanding of how the client uses internal controls to meet these objectives
2. Focusing on these objectives helps auditor select controls for testing to gain greatest assurance that controls are
operating effectively
3. Failure of an entity’s controls to meet any of these objectives is a weakness in internal control
a. Identify the weakness and increase testing

Real, recorded, valued correctly, classified, summarised and posted on a timely basis

Objective Definition Assertions tested

Real No fictitious or duplicated transactions occurrence, rights and obligations, and existence
Recorded Prevent or detect omissions of transactions Accuracy, completeness, valuation and allocation
Valued correctly Correct amounts assigned to transactions Accuracy, valuation, allocation
Classified Transactions are charged to the correct amount Accuracy, valuation, allocation, classification
Summarised Transactions must be summarised and totalled Accuracy, valuation and allocation
correctly
Posted Accumulated totals in transaction file are correctly Accuracy, classification, valuation and allocation
transferred to general and subsidiary ledgers
Timely Transaction are recorded in the correct recording Cut off and completeness
period
Limitations of Internal Controls

• Human error that results in control breakdown

• Ineffective understanding of control’s purpose
• Collusion by two or more individuals to avoid control
• Software program control being overridden, disabled
• Management decisions about nature and extent of controls being implemented
• With more limitations, they will conduct most substantive tests

If there are a lot of limitations of internal controls, the auditor will do more substantive testing instead.

ENTITY LEVEL INTERNAL CONTROLS

1. CONTROL ENVIRONMENT: Culture, structure and discipline of an entity.

• Communication and enforcement of integrity and ethical values

• Commitment to competence
• Participation by those charged with governance
• Management’s philosophy and operating style
• Organisational structure, including IT
• Assignment of authority and responsibility
• Human resource policies and practices

2. ENTITY’S RISK ASSESSMENT PROCESS

• How does the entity identify and respond to business risks?

• Auditor is interested in how management identify, analyse and manage risks relevant to financial reporting, and
how the risks might impact the audit

3. INFORMATION SYSTEMS AND COMMUNICATION

• Designed to capture and provide information to conduct, manage and control entity’s operations
• Includes manual and automated systems
• Auditor is interested in systems relevant to financial reporting
4. CONTROL ACTIVITIES: Policies and procedures that help make sure management’s directives are carried out, physical,
application controls

• Performance review - actual vs budget, investigation of differences

• Information processing - Manual or automated, to check accuracy etc
• Physical control - Security of assets and records
• Segregation of incompatible duties
o No one employee/group should be in position both to perpetrate a fraud and to cover it up
o Separate authorisation/custody/recording
• When understanding client’s control activities the auditor considers:
o Extent of reliance on IT
o Existence of necessary policies and procedures
o Extent to which control policies are being applied
o Clarity of management objectives for controls
o Existence of planning and reporting systems for performance and investigation of variance, and management
action to follow-up
o Extent of segregation of duties
o Software controls over data and programs
o Periodic comparison between records and assets
o Safeguards over access to documents, records, asset

5. MONITORING OF CONTROLS: does management monitor controls and modify as required when conditions change?

• Ongoing monitoring procedures should be part of regular activities, e.g. internal audit function
• Auditor considers:
o Are there periodical evaluations of internal controls?
o Do client staff regularly obtain evidence of control functioning?
o Extent to which information from external parties corroborate, or contradict, internal information
o Management act on audit recommendations, or respond to control difficulties on timely basis

Internal controls in small entities

• Difficult to implement formal controls, segregate duties in small entities

• Reliance on owner-manager, heavily involved in daily business
• Auditor could increase substantive procedures to compensate for weaker controls
• Auditor must make overall assessment of effectiveness of entity-level controls.

TRANSACTION LEVEL CONTROLS

• These controls impact a particular transaction, or group of transactions

• Respond to things that can go wrong with transactions
• They are aimed at preventing an error from entering the records, or detecting errors that do enter the records
• Controls are considered for transaction processes, or flows, for example,
o Sales process
▪ Processing order
• Wrong customer – review orders each day by an independent member
o Match of orders, dispatch documents and invoice prior dispatch
• No credit history/limit – application control
▪ Approving credit
▪ Shipping goods
▪ Invoicing
▪ Recording sales and trade receivables
o Cost of sales process
• When gaining an understanding of the transaction processes, the auditor:
o Identifies major events and transactions in the process
▪ Eg. sales transactions → order from customer, cash sale, credit sale, delivery of goods, receipts from
customers
o Identifies risks to correct processing of the transactions – What Can Go Wrong? (WCGWs) – what are the
issues/risks of these events?
o For each WCGW, auditor identifies one or more controls
o This understanding is documented and used to guide evaluation and testing of internal controls
DOCUMENTING INTERNAL CONTROLS

• Narratives
o Useful when controls are simple and straightforward
o Auditor uses words to describe each step of the transaction from
start to finish
• Flowcharts
o More useful for complex controls
o Conveys information visually
• Combination of flowcharts and narrative
o Narrative used to explain details
• Checklists and preformatted questions
o Helps identify most common controls that should be present
o Useful for less experienced auditors

IDENTIFYING STRENGTHS AND WEAKNESSES IN CONTROLS

After documentation, auditor must assess control system

• Identify weaknesses that have financial reporting impact

• Draw conclusions about control risk
 • Significant levels of professional judgement are required when deciding whether an internal control observation
(individually or in combination with others) is relevant to the audit and should be tested.
• ASA260 requires auditors to provide those charged with governance with timely observations arising from the audit
that are significant and relevant to their responsibility to oversee the financial reporting process
• Promote effective two-way communication between the auditor and those charged with governance
• Management letter:
o The auditor needs to communicate issues of governance interest as soon as practicable, and at an appropriate
level of responsibility, including significant (or material) weaknesses in the design or implementation of
internal control.
o Letter from the auditor to the client, recommendations based on internal control assessment findings and
other matters (ASA 260; ISA 260, and ASA 265; ISA 265)
o Professional judgment required about which matters to include in letter
o Allows management to document their actions in response, and inform those charged with governance
o Often use interim and final management letters

WEEK 7: TESTING INTERNAL CONTROLS

TRANSACTION ASSERTIONS

Sales Occurrence Sales are recorded for products not shipped

Transaction Sales are recorded for nonexistent customer
Assertions
Sales are recorded twice
Completeness Sales are not recorded for products shipped
Accuracy Sales invoice is recorded using the wrong selling price
Sales invoice is recorded using the wrong quantity
Sales are not recorded until the next reporting period
Cut off
Sales are recorded in the period before the product is shipped
Classification Sales of product are recorded as a non-trade sales
Cash collections are recorded twice
Cash Occurrence
Transaction Cash collections are recorded for payments not received
Assertions Cash collections are not recorded
Completeness
Cash collections are stolen
Accuracy Cash collections are recorded at the wrong amount
Cash collections are not recorded until the next reporting period
Cut off
Cash collections are recorded in the period before they were received
Classification Cash collections on receivables are recorded as other cash collection

BALANCE ASSERTIONS

Accounts Existence Accounts receivables includes nonexistent customer balances

Receivable

Rights and Accounts receivables are sold to third party financing company
Obligations

Completeness Accounts receivables omits customer balances

Valuation Accounts receivables has sales recorded in wrong customers account

Accounts receivables has cash collections recorded in wrong customers accounts
Customers cannot pay their outstanding balance
Accounts receivables includes customer sales recorded twice
Accounts receivables includes customer balances where cash collections were not
recorded
Accounts receivables includes balances where cash collections were recorded twice
Accounts receivables omits customer sale that was not recorded
TYPES OF CONTROLS

• ENTITY-LEVEL CONTROLS:
o The collective assessment of the client’s control environment, risk assessment process, information system,
control activities and monitoring of controls.
• TRANSACTION-LEVEL CONTROLS:
o Are designed to reduce the risk of misstatement
due to error or fraud and to ensure that processes
are operating effectively.
o Controls can include any procedure used and relied
upon by client to prevent errors occurring, or to
detect and correct errors that occur.
• Controls have two main objectives:
1. To prevent or detect misstatements in the financial
report, or
2. To support the automated parts of the business in
the functioning of the controls in place

CONTROL CLASSIFICATIONS
• Manual controls
o Purely manual controls do not rely on IT for operation e.g. Locked cage for inventory
o Could rely on IT information from others e.g. reconcile stock count to computer generated consignment stock
statements
• Automated (or application) controls: Rely on clients IT
o Application controls
▪ apply to processing of individual
transactions, support segregation of
duties e.g. edit checks, validations,
calculations, interfaces,
authorisations
o IT general controls (ITGCs)
▪ Support functioning of automated
controls
▪ Provide basis for relying on
electronic evidence in audit
▪ Types: program change controls,
logical access controls, data backup
• IT-dependent manual controls
o Has both manual and automated characteristics
o For example, management reviews a monthly variance report (automated) and follows-up (manual) on
significant variances
o Auditor must consider both aspects – report generation and management follow-up
o Consider controls over report generation – is report accurate and complete? If not, follow-up will not be
effective

TESTS OF CONTROLS

Are the audit procedures performed to test the operating effectiveness of controls in preventing or detecting and correcting
material misstatements at the assertion level

PREVENT CONTROLS
• Can be applied to each transaction during normal processing to avoid errors occurring
• Commonly automated e.g. reject duplicate transactions

WCGW Assertion Prevent Control

Sales occur that are not recoverable Occurrence, Computer program will not allow a sale to be processed if a
Existence customer has exceeded its credit limit
Fictitious employees are paid Occurrence Amounts are not able to be paid to employees without first
matching a valid tax file number to the employee master file
Sales are recorded at an incorrect value
Transactions are classified and coded to
incorrect accounts
Accuracy Sales invoices are automatically priced using the information in
the price master file
Classification The account coding on each purchase order is checked by the
computer to a table of valid account numbers, and then various
logic tests are performed by the computer

DETECT CONTROLS
• Are necessary to identify and correct errors that do enter the records
• Usually not applied to transaction during normal flow of processing, but applied outside normal flow to partially or fully
processed transactions
• For example, cheques for payment prepared, and held by system until approved for payment, then processed
• Wide variation in detect controls from client to client, depending on complexity, preferences
• Can be informal and formal
• It is important that detect controls:
o Completely and accurately capture all relevant data
o Identify all potentially significant errors
o Are performed on a consistent and regular basis
o Include follow-up and correction on timely basis of any misstatements or issues detected
• EXAMPLES OF DETECT CONTROLS:
o Management level analysis and follow-up of reviews: actual vs budgets, prior periods, competitors, industry;
anomalies in performance indicators
o Reconciliations with follow-up of reconciling, unusual items, to resolution and correction (e.g. bank
reconciliation, subsidiary ledger to control account)
o Review and follow-up of exception reports (automatically generated reports of transactions outside pre-
determined parameters)
o Usually can obtain evidence of detect controls’ operation and effectiveness

WCGW Assertion Detect Controls

Cash is received but not recorded in the Completeness Bank reconciliation and follow up of unexpected outstanding
general ledger, payments are made but Occurrence items (unexpected or large deposits not yet cleared by the
not recorded, cash receipts or cash bank, cheques presented by the bank but not recorded in the
payments are not real or not recorded Cut-Off general ledger)
on a timely basis
Shipments not billed and recorded, and Completeness The computer performs a daily comparison of quantities
billings are not related to the actual shipped to quantities billed. If differences are detected, a
Occurrence
shipments of product report is generated for review and follow up by the billing
supervisor
Unrecorded billings and errors in Completeness Quarterly reviews of credit balances in accounts receivable to
classifying sales or cash receipts Classification determine their causes

Among other things, errors in the Accuracy The sales manager reviews their daily shipments, total sales,
number of units or unit prices being and sales per unit shipped
calculated or applied incorrectly

TECHNIQUES FOR TESTING CONTROLS

• ENQUIRY
o Auditor questions employee performing control, management about review of control
• OBSERVATION
o Auditor observes actual control being performed
o Employee might be more diligent when observed
• INSPECTION OF PHYSICAL EVIDENCE
o Trace from reconciliation to accounting records or other documents
o Examine reconciling items to determine whether reconciliation detects error and action to deal with errors
• RE-PERFORMANCE
o Auditor re-performs control (e.g. prepares reconciliation)
SELECTING AND DESIGNING TESTS OF CONTROLS

Professional judgement is required to decide which controls to select for testing. The auditor should select controls that will
provide the most efficient and effective audit evidence. We can increase efficiency by only testing controls that are critical to
audit opinion – those that address the WCGWs most effectively with the least amount of testing. It is more efficient to test
controls that address multiple WCGWs.

HOW MUCH TESTING?

• Extent of testing based on statistical sampling (see chapter 6) or professional judgement
• How often is control performed? More often = more testing
• Degree of reliance on control, more = more testing
• Persuasive of evidence from testing, more = less testing
• Need to be satisfied that control operated as intended throughout period, interim testing might be required
• Existence of combination of controls that could provide increased assurance, less reliance on single control = less
testing
• Relative importance of WCGW, and assurance required is based on consideration of several issues

Also consider other factors that relate to the likelihood that a control operated as intended, including

• Competence of person performing control

• Quality of control environment
o Chance of control override
o Internal auditing work
o Effect on operation of control throughout period
• Changes in accounting system
• Explained changes in related account balances
• Auditor’s prior experience with client

Testing must provide enough evidence to be able to reasonably conclude that control is effective

• Attribute sampling allows conclusion about population in terms of frequency of control being performed
o For example, attribute being tested could be presence/absence of authorising signature on document
o Evidence of one exception (or deviation) in sample
▪ Investigate cause of exception,
▪ Increase sample and extend testing, or
▪ Amend decision to rely on control – test other controls and/or increase substantive testing

Application Controls – test using these methods:

• Test operating effectiveness

o Test manual follow-up procedures that support the application control
o For example, investigate how client follows-up on computer-generated exception report for sales with no
prices in master file
• Test controls over program changes, and/or access to data files
o Test ITGCs - For example, test controls to ensure that
all changes to pricing master file are approved
• Benchmarking
o Carry forward benefit of certain application controls
testing into future audit periods
o Computer will continue to perform procedure in same
way until application program is changed
o Verify that there are no changes to program, no need
to repeat audit procedures. More likely when
▪ Specific program can be identified
▪ Application is stable
▪ Reliable record of program changes available

Timing of tests of controls

• Usually at interim date, especially if controls relied upon to reduce substantive procedures
• Preferable to test entity-level controls and ITGCs early in audit because results impact other tests
• Update interim results and evaluation at year-end
 • Identify relevant changes in environment and controls

RESULTS OF AUDITOR’S TESTING

Do results of control testing confirm preliminary evaluation of controls and control risk based on internal control
documentation?

• If so, do not modify planned substantive procedures

• If not,
o Are compensating controls available? Test
o Revise audit risk assessment for related account and the planned audit strategy

When deciding whether need for additional tests of controls, consider:

• Results of enquiries and observations - could reveal alternative controls now being relied upon and need to be tested
• Evidence provided by other tests – substantive tests can provide evidence about continued functioning of controls
o For example, examining invoice for evidence of payables balance could provide evidence of controls over
purchases and payables
• Changes in overall control environment – change in key personnel could make additional control tests necessary

DOCUMENTING CONCLUSIONS

• Results of control testing documented in working papers

o Test performed
o Purpose of test of controls
o Actual controls selected for testing
o Results of testing- exceptions found
• Document in sufficient detail to allow another auditor to
perform same test
o Extent of documentation depends on
complexity of client’s operations, systems and
controls
o Review impact of testing controls on rest of
audit

IMPACT OF CONTROLS TESTING ON LEVEL OF

SUBSTANTIVE TESTING
WEEK 8: PERFORMING SUBSTANTIVE PROCEDURES
The quantity of evidence increases as you get to the
top of the bucket.

Overview of substantive procedures: Linkage between inherent risk, control risk and detection risk.

Control Risk Assessment

Low Medium High

Controls tested Limited controls No controls tested and

extensively and able to tested and able to be no assurance from
be relied upon relied upon controls

Inherent Low Risk Lower risk of material Few substantive Some substantive Considerable
errors if no controls in procedures required procedures required substantive
place procedures required
Inherent High Higher risk of material Some substantive Considerable Extensive substantive
errors if no controls in procedures required substantive procedures required
Risk place procedures required

Auditing is a top-down approach:

OVERVIEW OF SUBSTANTIVE PROCEDURES

Risk assessments must be performed at assertion level (ASA 315; ISA 315)

• Assertions can be stated as audit objectives

o Management assert that sales transactions recorded in income statement occurred and relate to the entity
o Auditor’s objective is to verify that recorded sales transactions occurred and relate to the entity (occurrence and
rights and obligations)
• Transaction assertions are related to account balance and disclosure assertions
o Work done to verify sales occurrence provides some evidence about accounts receivable existence

Assertions about transactions and Assertions about account balances at Assertions about presentations and
events year-end disclosure
Typically income statement accounts Typically balance sheet accounts Disclosures made in the financial report
Occurrence Existence Occurrence
Rights and obligations Rights and obligations
Completeness Completeness Completeness
Cut off
Accuracy Valuation and allocation Accuracy and valuation
Classification Classification and understandability

DEFINITION OF SUBSTANTIVE PROCEDURES

SUBSTANTIVE PROCEDURES:
• Audit procedures that are designed to detect material misstatements at the assertion level
• They are used to obtain direct evidence as to the completeness, accuracy, and validity of data, and the reasonableness
of the estimates and other information contained in the financial report
• Audit program documents substantive procedures the auditor plans to use to identify and rectify material errors before
giving the audit opinion

Nature, timing and extent of substantive procedures in audit program determined by:

• Risk of material misstatement

• Timing considerations affect nature of substantive test (e.g. access during interim periods)
• Level of assurance necessary (reasonable or limited)
• Type of evidence required (how persuasive)
• Complexity of client’s data systems

RELATIONSHIP BETWEEN RISK ASSESSMENT AND THE NATURE, TIMING AND EXTENT OF SUBSTANTIVE PROCEDURES
The nature of substantive testing varies from account to account and consists of one or a combination of techniques, including:

• Key items testing

• Representative testing
• Other test of transactions/underlying data
• Analytical procedures

The appropriate mix of substantive procedures depends on:

• The nature of the account balance

• The risk assessment for the specific account and the client overall

TIMING OF SUBSTANTIVE PROCEDURES

• Influenced by level of control risk
 • Typically at or near year-end, exceptions include:
o Accounts that accumulate transactions that mostly remain
in year-end balance
o For example, additions to fixed asset register
o Control testing confirms a strong control system
o Roll-forward procedures are suitable due to strong
controls and no changes to controls
o Roll-forward procedures are done between interim date
and year-end, and provide evidence that interim testing
results continue to apply for the remainder of the period
• At the end of the year, you have more transactions to test (12
months), detection risk is low, need to do more substantive testing

SUBSTANTIVE AUDIT PROCEDURES

TESTS OF DETAILS:

• Substantive tests other than analytical procedures

• Designed to verify a balance or transaction with supporting documentation
o Vouching: taking a balance or transaction from the underlying accounting records and verifying it by agreeing
the details to supporting evidence outside of the accounting records of the company
▪ Primarily tests existence/occurrence assertion
o Tracing: tracking a source document to the accounting records
▪ Primarily tests completeness assertion
1. KEY ITEM TESTING
• Identify key items in a balance
• Usually select largest transactions within a balance to obtain ‘coverage’ of the total
• The more persuasive other evidence available, the less coverage key items have to address
2. REPRESENTATIVE SAMPLING
• If further testing required after selecting key items
• Select items that are representative of population
• Sampling strategy depends on auditor’s expectations of error and overall audit objective (i.e. testing primarily
for over or understatement of balance)
3. OTHER TESTS OF TRANSACTIONS/ UNDERLYING DATA:
• Tests of client prepared schedules
• Tests performed at interim date with roll-forward procedures
• Tests of underlying data to be used as part of analytical procedures
• Tests of income statement accounts for account classification
• Tests of individual transactions by vouching (agreeing) to supporting documents
4. ANALYTICAL PROCEDURES can be used as:
• Primary (persuasive) tests of a balance
• Corroborative tests in combination with other procedures
• To provide at least some minimal level of support for the conclusion
• Analytical procedures can be the most effective test of a balance, or at least reduce extent of other
substantive tests (ASA 520; ISA 520)

TYPES OF ANALYTICAL PROCEDURES:

• Absolute data comparisons (prior year, budgets)
• Ratio analysis (activity, liquidity, profitability, leverage)
• Trend analysis (over several accounting periods)
• Common-size financial reports
• Break-even analysis
• Pattern analysis and regression (most sophisticated)

TESTING THE RELIABILITY OF ANALYTICAL PROCEDURES:

The biggest risk when performing analytical procedures is that the results will lead the auditor to accept an account balance as
materially correct when it actually contains material misstatements.
 • Mitigate risk of accepting account as not misstated when it is materially misstated
• Consider relevance of analytical procedures, they are less useful when:
o client’s operations are diverse
o industry data is unreliable or not comparable to client
o severe inflation
o client’s budget process not well-controlled
• Consider reliability of data
o For example, test reliability of ageing of debtors reports
o Do control tests suggest data is reliable?
o Consider controls over non-financial data

USING COMPUTERS FOR SUBSTANTIVE TESTING:

• Computer assisted audit techniques (CAATs) assist auditors with their testing in complex tasks. There are two main
categories.

1. Software used to interrogate and examine client files (software can be special programs or spreadsheets)

• Re-adding, performing logic tests, select key items, representative samples

• Handle large volumes of data, be more comprehensive

2. Software that individual firms use to plan, perform and evaluate audit procedures, regardless of whether client
automated or not

• CAATs are more useful when client controls are stronger

SUMMARY OF ANALYTICAL PROCEDURES APPROACH:

1. Identify computation, comparison, to be made
2. Assess reliability of any data to be used
3. Estimate probable balance or outcome
4. Perform computations using internal or external data
5. Compare estimated amount with calculation, assess if any difference is significant
6. Determine appropriate procedures for investigating reasons for the difference
7. Perform procedures
8. Draw conclusions

LEVELS OF EVIDENCE

Evidence from different types of substantive procedures varies in persuasiveness

1. PERSUASIVE EVIDENCE
• Is suitable as primary test
of balance
• Provides a reasonable
estimate of balance,
enabling auditor to
conclude whether or not
the account balance is
free from material errors
• No further procedures
required
2. CORROBORATIVE
• An analytical procedure provides corroborative evidences if it:
o Confirms audit findings from other procedures
o Supports management representations
• A corroborative analytical procedure includes comparisons of account balances to expectations developed and
documented earlier in the audit.
• Allows auditor to limit extent of other procedures in the area
• Unexpected results would require auditor to expand other substantive audit procedures to provide explanation of
result
• Professional skepticism – important to search for confirming and disconfirming evidence (high quality and “challenging”
evidence)

3. MINIMAL
• Analytical procedures that do not provide persuasive or corroborative evidence contribute minimal support for the
conclusion
• For example, simple comparison with previous year to help identify problems, not to reduce other testing
• Usefulness of procedure to generate more persuasive evidence depends on circumstances such as complexity of client
and extent of fluctuations in particular account balance
EVALUATING DOCUMENT RESULTS

• Auditor’s understanding of the client’s business helps identify likely fluctuations in financial data
o For example, Seasonal trends, dependent relationships, specific business decisions
• Expectations of likely fluctuations helps the auditor to interpret results
o Absence of fluctuation could be more suspicious than a large fluctuation

RISK AND SUBSTANTIVE PROCEDURES

Differences between auditing income statement and balance sheet accounts:

• Balance sheet accounts typically represent only recent transactions, or one-off transactions
• Income statement accounts reflect sum of entire reporting period transactions
• Testing balance sheet accounts do not provide much assurance about income statement accounts
• Difference in nature of account is reflected in difference in testing
• Typically use analytical procedures for income statement accounts rather than confirmations etc.
• Extent of substantive procedures
o As discussed for balance sheet accounts, extent of testing determined by risk assessment for each significant
account or disclosure
o High IR, CR: do not rely on and test controls, use significant amount of substantive testing to reduce DR
o Low IR, CR: testing controls shows them to be effective, limited substantive testing required
• Timing of substantive procedures
o Dependent on risk assessment, can perform some types of work prior to year-end, leverage off internal audit
etc.

SUBSTANTIVE TE STING – REVENUE

Substantive testing for revenue:

Sales is usually a very significant account

• Pressure to achieve sales targets creates risk of overstatement

o High overall inherent risk, e.g. manipulation, fraud
• Also significant because generally:
o Material size
o High volume of transactions
• Auditors usually either use only substantive testing techniques, or use controls testing supplemented with high-level
analytical procedures
Most important assertions:
• Occurrence = Test recorded sales are bona fide (ficticious) and have occurred
• Accuracy = Sales are recorded at correct amount, not overstated
• Cut-off = Risk that sales occur after year-end are recorded early
Not very important:

• Completeness is not usually significant, except if pressure to increase next year’s sales
o Service revenue requires testing projects delivered to customers, or in progress
o Interest, dividend revenue – recalculate, check bank statements
o Other items not usually material
Objective Assertion
All sales included in the income statement represent the exchange of goods or services with Occurrence (O)
customers for cash or other consideration during the period. All other revenues included in the
income statement for the period have accrued to the entity at year-end. Revenues applicable for
future periods have been deferred.
All sales and other revenues that accrued to the entity during the period are included in the Completeness (C)
income statement.
Sales and other revenues are stated in the income statement at the appropriate amounts and in Accuracy, Cut Off
the appropriate period.
Sales and other revenues are properly classified, described and disclosed in the financial report Classification (CI),
including in the notes. Classification and
Understandability
PROCESSES IMPACTING SALES REVENUE:
• Sales and sales returns and allowances
• Consider evidence from interim testing, control testing phase
• If substantive testing required, use detailed testing such as vouching, tracing of documents, recalculating pricing and
discounts, testing postings

Example Tests always performed

Compare the monthly income statements to budget and/or prior year and investigate any unexpected fluctuations or
absence of expected fluctuations (C, A, CI)
Example Analytical Procedures
General
Review the client’s comparison of budgeted and actual revenues by month or by quarter. Corroborate some of the reasons
identified by the client for important variations. Investigate any unexpected variations or the absence of expected variations
that were not identified by the client. (C, A, CI)
Sales
Compare sales to the current year’s budget and to the prior period’s actual sales by product line or geographic area (C, A, CI)
Other Revenue
Obtain detailed analysis of selected revenue accounts and trade the details to the source data (CI)
Example other general procedures
Sales
Enquire about management, sales personnel, or other parties who may be receiving products without billing or payment (O,
A)
Other Revenue
Obtain detailed analysis of selected revenue accounts and trace the details to the source data (CI)

SUBSTANTIVE TESTING – COST OF SALES AND EXPENSES

Substantive testing for cost of sales and expenses:

• Cost of sales and expenses are significant accounts in income statement

• Major risk relates to understatement
Key assertions are:

• Accuracy – verified by vouching recorded amounts to supporting documentation or by reference to the significant
account that has determined the expense
 • Completeness and cut-off – important to ensure that the client has not understated its costs and expenses by deferring
costs into the period after year end
o Need to do more tracing
Accuracy

• Verify by vouching recorded amounts to documents or underlying account, e.g.

• Depreciation – tested as part of verifying PPE balance
• Bad debts – part of verifying receivables balance
• Cost of sales is verified to:
• Opening stock balance (last year closing balance)
• Purchases and payables
• Closing stock balance part of inventory valuation
• Purchases typically subjected to additional testing through controls testing, and if necessary, vouching to supplier
documentation
• Payroll expense vouched to time cards, employee lists
• Consider employees who leave during period
Completeness and cut-off

• Assertions combined – auditor to verify that client has not understated expenses and cost of sales by deferring
recording expenses to next period
• Examine invoices around year-end to verify dates
Classification can be important for special disclosure requirements

For example, interest expense, depreciation

Occurrence not typically significant

Objective Assertion
All costs and expenses in the income statement are properly supported as charges against the Occurrence
entity in the period. Costs and expenses applicable to future periods are carried forward as
inventory, pre-paid expenses, deferred charges or property, plant and equipment.
All costs related to the current period's revenues and all expenses of the current period are Completeness
included in the income statement.
Costs and expenses are stated in income statement at the appropriate amounts and in the Accuracy, Cut Off
appropriate period.
Costs and expenses are properly classified, described and disclosed in the financial report, Classification (Ci)
including the notes. Classification and
Understandability (C&U)
Processes impacting on costs and expenses

• Substantive testing of
purchases and payroll usually
undertaken only if controls
not effective, or if more
efficient to test substantively
• Testing of balances – some
procedures ordinarily always
performed, others if risk
assessment warrants
 Examples tests always performed
Obtain detailed analysis of selected costs and expense accounts and trade the details to the source data (O,A)
Examples analytical procedures
Cost of Sales:
Compare the current period’s gross profit ratios by month, location, product and geographic area with those of prior periods
and with budgeted amounts. Investigate any large or unusual variations or the absence of expected variations. (C,A)
Expenses:
Review the client’s comparison of budgeted and actual costs and expenses by month or by quarter. Corroborate the reasons
identified by the client for the important variations. Investigate any unexpected variations or the absence of expected
variations no identified by client. (C,A)
Example other general procedures
Review the expense accounts in the general ledger for unusual items. Investigate any such items observed. (O,C,A)

ASSESSING RESULTS OF SUBSTANTIVE PROCEDURE S

• Other costs or expenses that could be significant include:

o Administration costs
o Selling expenses
o Audit fees
o Advertising and marketing costs
o Impairment charges
• Nature of tests similar to purchases and payroll
• Use risk assessment based on knowledge of client and professional judgment to determine timing and extent of testing
• Auditor’s objective is to determine if there are misstatements within the account balance and to quantify the amount
of any misstatement
• If error identified:
o Understand why it occurred
o Consider increase to sample size
o Consider additional testing
o Continue testing until error can be accurately quantified or balance fully tested to ensure no error remains

EVALUATING, DOCUMENTING RESULTS

• Auditor assesses impact of all errors identified during the audit and documented in working papers
o Distinguish between errors (including fraud) and judgmental misstatements
▪ Differences in judgment between auditor and client
▪ Likely to be focus of discussions between auditor and client, more likely to be ‘range’ than exact
number
o Decide if one-off event, or systematic errors
• Conclude on results for each audit program step and each significant account and significant assertion

WEEK 9: SUBSTANTIVE TESTING AND BALANCE SHEET ACCOUNTS

SUBSTANTIVE TESTS: CASH

Important Assertions

• Existence: usually addressed by bank confirmation

• Completeness: test bank reconciliation and cut off cash transactions
o Verify reconciling items to next period bank statement

Other assertions may also be important:

• Rights and obligations:

o Assertion also significant where clients may pledge assets
o Pledging restricts client’s rights over cash.
• Valuation and allocation:
o Usually only an issue when client has significant foreign currency bank accounts.

Testing cash account balances always done at some level, additional procedures required as risk assessment increases
Tests include bank confirmations, bank reconciliation re-performance, analytical procedures
 Objective Assertion
All cash on the balance sheet is held by the entity or by others (eg. a bank) for the entity Existence
All cash owned by the entity at year-end is included in the balance sheet Completeness
Cash is stated at its realisable value Valuation and Allocation
The entity owns, or has legal rights to, all the cash on the balance sheet at year-end. All cash is Rights and Obligations
free from restrictions on use, liens, or other security interests, or if not, such restrictions, liens or
other security interests are identified.
Cash is properly classified, described and disclosed in the financial report, including in the notes, Classification
including disclosures of any of the abovementioned restrictions on use, etc., plus disclosures are
Classification and
made as required by application of an appropriate accounting framework (eg. IFRS)
Understandability
Processes Impacting on Cash

• Auditor assesses evidence

obtained from interim
testing on significant
transactions, control
testing.
• When CR low, unlikely to
do additional testing on
cash receipts and
payments, focus on
balance.
• If CR not low, substantive
tests of receipts and
payments may be
required.

Examples of substantive tests of

cash processes:

Example Tests always performed

Confirm cash held by others (eg. bank balances and/or overdrafts) and cash on hand, if significant. (E, R&O)
Examine the client’s bank reconciliations. When appropriate (e.g. to determine whether receipts or payments are recorded
on a timely basis, or to verify the appropriateness of reconciling items) obtain cut-off bank statements either side of year-end.
(C, V&A)
Test cut-off cash receipts, cash payments and transfers as at year end (C, V&A)
Example analytical procedures
Compare the listing of cash accounts with prior period’s and investigate any unexpected changes (e.g. credit balances,
unusually large balances, new accounts, closed accounts) or the absence of any unexpected changes (E, C, V&A, Cl)
Review interest received and/or paid in relation to the average cash balances and/or bank overdrafts. (occurrence and
accuracy of interest income in the income statement)
Example other general procedures
Review the cash accounts in the general ledger for unusual items (C, V&A)
Review bank confirmations, minutes of meetings, loan agreements and other documents for evidence of restrictions on the
use of cash or liens on cash (C&U)

SUBSTANTIVE TE STS: ACCOUNTS RECEIVABLE

TWO MOST IMPORTANT ASSERTIONS:

1. Existence

• Usually addressed by debtors’ confirmation (ASA 505; ISA 505)

• Positive confirmation: auditor requests reply in all circumstances
• Negative confirmation: auditor requests reply only if debtor disagrees with balance shown
 • Confirmations do not provide assurance about valuation because they do not address recoverability

2. Valuation & allocation

• Use subsequent receipts test

• Analytical procedures based on ageing

Other assertions may also be important:

• Classification
o Can also be important because of disclosures, such as related parties and financial instruments.
• Rights and Obligations
o Can also be important because of restrictions on trade terms.
• Completeness
o Can be addressed through cut-off testing.

There are three important transactions that impact on the balance of trade receivables:

1. Sales
2. Sales Returns and Allowances
3. Cash receipts

Auditor would only consider these procedures if unable to test and rely on controls or it is deemed more efficient to test balance
substantively.

Objective Assertion
All receivables on the balance sheet are real claims of the entity Existence
All real claims of the entity for amounts receivable are included on the balance sheet Completeness
Receivables are carried at their net realisable (collectable) value Valuation and Allocation
ie. The gross receivables are properly stated with appropriate allowances provided for
uncollectable accounts, discounts, returns, warranties and similar items
The entity owns, or has legal rights to, all the receivables on the balance sheet at year-end. Rights and Obligations
All receivables are free from liens, pledges or other security interests or if not, such liens,
pledges or other security interests are identified.
Receivables are properly classified, described and disclosed in the financial report, including the Classification and
notes, in conformity with prescribed accounting principles (IFRS) Understandability
 Example Tests always performed
Confirm accounts receivable. If accounts are confirmed at an interim date, review the roll forward of activity from the
confirmation date to year-end and compare the level of activity with the prior period. Investigate unusual items; consider
confirming (at year-end) significant new accounts and those accounts with significant increases or decreases between
confirmation date and year-end.
Examine the subsequent cash receipts, shipping records, sales contracts and other evidence to verify the validity of accounts
receivable for which replies to confirmation requests were unsatisfactory or were not obtained as part of supporting year-end
receivables balances. (E)
Test the cut-off by inspecting sales ledger, billings, shipping documents and other supporting documents immediately before
and after the cut-off date and determine that the transactions were recorded in the proper period; compare the receivables
cut-off to cut-offs in related areas (e.g. sales and inventory) (C)
Evaluate the adequacy of the allowances for doubtful accounts. See the example procedures that may be performed under
general procedures below (V&A).
Example analytical procedures – allowances for doubtful debts
Compare the aged listing of accounts receivable with prior period’s and note any significant changes (eg. changes in major
customers, in major trade receivables balances overdue) (V&A)
Compare the current period’s accounts written off the provision for doubtful debts as percentages of accounts receivable and
sales with prior period’s percentages. Evaluate the trends in light of current economic conditions and what you know about
the client and the industry they operate in. (V&A)
Example other general procedures
Review the evidence or obtain information concerning credit worthiness for large new accounts (V&A)
Trace the totals of accounts receivable in the trade receivables sub ledger to the general ledger control accounts or the
accounts receivable summary (V&A, C)

SUBSTANTIVE TESTS: INVENTORY

TWO MOST IMPORTANT ASSERTIONS:

1. EXISTENCE
o Usually addressed by testing client’s annual or cyclical stock take (ASA 501; ISA 501)
o Auditor tests client’s verification of physical inventory with records, and auditor must sight inventory
o Lower CR, less likely stocktake is performed only annually
2. VALUATION & ALLOCATION
o Lower of cost and NRV - AASB 102 (IAS 2)
o Sighting inventory at stock take allows auditor to assess slow-moving, damaged, obsolete, impaired, excess
stock which should be written down
o Typical techniques:
▪ Vouching to invoices to verify initial cost
▪ Vouching to sales details to verify cost of sales
▪ Test provision for impairment calculations

Other assertions may also be important:

• Completeness
o Not usually a major issue
o Risk of understatement can be issue where goods sold on consignment.
• Rights and obligations
o Relevant for some clients due to consignment sales, complex purchasing contracts.
• Classification
o Usually addressed by testing stock listing, allowing verification of disclosures

• There are three important types of transactions that impact on the inventory balance:
1. Purchasing
2. Cash payments
3. Inventory processes
• Usually, auditor relies on control testing of these transactions to confirm low CR
• If CR not low, substantive tests required for the transactions
 Objective Assertion
All inventory on the inventory listing is included in the financial report Existence
All inventory owned by the entity at year-end are included on the balance sheet Completeness
Inventory is carried at the lower of cost or market value (NRV). Valuation and
The costs and market determinations are appropriate, including adequate provisions for excess, Allocation
slow-moving, obsolete and damaged goods and for losses on purchase and sale commitments.
The entity owns, or has legal rights to, all the inventory on the balance sheet. Rights and Obligations
All inventory is free from liens, pledges or other security interests or if not, such liens, pledges or
other security interests are identified.
Inventory is properly classified, described and disclosed in the financial report, including the notes, Classification and
in conformity with prescribed accounting principles (IFRS) Understandability
Testing inventory account balances required by ASA 501; ISA 501, para 4,
If inventory is material to the financial report, auditor must attend the physical inventory counting, unless impracticable, to:

1. Evaluate managements’ instructions and procedures

2. Observe performance of count
3. Inspect inventory
4. Perform test counts

Auditor is required to test entity’s final inventory records to determine if they accurately reflect actual inventory count.

• AUDITOR WILL ALSO USUALLY:

o Perform analytical procedures
o Test valuation of inventory
o Test client procedures to assess inventory impairments due to damage
o Test client’s costing methods
o Use procedures to test valuation of inventory at remote locations (e.g. use another auditor)

SUBSTANTIVE TESTS: FIXED ASSETS / PPE

TWO MOST IMPORTANT ASSERTIONS:

• Existence
o Verify items recorded in client’s fixed asset register
o Physically sight assets listed in first audit and periodically
o Focus on additions and disposals in later years
• Valuation & allocation
o Evidence about condition gathered when sighting physical assets
o Consider cost and fair value, and asset impairment
o Change in client operations could impact fair values
o Vouch initial cost to invoices, contracts
o Vouch disposals to sales contracts, receipts
o Test depreciation through reasonableness testing of charge based on useful lives

Other assertions may also be important:

• Completeness
o Not usually major issue
• Rights and obligations
o Initial test then periodically.
o Registered titles, registration papers.
o Consider leased items.
• Classification
o Generally test fixed asset register.

There are three important types of transactions that impact on the balance of PPE:

1. Cash receipts
2. cash payments
3. Purchasing
Substantive testing when CR high.
 Objective Assertion
All PPE on the balance sheet (including assets leased under finance leases) are held by the Existence
entity or by others for the entity
All PPE owned or leased under finance leases by the entity at year-end are included on the Completeness
balance sheet
PPE are carried at the appropriate amount (taking into account accumulated depreciation, Valuation and Allocation
amortisation or impairment). The cost of the plant and equipment is allocated to the
appropriate accounting periods in a systematic and rational manner. The written down value
of the PPE is expected to be recoverable through future use. PPE assets held for disposal are
carried at the appropriate value.
The entity owns, or has legal rights to, all the PPE on the balance sheet. Rights and Obligations
All PPE assets are free from liens, pledges or other security interests or if not, such liens,
pledges or other security interests are identified.
PPE and related accounts are properly classified, described and disclosed in the financial report, Classification and
including the notes, in conformity with prescribed accounting principles (IFRS) Understandability

SUBSTANTIVE TESTS – ACCOUNTS PAYABLE

Two most important assertions are COMPLETENESS and VALUATION & ALLOCATION

FOR BOTH ASSERTIONS:

• Major risk is understatement

• Use subsequent payments testing
o Vouch payments after balance date to invoices to verify invoices dated prior to year-end are included in
payables
• Cut-off testing
o Select sample of purchases either side of year-end and verify that each included or excluded from payables
based on invoice date

Other assertions may also be important:

• Existence and Rights and Obligations

o Not usually important because they relate more to risk of overstatement.
• Classification
o Important if there are related party transactions, and specific finance types that require disclosures.

Accruals are treated in same way as payables, search for unrecorded amounts through subsequent payments testing.

• There are two important types of processes that impact on the balance of payables:
1. Cash payments
2. Purchasing
• Substantive testing when CR high.

Objective Assertion
All accounts payable on the balance sheet are real debts payable to suppliers or other creditors Existence
of the entity for goods received or services performed.
All accounts payable owed by the entity at year-end are included on the balance sheet Completeness
Accounts payable are stated at the amounts owed at year-end Valuation and Allocation
The accounts payable on the balance sheet represent obligations of the entity at year-end. Rights and Obligations
The accounts payable are not secured by liens on assets, security interests or other collateral
unless otherwise indicated.
Accounts payable are properly classified, described and disclosed in the financial report, Classification and
including the notes, in conformity with prescribed accounting principles (IFRS) Understandability
WEEK 10: COMPLETING AND REPORTING ON THE AUDIT

ENGAGEMENT WRAP UP

• Auditor finalises any open items before issuing audit report

• Any remaining audit procedures are assigned, due date set for completion
• Audit partner determines if procedures executed as planned and all relevant matters have been considered
appropriately

Areas covered during wrap up

1. Review planned procedures for proper and complete execution

2. Determine all necessary matters appropriately considered
3. Revisit open review notes, ‘to-do’ items, incomplete procedures – attention needed? Resolve items
4. Remove all unnecessary documentation, drafts and review notes from review file
o ASA 230; ISA 230, ASA 315; ISA 315, ASA 330; ISA 330 requirements for developing, altering and storing audit
documentation
1. For multi-location audits, obtain documents from other auditors as required
2. Remove documents not required to support opinion
3. Consider materiality level used in audit
▪ Is it still appropriate given factors or conditions found during audit?
▪ For example, significant change in anticipated operating results, numerous unexpected
misstatements
4. Reconsider assessments of internal control at entity level and risk of fraud given results of control tests,
misstatements discovered during audit
▪ Problems may be too pervasive to continue with audit
5. Revisit planning documentation to determine if all matters in plan have been addressed
6. Perform subsequent events procedures
▪ Identify events occurring between year-end and date of audit report that might require adjustment or
disclosure
7. The entity’s annual report to consider if there are any material inconsistencies, that is, any material
inconsistency between the audited financial report and the other information, found in ASA 720 (ISA 720)
(Revised).
• Auditor must decide if there is sufficient appropriate audit evidence to support audit opinion - consider:
o Materiality of misstatements
o Management responses
o Previous experience
o Results of audit procedures performed
o Quality of information obtained
o Persuasiveness of the audit evidence
o Whether evidence obtained supports or contradicts
the results of the risk assessment procedures
• Auditor evaluates audit evidence to decide whether:
1. The assessments of the risk of material misstatement at the assertion level are appropriate, and
2. Sufficient evidence has been obtained to reduce the risk of material misstatement in the financial report to an
acceptably low level
• Audit team discusses progress throughout engagement, modifies planned procedures to reflect changes to original risk
assessments
• When misstatements or control deviations found in planned procedures, consider:
o Reason for the misstatement or deviation
o Impact on risk assessments and other planned procedures
o Need to modify or perform further audit procedures
o Need to revise materiality level due to:
▪ New information, e.g. client obtained new loan with more restrictive debt covenants
▪ Change in auditor’s understanding of the entity and its operations
▪ New circumstances, e.g. significantly lower profit
GOING CONCERN

• Auditor needs to assess the going concern risk again based on the information they have obtained.
• Going concern assumption underpins accounting on the basis that the entity will be able to realise its assets and
discharge its liabilities in the normal course of business
• Management must assess going concern;
1. On basis of 12 months from directors’ report
2. Use information available at time of assessment
3. Judgments affected by size and complexity of entity, nature and condition of its business, degree to which
business affected by external factors
• Going concern risk can impact audit opinion
Auditor considers reasonableness of management’s assessment of going concern and whether disclosures are required in
financial report (ASA 570; ISA 570)

o Consider reasonableness of management’s procedures to identify going concern issues and mitigating
circumstances
o If going concern assumption is not appropriate, management should prepare financial report on liquidation
basis
• If the use of going concern basis of accounting is appropriate – adverse opinion
• When the use of going concern basis of accounting is appropriate but a material uncertainty exists related to events or
conditions that may cash significant doubt on an entity’s ability to continue as a going concern and disclosures in the
financial statements are adequate – unqualified opinion with a paragraph section with material uncertainty related to
going concern
• When the use of going concern is appropriate but a material uncertainty exists related to events or conditions that may
cast significant doubt on an entity’s ability to continue aka going concern and disclosures are inadequate or omitted –
qualified opinion

SUBSEQUENT EVENTS

• Financial report is based on events up to, and conditions existing at, year-end
• Three other key dates:
o Date financial report approved by management
o Date of auditor’s report
o Date financial report publicly released
• Subsequent events:
o Events that occur between year-end and the date of auditor’s report, and facts discovered after date of
auditor’s report
• Auditor must review whether there are any subsequent events that can impact the

TYPE 1 SUBSEQUENT EVENTS - Adjusting Events:

• Events that provide additional evidence with respect to conditions that existed at year-end
• Can affect estimates in financial report, or indicate that going concern assumption is not appropriate
• Accounting treatment: adjust financial report for the effect of these events, where material
• Examples:
o Bankruptcy of customer after year-end which would be considered when evaluating provision for doubtful
debts
o Amount received for insurance claim in
negotiation at year-end (got the claim
after year end, go back and change it due
to negotiations existing before year end)
o Deterioration in operating results after
year-end that means going concern not
appropriate (adjustable only when you
know company cannot operate as a going
concern)
o Eg. If building burns down and no longer
able to continue as going concern, go
back and adjust)
TYPE 2 SUBSEQUENT EVENTS – Non Adjusting Events

• Events that provide evidence with respect to conditions

that developed subsequent to year-end
• Do not result in changes to amounts in the financial
report
• Might be so significant to require disclosure
• Do not require accounts to be adjusted
• Examples:
o Uninsured loss of assets due to fire, flood, signed
subsequent to year-end
o Purchase of a business, issuance of shares or
debt subsequent to year-end

See AASB 110 (IAS 10) and ASA 560; ISA 560 for guidance on reporting and auditing these events

AUDITOR’S RESPONSIBILITIES FOR BOTH TYPES

• Prior to signing audit report, auditor completes procedures to identify any events post year-end that might require
adjustment or disclosure in accounts
• After signing audit report, if auditor becomes aware of a fact that may materially affect financial report:
o Consider if financial report needs changing
o Discuss matter with client
o Take action appropriate in circumstances
▪ Before the release of financial report, if client will not adjust financial report where auditor believes it
should be changed, consider issuing qualified or adverse opinion
▪ If financial report issued, auditor might withdraw audit report, prevent reliance on report

AUDIT PROCEDURES:

• Auditor is concerned only with significant events occurring subsequent to balance sheet date that might require
adjustment, disclosure in accounts
• Nature of procedures depends on:
o Auditor’s knowledge of client circumstances
o Management procedures to identify events
o Volatility and strength of client’s business
o Auditor’s understanding and evaluation of sources of information for significant accounts
o Presence of known problems increasing client exposure to significant changes in financial position
• Gain understanding of and make evaluation of management processes to deal with subsequent events
• Read board meeting minutes
• Analyse latest interim results, budgets, accounting decisions, loan repayments and compliance
• Extend analytical procedures to audit report date
• Enquiries of legal counsel, board members, management
• Obtain written representations ASA 580; ISA 580

MISSTATEMENTS DUE TO ERROR OR FRAUD

FACTORS TO CONSIDER WHEN EVALUATING:

• Significance of financial report element affected by misstatement

• Significance of misstatements relative to known user needs
• Effect of misstatements on segment information, or other important portion of client’s business
• Effects of offsetting misstatements in different financial report captions, e.g. cash and prepayments
• Current year misstatements
o Auditor prepares schedule of uncorrected differences in order to assess overall effect on financial report and
on individual items or balances
o Consider effect on future years’ reports
• Prior year misstatements
o May be immaterial in previous year, could be material this year (ASA 450; ISA 450)
o Consider potential turn around
o e.g. understating payables last year due to cut-off error turns-around this year
• Consider both quantitative and qualitative aspects of misstatements
 • Qualitative examples:
o Affects compliance with regulatory requirements or debt covenants
o Affects client’s compliance with contractual requirements of operating and other agreements
o Affects management’s satisfaction of requirements for award of bonuses and incentive compensation
o Changes reported profit into loss
o Changes individual line items by material amount
o Changes key ratios monitored by analysts
o Sensitivity of circumstances e.g. fraud and illegal acts.

EVALUATING CONCLUSIONS, FORMING OPINION

To form an opinion:

1. Evaluate audit evidence obtained

2. Evaluate effects of unrecorded misstatements and qualitative aspects of entity’s accounting
3. Evaluate whether financial report properly prepared and presented according to standards
4. Evaluate fair presentation of financial report

Audit report structure (ASA 700):

• Opinion
o True and fair view of financial position / performance
o Compliance with Corporations Regulations 2001
• Basis for Opinion
o ASA
o Independence
• Emphasis of Matter
o If any
• Material Uncertainty Related to Going Concern
o If applicable, draw attention to the relevant note in the financial report
• Key Audit Matters
o Matters of most significance in the audit
• Other Information
o Unaudited Information in the annual report

Different Audit Opinions

• Unmodified:
o Also known as an UNQUALIFIED OPINION or clean opinion – as in a ‘clean bill of health’.
• Modified:
o Modifications that do not affect the auditor’s opinion:
▪ Emphasis of matter
o Modifications that affect the auditor’s opinion:
▪ Qualified Opinion
▪ Adverse opinion
▪ Disclaimer of Opinion

Types of modified opinions:

Emphasis of matter:

Applies when resolution of a matter is dependent on future actions or events not under direct control of the entity, but that
may affect the financial report, and the matter is disclosed in the notes to the financial report

Example:
Material uncertainty related to going concern:

▪ Unqualified audit opinion

▪ Appropriate disclosure of the material
uncertainty in the financial report

Modifications that affect the auditor’s

opinion:

Key concepts (ASA 705):

• Pervasive effects: several accounts

o “(i) Are not confined to specific elements, accounts or items of the financial report;
o (ii) If so confined, represent or could represent a substantial proportion of the financial report; or
o (iii) In relation to disclosures, are fundamental to users’ understanding of the financial report. “

• Inability to obtain sufficient appropriate audit evidence

o Could result from auditor’s inability to perform procedures or an imposition by the entity

A – QUALIFIED AUDIT OPINION B- QUALIFIED AUDIT OPINION

C – ADVERSE OPINION D – DISCLAIMER OF AUDIT OPINION

▪ Scope limitations
▪ Cannot express an opinion
KEY AUDIT MATTERS:
• Required only for listed entities
• Not a Substitute for Expressing a Modified Opinion
• Exceptionally, it is possible not to disclose a KAM if there are adverse consequences of public disclosure that outweigh
the public interest benefit.
• Exceptionally, the auditor can also decide that there are no KAM

OTHER MATTERS

Corporations Act 2001 Breaches

• Auditor required to report contraventions to ASIC within 28 days of an event (s311 Corp Act)
• Reporting must be in a timely manner and auditor should not wait until the end of the engagement to report the
matter
• Examples of suspected contraventions include:
o Insolvent trading
▪ if a company is insolvent and a director allows the company to incur a new debt, then the director can
be personally liable for the new debts incurred.
o Breaches of accounting standards
o Fraud by officers or employees of the client
o Continual late lodgment or non-lodgment of annual statements and financial reports

Communication with management and those charged with governance (ASA 260)

• Communicate matters of governance interest that come to auditors attention in audit (covered by several auditing
standards)
• Fraud (ASA 240)
• Non compliance with laws and regulations (ASA 250)

Matters of governance interest that the auditor may wish to discuss with those charged with governance include:

• General approach and overall scope of audit, limitations

• Selection of, changes in, accounting policies with material effect on financial report
• Potential effect on financial report of any material risks and exposures
• Misstatements with material effect
• Material uncertainties relating to going concern
• Disagreements with management
• Expected modifications to the audit report
• Practical difficulties in performing audit
• Irregularities, suspected noncompliance with laws
• Comments on design and operation of internal controls, suggestions for improvements (also in management letter)
• Any other matters as agreed

Documentation considerations:

• Auditor retains a copy of communication in working papers with any responses from management and their
intended actions.
• Depending on the nature, sensitivity and significance of the matters communicated, the auditor could confirm oral
communication in writing, to prevent disputes at a later date.
• Auditor should communicate weaknesses in internal controls to management (or those charged with governance)
and should be communicated in writing.