1. Audit Framework and Regulation_Presentation Day 1
Short Description
Download 1. Audit Framework and Regulation_Presentation Day 1...
Description
Technical Cross-Functional Knowledge Sharing Curriculum A flavour of audit approach
August 2012
Agenda and Objectives
What it is about?
The main objective is a collaborative, inclusive and transparent knowledge sharing curriculum, developed and designed to help us strengthen our market position.
© 2012 Deloitte Romania
Why participate? The participation in the training program A flavour of audit approach will :
•
Enable you to be better equipped with more in-depth knowledge of your Audit colleagues’ work;
•
Ensure you present yourself as a well-rounded professional by demonstrating borderless behaviors externally and internally;
•
Assist you in your professional development;
•
Help you to build your internal network and make it even stronger
© 2012 Deloitte Romania
Program overview Duration
2 * 1/2 day – three sessions
weeks starting 06/08/12, 10/09/12 or 08/10/12 Location
Bucharest
Place
Deloitte office
Targeted Participants
TAX
All
Consulting
All
ERS
All
Max. no. of Participants Provider
18 Audit professionals
© 2012 Deloitte Romania
Contents Day 1 A. Audit Framework and Regulation
1. Concept of Audit 2. Other assurance engagements 3. Statutory audits, IFRS audits and others
B. Audit Approach 1. Planning and Risk Assessment 2. Objectives and assessing the risks 3. Understanding the entity
© 2012 Deloitte Romania
Contents - continued Day 2 B.
Audit Approach (continued)
4.
Materiality computation
5.
Fraud, laws and regulations
6.
Analytical Procedures
7.
Planning and Audit
8.
Audit Documentation
C.
Audit Evidence
1.
Audit Procedures
2.
Audit of specific item
3.
Audit Sampling
© 2012 Deloitte Romania
A. Audit Framework and Regulation
Concept of audit
A. Audit Framework and Regulation 1. Concept of Audit
© 2012 Deloitte Romania
A. Audit Framework and Regulation 1. Concept of Audit
Definition of audit [non-IFAC*]
1. An examination of records or financial accounts to check their accuracy. 2. An adjustment or correction of accounts. 3. An examined and verified account.
* International Federation of Accountants
© 2012 Deloitte Romania
A. Audit Framework and Regulation 1. Concept of Audit An Audit of Financial Statements •
The purpose of an audit is to enhance the degree of confidence of intended users in the financial statements.
This is achieved by the expression of an opinion by the auditor on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework. In the case of most general purpose frameworks, that opinion is on whether the financial statements are presented fairly, in all material respects, or give a true and fair view in accordance with the framework.
© 2012 Deloitte Romania
A. Audit Framework and Regulation 1. Concept of Audit An Audit of Financial Statements (continued) The financial statements subject to audit are those of the entity, prepared by management of the entity with oversight from those charged with governance.
ISAs do not impose responsibilities on management or those charged with governance and do not override laws and regulations that govern their responsibilities. However, an audit in accordance with ISAs is conducted on the premise that management and, where appropriate, those charged with governance have acknowledged certain responsibilities that are fundamental to the conduct of the audit. The audit of the financial statements does not relieve management or those charged with governance of their responsibilities. (Ref: Para. A2-A11)
© 2012 Deloitte Romania
A. Audit Framework and Regulation 1. Concept of Audit Overall objectives of the Auditor in an audit of Financial Statements In conducting an audit of Financial Statements, the overall objectives of the Auditor are:
•
To obtain Reasonable Assurance about whether the Financial Statements as a whole are free from material Misstatement, whether due to Fraud or Error, thereby enabling the Auditor to express an opinion on whether the Financial Statements are prepared, in all material respects, in accordance with an Applicable Financial Reporting Framework
•
To report on the Financial Statements and communicate as required by The Manual and Professional Standards and applicable legal and regulatory requirements, in accordance with the Auditor’s findings. [ISA 200.11]
© 2012 Deloitte Romania
A. Audit Framework and Regulation 1. Concept of Audit Overall objectives of the Auditor in an audit of Financial Statements (continued)
When reasonable assurance cannot be obtained and a qualified opinion in the auditor’s report is insufficient in the circumstances for purposes of reporting to the intended users of the financial statements, the ISAs require that the auditor disclaim an opinion or withdraw (or resign) from the engagement, where withdrawal is possible under applicable law or regulation.
© 2012 Deloitte Romania
A. Audit Framework and Regulation 1. Concept of Audit
What can go wrong? If audit objectives are not met and the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated, the public is misled and legal action can be taken against the companies. For example, in 2001, Enron, an energy provider, and their CPA firm, Arthur Anderson, were found guilty of misstating the financial statements. Enron, once a blue-chip stock company, was falsely reporting revenues and profits. Arthur Anderson was issuing positive audit opinions that supported Enron, and masked the fraud. Enron was bankrupt and sold. Arthur Anderson, once one of the largest CPA firms in the world, was dissolved.
© 2012 Deloitte Romania
A. Audit Framework and Regulation 1. Concept of Audit What is assurance engagement and why is it important? Assurance – an opinion expressed by a practitioner (assurance provider) on a subject matter. It is important because it enhances the degree of confidence place in the subject matter by the intended users as to the evaluation or measurement against suitable criteria.
Subject matter information—The outcome of the evaluation or measurement of a subject matter. It is the subject matter information about which the practitioner gathers sufficient appropriate evidence to provide a reasonable basis for expressing a conclusion in an assurance report. Assurance engagement—An engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria. [IFAC]
© 2012 Deloitte Romania
A. Audit Framework and Regulation 1. Concept of Audit What are the features of an assurance engagement? Features
Examples
A. Subject matter
a) Financial statements, interim financial information, etc
B. The three main parties involve: • Responsible person • Assurance provider (practitioner) • Intended user C.
b) The three main parties: • Management • Deloitte • Shareholders, Banks, Investors, Large Publc, etc
The report
c)
Audit opinion on the financial statements (Independent auditor’s report); review report, etc
© 2012 Deloitte Romania
A. Audit Framework and Regulation 1. Concept of Audit Regulatory Framework: International Standards on Auditing (ISAs) issued by the International Federation of Accountants,
Auditing standards of a specific jurisdiction or country (Eg.: US GAAS, Standardele de audit adoptate de Camera Auditorilor Financiari din Romania ) Other relevant legal, regulatory or professional obligations
ISA require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance whether the financial statements are free from material misstatement [stnd para in the report].
© 2012 Deloitte Romania
A. Audit Framework and Regulation 1. Concept of Audit Regulatory Framework (continued) Assurance engagements
Applicable standards
1. Audits of historical financial information (eg.: external (statutory) audits)
I.
International Standards on Auditing (ISAs)
II.
International Standards on Review Engagements (ISREs)
2. Reviews of historical financial information 3. Assurance engagements other than audits or reviews of historical financial information
III. International Standard on Assurance Engagements (ISAE)
© 2012 Deloitte Romania
A. Audit Framework and Regulation 1. Concept of Audit Levels of assurance Under the “International Framework for Assurance Engagements” there are two types of assurance engagement a practitioner is permitted to perform: 1 Reasonable assurance engagement—The objective of a reasonable assurance engagement is a reduction in assurance engagement risk to an acceptably low level in the circumstances of the engagement as the basis for a positive form of expression of the practitioner’s conclusion. 2 Limited assurance engagement—The objective of a limited assurance engagement is a reduction in assurance engagement risk to a level that is acceptable in the circumstances of the engagement, but where that risk is greater than for a reasonable assurance engagement, as the basis for a negative form of expression of the practitioner’s conclusion.
© 2012 Deloitte Romania
A. Audit Framework and Regulation 1. Concept of Audit •
As the basis for the auditor’s opinion, ISAs require the auditor to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error.
•
Reasonable assurance is a high level of assurance. To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion.
Reasonable assurance is not an absolute level of assurance!
© 2012 Deloitte Romania
A. Audit Framework and Regulation 1. Concept of Audit
The ISAs require that the auditor exercise professional judgment and maintain professional skepticism throughout the planning and performance of the audit.
© 2012 Deloitte Romania
Other assurance engagements
A. Audit Framework and Regulation 2. Other assurance engagements •
The performance of assurance engagements other than audits or reviews of historical financial information requires the service auditor to comply with ISAE 3000 “ASSURANCE ENGAGEMENTS OTHER THAN AUDITS OR REVIEWS OF HISTORICAL FINANCIAL INFORMATION”
Examples •
Report on controls at a service organisation – report for use by user entities and their auditors on the controls at a service organization that provides a service to user entities that is likely to be relevant to user entities’ internal control as it relates to financial reporting.
© 2012 Deloitte Romania
Statutory audits IFRS audits and others
A. Audit Framework and Regulation 3. Statutory audits, IFRS audits and other We perform audits of the financial statements of our clients prepared under both local and international reporting standards:
•
Statutory audits
•
International Standard Audits
© 2012 Deloitte Romania
A. Audit Framework and Regulation 3. Statutory audits, IFRS audits and other Statutory audits •
legal requirement
•
banks, listed companies, entities that meet 2 of 3 criteria (total assets: EUR 3,650,000, - net turnover: EUR 7,300,000, - average number of employees during the financial year: 50 )
•
performed only by statutory licenced auditors (CAFR)
Auditul statutar reprezintă auditul situaţiilor financiare anuale sau al situaţiilor financiare anuale consolidate, aşa cum este prevăzut de legislaţia comunitară, transpusă în reglementările naţionale [ORDONANŢĂ DE URGENŢĂ nr. 90 din 24 iunie 2008 privind auditul statutar al situaţiilor financiare anuale şi al situaţiilor financiare anuale consolidate]
© 2012 Deloitte Romania
A. Audit Framework and Regulation Special considerations ISA 800 –special purpose •
ISA 800 refers to an audit of financial statements prepared in accordance with a special purpose framework.
•
Special purpose framework – A financial reporting framework designed to meet the financial information needs of specific users. The financial reporting framework may be a fair presentation framework or a compliance framework.
•
The auditor’s report on special purpose financial statements shall include an Emphasis of Matter paragraph alerting users of the auditor’s report that the financial statements are prepared in accordance with a special purpose framework and that, as a result, the financial statements may not be suitable for another purpose.
© 2012 Deloitte Romania
A. Audit Framework and Regulation Special considerations ISA 800 –special purpose (continued)
Examples of special purpose framework are: •
A tax basis of accounting for a set of financial statements that accompany an entity’s tax return;
•
The cash receipts and disbursements basis of accounting for cash flow information that an entity may be requested to prepare for creditors;
•
The financial reporting provisions established by a regulator to meet the requirements of that regulator; or
•
The financial reporting provisions of a contract, such as a bond indenture, a loan agreement, or a project grant.
© 2012 Deloitte Romania
A. Audit Framework and Regulation Special considerations ISA 805 –single financial statements and specific elements of a FS
•
ISA 805 refers to audits of single financial statements and specific elements, accounts or items of a financial statement.
•
The auditor shall express a separate opinion.
© 2012 Deloitte Romania
A. Audit Framework and Regulation
SPECIAL CONSIDERATIONS ISA 805 –single financial statements and specific elements of a FS (continued) Examples of Specific Elements, Accounts or Items of a Financial Statement •
Accounts receivable, allowance for doubtful accounts receivable, inventory, the liability for accrued benefits of a private pension plan, the recorded value of identified intangible assets, or the liability for “incurred but not reported” claims in an insurance portfolio, including related notes.
•
A schedule of externally managed assets and income of a private pension plan, including related notes.
•
A schedule of net tangible assets, including related notes.
•
A schedule of disbursements in relation to a lease property, including explanatory notes.
© 2012 Deloitte Romania
A. Audit Framework and Regulation
ISA 810 - summary financial statements • ISA 810 refers to engagements to report on summary financial statements.
• Summary financial statements – Historical financial information that is derived from financial statements but that contains less detail than the financial statements. • Opinion:
The summary financial statements are consistent, in all material respects, with the audited financial statements, in accordance with [the applied criteria];
The summary financial statements are a fair summary of the audited financial statements, in accordance with [the applied criteria].
© 2012 Deloitte Romania
Summary
A. Audit Framework and Regulation Benefits of the audit •
Provide reasonable assurance to creditors and investors that the financial statements are correct.
•
Enhance the brand of the company, as it provides workers, shareholders and the general public a secure feeling toward a company that complies with a financial statement audit.
•
Greater transparency of the audited entity with respect to third parties (suppliers, financial institutions, customers, others).
•
The transparency is something that is desired by the government for publicly traded companies, and it can be good for private companies, too. This can build integrity within the company to ensure workers recognize that their financials will be checked.
•
Honesty and more responsibility is shared among the top and the bottom. Audits make it hard for a CEO to claim she did not know the financial health of the company she operates.
© 2012 Deloitte Romania
A. Audit Framework and Regulation Benefits of the audit (continued) • Opinion of an independent expert on legal regulations, accounting principles, evaluation criteria, etc with maximum independence with respect to the audited entity. • Improved accountability in companies • Satisfy the legality in force • Although private companies are not always audited, this could enhance their potential for cash infusions from outside investors.
© 2012 Deloitte Romania
A. Audit Framework and Regulation
Our approach – Focus on Quality !
Reputation, approach, efficiency, knowledge and experience
© 2012 Deloitte Romania
End Section A
B. Audit Approach
Audit approach
1.
Planning and risk assessment
2.
Objectives and assessing the risk
3.
Understanding the entity
4.
Materiality computation
5.
Fraud, laws and regulations
6.
Analytical procedures
7.
Planning and audit
8.
Audit documentation
© 2012 Deloitte Romania
DTT International Audit Approach
Perform Pre-Engagement Activities Perform Preliminary Planning Develop the Audit Plan Perform the Audit Plan Conclude & Report
• Understanding Internal Control ENTITY LEVEL • Understand the Accounting Process BUSINESS CYCLE LEVEL • Plan Tests of Operating Effectiveness of Controls ENTITY LEVEL BUSINESS CYCLE LEVEL • Perform Tests of Operating Effectiveness of Controls
ENTITY LEVEL BUSINESS CYCLE LEVEL
Perform Post-Engagement Activities • Engagement Reporting ENTITY LEVEL BUSINESS CYCLE LEVEL © 2012 Deloitte Romania
Planning and risk assessment • Planning an audit involves establishing the overall audit strategy for the engagement and developing an audit plan.
• Benefits of planning: Helps the auditor to devote appropriate attention to important areas of audit Helps the auditor to identify and resolve potential problems on a timely basis Helps the auditor to properly organize and manage the audit engagements
Assists in the selection of engagement team members with appropriate levels of capabilities, and the proper assignment of work to them Facilitates the direction and supervision of engagement team members and the review of their work Assists, where applicable, in coordination of work done by auditors of
components and experts © 2012 Deloitte Romania
Planning the audit – ISA 300 • The auditor shall establish an overall audit strategy that sets the scope, timing and direction of the audit, and that guides the development of the audit plan.
• The auditor shall develop an audit plan that shall include a description of: The nature, timing and extent of planned risk assessment procedures The nature, timing and extent of planned further audit procedures at the assertion level Other planned audit procedures that are required to be carried out so that the
engagement complies with ISAs • The auditor shall update and change the overall audit strategy and the audit
plan as necessary during the course of the audit
© 2012 Deloitte Romania
Planning the audit – ISA 300 • The auditor shall include in the audit documentation: The overall audit strategy;
The audit plan; and Any significant changes made during the audit engagement to the overall audit strategy or the audit plan, and the reasons for such changes • The auditor shall undertake the following activities prior to starting an initial audit:
Performing procedures required by ISA 220 regarding the acceptance of the client relationship and the specific audit engagement Communicating with the predecessor auditor, where there has been a change of auditors, in compliance with relevant ethical requirements.
© 2012 Deloitte Romania
Risk Assessment– ISA 315 • The risk assessment procedures shall include the following: Inquiries of management, and of others within the entity who in the auditor’s
judgment may have information that is likely to assist in identifying risks of material misstatement due to fraud or error.
Analytical procedures. Observation and inspection. • The auditor shall identify and assess the risks of material misstatement at:
the financial statement level the assertion level for classes of transactions, account balances, and disclosures
© 2012 Deloitte Romania
Risk Assessment– ISA 315 • In order to identify and assess the risks of material misstatement, the auditor shall:
Identify risks throughout the process of obtaining an understanding of the entity and its environment, including relevant controls that relate to the risks,
and by considering the classes of transactions, account balances, and disclosures in the financial statements;
Assess the identified risks, and evaluate whether they relate more pervasively to the financial statements as a whole and potentially affect many
assertions; Relate the identified risks to what can go wrong at the assertion level, taking account of relevant controls that the auditor intends to test;
Consider the likelihood of misstatement, including the possibility of multiple misstatements, and whether the potential misstatement is of a magnitude
that could result in a material misstatement © 2012 Deloitte Romania
Risk Assessment– ISA 315 • As part of the risk assessment , the auditor shall determine whether any of the
risks identified are a significant risk • In exercising judgment as to which risks are significant risks, the auditor shall
consider at least the following: Whether the risk is a risk of fraud; Whether the risk is related to recent significant economic, accounting or other
developments and, therefore, requires specific attention; The complexity of transactions; Whether the risk involves significant transactions with related parties;
© 2012 Deloitte Romania
Risk Assessment– ISA 315
• The degree of subjectivity in the measurement of financial information related to the risk, especially those measurements involving a wide range of measurement uncertainty; • Whether the risk involves significant transactions that are outside the normal
course of business for the entity, or that otherwise appear to be unusual. • If the auditor has determined that a significant risk exists, the auditor shall obtain
an understanding of the entity’s controls, including control activities, relevant to that risk
© 2012 Deloitte Romania
Understanding the Entity – ISA 315 The auditor shall obtain an understanding of the following: 1. The entity and its environment
• Relevant industry, regulatory and other external factors • The nature of the entity (operations, ownership and governance structure, how the entity is structured and financed) • The entity’s selection and application of accounting policies (whether there are appropriate for its business and consistent with IFRS) • The entity’s objectives and strategies
• The measurement and review of the entity’s financial statements 2. The entity’s internal control • Although most controls relevant to the audit are likely to relate to financial reporting, not all controls that relate to financial reporting are relevant to the audit.
© 2012 Deloitte Romania
Understanding the Entity – ISA 315 • When obtaining an understanding of controls that are relevant to the audit, the auditor shall evaluate the design of those controls and determine whether they have been implemented. • Components of Internal Control:
Control Environment The entity’s risk assessment process The information system, including the related business processes, relevant to
financial reporting, and communication • The auditor shall obtain an understanding of the major activities that the entity
uses to monitor internal control over financial reporting, including those related to those control activities relevant to the audit, and how the entity initiates remedial actions to deficiencies in its controls
© 2012 Deloitte Romania
Understanding the Entity – ISA 315 Factor External factors
Description External factors affecting the entity include industry matters, the general business environment, and applicable laws and regulations, including the applicable financial reporting framework.
Internal factors
Internal factors affecting the entity include the nature of the entity (i.e., ownership structure, related parties, operations, investment and financing activities, financial reporting), the entity’s business objectives and strategies, and the related business risks that may result in a material misstatement of the financial statements.
Entity’s selection and application of accounting policies
Obtaining an understanding of the entity’s selection and application of accounting policies includes our consideration of whether the accounting policies are appropriate for the entity’s business and consistent with the applicable financial reporting framework and accounting policies used in the relevant industry.
Measurement and review of the entity’s financial performance
In most businesses, management uses certain ratios, financial indicators, or analyses to monitor the effective functioning and overall control of the business. Performance measures create pressures on the entity and these pressures may motivate management to take action to improve the business performance or to misstate the financial statements.
© 2012 Deloitte Romania
Understanding the Entity – ISA 315 Audit procedures to obtain the understanding • We shall perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatement at the financial
statement and assertion levels. Risk assessment procedures by themselves, however, do not provide sufficient appropriate audit evidence on which to base
the audit opinion Risk assessment procedures shall include the following: • Inquiries of management and others within the entity
• Preliminary analytical procedures • Observation and inspection
© 2012 Deloitte Romania
Understanding the Entity – ISA 315 Audit procedures to obtain the understanding • Risk assessment procedures related to accounting estimates • Risk assessment procedures related to related parties
• Risk assessment procedures related to fraud risk considerations • As more professional judgment is required, significant partner and manager involvement is necessary in the upfront planning of the engagement, in order to
provide guidance to the engagement team on the identification of risks by considering “what can go wrong” and the development of responses. • This risk based approach enhance understanding of each class of transactions, account balance, or disclosure, similar to the concepts described in the profiling approach (e.g., profile and composition of each account, monetary and nonmonetary characteristics - sizes, types, volume of specific items within each account). © 2012 Deloitte Romania
How Do We Identify A Material Class Of Transactions, Account Balance, And Disclosure Steps: Generally identify from the financial statements
Consider quantitative factors
Consider qualitative factors
Apply your professional judgment to make the determination
© 2012 Deloitte Romania
How do we identify and assess risks of material misstatement Understand the entity and its environment, including internal control
• Risks of material misstatement that require special audit consideration are referred to as significant risks
Identify risks of material misstatement
• There are two presumed significant risks due to fraud, i.e., revenue recognition and management override of
control
Assess risks of material misstatement at the financial statementor at the assertion level
For all significant risks, evaluate the design and determine
the implementationof any relevant controls the entity has in place
Assess which risks of material misstatement are significant
Apply professional judgment throughout. Refer to Appendix 1 for examples of risks of material misstatements relating to payroll.
© 2012 Deloitte Romania
How does this affect the audit engagement?
• Consider both the likelihood of a material misstatement in a class of transactions, account balance, or disclosure, and the magnitude of the account
or potential understatement when determining whether a class of transactions, account balance, or disclosure is material. For material classes of transactions,
account balances, and disclosures identified, we are required to identify risks of material misstatement at the assertion level to provide a basis for designing and
performing further audit procedures. If a class of transactions, account balance, or disclosure is not material, further audit procedures
(substantive procedures or control procedures) are not required for it.
© 2012 Deloitte Romania
An example of determining the material classes of transactions, account balances, and disclosures
© 2012 Deloitte Romania
An example of determining the material classes of transactions, account balances, and disclosures
© 2012 Deloitte Romania
An example of determining the material classes of transactions, account balances, and disclosures
© 2012 Deloitte Romania
An example of determining the material classes of transactions, account balances, and disclosures
© 2012 Deloitte Romania
An example of determining the material classes of transactions, account balances, and disclosures
© 2012 Deloitte Romania
Audit Documentation – ISA 230 • In documenting the nature, timing and extent of audit procedures performed, the auditor shall record:
The identifying characteristics of the specific items or matters tested; Who performed the audit work and the date such work was completed; Who reviewed the audit work performed and the date and extent of such review. • Preparing sufficient and appropriate audit documentation on a timely basis
helps to enhance the quality of the audit and facilitates the effective review and evaluation of the audit evidence obtained and conclusions reached before the
auditor’s report is finalized. Documentation prepared after the audit work has been performed is likely to be less accurate than documentation prepared at
the time such work is performed
© 2012 Deloitte Romania
Audit Documentation – ISA 230
• Audit documentation – The record of audit procedures performed, relevant
audit evidence obtained, and conclusions the auditor reached • The auditor shall prepare audit documentation that is sufficient to enable an experienced auditor, having no previous connection with the audit, to understand: The nature, timing and extent of the audit procedures
The results of the audit procedures performed, and the audit evidence obtained Significant matters arising during the audit, the conclusions reached thereon, and significant professional judgments made in reaching those conclusions.
© 2012 Deloitte Romania
Audit Procedures – ISA 500 • The objective of the auditor is to design and perform audit procedures in such a way as to enable the auditor to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor’s opinion. • When designing and performing audit procedures, the auditor shall consider the
relevance and reliability of the information to be used as audit evidence • If information to be used as audit evidence has been prepared using the work of a management’s expert, the auditor shall:
Evaluate the competence, capabilities and objectivity of that expert; Obtain an understanding of the work of that expert Evaluate the appropriateness of that expert’s work as audit evidence for the relevant assertion.
© 2012 Deloitte Romania
Audit Procedures – ISA 500 If: • audit evidence obtained from one source is inconsistent with that obtained
from another; • the auditor has doubts over the reliability of information to be used as audit
evidence, the auditor shall determine what modifications or additions to audit procedures are necessary to resolve the matter, and shall consider the effect of the matter, if
any, on other aspects of the audit
© 2012 Deloitte Romania
Audit Procedures – ISA 500 • Most of the auditor’s work in forming the auditor’s opinion consists of obtaining and evaluating audit
evidence. Audit procedures to obtain audit evidence can include: inspection (involves examining records or documents, whether internal or external) observation (consists of looking at a process or procedure being performed by others)
Confirmation (An external confirmation represents audit evidence obtained by the auditor as a direct written response to the auditor from a third party) Recalculation (consists of checking the mathematical accuracy of documents or records) Re-performance (involves the auditor’s independent execution of procedures or controls that were originally performed as part of the entity’s internal control)
Analytical procedures (consist of evaluations of financial information through analysis of plausible relationships among both financial and non-financial data)
Inquiry (consists of seeking information of knowledgeable persons, both financial and nonfinancial, within the entity or outside the entity)
© 2012 Deloitte Romania
Audit Procedures – ISA 500
• Although inquiry may provide important audit evidence, and may even produce evidence of a misstatement, inquiry alone ordinarily does not provide
sufficient audit evidence of the absence of a material misstatement at the assertion level, nor of the operating effectiveness of controls.
• Procedures for Obtaining Audit Evidence : As required by ISA 315 and ISA 330, audit evidence to draw reasonable conclusions on which to base the auditor’s opinion is obtained by performing:
Risk assessment procedures; Further audit procedures, which comprise: Tests of controls, when required by the ISAs or when the auditor has chosen to do so;
Substantive procedures, including tests of details and substantive analytical procedures © 2012 Deloitte Romania
Audit Procedures – ISA 500 The means available to the auditor for selecting items for testing are: • Selecting all items (100% examination), used when: The population constitutes a small number of large volume items
There is a significant risk and other means do not provide sufficient appropriate audit evident The repetitive nature of a calculation of process performed automatically by an information system makes a 100% examination cost effective
• Selecting specific items, which may include: High value or key items
All items over a certain amount Items to obtain information
• Audit sampling: is designed to enable conclusions to be drawn about an entire population on the basis of testing a sample drawn from it.
© 2012 Deloitte Romania
Audit of Specific Items – ISA 501
• The objective of the auditor is to obtain sufficient appropriate audit evidence regarding the:
Existence and condition of inventory; Completeness of litigation and claims involving the entity; Presentation and disclosure of segment information in accordance with the
applicable financial reporting framework. • If Inventory is material to the financial statements, the auditor shall obtain sufficient appropriate audit evidence regarding the existence and condition of inventory by: Attendance at physical inventory counting
Performing audit procedures over the entity’s final inventory records to determine whether they accurately reflect actual inventory count results
© 2012 Deloitte Romania
Audit of Specific Items – ISA 501 • If physical inventory counting is conducted at a date other than the date of the financial statements, the auditor shall, perform audit procedures to obtain
audit evidence about whether changes in inventory between the count date and the date of the financial statements are properly recorded. • If attendance at physical inventory counting is impracticable, the auditor
shall perform alternative audit procedures to obtain sufficient appropriate audit evidence regarding the existence and condition of inventory. If it is not possible
to do so, the auditor shall modify the opinion in the auditor’s report • If inventory under the custody and control of a third party is material to the financial statements, the auditor shall :
Request confirmation from the third party as to the quantities and condition of inventory held on behalf of the entity
Perform inspection or other audit procedures appropriate in the circumstances. © 2012 Deloitte Romania
Audit of Specific Items – ISA 501 • The auditor shall design and perform audit procedures in order to identify litigation and claims involving the entity which may give rise to a risk of material misstatement, including: Inquiry of management and, where applicable, others within the entity,
including in-house legal counsel; Reviewing minutes of meetings of those charged with governance and correspondence between the entity and its external legal counsel;
Reviewing legal expense accounts • The auditor shall request management and, where appropriate, those charged
with governance to provide written representations that all known actual or possible litigation and claims whose effects should be considered when preparing the financial statements have been disclosed to the auditor and accounted for and disclosed in accordance with the applicable financial reporting framework © 2012 Deloitte Romania
Audit of Specific Items – ISA 501
• The auditor shall obtain sufficient appropriate audit evidence regarding the presentation and disclosure of segment information in accordance with the
applicable financial reporting framework by: Obtaining an understanding of the methods used by management in
determining segment information, and: Evaluating whether such methods are likely to result in disclosure in accordance with the applicable financial reporting framework;
Where appropriate, testing the application of such methods;
Performing analytical procedures or other audit procedures appropriate in
the circumstances.
© 2012 Deloitte Romania
Performing Substantive Analytical Procedures
•
Identify the account balance or disclosure and the related potential errors to be tested.
•
Develop an expectation.
•
Determine the threshold.
•
Identify differences requiring further investigation.
•
Obtain, quantify, and corroborate explanations.
•
Evaluate results.
© 2012 Deloitte Romania
Tests of Details
What are the three types of tests of details? •
Representative sampling
•
Non-representative selection
•
Testing of all items in the population
© 2012 Deloitte Romania
Tests of Details
What is the difference between samples selected using nonrepresentative selection and representative sampling?
• With nonrepresentative selection, our objective is not to make an assessment regarding the entire population. • With representative sampling, we seek to infer characteristics of the entire
population based on characteristics of the sample. • For items selected using nonrepresentative selection, we only obtain assurance
about those items selected. • Representative samples tend to be made using statistical selection techniques like MUS.
© 2012 Deloitte Romania
Audit Sampling – ISA 530
• This International Standard on Auditing applies when the auditor has decided to use audit sampling in performing audit procedures. It deals with the auditor’s
use of statistical and non-statistical sampling when designing and selecting the audit sample, performing tests of controls and tests of details, and evaluating
the results from the sample.
• Audit sampling – The application of audit procedures to less than 100% of
items within a population of audit relevance such that all sampling units have a chance of selection in order to provide the auditor with a reasonable basis on
which to draw conclusions about the entire population.
© 2012 Deloitte Romania
Audit Sampling – ISA 530
• Statistical sampling – An approach to sampling that has the following characteristics:
(i) Random selection of the sample items; and (ii)The use of probability theory to evaluate sample results, including measurement of sampling risk. • A sampling approach that does not have characteristics (i) and (ii) is considered non-statistical sampling.
• When designing an audit sample, the auditor shall consider the purpose of the audit procedure and the characteristics of the population from which the sample
will be drawn
© 2012 Deloitte Romania
Audit Sampling – ISA 530
• The auditor shall determine a sample size sufficient to reduce sampling risk to an acceptably low level.
• The auditor shall select items for the sample in such a way that each sampling unit in the population has a chance of selection • For tests of details, the auditor shall project misstatements found in the sample to the population. • The level of sampling risk that the auditor is willing to accept affects the sample
size required. The lower the risk the auditor is willing to accept, the greater the sample size will need to be.
© 2012 Deloitte Romania
Sample size table Sample Size table
Population Size - Multiples of Monetary Precision 1x 2x 3x 4x 5x 6x 7x 8x 9x 10 x 15 x 20 x 25 x 30 x 40 x 50 x 100 x 200 x (or greater)
Risk(Not Significant )on Controls Low Extent of Testing 1 1 1 1 1 2 2 2 2 2 3 4 5 6 8 10 20 40(*)
Risk (Not Significant) and relying on controls Normal Extent of Testing 1 2 3 3 4 5 5 6 7 7 11 14 18 21 28 35 70 75(*)
Significant Risk (!) and Relying on Controls, or Risk (Not Significant) and not Relying on Significant Risk (!) and Not Relying Controls on Controls 2 3 3 6 5 9 6 12 8 15 9 18 11 21 12 24 14 27 15 30 23 45 30 60 38 75 45 75(*) 60 75(*) 75 75(*) 75(*) 75(*) 75(*) 75(*)
(*) The numbers in red indicate the situations that are impacted by the existence of a maximum sample size (i.e., if we didn’t have a maximum sample size, the required number of selections would be larger in these situations) - The sample sizes represent minimum samples sizes. Engagement Management may determine that, in some circumstances, it is appropriate to increase the sample sizes above those in this table - For populations in between the listed levels of Monetary Precision, we may interpolate to obtain the appropriate sample size (!)
For a population that contain Significant risk, we arre required to perform substantive procedures that are specifically responsive to that risk (Topic 2820.13). These specifically responsive substantive procedures frequently involve non representative selection. © 2012 Deloitte Romania
Representative Sampling
What are the main characteristics of representative sampling? •
It may be either statistical or nonstatistical.
•
We seek to infer characteristics over the entire population.
•
Individual items that make up the population need to have similar characteristics and need to be processed in a similar fashion.
•
Appropriate if it provides assurance about the items in the population that are not selected and examined.
© 2012 Deloitte Romania
Non-representative Selection
What are the main characteristics of non-representative selection? •
We select items from a population and obtain audit evidence to support them.
•
We examine support for the items selected and do not attempt to make
inferences about unselected items in the broader population. •
No assurance is gained on the non-selected portion of the population.
•
Does not relieve us of our responsibility to test the remaining population unless the remaining population is clearly insignificant.
© 2012 Deloitte Romania
Test Entire Population
When might it be appropriate to test the entire population? • Sometimes it is efficient to test the entire population. • Used where populations consists of one or a few large items or where we can
use file interrogation techniques. • Gives us full assurance.
© 2012 Deloitte Romania
Evaluation of Misstatements
What are the three different types of likely misstatements? • Projected probable misstatements in populations tested through representative
sampling less the known misstatements found in performing these audit procedures. • Estimated misstatements detected through substantive analytical procedures.
• Misstatements in accounting estimates that we judge not to be reasonable.
© 2012 Deloitte Romania
Evaluation of Misstatements
What do we mean by “CTT” threshold? • Level above which identified uncorrected misstatements are aggregated and
posted onto the overall summary of misstatements. • Maximum 5 % of planning materiality is regarded as CTT. • The audit engagement partner may determine that a lower level is appropriate.
• Misstatements below the CTT threshold are evaluated for qualitative considerations
© 2012 Deloitte Romania
Evaluation of Misstatements
As each misstatement is found, what processes are carried out? • Each misstatement is evaluated individually, giving consideration to nature and cause and discussed with the appropriate level of management. • Impact on the controls reliance strategy is also reviewed and whether our tests of the operating effectiveness of those controls were adequate. • Conclude as to whether we have achieved our desired level of assurance for the potential error being tested. • After we have concluded whether we have achieved our desired level of assurance: If misstatement exceeds CTT threshold, it’s taken to overall summary of known and likely misstatements.
If misstatement does not exceed CTT threshold, qualitative factors are considered to determine if it is taken to the overall summary of known and likely misstatements.
© 2012 Deloitte Romania
Evaluation of Misstatements
At what stage do we discuss misstatements with management? • Best practice to discuss with the Field Senior first.
• Discuss all misstatements resulting from fraud or error, whether or not material, with the appropriate level of management. • Discussions with management consider correction of the error, the reasons for the misstatement and the potential impact on our audit. • Discuss misstatements discovered in performing interim auditing procedures with the appropriate level of management during, or at the completion of, the interim work. • Discuss disclosure deficiencies with the appropriate level of management.
• We need to make management aware as soon as practical.
© 2012 Deloitte Romania
Evaluation of Misstatements
In what circumstances do we ask management to correct misstatements? •
Best practice to discuss this with the field senior first.
•
Request management to correct known misstatements that, quantitatively or qualitatively, exceed the CTT threshold.
•
Request management to correct likely misstatements arising from estimates
where the recorded estimate is outside the range of amounts we consider to be reasonable and the likely misstatements exceed the CTT threshold
© 2012 Deloitte Romania
Evaluation of Misstatements
What is the impact, if any, if the misstatement is indicative of fraud? • Consider the implications of fraud and significant error in relation to other
aspects of the audit. • If we believe the effect of the misstatement is immaterial to the financial statements, we evaluate the implications. • Communication requirements, such as: Management.
Those charged with governance. In some cases, to a regulatory authority.
© 2012 Deloitte Romania
Conclude and report Evaluate the sufficiency and appropriateness of audit evidence • Conclude whether the audit evidence was sufficient to enable us to draw reasonable conclusions on which to base our audit opinion.
• Evaluate indicators of insufficient audit evidence. • Respond to presence of indicators of insufficient audit evidence: Discuss the uncorrected misstatements with management who will be
required to correct them. Evaluate qualitative assessment about the relationship between undetected misstatements and performance materiality.
Perform additional procedures to arrive at a better estimation of projected misstatements.
Perform additional procedures using lower performance materiality.
© 2012 Deloitte Romania
Audit reports – Clean opinion
Independent auditor’s report [Appropriate Addressee]
Report on the Financial Statements We have audited the accompanying financial statements of ABC Company, which comprise the statement of financial position as at December 31, 20X1, and the
statement of comprehensive income, statement of changes in equity and statement of cash flows for the year then ended, and a summary of significant
accounting policies and other explanatory information.
© 2012 Deloitte Romania
Audit report
Management’s Responsibility for the Financial Statements Management is responsible for the preparation and fair presentation of these
financial statements in accordance with International Financial Reporting Standards, and for such internal control as management determines is necessary
to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.
© 2012 Deloitte Romania
Audit report
Auditor’s Responsibility Our responsibility is to express an opinion on these financial statements based on
our audit. We conducted our audit in accordance with International Standards on Auditing. Those standards require that we comply with ethical requirements and
plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement.
© 2012 Deloitte Romania
Audit report An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected
depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. An audit also includes evaluating the appropriateness of accounting
policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of the financial
statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion. © 2012 Deloitte Romania
Audit report
Opinion In our opinion, the financial statements present fairly, in all material respects, (or
give a true and fair view of) the financial position of ABC Company as at December 31, 20X1, and (of) its financial performance and its cash flows for the
year then ended in accordance with International Financial Reporting Standards.
© 2012 Deloitte Romania
Audit report
Report on Other Legal and Regulatory Requirements • [Form and content of this section of the auditor’s report will vary depending on
the nature of the auditor’s other reporting responsibilities.] • [Auditor’s signature] • [Date of the auditor’s report]
• [Auditor’s address]
© 2012 Deloitte Romania
Modified audit reports
Qualified Opinion The auditor shall express a qualified opinion when:
• (a) The auditor, having obtained sufficient appropriate audit evidence, concludes that misstatements, individually or in the aggregate, are material, but not pervasive, to the financial statements; or
• (b) The auditor is unable to obtain sufficient appropriate audit evidence on which to base the opinion, but the auditor concludes that the possible effects on the
financial statements of undetected misstatements, if any, could be material but not pervasive.
© 2012 Deloitte Romania
Modified audit reports
Basis for Qualified Opinion The company’s inventories are carried in the statement of financial position at xxx.
Management has not stated the inventories at the lower of cost and net realizable value but has stated them solely at cost, which constitutes a departure from
International Financial Reporting Standards. The company’s records indicate that had management stated the inventories at the lower of cost and net realizable value, an amount of xxx would have been required to write the inventories down to their net realizable value. Accordingly, cost of sales would have been increased by xxx, and income tax, net income and shareholders’ equity would have been reduced by xxx, xxx and xxx, respectively.
© 2012 Deloitte Romania
Modified audit reports
Qualified Opinion In our opinion, except for the effects of the matter described in the Basis for
Qualified Opinion paragraph, the financial statements present fairly, in all material respects, (or give a true and fair view of) the financial position of ABC Company
as at December 31, 20X1, and (of) its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards.
© 2012 Deloitte Romania
Modified audit reports
Adverse Opinion The auditor shall express an adverse opinion when the auditor, having obtained
sufficient appropriate audit evidence, concludes that misstatements, individually or in the aggregate, are both material and pervasive to the financial statements.
© 2012 Deloitte Romania
Modified audit reports Basis for Adverse Opinion As explained in Note X, the company has not consolidated the financial statements of subsidiary XYZ Company it acquired during 20X1 because it has not yet been able to ascertain the fair values of certain of the subsidiary’s material assets and liabilities at the acquisition date. This investment is therefore
accounted for on a cost basis. Under International Financial Reporting Standards, the subsidiary should have been consolidated because it is controlled by the
company. Had XYZ been consolidated, many elements in the accompanying financial statements would have been materially affected. The effects on the
consolidated financial statements of the failure to consolidate have not been determined.
© 2012 Deloitte Romania
Modified audit reports
Adverse Opinion In our opinion, because of the significance of the matter discussed in the Basis for
Adverse Opinion paragraph, the consolidated financial statements do not present fairly (or do not give a true and fair view of) the financial position of ABC Company
and its subsidiaries as at December 31, 20X1, and (of) their financial performance and their cash flows for the year then ended in accordance with International Financial Reporting Standards.
© 2012 Deloitte Romania
Modified audit reports
Disclaimer of Opinion The auditor shall disclaim an opinion when the auditor is unable to obtain
sufficient appropriate audit evidence on which to base the opinion, and the auditor concludes that the possible effects on the financial statements of undetected
misstatements, if any, could be both material and pervasive.
© 2012 Deloitte Romania
Modified audit reports
Basis for Disclaimer of Opinion The company’s investment in its joint venture XYZ (Country X) Company is
carried at xxx on the company’s statement of financial position, which represents over 90% of the company’s net assets as at December 31, 20X1. We were not
allowed access to the management and the auditors of XYZ, including XYZ’s auditors’ audit documentation. As a result, we were unable to determine whether any adjustments were necessary in respect of the company’s proportional share of XYZ’s assets that it controls jointly, its proportional share of XYZ’s liabilities for which it is jointly responsible, its proportional share of XYZ’s income and expenses for the year, and the elements making up the statement of changes in equity and cash flow statement.
© 2012 Deloitte Romania
Modified audit reports
Disclaimer of Opinion Because of the significance of the matter described in the Basis for Disclaimer of
Opinion paragraph, we have not been able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion. Accordingly, we do not express
an opinion on the financial statements.
© 2012 Deloitte Romania
Thank you !
Technical Cross-Functional Knowledge Sharing A flavour of audit approach
Materiality
B. Audit Approach 4. Materiality The concept of materiality in audit:
Materiality is considered in terms of the smallest aggregate level of misstatements that could be considered material to any one of the statements that comprise the financial statements.
We do not establish separate materiality amounts to individual statements that comprise the financial statements. Source: Determining Materiality and Performance Materiality, A Guide for Auditors in DTTL Member Firms (March 2012)- For internal distribution only
© 2012 Deloitte Romania
B. Audit Approach 4. Materiality Financial reporting frameworks explain the concept of materiality as follows: • Misstatements, including omissions, are considered to be material if they, individually or in the aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements; • Judgments about materiality are made in light of surrounding circumstances, and are affected by the size or nature of a misstatement, or a combination of both; • Judgments about matters that are material to users of the financial statements are based on a consideration of the common financial information needs of users as a group. The possible effect of misstatements on specific individual users, whose needs may vary widely, is not considered.
© 2012 Deloitte Romania
B. Audit Approach 4. Materiality Materiality determination
The auditor’s determination of materiality: •
is a matter of professional judgment and is often a challenging process
•
is affected by the auditor’s perception of the financial information needs of users of the financial statements. In determining materiality, the auditors make certain assumptions (as described on next slide).
© 2012 Deloitte Romania
B. Audit Approach 4. Materiality Materiality determination – assumptions Auditor assumes that users: a) Have a reasonable knowledge of business and economic activities and accounting and a willingness to study the information in the financial statements with reasonable diligence; b) Understand that financial statements are prepared, presented and audited to levels of materiality; c) Recognize the uncertainties inherent in the measurement of amounts based on the use of estimates, judgment and the consideration of future events; and d) Make reasonable economic decisions on the basis of the information in the financial statements.
© 2012 Deloitte Romania
B. Audit Approach 4. Materiality Determining materiality in Planning Phase
Establish the Overall Audit Strategy Understand the Entity’s Accounting Process
Understand the Entity and Its Environment
Understand Internal Control
RISKS
Perform Preliminary Analytical Review
Determine Materiality
Develop the Audit Plan © 2012 Deloitte Romania
B. Audit Approach 4. Materiality The concept of materiality in audit: The concept of materiality is applied by us : •
in planning and performing the audit - when establishing the Overall Audit Strategy, we shall determine materiality for the Financial Statements as a whole. [2210.01]),
•
in evaluating the effect of identified misstatements on the audit and of uncorrected misstatements, if any, on the financial statements, and
•
in forming the opinion in our audit report.
We determine performance materiality for purposes of assessing the risks of material misstatement and determining the nature, timing, and extent of further audit procedures.
© 2012 Deloitte Romania
B. Audit Approach 4. Materiality Computation of materiality: A percentage is often applied to a chosen benchmark as a starting point in determining materiality, depending on several factors: • The elements of the financial statements (for example, assets, liabilities, equity, revenue, expenses); • Whether there are items on which the attention of the users of the particular entity’s financial statements tends to be focused (for example, for the purpose of evaluating financial performance users may tend to focus on profit, revenue or net assets);
• The nature of the entity, where the entity is in its life cycle, and the industry and economic environment in which the entity operates; • The entity’s ownership structure and the way it is financed; • The relative volatility of the benchmark.
© 2012 Deloitte Romania
B. Audit Approach 4. Materiality Determining materiality Steps to determine M: 1.
Identify an appropriate base (considering quantitative and qualitative guidelines developed to assist our professional judgment).
2.
Estimate its amount based on the financial statements (consider potential need to annualize the amount).
3.
Apply an appropriate percentage to the base amount. NOTE: Certain account balances or disclosures which could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements should be reviewed in greater detail than is indicated by M.
© 2012 Deloitte Romania
B. Audit Approach 4. Materiality Example INSTRUCTIONS
CALCULATIONS Benchmark chosen
Determined based on professional judgment.
Specify other benchmark:
Revenues
Benchmark balance:
$
100,000,000
Input selected factor
1.50%Enter factor based on Professional Judgment.
Calculated materiality:
1,500,000
Selected materiality:
$
1,500,000
Selecting materiality is not a mechanical exercise, it requires us to apply professional judgment. This is the amount that should be entered as "materiality".
Total anticipated uncorrected misstatements is the total amount of factual, judgmental, projected and SAP misstatements that we anticipate remaining uncorrected at the end of the current engagement.
Total anticipated uncorrected misstatements 150,000
Calculated performance materiality: $
1,350,000
Percentage to be used as clearly trivial misstatements
This amount or a rounded equivalent should be entered as "performance materiality" in Form 1810.
Up to five percent of materiality 5.00%
Calculated trivial misstatements $
75,000
This amount or a rounded equivalent should be entered as "trivial misstatements level" in Form 1810. © 2012 Deloitte Romania
B. Audit Approach 4. Materiality Materiality (M) vs. Performance Materiality (PM) Materiality
Anticipated uncorrected misstatements
PM
The volume of the entire glass represents Materiality.
Each misstatement adds water to the glass. If the glass overflows, the financial statements are misstated. We use PM (less than a full glass) when performing tests to allow extra room for unexpected errors. We use prior-year errors to estimate how much extra room to allow for in the current year.
© 2012 Deloitte Romania
Fraud, laws and regulations Laws and regulations
B. Audit Approach 5. Fraud, laws and regulations (ISA 250)
Effect of Laws and Regulations
Non-compliance with laws and regulations may result in fines, litigation or other consequences for the entity that may have a material effect on the financial statements.
Responsibility for Compliance with Laws and Regulations
Management
© 2012 Deloitte Romania
B. Audit Approach 5. Fraud, laws and regulations (ISA 250)
Management responsibility:
•
to ensure that the entity’s operations are conducted in accordance with the provisions of laws and regulations.
Auditors responsibility: •
to obtain reasonable assurance that the financial statements, taken as a whole, are free from material misstatement, whether caused by fraud or error.
•
to identify material misstatements of the financial statements due to non-compliance with laws and regulations. However, the auditor is not responsible for preventing non-compliance and cannot be expected to detect non-compliance with all laws and regulations.
© 2012 Deloitte Romania
B. Audit Approach 5. Fraud, laws and regulations (ISA 250) Categories of laws and regulations from an audit perspective:
1. Direct effect on the determination of material amounts and disclosures in the financial statements (e.g.: tax and pension laws and regulations) The auditor’s responsibility is to obtain sufficient appropriate audit evidence regarding compliance with the provisions of those laws and regulations. 2. No direct effect on amounts and disclosures, but compliance is fundamental to the operating aspects of the (e.g.: compliance with the terms of an operating license, compliance with regulatory solvency requirements, or compliance with environmental regulations); Non-compliance with such laws and regulations may therefore have a material effect on the financial statements The auditor’s responsibility is limited to undertaking specified audit procedures to help identify non-compliance with those laws and regulations that may have a material effect on the financial statements. © 2012 Deloitte Romania
B. Audit Approach 5. Fraud, laws and regulations – ISA 250 Audit Procedures in case of Non-compliance : • Auditor should respond appropriately to non-compliance or suspected non-compliance with laws and regulations identified during the audit. • If the auditor becomes aware of information concerning an instance of non-compliance or suspected non-compliance with laws and regulations, the auditor shall obtain:
An understanding of the nature of the act and the circumstances in which it has occurred; Further information to evaluate the possible effect on the financial statements. Discuss the matter with management Consider the need to obtain legal advice. Evaluate the effect of non-compliance on the auditor’s opinion Report © 2012 Deloitte Romania
B. Audit Approach 5. Fraud, laws and regulations – ISA 250 Matters Relevant to the Auditor’s Evaluation •
The potential financial consequences of non-compliance with laws and regulations on the financial statements including, for example, the imposition of fines, penalties, damages, threat of expropriation of assets, enforced discontinuation of operations, and litigation.
•
Whether the potential financial consequences require disclosure.
•
Whether the potential financial consequences are so serious as to call into question the fair presentation of the financial statements, or otherwise make the financial statements misleading.
© 2012 Deloitte Romania
Fraud, laws and regulations Fraud
B. Audit Approach 5. Fraud, laws and regulations – ISA 240 Fraud Characteristics of Fraud •
Misstatements in the financial statements can arise from either fraud (intentional) or error (unintentional)
•
Fraud is a broad legal concept, but the auditor is concerned with fraud that causes a material misstatement in the financial statements.
•
Two types of intentional misstatements : misstatements resulting from fraudulent financial reporting, and misstatements resulting from misappropriation of assets.
Although the auditor may suspect or, in rare cases, identify the occurrence of fraud, the auditor does not make legal determinations of whether fraud has actually occurred.
© 2012 Deloitte Romania
B. Audit Approach 5. Fraud, laws and regulations – ISA 240 Fraud Management vs. employees
Fraud by management on the rise: • 39.7% of fraud is perpetrated by non-management employees
• 37.1% of fraud is perpetrated by management • 23.3% of fraud is perpetrated by entity owner/executives Level of authority held impacts size of fraud loss:
• Median loss for non-management fraud = $70,000 • Median loss for management fraud = $150,000 • Median loss for entity owner/executive fraud is $834,000
High profile, global cases support these statistics: • Enron, WorldCom, HealthSouth, MicroStrategy, Tyco, Adelphia
© 2012 Deloitte Romania
B. Audit Approach 5. Fraud, laws and regulations – ISA 240 Fraud Fraud triangle For fraud to occur, three factors must be present:
INCENTIVE / PRESSURE
© 2012 Deloitte Romania
B. Audit Approach 5. Fraud, laws and regulations – ISA 240 Fraud Professional skepticism An attitude of professional skepticism means an auditor: •
Makes a critical assessment with a questioning mind of the validity of the audit evidence obtained
•
Is alert to audit evidence that contradicts
•
Brings into question the reliability of documents and responses to inquires and other information obtained from management and those charged with governance.
© 2012 Deloitte Romania
B. Audit Approach
The gray zone
Aggressive Conservative accounting
accounting (or overly conservative accounting)
Gray zone
5. Fraud, laws and regulations – ISA 240 Fraud
Fraudulent accounting
Within
Violates
GAAP
GAAP © 2012 Deloitte Romania
Misappropriation of assets
Skimming of cash:
•
Diversion of funds
•
Lapping schemes
•
Skimming of funds received from sales
•
Theft of incoming checks
•
Theft in cash register
© 2012 Deloitte Romania
Misappropriation of assets
Procurement frauds:
•
Creation of fictitious vendors
•
Creation of fictitious shell companies
•
False credits, rebates, refunds, and kickbacks
•
Phantom or inaccurate invoicing
•
Overbilling
•
Personal use of entity accounts
•
Rigging bidding process
© 2012 Deloitte Romania
Misappropriation of assets Inventory schemes:
•
Removal of inventory
•
False sale of inventory
•
False write-offs and other debits to inventory
© 2012 Deloitte Romania
Misappropriation of assets
Other embezzling schemes:
•
Larceny of cash
•
Pay and return schemes
•
Theft of entity checks
•
Ghost employees
•
Falsified work hours
•
Other payroll schemes
© 2012 Deloitte Romania
B. Audit Approach 5. Fraud, laws and regulations – ISA 240 Audit Procedures to address Risks of Material Misstatement Due to Fraud: • Auditor should determine overall responses to address the assessed risks of material misstatement due to fraud at the financial statement level.
• Assign and supervise personnel taking account of the knowledge, skill and ability of the individuals to be given significant engagement responsibilities and the auditor’s assessment of the risks of material misstatement due to fraud for the engagement • Evaluate whether the selection and application of accounting policies by the entity, particularly those related to subjective measurements and complex transactions, may be indicative of fraudulent financial reporting resulting from management’s effort to manage earnings; and • Incorporate an element of unpredictability in the selection of the nature, timing and extent of audit procedures.
© 2012 Deloitte Romania
B. Audit Approach 5. Fraud, laws and regulations – ISA 240 Audit Procedures (continued):
• Inquiry with management • Evaluate the Audit Evidence
• Auditor Unable to Continue the Engagement? • Reporting • Communications to Regulatory and Enforcement Authorities
© 2012 Deloitte Romania
Analytical procedures
B. Audit Approach 6. Analytical Procedures – ISA 520 Use Of Analytical Procedures (AP) In Auditing •
AP is one method of increasing auditor efficiency.
•
AP consist of evaluations of financial information made by an auditor
of plausible and expected relationships among both financial and non-financial data. Examples of AP range from simple comparisons (e.g., the current year with the preceding year) to the use of complex models involving many relationships and elements of data (e.g., regression analysis).
© 2012 Deloitte Romania
B. Audit Approach 6. Analytical Procedures – ISA 520 Use Of Analytical Procedures (AP) In Auditing The basic premise underlying the application of AP is: •
Predictability : Plausible relationships among data may reasonably be expected to exist and continue in the absence of known conditions to the contrary.
•
Particular conditions that can cause variations in these relationships include, for example, specific unusual transactions or events, accounting changes, business changes, random fluctuations, or misstatements.
•
Relationships involving income statement accounts are more predictable than relationships involving only balance sheet accounts.
© 2012 Deloitte Romania
B. Audit Approach 6. Analytical Procedures – ISA 520 Analytical procedures used in planning the audit might include the following: Account balance comparison. Compare unadjusted trial balance amounts with adjusted tried balance amounts of the prior year. Computation of significant ratios. Compare current year ratios to current industry ratios and prior year computing ratios. Computation of ratios using nonfinancial and financial data. E.g., sales per square foot of sales space. Regression analysis. This procedure is discussed in a separate section below.
© 2012 Deloitte Romania
B. Audit Approach 6. Analytical Procedures – ISA 520 Use Of Analytical Procedures (AP) In Auditing Common analytical procedures we do while assessing audit risk: • Trend analysis: compare current financial figures to the same figures in the prior year. • Ratio analysis: Some common ratios are the current ratio, and inventory turnover. • Reasonableness: Does what we’re seeing make sense based on other facts? For example, does the depreciation expense appear accurate when you consider the book value of all fixed assets on the balance sheet?
© 2012 Deloitte Romania
B. Audit Approach 6. Analytical Procedures – ISA 520 The auditor’s response to the results of AP in the planning stage When the results of AP signal possible errors ; •
Increase error risk and thus increase extent of testing
More audit testing than when the results indicate the possibility of no errors.
•
Investigate the reasons for deviations
•
Investigate deviations from expectations
•
Perform more inquiries with management and obtain corroborative audit evidence
© 2012 Deloitte Romania
B. Audit Approach 6. Analytical Procedures – ISA 520 Use of Analytical Procedures in Concluding Phase of the Audit The application of AP in the final review of the audit is one of the last audit tests. Those procedures assist the auditor in assessing conclusions reached concerning certain account balances and in evaluating the overall financial statement presentation. Procedures such as the following may be applied: •
Comparisons with similar financial data of the prior year or of the client’s industry.
•
Ratio analysis.
•
Trend analysis.
•
Development of common-size financial statements.
© 2012 Deloitte Romania
B. Audit Approach 6. Analytical Procedures – ISA 520 Use of AP in assessing a company’s ability to continue as a going concern •
apply models using ratios and trends that have been developed to predict bankruptcy
For example: One of the models was developed using a statistical technique (multiple discriminant analysis) and five ratios. Those ratios for a public company are: •
Working Capital/Total Assets
•
Retained Earnings/Total Assets
•
Earnings before Interest and Taxes/Total Assets
•
Market Value of Equity/Book Value of Total Debt
•
Sales/Total Assets
© 2012 Deloitte Romania
B. Audit Approach 6. Analytical Procedures – ISA 520 Analytical procedures include the consideration of comparisons of the entity’s financial information with, for example: •
Comparable information for prior periods.
•
Anticipated results of the entity, such as budgets or forecasts, or expectations of the auditor, such as an estimation of depreciation.
•
Similar industry information, such as a comparison of the entity’s ratio of sales to accounts receivable with industry averages or with other entities of
comparable size in the same industry. •
Among elements of financial information that would be expected to conform to a predictable pattern based on the entity’s experience, such as gross margin percentages.
•
Between financial information and relevant non-financial information, such as payroll costs to number of employees
© 2012 Deloitte Romania
B. Audit Approach 6. Analytical Procedures – ISA 520 The auditor’s substantive procedures at the assertion level may be:
•
tests of details
•
substantive analytical procedures
•
a combination of both
Substantive analytical procedures are generally more applicable to large volumes of transactions that tend to be predictable over time. The auditor may inquire of management as to the availability and reliability of information needed to apply substantive analytical procedures, and the results of any such analytical procedures performed by the entity. It may be effective to use analytical data prepared by management, provided the auditor is satisfied that such data is properly prepared.
© 2012 Deloitte Romania
B. Audit Approach 6. Analytical Procedures – ISA 520 The following are relevant when determining whether data is reliable for purposes of designing substantive analytical procedures: •
Source of the information available. ( more reliable when it is obtained from independent sources outside the entity);
•
Comparability of the information available;
•
Nature and relevance of the information available. (whether budgets have been established as results to be expected rather than as goals to be achieved);
•
Controls over the preparation of the information that are designed to ensure its completeness, accuracy and validity (controls over the preparation, review and maintenance of budgets).
© 2012 Deloitte Romania
Thank you!
© 2012 Deloitte Romania
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/ro/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.
View more...
Comments
