audit procedure KPMG
Short Description
Download audit procedure KPMG...
Description
[AUDITING I] [MODULE ASSIGNMENT] TRIES MEIRISA (023090001) EWALDO A.P.R.A (023090060) AGNES CHINTYA PUTRI (023090044) SHINTA RISANDI (023090060)
EXECELLENT CLASS TRISAKTI UNIVERSITY 2010/2011
AUDITING I
PREFACE
Praise is grateful for God’s blessing that has given the mercy and so the company can finish their Module Assignment of Auditing lesson be entitled “Audit Plan” appropriate with right schedule. As for writing of the module assignment this was aimed to complete their duty in subject of Auditing. During the arranging of this module assignment, the company face many difficulties. But, with their coordination and togetherness, finally the difficulties are overcome. In this opportunity the company said thank that as much as possible to lecturer that has giving the time, the pothe companyr and thoughts to lead us fully patience, perseverance, as the companyll as morale urging in the finishing process of this module assignment and also the company say thanks to other who has been help us to solve this module assignment. Regards to their lovely family especially for their parents for their support and big motivation until the company enthusiastic and believe can finish this module assignment and also their friends for their support and help. The company realized that assignment this was far from perfect, because of that was critical and the suggestion would the company received the companyll. The company expect this module assignment will give benefit for us and the others who read the module, especially students of Trisakti University.
Jakarta, June 2010
Authors
CHAPTER I 1 9
AUDITING I
INTRODUCTION
Background
The company make the module assignment is to complete their duty in the subject of Auditing. The topic of this module assignment is Audit Plan in CPA firm.
Purpose The company know at this time many companies that go public. So that, they need certified public accountant firms to audit their financial statement. Their purpose of making this module assignment is to know how to do audit plan, how to apply the concept of materiality and audit risk, how to evaluate and test internal control, and how to design audit program in CPA firm.
Methodology The process of making module assignment by browsing internet and visiting CPA firm. Besides that, the company utilize the method to solve the problem in this module by adopting the theory in textbook. The company also consult with their lecture.
1 9
AUDITING I
COMPANY PROFILE KPMG is one of the largest professional services firms in the world and one of the Big Ftheir auditors, along with Deloitte, Ernst & Young (EY) and PwC. Its global headquarters is located in Amstelveen, Netherlands. Roots for the name KPMG stem from the names of ftheir partners who merged their own independent accounting firms: • K stands for Klynveld, after Piet Klynveld, founder of the accounting firm Klynveld Kraayenhof & Co. in Amsterdam in 1917. • P stands for Peat, after William Barclay Peat, founder of the accounting firm William Barclay Peat & Co. in London in 1870. • M stands for Marwick, after James Marwick, co-founder of the accounting firm Marwick, Mitchell & Co. in New York City in 1897. • G stands for Goerdeler, after Reinhard Goerdeler, chairman of the German accounting firm Deutsche Treuhand-Gesellschaft (DTG) and, later, chairman of KPMG. Member firms' clients include business corporations, governments and public sector agencies and not-for-profit organizations. They look to KPMG for a consistent standard of service based on high order professional capabilities, industry insight and local knowledge. KPMG member firms can be found in over 150 countries. Collectively they employ more than 138,000 people across a range of disciplines. Sustaining and enhancing the quality of this professional workforce is KPMG’s primary objective. Wherever they operate they want their firms to be no less than the professional employers of choice. KPMG in Indonesia is represented by: 1. Siddharta & Widjaja - Registered Public Accountants (referred to elsewhere on this site as "Siddharta & Widjaja") 1 9
AUDITING I
2. PT KPMG Hadibroto (referred to elsewhere on this site as "KPMG Hadibroto") 3. PT Siddharta Consulting (referred to elsewhere on this site as "Siddharta Consulting")
CHAPTER II THEORIES There are three main reason why the auditor should properly plan engangements: 1. To obtain sufficient competent evidence for the circumstances
2. To help keep audit costs reasonable 3. To avoid misunderstanding with the client
Planning on audit and designing on audit approach
Accept client and perform Initial audit planning
Understand the clients business and industry Assess client business risk Perform preliminary analytical procedure Set materiality and assess acceptable audit risk and inherent risk Understand internal control and assess control risk Gather information to assess fraud risks Develop overall audit plan and audit program
1 9
AUDITING I
Initial audit planning 1. Client acceptance and continuance 2. Identify client’s reasons for audit 3. Obtain an understanding with the client 4. Develop overall audit strategy Gain an understanding of the client’s business and industry.
Assess client businnes risk Client business risk is the risk that the client will fail to achieve its objectives
Materiality
1 9
AUDITING I
Materiality is a major consideration in determining the appropriate audit report to issue. Materiality as the magnitude of an omission or misstatement of accounting information that, in the light of surrounding circumstance, makes it probable that the judgment of a reasonable person relying on the information would have been changed or influenced by the omission or misstatement.
Because auditors are responsible for determining whether financial statements are materiality misstated, they must upon discovering a material misstatement, bring it to the client’s attention so that a correction can be made. If the client refuses to correct the statements, the auditor must issue a qualified or an adverse opinion, depending how on how material the misstatement is. Auditors follow five closely related steps in applying materiality. The auditor fist sets a preliminary judgment about materiality and then allocates this estimate to the segments to the segments of the audit. Set preliminary judgment about materiality
Allocate preliminary judgment about materiality Estimate total misstatement in segment
Estimate the combined misstatement Compare combined estimate with judgment about materiality
Set Preliminary Judgment about Materiality 1 9
AUDITING I
SAS 107 (AU 312) requires auditors to decide on the combined amount of misstatements in the financial statement that they would consider material early in the audit as they are developing the overall strategy for the audit. It refer to this as the preliminary judgment about materiality. It is called a preliminary judgment about materiality because, although a professional opinion, it may change during the engagement. This judgment must be documented in the audit files. Several factors affect the auditor’s preliminary judgment about materiality for a given set of financial statements. The most important of these are:
Materiality is a relative rather than an absolute concept A misstatement of a given magnitude might be material for small company,
whereas
the some dollar misstatement could be immaterial for a large one
Bases are needed for evaluating materiality Because materiality is relative, it is necessary to have bases for establishing whether misstatements are material
Qualitative factors also affect materiality Certain types of misstatements are likely to be more important to users tha others, even if the dollar amounts are the same. Risk Risk is a probability or threat of a damage, injury, liability, loss, or other negative occurrence that is caused by external or internal vulnerabilities, and that may be neutralized through preemptive action. The audit risk model helps auditors decide how much and what types of evidence to accumulate in each cycle. Types of Risk
Planned detection risk Is the risk that audit evidence for a segment will fail to detect misstatement exceeding tolerable misstatement.
Inherent risk
1 9
AUDITING I
Inherent risk measures the auditor’s assessment of the likelihood that there are material misstatement ( errors or fraud ) in a segment before considering the effectiveness of internal control.
Control risk Control risk measures the auditor’s assessment of whether misstatements exceeding a tolerable amount in a segment will be prevented or detected on a timely basis by the client’s internal control.
Acceptable audit risk Is a measure of how willing the auditor is to accept that the financial statements may be materiality misstated after the audit is completed and an unqualified opinion has been issued. Factor affecting acceptable audit risk The degree to which extend users rely on the statements The likelihood that a client will have financial difficulties after the audit report is issued The auditor’s evaluation management’s integrity
Factor affecting inherent risk Nature of the client’s business Results of previous audits Initial versus repeat engagement Related parties Non routine transactions
1 9
AUDITING I
CHAPTER III ANALYSIS AND IMPLEMENTATION III.1 Audit Planning 1.
Perform risk assessment procedures and identify risks
For the risk assessment, KPMG have considered client’s top risks based on: •
Previous experience;
•
The Business Plan 2010-11;
•
Discussions with the COO;
•
Audit work for the year relating to the Mid Staffordshire NHS Foundation Trust and their follow up review; and
•
A consideration of client’s risk register.
We have summarised below Monitor’s primary risks against the current strategic objectives and indicate the related audits proposed
2.
Determine audit strategy
Example of KPMG audit strategy is the internal audit strategy. Their Internal Audit strategy for Monitor categorises the organisation into 3 systems as follows:
1 9
AUDITING I
1) Operational systems: these include the main systems associated with the delivery of Monitor’s core duties as regulator of NHSFT’s. •
Assessment: The number of Foundation Trusts is planned to increase and, as a result, Monitor will need to ensure it continues to be restheirced with a capable and experienced team in order to maintain a rigorous assessment process.
•
Compliance: Their Internal Audit strategy will continue to consider Monitor’s approach scalability and the capacity of senior management and the Board to provide effective oversight over an increasing number of FTs.
•
Intervention: Monitor has recently revised the Compliance Framework to include a core Escalation and Intervention framework. Their work will include conducting compliance based audits to ensure the Escalation and intervention framework is being appropriately applied.
2) Support systems: includes those functions and systems which indirectly contribute towards these core operational duties through the provision of services and restheirces to the operational systems. •
Knowledge Management: During 2009 Monitor commissioned a review of its information and knowledge management systems and processes and following the review appointed a Director of Knowledge Management in 2010.
•
Financial Systems: This core area of their internal audit work will fundamentally remain unchanged. The focus will be on providing assurance to both Monitor and the NAO, as external auditors, over the design and operation of controls on the core financial systems, including Accounting Systems, Payroll & Expenses, Treasury Management, Accounts Payable, Fixed Assets, Budgeting and Forecasting.
•
Transition Planning: Monitor will need to commence planning imminently for the design and implementation of a new organisation which is ‘fit for purpose’ in 2012 while maintaining its core business of assessment, compliance and intervention.
3) Governance framework: includes the overarching functions. These are processes and entity level controls in place to ensure the effective and proper performance of both operational and support systems and to co-ordinate and oversee the progress and direction of Monitor as a whole.
1 9
AUDITING I
•
Corporate Governance: As Monitor is expected to serve as a beacon of good practice
in this area, KPMG will continue to review compliance with the Combined Code, the NHS Foundation Trust Code of Corporate Governance, HM Treasury guidance and current good practice. •
Strategic Planning: Monitor’s three year corporate plan was reneKPMGd in 2009 and
the Business Plan for 2010 / 2011 has been published. •
Stakeholder Influencing: Key to Monitor’s ability to influence the development of a
devolved healthcare system is strong stakeholder management and engagement, including how roles and responsibilities are defined and communicated across the stakeholder network. 3. Determine planned audit approach KPMG have their new VFM audit approach. They will follow a risk based approach to target audit effort on the areas of greatest audit risk. Overview of the VFM audit approach, which shoKPMGd by the key elements of the VFM audit approach are summarised below. 1) Audit Risk Assessment: KPMG will consider the relevance and significance of the potential business risks faced by all authorities, and other risks that apply specifically to the Police Authority. In doing so KPMG will consider: •
the Authority’s own assessment of the risks it faces, and its arrangements to manage and address its risks;
•
Information from the Audit Commission’s VFM profile tool;
•
evidence gained from previous audit work, including the response to that work; and
•
the work of the Audit Commission, other inspectorates and review agencies (where relevant to their VFM audit responsibilities).
2) Financial Statements Audit: There is a degree of overlap betKPMGen the work KPMG do as part of the VFM audit and their financial statements audit. KPMG have always sought to avoid duplication of audit effort by integrating their financial statements and VFM work, and this will continue. KPMG will therefore draw upon relevant aspects of their financial statements audit work to inform the VFM audit. 3) Residual Audit Risk: It is possible that theirfinancial statements audit and previous VFM audit work may provide the assurance KPMG need for the VFM audit. To inform any further work KPMG must draw together an assessment of residual audit risk, taking account of the work undertaken already.
1 9
AUDITING I
4) Identifying Further Work: It is possible that KPMG may not identify any residualaudit risks and instead have obtained all the evidence and assurance required from their financial statements and other audit work. If so, no further work will be necessary prior to issuing the VFM conclusion. If KPMG do identify residual audit risks, then KPMG will consider the most appropriate audit response in each case, including: •
highlighting the risk to the Authority;
•
deferring any work because of current or planned work by the body or the Audit Commission, other in spectorates and review agencies (and/or considering theresults of such work); or
•
carrying out local risk-based work to form a view on the adequacy of the Authority’s arrangements for securing economy, efficiency and effectiveness in its use of restheirces.
5) Delivery of Local Risk-Based Work: Depending on thenature of the residual audit risk identified, KPMG will be able to draw on the following audit tools and stheirces of guidance when undertaking specific local risk-based audit work: localsavings review guides based on selected previous Audit Commission national studies. Any detailed work will also make reference to the detailed VFM characteristics, as appropriate, and any self assessment the Authoritymay prepare against the characteristics. 6) Conclude on VFM arrangements: At the conclusion of the VFM audit KPMG will consider theresults of the work undertaken and assess the assurance obtained against each of the VFM themes regarding the adequacy of the Authority’s arrangements for securing economy, efficiency and effectiveness in the use of restheirces. 7) Reporting: KPMG will report on the results of the VFM audit through their Interim Audit Report and their Report to those charged with governance. These reports will summarise their progress in delivering the VFM audit, the results and any specific matters arising, and the basis for their overall conclusion. The VFM conclusionwill be one of the following: •
unqualified –meaning KPMG are happy that in all significant respectsthe Authorityhas proper arrangements for securing economy, efficiency and effectiveness in the use of its restheirces; or
•
except for qualification –meaning KPMG are generally satisfied with the adequacy of the arrangements in place, except for one or more specific issues highlighted during the audit that relate to specific VFM criteria; or
•
adversequalification –meaning KPMG are unable to conclude that the Authority has adequate arrangements in place. 1 9
AUDITING I
III.2 MATERIALITY Their audit work is planned to detect errors that are material to the accounts as a whole. What do the company mean by materiality? In layman terms, materiality is the margin of error the company will accept before the company qualify their opinion on the accounts. Why do the company have a level of materiality? The company only have a limited time in which to complete their work. As a result, the company focus their testing on a sample of transactions rather than everything. To make their sample testing most effective, their work is driven by an assessment of risk and a level of materiality. This means the company sample test the transactions that are more likely to be prone to significant fraud or error. Determining materiality •
The company consider quantitative and qualitative factors in setting materiality and indesigning their audit procedures.
•
Materiality has been set at 1.8%of total income.
•
The company design their procedures to detecterrors at a lothe companyr level of precision. The company have some flexibility to adjust this level downwards.
Reporting to Audit Committee To comply with auditing standards, the following three types of audit differences will be presented to the Audit Committee : −summary of adjusted audit differences −summary of unadjusted audit differences −summary of disclosure differences (adjusted and unadjusted). The company will not report audit and disclosure differences that are considered to be trivial Independence and objectivity confirmation 1 9
AUDITING I
Professional standards require auditors to communicate to those charged with governance, at least annually, all relationships that maybe ar on the firm’s independence and the objectivity of the audit engagement partner and audit staff. The standards also place requirements on auditors in relation to integrity, objectivity and independence. The ISA defines‘ those charged with governance’ as‘ those persons entrusted with the supervision, control and direction of an entity’. In ytheir case this is the Audit Committee. KPMGLLP is committed to being and being seen to be independent. APB Ethical Standard1 requires us to communicate to you in writing all significant facts and matters, including those related to the provision of non- audit services and the safeguards put in place, in their professional judgement, may reasonably be thought to be aron KPMGLLP’s independence and the objectivity of the Engagement Lead and the audit team.
Confirmation statement The company confirm that as of 1 January 2011, in their professional judgement, KPMGLLP is independent with in the meaning of regulatory and professional requirements and the objectivity of the Appointed Auditor and audit team is impaired.
III.3 How to evaluate and test internal control BALANCE OF INTERNAL CONTROLS AND SUBSTANTIVE TESTING The picture below illustrates how the company determine the most effective balance of internal controls and substantive audit testing.
1 9
AUDITING I
In the picture above we can see that the balance of the substantive testing and the internal control testing in KPMG. The KPMG will use extensive control testing and reduced the substantive testing if the type of the transaction/accounts is low value transaction, high volume, and homogeneous transaction . The example of this type of transactions/accounts is income and debtors, purchases and payables, and payroll. And for the situation the KPMG use moderate control testing and moderate substantive testing is when the type of transaction is low/medium value and high/medium volume. The example of this type of transaction/accounts is tangible of fixed asset. And the last is the KPMG will use limited control testing and extensive substantive testing when the type of transaction is high value and low volume. And now how the KPMG do the test of control? The senior assessment team should test the effectiveness of the controls to determine if the controls are operating effectively and may be relied upon to ensure the assertions are valid. The determination of whether the controls have been applied throughout the period of testing may be accomplished by the senior assessment team selecting a sample of transactions processed throughout the period, based on the sampling plan. The sample should be selected from the complete population of the transactions for which controls are to be tested. The
1 9
AUDITING I
completeness of the population should be verified by comparison with the original data source. Testing the controls requires reperforming the transactions or controls or applying other test techniques to the selected transactions and determining if the controls performed as designed and expected. The type of the document that can be take for the sample are: Existing policy and procedure manuals, Existing forms and documents, Transaction cycle narrative, Transaction cycle flowchart. KPMG also use the five components of internal control that basic of COSO (The Commite Of Sponsoring Organizations) internal control-intergrate framework. And the components are: 1.
Evaluate Control environment : The control environment is the organization structure and culture created by management and employees to sustain organizational support of internal control. The control environment is the foundation for all other components of internal control. Following aspects of control environment is:
2.
Management’s philosophy and operating style
Delegating authority and responsibility.
Organization structure and resources.
Commitment to competence
Integrity and ethical standards
Evaluate risk assessment process: determining how the organization establishes objectives, identifies the risks that would prevent achievement of the objectives, estimates the significance of the risks in relation to financial reporting, assesses the possible existence of the risks in the current environment, and continues to monitor changes to the environment that mayincrease or reduce the risks.
3.
Evaluate the control activities: Control activities, frequently referred to simply as controls, include policies, procedures, and mechanisms that help ensure the control objectives are met and that management’s. Examples of control activities that might be present include: • Top-level reviews of actual performance 1 9
AUDITING I
• Reviews by management at the functional or actual level • Controls over information processing • Physical controls over vulnerable assets • Establishment and review of performance measures and indicators • Segregation of duties 4.
Evaluate the Information and Communication Processes : Information related to
financial reporting should be communicated to relevant personnel at all levels within the organization. The information should be relevant, reliable, and timely. evaluate the organization’s financial reporting processes to determine whether information is based upon integrated systems or the same source information 5.
Evaluate the monitoring process: evaluate whether each agency is performing its own,
independent monitoring and evaluation of the ICOFR environment and identifying and correcting deficiencies in a timely fashion throughout the year.
III.4 How to design audit program The audit process of KPMG The ftheir key stages of KPMG financial statements audit process are presented below.
1 9
AUDITING I
The KPMG International Audit Methodology addresses both manual and automated controls and requires use of information technology professionals and other specialists by member firms in the core audit engagement team when appropriate. The methodology also includes procedures aimed at detecting and responding to the risk of material misstatement resulting from fraud; Communications relating to the engagement team’s exercise of professional skepticism with respect to potential fraud risk factors have been reinforced and enhanced. There is a suite of technology tools to support the KPMG International Audit Methodology. These tools promote consistent implementation of the audit process globally, and drive audit quality. Leveraging technology to further improve the audit experience for clients and audit professionals is a key component of KPMG International’s Audit IT strategy. KPMG International’s next generation audit tool, eAudIT, is scheduled for full global deployment in 2010.
CHAPTER IV CONCLUSION The audit planning implemented by KPMG are the same with the theory we learned, but with those who have much experience, they've revised the audit planning they do. KPMG summarized their audit planning into three activities, which are perform risk assessment procedures and identify risks, determine audit strategy and determine planned audit approach. Also in determining materiality and evaluating internal control, they do based on their audit program, KPMG International Audit Methodology, which includes all the requirements of the International Standards on Auditing (ISAS).
1 9
AUDITING I
LITERATURES Elder Randal J, Beasly Mark S and Arenas Alvin A, “Auditing and Assurance Services”, Pearson Prentice Hall, 12th editions, 2008. www.google.com www.en.wikipedia.org www.kpmg.com www.kpmg.co.id
1 9
View more...
Comments