ACCA P7 Chapter 5 Audit Process

ACCA P7 lectures Download P7 notes

Chapter 5

Audit Process

Fundamental concepts relating to an audit

• Ethical requirements
• Professional scepticism
• Professional judgement
• Limitations of an audit
• Sufficiency of audit evidence
• Audit risk
• Responsibilities of management

Planning

The primary objective of audit planning is to reduce audit risk to an acceptable level.

Planning entails developing a general strategy and a detailed approach for the expected nature, timing and extent of the audit.

The objectives of planning are to:

ensure that appropriate attention is devoted to the different areas of the audit;

ensure that potential problems are identified; and

facilitate review.

The audit firm should consider materiality and its relationship with audit risk during the planning phase. This will assist with meeting the first two objectives above.

Threshold of significance

This new standard requires auditors to establish a threshold of significance to be applied when:

a control is designed, implemented or operated in such a way that it is unable to prevent or detect misstatements on a timely basis

such a control, as necessary to prevent and detect misstatements, is missing

The auditor must ask “Are the identified deficiencies, either individually or collectively, “significant”?

Any significant deficiencies must be communicated in writing to those charged with governance.

Other, insignificant, deficiencies should be communicated to management

Materiality

A misstatement or omission can be considered material if, individually or in aggregate, it would reasonably be expected to influence the economic decisions of users of the financial statements.

Materiality is concerned not just with size / value but also with the nature of the matter and the circumstances of the entity

judgements about materiality are made in the light of the surrounding circumstances and are affected by the size and nature of a misstatement, or a combination of both

judgements about matters that are material to users of the financial statements are based on a consideration of the common financial information needs of users as a group

The audit firm must be concerned with identifying “material” errors, inclusions, omissions and misstatements.

Performance materiality

A new idea!

set materiality for the financial statements as a whole

but set an amount less than this when designing the nature, timing or extent of audit procedures

this lower value is to be used when considering particular classes of transaction, account balances and disclosures

The level of materiality set at the planning stage will always be a matter of professional judgement. Most firms set criteria for guidance – a benchmark. For example:

between 1/2% and 1% turnover

between 1% and 2% of net assets; or

between 5% and 10% of net profit.

If using a benchmark approach, the auditor should consider:

the elements of the financial statements

whether there are matters upon which users are likely to focus

the nature of the entity, its life cycles and the industrial / economic environment

the ownership structure and the way the entity is financed

the relative volatility of the benchmark

The levels chosen for materiality and for performance materiality will depend on the confidence the auditor has in the client’s figures. Therefore, the level of risk attaching to the client will influence the levels of materiality used.

The materiality level will impact on three areas:

the nature and extent of audit tests.

whether to seek adjustments; and

the degree of any audit report qualification.

Risk assessments and internal controls

auditors should

obtain an understanding of the accounting and internal control systems sufficient to plan the audit and develop an effective audit approach and,

use professional judgement to assess audit risk and to design audit procedures to ensure it is reduced to an acceptably low level.

Audit risk is the ultimate risk that the audit opinion is inappropriate, after completion of all audit procedures.

It is made up of two component parts:

control risk, and

detection risk.

material misstatement risk is the combination of inherent risk and control risk

Inherent risk

This is the susceptibility of an account balance or class of transaction to material misstatement either individually or when aggregated with misstatement in other balances or classes assuming that there were no related internal controls.

Example

Suggest circumstances or factors that would cause you to believe that the level of inherent risk attaching to your client was higher than usual.

Control risk

This is the risk that the entity’s accounting and internal control procedures fail to detect or prevent fraud or error on a timely basis.

The auditor should make a preliminary assessment of control risk and should plan and perform tests of control to support that assessment.

Detection risk

This is the risk that the auditors’ substantive procedures fail to detect a material misstatement in an account balance or class of transaction. It is primarily a consequence of the fact that the auditors do not, and cannot, examine all available evidence.

The auditors’ control risk assessment, together with their assessment of inherent risk will influence the nature, timing and extent of substantive procedures needed to reduce detection risk, and therefore overall audit risk, to an acceptable level.

Example

You are the audit manager for Vortex Ltd, an entity involved in the manufacture and sale of clothing for teenagers. Half of its sales are on credit to a variety of outlets and the other half are through its own chain of shops. Staff are chosen for their youth, enthusiasm and knowledge of the fashion scene.

Identify the inherent risks that may arise and suggest appropriate controls to reduce the impact of these risks.

Planning, materiality and assessing risk of misstatement

This involves determining the level of risk attaching to the different areas of the client’s operations. The chance of detecting errors is increased and excessive time isn’t wasted on low-risk areas.

Some audit firms will concentrate on understanding management’s control of business risk and their overall control of the information systems.

Business risk is the risk that an entity fails to meet its objectives.

Business risks can be split into three categories:

Financial risk

Operational risk

Compliance risk

Financial risk

These are the risks arising from the entity’s financial activities or the financial consequences of operations. Examples include:

going concern problems

overtrading

credit risk

interest risk

high cost of capital

unrecorded liabilities

Operational risk

These are the risks arising from the operations of the business such as:

stock-outs,

physical disasters,

loss of key staff,

poor brand management and

loss of orders.

Compliance risk

These are the risks arising from non compliance with laws, regulations, policies, procedures and contracts. Examples include:

breach of listing rules

breach of statutory requirements

litigation risk

vat problems

tax penalties

health and safety risks

Management need to satisfy themselves that their systems of risk management and internal controls are working properly. Internal audit can make a valuable contribution to the monitoring of risk management.

Analytical procedures

The auditor should apply analytical procedures at the planning stage, throughout the audit and at the overall review stage of the audit.

Analytical procedures include the following type of comparisons:

prior periods

budgets and forecasts

predictive estimates

industry information

relationships between elements of financial information ie ratio analysis

financial and non-financial information eg the relationship between payroll costs and the number of employees.

The auditors should apply analytical procedures at the planning stage to assist in understanding the entity’s business and in identifying areas of potential risk.

When intending to apply analytical review as a substantive procedure, the auditor needs to consider the following factors:

objectives of the analytical review procedures

the nature of the information and the degree to which the information can be sub-divided eg apply procedures to divisions or products rather than the overall results.

the comparability, availability, reliability and source of information

The auditors should apply analytical procedures at or near the end of the audit when forming an overall conclusion as to whether the financial statements as a whole are consistent with the auditor’s knowledge of the entity’s business.

When analytical procedures identify significant fluctuations or relationships that are inconsistent with other relevant information, or that deviate from predictable patterns, the auditors should investigate and obtain adequate supporting evidence.