Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding the Entity

Published byKelsi Dixey Modified over 9 years ago

Similar presentations

Presentation on theme: "Understanding the Entity"— Presentation transcript:

1 Understanding the Entity
AU Section 314 Understanding the Entity and Its Environment and Assessing the Risks Source: SAS No The Risk Assessment Standards C Delano Gray June 18, 2008

2 Risk Assessment Standards
The risk assessment standards consist of: SAS No. 104, Amendment to Statement on Auditing Standards No. 1, Due Professional Care SAS No. 105, Amendment to Statement on Auditing Standards No. 95, Generally Accepted Auditing Standards SAS No. 106, Audit Evidence SAS No. 107, Audit Risk and Materiality in Conducting an Audit (Audit Risk and Materiality) SAS, No. 108, Planning and Supervision SAS No. 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Assessing Risks) SAS No. 110, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Performing Procedures) SAS No. 111, Amendment to Statement on Auditing Standards No. 39, Audit Sampling

3 Risk Assessment Standards
The risk assessment standards consist of: SAS No. 112 Communicating Internal Control Related Matters Identified in an Audit (Superseded SAS 60) SAS No. 113 Omnibus Standards SAS No. 114 The Auditor’s Communication with Those Charged with Governance (Supersedes SAS 61) Source: AICPA

4 Risk Assessment Standards
The ASB believes that the SASs represent a significant strengthening of auditing standards which in turn will improve the quality of audits conducted under these standards

5 Objectives The objectives of the SASs are to improve audit effectiveness by requiring: A more in-depth understanding of the entity and its environment, including its internal control. More rigorous assessment of the risks of material misstatement (whether caused by error or fraud) of the financial statements. A linkage between the assessed risks and the nature, timing, and extent of audit procedures performed in response to those risks.

6 Knowledge This assumes the following Knowledge of the SAS’s
Knowledge of FAS and Interpretations Knowledge of Industry Specific Standards Knowledge of SOP’s and EITF Pronouncements Knowledge of Entity’s Industry, Markets, Competitors and Industry Practices.

7 Overview of SASs

8 Overview of SASs SAS No. 104, Amendment to SAS No. 1
SAS No. 104 expands the definition of “reasonable assurance” as a “high” level of assurance”

9 Overview of SASs SAS No. 105, Amendment to SAS 95, Generally Accepted Auditing Standards “Internal control” is replaced by “the entity and its environment, including its internal control” “Further audit procedures” replaces “tests to be performed” “Audit evidence” replaces “evidential matter”

10 Overview of SASs SAS No. 106, Audit Evidence
(Amends SAS 31) “The auditor must obtain sufficient audit evidence by performing audit procedures to afford a reasonable basis for an opinion regarding the financial statements under audit.”

11 Overview of SASs SAS No. 106, Audit Evidence
Audit evidence is all the information used by the auditor in arriving at the conclusions on which the audit opinion is based and includes: Entity’s accounting records, Confirmations, Minutes, Industry reports, Audit procedures such as inquiries, observations, inspections, etc.

12 Overview of SASs SAS No. 106, Audit Evidence Audit Procedures
Risk Assessment Procedures Inquiries Analytical procedures Inspection and observation Further Audit Procedures Test of controls Substantive procedures Test of details Substantive analytical procedures

13 Overview of SASs SAS No. 106, Audit Evidence
The use of assertions in obtaining audit evidence – these are management’s implicit or explicit assertions regarding the recognition, measurement, presentation and disclosure of information in the financial statements and related disclosures.

14 Overview of SASs SAS No. 106, Audit Evidence (continued)
Categories of Assertions Classes of transactions Account balances Presentation and disclosure

15 Overview of SASs SAS No. 107, Audit Risk and Materiality
(Amends SAS 47) “The auditors should perform the audit to reduce audit risk to a low level that is (in his or her judgment) appropriate for expressing an opinion on the financial statements.”

16 Overview of SASs Audit Risk and Materiality - SAS 107.
"The auditor's consideration of materiality is a matter of professional judgment and is influenced by the auditor’s perception of the needs of users of financial statements” SAS 107.

17 Overview of SASs SAS No. 108, Planning and Supervision
(Amends SAS 1 and SAS 22) “The auditor must adequately plan the work and must properly supervise any assistants.”

18 Overview of SASs SAS No. 109, Assessing Risks
“The auditor must obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of material misstatement of the financial statements whether due to error or fraud, and to design the nature, timing, and extent of further audit procedures.”

19 Risk Assessment Standards
Enhances the auditor’s application of the audit risk model in practice by requiring: More in-depth understanding of the entity and its environment, including its internal control to better understand where risks of misstatements are higher May require greater understanding of internal control design and implementation of controls Ability to default to maximum control risk assessment removed Improved linkage between the assessed risks and the nature, timing, and extent of audit procedures performed

20 Risk Assessment Standards
Enhances the auditor’s application of the audit risk model: AR = [CR x IR] x DR [CR x IR] = RMM AR = Audit Risk CR = Control Risk IR = Inherent Risk DR =Detection Risk RMM = risk of material misstatement Source: AICPA.

21 Risk Assessment Standards
Internal Control Framework is unchanged

22 Understanding the Entity and Its Environment and Assessing the Risks
SAS 109 Understanding the Entity and Its Environment and Assessing the Risks

23 Introduction .01 This section establishes standards and provides guidance about implementing the second standard of field work, as follows: The auditor must obtain a sufficient understanding of the entity and its environment, Its internal control, to assess the risk of material misstatement of the financial statements whether due to error or fraud, Design the nature, timing, and extent of further audit procedures.

24 .02 The following is an overview of this standard:
• Risk assessment procedures and sources of information about the entity and its environment, including its internal control. This section explains the audit procedures that the auditor should perform to obtain the understanding of the entity and its environment, including its internal control (risk assessment procedures). The audit team should discuss the susceptibility of the entity's financial statements to material misstatement.

25 Risk Assessment Standards
The auditor should assess the risks of material misstatement at the financial statement level and at the relevant assertion level on all audits based on the understanding obtained

26 Risk Assessment Standards
New Assertion Framework Classes of Transactions Account Balances Presentation and Disclosures Occurrence Existence Occurrence and Rights and obligations Completeness Rights and obligations Accuracy Classification and understandability Cutoff Valuation and allocation Accuracy and valuation Classification

27 Risk Assessment Standards
Identifying risks through considering The entity and its environment, including its internal control Classes of transactions, account balances, and disclosures Relating the identified risks to what could go wrong at the relevant assertion level Significant risks1 1SAS 109, Assessing Risks, paragraphs

28 Risk Assessment Standards
Audit Risk Auditor’s Response Financial Statement Overall responses Account level Further Audit Procedures (Tests of Controls and Substantive Tests)

29 Risk Assessment Standards
Testing of controls is encouraged The requirement to link assessed risks and the audit procedures responsive to those risks is improved Risk assessment is a continuous process, not a series of discrete stages

30 Risk Assessment Standards
Perform further audit procedures that are clearly linked to risks at the relevant assertion level by: Performing tests of the operating effectiveness of controls Performing substantive procedures Evaluating the adequacy of presentation and disclosure1 1SAS 110, Performing Procedures SAS, paragraphs 23-68 Evaluate whether sufficient competent audit evidence has been obtained2 2SAS 110, Performing Procedures, paragraphs 70-76 Source AICPA

31 Risk Assessment Standards
Greater emphasis is placed on testing of disclosures Greater Emphasis is placed on the Evaluation of Internal Controls Guidance on evaluating audit findings is clarified and expanded Documentation requirements are significantly expanded

32 Significant Changes to Existing Practices
Identifying and assessing the risks of material misstatements at both the financial statement level and the relevant assertion level by performing risk assessment procedures. Designing and performing tailored further audit procedures responsive to assessed risks at the relevant assertion level Linkage of audit procedures to the risk of material misstatement.

33 AU Section 314 Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Supersedes SAS No. 55) Source: SAS No Effective for audits of financial statements for periods beginning on or after December 15, Earlier application is permitted.

34 Risk Assessment Overview
New Process Inquiries Analytical Procedures Brainstorming Fraud Risk Factors Other Risk Assessment Respond

35 SAS No. 109, Assessing Risks Risk assessment procedures and sources of information about the entity and its internal control are: Inquiries Analytical procedures Observation and inspection Discussion among audit team

36 SAS No. 109, Assessing Risks Inquiries of management may be directed toward: External parties – for example, legal counsel, bankers, valuation experts, etc. Internal – for example those charged with governance, internal audit, employees other than accounting personnel, in-house counsel, etc.

37 SAS No. 109, Assessing Risks Analytical Procedures
Use guidance of SAS 56, Analytical Procedures Helpful In identifying unusual transactions or events Assist in determining amounts, ratios, trends in the financial statements

38 SAS No. 109, Assessing Risks Observation and inspection include:
Inspection of documents and manuals (for example accounting or internal control) Reading internal reports and minutes Visit premises and plant facilities Tracing transactions through systems

39 SAS No. 109, Assessing Risks The auditor should consider the results of the fraud risk assessment performed during planning along with other information gathered in identifying the risks of material misstatements.

40 SAS No. 109, Assessing Risks Discussion among audit team:
Can be held at the same time as the discussion specified in SAS 99. Objective is for members to gain a better understanding of the potential for material misstatements. An opportunity for more experienced members to share their insights.

41 SAS No. 109, Assessing Risks Understanding the entity and its environment, including its internal control. Industry, regulatory, and other external factors Nature of the entity Objectives and strategies and the related business risks that may result in a material misstatement of the financial statements Measurement and review of the entity's financial performance Internal control

42 SAS No. 109, Assessing Risks Internal control

43 SAS No. 109, Assessing Risks (continued)
The auditor should obtain a sufficient understanding of internal controls to: Evaluate the design of controls relevant to the audit, Determine whether the controls have been implemented.

44 SAS No. 109, Assessing Risks The auditor should perform risk assessment procedures to obtain an understanding of internal control. Procedures include observation, inspection, or performing walkthroughs. Inquiry alone is not sufficient to evaluate the design of controls and whether they have been implemented.

45 SAS No. 109, Assessing Risks The auditor should identify and assess the risks of material misstatements at: Financial statement level The relevant assertion level

46 The three primary objectives of effective internal control.
Internal Controls The three primary objectives of effective internal control.

47 Internal Control Objectives
1. Reliability of financial reporting 2. Efficiency and effectiveness of operations 3. Compliance with laws and regulations

48 Managements Responsibilities
Contrast management’s responsibilities for maintaining and reporting on internal controls with the auditor’s responsibilities for understanding, testing, and reporting on internal controls.

49 Management and Auditor Responsibilities Related to Internal Control
Management’s responsibility for establishing internal control Reasonable assurance Inherent limitations

50 Management and Auditor Responsibilities Related to Internal Control
Design of internal control Operating effectiveness of controls

51 Management and Auditor Responsibilities Related to Internal Control
Auditor responsibilities for understanding internal control Controls over the reliability of financial reporting Control over classes of transactions Auditor responsibilities for testing internal control

52 The five components of the COSO internal control framework.

53 Five Components of Internal Control
Control Environment Risk assessment Information and communication Control activities Monitoring

54 The Control Environment
Integrity and ethical values Commitment to competence Board of directors or audit committee participation

55 The Control Environment
Management’s philosophy and operating style Organizational structure Human resource policies and practices

56 Risk Assessment Identify factors that may increase risk
Estimate the significance of the risk Assess the likelihood of the risk occurring Determine actions necessary to manage the risk

57 Control Activities 1. Adequate separation of duties
2. Proper authorization of transactions and activities 3. Adequate documents and records 4. Physical control over assets and records 5. Independent checks on performance

58 Adequate Separation of Duties
Custody of assets from Accounting Authorization of transactions from The custody of related assets Operational responsibility from Record-keeping responsibility IT duties from User departments

59 Proper Authorization of Transactions and Activities
General authorization Specific authorization

60 Adequate Documents and Records
Prenumbered consecutively Prepared at the time of transaction Designed for multiple use Constructed to encourage correct preparation

61 Physical Control Over Assets and Records
The most important type of protective measure for safeguarding assets and records is the use of physical precautions.

62 Independent Checks on Performance
The need for independent checks arises because internal control tends to change over time unless there is a mechanism for frequent review.

63 Information and Communication
The purpose of an accounting information and communication system is to… initiate, record, process, and report the entity’s transactions and to maintain accountability for the related assets.

64 Monitoring Monitoring activities deal with management’s
ongoing and periodic assessment of the quality of internal control performance… to determine whether controls are operating as intended and modified when needed.

65 Obtain and document an understanding of internal control.
Documenting Controls Obtain and document an understanding of internal control.

66 Process for Understanding Internal Control and Assessing Control Risk
Phase 1 Obtain an understanding of internal control: design and operation Phase 3 Design, perform, and evaluate tests of controls Phase 2 Assess control risk Phase 4 Decide planned detection risk and substantive tests

67 Obtain and Document Understanding of Internal Control
SAS 109 and PCAOB Standard 2 both require auditors to obtain an understanding of internal control for every audit. Procedures to obtain an understanding: Design of internal controls Whether placed in operation Uses this information as a basis for the integrated audit

68 Methods Used Narrative Flowchart Internal control questionnaire

69 Narrative 1. The origin of every document and record in the system
2. All processing that takes place 3. The disposition of every document and record in the system 4. An indication of the controls relevant to the assessment of control risk

70 Evaluating Internal Control Operation
Update and evaluate auditor’s previous experience with the entity Make inquiries of client personnel Examine documents and records Observe entity activities and operations Perform walk-throughs of the accounting system

71 Control Risks and Audit Objectives
Assess control risk by linking key controls, significant deficiencies, and material weaknesses to transaction-related audit objectives.

72 Assess Control Risk Assess whether the financial statements
are auditable. Determine assessed control risk supported by the understanding obtained assuming the controls are being followed. Use of a control risk matrix to assess control risk.

73 Control Risk Matrix Many auditors use the control risk matrix
to assist in the control risk assessment process.

74 Control Risk Matrix Identify audit objectives
Identify existing controls Associate controls with related audit objectives Identify and evaluate control deficiencies, significant deficiencies, and material weaknesses

75 Evaluating Significant Control Deficiencies
SIGNIFICANCE Material Material Weakness LIKELIHOOD Remote Probable Immaterial

76 Identify Deficiencies and Weakness
Identify existing controls Identify the absence of key controls Consider the possibility of compensating controls Decide whether there is a significant deficiency or material weakness Determine potential misstatements that could result

77 Communications Communications to those charged with governance
Management letters

78 Tests of Controls The procedures to test effectiveness of controls
in support of a reduced assessed control risk are called tests of controls.

79 Procedures for Tests of Controls
1. Make inquiries of client personnel 2. Examine documents, records, and reports 3. Observe control-related activities 4. Reperform client procedures

80 Extent of Procedures Reliance on evidence from prior year’s audit
Testing of controls related to significant risks Testing less than the entire audit period

81 Relationship of Assessed Control Risk and Extent of Procedures
Type of procedure High level: Procedures to obtain an understanding Lower level: Tests of controls Inquiry Documentation Observation Reperformance Yes–extensive Yes–with transaction walk-through No Yes–some Yes–using sampling Yes–at multiple times

82 READY?? How to get ready. Document each significant business process in writing. Assess business risks involved in each process. Identify “key” controls within those processes to mitigate risks. If controls aren’t adequate to mitigate risks, you would need to consider implementing stronger controls. Also, establish a monitoring process whereby these business processes are evaluated to ensure that “key” controls are operating effectively throughout the period. The control activities questionnaire may be a good starting point to help identify your significant business processes and the key controls for those processes

83 Decide Planned Detection Risk and Design Substantive Tests
The auditor uses the results of the control risk assessment process and tests of controls to determine the planned detection risk and related substantive tests. The auditor links the control risk assessments to the balance-related audit objectives.

84 Check applicable risk category:
Audit of Activity: __________________________________________ Check applicable risk category: Business Objective Business Risk 1. Regulatory & Legal Issues Information Systems Operational Performance Ext. and Int. Environment Assets

85 Risk Importance of Risk Control Activities to Address Risk Impact on audit (Test) A. 1. 2.

86 COMPANY NAME: PREPARED BY: __________________
AUDIT DEPARTMENT COMPANY NAME: PREPARED BY: __________________ REVIEWED BY:___________________ DATE: _____/_______/______ SECTION XX: Audit of …………………. AUDIT DATE: As of mm/dd/yyyy

87 DRAFT Time Budget Performed by W/P REF Operational Procedure
Description of Controls Audit Objective Audit Scope Audit Procedure 1. 2. Findings The following exceptions were noted during the audit: (1) = (2) = All findings were discussed with the responsible manager. Tickmark Legend = No Exception Noted = Traced to ® = Reviewed P & P Manual. Conclusion . DRAFT

88 Section 404 Reporting on Internal Control
1. The auditor’s opinion on whether management’s assessment of the effectiveness of internal control over financial reporting as of the end of the fiscal period is fairly stated, in all material respects. 2. The auditor’s opinion on whether the company maintained, in all material respects, effective internal control over financial reporting as of the specified date.

89 Questions? Thank You

Download ppt "Understanding the Entity"

Similar presentations

Números.

Números.
Trend for Precision Soil Testing % Zone or Grid Samples Tested compared to Total Samples.

Trend for Precision Soil Testing % Zone or Grid Samples Tested compared to Total Samples.
AGVISE Laboratories %Zone or Grid Samples – Northwood laboratory

AGVISE Laboratories %Zone or Grid Samples – Northwood laboratory
Reflection nurulquran.com.

Reflection nurulquran.com.
EuroCondens SGB 125- 300 E.

EuroCondens SGB E.
Worksheets.

Worksheets.
Obtaining Clients Submit a proposal

Obtaining Clients Submit a proposal
Addition and Subtraction Equations

Addition and Subtraction Equations
Audit Standards Update with Focus on Risk Suite and Impact on IT Audit

Audit Standards Update with Focus on Risk Suite and Impact on IT Audit
AICPA Auditing Standards Update: Change, Change, Change… NASACT Audio Conference April 19, 2006 Presented by Frank Crawford, CPA President, Crawford &

AICPA Auditing Standards Update: Change, Change, Change… NASACT Audio Conference April 19, 2006 Presented by Frank Crawford, CPA President, Crawford &
Add Governors Discretionary (1G) Grants Chapter 6.

Add Governors Discretionary (1G) Grants Chapter 6.
CALENDAR.

CALENDAR.
CHAPTER 18 The Ankle and Lower Leg

CHAPTER 18 The Ankle and Lower Leg
The 5S numbers game..

The 5S numbers game..
A Fractional Order (Proportional and Derivative) Motion Controller Design for A Class of Second-order Systems Center for Self-Organizing Intelligent.

A Fractional Order (Proportional and Derivative) Motion Controller Design for A Class of Second-order Systems Center for Self-Organizing Intelligent.
The basics for simulations

The basics for simulations
TCCI Barometer March 2014. “Establishing a reliable tool for monitoring the financial, business and social activity in the Prefecture of Thessaloniki”

TCCI Barometer March “Establishing a reliable tool for monitoring the financial, business and social activity in the Prefecture of Thessaloniki”
TCCI Barometer March 2013. “Establishing a reliable tool for monitoring the financial, business and social activity in the Prefecture of Thessaloniki”

TCCI Barometer March “Establishing a reliable tool for monitoring the financial, business and social activity in the Prefecture of Thessaloniki”
Progressive Aerobic Cardiovascular Endurance Run

Progressive Aerobic Cardiovascular Endurance Run
MaK_Full ahead loaded 1 Alarm Page Directory (F11)

MaK_Full ahead loaded 1 Alarm Page Directory (F11)

Similar presentations

Ads by Google