Presentation is loading. Please wait.

Presentation is loading. Please wait.

The UNIVERSITY of GREENWICH 1 September 2009 L9b Audit and assurance J. E. Spencer-Wood Lecture 9b The audit risk approach & internal control ISA 315 Auditing.

Similar presentations


Presentation on theme: "The UNIVERSITY of GREENWICH 1 September 2009 L9b Audit and assurance J. E. Spencer-Wood Lecture 9b The audit risk approach & internal control ISA 315 Auditing."— Presentation transcript:

1 the UNIVERSITY of GREENWICH 1 September 2009 L9b Audit and assurance J. E. Spencer-Wood Lecture 9b The audit risk approach & internal control ISA 315 Auditing and assurance

2 the UNIVERSITY of GREENWICH 2 September 2009 L9b Audit and assurance J. E. Spencer-Wood Communication and information Risk assessment Control environment Control activities Monitoring Directors’ and control (from previous lecture) The COSO model for IC

3 the UNIVERSITY of GREENWICH 3 September 2009 L9b Audit and assurance J. E. Spencer-Wood Auditors are required to… 'obtain an understanding of the entity and its environment, including its IC, sufficient to identify and assess the risks of material misstatement of the FS's whether due to fraud or error, and sufficient to design and perform further audit procedures' ISA (UK and Ireland) 315 'Understanding the entity and its environment & assessing the risks of material misstatement'

4 the UNIVERSITY of GREENWICH 4 September 2009 L9b Audit and assurance J. E. Spencer-Wood 'Risk assessment procedures' - a term used to gain the understanding of the entity, its environment and its IC Risk has to be assessed at two levels Financial statement level Assertion level 1 ISA (UK and Ireland) 315 'Understanding the entity and its environment & assessing the risks of material misstatement'

5 the UNIVERSITY of GREENWICH 5 September 2009 L9b Audit and assurance J. E. Spencer-Wood ISA 315 (UK and Ireland) identifies five areas 1.The external environment 2.The nature of the entity 3.The approach to business risks 4.Reporting and review of performance 5.IC ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement'

6 the UNIVERSITY of GREENWICH 6 September 2009 L9b Audit and assurance J. E. Spencer-Wood ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement' The auditor needs to consider - The external environment The nature of the entity The approach to business risks Reporting and review of performance IC

7 the UNIVERSITY of GREENWICH 7 September 2009 L9b Audit and assurance J. E. Spencer-Wood 1.The external environment Industry conditions  Market and competition –demand; capacity; price competition  Seasonal activity  Product technology  Energy supply and cost ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement'

8 the UNIVERSITY of GREENWICH 8 September 2009 L9b Audit and assurance J. E. Spencer-Wood 1.The external environment (cont.) Regulatory environment  Industry specific accounting rules (SORP's - UK)  Legislation that significantly affects the entity  Taxation  Government policies affecting the business  Environmental requirements ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement'

9 the UNIVERSITY of GREENWICH 9 September 2009 L9b Audit and assurance J. E. Spencer-Wood 1.The external environment (cont.) General  Economic activity –Recession –Growth  Interest rates  Availability of financing  Inflation ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement'

10 the UNIVERSITY of GREENWICH 10 September 2009 L9b Audit and assurance J. E. Spencer-Wood ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement' The auditor needs to consider - The external environment The nature of the entity The approach to business risks Reporting and review of performance IC

11 the UNIVERSITY of GREENWICH 11 September 2009 L9b Audit and assurance J. E. Spencer-Wood 2.The nature of the entity Nature of operations  products, key customers… Ownership and structure  Corporate governance Investments Financing Financial reporting ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement'

12 the UNIVERSITY of GREENWICH 12 September 2009 L9b Audit and assurance J. E. Spencer-Wood ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement' The auditor needs to consider - The external environment The nature of the entity The approach to business risks Reporting and review of performance IC

13 the UNIVERSITY of GREENWICH 13 September 2009 L9b Audit and assurance J. E. Spencer-Wood 3.The approach to business risks Objectives  related to industry developments, expansion… Strategies 4.Reporting and review of performance Ratios, trends, budget use… (see BPP manual) ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement'

14 the UNIVERSITY of GREENWICH 14 September 2009 L9b Audit and assurance J. E. Spencer-Wood ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement' The auditor needs to consider - The external environment The nature of the entity The approach to business risks Reporting and review of performance IC

15 the UNIVERSITY of GREENWICH 15 September 2009 L9b Audit and assurance J. E. Spencer-Wood 5.IC –Recall … Directors’ duties (UK) COMPLETE / ACCURATE RECORDS T&F FS’s SAFEGUARD OF ASSETS ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement'

16 the UNIVERSITY of GREENWICH 16 September 2009 L9b Audit and assurance J. E. Spencer-Wood Five elements of IC 1.Control environment (CE) 2.The client's risk assessment process 3.Information systems 4.Control activities 5.Monitoring of controls ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement'

17 the UNIVERSITY of GREENWICH 17 September 2009 L9b Audit and assurance J. E. Spencer-Wood Communication and information Risk assessment Control environment Control activities Monitoring Directors’ and control (cont.) The COSO model for IC

18 the UNIVERSITY of GREENWICH 18 September 2009 L9b Audit and assurance J. E. Spencer-Wood ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement' The auditor needs to consider - The external environment The nature of the entity The approach to business risks Reporting and review of performance IC

19 the UNIVERSITY of GREENWICH 19 September 2009 L9b Audit and assurance J. E. Spencer-Wood ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement' Internal control The control environment The risk assessment process Information systems Control activities Monitoring

20 the UNIVERSITY of GREENWICH 20 September 2009 L9b Audit and assurance J. E. Spencer-Wood 1. IC - The Control Environment ISA (UK and Ireland) 315 IC’s operate in a wider ‘control environment’, which includes governance and management's : Functions Attitudes, awareness and actions

21 the UNIVERSITY of GREENWICH 21 September 2009 L9b Audit and assurance J. E. Spencer-Wood Essential components of the CE Integrity and ethical values Competence Governance Philosophy and operating style of management Organisation structure Staffing policies 1. IC - The Control Environment (cont.) ISA (UK and Ireland) 315

22 the UNIVERSITY of GREENWICH 22 September 2009 L9b Audit and assurance J. E. Spencer-Wood ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement' Internal control The control environment The risk assessment process Information systems Control activities Monitoring

23 the UNIVERSITY of GREENWICH 23 September 2009 L9b Audit and assurance J. E. Spencer-Wood How the client… Identify business risks (BR’s) Estimate the significance thereof Assess the likelihood of BR occurrence The client’s… Processes for taking action 2. IC - The Client's Risk Assessment Process ISA (UK and Ireland) 315

24 the UNIVERSITY of GREENWICH 24 September 2009 L9b Audit and assurance J. E. Spencer-Wood ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement' Internal control The control environment The risk assessment process Information systems Control activities Monitoring

25 the UNIVERSITY of GREENWICH 25 September 2009 L9b Audit and assurance J. E. Spencer-Wood Information systems should be relevant to the financial reporting objective and consist of: Classes of transaction Initiation, recording, processing and reporting procedures of transactions  The procedures  The accounting records Non-transaction events (fe depreciation)  data capture FS preparation process  estimates, disclosures 3. IC - The Client's Information Systems ISA (UK and Ireland) 315

26 the UNIVERSITY of GREENWICH 26 September 2009 L9b Audit and assurance J. E. Spencer-Wood ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement' Internal control The control environment The risk assessment process Information systems Control activities Monitoring

27 the UNIVERSITY of GREENWICH 27 September 2009 L9b Audit and assurance J. E. Spencer-Wood ‘…those policies and procedures in addition to the control environment which are established to achieve the entity’s specific objectives’ ISA (UK and Ireland) IC - Control Activities (Procedures) ISA (UK and Ireland) 315 definition

28 the UNIVERSITY of GREENWICH 28 September 2009 L9b Audit and assurance J. E. Spencer-Wood 4. IC - Control Activities (cont.) ISA (UK and Ireland) 315 Control activities PREVENT, DETECT and CORRECT errors

29 the UNIVERSITY of GREENWICH 29 September 2009 L9b Audit and assurance J. E. Spencer-Wood 4. IC - Types of Control Activities (cont.) ISA (UK and Ireland) 315 DOCUMENTS approved and controlled by appropriate person COMPUTER controls Controls over IT applications and environment ARITHMETIC checked

30 the UNIVERSITY of GREENWICH 30 September 2009 L9b Audit and assurance J. E. Spencer-Wood REVIEW & MAINTENANCE of control a/c’s and TB’s RECONCILIATIONS (Source  audit trail  FS’s  audit trail  source) Subsidiary ledgers (debtors, creditors) Fixed asset registers; wages books; bank; budget COUNTS physical recs. (fe cash, stock) 4. IC - Types of Control Activities (cont.) ISA (UK and Ireland) 315

31 the UNIVERSITY of GREENWICH 31 September 2009 L9b Audit and assurance J. E. Spencer-Wood EXTERNAL information compared to internal (fe comparing customer signature for goods rec’d with goods outwards’ records) ACCESS to assets and records Authorised personnel only 4. IC - Types of Control Activities (cont.) ISA (UK and Ireland) 315

32 the UNIVERSITY of GREENWICH 32 September 2009 L9b Audit and assurance J. E. Spencer-Wood 4. IC - Types of Control Activities (cont.) ISA (UK and Ireland) 315 DCARRCEADCARRCEA CARDCARECARDCARE

33 the UNIVERSITY of GREENWICH 33 September 2009 L9b Audit and assurance J. E. Spencer-Wood 4. IC - Control Activities (cont.) Segregation of duties More than one person involved in a process Helps uncover errors Make fraud more difficult Separation of:  AUTHORISATION  RECORDING  CUSTODY

34 the UNIVERSITY of GREENWICH 34 September 2009 L9b Audit and assurance J. E. Spencer-Wood ISA 315 (UK and Ireland) 'Understanding the entity and its environment & assessing the risks of material misstatement' Internal control The control environment The risk assessment process Information systems Control activities Monitoring

35 the UNIVERSITY of GREENWICH 35 September 2009 L9b Audit and assurance J. E. Spencer-Wood Management reports Internal audit 5. IC - Monitoring of Controls ISA (UK and Ireland) 315

36 the UNIVERSITY of GREENWICH 36 September 2009 L9b Audit and assurance J. E. Spencer-Wood Limitations of IC’s  Cost v benefit  One-off events  Collusion / fraud  Abuse of authority  Management override  Change  Error

37 the UNIVERSITY of GREENWICH 37 September 2009 L9b Audit and assurance J. E. Spencer-Wood Before we go on, do this: Don’t look back at your notes!!! What are the 5 elements of IC? 1.… 2.… 3.… 4.… 5.… …Now back to auditing…

38 the UNIVERSITY of GREENWICH 38 September 2009 L9b Audit and assurance J. E. Spencer-Wood Audit risk is the risk that the auditors will give the wrong opinion - the risk that the FS's, or an assertion therein, contains material misstatement Audit risk assessment has to be discussed by the engagement team and fully documented - ISA (UK and Ireland) 315 AUDIT RISK (AR)

39 the UNIVERSITY of GREENWICH 39 September 2009 L9b Audit and assurance J. E. Spencer-Wood A moment, let’s just recall… Accounting system Financial statements The accounting system

40 the UNIVERSITY of GREENWICH 40 September 2009 L9b Audit and assurance J. E. Spencer-Wood A moment, let’s just recall… Inherent risk (IR) Financial Statements (not T&F) The accounting system Inherent risks of material misstatement

41 the UNIVERSITY of GREENWICH 41 September 2009 L9b Audit and assurance J. E. Spencer-Wood Client based risk Inherent risk (IR)  The likelihood of material misstatement Control risk (CR)  The likelihood that IC’s fail to pick up material misstatement Auditor-based risk Detection risk (DR)  The likelihood that the audit procedures fail to pick up material misstatement AUDIT RISK (AR)

42 the UNIVERSITY of GREENWICH 42 September 2009 L9b Audit and assurance J. E. Spencer-Wood A moment, let’s just recall… Control risk (CR) Financial statements The accounting system Inherent risks of material misstatement IC stops IR’s

43 the UNIVERSITY of GREENWICH 43 September 2009 L9b Audit and assurance J. E. Spencer-Wood But… Control risk (CR) Financial Statements (Not T&F) The accounting system Inherent risks of material misstatement IC’s stop IR’s If there is a control that is not working

44 the UNIVERSITY of GREENWICH 44 September 2009 L9b Audit and assurance J. E. Spencer-Wood Client based risk Inherent risk (IR)  The likelihood of material misstatement (ignoring IC’s) Control risk (CR)  The likelihood that IC’s fail to pick up material misstatement Auditor-based risk Detection risk (DR)  The likelihood that the audit procedures fail to pick up material misstatement AUDIT RISK (AR)

45 the UNIVERSITY of GREENWICH 45 September 2009 L9b Audit and assurance J. E. Spencer-Wood Detection risk (DR) Financial statements The accounting system Inherent risks of material misstatement IC’s stop IR’s If there is a control that is not working Audit work finds any MM

46 the UNIVERSITY of GREENWICH 46 September 2009 L9b Audit and assurance J. E. Spencer-Wood But…But… Detection risk (DR) Financial Statements (not T&F) The accounting system Inherent risks of material misstatement IC’s stop IR’s If the auditor fails to identify a MM Audit work

47 the UNIVERSITY of GREENWICH 47 September 2009 L9b Audit and assurance J. E. Spencer-Wood Client based risk Inherent risk (IR)  The likelihood of material misstatement (ignoring IC’s) Control risk (CR)  The likelihood that IC’s fail to pick up material misstatement Auditor-based risk Detection risk (DR)  The likelihood that the audit procedures fail to pick up material misstatement AUDIT RISK (AR)

48 the UNIVERSITY of GREENWICH 48 September 2009 L9b Audit and assurance J. E. Spencer-Wood AUDIT RISK (AR) AR = (IR x CR) x DR

49 the UNIVERSITY of GREENWICH 49 September 2009 L9b Audit and assurance J. E. Spencer-Wood Try to think of one example of each of the following: 1.A detection risk 2.A control risk 3.An inherent risk

50 the UNIVERSITY of GREENWICH 50 September 2009 L9b Audit and assurance J. E. Spencer-Wood IC system & accounting system Financial statements Financial records Budgets Management a/c’s Sales analyses Production reports Materials testing reports + + +

51 the UNIVERSITY of GREENWICH 51 September 2009 L9b Audit and assurance J. E. Spencer-Wood Key Points – Lecture 9b The Audit Process Understanding client (5) 1.External environment 2.Entity 3.BR approach 4.Reporting and review 5.IC (5) i.CE ii.Risk assessment iii.Information systems iv.Control activities v.Monitoring Assessing risks (of material misstatement) Prevent, detect and correct CARDCARE ARC Limitations of IC (7)

52 the UNIVERSITY of GREENWICH 52 September 2009 L9b Audit and assurance J. E. Spencer-Wood Assessing risks (of material misstatement)  AR = (IR x CR) x DR DR is based on the assessment (and is reduced as more audit work is done) Acceptable ‘risk’Ascertained and assessed by auditor fe 5% (= 95% confidence) Key Points – Lecture 9b (cont.)

53 the UNIVERSITY of GREENWICH 53 September 2009 L9b Audit and assurance J. E. Spencer-Wood Try to think of one example of each of the following: 1.A detection risk The risk that the auditor may miss an omission of a material liability (such as a loan) 2.A control risk The risk that a control ‘fails’ (such as an order being sign by someone who does not has the authority to do so) 3.An inherent risk The risk that an assertion will not be true and fair (that is, will be materially misstated) if there are no controls (such as cash sales – completeness)

54 the UNIVERSITY of GREENWICH 54 September 2009 L9b Audit and assurance J. E. Spencer-Wood IC system & accounting system Financial statements CERTAINLY Financial records CERTAINLY BudgetsCERTAINLY Management a/c’s ALMOST CERTAINLY Sales analysesPROBABLY Production reports POSSIBLY Materials testing reports ….UNLIKELY, but….


Download ppt "The UNIVERSITY of GREENWICH 1 September 2009 L9b Audit and assurance J. E. Spencer-Wood Lecture 9b The audit risk approach & internal control ISA 315 Auditing."

Similar presentations


Ads by Google