Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Audit Risk Week 10. 2 Risk Assessment in Planning AR = IR x CR x DR To meet desired level of Audit Risk Need to assess each component IR & CR can be.

Similar presentations

Presentation on theme: "1 Audit Risk Week 10. 2 Risk Assessment in Planning AR = IR x CR x DR To meet desired level of Audit Risk Need to assess each component IR & CR can be."— Presentation transcript:

1 1 Audit Risk Week 10

2 2 Risk Assessment in Planning AR = IR x CR x DR To meet desired level of Audit Risk Need to assess each component IR & CR can be assessed but not controlled DR is dependent on perceived levels in IR & CR

3 3 Inherent Risk Factors affecting Inherent Risk (SAS 300.2) At Entity Level: Integrity of directors and management Management experience Unusual pressures on management Nature of the business Conditions within the industry

4 4 Inherent Risk Factors affecting Inherent Risk At balance and transaction class level Sales and cash receipt transactions and debtor balances Purchases and payroll transactions and creditors balances Stocks Tangible fixed assets Cash

5 5 The Control Environment SAS – auditors need to understand the entitys accounting systems to understand and identify Major classes of transactions How such transactions are initiated Significant accounting records and supporting documents The accounting and financial reporting process

6 6 The Control Environment Once understood Able to assess risk element Design appropriate testing schedule Update audit plan

7 7 Understanding the accounting system Document Perform audit tests Eg Walkthrough tests Manual & electronic systems Evaluate quality of internal audit procedures

8 8 Reliance on Internal Audit The role of the internal control systems Internal Control systems are policies and procedures adopted by the directors and senior management of an organisation to assist in attempting to achieve the orderly and efficient conduct of business Internal control systems attempt to ensure that: Complete and accurate accounting records are kept so that financial transactions can be recorded and disclosed in an informative manner Assets are safeguarded on behalf of their rightful owners Error and or fraud are prevented and are likely to be detected if they occur Information can be prepared and disclosed in a timely and informative manner Staff adhere to organisational policies and procedures The organisation and its officers adhere to statutory and other relevant regulatory requirements.

9 9 Fundamental concepts of internal control systems Segregation of duties Physical access controls Authorisation and approval controls Management control Supervision and periodic reconciliation Arithmetical and accounting controls Personnel

10 10 Internal auditor - role Continuous review and appraisal of systems of control Report on adequacy of controls Identify areas for improvement Involvement with development & implementation of new systems But…employee of the company

11 11 Effect on Control Risk To reduce Control Risk External auditor can rely on Internal audit work Needs to make assessment of Quality Comprehensiveness Objectivity Should never rely 100% on internal audit

12 12 Evaluation of Internal Auditors SAS evaluation may include consideration of whether: Work is performed by staff who have adequate technical training and proficiency as internal auditors Work of assistants is properly supervised, reviewed and documented Sufficient appropriate audit evidence is obtained to form a reasonable basis for the conclusions reached Conclusions reached are appropriate Reports by the internal audit are consistent with the results of the work performed Any exceptions and unusual matters disclosed by internal audit are properly resolved Amendments to the external audit programme are required as a result of matters identified by the internal audit work There is a need to test the work of internal audit to confirm its adequacy

13 13 A system weakness? Last point suggests There is no need to test IA work to confirm its adequacy International Standard of Accounting 610 The external auditor should not rely entirely on the IAs work. Therefore some tests must be performed to confirm adequacy

14 14 Performance of audit and reliance on IA – Step 1 Recording accounting systems using a flowchart and/or narrative notes EA should check the flowchart is correct by checking a few transactions through the system (eg a walkthrough test) For a purchases system check purchase requisition purchase order receipt of goods passing the purchase invoice posting it to the purchase ledger paying the invoice If EAs checks of transactions through the system are consistent with the flowchart EA can use the IAs flowchart

15 15 Performance of audit and reliance on IA – Step 2 Evaluate recorded controls by means of an internal control evaluation questionnaire (ICE) or internal control questionnaire (ICQ) ICQ = set of questions in yes/no format designed to gather information about a suite of controls If IAs ICQs conform to samples of EAs ICQs can adopt IAs

16 16 Performance of audit and reliance on IA – Step 3 Test controls in the accounting systems EA should perform tests on a sample of the items checked by the IA If the results are the same as the IAs, the EA can rely on the IAs work Therefore EA need check fewer items than if no reliance was placed on the IAs work If errors are found in the items checked by the EA then total number of transactions checked will be increased so as to achieve the desired level of control risk

17 17 Performance of audit and reliance on IA – Step 4 Substantive tests of items in the financial statements IAs tend to carry out fewer tests on items in the financial statements, than on checking controls in accounting systems Therefore, here EA will place less reliance on the IAs work

18 18 Performance of audit and reliance on IA – Step 5 Visits to Branches/sites If branch numbers are large EA unable to visit all If IAs work at selected branches = EAs findings Reduces Control Risk Reduces number of branch/site visits

19 19 Performance of audit and reliance on IA – Step 6 Checking computer systems IAs work skewed to systems testing IAs programme should include checking procedures over writing and testing software before it is used by the company checking the implementation of new systems, including transfer of data from the old system and training of staff checking the operation of the systems by performing computer assisted audit techniques of test data and computer audit programs (audit software) checking general controls in the computer system, including controls over access to the computer, periodic copying of data files and general maintenance of the computer checking controls over the individual systems in which the external auditor is placing reliance

20 20 Summary Internal Audit procedures can Act as deterrent against fraud Provide guidance to employees on correct procedures Provide detailed descriptions and reviews of systems of Internal Control Assist EA in reducing substantive testing

21 21 Minimising Detection Risk A material misstatement occurs Internal controls do not pick it up How can EA be confident substantive testing will detect it? Clearly not 100% assured Need to take samples Techniques required

22 22 SAS 430 Audit Sampling SAS 430 Points out the pitfalls in sampling When determining sample sizes, auditors should consider sampling risk, the amount of error that would be acceptable and the extent to which they expect to find errors (430.3)

23 23 Sampling Risk This is defined as arising From the possibility that the auditors conclusion, based on a sample, may be different from the conclusion that would be reached if the entire population were subjected to the same audit procedure

24 24 Sampling or not Auditors need to select samples which would be expected to be representative of the whole population Non-sampling 100% examination (selecting all items in a population) analytical procedures (relationship testing) tests in total (calculations of reasonableness based on independently verified data) walkthrough tests other selective testing of specific items (eg high- value, key and unusual items)

25 25 Selecting the sample SAS Random selection (number tables/software) Systematic (constant interval) Haphazard (as long as no bias)

26 26 Selecting the sample If going to sample would need to incorporate into audit plan Sample design Sample selection Testing Evaluation

27 27 Sample design Should consist of: audit objective(s) of the test population from which the sample is to be drawn sampling unit (individual item of population) results or conditions that will be regarded as errors or deviations In substantive = an error In control = a control deviation sample size (based on assurance required, tolerable error & stratification)

28 28 Sample selection Dependant upon size of population Level of risk assigned to detection risk Homogeneity of population Basis SAS 430.4

29 29 Testing and Evaluating Should use pre-determined test If not possible required to devise alternative procedures If tests inconclusive alternative evidence should be sought from other means When evaluating results consider Nature Cause Impact on other areas of the audit

30 30 Summary Not all selective testing constitutes audit sampling Audit sampling is testing less than 100% of items that have a chance of selection Sampling risk is the risk that a sample is not representative Non-sampling risk arises from factors that cause the auditor to reach an incorrect conclusion (for any reason unrelated to sample size) Four stages in audit sampling are design, selection, testing and evaluation Statistical sampling requires random sample selection and use of probability theory Three methods of selecting representative samples are random number, systematic and haphazard Results are evaluated qualitatively and quantitatively

Download ppt "1 Audit Risk Week 10. 2 Risk Assessment in Planning AR = IR x CR x DR To meet desired level of Audit Risk Need to assess each component IR & CR can be."

Similar presentations

Ads by Google