2Auditing Introduction What is auditing?Auditing is a systematic process of objectively gathering and evaluating evidence relating to assertions about economic actions and events in which the individual or organisation making the assertions has been engaged, to ascertain the degree of correspondence between those assertions and established criteria, and communicating the results to users of the reports in which the assertions are made.American Accounting Association (1973)
3The audit activity Summary Logical and structuredCollection and evaluation of evidenceObjectivityAssessment against a set of rulesCommunication to users of the reports
4Usual approach to study of auditing Duties, Responsibilities and EngagementTechniques of AuditingPlanning the AuditCollection and assessment of evidencesReporting the audit opinion
5Regulatory Framework Compliance Companies Act Common Law Precedents SSAPs & FRSsStock Exchange Requirements (if listed)ExecutionAuditing Practices BoardStatements of Auditing Standards (SASs)
6Duties and Obligations Auditors’ report 235.—(1) A company's auditors shall make a report to the company's members on all annual accounts of the company of which copies are to be laid before the company in general meeting during their tenure of office. (2) The auditors' report shall state whether in the auditors' opinion the annual accounts have been properly prepared in accordance with this Act, and in particular whether a true and fair view is given—(a) in the case of an individual balance sheet, of the state of affairs of the company as at the end of the financial year,(b) in the case of an individual profit and loss account, of the profit or loss of the company for the financial year,(c) in the case of group accounts, of the state of affairs as at the end of the financial year, and the profit or loss for the financial year, of the undertakings included in the consolidation as a whole, so far as concerns members of the company.
7Duties and Obligations Auditors’ report (3) The auditors shall consider whether the information given in the directors' report for the financial year for which the annual accounts are prepared is consistent with those accounts; and if they are of opinion that it is not they shall state that fact in their report.
8Duties and Obligations Auditor’s Duties 237.—(1) A company's auditors shall, in preparing their report, carry out such investigations as will enable them to form an opinion as to—(a) whether proper accounting records have been kept by the company and proper returns adequate for their audit have been received from branches not visited by them, and(b) whether the company's individual accounts are in agreement with the accounting records and returns. (2) If the auditors are of opinion that proper accounting records have not been kept, or that proper returns adequate for their audit have not been received from branches not visited by them, or if the company's individual accounts are not in agreement with the accounting records and returns, the auditors shall state that fact in their report.
9Duties and Obligations Auditor’s Duties (3) If the auditors fail to obtain all the information and explanations which, to the best of their knowledge and belief, are necessary for the purposes of their audit, they shall state that fact in their report. (4) If the requirements of Schedule 6 (disclosure of information: emoluments and other benefits of directors and others) are not complied with in the annual accounts, the auditors shall include in their report, so far as they are reasonably able to do so, a statement giving the required particulars.
10Exemptions for “small” companies With effect from 30 March 2004 the definition of a small company for audit purposes changed to the following:turnover of £1m to £5.6m anda balance sheet total of £1.4m to £2.8m.
11Common Law Cases Re London & General Bank (1895) Balance sheet errors reported to directors but not to shareholders.Held it was the auditor’s duty to report to shareholders any dishonest acts which affected the propriety of the information in the balance sheet.
12Common Law Cases Re Kingston Cotton Mill Co (1896) It is the duty of an auditor to bring to bear on the work he has to perform that skill, care and caution which a reasonable competent, careful and cautious auditor would use. What is reasonable skill, care and caution must depend on the particular circumstances of each case.An auditor is not bound to be a detective or…to approach his work with suspicion or with a foregone conclusion that there is something wrong. He is a watchdog not a bloodhound. If there is anything to excite suspicion he should probe it to the bottom; but in the absence of anything of that kind he is only bound to be reasonably cautious.
13Common Law Cases London Oil Storage Co. v Seear, Hasluck & Co (1904) Auditors are required to go beyond the books to ensure physical existence of assets to support their opinion of the truth & fairness of the accounts.Arthur E Green & Co v The Central Advance and Discount Corporation (1920)Auditor was held negligent in accepting a schedule of bad debts from an employee of the company when his evidence suggested more of the debts were bad. Auditors should not simply accept information supplied by company officers as fact.McKesson and Robins case (1938) USHuge fraud involving non-existent debtors and stock not detected by auditor.“Stock” in various locations and not physically verified by auditor.
14What does an auditor need to do? Australian Case ofPacific Acceptance Corporation Ltd v Forsyth & others (1970)Must pay heed to changing circumstancesIncorporate current best practiceEnsure staff involved in audit know what they are expected to doMust use adequate audit planBasically audit failure in which failure to do the above could be established would be prima facie evidence of negligence
15The Bannerman Case Extension of duties Royal Bank of Scotland v Bannerman Johnstone Maclay (2002)RBS provided overdraft facilities to APC LtdBannerman were APC’s auditorsAPC were required to send a copy of annual audited financial statements to RBS1998 APC went into receivership owing RBS £13,250,000RBS claimed that the previous year’s financial statements misstated APC’s financial position because of fraud which Bannerman had failed to detect.RBS had relied on the Bannerman’s unqualified opinion.Bannerman were therefore negligent
16The Bannerman Case Extension of duties Bannerman claimedEven if it was true that they had not detected fraud (which it was)RBS ‘s action could not succeed as Bannerman owed no duty of care to RBSThe court heldFacts of the case were such that they were sufficient in law to give rise to a duty of care to RBS
17True & Fair “True and Fair” concept resists precise legal definition company’s annual financial report mustcomply with accepted accounting standards andgive “a true and fair view”This does not imply a guarantee that every detail of a report is accurate, but simplythat in the auditor’s opinion the report represents a reasonable, balanced view of the company’s overall situation
18Planning the auditSAS 200Auditors should plan the audit work so as to perform the audit in an effective manner.Develop a general strategyDetailed approach of the expectedNatureTimingExtent of the auditConstraintsStaff resourcesTime
19Planning the auditAuditors should develop and document an overall audit plan describing the expected scope and conduct of the auditMatters to considerKnowledge of the businessRisk and materialityNature, timing and extent of proceduresCo-ordination, direction, supervision and review
20MaterialityAuditors should consider materiality and its relationship with audit risk when conducting an audit (SAS 220.1)Materiality is an expression of the relative significance or importance of a particular matter in the context of financial statements as a wholeA matter is material if its omission would reasonably influence the decisions of an addressee of the auditor’s reportMateriality may be considered in the context of any individual primary statement within the financial statements or of the individual items included in themMateriality is not capable of general mathematical definition as it has both qualitative and quantitative aspects
21But…. Example of gauge of materiality: Pre-tax income 5-10% Net (or after-tax) income 5-10%Gross revenue %Equity %Total assets %
22Risk AssessmentIn evaluating whether the financial statements give a true and fair view auditors should assess the materiality of the aggregate of uncorrected statementsAlpha RiskThe risk that the auditor may express a qualified opinion on financial statements that are not materially misstatedBeta RiskThe risk that the auditor may express an unqualified opinion on financial statements that are materially misstatedClearly Beta Risk is the much more likely
23Developing a Risk Model For Beta Risk to occurMaterial error needs to have occurredThe chances of this happening is commonly referred to as the Inherent RiskError needs to have not been detected by the client’s system of Internal ControlThe chance of this happening is referred to as the Control RiskAuditor must have failed to find the error in the course of substantive testing or analytical review proceduresThe chance of this happening is known as the Detection RiskIt is only when all of these conditions are fulfilled simultaneously that the auditor will give an inappropriate opinion on a set of financial statements
24Risk FormulaAudit Risk is the product of the Inherent Risk by the Control Risk by the Detection RiskAR = IR x CR x DRNote: Maximum Risk is assessed as 1 and lower levels between 0 and 1 e.g., Control Risk might be assessed e.g., 0.25 or 0.5.
25Use of the modelOnly some elements of the model are within the auditor’s controlthe auditor can do nothing about the Inherent Risk and the Control Risk.They can be assessed but not changedThe auditor can decide what level of overall Audit Risk to takeThis will normally be quite low: usually about 5% is considered acceptable.05 = IR x CR x DRTheoretically, the auditor can make Detection Risk as low as desiredTo eliminate risk altogether the auditor simply has to check every transaction, every asset and every liability
26The usefulness of this model Allows the auditor to set quantitative values on Inherent Risk and Control Risk so as to allow for an increased amount of Detection Risk and hence a lower level of substantive testing.The auditor will need to do less substantive testing if the Inherent Risk and/or the Control Risk are low. If, for example, the system of internal control is good then the Control Risk will be low leading to less substantive testing.The auditor will usually place some reliance on internal controls socontrol risk will be evaluated at less than oneThe exact figure will be found by means of an analysis of the results of tests of control but the auditor should err on the side of cautionControl risk should never be assessed as zero.
27The usefulness of this model Placing a numeric value on Inherent Risk is more difficultMany auditors will always regard Inherent Risk as maximum (i.e., 1)But although prudent it reduces the value of the modelFactors which need to be considered when placing a value on Inherent Risk would include:the financial position of the client;the type of industry in which the client is operating (e.g., newer, more high-tech industries carry higher levels of risk);the history of the client and the auditor’s past experiences with the client.the amount of pressure on the client, or the clients staff to produce results which live up to expectations, or the extent to which the remuneration of the management and staff are dependent upon the client’s results.
28An Example As an example assume overall Audit Risk of 5% is acceptable Inherent Risk is 80% andControl Risk is 50%.0.05 = 0.5 x 0.8 x DRtherefore DR = 0.05 / 0.5 x 0.8DR = or 12.5%The auditor now knows that he can afford to take a 12.5% chance of not detecting an error during the substantive testingConversely he needs 87.5% assurance that the substantive testing will pick up all material errors
29Advantages and disadvantages of the model it helps to eliminate ‘under’ or ‘over’ auditing;the results appear more rational and defensible than if the model is not used. This may be important if the auditor is called upon to support the decisions in a Court of Law;the model should help to allow work to be delegated to more junior members of staff who will be able to proceed without having to rely too much on their own judgement;the increased use of computers should make the statistical calculations required easier.
30Advantages and disadvantages of the model it is very difficult to put a quantitative value on Inherent Risk. Eg., the model may give an impression of accuracy which is unrealistic.for the model to be useful the populations involved need to be sufficiently large to allow for valid statistical conclusions to be drawn. This rules out the use of the model in many smaller audits.there is a danger of adapting an overly mechanistic approach and that the auditor will lose his ‘feel’ for the assignment.
31The audit risk matrixAn alternative form of the AR = IR x CR x DR model is the Audit Risk MatrixThis places the Inherent Risk and the Control Risk on the vertical and horizontal axis respectively and accesses them as maximum, high, moderate or lowReading off the correct combination gives the level of detection risk required