1. Planning the Audit/Assessing Risks and Response to Risks 2222 Presented by s Mrs Marie Louise Teng Hing Voon, FCA Partner BDO Mauritius Member of Audit Practice Review Panel at the Financial Reporting Council

2. Planning - ISA 300 Assessing Risks - ISA 315 Responses to Risks - ISA 330 2222

3. PLANNING WELCOME AND INTRODUCTION Page 3 Overall audit strategy & develop an audit plan 1.Involvement of Key Team Members 2.Preliminary Engagement Activities 3. Planning Activities 4. Documentation 5. Considerations - Initial engagements 2222

4. 3.1 Develop Audit Plan Ethical requirements compliance 3.0 Establish audit strategy -Scope -Reporting objectives -Results of preliminary activities - Resources Understanding terms of engagement - Nature, timing and extent of risk assessment procedures (ISA 315) 3. Planning Activities 2.Perform Continuance Procedures – ISA 220 1. Engagement Team Discussion Further procedures – Assertion level ( ISA 330) 2222

5. IDENTIFYING & ASSESSING RISKS – ISA 315 2222

6. APPROACH Risk Assessment Procedures Understand the entity and its environment, including internal control Identify & Assess Risks of Material Mistatements IDENTIFY RISK Page 6 Identify and assess risk 2222

7. AUDIT RISK MODEL Audit risk Control risk Inherent riskDetection risk Risk of material misstatement Page 7 IDENTIFY RISK Page 7 IDENTIFY RISK 2222

8. Page 8 THE AUDIT RISK MODEL Control risk Inherent riskDetection risk Understand the business Understand and assess controls Our response 222

9. IDENTIFY RISK Page 9 RISK TERMINOLOGY Engagement level Assertion level Financial statement level responses / actions Significant RMM RMM RMM Level Identify Assess Respond Potential RMM Significant RMM RMM Significant Normal Audit Response 222

10. Engagement level AND ASSERTION LEVEL RISKS Engagement level Pervasively to F/S as a whole Not confined to specific elements, accounts or items of F/S Make us to change our overall behaviours and testing strategy relating to the audit as a whole Assertion level Relate to classes of transactions, account balances or disclosures IDENTIFY RISK Page 10 2222

11. IDENTIFY RISK Page 11 RISK ASSESSMENT PROCEDURES Basis for identification and assessment of risks Shall include: 1.Inquiries from management and others 2.Analytical Procedures 3.Observation and Inspection Page 11 IDENTIFY RISK 2222

12. UNDERSTAND THE ENTITY Industry factors Regulatory factors Other external factors Business operations Investing activities Financing activities Financial reporting Fraud Professional Judgement Potential RMMs? Page 12 IDENTIFY RISK 2222

13. Page 13 Internal Control Monitoring Control Environment Control Environment Risk Assessment Risk Assessment Control Activities Control Activities Information & Communications Information & Communications COMPONENTS OF INTERNAL CONTROL Page 13 IDENTIFY RISK 2222

14. IDENTIFY RISK Page 14 UNDERSTAND INTERNAL CONTROL Control environment Risk assessment Information and communications -IT Environment -IT General Controls Monitoring Professional Judgement Potential RMMs 2222

15. UNDERSTAND INTERNAL CONTROL Visits to the client's premises Discussions with management and staff Interviews with management’s expert Inspection of minutes Review of internal audit reports Observation Page 15 IDENTIFY RISK 2222

16. IDENTIFY RISK Page 16 UNDERSTAND INTERNAL CONTROL Corroborating inquiries of others within the entity Observing the application of specific controls Inspecting documents Reviewing reports 2222

17. UNDERSTAND THE INFORMATION SYSTEM Document information systems in use by the entity for financial reporting Determines if the system is ‘complex’ or not Obtain understanding of IS, including related business processes, relevant to financial reporting. IDENTIFY RISK Page 17 2222

18. DOCUMENTATION ETD to susceptibility of entity’s F/S to material misstatement Key elements of understanding obtained – entity and control components Identified and assessed RMM – F/S & Assertion Level Risks identified and related controls IDENTIFY RISK Page 18 2222

19. RESPONSES TO ASSESSED RISKS – ISA 330 2222

20. RESPONSES TO ASSESSED RISKS Audit Procedures responsive to the Assessed RMM @ F/S Level & @ Assertion Level Adequacy of Presentation and Disclosure Evaluate Sufficiency and Appropriateness of Audit Evidence Documentation Page 20 DESIGN AUDIT RESPONSE 2222

21. Design tests of controls - Expectation that controls are operating effectively - Substantive procedures alone not provide enough assurance Timing of Tests Evidence obtained at interim and previous audits Test controls over significant risks Page 21 DESIGN AUDIT RESPONSE TESTS OF CONTROLS 2222

22. SUBSTANTIVE PROCEDURES External confirmations? SAP – F/S Closure Process - F/s to underlying records - J/entries, Other adjustments SAPs specifically responsive to significant risk @ assertion level Timing of SAPs Page 22 DESIGN AUDIT RESPONSE 2222

23. LEVELS OF SAP ASSURANCE Page 23 DESIGN AUDIT RESPONSE Low degree of assurance - majority of assurance will be provided by other types of procedures FSA level ratios or comparison Likely to be internal client data Limited High degree of assurance Degree of precision is less than detailed SAP Data used is not from an independent source Enhanced Highest degree of assurance – no other work required for Normal RMM Level Relationship between underlying data is extensive and data is of high quality (independent source) Detailed 2222

24. Page 24 GENERAL FINANCIAL STATEMENT AREAS DESIGN AUDIT RESPONSE 2222

25. RECAP – AUDIT RESPONSE Our audit strategy and tests should be responsive to our risk assessment and tailored to reflect the facts and circumstances of the engagement Audit strategy is determined by judgement and a mix of ToCs, SAPs and/or OSPs Document - responses to address risks - Nature, timing & extent of procedures - results of procedures - Effectiveness of controls - F/S procedures Page 25 DESIGN AUDIT RESPONSE 2222