CONTENTS

CHAPTER 6 : AN OVERVIEW OF THE AUDIT PROCESS.

After completion of this tutorial letter you should be able to:..............................................................................2

Stages of the audit process: (know whole chapter per lecturer )..........................................................................2
Stage 1 : Preliminary engagement activities:..............................................................................................................2
stage 2 : Planning:........................................................................................................................................................2
Stage 3 : putting audit -Plan and strategy - into action.............................................................................................2
Stage 4 : Evaluate & conclude.....................................................................................................................................2

How the stages are linked:.................................................................................................................................. 2

role of ISA's : International standards on auditing............................................................................................... 3

DETAILS OF EACH STAGE OF THE AUDIT PROCESS:............................................................................................... 3

Stage 1 : Preliminary engagement activities:..............................................................................................................3
(ii) stage 2 : Planning:................................................................................................................................................5

CHAPTER 7: IMPORTANT ELEMENTS OF THE AUDIT PROCESS.

DEFINITIONS: as per isa 315........................................................................................................................................8
RISK ASSESSMENT PROCEDURES.................................................................................................................................8

The 4 important elements dealt with in this chapter, each one gone through by unisa, :.....................................8

Important Element 1 of 4 : AUDIT RISK................................................................................................................ 8

the risk Based approach to auditing............................................................................................................................8
DEFINITIONS of AUDIT RISK: (see glossary in saica book)...........................................................................................8
The components of audit risk:.....................................................................................................................................8
Risk at financial statement level and at assertion level:.............................................................................................9
Risk and materiality.....................................................................................................................................................9
Assessment of audit risk by the auditor....................................................................................................................10
levels of risk...............................................................................................................................................................10

Important Element 2 of 4 : THE CONCEPT OF MATERIALITY. see IAS 320............................................................13

INTRO:........................................................................................................................................................................13
the nature of materiality...........................................................................................................................................13
planning materiality and final materiality.................................................................................................................14
planning materiality...................................................................................................................................................14
Final materiality.........................................................................................................................................................15
CONCLUSION.............................................................................................................................................................15

Important Element 3 of 4 : UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT:..........................................15

THE ENTITY AND ITS ENVIRONMENT. see ias 315 : it gives all this in detail! bit by bit, also in the ‘a1 etc ’ appendix
part of ias 315............................................................................................................................................................15
Internal Control of Entity .( when understanding entity & environment)................................................................16
Significant risks : .( when understanding entity & environment ).............................................................................17
Communicating with ‘governance’ and management .( when understanding entity & environment)...................18
DOCUMENTATION : ( when understanding entity & environment)........................................................................18
Important Element 4 of 4 : THE AUDITORS RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIAL
STATEMENTS.................................................................................................................................................... 18
INTRO:........................................................................................................................................................................18
DEFINITIONS (LECTURER SAYS KNOW THESE WELL).................................................................................................18
THERE ARE ONLY 2 KINDS OF FRAUD TO BE CONSIDERED IN AUDITS :...................................................................18
respoNsibility of management and those charged with governance: (exactly in IAS 240)......................................19
respoNsibility of the auditor (exactly in IAS 240)......................................................................................................19
OBJECTIVE OF THE AUDITOR: (exactly in IAS 240......................................................................................................19
DURING ENGAGEMENT TEAM DISCUSSION AS PER IAS 315:....................................................................................19
risk assesment procedures to do by auditor exactly put in ias 240 .16-24..............................................................19
responses to the risk of material misstatement due to fraud (DO LEARN THIS as per lecturer)..............................20
Evaluation of Evidence:.............................................................................................................................................20
Management Representations to be gotten in writing : (in IAS240 EXACTLY vertabim!!!)......................................20
feel UNABLE TO CONTINUE ENGAGEMENT..............................................................................................................20
TO BE COMMUNICATED TO MNGMNT.....................................................................................................................21
TO BE COMMUNICATED TO AUTHORITIES................................................................................................................21

from appendix : many fraud risk factor CHARACTERISTICS (do learn)there are also ‘indicators of fraud’ in
appendix 2, that is not written here in own notes- note ….it is a different thing really. (SEE APPENDIX OF ias240
FOR WHOLE LIST).............................................................................................................................................. 21
CHAPTER 6 : AN OVERVIEW OF THE AUDIT PROCESS.

AFTER COMPLETION OF THIS TUTORIAL LETTER YOU SHOULD BE ABLE TO:

4.1. discuss the preliminary engagement activities you would perform before accepting a
prospective client;
4.2. identify and assess the risks of material misstatements through understanding the entity and
its environment;
4.3. discuss/describe the audit risk/risk of material misstatement;
4.4. implement procedures to address the identified audit risk by using the risk indicator;
4.5. know the difference between risk at overall financial statement level and the assertion level;
4.6. know the difference between audit plan and audit strategy and discuss the details dealt with
in the audit plan and audit strategy;
4.7. calculate materiality in planning and performing an audit and apply planning materiality
calculated to a given scenario;
4.8. distinguish the difference between fraud and error;
4.9. identify and explain the fraud risk factors and circumstances that might indicate the possibility
of fraud;
4.10. identify, discuss and apply the principles contained in the IFAC Code of Ethics (SAICA) in a
given scenario; and
4.11. identify, discuss and apply the requirements of the Auditing Profession Act (IRBA) to a given
scenario.

K NO W/ LE A R N WH O LE C H A P TE R PE R LE C T U R ER :

STAGES OF THE AUDIT PROCESS: (KNOW WHOLE CHAPTER PER LECTURER )

STAGE 1 : PRELIMINARY ENGAGEMENT ACTIVITIES:
(1) Decide whether to ESTABLISH/CONTINUE : Performing Procedures to decide whether to Establish/Continue a Relationship.
1. Step 1 - CLIENT INVESTIGATION : :Evaluate if -(1)- Firm can comply with ethical requirements if he were to accept the job ,
NAMELY THE 5 FUNDAMENTAL PRINCIPLES + EXTRA 1 IS INDEPENDENCE. : Eg: illegal operations, management is dishonest,
refusing to implement correct acc. policies , cannot pay, etc.
2. Step 2 - CAPACITY :Establish if auditor has the Capacity / Resources / if Client can be appropriately serviced or not.

(2) TERMS OF ENGAGEMENT :Formulate the terms of engagement.

STAGE 2 : PLANNING:
1) AUDIT STRATEGY :Establish an overall audit strategy.
2) AUDIT PLAN :develop one.to be in a position to develop one audit team must first do the next 3 things:
3) Obtain Understanding : of Entity and Environment incl. Internal Control.
4) Risk : of Material Mistatement :Assess risk of in the financial statements.
5) Materiality : Determine guidelines.

STAGE 3 : PUTTING AUDIT -PLAN AND STRATEGY - INTO ACTION.

1) RESPOND RISK FIN.STAT. LEVEL ('overall response') :Respond to assesed risk at financial statement level, eg: assign more experienced staff.
2) RESPOND RISK ASSERTION. LEVEL :By carrying out Tests Of Controls +Substantive Tests (to gather sufficient evidence to reduce risk to an
acceptable level.)
3) RESPOND TO SIGNIFICANT RISKS : By carrying out Tests Of Controls +Substantive Tests + Investigation eg laws regulations etc.

STAGE 4 : EVALUATE & CONCLUDE.

1) EVALUATE AND CONCLUDE :Evaluate and Conclude on Audit Evidence gathered.
2) AUDIT REPORT :Formulate Audit Report.

HOW THE STAGES ARE LINKED:

The preliminary stage is not really linked to the other stages , except for the fact that the info gathered here will be used in the rest of the audit in eg: evaluating the
client

The rest of the stages are closely linked

1- The planning stage is linked to Putting into action stage because the Nature/Timing /Extent of tests done in executing stage are determined in
planning stage
2- The executing linked to reporting because : all info gathered here is used in reporting + evaluate stage.
ALSO :
(Note: The stages are NOT standalone units and the activities within each stage do not fit neatly into the order presented.
Planning :is not standalone because \
1-as they execute current audit, next years audit is being planned.
 2- if problems develop in audit then new planning must again be done to implement additional procedures / audit strategy if needed. –so if you
are in stage 3 , you must go and do some stage 2 things again, but you are already in stage 3.)

ROLE OF ISA'S : INTERNATIONAL STANDARDS ON AUDITING

1) SA has adopted the IFAC (international federation of accountants) auditing standards : (ISA's).
2) Stipulate a standard& give explanatory comment how (does Not give a list of procedures)
3) Eg: STAGE 1 = ISQC 210 -terms of engagement + ISA 220R Quality control for audits of historical fin. Info. STAGE 2 = ISA 300 etc.

DETAILS OF EACH STAGE OF THE AUDIT PROCESS:

STAGE 1 : PRELIMINARY ENGAGEMENT ACTIVITIES:
 This is only a stage to see if the client is trustworthy, and if you are big enoufh to take on the job It does NOT entail studying the manufacturing process
or making big audit plans.
 The auditor needs to assess whether or not to act as an auditor for a new client or to continue acting as an auditor for an existing client. The auditor
should take into consideration the risks of legal liability or reputational damage, whether a quality audit can be conducted in terms of ISAs well as
regulatory and ethical requirements.
ISA ‘ S ETC :
(i) ISA200 ( A14-A17) for “ethical requirements for an audit of the fin.stats” in this ISA on ‘overall requirements for general audits’ ,
just talks about the 5 fundamental principles + independence , not much else.
(ii) ‘IESBA’ Code of Professional Conduct. : in the section on ‘new clients acceptance/continue’ about just 1-independence 2-
fundamental principles 3- ask old accountant and permission stories 4-multiple “threats & safeguards” to be put in place before you
accept ,mentioned.
(iii) ISQC1 par A7 - in this standard of quality control in general, it is just a few words about compliance with ethics , only states the
‘fundamental principles’ to be followed really .
(iv) ISA 220 para 12-14 & A8 –A12 in this ISA on ”quality control in an audit of fin stats”
(v) SAAPS 1 : used to apply but it has been withdrawn by SAIPA lately so it is gone.

WHAT TO DO IN THE PRELIMINARY ENGAGEMENT ACTIVITIES:

(vi) Decide whether to ESTABLISH/CONTINUE : Performing Procedures to decide whether to Establish/Continue a Relationship.
1. Step 1 - CLIENT INVESTIGATION : :Evaluate if -(1)- Firm can comply with ethical requirements if he were to accept the
job , NAMELY THE 5 FUNDAMENTAL PRINCIPLES + EXTRA 1 IS INDEPENDENCE. : Eg: illegal operations, management is
dishonest, refusing to implement correct acc. policies , cannot pay, etc.
2. Step 2 - CAPACITY :Establish if auditor has the Capacity / Resources / if Client can be appropriately serviced or not.

(vii) TERMS OF ENGAGEMENT :Formulate the terms of engagement.

(1) DECIDE WHETHER TO CONTINUE/ESTABLISH : ISA 220 R +ISQCI +ISA200 + IESBA CODE OF CONDUCT : STIPULATE :

(a) CLIENT INVESTIGATION : FIRST OF ONLY 2 THINGS TO CHECK

(i) ETHICAL (OF YOURSELF) :Evaluate if Firm can comply with ethical requirements. Ie: independence + 5 principles : eg: client
director is family of auditor.
ONLY 3 things for ethical:
a. FUNDAMENTAL PRINCIPLES :
i. Per S210 Code of Prof.Conduct : make sure the engagement will complies with the FUNDAMENTAL
PRINCIPLES, if it does not then :
1) Evaluate significance of THREATS
2) Apply SAFEGUARDS to eliminate /reduce threats to acceptable levels (eg obtain more knowledge of
enterprise, or secure client commitment to improve governance etc
ii. Fundamental Principles are : shall make sure all these principles are complied with before accepting /
continue with client
INTEGRITY;
OBJECTIVITY;
PROFESSIONAL COMPETENCE AND DUE CARE;
CONFIDENTIALITY
PROFESSIONAL BEHAVIOUR
b. INDEPENDENCE : Per ISA 200 .14 : it says do the fundamental princilples above PLUS also make sure it complies
with requirement of ” INDEPENDENCE “ Add this to the fundamental principles because it is very important. It is
basicly ‘objectivity’ , BUT just qute about it alone on its own – it must be mentioned (appears in ISA 200, but not
in IESBA’ Code of Professional Conduct., there it is called objectivity. Just REM to mention it A LOT) : ISA 200.a16 :
to be independent in (A) + mind (B) + appearance , It : enhances 1-integrity + 2-objectivity + 3-prof.scepticism , by
removing ‘influences’ per ISA200..
i. Threats to independance :of team,auditor,experts /or if adequate safeguards possible to stop threats.
ii. Conflicts of interest : eg both offer same services to same market.\
c. ANY LOCAL REGULATIONS /LAWS : of country that might add other things to the above

(ii) INTEGRITY OF THE CLIENT : The above factor will include integrity of principal owners, key management and those charged with
governance (ISA 220, par A8).
a. Business Reputation : Client Unethical or lacks Integrity.
b. Business Practices eg. Illegal : eg money laundering OR : Not wish to be assosiated with eg. Porn/tobacco.
c. Attitude To Accounting Standards. : acceptable financial framework : 'Fairest' OR 'most favourable picture'
accounting standards
d. Audit Fees payment /if they will pay fair fees or not.
 e. Client Impose Limitations On Audit. Eg restrict access to information.
f. Reasons For Change Of Auditors.; if suspect reasons

(iii) ETHICS & CLIENT INTEGRITY : other stuff trated separately by UNISA: ABILITY OF CLIENT TO PAY
(iv) ETHICS & CLIENT INTEGRITY : other stuff trated separately by UNISA BUSINESS STANDING RISK : (what is this and what is ‘
illustration of good practice 10’ referred to in tut 102 pg 8???)
(v) a ETHICS & CLIENT INTEGRITY : other stuff trated separately by UNISA SIGNIFICANT CHANGES IN
ENTITY AUDITED :for existing clients (ISA 220, par A8).If auditor became aware of any changes during current/previous audit
that may affect decision to carry on with client.
(vi) ETHICS & CLIENT INTEGRITY : other stuff trated separately by UNISA COMMUNICATION WITH THE PREDECESSOR
AUDITOR .: any info from here that may stop you taking job
(vii) ETHICS & CLIENT INTEGRITY : other stuff trated separately by UNISA VACANCY PER COMPANIES ACT (Sec 91 of the
Companies Act : ACT :).if all the rules of companies act regarding vacancies are complied with: ie 1- board must give names of
potential auditors to audit committee within 15 bus. days 2- may only appoint if audit committee did not refute/disallow that
auditor within 5 bus. days of getting the name.

(b) CAPACITY :ESTABLISH IF AUDITOR HAS THE CAPACITY

/ RESOURCES / IF CLIENT CAN BE APPROPRIATELY SERVICED OR NOT. :ISA220 PARA A8-A11
(i) ONLY : check if compliance with fundamental principles : by doing the below . (eg self – interest threat to professional
competence & due care if not enough capacity available)
1. USE OF AN EXPERT : (this comes MORE into audit planning in the audit strategy stage UNDER ‘SCOPE’ AND ALSO
‘DIRECTION’)
ISA 610: Using the work of internal auditors (par 8-9; par A4-45).
ISA 600: Special considerations – Audits of group financial statements (including the work of component
auditors) (par 12-14; par A10-A21).
ISA 620: Using the work of an auditor’s expert (par 7; 9; 12-13; par A10-A13l A32-A40)
Code of Conduct 210.8.

A. the auditor MUST use an expert if it is needed as a safeguard in upcoming audit, and if auditor wishes to use an
expert, he must determine if such reliance is warranted by using following Factors to Consider: per Code of
Conduct 210.8.
I. Reputation of
II. Expertise of (member of an association)
III. Resources of ( expert has enough to be able to do the work)
IV. Applicable Professional & ethical standards ( to that kind of exerts work – check if he fits in right with the
standards)

2. Experience: enough experienced managers etc.

3. Technical Skills (own guys) -competence in firm or access to other auditors or experts who do have the skills.
4. Resources : - Enough Team Staff in relation to size of client.
5. Resources : computers etc.
6. Time. – Manage to finish by Audit deadline Necessary to complete within deadline.
7. Quality control as per ISQC1
a. Per unisa: When you are required to discuss factors that you will consider prior to accepting the engagement, in
addressing quality control, we recommend that you write the following sentence in addressing compliance with
quality control: “ The audit firm would have to consider whether it could comply with ISQC1 and
SAAP1(withdrawn) in ensuring quality of the audit.”

SAFEGUARDS EXAMPLES FOR BOTH OF THE ABOVE :

(ii) Understand Aquire understanding of: enterprise
(iii) Understand relevant industry
(iv) Understand Relevant reporting & regulatory requirements
(v) Use experts where necessary
(vi) Assign enough staff
(vii) Comply with quality control policies ie: ISQC 1 etc.
(viii) Agree realistic time frame

P ROCEDURES TO GATHER PRELIMINARY ENGAGEMENT INFO .

(ix) Relationships to team/auditors : enquiry if any family etc.relationships exist(regular written from staff)
(x) Inside Inquiry / : Discussion ; directors,senior financial personnel,audit committee(2 heads better than 1, + experienced).
(Analytical Procedures are for planning stage(risk assessment) , not here
(xi) Outside Inquiry/ : of firms bankers,legal council,etc (permission must be sought first)
(xii) Observation & Inspection :of operations etc. and also of :
(xiii) Observation & Inspection: of Public Documents or made available : by client eg: group reports.
(xiv) Other Audit Procedures :Database searches : eg. internet
(xv) Other Audit Procedures :Previous Auditor : communicate with , in compliance with code of Professional Conduct.

REASONS WHY AUDIT FIRM MAY NOT WISH TO START RELATIONSHIP.

1. Business Reputation : Client Unethical or lacks Integrity.
2. Business Practices eg. Illegal : eg money laundering OR : Not wish to be assosiated with eg. Porn/tobacco.
3. Attitude To Accounting Standards. : acceptable financial framework : 'Fairest' OR 'most favourable picture' accounting
standards
4. Audit Fees payment /if they will pay fair fees or not.
5. Client Impose Limitations On Audit. Eg restrict access to information. (note: there is however nothing in any of the ISA’s which
says this is a reason to not accept , if the client does not allow inspection at the preliminary stage., but if it is documents
 needed to do the audit then it is not acceptable at all. Reasons: 1- could restrict info to a senior auditor to be confidential 2-
regard it as suspicious so treat with professional skepticism. 2- nothing in ISA’s but is an indicator of a major problem here!
6. Risk Sue Auditor : Client history of poor relationships with auditor.
7. Capacity :not competence+ resources, not able to do it (eg too big)
8. Ethical: see standards below ,eg: client director is family of auditor.
REASONS WHY AUDIT FIRM MAY NOT WISH TO CONTINUE WITH EXISTING CIENT.
(xvi) Same as above exactly.

2) TERMS OF ENGAGEMENT SEE ISA 210 WHICH IS ON “AGREEING TERMS OF ENGAGEMENTS ”, PARA 9-12 AND APPENDIX
1 FOR EXAMPLE LETTER IN DETAIL
a) This is formalising terms of engagement into an engagement letter, and having it signed.
b) When answering questions on preliminary engagement activities, we recommend that when you arrive at step 3, list the following: ( the full
engagement letter is on page
i) Issue an “ENGAGEMENT LETTER” to those charged with governance highlighting the following:
(1) Management and auditor’s responsibility.
(2) Duty to report to IRBA any reportable irregularity.
(3) (also per ISA210 ., but not per unisa, : (3) OBJECTIVE & SCOPE of audit (4) APPLICABLE FRAMEWORK as reference eg GAAPor other (5)
REPORTS to be issued after)

c) EXACTLY IS THE FOLLOWING :

d) Audit commitee of client must understand terms exactly
i) 'Expectation Gap' : Confused if objective is : find fraud / terminology misunderstand( eg compilation engagement,agreed upon procedure
engagements etc., Or if an opinion is to be given or NOT(eg for a review)
e) ISA 210 –auditor right to decide , but client must agree to how audit will be conducted.
f) The 'Letter of Engagement' should contain reference to:
i) Objective :Implied or Stated :ie to express an opinion on the fin.stats.
ii) Managements Responsibilities
(1) Preparation of Fin.Stats : plus refer to basis of preparation ie: IFRS. international fin.reporting standards.
(2) Accounting Records Maintenance of.
(3) Accounting Policies selecting
(4) Safeguarding Assets.
(5) Internal controls.
iii) Scope of Engagement + refer to laws etc eg:ISA's.: outline of what is to be done.
iv) The Form of Reports : that will be produced.
v) Inherent limitations , risk not detecting misstatements : sampling methods +internal controls
vi) Auditors Independance : auditor chooses tests + must be given access to all info needed.
vii) Managements duty prevent illegal acts + auditors duty : Reportable Irregularities to Gov.
viii) Written confirmation of oral representations by client: auditor expects this from client.
ix) Weakness in internal control will be brought to mngmnts attention.
x) Other parties Involvement : experts, previous auditor, other auditors,internal audit.
xi) Other services to be rendered: eg tax – and if delivered late etc.- must state if clients fault for not providing documents , or if auditors fault , and
penalties etc
xii) Name of Auditor responsible : not just the firm, but person himself responsible.
xiii) Performance Arrangements : Stockcount dates, meetings dates to be held.
xiv) Any Audit Deadlines.
xv) Fee's : basis of computation and invoicing arrangements.
xvi) Must sign letter.

(II) STAGE 2 : PLANNING:

The following standards are applicable to this section:

ISA 200 Overall objective of the independent auditor and the conduct of an audit in accordance with International Standards on Auditing.
ISA 300 Planning an audit of financial statements.
ISA 315 Identifying and assessing the risks of material misstatement through understanding the entity and its environment.
ISA 320 Materiality in planning and performing an audit.
ISA 330 The auditor’s responses to assessed risks.
ISA 600 Audits of group financial statements (including the work of component auditors) par 15-31; par A22-A55) Appendix 2 and Appendix 3.

1) INTRODUCTION:
a) ISA 300R in this ISA on ‘audit planning’ , see para 7 says : "the auditor should plan the audit work so that it will be performed in an effective
manner"

b) AUDIT STRATEGY & PLAN is formulated by : KEY EXPERIENCED TEAM MEMBERS ONLY
i) AUDIT STRATEGY : Risk of Misstatement at FINANCIAL STATEMENT level : CORRECTED BY : A UDIT STRATEGY : (words= SCOPE +
TIMING + DIRECTION)
ii) AUDIT PLAN : Risk of Misstatement at ASSERTION level : CORRECTED BY : A UDIT PLAN : (words= Nature + Timing
+ Extent)

c) Documentation: all Audit Plan + Audit Strategy must be documented for:

i) REFERENCE for team
ii) PROOF of proper planning by team
iii) RECORD OF KEY DECISION made

d) IMPORTANCE OF PLANNING:
i) Attention -: Plan to give enough to important areas of audit.
ii) Potential Problems : Identify & resolved.
iii) Audit team : Properly assembled
iv) Supervision +Review : and proper review of their work ,of audit team , facilitated
v) On time : completion of work planned

1) AUDIT STRATEGY :E STABLISH AN OVERALL AUDIT STRATEGY .

1) REM “Materiality “ is basicly officially done in THIS PHASE of the audit... strategy
2) PER unisa & IAS300 :In establishing the overall audit strategy, the auditor shall: (these+MANY examples are all shown very neatly in ISA300
appendix- and you marked it)
1. SCOPE : I.D. THE : Identify characteristics of the engagement that defines its scope;
For instance:
i) if it is maybe a statutory audit , or maybe JSE listed company , so securities exchange commission requirements to be adhered to
ii) The financial reporting framework (ifrs, sa gaap, grap, etc).
iii) Industry-specific reporting requirements (compliance with jse regulations), government regulations environmental, labour, etc.)
Etc.
iv) Number of locations for expected audit coverage.
v) need to outsource some experts
2. TIMING : REPORTING OBJECTIVES : Ascertain the reporting objectives of the engagement to plan the timing of the audit and nature
of communication required;
For instance:
i) companies Year End /interim reporting schedule
ii) Meetings
iii) timing +types of Reports
iv) Entity’s reporting timetable for interim financial results and year-end financial results.
v) Meetings with management and those charged with governance.
vi) Communicating with auditors of components regarding the time deadlines.
3. DIRECTION : OF ENGAGEMENT TEAM : consider significant factors in directing engagement team;
The significant factors will include for instance the following:
i) Materiality.
ii) Areas with higher risk of material misstatement.
iii) Volume of transactions.
4. PLUS ADD :PRELIMINARY ENGAGEMENT ACTIVITIES : Consider results of preliminary engagement activities;
5. PLUS ADD : RESOURCES : ascertain nature, timing and extent of resources necessary to perform engagement. staff- experience,
+management of eg :meetings, quality control reviews,evaluations etc.

3) OVERALL RESPONSES TO ADDRESS A HIGH RISK OF MATERIAL MISSTATEMENT AT THE FINANCIAL STATEMENT LEVEL : one includes the
following in the AUDIT STRATEGY (not in audit plan) (ISA 330, par A1-A3).
• larger samples :Extend sample sizes.
• more experience staff.Engage more experience staff.
•Follow a more ‘only’ substantive tests : approach or to do a more ‘combined’ approach (if there are deficiencies in the control
environment – ie tests of controls OR substantive testing ?Which one more? ).
• less analytical procedures : Perform more tests of detail and less analytical procedures.
• arrive unexpectedly Incorporate an element of unpredictability in testing-.
• professional sceptism Exercise professional sceptism.
• use an expert : Consider the use of an expert.
• doubt mngmnt representations :Put less reliance on management representations.
• Perform procedures closer to year-end.
• Lower materiality.

1) AUDIT PLAN :
a) OBJECTIVE OF AUDIT PLAN: The objective is to formulate an audit strategy and audit plan which ensures that the audit will be
conducted in an effective manner.
b) The audit plan is far more detailed than audit strategy

(1) PLANNING STAGE CAN BE BROKEN DOWN INTO FOLLOWING 5 STAGES :

(a) UNDERSTAND: :OF ENTITY AND ENVIRONMENT INCL. INTERNAL CONTROL. eg check if there is a risk of directors overstating stock, one cannot
do planning without first study Entity.
(b) UNDERSTAND: INTERNAL CONTROLS : understanding of internal controls to determine no. of samples to take
(c) UNDERSTAND : MATERIAL MISTATEMENT : assess risk of in the financial statements.
(d) UNDERSTAND: MATERIALITY : decide what is material, and what is not .
(e) FORMULATE AUDIT STRATEGY & AUDIT PLAN:

c) AUDIT PLAN MUST CONTAIN:

I) R ISK A SSESMENT : Planned Procedures :OF :
(1) NATURE of Procedures : make sure its sorted out ie :sufficient to asses risks of material misstatement
(2) TIMING of Procedures : make sure its sorted out ie :sufficient to asses risks of material misstatement
(3) EXTENT of Procedures : make sure its sorted out ie :sufficient to asses risks of material misstatement.
II) A T A SSERTION L EVEL : Planned Further Procedures : to respond to the risk identified above.
(i) NATURE of Procedures : for each MATERIAL CLASS of Account Balance, &Transactions, &Disclosure. Refers to the type of audit
approach and further audit procedures.The auditor can decide to follow either of the following approaches:
 1. A combined audit approach which entails tests of controls and substantive procedures. This is normally when the
auditor intend to rely on the operating effectiveness of controls or substantive procedures alone cannot provide
sufficient appropriate audit evidence at the assertion level (ISA 330, par 8).
2. OR Substantive procedures which entail both test of detail and analytical procedures. Irrespective of the assessed risks
of material misstatement, the auditor shall design and perform substantive procedures to each material class of
transactions, account balance and disclosure (ISA 330, par 18)
(ii) TIMING of Procedures : either before yr-end (interim), OR at and after yr-end, or early verification just prior to yr-end and roll
forward at yr-end OR at interim and at end after yr-end.+ can incorporate Unpredictability element.
(III) EXTENT of Procedures : Refers to how many or how detailed you will perform your tests or audit procedures.

III) A NY O THER P ROCEDURES N EEDED : plus this , to comply with any ISA’s

d) DOCUMENTATION : ALL AUDIT PLAN + AUDIT STRATEGY : must be documented for: (to contain : 1-audit plan 2- audit strategy 3- signifiacnt
changes made to them)
i) REFERENCE FOR TEAM
ii) PROOF OF PROPER PLANNING BY TEAM
iii) RECORD OF KEY DECISION MADE
CHAPTER 7: IMPORTANT ELEMENTS OF THE AUDIT PROCESS.
DEFINITIONS: AS PER ISA 315
NB
1) ISA 315 :”Understanding The Entity And Its Environment and Assessing The Risks Of Material Misstatement” : …is to obtain an understanding of
the entity ,its internal control and its environment, sufficient to identify and assess the risks of material misstatement of the financial
statements ,whether due to fraud or error , and sufficient to design and perform further audit procedures….
2) BUSINESS RISK : A Risk resulting from significant 1Conditions, 2Events, 3Circumstances, 4Actions Or 5 Inactions that could adversely affect an
entitys ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies.
3) Significant risk : A risk of Material Misstatement that in the auditors judgement , is one that requires Special Audit Consideration
4) Audit risk – risk that an auditor gives an inappropriate conclusion when there is a material misstatement IN FIN STATS (or elsewhere) , so if he
says there is no material miststement when there actually is one.
5) RISK ASSESSMENT PROCEDURES (5) :The Audit Procedures designed to obtain an understanding od the 1-Entity, incl. Its 2-Internal Control, and
its 3Environment, to identify and assess the Risks of Material Misstatement , whether due to 1Fraud or 2Error, at the 1Financial Statement And
2Assertion Levels.
6) INTERNAL CONTROL : The Process designed and effected by those charged with governance ,management and other personell to provide
REASONABLE ASSURANCE about the achievement of an entitys objectives with regard to 1Reliability Of Financial Reporting ,2Effectiveness,And
3Efficiency of operations and 4Compliance with applicable laws and regulations.
7) MATERIAL WEAKNESS: A weakness In Internal Control that could have a Material Effect on the Financial Statements.

RISK ASSESSMENT PROCEDURES

NB
1) RISK ASSESSMENT PROCEDURES :The Audit Procedures designed to obtain an understanding od the 1Entity, incl. Its 2Internal Control, and its
3Environment, to identify and assess the Risks of Material Misstatement , whether due to 1Fraud or 2Error, at the 1Financial Statement And
2Assertion Levels. THEY ARE PRIMARILY THE FOLLOWING (book very specifically states these)

a) INQUIRY : legal personel (fraud,contracts interpretation),sales personnel(sales),production , marketing , key management .

b) INSPECTION & OBSERVATION : check records /assets etc /watch internal controls/ mnftring operation
c) ANALYTICAL PROCEDURES : ratio & trend,unusual, prior years etc
d) Recalculation
e) Reperformance
f) OTHER AUDIT PROCEDURES : trade journals,internet,lawyers,bankers.
g) Discussion amoungst team members : 2 heads better than 1

2) Remember though : When using auditors toolbox – substantive tests + tests of controls :same type procedures used

THE 4 IMPORTANT ELEMENTS DEALT WITH IN THIS CHAPTER, EACH ONE GONE THROUGH BY UNISA, :
a) Risk in the audit ie : audit risk
b) Materialty concept
c) Understanding entity & environment
d) Auditors responsibility with fraud

IMPORTANT ELEMENT 1 OF 4 : AUDIT RISK.

For unisa they want :”Risk identification and assessment in obtaining an understanding of the entity and its environment including an evaluation of the entity’s
internal control.”

THE RISK BASED APPROACH TO AUDITING

The auditor identifies the fin stat assertions at risk of misstatement and plans the audit in such a way that it reduces this risk to an acceptable level

DEFINITIONS OF AUDIT RISK: (SEE GLOSSARY IN SAICA BOOK)

1) AUDIT RISK : definition:
a) As per International Framework for Assurance Engagements : Definition: (AUDIT) RISK is “ the risk that the practitioner expresses an
INAPPROPRIATE CONCLUSION when the SUBJECT MATTER INFO. is MATERIALLY MISSTATED ”.
b) As per ISA200 : Definition: Audit risk: – The risk that the auditor expresses an inappropriate audit opinion when the FINANCIAL
STATEMENT are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk (AR = IR x CR x DR).
c) So it is just the risk the auditor gives an UNQUALIFIED OPINION if he should have given a QUALIFIED OPINION.
2) Significant risk : A risk of Material Misstatement that in the auditors judgement , is one that requires Special Audit Consideration (Also refer to
tutorial letter 103.)
3) RISK OF MATERIAL MISSTATEMENT – The risk that the financial statements are materially misstated prior to audit. This consists of two
components, namely, inherent risk and control risk.
4) BUSINESS RISK : A Risk resulting from significant 1Conditions, 2Events, 3Circumstances, 4Actions Or 5Inactions that could adversely affect an
entitys ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies. (ISA 315, par
4(b))
.

THE COMPONENTS OF AUDIT RISK:

1) Per ISA 200 audit risk has 3 components
 1 -INHERENT RISK : (IR)
1) Is NOT controllable by auditor
2) The susceptibility of an assertion about a : 1-class of transaction, 2- acc. bal., or 3- disclosure
3) Built in risk eg: complex transaction calc’s MORE than simple transaction calc’s, or jewelry value more than cricket bat
value.
4) The risk “before” consideration of any controls.

2- CONTROL RISK : (CR)

1) Is NOT controllable by auditor
1) If Internal controls do not do their job properly. Due to LIMITATIONS OF INTERNAL CONTROLS :

(1) COST VS BENEFITS

(2) NON ROUTINE TRANSACTIONS
(3) HUMAN ERROR
(4) COLLUSION
(5) ABUSE =MNGMNT OVERRIDE
(6) CHANGE (UPSWING IN SALES)

2) Overcome by put control activites in place: eg segregation duties, access control, control environment.

3- DETECTION RISK (DR)

2) Is controllable by auditor – if inherent + control risk is high , he must increase experience staff,or no. of samples, etc, to
reduce detection risk.
3) May arise because 3 reasons: auditor
a) Selects :an Inappropriate audit Procedure
b) Misapplies :an Appropriate procedure
c) Misinterprets :results of a test

RISK AT FINANCIAL STATEMENT LEVEL AND AT ASSERTION LEVEL:

NB
ISA 315 gives all the following & says: must be assessed at 2 levels:
a) Financial Statement level:
b) Assertion level:
1. Financial Statement level
1) Possible reasons:
a) Management Crooked
b) Management Inexperienced/Unknowledgeable
c) Management Pressure to perform : no capital,etc.
d) Business nature : technology/fashion (obsolescence) ,complexity of capital structure,no.of locations.
e) Industry nature :economic conditions(recession) , competition, consumer demand, accounting practices.
2) Possible solutions: (etc)
a) Experienced staff
b) Supervision More
c) Professional skepticism Emphasise team
d) Surprise visits : add more unpredictability elements –
e) Change Audit : make plan different to in past
2. Assertion level:
1) Possible reasons:
a) Account Type : eg involve high degree of estimation: stock count fresh vegetables,or provision bad debts
b) Complex Transactions : eg sale &leaseback , contract accounting
c) Estimation /Judgement Involved : bad debts provision
d) Asset Vulnerability : eg cash
e) Near Year End :of fin period.Unusual OR Complex transactions : to manipulate transactions.
f) Non-Routine/Unusual Transactions: sale of old assets
g) Fin Stat level ‘problems’ can also affect this level directly by eg : Other could be added eg: mngmnt
integrity(completeness assertion :liabilities) /technology obsolete stock(valuation assertion: inventory )etc.
2) Possible solutions:
a) Address the risk relating to possible assertion directly eg: more samples , or get expert to valuation assertion for
technology stock.

RISK AND MATERIALITY

1. (AUDIT) RISK : Is “ the risk that the practitioner expresses an INAPPROPRIATE CONCLUSION when the subject matter info. is
MATERIALLY MISSTATED in the FINANCIAL STATEMENTS ”.
2. IMMATERIAL RISKS: if auditor identifies a risk as immaterial, BUT finds a major internal control problem there ALSO, he must :
i. CAN ignore iot for purposes of fin stat reporting
ii. MUST report it to management
iii. SHOULD carefully re-consider if it was actually correctly classified (as a immaterial risk).
3. MATERIALITY : When making a decision based on Fin. Stats. : the judgement of a reasonable person would be effected
a. Reasonable person/user =
i. Reasonable knowledge of Business and Economic Activities and Accounting.
ii. Willingness to study information with Reasonable Diligence
 ASSESSMENT OF AUDIT RISK BY THE AUDITOR
1) Each account heading can have a different audit risk , if there is a higher misstatement risk then there is a higher AUDIT
RISK. Eg [complex transactions VS simple transactions] or [leased VS purchased assets.]
2) Eg : For a leased asset VS purchased asset : is there a difference in the audit risk? Answer = YES
Leased attracts more risk of misstatement than a bought item because:
(1) Assertion : VALUATION
(a) LEASED = complex ie may not be clear on the contract – finance charges etc! need to check market values etc.
(b) PURCHASED = simple ….where is the purchase invoice ?
(2) Assertion : RIGHTS
(a) LEASE : is it a finance lease or operational lease, was it correctly capitalized?
(b) PURCHASED = simple receipt/licence
(3) Assertion : EXISTENCE
(a) (easy IN BOTH CASES = physical inspection

LEVELS OF RISK
1) TYPES OF LEVELS:
a) ISA’s only give ‘significant’ Definition; ISA315 :risks that require : Special audit consideration
b) Some audit firms have : high,medium,low
c) Some have :pervasive
d) Some have increased or decreased risk

2) Must have some or all of Following Characteristics: (see characteristics of significant risk IAS 315.27)
1. Fraud :Risk–to do with risk-
2. Recent Events : + Significant Related to in economic,acc,other –to do with risk-eg new IFRS standards, recession etc.
3. Complex :transactions From–to do with risk-merger/acquisition/unbundling
4. Related : parties , significant transactions with –to do with risk- eg: inter-company transactions
5. Estimation :/ Subjectivity/ High degree: in measurement of fin. Info. –to do with risk-estimate provision bad debts.
6. Outside Normal Operations :/unusual Transactions –to do with risk-eg: BEE transactions

2) Auditors Response to:

1. Experienced staff
2. Supervision More
3. Professional skepticism Emphasise team
4. Surprise visits : add more unpredictability elements –
5. Change Audit : make plan different to in past

NOTE THE FOLLOWING TABLE BY UNISA :RISKS AT THE FINANCIAL STATEMENT LEVEL : WE MUST BE ABLE TO SAY COLUMN 2 &3 AS THE ANSWER .
NOTE THE FOLLOWING TABLE BY UNISA :RISKS AT THE ASSERTION LEVEL ( SEE APPENDIX 2 OF ISA315 FOR MANY MORE EXAMPLES ) : WE MUST BE ABLE TO SAY
COLUMN 2 &3 AS THE ANSWER .
IMPORTANT ELEMENT 2 OF 4 : THE CONCEPT OF MATERIALITY. SEE IAS 320
INTRO:
1) It is generally understood and accepted by users of fin.stats that NOT 100% and may contain margin of error or uncertianity.HOWEVER margin of
error must be acceptable to users otherwise are of little value.-ie : Materiality.
2) DEFINITION : MATERIALITY : ( also in IAS 320 , one in begin of chaoter hodden , other for ‘performance materiality’ is under ‘definition’ heading
a) If omission or misstatement could affect users decisions
b) Size of item judged from particular circumstances.
c) Threshold or cut-off point rather than a qualitative characteristic - to be useful.

THE NATURE OF MATERIALITY

1) SUBJECTIVE : Materiality is very :1 auditor will get a different answer to another auditor, but many similarities.
2) RELATIVE, NOT ABSOLUTE : Materiality is very : material to small firm is maybe not material to large firm.
a) Eg :+/- Net profit before tax 5%, current assets 5% ,current liabilities 3% ,Total Assets 3 % Turnover 1%.
b) Net profit before tax is mostly used alone, none of others , so cross-mix ups do not occour.(most important one)
3) QUANTITATIVE AND QUALITATIVE : Materiality is very :Quali= non-figure eg a ‘law’ or disclosure / Quanti= figures.
WHEN ANSWERING QUESTIONS RELATING TO CALCULATING MATERIALITY IN PLANNING AN AUDIT: ,
follow the following steps:
1. Determine which figures to use: You are least likely to use the budgeted figures and/or figures that entail material misstatements, like
unaudited figures.
(1) budgeted figures;
(2) un-audited figures of current year; or
(3) prior year audited figures.
2. Consider the indicators and perform the calculations:
i) Turnover ½ - 1%
ii) Gross profit 1 – 2%
iii) Net income 5 – 10%
iv) Total assets 1 – 2%
v) Equity 2 – 5%
The above percentages are obtained from DP6. (The DP6 has, however, been withdrawn and we only use it to serve as a guide on which to base the
materiality calculation.

Remember to consider the nature of the business. In entity that is capital incentive you are likely to use total assets for your materiality calculation. The
materiality calculation bases will differ from audit firm to audit firm.
3. Determine the materiality Remember there is an inverse relationship between materiality and audit risk. Always substantiate your materiality figure
selected. Marks will be awarded for this, even if your calculations are wrong.

PLANNING MATERIALITY AND FINAL MATERIALITY

1) ISA320 says Auditor must consider materiality at 2 places:
a) PLANNING STAGE: DURING the “ STRATEGY STAGE “when determining nature,extent + timing of testing (planning materiality)
b) FINAL STAGE :when evaluating the effect of any misstatement (final materiality)

PLANNING MATERIALITY

EACH AUDIT FIRM USES ITS OWN TYPE OF MATERIALITY PLANNING: EITHER ONE OF THE FOLLOWING:
a) GENERAL WAY In a: just take the biggest money accounts, less for smaller money accounts.
b) PERCENTAGE AS a % : of account balances
c) FORMULA use a.

SETTING PLANNING MATERIALITY LEVELS :

(a) Materiality
(b) The Plannning materiality level is INVERSE to audit risk) : ie Low Materiality Level =1% High Materiality level = 10 % so if level is
high ,( ie 10% of revenue of 1000 is R100, so only things above 100 not below, BUT 1% of 1000 is 10, so ALL things above 10 – that’s
a lot more stuff to be checked! That is why it is INVERSE) risk is low and visa-versa.
(c) After studying firm you get an idea of disclosures to look out for and plan accordingly.eg:litigation,licences , economic
conditions,attention focused, key disclosures- eg R&D costs for pharmaceutical, asset intensive then assets etc. .see IAS 320 for
MANY.
(d) There are 3 kinds of Planning materiality and Final materiality :
2.1. 1) Financilal Statement as a Whole MATERIALITY
(i) Decide which item to use as the overall major indivcator, mostly profit for profit companies, or revenue for non-profit
companies, or assets for asset heavy public entities or profit before remuneration& tax for small owner salaried business.
2.2. 2) Assetion level transaction/balance/presentation MATERIALITY
(i) If there are any transactions/balances that are special due to following reasons, then materialty for each one can be
measured individually as well, in addition to overall materiality.
1. LAW /REGULATION : eg JSE rules
2. KEY DISCLOSURES : eg key disclosures- eg R&D costs for pharmaceutical
3. ATTENTION FOCUSED : on fin stat separately disclosed item eg: newly acquired business
2.3. 3) PERFORMANCE MATERIALITY :
(i) Copied fron Unisa : “Please note that the performance materiality calculated will be lower than the materiality calculated
during the planning phase of the audit. This enables the auditor to minimise the risk of expressing an incorrect audit opinion. “
(ii) This is where you add up the materialites of EITHER :
1. WHOLE FINANCILAL STATEMENT LEVEL :many small materialites making up the WHOLE FIN STAT materiality , choosing
those that where many IMMATERIAL materialites could all together cause a MATERIAL materiality.
2. ONLY ASSERTION SPECIFIC BALANCE/TRANACTIONS LEVEL : same as for above, you add smaller ones that make up the
whole, using prof judgement to choose which to add up – which could together cause a material thing- but individually
would be immaterial at thye same levels.
 THE 4 FACTORS TO BE CONSIDERED WHEN QUANTIFYING PLANNING MATERIALITY
a) USE OF PRESET GUIDELINES: eg % or formulas
b) SPECIFIC INFORMATION : its importance to users (special additional info. Eg conditions of loans)
c) LEGAL/REGULATORY REQUIREMENTS : eg special figures for JSE must be carefully audited
d) PRELIMINARY /FINAL FIGURES : if clients final figures differ a lot, materiality might have to be adjusted a bit

FINAL MATERIALITY
THE AUDITOR MUST DO THE FOLLOWING TO MAKE A FINAL MATERIALITY DECISION:.
e) AS THE AUDIT PROGRESSES THE AUDITOR if he finds more problems with some area than he thought would happen when he
decoded on his first materiality level, then he must re-calclate the materiality again and carry out extra procedures as required by the
ne level he now sets. The final level he ends up with is at the end of the audit , where PRELIMINARY /FINAL FIGURES : if clients final
figures differ a lot, materiality might have to be adjusted a bit , can happen, and he will finally end up with the final figure that will not
change again. This must be documented.
i) ANALYSE AND Project :the errors in sample over population specified
ii) DECIDE IF FURTHER TESTS :should be carried out or whether client should be asked to check the population in detail for further
errors.
iii) DISCUSS WITH CLIENT MNGMNT :all misstatements in detail with management in order to attempt to have them rectified .If client
does NOT correct them , it could be for following reasons: (then auditor will have to qualify his report IF it is material )
(1) Disagree with Auditor : eg eg client says stock is not obsolete, or something is not a financial lease per IAS 17 so not to be
capitalized etc.
(2) Do not regard as Material : client says it would not influence a user
(3) Directors Crooking the Books : eg want some ratio, so get stubborn
(4) Regard it as ‘too much hassle’ to make changes. : all the fin stats
(5) Do not care if Fin Stats. Are Qualified. :stuff you

FACTORS TO BE CONSIDERED IN EVALUATING UNRESOLVED AUDIT DIFFERENCES (IN BOOK , NOT TUT OR
IAS)
i) Known errors and likely errors : known = sales invoices wrong period(strong ground) Likely= provision bad debts(weak ground for
auditor)
ii) Misstatements should not be considered in isolation: seek patterns
iii) Statutory and other contractual obligations :eg directors emoluments,contractual obligation need keep fixed ratio
iv) Nature of the misstatement.: eg: IFRS standards important, misallocate expense less, director cheat more,
v) Impact of the misstatement: Specificly on Popular figures & ratios eg :EPS (earnings per share)
vi) The absolute and relative size of the misstatement.: if 1 milllion is Relatively – unimportant , But Absolutely – just too much , then
auditor takes action anyway.
Basicly , to overlook some misstatement because client will be unhappy is Unprofessional.

CONCLUSION
1) No magic formula, takes years of experience , confidence grows as experience increases.

IMPORTANT ELEMENT 3 OF 4 : UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT:

THE ENTITY AND ITS ENVIRONMENT. SEE IAS 315 : IT GIVES ALL THIS IN DETAIL! BIT BY BIT, ALSO
IN THE ‘A1 ETC ’ APPENDIX PART OF IAS 315
1) KNOW THIS ONE ONLY ,JUST READ THE REST :As per ISA 315 , the auditor should obtain an understanding of (pg6/8)
a) INDUSTRY Relevant INDUSTRY , REGULATORY, and other EXTERNAL FACTORS. (of whole industry)
b) ENTITY :NATURE of the Entity. (of just entity itself)
c) ACCOUNTING POLICIES. The Entitys selection of
d) OBJECTIVES &STRATEGIES of entity and the related business RISK ,of Entity
e) FINANCIAL PERFORMANCE. of Entity
2) As per ISA 315 , the auditor should obtain an understanding of (IN DETAIL,SAME AS ABOVE):
a) of whole industry -INDUSTRY , REGULATORY, and other EXTERNAL FACTORS, that are Relevant
i) INDUSTRY:
(1) cyclical/seasonal
(2) Risk Profile : high eg fashion /technology –OBSOLETE etc, labour volatility, boom/recession, competativeness.
(3) Gov.Mometary Policy. : incentives,restrictions,foreign exchange
ii) REGULATORY:
(1) Tax,health, environmental
(2) Accounting policies.
b) of just entity itself - NATURE of the Entity.
i) PRODUCTS , MARKETS, SUPPLIERS, OPERATIONS:
(1) Products & Markets: key customers/suppliers , export/import , market share , pricing policies and margins
(2) Retailer/wholesaler/service
(3) Internet trading
(4) Key Suppliers
(5) Location addresses
(6) Labour : unions, pension commitments,regulated eg: minimum wages etc.
(7) R&D
(8) Franchisees,licences,patents
(9) Stock :Quantity,types,location
 ii) OWNERSHIP & GOVERNANCE:
(1) Structures : corporate,organizational,capital
(2) BEE
(3) BoD : governance adherence ,risk management, reputations, committees, meetings
(4) Management Operational : pressures to perform/deadlines , performance based remuneration , capabilities etc
(5) Internal Audit dept.
iii) INVESTMENTS AND FINANCING ACTIVITIES :
(1) Acquisitions/mergers
(2) Investments : other entities(joint ventures,partnerships) , plant & Equipment, technology
(3) Sources of Finance
(4) Group Structure ;
(5) Debt Structure:
(a) Covenants
(b) Restrictions
(c) Off balance Sheet
(d) Leasing
(e) Related Parties
(f) Derivatives
iv) FINANCIAL REPORTING:
(1) The Reporting Environment : deadlines, profit share/remuneration based on financials, 3rd party reliance(bank lend etc),
shareholders expectations, pressure to perform from holding company/overseas affiliates.
(2) Specifically Relevant Accounting Practices : revenue recognition ,accounting for fair values ,foreign currency assets.
c) ACCOUNTING POLICIES , the Entitys selection of
i) If appropriate or not
ii) If consistent with that Type Industry standard.
iii) OF SPECIFIC INTEREST TO AUDITOR:
(1) Unusual Transactions: Accounting for unusual transactions
(2) No Accounting Policies Available New’ Matters :Accounting Policies adopted for controversial or ‘/issues, for which there is no
standard
(3) Change Accounting Policies :Reasons and appropriateness of changes client has made to accounting policies
(4) Change Accounting Policies :If New Standards Adopted :How client adopts & implements new standards in accounting.
d) OBJECTIVES & STRATEGIES ‘RISKS’ of Entity . : eg Risk=Sales on credit to customers who will not pay. Potential Misstatement: bad
debts /////or //// Risk=import regulation contraventions,,overestimate demand, product liability Potential Misstatement: overstate
inventory(cannot legally sell products) , Underprovision for legal claims.
e) FINANCIAL PERFORMANCE, (Income Statement) of Entity.
i) After considering the following things in Evaluation of Performance, a unusual result may indicate mngmnt manipulation from
pressure from holding company.
(1) Ratios/trends ,
(2) comparable info mnth-mnth / division-division / industry- industry.
(3) Budgets/forecasts
(4) Employee Incentive/performance schemes. Or. Holding company pressures to perform.

INTERNAL CONTROL OF ENTITY .( WHEN UNDERSTANDING ENTITY & ENVIRONMENT)

ISA 315 gives a more formal approach to internal control than chapter 5, and requires the auditor to have understanding of following 5
components of internal control:

COMPONENT 1 : THE CONTROL ENVIRONMENT

Sets the tone of organization and influences control consciousness of staff, positive audit risk factor if good, fraud less
Control Environment : Attitude and awareness of managers & directors to internal controls and their importance to entity.
(a) Eg: fin accountant does not bother to check recon of creditors ledger to creditors statements made by creditors clerk
PROPERLY ,only HALF,before paying ,.So soon clerk wont bother to actually reconcile properly.
(b) ISA 315: says good control environment characterised by:
(i) Mngmnt Commitment/implements/employ : Integrity and Ethical values and Sound Performance.
(ii) Mngmnt Commitment/implements/employ : Competent staff
(iii) Mngmnt Acts/displays : Leadership , Sound judgement , (+Ethical behaviour).
(iv) Mngmnt Inluence Positive: Acts/displays : Integrity & Ethical.
(v) Organisation Structure/policies promotes this : Authority + Responsibility + Reporting : relationships
(vi) Organisation Structure/policies promotes this : Planning + Execution +Control + Review
(vii) Good HR policies : Training & development , Compensation fair & benefits ,get competent ethical staff.

COMPONENT 2 : ENTITYS RISK ASSESSMENT PROCESS :

(1) THE PROCESS OF THE ENTITY IN PLACE TO:
(i) Identify Business Risks:
(ii) Estimate significance of each Risk:
(iii) Assess likelihood of its occourance
(iv) Respond to risk.
(2) In larger organizations :
(i) Committees hold regular meetings.
(ii) Appoint chief Risk Officer and/or Compliance Officer
(3) Smaller organizations & generally: managers job
(4) Audit by Inspecting:
(a) Documentation eg;
(i) Minutes of special committee meetings.
(ii) Inter-office memos on rectifying problems/ rectifying risks.
 COMPONENT 3: CONTROL ACTIVITIES: (INTERNAL CONTROLS)
1) Info. Is Gathered on this by auditor in same way as for I.T. above (iv)
2) Ensure mngmnts objectives carried out- policies & procedures which
3) Auditor ONLY concerned with those ones where MATERIAL MISSTATEMENT likely. EG:
a) Authorisation of transactions
b) Segregation of duties
c) Physical control over assets
d) Comparison + reconciliation
e) Access controls
f) Custody controls over eg: blank cheques
g) Good document design etc etc etc

COMPONENT 4: MONITORING OF CONTROLS:

1) How internal controls are monitored, to ensure they are actually done.
2) If no monitoring, not be long before employees order goods for themselves,write off friends debt,steal stock etc)
a) Eg:\
i) Regular employee performance reviews
ii) Weekly IT manager srutinises logs+exeption reports
iii) Telesales manager replays recordings check procedure
3) Info. Is Gathered on this by
a) Inspection :Documents on ‘monitoring activities’ /’performance reviews’.
b) Discussion :Internal auditors discuss with

COMPONENT 5: THE INFORMATION SYSTEM:

1) Auditor wants info on RELEVANT info ie: fin stat , not nonsense, he wants info on:
a) FINANCIAL REPORTING and COMMUNICATION.
i) “Classes of transactions” that are relevant to Fin.Stats.
ii) Procedures : Manual + IT for A-Z ‘initiate transaction to fin stat’‘ process.
iii) Capturing of NON-FINANCIAL info: eg contingent liabilities.
iv) Accounting Estimates + Disclosures
v) Controls over Unusual transaction Journal Entries
vi) Manner fin. Info. Is conveyed to board, audit committee, JSE etc.
b) COMPUTERISED INFORMATION SYSTEM.
i) Aspects of IT sys to Consider for Auditor:
(1) Computerised applications
(a) Which? Eg payroll / acquisitions & payments.
(b) Environment : bureau,micro/network/centralized
(c) Application software : purchased or inhouse ,input sources,important masterfiles etc.,new/old
(2) Hardware
(a) Makes +types (establish compatability with auditors own system)
(b) Location - factory,branches etc
(3) Software
(a) O.s,utilities,DBms,access control software etc.
(4) Organisation + Control
(a) Internal controls+ personnel structure
(5) Complexities of the System
(a) Complex databases,internet,EFT,LANS,WANS,EDI(electronic data interchange),
(6) Level of Dependence (on system by client) : eg wages , if broken - disruption
ii) Risks to Internal Control:
(1) Programming Errors : eg calc.vat incorrectly.
(2) Unauthorized Access to data : could delete/contaminate entire masterfile etc!
(3) Unauthorised Changes to data:
(4) IT personell fiddling data eg salaries.
(5) Instantaneous Fraud Processing: eg eg funds transfer.
(6) Data non-access from system failure.
iii) Risks to IT System
(1) New employees
(2) Rapid growth
(3) New technology
(4) Introducing new business models
(5) Corporate restructuring
iv) How auditor gathers Info on system:
(1) Observation.
(2) Inquiry (+questionaires)
(3) Discussion (past auditor, mngmnt,outsiders,software providers)
(4) Discussion (Internal Auditor + review their workpapers)
(5) Trace info through system.
(6) Flowcharts inspection

SIGNIFICANT RISKS : .( WHEN UNDERSTANDING ENTITY & ENVIRONMENT )

NB
1) Definition; ISA315 :risks that require : Special audit consideration
 2) Classed as: low medium high , or specific or pervasive , increased or decreased
3) Must have some or all of Following Characteristics:
1. Fraud :Risk–to do with risk-
2. Events :Recent + Significant Related to in economic,acc,other –to do with risk-eg new IFRS standards, recession etc.
3. Complex :transactions From–to do with risk-merger/acquisition/unbundling
4. Related : parties , significant transactions with –to do with risk- eg: inter-company transactions
5. Estimation :/ Subjectivity/ High degree: in measurement of fin. Info. –to do with risk-estimate provision bad debts.
6. Outside Normal Operations :/unusual Transactions –to do with risk-eg: BEE transactions
2) Auditors Response to:
1. Experienced staff
2. Supervision More
3. Professional skepticism Emphasise team
4. Surprise visits : add more unpredictability elements –
5. Change Audit : make plan different to in past

COMMUNICATING WITH ‘GOVERNANCE’ AND MANAGEMENT .( WHEN UNDERSTANDING ENTITY

& ENVIRONMENT)
1) Auditor MUST : ASAP inform management or governance personell of material weaknesses in Internal controls and Risk assessment process.

DOCUMENTATION : ( WHEN UNDERSTANDING ENTITY & ENVIRONMENT)

Auditor MUST document his all work .see ias315 for details needed

IMPORTANT ELEMENT 4 OF 4 : THE AUDITORS RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT

OF FINANCIAL STATEMENTS.
INTRO:
1) Due to increase in fraud worldwide eg: enron.parmalat,leisurenet ,auditing profession responded by amending ISA.’s In past objective of
audit NOT to discover fraud(see postulates of auditing) but to express opinion on fin stats to increase confidence.The primary objective is
still not to discover fraud, but more emphasis has been placed on this.
2) Recent developments in Auditing to respond :
a) ISA 200 : ‘Emphasise Professional Scepticism’
b) Isa315 ‘assesses the risk of fraud’
c) Isa330 ‘respond to assessed risk ‘
d) THE MAIN ONE:
i) ISA 240R Title: “The auditors responsibility to consider fraud in an audit of fin stats.” States objective of auditor is to:
(1) I.D. risk of material misstatement due to fraud
(2) Gather sufficient appropriate evidence regarding assessed risks
(3) To respond appropriately to fraud or suspected fraud in the audit

DEFINITIONS (LECTURER SAYS KNOW THESE WELL)

1) ERROR: an unintentional act which results in misstatements in the fin. Stats. 3 (eg calc. interest wrongly,mistake in journal entry,not by
auditor but by client , not on purpose)
2) FRAUD: an intentional act involving deception to obtain an illegal advantage 3
3) FRAUD RISK FACTORS : Events or Conditions that show an Incentive, or Pressure or provide Opportunity to commit fraud. 2/5
4) MANAGEMENT FRAUD : fraud involving one or more members of management OR those charged with governance.
5) EMPLOYEE FRAUD : fraud involving employees, NOT management or those charged with governance.

THERE ARE ONLY 2 KINDS OF FRAUD TO BE CONSIDERED IN AUDITS :

1) FRAUDULENT FINANCIAL REPORTING : Fraudulent Financial Reporting invoves intentional misstatements ,including omissions,in
financial statements,to deceive users of the financial statements.It is normally perpetrated by those charged with governance or
management (they have the most control over fin stats/prepare them)
a) It may be accomplished by the following:
i) SUPPORTING DOCUMENTS :Underlying the financial statements. Manipulate ,Falsify , Alter .
(1) Change balance on a debtors account to reflect a higher value
(2) Inflate cost price of inventories
(3) Include fictitious sales

ii) FINANCIAL STATEMENTS :Misrepresent OR Omit from events,transactions, or significant information.

(1) NOTES , OMIT in NOTES a significant contingent liability from the NOTES.
(2) UNDERPROVIDE /or do not :for all known future losses.
(3) SALE Failing to reflect the SALE of material assets.

iii)
ACCOUNTING PRINCIPLES :Intentional misapplication to amounts,classification,manner of presentation or disclosure.
(1) failing to CAPITALIZE FINANCIAL LEASES.
(2) INAPPROPRIATE POLICY to inflate profits
KNOW ALL OF (iv) below per lecturer
iv) MANAGEMENT OVERRIDE (particularly where controls appear to be operating effectively)
(1) FICTITIOUS JOURNAL ENTRIES –eg fictitious sales in journal
(2) JUDGEMENTS/ESTIMATES - eg understate asset impairments
 (3) YEAR END DATE : Omit /Advance /Delay recognition of transactions at balance sheet date. Eg Premature recognize
profits on long term contract, or include sales from following year in current fin year to inflate ‘sales’ (STOP THIS BY
GOING ON YEAR END DATE AND WRITING END ON LAST SALES DOCUMENTS SO YOU CAN CHECK NUMBERING
AFTERWARDS)
(4) DISCLOSURE of FACTS : Hide disclosable facts ; eg a claim for damages against company
(5) COMPLEX TRANSACTIONS : structured to MISREPRESENT financial PERFORMANCE /POSITION of company. Eg manipulate
inter-company balances in a group to ‘reallocate profits’.
(6) ALTERING RECORDS /or TERMS relating to significant or unusual transactions.

b) Eg: directors deliberately understate liabilities and overstate assets to secure a loan, or manipulate earnings to reduce taxation , or to
get performance bonus’s.

2) MISAPPROPRIATION OF ASSETS : theft of companies assets , by employees or mngmnt,harder to detect with mngmnt they can conceal it
easier.includes:
a) Embezzlement:
i) Stealing cash sales
ii) Stealing cash received from debtors, and then writing debtor off as bad.
b) Physical assets or intellectual property:Theft of or
c) Pay for goods and services not received: Causing entity to ficticious employees- keep the money,or pay a ficticious company set up by
management for goods never received.buy things for own use through company
d) Using companies assets for personal use : hire out equip on weekends, keep cash.

Eg: if you sign on delivery invoice for goods received ,it is easy to commit fraud, just slip in a false delivery note.stop this by using a ‘goods
Receiving Note’ : sequential numbering hard to slip in a duplicate.If no numbering though- just print a new document then slip it in ,+ must use
special printing & special paper, to stop photocopying.

RESPONSIBILITY OF MANAGEMENT AND THOSE CHARGED WITH GOVERNANCE: (EXACTLY IN IAS

240)
NB
1) Responsibility for the 1- Prevention 2-Detection of fraud lies with those charged with 1-governance 2- management
(a) Strong control environment – responsibility also rests with those charged with 1-governance 2- management .
(b) Management responsible for Concious assessment of of risk of fin stats materially misstated.

RESPONSIBILITY OF THE AUDITOR (EXACTLY IN IAS 240)

NB
Where does that leave the auditor?
1) The auditor’s responsibility is to conduct the audit in accordance with ISAs and obtain reasonable assurance that financial statements taken
as a whole are free from material misstatements, whether caused by fraud or errors.
2) He achieves this responsibility by doing 3 things only :
(a) Professional Scepticism {even mngmnt with integrity can be tempted to fiddle fin stats to meet group performance targets}
(b) Consider mngmnt override
(c) Recognize fact internal controls for detecting errors not enough to detect fraud

OBJECTIVE OF THE AUDITOR: (EXACTLY IN IAS 240

1) ID & assess risks of material misstatement
2) Obtain sufficient appropriate evidence to respond to these risks
3) To respond appropriately to any detected/suspected fraud

DURING ENGAGEMENT TEAM DISCUSSION AS PER IAS 315:

1) Audit Team { auditor must make team aware of duty to watch out for fraud}

RISK ASSESMENT PROCEDURES TO DO BY AUDITOR EXACTLY PUT IN IAS 240 .16-24

1) SPECIFICLY ASK MANAGEMENT :
i) Their Assessment :THEIR ASSESSMENT OF RISK that FIN STATS may be MISSTATEMENT DUE TO FRAUD.
ii) Processes Identifying :THEIR PROCESSES FOR IDENTIFYING FRAUD ,INCL. ANY LIKELY OR ALREADY IDENTIFIED
iii) Processes Responding :PROCESSES FOR RESPONDING TO FRAUD ; eg one supplier alleges buyer takes kickbacks from other
supplier.
iv) Communicate Stance :HOW MNGMNT COMMUNICATED ITS STANCE ON ETHICAL BEHAVIOR TO EMPLOYEES.
v) ALSO :
(1) Ask other employees & management if they have any knowledge /suspect of any fraud
(2) Ask Internal audit if they have any knowledge /suspect any fraud
2) GOVERNANCE : obtain an understanding of how those charged with governance , unless they are also management ,exercise their
responsibility by:
i) Oversight
ii) Any actual knowledge / suspect of
3) ANALYTICAL PROCEDURES : unusual or unexpected relationships eg unusual fluctuations in gross profit percentage.
4) OTHER SOURCES: eg: from previous audit engagement at client
5) FRAUD RISK FACTORS : if any are present from assessing Entity and Environment.

6) These can all be done at Financial statement & Assertion level : Identify and Assess Risk of Material Misstatement due to FRAUD at level of
 RESPONSES TO THE RISK OF MATERIAL MISSTATEMENT DUE TO FRAUD (DO LEARN THIS AS PER
LECTURER)
NB (I N I A S 2 40 E XA C T LY V ER TA B I M ! ! ! )

AT FINANCIAL STATEMENT LEVEL: (IN IAS240 EXACTLY VERTABIM!!!)

1. Assign appropriate staff:

1.1. Strongly Independent /Strong Willed
1.2. Competent
1.3. Experienced
1.4. That adopt Professional Scepticism
2. Accounting Policies :Consider those adopted by mngmnt :Appropriate & Properly applied OR indicative of possible
fraudulent earnings manipulate/influence users etc
3. Element of Unpredictability: nature ,timing,extent : surprise vistis etc.

AT ASSERTION LEVEL: (IN IAS240 EXACTLY VERTABIM!!!)

1. Nature ,timing ,extent :consider of tests to minimize risk of misstatement in assertions

2. Nature ,timing ,extent ;
2.1. Remember difficult to detect concealed things
2.2. Strong evidence : must get strong, not weak, evidence for any serious allegations.
3. CORROBORATIVE Multiple tests : experts+observation+inspection+analytical review +element of Unpredictability.
+CAATS(find duplicate bank acc. No. for fake employee payroll scam)

MANAGEMENT OVERRIDE: (IN IAS240 EXACTLY VERTABIM!!!)

2.4. CHARACTERISTICS OF FRAUDULENT JOURNAL ENTRIES:
1.1. Unusual Accounts :entries made to unusual,unrelated,or seldom used acc’s
1.1.1. Nature+Compexity : eg not reconciled regularly ,or acc .with no specific purpose eg slush funds.
1.1.2. Normal course of business : ie non- recurring ,not subject to standard internal controls.
1.2. Other People :passed (entered/done)by people who normally do not do journal entries.
1.3. Narrations: Not supported by adequate reasons,explanations or descriptions
1.4. Ledger :Not posted to ledger, but direct to fin stats(loss of audit trail.)
1.5. Round Amounts : Or Consistent Ending Numbers only.
2. Journal Internal Control : Entries authorisation : concentrate on entries where controls are weaker
3. End Year adjustments: procedures to check journal entries & adjustments.
4. Fraud Risk Factors : consider these, eg if there is already an assessed risk debtors payment embezzeled & written off as
bad debt.
5. Weak Internal Controls Unusual transactions :Significant transactions outside normal course of business eg: purchase firm
which makes different products.

EVALUATION OF EVIDENCE:
1. After initial audit procedures : reconsider at end if anything in evidence might indicate fraud
1.1. Acc records discrepencies :non-timeous recons, unauthorized trasactions eg travel expense,unneeded access to
records possible by eg foreman,tips /complaints
1.2. Conflicting evidence : unexplained recon items,unusual ratios eg commission up but sales same,implausible
explanations from employees,excessive charges /payments to eg lawyers/suppliers
1.3. Missing evidence missing purchase orders,
1.4. Management-auditor : Problematic or unusual relationships between auditor and : deny access to
records,overd:one time pressures,intimidation of team,unwillingness to allow (reasonable)CAATS.etc
2. Consider if un- fraud- like misstatements could be intentional ,esp. if their effect on fin. Stats. Is very significant.

MANAGEMENT REPRESENTATIONS TO BE GOTTEN IN WRITING : (IN IAS240 EXACTLY

VERTABIM!!!)
1. Auditor must get written confirmation from management that:
1.1. Fraud Internal controls: Mngmnt responisible for design+implement Internal controls to prevent & detect fraud
1.2. Disclosed assessment :Mngmnt has disclosed to auditor their assessment that misstatement due fraud in current
fin stats.
1.3. Prior fraud : mngmnt has disclosed to auditor prior fraud by 1-employees 2-mngmnt
1.4. Suspected fraud : mngmnt has disclosed to auditor SUSPECTED fraud , esp communicated by others eg:
employees,analysts,regulators.

FEEL UNABLE TO CONTINUE ENGAGEMENT

1) May question if should withdeaw,
2) Must consider report this to to client and authorities
3) IF YOU DO DECIDE TO WITHDRAW :
a) Discuss with mngmnt
 b) Report to client + authorities as per law/regulations

TO BE COMMUNICATED TO MNGMNT
1) IF found: To appropriate level mangmnt to deal with it
2) Governance : if separate from mngmnt :
a) Tell them if Real or suspected
b) Any other matters relating to fraud pertinent
3) Matters for auditor to consider when identifies misstatement resulting from fraud:
a) Confidentiality- it is inappropriate to simply inform all and sundry about it, ie SARS,creditor,trade union.
b) Management fraud : should always be reported 1 level higher,(+to section chief eg: to fin or other manager if needed) than suspect eg
paymaster to financial manager, financial manager to audit comitee/chairman (those charged with governance)If this is not successful it
may be necessary to report to IRBA as reportable irregularity.
c) Absolute evidence of fraud is not needed but at least sufficient appropriate evidence befor e wild accusations.
d) Entire matter should be documented
e) As per Auditing Professionact: to be a “reportable irregularity” the auditor only needs “reason to believe”, not absolute evidence.
4) Parties to whom auditor must communicate fraud
a) Mangement : +1 level above suspect.
b) Those charged with governance: Audit committees + {BoD is the ultimate level charged with governance}. + And Audit committees (law
says public companies must have one) Folowing matters MUST be reported to these ?2?:
i) INTERNAL CONTROL MATERIAL WEAKNESS (mngmnt is not doing their job)
ii) Questions regarding mngmnt integrity
iii) Mngmnt fraud
iv) Other fraud resulting in material misstatement of fin. Stats.
c) Regulatory and enforcement authorities:
i) Confidentiality stops auditor from reporting to 3rd party exept:
(1) To IRBA as per Act(law)
(2) Court or statute requires certain disclosure
(3) Client gives permission
d) Proposed successor auditor:
i) If permission not granted by client to discuss with proposed new auditor then old may not discuss with new auditor ,but he must say
permission has not been granted.

TO BE COMMUNICATED TO AUTHORITIES
1) As per local laws ( see code of coduct SA part FOR IRBA RULES)
2) Reportable irregularites above 100 000 : The law says you must report any fraud over 100 000 must be reported, not dealt with in-house,or else
you are seen as being part of the fraud.

FROM APPENDIX : MANY FRAUD RISK FACTOR CHARACTERISTICS (DO LEARN)THERE ARE ALSO ‘INDICATORS
OF FRAUD’ IN APPENDIX 2, THAT IS NOT WRITTEN HERE IN OWN NOTES- NOTE ….IT IS A DIFFERENT THING
REALLY. (SEE APPENDIX OF IAS240 FOR WHOLE LIST)
NB

INTRO:
1. ISA240 says fraud risk factors can be divided into 2 categories. And each of theses two categories can be further divided
into 3 categories. They are :

1. Fraudulent Financial Reporting:

2. Fraud Risk Factors Relating To Misstatements Resulting From Misappropriation Of Assets:
And:
1. Incentives/Pressures : are there pressures eg: performance bonus’s
2. Opportunities :are there any opportunities
3. Attitudes / Rationalisations: does the attitude of employees&mngmnt suggest an environment
conducive to fraud.

FRAUDULENT FINANCIAL REPORTING:

2.5. incentives/pressures
1. PROFITABITLTY /FINANCIAL STABILITY : threatened by economic,industry operating conditions
1.1. Competition so declining margins
1.2. High Vulnerability to Change :rapid change eg interest rates, technology,eg electronics companies.
1.3. Operating losses : threaten going concern
1.4. New statutory/accountin/regulatory requirements : deliberate contravention.eg environmental
2. PERFORMANCE PRESSURE : Excessive pressure for mngmnt to meet the expectations of 3 rd parties due to
following:
2.1. Debt or equity financing: eg need a loan, want to show good results to influence
2.2. Expectations :profitability or trend level, of investment analysts,significant creditors,institutional investors.
2.3. Debt repayment requirements: eg to maintain ratios specified in a loan agreement.
2.4. Pending transactions : significant,need specific performance. eg: merger or construction contract(cant show
bad losses)
3. PERSONAL FINANCIAL POSITION : info indicates personal fin position of mngmnt is threatened by entities fin
performance arising from following:
 3.1. Mmngmnt Performance bonuses : eg 25% of net profit after tax.
3.2. Mngmnt Shares: :hold significant shares in firm
3.3. Personal debt guarantees: :by directors of firm.
4. EXCESSIVE PRESSURE FOR FINANCIAL TARGETS OR ALSO FOR INCENTIVE GOALS: set by those charged with
governanace,incl sales,profitability incentive goals.
2.6. 2)opportunities
1. NATURE OF INDUSTRY/OPERATIONS:

1.1. Non-Same auditor Related Party transactions :significant transactions inter-group

1.2. Firm Dominates industry sector :allowing firm to dictate conditions to suppliers resulting in inappropriate
transactions.
1.3. Estimates: where difficult to corroborate estimates could be used to manipulate results (assets, liabilities,
revenue, expenses)
1.4. No clear business justification: all business methods with –eg import through a neighbouring country.

2. INEFFECTIVE MONITORING OF MANAGEMENT

2.1. Domination : of mngmnt by small group/ or person without compensating controls.

2.2. Ineffective oversight :by those charged with governance over the financial reporting process&internal
control.

3. COMPLEX ,or UNSTABLE ORGANISATIONAL STRUCTURE :

3.1. Controlling interest :Difficult to determine who has controlling interest in company
3.2. Unusual legal entities &managerial lines of authority in Overly complex organizational structure.
3.3. High pro staff turnover: senior mngmnt and legal council and those charged with governace.

4. INTERNAL CONTROL DEFICIENT:

4.1. Inadequate monitoring of internal controls.
4.2. High -Turnover /Ineffective : either of for Accounting ,Internal Audit, or IT staff.
4.3. Ineffective accounting and information systems.
2.7. 3)attitudes/rationalisations:
1. Enforcement of Ethics :Ineffective enforcement of firms values and ethical standards.
2. Non-fin Mngmnt Accounting policies + Estimates : non- financial managements excessive participation. In determining
3. History of law/fraud allegations: any regulations or fraud eg insider trading
4. Share price/earnings trend :Excessive interest by mangmnt in increasing /maintaining entitys share price/earnings trend
5. Tax :Interest by mngmnt in unappropriate means to minimize reported earnings for tax : eg understating sales.
6. Personal/business transactions : No interest in differentiating eg: takes holidays & charges company.

FRAUD RISK FACTORS RELATING TO MISSTATEMENTS RESULTING FROM MISAPPROPRIATION OF ASSETS:

2.8. incentives/pressures
1. Personal financial problems Mngmnt.
2. Adverse relationships: with firm eg compensation /other dissatisfaction , anticipated retrenchments.
2.9. opportunities
3. NATURE:
3.1. Cash : large amounts on hand
3.2. Inventory characteristics : eg small size high value –jewelry
3.3. Assets :Easily convertible : eg bearer bonds /diamonds
3.4. Assets: Characteristics : small, marketable,lacks ID ,eg power tools

4. INTERNAL CONTROL:
4.1. Inadequate segregation of duties
4.2. Lack of management supervision : eg goods into /out stores with no supervision.
4.3. Poor personell practices : screening for sensitive jobs (incl. storeman)
4.4. Recons: inadequate record keeping for the coming recon of assets, or asset recon itself inadequate.
4.5. Lack proper purchases authorization.
4.6. Physical safeguards : poor over assets
4.7. Timely and appropriate documentation for transactions: lack of eg: let customers take goods but do
paperwork later.
4.8. Mandatory vacations employees in key control positions: they normally do not want to take a
holiday because they cannot cover up in that time.
4.9. Senior management expenditures: inadequate authorization,review and control eg: travel claims.
4.10. IT personel ‘do what they want’ : esp. if Mngmnt has inadequate understanding of IT: IT personell might
change debtors balances in masterfile.
4.11. attitudes/rationalisations
1. Factors which indicate employees have a relaxed attitude to control, or to misappropriation of assets.
1.1. Control Environment :poor : eg Ignore theft incedents, Overriding controls.
1.2. Lifestyle changes: Mngmnt suddenly takes expensive holidays.
1.3. Dissatisfaction Behavior: by employees indicating displeasure at treatment or at entity itself.