Académique Documents
Professionnel Documents
Culture Documents
Stages of the audit process: (know whole chapter per lecturer )..........................................................................2
Stage 1 : Preliminary engagement activities:..............................................................................................................2
stage 2 : Planning:........................................................................................................................................................2
Stage 3 : putting audit -Plan and strategy - into action.............................................................................................2
Stage 4 : Evaluate & conclude.....................................................................................................................................2
The 4 important elements dealt with in this chapter, each one gone through by unisa, :.....................................8
from appendix : many fraud risk factor CHARACTERISTICS (do learn)there are also ‘indicators of fraud’ in
appendix 2, that is not written here in own notes- note ….it is a different thing really. (SEE APPENDIX OF ias240
FOR WHOLE LIST).............................................................................................................................................. 21
CHAPTER 6 : AN OVERVIEW OF THE AUDIT PROCESS.
K NO W/ LE A R N WH O LE C H A P TE R PE R LE C T U R ER :
STAGE 2 : PLANNING:
1) AUDIT STRATEGY :Establish an overall audit strategy.
2) AUDIT PLAN :develop one.to be in a position to develop one audit team must first do the next 3 things:
3) Obtain Understanding : of Entity and Environment incl. Internal Control.
4) Risk : of Material Mistatement :Assess risk of in the financial statements.
5) Materiality : Determine guidelines.
(1) DECIDE WHETHER TO CONTINUE/ESTABLISH : ISA 220 R +ISQCI +ISA200 + IESBA CODE OF CONDUCT : STIPULATE :
(i) ETHICAL (OF YOURSELF) :Evaluate if Firm can comply with ethical requirements. Ie: independence + 5 principles : eg: client
director is family of auditor.
ONLY 3 things for ethical:
a. FUNDAMENTAL PRINCIPLES :
i. Per S210 Code of Prof.Conduct : make sure the engagement will complies with the FUNDAMENTAL
PRINCIPLES, if it does not then :
1) Evaluate significance of THREATS
2) Apply SAFEGUARDS to eliminate /reduce threats to acceptable levels (eg obtain more knowledge of
enterprise, or secure client commitment to improve governance etc
ii. Fundamental Principles are : shall make sure all these principles are complied with before accepting /
continue with client
INTEGRITY;
OBJECTIVITY;
PROFESSIONAL COMPETENCE AND DUE CARE;
CONFIDENTIALITY
PROFESSIONAL BEHAVIOUR
b. INDEPENDENCE : Per ISA 200 .14 : it says do the fundamental princilples above PLUS also make sure it complies
with requirement of ” INDEPENDENCE “ Add this to the fundamental principles because it is very important. It is
basicly ‘objectivity’ , BUT just qute about it alone on its own – it must be mentioned (appears in ISA 200, but not
in IESBA’ Code of Professional Conduct., there it is called objectivity. Just REM to mention it A LOT) : ISA 200.a16 :
to be independent in (A) + mind (B) + appearance , It : enhances 1-integrity + 2-objectivity + 3-prof.scepticism , by
removing ‘influences’ per ISA200..
i. Threats to independance :of team,auditor,experts /or if adequate safeguards possible to stop threats.
ii. Conflicts of interest : eg both offer same services to same market.\
c. ANY LOCAL REGULATIONS /LAWS : of country that might add other things to the above
(ii) INTEGRITY OF THE CLIENT : The above factor will include integrity of principal owners, key management and those charged with
governance (ISA 220, par A8).
a. Business Reputation : Client Unethical or lacks Integrity.
b. Business Practices eg. Illegal : eg money laundering OR : Not wish to be assosiated with eg. Porn/tobacco.
c. Attitude To Accounting Standards. : acceptable financial framework : 'Fairest' OR 'most favourable picture'
accounting standards
d. Audit Fees payment /if they will pay fair fees or not.
e. Client Impose Limitations On Audit. Eg restrict access to information.
f. Reasons For Change Of Auditors.; if suspect reasons
(iii) ETHICS & CLIENT INTEGRITY : other stuff trated separately by UNISA: ABILITY OF CLIENT TO PAY
(iv) ETHICS & CLIENT INTEGRITY : other stuff trated separately by UNISA BUSINESS STANDING RISK : (what is this and what is ‘
illustration of good practice 10’ referred to in tut 102 pg 8???)
(v) a ETHICS & CLIENT INTEGRITY : other stuff trated separately by UNISA SIGNIFICANT CHANGES IN
ENTITY AUDITED :for existing clients (ISA 220, par A8).If auditor became aware of any changes during current/previous audit
that may affect decision to carry on with client.
(vi) ETHICS & CLIENT INTEGRITY : other stuff trated separately by UNISA COMMUNICATION WITH THE PREDECESSOR
AUDITOR .: any info from here that may stop you taking job
(vii) ETHICS & CLIENT INTEGRITY : other stuff trated separately by UNISA VACANCY PER COMPANIES ACT (Sec 91 of the
Companies Act : ACT :).if all the rules of companies act regarding vacancies are complied with: ie 1- board must give names of
potential auditors to audit committee within 15 bus. days 2- may only appoint if audit committee did not refute/disallow that
auditor within 5 bus. days of getting the name.
A. the auditor MUST use an expert if it is needed as a safeguard in upcoming audit, and if auditor wishes to use an
expert, he must determine if such reliance is warranted by using following Factors to Consider: per Code of
Conduct 210.8.
I. Reputation of
II. Expertise of (member of an association)
III. Resources of ( expert has enough to be able to do the work)
IV. Applicable Professional & ethical standards ( to that kind of exerts work – check if he fits in right with the
standards)
2) TERMS OF ENGAGEMENT SEE ISA 210 WHICH IS ON “AGREEING TERMS OF ENGAGEMENTS ”, PARA 9-12 AND APPENDIX
1 FOR EXAMPLE LETTER IN DETAIL
a) This is formalising terms of engagement into an engagement letter, and having it signed.
b) When answering questions on preliminary engagement activities, we recommend that when you arrive at step 3, list the following: ( the full
engagement letter is on page
i) Issue an “ENGAGEMENT LETTER” to those charged with governance highlighting the following:
(1) Management and auditor’s responsibility.
(2) Duty to report to IRBA any reportable irregularity.
(3) (also per ISA210 ., but not per unisa, : (3) OBJECTIVE & SCOPE of audit (4) APPLICABLE FRAMEWORK as reference eg GAAPor other (5)
REPORTS to be issued after)
1) INTRODUCTION:
a) ISA 300R in this ISA on ‘audit planning’ , see para 7 says : "the auditor should plan the audit work so that it will be performed in an effective
manner"
b) AUDIT STRATEGY & PLAN is formulated by : KEY EXPERIENCED TEAM MEMBERS ONLY
i) AUDIT STRATEGY : Risk of Misstatement at FINANCIAL STATEMENT level : CORRECTED BY : A UDIT STRATEGY : (words= SCOPE +
TIMING + DIRECTION)
ii) AUDIT PLAN : Risk of Misstatement at ASSERTION level : CORRECTED BY : A UDIT PLAN : (words= Nature + Timing
+ Extent)
d) IMPORTANCE OF PLANNING:
i) Attention -: Plan to give enough to important areas of audit.
ii) Potential Problems : Identify & resolved.
iii) Audit team : Properly assembled
iv) Supervision +Review : and proper review of their work ,of audit team , facilitated
v) On time : completion of work planned
1) REM “Materiality “ is basicly officially done in THIS PHASE of the audit... strategy
2) PER unisa & IAS300 :In establishing the overall audit strategy, the auditor shall: (these+MANY examples are all shown very neatly in ISA300
appendix- and you marked it)
1. SCOPE : I.D. THE : Identify characteristics of the engagement that defines its scope;
For instance:
i) if it is maybe a statutory audit , or maybe JSE listed company , so securities exchange commission requirements to be adhered to
ii) The financial reporting framework (ifrs, sa gaap, grap, etc).
iii) Industry-specific reporting requirements (compliance with jse regulations), government regulations environmental, labour, etc.)
Etc.
iv) Number of locations for expected audit coverage.
v) need to outsource some experts
2. TIMING : REPORTING OBJECTIVES : Ascertain the reporting objectives of the engagement to plan the timing of the audit and nature
of communication required;
For instance:
i) companies Year End /interim reporting schedule
ii) Meetings
iii) timing +types of Reports
iv) Entity’s reporting timetable for interim financial results and year-end financial results.
v) Meetings with management and those charged with governance.
vi) Communicating with auditors of components regarding the time deadlines.
3. DIRECTION : OF ENGAGEMENT TEAM : consider significant factors in directing engagement team;
The significant factors will include for instance the following:
i) Materiality.
ii) Areas with higher risk of material misstatement.
iii) Volume of transactions.
4. PLUS ADD :PRELIMINARY ENGAGEMENT ACTIVITIES : Consider results of preliminary engagement activities;
5. PLUS ADD : RESOURCES : ascertain nature, timing and extent of resources necessary to perform engagement. staff- experience,
+management of eg :meetings, quality control reviews,evaluations etc.
3) OVERALL RESPONSES TO ADDRESS A HIGH RISK OF MATERIAL MISSTATEMENT AT THE FINANCIAL STATEMENT LEVEL : one includes the
following in the AUDIT STRATEGY (not in audit plan) (ISA 330, par A1-A3).
• larger samples :Extend sample sizes.
• more experience staff.Engage more experience staff.
•Follow a more ‘only’ substantive tests : approach or to do a more ‘combined’ approach (if there are deficiencies in the control
environment – ie tests of controls OR substantive testing ?Which one more? ).
• less analytical procedures : Perform more tests of detail and less analytical procedures.
• arrive unexpectedly Incorporate an element of unpredictability in testing-.
• professional sceptism Exercise professional sceptism.
• use an expert : Consider the use of an expert.
• doubt mngmnt representations :Put less reliance on management representations.
• Perform procedures closer to year-end.
• Lower materiality.
1) AUDIT PLAN :
a) OBJECTIVE OF AUDIT PLAN: The objective is to formulate an audit strategy and audit plan which ensures that the audit will be
conducted in an effective manner.
b) The audit plan is far more detailed than audit strategy
III) A NY O THER P ROCEDURES N EEDED : plus this , to comply with any ISA’s
d) DOCUMENTATION : ALL AUDIT PLAN + AUDIT STRATEGY : must be documented for: (to contain : 1-audit plan 2- audit strategy 3- signifiacnt
changes made to them)
i) REFERENCE FOR TEAM
ii) PROOF OF PROPER PLANNING BY TEAM
iii) RECORD OF KEY DECISION MADE
CHAPTER 7: IMPORTANT ELEMENTS OF THE AUDIT PROCESS.
DEFINITIONS: AS PER ISA 315
NB
1) ISA 315 :”Understanding The Entity And Its Environment and Assessing The Risks Of Material Misstatement” : …is to obtain an understanding of
the entity ,its internal control and its environment, sufficient to identify and assess the risks of material misstatement of the financial
statements ,whether due to fraud or error , and sufficient to design and perform further audit procedures….
2) BUSINESS RISK : A Risk resulting from significant 1Conditions, 2Events, 3Circumstances, 4Actions Or 5 Inactions that could adversely affect an
entitys ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies.
3) Significant risk : A risk of Material Misstatement that in the auditors judgement , is one that requires Special Audit Consideration
4) Audit risk – risk that an auditor gives an inappropriate conclusion when there is a material misstatement IN FIN STATS (or elsewhere) , so if he
says there is no material miststement when there actually is one.
5) RISK ASSESSMENT PROCEDURES (5) :The Audit Procedures designed to obtain an understanding od the 1-Entity, incl. Its 2-Internal Control, and
its 3Environment, to identify and assess the Risks of Material Misstatement , whether due to 1Fraud or 2Error, at the 1Financial Statement And
2Assertion Levels.
6) INTERNAL CONTROL : The Process designed and effected by those charged with governance ,management and other personell to provide
REASONABLE ASSURANCE about the achievement of an entitys objectives with regard to 1Reliability Of Financial Reporting ,2Effectiveness,And
3Efficiency of operations and 4Compliance with applicable laws and regulations.
7) MATERIAL WEAKNESS: A weakness In Internal Control that could have a Material Effect on the Financial Statements.
2) Remember though : When using auditors toolbox – substantive tests + tests of controls :same type procedures used
THE 4 IMPORTANT ELEMENTS DEALT WITH IN THIS CHAPTER, EACH ONE GONE THROUGH BY UNISA, :
a) Risk in the audit ie : audit risk
b) Materialty concept
c) Understanding entity & environment
d) Auditors responsibility with fraud
2) Overcome by put control activites in place: eg segregation duties, access control, control environment.
LEVELS OF RISK
1) TYPES OF LEVELS:
a) ISA’s only give ‘significant’ Definition; ISA315 :risks that require : Special audit consideration
b) Some audit firms have : high,medium,low
c) Some have :pervasive
d) Some have increased or decreased risk
2) Must have some or all of Following Characteristics: (see characteristics of significant risk IAS 315.27)
1. Fraud :Risk–to do with risk-
2. Recent Events : + Significant Related to in economic,acc,other –to do with risk-eg new IFRS standards, recession etc.
3. Complex :transactions From–to do with risk-merger/acquisition/unbundling
4. Related : parties , significant transactions with –to do with risk- eg: inter-company transactions
5. Estimation :/ Subjectivity/ High degree: in measurement of fin. Info. –to do with risk-estimate provision bad debts.
6. Outside Normal Operations :/unusual Transactions –to do with risk-eg: BEE transactions
NOTE THE FOLLOWING TABLE BY UNISA :RISKS AT THE FINANCIAL STATEMENT LEVEL : WE MUST BE ABLE TO SAY COLUMN 2 &3 AS THE ANSWER .
NOTE THE FOLLOWING TABLE BY UNISA :RISKS AT THE ASSERTION LEVEL ( SEE APPENDIX 2 OF ISA315 FOR MANY MORE EXAMPLES ) : WE MUST BE ABLE TO SAY
COLUMN 2 &3 AS THE ANSWER .
IMPORTANT ELEMENT 2 OF 4 : THE CONCEPT OF MATERIALITY. SEE IAS 320
INTRO:
1) It is generally understood and accepted by users of fin.stats that NOT 100% and may contain margin of error or uncertianity.HOWEVER margin of
error must be acceptable to users otherwise are of little value.-ie : Materiality.
2) DEFINITION : MATERIALITY : ( also in IAS 320 , one in begin of chaoter hodden , other for ‘performance materiality’ is under ‘definition’ heading
a) If omission or misstatement could affect users decisions
b) Size of item judged from particular circumstances.
c) Threshold or cut-off point rather than a qualitative characteristic - to be useful.
Remember to consider the nature of the business. In entity that is capital incentive you are likely to use total assets for your materiality calculation. The
materiality calculation bases will differ from audit firm to audit firm.
3. Determine the materiality Remember there is an inverse relationship between materiality and audit risk. Always substantiate your materiality figure
selected. Marks will be awarded for this, even if your calculations are wrong.
PLANNING MATERIALITY
EACH AUDIT FIRM USES ITS OWN TYPE OF MATERIALITY PLANNING: EITHER ONE OF THE FOLLOWING:
a) GENERAL WAY In a: just take the biggest money accounts, less for smaller money accounts.
b) PERCENTAGE AS a % : of account balances
c) FORMULA use a.
FINAL MATERIALITY
THE AUDITOR MUST DO THE FOLLOWING TO MAKE A FINAL MATERIALITY DECISION:.
e) AS THE AUDIT PROGRESSES THE AUDITOR if he finds more problems with some area than he thought would happen when he
decoded on his first materiality level, then he must re-calclate the materiality again and carry out extra procedures as required by the
ne level he now sets. The final level he ends up with is at the end of the audit , where PRELIMINARY /FINAL FIGURES : if clients final
figures differ a lot, materiality might have to be adjusted a bit , can happen, and he will finally end up with the final figure that will not
change again. This must be documented.
i) ANALYSE AND Project :the errors in sample over population specified
ii) DECIDE IF FURTHER TESTS :should be carried out or whether client should be asked to check the population in detail for further
errors.
iii) DISCUSS WITH CLIENT MNGMNT :all misstatements in detail with management in order to attempt to have them rectified .If client
does NOT correct them , it could be for following reasons: (then auditor will have to qualify his report IF it is material )
(1) Disagree with Auditor : eg eg client says stock is not obsolete, or something is not a financial lease per IAS 17 so not to be
capitalized etc.
(2) Do not regard as Material : client says it would not influence a user
(3) Directors Crooking the Books : eg want some ratio, so get stubborn
(4) Regard it as ‘too much hassle’ to make changes. : all the fin stats
(5) Do not care if Fin Stats. Are Qualified. :stuff you
FACTORS TO BE CONSIDERED IN EVALUATING UNRESOLVED AUDIT DIFFERENCES (IN BOOK , NOT TUT OR
IAS)
i) Known errors and likely errors : known = sales invoices wrong period(strong ground) Likely= provision bad debts(weak ground for
auditor)
ii) Misstatements should not be considered in isolation: seek patterns
iii) Statutory and other contractual obligations :eg directors emoluments,contractual obligation need keep fixed ratio
iv) Nature of the misstatement.: eg: IFRS standards important, misallocate expense less, director cheat more,
v) Impact of the misstatement: Specificly on Popular figures & ratios eg :EPS (earnings per share)
vi) The absolute and relative size of the misstatement.: if 1 milllion is Relatively – unimportant , But Absolutely – just too much , then
auditor takes action anyway.
Basicly , to overlook some misstatement because client will be unhappy is Unprofessional.
CONCLUSION
1) No magic formula, takes years of experience , confidence grows as experience increases.
iii)
ACCOUNTING PRINCIPLES :Intentional misapplication to amounts,classification,manner of presentation or disclosure.
(1) failing to CAPITALIZE FINANCIAL LEASES.
(2) INAPPROPRIATE POLICY to inflate profits
KNOW ALL OF (iv) below per lecturer
iv) MANAGEMENT OVERRIDE (particularly where controls appear to be operating effectively)
(1) FICTITIOUS JOURNAL ENTRIES –eg fictitious sales in journal
(2) JUDGEMENTS/ESTIMATES - eg understate asset impairments
(3) YEAR END DATE : Omit /Advance /Delay recognition of transactions at balance sheet date. Eg Premature recognize
profits on long term contract, or include sales from following year in current fin year to inflate ‘sales’ (STOP THIS BY
GOING ON YEAR END DATE AND WRITING END ON LAST SALES DOCUMENTS SO YOU CAN CHECK NUMBERING
AFTERWARDS)
(4) DISCLOSURE of FACTS : Hide disclosable facts ; eg a claim for damages against company
(5) COMPLEX TRANSACTIONS : structured to MISREPRESENT financial PERFORMANCE /POSITION of company. Eg manipulate
inter-company balances in a group to ‘reallocate profits’.
(6) ALTERING RECORDS /or TERMS relating to significant or unusual transactions.
b) Eg: directors deliberately understate liabilities and overstate assets to secure a loan, or manipulate earnings to reduce taxation , or to
get performance bonus’s.
2) MISAPPROPRIATION OF ASSETS : theft of companies assets , by employees or mngmnt,harder to detect with mngmnt they can conceal it
easier.includes:
a) Embezzlement:
i) Stealing cash sales
ii) Stealing cash received from debtors, and then writing debtor off as bad.
b) Physical assets or intellectual property:Theft of or
c) Pay for goods and services not received: Causing entity to ficticious employees- keep the money,or pay a ficticious company set up by
management for goods never received.buy things for own use through company
d) Using companies assets for personal use : hire out equip on weekends, keep cash.
Eg: if you sign on delivery invoice for goods received ,it is easy to commit fraud, just slip in a false delivery note.stop this by using a ‘goods
Receiving Note’ : sequential numbering hard to slip in a duplicate.If no numbering though- just print a new document then slip it in ,+ must use
special printing & special paper, to stop photocopying.
6) These can all be done at Financial statement & Assertion level : Identify and Assess Risk of Material Misstatement due to FRAUD at level of
RESPONSES TO THE RISK OF MATERIAL MISSTATEMENT DUE TO FRAUD (DO LEARN THIS AS PER
LECTURER)
NB (I N I A S 2 40 E XA C T LY V ER TA B I M ! ! ! )
EVALUATION OF EVIDENCE:
1. After initial audit procedures : reconsider at end if anything in evidence might indicate fraud
1.1. Acc records discrepencies :non-timeous recons, unauthorized trasactions eg travel expense,unneeded access to
records possible by eg foreman,tips /complaints
1.2. Conflicting evidence : unexplained recon items,unusual ratios eg commission up but sales same,implausible
explanations from employees,excessive charges /payments to eg lawyers/suppliers
1.3. Missing evidence missing purchase orders,
1.4. Management-auditor : Problematic or unusual relationships between auditor and : deny access to
records,overd:one time pressures,intimidation of team,unwillingness to allow (reasonable)CAATS.etc
2. Consider if un- fraud- like misstatements could be intentional ,esp. if their effect on fin. Stats. Is very significant.
TO BE COMMUNICATED TO MNGMNT
1) IF found: To appropriate level mangmnt to deal with it
2) Governance : if separate from mngmnt :
a) Tell them if Real or suspected
b) Any other matters relating to fraud pertinent
3) Matters for auditor to consider when identifies misstatement resulting from fraud:
a) Confidentiality- it is inappropriate to simply inform all and sundry about it, ie SARS,creditor,trade union.
b) Management fraud : should always be reported 1 level higher,(+to section chief eg: to fin or other manager if needed) than suspect eg
paymaster to financial manager, financial manager to audit comitee/chairman (those charged with governance)If this is not successful it
may be necessary to report to IRBA as reportable irregularity.
c) Absolute evidence of fraud is not needed but at least sufficient appropriate evidence befor e wild accusations.
d) Entire matter should be documented
e) As per Auditing Professionact: to be a “reportable irregularity” the auditor only needs “reason to believe”, not absolute evidence.
4) Parties to whom auditor must communicate fraud
a) Mangement : +1 level above suspect.
b) Those charged with governance: Audit committees + {BoD is the ultimate level charged with governance}. + And Audit committees (law
says public companies must have one) Folowing matters MUST be reported to these ?2?:
i) INTERNAL CONTROL MATERIAL WEAKNESS (mngmnt is not doing their job)
ii) Questions regarding mngmnt integrity
iii) Mngmnt fraud
iv) Other fraud resulting in material misstatement of fin. Stats.
c) Regulatory and enforcement authorities:
i) Confidentiality stops auditor from reporting to 3rd party exept:
(1) To IRBA as per Act(law)
(2) Court or statute requires certain disclosure
(3) Client gives permission
d) Proposed successor auditor:
i) If permission not granted by client to discuss with proposed new auditor then old may not discuss with new auditor ,but he must say
permission has not been granted.
TO BE COMMUNICATED TO AUTHORITIES
1) As per local laws ( see code of coduct SA part FOR IRBA RULES)
2) Reportable irregularites above 100 000 : The law says you must report any fraud over 100 000 must be reported, not dealt with in-house,or else
you are seen as being part of the fraud.
FROM APPENDIX : MANY FRAUD RISK FACTOR CHARACTERISTICS (DO LEARN)THERE ARE ALSO ‘INDICATORS
OF FRAUD’ IN APPENDIX 2, THAT IS NOT WRITTEN HERE IN OWN NOTES- NOTE ….IT IS A DIFFERENT THING
REALLY. (SEE APPENDIX OF IAS240 FOR WHOLE LIST)
NB
INTRO:
1. ISA240 says fraud risk factors can be divided into 2 categories. And each of theses two categories can be further divided
into 3 categories. They are :
4. INTERNAL CONTROL:
4.1. Inadequate segregation of duties
4.2. Lack of management supervision : eg goods into /out stores with no supervision.
4.3. Poor personell practices : screening for sensitive jobs (incl. storeman)
4.4. Recons: inadequate record keeping for the coming recon of assets, or asset recon itself inadequate.
4.5. Lack proper purchases authorization.
4.6. Physical safeguards : poor over assets
4.7. Timely and appropriate documentation for transactions: lack of eg: let customers take goods but do
paperwork later.
4.8. Mandatory vacations employees in key control positions: they normally do not want to take a
holiday because they cannot cover up in that time.
4.9. Senior management expenditures: inadequate authorization,review and control eg: travel claims.
4.10. IT personel ‘do what they want’ : esp. if Mngmnt has inadequate understanding of IT: IT personell might
change debtors balances in masterfile.
4.11. attitudes/rationalisations
1. Factors which indicate employees have a relaxed attitude to control, or to misappropriation of assets.
1.1. Control Environment :poor : eg Ignore theft incedents, Overriding controls.
1.2. Lifestyle changes: Mngmnt suddenly takes expensive holidays.
1.3. Dissatisfaction Behavior: by employees indicating displeasure at treatment or at entity itself.