Upload
doandang
View
214
Download
0
Embed Size (px)
Citation preview
1
Audit Junior Induction Training17 June 2009
2006-09 Nelson Consulting Limited 1
Nelson LamNelson Lam MBA MSc BBA ACA ACIS CFA CPA(Aust.) CPA(US) FCCA FCPA FHKIoD MSCA
HK Framework of AssuranceHKSQCs Hong Kong Standards on Quality ControlHKSQCs Hong Kong Standards on Quality Control
(only HKSQC 1 issued so far)(only HKSQC 1 issued so far)
Hong Kong Framework for Assurance Engagements
Audits and Reviews of Historical Fin. Information
Other Assurance
Engagements
Related Services
2006-09 Nelson Consulting Limited 2
HK Standards on Assurance Engagements
(HKSAEs)
HK Standards on Inv. Circular
Reporting Engagements
(HKSIRs)
HK Standards on Auditing (HKSAs)
HK Standardson Review
Engagements (HKSRE)
HK Standards on Related Services
(HKSRSs)
2
HK Framework of AssuranceHKSQCs Hong Kong Standards on Quality ControlHKSQCs Hong Kong Standards on Quality Control
(only HKSQC 1 issued so far)(only HKSQC 1 issued so far)
Hong Kong Framework for Assurance Engagements
Audits and Reviews of Historical Fin. Information
2006-09 Nelson Consulting Limited 3
HK Standards on Auditing (HKSAs)
Overview of Audit Process
Preliminary engagement activities
Pl i ti iti
Planning
Audit Process
Planning activities
Understanding the entity
Assess risksof material misstatements
A dit t d i k
Risk assessment
Ri k
A cumulative and iterative process
2006-09 Nelson Consulting Limited 4
Auditor responses to assessed risks
Overall reviewing
Drawing conclusions and reportingDrawing conclusions and reporting
Risk response
Reviewing and reporting
Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam
3
Audit Process: Planning
Preliminary engagement activities
The auditor should perform the following activities at the beginning of the current audit engagement: (HKSA 300.6)1. Perform procedures regarding the continuance of the client relationship
and the specific audit engagement2. Evaluate compliance with ethical requirements, including independence3. Establish an understanding of the terms of the engagement
2006-09 Nelson Consulting Limited 5
Audit Process: Planning
Preliminary engagement activities
Pl i ti iti
Overall Audit Strategy
Planning activities
Audit Plan
The auditor should establish and document Overall audit strategy for the audit and Audit plan for the audit in order to reduce audit risk to an
acceptably low level
2006-09 Nelson Consulting Limited 6
acceptably low level. Both the overall audit strategy and audit plan should be
updated and changed as necessary during the course of the audit.
4
The overall audit strategy sets the scope, timing and direction of the
audit, and
Overall Audit Strategy
Audit Process: Planning
audit, and guides the development of the more detailed
audit plan. The establishment of the overall audit
strategy involves:a) Determining the characteristics of the
engagement that define its scopeb) Ascertaining the reporting objectives of the
2006-09 Nelson Consulting Limited 7
b) Ascertaining the reporting objectives of the engagement to plan the timing of the audit and the nature of the communications required
c) Considering the important factors that will determine the focus of the engagement teams efforts
The audit plan is more detailed than the audit strategy and
includes:
Audit Process: Planning
includes: A description of the nature, timing and extent of
planned risk assessment procedures sufficient to assess the risks of material misstatements(as determined under HKSA 315)
A description of the nature, timing and extent of planned further audit procedures at the assertion level for each material class of t ti t b l d di l (
Risk Assessment Risk Assessment Procedures
Further Audit P d
Audit Plan
2006-09 Nelson Consulting Limited 8
transactions, account balance and disclosures (as determined under HKSA 330)
Such other audit procedures required to be carried out for the engagement to comply with HKSAs.
Procedures
Other Audit Procedures
5
The auditor should plan the nature, timing and extent of direction and
supervision of engagement team members and review
Audit Process: Planning
supervision of engagement team members and review of their work. (HKSA 300.18)
document the overall audit strategy and the audit plan including any significant changes made during the
audit engagement. (HKSA 300.22)
2006-09 Nelson Consulting Limited 9
Overview of Audit Process
Planning
Audit Process Preliminary engagement activities
Pl i ti iti
Risk assessment
Ri k
Planning activities
Understanding the entity
Assess risksof material misstatements
A dit t d i k
A cumulative and iterative process
2006-09 Nelson Consulting Limited 10
Risk response
Reviewing and reporting
Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam
Auditor responses to assessed risks
Overall reviewing
Drawing conclusions and reportingDrawing conclusions and reporting
6
Overview of Audit Process
Understanding the entity
Assess risksof material misstatements
Risk assessment
A dit t d i kRi k
2006-09 Nelson Consulting Limited 11
Auditor responses to assessed risksRisk response
The auditor should obtain an understanding of the entity and its environment, including its internal control, sufficient to identify and assess the risks of material misstatement of the
fi i l h h d f d d
Audit Process: Understand Entity
financial statements whether due to fraud or error, and sufficient to design and perform further audit procedures.
(HKSA 315.2)
HKSA 315 specifically requires that: The auditor should perform the following risk assessment procedures to
obtain an understanding of the entity and its environment including its
Understanding the entity
2006-09 Nelson Consulting Limited 12
obtain an understanding of the entity and its environment, including its internal control: a) Inquiries of management and others within the entity; b) Analytical procedures; and c) Observation and inspection. (HKSA 315.7)
7
Perform risk assessment procedures
Audit Process: Understand Entity
Gather information
Understanding the entity
The entity and its environment
Internal control
2006-09 Nelson Consulting Limited 13
Identify and assess risks of material misstatements
Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam
Audit Process: Understand Entity
Gather information
Understanding the entity
The entity and its environment
Internal control
2006-09 Nelson Consulting Limited 14
Industry, Regulatory, and Other External Factors
Nature of the Entity
Objectives and
Strategies, and Related
Business Risks
Measurement and Review of the the Entitys
Financial Performance
Internal Control
8
Audit Process
Understanding the entity
Assess risksof material misstatements
2006-09 Nelson Consulting Limited 15
Industry, Regulatory, and Other External Factors
Nature of the Entity
Objectives and
Strategies, and Related
Business Risks
Measurement and Review of the the Entitys
Financial Performance
Internal Control
Audit Process: Assess Risks
For the purpose of assessing the risks, the auditor: Identifies risks throughout the process of obtaining an understanding of the
entity and its environment, including
Assess risksof material misstatements
y , g relevant controls that relate to the risks, and by considering the classes of transactions, account balances, and
disclosures in the financial statements;
A dit t d i k
2006-09 Nelson Consulting Limited 16
Auditor responses to assessed risks
9
Audit Process: Assess Risks
Audit risk
Risk of material misstatement Detection risk
Financial statement level Assertion level
HKSA 315 requires that
2006-09 Nelson Consulting Limited 17
HKSA 315 requires that The auditor should identify and assess the
risks of material misstatement at the financial statement level, and at the assertion level for classes of transactions,
account balances, and disclosures (HKSA 315.100)
Perform risk assessment procedures
Audit Process: Assess Risks
Gather information
Understanding the entity
The entity and its environment
Internal control
2006-09 Nelson Consulting Limited 18
Identify and assess risks of material misstatements
Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam
Financial statement level Assertion level
10
Audit Process: Assess Risks
The risk of material misstatement at the overall financial statement level refers to risks of material misstatement that
relate pervasively to the financial statements as a whole andrelate pervasively to the financial statements as a whole and potentially affect many assertions.
Risks of this nature often relate to the entitys control environment, say weak control
environment (although these risks may also relate to other factors, such as declining economic conditions), and
are not necessarily risks identifiable with specific assertions at the class of transactions, account balance, or disclosure level.
2006-09 Nelson Consulting Limited 19
Identify and assess risks of material misstatements
Financial statement level
Audit Process: Assess Risks
The risk of material misstatement at the assertion level consists of two components as follows: Inherent risk is the susceptibility of an assertion to a misstatement thatInherent risk is the susceptibility of an assertion to a misstatement that
could be material, either individually or when aggregated with other misstatements, assuming that there are no related controls.
Control risk is the risk that a misstatement that could occur in an assertion and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entitys internal control.
2006-09 Nelson Consulting Limited 20
Identify and assess risks of material misstatements
Assertion level
11
As part of the risk assessment, the auditor should determine which of the risks identified are, in the auditors judgment,
Audit Process: Assess Risks
which of the risks identified are, in the auditor s judgment, risks that require special audit consideration
such risks are defined as significant risks. (HKSA 315.108) The determination of significant risks, which arise on most
audits, is a matter for the auditors professional judgment. In exercising this judgment, the auditor excludes the effect of
identified controls related to the risk to determine whether the nature of the risk,
2006-09 Nelson Consulting Limited 21
the likely magnitude of the potential misstatement including the possibility that the risk may give rise to multiple misstatements, and
the likelihood of the risk occurring are such that they require special audit consideration.
Significant risks are often derived from business risks that may result in a material misstatement. In considering the nature of the risks, the auditor considers a number of
Audit Process: Assess Risks
,matters, including the following: Whether the risk is a risk of fraud. Whether the risk is related to recent significant economic,
accounting or other developments and, therefore, requires specific attention.
The complexity of transactions. Whether the risk involves significant transactions with related
2006-09 Nelson Consulting Limited 22
gparties.
12
Significant risks often relate to significant non-routine transactions and judgmental matters. Non-routine transactions are transactions that are unusual
Audit Process: Assess Risks
Non routine transactions are transactions that are unusual, either due to size or nature, and that therefore occur infrequently.
Judgmental matters may include the development of accounting estimates for which there is significant measurement uncertainty.
2006-09 Nelson Consulting Limited 23
Significant risks?
Audit Process: Assess Risks
Identify and assess risks of material misstatements
Describe what can go wrong at
assertion levelassertions?
Can risks be related to
specific assertions?
Yes
Financial statement level Assertion level
2006-09 Nelson Consulting Limited 24
Significant risks?
Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam
13
Audit Process: Assess Risks
Risks of material misstatement may be greater for risks relating to significant non-routine transactions arising from matters such as:
Greater management intervention to specify the accounting treatment
Example
Greater management intervention to specify the accounting treatment. Greater manual intervention for data collection and processing. Complex calculations or accounting principles. The nature of non-routine transactions, which may make it difficult for
the entity to implement effective controls over the risks.
Risks of material misstatement may be greater for risks relating to significant judgmental matters that require the development of
2006-09 Nelson Consulting Limited 25
significant judgmental matters that require the development of accounting estimates, arising from matters such as the following: Accounting principles for accounting estimates or revenue recognition
may be subject to differing interpretation. Required judgment may be subjective, complex or require
assumptions about the effects of future events, for example, judgment about fair value.
Audit Process: Assess Risks
Risks for which Substantive Procedures Alone do not Provide Sufficient Appropriate Audit Evidence As part of the risk assessment the auditor shouldAs part of the risk assessment, the auditor should
evaluate the design and determine the implementation of the entitys controls, including relevant
control activities, over those risks for which, in the auditors judgment, it is not possible or practicable to
reduce the risks of material misstatement at the assertion level to an acceptably low level with audit evidence obtained only from substantive procedures. (HKSA 315.115)
2006-09 Nelson Consulting Limited 26
Ordinarily, such risks relate to significant classes of transactions such as an entitys revenue, purchases, and cash receipts or cash payments.
Any Any examples?examples?
14
Audit Process: Assess Risks
The auditors assessment of the risks of material misstatement at the assertion level is based on available audit evidence andis based on available audit evidence and may change during the course of the audit as additional audit
evidence is obtained.
2006-09 Nelson Consulting Limited 27
Overview of Audit Process
Planning
Audit Process Preliminary engagement activities
Pl i ti iti
Risk assessment
Ri k
Planning activities
Understanding the entity
Assess risksof material misstatements
A dit t d i k
2006-09 Nelson Consulting Limited 28
Risk response
Reviewing and reporting
Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam
Auditor responses to assessed risks
Overall reviewing
Drawing conclusions and reportingDrawing conclusions and reporting
15
Audit Process: Auditors Response
Identify and assess risks of material misstatements
Based on the understanding of the entity and the assessed risks, HKSA 330 imposes requirements on the auditor to determine the relevant
and appropriate response to those assessed risks. HKSA 330 clearly requires that:
Financial statement level Assertion level
2006-09 Nelson Consulting Limited 29
HKSA 330 clearly requires that: In order to reduce audit risk to an acceptably low level, the auditor
should determine overall responses to assessed risks at the financial statement level, and
should design and perform further audit procedures to respond to assessed risks at the assertion level. (HKSA 330.3)
Identify and assess risks of material misstatements
Audit Process: Auditors Response
Describe what can go wrong at
assertion level
Yes
Financial statement level Assertion level
assertions?
Can risks be related to
specific assertions?
2006-09 Nelson Consulting Limited 30
Significant risks?
Further audit procedures
Further audit Further audit procedures for procedures for significant significant risksrisks
Overall Response
No No Yes
Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam
16
Audit Process: Auditors Response
Overall responses may include: emphasizing to the audit team the need to maintain professional
Example
p g pskepticism in gathering and evaluating audit evidence,
assigning more experienced staff or those with special skills or using experts,
providing more supervision, or incorporating additional elements of unpredictability in the selection of
further audit procedures to be performed. making general changes to the nature, timing, or extent of audit
2006-09 Nelson Consulting Limited 31
procedures as an overall response, for example, performing substantive procedures at period end instead of at an interim date.
Overall Response
Audit Process: Auditors Response
HKSA 500 requires the auditor to use assertions for classes of transactions,
account balances and account balances, and presentation and disclosures
in sufficient detail to form a basis for the assessment of risks of material misstatement and the design and performance of further audit procedures.
FAPs (from the nature perspective) are divided into: Test of controls
2006-09 Nelson Consulting Limited 32
Substance procedures HKSA 330 imposes certain requirements on performing these two kinds
of procedures.
Further audit procedures
Tests of Controls
Substantive Procedures
17
Assertions used by the auditor fall into the following categories: About Classes of Transactions and Events for the period under audit
Occurrence
Audit Process: Auditors Response
Completeness Accuracy Cutoff Classification
About Account Balances at the period end Existence Rights and obligations Completeness
2006-09 Nelson Consulting Limited 33
Completeness Valuation and allocation
About Presentation and Disclosure Occurrence and rights and obligations Completeness Classification and understandability Accuracy and valuation
Account Balances
Class of Transactions
Presentation and Disclosure
Audit Process: Auditors Response
The auditors assessment of the identified risks at the assertion level provides a basis for considering the
In some cases, only performing tests of controls may achieve a good response to the assessed risk at an assertion. I th f i lprovides a basis for considering the
appropriate audit approach for designing and performing further audit procedures.
Often the auditor may determine that a combined approach is an effective approach, such approach would use
In other cases, performing only substantive procedures is appropriate for an assertions and the relevant control is not considered in risk assessment (say, no relevant effective controls have been identified or such test of control may be inefficient)
2006-09 Nelson Consulting Limited 34
tests of the operating effectiveness of controls and
substantive procedures.
Overall Response
Further audit procedures
Tests of Controls
Substantive Procedures
18
Audit Process: Auditors Response
When the auditors assessment of risks of material misstatement at the assertion level includes an expectation that controls are operating effectively, y,
the auditor should perform tests of controls to obtain sufficient appropriate audit evidence that the controls were operating effectively at relevant times during the period under audit. (HKSA 330.23)
When the auditor has determined that it is not possible or practicable to reduce the risks of material misstatement at the assertion level to an acceptably low level with audit evidence obtained only from substantive procedures,
2006-09 Nelson Consulting Limited 35
the auditor should perform tests of relevant controls to obtain audit evidence about their operating effectiveness. (HKSA 330.25)
Further audit procedures
Tests of Controls
Audit Process: Auditors Response
HKSA 330 requires that the auditor always performs substantive procedures for each material class of transactions, account balance, and disclosure:
Irrespective of the assessed risk of material misstatement, the auditor should design and perform substantive procedures for each material class of transactions, account balance, and disclosure. (HKSA 330.49)
This requirement reflects the fact that the auditors assessment of risk is judgmental and may not be sufficiently
precise to identify all risks of material misstatement. Further, there are inherent limitations to internal control including
2006-09 Nelson Consulting Limited 36
, gmanagement override.
Further audit procedures Substantive
Procedures
19
Audit Process: Auditors Response
When the auditor has determined that an assessed risk of material misstatement at the assertion level is a significant risk,, the auditor should perform substantive procedures that are
specifically responsive to that risk. (HKSA 330.51)
2006-09 Nelson Consulting Limited 37
Further audit procedures
Further audit Further audit procedures for procedures for significant significant risksrisks
Identify and assess risks of material misstatements
Audit Process: Auditors Response
Describe what can go wrong at
assertion level
Yes
Financial statement level Assertion level
assertions?
Can risks be related to
specific assertions?
2006-09 Nelson Consulting Limited 38Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam
Significant risks?
Further audit procedures
Further audit Further audit procedures for procedures for significant significant risksrisks
Overall Response
No No Yes
20
Audit Process: Auditors Response
HKSA 330 requires that: The auditor should perform audit procedures
to evaluate whether the overall presentation ofto evaluate whether the overall presentation of the financial statements, including the relateddisclosures, are in accordance with theapplicable financial reporting framework. (HKSA 330.65)
2006-09 Nelson Consulting Limited 39
Overview of Audit Process
Planning
Audit Process Preliminary engagement activities
Pl i ti iti
Risk assessment
Ri k
Planning activities
Understanding the entity
Assess risksof material misstatements
A dit t d i k
2006-09 Nelson Consulting Limited 40
Risk response
Reviewing and reporting
Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam
Auditor responses to assessed risks
Overall reviewing
Drawing conclusions and reportingDrawing conclusions and reporting
21
Audit Process: Evaluation
HKSA 330 requires that: Based on the audit procedures performed and the audit
evidence obtained,evidence obtained, the auditor should evaluate whether the assessments
of the risks of material misstatement at the assertion level remain appropriate. (HKSA 330.66)
An audit of financial statements is a cumulative and iterative process. As the auditor performs planned audit procedures, the
audit evidence obtained may cause the auditor to modify
2006-09 Nelson Consulting Limited 41
the nature, timing, or extent of other planned audit procedures.
Audit Process: Evaluation
HKSA 330 requires that: The auditor should conclude whether sufficient appropriate
audit evidence has been obtainedaudit evidence has been obtained to reduce to an acceptably low level the risk of material
misstatement in the financial statements. (HKSA 330.70) If the auditor has not obtained sufficient appropriate audit
evidence as to a material financial statement assertion, the auditor should attempt to obtain further audit
evidence. If the auditor is unable to obtain sufficient appropriate audit
2006-09 Nelson Consulting Limited 42
evidence, the auditor should express
a qualified opinion or a disclaimer of opinion. (HKSA 330.72)
22
Overview of Audit Process
Planning
Audit Process Preliminary engagement activities
Pl i ti iti
Risk assessment
Ri k
Planning activities
Understanding the entity
Assess risksof material misstatements
A dit t d i k
2006-09 Nelson Consulting Limited 43
Risk response
Reviewing and reporting
Adapted from Auditing and Assurance in HK (2009) by Peter Lau and Nelson Lam
Auditor responses to assessed risks
Overall reviewing
Drawing conclusions and reportingDrawing conclusions and reporting
Audit Junior Induction Training17 June 2009
2006-09 Nelson Consulting Limited 44
Nelson LamNelson Lam [email protected]
23
Audit Junior Induction Training17 June 2009
Q&A SessionQ&A SessionQ&A SessionQ&A Session
2006-09 Nelson Consulting Limited 45
Nelson LamNelson Lam [email protected]