Академический Документы
Профессиональный Документы
Культура Документы
CHAPTER II
THEORIES
There are three main reason why the auditor should properly plan engangements:
Client business risk is the risk that the client will fail to achieve its objectives
Materiality
2
Because auditors are responsible for determining whether financial statements are materiality
misstated, they must upon discovering a material misstatement, bring it to the client’s
attention so that a correction can be made. If the client refuses to correct the statements, the
auditor must issue a qualified or an adverse opinion, depending how on how material the
misstatement is.
Auditors follow five closely related steps in applying materiality. The auditor fist sets a
preliminary judgment about materiality and then allocates this estimate to the segments to the
segments of the audit.
2
Auditing Standards require auditors to decide on the combined amount of misstatements in
the financial statement that they would consider material early in the audit as they are
developing the overall strategy for the audit. It refer to this as the preliminary judgment about
materiality. It is called a preliminary judgment about materiality because, although a
professional opinion, it may change during the engagement. This judgment must be
documented in the audit files.
Several factors affect the auditor’s preliminary judgment about materiality for a given set of
financial statements. The most important of these are:
Risk
Risk is a probability or threat of a damage, injury, liability, loss, or other negative occurrence
that is caused by external or internal vulnerabilities, and that may be neutralized through
preemptive action. The audit risk model helps auditors decide how much and what types of
evidence to accumulate in each cycle.
Types of Risk
Inherent risk
2
Inherent risk measures the auditor’s assessment of the likelihood that there are material
misstatement ( errors or fraud ) in a segment before considering the effectiveness of
internal control.
Control risk
Control risk measures the auditor’s assessment of whether misstatements exceeding a
tolerable amount in a segment will be prevented or detected on a timely basis by the
client’s internal control.
2
CHAPTER III
For the risk assessment, RPM have considered client’s top risks based on:
• Previous experience;
• The Business Plan;
• Discussions with the COO;
• Audit work for the year and their follow up review; and
• A consideration of client’s risk register.
We have summarised below Monitor’s primary risks against the current strategic objectives and
indicate the related audits proposed
Example of RPM audit strategy is the internal audit strategy. Their Internal Audit strategy for Monitor
categorises the organisation into 3 systems as follows:
1) Operational systems: these include the main systems associated with the delivery of Monitor’s
core duties as regulator.
Assessment: The number of Foundation Trusts is planned to increase and, as a result, Monitor
will need to ensure it continues to be restheirced with a capable and experienced team in order
to maintain a rigorous assessment process.
Compliance: Their Internal Audit strategy will continue to consider Monitor’s approach
scalability and the capacity of senior management and the Board to provide effective
oversight over an increasing number of FTs.
Intervention: Monitor has recently revised the Compliance Framework to include a core
Escalation and Intervention framework. Their work will include conducting compliance based
audits to ensure the Escalation and intervention framework is being appropriately applied.
2) Support systems: includes those functions and systems which indirectly contribute towards
these core operational duties through the provision of services and restheirces to the operational
systems.
Knowledge Management: During 2009 Monitor commissioned a review of its information
and knowledge management systems and processes and following the review appointed a
Director of Knowledge Management in 2010.
Financial Systems: This core area of their internal audit work will fundamentally remain
unchanged. The focus will be on providing assurance to both Monitor and the NAO, as
external auditors, over the design and operation of controls on the core financial systems,
2
including Accounting Systems, Payroll & Expenses, Treasury Management, Accounts
Payable, Fixed Assets, Budgeting and Forecasting.
Transition Planning: Monitor will need to commence planning imminently for the design and
implementation of a new organisation which is ‘fit for purpose’ in 2012 while maintaining its
core business of assessment, compliance and intervention.
3) Governance framework: includes the overarching functions. These are processes and entity
level controls in place to ensure the effective and proper performance of both operational and
support systems and to co-ordinate and oversee the progress and direction of Monitor as a whole.
Corporate Governance: As Monitor is expected to serve as a beacon of good practice in this
area, RPM will continue to review compliance with the Combined Code, the NHS Foundation
Trust Code of Corporate Governance, HM Treasury guidance and current good practice.
Strategic Planning: Monitor’s three year corporate plan was renewed and the Business Plan
has been published.
Stakeholder Influencing: Key to Monitor’s ability to influence the development of a devolved
healthcare system is strong stakeholder management and engagement, including how roles
and responsibilities are defined and communicated across the stakeholder network.
RPM have their new VFM audit approach. They will follow a risk based approach to target audit
effort on the areas of greatest audit risk.
Overview of the VFM audit approach, which shoRPMd by the key elements of the VFM audit
approach are summarised below.
1) Audit Risk Assessment: RPM will consider the relevance and significance of the potential
business risks faced by all authorities, and other risks that apply specifically to the Police
Authority. In doing so RPM will consider:
• the Authority’s own assessment of the risks it faces, and its arrangements to manage and
address its risks;
• Information from the Audit Commission’s VFM profile tool;
• evidence gained from previous audit work, including the response to that work; and
• the work of the Audit Commission, other inspectorates and review agencies (where
relevant to their VFM audit responsibilities).
2) Financial Statements Audit: There is a degree of overlap between the work RPM do as part of
the VFM audit and their financial statements audit. RPM have always sought to avoid
duplication of audit effort by integrating their financial statements and VFM work, and this
will continue. RPM will therefore draw upon relevant aspects of their financial statements
audit work to inform the VFM audit.
2
3) Residual Audit Risk: It is possible that theirfinancial statements audit and previous VFM audit
work may provide the assurance RPM need for the VFM audit. To inform any further work
RPM must draw together an assessment of residual audit risk, taking account of the work
undertaken already.
4) Identifying Further Work: It is possible that RPM may not identify any residualaudit risks and
instead have obtained all the evidence and assurance required from their financial statements
and other audit work. If so, no further work will be necessary prior to issuing the VFM
conclusion. If RPM do identify residual audit risks, then RPM will consider the most
appropriate audit response in each case, including:
• highlighting the risk to the Authority;
• deferring any work because of current or planned work by the body or the Audit
Commission, other in spectorates and review agencies (and/or considering theresults of
such work); or
• carrying out local risk-based work to form a view on the adequacy of the Authority’s
arrangements for securing economy, efficiency and effectiveness in its use of
restheirces.
5) Delivery of Local Risk-Based Work: Depending on thenature of the residual audit risk
identified, RPM will be able to draw on the following audit tools and stheirces of guidance
when undertaking specific local risk-based audit work:
localsavings review guides based on selected previous Audit Commission national
studies.
Any detailed work will also make reference to the detailed VFM characteristics, as
appropriate, and any self assessment the Authoritymay prepare against the characteristics.
6) Conclude on VFM arrangements: At the conclusion of the VFM audit RPM will consider
theresults of the work undertaken and assess the assurance obtained against each of the VFM
themes regarding the adequacy of the Authority’s arrangements for securing economy,
efficiency and effectiveness in the use of restheirces.
7) Reporting: RPM will report on the results of the VFM audit through their Interim Audit
Report and their Report to those charged with governance. These reports will summarise their
progress in delivering the VFM audit, the results and any specific matters arising, and the
basis for their overall conclusion.
The VFM conclusionwill be one of the following:
• unqualified –meaning RPM are happy that in all significant respectsthe Authorityhas
proper arrangements for securing economy, efficiency and effectiveness in the use of its
restheirces; or
2
• except for qualification –meaning RPM are generally satisfied with the adequacy of the
arrangements in place, except for one or more specific issues highlighted during the
audit that relate to specific VFM criteria; or
• adversequalification –meaning RPM are unable to conclude that the Authority has
adequate arrangements in place.
III.2 MATERIALITY
Their audit work is planned to detect errors that are material to the accounts as a whole.
Determining materiality
The company consider quantitative and qualitative factors in setting materiality and
indesigning their audit procedures.
The company will not report audit and disclosure differences that are considered to be trivial
2
Independence and objectivity confirmation
Professional standards require auditors to communicate to those charged with governance, at
least annually, all relationships that maybe ar on the firm’s independence and the objectivity
of the audit engagement partner and audit staff. The standards also place requirements on
auditors in relation to integrity, objectivity and independence. The ISA defines‘ those charged
with governance’ as‘ those persons entrusted with the supervision, control and direction of an
entity’. In ytheir case this is the Audit Committee. RPM is committed to being and being seen
to be independent. APB Ethical Standard1 requires us to communicate to you in writing all
significant facts and matters, including those related to the provision of non- audit services
and the safeguards put in place, in their professional judgement, may reasonably be thought
to be aron RPM independence and the objectivity of the Engagement Lead and the audit
team.
2
In the picture above we can see that the balance of the substantive testing and the
internal control testing in RPM. The RPM will use extensive control testing and reduced
the substantive testing if the type of the transaction/accounts is low value transaction,
high volume, and homogeneous transaction . The example of this type of
transactions/accounts is income and debtors, purchases and payables, and payroll. And
for the situation the RPM use moderate control testing and moderate substantive testing is
when the type of transaction is low/medium value and high/medium volume. The
example of this type of transaction/accounts is tangible of fixed asset. And the last is the
RPM will use limited control testing and extensive substantive testing when the type of
transaction is high value and low volume.
The senior assessment team should test the effectiveness of the controls to determine if
the controls are operating effectively and may be relied upon to ensure the assertions are
valid. The determination of whether the controls have been applied throughout the period of
testing may be accomplished by the senior assessment team selecting a sample of transactions
processed throughout the period, based on the sampling plan. The sample should be selected
from the complete population of the transactions for which controls are to be tested. The
completeness of the population should be verified by comparison with the original data
source. Testing the controls requires reperforming the transactions or controls or applying
2
other test techniques to the selected transactions and determining if the controls performed as
designed and expected. The type of the document that can be take for the sample are: Existing
policy and procedure manuals, Existing forms and documents, Transaction cycle narrative,
Transaction cycle flowchart.
RPM also use the five components of internal control that basic of COSO (The Commite
Of Sponsoring Organizations) internal control-intergrate framework. And the components
are:
1. Evaluate Control environment : The control environment is the organization structure and
culture created by management
and employees to sustain organizational support of internal control. The control
environment
is the foundation for all other components of internal control. Following aspects of
control environment is:
Management’s philosophy and operating style
Delegating authority and responsibility.
Organization structure and resources.
Commitment to competence
Integrity and ethical standards
2
4. Evaluate the Information and Communication Processes : Information related to
financial reporting should be communicated to relevant personnel at all levels within the
organization. The information should be relevant, reliable, and timely. evaluate the
organization’s financial reporting processes to determine whether information is based
upon integrated systems or the same source information
5. Evaluate the monitoring process: evaluate whether each agency is performing its own,
independent monitoring and evaluation of the ICOFR environment and identifying and
correcting deficiencies in a timely fashion throughout the year.
The RPM International Audit Methodology addresses both manual and automated
controls and requires use of information technology professionals and other specialists by
member firms in the core audit engagement team when appropriate. The methodology also
includes procedures aimed at detecting and responding to the risk of material misstatement
resulting from fraud; Communications relating to the engagement team’s exercise of
professional skepticism with respect to potential fraud risk factors have been reinforced and
enhanced.
2
clients and audit professionals is a key component of RPM International’s Audit IT strategy.
RPM International’s next generation audit tool, eAudIT, is scheduled for full global
deployment in 2010.
CHAPTER IV
CONCLUSION
The audit planning implemented by RPM are the same with the theory we learned, but with
those who have much experience, they've revised the audit planning they do. RPM
summarized their audit planning into three activities, which are perform risk assessment
procedures and identify risks, determine audit strategy and determine planned audit approach.
Also in determining materiality and evaluating internal control, they do based on their audit
program, RPM International Audit Methodology, which includes all the requirements of the
International Standards on Auditing (ISAS).