CONTENT OF THE COURSE

• About me and you

• Introduction
• What is audit
• Audit risk
• Planned Audit Approach
• Audit Work Flow
• Documentation & Audit file structure

1
 About me and you

2
 INTRODUCTION

3
 Course Objectives – Technical
• Understanding of definition of Business and concept
of audit risk
• Given access to Methodology, relevant client
personnel and with guidance from your In-charges,
to be able to:
– Explain the basic audit approach in overview and your role
in an audit
– Perform the basic audit work required of you (testing
controls and basic substantive audit procedures)
– Produce clear, well structured work papers, effectively
documenting audit work

4
 Overview – What is an Audit?
• What is an Audit?
• Why do we perform an Audit?
• Format of the financial statements
• Who uses financial statements?
• Learning points?

5
 Overview – What is an Audit?
• What is an Audit?
• Why do we perform an Audit?
• Format of the financial statements
• Who uses financial statements?
• Learning points?

6
 “Independent” & “Presented fairly ”
• Independent
– not acting on behalf of the company

• Presented fairly
– free from material misstatement

7
 Dictionary Definitions of an Audit
• ‘An inspection, correction and
verification of business accounts
by a qualified accountant….any
thorough going check or
examination’
• ‘An official examination of
business and financial records to
see that they are true and
correct’

8
 Management and Employee Fraud
• Management Fraud
– Manipulating figures for some indirect personal gain
• Employee Fraud
– Theft of assets for direct personal gain

9
 Expectations Gap

• Auditor is responsible to detect fraud

• Audit provides some form of certification that
the financial statements are correct
 Session Overview – What is an Audit?

• What is an Audit?
• Why do we perform an Audit?
• Format of the financial statements
• Who uses financial statements?
• Learning points?

11
 Audit Reports
• Title and addressee
• Introductory paragraph
• Management’s responsibility for the financial
statements
• Auditor’s responsibility
• Auditor’s opinion
• Other matters
• Other reporting responsibilities
• Auditor’s signature
• Date of the auditor’s report and auditor’s address
12
 Types of Audit reports
• Unmodified report
• Matters that Do not affect opinion
– Emphasis of matter
• Matters that Do affect opinion
– Qualified
– Adverse
– Disclaimer

13
 Session Overview – What is an Audit?

• What is an Audit?
• Why do we perform an Audit?
• Format of the financial statements
• Who uses financial statements?
• Learning points?

14
 Checking Financial Statements
• Page references
• Note cross references
• Reconciling to audit work
• Agreeing comparatives to prior year’s
accounts
• Spelling, grammar or other typing and
presentation errors

15
 Session Overview – What is an Audit?

• What is an Audit?
• Why do we perform an Audit?
• Format of the financial statements
• Who uses financial statements?
• Learning points?

16
 Who are the users of financial
statements and why ?

1. Internal Management/ Employees

2. Government/ regulator
3. Banks and other lenders
4. Suppliers
5. Shareholders/Investors and analysts
6. Competitors
 Areas to Consider
♦On what part of the accounts will each user focus
their attention?
♦What would the effect be on each user of the
accounts if the accounts were inaccurate?
♦ What would be the resulting impact on the
company?

18
 Session Overview – What is an Audit?

• What is an Audit?
• Why do we perform an Audit?
• Format of the financial statements
• Who uses financial statements?
• Learning points?

19
 Learning points
• Objective of an Audit
• Expectation gap
• Audit report
• Independent opinion
• Reviews
• Use of financial information

20
 An Audit…
• An Auditor is responsible for identifying instances
of fraud
• Confirms that the financial statements present a
true and fair view (present fairly)
• Corrects all errors in a set of financial statements
• Involves checking all the controls in an
organization in an effort to ensure they are
working effectively

21
 An Audit…
♦Gives an opinion on whether a set of financial
statements are true and fair
♦Gives an opinion as to whether the financial
statements are prepared in all material respects, in
accordance with financial reporting frameworks
♦An Audit is not responsible for identifying all
instances of fraud, but material misstatements,
whether due to fraud or error

♦ Return
22
 AUDIT RISK

23
 Audit Risk – Concept
At the financial
statement level
Financial Statements Financial Statements
are free of material contain material
misstatements misstatements

Unqualified
opinion  Audit Risk

Modified
opinion
Audit Risk

Audit Risk = Risk of Material Misstatement x Detection Risk

24
 Audit Risk – Components

At the assertion level

(significant accounts and
disclosures)

Control Risk Inherent Risk

(CR) (IR)

Detection Risk
(DR)

AR = IR x CR x DR
25
 Audit Risk – Components / definitions

• Inherent Risk…
– is the susceptibility of an assertion to a
misstatement due to error,
– that could be material,
– individually or when aggregated with other
misstatements,
– assuming that there were no related internal
controls.

26
 Audit Risk – Components

Inherent Risk
‘Entity’s Risks’
The auditor assesses
Control Risk them

Our risk as Auditors

Detection Risk
We control it

27
 Audit Risk – Components / Inherent
Risk
Error only, not fraud
• “Inherent risk is the susceptibility of an assertion to a
misstatement due to error, which could be material,
individually or when aggregated with other
misstatements, assuming that there were no related
internal controls”

• We identify and assess inherent risks for assertions

and related significant accounts and disclosures in
the financial statements at the beginning of our
audit, when planning our audit approach
28
 Audit Risk – Components / Inherent
Risk
• When identifying and assessing inherent risks for
assertions related to significant accounts and
disclosures, we consider:
– Degree of complexity
– Level of judgment involved
– External and internal circumstances
• We assess inherent risk as:
– Low
– Moderate
– Significant

29
Audit Risk – Components / Control Risk
• Control risk is the risk that a misstatement
that could occur in an assertion and that could
be material, individually or when aggregated
with other misstatements, will not be
prevented or detected and corrected on a
timely basis by the entity’s internal control

• Internal control systems provide only partial

assurance, not certainty

30
Audit Risk – Components / Control Risk
• When evaluating controls and control risk:
– We focus on controls relevant to the audit
– We consider IT component of controls
– We evaluate separately design and implementation,
and operating effectiveness
• We assess control risk in terms of effectiveness of
controls:
– Effectively designed, implemented and operated
– Designed and implemented effectively, but not tested
for operating effectiveness
– Not effective

31
 Audit Risk – Components / Detection
Risk
• Detection risk is the risk that the auditor's procedures
will not detect a misstatement that exists in an
assertion that could be material, individually or when
aggregated with other misstatements

• Detection risk is set as a response to inherent and

control risks, to reduce the audit risk to an acceptable
low level
– AR = IR x CR x DR
– The greater IR and CR are assessed, the less the detection
risk that can be accepted

32
 Audit Risk – Components / Detection
Risk
• We determine the nature, timing and extent of
audit procedures to match the desired level of
detection risk
We respond to fraud risks by designing and
performing specific fraud-related audit procedures

• Detection risk cannot be reduced to zero:

– We do not examine 100%
– “Human factor” (inappropriate selection or
misapplication of audit procedures, misinterpretation
of audit results)

33
 Determining the Planned audit approach
(1 of 4)
Audit Evidence from Audit Procedures

Evidence from
substantive
procedures

Evidence from
tests of operation
of controls

34
 Determining the Planned audit
(3 of 4)
(2
(4
approach
Audit Evidence
Inherent
Controls
risk of
(control risk) (RoMM)
error

Audit Evidence
At the assertion level (significant
accounts and disclosures)
35
 Audit Workflow
Process Document
• Perform risk assessment procedures and identify
• Planning Document
risks
1 Planning • Entity Level Controls Program
• Determine audit strategy
• Audit Programs for Specific Topics
• Determine planned audit approach

• Understand accounting and reporting activities

• Audit Programs
• Evaluate design & implementation of selected
Control • Financial Reporting Audit Program
2 controls
Evaluation • Audit Programs for Specific Topics
• Test operating effectiveness of selected controls
• IT General Controls Program
• Assess control risk & RoMM

• Plan substantive procedures • Audit Programs

Substantive • Perform substantive procedures • Financial Reporting Audit Program
3 Testing • Consider if audit evidence is sufficient and • Audit Programs for Specific Topics
appropriate • Summary of Audit Differences

• Completion Document
• Perform completion procedures • Financial Reporting Audit Program
4 Completion • Perform overall evaluation • Audit Programs for Specific Topics
• Form an audit opinion • Summary of Audit Differences
• Audit Checklist

36
 1
Planning
Perform Risk Assessment Determine
Determine
Procedures and Identify Audit
Planned Audit Approach
Risks Strategy

• Understand the entity

• Business, industry and Classes of
environment • Materiality transactions
• Accounting policies and • Timing & team
practices assignments, Controls
• Financial performance including Account balances approach
• Evaluate entity level controls specialists derived from
• Involvement of estimates
Identify financial statement others
level risks, including fraud
risks Other account
balances
Identify Substantive
Assess approach
• Significant accounts and Determine Select inherent
disclosures audit relevant risk Disclosures
• Assertion level inherent objectives assertions
of error
risks, including fraud risks

Working • Planning Document • Entity Level Controls Program

Papers • Audit Programs for Specific Topics • IT General Controls Program

Working • Evaluation of Service Organizations

Papers, if • Evaluation of External Experts
applicable • Evaluation of Internal Audit

37
2
Control Evaluation
Understand Test operating
Planned Evaluate design & Assess Assess
accounting & effectiveness of
implementation of control risk RoMM
approach reporting selected
selected controls
activities controls

When we plan to rely Effective and

• Activities When we plan to
on controls tested
• Significant risk rely on controls
or if inherent risk of Low
points * we test operating
Controls error is significant
• Controls effectiveness of Effective and
approach or if fraud risk
• Walkthrough * selected controls not tested
• Select controls
* Classes of • Evaluate design & Moderate
transactions only
implementation
Ineffective

Substantive High
Activities
approach
Inherent risk
of error

Working • Audit Programs

• Financial Reporting Audit Program
papers i • Audit Programs for Specific Topics
Working
papers if • IT General Controls Program
applicable

38
 3
Substantive Testing
RoMM
Consider if audit
Perform substantive
Plan substantive procedures evidence is sufficient
assessment procedures
and appropriate

Consider Substantive analytical

• Relevant Assertions procedures
Low • Inherent risks
• Fraud risks
• Risk of management override of
controls Tests of detail Conclude on audit
Moderate • RoMM assessment objectives
• Approach to journal entries
• Unpredictable procedures
• Sampling method
High • Use of CAATs
Fraud procedures

Working • Audit Programs • Financial Reporting Audit Program

Papers • Summary of Audit Differences • Audit Programs for Specific Topics

Working • Instructions for Inventory Count Attendance

• Test of Details Document
Papers if
applicable • IDEA CAATs Document

39
 4
Completion
Form an
Perform completion procedures Perform overall evaluation
audit opinion

• Audit objectives associated with significant

risks
• Overall review of financial statements • Consider overall
including • Significant findings and issues sufficiency and
• Final analytics • Reassess materiality appropriateness of
• Read relevant other information • Changes to the audit strategy & audit evidence
planned procedures
• Final procedures for specific topics, • Audit differences
including fraud • Issue audit report
• Material weaknesses or significant
• Management representations deficiencies in controls
• Independence and ethical issues

• Completion Document
Working • Summary of Audit Differences
• Financial Reporting Audit Program
papers • Audit Checklist
• Audit Programs for Specific Topics

40
 DOCUMENTATION &
AUDIT FILE STRUCTURE

41