6/03/2020

BFA713 AUDIT AND ASSURANCE

Semester 1, 2020

Topic 4: Planning and Risk

Assessment [Chapter 5
Dr Masoud Azizkhani and Chapter 6]
Note: This lecture handout is prepared based on Gay and
Simnett (7th edition) (and accompanying slides) and the
lecturer’s own input.

TASMANIAN SCHOOL OF
BUSINESS & ECONOMICS

Learning objectives
• Client acceptance and continuance
• The importance of audit planning
• Aspects of the auditor’s understanding of a business and its
environment
• Assess business risk
• Audit strategy and audit plans
• Analytical procedures
2

1
 6/03/2020

Figure 5.1 Flowchart of Planning and Risk Assessment Stage of a

Financial Report Audit

Figure 5.2 Steps in Accepting an Audit

2
 6/03/2020

Obtaining Clients

▪ Advertising, publicity and solicitation are permitted provided they are not false,
misleading, deceptive or otherwise reflect adversely on the profession.

▪ Competing for prospective clients through tenders is quite common.

▪ Auditors should be careful of audit clients that are opinion shopping.

Acceptance and Continuance Evaluation Procedures

▪ Policies and procedures for client acceptance and continuance → important →

audit firm will want to avoid association with a client whose management
lacks integrity (APES 320 and ASQC 1)
▪ Procedures carried out before accepting a new client or continuing with an
existing client include:
✓obtaining and reviewing client’s financial information making inquiries of
third parties, such as solicitors and bankers
✓communicating with previous auditor
✓evaluating the firm’s independence and ability to serve the client,
including technical skills and knowledge of industry and personnel
✓ensuring that accepting engagement will not violate the Code of Ethics. 6

3
 6/03/2020

Communication with Previous Auditor

▪ Communicate with the previous auditor about any professional matters before
accepting the engagement
▪ APES 110 requires that:
✓the incoming auditor should request the client’s permission to communicate
with the previous auditor
✓if the client refuses permission, normally decline nomination
✓if permission is granted, the nominated auditor asks the previous auditor in
writing for all information → to decide whether nomination should be
accepted.
7

Engagement Letters
▪ After accepting the appointment, an “Engagement letter needs to
be signed between the auditor and the client(ASA 210 and APES
305.3.1 )

▪ The engagement letter should contain:

✓the objectives and scope of the audit
✓the responsibilities of the auditor
✓the responsibilities of management
✓identification of the applicable financial reporting framework
✓the form and contents of any reports
✓Audit fees
✓Does not affect auditor’s responsibility to external users 8

4
 6/03/2020

Initial Engagement
▪ For the initial audit engagement, ASA 510/ISA 510 requires that
the auditor obtains evidence that:
✓the opening balances do not contain material misstatements
✓the previous period’s closing balances have been correctly
brought forward to the current period
✓appropriate accounting policies are consistently applied.
▪ Obtaining sufficient appropriate audit evidence about opening
balances could be facilitated by reviewing audit working papers of
previous auditor.
9

Audit Planning
▪ Audit planning involves:
1. Understanding the client’s business and risks
2. Developing an overall audit strategy
3. Developing a detailed audit strategy
➢Audit strategy: sets the scope, direction and timing of audit,
and guides the more detailed audit plan/program.

➢Audit plan/program: sets out the nature, timing and extent of

audit procedures
10

10

5
 6/03/2020

Overall Timing of Engagement

The three stages of the audit: planning, interim and final.
1.Planning:
▪ Understand the business and its environment
▪ Assess inherent risk
▪ Reviewing the accounting system
▪ study and evaluation of internal control and assessment of control risk
span both the planning and interim phases.
2. The evidence gathering phase, performing tests of controls and substantive
procedures can be performed at either the interim phase (before year-end) or
final phase, (after year-end).
3. Some substantive tests (e.g. counting inventory) are best done at balance 11

date, others are best done close to engagement completion.

11

Exhibit 5.2 Overall Timing of Engagement

12

12

6
 6/03/2020

Figure 5.3 Steps in the Risk Assessment Process

13

13

Figure 5.4 Obtaining an Understanding of the Entity and Its

Environment

14

14

7
 6/03/2020

Industry, Regulatory and Other External Factors

▪ Aim is to Identify the area that are more likely to be misstated
▪ Need to understand:
1. Industry and economic conditions
2. Government regulations
3. Change in technology and competitive conditions
4. industry-specific accounting practices
5. Sources of information include trade journals, industry statistics and the audit
firm’s knowledge management database.
▪ Refer to the appendix for ASA315 15

15

Nature of the Entity

▪ The organisational structure of an entity.
▪ In order to understand the business purpose of material transactions,
the auditor:
✓examines organisational charts and reads manuals
✓makes enquiries about policies and procedures in effect
✓observes the actions of employees and top management.
.

16

16

8
 6/03/2020

Accounting Policies, Objectives and Measurement

Techniques
The auditor needs to:
▪ understand the entity’s accounting policies, including the reasons for
any changes to them
▪ consider the entity’s objectives and strategies and any related
business risks that may result in a risk of material misstatement
▪ gain an insight into the risks facing an entity by examining how
management and external stakeholders measure financial
performance (short term or long term performance measures).
17

17

Business Risk
▪ Business risk:
✓Risk that an entity’s business objectives will not be attained as a
result of external and internal forces brought to bear on an
entity and, ultimately, the risk associated with the entity’s
profitability and survival.
▪ Business risks affects inherent risks and control risks, and thus,
the detection risk
• It is a risk adjusted process

18

18

9
 6/03/2020

Figure 5.6 Relationship Between Client Business Risk

and Global, Local and Internal Environments

19

19

Business risks

✓considering previous experience with entity and industry

✓discussion with senior people and internal auditors in the entity
✓discussion with other auditors and advisers and knowledgeable
people, such as industry economists and industry regulators
✓review of significant legislation and regulations
✓reading of industry publications and documents produced by
entity
✓visiting entity’s premises
✓performance of analytical procedures. 20

20

10
 6/03/2020

Examples of Business risk and inherent risk

Business risk Inherent risk

Competition in the * Depends

industry
Exploration activities * -
do not find any
viable deposits
It is difficult to value * *
natural resources
The need to have a * * 21

custom made
equipment
21

Significant Risks

▪ Factors to consider when determining significant risks include:

✓the risk of fraud
✓relationship to recent significant economic, accounting or
other developments
✓complexity of the transactions
✓Involvement of significant transactions with related parties
✓degree of subjectivity in measuring related financial
information
✓whether significant transactions are unusual 22

22

11
 6/03/2020

Figure 5.10 Auditor’s Response to Assessed Risks

23

23

Range of Audit Strategies

Lower assessed Predominantly

level of substantive
control risk approach

Audit strategy may be anywhere along this continuum. 24

24

12
 6/03/2020

Lower Assessed Level of Control Risk Approach

▪ If internal control is well designed and expected to be highly

effective, audit strategy will include:
✓low or medium assessed level of control risks
✓extensive understanding of relevant parts of internal control
✓extensive tests of control
✓reduced level of substantive audit procedures, based on
planned acceptable level of detection risk being high or
medium. 25

25

Predominantly Substantive Approach

▪ If the auditor believes adequate controls do not exist or might be

ineffective, or that testing controls are not cost effective, the audit
strategy will be to:
✓use a planned assessed level of control risk of high
✓plan to obtain a minimum understanding of internal control
✓plan no tests of control
✓plan extensive substantive audit procedures based on planned
acceptable level of detection risk of low or medium. 26

26

13
 6/03/2020

Preparing Detailed Audit Plan or Program

▪ Auditors are required to develop and document audit plan / program (ASA 300)
▪ An audit plan or audit program is a detailed list of audit procedures that need
to be applied to a particular balance or class of transactions to implement the
audit strategy.
▪ A well-prepared audit program should provide:
✓evidence of proper planning of work
✓guidance to inexperienced staff
✓evidence of work performed
✓a means of controlling time spent on the engagement
✓evidence of consideration of internal control in relation to proposed audit
procedures.
27

27

Preparing Detailed Audit Plan or Program (cont.)

▪ An audit program will outline the following characteristics of audit procedures:

✓Nature — particular audit procedures to use and particular items to which a
procedure will be applied.
✓Extent — number of items to which procedures will be applied and number
of different tests to be performed.
✓Timing — appropriate time to perform the procedure
▪ Many audit firms have computer software that takes IR and CR assessment (by
prompting audit staff with specific questions) and combine with knowledge of
the entity to produce tailor-made audit programs.
28

28

14
 6/03/2020

Assigning and Scheduling Audit Staff

▪ Establishing and coordinating staff involves the selection of competent

people, preparing a time budget and work schedule and supervising the staff.

▪ In the audit of a complex entity the auditor may require the assistance of:
✓specialists within the auditor’s own firm
✓experts within or serving the client’s organisation, including internal
auditors
✓independent experts.
29

29

Analytical Procedures

▪ Analytical procedures involve the use of ratios, trend analysis and operating
statistics for comparison with internal and external data.

▪ Can be used at all stages of the audit: e.g. in planning stage, as a form of
evidence or as part of a final review.

▪ At this stage we concentrate on the use of analytical procedures in planning

the audit.

30

30

15
 6/03/2020

Analytical Procedures at the Planning Stage

▪ The risk analysis approach requires analytical procedures to be used during the
planning stage of the audit (ASA/ISA 315.6).

▪ Allows the auditor to understand the business and identify areas of potential
risk, thereby assisting in the determination of the nature, timing and extent of
audit procedures.

▪ Steps in performing analytical procedures at the planning stage (Figure 5.11 ):

31

31

Types of Analytical Procedures

Simple procedures: More complex procedures:

▪ simple comparisons ▪ time series modelling
▪ ratio analysis ▪ regression analysis
▪ common-size statements ▪ financial modelling
▪ trend statements
▪ time series analysis

32

32

16
 6/03/2020

Ratio Analysis
▪ At the planning stage the auditor is undertaking ratio analysis on unaudited
financial information, thus any ratios not in accordance with the auditor’s
expectations will indicate areas requiring significant audit attention.

▪ These ratios may be compared to:

✓industry data: average ratios in industries listed on the ASX
✓internal data → previous years; budgets or forecasts; segment or division
data.

▪ Ratios Commonly Used at the Planning Stage

✓1. Short-term liquidity
✓2. Activity
✓3. Profitability
✓4. Solvency 33

33

Examination of Significant Fluctuations

▪ The auditor must decide which fluctuations are significant and thus
warrant investigation.

▪ Thus the audit working papers must show:

✓identification of each significant fluctuation
✓explanations provided by management should be considered
✓the results of work done to corroborate explanations received.

34

34

17
 6/03/2020

Case Study –Dell

35

35

BFA713 AUDIT AND ASSURANCE

Semester 1, 2020

Topic 4: Planning and Risk

Assessment [Chapter 6]

TASMANIAN SCHOOL OF
BUSINESS & ECONOMICS

36

18
 6/03/2020

Learnings objectives
▪Assessment of inherent risk
▪Fraud and assessment of the risk of fraud
▪Auditor’s consideration of the related-parties
transactions
▪Assess the appropriateness of going concern basis
37

37

Figure 6.1 Flowchart of Planning and Risk

Assessment Stage of a Financial Report Audit

38

38

19
 6/03/2020

Figure 6.2 Levels of Risk Assessment

39

39

Assessing Inherent Risk

▪ Inherent risk (IR):
✓Susceptibility of account balance or class of transactions to material
misstatement given inherent and environmental characteristics, but
without regard to internal control.
▪ An assessment of IR and control risk (CR) can be combined or separate.
Irrespective of this, an auditor is required to:
▪ Assess IR at financial report level for audit strategy.
▪ Assessment must then be related to assertions at account balance or
class of transactions level when developing audit plan or program.

40

40

20
 6/03/2020

IR at the Financial Report Level & Business Risk (BR)

▪ An entity’s business strategy and associated risks will affect an auditor’s
assessment of IR at the financial report level.

▪ Where possible, an auditor traces BRs to areas of a financial report that are likely
to be misstated.

▪ Example of factors that affect inherent risk at the financial report level:
✓Integrity of management
✓Unusual pressure on management.
▪ As IT risks can be pervasive to the entity, factors affecting overall IR associated
with IT include:
✓significant changes in IT;
✓insufficient IT skills and resources;
✓lack of entity support and focus
41

41

Inherent risk at account / assertion levels

▪ Factors affect the inherent risk at account / assertion level:

1. Complexity of underlying transactions
2. Judgment involved in determining the account balance
3. Susceptibility of assets to loss or misappropriation
4. Occurrence of unusual and complex transactions at near the year end
5. Transactions not subject to ordinary processing
42

42

21
 6/03/2020

Figure 6.3 Effect of Inherent Risk on an Account Balance

Assertion

43

43

Fraud
▪ Definition: ‘An intentional act by one or more individuals among
management, those charged with governance, employees, or
third parties, involving the use of deception to obtain an unjust or
illegal advantage’ [ASA 240.11].
▪ At the planning stage, auditors are required to consider the risk
that material misstatements resulting from fraud will not be
detected, and consider risk of fraud when deciding which risks
are significant (ASA315.28).

▪ It is easier to miss material misstatements resulting from fraud

because fraud involves acts designed to conceal it, such as
collusion, forgery or intentional misrepresentation to the auditor.
44

44

22
 6/03/2020

Figure 6.4 Types of Fraud

45

45

Figure 6.5 Fraud Triangle

1. Pressure / incentive
2. Opportunity
3. Rationalisation
▪ All three elements are needed for a fraud
to occur

46

46

23
 6/03/2020

Detection and Prevention & Reporting of Fraud

▪ The primary responsibility for the prevention and detection → rests with
those charged with governance of the entity and management (ASA
240.4).
▪ The audit should be planned to obtain reasonable assurance that fraud that
may be material has not occurred or, if it has, that the effect of the fraud is
properly reflected in the financial report (ASA 240.5).
▪ ASA 240 requires auditors to:
✓specifically consider risks of material misstatement due to fraud
✓discuss an entity’s susceptibility to fraud with the audit team
✓make more extensive enquiries of management with respect to fraud.
▪ Auditor has a duty to report fraud, irrespective of materiality, to an
appropriate level of management when suspicions are aroused. 47

47

Fraud Risk Factors

▪ Condition and events that indicate an increased risk of fraud
▪ Also known as “red flag”.
▪ The existence of these “red flags” or danger signs does not necessarily
mean that fraud is being perpetrated → But it does indicate that the
inherent risk of fraud has increased → need to modify the audit programs
accordingly.
▪ An auditor commonly uses a checklist to identify increased risks of fraud.
Where risk is high, it is called a 'red flag'.

▪ Appendix 1 to ASA 240 provides examples of fraud risk factors and Appendix
3 provides examples of circumstances that indicate the possibility of fraud.
management
48

48

24
 6/03/2020

Earnings Management
▪ Occurs when judgment in financial reporting and in structuring
transactions is used to alter financial reports to influence the
perceptions of stakeholders.
▪ Earnings management by clients may fall into the following
categories:
✓intentional violations of accounting standards and other
reporting requirements that are individually immaterial
✓inappropriate revenue recognition
✓‘big bath’ charges under the guise of restructuring
✓improper accruals and estimation of liabilities in good times. 49

49

Related Parties
▪ Definition in AASB 124 (IAS 24):
✓Entities are related if one entity is able to significantly influence or control
the operating, financing or investing decisions of another; or if several
entities are subject to control from the same entity; or if the party is a joint
venture in which the entity is a venture.
▪ Related parties include key management personnel (including directors), their
close family members and entities controlled by them.
▪ Auditors are required to specifically assess the risk that related parties and
related-party transactions will not be identified, or appropriately disclosed
and/or measured (ASA /ISA550).
▪ An auditor must identify all related parties when planning the audit because:
✓Disclosure requirements for related parties transactions
✓the reliability of audit evidence is a function of the source of that evidence
✓the initiation of a related-party transaction might be motivated by other 50
than ordinary business conditions, such as fraud.

50

25
 6/03/2020

Procedures for Identifying Related Parties

1. Review the previous period’s working papers for known related parties.
2. Make enquiries of management concerning the names of all related parties.
3. Review the entity’s procedures for identifying related parties.
4. Enquire about management’s and directors’ affiliations with other entities.
5. Review minutes of meetings.
6. Enquire of other auditors involved in audit.

51

51

Appropriateness of the Going Concern Basis

▪ Going concern assumption:
✓Entity is viewed as continuing in business for the foreseeable future
without any intention or necessity to liquidate or otherwise cease its
operations (ASA 570.2).

▪ auditors are required to assess going concern at planning stage, as imminent

business failure might affect the appropriateness of presentation of financial
report or might motivate management misrepresentations (ASA570).
▪ Early identification helps focus audit effort on appropriate assertions in the
financial report and permits early communication with management.

▪ An auditor focuses primarily on anticipated events during the relevant period,

approximately 12 months from the date of the current audit report to the
expected date of the next audit report.
52

52

26
 6/03/2020

Examples of Indications of Going Concern Problems

▪ Financial indicators include:
✓high gearing or fixed-term or reliance on short-term borrowings
✓withdrawal of financial creditors, inability to pay creditors or denial of trade
credit
✓negative operating cash flows or adverse key financial ratios
✓lack of sustainable operating profits
✓dividend arrears
✓difficulty in complying with terms of loan agreements
▪ Operating indicators include:
✓Management’s intention to cease operations
✓loss of key management personnel
✓loss of major market, licence or franchise
✓shortages of important supplies 53

✓emergence of highly successful competitors.

53

Examples of Indications of Going Concern Problems

▪ Other indications:
✓non-compliance with capital or statutory
requirements
✓legal proceedings against the entity
✓adverse changes in legislation or government
policy
✓uninsured or underinsured disasters.

54

54

27
 6/03/2020

Mitigating Factors

▪ The significance of those going concern indications that are related to cash flow
or solvency can often be mitigated by factors that increase cash inflow or
decrease cash outflow.
▪ Auditor should consider those mitigating factors. They include:
✓Asset factors—sale of assets, or delayed replacement
✓Debt factors—unused lines of credit, ability to renew or extend existing loans
✓Cost factors—ability to reduce costs
✓ Equity factors—additional contributions from owners, subsidiaries or
associates.
55

55

Sum up
• Client acceptance
• Audit planning
• Assess inherent risk
• Assess business risk
• Audit strategy
• Analytical procedures
• Inherent risk
• Fraud risk
• Related parties
• Going concern

56

56

28
 6/03/2020

Next week

• Assess control risk

57

57

29