Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
This document is to be used for each material account balance (balance sheet account), class of transaction (income
statement account), or disclosure that has been scoped in for audit procedures from Form 1570, Determine Material
Account balances, Classes of transactions, and Disclosure. Within this document you will assess and respond to risks
identified for the relevant material account balance, class of transaction or disclosure you are performing further audit
procedures on.
Risk assessment procedures by themselves, however, do not provide sufficient appropriate audit evidence on which to
base the audit opinion. [ISA 315.5] [G265.01]
There is a risk of data loss when the material account balance, class of transaction, or disclosure is changed in the
question below.
Document the considerations resulting from the partner-led discussion relating to planning the audit.
Show
The Planning && Scoping Resource Center, available in Deloitte Resources, is primarily intended to support:
Effective implementation of the 2010 audit methodology changes, including illustrative guidance and example
flowcharts of risks and related
controls and audit procedures
Engagement teams in their planning and scoping activities, including a global repository of leading practices and tools
Requirements of the new group audit standard, ISA 600, Special Considerations-Audits of Group Financial
Statements (Including the Work
of Component Auditors)
To access the Planning && Scoping Resource Center, right-click and select Section Guidance.
Consider the information gathered in planning regarding this account balance including any unusual or complex
transactions, not previously identified that may have an impact on the manner in which audit assurance is obtained.
For each Material Account Balance, Class of Transaction or Disclosure, we need to consider whether factors exist that
may increase the risk of misstatement. This includes a consideration of whether there are conditions or events that
specifically increase the risk of fraud or error, as well as an assessment of the risk that fraud or error may cause the
Account Balance to contain material misstatements. We also inquire of appropriate levels of management about any
fraud or significant error that has been discovered.
Our research into the incidences of misstatement enables us to recognize factors that may increase the risk of
misstatement, and we use these factors to identify risks.
The following points have been considered in assessing risk for this account balance, class of transaction or disclosure:
Performed by:
RRT 11/24/2014
SIGNIFICANT MATTERS
Guidance
Show
Significant Matters are matters which are judged through objective analysis of the facts and circumstances to be
significant to the audit, like for example fraud, control deficiencies and non-compliance with laws or regulations.
Judging the significance of a matter requires an objective analysis of the facts and circumstances. Examples of
significant matters include:
Matters that give rise to significant risks
Results of audit procedures indicating either of the following:
o That the financial statements could be materially misstated
o A need to revise our previous assessment of the risks of material misstatement and our responses to those risks
Circumstances that cause us significant difficulty in applying necessary audit procedures
Findings that could result in a modification to the audit opinion or the inclusion of an Emphasis of Matter paragraph in
our audit report. [ISA 230.A8] [P020.15]
Significant matters and issues identified during the planning process should be captured within the risk tables below if
they give rise to risks. Otherwise, they should be documented in Form 1810, Audit Planning Memorandum.
IDENTIFIED RISKS
Document in the table below the risks and significant risks identified for the material account balance, class of
transaction or disclosure.
Irrespective of the assessed risks of material misstatement, we shall design and perform substantive procedures for
each material class of transactions, account balance, and disclosure. [ISA 330.18] [G085.01] If no risks are identified,
revisit the conclusions reached in Form 1570, Determine Material Classes of Transactions, Account Balances and
Disclosures, to ensure the class of transactions, account balance, or disclosure is material. If there are no risks
identified, enter No risks below to be able to document procedures to be performed.
Identify risks for the material account balance, class of transaction, or disclosure
Tax provision is misstated because:
- Some non-taxable revenue has been incorrectly classified as taxable or was included at an incorrect amount.
- Some tax deductible expenses have been incorrectly classified as non-tax deductible or were included at an incorrect amount.
- Some non-tax deductible expenses have been incorrectly classified as tax deductible or were included at an incorrect amount.
- Some taxable revenue has been incorrectly classified as nontaxable or was included at an incorrect amount.
Tax provision is misstated becauseadditional tax assessed by the Ministry of Tax (whether paid or not) has not been recorded or has
Transactions with a deferred income tax impact are not considered when calculating deferred tax balances.
Deferred tax calculations, or supporting schedules/information, include mathematical errors.
Guidance
Show
While fraud risk factors may not necessarily indicate the existence of fraud, they have often been present in
circumstances where fraud has occurred and therefore may indicate risks of material misstatement due to fraud.
[Adapted from G525.01]
See Topic G525 in the Deloitte Audit Approach Manual for additional guidance related to fraud risk factors.
Significant Risks
As part of our risk assessment, we shall determine whether any of the risks identified are, in our judgment, a significant
risk. In exercising this judgment, we shall exclude the effects of identified controls related to the risk. [Adapted from
2810.01]
In exercising judgment as to which risks are significant risks, we shall consider at least the following:
Whether the risk is a risk of fraud
Whether the risk is related to recent significant economic, accounting or other developments and, therefore, requires
specific attention
The complexity of transactions
Whether the risk involves significant transactions with related parties
The degree of subjectivity in the measurement of financial information related to the risk, especially those
measurements involving a wide range of measurement uncertainty
Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that
otherwise appear to be unusual. [ISA 315.28] [2810.02]
Accounting Estimates
We shall determine whether, in our judgment, any of those accounting estimates that have been identified as having high
estimation uncertainty give rise to significant risks. [ISA 540.11] [5820.04]
In determining whether risks associated with related party relationships and transactions are significant risks, give
consideration to the following:
Significant related party transactions outside the entitys normal course of business shall be treated as giving rise to
significant risks. [Adapted from G390.01]
Fraud risk factors identified when performing the risk assessment procedures and related activities in connection with
related parties (including circumstances relating to the existence of a related party with dominant influence) [ISA 550.19]
[Adapted from G390.02]
Management is in a unique position to perpetrate fraud because of managements ability to manipulate accounting
records and prepare fraudulent financial statements by overriding controls that otherwise appear to be operating
effectively. Although the level of risk of management override of controls will vary from entity to entity, the risk is
nevertheless present in all entities. Due to the unpredictable way in which such override could occur, it is a risk of
material misstatement due to fraud and thus a significant risk. [ISA 240.31] [G535.01]
There is a risk of data loss when the classification of the risk is changed within the table below.
Risks Identified
Risk of material
misstatement due to
fraud?
Classification of risk
(Y/N)
No
Risk
Risk
Transactions with a deferred income tax impact are not considered when
calculating deferred tax balances.
No
Risk
No
Risk
Assess the risk of material misstatement at the assertion level for the account balance, class of transaction, or
disclosure
Assess the risk at the assertion level for the account balance, class of transaction or disclosure so as to provide a basis
for performing further audit procedures.
Note that all assertions related to the same identified risk should be entered on the same cell.
Risks Identified
Re
No
As
Risk
Ex
Va
- Some tax deductible expenses have been incorrectly classified as nontax deductible or were included at an incorrect amount.
- Some non-tax deductible expenses have been incorrectly classified as
tax deductible or were included at an incorrect amount.
Ex
Oc
Ac
Tax provision is misstated becauseadditional tax assessed by the Ministry No
of Tax (whether paid or not) has not been recorded or has been recorded
at an incorrect amount.
Risk
As
Va
Co
Rig
Ex
Oc
Ac
Co
Transactions with a deferred income tax impact are not considered when No
calculating deferred tax balances.
Risk
As
Co
Ex
Co
Deferred tax calculations, or supporting schedules/information, include
mathematical errors.
No
Risk
As
Va
Ex
Ac
Assertions
Show
The definition of the following assertions can be found in Form 0020 Assertions or in Topic G285 of the Deloitte Audit
Approach Manual.
Occurrence
Completeness
Accuracy
Cutoff
Classification
Account balances:
Existence
Rights and obligations
Completeness
Valuation and allocation
Consider which assertions would be applicable to the account balance, classes of transaction, or disclosure and review
the table above to determine whether your risk assessment is complete. Additional risks and assertions can be added as
needed to the tables above. If certain assertions have been determined to not be relevant, consider documenting the
basis for that assessment below.
We should design control and substantive procedures to address the risks identified related to each relevant assertion
for the account balance, class of transaction or disclosure. Such substantive procedures should depend on (1) whether
we have identified a significant risk and (2) whether we plan to rely on controls.
If this account has been identified as relying on information that is produced by a service organization, please consider
the results listed below when planning your controls and substantive testing procedures.
Name(s) and Location of Service Organization(s) Description of portion(s) of the Business Process and Plan to test D&&I
Information Systems performed by this Service
Organization
RISKS
Evaluation o
In the section below, we will document our planned controls and substantive testing procedures to address the identified
risks related to account balances, classes of transactions, and disclosures, other than the significant risks addressed
above.
Note: The tables below will be summarized in the relevant Model Audit Program (5X30) for control and substantive
testing procedures.
Show
We shall design and perform tests of controls to obtain sufficient appropriate audit evidence as to the operating
effectiveness of relevant controls if:
Our assessment of risks of material misstatement at the assertion level includes an expectation that the controls are
operating effectively (i.e., we intend to rely on the operating effectiveness of controls in determining the nature, timing
and extent of substantive procedures); or
Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level. [ISA 330.8]
[4100.01]
In designing and performing tests of controls, we shall obtain more persuasive audit evidence the greater the reliance we
place on the effectiveness of a control. [ISA 330.9] [4100.07]
With respect to some risks, we may judge that it is not possible or practicable to obtain sufficient appropriate audit
evidence only from substantive procedures. Such risks may relate to the inaccurate or incomplete recording of routine
and significant classes of transactions or account balances, the characteristics of which often permit highly automated
processing with little or no manual intervention. In such cases, the entitys controls over such risks are relevant to the
audit and we shall obtain an understanding of them. [ISA 315.30] [G280.01]
Risks Identified
Relevant Assertion
Asset/Liability:
- Some non-taxable revenue has been incorrectly classified as taxable or was included at an
incorrect amount.
Existence
- Some tax deductible expenses have been incorrectly classified as non-tax deductible or were
Expense:
Occurence
Accuracy
Tax provision is misstated becauseadditional tax assessed by the Ministry of Tax (whether paid or Asset/Liability:
not) has not been recorded or has been recorded at an incorrect amount.
Valuation and allocation
Completeness
Rights and obligation
Expense:
Occurence
Accuracy
Completeness
Transactions with a deferred income tax impact are not considered when calculating deferred tax Asset/Liability:
balances.
Completeness
Expense:
Completeness
Deferred tax calculations, or supporting schedules/information, include mathematical errors.
Asset/Liability:
Valuation and allocation
Expense:
Accuracy
In determining whether it is appropriate to use audit evidence about the operating effectiveness of controls obtained in
previous audits and, if so, the length of the time period that may elapse before retesting a control, we shall consider the
following:
The effectiveness of other elements of internal control, including the control environment, the entitys monitoring of
controls, and the entitys risk assessment process
The risks arising from the characteristics of the control, including whether it is manual or automated
The effectiveness of general IT- controls
The effectiveness of the control and its application by the entity, including the nature and extent of deviations in the
application of the control noted in previous audits, and whether there have been personnel changes that significantly
affect the application of the control
Whether the lack of a change in a particular control poses a risk due to changing circumstances
The risks of material misstatement and the extent of reliance on the control. [ISA 330.13] [4100.11]
If we plan to use audit evidence from a previous audit about the operating effectiveness of specific controls, we shall
establish the continuing relevance of that evidence by obtaining audit evidence about whether significant changes in
those controls have occurred subsequent to the previous audit. We shall obtain this evidence by performing inquiry
combined with observation or inspection, to confirm the understanding of those specific controls, and:
If there have been changes that affect the continuing relevance of the audit evidence from the previous audit, we shall
test the controls in the current audit.
If there have not been such changes, we shall test the controls at least once in every third audit and shall test some
controls each audit to avoid the possibility of testing all the controls on which we intend to rely in a single audit period
with no testing of controls in the subsequent two audit periods. [ISA 330.14] [4100.14]
Accounting Estimates
In responding to an assessed risk of material misstatement related to accounting estimates, we may determine it
appropriate to test the operating effectiveness of the controls over how management made the accounting estimate,
together with appropriate substantive procedures.
Rollforward Procedures
If we obtain audit evidence about the operating effectiveness of controls during an interim period, we shall:
Obtain audit evidence about significant changes to those controls subsequent to the interim period
Determine the additional audit evidence to be obtained for the remaining period. [ISA 330.12] [G720.02]
Automated Controls
An automated control can be expected to function consistently unless the program (including the tables, files, or other
permanent data used by the program) is changed. Once we determine that an automated control is functioning as
intended, which could be done at the time the control is initially implemented or at some other date, we may consider
performing tests to determine that the control continues to function effectively. Such tests might include determining that:
Changes to the program are not made without being subject to the appropriate program change controls
The authorized version of the program is used for processing transactions
Audit Evidence about the accuracy and completeness of Information produced by the entity obtained through
testing of automated controls
When using information produced by the entity we shall evaluate whether the information is sufficiently reliable for our
purposes, including as necessary in the circumstances:
Obtaining audit evidence about the accuracy and completeness of the information
Evaluating whether the information is sufficiently precise and detailed for our purposes [ISA 500.9] [G510.11].
In some circumstances, we may conclude that high-level Controls are not dependent on information produced by the
entity.
For example, a high-level Control might be that the Controller reviews the biweekly payroll expense for all 40 salaried
employees, using a system-generated report. The Controller bases his review of the payroll expense on his prior
knowledge of the biweekly expense, his knowledge of the changes in the number and composition of the workforce, his
experience with the budgeting process relating to salary expense, and his knowledge of salary adjustments and bonuses
that have occurred during the period. In this case, the Controllers expectation of the biweekly payroll expense is
developed without using the system-generated report, and consequently, we might conclude that it is not necessary to
perform procedures to test the accuracy and completeness of the system-generated report in order to test the
effectiveness of this Control. [2460.23]
Substantive Procedures
Show
Rollforward Procedures
If substantive procedures are performed at an interim date, we shall cover the remaining period by performing:
Substantive procedures, combined with tests of controls for the intervening period, or
If we determine that it is sufficient, further substantive procedures only
that provide a reasonable basis for extending the audit conclusions from the interim date to the period end. [ISA 330.22]
[G720.05]
Accounting Estimates
In responding to the assessed risks of material misstatement we shall undertake one or more of the following, taking
account of the nature of the accounting estimate:
Determine whether events occurring up to the date of our audit report provide audit evidence regarding the
accounting estimate [5840]
Test how management made the accounting estimate and the data on which it is based. In doing so, we shall evaluate
the appropriateness of the method of measurement and the reasonableness of assumptions used by management
[5850]
Test the operating effectiveness of the controls over how management made the accounting estimate, together with
appropriate substantive procedures (5860)
Develop a point estimate or a range to evaluate managements point estimate [5870] [ISA 540.13] [Adapted from
5830.09]
Consider whether specialized skills or knowledge in relation to one or more aspects of the accounting estimates are
required in order to obtain sufficient appropriate audit evidence. [ISA 540.14] [Adapted from 5830.12]
Irrespective of our assessment of the risks of management override of controls, we shall design and perform audit
procedures to:
Review accounting estimates for biases and evaluate whether the circumstances producing the bias, if any, represent
a risk of material misstatement due to fraud. In performing this review, we shall:
o Evaluate whether the judgments and decisions made by management in making the accounting estimates included
in the financial statements, even if they are individually reasonable, indicate a possible bias on the part of the entitys
management that may represent a risk of material misstatement due to fraud. If so, we shall reevaluate the accounting
estimates taken as a whole
o Perform a retrospective review of management judgments and assumptions related to significant accounting
estimates reflected in the financial statements of the prior year.
For significant transactions that are outside the normal course of business for the entity, or that otherwise appear to
be unusual given our understanding of the entity and its environment and other information obtained during the audit, we
shall evaluate whether the business rationale (or the lack thereof) of the transactions suggests that they may have been
entered into to engage in fraudulent financial reporting or to conceal misappropriation of assets. [ISA 240.32] [Excerpt
from G535.03]
We shall determine whether, in order to respond to the identified risks of management override of controls, we need to
perform other audit procedures in addition to those outlined above (i.e., when there are specific additional risks of
management override that are not covered as part of the procedures performed to address the requirements in
G535.03). [ISA 240.33] [G535.12]
For identified significant related party transactions outside the entitys normal course of business, we shall:
Inspect the underlying contracts or agreements, if any, and evaluate whether:
The business rationale (or lack thereof) of the transactions suggests that they may have been entered into to engage
in fraudulent financial reporting or to conceal misappropriation of assets
The terms of the transactions are consistent with managements explanations
The transactions have been appropriately accounted for and disclosed in accordance with the applicable financial
reporting framework
Obtain audit evidence that the transactions have been appropriately authorized and approved. [ISA 550.23] [G395.11]
If management has made an assertion in the financial statements to the effect that a related party transaction was
conducted on terms equivalent to those prevailing in an arms length transaction, we shall obtain sufficient appropriate
audit evidence about the assertion. [ISA 550.24] [G395.15]
Instructions
Document our planned substantive responses to risks, which should include the nature, timing, and extent of the
procedures to be performed, giving consideration to the following:
If the planned procedure will rely on information produced by the entity (IPE) and we will be obtaining audit evidence
about the accuracy and completeness of the IPE through testing of automated control procedures select Yes for Audit
Evidence about the accuracy and completeness of IPE obtained through testing of automated controls. This information
will flow to Form 158X-IT, Audit Plan for Information Systems, where our planned procedures for the related Application
Systems and IT Environment should be documented. If we are obtaining audit evidence about the accuracy and
completeness of IPE through substantive procedures or manual controls then select No and document the planned
testing of IPE (including the name of the report) within the substantive testing or control procedures tables (as
appropriate).
If the planned procedure does not rely on IPE then select No for audit evidence about the accuracy and
completeness of the IPE through testing of automated controls.
If the results of our D&&I or OE of the Information Systems as documented at Form 158x-IT, Audit Plan for Information
Systems, impacts the extent of any substantive or control testing of the accuracy and completeness of IPE. For example,
if we substantively test a report produced by an Application System which is found to have a significant deficiency in
controls, we may need to modify the nature, timing or extent of our testing of that report.
If our response to risks includes procedures to be performed at interim, the planned procedures should describe both
the interim and rollforward procedures.
The planned control reliance strategy should be considered when determining the extent of testing.
Examples of substantive procedures can be inserted in the table by using the Insert from database function.
Risks Identified
Relevant Assertion
Asset/Liability:
No
No
No
No
Expense:
Occurence
Accuracy
Expense:
Occurence
Accuracy
Completeness
Transactions with a deferred income tax impact are not
considered when calculating deferred tax balances.
Asset/Liability:
No
No
No
No
Completeness
Expense:
Completeness
Expense:
Accuracy
Relevant Assertion
Automated
Audit Evidence
about the
accuracy and
completeness of
IPE obtained
through testing of
automated
controls
Risks Identified
Relevant Assertion
Auto-
Audit Evidence
about the
accuracy and
mated
completeness of
IPE obtained
through testing of
automated
controls
Relevant Assertion
Risks Identified
Relevant Assertion
Plan to test OE in
current period
Risks Identified
Relevant Assertion
Plan to test OE in
current period
Asset/Liability:
No
Taxation 01
Existence
Valuation and
allocation
Expense:
Occurence
Accuracy
Asset/Liability:
Valuation and
allocation
Completeness
Rights and
obligation
No
Taxation 01
Expense:
Occurence
Accuracy
Completeness
Transactions with a deferred income tax impact are not
considered when calculating deferred tax balances.
Asset/Liability:
No
Taxation 01
Completeness
Expense:
Completeness
Deferred tax calculations, or supporting
schedules/information, include mathematical errors.
Asset/Liability:
Valuation and
allocation
Taxation 01
Expense:
Accuracy