Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Summary:
A risk assessment carried out under the ISAs helps the auditor to identify financial statement areas
susceptible to material misstatement and provides a basis for designing and performing further
audit procedures.
• Auditors are required to carry out the audit with an attitude of professional skepticism, exercise
professional judgement and comply with ethical requirements.
• Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial
statements are materially misstated. It is a function of the risk of material misstatement (inherent
risk and control risk) and the risk that the auditors will not detect such misstatement (detection
risk).
• Materiality for the financial statements as a whole and performance materiality must be
calculated at the planning stages of all audits. The calculation or estimation of materiality should
be based on experience and judgement. Materiality for the financial statements as a whole must be
reviewed throughout the audit and revised if necessary.
• The auditor is required to obtain an understanding of the entity and its environment in order to
be able to assess the risks of material misstatements.
• When the auditor has obtained an understanding of the entity, they shall assess the risks of
material misstatement in the financial statements, also identifying significant risks.
• Significant risks are complex or unusual transactions that may indicate fraud, or other special
risks.
• The auditor shall formulate an approach to the assessed risks of material misstatement.
• When carrying out risk assessment procedures, the auditor shall also consider the risk of fraud or
noncompliance with law and regulations causing a misstatement in the financial statements.
• Auditors must ensure they have documented the work done at the risk assessment stage, such as
the discussion among the audit team of the susceptibility of the financial statements to material
misstatements, significant risks, and overall responses.
Summary:
The auditor formulates an overall audit strategy which is translated into a detailed audit
plan for audit staff to follow.
The overall audit strategy and audit plan shall be updated and changed as necessary during
the course of the audit.
It is important to document audit work performed in working papers to:
o Enable reporting partner to ensure all planned work has been completed adequately
o Provide details of work done for future reference
o Assist in planning and control of future audits
o Encourage a methodical approach
Summary:
Auditors must design and perform audit procedures to obtain sufficient appropriate audit
evidence.
Audit tests are designed to obtain evidence about the financial statement assertions.
Assertions relate to classes of transactions and events and related disclosures and
account balances at the period end and related disclosures.
Audit evidence can be obtained by inspection, observation, enquiry and confirmation,
recalculation, re-performance and analytical procedures.
Chapter 10: Test of Controls
Summary:
Summary:
Auditors need to obtain sufficient appropriate audit evidence to support the financial
statement assertions. Substantive procedures aim to obtain that evidence.
Substantive tests are designed to discover errors or omissions.
Analytical procedures are used at all stages of the audit, including as substantive
procedures. When using analytical procedures as substantive tests, auditors must consider
the information available, assessing its availability, relevance and comparability.
When auditing accounting estimates, auditors must:
o Test the management process
o Use an independent estimate
o Review subsequent events
In order to assess whether the estimates are reasonable.
Auditors usually seek evidence from less than 100% of items of the balance or transaction
being tested by using sampling techniques.
CAATs are the use of computers for audit work. The two most commonly used CAATs
are audit software and test data.
External auditors may make use of the work of an auditor's expert, internal auditors and
service organizations and their auditors when carrying out audit procedures.
A service organization provides services to user entities. There may be special
considerations for the auditor of a user entity when that entity makes use of a service
organization.
Internal Control: is the process designed, implemented, and maintained by those charged with
governance, management, and other personnel to provide reasonable assurance about the
achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness
and efficiency of operations, and compliance with applicable laws and regulations.
1) Control Environment: includes the governance and management functions and the
attitudes, awareness and actions of those charged with governance and management
concerning the entity's internal control and its importance in the entity.
Management has created and maintained a culture of honesty and ethical behavior.
The strengths in the control environment provide an appropriate foundation for the other
components of internal control and whether those components are not undermined by
deficiencies in the control environment.
The auditor shall assess whether these elements of the control environment have been implemented
using a combination of enquiries of management and observation and inspection.
The auditor shall obtain an understanding of whether the entity has a process for:
The information system relevant to financial reporting is a component of internal control that
includes the financial reporting system, and consists of the procedures and records established to
record, process and report entity transactions and to maintain accountability for the related assets,
liabilities and equity.
The auditor shall obtain an understanding of the information system relevant to financial reporting
objectives, including the following areas:
The classes of transactions in the entity's operations that are significant to the financial
statements
The procedures, within both IT and manual systems, by which those transactions are
initiated, recorded, processed, transferred to the general ledger and reported in the financial
statements
The related accounting records, supporting information and specific accounts in the
financial statements, in respect of initiating, recording, processing and reporting
transactions
How the information system captures events and conditions, other than transactions, that
are significant to the financial statements
The financial reporting process used to prepare the entity's financial statements, including
significant accounting estimates and disclosures
Controls surrounding journal entries, including non-standard journal entries used to record
nonrecurring, unusual transactions or adjustments
4) Control Activities: are those policies and procedures that help ensure that management’s
directions are carried out.
Control activities include those activities designed to prevent or to detect and correct errors.
Examples include activities relating to authorization, performance reviews, information
processing, physical controls and segregation of duties.
These factors demonstrate why auditors cannot obtain all their evidence from tests of the systems
of internal control. The key factors in the limitations of control systems are human error and
potential for fraud.
Auditors are only concerned with assessing policies and procedures which are relevant to the
financial statements. Auditors shall:
Assess the adequacy of the accounting system as a basis for preparing the accounts
Identify the types of potential misstatements that could occur in the accounts
Consider factors that affect the risk of misstatements
Design appropriate audit procedures
There are several techniques for recording the assessment of control risk; that is, the system. One
or more of the following may be used depending on the complexity of the system.
Narrative notes: The purpose of narrative notes is to describe and explain the system, at
the same time as making any comments or criticisms which will help to demonstrate an
intelligent understanding of the system.
Questionnaires (Internal Control and Internal Control Evaluation Questionnaires)
Flowcharts
Checklists
Tests of Control:
Tests of control are tests performed to obtain audit evidence about the effectiveness of the:
Design of the accounting and internal control systems, i.e. whether they are suitably
designed to prevent, or detect and correct, material misstatement at the assertion level
Operation of the internal controls throughout the period.
Inspection of documents supporting controls or events to gain audit evidence that internal
controls have operated properly, e.g. verifying that a transaction has been authorized
Enquiries about internal controls which leave no audit trail, e.g. determining who
actually performs each function
Re-performance of control procedures, e.g. reconciliation of bank accounts, to ensure
they were correctly performed by the entity
Examination of evidence of management views, e.g. minutes of management meetings
Observation of controls to consider the manner in which the control is being operated
The auditors may find that the evidence they obtain from controls testing indicates that controls
did not operate as well as they expected. If the evidence contradicts the original risk assessment,
the auditors will have to amend the further procedures they have planned to carry out.
Revising the risk assessment and audit procedures will necessitate an update of the audit strategy,
which sets out the scope, timing and direction of the audit. For example, if tests of controls
highlight that many controls are not operating as expected, this may lead to an increase in the
strategy's emphasis on substantive procedures.
Significant deficiencies in internal controls shall be communicated in writing to those charged with
governance in a report to management, which the auditor considers are of sufficient importance
to warrant their attention.
• Misstatements detected by the auditor's procedures that were not prevented, or detected and
corrected, by the entity's internal control
• Restatement of previously issued financial statements that were corrected for a material
misstatement due to fraud or error