Advanced Auditing

Crash Course
ISAs
 ISA 230
1. Benefits of documentation
2. When to document
3. What to document
4. How to document
5. Assembly of final audit file
6. Change in audit file after archiving
• Due to subsequent events
• Due to cold review / inspection
 ISA 240
1. Fraud and its types
• Misappropriate of assets
• Fraudulent financial reporting
2. Responsibility for fraud
3. Auditor’s responsibility at FS level
4. Discussion amongst engagement team
5. Fraud Inquiries + WR
6. JE testing
7. Retrospective review of estimates
8. Review of transactions outside normal course
9. Fraud in revenue recognition
10. Unable to continue engagement
11. Communication with Management and TCG
12. Indicators of fraud and fraudulent accounts
 ISA 250
1. Responsibility for law compliance
2. Types of Laws
• Direct effect on financials
• Indirect effect on financials
3. Obtain understanding of how legal framework and how company is complying
4. Auditor’s responsibility for direct effect laws – SAAE
5. Auditor’s responsibility for indirect effect laws
• Inquire Management / TCG + WR
• Review correspondence with authorities
• Remain alert
6. Auditor’s responsibility under laws in addition to requirement of ISAs
7. Auditor’s responsibility when non-compliance is identified or suspected
• Obtain understanding of circumstances
• Possible effect on financial statements
• Discuss with Mgmt. / TCG – if they don’t provide info obtain legal advice
• Assess impact on other areas of audit
• Assess impact on audit opinion
8. Reliability of WR falls in doubt:
• Management / TCG involved in non-compliance with laws
• Management / TCG had knowledge but did not report non-compliance
9. Communication with Management and TCG
10. Effect on audit report
 ISA 260
1. Communication process
2. Matters to be communicated
a. Planned scope & timing
b. Qualitative aspects of accounting practices
c. Significant difficulties
d. Significant matters
e. Modifications of AR
f. Independence (listed companies)
3. Mode of communication
 ISA 265
1. What is a Significant deficiency in internal controls
2. Format of communication
 ISA 300
1. Benefits of planning
2. Audit strategy
3. Audit plan
4. Matters to consider in devising strategy
5. Preliminary engagement activities (Additional PEAs for initial audits)
 ISA 315
1. Risk assessment procedures (Inquire, Analytical, Observation, Inspection)
2. Obtain understanding of Entity and Environment
• Industry / regulatory framework
• Nature of entity, operations, ownership, investments and financing
• Accounting policies
• Objectives, strategies and business risks
• Measurement and review of financial performance
3. Obtain understanding of Internal control
a. Obtain an understanding (Mandatory)
b. Evaluate their effectiveness (Mandatory)
c. Test controls (Optional)
4. Elements of control system to be understood
a. The control environment
b. The entity’s risk assessment process
c. The information system
d. Control activities (internal controls)
e. Monitoring of controls
5. Significant risks (LMN factors)
6. Risks for which substantive procedures alone do not provide sufficient appropriate
audit evidence
 ISA 330
1. Levels of risk
• Normal risk
• Significant risk
 LMN factors
 Audit procedures for significant risks
2. Test of controls
• What to check
• Interim testing
• TOCs over 3 years
3. Substantive procedures
• Closing process
• Interim testing
4. Procedures to test presentation and disclosures
 ISA 402
1. Service organization – Service auditor
2. User entity – User auditor
3. Obtain an understanding of controls
• Through user entity
• Through service org
• Through Type 1 or Type 2 report
 What to consider when using this option
4. Test of controls
• Through user entity
• Through service org
• Through Type 2 report
 What to consider when using this option
5. Audit reporting
 ISA 450
1. Triviality threshold
2. Accumulation of identified misstatements
3. Communication and correction of misstatements
4. Revision to materiality
5. Evaluating uncorrected misstatements
6. Written representation
7. Items that are qualitatively material
a. Affects compliance with Legal requirements
b. Affects compliance with Debt covenants
c. Accounting policies
d. Mask a change in trends
e. Affects ratios
f. Affects segments information
g. Affects bonuses
h. Affects other information presented in annual report
 ISA 500
1. Using management information as audit evidence
2. Using the work of management’s expert
3. Selecting items for testing
• 100%
• Specific items
• Sampling
 ISA 501
1. Requirements for inventory
• Review instructions
• Observe counts
• Inspect inventory
• Perform test counts
• Physical verification at a date other than YE
• Inventory held by 3rd parties
• Inability to perform physical inspection at any date (YE or other)
2. Litigations and claims
• Procedures
• General and specific letters of enquiry
3. Verification of operating segments disclosures
• Understanding of methods
• Analytical testing
• Verify inter-segment charging
• Compare with budgets and prior year
• Test allocation of assets etc. to segments
 ISA 505
1. What is confirmation procedure
2. Auditor’s control over confirmation
3. Management’s refusal to send confirmation
4. Results of the confirmation procedure
• Doubt on reliability
• Unreliable
• Non-response
• Differences not caused by misstatement
• Differences caused by misstatement
5. Negative confirmations
 ISA 510
1. What are initial audits
2. Audit procedures for opening balances
3. Audit reporting in case misstatement is identified in opening balances
4. Audit reporting in case opening accounting policies are not correctly applied /
restated in the current period
 Answers
W15 A5
(i) The steps that the auditor would need to carryout in the given situation are as follows:
• Check the impairment assessment of the foreign operations carried out by the
management and assesses the reasonableness thereof.
• Ensure that impairment (if any) has been appropriately recorded or disclosed in
• the financial statements.
• Involve the subject matter expert in assessing the workings and assumptions of the
impairment, in case the auditor does not have the relevant expertise.
• In case the use of going concern assumption is no more appropriate, discuss the
matter with management for relevant disclosure and change in accounting treatment.

(ii) The auditor would perform the following steps:

• Obtain an understanding of the nature and significance of the services provided by the
service organization and their effect on the client’s internal controls.
• Obtaining knowledge relating to competencies, capabilities and qualifications
possessed by personnel in Service organizations.
• In case the auditor is unable to obtain understanding from the client, the auditor shall:
• Obtain a type 1 or type 2 report, if available;
• Contact the service organization, through the client;
• Visit the service organization and perform procedures; or
• Use another auditor to perform procedures that will provide the necessary
information about the relevant controls at the service organization.
 Answers
W15 A5
(iii) There is a risk that the attachment file received by the audit team may not be the
same as the original file. The auditor should:
• Contact the customer to determine if the customer has in fact sent the e-mail.
• Request the confirming party to send the email directly with original document
attached or use electronic signatures.

(b) Characteristics of fraudulent journals

• entries involving unrelated, unusual or seldom used accounts
• entries made by individual who typically does not prepare journal entries
• entries recorded at the end of the period
• closing entries that have little or no explanation or description
• entries containing round numbers or consistent by ending numbers
• entries involving complex transactions
• entries containing significant estimates and period-end adjustments
• entries affecting accounts which have been prone to misstatement in the past or
have not been reconciled on a timely basis or contain unreconciled differences
• entries involving inter-company transactions
• entries made during unusual timing or on weekends
• entries involving large number of small account balances.
 Answers
W15 A5

Management override of controls

Irrespective of the auditor’s assessment of the risks of management override of
controls, the auditor shall design and perform audit procedures to test
appropriateness of journal entries recorded in the general ledger and other
adjustments made in the preparation of the financial statements.

In designing and performing audit procedures for such tests, we would:

• make inquiries of individuals involved in the financial reporting process about
• inappropriate or unusual activity relating to the processing of journal entries
• and other adjustments;
• select journal entries and other adjustments made at the end of reporting
• period; and
• consider the need to test journal entries and other adjustments throughout the
• period.
 Answers
Summer 2015 - Q5
(a) Benchmark = PBT +/- One-off items = 1,159 – (225 x 15 / 115) + 210 – 901 = 439
Overall materiality = 439 x 5% = 22m
Performance materiality = 22m x 50% = 11m

Profit before tax is the benchmark since Company is profit oriented. Exceptional
income / loss have been excluded to calculate normalized PBT:
• Sales to Govt. department net of cost of sale
• Loss due to fire
• Gain on sale building

Performance materiality is calculated at 50% haircut on overall materiality, since this

is a first year audit.
 Answers
Summer 2015 - Q5
(b) The auditor should read the previous year financial statements and the
predecessor auditor’s report.

In addition, the auditor should verify opening intangible balances by reviewing the
predecessor auditor’s working papers. If this is not possible, the auditor should
perform the following procedures:
• Trace original cost additions to underlying documents.
• Identify major items and check them with related supporting documents / licenses
etc.
• Recalculate accumulated amortization.
• Review any impairment testing that was performed last year.
• Review the write offs and impairment recorded in the current year.
 Answers
Summer 2015 - Q7

• Governance: Assess the governance process in its accomplishment of objectives

on ethics and values, performance management and accountability,
communicating risk and control information to appropriate areas of the
organization.

• Risk Management: Assist the entity by identifying and evaluating significant

exposures to risk and contributing to the improvement of risk management and
internal control.

• Fraud Detection: Perform procedures to assist the entity in the detection of fraud.

• Internal Controls: Responsibility for reviewing controls, evaluating their operation

and recommending improvements thereto. In doing so, the internal audit function
provides assurance on the control.

• Examination of financial and operating information: Review the means used to

identify, recognize, measure, classify and report financial and operating
information, including detailed testing of transactions, balances and procedures.
 Answers
Summer 2015 - Q7

• Review of operating activities: Review the economy, efficiency and effectiveness of

operating activities, including non-financial activities of an entity.

• Review of compliance with laws and regulations: Review compliance with laws,
regulations and other external requirements, and with management policies
and directives and other internal requirements.
Winter 2012 - Q3
Answers
Steps applicable in both cases
• The qualified report is not appropriate due to this subsequent event.
• Assess whether Salim Limited is in a position to repay the amount as per court’s
decision.
• If the auditor and management agree on the amount of adjustment, auditor will
express an unqualified opinion
• If they do not agree, the basis for opinion section of the Audit report would be
changes
• The auditor should carry out the audit procedures with respect to the amendment
such as reviewing the financial condition of Salim Limited and reviewing
correspondence with entity’s legal counsel to assess the adequacy of the revised
provision.
• The auditor should also review steps taken by management to ensure that anyone
in receipt of the previously issued financial statements is informed
• Issue a new or amended auditor’s report that includes an Emphasis of matter or
Other matter section explaining the revision or referring to the note in the
financial statements that explains the reasons for revision.
 Answers
Winter 2012 - Q3

Additional Steps when Law and Regulation prohibits

• Extend the audit procedures on subsequent events to the date of the new report.
• The new report shall not be dated earlier than the date of the approval of the
amended financial statements.

Additional Steps when Law and Regulation does not prohibit

• Restrict the audit procedures on subsequent events to the decision given by the
court and the related receivable / provision.
• Amend the auditor’s report to include an additional date restricted to that
amendment, or, include an Emphasis of matter or Other matter section explaining
that procedures for the period subsequent to the date of the previous report were
restricted to the specific court case and the related receivable / provision.
 Answers
Winter 2012 Q7
(a) There is doubt over reliability of source and content of confirmation. In this case,
the auditor should:
• Check for digital signatures
• Contact the confirming party and request the confirming party to respond in
writing directly to the auditor
• Verify subsequent receipts from the said party or alternatively inspect relevant
invoices/shipping documents

If the auditor concludes that the response was forged, the auditor should revise the
risk assessment and the nature, timing and extent of planned audit procedures and
assess the implication on the audit report.

(b) The matter represents a limitation on scope of the audit. In this case the auditor
should:
• Inquire and assess whether the reason provided by the management is correct.
• Check correspondence with customer to ascertain the nature of dispute.
• Obtain opinion from the client’s legal counsel as to status and sensitivity of the
dispute.
• Assess whether the balance has been appropriately provided for (if required).
 Answers
Winter 2012 Q7

If after performing the aforesaid procedures, the auditor concludes that:

- Management’s refusal is inappropriate, the auditor should:

• revise risk assessment and the nature, timing and extent of audit procedures
• inform those charged with governance of the matter
• perform alternative procedures such as examining subsequent cash receipts
or inspecting relevant invoices / shipping documents
• if alternative procedures do not provide sufficient appropriate audit
evidence, evaluate the impact on auditor’s opinion.

- Management’s refusal is appropriate; the auditor should

• perform alternative procedures such as examining subsequent cash receipts
or inspecting relevant invoices / shipping documents
• if alternative procedures do not provide sufficient appropriate audit
evidence, inform those charges with governance and evaluate the impact on
auditor’s opinion.
Summer 2012 Q5
Answers
(i) Dear sir
I have summarised the requirements contained in ISA 210 pertaining to the disclosures
sought by the regulator:
• Option 1: If compliance with additional requirements can be met through additional
disclosures, the management would be requested to incorporate additional disclosures
in the financial statements. We as auditors would review the adequacy of those
disclosures
• Option 2: If the additional requirements cannot be met with the additional disclosures,
the management would be requested to amend the description of the applicable
financial reporting framework in the Statement of Compliance in Policy notes of the
financial statements. We as auditors would review the appropriateness of Statement of
compliance.

If none of above courses of actions is adopted, we would consider suitable modification to

our opinion.

Feel free contact me in case of any query.

Regards
External Auditors
Summer 2012 Q5
Answers
(ii) BASIS FOR MODIFICATION SECTION

The XYZ Act 2012 required the company to disclose all contingent liabilities including those
where the probability of outflow of economic benefits is remote. The Company has not
disclosed such contingent liabilities since it is not required to make such disclosures in
accordance with IAS 37.
 Answers
Summer 2012 Q6

The auditor should:

• Determine whether auditor can rely on the reports of the engineer hired by the
management.
• Evaluate the competence, capabilities and objectivity of the engineer
• Obtain an understanding of the procedures followed by the engineer
• Evaluate the appropriateness of using the engineer‘s reports as audit evidence
• Review subsequent receipts/costs to assess the reasonableness of the engineer’s
estimate
• Physically examine sites to assess their status of completion

If the auditor cannot place reliance on the work performed by the engineer, the
auditor should revise risk assessment and consider the need of involvement of
independent external engineer (auditor’s expert).