Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
STUDY GUIDE
3.1
Module 3
Contents
Preview
Introduction Objectives Teaching materials
3.3
Overview of standards covering risk assessment and response to assessed risks Planning an audit of financial statements Audit materiality
Materiality concepts Application of materiality concepts Performance materiality
Financial statement assertions Identifying and assessing the risks of material misstatement through understanding the entity and its environment
Perform risk assessment procedures Discuss the susceptibility of the entitys financial statements to material misstatement Understand specified aspects of the entity and its environment, including internal control Controls in an IT environment Assess the risks of material misstatement Identify significant risks
3.12 3.15
SWOT analysis PEST analysis Porters five forces model for industry analysis Value chain analysis Simple comparisons Reasonableness tests Ratio analysis
3.33 3.36
Analytical procedures
3.43
3.52
Suggested answers
STUDY GUIDE
3.3
Preview
Introduction
In this module we introduce the concept of a business risk and how it: impacts on the auditors knowledge and understanding of the client; and relates to the risk of material misstatement. Obtaining an understanding of the business assists the auditor in: assessing risks and identifying problems; planning and performing the audit both effectively and efficiently; and evaluating audit evidence This module provides an overview of some techniques for obtaining an understanding of the entity and its environment, including analytical procedures. As a number of the large audit firms have adopted a strategic systems audit approach based on risk analysis, this approach is discussed in this module. Strategic analysis is an important part of risk analysis. Emphasis is placed on the following techniques used in strategic analysis to identify business risks: SWOT analysis; PEST analysis; Porters five forces; and value chain analysis While the management literature employs these types of analysis to identify investing and operating opportunities, auditors consider threats to the auditees business as a source of audit risk. After discussing the planning of an audit and audit materiality, substantial emphasis is placed in this module on ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment and ISA 330 TheAuditors Responses to Assessed Risks. As internal control is a means of mitigating business risk, we examine the components of internal control using the framework set out in ISA 315. We then consider these internal controls in an ITenvironment. An important topic is audit assertions. Following ISA 330, this module discusses the auditors response to assessed risks. Thereare two major classes of audit procedures: tests of control and substantive tests. The purpose of tests of controls is to support an assessed level of control risk (or the risk of material misstatement) as determined by the evaluation of internal controls. Substantive tests of transactions and balances involve substantively verifying the associated dollar values. The auditor will outline in the audit plan the most efficient andeffective combination of audit procedures to achieve a desired level of audit risk. Finally, issues related to the evaluation of misstatements identified during an audit arediscussed.
3.4
STUDY GUIDE
Objectives
After completing this module, you should be able to: explain the importance of audit planning; explain what a material misstatement is; identify and describe the key audit assertions; explain the aspects of the entity and its environment that the auditor needs tohave an understanding of; explain what is meant by a business risk and how it impacts on the audit; outline the strategic systems approach to auditing and the importance of strategicanalysis; apply the following techniques for carrying out strategic analysis: SWOT analysis; PEST analysis; Porters five forces; and value chain analysis describe the types of analytical procedures of the audit process; describe the types of control that may exist in an IT environment; define internal control and outline the elements of an internal control system; identify the various ways the auditor can respond to assessed risks; explain the concepts of test of controls and the meaning of the term substantivetest; explain the different types of substantive tests; and evaluate misstatements identified during an audit.
Teaching materials
Relevant standards ISA 300 Planning an Audit of Financial Statements ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment ISA 320 Materiality in Planning and Performing an Audit ISA 330 The Auditors Responses to Assessed Risks ISA 450 Evaluation of Misstatements Identified during the Audit AASB 1031 Materiality Learning tasks Learning tasks are available in My Online Learning for this module. Please check My Online Learning at least once a week, as more learning tasks may be added during the semester.
STUDY GUIDE
3.5
Perform procedures regarding the continuance of the client relationship and the specific audit engagement Evaluate compliance with relevant ethical requirements relating to the audit engagement, including independence Establish an understanding of the terms of the engagement (ISA 300.6).
3.6
STUDY GUIDE
The auditor maintains the necessary independence and ability to perform theengagement. There are no issues with management integrity that may affect the auditors willingness to continue the engagement. There is no misunderstanding with the client as to the terms of the engagement (ISA 300.A6).
The auditor is required to establish the overall strategy for the audit (ISA 300.7). Theoverall audit strategy sets the scope, timing and direction of an audit. Inparticular,theestablishment of the audit strategy must involve the following (ISA300.9 and A8A11): Identify the characteristics of the engagement that define its scope, such as the financial reporting framework used, industry-specific reporting requirements and the locations of the components of the entity. Ascertain the reporting objectives of the engagement to plan the timing of the audit and the nature of the communications requiredsuch as deadlines for interim and final reportingand key dates for expected communications with management and those charged with governance. Consider the factors that are significant in directing the focus of the engagement teams efforts, such as determination of appropriate materiality levels, preliminary identification of areas where there may be higher risks of material misstatement, preliminary identification of material components and account balances, evaluationof whether the auditor may plan to obtain evidence regarding the effectiveness of internal control, and identification of recent significant entity-specific, industry, financial reporting or other relevant developments. Consider the results of preliminary engagement activities (e.g. client continuance activities, compliance with relevant ethical requirements, and establishing an understanding of the term of engagement). Ascertain the nature, timing and extent of resources needed (e.g. staff needs, experts). The appendix of ISA 300 lists examples of matters the auditor may consider in establishing the overall audit strategy. The appendix is divided into four sections: 1 Characteristics of the engagement. 2 Reporting objectives, timing of the audit and nature of communications. 3 Significant factors, preliminary engagement activities and knowledge gained on other engagements. 4 Nature, timing and extent of resources. Read the appendix of ISA 300 now to gain an understanding of the above four points. The auditor is required to develop an audit plan (ISA 300.9). The audit strategy guides the development of this more detailed audit plan. The audit plan documents the auditors initial assessment of the evidence necessary to form an opinion, and the method of obtaining this evidence. Although audit planning is the first stage in the audit process, theaudit plan must be a dynamic document if it is to reflect the impact of information gathered during the course of the audit. For example, a weakness identified in the internal controls may necessitate increased substantive audit procedures for the accounts involved. This will require a modification of the audit plan.
STUDY GUIDE
3.7
the nature, timing and extent of planned risk assessment procedures sufficient to assess the risks of material misstatement, as determined underISA 315 the nature, timing and extent of planned further audit procedures at the assertion level under ISA 330 The plan for further audit procedures reflects the auditors decision whether to test the operating effectiveness of controls, and the nature, timing and extent of plannedsubstantiveprocedures other audit procedures required to be carried out for the engagement inorder to comply with ISAs.
While the actual content of the audit plan will vary, it will generally include an outline of the general audit approach to be followed without going into specific detail about the exact audit procedures that will be used. In this sense, the audit plan acts as an overview of the audit, indicating: the major objectives of the audit; the constraints within which the audit must be performed; materiality and risk considerations; and an estimate of the resources required to carry out the audit.
Question 3.1
The auditor of LRS Ltd has completed the audit strategy and audit plan and is presently carrying out substantive procedures. The auditor discovers some errors that suggest that the original audit plan may have incorrectly assumed that the controls over inventory were strong. Is it too late to change the audit plan?
An important part of planning relates to direction, supervision and review. Specifically, ISA 300.11 requires the auditor to plan the nature, timing and extent of direction and supervision of engagement team members and review of their work, wherein: nature refers to type of direction and supervision (e.g. very detailed step-by-step; or a more global approach concentrating on key issues); timing refers to whenwhile direction and supervision are likely to be ongoing, review can take place at different times (e.g. real time review as the work is done orat the end of the audit); and extent refers to how much. Review can be done face-to-face where the reviewer asks questions of the preparer verbally, or by looking at the working papers (manual or electronic) in the absence ofthe preparer and preparing written review notes to be answered/cleared. Various factors including the size and complexity of the entity, the area of the audit (e.g. inventory, financial instruments), the risks of material misstatement, and the capabilities and competence of personnel performing the work (e.g. prior industry audit experience) all have an impact. For example, if the work related to inventory and the preparer was an audit manager with extensive manufacturing experience, the level of direction, supervision and review would be less than if the preparer was an assistant whose previous audit experience was with banks and insurance companies. Where there is an increase in the assessed risk of material misstatement for the area of audit risk, you would expect increases in the extent and timeliness of direction and supervision ofengagement team members and a more detailed review of their work.
3.8
STUDY GUIDE
The auditor is required to document the overall audit strategy and the audit plan, including any significant changes made during the audit engagement (ISA 300.12). To gain a better understanding of the above documentation you should now refer to ISA 300.A16.A19. One other issue relates to the communications regarding audit planning with those charged with governance and management. ISA 300.A3 states that an auditor may discuss elements of planning with an entitys management. These discussions may include overall audit strategy and timing of the audit. While the auditor often needs to have these discussions with management to facilitate the conduct of the audit, it is important that the auditor not compromise the effectiveness of the audit. For example, the auditor should not compromise the effectiveness of the audit by making the audit too predictable (ISA 300.A3). Case Study 3.1 provides an illustration of issues for consideration in planning for an audit. Complete the case study now.
Audit materiality
In this section materiality is discussed through the Australian accounting standard AASB1031 Materiality. The Preface of AASB 1031 states that the international Frameworkfor the Preparation and Presentation of Financial Statements has limited guidanceon materiality in comparison to AASB 1031 Materiality (AASB 2004, p. 4).
STUDY GUIDE
3.9
Materiality concepts
The concept of materiality is of fundamental importance to both preparers and auditors. However, there are no universally agreed-upon numeric guidelines or specific criteria for determining whether a given fact is material. Further, materialityjudgments are significantly influenced by surrounding facts andcircumstances. In general terms, audit materiality may be defined as the highest level of misstatement that, in the auditors judgment, will be tolerated by the user of the financial statements. If the decision-maker would reach a different decision, were that person aware of the fact in question, then the fact is material. However, this general definition does little to reduce the degree of judgment required. Nevertheless, audit materiality is directly related to the concept of materiality in financial statements as covered by AASB 1031 Materiality. The concept of materiality set out in AASB 1031 is concerned with the pointat which errors or distortions in financial statements will alter users decisions. Review AASB 1031 before proceeding. AASB 1031 outlines the following guidelines on materiality:
an amount which is equal to or greater than 10 per cent of the appropriate base amount may be presumed to be material unless there is evidence or convincing argument to the contrary; and an amount which is equal to or less than 5 per cent of the appropriate base amount may be presumed not to be material unless there is evidence, orconvincing argument, to the contrary (AASB 1031.15).
The appropriate base amounts for income statement items suggested in AASB 1031 arethe more appropriate of the: (i) profit or loss and the appropriate income or expense amount for the current reporting period; and
(ii) average profit or loss and the average of the appropriate income or expense amounts for a number of reporting periods (including the current reporting period) (AASB 1031.13). For balance sheet items, the appropriate base amount suggested in AASB 1031.13 isthemore appropriate of the recorded amount of equity and the appropriate asset orliability class total. For audit planning purposes, some audit firms use a rule-of-thumb approach to determine planning materiality. Common rules of thumb for establishing a planning materiality figure are as follows: 510 per cent of profit; 0.51 per cent of revenue; and 0.51 per cent of assets. While some auditors use one of the above bases of calculation, others use a blend of these, making several calculations on a variety of bases and then taking the average ofthem. Others use a sliding scale, such as a declining percentage of total assets.
3.10
STUDY GUIDE
The choice of rule of thumb depends on value judgments about relevance, stability and predictability. Profit may be the most relevant base for a company with publicly traded securities. However, because profit can fluctuate significantly from year to year, it may lack stability. It is not relevant to some entities such as not-for-profit organisations. Inpractice, size-related bases such as total assets or total revenue are preferred because of their relative stability. Use of a rule of thumb as a decision aid in general planning is not universal in auditing practice. However, materiality has to be reduced to an explicit dollar amount as a practical necessity in conducting the audit. As different approaches to calculating materiality can result in substantially different amounts, the auditors judgment in the circumstances is critical. The amount considered material does not remain fixed after its initial calculation. The auditor may revise this judgment based on the results of audit tests and new information as the audit progresses and the auditors approach in evaluation at the completion of the audit may be considerably different. This means the amount estimated for planning materiality should not be confused with the amount used in theevaluation of the materiality of individual misstatements. The auditors use of materiality in evaluation will be influenced by qualitative considerations, additional information, and the nature of the decisions to be made. Qualitative considerations, for example, may include the nature of the transaction (suchas related-party transactions or possible illegal acts). While, in general, materiality is concerned with the highest level of misstatement that can be tolerated and hence the financial statements still fairly presented, equal regard should be given to a number of other factors: The nature of the item in question should be considered. An item could be material because of its nature. For example, in Australia for listed companies, aCorporations Act 2001 (Cwlth) disclosure item has to be disclosed (e.g. audit fees), irrespective ofwhether it is material in dollar amount. Where financial limits are prescribed, like the borrowing limits set down in trust deeds, regard should be given to the effect of identified errors of such limits even though the errors would not otherwise be material. The breach of such limits can have significant consequence to companies and could even lead to a questioning ofthe going concern basis. The materiality of an item in relation to the financial statements taken as a whole affects the auditors judgment as to what is sufficient appropriate audit evidence, inaccordance with ISA 500 Audit Evidence. Those figures that are most material require more evidence, both in quantity and quality. We have seen that audit risk is present to a greater or lesser extent in every audit and that absolute certainty in auditing is rarely attainable. The auditor is concerned that the audit examination will provide reasonable assurance that the financial statements is not misstated to a degree of materiality which, had it been identified, would have resulted in a modified audit opinion. The auditor should therefore plan the audit to minimise the risk of failure to detect errors that, in aggregate, exceed an acceptable degree of materiality. Obviously, thelower the degree of materiality deemed acceptable, the more audit work will havetobe performed and the higher the cost to the entity.
STUDY GUIDE
3.11
The decision as to what constitutes an acceptable degree of materiality will vary depending on the circumstances of each engagement. The auditor must, in the final analysis, decide on an acceptable level of materiality using individual professional judgment. However, some guidelines are provided in ISA 320 Materiality in Planning andPerforming an Audit.
Performance materiality
There is a distinction between materiality and performance materiality (as noted above). Performance materiality takes into account that planning the audit solely to detect individual material misstatements overlooks the following: the aggregate of individually immaterial misstatements may cause the financial statements to be materially misstated; and consideration of the possibility of undetected misstatements. For example, if we consider the materiality of the financial statements as a whole, performance materiality means the amount: set by the auditor at less than materiality for the financial statements as a whole to reduce to an appropriately low level the probability that the aggregate of uncorrected or undetected misstatements exceeds materiality (ISA 320.9). This concept is further explained in ISA 320.A12.
3.12
STUDY GUIDE
(ii) Completenessall transactions and events that should have been recorded have been recorded. (iii) Accuracyamounts and other data relating to recorded transactions and events have been recorded appropriately. (iv) Cutofftransactions and events have been recorded in the correct accounting period. (v) Classificationtransactions and events have been recorded in the proper accounts. (b) Assertions about account balances at the period end: (i) Existenceassets, liabilities, and equity interests exist.
(ii) Rights and obligationsthe entity holds or controls the rights to assets, and liabilities are the obligations of the entity. (iii) Completenessall assets, liabilities and equity interests that should have been recorded have been recorded. (iv) Valuation and allocationassets, liabilities, and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriatelyrecorded. (c) Assertions about presentation and disclosure: (i) Occurrence and rights and obligationsdisclosed events, transactions, andother matters have occurred and pertain to the entity.
(ii) Completenessall disclosures that should have been included in thefinancial statements have been included. (iii) Classification and understandabilityfinancial information is appropriately presented and described, and disclosures are clearlyexpressed. (iv) Accuracy and valuationfinancial and other information are disclosed fairly and at appropriate amounts. By way of example, we consider the assertions about asset and liability account balances at period end. As auditors are particularly interested in overstatement of assets, assertions related to existence and valuation are particularly important.
STUDY GUIDE
3.13
In establishing occurrence, the auditor is concerned with obtaining evidence that a transaction or event which relates to the entity during the relevant period took place. Occurrence is similar to existence (see below) except that it relates to transactions and events (transactions and events occur) rather than balance sheet items (which exist). Forexample, we are interested in the occurrence of sales (i.e. Did the sale actually occur?). In establishing completeness, which relates to both classes of transactions and events for the period under audit and account balances at the period end, the auditor is concerned with obtaining evidence that all amounts that should be included are included. Thisobjective requires evidence that there are no unrecorded assets, liabilities, transactions or other events, or undisclosed items. This is generally one of the hardest assertions to test forlooking for things that are not included but should be. Intesting for omitted assets, liabilities, transactions or events, the auditor must generally rely on the study and evaluation of accounting controls (such as a sequence check of pre-numbered documents) and substantive procedures of transactions (suchas a search of transactions in the next accounting period that relate to the accounting period under audit). Completeness is particularly important for liabilities and expenses as understatement of these items results in profits being overstated. In establishing the accuracy assertion, the auditor is concerned that the details of the transactions under review are completely correct. It is surprising how easily small errors of detail can arise and how significant the impact of the mistakes can be. Consider the calculation of sales revenue by multiplying sales price by quantity sold. If the decimal point is left out of the sales price, it is possible that sales revenue may be inflated by a factor of 100. Accuracy is also considered with valuation under the heading of assertions about presentation and disclosure. Here, the auditor is concerned with the accuracy of the details of the item being presented. In establishing the cutoff assertion, the auditor is concerned that the details of the transaction under review are recorded in the correct period. It is essential that in this test the auditor ensures that double counting does not occur. For example, if a sale occurs before year end, the auditor should ensure that it is not only recorded correctly in that period but that the related inventory is removed from the year-end physical count if it has not yet been transferred from the warehouse. The auditor needs to consider potential management incentives to put revenues or expenses in the wrong period. In establishing the classification assertion, the auditor is concerned that the correct account is used in recording a transaction. This is not always a simple matter. Consider, for example, the decision relating to whether certain types of overhead costs should be capitalised or expensed. The classification assertion is also considered under the presentation and disclosure grouping where it is included with understandability. In establishing the understandability assertion under the presentation and disclosure grouping, the auditor is concerned that the disclosures are clearly expressed. In establishing existence, the auditor is concerned with obtaining evidence that an asset or a liability exists at a given date (generally at the end of the financial period). Generally, observation is the primary audit procedure for substantiating the existence of physical assets such as inventory and fixed assets (i.e. Do they exist at year end?). For other financial balances, such as cash at bank and accounts receivable, externalconfirmation is a primary procedure. Such procedures are designed to detect errors that cause balances to be overstated.
3.14
STUDY GUIDE
In establishing rights and obligations, the auditor is concerned with obtaining evidence that recorded assets are future economic benefits controlled by the entity, and that liabilities are the future sacrifices of economic benefits that an entity is presently obliged to make as a result of past transactions or other past events. The auditor needs to obtain evidence that the accounting recognition is appropriate. The rights and obligations objective usually involves procedures to provide evidence that assets in the clients possession that have been sold or pledged are not reported as assets. For example, accounts receivable may be sold, that is the receivables are factored out, but the client may continue to make collections. The audit procedures used to obtain evidence of rights and obligations may also include examining land tax assessments, ratenotices, title deeds, correspondence and minutes of meetings of the board of directors, andmaking inquiries of the clients management. In establishing the appropriate valuation and allocation of assets and liabilities, theauditor is concerned that the carrying value of balances is in conformity with generally accepted accounting principles. Satisfying this objective may require the exercise of audit judgment in evaluating the reliability of estimates and the appropriateness of accounting methods. For example, some assets, such as inventory, are required to be stated at the lower of cost and net realisable value, and many allocations, suchas depreciation or the allowance for doubtful debts, can be made witha variety of measurement methods. The auditor needs to obtain evidence that supports each of the assertions for every material component of the financial statements. A component of the financial statements may be an account balance (or group of account balances) or a class of transactions. Thecategories of assertions provide a framework for developing specific audit objectives for each material account balance or class of transaction. The auditors assessment of risk is used to determine those assertions that require greater audit attention. A useful way of thinking about the class of assertions about presentation and disclosure is that they primarily relate to the presentations and disclosures contained in the notes to the accounts. In establishing the occurrence and rights and obligations about presentation and disclosure, the auditor is concerned that all disclosed events and transactions have occurred and pertain to the entity. In establishing the completeness of presentation and disclosure, the auditor is concerned that all disclosures that should have been included in the financial statements have in fact been included. In establishing the classification and understandability of presentation and disclosure, the auditor is concerned that all financial information is appropriately presented and described, and disclosures are clearly expressed. In establishing the accuracy and valuation around presentation and disclosure, the auditor is concerned that financial and other information is disclosed fairly and at appropriate amounts.
STUDY GUIDE
3.15
Question 3.2
Your initial audit plan for sales transactions placed substantial reliance on the system of internal control and the use of analytical procedures rather than substantive tests of detail. Your testing of the internal control system for sales has found a significant number of instances where customers credit ratings have not been checked. The sales manager states that these changes have been the result of difficulties in maintaining past sales levels. 1 Identify the balance sheet account and the relevant assertion most at risk given the above information. 2 Discuss how your initial planned strategy would change given the additional information in regard to the results of testing of controls.
Identifying and assessing the risks of material misstatement through understanding the entity and its environment
ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment establishes mandatory requirements and provides application and explanatory material to the auditor on obtaining an understanding of the entity and its environment, includingits internal control, and on assessing the risksof material misstatement in thefinancial statements.
3.16
STUDY GUIDE
Theyalso include a consideration of the relationship, such as between elements of financial information where one would expect a predictable pattern (e.g. gross margin to sales) and between financial and non-financial information (e.g. payroll costs and employee numbers). Given the importance of analytical procedures to a number of areas of the audit we discuss these procedures in a separate section later in this module. Observation and inspectionObservation and inspection may support the enquiries discussed above and provide information about the entity and its environment. ISA315.A11 suggests that such audit procedures include observation and inspection of: the entitys operations; documents; reports prepared by management and those charged with governance; and the entitys premises and plant facilities.
Question 3.3
Provide examples of each of the above four procedures related to observation and inspection.
Question 3.4
How is risk assessment impacted if the engagement partner has performed other engagements for the entity?
Question 3.5
Provide at least three examples of professional judgment by the auditor responsible for organising this discussion among the engagement team.
STUDY GUIDE
3.17
In Module 2, the importance of the consultation process during audit engagements was emphasised as part of the quality control process. The discussion among the engagement team about the susceptibility of the entitys financial statements to material misstatement raises some specific consultation issues as: it allows the team members to exchange information about business risks and about how and where the financial statements might be susceptible to misstatement due to error or fraudthe where refers to where in the financial statements and the how refers to how the error or fraud occurred (e.g. How could management manipulate the sales figure?); and engagement team members obtain new information throughout the audit thatmay affect the assessment of risks of material misstatement and it is important that theyshare this information with other team members. You should now refer to ISA 315.A14 for further details on this discussion among engagement team members.
Understand specified aspects of the entity and its environment, including internal control
An understanding of specified aspects of the entity and its environment, including the internal control components, is required.
Industry, regulatory and other external factors, including the applicable financial reporting framework (discussed in ISA 315.A17-A22). Nature of the entity: operations, ownership, governance structures, types of investments, organisation structure and financing arrangements (discussed in ISA 315.A23-A27). The entitys selection and application of accounting policies (discussed in ISA 315.A28). Objectives and strategies and the related business risks that may result inrisks of material misstatement (discussed in ISA 315.A29-A35). Measurement and review of the entitys financial performance (discussedin ISA 315.A36-A41).
The auditor is required to obtain an understanding of the entitys objectives and strategies, and those related business risks that may result in risks of material misstatement (ISA315.11d). Given that an entity conducts its business in the context ofindustry, regulatory and other internal and external factors, management in responding to these factors needs to define its objectives (which are the overall plans for the entity) and strategies (which are the operational approaches by which management intends to achieve its objectives). Business risks are risk[s] resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entitys ability to achieve its objectives and execute its strategies, or from the setting ofinappropriate objectives and strategies (ISA 315.4).
Question 3.6
What is the relationship between business risk and the risk of material misstatement?
3.18
STUDY GUIDE
Appendix 2 of ISA 315 provides a detailed list of conditions and events that may indicate risks of material misstatement. You should now read Appendix 2 of ISA 315 Conditions and Events That May Indicate Risks of Material Misstatement to gain an understanding of the conditions and events that may indicate a risk of material misstatement. Later in this module we discuss in detail the various techniques used in understanding aclients business. In addition, a strategic systems approach to auditing, which places substantial emphasis on understanding business risks, is discussed.
Question 3.7
Your client is a manufacturer of golf equipment accessories including golf bags, golf buggies and various attachments (e.g. water bottle holders, score card holders). The year 20X9 has been particularly profitable with the introduction of a golf bag with wheels attached that has proven particularly popular with travellers. Suggest some potential business risks faced by the client.
Question 3.8
How might an understanding of the internal and external environment of the audit client facilitate the identification, assessment and evaluation of the risk of financial statement misstatement due to fraudulent activity or the misappropriation of assets?
Internal controls
ISA 315.12 requires that the auditor shall obtain an understanding of internal control relevant to the audit. This understanding of internal control is used by the auditor to identify types of potential misstatements and factors that affect the risks of material misstatement, and in designing the nature, timing and extent of audit procedures (ISA315.A42). Internal control consists of the following five components (ISA 315.A51): 1 control environment; 2 the entitys risk assessment process; 3 information system; 4 control activities; and 5 monitoring of controls. The requirements for each of these five components are covered in ISA 315.14 to .24 with the relevant application and explanatory material in ISA 315.A69 to .A104. You should read these sections now. In the above paragraphs there are certain requirements outlining what an auditor must have an understanding of. These are: the control environment, including organisational structure, managements philosophy and operating style (ISA 315.14); whether the entity has a process for: identifying business risks relevant to financial reporting objectives; estimating the significance of the risks; assessing the likelihood of their occurrence; deciding the actions to address these risks (ISA 315.15)variousdifferent actions are required by the auditor depending on whether the entity has established such a process (ISA 315.16.17);
STUDY GUIDE
3.19
an understanding of the information systemincluding the related business processesrelated to financial reporting (ISA 315.18.19); an understanding of control activities relevant to the audit which are the ones the auditor judges to be necessary to understand in order to assess the risks of material misstatement at the assertion level, and design further audit procedures responsive to those assessed risks (ISA 315.20)further elaboration of risks arising from IT arereferred to in ISA 315.A95.A97; an understanding of the major activities that the entity uses to monitor internal control over financial reporting (ISA 315.22); where internal audit exists, an understanding of the nature of internal audit responsibilities, reporting structure and activities performed (ISA 315.23); and an understanding of the sources of information used in the entitys monitoring activities (ISA 315.24).
Appendix 1 of ISA 315 further explains the components of internal controls as they relate to a financial statement audit. The five components of internal control are discussed below.
Control environment
The control environment sets the tone of an organisation. It includes the governance and management functions as well as the attitudes, awareness and actions of management (and those charged with governance) concerning an entitys internal control and its importance within the entity (ISA 315.A69). The auditor considers the following in evaluating the design of the entitys control environment: Communication and enforcement of integrity and ethical values (e.g. existence and implementation of codes of conduct and other policies regarding acceptable business practice, conflicts of interest, or expected standards of ethical and moral behaviour). Commitment to competence (e.g. job descriptions or other means of defining tasks that comprise particular jobs; staff selection procedures). Participation by those charged with governance (e.g. the independence of the board from management, such that necessary, even difficult and probing, questions areraised). Managements philosophy and operating style (e.g. nature of business risks accepted; attitudes and actions toward financial reporting, including the aggressiveness of thechoice of accounting policies). Organisational structure (e.g. appropriateness of the entitys organisational structure, andits ability to provide the necessary information flow to inform managers). Assignment of authority and responsibility (e.g. assignment of responsibility and delegation of authority throughout the organisation). Human resource policies and practices (e.g. the extent to which policies and procedures for hiring, training, promoting and compensating employees are inplace) (ISA 315.A70).
3.20
STUDY GUIDE
Information system
This includes: the information system relevant to financial reporting objectives, including the accounting system (see ISA 315.A81); journal entries (see ISA 315.A82); and related business processes (see ISA 315.A84). You should refer to ISA 315.A81.A84 for further discussions on the above items.
Control activities
Control activities are the policies and procedures that help ensure management directives are carried out (ISA 315.A88). They include: Authorisation (e.g. level of management with authority to authorise expenses to aparticular level). Performance reviews (e.g. actual performance versus budgets, forecasts, prior periods and competitors; major initiatives are tracked to measure the extent to which targets are being reached). Information processing (e.g. controls performed to check accuracy, completeness and authorisation of transactions; a customers order is only accepted after reference to an approved customer file and credit limit). Physical controls (e.g. equipment, inventories, cash and other assets are secured physically such as in a secure location). Segregation of duties (e.g. duties are divided among different people to reduce the risk of error; responsibilities for authorising transactions, recording transactions and handling the related asset are segregated). You should refer to ISA 315.A89 to .A91 for a discussion of which control activities are relevant to the auditor.
Monitoring of control
Monitoring assesses the quality of a systems performance over time. It involves assessing the design and operation of the controls on a timely basis. Necessarycorrective action may need to be taken for changes in conditions. Monitoring is used to ensure that the internal controls continue to operate effectively (ISA 315.A98). Examples of ongoing monitoring activities include regular management supervisory activities, communication from external parties which corroborate internally generated information (e.g. a client paying an invoice indicates the invoice is likely to be correct) and comparison of records with physical assets (e.g. inventory stocktake).
Question 3.9
Discuss the main factors that may result in an internal control system failing.
The use of IT has the potential to affect the way that control activities are implemented (ISA 315.A95). The next section discusses the controls in an IT environment.
Controls in an IT environment
The auditor is required to obtain an understanding of the entitys response to risks arising from IT (ISA 315.21). Think about your organisation or any other organisation with which you are familiar. Consider whether the IT environment affects the audit of your organisation. If so, which aspects of auditing have been affected by IT in your organisation (or in any other)? Keep these in mind while reading the following sections.
STUDY GUIDE
3.21
Types of controls
Controls over IT systems are effective when they maintain the integrity of information and the security of the data such as systems process, and include effective general IT controls and application controls (ISA 315.A95). General controls refer to the overall controls an entity has over its entire IT environment. These controls affect all applications processed by the IT department. The purpose of general IT controls is to establish a framework of overall control of the IT activities and to provide a reasonable level of assurance that the overall objectives of internal control areachieved. Application controls refer to controls that are specific to individual accounting applicationsthat is, they relate to, and are unique to, particular accounting systems (e.g. debtors, creditors, payroll and inventory). The purpose of IT application controls is to establish specific control procedures over the accounting applications in order toprovide reasonable assurance that transactions are authorised and recorded and are processed completely, accurately and on a timely basis.
3.22
STUDY GUIDE
Table 3.1 details the basic categories of general controls and application controls.
General controls
Organisational and management controls
Organisational and management controls are designed to establish the: organisational structure of IT activities; policies and procedures necessary to ensure the performance of duties; and segregation of incompatible functions. Two factors need to be considered. The IT department should be: 1 independent of the functions of initiating or authorising transactions and maintaining custody of assetsit should not change or correct data that originated outside the department; and 2 segregated and separated from other user departmentsthere should be clearly defined lines of authority and responsibility between IT personnel. Within the IT department the following functions should be segregated: systems analyst (program development); applications programmer (program maintenance); operators (program operations); data control and file library function; quality control over development of new systems and maintenance of existingsystems; control group (supervises and reviews inputs, processing and distribution of outputs); data security (maintains integrity of software access controls); and database administrator. In an IT environment, it is important to separate the systems development, systems maintenance, database administration and operating functions. In the case of small IT installations (e.g. in a small business environment), itmay notbepossible to achieve a satisfactory segregation of duties. If any degree of segregation can be achieved, however, it should be between programming and operations. Adequatesupervision may compensate for a lack of segregation of duties.
STUDY GUIDE
3.23
3.24
STUDY GUIDE
Examples of system software controls include restricting access to system software and related documentation to authorised personnel through the control of access privileges and passwords. System software changes should be controlled by a formal system of authorisation, approval, testing, implementation and documentation. Monitoring keystrokes, events and modifications to system software through the use of software logswould help to provide an audit trail.
STUDY GUIDE
3.25
Physical safeguards The proper construction of the computer centre can reduce the risk of damage from security or environmental hazards. Appropriate measures for protecting the physical environment would include: strong walls, ceilings and floors in rooms without windows and with restricted access if at all possible; fire-detection and suppression equipment; and alarms for detection of problems concerning air-conditioning, water, power, humidity and temperature. Contingency plans The continuity of computer and related business functions should be protected against unscheduled interruptions by adequate contingency plans, which include provision for complete loss of central site computer facilities. These contingency plans require, among other things: development of user fall-back procedures for critical systems (for use when unavailability is prolonged); formal written agreements for the provision of alternative and/or replacement computer facilities; and a documented disaster recovery plan that is regularly reviewed and tested, andsecurely stored, and details of recovery procedures for hardware, thecomputer environment, thecommunications network, critical applications andnecessary resources. Case Study 3.3 deals with the identification and the purpose of controls adopted by Acme Ltd which is planning to computerise its payroll system. Read the case study and complete the tasks.
Your tasks For the development and operation of this IT system, for each of the listed general control categories (organisational, system development, operations, and data entry and program): 1 list the specific control(s) required; 2 state the purpose that each control serves; and 3 identify the techniques that would be used to assess each control.
Source: Adapted from the CIA exam of Institute of Internal Auditors, USA.
3.26
STUDY GUIDE
Application controls
The purpose of application controls is to provide reasonable assurance that transactions are appropriately authorised and recorded, and are processed accurately, completely and in a timely manner, and that incorrect transactions are rejected, corrected and resubmitted. Application controls include controls over: input; processing and computer files; and output. Prior to relying on the general and application controls, the auditor should conduct a preliminary evaluation of the controls to determine whether they are effective and efficient. Weakness in the general controls may preclude reliance on application controls.
Input controls
Input controls are designed to provide reasonable assurance that transactions are authorised, and accurately and completely converted into machine-readable form, thatis, not: lost; added to; duplicated; or improperly changed; and that incorrect transactions are rejected, corrected and resubmitted. Proper authorisation Proper authorisation can be achieved through the following procedures: Duties are segregated. Access controls, data entry and program controls are used. These include input validation checks such as field tests, reasonableness tests, limit tests, validity tests, completeness tests and sequence tests. Transactions are authorised. Transactions should be prepared in accordance with managements general or specific authorisation. Authorisation may be evidenced by affixing a signature or stamp onto source documents. (If the documents are electronic, a digital signature and time stamp can be attached.) Transactions are approved. Individual transactions should be approved either by a responsible supervisor or through the use of special forms, access to which is restricted to those designated to initiate transactions (e.g. the use of batch control sheets or batch transmittal forms to provide evidence of batch approval). Accurate conversion Accurate conversion requires the following: Adequate document design (standardisation). This is a very important input control that aids in safeguarding assets and in contributing to the accuracy of output information. Forms should be pre-printed and standardised to reduce and monitor errors. Unchanged information can be pre-printed as formatted forms which are more readable, and all documents should be pre-numbered and sequentially accounted for. Adequate training and supervision. Data entry manuals (written procedures). These deal with data conversion and the correction of errors. Appropriate chart of accounts. Using one of these to code data can greatly reducetranscription and transposition errors.
STUDY GUIDE
3.27
Completeness of data The following controls are designed to ensure the completeness of data: Turnaround documents are documents produced by the computer system that are later resubmitted into the system. This minimises errors in data preparation when the output that has already been verified becomes input. Most bills, includingdomestic power and telephone bills, are turnaround documents. Control totals are effective in ensuring that all data are accurate and complete: thatdata have not been lost, suppressed, duplicated, added or otherwise improperly changed. One control total is manually computed while another is accumulated by the computer and the two are compared. Control totals deal with value fields (e.g.total cash receipts, sales, accounts payable). These include thefollowing: Record counts. Transactions or records entered are counted before and after entry and processing then reconciled. Batch totals. An information field is totalled, usually in dollar amounts, for all records of a batch. Batch totals scan similar items and verify totals after each processing step. Hash totals. Non-financial fields are totalled for control purposes only (e.g.allsales invoice numbers in a batch). Check digits. These are redundant digits inserted in account numbers (e.g.partnumber, file number) and verified for correctness by a key-entry device prior to processing or by a computer edit run during processing (e.g.asuffix digit related algorithmically to the preceding digits of the number). A check digit permits the detection of data coding errors by ensuring the integrity of codes. Error correction and data resubmission The following controls relate to error correction and data resubmission: Responsibility for error correction should be assigned to a group, such as the control group, or to a specific individual such as an internal auditor. Error log. An error log should be maintained for all data rejected during processing. As they are entered in the log, the errors should be fully accounted for, and then checked off as they are corrected and re-entered into the system. Review and approval of corrections should be done by an independent official who should approve the re-entry of corrected items. Prompt re-entry of corrections into the system. A well-defined procedure should be established for promptly re-entering corrections as input into the system.
Processing controls
Processing controls are designed to ensure the accuracy and reliability of data processingthat is, that all authorised transactions are properly processed; that no authorised transactions are omitted, duplicated or improperly changed; and that no unauthorised transactions are added. Processing errors should be identified, correctedand resubmitted on a timely basis. Reliable processing ensures that data processed are: accurate; complete; reasonable; and correct in all material respects.
3.28
STUDY GUIDE
Completeness and accuracy of data The following controls relate to completeness and accuracy of data: Control totalsensure the accuracy and completeness of data. Run to run controlsuse batch control totals to monitor each processing step; ateach processing checkpoint, errors are recorded in an error file and the batch control totals adjusted. The batch totals are recalculated and compared to the original totals to determine the accuracy and completeness of batch processing. Field size testtests the number of characters in a field to ensure that the field size is as specified. If a field should have five characters and the test indicates there are only three, an error condition is indicated. Field sign testensures that the arithmetic sign is correct (e.g. some items should always be positive or negative). If the opposite sign is present an error condition isindicated. Transaction codesare verified at each processing step to ensure the right application process is being applied. Check-digit test (see under Input controls). Valid character testensures that a data field only contains certain valid characters; that is, that characters are of the appropriate type for that field (e.g. alphabetic only, numerical or alphanumeric). Sequence testverifies that the fields in sequential items are in the proper alphanumeric sequence (e.g. pre-numbered purchase orders in sequence). Validity testtests ID numbers or transaction codes for validity by comparing these with known authorised or correct IDs and codes. Cross-footing testchecks the arithmetical accuracy by totalling rows and columns and comparing the sums are in agreement, then the totals of each row and column are most likely correct. Zero-balancing test(closely related to the cross-footing test) checks, for example, that the sum of net wages plus deductions minus gross wages equals zero. Audit trailautomatic transactions may be logged or uniquely identified by the useof tags. Completeness testensures that all mandatory data fields are complete. If a mandatory data field is blank, an error condition is indicated. Rounding testensures that rounding errors are properly controlled through the use of a balancing equation to prevent an out-of-balance situation. Per cent error testensures that if the number of errors in a particular batch of input data exceeds a predetermined standard, an error condition is indicated. Maintaining accuracy during processing The following controls relate to the maintenance of accuracy during processing: Control totals (see Completeness of data under Input controls above). Console messagesare indicated on console input/output devices such as video display units (VDUs) or printers. Console messages attempt to reduce the possibility of operator errors, such as loading incorrect files or incorrect batches of data. Manyprograms are interactive and should prompt operators to take action. Error logerrors detected during processing are generated to an error log, usuallykept on magnetic tape. At the conclusion of processing, the errors are investigated, and the data are corrected and re-entered into the system. Limit test (see Reasonableness of data below). Reasonableness test (see Reasonableness of data below).
STUDY GUIDE
3.29
Reasonableness of data The following controls relate to the reasonableness of data: Limit testensures that an item in a data field is not greater or less than a predetermined limit (e.g. hours worked per week should not exceed 70 hours). Range testis related to a limit test. A limit test specifies a lower or upper limit whereas a range test specifies both limits (e.g. employees should work between 30and 60 hours per week). Reasonableness (logic) testdetermines whether various data items are normal or reasonable. It ensures that illogical combinations of inputs are rejected by checking the logical relationship between items (e.g. Do net payroll deductions exceed 30percent of gross pay?). Updating correct files The following controls relate to updating correct the files: Proper training and supervision. File run and control instructions aid in ensuring that correct files are processed, updated and properly controlled and should specify the following for each file: file name and number; updating cycle; and retention cycle for data. Internal labels consist of a header label and a trailer label. A header label is the first record in a file and indicates file contents, identification number and file destruction data. This label ensures that the correct files are mounted and updated and that files are not inadvertently destroyed. A trailer label is the last record in a file and contains record counts, other control totals, and an end-offile code. Thetrailer label separates one file from another and thus ensures that the entire file is processed and that files are not commingled. Internal labels are automaticallychecked for correctness by the computer. External labels are written on the side of tape reels or disks, or on the containers of tape files or disk files. This label identifies file contents, file identification number and file retention data. An external label assists in locating files, in preventing their early destruction, and in returning them to their proper location in the file library. An unlabelled file is assumed to be a scratch file, that is, available for reuse.
Output controls
Output controls are designed to ensure that the results of processing are reliable, distributed to authorised personnel only, and are not lost, corrupted or their confidentiality compromised. Output control may be exercised where the control group(or clerk) or users reconcile output control totals with input and processing control totals. Output may be compared to details on source documents. The review of output by control groups and users is important in determining the overall reasonableness of processing results. The review may be done by visual scanning, or manual or electronic editing. User departments should scan output for exceptions or unusual items and should anticipate reports at designated times. System output should be tested at proper times by the control group to ensure that it has been distributed only to authorised user departments. The supervision of output and the shredding of waste or discarded reports are essential to prevent the loss of confidentiality and misdirection of output.
3.30
STUDY GUIDE
STUDY GUIDE
3.31
Question 3.10
Consider each of the following items and describe how it affects the auditors assessment at the financial statement level and/or assertion level for transactions, account balances and disclosures: 1 Management has a poor reputation in the business community over the integrity of recent decisions. 2 Repairs and maintenance accounts were misstated in previous audits. 3 Management lacks experience. 4 The entity is facing a cash flow problem. 5 The inventory consists of a range of expensive jewellery.
3.32
STUDY GUIDE
6 Taxation calculations are extremely complex. 7 The entity is a computer manufacturer. 8 There are significant related party transactions. 9 Managements rewards are heavily dependent on financial results. 10 Provisions are a material liability. 11 The company has built a number of office blocks which it retains as investments. 12 The entity has a range of transactions that are not part of normal processes. 13 The entity has just opened a major retail outlet in the United States.
STUDY GUIDE
3.33
Document the understanding of the clients ability to create value and generate future cash flows using a client business model, process analyses, key performance indicators and a business risk profile: Create a comprehensive business knowledge decision frame to serve as a strategic-systems lens through which professional judgments about management assertions can be made. Use the comprehensive business knowledge decision frame to develop expectations about key assertions embodied in the overall financial statements. Compare reported financial results to expectations and design additional audit test work to address any gaps between expectations and reported results (Bell et al. 1997, pp. 312).
With knowledge of the way an organisation creates value and the sustainability of its competitive advantage the auditor is in a much better position to make professional judgments about: the risks faced by the entity and the entitys responses; appropriate recording of transactions; the appropriateness of assumptions underlying accounting estimates; the valuation of assets; the clients ability to continue as a going concern; and the likelihood of management fraud. To illustrate the relationship between business risks and risk of material misstatement, consider the following valuation assertion example. Assume a client whose strategic objectives rely heavily on maintaining harmonious relations with an alliance partner responsible for distributing its products. The auditor would monitor relations with the supplier, because any breakdown in relations would increase business risks. Forexample, such disputes could affect the valuation of accounts receivable from the alliance partner and the appropriateness of recognising alliance-related revenues. Risk ofmaterial misstatement could also be affected with respect to equipment asset valuation, ifpreviously anticipated revenues related to the alliance were no longer expected. Another key SSA principle is anticipating how other organisations actions and business risks can impact on the auditees business risks and hence risk of material misstatement (Bell et al. 2002). The importance of understanding strategy is outlined in ISA 315.11 which requires an understanding of the entitys objectives and strategies, and those related business risks that may result in material misstatement (ISA 315.11d). We will now consider the gathering and use of knowledge about the clients strategies and business processes for the purpose of understanding the entity and its environment.
Strategic analysis
As part of strategic analysis of the client, the auditor obtains information about the: broad environment in which the client operates; industry within which the organisation operates; markets in which it operates; organisations products and services; external forces that impact on it; nature of suppliers, customers and alliance partners; clients strategy to achieve its sustainable comparative advantages; business risks that threaten the success of the strategy; and organisations response to these risks.
3.34
STUDY GUIDE
At the conclusion of the strategic analysis the auditor should have a good understanding of where the organisation is situated in its environment and its strategicdirection by taking into account such factors as the: broad economic environment and industry condition; organisations position and role within each industry segment; existing threats to its current position; total productive capacity for the organisation and its competitors in each marketsegment; organisations competitive advantages and whether they are sustainable; and managements specific strategies. After completing this strategic analysis it is important for the auditor to consider: the implication of the organisations strategy and business risks for underlying accounting choices and financial statement assertions; whether accounting estimates and valuations are consistent with the significant business risks; and how the business risks impact on additional work at the business process or transaction levels. Consider the following potential impacts of strategic analysis on the audit process: Expectations: Knowledge of specific business risks affects what an auditor will expect to see in the financial statements. For example, increased competition from lower priced competitors should result in the auditor expecting to see lower margins and/or lower turnover. The better the auditor understands the clients strategy, themore likely they will know how the client will react to price cutting and the likelyimpacts. Going concern: Some threats have the potential to seriously affect profits and may indicate that the organisation is not viable given its present strategies and markets. Going concern issues may need to be addressed. Audit risks: Some threats provide a direct indication that a financial statement assertion is incorrect. For example, loss of brand reputation can negatively influence sales, resulting in inventory valuation issues and, potentially, equipmentvaluation issues due to impairment resulting from the lost sales. Control environment: Some threats put pressure on management related to holding their jobs and receiving potential bonuses, with the potential for inappropriate responses (Knechel 2007). Table 3.2 below, outlines a series of business risks and the potential audit implications that result from these risks.
STUDY GUIDE
3.35
Table 3.2 Risk assessment: Strategic risks and potential audit implications
Source: Adapted from Knechel, Salterio & Ballou (2007), Auditing: Assurance and Risk, Figure 5-9, ThomsonSouth-Western, Mason, Ohio, pp. 1701.
3.36
STUDY GUIDE
Case Study 3.5 provides you with an opportunity to look at the sources of risks and threats and their potential implications for the audit. Complete the case study now.
SWOT analysis
We have noted the importance of examining both the organisations external environment and its internal capabilities. One useful technique for combining these factors is to use SWOT (Strengths, Weaknesses, Opportunities and Threats) analysis. SWOT analysis is used to determine whether the organisations strategies are producing a good fit between an organisations resource capability (in terms of resource strengths and weaknesses) and its external environment (including opportunities in the market and threats to market share and profitability).
STUDY GUIDE
3.37
Strengths refer to characteristics, expertise, assets etc. that provide a competitive advantage (e.g. technological know-how, natural resources, strong management, goodlocation, valuable brands, superior products, strong alliances). A weakness is a condition that puts it at a competitive disadvantage (e.g. lack of technological know-how, poor location). Firms have a range of market opportunities and they need to appraise the profit potential of the opportunities most likely to be successful. Organisations face threats from the environment to their profitability andcompetitiveness. These include: changing tastes; new technologies; greater competition; unfavourable demographic shifts; and adverse exchange rate changes. Table 3.3 provides a list of the major issues to consider in a SWOT analysis. Just making lists of the strengths, weaknesses, opportunities and threats is not sufficient. It is important to determine what we learn from the four lists about the organisations situation and what actions are required to be undertaken in response.
Table 3.3 SWOT analysisWhat to look for in sizing up a companys strengths, weaknesses, opportunities and threats
3.38
STUDY GUIDE
Source: Adapted from A. Thompson & A. J. Strickland III (2001), Strategic Management: ConceptsandCases, Table 4.1, 12th edn, McGraw-Hill Higher Education, p. 95.
Identifying strengths and threats and their potential impact on the audit are important steps in a SWOT analysis. Complete Case Study 3.6 now.
PEST analysis
For many years organisations have carried out a PEST (political, economic, social and technological) analysis as a way of understanding their external environment. Table3.4 provides examples of environmental factors that are affecting the organisation. However, as the use of the PEST framework can lead to an under-emphasis on environmental and legal issues, the use of PESTEL (political, economic, social, technological, environmental, legal) analysis is used by some organisations as a framework forasking questions about important forces existing in the macro-environment.
STUDY GUIDE
3.39
Social factors Attitudes to work and leisure balance Education levels Income distribution trends Lifestyle changes Mobility of the labour force Population demographics, ageing Workforce diverts
Technological Government and industry focus on technological effort Government and industry spending on research and development New discoveries/development Obsolescence rates for equipment Speed of technology transfer
Table 3.4 can be converted to a PESTEL framework by adding an environmental category (e.g. energy consumption, environmental issues, waste disposal) and a legal category (e.g. employment laws, health and safety issues, industry deregulation, product safety). In carrying out a PEST/PESTEL analysis, it is important to consider which environmental factors are affecting the organisation at the present and which factors are going to be most important over the next few years. It should also be noted that some factors will be especially important for some organisations but not others. For example, environmental protection laws are critical for mining and chemical companies; interestrates for banks; life-style changes for sports goods manufacturers; rates of obsolescence for computer manufacturers; safety for an airline. Interest rate changes are more important for organisations with high debt/equity levels than those with low debt/equity levels; foreign trade regulations are important to importers/exporters. Case Study 3.7 focuses on a PESTEL analysis, a useful framework for asking questions about important forces existing in the macro-environment. Complete the case study now.
3.40
STUDY GUIDE
Economies of scale: New entrants with little market share will not enjoy the cost advantages of these established competitors. Product differentiation: Well-established brand names and trade marks make it difficult for a new entrant to establish brand awareness and thereby capture sales. Capital requirements: Some industries require high capital investment to be able to deliver a product or service. Access to distribution channels: New entrants may have difficulty distributing their goods and services through established distribution channels as those have already been locked in by existing competitors. Government policy: Government can restrict new entrants through licensing restrictions (such as in radio and TV broadcasting) and through policies (e.g.limiting foreign investment).
Power of suppliers
Suppliers provide products or services to the industry. They include labour and capital suppliers. If a supplier is particularly important to the industry, it will have bargaining power and this will work to reduce the profitability of the industry.
STUDY GUIDE
3.41
Suppliers can affect the returns to any competitors within an industry through their ability to raise prices and determine quality. Circumstances that increase a suppliers power include: The supplier industry is dominated by a few companies but sells to many customers. Its product or service is unique and the switching costs are high. Substitutes are not readily available. A purchasing industry only buys a small percentage of the suppliers output and istherefore relatively unimportant to the supplier.
Power of buyers
Buyers are the customers of the industry. If buyers are particularly important to the industry, they will have power over the industry, thus tending to reduce the profitability of the industry. The bargaining power of buyers is essentially the mirror image of the bargaining power of suppliers. Circumstances that increase a buyers power include: A buyer purchases a large proportion of the sellers product or service. A buyer has the potential to backward integrate, which means the ability to make or supply the suppliers product or service themselves. There are many alternative suppliers because the product is standard. There are few costs of changing suppliers (switching costs).
Power of substitutes
Substitutes are other products or services which can be used instead of the products or services of the particular industry. For instance, for the local stockbroking industry, direct investment in property or consulting financial planners are substitutes. The more substitutes the buyers have for the industrys products or services, the higher the buyer bargaining power. A substitute can be defined as a direct substitute, such as Pepsi for Coke, or a substitute which fulfils the same need for the buyer. For example, anemail would be a substitute for a letter.
3.42
STUDY GUIDE
Ma
rgin
Ma
Inbound logistics
Operations
Outbound logistics
rgi n
Services
Source: Porter, M. E. (1985), Competitive Advantage: Creating and Sustaining Superior Performance, TheFree Press, New York, p. 37. Reprinted and adapted with the permission of the Free Press, aDivision of Simon & Schuster Inc. Copyright 1985 by Michael E. Porter.
Primary activities are directly concerned with the creation or delivery of a product orservice: Inbound activities: Receiving, storing and distribution of materialsincludes material handling and inventory control. Operations: Converting inputs into the final product or serviceincludes machinery, packaging, assembly and testing. Outbound logistics: Collecting, storing and distributing the product to customers includes warehousing, material handling and transport in the case of products. Marketing and sales: Activities making customers aware of the product/service and able to purchase themincludes advertising, selection of distribution channels,selling. Service: Activities to enhance or maintain the value of a product or service includes installation, repairs, training. Primary activities cannot be successfully undertaken without the benefit of supportactivities.
STUDY GUIDE
3.43
Support activities are those that improve the effectiveness and efficiency of the primaryactivities: Firm infrastructure: Planning, finance, accounting, quality control, information management aimed to support the entire value chain. Human resource management: Activities involved with recruiting, training, staffdevelopment, rewarding. Technology development: Improving products and processes used in production (e.g.research and development, product design, process development). Procurement: Activities/processes for acquiring inputs needed to produce the organisations products/services. Case Study 3.9 focuses on the audit implications of a breakdown in an organisations value chain. Complete the case study now.
Question 3.11
For each of the primary activities of the value chain, suggest possible audit problems that may arise:
inbound logistics; operations; outbound logistics; marketing and sales; and service.
Analytical procedures
An important technique for understanding the client and the industry is analytical procedures. Analytical procedures refers to the investigation and analysis of fluctuations and relationships to determine whether there are inconsistencies with other relevant information or deviations from predicted amounts. Analytical procedures include: comparisons with prior periods, anticipated results (e.g. budgets and forecasts) andindustry comparisons; consideration of relationships between elements of financial information that would be expected to follow a predictable pattern; and relationships between financial information and relevant non-financial information. Certain elements of financial accounting would be expected to conform to predictable patterns, for example: gross margin and sales; sales commission and sales; accounts receivable and sales; and internal expense to borrowings.
3.44
STUDY GUIDE
For other costs such as advertising, training, and repairs and maintenance, the amount spent is more likely to be discretionary and the relationship of these amounts to sales is less predictable. There are also likely to be relationships between financial information and non-financial information, for example: payroll and staff numbers; motor vehicle costs and number of vehicles; and workers compensation insurance and staff numbers. Analytical procedures can be used for the following purposes: Planning the nature, extent and timing of other audit procedures. This will includeobtaining a better understanding of the client and the industry, highlighting changes in profitability trends and usual/unexpected relationships (ISA 315.A7.A8). Overall, the aim is to direct attention to areas with the highestpotential for materialmisstatement. As a substantive procedure when their use can be more effective or efficient than tests of details for the specific financial statement assertion. As a final overall review at the completion of the audit. This is to give an indication of the reasonableness of the financial statements taken as a whole. In this module we are most concerned with the audit planning aspects. In Module 4, analytical procedures, as part of substantive testing, are considered. Analytical procedures can be either evaluative or predictive. Evaluative techniques use past information to help the auditor to: understand the client and the industry; identify and assess potential risk; assess the extent of other audit tests; and corroborate other conclusions and ascertain the overall reasonableness of the financial information. Predictive analytical procedure techniques are used to estimate activity levels or account balances based on trends or relationships. Generally, at the planning stage of the audit, evaluative techniques such as simple comparisons, ratio analysis, common-size statements and trend statements are used. Simple reasonableness tests can also be useful. Various techniques may be used in performing analytical procedures at the planning stage. The choice of techniques is a matter of professional judgment. Thediscussion below on simple comparisons, reasonableness tests and ratio analysis isbased on Trotman (1990).
Simple comparisons
Simple comparisons generally involve comparison of a current year income statement (and balance sheet items) to an appropriate norm or standardfor example, actual results forprior periods, actual results for similar operating locations within theentity, budgetsfor the current year and actual results for the current or previous periods for other companies in the industry. Comparisons to prior periodsPercentage or dollar changes from prior periods can be an indicator of changes in circumstances, particular trends or errors. While unexpected deviations or fluctuations may not necessarily indicate an error, the auditor should follow up to understand why these fluctuations have occurred. The comparisons with prior periods normally should extend over a number of years. Where changes in either the economic environment or the organisations business have occurred, there is a need to adjust (even if only an approximation) the historical information prior to making the comparisons. Based on other work conducted by the auditor (e.g. strategic
STUDY GUIDE
3.45
analysis) auditors should have expectations about particular balances. For example, new profitable contracts were signed earlier in the year and have been in operation for six months, therefore, the auditor may expect that sales figures are expected to be approximately Xper cent greater than the previous year. Alternatively, there has been a sale of certain equipment with the expectation that depreciation expenses will decrease. Comparisons between locationsComparing financial information between similar operating locations can be very effective in the planning stage of the audit in order to identify potential errors and the areas where audit work should be most concentrated. However, in making these comparisons (e.g. retail stores) differences between locations need to be considered. For example, the location of a retail store may allow it to have larger mark-ups than average. Comparisons to budgetsThe current years figures can be compared to the entitys budget to determine now the actual figures for the period compare with earlier expectations of management and to consider the audit implications of major variances. The auditor needs to determine the nature and past accuracy of the entitys budgeting system. For example, little, if any, reliance can be placed on these comparisons if the budgeting system historically has been inadequate due to such factors as poor preparation or frequent large variances. In addition, where management places considerable emphasis on the need to achieve budget, there is the possibility of manipulation of recorded results in order to achieve budget. Comparisons to industry figuresComparison of financial statement amounts and relationships for an entity or segments of that entity to industry figures can improve the auditors understanding of an entitys business and industry, indicate financial strengths or weaknesses and highlight areas requiring audit attention. In particular, the highlighting of abnormal trends compared to industry may be informative. Comparisons to industry averages can be difficult in many circumstances due to the unique characteristics of the organisation and/or its diversified nature. However, theunderstanding of significant variances from industry averages can be useful fortheauditor, particularly in the planning stages.
Reasonableness tests
Generally, reasonableness tests are simple calculations using relevant financial and operating data in order to develop an estimate of an amount. Many revenue and expense items can be reasonably estimated from one or a few other items. Examples include: income for hotels can be estimated from average room charges and occupancy rates; gross margin as a percentage of sales; professional service fees can be related to number of staff, average charge-out rates and average chargeable time; investment income can be related to average amounts invested and average interestrates; payroll expense can be related to the average number of employees and average payrates; commission expense can be estimated from sales and commission rates; interest expense can be related to the average amount owing and average interestrates; and depreciation expense can be estimated by reference to asset balances, additionsanddeletions, and depreciation rates.
3.46
STUDY GUIDE
Ratio analysis
For interpretation purposes, ratios need to be compared to some benchmark. Thisbenchmark can be the same ratio computed in prior periods and/or ratios of othercomparable organisations. Ratio analysis can be an effective method of increasing an auditors understanding of an entitys business. By identifying trends and unusual fluctuations it is a useful technique for identifying areas that require particularattention. Auditors should consider changes in a group of related ratios rather than concentrating on single ratios. For example, an organisations quick ratio may appear satisfactory until it is viewed in the light of a declining net profit margin, a negative cash flow oradecrease in debtors turnover. Ratios can be classified into the following categories: profitability; activity; liquidity; and financing.
Profitability ratios
Profitability ratios generally provide an indication of an organisations profitability and changes in profitability. They include: Gross margin = Gross profit Sales Net operating profit Sales Each individual item of expense Sales Sales Total assets Operating profit before tax Total assets Net profit after tax Ordinary shareholders funds
Net profit
Operating expenses
Asset turnover
The gross margin ratio is one ratio that is commonly used by auditors. For many firms this ratio will have a relatively stable and predictable pattern. Fluctuations may indicate changes in the nature of the business (e.g. competition, pricing policies, manufacturing efficiencies, sales-mix changes) or financial statement errors. The net profit ratios indicate trends in profitability and the effectiveness with which the organisations resources are being used. Ratios of expenses to sales may provide reasons for changes in profitability as well as possible financial statement errors. For example, a large increase in the ratio of repairs and maintenance to sales may indicate that a capital item has been charged to the repairs and maintenance account.
STUDY GUIDE
3.47
Activity ratios
Activity ratios provide an indication of an entitys efficiency in using available resources. Examples include: Inventory turnover = Cost of goods sold Closing inventory Closing inventory 365 Cost of goods sold Credit sales Closing debtors Closing debtors 365 Credit sales Closing accounts payable 365 Credit purchases
Debtors turnover
The inventory turnover ratio can be compared over time and with the industry average. If the ratio is substantially below those of past years or the industry averages, it can indicate obsolete and slow-moving stock. Generally, a high ratio is preferable as it indicates an efficient inventory management. However, it can also indicate problems such as unrecorded inventory. The ratio varies significantly between industries and for some industries it will vary seasonally. Ratios may also vary within industries because of different methods of accounting for inventory (e.g. FIFO, weighted average). The debtors turnover ratio is an indication of an entitys credit control policy. Thehigher this ratio, the better the performance. A decrease in this ratio compared to prior years or industry average may indicate deficiencies in the entitys credit and collection policies, possible uncollectability of some accounts, possible fictitious sales or incorrect cut-off or an increase in the credit period granted in order to increase sales. Fluctuations in these ratios may indicate changes in liquidity or cash managementprocedures.
Liquidity ratios
Liquidity ratios provide an indication of an organisations ability to meet current obligations as they fall due. Unusual or unexpected trends may also indicate over- or understatement of current assets and current liabilities. The ratios need to be reviewed with regard to the organisations current and projected cash flow. Liquidityratiosinclude: Current ratio = Current assets Current liabilities Cash + Marketable securities + Accounts receivable Current liabilities
The quick asset ratio is a more conservative indication of liquidity than the current ratio. The comparative importance of these ratios depends on such factors as the inventory turnover ratio, the debtors turnover ratio and the predictability of future cashflows. For example, the larger the inventory turnover ratio the less relevant the current ratio; the less predictable the cash flow, the higher these ratios need to be in order to be acceptable.
3.48
STUDY GUIDE
Financing ratios
Gearing ratios consider long-term financial strength of an entity. They may indicate, for example, that there is an over-reliance on debt finance. Examples of gearing ratiosinclude: Debt/Equity ratio = Total liabilities Shareholders equity Long-term liabilities Shareholders equity Total liability Total assets EBIT Interest expense
or
= =
The first two ratios indicate the gearing level. The third one considers the ability of the entity to meet its interest commitments as they fall due. Changes in these ratios may indicate business risk and the auditor needs to consider related audit risk.
Question 3.12
Whilst performing your preliminary analytical procedures (i.e. analytical procedures performed at the audit planning stage), you note that over the last few months there has been a substantial increase in goods returned as a percentage of total sales. What impact would this have on your audit?
Below are additional comments regarding analytical procedures. Many of these methodscan be used both at the planning stage and as a substantive test (to be covered in Module 4).
Reasonableness relationships such as interest to borrowings, fuel expenses to vehicles used and kilometres travelled can be useful calculations. However,care should be taken as the relationship gets more complex. For example, therelationship between interest expense and borrowings gets more complicated when different borrowings have different interest rates and new borrowings are taken out/repaid during the year. Similarly, a reasonableness test on the revenue for a large city hotel will depend on the number of rooms, occupancy rate and percentage of clients in various rate categories (e.g. government rate, range of corporate rates). Many ratios can be calculated in a number of different ways. For example, forreturn on asset (ROA) you could use earnings before income tax allowance (EBITA), earnings before income tax (EBIT), net profit before tax or net profit after tax. Ifyou are unsure about the interpretation of any of the ratios you should consult any introductory financial accounting textbook. Further information ontextbooks is in the Segment Outline. In interpreting the set of ratios discussed above, it is important to consider the relationships between ratios. One way of doing this is to consider a DuPont analysis. The name is used because in the 1920s, DuPont in the United States was the first company to formally integrate the linking of these ratios into its organisational control system. The DuPont analysis shows that return on equity (ROE) can be explained by two ratios, namely return on assets (ROA) and leverage. ROA can be explained by profit margin and total assets turnover.
STUDY GUIDE
3.49
The relationship between the ROE ratio and its two components can be seen below (here operating profit after tax has been used in both ROE and ROA): ROE Operating profit after tax Shareholders equity = ROA Operating profit after tax Total assets Leverage Total assets Shareholders equity
An example of a trend analysis is as follows: 20X5 Sales Trend Statement Percentages using 20X5 as the base year $400 000 20X6 $480 000 20X7 $580 000 20X8 $640 000 20X9 $800 000
100%
120%
145%
160%
200%
3.50
STUDY GUIDE
Non-current liabilities Interest-bearing liabilities Provisions Total non-current liabilities Total liabilities Net assets Shareholders equity Share capital Retained profit Total shareholders equity Profit and loss account Revenue Gross profit Operating expenses Net profit before tax Taxation Net profit after tax Retained profits at the beginning of the year Retained profits at the end of the period
Additional information: This is your first year on the audit but QRS has been a client of your firm for over five years. Sales have been gradually increasing due to the popularity in overseas markets of Australian wine. Exports now account for 40 per cent of sales. Overseas customers are invoiced in the importers currency. QRS has a new CEO who has a reputation for improving profitability and share prices. He has considerable stock options and has announced he intends to retire in two years. The company uses a standard cost system for wine; raw materials are valued at cost. The company has recently updated its earnings expectations due to cheaper grapes resulting from an excess of the grape variety it uses. The company has received substantial criticism from some analysts for underperforming over the last few years. Discussion with management last year indicated that it intended to reduce its debt substantially during the current year. Some retailers have passed on customer concerns about the quality of some of the red wine and the percentage of bottles that were off. Staff at the winery have suggested that this may be due to the ageing equipment. Management has noted that they are not willing to move to new technology involving screw tops for the wine because of the capital investment outlay. The non-current receivable relates to an amount in dispute with the tax office. The company believes the amount was incorrectly assessed and has legal advice to support this. The amount was paid to avoid interest accumulating. Your tasks 1 Calculate the following ratios for 20X9 and 20X8: a Gross margin. b Net profit. c Asset turnover. d Return on total assets. e Current ratio. f Quick asset ratio. g Inventory turnover. h Debtors turnover.
STUDY GUIDE
3.51
i j k
2 Identify key risk factors that will have an impact on the audit.
Liabilities and shareholders funds Payables Other current liabilities Non-current liabilities Deferred income tax Shareholders equity
Expenses Cost of goods sold Selling, administrative and general expenses Interest expense Depreciation Income tax Profit after tax
3.52
STUDY GUIDE
MNO Ltd30 June 20X9 MNO Ltd % Percentage common-size balance sheet Assets Cash Receivables Inventories Other current assets Property, plant and equipment Liabilities and shareholders funds Payables Other current liabilities Non-current liabilities Deferred income tax Shareholders equity Competitor 1 Competitor 2 % %
8.7 19.3 24.8 4.1 43.1 100.0 15.2 8.9 33.0 4.0 38.9 100.0
6.5 15.7 23.5 4.9 49.4 100.0 21.2 10.9 35.4 7.4 25.1 100.0
9.8 11.3 23.1 3.5 52.3 100.0 13.3 15.4 36.6 2.2 32.5 100.0
Percentage common-size income statement Revenue Net sales Returns Expenses Cost of goods sold Selling, administrative and general expenses Interest expense Depreciation Income tax Profit after tax
97.2 2.8 100.0 52.9 11.7 5.5 10.6 10.5 8.8 100.0
98.4 1.6 100.0 49.5 11.6 3.9 11.1 11.3 12.6 100.0
98.1 1.9 100.0 48.3 10.6 4.1 10.9 12.6 13.5 100.0
STUDY GUIDE
3.53
ISA 330.A4 provides guidance concerning the nature, timing and extent of further audit procedures and identifies the circumstances where tests of controls and/or substantive procedures are required. ISA 330.A5 states that: the nature of an audit procedure refers to its purpose (that is, tests of controls or substantive procedure) and its type (that is, inspection, observation, inquiry, confirmation, recalculation, reperformance, oranalytical procedure). According to ISA 330.A6, timing refers to when [audit procedures] are performed, or the period or date to which the audit evidence applies. ISA 330.A7 indicates that the extent of audit procedures refers to the quantity of a specific audit procedure to be performed, for example, a sample size or the number of observations of a control activity. Various factors are considered when determining theextent of audit procedures, including: the judgment of the auditor after considering materiality; the assessed risk; and the degree of assurance the auditor plans to obtain. Audit procedures will normally increase as the risk of material misstatement increases, butthis would be effective only if the increased procedures are relevant to the specific risk. Therefore, there is a relationship between the nature and the extent of audit procedures. It is important for the auditor to consider the nature of the evidence and the potential for the evidence to be manipulated. If the evidence is subject to management control (e.g.internal documentation), varying the nature of the evidence (e.g. external reports) may be more important than collecting more of the same type of evidence.
Tests of control
Once an understanding of the internal control that is sufficient for audit planning is obtained, the auditor must assess the control risk or the risk of material misstatement occurring. If the auditor assesses that control risk is less than high, it means he/she plans to rely to some extent on key controls in the control system. He/she needs evidence to support reliance on these controls; the tests to gather this evidence are called tests of control. If control risk is assessed as high, then no reliance is to be placed on these controls, there will be no testing of the controls, and more substantive testing will need to be undertaken. Some audits require the auditor to undertake tests of control. Wherethe auditor has determined that it is not possible or practicable to reduce risk of material misstatement at the assertion level to an acceptably low level with audit evidence obtained only from substantive procedures, the auditor shall perform tests of controls for operating effectiveness. Thus, for these key controls, it is not possible to evaluate control risk as high by default, and it would be necessary to undertake tests of controls. Further, wherethe auditor plans to rely on controls that have not changed since they were last tested, ISA 330.A37 requires that the auditor test the operating effectiveness of such controls at least every third audit. However, if the auditor plans to rely on controls that have changed since they were last tested, the auditor needs to test the operating effectiveness of such controls in the current audit (ISA 330.A36). You should review ISA 330.8.17 and the related explanatory paragraphs (ISA 330.A20.A41) to ensure that you are aware of the concepts contained in this key standard with regards to tests of controls.
3.54
STUDY GUIDE
Substantive procedures
Substantive procedures are aimed at detecting material misstatement (at the assertion level) in the dollar value of the information contained in the accounting records or in the financial statements. Thus, the risk of material misstatement is reduced by the auditor undertaking tests of controls and substantive procedures. If the auditor can gain confidence that the controls in place will help reduce material misstatement, theauditor is able to reduce the level of substantive testing. Substantive procedures consist of two categories: substantive analytical procedures and tests of details (ISA 330.4). A more detailed discussion of actual procedures is included inModule 4. Analytical procedures are used to compare account balances and transactions with other financial and non-financial information in order to identify unusual fluctuations or values. A common example is ratio analysis. These techniques are used to indicate areas of potential error that may require further audit investigation, and to assist the auditor in assessing the extent of tests of transactions and balances. Tests of details are tests of transactions and balances designed to obtain direct evidence to support the account balances shown in the financial statements. Commonly, this will involve drawing conclusions from a sample of the transactions or account balances and projecting these results to the entire population. Irrespective of the assessed risks of material misstatement, the auditor [is required to] design and perform substantive, procedures for each material class of transactions, account balance and disclosure (ISA 330.18). If under ISA 315 it has been determined that the assessed risk of material misstatement at the assertion level is a significant risk(e.g. significant risk of material overstatement of sales) the auditor needs to perform substantive procedures that are specifically responsive to that risk (ISA330.21).Thesesubstantive tests related to significant risks should be test of detailsonly and/or incombination with analytical procedures. It is important to consider the nature, timing and extent of substantive tests. Thenature of the tests refers to the use of substantive analytical procedures or test of details. The former are generally more applicable to large volumes of transactions that tend to be predictable over time whereas test of details are ordinarily more appropriate in obtaining evidence regarding certain assertions (e.g. existence and valuation) about account balances. Timing refers to when the evidence is collected. The auditor may perform substantive procedures at year end or at an interim date. In the latter situation, the auditor must perform further substantive procedures or substantive procedures combined with tests of controls to cover the remaining period to year end (ISA 330.22). For example, a debtors circularisation may be carried a month before year end and the additional evidence collected for the last month of the year related to that month. Such factors as the control environment and the assessed risk of a material misstatement affect whether substantive procedures are performed at year end. For example, if control procedures are weak and the risk of material misstatement is high, it is less likely that audit procedures would be performed at an interim date. The extent of substantive testing ordinarily increases when the risk of material misstatement is greater.
STUDY GUIDE
3.55
Based on the audit procedures performed, the auditor is required to evaluate the sufficiency and appropriateness of audit evidence obtained (ISA 330.25). However: If the auditor has not obtained sufficient appropriate audit evidence as to a material financial statement assertion, the auditor shall attempt to obtain further audit evidence. If the auditor is unable to obtain sufficient appropriate audit evidence, the auditor shall express a qualified opinion or disclaim an opinion on the financial statements (ISA 330.27). The auditors reporting determination is discussed further in Module 5. You should review ISA 330.18.23 to ensure that you are aware of the concepts contained in this key standard with regards to substantive procedures.
Question 3.13
Consider the following audit procedures: i ii examine large invoices for the two days prior to year end to determine if sales are recorded in the correct period; compare inventory turnover across products using monthly data for the last two years;
iii select a sample of trade debtors to be confirmed and follow up on non-replies; iv attend the annual inventory stocktake and ensure all procedures are complied with; v review any changes to the staff involved in authorising fixed asset purchases and disposals;
vi for a sample of fixed assets, determine if the depreciation rates used are consistent with the approved depreciation policy of the client; vii check arithmetic on a sample of sales invoices; and viii check authorisation signatures on a sample of travel reimbursements. 1 2 Which of the above procedures are tests of controls? For the procedures that are substantive tests, state the key financial statement assertion being tested.
3.56
STUDY GUIDE
The auditor is required to accumulate misstatements identified during the audit, exceptwhere these are clearly trivial (ISA 450.5). Clearly trivial does not mean the same as not material (ISA 450.A2), that is, it will normally be a much smaller number (e.g.to classify $12 000 as an expense when it should be capitalised is likely to be clearly trivial if the companys net profit is $120 million). When evaluating the effect of the misstatements the auditor should consider the nature of the misstatement (e.g. factual, judgmental or projected misstatementssee ISA 450.A3). Factual items are likely to be more clear-cut than judgmental or projected items (e.g. management may be able to provide sound reasons for the differences in judgments between management and theauditor). Depending on the level of the misstatements and the circumstances of their occurrence there may be a need to revise the overall audit strategy and audit plan (ISA 450.6) as discussed earlier in ISA 300. For example, if many of the misstatements identified during the audit occurred in a particular month yet the original audit plan placed no particular emphasis on this month, a revised audit plan may be necessary. Auditors are required to communicate to management all misstatements accumulated and request management to correct those misstatements (ISA 450.8). If management refuses to correct some of the misstatements, the auditor needs to obtain an understanding of thereasons and take that into account in forming an opinion (ISA450.9). Note that management may refuse to correct some misstatements because they genuinely believe they have made the correct judgments. This is much more likely to be the case where there are differences arising from the judgments of management concerning estimates compared to the auditors judgments. It may also relate to what is the appropriate accounting policy or treatment in areas where accounting standards are vague. These differences between auditors and management often lead to prolonged negotiations where additional evidence is collected by both sides and the accounting firms may draw on the expertise of the technical experts within their firms. The auditor also needs to consider uncorrected misstatements that are considered material, either individually or in aggregate. ISA 450.11 requires the auditor to: consider the size and nature of these misstatements; and consider the effect of uncorrected misstatements related to prior periods or the relevant classes of transactions, account balances or disclosures and the financial statements as a whole. The auditor is required to communicate with those charged with governance uncorrected misstatements and the effect they may have on the auditors report (ISA450.12). ISA450.12 is a recent change to the auditing standards and is likely to put the auditor in a much stronger position in any disagreements with management over recording ofmisstatements. You should now refer to ISA 450.A11 to .A23 for more details on evaluating the effect of uncorrected misstatements.
STUDY GUIDE
3.57
Review
This module considered the importance of business risk for the auditor. We considered the auditors role in understanding entities and their environments and assessing the risk of material statement. As audit firms have moved to a much greater emphasis on risk analysis, we outlined the steps in a strategic systems audit and outlined a variety of techniques for conducting strategic analyses in order to better understand these risks. Also analytical procedures were discussed as they play an important role in understanding business risk and the audit implications. Internal control is one way that management can mitigate business risks, and the auditing standards require the auditor to understand the entity and its environment, including internal control. Controls in an IT environment were also discussed. Having assessed the risks of material misstatement the auditor needs to develop procedures in response to the assessed risks.
References
Australian Accounting Standards Board (2004) AASB 1031 Materiality AASB, Melbourne. <http://www.aasb.com.au/Pronouncements/Old/Current-standards.aspx> (accessedNovember 2009). Bell, T. B., Marrs, F., Solomon, I. & Thomas, H. (1997) Auditing Organizations through a Strategic-Systems Lens The KPMG Business Measurement Process <http://www.business.uiuc.edu/kpmg-uiuccases/monograph.pdf> (accessed November 2010). Bell, T. B., Peecher, M. & Solomon, I. (2002) The strategic-systems approach to auditing In Cases in Strategic-Systems Auditing, edited by T. Bell and I. Solomon KPMG, Montvale, New Jersey, pp. 134. <http://www.business.uiuc.edu/kpmg-uiuccases/casebook.pdf> (accessed November 2010). International Federation of Accountants (IFAC) (2009) Handbook of International Standards on Auditing and Quality Control IFAC, New York. Knechel, Salterio, S. & Ballou, B. (2007) Auditing: Assurance and Risk 3rd edn, Cengage, Melbourne. Porter, M. (1980) Competitive Strategy The Free Press, New York.
3.58
STUDY GUIDE
Porter, M. (1985) Competitive Advantage: Creating and Sustaining Superior Performance The Free Press, New York. Thompson, A. & Strickland III, A. J. (2001) Strategic Management: Concepts and Cases 12th edn, McGraw-Hill Higher Education, Columbus, Ohio. Trotman, K. T. (1990) Analytical Review Audit Monograph No. 1 Australian Accounting Research Foundation, June, Melbourne. Trotman, K. T. & Gibbins, M. (2009) Accounting: An Integrated Approach Thomson Learning, Melbourne.
SUGGESTED ANSWERS
3.1
Module 3
Suggested answers
Question 3.1
The audit plan would need to be revised. ISA 300.10 states that the auditor shall update and change the overall audit strategy and the audit plan as necessary during the course of the audit (see also ISA 300.A13). Given there were incorrect assumptions in developing the original plan, it would need to be revised.
Question 3.2
1 Accounts receivablevaluation. Without appropriate credit checks there is a high likelihood of debtors not paying. Less reliance would be placed on tests of controls and more substantive testing would be required. The substantive testing would be more tests of details as analytical procedures is less reliable when internal control weaknesses exist (thiswill bediscussed more in Module 4).
Question 3.3
n n
observation of production processes; sales processes at stores; stocktake procedures; operation of internal controls such as gatekeeping; employee time recording. Inspection of documents (e.g. business plans, strategy documents, records such as fixed assets registers, internal control manuals). reports prepared by management (e.g. monthly reports, balanced scorecard, variance analysis, capital investment analysis); reports prepared by those charged with governance (e.g. board minutes). visits to the entitys premises (e.g. factory, retail outlet).
3.2
SUGGESTED ANSWERS
Question 3.4
This is covered by ISA 315.8 and .9. ISA 315.8 refers specifically to the situation where the auditor has performed other engagements for the entity (e.g.previous year audit, reviewor other assurance engagement) and the need to consider whether information obtained is relevant to identifying risks of material misstatement. If the auditor decides to use information obtained in previous audits, it is necessary to consider whether changes have occurred that affect the relevance of that information (ISA 315.9).
Question 3.5
n n
n n n
The members of the engagement team to be included when the meeting occurs. The extent of the discussion (affected by roles, experience and information needs of the team). The role to be taken by the partner (e.g. lead the discussion, or be part of a round table discussion). does the meeting need to be face-to-face, by telephone or computer link? preparation expected prior to the meeting. Will it be more of a brainstorming session or a presentation by a senior staff member with follow-up discussion?
Question 3.6
Some of the key points are: n business risk is broader than the risk of material misstatement (ISA 315.A30); n an understanding of business risk increases the likelihood of identifying risks of material misstatement; and n most business risks eventually have financial consequences but these effects may not be immediate and they may not result in material misstatement.
Question 3.7
one of the clear business risks facing the client is increased competition with a likely result of substantial reductions in market share. There appear to be low barriers to entry because costs of adapting production processes are likely to be relatively low for other manufacturers and, as bags with wheels attached are quite common in the luggage industry, it is unlikely to be protected via patent etc. The risk is concerned with market share and margins being affected by competition. This could have an impact on the valuation of inventory and potential impairment of productive assets.
SUGGESTED ANSWERS
3.3
Question 3.8
A knowledge and understanding of the internal and external environment of the auditclient may uncover: n incentives or pressures; n opportunities and attitudes; or n rationalisation to engage in fraudulent activity or the misappropriation of assets. For individuals, incentives or pressures may be personal circumstances or unrealistic expectations of management. Incentives or pressures for management are often associated with financial goals set by the organisation or market expectations. opportunity usually arises when there is an absence of adequate or effective internal controls. Internal control deficiencies are often related to positions held by trusted employees. rationalisation is the process of neutralising or justifying fraudulent activities or the misappropriation of assets.
Question 3.9
1 Human judgments. The effectiveness of controls can be limited by the judgments made by individuals. Even well-designed controls can break down (e.g. staff misunderstanding, being careless, fatigued). Management override. This refers to the overruling of prescribed policies and procedures by management (e.g. No need for credit clearance for X who is an excellent client). Collusion. Individuals acting in collusion can often circumvent controls (e.g.separation of duties becomes ineffective when collusion occurs). Cost versus benefit. organisations have to consider the costs versus the benefits of establishing and monitoring controls. Benefits, in particular, can be difficult tomeasure.
3 4
Question 3.10
1 If management lacks integrity, it is more likely that they might be prepared to produce materially misstated or misleading financial statements. Accounts that were misstated in previous audits are more likely to contain similar misstatements in the current year. Lack of experience and knowledge may affect preparation of the financial statements. Further, if poor business decisions are made, this is likely to result in pressure to manipulate the results. If the entity is experiencing cash flow problems and poor liquidity, there may be anincentive to make the financial position look better. Small, high-value products are more likely to be stolen than bulky, low-value items. Transactions that are subject to difficult calculations or have complex accounting standard requirements, such as tax-effect accounting, are more likely to have errors than simple repetitive transactions.
5 6
3.4
SUGGESTED ANSWERS
Some businesses are inherently risky because the nature of their products may mean that they are subject to the inherent risk of obsolescence due to improvements intechnology. The existence of related-party transactions would also increase risk as the transactions are not with an independent party and so may be subject to manipulation. In addition, the required related-party accounting disclosures are quite complex. If there is a management compensation scheme that is tied to earnings or share prices, there is a clear incentive for management to misstate the result so that they can get a bonus. Similarly, if management has substantial shareholdings in the company, they have a vested interest in reporting a good result as it will affect the dividends they receive and the value of their shares. pressure may also be placed on management by head office, major investors or lenders to meet budgets, forecastsor targets. The more judgment involved in determining an account balance, the greater the possibility of an error. Accounting estimates, such as provision for long-service leave or provision for warranty, are more likely to be subject to manipulation than routine factual data. decisions involving subjective judgments, such as whether to capitalise development expenditure or whether an entity has control of a subsidiary, alsohave a high inherent risk. Items or events that require using the work of an expert, such as the value of properties, are more susceptible to misstatement as it isdifficult for the non-expert to assess the true value. Transactions that are not subject to normal processing are more susceptible to misappropriation or errors. If the entity buys or sells goods in a foreign currency, inherent risk will also increase as there is a risk of incurring foreign-exchange losses due to changing exchange rates. If hedges are taken out for those transactions, the hedging contracts may be complex. The complexity of the recording of the transactions under the relevant accounting standards also increases the chance of an error.
10
11
12
13
Question 3.11
Inbound logistics n completeness and valuation of inventory; n recognition of liabilities; and n timing of expenses. Operations n measurement of CoGS; and n cost allocation issues. Outbound logistics n sales cut-off; n revenue recognition; and n allocation of delivery costs.
SUGGESTED ANSWERS
3.5
Marketing and sales n revenue recognition; and n collectibility of accounts receivable. Service n warranty expenses and liabilities.
Question 3.12
risks: n valuation of inventorywhat is the remaining value of inventory on hand? n Completeness of warranty provisionsmay need rework and replacement. n valuation of accounts receivableunhappy customers are less likely to pay. n valuation of property, plant and equipmentmay raise impairment issues if it hasan impact on the generation of cash flows from equipment.
Question 3.13
1 2 Tests of controls: iv; v; vi; viii. Substantive tests: i cut-off; ii valuation and allocation; iii existence; vii accuracy.
3.6
SUGGESTED ANSWERS
Specific control
2 System development
User participation in system design. preparation of documentation on system description. operator manuals and instructions. Control features to monitor data and system changes. physical measures. File protection.
Assure that system meets user needs. provide explanation of system design. Ensure proper and efficient use of IT. Ensure that data are controlled and changes authorised. Limit physical access. Limit access to file data or manipulation.
n n
3 operations
review manuals and observe operations. review organisational functions and procedures. Attempt access. verify procedures for passwords, locks, badges orguards.
n n
SUGGESTED ANSWERS
3.7
Location of computers
The location of the computers above the cafeteria could present a significant security risk should there be a fire. Also, the fact that staff need to open windows in summer raises issues regarding unauthorised access to the computers and staff safety.
Staff issues
Jing is working extremely long hours, which could ultimately lead to health and safety concerns. There appears to be a fairly strong argument to employ additional staff to support the work currently done by Jing and Melissa. Angie is relying on the fact that Melissa and, in particular, Jing are honest people who would not take advantage of their positions. Given the size of Jings mortgage this issue becomes all the more significant.
Environmental conditions
CWC should install central-heating and air-conditioning systems which can reduce the risk of damage to its IT systems from environmental hazards.
3.8
SUGGESTED ANSWERS
Documentation
The systems documentation that does exist is poor and difficult to understand. It is essential for Jing to maintain up-to-date documentation of the new system that is complete and accurate. All of the application programs and interface issues seem to be in Jings head, which is of little use to CWC should anything happen to Jing.
collectibility of receivables valuation of non-current assets related to impairment; and viability due to potential loss of customers (luxury item). valuation of inventory (prices drop quickly due to loss of potential second-hand market); valuation of equipment (some equipment may become redundant); and viability (depends on ability to adapt in a timely manner). control environment (pressure to cut corners to meet demand); potential impact on wastage rates; and implications for managing and follow-on effects. demand is sensitive to brand image, valuation of brand names; inventory valuation resulting from lower sales; and control environment. impact on margins as new retailers are more powerful, and control environment (pressure on staff to cut costs or increase sales to keep profits up). potential decrease in demand with potential impact on valuation of inventory and equipment; and control environment (pressure to increase sales).
regulation, technology
Suppliers
n n
n n n
n n
Technology competition
SUGGESTED ANSWERS
3.9
Potential audit implications Note: This has been included to show that you really need to know your clients industry to understand the implications for the audit. If you lengthen the time between golfers teeing off, you decrease the number of golfers that can play on a course and therefore potential overall demand. Calculations could be done on the total impact across a city to determine the potential affect ondemand.
Legal, customer
n n n
increase in warranty costs; inventory valuation; accounts receivable valuation (collectibility more difficult after problems); and potential litigation.
3.10
SUGGESTED ANSWERS
Sociocultural n population demographics; n attitude to leisure and work; n changes in the propensity to travel; n appeal of substitute products (e.g. rail, telephone conferences); n rising expectations for plane comfort/services; n changes in economic distribution; and n employees requiring greater flexibility. Technological n new types of aircraft; n new capabilities of aircraft; n electronic tickets; n better databases (e.g. frequent flyers); n upgrading of IT systems; n integrated reservation systems with alliance partners; and n availability of internet to compare prices. Environmental n environment regulation related to noise and pollution emission; n airport curfews related to noise level; n community around airports; and n fuel consumption. Legal n safety regulations; n foreign ownership regulations; and n employment law.
From an audit planning perspective this has implications for the valuation of both inventory and accounts receivable; there are potential going concern issues to beconsidered.
SUGGESTED ANSWERS
3.11
Current receivables (valuation and allocation): have increased by over 10 per cent; n slight decrease in debtors turnover; n days in debtors is high at 77 days; n retailers complaining about quality which may impact on collectibility; and n with many customers paying in foreign currencies, accuracy of currency translation is a risk.
n
3.12
SUGGESTED ANSWERS
Non-current receivables (existence): n further evidence would be needed on the collectibility of this amount from thetax office. Inventory (valuation and allocation): inventory turnover is considerably slower (3.6 to 2.1 times); and n grape prices have dropped; carrying value of raw materials, work in progress and finished goods (at standard cost) needs to be checked.
n
Earnings management/fraud risk: reputation of CEo for increasing profit; n criticism of analysts; n stock options and impending retirement of CEo in two years; and n gross profit and net profit are growing much quicker than sales.
n
Going concern while there is an improvement in liquidity ratios, they are quite low; n concern about quality of the product; n debt not reduced in line with managements plans; n not moving to new technology because of capital investment outlays; and n decrease in debt/equity ratio.
n
There is a trend upwards for both accounts receivable and inventory as a percentage of total assets, and both figures are higher than for competitors. Inventory and debtors turnover rates should be followed up. CoGS is higher than for competitors but it is improving for MNo Ltd over the fouryear period. Interest is a higher percentage than for competitors but non-current liabilities are generally smaller. depreciation is decreasing and is lower than competitors but so are non-current assets. profit after tax is considerably lower than competitors (as a percentage of expenses). This should be considered in relation to the information obtained as part of the strategic analysis of MNo Ltd. There has been an increase in returns. The reasons should be ascertained.