ISA 6 lập kế hoạch và đánh giá rủi ro kinh doanh

Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett Audit Pla

Chapter 6

Planning, Knowledge of

the Business and Evaluating Business Risk

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Learning Objective 1:

Client Acceptance

Acceptance and continuance evaluation

procedures

• Procedures carried out before accepting a new client or continuing with an existing client include:

– Reviewing financial information regarding the client;

– Making inquiries of third parties such as solicitors and

bankers;

– Communicating with previous auditor;

– Ensuring that the firm has technical expertise to carry out audit; and

– Ensuring accepting engagement will not conflict with the profession’s code of professional conduct.

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Communication with previous auditor

• Communication ensures that the interests of

shareholders, the incoming auditor and existing auditor are protected It allows the existing auditor to advise the prospective auditor of any professional matters they

should be aware of before accepting the engagement.

• Nominated incoming auditor should request client’s

permission to communicate with previous auditor;

• If client refuses permission, normally decline

nomination; and

• If permission is granted, the nominated auditor asks

previous auditor for all information necessary to decide whether nomination should be accepted.

Engagement Letters

• These letters are from the auditor to the client that

document the arrangements and confirm the auditor’s acceptance of the appointment and should include:

– Objectives and scope of audit;

– Responsibility of management for financial report;

– Form of any reports;

– An explanation of the extent to which an audit can be relied upon to detect material misstatement; and

– Auditor’s right of unrestricted access to records,

documents and other information necessary to

Learning Objective 2:

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Audit Planning

• The planning stage is a very important stage of the

audit and involves two aspects:

– Audit plan - outlines the expected scope and conduct of audit; and

– Audit program - directs the nature, timing and extent of audit procedures.

Learning Objective 3:

Major steps in the audit process

• In every audit of a financial report there are seven

identifiable stages These stages are:

– Obtaining knowledge of the client’s business;

– Understanding internal controls;

– Assessing risks of material misstatement;

– Responses to assessed risks;

– Performing tests of controls;

– Performing substantive procedures; and

– Completion and review.

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Developing an Overall Audit Strategy

• Overall audit strategy details the general evidence

requirements for forming an opinion and initial decision

as to the nature, timing and extent of audit procedures.

• Interrelationship between materiality, audit risk and

what constitutes sufficient appropriate audit evidence impacts on auditor’s strategy.

• Audit strategies can range from a lower assessed level

of control risk approach to a predominantly substantive approach.

Learning Objective 4:

Lower assessed

level of control risk

Predominantly substantive approach

Audit strategy may be anywhere along this continuum

Range of audit strategies

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Lower assessed level of control risk

approach

• If internal control is well designed and expected to be highly effective, audit strategy will include:

– Low or medium assessed level of control risks;

– Extensive understanding of relevant parts of internal

control;

– Extensive tests of control; and

– Reduced level of substantive audit procedures, based on planned acceptable level of detection risk being high or medium.

Predominantly substantive approach

• If the auditor believes adequate controls do not exist or might be ineffective or testing controls are not cost

effective, audit strategy will be to:

– Use a planned assessed level of control risk of high;

– Plan to obtain a minimum understanding of internal

control;

– Plan no tests of control; and

– Plan extensive substantive audit procedures based on planned acceptable level of detection risk of low or

medium.

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Impact of business risk assessment on

audit strategy

• Substantial time is spent on the planning stage and on developing an expectation of what the entity’s financial report should look like Audit strategy might include:

– Increased use of sophisticated analytical procedures;

– Undertaking tests of controls for routine transactions;

– Increased substantive testing for non-routine transactions; and

– Reduced detailed substantive testing if financial report is

in accordance with auditor’s expectations.

Preparing detailed audit programs

• An audit program is a detailed list of audit procedures that need to be applied to a particular balance or class

of transactions to implement the audit strategy.

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Purpose of detailed audit programs

• Programs should provide:

– Evidence of proper planning of work;

– Guidance for inexperienced staff;

– Evidence of work performed;

– A means of controlling time spent on the engagement; and

– Evidence of consideration of internal control structure in relation to proposed audit procedures.

Contents of audit program

• An audit program will outline the following

characteristics of audit procedures:

– Nature - particular audit procedures to use and particular items to which a procedure will be applied;

– Extent - number of items to which procedures will be

applied, and number of different tests to be performed; and

– Timing - appropriate time to perform the procedure.

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Assigning and Scheduling Audit Staff

• Activities entailed include:

– Coordinating assistance of client entity personnel;

– Determining the extent of involvement of consultants,

specialists and internal auditors; and

– Establishing and co-ordinating staffing requirements.

Learning Objective 5:

Knowledge of the Client’s Business

• Purpose – help to assess business risk, assist the

auditor to identify events, transactions, practices and risks that might have a significant effect on financial

report, particularly on the appropriateness of accounting policies adopted and the reasonableness of

assumptions and estimates incorporated in client’s

financial report.

Learning Objective 6:

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Procedures for obtaining an understanding of a client’s business

• These include:

– Reviewing the auditor’s previous experience with the

client and industry;

– Discussion with client personnel, other advisers or

previous auditors of the entity;

– Reviewing the industry or government publications and legislations;

– Visiting the client’s premises; and

– Reviewing documentation produced by the client.

Steps in planning the audit

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Knowledge obtained by the auditor

• An auditor should obtain an understanding of:

– Client’s organisational structure;

– Client’s operational and legal structure; and

– Relevant industry and economic conditions.

Business Risk

• Business risk can be defined as:

– Risk that an entity’s business objectives will not be

attained as a result of external and internal forces brought

to bear on an entity and, ultimately, the risk associated with the entity’s profitability and survival.

Learning Objective 7:

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

The relationship between client business risk

and the global, local and internal

environments

Assessing business risk

• The auditor must obtain a thorough understanding of the industry, including:

– Profitability and structure of the industry;

– Relationship between the industry and the broad

economic and business environment;

– Critical issues facing the industry; and

– Significant industry business risks.

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Assessing business risk (cont.)

• The auditor must also understand how the entity fits

within the industry, including:

– Entity’s position within the industry in terms of profitability

and market share;

– Opportunities and plans the entity has for increasing or maintaining profitability and market share;

– Threats to the entity’s position in the industry;

– Ways in which the entity deals with customers and

competitors; and

– Methods the entity uses to measure and monitor its

performance.

Overview of the audit risk standards

Perform risk assessment procedures to understand the

entity and its environment. See AUS 402.06-99/ ASA 315.10-116

(ISA 315.06-99)

Assess the risks of material misstatement at the

financial report level and at assertion level. See AUS 402.100-119/ ASA 315.117-140

(ISA 315.100-119)

Respond to the risks at the financial report level and

(ISA 330.04-21)

Perform further audit procedures that are clearly linked

to risks at the assertion level. See AUS 406.22-65/ ASA 330.29-89

(ISA 330.22-65)

Evaluate whether sufficient and appropriate audit

evidence has been obtained. See AUS 406.66-72/ ASA 330.90-98

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Techniques for assessing business risk –

SWOT analysis

S trengths — Internal aspects that can

improve competitive situation.

W eaknesses — Internal aspects,

vulnerability to competitors’

strategic moves.

O pportunities — Environmental aspects that can

improve entity’s situation relative

to competitors.

T hreats — Environmental aspects

that can undermine entity’s competitive situation.

Techniques for assessing business risk

(cont.) – PEST analysis

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Techniques for assessing business risk

(cont.) – Value-chain approach

• This approach disaggregates an entity into strategically important activities in order to:

– Understand client’s strategic advantages;

– Understand risks that threaten attainment of business

objectives;

– Understand key processes and related competencies

needed to realise strategic advantages;

– Measure and benchmark process performance; and

– Document an understanding of the client’s ability to create value and generate future cash flows by using a client

business model, process analyses, key performance

indicators and a business risk profile.

Response to assessed risks

• An auditor should determine overall responses to

assessed risks at financial report level, and perform

audit procedures at the assertion level Responses at financial report level include:

– assigning more experienced staff;

– using experts; and

– incorporating unpredictability into selection of further audit procedures.

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Performing further audit procedures at the

assertion level

• An auditor must consider:

– Significance of the risk.

– Likelihood of misstatement occurring.

– Nature of specific controls.

– Whether auditor expects to obtain evidence to determine

if entity’s controls are effective in preventing or detecting and correcting, material misstatement (planned control risk < HIGH).

Analytical Procedures

• Analytical procedures involve the use of ratios, trend analysis and operating statistics for comparison with internal and external data.

• Can be used at all stages of the audit:

– e.g in planning stage as a form of evidence or as a final review.

• At this stage we concentrate on use of analytical

procedures in planning.

Learning Objective 8:

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Analytical procedures at the planning

stage

• A risk analysis approach requires analytical procedures

to be used during the planning stage of the audit.

• Allows the auditor to understand the business and

identify areas of potential risk, thereby assisting in the determination of the nature, timing and extent of audit procedures.

Analytical procedures used in planning the

audit

More complex procedures:

• Time series modelling

Copyright  2006 McGraw-Hill Australia Pty Ltd

Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

Analytical procedures most commonly

used in planning

• Comparison of current balances in the financial report with balances of prior periods, and budgeted amounts (simple comparisons);

• Computation of ratios and percentage relationships for comparison with prior years, budgets and industry

averages (ratio analysis); and

• Significant variations from expectations indicate areas requiring investigation.

Ratios commonly used at the planning

stage

– Current ratio (current assets to current liabilities);

– Quick asset ratio (liquid assets to current liabilities); and

– Operating cash flow ratio (cash from operations to current liabilities).

– Receivables turnover (net sales to average accounts receivable); and

– Inventory turnover (cost of goods sold to average inventory).

– Gross profit and net profit ratio (gross profit or net profit to net sales);

– Return on total assets (net profit to total assets); and

– Return on shareholders’ equity (net profit to ordinary shareholders’

equity).