Main phases of an audit
- 1. risk assessment
- 2. Risk response: performance of detailed tests of control and substantive testing of transactions and accounts
- 3. reporting: evaluation of the results and forming an opinion on the truth and fairness of the client's financial report.
Risk assessment phase
- The first phase of an audit
- Assess client risk and planning the audit.
- Gaining an understanding of the client, identifying factors that may impact risk of a material misstatement in the financial report, performing a risk and materiality assessment and developing an audit strategy.
- Assessment is made of the risk that a material misstatement (significant error of fraud) could occur in the client's financial report.
- Auditor can spend more time where the risks are greatest.
- Look at the client's internal controls, IT, corporate governance, closing procedures, related parties, factors that may affect going concern and significant accounts.
–Auditor must plan the audit to reduce audit risk to an acceptably low level.
–A well planned audit
ensures that sufficient appropriate evidence
is gathered for accounts most at risk of material misstatement.
Risk of material misstatement
Is the risk that the financial report includes a significant error or fraud.
The risk that an auditor expresses an inappropriate audit opinion when a financial report is materially misstated.
Efficiency and effectiveness when conducting an audit
- Efficiency refers to the amount of time spend gathering audit evidence.
- Effectiveness refers to the minimisation of audit risk.
- A well planned audit will ensure that sufficient appropriate evidence is gathered for those accounts most at risk of material misstatement.
Preliminary risk assessment
- Understanding the client
- Closing procedures
- Significant classes of transactions
- Significant accounts
- Understand IT environment
- Understand internal controls
- Corporate governance
- Going concern risk
- Fraud risk
- Identify related parties.
3.2 Gaining an understanding of the client
- Purpose is to assess the risk that the financial report contains a material misstatement due to:
- Nature of the client's business
- The industry in which the client operates
- The level of competition within that industry
- The client's customers and suppliers
- The regulatory environment in which the client operates
In gaining that understanding the auditor will consider issues at the entity level, industry level and economy level.
3.2.1 Entity level- Major customers
- Gained through interviews with client personnel. Ask questions about what client does, how it functions, ownership structure and sources of finance.
- Major customers: identified so auditors may consider whether those customers have a good reputation, on good terms with the client, likely to pay on a timely basis. These affect allowance for doubtful debts and cash flow.
- Also affects going concern as customer may decide to not purchase in future.
- Risk increased if have 1 or few customers.
3.2.1 Entity level- Major suppliers
- Major suppliers: identified to determine whether they are reputable and supply quality good on a timely basis.
- Look at whether significant levels of goods are returned to suppliers as faulty, terms of contracts and payment, whether client pays on timely basis.
- If client is having trouble paying its suppliers, may have trouble sourcing goods.
3.2.1 Entity level- Import/export
- Whether the client is an importer or exporter of goods is identified.
- If client trades internationally, auditor considers the stability of the country(s) the client trades with, stability of foreign currency(s), and effectiveness of any risk management policies the client uses to limit exposure to currency fluctuations (eg hedging policies)
3.2.1 Entity level- capacity to adapt to changes in technology and other trends
- If the client is not well positioned to adjust to such changes, risks falling behind to competitors and losing market share, will affect going concern.
- Especially if client operates in industry subject to frequent change.
3.2.1 Entity level- nature of warranties provided to customers
- If client provides warranties on products sold, auditor needs to assess likelihood that goods will be returned and adequacy of the provision for warranty.
- Looks at goods being returned for the same problem, which may indicate systemic fault.
- Assess likelihood that other pens will be returned for the same reason and steps being taken by the client to rectify the problem.
3.2.1 Entity level- discounts
- Terms of discounts given to customers and received from suppliers are reviewed.
- Assess client's bargaining power with customers and suppliers to determine whether discounting policies are putting profit margins at risk, may affect future viability.
3.2.1 Entity level- reputation
- Assess reputation with customers, suppliers, employees, shareholders and wider community.
- Poor reputation places future profits at risk.
- Also not in the best interest of the auditor to be associated with a client with poor reputation.
3.2.1 Entity level- operations
- Understanding of client operations.
- Where the client operates, number of locations it operates in and the dispersion of these locations.
- The more spread out, the harder for the client to effectively control and coordinate its operations, increasing risk.
- Must visit locations with greatest risk and assess processes at each site.
- More likely to visit if the client opens a new large site or if located in a country with high inflation or where there is high risk of theft.
3.2.1 Entity level- nature of employment contracts and relations with employees
- Look at how the client pays employees- mix of wages and bonuses
- Level of uniunisation among the workforce and the attitude of staff to employer.
- Complex payroll system increases likelihood of errors.
- Unhappy staff, greater risk of industrial action such as strikes which disrupt client operations.
3.2.1 Entity level- sources of financing
- Assessment of client's debt sources, reliability of future sources and structure of debt.
- Debt vs equity.
- Whether client is meeting interest payments and repayments.
- Understand terms of covenant eg. hold certain debt to equity ratio or limit client's further borrowings.
- If client does not meet debt covenant, borrower may recall the debt, placing client's liquidity position at risk- going concern.
3.2.1 Entity level- ownership structure
- Auditor is interested in amount of debt funding relative to equity, use of different forms of shares and differing rights of shareholder groups.
- Client's dividend policy and its ability to meet dividend payments out of operating cash flow.
3.2.2 Industry level- level of competition
- Level of competition in the client's industry is assessed.
- Client's position among competitors and it's ability to withstand downturns in economy.
3.2.2 Industry level- reputation
- Auditor considers client's reputation relative to other companies in same industry.
- If poor reputation, customers and suppliers may shift business to competitor.
- In such circumstances, management may resort to accounting choices to improve profits.
- Assess by reading articles and industry publications
3.2.2 Industry level- government support
- Consideration given to the level of government support for the client's industry.
- Support sometimes given to industries that produce items in line with government policy eg. solar panels.
- Assessment is made of the impact of government regulation on the client and industry.
- Regulations include tarrifs, trade restrictions and foreign exchange policies.
- Regulations can affect a client's viability and continued profitability.
- Level of taxation on industry.
3.2.2 Industry level- demand
- Level of demand for goods and services in industry.
- Eg. seasonal will affect cash flow
- Changing trends (fashion) risks inventories obselescence if does not keep up with change.
3.2.3 Economy Level
- How economic level factors affects client.
- Economic upturns and downturns, changes in interest rates, currency fluctuations.
- Auditor concerned with client's susceptibility to these changes and its ability to withstand economic pressures.
- Economic upturn: under pressure to perform as well/better than competitors. Shareholders expect consistent improvement in profits.
- Audit more focus on overstatement of revenues/ understatement of expenses.
- Economic downturn: companies may decide to 'take a bath'- purposefully understate profits (eg. write offs) and blame on sharemarket.
- Provides a low base from which to demonstrate improvement next year.
- Audit focus on overstatement of expense/understatement of revenue.
3.3 Fraud risk
- Fraud: intentional act to obtain an unjust or illegal advantage through the use of deception.
- Use professional scepticism, remain independent, questioning attitude and search thoroughly for evidence to validate info provided by client.
Red flags for fraud
- High turnover of key employees
- Key finance personnel refusing to take leave
- Overly dominant management
- Poor compensation policies
- Inadequate training programs
- Complex business structur
- No (or ineffective) internal auditing staff
- High turnover of auditors
- Unusual transactions
- Weak internal controls
2 broad types of fraud
- Financial reporting fraud: intentionally misstating items or omitting important facts from financial report.
- eg. improper asset valuations, unrecorded liabilities, fictitious sales,
- Misappropriation of assets fraud: generally involves some form of theft.
- Results in resource outflow
- eg. using company credit card for personal use, unauthorised discounts/refunds to customers, theft of stock
Responsibility for preventing and detecting fraud
- Rests on those charged with governance.
- Controls and procedures aimed at avoiding and uncovering fraud.
- Responsibility of auditor to assess the risk of fraud and effectiveness of client's attempts to prevent and detect via internal control systems.
- Auditor can consider incentives and pressures to commit fraud, opportunities to perpetrate fraud, and attitudes and rationalisation to justify commiting fraud.
Incentives and pressures to commit fraud
1.Incentives and pressures to commit a fraud:
–In assessing the risk of fraud, an auditor will consider incentives and pressures faced by their client to commit a fraud.
2.Opportunities to perpetrate a fraud:
–After identifying one or more incentives or pressures to commit a fraud, an auditor will assess whether a client has an opportunity to perpetrate a fraud.
3.Attitudes and rationalisation to justify a fraud:
–An auditor will assess the attitudes and rationalisation of client management and staff to fraud.
1.Incentives and pressures to commit a fraud:
- Examples of incentives and pressures that increase the risk of fraud include:
- the client operates in a highly competitive industry
- a significant decline in demand for the client’s products or services
- falling profits
- a threat of takeover
- a threat of bankruptcy
- ongoing losses
- Rapid growth, low cash with high profits
- pressure to meet market expectations
- planning to list on a stock exchange
- planning to raise debt or renegotiate a loan
- about to enter into a significant new contract
- remuneration tied to profits (e.g. bonus and options).
2.Opportunities to perpetrate a fraud:
Examples of opportunities that increase the risk that a fraud may have been perpetrated include:
- accounts that rely on estimates and judgement
- a high volume of transactions close to year-end
- significant adjusting entries and reversals after year-end
- significant related party transactions
- poor corporate governance mechanisms
- poor internal controls
- a high turnover of staff
- reliance on complex transactions
- transactions out of character for a business
- for example, if a client leases its motor vehicles they should not have car registration expenses.
3.Attitudes and rationalisation to justify a fraud:
Examples of attitudes and rationalisations used to justify a fraud include:
- a poor tone at the top (that is, from senior management).
- the implementation of an effective internal control structure is not seen as a priority.
- an excessive focus on maximisation of profits and/or share price
- a poor attitude to compliance with accounting regulations
- rationalisation that other companies make the same inappropriate accounting choices.
Auditor must consider whether it is appropriate to assume that client will remain a going concern (ASA 570; ISA 570).
- Going concern means belief that company will remain in business for foreseeable future. Operationalised as 12 months from audit opinion
- Going concern justifies valuing assets on basis they will continue to be used in business and liabilities paid when due.
Remaining a going concern is the responsibility of client governance.
Auditor must obtain sufficient appropriate evidence
to assess validity
of going concern assumption.
Auditor makes professional judgement
about going concern risk, based on risk indicators.
Going concern risk- indicators
- Examples include:
- significant debt/equity ratio
- long term loans due, no alternative finance
- prolonged losses, inability to pay debts when due
- loss of significant customer,
- supplier problems
- High staff turnover,
- Loss of key personnel or strikes
- problems obtaining raw materials, inputs
- poor growth planning, inadequate risk management
- being under investigation for non-compliance
- competitive pressures, drought etc.
Going concern indicators continued
Auditor is required to assess client efforts to identify going concern risk factors
Auditor should obtain evidence of effect of risk factors on client and its ability to continue as going concern.
- If going concern is in doubt, undertake additional audit procedures.
- Assess cash flow, revenues, expenses, interim results.
Review debt contracts, board meeting minutes.
Discussions with client management and lawyers.
2.Going concern risk — mitigating factors:
- Auditor should also consider factors that mitigate (reduce) going concern risk.
- Letter of guarantee from parent company.
Availability of assets
or segment of business for sale for cash.
Ability to raise funds
through share issue or borrowing.
Consider adequacy of client disclosures
in financial report about going concern issues.
is the rules, systems and processes within companies used to guide and control activities.
–Used to monitor
actions of staff and assess level of risk
used to reduce identified risks and ensure future viability
of the company.
- ASX principles and recommendations for listed companies.
- Companies required to disclose their compliance.
Auditor should consider particular risks faced by client related to IT for example:
- –Unauthorised access to computers, software and data:
- need security, passwords to prevent distorted data.
- Errors in programs:
- Can occur if not thoroughly tested before implementation, or mistakes made when changing programs.
-Restrict program change rights to authorised personnel.
-Programs need to be suitable for client
-Lack of backup
and loss of data.
Client should have appropriate IT installation
and security procedures
, and training
Client closes accounts when preparing financial reports at year-end.
–Revenue and expense accounts should include all transactions for the year, and none that relate to other periods.
–Accrued assets and liabilities should be complete.
–Assets and liabilities should include all relevant items.
Auditor faces risk that client closing procedures are inadequate.
Audit procedures to assess adequacy of client closing procedures:
–Assess adequacy of client interim reporting procedures.
–Check accuracy of accrual calculations.
–Analyse results to assess reasonableness.