Question

• Create a framework for your audit procedure using the Audit Risk Approach. Your framework should include the following:

o At least 3 examples of how you would mitigate risk in your audit

o At least 3 accounts or areas that you would focus your attention on for this audit

o An outline of tests and procedures that you would employ based on your company

o A detailed analysis of the sampling techniques that you would utilize for each of the 3 accounts or areas that you chose

o An explanation of the type(s) of documentation that you would require as audit evidence

Answer 1

Introduction

Audit risk is defined as ‘the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk’. Hence, audit risk is made up of two components – risks of material misstatement and detection risk.

Risk of material misstatement is defined as ‘the risk that the financial statements are materially misstated prior to audit. This consists of two components (a) inherent risk (b) control risk.’

Inherent risk is ‘the susceptibility of an assertion about a class of transaction, account balance or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls.’

Control risk is ‘the risk that a misstatement that could occur in an assertion about a class of transaction, account balance or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control.’

Detection risk is defined as ‘the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements.’

Mitigate Risk:-

Control: - A control is an activity that prevents or detects errors to mitigate risks.

Two types of Control:-

Preventive Controls: - Prevent undesirable events from occurring Facilitate desirable events.

Example

1. System controls preventing unauthorized access

2. Restrictions of user overrides

3. Segregation of duties

4. Dual entry of sensitive managerial transactions

Detective Controls: - Identify/Detect undesirable events

Example- Exception reports, management review and action taken on the exceptions.

Due Diligence: - Due diligence is the process of investigation before committing to something such as a contract or strategy. Basic due diligence such as checking the financial, environmental, corporate social responsibility and management practices of a potential partner is a basic step in risk reduction that is often considered a legal obligation.

Areas Required Focus For the Audit:-

1. Revenue recognition:- Although the new accounting standard for revenue recognition has not yet taken effect, the auditor should evaluate management’s required disclosure of the impact the new standard is likely to have on the financial statements, including evaluating the form, arrangement, and content of the disclosure.

2. Auditing accounting estimates, including fair value measurements:- The auditor is responsible for evaluating how accounting estimates have been developed; assessing the reasonableness of accounting estimates made by management in the circumstances; and assessing whether they are presented in conformity with applicable accounting principles and are appropriately disclosed.

3. Related parties and significant unusual transactions:- Performance requirements recently have been enhanced in three key areas: related party transactions; significant unusual transactions; and a company’s financial relationships and transactions with its executive officers.

Different Types of Testing Methods Used During Audit Procedures

• Inquiry: Simply, the auditor asks appropriate management and staff about the controls in place at the service organization to determine some relevant information. This method is often used in conjunction with other, more reliable methods. For example, an auditor may inquire of management if visitors to the data are escorted at all times if the auditor is not able to observe this activity while on site. No control objective or criteria should ever be supported by controls only tested through inquiry procedures.
• Observation: Activities and operations are tested using observation. This method is useful when there is no documentation of the operation of a control, such as observing that a security camera is in place or observing that a fire suppression system is installed.
• Examination or Inspection of Evidence: This method is used to determine whether or not manual controls are being performed. For instance, are backups scheduled to run on a regular basis? Are forms being filled out appropriately? This method often includes reviewing written documentation and records such as employee manuals, visitor logs, and system databases.
• Re-performance: This method is used when the other three above methods combined fail to provide sufficient assurance that a control is operating effectively or this method can be used to prove and automated controls it operating effectively. This method of testing (as well as a CAAT) is the strongest type of testing to show the operating effectiveness of a control. Re-performance requires the auditor to manually execute the control, such as re-performing a calculation that a system automatically calculates.
• CAAT: This method can be used to analyse large volumes of data, or just be able to analyse every transaction rather than just a sample of all transactions. Software is generally used to perform a CAAT, which can range from using a spreadsheet to using specialized databases or software designed specifically for data analytics (e.g. ACL).

Sampling Technique:-

1 Revenue Recognition Audit Procedures:-

General Ledger

External revenue recognition audits review the company’s general ledger to determine how it records sales. Information relating to goods or services sold, date of delivery and payment method are a few important parts of a revenue recognition audit. Auditors may select a sample of transactions to review these specific details. The company’s accounting manual or revenue recognition policies and procedures may also be included during the audit. Auditors will ensure revenue information in the general ledger matches actual sales invoices.

Financial Statement

Financial statement reviews are an important part of a revenue recognition audit since the statements contain information relating to a company’s financial information. Companies may attempt to boost their sales figure on the income statement by including information from previous or subsequent accounting periods. Auditors will review the income statement against the company’s general ledger to determine if any variations exist. A review of previous accounting periods can also indicate the revenue trends of a company. Auditors pay close attention to revenue recognition on financial statements since external business stakeholders rely on this information.

Accounts Receivable

Accounts receivable contains information regarding outstanding accounts sales. Companies often extend credit to customers and allow them to purchase goods on account. The accounts receivable sub-ledger contains the unpaid balances from customers. Auditors will review this information to ensure the amount of cash outstanding matches the original sales invoice. Companies can manipulate accounts receivable information by including false account balances to improve their balance sheet. Auditors will ensure each outstanding account balance is legitimate and that the company has a reasonable expectation for collecting the outstanding balance.

Accrual/Deferrals

Companies may use accruals or deferrals when recording revenue. Accruals and deferrals allow companies to adjust accounting information for timing differences. Accrued revenue is recognizable sales even though cash is not received. Deferred revenue occurs after cash is received for a sale. Auditors pay close attention to accruals and deferrals to ensure they represent actual transactions and not falsified information.

2. Auditing accounting estimates, including fair value measurements Audit Technique:-

.Accounting estimates are often included in historical financial statements because—

1. The measurement of some amounts or the valuation of some accounts is uncertain, pending the outcome of future events.
2. Relevant data concerning events that have already occurred cannot be accumulated on a timely, cost-effective basis.

Developing Accounting Estimates

Management is responsible for establishing a process for preparing accounting estimates. Although the process may not be documented or formally applied, it normally consists of—

1. Identifying situations for which accounting estimates are required.
2. Identifying the relevant factors that may affect the accounting estimate.
3. Accumulating relevant, sufficient, and reliable data on which to base the estimate.
4. Developing assumptions that represent management's judgment of the most likely circumstances and events with respect to the relevant factors.
5. Determining the estimated amount based on the assumptions and other relevant factors.
6. Determining that the accounting estimate is presented in conformity with applicable accounting principles and that disclosure is adequate.

Evaluating Accounting Estimates

The auditor's objective when evaluating accounting estimates is to obtain sufficient appropriate evidential matter to provide reasonable assurance that—

1. All accounting estimates that could be material to the financial statements have been developed.
2. Those accounting estimates are reasonable in the circumstances.

c. The accounting estimates are presented in conformity with applicable accounting principles and are properly disclosed.

Review and test management's process. In many situations, the auditor assesses the reasonableness of an accounting estimate by performing procedures to test the process used by management to make the estimate

3. Related parties and significant unusual transactions Audit Technique :-

Identification of related parties

In order to identify related parties, including changes from the prior period, and to understand the nature of their relationship with the entity, as well as to establish whether transactions have been entered with these related parties during the audited period.

The reason for this approach is that management is normally in the best position to identify related party relationships and transactions than any other subject, notwithstanding the risk of manipulation and concealment posed by management override of controls. In particular management is likely to be aware of the relationships that have economic significance to the entity and that are more likely to carry a risk of material misstatement.

Related parties controls

The inquiry of management and others within the entity who are likely to have knowledge of the entity’s related party relationships and transactions is also essential in obtaining an understanding of the controls, or rather lack of them, that the entity has in place in respect of related parties for the purpose of:

• Identifying and disclosing parties and transactions under accounting requirements;
• Authorising and approving significant transactions and arrangements with related parties and
• Authorising significant transactions outside the entity’s normal course of business.

Reviewing records and documents for unidentified or undisclosed related parties or transactions

Searching for related party relationships or transactions that management has not identified or disclosed to the auditor is likely to be an onerous task, especially as management may be unaware or may be trying to conceal them. ISA 550 takes a robust but practical approach to the problem by mandating the inspection of limited types of documents, such as:

• Bank and legal confirmations obtained as part of the audit procedures, and
• Minutes of shareholders’ and board of directors’ meetings.

Types of Documents Required For Audit Evidence:-

Audit evidence is evidence obtained by auditors during a financial audit and recorded in the audit working papers.

Audit Evidences :-

• Other third party confirmations obtained by the auditor;
• Returns made by the entity to regulatory authorities;
• Shareholder registers to identify significant shareholders;
• Records of the entity’s investments;
• Contracts and agreements with key management and directors;
• Contracts and agreements with other entities that have directors in common;
• Significant contracts and agreements outside the entity’s normal course of business;
• Specific invoices and correspondence from the entity’s professional advisers (perhaps in respect of the sale of the entity’s assets).