audit planning and risk assessment
TRANSCRIPT
![Page 1: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/1.jpg)
Audit Planning Audit planning tools used to guide and
direct audit work are classified as preliminary risk assessment, preliminary materiality decisions, preliminary analytical procedures, and audit programs
![Page 2: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/2.jpg)
The Audit Risk Model Audit risk is the probability that an
auditor will give an inappropriate opinion on financial statements. The auditing profession has no official standard for an acceptable level of overall audit risk, except that it should be “acceptably low.”
![Page 3: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/3.jpg)
The Audit Risk Model (Client)
Inherent risk is the probability that material misstatements have occurred in transactions entering the accounting system used to prepare financial statements.
Control risk is the probability that the client's internal control system will fail to detect material misstatements. Control risk should not be assessed so low that complete reliance is on controls and no other audit work is performed.
![Page 4: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/4.jpg)
The Audit Risk Model (Auditor)
Detection risk is the probability that audit procedures will fail to produce evidence of material misstatements.
Detection risk is realized when substantive procedures fail to detect material misstatements.
Substantive procedures include audit of the details of transactions or
balances, and analytical procedures.
![Page 5: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/5.jpg)
The Audit Risk Model
Audit risk can be expressed in the following model which assumes the elements to be independent: Audit risk (AR) = Inherent risk (IR) x
Control risk (CR) x Detection risk (DR).
![Page 6: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/6.jpg)
The Audit Risk Model
DR = (Detection risk) AR (Audit risk) (IR x CR) (Inherent risk x
Control risk)
![Page 7: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/7.jpg)
Preliminary Assessment of Planning Materiality
Materiality is considered to be the largest amount of uncorrected dollar misstatement that could exist in published financial statements, yet still be fairly presented in conformity with GAAP (i.e., not misleading).
![Page 8: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/8.jpg)
Planning Materiality
Some of the common factors auditors use in making judgment are absolute size, relative size, nature of the item or issue, circumstances, uncertainty, and cumulative effects.
![Page 9: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/9.jpg)
Assignment of Materiality
Bottoms-up approach—judging materiality amounts in each account separately, then combining them to determine the overall effect.
Top-down approach—judging an overall material amount for the financial statements and then allocating it to particular accounts.
![Page 10: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/10.jpg)
Planning Materiality
The concept of materiality is used by auditors as a guide
to planning the audit program, to evaluation of the evidence, and for making decisions about the audit
report.
![Page 11: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/11.jpg)
Preliminary Analytical Procedures
Analytical procedures must be applied in the beginning stages of each audit.
Preliminary analytical procedures are primarily attention directing.
![Page 12: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/12.jpg)
Preliminary Analytical Procedures
Five general types of procedures for analysis of current year account balance are as follows: Compare to balances for one or more comparable
periods. Compare to anticipated results (budget and
forecasts). Evaluate relationships to other current-year
balances for conformity with predictable patterns. Compare with similar industry information. Study relationships with relevant non–financial
information.
![Page 13: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/13.jpg)
Planning Memorandum
It provides a summary of the preliminary analytical procedures and the materiality assessment with specific directions about the effect on the audit.
It is used to prepare an audit program. An audit program is a specification of
procedures that auditors use to guide the work of inherent and control risk assessment and to obtain sufficient competent evidence that serves as a basis for the audit report.
![Page 14: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/14.jpg)
Audit Programs
An internal control program contains procedures to obtain an understanding of the client's business and management's control structure, and for assessing the inherent and control risk.
A balance-audit program contains substantive procedures for gathering direct evidence about the five assertions about dollar amounts in the account balances
![Page 15: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/15.jpg)
Internal Control Evaluation: Assessing Control Risk
The Second Standard of Field Work A sufficient understanding of the internal control
structure is to be obtained to plan the audit and to determine the nature, timing, and extent of tests to be performed.
How will the auditor's understanding of the internal control structure influence the nature, timing, and extent of audit tests?
The Audit Risk Model (Assessment of Control Risk) AR = IR x CR x DR Competence of Evidential Matter (AU326.19b.): The more effective the internal control structure, the more assurance it provides about the reliability of the accounting data and financial statements.
![Page 16: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/16.jpg)
The COSO Report
In 1992, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) produced a report titled Internal Control—Integrated Framework.
Definition. The COSO report defines internal control as a process designed to provide reasonable assurance that objectives are achieved in three areas. Effectiveness and efficiency of operations.
Reliability of financial reporting.
Compliance with applicable laws and regulations.
![Page 17: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/17.jpg)
Fundamental Concepts.
The COSO report identifies four fundamental concepts. Internal control is a process to achieve objectives. People establish objectives, implement controls,
and operate controls. Internal control provides reasonable assurance,
not absolute assurance, that control objectives will be achieved.
Internal control is designed to achieve objectives, as described above.
![Page 18: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/18.jpg)
Internal Control Components. Control environment Risk assessment Control activities Control monitoring Control information and
communication
![Page 19: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/19.jpg)
Management versus Auditor Responsibility
Management is responsible for establishing and maintaining components of the entity's internal control.
External and internal auditors are responsible for evaluating existing internal controls and assessing the related control risk.
![Page 20: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/20.jpg)
General Categories of Internal Control Errors, Irregularities, and Misstatements
Invalid transactions are recorded (validity). Valid transactions are omitted from the accounts
(completeness). Unauthorized transactions are executed and recorded
(authorization). Transaction amounts are inaccurate (accuracy). Transactions are classified in the wrong accounts
(classification). Transaction accounting and posting is incorrect
(accounting/posting). Transactions are recorded in the wrong period (proper period).
![Page 21: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/21.jpg)
Internal Control Deficiencies Reportable Conditions
Reportable conditions represent significant deficiencies in the design or operation of the internal controls that could adversely affect the organization's ability to record, process, summarize, and report financial data in the financial statements. (AU32)
Material Weaknesses. A material weakness in internal control, which is a more
serious reportable condition, is a condition in which internal controls do not adequately lower the risk level of material errors in the financial statements and may not be found on a timely basis by employees of the entity. (AU325)
![Page 22: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/22.jpg)
The Auditor’s Evaluation Process
Understand a client's financial reporting controls.
Document the understanding. Assess the control risk. Use the control risk assessment to plan
remaining audit work.
![Page 23: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/23.jpg)
Control Objectives
Validity. Ensure that recorded transactions are the ones that should have been recorded.
Completeness. Ensure that valid transactions are not omitted entirely from the accounting records.
Authorization. Ensure that transactions are approved before they are recorded.
Accuracy. Ensure that dollar amounts are figured correctly. Classification. Ensure that transactions are recorded in the right
accounts. Accounting and Posting. Ensure that the accounting process for a
transaction is completely performed and in conformity with GAAP. Proper period. Ensure that transactions are accounted for in the period
in which they occur.
![Page 24: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/24.jpg)
General Control Activities Capable personnel. Segregation of responsibilities. Authorization to execute transactions, Recording transactions, Custody of assets involved in the
transactions, and Periodic reconciliation of existing assets
to recorded amounts. Controlled access. Periodic comparison.
![Page 25: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/25.jpg)
Segregation of Technical Responsibilities and Application Controls
Phases of a Control Evaluation Phase 1: Understanding the Internal Control.
Phase 1: Documentation of the Control Structure Elements.
Phase 2: Assess the Control Risk (Preliminary).
Phase 3: Perform Test of Controls Audit Procedures.
Tests of control procedures are performed.
Direction of the test.
Phase 4: Assess the Control Risk.
![Page 26: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/26.jpg)
Control Evaluation and Cost/Benefit
Revenue and Collection Cycle
![Page 27: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/27.jpg)
Revenue and Collection Cycle: Typical Activities Receiving and processing service
requests. Delivering services to agencies and the
public. Billing entities or agencies and
accounting for accounts receivable. Collecting and depositing cash
received from all sources. Reconciling bank statements.
![Page 28: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/28.jpg)
Cash Receipts and Cash Balances
Authorization: Approving adjustments or cancellation of indebtedness.
Custody: Control and custody of the physical cash.
Recording: Accountants who record cash receipts and credit individual accounts should not handle the cash.
Periodic Reconciliation: Bank accounts should be reconciled carefully.
![Page 29: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/29.jpg)
Audit Evidence in Management Reports and Data Files
Receipts received but not posted to Master File. Contains payment transactions started but not completed.
Fine and Fee structure. File of fees mandated by the State, County or Judicial Order.
Receipt Detail File. Contains detailed receipt entries.
![Page 30: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/30.jpg)
Audit Evidence in Management Reports and Data Files
Receipts Analysis Reports. Various receipt analyses, for example, by
fee type or by section, division or department.
Accounts Receivable Aged Trial Balance (each office should have one if they are due funds). List of balances owed by individual or agency including aging information.
![Page 31: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/31.jpg)
Control Risk Assessment
General Control Considerations. Proper segregation of responsibilities for authorization, custody, recording and reconciliation.
Persons who handle cash should be insured under a fidelity bond.
Provide for detail error-checking activities. Information about the control system can be
gathered by an internal control questionnaire, a “walk-through” or a “sample of one.”
![Page 32: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/32.jpg)
Detail Test of Controls Audit Procedures
The general control objectives (validity, completeness, authorization, accuracy, classification, accounting and posting, and proper period recording) must be related to the revenue cycle activities.
![Page 33: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/33.jpg)
Detail Test of Controls Audit Procedures
Detail tests of control procedures include identification of the data population from which
a sample will be selected for audit, and the action to be taken to produce relevant
evidence (the action involves vouching, tracing, observing, scanning, and recalculation).
Test of controls audit procedures can be used to audit the accounting transactions in two directions: Completeness Validity.
![Page 34: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/34.jpg)
Control Risk Assessment (completed)
Summary: Control Risk Assessment and the Audit Risk ModelAR = IR x CR x DR
![Page 35: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/35.jpg)
Substantive Testing
Existence/Occurrence Completeness Valuation Rights/Obligations Presentation and Disclosure Confirmations
![Page 36: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/36.jpg)
Confirmation of Cash and Receivable Balances
Auditors use a standard bank confirmation form approved by AICPA, ABA, and BAI.
![Page 37: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/37.jpg)
Confirmation of Accounts and Notes Receivable
Positive confirmation Negative confirmation
![Page 38: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/38.jpg)
Confirmation Evidence Issues Assertions Negative v. Positive Respondent Facsimile responses (faxes) Alternative Procedures
![Page 39: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/39.jpg)
Bank Reconciliations Accounts Receivable Lapping
Lapping is the process whereby an employee takes receipts and attempts to cover up by using later receipts to credit accounts of customers from which receipts were taken.
Check Kiting Check kiting is the practice of building up apparent
balances in one bank account based on uncollected checks drawn against similar accounts in other banks.
![Page 40: Audit Planning and Risk Assessment](https://reader035.vdocument.in/reader035/viewer/2022081413/5476a735b4af9f13708b4589/html5/thumbnails/40.jpg)
Bank Reconciliations
Proof of Cash The “proof of cash” is a reconciliation in which the bank balance, the bank report of cash deposited, and the bank report of cash paid are all reconciled to the client's general ledger.