Upload File

audit process

2
Preparation of the mission Execution of the Audit 1. Reception of the engagement letter = contract between the auditor and the client that has to be signed before the start of the audit. It includes: the fees, the number of hours that are going to be spend on the audit, the way the audit is going to be done, the responsibilities of the management, of the board of director and of the auditor, the applicable laws, the general terms and conditions, the applicable laws, the general terms and conditions, the time when the audit is going to be done, the output of the auditor (the audit report) the standards of auditing that are going to be used the framework used 2. Confirmation of the date of performance of the audit within the audited entity 3. Secure logistics and make practical arrangements 4. Starting date of the fieldwork (including opening meeting) Step 1: Planning the audit Step 2: Assessment of the activity and its risks + Determination of the audit strategy Step 3: Performance of the audit procedures Step 4: Assessment of the results and conclusion on the audit Generally performed before and at the beginning of the audit fieldwork (or during identification visit) Performed during the first two days of the audit fieldwork Performed throughout the audit fieldwork Performed at the end of the fieldwork 1. Understand the auditee’s activities in order to identify main risk areas: Internal factors of risk External factors of risk AR = IR x ICR x NDR Objectives: perform audit procedures determined in step 2 (NDR) in order to hold the AR at a low level by decreasing the NDR. It’s the basis for the formulation of the Audit Opinion Objective: summarise and quantify audit findings verify the general coherence of the audit prepare the debriefing memorandum basis in order to prepare the audit report AR = Audit Risk IR = Inherent Risk ICR = Internal Control Risk NDR = Non Detection Risk 2. Assess the control environment in order to understand the structure of the company to be audited and to identify elements of risks linked to the internal control structure it’s done through interviews and reading report and minutes. Audit risk = risk that the auditor concludes that the financial statements he has audited contain no significant errors, although they do contain such errors. The auditor will fix the AR himself: he usually accepts an Audit Risk of 5%. 1. General audit Procedures = audit procedures, general in nature and necessary to verify certain contractual aspects or to comply with professional standards.not specific to some accounts. Ex: getting an engagement letter or a representation letter. Analysis & quantification of findings: The errors identified with analytical review procedures can’t be used to estimate the error. There’s a need for further investigation/analysis. The errors identified on key items can’t be extrapolated and need to be reported individually in the audit report The errors identified on representative samples may be extrapolated to the sub population. Rules for extrapolation: only allowed for representative sample extrapolation method // sampling method the qualitative aspect of errors must be taken into account separate extrapolation for each account 3. Determine the materiality: that’s the level of error/change under which a user of the financial statement is not going to change is opinion, his decision making. This concept is connected to the principle of true and fair view, it determines the sample size for substantive testing and it’s the basis for interpretation of audit results it helps determining the “vouching limit”. There are 3 levels: the materiality (whole F/S) the tolerable error(significant accounts) the adjustment level (error accumulation) 1. Determine the Inherent Risk: It’s the likelihood of significant inaccuracies due to a fraud or error independently of the existing specific internal control procedures. The Inherent Risk depends on: quality of the personnel responsible general internal organisation econ. & financial situation of the country general risk //the type of transaction 2. Analytical & Data Analysis Procedures = logical tests of relationships between numbers, aimed at reviewing whether the numbers reported in the financial statements are reasonable. Ex: trends, ratios, examination of variations. Levels of confidence in Analytical Review: minimal: the analytical review is not sufficient to give confidence corroborative persuasive The + data you have, the confidence analytical review gives you need for + precise analysis in order to have + confidence 2. Determine the Internal Control Risk: this is the likelihood that the internal control system does not prevent or detect significant inaccuracies due to a fraud or error. The ICR depends on: organisational structure followed for project management and connected potential risks main aspects related to personnel management accounting system used to record and report the expenses and revenues supervision/governance measures prevention><detection IC put in place 2 options in order to test internal controls: test of controls final assessment: no test of the internal controls: straight to the audit Type of errors & consequences: Intentional errors: it coves potential fraud and/or irregularities and should be reported to governance ASAP Formal errors: due to insufficient documentation, lack of clarity, incompliance with contractual basis, etc. If recurring errors, it might be necessary to: extend audit procedures in risky area revise the risk assessment enlarge the sample for risky sub population High error rate + recurrent errors = sign of internal control weakness reassessment of the CRA Calculation of revised sample size 4. Determine the significant accounts in order to determine whether some specific procedures should be applied to those accounts. The criteria are: the amount the nature of the account the complexity and homogeneity the predisposition to manipulations or proneness to losses the problems or errors identified in previous audits 3. Substantive tests applied on financial data = verification of the supporting documents. Example: physical observation (ex:inspect fixed assets) check of payments review of the invoices testing the respect of tendering and awarding procedures for a sample of contracts testing the expenses to the invoices and bank documents recalculation, etc. 5. Prepare the audit programme by making a complete description of the work that is to be performed; aiming to justify the appropriateness of the auditor’s work. It needs to be prepared by the audit team, based on the info collected and the requirements of the client, and to be approved by the audit partner. Assertions for each account: existence : physical observation valuation (transactions well valued) cutoff (recorded in the proper period: when delivered) classification (recorded in the right account) completeness (all transactions recorded) Key items: items selected by the auditor on a judgmental basis because of: significant amount, risky transaction, unusual transaction, etc. In this case, no extrapolation is allowed. Representative sample: items selected on statistical sampling. In this case, extrapolation is allowed The NDR can be reduced by performing analytical review procedures and by performing substantive tests on key items (see above). It must be completed by performing tests on a representative sample. 3. Combined risk assessment (IR + ICR): if CRA = low accept high NDR and do less audit procedures if CRA = high lower the NDR by doing a lot of audit procedures Audit report The objective of an audit is to enable the auditor to express an opinion and issue a report in accordance with the requirements of the Commission Different possible opinions: Unqualified opinion: the Financial Report gives a true and fair view, in all material respects, of the results and financial position Qualified opinion:“The FR gives a true and fair view, in all material respects, of the results and financial position except for an error on a specific account…” Adverse opinion:“The FR doesn’t give a true and fair view (…) Disclaimer of opinion: “… The auditor is unable to express an opinion…” 4. Non Detection Risk: This is the likelihood that the external auditor does not detect significant inaccuracies by means of audit procedures. = Only criteria that can be influenced by the auditor depending on the extent of substantive procedures (see CRA) it allows a reduction of the audit risk. Statistical sampling aims at determining the sample size needed to further reduce the NDR. see how it works page 27 Audit strategy: set the scope, the timing, the type of audit procedures and the extent of substantive tests.

Upload: manon-cuylits

Post on 25-Jul-2015

70 views

Category:

Economy & Finance


0 download

Report

TRANSCRIPT

Page 1: Audit process

Preparation  of  the  mission   Execution  of  the  Audit  1.  Reception  of  the  engagement  letter    =  contract  between  the  auditor  and  the  client  that  has  to  be  signed  before  the  start  of  the  audit.  It  includes:    v the  fees,    v the  number  of  hours  that  are  

going  to  be  spend  on  the  audit,    v the  way  the  audit  is  going  to  be  

done,    v the  responsibilities  of  the  

management,  of  the  board  of  director  and  of  the  auditor,  

v the  applicable  laws,  v the  general  terms  and  

conditions,  v the  applicable  laws,  v the  general  terms  and  

conditions,  v the  time  when  the  audit  is  

going  to  be  done,  v the  output  of  the  auditor  (the  

audit  report)  v the  standards  of  auditing  that  

are  going  to  be  used  v the  framework  used    2.  Confirmation  of  the  date  of  performance  of  the  audit  within  the  audited  entity    3.  Secure  logistics  and  make  practical  arrangements    4.  Starting  date  of  the  fieldwork  (including  opening  meeting)  

Step  1:  Planning  the  audit   Step  2:  Assessment  of  the  activity  and  its  risks  +  Determination  of  the  audit  strategy  

Step  3:  Performance  of  the  audit  procedures  

Step  4:  Assessment  of  the  results  and  conclusion  on  the  audit  

Generally  performed  before  and  at   the  beginning  of   the  audit  fieldwork  (or  during  identification  visit)    

Performed  during  the  first  two  days  of  the  audit  fieldwork   Performed  throughout  the  audit  fieldwork   Performed  at  the  end  of  the  fieldwork  

1.   Understand   the   auditee’s   activities   in  order  to  identify  main  risk  areas:  -­‐ Internal  factors  of  risk  -­‐ External  factors  of  risk  

AR  =  IR  x  ICR  x  NDR   Objectives:   perform   audit   procedures  determined   in   step  2   (NDR)   in  order   to  hold   the  AR   at   a   low   level   by   decreasing   the  NDR.  è   It’s  the  basis  for  the  formulation  of  the  Audit  Opinion  

Objective:    -­‐ summarise  and  quantify  audit  findings  -­‐ verify  the  general  coherence  of  the  audit    -­‐ prepare  the  debriefing  memorandum  è  basis  in  order  to  prepare  the  audit  report  

AR    =  Audit  Risk    

-­‐ IR  =  Inherent  Risk  -­‐ ICR  =  Internal  Control  Risk  -­‐ NDR  =  Non  Detection  Risk  

2.   Assess   the   control   environment   in   order  to  understand  the  structure  of  the  company  to   be   audited   and   to   identify   elements   of  risks  linked  to  the  internal  control  structure  è  it’s  done  through  interviews  and  reading  report  and  minutes.  

Audit   risk   =   risk   that   the  auditor   concludes   that  the   financial   statements  he  has  audited  contain  no  significant   errors,   although   they   do   contain   such  errors.  The  auditor  will  fix  the  AR  himself:  he  usually  accepts  an  Audit  Risk  of  5%.  

1.   General   audit   Procedures   =   audit  procedures,  general  in  nature  and  necessary  to   verify   certain   contractual   aspects   or   to  comply   with   professional   standards.ènot  specific  to  some  accounts.  Ex:   getting   an   engagement   letter   or   a  representation  letter.  

Analysis  &  quantification  of  findings:  -­‐ The  errors  identified  with  analytical  review  procedures  can’t  be  used  to  estimate  the  error.  There’s  a  need  for  further  investigation/analysis.  

-­‐ The  errors  identified  on  key  items  can’t  be  extrapolated  and  need  to  be  reported  individually  in  the  audit  report  

-­‐ The  errors  identified  on  representative  samples  may  be  extrapolated  to  the  sub-­‐population.  

Rules  for  extrapolation:  -­‐ only  allowed  for  representative  sample  -­‐ extrapolation  method  //  sampling  method  -­‐ the  qualitative  aspect  of  errors  must  be  taken  into  account  

-­‐ separate  extrapolation  for  each  account  

3.  Determine  the  materiality:  that’s  the  level  of  error/change   under   which   a   user   of   the   financial  statement   is   not   going   to   change   is   opinion,   his  decision  making.  This  concept   is  connected   to  the   principle   of   true   and   fair   view,   it  determines   the   sample   size   for   substantive  testing   and   it’s   the   basis   for   interpretation  of   audit   results  è   it   helps  determining   the  “vouching  limit”.    There  are  3  levels:  -­‐ the  materiality  (whole  F/S)  -­‐ the  tolerable  error(significant  accounts)  -­‐ the  adjustment  level  (error  accumulation)  

1.   Determine   the   Inherent   Risk:   It’s   the  likelihood  of  significant  inaccuracies  due  to  a  fraud  or   error   independently   of   the   existing   specific  internal  control  procedures.    The  Inherent  Risk  depends  on:  -­‐ quality  of  the  personnel  responsible  -­‐ general  internal  organisation  -­‐ econ.  &  financial  situation  of  the  country  -­‐ general  risk  //the  type  of  transaction  

2.  Analytical  &  Data  Analysis  Procedures  =  logical  tests  of  relationships  between  numbers,  aimed  at  reviewing  whether  the  numbers  reported  in  the  financial  statements  are  reasonable.  Ex:  trends,  ratios,  examination  of  variations.  Levels  of  confidence  in  Analytical  Review:  -­‐ minimal:  the  analytical  review  is  not  sufficient  to  give  confidence  

-­‐ corroborative  -­‐ persuasive  The  +  data  you  have,  the  -­‐  confidence  analytical  review  gives  you  è  need  for  +  precise  analysis  in  order  to  have  +  confidence  

2.  Determine  the  Internal  Control  Risk:  this  is  the  likelihood  that  the  internal  control  system  does  not  prevent  or  detect  significant  inaccuracies  due  to  a  fraud  or  error.    The  ICR  depends  on:  -­‐ organisational   structure   followed   for   project  management  and  connected  potential  risks  

-­‐ main  aspects  related  to  personnel  management  -­‐ accounting   system   used   to   record   and   report  the  expenses  and  revenues  

-­‐ supervision/governance  measures  -­‐ prevention><detection  IC  put  in  place  2  options  in  order  to  test  internal  controls:  -­‐ test  of  controls  -­‐ final   assessment:   no   test   of   the   internal  controls:  straight  to  the  audit  

Type  of  errors  &  consequences:  -­‐ Intentional  errors:  it  coves  potential  fraud  and/or  irregularities  and  should  be  reported  to  governance  ASAP  

-­‐ Formal  errors:  due  to  insufficient  documentation,  lack  of  clarity,  incompliance  with  contractual  basis,  etc.  

If  recurring  errors,  it  might  be  necessary  to:    -­‐ extend  audit  procedures  in  risky  area  -­‐ revise  the  risk  assessment  -­‐ enlarge  the  sample  for  risky  sub-­‐population  è  High  error  rate  +  recurrent  errors  =    sign  of  internal  control  weakness  ç  

-­‐ reassessment  of  the  CRA  -­‐ Calculation  of  revised  sample  size  

4.  Determine  the  significant  accounts  in  order  to  determine  whether  some  specific  procedures  should  be  applied  to  those  accounts.  The  criteria  are:  -­‐ the  amount  -­‐ the  nature  of  the  account  -­‐ the  complexity  and  homogeneity  -­‐ the  predisposition  to  manipulations  or  proneness  to  losses  

-­‐ the  problems  or  errors  identified  in  previous  audits  

3.  Substantive  tests  applied  on  financial  data   =   verification   of   the   supporting  documents.  è  Example:    -­‐ physical  observation  (ex:inspect  fixed  assets)  -­‐ check  of  payments  -­‐ review  of  the  invoices  -­‐ testing   the  respect  of   tendering  and  awarding  procedures  for  a  sample  of  contracts  

-­‐ testing   the  expenses   to   the   invoices   and  bank  documents  

-­‐ recalculation,  etc.  

5.  Prepare  the  audit  programme  by  making  a  complete  description  of  the  work  that  is  to  be  performed;  aiming  to  justify  the  appropriateness  of  the  auditor’s  work.    It  needs  to  be  prepared  by  the  audit  team,  based  on  the  info  collected  and  the  requirements  of  the  client,  and  to  be  approved  by  the  audit  partner.  Assertions  for  each  account:  -­‐ existence  :  physical  observation  -­‐ valuation  (transactions  well  valued)  -­‐ cut-­‐off  (recorded  in  the  proper  period:  when  delivered)  

-­‐ classification  (recorded  in  the  right  account)  -­‐ completeness  (all  transactions  recorded)  

Key  items:  items  selected  by  the  auditor  on  a  judgmental  basis  because  of:  significant  amount,  risky  transaction,  unusual  transaction,  etc.  In  this  case,  no  extrapolation  is  allowed.  Representative  sample:  items  selected  on  statistical  sampling.  In  this  case,  extrapolation  is  allowed  è  The  NDR  can  be  reduced  by  performing  analytical   review   procedures   and   by  performing   substantive   tests   on   key   items  (see   above).   It   must   be   completed   by  performing   tests   on   a   representative  sample.  

3.  Combined  risk  assessment  (IR  +  ICR):  -­‐ if   CRA   =   low  è   accept   high   NDR   and   do   less  audit  procedures  

-­‐ if  CRA  =  high  è  lower  the  NDR  by  doing  a  lot  of  audit  procedures  

Audit  report  The  objective  of  an  audit  is  to  enable  the  auditor  to  express  an  opinion  and  issue  a  report  in  accordance  with  the  requirements  of  the  Commission  Different  possible  opinions:    -­‐ Unqualified  opinion:    “the  Financial  Report  gives  a  true  and  fair  view,  in  all  material  respects,  of  the  results  and  financial  position”  

-­‐ Qualified  opinion:  “The  FR  gives  a  true  and  fair  view,  in  all  material  respects,  of  the  results  and  financial  position  except  for  an  error  on  a  specific  account…”  

-­‐ Adverse  opinion:  “The  FR  doesn’t  give  a  true  and  fair  view  (…)”  

-­‐ Disclaimer  of  opinion:  “…  The  auditor  is  unable  to  express  an  opinion…”  

4.  Non  Detection  Risk:  This  is  the  likelihood  that  the   external   auditor   does   not   detect   significant  inaccuracies  by  means  of  audit  procedures.   =   Only  criteria   that   can   be   influenced   by   the   auditor  depending  on  the  extent  of  substantive  procedures  (see  CRA)è  it  allows  a  reduction  of  the  audit  risk.    

Statistical  sampling  aims  at  determining  the  sample  size  needed  to  further  reduce  the  NDR.  è  see  how  it  works  page  27    

Audit  strategy:  set  the  scope,  the  timing,  the  type  of  audit  procedures  and   the  extent  of   substantive  tests.  

Page 2: Audit process

 


2021 Audit Process

Army Audit Agency Process for Determining Audit

Agile Process Audit

Air Force Audit Agency Process for Determining Audit

Audit Education : Audit Process & IFRS for SMEssiteresources.worldbank.org/EXTCENFINREPREF/Resources/4152117... · Audit Education : Audit Process & IFRS for SMEs Wien – 8th February

Bank Audit Process

Audit Process and Risk

IPS Cultural Audit: Process and - IN.gov › icrc › files › Audit07-Powerpoint2revised.pdf · IPS Cultural Audit: Process and ImplementationIPS Cultural Audit: Process and By

OIG’S Audit Process

CHICA Audit Toolkit The Audit Process

IT Audit Process - Temple Fox MIScommunity.mis.temple.edu/.../W2_Intro_IT-Audit-Function.pdfIT Audit Process Prof. Liang Yao Week Two –IT Audit Function IT Audit Process Prof. Liang

IU Audit Process & Tips

Criminal Justice Process Audit

THE WIETA AUDIT PROCESS AND METHODOLOGY Bestuurstelsels/WIETA Audit Process... · WIETA Audit Process and Methodology 7 4. Preparation for the Audit 4.1. Background and Context Review

ISO 14001 Certification Process - Neuse River 14001 Certification Process... · Environmental Management System Third-party audit process On-site audit Interim audit performed annually

Audit Process - How To Audit

Is Audit Process

Key Audit Process

FIELD DELEGATE AUDIT PROCESS

Hiring Process Audit

Audit Process 2

Controlling the Audit Process

Audit Process - How To

IT Audit Process - community.mis.temple.educommunity.mis.temple.edu/.../files/2015/12/Week-5_-Audit-Planning.pdfIT Audit Process Prof. Liang Yao IT Audit Universe and Entities IT Audit

MDSAP AUDIT PROCESS - fdanews.com AUDIT PROCESS ... Can currently audit to ISO 13485:2003 or 2016 ... and/or the audit checklist and perform internal audit(s)

Audit Process, Audit Procedures, Audit Planning, Auditing

LEITI Post Award Process Audit Process Report

Internal Process Audit

Process Audit Check List

The Audit Process€¦ · Title: The Audit Process Author: DoD OIG Subject: Audit Keywords: brochure, chart, flowchart, process, audit Created Date: 8/5/2016 12:34:00 PM

Audit process

Audit Process, Planning,Field work,Audit report,Audit follow up,Audit programt,Final report

-Internal Audit Process (2)

Process Audit Report

Audit Process Isas