audits of smes sometimes less is more - pibrseminarium-msp-2013-prezentacja-6.pdfproportional...
TRANSCRIPT
Page 1 | Confidential and Proprietary Information
Audits of SMEs – Sometimes
Less is More
Mats Olsson
Member, IFAC Small and Medium
Practices Committee
KibR Seminar, Warsaw
November 7, 2013
Page 2 | Confidential and Proprietary Information
Agenda
• Insights from IFAC SMP Quick Poll
• SMP Committee
– Input to Standard Setting (IAASB)
• Proportional application of ISAs and ISQC 1
– ISAs 200, 210, 315 and ISQC 1
• Tips for Audit Efficiency
• IFAC Resources
– Knowledge Sharing / Implementation
Page 3 | Confidential and Proprietary Information
IFAC SMP Quick Poll Findings
• Keeping up with standards and regulation is biggest
challenge facing SMPs
• Pace of change was that aspect of standards and
regulation that posed the greatest challenge for SMPs
• Audit & assurance were the types of standards and
regulation that posed the 2nd greatest challenge for SMPs
Page 4 | Confidential and Proprietary Information
Input to Standards (IAASB)
• Robust and regular input on key projects
– Proportionality/scalability is key consideration
– Comment letter on A Framework for Audit Quality CP (May)
– Comments on ISA Implementation Monitoring project (April)
• Response to IAASB strategy survey (April)
– Need for stable platform but…..
– Internal controls and documentation may be insufficiently scalable
– ISQC 1 needs to be more risk-based and proportionate
– Need for impact analysis and post-implementation reviews
Page 5 | Confidential and Proprietary Information
Proportional Application of ISAs and ISQC 1 I
• ISAs - Overview
– New structure in which information is presented in separate sections:
Introduction, Objective, Definitions, Requirements and Application and
Other Explanatory Material
– Emphasis on professional judgment, the standards are principles
based which allows practitioners to tailor audit procedures
– Contain special considerations for smaller entity audits
– Some ISAs only apply to larger entity audits
– Many requirements may not be relevant to SME audits
Page 6 | Confidential and Proprietary Information
Proportional Application of ISAs and ISQC 1 II
• ISA 200, Overall Objectives of the Independent Auditor
and the Conduct of an Audit in Accordance with
International Standards on Auditing
– The practitioner needs to comply with all ISAs relevant to the audit
and with all requirements in ISAs relevant to the audit
– A complete knowledge of all the standards is essential in order to
make a professional judgment as to what to leave out
Page 7 | Confidential and Proprietary Information
Proportional Application of ISAs and ISQC 1 III
• Examples of some of the ISAs that would not be relevant
in an SME audit include:
– ISA 402 Audit Considerations Relating to an Entity Using a Service
Organization if the SME does not use a service organization
– ISA 510 Initial Audit Engagements – Opening Balances if the SME
is a continuing, and not an initial, engagement
– ISA 600, Special Considerations – Audits of Group Financial
Statements (Including the Work of Component Auditors) if the SME
audit engagement is not a group audit
– ISA 610 Using the Work of Internal Auditors if the SME has no
internal audit function
Page 8 | Confidential and Proprietary Information
Proportional Application of ISAs and ISQC 1 IV
• ISA 200 continued:
– Not all ISAs are relevant to every audit as the standards are
designed to cover audits in every situation globally. For example, it
is possible that there are requirements which are not relevant to
some SME audits including:
– requirements to test the expectation that controls are operating
effectively (ISA 330)
– requirements when an engagement needs an engagement quality
control review (ISA 220)
Page 9 | Confidential and Proprietary Information
Proportional Application of ISAs and ISQC 1
• ISA 210 Agreeing the Terms of Audit Engagements
– Paragraph 6, agreeing the terms of engagement with management
and paragraphs 9 and 10 which require you to communicate the
terms in writing to management in a letter will be applicable in
every engagement
– Paragraphs 7 and 8 deal with an imposed scope limitation and the
situation where the preconditions do not exist. Paragraphs 14 – 17
deals with changes to the terms of engagement in mid-audit and
paragraphs 18 - 21 the situation where laws and regulation
supersede the ISAs
• It is important to know what the requirements are, but these situations
are also likely to be far and few between for most SME audits
Page 10 | Confidential and Proprietary Information
Proportional Application of ISAs and ISQC 1 V
• ISA 210 Agreeing the Terms of Audit Engagements
continued
– To summarize, of the 16 requirements in IAS 210, paragraphs 6, 9
and 10 are critical and will apply in every engagement. For SMPs,
knowing they have to deal with 3 main requirements out of 16 is a
lot less daunting than considering all 16 every time.
Page 11 | Confidential and Proprietary Information
Proportional Application of ISAs and ISQC 1 VI
• ISA 315 Identifying and Assessing the Risks of Material
Misstatement through Understanding the Entity and Its
Environment
– The objective of the auditor is to identify and assess the risks of material
misstatement, whether due to fraud or error, at the financial statement and
assertion levels, through understanding the entity and its environment,
including the entity’s internal control, thereby providing a basis for
designing and implementing responses to the assessed risks of material
misstatement.
• Focus on Significant risks – effectiveness and efficiency
– Understand the business – important from an engagement risk
perspective
– Identify significant risks up front and focus audit effort on these
– .
Page 12 | Confidential and Proprietary Information
Proportional Application of ISAs and ISQC 1 VII
• ISA 315 focus on Significant risks – effectiveness and
efficiency continued
– Substantive tests are required for each material class of transactions,
account balances and disclosures, but tests of details only required for
significant risks
– Consider analytical procedures (follow requirements of ISA 520 Analytical
Procedures) for non-significant risk items where appropriate
– Use professional judgment to determine what substantive tests to use on
items not considered significant risks
– ISAs explicitly encourage the auditor to exercise professional judgment in
determining the form and extent of documentation – they acknowledge
extent may vary depending on the circumstances
Page 13 | Confidential and Proprietary Information
Proportional Application of ISAs and ISQC 1 VIII
• ISQC 1 Quality Control for Firms that Perform Audits and
Reviews of Financial Statements and Other Assurance
and Related Services Engagements
– Applies to firms of all sizes that provide services covered by the IAASB’s
International Standards
– Requirement for the firm to comply with each requirement of the standard
unless, in the circumstances of the firm, the requirement is not relevant to
the services provided…
– Contains special considerations for smaller practices
– Indicates that the form and content of documentation evidencing the
operation of each of the elements of the system of quality control is a
matter of judgment and depends on the size, nature and complexity of the
firm and number of offices
Page 14 | Confidential and Proprietary Information
Tips for Audit Efficiency
• Automation – standardized templates and customized
checklists
• Software – utilizing commercially available products
• Planning – timeframe, list of deliverables, client meeting
• Risk based approach – in line with ISAs
• Staff training/ supervision
• Communication
Page 15 | Confidential and Proprietary Information
Knowledge Sharing – Implementation
• Building and sharing knowledge, including access to
resources and tools, amongst member bodies and SMPs
– Implementing standards (incl. ISAs, ISQC 1)
– Insight articles (e.g., efficiently auditing SMEs, review engagements)
– Comprehensive guides on how to efficiently implement ISAs and
ISQC 1 (guidance, case studies, checklists etc.)
– Guide to Review Engagements (Dec. 2013)
– Suite of links to free resources from member bodies
Page 16 | Confidential and Proprietary Information
Knowledge Sharing – Implementation II
ISA Guide Volume 1
• Fundamental concepts of a risk-
based audit in conformance with the
ISAs
ISA Guide Volume 2
• Practical guidance on performing
SME audits. Includes two illustrative
case studies—one of an SME audit
and one of a micro-entity audit
Page 17 | Confidential and Proprietary Information
Knowledge Sharing – Implementation III
• QC Guide
• Helps SMPs apply ISQC 1
proportionately and
efficiently. Includes
guidance, case study, two
sample QC manuals and
checklists
• Reference, training,
customize manuals and
checklists
Page 18 | Confidential and Proprietary Information
References – General
IFAC SMP Committee website: http://www.ifac.org/smp
IFAC SMP Twitter: https://www.twitter.com/IFAC_SMP (please follow us)
IFAC SMP eNews: https://www.ifac.org/login?register (please subscribe)
IFAC SMP Community:
http://www.linkedin.com/groups?home=&gid=4542841&trk=anet_ug_hm (please join us)
IFACnet http://ifacnet.com/
IFAC SMP Quick Poll: Mid-Year 2013: http://www.ifac.org/publications-resources/ifac-smp-
quick-poll-mid-year-2013 (please take the Nov./Dec. 2014 poll)
Resources and tools (all): http://www.ifac.org/about-ifac/small-and-medium-practices-
committee/smp-resources-and-tools
IFAC Translations and Permissions: http://www.ifac.org/about-ifac/translations-permissions
• Links to implementation of ISAs resources:
https://delicious.com/#ifacsmpcommittee/Implementation,Audit
• Links to implementation of ISQC 1 resources:
https://delicious.com/#ifacsmpcommittee/Implementation,Quality%20Control
Page 19 | Confidential and Proprietary Information
References – IAASB
• Staff Q&A, Applying ISAs Proportionately with the Size and Complexity of an Entity:
http://www.ifac.org/publications-resources/staff-questions-answers-applying-isas-
proportionately-size-and-complexity-ent
• Staff Q&A, Applying ISQC 1 Proportionately with the Nature and Size of a Firm:
http://www.ifac.org/sites/default/files/publications/files/Staff%20QA%20ISQC%201%20Prop
ortionality_FINAL.pdf
• The Clarified ISAs—Findings from the Post-Implementation Review:
http://www.ifac.org/publications-resources/clarified-isas-findings-post-implementation-
review
Page 20 | Confidential and Proprietary Information
References – Knowledge Sharing - Implementation
• Guide to Using International Standards on Auditing in the Audits of Small- and Medium-
Sized Entities (Third Edition) (incl. companion manual and slides):
https://www.ifac.org/publications-resources/guide-using-international-standards-auditing-
audits-small-and-medium-sized-en
• Guide to Quality Control for Small- and Medium-Sized Practices (Third Edition) (incl.
companion manual and slides): www.ifac.org/publications-resources/guide-quality-control-
small-and-medium-sized-practices-third-edition-0
• Boosting the Quality and Efficiency of Smaller Entity Audits article:
https://www.ifac.org/news-events/2013-07/boosting-quality-and-efficiency-smaller-entity-
audits
• Tips for Cost-Effective ISA Application article: https://www.ifac.org/publications-
resources/tips-cost-effective-isa-application
• Tips for Cost-Effective ISQC 1 Application article: https://www.ifac.org/publications-
resources/tips-cost-effective-isqc-1-application
Page 21 | Confidential and Proprietary Information
Thank You
www.ifac.org/smp