4/05/15

1

External auditing

� Assignment reminder: Assignment #1 (see Module 5) is due at the end of Week 5 (see Course Schedule). You may wish to take a look at it now in order to familiarize yourself with the requirements and to prepare for any necessary work in advance

Module 4: Planning, materiality,

and risk4.1 Audit planning 4.2 Role of analysis in audit planning4.3 Analysis of unaudited financial statements4.4 Determining materiality4.5 Applying materiality4.6 Components of audit risk4.7 Audit risk model4.8 Impact of auditee’s risk on risk of material misstatement (RMM)4.9 Audit programs

4/05/15

2

4.1 Audit planning

� Identify and explain the main audit planning considerations and the activities involved in audit planning. (Level 1)

Understand your client� Building on the basics that we have already

discussed at length:

� In order to conduct an audit in the most efficient way it is important to dedicate time for the planning of the audit.

� The first step is to gain a thorough understanding of the auditee including the business and the risks

How do you gain understanding� Enquiry/prior working papers – interview

mgmt,directors,personnel; review info from prior audits in working papers (where available)

� If first audit but not first year of operations, extra work is required to establish reliable opening balances otherwise opening balances and all income statement amounts affected by them would require an audit report qualification

4/05/15

3

� Observation – tour the company’s facilities

� Research databases – trade journals/magazines, annual reports, securities commission, general business magazines and newspapers, internet.

� CICA, IFAC and AICPA have industry guides that explain typical transactions in various businesses and NPOs.

� Internal auditors

� Auditor’s experts

Planning� CGA Canada Auditing Guideline No.3 (Reading

4-1) and CAS 300 give direction for developing an overall audit strategy and an audit plan in order to reduce audit risk to an acceptably low level.

The Planning Document (memorandum)

� All planning is recorded in the planning document or planning memorandum

� Overall audit strategy

� Results of analytical review, materiality levels and risk assessment and how these affect nature, extent and timing of procedures

4/05/15

4

� Understanding of business helps assess inherent risk

� Understanding information systems and control help to assess control risk

� Will a combined approach be used or a substantive approach

� Risk assessment and audit approach guide the audit plan

� Overall Audit Strategy

Audit Plan� The audit plan is based on the Overall audit

strategy but is more detailed and includes the nature, timing and extent of audit procedures in order to obtain sufficient appropriate evidence.

� Lists the audit programs to be used

� Trade off between risk and materiality guide how much audit evidence is required

4/05/15

5

Audit programs� Two types of audit program:

� Internal control program – list of procedures use to gain understanding of auditee business transaction systems and controls and assessing inherent and control risk

� Balance audit program – list of substantive procedures for gathering direct evidence on assertions

4.2 Role of analysis in audit planning

� Explain the purpose of analysis at the planning stage, and apply general analytical procedures in planning. (Level 1)

Analysis� Analysis is used throughout the audit process as

we have previously discussed.

� Analysis is a requirement of GAAS for the planning stage and the completion stage of the audit. It is optional as a substantive procedure

� In planning stage: Preliminary analytical procedures “attention directing”

4/05/15

6

Preliminary analytical procedures� The text describes five analytical procedures(pg

146)

� Compare current year account balances with prior periods

� Compare current year balances and financial relationships(ratios) with industry standards

� Compare current year account balances with budgets or forecasts

� Evaluate current year balances to other current year balances

� Study current year account balances compared to relevant non-financial information

Types of analysis� Horizontal analysis (Type 1) comparing across

two or more years

� Vertical analysis (Type 4) comparing within year against a baseline (ie based on sales for I/S accounts or total assets for B/S accounts)

4/05/15

7

Other analytical procedures� Misstatements from prior year audits and

proposed adjusting entries

� Discussions with auditee personnel

� Corporate charter/bylaws, etc

� Contracts, agreements, legal issues

� IMPORTANT – review all minutes of board meetings – any key decision should be included in minutes

Risk assessment� All the analytical procedures will help to identify

potential areas of risk

� These procedures are not detailed at the planning stage but are used to direct where the further audit procedures may need to be focused to address all significant risks and obtain sufficient appropriate evidence

4.3 Analysis of unaudited financial statements

� Identify and apply the three steps used to perform an analysis of unaudited financial statements. (Level 1)

4/05/15

8

Understanding the entity� This understanding in the planning stage allows

the auditor to develop expectations or a frame of reference.

� Three steps in analyzing the unaudited F/S

� Develop an organized approach to applying analysis

� Identify and describe the relevant relationships among the financial data, and establish expectations based on the auditor’s understanding of the business

� Three steps cont’d:

� Know what questions to address with respect to the relationships identified, in order to identify analytical results that are not consistent with the auditor’s expectation and investigate further

� Analysis has two goals at the planning stage:

� First is to investigate the differences due to potential misstatement in the financial statements

� Second is to avoid spending time investigating differences due to random variations that do not represent misstatements

4/05/15

9

Decision rules� When does the auditor investigate differences or

variations?

� Pre-determined dollar value or percentage variation

� Determined using PROFESSIONAL JUDGMENT

4.4 Determining materiality� Explain materiality by highlighting its quantitative

and qualitative aspects, and determine overall materiality for a particular audit. (Level 1)

What is materiality� An amount is said to be material if it might

reasonably lead financial statement users to change “resource allocation” decisions

� Determining materiality requires knowing who the principal users of the financial statements are and for what purpose they will use the financial statements

4/05/15

10

� Materiality is used in the planning, examination and completion stages of the audit.

� No surprise that materiality is one of those grey areas.

� There is no exact science to come up with materiality

� Again we use the term professional judgment –the auditor must assess both qualitative and quantitative factors to arrive at materiality

Post Enron....� Due to the perceived abuse of materiality based

on quantitative factors, SEC regulations require auditors to evaluate both quantitative AND qualitative factors

� Even if by the numbers an amount is immaterial, if it results from intentional misstatement, violation of law or earnings manipulation, the amount must be considered material

Quantitative Criteria� 5 to 10% of income from continuing operations

� 5 to 10% of net income before bonus (for owner-managed where objective is tax minimization)

� Industry specific criteria that have become generally accepted:

� NPO 0.5 to 2% total expenses or total revenues

� Mutual fund industry 0.5 to 1% net asset value

� Real estate industry 1% of revenue

4/05/15

11

Absolute size and relative size� The concept of absolute size is that a certain

large amount may be material regardless of the size of the entity. ($1 million for example)

� Relative size – relationship of potential misstatement in comparison:

� Income statement to net income before taxes

� Balance sheet a subtotal such as current assets or net working capital

Qualitative criteria� The quantitative criteria are fairly objective but

must be used in conjunction with a broader perspective

� New information that arises throughout the audit that causes a revision to the level of materiality is a qualitative consideration

� Examples

� User – related factors – some users require more precise financial information

� New business, calculating shareholder dividend

� Compliance with laws or regulations

� Nature of item – size of amount may not be material but the nature of the transaction may be significant (ie illegal transaction – what it says about Management)

4/05/15

12

� Circumstances – the wider the audience of financial statement users usually means the auditor will use a lower materiality level

� Same can be said for important users such as bank loan officers

Determining overall materiality� Typically for profit business financial statement

users are most concerned with net income therefore materiality is usually factored based on net income

� Materiality at planning stage is used to decide how much work to do on each financial statement account

� At completion stage auditors use materiality to evaluate the known or potential misstatements

� Misstatements are aggregated throughout audit when being compared to materiality

� For example if materiality is set at $25,000, then either a single misstatement greater than $25,000 or five misstatements of $5,000 or more would be material.

4/05/15

13

4.5 Applying materiality� Explain how materiality is applied throughout the

audit, and describe the types of misstatements and their impact on the audit report. (Level 1)

� As discussed previously materiality is used in the planning, examination and completions stages

� Planning – decides nature, extent and timing of risk assessment procedures, identifying and assessing the RMM (risk of material misstatement) and determine nature, extent and timing of further audit procedures

� Examination – comparison level at which misstatements are assessed

� Completion – evaluate known and potential misstatements

� Communicate and request correction of misstatements

� Evaluate uncorrected misstatements

4/05/15

14

Very Important – Five types of misstatement

� Identified misstatement (IM) – self explanatory

� Likely misstatement (LM)-likely based on evidence obtained

� Likely aggregate misstatement (LAM) – sum of IM in other than representative samples plus LM plus unadjusted misstatements from prior years

� Further possible misstatements (FPM) – based on sampling and non-sampling risk (see module notes)

� Maximum possible misstatement (MPM) – sum of LAM plus FPM

� When materiality is above the MPM the auditor can issue an unmodified report

� If materiality is below MPM but above LAM then the auditor may request adjustments be made before issuing an unmodified report however management may not agree based on sampling error –professional judgment required to decide on appropriate report

� When materiality is close to IM then adjustments must be made before an unmodified report is issued.

� See exhibit 4.5-1 in module notes for visual aid

4/05/15

15

4.6 Components of audit risk� Explain the components of audit risk. (Level 1)

SUPER IMPORTANT� Many different risks associated with auditing

� Audit risk is the risk that the audit will fail to uncover material misstatement and issue an unmodified report

� Risk of material misstatement is the risk that there is a material misstatement in the financial statements prior to commencement of audit

� Inherent risk – the risk or probability that a material misstatement can exist before considering possible effect of client’s internal controls

� Understanding business is crucial in order to identify and assess inherent risk

� Following factors impact inherent risk:

� Integrity of mgmt, client motivation, results of previous audits, initial versus repeat engagement, makeup of population, existence of complex transactions, going-concern issues

4/05/15

16

� Control risk – risk that a material misstatement was not prevented or detected by internal control systems in place in organization

� Effective internal controls reduce control risk

� Detection risk – the risk that the auditor will not detect material misstatements in the financial statements through performance of substantive procedures

� Level of detection risk ultimately decides nature, timing and extent of substantive evidence necessary to support assertions in F/S

MEMORIZE IF POSSIBLE� For a given level of AR the level of DR has an

inverse relation to the RMM.

� If RMM is assessed as low, auditor will increase DR meaning less substantive evidence is required.

� If RMM is assessed as high, auditor will decrease DR and require more evidence that material misstatements have not occurred.

4/05/15

17

Audit risk� Once again we go back to the beginning – In

accordance with GAAS, an audit is designed to provide reasonable assurance that the financial statements as a whole are free of material misstatements.

� Reasonable assurance acknowledges that there is a risk that the audit opinion is not appropriate when the financial statements are materially misstated – this is Audit Risk

Business risk� We’ve discussed clients business risk.

� Auditor also has business risk.

� When client’s business risk increases, so too does the auditor’s business risk

� If Auditor business risk is assessed as high, AR should be reduced (eg from 5% to 2%)

� If Auditor business risk is assessed as low, AR should be set at an acceptable minimum

4/05/15

18

Significant risks� Risks that require special audit consideration

� Often relate to significant non-routine transactions (infrequent or highly complex) and matters requiring judgment (estimates based on accounting principles open to interpretation)

� Must understand entity’s controls to address SR in order to develop effective audit approach

4.7 Audit risk model� Explain the importance of materiality and risk in

audit planning using the audit risk model, and describe the relationship of audit risk components to the amount of evidence required to support an assertion. (Level 1)

MEMORIZE� AR = RMM X DR

� OR

� AR=(IR x CR) x DR

� AR is a function of IR, CR and DR

� Auditor determines an acceptable value for AR, inserts values assessed for IR and CR and computes DR which determines amount of testing to be done.

4/05/15

19

� Therefore in solving for DR:

� DR=AR/IR x CR

� Now here’s the kicker:

� The above formulas are mostly used for conceptual planning purposes –

� It is more typical for firms to assign H, M, L within the Audit risk model

� So for detection risk, if you increase IR or CR will decrease DR.

� The DR is also inversely related to amount of evidence so if you increase IR or CR, DR will decrease and the amount of evidence required will increase.

4/05/15

20

AR vs. Assurance� Audit risk is the probability that the audit will

provide an unmodified opinion when the F/S are materially misstated.

� Therefore 1 minus AR is the probability that the opinion is correct. It is this probability of a successful audit that is the level of audit assurance.

4.8 Impact of auditee’s risk on risk of material misstatement (RMM)

� Explain how the auditee’s objectives, strategies, and related business risk are translated into a preliminary assessment of the risk of material misstatement. (Level 1)

� Business risks are unavoidable

� BR can be managed by:

� Avoidance

� Monitor for cost/benefit

� Reduce via controls in business processes

� Transfer risk (ie insurance)

4/05/15

21

� Auditor in understanding the business will gain an understanding of the business risks faced by the auditee and will assess these based on a matrix of likelihood of occurrence and magnitude of risk

� Likelihood(unlikely, possible, likely)

� Magnitude(low, medium, high)

� See Exhibit 7-14 in text

� Once the risk assessment is done on BR the auditor will evaluate the controls in place

� By evaluating controls, the auditor can reevaluateor reassess the RMM

4.9 Audit programs� Explain the content and purpose of the two

different types of audit program. (Level 2)

4/05/15

22

Internal control program� Discussed at beginning

� Usually carried out on an interim basis focusing on controls.

� Auditor must test controls to ensure they are operating effectively throughout period

� Allows auditor to rely on controls (CR is assessed below maximum)

� Auditor can shift a lot of the workload three to four months in advance of the year-end

Balance sheet program� Year end work

� Focus is on balance sheet accounts

� Financial statements are subdivided into accounting processes or cycles

� Procedures in the audit programs are designed to obtain evidence about the existence, completeness, valuation, ownership and presentation assertions implicit in each account title and balance

� Later modules will go into more detail but if we have time I will show the example programs from the module notes:

� C-320 – A/P and accrued liabilities

� And,

� C1-351 – Designing and performing tests of transactions details

4/05/15

23

� There is a lot of reading, but I think you are really starting to see how the concepts we talked about in earlier modules are now reappearing in relation to further concepts or in greater detail.

� Try to remember the broad objectives while you are delving into the more detailed processes.

� Have a great week.

� Email if you have questions:

� mike@thorntonandco.com