© OECD

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

Tirana, 10-12 September 2014

Workshop System Based Auditing

3. Fine tuning elements of SBA

2

3

Scope of SBA workshop

4

Scope of SBA workshop

5

3.1 Materiality: what is materiality?

ISSAI 100, paragraph 41:

• Auditors should consider materiality throughout the audit process.

• Materiality is relevant in all audits.

• A matter can be judged material if knowledge of it would be likely to influence the decisions of the intended users.

• Determining materiality is a matter of professional judgement and depends on the auditor’s interpretation of the users’ needs.

6

3.2 Materiality: what is materiality (cont’d)?

ISSAI 100, paragraph 41 continued:

• Materiality is often considered in terms of value, but it also has other quantitative as well as qualitative aspects.

• Qualitative materiality

By nature: The inherent characteristics of an item or group of items may render a matter material by its very nature.

By context: A matter may also be material because of the context in which it occurs.

7

3.3 Materiality: examples

• Material by nature (ISSAI 4200 paragraph 73)

a) Fraud

b) Intentional unlawful acts or non-compliance

c) Incorrect or incomplete information to management, the auditor or to the legislature (concealment)

d) Intentional disregard for follow-up of requests made by management, authoritative bodies or auditors

e) Events and transactions made despite knowledge of the lack of legal basis to carry out the particular event or transaction

8

3.4 Materiality: examples (cont’d)

• Material by context (ISSAI 4200 paragraph 73)

concerns items material by their circumstance, so that they can change the impression given to users, e.g. expenditure misclassified as income results in an actual deficit being reported as a surplus in the financial statements

9

3.5 Materiality: when to apply materiality?

In performing compliance audits, materiality is determined for:

a) Planning purposes

b) Purposes of evaluating the evidence obtained and the effects of identified instances of non-compliance, and

c) Purposes of reporting the results of the audit work.

10

3.6 Planning materiality

• Setting materiality limits helps planning the audit so as to ensure that material deviations are detected by audit tests the resources are employed in the most efficient way.

11

3.7 Audit risk: what is audit risk?

ISSAI 1000, paragraph 13

• (c) Audit risk – The risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk.

12

3.8 Audit risk: what is acceptable audit risk ?

• Having absolute assurance or confidence of detecting all material deviations is not practical nor cost-effective. Even if auditors checked every single transaction absolute assurance could not be reached (e.g. fraud might not have been detected).

• Instead, auditors try to ensure that their audit work reaches a reasonable level of assurance. This means that audit risk has to be reduced to an acceptable level.

• Audit risk is the risk of coming to a wrong conclusion that auditors are willing to tolerate. In practice, audit risk is unavoidable.

• In general the acceptable level of Audit Risk (AR) is 5%. This means that the auditors’ target is to be 95% confident of their findings.

• Audit risk is the inverse of audit assurance (AR). Therefore, the degree of assurance (DA) auditors want to reach is DA = 100 – AR = 95%.

13

3.9 Audit risk: a model

ISSAI 4100, paragraph 81

• In general, public sector auditors consider the three elements of audit risk - inherent risk, control risk and detection risk in relation to the subject matter and the particular situation.

14

3.10 Audit risk: components of the model

• Inherent Risk (IR): is the possibility that a misstatement could occur (all the things that can go wrong)

• Control Risk (ICR): is the risk that a misstatement that could occur will not be prevented or detected and corrected on a timely basis by the audited entity (internal control)

• Detection Risk (DR): is the risk that audit procedures will not detect any misstatements that occur and are not prevented, or detected and corrected by the entity´s internal control

15

16

Inherent Risk

Control

Risk

Detection

Risk

Audit Risk

Any material

error at all?

Yes

Caught by

controls?

No

Caught by

our audit?

No

Wrong opinion

3.12 Questions audit risk: where does the model impact?

• You understand the audited entity and its mission

• The Ministry pays claims in cash

• In the Ministry there is no comparison between decisions and payments

• You audit the Ministry for the first time

17

QUESTIONS?

18