Please enable JavaScript.
Coggle requires JavaScript to display documents.
Chapter 7
Audit Evidence
(held in working paper), Use of CAAT
…
-
Use of CAAT
- application ctrls for computerised sys: compatibility checks; access ctrl (password); procedures over amendments, etc.
- consider general ctrls of client system (segregation of duties; access ctrl; back-up procedures; ins; cyber-security measures)
- Test of data mean using dummy data on live or dead runs- to verify application ctrls are working
Sampling
- ie. auditor don't check everything
- random / systematic sampling
- using stratification can improve audit efficiency
- dual testing- mean TOC + TOD.
[Factors influencing it:]
- assessment of IR & CR
- expected error- what the auditor expects?
- tolerable level- hw much auditor can tolerate?
- nd to consider anomalous error (one-off/not expect to repeat)
- results of sample deviation level ("Tolerable deviation will be given in ques"). Can be used on TOC / TOD. For TOC, consider the existence of compensating ctrls that can be used to provide assurance in that area that failed.
[Remark]
- so is either test more sampling, OR less.
- but if population is small & all items are material, than test all (easier).
Evidence will then show in audit working paper (file). Eg:
- copy of contract viewed
- invoices inspected to..
- minutes of discussion w/ director
- confirmation letter response
Written representation (WR)
- is a letter signed by mgt & give to us as evidence.
- to support other evidence / if required by ISA
- cannot be used to substitute IF other evidence is expected to be available.
- when facts are confined to mgt; or it is a matter of opinion/judgement.
- covers: estimates; RP; fraud; subsequent event; misstatem; GC.
- must be signed b4 audit report.
Audit documentation
- referring to permanent & current file.
- needed for QC, future work ref, increases 3Es, etc
- content: name of client; initial of staff doing, review date, etc.
Using work of auditor's expert
- can be appointed by either client or auditor.
[Do we really need it?]
- complexity; materiality; cost/benefit; last yr approach taken.
- Eg. Pension; FV (highest & best use method); Share based pymt.
[When appointing, consider:]
- FASSI; qualification; prof body; reference; past work.
[Actual work done-Report]
- consistency w/ CAKE
- data assumptions
Use Internal Auditors (IA) work
[Steps]
* assess the dept: staff's competence; scope of work; QC; prof behavior; org status (who they report to?). If IA designs the system / reports to BOD, then this IA not strong for us to use.
- assess their work done: IA might hv done TOC & hv sampling. If thr's no overlap on the work IA & EA does, then no use.
- Using IA staff for audit: Act like junior staff for EA. BUT, anything that's high risk OR uses judgement, don't use IA.
Service Organisation (SO)
- Terms: User entity (UE) is the client; User auditor (UA) is the one that audits client; Service auditor (SA) is auditor of SO.
- we might nd SO report- to know if their system is reliable. Like how reliable is SO's internal ctrl? To perform the audit if is significant SO (ie. affecting the FS).
- Eg. client outsource accounting services.
- differentiate btw outsource contractor (employee) Vs outsource company (SO).
- 2 types of SO: (1) transacts & maintain accountability; OR (2) only record & process. For (2), just audit the ctrls at UE should be sufficient.
[Assess significant of SO]
- terms; Internal ctrls; Nature of service; impact of failure; technical manual ref.
[Gaining evidence]
- Type 1 report on system design (ICE & ICEQ). Eg. when SO is like IBM.
- Type 2 report on both design & operations (TOC results)
[in exam ques]
Examiner won't say, "this is a service organisation" We detect ourselves.
Auditing system:
[ARCET]
- if new client, nd to do full ARCET.
- A- using [EIO]
- R- using [INFO]
- C- using [WTT]
- E- using [ICEQ/ICQ- strong/weak design?
- T- using [TOC-EIOU+TD]- strong/weak operations?
Related parties
- apply IAS 24 requirements
- Who: UCP; ctrl significant; influence; JV; associate; KMP, close family members.
- Disclosure: who; KMP salary; RPT
- Material by nature (as higher fraud risk)
[Procedures to discover RP & RPT]
- review prior yr wk papers
- review S/H records
- inspect register of director interest
- review minutes of BOD meeting
- enquire mgt on new RP (any?)
- WR frm mgt on RP.
- review major cust / suppliers (to see if they're RP)
[Impact on audit report]
- if RPT/RP not disclosed / adequately disclosed = adverse / qualified
- if no evidence on this relationship = disclaimer of opinion / qualified
Initial audit engagement
- only do if is new audit / first year audit.
[must get evidence on the following 3 needs:]
- Op bal don't hv MM that affects current period
- last yr c/f has correctly b/f or restated
- a/c policies consistently applied.
[If prior yr another audit firm- AP:]
- review wk papers (eg. Big4 do exchange info)
- consider competence
- read prior yr audit report
- if it was modified, pay attention to item causing modification.
[If prior yr not audited- AP:]
- additional procedures to be done on op bal: inventory-count now-roll back figures; Receivables/Payables-review after YE pymts; PPE op bal traced to actual & adj by disposal & acquisition; bank-statements
DON'T AUDIT SALES, it does not hv op bal.
[Impact for audit report]
- if op bal cannot be verified bcos lack of evidence = disclaimer of opinion / qualified
- if op bal hv misstatement not corrected which material to current period = adverse / qualified.
Auditing a/c estimates (include FV a/c estimated & disclosures)
- is it high risk OR low risk?
- High risk: mgt judgement; complex; measurement uncertainty.
- Low risk: ltd judgement; regular; low uncertainty.
- if is high risk- granular lvl work on inputs used for estimate (ie must be very detail-check their source; check & challenge their assumptions)
- if FV are frm mgt estimates- need to review how well they estimate in the past, accurate or not? (see success rate).
[Remarks:]
- IFRS 13 / 9 / 2; IAS 37
- Depreciation is consider low risk, provided it's relating to disposal
[Difficulties:]
- high risk due to imprecise & subjective nature of estimates
- increase reliance on external source evidence to support estimation
- over-reliance of experts & lack of audit staff knowledge
- complex fair valuations will not be regular occur-limiting internal ctrls
Confirmation
- Bank / solicitor confirmation
- circularisation can be +ve (we must get a response) OR -ve (only respond if is wrong). Eg Celcom/Astro is -ve circularisation - small value & large volume- with strong internal ctrls.
- consider alternative procedures for non-response (+ve circularisation): email, send reminder, vouch the acc.
[Auditor's action]
- if response is -ve = no action
- if response is -ve = reconcile, can be classified as misstatement if cannot reconcile.
Audit evidence- specific consideration for selected items
[Auditing:]
- Inventory- procedures before/during/after stocktake
- Litigation- review legal expense a/c
- Segmental (only for listed companies). Risk is that it was not identified as operating segment. Is it reportable? Calculate to see if it meet threshold (10% of revenue/total asset/profit); (75% of external revenue must be reported).
[AC notes]
** to further understand IFRS 8.
Subsequent events (SE) (ISA 560)
- event occur btw end of reporting period & date of audit report; & facts discovered after date of audit report.
- Adjusting event: events provide evidence to conditions that existed at date of reporting <adj FS>
- Non-adj event: events provide.....that arising after reporting date <disclose, if material, unless GC>
[Timeline for SE]
- IAS 10- cuts off at date of authorise (sign) audit report. Has active duty to detect events.
- ISA 560 goes till AGM stage. Has only passive duty, ie to consider if thr's a nd to update audit report (use EOM if needed)
[Procedures to detect SE]
- review mgt procedures for EARP
- obtain WR frm mgt- on SE completeness
- Review board minutes after YE- for events discussion
- enquire legal counsel on claims after YE
- review internet news
- review regulator correspondence
Going concern
[Mgt responsibility]
- assess entity's ability to continue as GC (should cover min 12 mths frm FS date)
[Auditor responsibility]
- consider the appropriateness of mgt's GC assumptions.
- consider if thr are material uncertainties. If profit making entity & no signs of stress - then do less work.
[Indicators of GC problems]
- refer to notes under Chapter 7
Comparative information
- corresponding figures Vs comparative FS
[Corresponding figures]
- evidence needed to ensure policies are consistent & amt agree to past
- if audited by another- use other matter parag (state the date & its opinion). But if not audited (ie this yr 1st yr), then also just other matter parag.
[Comparative FS]
- whr amt & disclosures for preceding period is included separately as entire statement for comparison purpose.
- evidence of changes in the opinion in the past.
** if last yr is clean, BUT this yr audit found issue that is material last year, this implies that previous year has errors that has to be corrected under IAS 8:
- if resolved use EOM to highlight changes;
- if not corrected, modify the audit report- qualified opinion on corresponding figures.
- if not corrected & also affects current yr bal - modified for both current & corresponding figures.
**Auditor responsibilities relating to Other Info in docs containing audited FS**
- Like Chairman statement- not suppose to audit BUT must read it- as part of final review
- check for material inconsistency in FS & OI
- check for MM of facts
- if not corrected, will be reported in OI parag.