1 / 89

Understanding the Entity

Understanding the Entity. AU Section 314 Understanding the Entity and Its Environment and Assessing the Risks Source: SAS No. 109. The Risk Assessment Standards C Delano Gray June 18, 2008. Risk Assessment Standards. The risk assessment standards consist of:

Download Presentation

Understanding the Entity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Understanding the Entity AU Section 314Understanding the Entity and ItsEnvironment and Assessing the RisksSource: SAS No. 109.The Risk Assessment Standards C Delano Gray June 18, 2008

  2. Risk Assessment Standards • The risk assessment standards consist of: • SAS No. 104, Amendment to Statement on Auditing Standards No. 1, Due Professional Care • SAS No. 105, Amendment to Statement on Auditing Standards No. 95, Generally Accepted Auditing Standards • SAS No. 106, Audit Evidence • SAS No. 107, Audit Risk and Materiality in Conducting an Audit (Audit Risk and Materiality) • SAS, No. 108, Planning and Supervision • SAS No. 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Assessing Risks) • SAS No. 110, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Performing Procedures) • SAS No. 111, Amendment to Statement on Auditing Standards No. 39, Audit Sampling

  3. Risk Assessment Standards • The risk assessment standards consist of: • SAS No. 112 Communicating Internal Control Related Matters Identified in an Audit (Superseded SAS 60) • SAS No. 113 Omnibus Standards • SAS No. 114 The Auditor’s Communication with Those Charged with Governance (Supersedes SAS 61) http://www.aicpa.org/Professional+Resources/Accounting+and+Auditing/Audit+and+Attest+Standards/Authoritative+Standards+and+Related+Guidance+for+Non-Issuers/auditing_standards.htm Source: AICPA

  4. Risk Assessment Standards The ASB believes that the SASs represent a significant strengthening of auditing standards which in turn will improve the quality of audits conducted under these standards

  5. Objectives The objectives of the SASs are to improve audit effectiveness by requiring: • A more in-depth understanding of the entity and its environment, including its internal control. • More rigorous assessment of the risks of material misstatement (whether caused by error or fraud) of the financial statements. • A linkage between the assessed risks and the nature, timing, and extent of audit procedures performed in response to those risks.

  6. Knowledge • This assumes the following Knowledge of the SAS’s Knowledge of FAS and Interpretations Knowledge of Industry Specific Standards Knowledge of SOP’s and EITF Pronouncements Knowledge of Entity’s Industry, Markets, Competitors and Industry Practices.

  7. Overview of SASs

  8. Overview of SASs SAS No. 104, Amendment to SAS No. 1 • SAS No. 104 expands the definition of “reasonable assurance” as a “high” level of assurance”

  9. Overview of SASs SAS No. 105, Amendment to SAS 95, Generally Accepted Auditing Standards • “Internal control” is replaced by “the entity and its environment, including its internal control” • “Further audit procedures” replaces “tests to be performed” • “Audit evidence” replaces “evidential matter”

  10. Overview of SASs SAS No. 106, Audit Evidence (Amends SAS 31) “The auditor must obtain sufficient audit evidence by performing audit procedures to afford a reasonable basis for an opinion regarding the financial statements under audit.”

  11. Overview of SASs SAS No. 106, Audit Evidence • Audit evidence is all the information used by the auditor in arriving at the conclusions on which the audit opinion is based and includes: • Entity’s accounting records, • Confirmations, • Minutes, • Industry reports, • Audit procedures such as inquiries, observations, inspections, etc.

  12. Overview of SASs SAS No. 106, Audit Evidence • Audit Procedures • Risk Assessment Procedures • Inquiries • Analytical procedures • Inspection and observation • Further Audit Procedures • Test of controls • Substantive procedures • Test of details • Substantive analytical procedures

  13. Overview of SASs SAS No. 106, Audit Evidence • The use of assertions in obtaining audit evidence – these are management’s implicit or explicit assertions regarding the recognition, measurement, presentation and disclosure of information in the financial statements and related disclosures.

  14. Overview of SASs SAS No. 106, Audit Evidence (continued) • Categories of Assertions • Classes of transactions • Account balances • Presentation and disclosure

  15. Overview of SASs SAS No. 107, Audit Risk and Materiality (Amends SAS 47) “The auditors should perform the audit to reduce audit risk to a low level that is (in his or her judgment) appropriate for expressing an opinion on the financial statements.”

  16. Overview of SASs • Audit Risk and Materiality - "The auditor's consideration of materiality is a matter of professional judgment and is influenced by the auditor’s perception of the needs of users of financial statements” SAS 107.

  17. Overview of SASs SAS No. 108, Planning and Supervision (Amends SAS 1 and SAS 22) “The auditor must adequately plan the work and must properly supervise any assistants.”

  18. Overview of SASs SAS No. 109, Assessing Risks “The auditor must obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of material misstatement of the financial statements whether due to error or fraud, and to design the nature, timing, and extent of further audit procedures.”

  19. Risk Assessment Standards • Enhances the auditor’s application of the audit risk model in practice by requiring: • More in-depth understanding of the entity and its environment, including its internal control to better understand where risks of misstatements are higher • May require greater understanding of internal control design and implementation of controls • Ability to default to maximum control risk assessment removed • Improved linkage between the assessed risks and the nature, timing, and extent of audit procedures performed

  20. Risk Assessment Standards • Enhances the auditor’s application of the audit risk model: AR = [CR x IR] x DR [CR x IR] = RMM AR = Audit Risk CR = Control Risk IR = Inherent Risk DR =Detection Risk RMM = risk of material misstatement Source: AICPA.

  21. Risk Assessment Standards • Internal Control Framework is unchanged

  22. SAS 109 Understanding the Entity and ItsEnvironment and Assessing the Risks

  23. Introduction .01 This section establishes standards and provides guidance about implementing the second standard of field work, as follows: • The auditor must obtain a sufficient understanding of the entity and its environment, • Its internal control, to assess the risk of material misstatement of the financial statements whether due to error or fraud, • Design the nature, timing, and extent of further audit procedures.

  24. .02 The following is an overview of this standard: • • Risk assessment procedures and sources of information about the entity and its environment, including its internal control. • This section explains the audit procedures that the auditor should perform to obtain the understanding of the entity and its environment, including its internal control (risk assessment procedures). • The audit team should discuss the susceptibility of the entity's financial statements to material misstatement.

  25. Risk Assessment Standards • The auditor should assess the risks of material misstatement at the financial statement level and at the relevant assertion level on all audits based on the understanding obtained

  26. Risk Assessment Standards • New Assertion Framework

  27. Risk Assessment Standards • Identifying risks through considering • The entity and its environment, including its internal control • Classes of transactions, account balances, and disclosures • Relating the identified risks to what could go wrong at the relevant assertion level • Significant risks1 1SAS 109, Assessing Risks, paragraphs 102-121

  28. Risk Assessment Standards

  29. Risk Assessment Standards • Testing of controls is encouraged • The requirement to link assessed risks and the audit procedures responsive to those risks is improved • Risk assessment is a continuous process, not a series of discrete stages

  30. Risk Assessment Standards • Perform further audit procedures that are clearly linked to risks at the relevant assertion level by: • Performing tests of the operating effectiveness of controls • Performing substantive procedures • Evaluating the adequacy of presentation and disclosure1 1SAS 110, Performing Procedures SAS, paragraphs 23-68 • Evaluate whether sufficient competent audit evidence has been obtained2 2SAS 110, Performing Procedures, paragraphs 70-76 Source AICPA

  31. Risk Assessment Standards • Greater emphasis is placed on testing of disclosures • Greater Emphasis is placed on the Evaluation of Internal Controls • Guidance on evaluating audit findings is clarified and expanded • Documentation requirements are significantly expanded

  32. Significant Changes to Existing Practices • Identifying and assessing the risks of material misstatements at both the financial statement level and the relevant assertion level by performing risk assessment procedures. • Designing and performing tailored further audit procedures responsive to assessed risks at the relevant assertion level • Linkage of audit procedures to the risk of material misstatement.

  33. AU Section 314Understanding the Entity and ItsEnvironment and Assessing the Risksof Material Misstatement(Supersedes SAS No. 55)Source: SAS No. 109.Effective for audits of financial statements for periods beginning on or afterDecember 15, 2006. Earlierapplication is permitted.

  34. Risk Assessment Overview NewProcess Inquiries Analytical Procedures Brainstorming Fraud Risk Factors Other Risk Assessment Respond

  35. SAS No. 109, Assessing Risks • Risk assessment procedures and sources of information about the entity and its internal control are: • Inquiries • Analytical procedures • Observation and inspection • Discussion among audit team

  36. SAS No. 109, Assessing Risks • Inquiries of management may be directed toward: • External parties – for example, legal counsel, bankers, valuation experts, etc. • Internal – for example those charged with governance, internal audit, employees other than accounting personnel, in-house counsel, etc.

  37. SAS No. 109, Assessing Risks • Analytical Procedures • Use guidance of SAS 56, Analytical Procedures • Helpful In identifying unusual transactions or events • Assist in determining amounts, ratios, trends in the financial statements

  38. SAS No. 109, Assessing Risks • Observation and inspection include: • Inspection of documents and manuals (for example accounting or internal control) • Reading internal reports and minutes • Visit premises and plant facilities • Tracing transactions through systems

  39. SAS No. 109, Assessing Risks • The auditor should consider the results of the fraud risk assessment performed during planning along with other information gathered in identifying the risks of material misstatements.

  40. SAS No. 109, Assessing Risks Discussion among audit team: • Can be held at the same time as the discussion specified in SAS 99. • Objective is for members to gain a better understanding of the potential for material misstatements. • An opportunity for more experienced members to share their insights.

  41. SAS No. 109, Assessing Risks • Understanding the entity and its environment, including its internal control. • Industry, regulatory, and other external factors • Nature of the entity • Objectives and strategies and the related business risks that may result in a material misstatement of the financial statements • Measurement and review of the entity's financial performance • Internal control

  42. SAS No. 109, Assessing Risks Internal control

  43. SAS No. 109, Assessing Risks (continued) • The auditor should obtain a sufficient understanding of internal controls to: • Evaluate the design of controls relevant to the audit, • Determine whether the controls have been implemented.

  44. SAS No. 109, Assessing Risks The auditor should perform risk assessment procedures to obtain an understanding of internal control. Procedures include observation, inspection, or performing walkthroughs. • Inquiry alone is not sufficient to evaluate the design of controls and whether they have been implemented.

  45. SAS No. 109, Assessing Risks The auditor should identify and assess the risks of material misstatements at: Financial statement level The relevant assertion level

  46. Internal Controls The three primary objectives of effective internal control.

  47. Internal Control Objectives 1. Reliability of financial reporting 2. Efficiency and effectiveness of operations 3. Compliance with laws and regulations

  48. Managements Responsibilities Contrast management’s responsibilities for maintaining and reporting on internal controls with the auditor’s responsibilities for understanding, testing, and reporting on internal controls.

  49. Management and Auditor Responsibilities Relatedto Internal Control • Management’s responsibility for establishing internal control • Reasonable assurance • Inherent limitations

  50. Management and Auditor Responsibilities Relatedto Internal Control • Design of internal control • Operating effectiveness of controls

More Related