Lecture 3- The audit process- offsite work

First stage of audit process is [blank_start]client acceptance[blank_end]. Second stage is [blank_start]planning audit[blank_end]. Third stage is [blank_start]testing & evidence[blank_end] & final stage is [blank_start]evaluation & reporting[blank_end]

When looking at client acceptance process, [blank_start]auditor[blank_end] has to go through number of [blank_start]stages[blank_end] so that they can gain [blank_start]sufficient assurance[blank_end] they can take on this [blank_start]client[blank_end] & [blank_start]work[blank_end] with them

First stage of client acceptance process is evaluating [blank_start]client’s background[blank_end]. This involves evaluating [blank_start]engagement risks[blank_end] which is [blank_start]legal responsibility[blank_end] of auditors. This includes looking at [blank_start]relationship[blank_end] between auditor & potential client & determining whether [blank_start]professional[blank_end] & [blank_start]ethical[blank_end] requirements (independence & competence) can be [blank_start]met[blank_end]

Second stage of client acceptance process is examining auditor’s [blank_start]ethical requirements[blank_end] & [blank_start]technical competence[blank_end]. This involves determining whether [blank_start]ethics[blank_end] & [blank_start]independence[blank_end] criteria can be met for [blank_start]audit team[blank_end], for [blank_start]entire audit firm[blank_end], assess auditors’ [blank_start]competence[blank_end] & using work of an [blank_start]expert[blank_end]

Third stage of client acceptance process is [blank_start]communicating[blank_end] with [blank_start]predecessor auditor[blank_end]. This is because they have [blank_start]duty[blank_end] to do this. When communicating [blank_start]IFAC Code of Ethics[blank_end] must be followed. Also, they need to evaluate their [blank_start]integrity[blank_end] to have an [blank_start]assurance[blank_end] that audit process happened before was done [blank_start]properly[blank_end]

Fourth stage of client acceptance process is evaluating [blank_start]management’s integrity[blank_end]. This involves [blank_start]seeking references[blank_end] of individuals ([blank_start]key directors[blank_end]) to make sure auditors can confirm their [blank_start]work status[blank_end] & demonstrate [blank_start]ethical behaviour[blank_end]. Also, [blank_start]searches[blank_end] can be [blank_start]undertaken[blank_end] such as Companies House records to see whether they are [blank_start]directors[blank_end]

Final stage of client acceptance process is submitting terms of [blank_start]engagement[blank_end] in form of an audit [blank_start]engagement letter[blank_end]. [blank_start]Engagement letter[blank_end] is very important piece of [blank_start]audit evidence[blank_end] because it is [blank_start]contract[blank_end] that is agreed with & sent to [blank_start]management[blank_end] which sets out specific [blank_start]contractual relationship[blank_end] between auditors & client

Contents of engagement letter include [blank_start]objective[blank_end] & [blank_start]scope[blank_end] of audit (highlight what auditors are [blank_start]going to do[blank_end]), responsibilities of [blank_start]auditors[blank_end], responsibilities of [blank_start]management[blank_end] & those charged with [blank_start]governance[blank_end] (so they know & are clear about what they must do), [blank_start]audit reporting[blank_end] (so what [blank_start]reporting[blank_end] will happen i.e. interim report), [blank_start]fees[blank_end] (so how much are [blank_start]fees[blank_end]) & [blank_start]recurring audit[blank_end] (potentially have rolling arrangement so audit is done each year)

Two reasons why audits should be planned are it helps [blank_start]auditor[blank_end] direct [blank_start]attention[blank_end] to [blank_start]important[blank_end] areas & helps [blank_start]resolve[blank_end] potential [blank_start]problems[blank_end]

Another two reasons why audits should be planned are [blank_start]effective[blank_end] & [blank_start]efficient[blank_end] audit & assists in [blank_start]selection[blank_end] of audit team

Another three reasons why audits should be planned are facilitates [blank_start]direction[blank_end] & [blank_start]supervision[blank_end] of staff, assists [blank_start]co-ordination[blank_end] of work of [blank_start]team members[blank_end] & [blank_start]experts[blank_end] & establishes [blank_start]materiality[blank_end]

One planning procedure is performing [blank_start]audit procedures[blank_end] to understand [blank_start]entity[blank_end] & its [blank_start]environment[blank_end], including [blank_start]internal[blank_end] control (so looking at way [blank_start]client[blank_end] works)

Another planning procedure is assessing [blank_start]risks[blank_end] of [blank_start]material misstatements[blank_end] of financial statements (so [blank_start]reviewing[blank_end] likelihood of there being [blank_start]material misstatements[blank_end]- look at [blank_start]risk[blank_end] of this happening)

Third planning procedure is determining [blank_start]materiality[blank_end] (so calculating [blank_start]materiality[blank_end] so we can apply that to [blank_start]planning process[blank_end])

Fourth planning procedure is preparing [blank_start]planning memorandum[blank_end] & [blank_start]audit[blank_end] program containing [blank_start]auditor’s[blank_end] response to identified [blank_start]risks[blank_end]

Objective of auditors is to show that [blank_start]financial statements[blank_end] show [blank_start]true[blank_end] & [blank_start]fair[blank_end] view (without [blank_start]material misstatement[blank_end] & not going to [blank_start]mislead[blank_end] users). To come to this view, auditor is required to look in two directions which are [blank_start]primarily backwards[blank_end] as information is [blank_start]historical[blank_end] but [blank_start]forwards[blank_end] to confirm that company is [blank_start]going concern[blank_end]

One limitation of audit is [blank_start]sampling[blank_end]. It is not practical test [blank_start]100%[blank_end] of transactions. Maybe an [blank_start]error[blank_end] in an item not [blank_start]selected[blank_end] for testing by auditor

Another limitation of audit is [blank_start]subjectivity[blank_end]. Financial statements include [blank_start]judgemental[blank_end]/[blank_start]subjective[blank_end] areas. Auditor required to use [blank_start]judgement[blank_end] in assessing whether financial statements are [blank_start]true[blank_end] & [blank_start]fair[blank_end]

Third limitation of audit is inherent [blank_start]limitations[blank_end] of [blank_start]internal control[blank_end] systems. An [blank_start]internal control[blank_end] system is likely to [blank_start]human error[blank_end]. Possibility of controls override by management - collusion & fraud. Impossible to remove all of these inherent [blank_start]limitations[blank_end]. As auditor relies on [blank_start]internal control[blank_end] systems, this can reduce usefulness of audit

Fourth limitation of audit is evidence is [blank_start]persuasive[blank_end] not [blank_start]conclusive[blank_end]. Opinion is based on audit [blank_start]evidence[blank_end] gathered. [blank_start]Evidence[blank_end] involves [blank_start]estimates[blank_end] & [blank_start]judgements[blank_end] & therefore does not give definite [blank_start]conclusion[blank_end]

Fifth limitation of audit is [blank_start]audit report format[blank_end]. [blank_start]Format[blank_end] of opinion is determined by International Standards on Auditing (UK & Ireland). However, [blank_start]terminology[blank_end] used is not usually understood by [blank_start]non-accountants[blank_end]. This means that users may not actually understand audit opinion given ([blank_start]audit expectation gap[blank_end])

Final limitation of audit is [blank_start]historic information[blank_end]. Audit report often issued some time [blank_start]after[blank_end] year end. [blank_start]Financial information[blank_end] can be quite different to current position. In [blank_start]current[blank_end] marketplace where companies’ financial positions can change quite quickly, [blank_start]audit opinion[blank_end] may no longer be relevant as it is [blank_start]out of date[blank_end]

Material misstatement at financial statement level is at [blank_start]whole level[blank_end] of [blank_start]accounts[blank_end] i.e. something big in income statement where [blank_start]whole statement[blank_end] has issue. At assertion level it is at [blank_start]individual transactions[blank_end], [blank_start]account balances[blank_end] & [blank_start]disclosures[blank_end]

Business risk- Risk that business does not [blank_start]achieve[blank_end] its [blank_start]objectives[blank_end]. [blank_start]Objectives[blank_end] maybe [blank_start]financial[blank_end] or [blank_start]non-financial[blank_end] i.e. profitability, market share & customer satisfaction

Audit risk- Risk of an [blank_start]auditor[blank_end] expressing an [blank_start]inappropriate[blank_end] audit opinion when financial statements are [blank_start]materially misstated[blank_end]. It is linked to fact that financial statements are [blank_start]materially misstated[blank_end] prior to audit

In business risk approach to audit, auditor understands [blank_start]risks[blank_end] to [blank_start]business[blank_end]. By identifying those [blank_start]business risks[blank_end] it allows them to direct efforts towards [blank_start]risk areas[blank_end] from an operational perspective. Auditor can offer [blank_start]additional services[blank_end] to identify & mitigate risk areas

One type of audit risk is [blank_start]inherent risk[blank_end]. This is within business. In relation to [blank_start]inherent risk[blank_end], once auditor accepts engagement, they cannot [blank_start]control[blank_end] this risk. Examples include management [blank_start]integrity[blank_end], management [blank_start]experience[blank_end] & [blank_start]competence[blank_end], [blank_start]pressures[blank_end] on management, [blank_start]nature[blank_end] of entity’s business & [blank_start]complexity[blank_end]

Another type of audit risk is [blank_start]control risk[blank_end]. This is risk that [blank_start]controls[blank_end] intended to [blank_start]prevent[blank_end] or identify [blank_start]material misstatement[blank_end] in an assertion [blank_start]fail[blank_end] to do so. In relation to this risk, once [blank_start]engagement[blank_end] is accepted, it cannot be [blank_start]controlled[blank_end]. Examples include failure of [blank_start]design[blank_end] (there isn’t one or it doesn’t do what was intended) & failure of [blank_start]operation[blank_end] ([blank_start]control[blank_end] has not operated or not operated as intended)

Final type of audit risk is [blank_start]detection risk[blank_end]. This is failure to [blank_start]detect misstatement[blank_end] in an assertion that could be [blank_start]material[blank_end]. It depends on [blank_start]design[blank_end] of audit procedure & [blank_start]application[blank_end] of an audit procedure. This risk can be [blank_start]controlled[blank_end] by auditors