Module 1 THE AUDITING AND ASSURANCE FRAMEWORK 1

ASSURANCE ENVIRONMENT---- what are assurance services? -Definition - 4

1 population of assurance services Fig.

----- important influences on provision of assurance services - A. THE 5

INTERNATIONALISATION OF AUDITING

● Regulatory agencies , what they want 5-6-

• International Federation of Accountants (IFAC) 7
• International Forum of Independent Audit Regulators (IFIAR)
• International Ethics Standards Board for Accountants (IESBA) - (code of
ethics)
• International Auditing and Assurance Standards Board (IAASB)

-Pronouncements issued by the IAASB Fig.

REGULATION OF AUDITING IN AUSTRALIA - regulators and institutions that 7

B have an impact on the audit process, either directly or indirectly. They include -

• Financial Reporting Council (FRC) 7-8

• Australian Securities and Investments Commission (ASIC) -9
• Accounting Professional and Ethical Standards Board (APESB)
• Auditing and Assurance Standards Board (AUASB) - similarities and differences
with IAASB - The AUASB standard-setting process Fig.
- equivalent Australian pronouncements to the International pronouncements
covering various aspects of audit and assurance engagements Table
• Companies Auditors and Liquidators Disciplinary Board (CALDB)
• Australian Securities Exchange (ASX)
• professional accounting bodies:
– CPA Australia
– Chartered Accountants Australia and New Zealand (CAANZ)
– Institute of Public Accountants (IPA).

REGULATION OF AUDITING IN NEW ZEALAND - The External Reporting Board 10

C (XRB) consisting of
New Zealand Accounting Standards Board (NZASB) and the New Zealand
Auditing and Assurance Standards Board (NZAuASB)
-The equivalent of the Australian regulator (ASIC) in New Zealand is the
Financial Markets Authority (FMA)

ASSURANCE ENGAGEMENT FRAMEWORK ---A. ETHICAL PRINCIPLES - firms 11

2 that perform assurance engagements must comply with the fundamental ethical
principles outlined in IESBA’s Code - (i) THE CODE - IESBA establi8shed by IFAC
. (Code divided into 4 parts)

1st Part -Fundamental principles ( integrity , objectivity , professional 12 -

competence and due care , confidentiality , professional behaviour) and 13
Conceptual Framework (threats and safeguards)

3rd Part - Professional Accountants in Public Practice - ( conflicts of interest , 14 -

professional appointments -additional requirements that apply to appointment of 15
auditors in Australia , second opinions , Fees and other types of
 remuneration - threats and safeguards , Inducements - gifts and hospitality ,
Custody of client assets , Responding to Non-Compliance with Laws and
Regulations ( NOCLAR ) - objectives of an accountant if they encounter or are
made aware of NOCLAR

4th Part - Independence (Part 4A) Under the Corporations Act, ASIC has 16
responsibility for the surveillance, investigation and enforcement of auditor
independence

Australian requirements - APES 110 issued by APESB and ASA 102 17

QUALITY CONTROL STANDARDS - professional accountants subject to ISQC 1 , 18

B. -similarities and differences between ISA 220 and ISQC 1 , -IAASB issued a
proposal of international standards on quality management , what is quality
management?

Elements of Quality Control --- (a) Leadership Responsibility (b) Ethical 19

(i) Requirements (what does system that support ethical behaviour include?) , ISA
220 , what is important for the engagement partner to do? at what level there
can be non-compliance?

Acceptance and Continuance of Client Relationships - risk checklist to assess the

(c) integrity of a client , what does the risk assessment affect?

Human Resources , Assignment of Engagement Teams 20

(d)

Engagement Performance - Important policies and procedures that relate to 21

(e) engagement performance are- ~ Consistency in the Quality of Engagement
Performance ~ Supervision and Review ~ Consultation ( mentoring scheme ) ~
Engagement Quality Control Review

Monitoring - monitoring of audit control , - INFO 222 'improving and maintaining 22

(f) audit quality' , - internal and external monitoring

● Transparency report by larger audit firms of significant entities 23

A Framework for Audit Quality - Fig. , -what is included in a quality audit's 24

(ii) input , process and output , - the 1st , 2nd and 3rd part of the audit quality
framework

DESCRIPTION OF ASSURANCE ENGAGEMENTS - Examples of assurance 25

C. engagements - Table:

ATTESTATION AND DIRECT ENGAGEMENTS - Assurance engagements include •

D. Attestation engagements • Direct engagements (assurance engagements either
an attestation engagement or direct engagement - no overlap) , -distinction
between attestation engagements and direct engagements

REASONABLE AND LIMITED ASSURANCE ENGAGEMENTS - meaning of the 26

E. term "reasonable assurance" -what Sufficient appropriate audit evidence
includes:

● examples of conclusions provided in ISAE 3000 for an audit of the financial 27

statements , how limited assurance engagements conclusions are conveyed
 SCOPE OF THE FRAMEWORK - assurance engagements that practitioners
F. perform that are not covered by the framework

ELEMENTS OF AN ASSURANCE ENGAGEMENT - Elements of a generic 28

G. assurance engagement Fig. , --Comparison of the elements of a generic
assurance
engagement and a financial statement audit : Table

Explanation of the elements of assurance engagements ---(i) Three party 29

relationship -
– practitioner (the assurance practitioner)
– responsible party (responsible for the underlying subject matter and the
preparation of the subject
matter information)
– intended users (of the assurance report) , table of examples of different types
of engagements and their intended users , ---examples of assurance
engagements performed for a specific purpose with only one user

Underlying Subject Matter - what appropriate subject matter includes , -- 30

(ii) Subject matter of an assurance engagement Table:

Criteria - meaning. ---criteria can be formal, ---Characteristics and 31

(iii) examples of suitable criteria Table:

Evidence - Evidence gathered should be sufficient and appropriate , ------ an 32 -

(iv) assurance practitioner has to exercise professional scepticism (consisting of 35
sceptical mindset and sceptical attitude) , information technology changes
affects auditor's scepticism

-----Professional Judgment ( examples of audit judgements) , judgments 35-

pertaining to evidence collection and evaluation are made within the context of 36
materiality

----- Engagement risk ( assurance provider assesses the engagement risk during 37
the planning stage of the engagement by assessing three components - inherent
risk , control risk and detection risk )

---- Nature, Timing and Extent of Procedures 38

Assurance Report - determination of level of assurance involves consideration of

(v) the relationships between underlying subject matter , the criteria , quantity and
quality of evidence

TYPES OF ASSURANCE ENGAGEMENTS - ( different types of assurance services 39

3. that an assurance practitioner can provide )

AUDITS OF FINANCIAL STATEMENTS - financial statements free from material 40

A. misstatements and prepared in accordance with financial reporting framework ,
---true and fair view ----what directors must declare according to the
corporations Act , ---additional notes in the financial report if compliance with
accounting standards doesn't give true and fair view.

Sec. 301 of the Corporations Act , ---requirements of the auditor in fulfilling

their role
 Limitations of an Audit - reasons behind the limitations of audit , --- nature of
(i) financial reporting refers to the use of judgement , --nature of audit
procedures refers to the reliance on evidence provided by the client and its
management. , ---sampling is used when testing transactions and account
balances ,
--- what timeliness and cost of a financial report audit refer to

AUDITS OF SPECIALISED AREAS - 41

B. • special purpose financial statements
• single financial statements or components thereof
• summary financial statements including concise financial reports

REVIEW ENGAGEMENTS - assurance practitioner engaged in performing review

C. of financial report rather than an audit , --how a review differs from an audit

--- reviews of historical financial information other than a complete financial

report

HISTORICAL NON-FINANCIAL REPORTS ASSURANCE - ISAE 3000 an umbrella

D. standard for other assurance engagements (which may be either 'reasonable' or
'limited' ) , assurance of non- financial information reports

FUTURE-ORIENTED INFORMATION ASSURANCE --- what it includes , ---- 42

E. what kind of opinion and report does the auditor give

ASSURANCE ON SYSTEMS AND PROCESSES - ‘Systems and processes’ one of

F. the categorisations of underlying subject matter for other assurance services ,
most common other assurance services relate to internal control - Sarbanes–
Oxley Act 2002 , ISAE 3402 , ASAE 3150 , --- how does providing a report on
internal controls help?

-- kind of audits are included in assurance on systems and processes - 42-

• internal audits 43
• internal controls audit - Engagements in relation to control procedures may be
direct reporting engagements or assertion based engagements
• continuous auditing - on what are auditors asked to continuously audit an
report on , ---auditing issues related to continuous audit

ASSURANCE ON ASPECTS OF BEHAVIOUR - include (i) Compliance Engagements 43

G. - what assurance does compliance engagements provide , ---upon what is the
level of work the auditor needs to carry on will be dependent , ---- ensuring the
suitability of the criteria against which the outcome is to be measured , ----what
should the report prepared by the auditor identify and state

Corporate Governance Assurance - 44

(ii)

PERFORMANCE OF AN ACTIVITY - Performance engagements are concerned

I with the economy, efficiency and effectiveness of an organisation’s activities

APPLICATION OF STANDARDS - Preface to the International Quality Control, 45

4 Auditing, Review, Other Assurance, and Related Services Pronouncements (
facilitates understanding of the scope and authority of the IAASB’s
pronouncements )
 ----- what do IAASB pronouncements do?

APPLICATION OF ISAs - important points , ---- Fig. overview of the 46

A. categories of auditing standards, as well as the ISA number sequence used for
each category, and the number of standards in each category

SME Perspective --- ISAs often have a special section entitled ‘Considerations 47
(i) Specific to Smaller Entities' examples

--- e.g. of ISAs that are less relevant to an SME - ISA 300 , ISA 402 , ISA 510 , ISA
600 , ISA 610 , ISA 800

Audit Requirements - ----- small proprietary company as a business form ,

a. ---- small businesses choosing to either include key financial data in their annual
returns to ASIC or having company's accounts audited , ------ways in which an
association can incorporate ,

----A tiered approach to audit requirements for incorporated associations 48

Future Developments - scalability and proportionality of the ISAs , --

b. challenges of applying ISAs - appropriate to focus on complexity of entities rather
than size ,
---role of IFAC in context of SMEs

Differential Reporting --- IFRS for SMEs , ----AASB introduced differential

c. reporting for organisations that were required to apply full IFRS but found it
burdensome (2nd tier) , --- Tier 1 reporting

Public Sector Perspective ------environment in which public sector auditor 49

(ii) works , role of public sector and role of auditor-general , ----Several
instrumentalities participate in the control of public expenditures which is one of
the main responsibilities of the government ,

Mandate of the Auditor-General - the work of public sector auditors ,

a. Australia ---In the public sector, auditors work for either the Australian National
Audit Office (ANAO) or state audit offices, which support the various state
auditors-general. , -----core services provided by the Audit Office of NSW -
an understanding of the audit work carried out by various state audit offices in
Australia( Financial audits , Performance audits, Special reports )

Hong Kong 50

APPLICATION OF ISREs - are international standards that cover the basic 51

B. principles and essential procedures governing review engagements on historical
financial information , - ISRE 2410 , ISRE 2400 , -----points related to review
engagements

APPLICATION OF ISAEs - ISAE 3000 (Revised) Assurance Engagements Other

C. than Audits or Reviews of Historical Financial Information ,
In addition, there are four international subject specific standards for these
assurance engagements. They are:
1. ISAE 3400 The Examination of Prospective Financial Information
2. ISAE 3402 Assurance Reports on Controls at a Service Organisation
3. ISAE 3410 Assurance Engagements on Greenhouse Gas Statements
4. ISAE 3420 Assurance Engagements to Report on the Compilation of Pro Forma
 Financial Information
Included in a Prospectus.

---- five types of engagements and their specific international standards - 1.

Historical non-financial reports — ISAE 3410 ,
2. Future-oriented information — ISAE 3400 and 3420 , 3. Systems and
processes — ISAE 3402 , 4. Aspects of behaviour , 5. Performance of activity —
ASAE 3500 Performance Engagements

APPLICATION OF ISRSs - apply to non-assurance engagements involving related 52

D. services - ISRS 4400 Engagements to Perform Agreed-Upon Procedures
Regarding
Financial Information , ISRS 4410 (Revised) Compilation Engagements

AUSTRALIAN PERSPECTIVE - ASA 100 Preamble to AUASB Standards , ASA

E. 101 Preamble to Australian Auditing Standards , ASA 102 Compliance with
Ethical Requirements when Performing Audits, Reviews and Other Assurance
Engagements require assurance practitioners to comply with all AUASB
standards, Auditing standards and Ethical requirements respectively. , ---
AUASB drafts Australian Auditing Standards (ASAs) equivalent to ISAs

---- Australian standards have the' force of law' , ---ASAs are written in the
context of an audit of a ‘financial report’ ------ how the ASAs that diverge
from the ISAs are identified , -------ASA standards that do not exist at the
international level - ASRE 2415 , ASAE 3100 , ASAE 3450 , ASAE 3500 ,
ASAE 3610/AWAS 2 , APES 310 , ASRS 4450

---- changes in the Corporation Act led to issue of ASRE 2415 and the entities to
which it applies

CHANGING ENVIRONMENT - A. EVOLVING BUSINESS MODELS - over the 53

5 time, the changes in the environment that leads entities to continually evolve
their business models , ultimately may transform everything about the business
model

-----evolving of technologies impact an entity's business model

CLIMATE-RISK DISCLOSURE - The Task Force on Climate-related Financial 54

B. Disclosures (TCFD) , - TCFD identified 2 main categories of climate- related risks
- (i)Transition risks , (ii) Physical risks , ---- examples of climate-risk-related and
climate change disclosures

---- ISA 315 (Revised) - auditors need to consider climate related risks during the
risk assessment phase of an audit , ------ ISA 540 (Revised) - Auditing
Accounting Estimates, Including Fair Value Accounting Estimates, and Related
Disclosures

----- Material climate-related disclosures if reflected in the financial statements,

are audited as part of the annual audit.

----ISAE 3000 (Revised) applicable when climate related disclosures made

outside the annual report are assured

TECHNOLOGICAL INNOVATIONS - potential of technological innovations , --- 55

C. fundamental characteristic of audit innovation continuum Fig.
 Automation - where robotic process is used , ---where artificial intelligence 56
(i) process is used using application program interface (API) to integrate with other
systems , -----what an RPA can do , ------ what implementation of RPA
involves

----- how the rules-based tasks could be implemented using robotic process 57
automation (RPA) - A suggested RPA implementation of a revenue audit Fig.

Artificial Intelligence and Auditing ---how artificial intelligence reduces the need 58
(ii) to filter and code data into standardised data format ,

Big Data ----- One of the weaknesses of traditional auditing is the reliance on 59
(iii) investigating only a sample of documentation and transactions.
----what big data encompasses of , --- separate methods of approaching big data
by computer scientists and statisticians , ---- how insights into patterns and
relationships helps auditors

Data Analytics - a means of making the audit more effective and efficient , 60
(iv) ------points on how technology is transforming audit , ---- imperative for
auditors to understand technological advancements for meeting client
expectations and for effective communication with them

---- how big data and data analytics influences audit

Blockchain - a type of distributed ledger technology , ------what differentiates

(v) blockchain technology from other database technology and separate private
ledgers maintained within business entities , -------security of entries in
blockchain , ---- importance of standardisation and what it does ,

----- blockchain similar to transactions being verified by a notary - only in an 61

electronic and automatic way Fig.

----- application of blockchain in a private network due to security concerns , ----

need for auditors to understand blockchain technology , ----- benefits of
blockchain to businesses and accounting profession , ----- blockchain
technology further enhance efficiency and effectiveness of audit over and above
big data and data analytics

Module 2 PLANNING THE AUDIT OF HISTORICAL AND FINANCIAL

INFORMATION

OBJECTIVES OF AN AUDIT OF FINANCIAL STATEMENTS 69

1.

------ how degree of confidence in financial statements is achieved

Audit Risk - the risk that the auditor will express an incorrect opinion when the
A. financial statements are materially misstated ISA 200 , (i) Inherent risk
(ii) Control risk . Inherent and control risks exist independently of the audit of
the financial statements (iii) Detection risk - what does low detection risk
mean?

---- Matrix of level of detection risk required to keep audit risk to an acceptably 70
low level Fig. - matrix demonstrates that the acceptable levels of detection risk
are inversely related to the assessments of inherent
 --- Risks of material misstatement may exist at 2 levels -
• the overall financial statement level; and
• the assertion level for classes of transactions, account balances, and
disclosures

--- Factors that increase inherent risk and control risk at the financial statement 71
level Fig.

LEGAL, REGULATORY, PROFESSIONAL AND ETHICAL REQUIREMENTS - The 72

B. conduct of an audit of financial information is regulated by laws and regulations
(including standards) as well as the auditing profession’s code of ethics.

Regulatory Environment - important ISAs - 200, 300 and 400 series , ISA 300
(i) Planning an Audit of Financial Statements. , ----- role and services provided by
Financial Reporting Council (FRC)

Quality Control for Audits --- ISQC 1 Quality Control for Firms that Perform 73
(ii) Audits and Reviews of Financial Statements, and Other Assurance and Related
Services Engagements

----- International Federation of Accountants (IFAC) has developed a Guide to

Quality Control for Small- and Medium-Sized Practices

--- ISA 220 Quality control for an Audit of Financial Statements for quality
control at the engagement level and ISQC 1 covers quality controls required at
the firm level

---- Both ISA 220 and ASA 220 address the responsibilities of the engagement
quality control reviewer , ------ engagement partner's compliance with
quality control policies and procedures in audit engagements

--- Professional scepticism is an essential attribute that all auditors need to

possess. , --- enhanced requirements and guidance relating to professional
judgment and scepticism, in ISA 220

Engagement Team Members’ Compliance with Ethical Requirements - ISA 220

a. explains the ethical requirements, including independence, of the engagement
team in relation to audit engagements.

Acceptance and Continuance of Client Relationships - These acceptance and 74

b. continuance decisions should focus on independence considerations, possible
conflicts of interest and the ability to provide requisite skills to conduct the
audit

--- the decision of the engagement partner regarding acceptance or continuance

decision prior to audit needs to be documented

Assignment of Engagement Teams

c.

Engagement Performance - Direction to other members of the audit

d. engagement team would normally include:
• their responsibilities
• risk-related issues
• problems that may arise
 • the detailed approach to the performance of the engagement.
---- Supervision of members of the engagement team is also an important
aspect of engagement performance , examples

Auditor Independence for the Audit of Financial Statements - discussion of

(iii) additional independence requirements for an audit of financial statements

--- CLERP 9 - imposes independence requirements on auditors of financial

reports. These requirements amend the Corporations Act 2001.

---- requirement of declaration by auditor under Corporations Act 2001 75

---- The Corporations Act provides some guidance, in the context of defences to
charges of a breach of the independence provisions and on how independence
may be demonstrated - Maximum hours test , Independence test based on
the relationship of the auditor and audit entity

--- other requirements included in Division 3 ‘Auditor independence’ of the

Corporations Act

--- Corporations Legislation Amendment (Audit Enhancement) Act 2012 (Cwlth),

- responsibility of ASIC for monitoring auditor independence - also requires
audit firms to publish annual transparency report

Auditor Independence and United States Legislation - Sarbanes–Oxley Act

a. 2002 (US)

Compliance with Independence Requirements - engagement partner is

b. required to form a conclusion on compliance with independence requirements
applicable to audit engagements as outlined in ISA 220, para. 11

Auditor and Audit Firm Rotation - Periodic rotation of auditors designed to

c. bring fresh views to the audit , Auditor Rotation - the key audit partner (KAP)
must determine whether to treat entities as public interest entities (PIEs)
(basis of the decision)

---- Partner rotation requirements as per the Code for audits of public interest 76
entities : Table

-- Audit Firm Rotation - EU and non-EU PIEs , - extension of rotation

---- arguments in favour of mandatory audit firm rotation over audit partner 77
rotation and arguments in favour of mandatory audit partner rotation over
audit firm rotation - Fig.

Auditor Independence for the Audit of SMEs - SME auditor - potential lack of
d. independence , need to maintain an appropriate level of professional
scepticism

Professional Conduct and Ethics - accountants duties involve exercise of 78

(iv) competence in the technical aspects of financial services and more importantly,
integrity and objectivity in discharging these services. - a. Matters Concerning
Professional Appointments for Auditors

--- Threats and safeguards for professional appointment matters :Table ( The
Code of Ethics also highlights other matters pertaining specifically to the
 auditors)

-- Professional accountants should evaluate the significance of threats to 79

objectivity before accepting or continuing with specific engagements , -
additional safeguards

Applying Professional Scepticism and Judgment - for planning and performing

(v) an audit with professional scepticism , auditors need to remain independent of
the entity, its management and its staff when completing the audit work. , ---
when evidence contradicting documents submitted by the clients

---- Professional judgment relates to the application of relevant training,

knowledge, and experience that auditors use while making informed audit
decisions

--- Threats and safeguards for professional appointment matters : Fig. ( Matters 80
that involve professional scepticism)

--- Examples of professional judgments made during an audit : Table

--- reasons that tend to heighten the degree of professional judgement and 81
scepticism auditors need to apply

Detecting Material Misstatements - auditor responsible for obtaining 82

a. reasonable assurance that financial statements are free from material
misstatement caused by fraud or error , --- concept of 'intent ' - ISA 240

---what does error include

--- definition of fraud , ---- ISA 240 paragraph 5 -requires the auditor to consider
the risks of material misstatement in the financial statements due to fraud.

--- auditor's additional responsibilities under law, regulation or relevant ethical

requirements regarding an entity’s non-compliance with laws and regulations
(NOCLAR) , including fraud - these may go beyond ISA 240and other ISAs , - and
auditor's requirement to communicate these matters with those charged with
governance (ISA 240 para 43 )

TERMS OF ENGAGEMENTS - Scope of ISA 210 Agreeing the Terms of Audit 83

2. Engagements , -- engagement letter and its meaning , ------ scope of ISA 210

PRECONDITIONS - ---acceptability of the financial framework used (ISA 210) ,

A. - accounting standards used in Australia

--- obtaining an agreement from management that it understands its

responsibilities regarding financial framework , internal controls used and
providing auditor with access and information (ISA 210)

---- preconditions need to exist for the auditor to accept the audit engagement
unless required to do so by law or regulation.

ENGAGEMENT TERMS AND LETTER OF ENGAGEMENT - ISA 210 includes 84

B. requirements relating to the agreement on audit engagement terms.

-appropriateness of the engagement terms depends on the governance

structure and relevant law or legislation in the particular country
 ------engagement terms are detailed in the letter of engagement , -- topics
included in engagement letter

--- In Australia, audit is conducted in accordance with Part 2M.3 of the

Corporations Act - additional paragraph by auditor on independence in the
written terms of the engagement , - what Corporations Act contains in
Australia regarding provisions and restrictions relating to auditor independence

CHANGES TO TERMS - ISA 210 covers recurring audits and acceptance of a

C. change in the terms of an engagement.

--- what an auditor does in recurring audits , ---- scenarios when firms send a
new engagement letter each year

--- request from management to change the engagement to a lower level of

assurance prior to completion of the audit

AUDIT PLANNING PROCEDURES - ISA 300 Planning an Audit of Financial 86

3. Statements - auditor to plan an audit in an effective manner , -- overall audit
strategy

--- Reason for planning ----- How nature and extent of planning activities will
vary ----- continual and iterative nature of planning process , ---- planning for
instance depending on how effective internal controls are

---- audit planning activities and procedures that need to be coordinated early in
the audit process

GUIDANCE MATERIALS FOR PLANNING AN AUDIT OF SMEs - The Small and

A. Medium Practices Committee of the International Federation of Accountants
(IFAC)
released the Guide to Using International Standards on Auditing in the Audits of
Small- and Medium-sized Entities to assist practitioners on the audits of SMEs.

---- IAASB's potential possible actions to overcome challenges in respect to

audits of Less Complex Entities (LCEs) , - Small Entities Audit Manual (SEAM) by
CPA Australia for guidance on planning an audit of an SME

---Audit planning overview : Fig. 87

OVERALL AUDIT STRATEGY - auditor to ‘establish an overall audit strategy that

B. sets the scope, timing and direction of the audit ( strategy guides development
of Audit plan )

------what is involved in establishment of audit strategy? -defining its scope and

planning its time and nature - factors significant in directing engagement
teams efforts

two main alternative strategies (with combinations in between) of either:

Based on assessments of materiality, audit risk and what constitutes sufficient
appropriate audit evidence
1. a lower assessed level of control risk approach
2. a predominantly substantive testing approach

--- what substantive procedures aim at? , ----- what are tests of controls? 88
 THE AUDIT PLAN - audit strategy guides the development of this more detailed
C. audit plan , ---- what does an audit plan document?

----- what description does the audit plan include? - planned risk assessment
procedures , planned further audit procedures under ISA 330

----- Audit plan acts as an overview of the audit , while the actual audit plan will
vary

---- Developing an audit plan for trade debtors , Fig. 89

------ A more detailed plan of the audit procedures to be performed is often

documented in the form of an audit program - what audit program typically
outlines?

------ Audit program for substantive procedures for inventory : Fig. 90

----- factors that impact required direction and supervision of the engagement
team

---- auditor is required to document the overall audit strategy and the audit
plan, including any significant changes made during the audit engagement (ISA
300, para. 12)

---- Audit assertions and audit materiality are two key issues in auditing and are
thus key in developing the audit plan.

FINANCIAL STATEMENT ASSERTIONS - ‘representations by management, 91

D. explicit or otherwise, that are embodied in the financial statements, as used by
the auditor to consider the different types of potential misstatements that may
occur’

--- 2 categories of assertion used by auditor

---- Financial statement assertions Table:

---- illustrated examples - To demonstrate the identification of relevant 92

assertions related to potential misstatements

---- cutoff tests 93

DOCUMENTATION ( to be understood before the concept of materiality) - ISA 94

E. 230 Audit Documentation deals with the auditor’s responsibility to prepare
audit documentation for an audit of financial statements. , ---- form, content
and extent of audit documentation will vary between audits

MATERIALITY - concept of materiality important to both preparers of financial 95

F. statements and auditors , --- overall materiality , performance materiality

---- examples of potential benchmarks , ---- how the benchmarks are used by
the auditors? , ---- on what does choice of benchmarks depend?

--- auditor’s use of materiality in evaluating misstatements will be influenced by

qualitative considerations, additional information and the nature of the
decisions to be made.

---- factors which are concerned with materiality , ------ materiality of an item
 in relation to the financial statements taken as a whole affects the auditor’s
judgment regarding what is sufficient appropriate audit evidence, in accordance
with ISA 500 Audit Evidence

--- ISA 320 Materiality in Planning and Performing an Audit - guidelines on an 96

acceptable level of materiality

APPLICATION OF MATERIALITY CONCEPTS - Materiality issues are covered in ISA

G. 320 and ISA 450 Evaluation of Misstatements Identified during the Audit

----- situations when the concept of materiality is applied

----Identifying Risks of Material Misstatement - and the assertions they would 97

affect

Overall vs Performance Materiality ----- Meaning (ISA 320) -----what is 98

(i) overlooked if audit is solely planned to detect material misstatements

Susceptibility of the Entity’s Financial Statements to Material Misstatement — 99

(ii) Team Meeting ------ ISA 315 (Revised) requires the engagement team to discuss
the susceptibility of the entity’s financial statements to material misstatement
both at the financial statement and assertion level.

---- business risk including how the financial statements may be susceptible to
material misstatement (including fraud, as per ISA 240)

--- professional judgement and professional scepticism applied here

PHASES OF AN AUDIT ---- phases of an audit : Fig. 100

H.

--- gist of what each phase of the audit involves , ----- ISA 300 Planning an
Audit of Financial Statements - requires auditors to plan the audit by assessing
risk to reduce audit risk to an acceptably low level , ---- meaning of audit risk

Risk assessments made during the audit planning phase - Fig. 101

UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT 102

4.

---- ISA 315 (Revised) Identifying and Assessing the Risks of Material
Misstatement through Understanding the Entity and Its Environment

--- aspects that are included under ISA 315 para 11 as an understanding of the
entity and it's environment - A. THE ENTITY’S INDUSTRY, REGULATORY AND
OTHER EXTERNAL FACTORS

Industry Conditions
(i)

Regulatory Environment - ISA 250 (Revised) Consideration of Laws and 103

(ii) Regulations in an Audit of a Financial Statements

Other External Factors

(iii)

NATURE OF THE ENTITY - covers both what the auditor should understand and
B. how the auditor would use this knowledge in audit planning

Business Operations - understanding of what business matters are included in

(i) the knowledge of the entity's business operations , --Auditors also use
knowledge of the entity’s operations to identify significant inherent risks ,
related-party transactions - ISA 550 Related Parties

----The Entity’s Business Model - elements of a business model , -Some of 104

the main business model innovations currently transforming the business world

● Understanding of client's business for auditing purpose and make

professional judgements about -

Investments - what does knowledge of entity's investments include? , ---

(ii) investment in productive assets helps in a business' crucial decisions , ---
auditing of public companies , --- essential for auditors to understand
economic drivers of financial results

Financing - what is included in the knowledge of an entity's financing activities? 105

(iii) --- Sophisticated financing structures may increase the risk of misapplication of
applicable accounting standards , ---- Auditors should be alert to the violation
of debt covenants or events that might trigger guarantees, for such events
might raise substantial doubt about an entity’s ability to continue as a going
concern.

THE ENTITY’S SELECTION AND APPLICATION OF ACCOUNTING POLICIES -

C. depending on the business operations and the industry in which the entity is in

-- understanding of accounting policies , auditor should be aware of account for

significant and unusual transactions and changes to accounting policies

THE ENTITY’S OBJECTIVES, STRATEGIES AND RELATED BUSINESS RISKS -

D. understanding of business risk ISA 315(Revised)

--- importance of understanding of ‘the entity’s objectives and strategies, and

those related business risks that may result in material misstatement’ (ISA 315
(Revised), para. 11d).

--- terms - entity's objectives , strategies and business risks defined , ---- 106
illustrating relationship between business risks and risk of material
misstatement

---- The interrelationship of business risk and audit risk - Fig:

---- A proposed revision of ISA 315 (Revised) is expected to become effective for 107
audits of financial statements for periods beginning on or after 15 December
2020

● Where the changes have been made-

MEASUREMENT AND REVIEW OF THE ENTITY’S FINANCIAL PERFORMANCE --- 108

E. internal and external measures that review entity's financial performance

-- auditor should consider the reliability of the information system that

produces the measure and whether the measure is sufficiently precise to detect
material misstatements.
 -----Management and auditors use performance measure information in
different ways - Deviations from expected performance measures are critical
when assessing the inherent risk associated with financial statement assertion

THE ENTITY’S INTERNAL CONTROLS - understanding of internal control is used 109

5. by the auditor to identify ‘types of potential misstatements and factors that
affect the risks of material misstatement, and in designing the nature, timing
and extent of further audit procedures’ (ISA 315 (Revised), para. A50)

---- Internal control components - Financial Reporting Objectives - Fig:

COMPONENTS OF INTERNAL CONTROL - (i) Control Environment - sets the tone 110
A. of an organisation ( influences the control-consciousness of its people )

--- Some elements of an entity’s control environment have a pervasive effect on

assessing the risks of material misstatement , ---- management places a
strong emphasis on fraud prevention and fraud deterrence

--- what is considered by the auditor in evaluating the design of the entity’s
control environment

The Entity’s Risk Assessment Process -n what should be considered in

(ii) evaluating an entity's risk assessment process? --- how are techniques such as
SWOT Analysis and data analytics useful for identifying risk?

Information System and Communication - what is information system relevant 111

(iii) to financial reporting? --- what does transactions consist of? --- major focus of
control policies and procedures related to the accounting system is that
transactions are handled in such a way that the financial statements are
presented fairly in accordance with accounting standards

--- effective communication , a key component of successful information system

--- Blockchain — Capturing all the Data all the Time ( greatly expand the scope
and quality of the information able to be captured within accounting systems ,
advantages of blockchain)

Control Activities - are policies and procedures that help ensure management
(iv) directives are carried out. These include - • Authorisation , • Performance
reviews , • Information processing , • Physical controls , • Segregation of
duties

Monitoring of Controls - assesses the quality of a system’s performance over 112

(v) time -----Monitoring is used to ensure that the internal controls continue to
operate effectively , examples of monitoring activities

INTERNAL CONTROLS IN SMEs - potentially unique characteristics of a SME

B. that need to be considered by an auditor for auditing purposes

---- difference of opinion whether the auditor should rely on owner/manager

controls - what the auditor needs to do in evaluating owner/manager controls ?

----issue of management involvement and override needs to be considered

when assessing risks ---- reason why many SMEs fail

---- areas to which auditor needs to pay special attention

 CONTROLS IN AN IT ENVIRONMENT ---reasons why IT environment influences 113
C. the internal control and the procedures adopted by an entity

Types of Controls - Controls over IT systems are effective when they maintain
(i) the integrity of information and the security of the data, such as systems
process, and include effective a. General IT controls ( what does it refer to and
its purpose)and b. Application controls (what does it refer to and its purpose)
(ISA 315 (Revised), para. A107)

--- auditor should be aware of manual follow-up procedures for the transactions
identified by application controls and user controls directly relating to
assertions

----Overview of computer controls - Fig: illustrates the important audit 114

strategies for performing tests of controls when accounting and control systems
rely extensively on IT

--- The integrity of the system output and financial statement representations
depends on the effectiveness of general controls , ---- how weaknesses in
general controls may affect the reliability of application controls

General Controls - what are organisational and management controls designed

a.1 for?

--- separating and segregation of duties in an IT environment

--- what are systems development and program maintenance controls designed
for?

---- objectives of program change controls 115

--- computer operation controls - what are they designed for? - how are
operator activities restricted and monitored?

---- system software , - examples of system software controls - how monitoring

would provide an audit trail

--- what are data entry and program controls authorised with? - Access may be
controlled by physical or electronic means such as security guards and
automated key cards.

--- Other General IT Controls - To maintain continuity of operations,

management should ensure that the entity has adequate backup and recovery
procedures ( disaster recovery plan ), physical safeguards against loss or
destruction and contingency plans.

IT Controls and Cloud Computing - benefits , - major risks that organisations

a.2 need to manage , --- deployed in 4 general types depending on the level of
ownership and technical architectures

---- specific categories ( IaaS , PaaS , SaaS ) grouped under Service delivery 116

---- Auditors need to identify all systems relevant to the financial audit , - they
need to determine the impact on the audit as a move to cloud
 ---- risk-based approach (what are the risks?) to understanding and managing
the various cloud models and the related threats and risks

--- Key considerations relating to cloud computing security risks include (ACSC
2019):

Application controls --- Purpose of application controls , ---- over what do 117
b. application controls have control over? - b. 1. Input Controls - the reasonable
assurance that they are designed to provide are :

Proper Authorisation - Procedures through which proper authorisation can be

b.2 achieved -

Accurate Conversion - what it requires - • Adequate document design

b.3 (standardisation) , • Adequate training and supervision , • Data entry manuals
(written procedures) , • Appropriate chart of accounts

Completeness of Data - input controls that are designed to ensure

b.4 completeness of data - • ‘Turnaround documents’ • Control totals and
include
– Record counts , – Batch totals , – Hash totals , – Check digits

Reasonableness of Data - • Limit test , • Range test , • Reasonableness (logic) 118

b.5 test

Error Correction and Data Resubmission - • Responsibility for error correction ,

b.6 • Error log , • Review and approval of corrections , • Prompt re-entry of
corrections into the system

Processing Controls - are designed to ensure the accuracy and reliability of data
b.7 processing

Completeness and Accuracy of Data - following processing controls relate to

b.8 completeness and accuracy of data - • Run to run controls • Transaction
codes • Check-digit test • Sequence test • Audit trail

Maintaining Accuracy During Processing - following controls relate to the 119

b.9 maintenance of accuracy during processing - • Control totals • Console
messages • Rounding test • Error log • Limit and reasonableness checks
• Before-and-after report • File identification labels

Updating Correct Files - following controls relate to updating the correct files
b.10 • Proper training and supervision • File run and control instructions
• Internal labels

Output Controls
b.11

RISK ASSESSMENTS FOR SPECIFIC MATTERS - auditor performs risk assessment 121
6. procedures to identify the risk factors that could result in a material
misstatement in the entity’s financial statements.

FRAUD RISK - ISA 240 ----- fraud brainstorming , --- enquiries major risk-
A. identification technique , ---- auditor enquires from management , employees
about risks of fraud , ---- external evidence , ------risk of revenue fraud -
 'channel stuffing' , --- presumption of fraud risk relating to revenue requires
professional scepticism of auditors

Types of Fraud - examples of 4 types of fraud Fig: 122

(i)

Financial Reporting Frauds - definition and how it can be accomplished

a.

---- how can fraudulent financial reporting ( an intent to deceive or mislead) be 123
caused - what does it commonly involve?

--- how can frauds be difficult to detect? ---- checklist of 'red flags' .
Perpetrators of fraud aiming for concealment may consult the checklist and
design their
fraudulent activities so that suspicion is not aroused.

Misappropriation of Assets Frauds ---- what does it involve? ---- who are the
b. perpetrators of fraud? ----- examples of misappropriation of assets

--- organisations are using machine learning , predictive analysis and artificial
intelligence techniques to fight fraud

---- Red flags that may indicate fraud - Fig. -- False or misleading records or 124
documents are often used to conceal the fact that assets are missing or have
been used without proper authorisation.

Bribery and Corruption Frauds -- often referred to as kickback --- money

c. laundering

Cyber Frauds --- what does it include? --- data theft one of the biggest
d. concerns , --- theft of intellectual property, trade secrets and client data

Fraud Risk Factors - vary with the size, complexity and ownership characteristics
(ii) of the entity.

--- Types of cyber frauds that companies were a victim of through cyber attack 125
Fig.

--- ‘the fraud triangle’ Fig. - ( Three conditions are generally present when fraud
exists: incentive , opportunity , rationalize )

--- incentives/ pressures classified into 4 categories , ---- ‘Opportunities’, 126

identifies four corporate characteristics

AUDITING ACCOUNTING ESTIMATES - nature and reliability of information

B. available to management to make estimates can vary widely

--- example of estimation uncertainty , 127

-----The IAASB issued a revised International Standard on Auditing 540

(Revised): Auditing Accounting Estimates and Related Disclosures in October
2018. The standard is effective as from 15 December 2019. The revised
standard highlights three factors ( Complexity , Use of appropriate judgement
by management , Estimation uncertainty ) that are important in the
identification, assessment and response to the risk of material misstatement
 relating to accounting estimates.

--- key provisions , ---- auditor is required to separately assess inherent risk
and control risk

--- what the auditor is required to do , to evaluate and to gain an

understanding of by ISA 540 (Revised)

---SMEs - auditor is likely to perform substantive procedures in response to the

assessed risks - why?

RELATED-PARTY RISK - Fraud risk is another issue relating to related parties. , 128
C. ---- what are related parties?

--- how auditor might identify related parties? , ---- no arm's length
transaction

GOING CONCERN RISK - Standards and guidance for planning the audit and 129
D. performing risk assessment procedures with regard to the going concern basis
of accounting are contained in ISA 570 (Revised) Going Concern

--- when management makes a preliminary assessment and when management

has not made a preliminary assessment

--- what should be included as Risk factors associated with the auditor’s
assessment of the going concern basis of accounting

Management Responsibilities — Going Concern ---- In Australia, formal 130

(i) statement regarding solvency of the entity , ---- disclosure if financial statement
not prepared on a going concern basis

Auditor Responsibilities — Going Concern --- Where there is no reference to

(ii) going concern problems in the auditor’s report, this cannot be taken as a
guarantee of the entity’s ability to continue as a going concern.

--- ASA 570 (Revised) Going Concern, requires the auditor to assess the
appropriateness of management’s going concern basis of accounting for the
relevant period

CLIMATE-RELATED RISK - In what part of the annual report are these generally
E. reported ?
------if client’s climate-related risks are material, auditor needs to consider
whether those risks are adequately disclosed in the financial statements.
--- auditors are required to provide opinion if climate-related risk is part of
financial statement and not 'other information'

---- Task Force on Climate-related Financial Disclosures (TCFD) released a final 131
report outlining their recommendations on climate-related financial disclosures
along with supporting documents to support its implementation.

--- as per AASB/AUASB bulletin ‘entities can no longer treat climate-related risk
as merely a matter of corporate social responsibility and may need to consider
them also in the context of their financial statements’

NON-COMPLIANCE WITH LAWS AND REGULATIONS (NOCLAR) --- ISA 250

F. (Revised) is designed to assist the auditor in identifying material misstatement
 of the financial statements due to NOCLAR

--- amendments in ISA 250 ( Revised ) , ------ definition of Non-compliance

--- no evidence of NOCLAR, no further audit procedures are required , if NOCLAR 132
suspected , distinction to be made between direct and indirect effects on
financial statement ---- auditor's responsibilities if NOCLAR is direct and if its
indirect

Section 360 of the code goes beyond ISA 250

RISK ASSESSMENT PROCEDURES - performed when obtaining an 134

7. understanding of the entity and its environment.

METHODS USED FOR RISK ASSESSMENT - Three methods are required to be

A. used for risk assessment purposes outlined in ISA 315 (Revised),

--- how performing one type of procedure leads to performing other procedures
- e.g.

--- Types of enquiries and whom should they be made to , ------ Mandated risk
assessment procedures - • Enquiries of management and others within the
entity , • Analytical procedures , • Observation and inspection

Strategic Analysis ( to understand entity and its environment ) ---- As part of

(i) the strategic analysis the entity , what information does the auditor obtain?
( the conclusion of which should be a good understanding of where the
organisation is situated in its environment and its strategic direction)

---- what should the auditor consider after the strategic analysis is completed ? , 135

--- ---- Risk assessment: strategic risks and potential audit implications - Table:
( segregating between inherent risk , control risk and going concern risk )

Strategic Analysis Techniques - auditor is required to develop an understanding 136

a. of the client’s business strategies and identify the external forces that threaten
the success of these strategies , - traditional forms of analyses ( PEST , SWOT ,
value-chain analyses) replaced by innovative methods such as data visualization
and data analytics

SWOT Analysis - used to determine whether the organisation’s strategies are 137
a.1 producing a good fit between the organisation’s resource capability (in terms of
resource strengths and weaknesses) and its external environment (including
opportunities in the market and threats to market share and profitability).

--- Swot Analysis - Table: an e.g. to highlight major issues to consider in

performing a SWOT analysis.

PEST and PESTEL Analyses - Pest analysis is a traditional method used to 138
a.2 understand the forces acting on an entity’s external environment. ---
example of PEST factors that affect business entities. Fig:

--- PESTEL analysis for the airline industry Fig: 139

Value-Chain Analysis - enables the auditor to understand the entity's business 140
a.3 model , ---- definition
 ---- how understanding the competitive advantage of an entity is important for
the auditor in identifying present and future risks and considering their related
audit implications

--- Examples of primary activities, weaknesses, risks and their possible risk of
misstatement in the financial statements Table:

--- Examples of support activities ( increases effectiveness and efficiency of 141

primary activities), deficiencies and implications for audit risk Table:

Analytical Procedure ( important technique in understanding the client and 142

(ii) industry) - meaning

----Analytical procedures to test expected relationships between financial

statement items and accounts may assist the auditor to identify unusual
transactions and events which help auditor indicate risks of material
misstatement due to fraud.

---what Analytical procedures include?

---- Purposes for which analytical procedures can be used 143

---- how an auditor uses limited analytical procedure in a SME

--- analytical procedures are either evaluative or predictive. ---- how Evaluative
techniques uses past information to help auditor? ---- Predictive techniques

Simple comparisons - generally involve comparison of a current year income

a. statement, and statement of financial position items, to an appropriate norm or
standard e.g.

--- comparative income statement and statement of financial position, another

useful technique is to use common size financial statements - method ( This
procedure assists in comparing companies of different sizes and in determining
trends over time for a single company )

Comparisons to Prior Periods - historical figures need adjustment where there

a.1 are changes in economic environment or organisation's business, ---
expectations need to be factored in

Comparisons Between Locations 144

a.2

Comparisons to Budgets
a.3

Comparisons to Industry Figures - understanding of significant variances from

a.4 industry averages can be useful for the auditor, particularly in the planning
stages

Reasonableness Tests - are simple calculations using relevant financial and

b. operating data in order to develop an estimate of an amount ---- can be used in
the planning stage at a more holistic level or used as a substantive test where
they would be broken down into components.

Ratio Analysis - for comparability purpose and to get a holistic picture , auditor
c should consider a group of ratios rather than a single ratio . Types of ratios

Profitability Ratios - Fig. of ratios , when the profitability ratios are used and 145
c.1 what they indicate

Activity ratios - Fig. of ratios, ---- what the ratios mean and what are their 146
c.2 performance indicative of and how are they compared , ---- closing figures
better than average figures in detecting material misstatement

Liquidity Ratios - Fig. of ratios , what unusual trends indicate? ---- how
c.3 should the ratios be reviewed - with regard to what?

---- outcome of liquidity ratios compared with activity ratios ---- on what do 147
comparative importance of the level or changes in these ratios depend?

Financing Ratios - Fig. of ratios , and what do they indicate

c.4

DuPont Analysis - considering relationships between ratios , ---- Fig. of 148

d. relationship between relevant ratios , -----disadvantage inherent to all
financial ratio analysis methods, including DuPont analysis

Common-Size Statements - used to help the auditor in identifying trends that

e. indicate where additional attention will be needed during the audit

Audit Data Analytics (ADA) - The use of data analytics in a financial statement 150
(iii) audit is ‘the science and art of -

--- three distinct types of data analytics often used together to obtain a holistic
view of how the entity competes efficiently within the market. -
• Descriptive analytics. Uses data aggregation and data mining to provide
insights into the past — tells
us what has happened.
• Predictive analytics. Uses statistical models and forecast techniques to
understand the future — tells us
what could happen.
• Prescriptive analytics. Uses optimisation and simulation algorithms to advise
on possible outcomes —
tells us what we should do.

--- how is combining bag data and analytics helping auditors( goes beyond risk
assessment)

--- key advantages of using data analytics

---- can be used at any phase of audit fig. Data analytics — impact on audit 151
quality

--- how being able to analyse the entire population of dataset contributes to the
audit planning process?

----e.g. of challenges faced in integrating analytics into audits

---- key areas of audit where data analytics can be considered for 152
implementation : • trade payables • trade debtors • general ledger • payroll
• inventory
 --- Five-step process for planning and performing ADAs Fig:

Step 1: Plan the ADA - customise ADA application to the entity , 152

Step 2: Access and Prepare the Data for the ADA , 153

Step 3: Consider the Relevance and Reliability of the Data Used - The data
selected will vary depending on the assertion being tested.

Step 4: Perform the ADAs - involves the auditor executing the ADA to identify
or assess risks of material misstatement.

Step 5: Evaluate the Results and Draw Conclusions - involves evaluating the
results to determine whether notable items result in any of the following.
• Identification of previously unidentified risk
• Modification or support for the assessment of risks of material misstatement
• Information to better design or tailor audit procedures to address risk of
material misstatement

Using ADA for Risk Assessment - first an understanding of the entity and its
a. environment , to obtain an understanding of the system of internal control and
perform tests of controls, to assess the reliability of data used in performing
ADA.

---ADA effective for identifying general types of misstatements as well as for

identifying specific transactions or accounts that are likely to be misstated

--- how auditor uses ADA to look for anomalies or transactions that do not meet
the auditor's expectations?

--- Risk analysis decision tree - within an environment of professional scepticism 154
Fig.

----Data analytics techniques for risk assessment - Cluster Analysis - creation of

groups should be guided by a combination of the data and the auditor’s expert
knowledge. Cluster analysis involves sorting client data into various dimensions
or measures. Once sorted , it can be measured across those dimensions , then
data can be analysed and summaries prepared on the criteria based by month ,
division or manager

● Matching Information in Key Data Fields - uses ADA to search for key
characteristics that may exist in several different databases . Helps in
assessing fraud risk

Fig. of Searching for and finding unexpected matches in two data fields 155

-Regression Analysis - statistical measure of relationships between dependant

and independent groups of data (variables)

-Time-Series Regression - used to analyse data within the client , uses data from
past to predict the future , the audit team investigates fluctuations from the
trend

-Visualisation - representation of data as a chart or image , - characteristics of

good visualisation , - how can use of visualisation in the form of a planning
dashboard help? , - risks , - visualisation needs to be combined with other tools
 and has to have a purpose . An excellent visualisation that is integrated into a
well-defined and well-executed five-step ADA can add tremendous value.

----- Audit data analytics software: Table - Microsoft Excel , IDEA , Power BI , 156
ACL , R , Tableau , Python , Qlik Sense

● Other ADA Techniques - • Peer analysis , • Three-way match procedure , • 157

Journal entry analytics , • Segregation of duties analysis , • Process mining ,
• General ledger account reconciliation , • General ledger account balance
analysis

--- Process mining detects unauthorised sub-process - Fig. and explanation 158

--- Using Data Analytics and Data Visualisation to Assess the Risk of Fraud -
paint a clearer picture as includes analysis of unstructured data. They drill down
into financial data to identify suspicious transactions. - data analytics can help
find fraud and errors when combined with interviews to gain an understanding
of the business operations, accounting processes and information systems. -
examples of where data analytics can be used for identifying suspicious
transactions

RESPONDING TO ASSESSED RISKS - auditor using the aid of in a financial 159

8. statement audit , ---- ISA 330 outlines the nature , timing and extent of
evidence-gathering procedures that the auditor can undertake to respond to
assessed risks. -- what does timing refer to?

---- extent of audit procedures refers to the quantity of a specific audit 160
procedure to be performed , --- extent of procedures depends on auditor’s
judgment, assessed level of risk and degree of assurance sought. ---- there is a
relationship between the nature and the extent of audit procedures. ISA 330

OVERALL AUDIT STRATEGY - auditor has two main alternative strategies (with
A. combinations in between) which are based on assessments of materiality, audit
risk and audit evidence.
The two strategies are:
• a lower assessed level of control risk approach
• a predominantly substantive testing approach.

Developing the Audit Strategy - how the process of developing audit strategy
(i) starts?

--- when predominantly substantive testing approach is adopted and how is it

done?

---Preliminary audit strategies for material financial statement assertions Fig: 161
how the audit strategy is determined based on the level of control risk and how
that impacts on the extent of tests of controls and substantive procedures to be
performed.

Tests of Controls - are tests to gather evidence to support reliance on key

a. controls

---frequency of testing operating effectiveness of controls 162

Substantive Procedures - aimed at detecting material misstatement (at the

b. assertion level) in the dollar value of the information contained in the
accounting records or in the financial statements.

---- Substantive procedures consist of two categories: substantive analytical

procedures and tests of details (ISA 330, para. 4).

---how is substantive analytical procedure conducted and where is it applicable?

---- what are tests of details and what do they involve?

---‘Irrespective of the assessed risks of material misstatement, the auditor shall

design and perform substantive procedures for each material class of
transactions, account balance and disclosure’ (ISA 330, para. 18).

---- substantive tests related to significant risks under ISA 315 should be tests of
details only and/or in combination with analytical procedures.

---- consideration of Nature , Timing and Extent of substantive tests - Nature

refers to the use of substantive analytical procedures or test of details and
when they are applicable

APPROACHES TO ASSURING SMEs

B.

--- what do alternative substantive procedures include? 163

----what can be used as a cost - effective alternative for Audit sampling?

--- program controls cannot be relied upon , Audit software techniques may be
used to identify large transactions or balances , but manual auditing methods
are more cost- effective because of smaller volumes of data to be processed

--- data analytics for SMEs 164

Module 3 PERFORMING THE AUDIT OF STORICAL FINANCIAL

INFORMATION

KEY PRINCIPLES - forming an opinion on the truth and fairness of the audit 171
1. client’s financial statements.

SUFFICIENT APPROPRIATE AUDIT EVIDENCE - Auditors perform fieldwork that

A. entails gathering, analysing and evaluating evidence in accordance with the
audit plan and what the auditor must do for that

----Sufficiency relates to quantity of evidence obtained ISA 500- what is

quantity of evidence influenced by?

----Appropriateness relates to relevance and reliability audit evidence ISA 500 ,

- relevant - audit evidence must assist in achieving the audit objectives ,
reliability - must have credibility , reliability of audit evidence is influenced by
both its source and its nature , --- generalisations on reliability

--- ISA 250 (Revised) Consideration of Laws and Regulations in an Audit of a 172
Financial Report have implications for the information to be used as audit
evidence. --- how is audit evidence obtained?

FINANCIAL STATEMENT ASSERTIONS - When preparing financial statements,

B. management makes assertions about the entity’s financial position and
operations. Sufficient appropriate audit evidence needs to be obtained to
establish each of these assertions. (a) Assertions about classes of transactions
and events, and related disclosures, for the period under audit:
(b) Assertions about account balances and related disclosures, at the period
end:

----advantages of taking the risk assessment to the assertion level

AUDIT PROCEDURES - To tell if an audit procedure is tests of control or 173

C. substantive tests , look at the purpose of the test.
If the test’s purpose is to evaluate the operating effectiveness of a control, it is
a test of control.
If the test’s purpose is to detect material misstatements, it is a substantive test.
----- Auditor’s response to assessed risks of material misstatement Fig.

TESTS OF CONTROLS - Assertion-level controls directly relate to the prevention 174

2. or detection and correction of misstatements (referred to as control activities)

--- Financial statement–level controls (such as the control environment) provide

the foundation for the assertion level controls and influence how they operate
— and are often referred to as pervasive controls.

--- link between financial statement-level and assertion level controls

--- In the case of small-to-medium enterprises (SMEs), some financial

statement–level controls may also serve to address assertion-level risks of
misstatement

--- Assertion-level controls and financial statement–level controls Fig. 175

---- SMEs use off-the-shelf package accounting software without any

modification.

----Things an auditor for SME needs to consider before deciding to rely on

substantive procedure.

---- when are tests of controls considered?

OBJECTIVES OF TESTS OF CONTROLS - Only controls that the auditor has

A. determined are suitably designed to prevent, or detect and correct, a material
misstatement in an assertion are tested.

--- Developing an appropriate audit approach for an account balance or class of 176
transactions Fig. , ---- 2 important objectives

--- control deviation - When a control fails to prevent or detect and correct a
misstatement on a timely basis

--- The combination of enquiry, inspection and reperformance ordinarily

provides more assurance than just enquiry and observation(ISA 330, para. A26).

TESTS OF CONTROLS PROCEDURES -

B. The tests of controls used will depend on the accounting environment and the
type of control being tested.
 The major evidence-gathering techniques used for collecting evidence about 177
control systems are:
• inspection - of physical evidence relies on the auditor testing the physical
evidence to verify that a control has been performed properly. e.g.
• observation - auditor observing the actual control being performed or
identifying appropriate segregation of duties. e.g.
• enquiry - Enquiry involves the auditor using questioning skills to determine
how the control is completed and whether it appears to have been carried out
properly and on a timely basis. e.g.
• reperformance - involves the auditor reperforming the control to test its
effectiveness. e.g.
• computer-assisted audit techniques (CAATs) - use software packages to
import an entity’s data file so it can be tested. These programs can analyse
client data providing more extensive testing of electronic transactions and
account files to provide the audit evidence needed.

USING CAATs ( Computer-assisted audit techniques )FOR TESTS OF CONTROLS - 178

C. includes the use of technology to improve the audit process when evaluating
controls by extracting and examining relevant data. e.g. , -sophisticated use of
CAAT is data analytics

--- CAATs enhance audit effectiveness and efficiency as compared to traditional 179
methods of auditing base as they often test all transactions as opposed to
samples

---shortcomings of CAAT

--- IT application controls - key information : Table 180

---- Two major CAATs for testing controls - (i) Test Data - This technique is used
to assess independently the existence, effectiveness and continuity of software
controls. It provides the auditor with evidence of the integrity of the system
and the information contained within. , - what does it involve? , -
transactions designed to test the software controls

Integrated Test Facility - auditor establishes a dummy entity

(ii)

--- The Difference Between Test Data (evaluate just the controls in the
program )and Integrated Test Facility Techniques ( clients processing
environment is also being evaluated -tests the continuity of controls)

--- Illustration of test data approach and integrated test facility technique - Fig. 181

SAMPLING TECHNIQUES FOR TESTING CONTROLS ---- what is audit sampling and 184
D. what does it enable?

--- ISA 530 Audit Sampling - standard that provides guidance on the use of audit 185
sampling in performing audit procedures

---- audit sampling commonly used while testing controls as the auditors are
interested in whether the controls are working , not the monetary amounts in
which case selective examination of items is used as in substantive testing

Selection of the Sample - The most common methods that will allow a
(i) representative sample of the population to be selected are as follows:
• random selection
• systematic selection
• haphazard selection

Evaluation of Tests of Control Sample Results - For tests of control, the sample
(ii) deviation rate is also the projected deviation rate for the population as a whole.
- The auditor needs to evaluate the effect that the results of tests of controls
will have on the nature, timing and extent of planned audit procedures.

SUBSTANTIVE AUDIT PROCEDURES ---- comprise both substantive analytical 186

3. procedures and tests of details.

SUBSTANTIVE ANALYTICAL PROCEDURES ----- (i) Nature of Analytical

A. Procedures - 2 types of analytical procedures . first type is where analytical
procedures are performed as risk assessment procedures.

Second type is substantive analytical procedures - when and at what stages of 187
audit should substantive analytical procedures be used?

Designing and Performing Substantive Analytical Procedures - are designed to

(ii) substantiate financial statement balances by using predictable relationships
among financial and non-financial data. most suited to large volumes of
transactions that tend to be predictable over time.

---- when designing and performing substantive analytical procedures, what will
the auditor need to consider as outlined in ISA 520 Analytical Procedures

Suitability of Substantive Analytical Procedures for Given Assertions -

a. application of substantive analytical procedures is premised on the expectation
that relationships among data exist

suitability as a substantive procedure will depend on the auditor’s assessment

of how effective they will be in detecting material misstatements.

--- substantive analytical procedures in conjunction with tests of details and

tests of controls ------ design procedures to reduce risk of failing to detect
material misstatement

--- Level of assurance obtained — substantive analytical procedures Table:

--- substantive analytical procedures may be effective in detecting material 188

misstatements when the procedure can be calculated with a high degree of
accuracy. - Examples of effective substantive analytical procedures Table:

The Use of Non-Financial Data in Substantive Analytical Procedures - Analytical

b. procedures are stronger when they are designed based on an understanding of
the entity and its environment. Reliability of any non-financial data used needs
to be established before its use in a substantive analytical procedure.

The Reliability of the Data - Determining whether data is reliable Table:

(iii)

----When the amount of difference from an expectation is less than 189

performance materiality, the amount is likely to be acceptable.
 ---- Procedures used by auditors to investigate the differences from
expectations , --- conclusions made by auditor after the investigation - More
complex techniques like regression analysis and modelling

The Use of Reasonableness Tests as Substantive Analytical Procedures -

(iv) Reasonableness tests are computations that calculate an expected amount
( dependant variable ) by using financial or nonfinancial data as independent
variables.

RELATIONSHIP BETWEEN SUBSTANTIVE ANALYTICAL PROCEDURES AND OTHER 190

B. AUDIT PROCEDURES - analytical procedures are undertaken at the completion
stage of all audits to provide an overall review of the financial statements (ISA
520, para. 6).

TESTS OF DETAILS - include tests of transactions and account balances and are 191
C. designed to obtain direct evidence aimed at reducing the risk of material
misstatement for a particular account. The assertions provide the link between
the risks of misstatement and the audit procedures that provide the response
to these assessed risks.

Nature of Tests - What will the nature of audit procedures carried out will
(i) depend on? ----- What will specific audit procedures for each class of account
will depend on?

Designing and Performing Tests of Details - auditor needs to consider a 192

(ii) number of matters when designing and performing tests of details. Required
audit procedures need to comply with ISAs and any other local requirement
which include- , ------ when procedures are performed during interim period

Tests of Transactions and Account Balances - ---- one approach is auditor

(iii) testing transactions individually that increase or decrease account balance and
other types of accounts this approach is used on , ---- another approach is to
test directly the account balances , -----Direct testing of the items making up
the closing balances can be undertaken for accounts supported by lists of
individual items, such as a subsidiary ledger.

----- auditor's objectives during tests of details for a particular class of

transaction or account balance , ------ The link between the audit objectives
and the audit procedures are outlined in an audit program. - more than one
procedure is often necessary to satisfy a particular objective.

----To substantiate an amount presented in the financial statements, several 193

different procedures are usually necessary - e.g.

Types of Tests of Account Balances - audit tests that substantiate the closing
a. balance of a general ledger account. Thus, they are substantive tests that either
provide reasonable assurance of the validity and appropriateness of the
balance or identify monetary misstatements in it. - 2 types of balances are -
• external confirmations, including bank confirmations
• attendance at physical inventory counts.

External Confirmations - recognised but not mandated by ISA 505 External

a.1 Confirmations , ------ where external confirmations relevant and irrelevant
----- Examples of when external confirmations are suitable
 ---- what does the reliability of the evidence obtained by external confirmations
depend on?

--- Factors affecting the reliability of external confirmations include:

--- choice between negative and positive confirmations depends on the

prevailing circumstances, including the assessment of inherent and control
risks.

Positive Confirmation Requests - provides a very reliable form of evidence , ---

a.2 where is it preferred to be used? ---- when should auditor apply alternative
procedures? ---when should items be treated as misstatements?

Negative Confirmation Requests- are less reliable ---- when are they used? --- 194
a.3 auditor will have to increase the extent of other audit procedures in order to
obtain sufficient appropriate audit evidence as it doesn’t provide sufficient
appropriate audit evidence , ---- auditor may use a combination of both
positive and negative confirmation requests

Bank Confirmations - are used to obtain audit evidence concerning a client’s

a.4 dealings with its bank(s). ----- what do the information from these requests
assist in as per GS 016 Bank Confirmation Requests? ---- when does the auditor
send such requests?

--- Some of the major features of GS 016 include : , ----- Many bank
confirmation processes are now completed electronically (ISA 505, para A12; GS
016, para. 59).

--- advantages and risks and how the risks are mitigated?

Attendance at Physical Inventory Counts - When inventory is assessed as 195

a.5 material, the auditor is required to obtain sufficient appropriate audit evidence
regarding its existence and condition by attendance at a physical inventory
count, unless it is impractical ISA 501 Audit Evidence — Specific Considerations
for Selected Items

--- what should auditor do where attendance is impractical?

---- what matters the auditor is expected to consider in planning attendance at

the physical inventory count? --- what do the procedures usually consist of at
these counts?

Direction of Testing - Vouching , Tracing

a.6

----- Relationships between assertions, specific audit objectives and substantive 196
procedures for inventories

USING CAATs FOR SUBSTANTIVE TESTING ---- what does the audit software 197
D. consist of? , ---- how audit software techniques are substantive procedures ,
oriented with a limited ability to determine whether controls are, in fact
functioning, even though they do not directly test these controls?

--- what are the substantive procedures that can be performed by the CAATs?

-----Audit software may consist of: (i) Generalised Audit Software (GAS ) -
 computer programs that are essentially data manipulation and output
programs that are adaptable to various data formats and computer systems.

---‘generalised’ because the software can be used on a number of different 198

accounting systems and clients. e.g. ACL , IDEA

--- The functions of generalised audit software Table:

Purpose-Written Programs - computer programs designed to perform audit

(ii) tasks in specific circumstances.

Utility Programs and Systems Management Programs ---- Utility programs are
(iii) used by the entity to perform common data-processing functions such as
sorting, creating and printing computer files. Are computer programs not for
audit purposes

---- Systems management programs are enhanced productivity tools that are
typically part of a sophisticated operating systems environment

----Advantages and disadvantages of auditors using utility programs and 199

systems management programs - Table:

ADVANCED AUDIT DATA ANALYTIC TECHNIQUES - --- definition of 'data 200

E. analytics' when used to obtain audit evidence by IAASB

---- Advanced audit data analytic techniques, which can analyse complete data
sets (also commonly referred to as ‘big data’), can be used at the audit planning
stage and as part of the evidence-gathering procedures to identify and assess
risk.

----ability of these techniques that help the auditor , ------how use of data
analytics improves the understanding and application by auditor , ----
limitations of using data analytics

---- applications need to be properly implemented and reliability of the results

need to be considered , ---- data analytics in future ISAs

SAMPLING TECHNIQUES IN SUBSTANTIVE PROCEDURES - apart from tests of 201

F. controls, sampling techniques can also be applied to substantive procedures.

---- using stratification when designing the sample , ----- During sampling
for substantive procedures, the sampling unit may be:

---- definition of the sampling unit depends on the nature of the audit
procedures to be applied. e.g.

--- auditor should choose the sampling unit that will result in the most efficient
and effective sampling application to achieve the particular audit objective.

Monetary Unit Sampling (MUS) - uses the individual monetary units of an

(i) account balance as a sampling unit. , ---- how MUS works? ----features-
estimate level of overstatement associated with risk of misstatement ,
auditor's attention to larger account balances , stratified sample

---- care to be taken while using MUS 202

 Evaluation of Substantive Procedures Sample Results - auditor is required to
(ii) evaluate the sample results and whether the use of sampling has provided a
reasonable basis to conclude on the population (ISA 530, para. 15).

--- steps carried out in evaluating results -

• analyse the deviations detected
• project the errors found in the sample to the population
• assess the risks of an incorrect conclusion

EVIDENCE-GATHERING IN AN E-COMMERCE ENVIRONMENT 204

4.

TESTS OF CONTROLS IN AN E-COMMERCE ENVIRONMENT -

A. There are two major types of e-commerce environments:
1. business-to-business
2. business-to-consumer

---- similarities and differences between the two e-commerce environments ,

----- authorisation system of business-to-business e-commerce environment

----authorisation system of business-to-consumer transactions ,

---- Appropriate authorisation controls will help to ensure the authenticity of

transactions. - other controls are the use of Acknowledgements and Audit trails
( These controls are evaluated as part of the auditor’s general controls review -
also provides audit evidence as to the occurrence, accuracy and completeness
of transactions )

----Other audit evidence that the auditor may seek for completeness includes ,
----As with other audit engagements, it is necessary for the auditor to undertake
an evaluation of controls
within an e-commerce environment . - control environment to be evaluated to
the business and assess risk of material misstatement

-----electronic records may be more easily destroyed or altered, 205

-Related controls testing when evaluating the integrity of the electronic
evidence may
include:
• record integrity checks
• electronic date stamps
• digital signatures
• version controls.

SUBSTANTIVE TESTING IN AN E-COMMERCE ENVIRONMENT -

B. Testing of controls in an e-commerce environment is important because
systems are more open to external transactions (through direct access and
direct recording).

--- extent of substantive testing will depend upon the extent to which tests of
controls are undertaken

---- Assertions to which the auditor may have to pay closer attention

USING CAATs IN AN E-COMMERCE ENVIRONMENT - Both audit software

C. techniques and test data techniques are often used by auditors to gather
 evidence in an e-commerce environment

--- why need for such techniques has increased?

ADVANCED AUDIT DATA ANALYTIC TECHNIQUES AND CONTINUOUS AUDIT IN

D. AN E-COMMERCE ENVIRONMENT - particularly applicable to e-commerce
environments.

---- ability of these techniques vis-a-vis e-commerce that contain highly

automated controls

----recent advances in technology to analyse the large amounts of data captured

allows for more frequent or continuous monitoring of transactions by external
auditors. This can also benefit auditors by:

ADVANCED EVIDENCE-GATHERING ISSUES - relating to an audit of historical 207

5. financial statements. These issues cover areas such as related parties and group
financial statements.

AUDIT PROCEDURES FOR RELATED PARTIES --- Reasons why auditor usually
A. has a higher level of professional scepticism towards any transactions or
relationships with related parties.

---- ISA 550 Related Parties - obtain a sufficient understanding of related party
relationships and transactions to be able to recognise fraud risk factors arising
from any related party events.

-how it enables the auditor?

---- risk assessment procedures undertaken by the auditor include 'enquiries of

management' - what does it include and what understanding can the auditor
gain from it?

---what documents and records of related parties not previously disclosed or

identified inspected by auditor?

---- Identifying of related party transactions in SMEs

-- risks are mainly management not identifying or disclosing related party 208
relationships , --auditors perform substantive procedures where such
relationships are identified over the course of the audit , --- If the non-
disclosure by management appears to be intentional, auditor should evaluate
the implications for the audit of risk of material misstatement due to fraud.

--- what should the auditor do when related party transactions outside the
normal course of business are significant?

---- possible fraud when there are indications that dominant influence may exist

----related party transactions in SMEs , ----- audit procedures that should be

performed by the auditor in responding to identified risks of material
misstatement associated with related parties

USING THE WORK OF OTHER AUDITORS AND EXPERTS - ISA 600 series covers 210
6. using the services of other auditors and experts. There are three standards in
the ISA 600 series:
 • ISA 600 Special Considerations — Audits of Group Financial Statements
(Including the Work of Component Auditors)
• ISA 610 (Revised) Using the Work of Internal Auditors
• ISA 620 Using the Work of an Auditor’s Expert.

COMPONENT AUDITORS - (ISA 600) perform work on financial information

A. related to a component for a group audit . --What should the group auditor do
when relying on the work of a component auditor?

--- what is to be done when a component of the group has financial significance.
-- how is financial significance assessed?

---why is a component of the group assessed as individually significant? And

what kind of audit needs to be undertaken?

---Analytical procedures for components that are not significant

--- for significant components, how does the group auditor become involved?

--- list of matters relevant to group auditor's conclusions regarding group audit

---- with whom does the group auditor discuss significant matters arising from 211
the review

INTERNAL AUDITORS - ISA 610 ( Revised ) --- In determining whether, and to

B. what extent, the internal auditor’s work can be used, the external auditor
needs to determine the extent to which this work is adequate for the purposes
of the audit - This requires an evaluation of the

--- when to prevent undue reliance on the work of the internal audit function
and perform more of the work directly?

--- ASA 610 differs from ISA 610 ( Revised ) in the sense that it doesn’t allow
internal auditors to provide direct assistance to the external auditor.-- Meaning
of Direct assistance

---- Reason why the work of internal auditors should not be relied upon to the
same extent as work performed by the external audit team.

----If the external auditor is going to use specific work of the internal auditors,
the external auditor will need to evaluate and perform audit procedures on this
work to determine its adequacy for external audit purposes. This will include:

----Use of internal auditors’ work Fig: 212

USING THE WORK OF AN AUDITOR’S EXPERT - --- Auditor's expert are 213
C. specialists in fields other than accounting and auditing engaged by the auditor
firm, - necessary for obtaining sufficient appropriate evidence.

--- areas of expertise include: , ----- auditor’s determination of whether to

use the work of an auditor’s expert and, if so, whether the work undertaken is
adequate for their purposes is covered by ISA 620 , -----definition of auditor's
expert

------In assessing the need for an auditor’s expert and in deciding who would be
 appropriate, what should the auditor consider?

---evaluating adequacy of work of auditor's expert , -----auditor's reference to

the expert's opinion in the auditor's report

USING THE WORK OF MANAGEMENT’S EXPERTS - defined in ISA 500 , -----no

D. separate standard covering the use of the work of management’s experts.

----If relying on the work of management’s expert, the auditor must do the
following (ISA 500, para. 8) :

---- what does the auditor do if it is appropriate to rely on the work of the 214
management's expert?

---auditor's reference to the work of the expert in an auditor's report

AUDIT DOCUMENTATION ---- mandatory requirements related to 215

7. documentation ISA 230 , ---- documentation prepared on a timely basis
allows the auditor to understand:

---- Audit documentation - what it provides? , -- preparing sufficient and

appropriate audit documentation on a timely basis enhances:

---- what will the form , content and extent of audit documentation depend on?

--- if an issue is considered, it should be documented , ---- with whom shall

auditor document discussions of significant matter?

----time frame of completing the assembly of an audit file , -----audit file

retention period internationally and in Australia

SECURITY AND CONFIDENTIALITY OF CLIENT DATA --- legal requirements

A. regarding data security and confidentiality of client data by accounting firms , -
the ownership of files remains with the audit firm

AUDIT FILE ORGANISATION - Audit firms usually have a firm-wide policy on

B. how the audit files should be organised and indexed. --- advantages of using a
standard indexing system

--- organising of audit documentation

---Example indexing system for audit documentation Fig. : Can be either index 216
by Audit phase or Index by Financial statement area or variations are possible
combining the two approaches

EXAMPLES OF AUDIT WORKING PAPERS - extract from a memo on possible

C. adjustments relating to testing of inventory. Fig.

-extract showing possible adjustments where misstatements were identified 217

and the action taken. Fig.

● example of an audit program for the audit covering substantive procedures 218
for inventory. Fig.

EVALUATION OF AUDIT EVIDENCE - auditor is required to evaluate the audit 219

8. evidence to ensure appropriate procedures have been undertaken based on the
audit strategy and the audit plan
 ---- sufficient appropriate audit evidence - on which audit opinion is based

---Based on evidence obtained from tests of controls and substantive

procedures, it may be necessary for the auditor to revise and modify their
planned audit procedures, overall audit strategy and overall materiality
threshold.

MISSTATEMENTS IDENTIFIED DURING THE AUDIT - ISA 320 Materiality in

A. Planning and Performing an Audit deals with the auditor’s responsibility to
apply the concept of materiality in planning and performing the audit , ---ISA
450 Evaluation of Misstatements Identified during the Audit deals with the
auditor’s responsibility to evaluate the effect of identified misstatements and
uncorrected misstatements

----Misstatements can result from: , --- auditor is required to accumulate

misstatements identified during the audit, except where these are 'Clearly
Trivial' (ISA 450, para. 5).

----auditor should consider the nature of the misstatement( e.g. factual ,

judgemental or projected misstatements ) when evaluating the nature of
misstatements. ISA 450

---Extent of misstatements - how the materiality threshold of misstatements is 220

determined by the impact the misstatements could have on the decisions made
by a reasonable user of the financial statements. Fig.

----Depending on the level of the misstatements and the circumstances of their

occurrence there may be a need to revise the overall audit strategy and audit
plan (ISA 450, para. 6)

----Using ADA does not change the meaning of ‘reasonable assurance’. , ----
Unless prohibited by law or regulation, auditors are required to communicate
to management all
misstatements accumulated and request management to correct those
misstatements (ISA 450, para. 8).

---cases where management may refuse to correct some misstatements

because they genuinely believe they have made the correct judgments.

---- with regards to uncorrected misstatements that are considered material,

either individually or are in aggregate, auditors are required to:

----which misstatements and qualitative findings are not able to be aggregated 221
and how should they be evaluated?

---- whom should the auditor report uncorrected misstatement?

SUFFICIENCY AND APPROPRIATENESS OF EVIDENCE - what is to be

B. determined in the final step following the evaluation of audit evidence and the
materiality of uncorrected misstatements?

---- what does the auditor do where sufficient appropriate evidence is not
available or it refutes management’s estimates?

---- Determining how much evidence is sufficient and appropriate is a matter of

 professional judgment. What is the determination based on?

----Factors to consider in evaluating the sufficiency and appropriateness of audit

evidence include:

Module 4 CONCLUSIONS AND REPORTING

RESPONSIBILITIES FOR AN AUDIT OF HISTORICAL FINANCIAL INFORMATION

1. COMPLETING THE FIELDWORK - After completing the audit planning and 228
performing tests of controls and substantive procedures , it is time to complete
the fieldwork, evaluate the findings and complete the reporting requirements.

--- Distinctive characteristics of the procedures performed in completing the

audit fieldwork , Therefore, they are usually performed by senior members of
the audit team, such as audit managers (and closely reviewed by audit
partners), who have extensive audit experience with the entity.

--- In completing the fieldwork, the auditor performs specific auditing

procedures to obtain additional audit evidence. The specific audit evidence
relates to:
A. SIGNIFICANT AREAS - identified during the audit

Accounting Estimates - What will auditor do in responding to the assessed risks 229
(i) of material misstatement regarding accounting estimates?

-ISA 540 (Revised) auditors may need to consider climate-related estimates

used by management , - corroborative and contradictory evidence - relevant
and sufficient audit evidence

-qualitative aspects of the entity's accounting practices considered in

determining whether accounting estimates made by management are
reasonable

-indicators of lack of neutrality include: , ISA 700 (Revised) Indicators of

possible management bias

Related Parties - ISA 550 Related Parties , ------ procedures concerned with 230
(ii) the existence of related parties , also auditor should be alert for material
related-party transactions

Fraud - An auditor who assesses a risk of material misstatement due to fraud

(iii) must design and perform further audit procedures that respond to the nature,
timing and extent of the risk at both the financial statement and assertion
levels.
--- ISA 330 The Auditor’s Responses to Assessed Risks - response to specific
fraud risks identified should be consistent with the response to assessed risks

---- ISA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of

Financial Statements, paragraph 30. - include:

---- risks of management override of control and how it can be reduced

----fraudulent financial reporting of account estimates and how the auditor

evaluates

---- Indicators of possible fraud Fig. 231

 LITIGATION AND CLAIMS ---IAS 37 Provisions, Contingent Liabilities and
B. Contingent Assets definition of Contingent liability , ---- when a conditional
liability is recognised as a contingent liability and when as a liability

--- appropriate audit procedures concerned with litigation in contingencies 232

Solicitors’ Representation Letters - ISA 501 Audit Evidence — Specific

(i) Considerations for Selected Items - design and perform audit procedures in
order to identify litigation and claims involving the entity, which may give rise
to a risk of material misstatement which include:

---- when should the auditor seek a direct communication with the entity’s
external legal counsel and how does it help? - letter of enquiry

---representation letter from in-house legal counsel

GOING CONCERN - ISA 570 (Revised) Going Concern, requires the auditor to 233
C. ‘obtain sufficient appropriate evidence to determine whether or not a material
uncertainty exists related to events or conditions that may cast significant
doubt on the entity’s ability to continue as a going concern’.

--- when management has assessed the entity's ability to continue as a going
concern , auditor should review management's plans for future actions which
include:

----- Other audit procedures relevant to determining the existence of a material

going concern uncertainty is ISA 570 (Revised) including:

----- what the auditor needs to consider when analysis of cash flow and budget
forecast is taken into account for future outcomes

----- how auditor assesses the accuracy of budgets

Going Concern — SMEs ---- how auditor would normally evaluate an SME’s 234
(i) ability to continue as a going concern? , ----Factors that could cast significant
doubt on an SME’s ability to continue as a going concern :

Mitigating Circumstances - auditor should be aware of and evaluate its effects ,

(ii) Meaning , ---- possibility of raising additional finance ISA 570 ( auditor
discusses its plan with management to overcome the problem of inability to
continue as a going concern)

----- Examples of mitigating factors Table:

Financial Support - provided by third parties- existence, legality and 235

(iii) enforceability of arrangements and ascertain the dependence. --- letter of
support (active in nature) , letter of subordination (passive in nature) , -----
what issues should the auditor consider in determining how much reliance can
be placed on the letters of support and subordination

MANAGEMENT REPRESENTATION LETTER - what does it contain and what is

D. its purpose? , ---- what matters should be included in the letter? , ----
written representations about management responsibilities using the same
wording as in terms of the audit engagement. - matters that should be included
in the letter:
 ---- may complement other audit procedures and sometimes is a main source of 236
audit evidence , ---- what does auditor do if written representations are
inconsistent with other audit evidence? , ---Requirements regarding the
letter in Australia , ---- what happens when management refuses to sign
representation letter?

SUBSEQUENT EVENTS - Time frame of subsequent events. , ---- Impact on the

E. financial statements of the subsequent events dealt in IAS 10 Events after the
Reporting Period, and the audit implications are set out in ISA 560 Subsequent
Events.

Auditor’s Responsibilities for Subsequent Events - cover 3 periods. ---- 237

(i) Subsequent events timeline Fig: , ----‘Emphasis of Matter’ or ‘Other Matter’
- discussing the reason for the revision of the previously issued financial
statements.

-----In Australia, directors have a duty to consider and disclose any matter
arising in the period from the balance date to the date of signing the directors’
statement when such a matter prejudices the truth and fairness of the
accounts.

Applicable Audit Procedures - for transactions and events that have occurred
(ii) after the balance date are carried out up to the date on which the auditor signs
the auditor’s report.

---Specific Procedures - procedures specifically aimed at detecting and 238

evaluating material subsequent events. Time of undertaking the procedures
and what does the procedure include? ---Examples of enquiries of
management on specific matters

PERFORMING ANALYTICAL PROCEDURES - Near the end of the audit, the 239
F. auditor designs and performs analytical procedures in order to arrive at an
overall conclusion as to whether the financial report is consistent with the
auditor’s understanding of the entity.

-----Analytical procedures are applied to critical audit areas after audit

adjustments have been made to the financial statements.

---- reasons for using analytical procedures in the overall review , ---- Typical
analytical procedures that are conducted during the final review

----- how is the overall review carried?

--- why besides an auditor , an audit partner/manager also reviews analytical 240
procedures?

FINAL REVIEW ------- objectives of the auditor in evaluating the findings 242
2. during the final review stage and what does an auditor do to meet these
obligations?

----- the assurance firm is required to undertake an engagement quality control

review when they complete an audit of listed entities and other public interest
entities.

----- what does an auditor do in formulating an opinion on the financial

 statements? -ISA 450 Evaluation of Misstatements Identified during the Audit

---- when does a misstatement occur? - ISA 450 classifies misstatement into 3
categories - a. Factual misstatements - misstatements known with certainty , -
use of audit data analytics (ADA)

Judgmental misstatements - involve accounting estimates , c. Projected

b. misstatements - are result of audit sampling

FINAL EVALUATION OF MATERIALITY AND AUDIT RISK - (i) Materiality and 243
A. Pervasiveness - are terms that are used to identify the type of auditor’s report
to be issued. ---- modified or unmodified opinion based on if the effects of the
issue is material or immaterial. ---- reason for differences between the
amount determined for the initial planning materiality and the materiality
amount used to determine the type of auditor’s report to issue.

---consideration of uncorrected misstatements - each individual misstatement

considered

----- ISA 705 (Revised) Modifications to the Opinion in the Independent

Auditor’s Report identifies that the more serious forms of modified opinion are
appropriate in cases that are, or could be, both material and pervasive. , ----
what are pervasive effects? ISA 705 (Revised)

---- when is qualified opinion and more serious forms of modified opinion
observed?

Technical Review of Financial Statements - by an audit partner or manager is to 245

(i) ensure that the form and content of the financial statements are in accordance
with the applicable financial reporting framework.( Corporations Act and
Australian Securities Exchange requirements in Australia )

--- end of engagements final checks that need to be done

FINAL REVIEW OF WORKING PAPERS - working papers must record the work
B. undertaken by the engagement partner and must include:

--- electronic work papers - advantages , ----- It is important to maintain

detailed audit logs of all data analytics procedures performed and how it
enables the auditor?

----audit data analytics procedures integrated with audit programs and working
papers and how it enables the auditor? - the results of the data analytics should
be linked directly to the working papers.

---- what does audit completion checklist ensure?

----before auditor's report is issued engagement partner should be satisfied that

sufficient audit evidence is gathered and this includes - critical areas of
judgement , significant risks and other areas considered important by the
partner

--- audit review conducted in two levels , -- extent of audit review will vary 246
according to certain factors , --- what is the objective of this review?

--- duties of the reviewer before passing on to the engagement partner for final
 review , --- extent of work undertaken by the engagement partner

---- points considered by the engagement partner regarding the extent of

review of audit working papers

--- Engagement partner’s review of audit working papers Fig. 247

ENGAGEMENT QUALITY CONTROL REVIEW (EQCR) - Who should undertake it? ,

C. - What does EQCR provide? - what is discussed by the signing off partner?

---- what is required of engagement partner where the firm decides that EQCR is 248
required?

----EQCR shall include an objective evaluation of ‘the significant judgments

made by the engagement team, and the conclusions reached in formulating the
auditor’s report’ (ISA 220, para. 20). The evaluation must involve:

--- what should the EQCR also consider for audits of listed entities? , ---- what
does the evaluation also include? , extent of varying of EQCR

Consideration of the Results of the Firm’s Monitoring Process - ----- resolving

(i) of differences of opinion between engagement team/partner and EQCR

---- engagement partners are required to consider information circulated by the

audit firm in its monitoring process

FINAL CHECKLIST - Final considerations before the audit report is prepared 249
D. Materiality Fig.

--- audit opinion based on the evaluations of the overall financial statement
presentation, including disclosures , expressed within the audit report

PREPARING THE AUDIT REPORT 251

3.

UNMODIFIED AUDITOR’S REPORT - Guidance on issuing a standard

A. (unmodified) auditor’s report is contained in ISA 700 (Revised) Forming an
Opinion and Reporting on Financial Statements.

----- what does issuing a standard report signify? - what will the conclusion from
the auditor take into account?

---- why is consistency in the format of the auditor's report seen as desirable? - 252
the standard format covers both the structure and the wording - what does the
structure comprise of?

---- Types of auditor’s reports Fig.

Fair Presentation Framework - ISA 700 (Revised) acknowledges two financial 253
(i) reporting frameworks:
1. a fair presentation framework (a conceptual framework)
2. a compliance framework (a rule-based framework).

---phrase used in auditor's opinion when expressing an unmodified opinion on

financial statements prepared in accordance with a fair presentation
framework.
 ----Australian perspective

Material Uncertainty Related to Going Concern - Management is responsible, 254

(ii) either explicitly or implicitly, for making an assessment of the entity’s ability to
continue as a going concern (ISA 570 (Revised) - Responsibilities of the auditor

---- Auditor's reporting considerations when Going Concern Basis is Appropriate

- auditor should then issue an unmodified opinion , - what auditor needs to
determine when ‘the auditor concludes that the use of the going concern basis
of accounting is appropriate but a material uncertainty exists-

---If the disclosures considered necessary by the auditor are not made in the 255
financial statements, the auditor shall express a qualified opinion or adverse
opinion (depending on the auditor’s judgment of the pervasiveness of the issue
to the financial statements).

Key Audit Matters (KAMs) - ISA 701 Communicating Key Audit Matters in the
(iii) Independent Auditor’s Report is to disclose the information about the entity
and the audited
financial statements that users of the audited financial statements believe
would be of great value to them in their decision making.

---meaning of KAM , --KAM usually selected from the population of matters to

those charged with governance , ----subject matters of top three KAMs

----Determining and communicating key audit matters - how to determine 256

which matters are KAM in accordance with ISA 701 Fig.

---- ISA 700 (Revised) requirement for all audits of listed entities to 257
communicate KAMs in the auditor's report conducted in accordance with ISAs,
or when otherwise required by law or regulation , ---In accordance with ISA
701 (para. 11), the auditor describes each KAM in a separate section of the
auditor’s report headed ‘Key Audit Matters’.

--- what is stated as the introductory language in this section of the auditor's
report? , ----- what should the description of each matter of KAM include
and outline?

---- under what circumstances is KAM not reported in the auditor's report? ,
--- to whom is it communicated when there's KAM and when there's no KAM?

--- Requirement to communicate KAMs in New Zealand

Other Information Contained in the Annual Report - ISA 720 (Revised) The 259
(iv) Auditor’s Responsibilities Relating to Other Information outlines the
appropriate
response by the auditor when the annual report includes other unaudited
information that could undermine the credibility of the financial statements
and the auditor’s report. - examples of other information

---If it is considered necessary to revise the audited financial statements prior to

the date of the auditor’s report and management refuses to make the revision,
the auditor should modify their opinion in accordance with ISA 705 (ISA 720
(Revised) - In this case, action undertaken by auditor when other information is
obtained prior to the date of the auditor's report and when other information is
 obtained after date of auditor's report

--- In Australia where withdrawal from engagement is not permitted for audits 260
in accordance with the Corporations Act, ISA 720 (Revised) requires the
auditor’s report to contain: a separate section of 'other information' section
when at the date of the auditor’s report the auditor has obtained information
related to:

--- what is outlined as auditor's responsibilities in the section 'other

information'?

--- Examples of reports that the auditor does not need to consider because they
are outside the scope of the Audit. They are issued as standalone documents
instead of part of auditor's report

Independence Declarations - Independence of the auditor declaration in

(v) accordance with the International Ethics Standards Board for Accountants
(IESBA) Code and other relevant ethical requirements in the jurisdiction (ISA
700 (Revised) stated in the standard format report headed 'Independent
Auditor's Report'

---further independence declaration required of auditors in Australia imposed

through Corporations Act when undertaking audits of companies, registered
schemes or disclosing entities. ---- declaration of no contraventions of the
auditor independence requirements- either qualified or unqualified declaration

---- Under section 298(1)(c), the declaration is required to be included in the

directors’ report for that year.

---- In Australia, section 300(11B) of the Corporations Act also requires the 261
board of directors of a listed company to provide a statement in the annual
report that
identifies all non-audit services provided by the audit firm and the fees
applicable to each category of non-audit service. - Reasons and accordingly
what should be stated in the statement by directors? , ----- Section 300(11D)
requires that where the listed company has an audit committee, this statement
must be made in accordance with advice provided by that committee.

SMEs — Unmodified Auditor’s Report

(vi)

MODIFIED AUDITOR’S REPORT - There are two broad categories of 262

B. modifications: (i) Matters That Modify the Audit Report But Do Not Affect the
Auditor’s Opinion -
ISA 706 (Revised) includes Emphasis of Matter (matters presented or disclosed
in the financial statements) and Other Matter ( matters other than those
presented or disclosed in the financial statements)

Emphasis of Matter Paragraph- matter in the financial statements to which

a. attention needs to be drawn is usually in the notes of the financial statements -
this matter as Emphasis of Matter in the auditor's report .

---Two principle actions that make it clear that 'Emphasis of Matter' paragraph
is not a modification to auditor's opinion
 ---- Example of matters where the audit opinion is unmodified and an Emphasis 263
of Matter paragraph may be required include(ISA 706 (Revised):

Other Matter Paragraph - other matter not presented or disclosed in the

b. financial statements that the auditor believes is relevant to the users’
understanding of the audit , auditor’s responsibilities or the auditor’s report ,
----- Circumstances in which an Other Matter paragraph may be necessary
include: ,

--- Another area that can give rise to an Other Matter paragraph is Comparative 264
information included in the financial statements ‘unless the predecessor
auditor’s report on the prior period’s financial statements is reissued with the
financial statements’ (ISA 710)

--ISA 710 Comparative Information — Corresponding Figures and Comparative

Financial Statements - establishes standards and provides guidance to
auditors as to their responsibilities with respect to comparative information in
an audit of financial statements.

--- principles espoused in ISA 710 also be applied to the audits of special
purpose financial statements

---ISA 710 distinguishes between two various broad approaches to the auditor’s
reporting responsibilities in respect of such comparative information:
• Corresponding Figures - definition • Comparative Financial Statements

----- Reason for distinction between corresponding figures and comparative

financial statements in the international auditing standards

---- Reference to comparative information in the auditor's report - in

Corresponding figures and Comparative financial information

--- For the auditor to determine whether the financial statements contain the
required comparative information and whether this information is
appropriately classified, the auditor evaluates whether:

---- what is stated by the auditor in an Other Matter Paragraph in his report for 265
corresponding figures, when prior period financial statements were audited by
a predecessor?

Matters that Modify the Audit Report and Affect the Auditor’s Opinion -
(ii) difference between standard ISA 705 (Revised) - covers matters that modify the
auditor’s report and affect the auditor’s opinion (resulting in a qualified
opinion, disclaimer of opinion or adverse opinion) and ISA 706 (Revised) - which
covers matters (referred to as ‘Emphasis of Matter’ or ‘Other Matter’) that
modify the standard auditor’s report but do not modify the auditor’s opinion.

---Modified opinions that the auditor has a choice of issuing If the auditor is
unable to issue an unmodified opinion
• a qualified opinion
• an adverse opinion
• a disclaimer of opinion (also known as an inability to form an opinion) (ISA
705 (Revised)

---On what depends the auditor's decision as to which type of modified opinion
 is appropriate ?

--- Meaning of Pervasive , ---'Qualified Opinion' , ' Adverse Opinion' or

'Disclaimer of Opinion' headings make it clear that the modified opinion has
been used.

----additional section outlining the basis for modification placed immediately 266
after the opinion paragraph to provide financial statement users rationale for
the auditor's opinion headed -
• Basis for Qualified Opinion
• Basis for Adverse Opinion
• Basis for Disclaimer of Opinion, as appropriate (ISA 705 (Revised),

--- Basis for the modification section -if practicable include a description of the
effects of material misstatement on the financial statements

Matters Giving Rise to a Modified Opinion and the Type of Modification- The
a. auditor’s judgment and the type of modified opinions to be expressed Fig.

---two categories of matters giving rise to the need for a modified audit opinion:

• the financial statements are materially misstated - Material misstatements

may arise when there is a disagreement between the auditor and management
in relation to:

• the auditor is unable to obtain sufficient appropriate audit evidence - The 267
auditor’s inability to obtain sufficient appropriate audit evidence may arise
from:
--- how does the auditor conclude if qualified opinion or disclaim the opinion?

Qualified Opinion 268

b.

Disclaimer of Opinion - specific requirement in ISA 580 270

c.

Adverse Opinion 272

d.

--- Going Concern Basis is Not Appropriate - resulting in different types of 274
auditor opinion

COMMUNICATION AND REPORTING RESPONSIBILITIES 277

4.

COMMUNICATING WITH THE ENTITY - Communication highlights the

A. problems found, suggests improvements in the client’s system, and gives some
evidence on the extent of work performed. - ISA 260 (Revised) discusses the
requirement for the auditor to communicate with those charged with
governance.

Matters Pertaining to the Conduct of the Audit - --- auditor's communication

(i) with management and other personnel as a means of gathering audit evidence ,
with enquiries made and response to these enquiries documented in the
auditor's working papers. ---- written representation , final piece of evidence
 as a supplemental evidence, ---- management representation letter

Management Letter - written communication between the auditor and

(ii) management normally issued at the conclusion of every audit engagement.

--- what does the letter outline? , ---- with regards to internal control - ISA
265 Communicating Deficiencies in Internal Control to Those Charged with
Governance and Management- how is it communicated by management?

---- issues that auditor should communicate on a timely basis to those charged
with governance before management letter is written - ISA 240

--- what should the communications by the auditor include? 278

---- ISA 570 - implications of auditor's report.

Internal Control Matters ---- auditor required to obtain an understanding of

(iii) internal controls when assessing the risks of misstatements ISA 315 (Revised) in
order to design appropriate audit procedures

--- which deficiencies should be communicated to management and those

charged with governance - these issues are addressed in ISA 265 and they
require the auditor to: , ---- examples of significant deficiencies

Identified or Suspected Fraud - ---ISA 240 identifying and communicate fraud

(iv) and who is involved to those charged with governance and ‘discuss with them
the nature, timing and extent of audit procedures necessary to complete the
audit’

--- ISA 240 - auditor's responsibility whether to report fraud to an appropriate

authority outside the entity.

--- ISA 250 approach to confidentiality when communicating with an authority

outside the entity

Withdrawing from the Engagement - ISA 240 , ---In Australia, constraints on 279
a. change in auditor by regulatory policy should generally take place only after a
shareholders’ vote at the annual general meeting.

Communicating with the Audit Committee ---- enquiries made by the audit
(v) committee to the auditor

---- what is the auditor required to communicate with those charged with
governance? ISA 260

REPORTING RESPONSIBILITIES 280

B.

Reporting to Those Charged with Governance and Management --- ISA 260
(i) establishes mandatory requirements and explanatory guidance on
communication with those charged with governance and management

--- difference between governing body and management , --- describing the
term 'governance'

---- on what basis do auditors identify people charged with governance? , ----
 what matters are to be communicated to those charged with governance? ISA
260

----- IAASB suggested that interactions between engagement partners, audit

team members and communications with audit committees play an important
role in strengthening auditing standards.

---- emphasis on soft skills of employees in accounting firms 281

Reporting to Shareholders - Australian perspective s.307 282

(ii)

---- reporting requirements of a small proprietary firm , ----- that can avail 283
Reduced Disclosure Requirements (RDR)

----reporting exemptions to certain types of companies

Reporting to a Regulatory Body - Regulatory bodies in UK , US and Singapore

(iii)

● An Australian Perspective - Australian Securities & Investments Commission 284

(ASIC) is the regulatory body with public company oversight

---- when does the auditor have an obligation to report in writing to ASIC under
section 311?

---The ASIC Regulatory Guide 34 (2013) explains to auditors their reporting

obligations under section 311 of the Corporations Act

---When should the auditor obtain legal advice to determine appropriate course
of action?

Module 5 OTHER ASSURANCE

ENGAGEMENTS

1. AUDITS OF SPECIALISED AREAS 291

---- includes audits of special purpose financial statements, single financial

statements or components thereof, and summary financial statements.

----- Three international auditing standards in the 800 series covering audits of
specialised areas.
They are:
• ISA 800 (Revised) Special Considerations — Audits of Financial Statements
Prepared in Accordance with Special Purpose Frameworks
• ISA 805 (Revised) Special Considerations — Audits of Single Financial
Statements and Specific Elements, Accounts or Items of a Financial Statement
• ISA 810 (Revised) Engagements to Report on Summary Financial Statements.

A. SPECIAL PURPOSE FINANCIAL STATEMENTS

--- examples of special purpose frameworks- , --- what understanding does 292
the auditor need to obtain in determining whether to accept an engagement
involving an audit of special purpose financial statements?

----- what does the auditor need to comply with in planning and performing a
 special purpose audit?

ISA 320 (e.g. of special consideration of some ISAs in case of special purpose
financial statements) -regarding judgement of financial need information by
users

---- identifying intended users in either the auditor's report or he special

purpose financial statements as per ISA 700 . Also includes Emphasis of Matter
paragraph

i. Australia — Pending Changes

B. SINGLE FINANCIAL STATEMENTS AND SPECIFIC FINANCIAL STATEMENT 293

COMPONENTS - the guidance is contained in ISA 805 (Revised) . It is often
appropriate for engagements of this type to be performed on the basis of
agreed-upon procedures rather than as an audit, due to scope restrictions.

--- are performed in accordance with ISAs apart from the modifications in ISA
805 , ----auditor needs to consider concept of materiality in relation to ‘other’
financial information. --- ISA 805 outline reporting considerations for such
engagements.

C. SUMMARY FINANCIAL STATEMENTS - a summary from audited financial

statements , --- what it contains? , ---- auditor’s responsibilities relating to
an engagement to report on summary financial statements derived from the
audited financial statements are covered by ISA 810 (Revised).

---- auditors should not accept such an engagement unless they have audited
the financial statements from which the summary statement is extracted

---- auditor’s report on summary financial statements gives an opinion as to

whether the information in the summary is consistent with the full financial
statements.

i. An Australian Perspective - Listed entities in Australia can send concise 294

financial reports instead of full annual report that contains full financial
statements.

----Concise financial reports are prepared in accordance with Australian

Accounting Standard AASB 1039 Concise Financial Reports as required by the
Corporations Act 2001

---Guidance for auditors reporting on a concise financial report is contained in

Guidance Statement GS 001 Concise Financial Reports under the Corporations
Act issued by the AUASB.

---- why is additional procedures required when undertaking audit of concise

financial report?

----when does the auditor issue a modified auditor's report in accordance with
ASA 705 Modifications to the Opinion in the Independent Auditor’s Report (ISA
705 (Revised))

2. REVIEW ENGAGEMENTS - Review provides limited assurance that the 295

financial statement conforms to generally accepted accounting principles as
 opposed to audit that provides reasonable assurance that financial statements
are free from material misstatements

----If all the stages of an audit are not undertaken to allow reasonable assurance
to be attained, this will only permit the auditor to provide limited assurance.

----Internationally, there are two primary standards that cover the basic
principles and essential procedures governing review engagements on historical
financial information. These are: ISRE 2410 and ISRE 2400 and the reviews they
cover. ---- Australian counterparts are ASRE 2400 and ASRE 2410 (these cover
financial reports ) as opposed to ASRE 2405 which covers reviews of historical
financial information that are not in the form of a financial report

--- ASRE 2415 covers reviews of financial reports limited by guarantee

----Review standards require the reviewer to consider the risk that a fraud could
have occurred, although a review does not always uncover fraud if it has
occurred.

----Reviewer’s report explains their assessment of the subject matter and gives
their independent conclusion.

--Performance of review engagements in four different situations:

A. REVIEW OF INTERIM FINANCIAL INFORMATION PERFORMED BY THE AUDITOR 296

OF THE ENTITY - covered by ISRE 2410 Review of Interim Financial Information
Performed by the Independent Auditor of the Entity

---what is required of the reviewers who given are also the auditors of the
financial statements?

---- what are the limited procedures undertaken for all types of review
engagements are composed of?

--- what will the enquiries normally concern? , ---- limited procedures
undertaken for all types of review engagements are-

---The analytical procedures will be designed to identify relationships and

individual items that appear unusual and will normally include:

--- structure of review report , ---when auditor may modify the review report
by expressing qualified or adverse conclusion as outlined in

--- when auditor issues a disclaimer? ---- auditor may use 'Emphasis of Matter'
paragraphs in accordance with circumstances detailed in ISA 706 (Revised)

i. Proposed Changes to ASRE 2410 ---- Reason for proposed changes to ASRE 297
2410 , --- AUASB guidance on format of auditor’s review report Fig.

--- The proposed changes to ASRE 2410 will provide consistency in practice by 298
incorporating the changes to the review standard resulting from the enhanced
auditor’s report in accordance with the ASA 700 series.
The proposed changes include:

B. REVIEW WHERE THE ASSURANCE PRACTITIONER IS NOT THE AUDITOR OF THE

ENTITY - covered by ISRE 2400 (Revised) Engagements to Review Historical
 Financial Statements . ---- differences and similarities between ISRE 2400 and
ISRE 2410

C. REVIEW OF FINANCIAL INFORMATION FOR SMEs --- how is ISRE 2400

important for SMEs? ---- To reduce the regulatory burden for small
businesses, in June 2010,
the AUASB released ASRE 2415 Review of a Financial Report: Company Limited
by Guarantee or an Entity Reporting under the ACNC Act or Other Applicable
Legislation or Regulation.

-----Under the Corporations Amendment (Corporate Reporting Reform) Act

2010 (Cwlth), a three-tiered differential reporting framework has been
introduced for companies limited by guarantee.

--- Reporting requirements of Tier 1 and Tier 3 companies limited by guarantee. 299

----Under Tier 2 companies can elect to have their financial report reviewed
instead of being audited - under ASRE 2415 when should an auditor undertake
review according to ASRE 2400 and when according to ASRE 2410

D. REVIEW OF OTHER HISTORICAL FINANCIAL INFORMATION — AN AUSTRALIAN

PERSPECTIVE

----- ASRE 2405 covers reviews of historical financial information that are other
than a complete financial report. - what does ASRE 2405 specifically cover and
where are they derived from?

----With regards to evidence-gathering procedures, the assurance practitioner

will ‘make enquiries and perform analytical and other review procedures
[similar to those
procedures required under ASRE 2400 and ASRE 2410] in order to reduce to a
limited level the risk of expressing an inappropriate conclusion when the
historical financial information, other than a financial report, is materially
misstated’

3. OTHER ASSURANCE ENGAGEMENTS — PART 1 300

---- Five core types of other assurance engagements conducted as either a

reasonable or limited assurance are applied to by the overarching standard ISAE
3000 (Revised)
Assurance Engagements Other than Audits or Reviews of Historical Financial
Information . - National counterpart is ASRE 3000 and ISAE (NZ) 3000.

---- the subject matters of these engagements either required by regulation or

reported on a voluntary basis have wide range.

A. OVERARCHING STANDARD - ISAE 3000( Revised) umbrella standard for other

assurance engagements. ----- what does the conditions for accepting or
continuing other assurance engagements include?

---- what do the preconditions of an assurance engagement include? ---- how

does the practitioner(signing partner) plan the engagement?

----Overview of other assurance engagements - five types with their additional 301
specific standards and examples Fig.
 ----what should the practitioner do in regard to the underlying subject matter 302
and reasonable assurance engagement and limited assurance engagement?

----The practitioner must prepare engagement documentation that provides a 303

record of the basis for the assurance report - what should it enable an
experienced
practitioner (with no previous connection of the engagement) to understand?

---- what does a practitioner do when availing the services of a practitioner's

expert, a particular requirement for sustainability assurance engagements

----- IAASB is in the process of developing draft guidance relating to its extended
external reporting (EER) assurance project (IAASB 2019a). - objectives and
outlines of this project , - what types of reporting is included in EER?

● The 5 core types of Assurance engagements are:

B. HISTORICAL NON-FINANCIAL REPORTS - include performance reports on the use

of resources or value for money.

i. Assurance on Corporate Social Responsibility (CSR) Reports ---- who carry out
CSR disclosure assurance? , ----guidance by ISAE 3000 , ----- what does
assurance of CSR disclosures provide to stakeholders?

ii. Assurance on Greenhouse Gas Statements - what do disclosures of carbon 304

emission levels by companies include? , ---- what should be the main focus of
the greenhouse statement?

--- specialist skills required by practitioner to carry out the engagement , ----
technical , chemical or physical assertions made in the greenhouse report

--- Greenhouse gas (GHG) statements take different forms, including disclosures
that are:
• required by regulation
• related to emissions trading schemes
• voluntary.
-- The assurance approach for these statements varies depending on the
reporting entity’s level of precision in its monitoring and disclosure of GHG
emissions.

--- ISAE 3410 Assurance Engagements on Greenhouse Gas Statements covers

the assurer’s responsibilities for identifying, assessing and responding to risks of
material misstatement on GHG statements. --- what broad range of
circumstances can the standard be applied to? , the standard covers both
reasonable assurance and limited assurance engagements.

a. Schemes Regulated by Australia’s Clean Energy Regulator (CER) - Its 305

administrative responsibilities for different schemes

----The assurance practitioner must be a registered greenhouse and energy

auditor (RGEA) to be eligible to conduct assurance engagements (National
Greenhouse and Energy Reporting Scheme - NGERS audits) under any of these
schemes.

iii. Assurance on Sustainability Reports --- what information does sustainability

 report provide? , ---most common reporting framework for sustainability
report is GRI Standards

a. Why Assurance on Sustainability Information is Important - --- 306

recommendations by GRI for external assurance and it is expected that the
assurance practitioner will be selected by the reporting organisation based on
these recommended qualities

b. SME Perspective - CPA Australia has developed A Guide for Assurance on SME 307
Sustainability Reports. ---- 4 opportunities for SMEs related to sustainability
reports

Assurance on Water Accounting Reports ---- Australian Government

iv. strategies to improve water management, --- Water accounting is a central
part of Australia’s strategy to improve water management - meaning

----standards on preparation and presentation of general purpose water 308

accounting report and on assurance engagement

--- how does water accounting enable entities? , -----water accounting

reports need assurance that they have been prepared in accordance with
approved standards

v. Assurance on Business Performance Measurement - The Australian Accounting

Standards Board (AASB) has recently proposed a framework, in the form of a
draft Standard, for reporting service performance information. - objective of the
proposal

---Three types of potential assurance services in relation to performance

measurement systems are as follows - a. Reliability of Performance
Measures

b. Relevance of Performance Measures - who are the users and how do they 309
benefit from the information provided by assurance practitioner

c. Criteria Used for Performance Measurement - ----Performance indicators

should be:

vii. Assurance on Integrated Reports ---what is Integrated Reporting and what are 310
the six capitals?

---- how Integrated Reporting helps business and stakeholders especially

investors? , ---assurance is an essential component of developing relevant
and reliable integrated reports, what are the main challenges for assurance in
Integrated reporting?

B. FUTURE-ORIENTATED INFORMATION

i. Assurance on Prospective Financial Information - relevant standard is 311

ISAE 3400 , --- Australia does not have an equivalent standard to ISAE 3400,
but does have a standard, ASAE 3450 Assurance Engagements involving
Corporate Fundraisings and/or Prospective Financial Information that applies to
reporting on:

a. Definition - of 'Prospective financial information' , 'Forecast' and 'Projection' 312

 --- difference between forecast and projection

b. Auditor’s Objective - ISAE 3400 states that the auditor’s objective in providing
assurance on prospective financial information is to obtain sufficient
appropriate audit evidence as to whether:

c. Procedures - what guidance does ISAE 3400 provide the auditor? ----
procedure for collecting audit evidence and how much audit evidence is
required varies between management's best-estimate assumptions and their
hypothetical assumption

---key points in relation to auditor's assurance on prospective financial .

information

d. Reporting - ISAE 3400 outlines the procedures and reporting requirements in 313
an assurance of prospective financial information, including the following
warnings that need to be given to users:

ii Assurance on Compilation of Pro Forma Financial Information Included in a

Prospectus --- what do adjusted financial statements demonstrate? ----
presentation of proforma financial information ----content of the prospectus

----In a number of jurisdictions, assurers obtain and convey reasonable 314

assurance on the process for compiling prospective financial information, not
on the information itself.

----The existence of suitable criteria is a prerequisite for any assurance

engagement.

----To ensure an appropriate level of consistency in the application of ISAE 3420

in relation to the suitability of criteria, (IAASB) requires that the practitioner
determine that:

4. OTHER ASSURANCE ENGAGEMENTS — PART 2 315

A. SYSTEMS AND PROCESSES

i. Internal Audit ----Definition and what its functions include? ---- Primary
role of internal auditor

a. The Role of the Institute of Internal Auditors (IIA) - IIA is an international

professional association dedicated to enhancing the status of internal auditing.

--- what do internal auditors provide the audit committee with?

---Framework for internal auditing by IIA , ----Aim of IIA , ---IIA members are 316
supposed to adhere to both auditing standards and code of ethics

---internationally accepted definition of internal auditing and the points

emphasised in the definition

a.1. Institute of Internal Auditors Standards - The International Standards for the
Professional Practice of Internal Auditing (Standards) (IIA 2017) describe the
nature of internal auditing, the characteristics of those who perform internal
audit services, and the quality criteria against which the performance of
internal auditing can be evaluated.
 ---Purposes of the IIA(2017) standards , ---- The standards include basic
requirements and interpretations.- where do standards use the words 'must'
and 'should'

--- The standards apply to both assurance services (what are they and
examples) and consulting services (what are they and examples) by internal
auditors.

---The standards consist of attribute standards regarding the auditor and

performance standards regarding the auditor’s work.

---Key issues covered in attribute standards - how threats to objectivity must be

handled? - Chief Audit Executive(CAE) reports to the board and CAE
responsibilities

b. Nature of Internal Audit Work - The standards IIA(2017) involve evaluating and 317
contributing to the improvement of three main types of internal audit work.

b.1. Governance - Governance internal audit activities assess the governance

process and suggest improvements where necessary including:

b. 2. Risk Management - what does the risk management process include and
involve?

----what internal risk management audits aim at and what does it include?

----The internal audit activity must evaluate the effectiveness of risk-

management processes and contribute to their improvement. What does it
involve assessing?

b.3. Control ---How internal control audits help the organisation maintain
effective controls? -----How internal auditors evaluate controls?

--evaluation of the adequacy and effectiveness of controls in responding to risks 318

within the organization’s governance, operations, and information systems
regarding the:

c. The Purpose of Internal Audit ---- What assurance does internal audit function
provide to the management? ---What consulting services does internal audit
provide to the management?

--Why do audit committees rely on internal auditors?

---Internal audit function makes extensive use of the Committee of Sponsoring

Organizations of the Treadway Commission (COSO) framework

---What is the role of internal auditors in GHG and Energy reporting?

d. Internal Auditing as an Assurance Service --- what does ‘a systematic,

disciplined approach’ (IIA 2019) highlight?

---The new definition of internal auditing highlights a strategic risk analysis

approach to the internal audit function - The evaluation of risk exposure
includes the following:

---The internal auditors evaluate the adequacy and effectiveness of how the 319
 risks are identified and managed for the following areas: Where appropriate,
they provide recommendations for improvements.

d.1. Internal Audit Engagement Planning ---- what is considered in the

engagement program prepared by internal auditor prior to the commencement
of the engagement?

---The internal audit management team identify high-risk areas for internal
audit consideration. Senior management and the board of directors also have
input into that process. --objectives of chosen internal audits will be reviewed
with management and those who requested the audit

---- things to consider in determining scope of internal audit and e.g.

d.2. Carrying Out the Engagement --- what does the field survey consist of at the
start of audit? ---At what point it may be necessary to reconsider the
objectives, scope and planned audit procedures?

----The internal auditor must collect audit evidence that is sufficient, reliable,
relevant and useful : and how are these achieved?

--- e.g. of how nature of evidence will vary greatly depending on the nature of
the internal audit.

---Documentation important - Internal auditors need to document relevant

information to support the conclusion and engagement results

d.3. Internal Audit Reporting - Communications by internal auditor must include the 320
engagement’s objectives and scope and results’ (IIA 2017)

---essential elements of internal audit reports, ----Provision of internal

controls report by management - Reason

ii Internal Controls Audit 321

----what are the guidelines under US Committee of Sponsoring Organizations of

the Treadway Commission (COSO 2013) for?

---requirements under Sarbanes–Oxley Act 2002 (US) , ---- mandatory

requirements for assurance practitioners under ASAE 3150 Assurance
Engagements on Controls.

---Internal Control — Integrated Framework (COSO 2013) - suitable criteria

against which internal controls can be evaluated. , ----limitations of COSO
framework

--- An effective internal control system can only provide a reasonable assurance
that the entity will achieve its operational, financial reporting and compliance
objectives.

a. Using the Internal Control — Integrated Framework 322

---The primary responsibility for defining internal control rests with the chief
executive officer, who is answerable to the board of directors. The audit
committee of the board of directors, in turn, oversees the structure and
functioning of the internal control system as part of its governance role.
 ----COSO's internal framework consists of 5 inter related components - Control
environment , Risk assessment, Control activities , Information and
communication , Monitoring activities and 17 linked principles that apply to
operations , financial reporting and compliance objectives.

----Relationship between objectives and components- Any of these subsets can 323
be the subject matter of an assurance report Fig.

----The range of groups are likely to benefit from the conduct of assurance
services on risk assessments :

b. Using the Risk Management, Control and Governance Processes Framework - A 324
further framework for risk management, control and governance processes is
contained in ISO 31000 Risk Management — Guidelines , promoted by ISO, and
AS/NZS ISO 31000 is widely used in Australia and New Zealand as an alternative
to the COSO (2013) framework.
Main elements of AS/NZS ISO 31000:

iii Continuous Auditing -- involves use of embedded modules in a client’s 325

computer system to perform auditing activities .The key to continuous auditing
is that it produces audit results simultaneously with, or a short period of time
after, the relevant events.

---Advanced Audit Data Analytics applied to sustainability report , GHG report

or internal controls effectiveness

----A continuous audit involves traditional methods of obtaining audit evidence,

and also relies heavily on automated tools and techniques to provide much of
the evidence because of the time period

---A continuous audit engagement can be either: • an attestation engagement 326

• a direct engagement.

iv Continuous Assurance by Internal Auditors - Reasons , ----Advantages of

using continuous assurance in the internal audit environment include:

B. ASPECTS OF BEHAVIOUR 327

i. Compliance Engagements - involves gathering evidence to ascertain whether

the person or entity under review has followed the rules, policies, procedures,
laws and regulations with which they must conform.

---an entity may have external requirements and internally established

requirements to comply with

---Objectives of assurance practitioner when conducting a compliance

engagement ASAE 3100 Compliance Engagements

--- Australia recently revised the standard on assurance engagement ASAE 3100
- Reason for the revision , - what the revised standard provides the assurance
practitioners with:

---- Compliance assurance engagements can be either attestation engagements 328

or direct engagements - Comparison of attestation and direct compliance
engagements Fig.
 ----Why are engagements an integral part of accountability process in public
sectors

----Compliance engagements conducted in the private sector

--- Nature of assurance engagements on compliance in a Table: , ---what does

the table set out?

--- Auditor must clearly determine the scope of the engagement , where 329
engagement is conducted to express an opinion on compliance with specified
requirements.

----Assurance practitioner to consider materiality and its stage when

determining nature , timing and extent of procedures ASAE 3100

ii. Corporate Governance Assurance 331

--- Reporting of Corporate governance practices in the form of - , ----eight

essential corporate governance principles incorporated by The ASX Corporate
Governance Council (2019) publication. For each of these principles, the ASX
has a set of recommendations on how to achieve best practice.

---ASX Corporate Governance Council (2019) guidelines on what to report under

corporate governance , ----On what is assurance provided as per ASX
Corporate Governance Council (2019)

5. OTHER ASSURANCE ENGAGEMENTS — PART 3 333

A. PERFORMANCE OF ACTIVITY --- The public sector audit relationship Fig.

Explanation - assurance usually provided by auditor-general, who reports to the
parliament.

---- How is public sector auditor (auditor-general) established and from where
do they get the authority?

---Established under the Auditor-General Act 1997 (Cwlth), Australian National 334
Audit Office (ANAO) supports the Auditor-General for Australia (Australia’s
federal public sector auditor) to improve public sector performance and support
accountability and transparency in the Australian Government sector through
independent reporting to the parliament, the executive and the public.

---Powers of the auditor-generals of UK , US and Canada

----What assurance do parliaments , government ministers and the general

community seek in terms of public sectors? And how does public sector auditor
provide this assurance?

----Performance audits are concerned with the economy, efficiency and

effectiveness of an organisation’s activities (ASAE 3500 Performance
Engagements) -explanation of the concepts of economy , efficiency and
effectiveness

i. Economy, Efficiency and Effectiveness ----‘value for money’ - concepts of 335

economy and efficiency considered together

Economy - what does it refer to? ---what do economy audits consider? ----
 example of economy indicators

Efficiency - what does it refer to? -----what do efficiency audits consider?

----efficiency indicators --- what do program efficiency indicators show?

---- Indicators are measurements of the extent to which the criteria have been 336
achieved. ----Efficiency indicators compare: and examples

Effectiveness - Meaning , -----why is effectiveness the most difficult to

gauge? ----how is effectiveness an ends oriented concept rather than a means
oriented concept?

--- how is cost effectiveness of a program determined? ---- When focusing on

effectiveness, it is important to distinguish between intermediate outputs and
ultimate outcomes. ---- outcomes demonstrate the effectiveness of programs

---- what is audited instead when audit is conducted before longer term
outcomes are able to be assessed?

--- An audit of effectiveness may include all or any of the following:

---Scale or magnitude indicators of effectiveness could include measures such 337

as:

----Improved effectiveness examples

ii Performance Information and Indicators - As part of the performance auditing

process, the public sector auditor collects performance information about the
subject matter relating to economy, efficiency and effectiveness.

---- who creates performance information? ---- what is included in

performance information?

----For what is the performance information used by management? 338

----What are performance indicators?

---A performance audit will include consideration of the extent and quality of
performance information developed relevant to the activity being audited. -
What is examined in performance audit?

--- To be suitable, performance indicators should enable those using them to

assess the agency’s performance relative to the following:

--- Performance indicators are generally applied on the following basis - •

Ongoing — usually through management information systems • Periodic when
needed — through in-depth studies

a. Types of Indicators - One approach to measuring performance is to consider

the relationships between inputs, outputs and outcomes, which links back to
economy, efficiency and effectiveness. - Performance information — inputs,
outputs and outcomes Fig.

a.1. Inputs - What are input indicators designed to report and what information do
they provide?

a.2. Outputs - What do output indicators list? examples 340

a.3. Outcomes - What are outcome indicators designed to report? - Outcome
indicators can also provide a basis for developing cost-effectiveness indicators
when compared
with inputs.

b. Attributes of Meaningful Performance Indicators - • relevant • quantifiable •

verifiable • free from bias • appropriate • a fair presentation • balanced • cost-
effective

iii Assurance Standards and Regulation - Outlines the assurance standards and 342
regulatory environment affecting public sector performance auditing.

---Performance audit engagements covered in general terms by ISAE 3000

(Revised) --- Guidance on performance audits has also been issued by the
International Organisation of Supreme Audit Institutions (INTOSAI)

---- ANAO Auditing standards adopt revised ASAE 3500 , but for reporting
requirements they have adopted INTOSAI Standard ISSAI 3000 as it is consistent
with the current practice of the ANAO’s current approach in reporting to the
Parliament and with the ANAO’s purpose. - however many countries including
Australia prefer to apply IAASB or national standards rather than INTOSAI
standards as a guidance for performance auditors

---ASAE 3500 an adjunct to ASAE 3000 issued by the AUASB, provides guidance
on performance engagements for both public and private sector engagements.

----Reasons why public sector auditors apply the standards even though it's not
mandatory

--- Reason why more professional judgement required in performance audit

than financial statement audit

a. Independence and Quality Controls - --- How parliament supports the

independence and increases the credibility of audits by public sector auditor?

--- Appointment of auditor-general

Iv. Structure of a Performance Audit - Performance engagements are used by 343

public sector auditors to examine the extent to which government policy and
practice is undertaken in an economical, efficient and effective manner.

---performance audit is an audit or review that is undertaken to assess the

economy, efficiency and/or effectiveness of an activity or activities.

---Economy, efficiency and effectiveness of activities can also be assessed when

they relate to cross-jurisdictional activities.

V. Elements of the Engagement - Elements of a generic assurance engagement 344

Fig.

--Elements of a public sector performance audit Fig. 345

---Comparing the elements of a generic assurance engagement, public sector

performance audit and financial statement audit Table:

Vi. The Performance Audit Process - Performance audit from start to finish Fig. , 346
 --Performance audit process - segregated into stages Fig.

a. Project Identification Stage - a. 1. 1st stage Select the Organisation, 347

Program or Activity for Audit - selected on the basis of significance. Programs
and activities are reviewed for their significance or risk to good management

--Significance - understanding of significance is essential to selecting topics for

audit. This involves professional judgement. - what things should the auditor
consider in deciding about significance? , - what qualitative and quantitative
materiality factors are considered of significance by the auditor in making
decisions on what to audit and report?

a.2. 2nd stage Identify Potential Audit Topics - based on significance, risk to 348
good management and potential benefits.

--- with whom is consultation required for selecting areas subject to

performance audits? - How are the choices made? Significance informs this
choice as well.

--- Annual audit work program - what is it designed for? - complements the
ANAO’s primary strategic planning document — the corporate plan.

--- What factors does ANAO take into account in choosing which audits to
undertake?

---Some topics for performance engagements may include considerations of:

b. Planning Stage 350

---After having gained an understanding of the organisation — its purpose, key 351
activities, internal control structure and the significant accountability
relationships , what is involved in determining planning the audit in a general
sense?

b.1. 3rd stage Gain an Understanding of the Organisation, Program or Activity -

ASAE 3500 obtaining an understanding of the activity that will be subject to the
performance audit and other engagement circumstances.

--- What does a public sector auditor need to do to undertake a successful

performance audit?

----Valid activities - when undertaking a performance audit, the public sector

auditor examines an activity in order to form a conclusion about whether that
activity is being undertaken economically, efficiently and/or effectively. -
potential areas of legitimate review

b.2. 4th stage Undertake a Preliminary Study (Optional) - why is a preliminary

study undertaken? - what other information does the study provide?

--- What step is undertaken by the public sector auditor if preliminary study is 352
not undertaken? ---- Audit objectives relate to why the audit is being
conducted.

---The audit scope covers the:

b.3. 5th stage Prepare the Preliminary Study Report

 ----If a preliminary study is undertaken, the public sector auditor usually
prepares a preliminary report, which includes:

---The focus of the report should be

b.4. 6th stage Discuss the Preliminary Study Contents with Management - Once
the preliminary study has been completed, it is important that the public sector
auditor discusses its contents with management of the organisation that is
subject to the performance audit - what are the discussions centred on?

----Fundamental disagreement, such as disputes over criteria, will lead to

disagreement over the conclusions of the audit as reflected in the report.

b.5. 7th stage Develop Detailed Audit Criteria - On obtaining management’s

feedback on the general criteria during discussions on the contents of the
preliminary study, the public sector auditor would normally proceed to refine
the audit criteria from a general level to a more detailed level. - audit criteria
represent better practice that is
expected to exist in the ideal situation for the activity being audited.

---In a performance audit, the audit objectives and activity determine what
suitable criteria to consider are. --- characteristics of suitable criteria

--- As per ASAE 3500 suitable criteria need to be identified by the auditor and 353
may be taken directly, or developed from:

b.6. 8th stage Develop the Audit Plan, Including the Audit Program - An audit 354
plan is created at the commencement of the audit and it is used to:

---- Audit programs form part of the audit plan. - What is documented in an
audit program?

● audit plan does not change as an audit progresses, however, performance

audit programs can often change. ----audit program often changes in
response to:

--- Why is flexibility in audit process necessary? ---- when audit program may
require development and adaptation?

--- When may performance audits be repeated?

c. Conducting the Performance Audit - Phase in which audit plan is implemented

, ---- what does the public sector auditor do in conducting the audit?

c.1. 9th stage Carry Out Audit Procedures as Defined in the Audit Program - The
conduct stage is directed towards achieving the audit objectives. --- what does
the conduct stage involve?

Techniques for examining economy, efficiency and effectiveness - • 355

Inputs/outputs review - for assessing economy and efficiency

• Systems-based review - Provide the auditor with knowledge of the key

systems, processes and controls that are involved in the audited function or
entity so they can identify: -- what areas do system based reviews concentrate
on? ----addressing which questions is the main purpose of system based
review?
 • Comparisons - Types of comparison , different comparison bases 356

• Effectiveness evaluation ---- To evaluate performance effectively,

performance measurement systems require the following to be set and put in
place:
-The public sector auditor may audit the extent to which an agency’s
performance measurement systems include these components in order to rely
on agency-generated data or the system itself may be the subject of the audit.

--Main sources of data used for effectiveness reviews - Citizen surveys , 357
Trained observer ratings , Comparison with similar programs , Internal
records

-----Having established the techniques the auditor plans to use to gather and
evaluate information against audit criteria, the auditor needs to obtain
evidence to form an opinion on the subject matter.

Evidence - Why is collecting evidence complex ? - therefore auditor often

must rely on evidence that is persuasive rather than conclusive.

---Examples of methods of obtaining evidence include: 358

Cause and effect - Once an audit finding regarding any performance failure has
been identified, assessment of cause and effect of lack of performance takes
place

--- Quantitative and qualitative effects - effect should demonstrate the need for 359
corrective action
---In examining cause and effect, the auditor should be aware of the following:

c.2. 10th stage Analyse Evidence and Evaluate Findings so as to Develop

Conclusions and Recommendations - Throughout the conduct of the audit,
the auditor evaluates evidence against the selected performance audit criteria.
The aim of this evaluation is to develop findings to:

----'Material variations' , ---impact on users of assurance reports is the

ultimate test of what is material in the context of an audit - when assessing
materiality stakeholders’ interests and information needs for decision making
are considered.

--- What should the auditor do when he identifies a variation from performance 360
audit criteria?

---When developing recommendations, the auditor should consider the results

of the cause and effect analysis, taking into account:

--- What should be ensured while making recommendations?

c.3. 11th stage Communicate Summary of Draft Findings and Proposed

Recommendations

--- 2 reasons why public sector auditor maintains contact with management of
the organisation during the course of the audit:

----The public sector auditor’s report may include recommendations for

improvement to address the variations identified (ASAE 3500) in the following
 areas:

d. Reporting Stage - Public sector auditors carry out their responsibilities in 361
accordance with an audit mandate specified in legislation in the respective
country. - what does the audit mandate specify?

---International Organisation of Supreme Audit Institutions (INTOSAI) operates

as an umbrella organisation for the external government audit community. In
Australia, the government audit responsibilities are undertaken by the federal
and state/territory auditors-general.

---Performance audit reports may be prepared based on either: an attestation

engagement or direct reporting engagement

---Typically, a report produced by a public sector auditor will outline: , ----

what is the objective of performance engagement?

---what is the report intended to provide the users with?

---- auditor's conclusion in limited assurance engagements - Limited assurance

engagements are referred to as ‘performance (assurance) reviews’ rather than
‘performance audits’.

---'Better performance guides' (BPGs) - topics on which BPG is available:

----ASAE 3500, lists the following basic elements to be included in an assurance

report for a performance engagement:

d.1. 12th stage Report to the Head of the Organisation, the Minister and 362
Parliament - whom does the auditor-general provide report to? ---- audit
conclusions and recommendations separately filed -reason

--- contextual factors: what they include and where are contextual information
they provided?

---Exit interview - Proposed audit findings and conclusions should be thoroughly

discussed with the auditee before the audit report is prepared. --- Response by
auditee to the report- In the case of the ANAO, any comments received on a
proposed performance audit report are required to be included in the final
audit report.

e. Follow-Up Audits 364

e.1. 13th stage Follow Up and Report on Conclusions and Recommendations -

also ascertaining whether any additional work should be done by a subsequent
audit.

----In various jurisdictions parliamentary oversight committees, such as public

accounts committees, may undertake inquiries to assess the extent to which
agencies have addressed audit findings and implemented recommendations.

6. NON-ASSURANCE SERVICES - include agreed-upon procedures and 366

compilation engagements.

A. AGREED-UPON PROCEDURES - An assurance practitioner can undertake

procedures of an assurance nature that are agreed upon with the entity and the
 user of the report.

---- Guidance is provided through ISRS 4400 Engagements to Perform Agreed-

Upon Procedures Regarding Financial Information. In Australia, the relevant
pronouncement is ASRS 4400 Agreed-Upon Procedures Engagements to Report
Factual Findings.

--- what does ISRS 4400/ASRS 4400 outline in terms of acceptance of such
engagements? - These matters are detailed in the engagement letter that
should clearly set out the:

i. Reporting Considerations - no opinion is expressed and consequently no

assurance is provided. ---- what should the report issued by the assurance
practitioner outline?

---The report clearly communicates to the user that agreed-upon procedures

were undertaken, not an audit or review

---The report should contain:

---Proposed changes to revised ISRS 4400 include: 367

ii. Comfort Letter Engagements - ASRS 4450 Comfort Letter Engagements has no
international equivalent. - what does the standard address?

---The comfort letter is based on the auditor having performed the requesting
parties’ specified procedures and consequently no assurance is expressed in the
comfort letter.

---Elements in the auditor’s comfort letter report:

B. COMPILATION ENGAGEMENTS - Guidance for these types of engagements 368

contained in ISRS 4410 (Revised) Compilation Engagements. In Australia, the
relevant pronouncement is APES 315 Compilation of Financial Information
issued by the Accounting Professional and Ethical Standards Board (APESB).

● Involve accounting expertise to collect , classify and summarise financial

information , --- these are commonly used engagements for SMEs (in what
circumstances?)

i. Reporting Considerations - When reporting on a compilation engagement, in

accordance with ISRS 4410 (Revised), the report on the engagement should
contain: