Endunamoo BCTA Auditing - gimmenotes€¦ · Preliminary engagement activities Planning Establish...
Transcript of Endunamoo BCTA Auditing - gimmenotes€¦ · Preliminary engagement activities Planning Establish...
Endunamoo BCTA
Auditing Koena Gerald Moabelo CA (SA) | 24/03/2018
The Audit Process
Preliminary engagement activities
Planning
Establish overall audit strategy
Develop an audit plan
Obtain audit evidence (the auditor’s response to
assessed risk)
Perform tests of control
Perform substantive procedures
Evaluation, concluding and reporting
The C
om
panie
s A
ct
(2008)
The A
uditin
g P
rofe
ssio
n
Act
(IRBA)
Kin
g I
VThe C
ode o
f Pro
fessio
nal
Conduct,
By-L
aw
sand r
ule
s
regard
ing im
pro
per
conduct
2
Materiality
3
Materiality
Learning objectives:
➢ Understand the concept of planning vs performance materiality
➢ Identify appropriate threshold to base planning materiality
➢ Be able to calculate planning materiality
➢ Criticise a planning materiality calculation
Planning - Planning Materiality
Materiality
Planning Materiality (ISA 320)
▪ Planning phase
▪ Affected by risk
Performance Materiality (ISA 320)
▪ Materiality for a specific class for transaction, account balance or disclosure
▪ Affects sample size
▪ Represents: Maximum potential error (Sample size) –”Catch all”-link with evaluation of identified errors.
▪ Less than overall materiality
▪ Used to scope in accounts
5
Planning - Planning Materiality
Setting of materiality
Indicators:
▪ Quantitative
• Turnover ½ - 1%
• Gross profit 1 - 2%
• PBT 5 - 10%
• Total assets 1 - 2%
• Equity 2 - 5%.
• Qualitative:
• Regulation, Accounting Standard
• Control environment/ effectiveness of IC
• Integrity of management
• irregularities
Relationship between risk and materiality
▪ High audit risk → lower materiality and vice versa
6
Planning - Planning Materiality
Exam Technique / Approach
1. Determine the relevant figures to use
CY TB/ CY Forecast / PY Audited results
2. Consider nature of an entity
Revenue, GP, Profit for the year, Total assets
3. % and calculations
4. Motivate your answer
5. Conclusion
Net loss is not considered an appropriate base
Relationship with audit risk
Performance materiality always lower than planning materiality
7
Internal controls
Obtaining audit evidence
Learning objectives:➢ Understand the concept of internal controls and why we need to
assess the control environment
➢ Understand the cycles and be able to identify controls as well as control weaknesses within the cycles
➢ Understand IT control environment including difference between general and application controls
➢ Understand how application controls address certain assertions
10
What is the relevance of controls to the audit?
➢ ISA 315 requires auditors to gain an understanding of the entity and its environment
➢ This includes gaining an understanding of the control environment
➢ Business processes and IT environment
Implications:➢ If controls are designed and implemented appropriately, we can place reliance on the
control environment
➢ This means we can incorporate tests of controls in our approach (combined approach)
➢ Weak control environment = No control reliance = Fully substantive audit approach
Definition: Internal control
Internal control is designed and implemented to addressidentified business risks that threaten the achievement of anyof the above objectives
• Definition ISA 315 par 4
• It is a process designed, implemented and maintained
• By those charged with governance, management and otherpersonnel
• To achieve an entity’s objectives with regards to:
➢ Reliability of financial reporting
➢ Effectiveness and efficiency of operations; and
➢ Compliance with applicable laws and regulations
11
Why does it matter to the Auditor?
When the auditor obtains an understanding of internal control,he/she has to:
• evaluate the design of those controls. Does a control(individually or in combination with others) effectively prevent,detect and correct material misstatements?
• determine whether these controls have been implemented
(ISA315.13)
12
Business Cycles
Business Cycles
Revenue & Receipts
Acquisitions & Payments
Inventory & Production
Payroll & Personnel
Finance & Investment
13
14
IT Controls are categorized in the following categories:
➢ General controls
➢ Application controls
General controls
• Definition & components ISA 315.A104
• Controls which establish an overall framework of control forcomputer activities
• Address the risks at the overall financial statement level(Control risk) - ISA 315 para A63
• Controls which are in place before any processing oftransactions
• Refer to your text for categories of general controls (Page 8/7– 8/25, Auditing Notes)
15
General controls
• Management support; IT governance policy
• Segregation of duties
• Server physically secure
• Computer terminals visible
• Managed by a database administrator – pre-authorisation; regularreviews
• ID logins
• Passwords regularly updated
• Control tested regularly – outsource?; SLA
• Segregation of duties
• Data recovery plan; Regular back ups
16
Application controls
Control Objectives
Validity
Accuracy
Completeness
17
Application controls
• Definition ISA315.A105
• Controls relevant to a specific task within an accountingbusiness cycle
• Address the risks of material misstatement level at theassertion level
• Include both manual and automated (computerised) controls
• If general controls are poor no reliance can be placed onapplication control
18
Application controls
Control objective
Classes of transactions (IS)
Account balances (BS)
Validity Occurrence, Cut-offExistence,
Rights, Obligations
AccuracyAccuracy,
ClassificationValuation,Allocation
Completeness Completeness, Cut-offCompleteness,
Existence
19
Application controls - Summary
Validity
• Access controls (passwords; usernames; access to specific functions; revoke access for terminated employees)
• Unique numbering of transactions
20
Application controls
Accuracy
• Alpha numeric (Letters not accepted in number fields)
• Sign check (e.g., debits and credits)
• Drop down menus (to minimize finger errors)
• Echo check / Screen prompts (Are you sure? Prompts)
• Limit check / Reasonableness test
• Recons
21
Application controlsCompleteness
• The system should not allow the transaction to be processed until allcompulsory information is captured
• An error message should be displayed on screen until all compulsoryinfo is completed
• All transaction should be sequentially numbered
• Email / text confirmation to customer before transaction is processed(validity as well)
• Reconciliation between transactions processed and money received
• Screen aid
22
Application controls - Summary
Validity
• Access controls
• Unique numbering of transactions
Accuracy
• Edit checks
• Recons
Completeness
• Sequence numbering of transactions
• Compulsory fields
• Recons
23
Internal control
Internal control activities:
• Authorisation
• Review
• Information processing
• Physical controls
• Segregation of duties
24
Examination technique
• Identify weaknesses in the systems
o Internal controls performed incorrectly + internal controls omitted
o Describe from what you see as wrong and the right not there
• Identify weaknesses + risks
o Link the potential risks / consequences with weaknesses (a tablemight be appropriate)
o Risks = management and auditors are concerned with these becausethey have an impact on financial statements and/or client’s financial /reputational impact
• Identify weaknesses + risks + recommendations
o Link the recommendation with the potential risks / consequenceswith weaknesses (a table might be appropriate)
o Practical and cost effective recommendations
o Appropriate verb = should
25
Examination technique
Evaluate the effectiveness of the internal controls
• Address both the negative and positive aspects
• Do not forget to conclude on the effectiveness
Identify the internal controls to be incorporated in the client’s system
• Identify the internal control objectives
• Understand the cycle you are looking at (study your textbook!!!)
Question 6 page 39 Health and Wellness (“H&W”), Audit Approach andKey controls
26
The Audit Process
Preliminary engagement activities
Planning
Establish overall audit strategy
Develop an audit plan
Obtain audit evidence (the auditor’s response to
assessed risk)
Perform tests of control
Perform substantive procedures
Evaluation, concluding and reporting
The C
om
panie
s A
ct
(2008)
The A
uditin
g P
rofe
ssio
n
Act
(IRBA)
Kin
g I
VThe C
ode o
f Pro
fessio
nal
Conduct,
By-L
aw
sand r
ule
s
regard
ing im
pro
per
conduct
27
Thank you
Presenter’s detailsKoena Gerald Moabelo
+2763 774 7577
BCTA2018 Administration
+2711 056 6359
28