A short overview - unifr.ch

1 A short overviewDr. Thomas N sbergerPage 2 Why do we need audits and auditors?Page 3 Importance of Auditing Importance of AuditingInformation risk reflects the possibility that the information upon which the business risk decision was madewas can have a significant effect on information 4 ProcessAudit in a nutshellRealityPicture (= financial statements)AssetsLiabilitiesEquityBalanc e sheetExistenceOccurenceValuationMeasurem entCompletenessRights& ObligationsPresentation& DisclosureAuditRiskInherentControlDetect ionPage 5 The Four Phases ModelPhase 1 Planning and Risk Identification Client Acceptance (prospective clients)

2 And Continuance (existing clients). UnderstandtheClient sBusiness Understand the IT Environment Complexity and determine if IT Professional Involvement is necessary. Identify Fraud Risks and Determine Responses Determine MaterialityPage 6 The Four Phases ModelPhase 2 Strategy and Risk Assessment Identify Significant Classes of Transactions and Related Applications Understand Flows of Transactions, WCGWs and Controls internal control structures, procedures Perform Walkthroughs Make Combine Risk Assessment (CRA) Page 7 The Four Phases ModelPhase 3 Execution: Testing and Evidence Design Test of Controls and substantive audit procedures ExecuteTest of Controls Execute Substantive Audit ProceduresPage 8 The Four Phases ModelPhase 4 Conclusion and Reporting Assess the conclusions drawn from audit evidence Prepare Summary of Audit Differences Perform final audit procedures ( legal letters, subsequent events, management representations letter).

3 Prepare a Management Letter internal communication Prepare the report external communicationPage 9 Determine PM, TE and SAD Nominal AmountDesign Tests of ControlsMake Combined Risk AssessmentsPerform WalkthroughsUnderstand Flows of Transactions, WCGWs and ControlsIdentify Significant Classes of Transactions and Related ApplicationsDesign substantive audit proceduresExecute Substantive Audit Procedures Prepare Summary of Audit DifferencesManagement LetterReportRoadmapStrategy and RiskAssessmentExecutionConclusion andReportingExecuteTest of ControlsPerform final audit proceduresClient Acceptance and ContinuanceUnderstand IT Environment Complexity and Determine IT Professional InvolvementIdentify Fraud Risks and Determine ResponsesPlanning and RiskIdentificationUnderstand clients Business Determine

4 MaterialityDesign Test of ControlsRisks (Audit Risk Formula)Page 2 Component of Audit RiskErrors undetected by auditorErrors caught by auditorInherentriskErrors likely to occurIn client s financial statementsErrors that bypass controlsControlriskDetectionriskAuditris kErrors not detected by controlsPage 3 Different TypesofRiskInherent RiskThe susceptibility of an account balance, disclosure or class of transactions, considered at the assertion level, to a material misstatement, assuming there are no related Risk The risk that a material misstatement that could occur in an account balance.

5 Disclosure or class of transactions, considered at the assertion level, will not be preventedor detectedand correctedon a timely basis by the client s internal control Risk The risk that the auditors will not detect a material misstatement that exists in an account balance, disclosure, or class of transactions assertion considered at the assertion Risk The risk that the auditors may unknowingly fail to modify our opinion appropriately on financial statements that are materially misstatedPage 4 Types of risks: Inherent RiskInherent risk It implies that auditors should attempt to predict where misstatements are most and least likely in the FS segments (account or class of transactions).

6 Inherent risks is a measure of the likelihood that there are material misstatements (errors or fraud) in a segment (class of transactions / account balance) beforeconsidering the effectiveness of internal controls At the start of the audit, there is nothing that can be done about changing theinherent auditor must assess the factors that make up the inherent risk and take them into consideration when obtaining audit begin their assessment of inherent risk during the planning phase and update the assessment as the audit 5 Types of risks: Control RiskControlriskThe assessment of the likelihood that a misstatement that could occur and that could be material will not be prevented or detected the internal control system.

7 Ideally, the control system would detect any material errors before they enter the financial 6 Types of risks: Detection RiskDetectionriskIs a measure of the risk that audit evidence (substantive procedures planned by the auditor to detect material misstatements in the FS: tests of details of transactions, tests of details of balances, and analytical procedures) will fail to detectmisstatements that could be material The Detection riskdepends on other factors and is inversely related to the accumulation of inherent and control riskCombinedRiskAssessment It determines the number of substantial elements of proof the auditor plans to accumulate in order to reduce the Detection riskto an acceptable 7 Audit FormulaThe audit risk.

8 The audit risk is the ultimate acceptable risk that material monetary errors are not detected. InherentRiskControlRiskDetectionRiskAudi t RiskXX=AUDIT RISK FORMULAC ombinedRiskAssessmentPage 8 Combined Risk Assessment (CRA) TableCONTROL RISKINHERENT RISKMINIMUMMODERATEMAXIMUM(Effective -Full Tests of Controls)(Effective -Limited Tests of Controls)(Ineffective -Controls Not Effective, Not Identified or Not Tested)LOWERM inimalLowModerateHIGHERLowModerateHighPa ge 9 Relationship between Inherent, Control and Detection RiskXAudit Risk=CombinedRiskAssessmentMinimalInhere ntRiskLowerHigherPage 10 Relationship between Inherent, Control and Detection RiskInherentRiskLowerHigherControl RiskXAudit Risk=CombinedRiskAssessmentLowPage 11 Relationship between Inherent.

9 Control and Detection RiskControl RiskXAudit Risk=CombinedRiskAssessmentHighInherentR iskHigherLowerPage 12 Relation between Risks & Roadmap Relation between Risks & RoadmapMake Combined Risk AssessmentsPerform WalkthroughsUnderstand Flows of Transactions, WCGWs and ControlsIdentify Significant Classes of Transactions and Related ApplicationsStrategy and RiskAssessmentPrepare Summary of Audit DifferencesManagement LetterReportConclusion andReportingPerform final audit proceduresClient Acceptance and ContinuanceUnderstand IT Environment Complexity and Determine IT Professional InvolvementIdentify Fraud Risks and Determine ResponsesUnderstand clients Business DetermineMaterialityPlanning and RiskIdentificationDesign substantive audit proceduresExecute Substantive Audit Procedures ExecutionExecute Test of

10 ControlsDesign Test of ControlsControl RiskDetection RiskAudit RiskInherent Risk including Fraud RiskXX=Page 13 FinishedAssertionsPage 2 Assertions The auditor uses assertionsin assessing risks by considering the different types of potential misstatements that may occur, and thereby designing audit procedures that are responsive to the assessed risks. Assertions: Existence / Occurrence Completeness Valuation / Measurement Rights and obligations Presentation and disclosure Page 3 Definitions ExistenceAn asset or liability exists at a given date. OccurrenceA recorded transaction or event that pertains to the client actually took place during the period.