ISAs – Summaries and Application Guide
ISA 200
ISA 200*
OVERALL OBJECTIVES OF THE
INDEPENDENT AUDITOR
LO #
LEARNING OBJECTIVE
LO 1
FINANCIAL STATEMENTS, AND FINANCIAL REPORTING FRAMEWORKS
LO 2
PARTIES INVOLVED IN AN AUDIT
LO 3
NATURE AND SCOPE OF AUDIT
LO 4
EVIDENCE, RISK AND PROCEDURES
LO 5
ESSENTIALS FOR PROPER CONDUCT OF AUDIT
LO 6
ISAs AND CODE OF ETHICS
LO 7
SMALLER ENTITY
*(Effective for audits of financial statements for periods beginning on or after December 15, 2009)
1
ISAs – Summaries and Application Guide
ISA 200
LO 1: FINANCIAL STATEMENTS, AND FINANCIAL REPORTING FRAMEWORKS:
Financial Statements:
Financial statements means structured representation of historical (i.e. past) financial information.
Financial statements may be:
 General Purpose (prepared for wide range of users) or
 Special Purpose (prepared for specific users).
Financial Statements may also be:
 Complete Set of Financial Statements.
 Single Financial Statement or Element.
 Summary Financial Statements.
1.
2.
3.
4.
Types of Financial Statements and How are they audited
General purpose financial statements are audited in accordance with ISA 200 – 700 Series.
Special purpose financial statements are audited in accordance with ISA 800.
Single financial statements are audited in accordance with ISA 805.
Summary Financial Statements are audited in accordance with ISA 810.
Framework:
Framework means criteria/basis (i.e. standard rules and regulations) used to prepare financial
statements.
There are many types of frameworks e.g.:
1. General Purpose (for wide range of users), and Special Purpose (for specific users).
2. Fair presentation Framework, and Compliance Framework.
General purpose framework: (to meet needs of wide range of users)
Examples of general purpose framework include:
 IFRS
 IFRS for SMEs
 National Framework (or Financial Reporting Framework of Jurisdiction X) e.g. US GAAP
 XYZ Law of Jurisdiction X
If AFRF is other than IFRS, jurisdiction of framework shall also be referred in opinion.
Exam Tip
Sometimes, a specific user may also accept financial statements prepared under General Purpose
Framework if such framework meets its needs.
2
ISAs – Summaries and Application Guide
ISA 200
Special purpose framework: (to meet needs of specific users)
Examples of Special Purpose Frameworks:
1. Regulatory Basis:
Such a framework may be established by a regulator, and may be used to prepare financial
statements to meet requirements of regulator.
Note that if Regulator established framework to meet requirements of wide range of users, it
will be a general purpose framework, and NOT special purpose framework.
2. Tax Basis:
Such a framework may be used to prepare financial statements to accompany an entity’s tax
return.
3. Cash Basis:
Such framework may be used to prepare financial statements for creditors.
4. Contractual Basis:
Such a framework may be established by individual parties in the terms of a contract e.g. in
a loan-agreement, or project-grant.


If Special Purpose Framework is used by Management
Auditor shall include “Emphasis of Matter Paragraph” in his report to explain basis of accounting
i.e. the financial statements are prepared in accordance with a special purpose framework.
Auditor may also include “Other Matter Paragraph” restrict distribution of report.
Fair Presentation Framework:
Fair presentation framework is a financial reporting framework that requires compliance with
requirements of the framework, and contains acknowledgment that, to achieve fair presentation, it
may be necessary for management:
 To provide disclosures in addition to specific requirements of framework or
 To depart from a requirement of framework
In Fair presentation framework, auditor expresses opinion whether:
 “financial statements give true and fair view in accordance with the framework”, or
 “financial statements are presented fairly, in all material respects, in accordance with the
framework”. (Both phrases are equivalent)
Compliance Framework:
Compliance framework is a financial reporting framework that requires compliance with
requirements of the framework, and does not contain acknowledgements which are contained in
fair presentation framework (regarding additional disclosures or departure from requirements of
framework to achieve fair presentation).
In Compliance framework, auditor expresses opinion whether “financial statements are prepared,
in all material respects, in accordance with the framework”.
3
ISAs – Summaries and Application Guide


ISA 200
Study Tips
If in fair presentation framework, financial statements do not achieve fair presentation,
management may include additional disclosures or (in rare case) may depart from a requirement.
If in compliance framework, financial statements are misleading (in rare case), such AFRF is not
acceptable and auditor shall not accept audit. If deficiencies in compliance framework are
identified during audit, auditor shall request management to change framework and shall agree
new terms.
Applicable Financial Reporting Framework (AFRF):
AFRF is the financial reporting framework adopted by management to prepare financial statements.
AFRF is required to be disclosed in financial statements (to communicate basis of preparation of
financial statements).
A description that financial statements are prepared in accordance with an AFRF is appropriate
only if all requirements of that framework are met. A qualifying or limited language is not allowed
e.g. “Financial statements are in substantial compliance with IFRS”.
LO 2: PARTIES INVOLVED IN AN AUDIT:
Management and Those Charged With Governance (TCWG):
 Management means persons responsible for conduct of entity’s operations (e.g. CFO, CEO).
 TCWG means persons responsible for Overseeing the strategic direction and Accountability
(e.g. Directors).
 Sometimes, Management and TCWG may be same e.g. in Sole-proprietorship or Partnership.
Responsibilities of Management:
An audit is conducted on the premise that management (and where applicable TCWG) is
responsible:
 For preparation and presentation of financial statements in accordance with AFRF (i.e. to
identify AFRF, prepare and present financial statements in accordance with AFRF, and
describe AFRF in notes)
 For design and implementation of such internal controls which are necessary for
preparation of reliable financial statements;
 To provide auditor with all relevant information, and additional information requested by
auditor, and unrestricted access to persons to obtain evidence.
Responsibilities/ Overall Objective of the Auditor:
The overall objectives of the auditor are:
 To obtain reasonable assurance whether financial statements are free from material
misstatement (whether due to error or fraud), to enable auditor to express opinion whether
financial statements are prepared, in all material respects, in accordance with the AFRF, and
 To report on the financial statements, and
 To communicate as required by the ISAs in accordance with the auditor’s findings
(considering confidentiality principle).
How Reasonable Assurance is Obtained
Reasonable assurance is achieved when auditor obtains sufficient appropriate audit evidence (and
reduces audit risk to appropriate level) by performing procedures as per ISAs, and Code of Ethics. (But
remember that ISAs are objective/evidence-oriented, not procedure-oriented)
4
ISAs – Summaries and Application Guide
ISA 200
Different Stakeholders:
 Existing or Prospective Shareholders.
 A holding company.
 Lenders.
 Donors.
 Tax Authorities.
Expectation Gap by stakeholders:
Expectation gap means public perception of the role and responsibilities of the external auditor is
different (and is usually higher) from his statutory role and responsibilities.
Some Common Misunderstandings (i.e. Expectation Gap) about Audit:
1. Auditor prepares financial statements.
2. Auditor checks 100% transactions of entity during the accounting period.
3. Auditor provides absolute assurance (i.e. he certifies or guarantees that financial statements
are correct in all respects).
4. Auditor is responsible to detect fraud.
5. Auditor is responsible to express opinion on internal controls.
6. Emphasis of Matter, Other Matter Paragraph, and Material Uncertainty related to Going
Concern Paragraph are modified opinions.
LO 3: NATURE AND SCOPE OF AUDIT:
Scope of Audit:
Scope of audit involves expressing opinion on financial statements. It does not assure future
viability or efficiency/effectiveness of management.
However, local laws may require auditor to provide opinions on other specific matters.
Levels of Assurance:
There are three level of assurance:
1. Limited Assurance.
2. Reasonable Assurance.
3. Absolute Assurance (not provided to clients).
Limited Assurance (also called Moderate Level or Negative Assurance)
It is a moderate level of assurance which is expressed in negative form of conclusion i.e. “nothing
has come to our attention that causes us to believe that financial statements do not give true and
fair view”.
This level of assurance is usually given in review of historical financial statements.
Review of Financial Statements
Review of financial statements is conducted in accordance with ISRE 2400, or ISRE 2410.
5
ISAs – Summaries and Application Guide
ISA 200
Reasonable Assurance (also called High Level or Positive Assurance)
It is a high, but not absolute, level of assurance which is expressed in positive form of conclusion i.e.
“financial statements give true and fair view in accordance with the framework”.
This level of assurance is usually given in an audit of historical financial statements.
Auditor is responsible to obtain reasonable assurance and express opinion. He does not certify or
guarantee that financial statements are free from all misstatements. Subsequent discovery of
material misstatement does not by itself indicate failure to conduct audit in accordance with ISAs.
There may be some undetected material misstatements even after audit due to inherent
limitations of audit.
Inherent Limitations of Audit:
Following inherent limitations cause most of the audit evidence being persuasive rather than
conclusive:
1. Nature of financial statements (estimates, judgments and uncertainties are involved e.g. in
accounting estimates).
2. Nature of audit procedures (judgments are involved)
a. Management may not provide complete information to auditor.
b. Auditor does not have legal powers (e.g. power to search).
c. Fraud involving collusion and complex techniques, or involving senior management
are harder to detect.
3. Time and Cost limitation (Therefore, auditor plans audit in such a way that he directs its
efforts on risky areas, and uses sampling). However, time and cost are not valid basis to
omit a required audit procedure.
4. Other matters/assertions in which it is difficult to identify misstatements:
a. Transactions with related parties.
b. Non-compliance with laws and regulations
c. Going Concerns Issues
LO 4: EVIDENCE, RISK AND PROCEDURES:
Sufficient Appropriate Audit Evidence:
To obtain reasonable assurance, auditor obtains Sufficient Appropriate audit evidence.
 Sufficiency is a measure of Quantity of evidence (which is affected by risk and quality of
evidence).
 Appropriateness is a measure of Quality of evidence (which is affected by relevance, and
reliability of information).
Audit evidence may be obtained from different sources e.g.
 During the audit (inside or outside the entity)
 Acceptance and Continuance Procedures
 Previous audits (provided it is still relevant).
 Expert
This concept will be discussed further in ISA 500.
6
ISAs – Summaries and Application Guide
ISA 200
Audit Risk:
The risk that the auditor expresses an inappropriate opinion when financial statements are
materially misstated. Audit risk is a product of Risk of Material Misstatement and Detection Risk.
Risk of Material Misstatement
The risk that the financial statements contain material misstatements prior to audit.
Risk of material misstatements has two LEVELS:
1. Risk at Financial Statement Level (which affects many assertions)
2. Risk at Assertion Level (which affects specific assertion)
At Assertion level, risk of material misstatement has two components:
1. Inherent Risk (risk due to nature of entity and its transactions e.g. risk of theft in precious
and portable inventory, areas where estimates are applied, risk of change in
technology/fashion, declining industry, lack of working capital to continue operations).
2. Control Risk (risk due to weaknesses in internal control e.g. No approval, reconciliations,
segregation of duties.
Detection Risk:
The risk that the procedures performed by the auditor will not detect a material misstatement in
financial statements (either individually or when aggregated with other misstatements).
Detection risk can be reduced by:
 Adequate planning
 Assignment of competent personnel.
 Application of professional skepticism
 Supervision and review of work performed.
Audit Procedures:
This concept will be discussed in detail in ISA 500.
LO 5: ESSENTIALS FOR PROPER CONDUCT OF AUDIT:
Professional Judgment:
Auditor is required apply professional judgment in planning and performing the audit.
Professional Judgment is the application of Cumulative Audit Knowledge, Experience and Training
(within the context of accounting, auditing, and ethical standards), during an audit to reach an
appropriate course of action or conclusion which is appropriate in the circumstances.
Professional Skepticism:
Auditor is required apply professional sketpcism in planning and performing the audit.
Professional skepticism is an attitude that includes:

a questioning mind,

being alert to conditions which indicate possible misstatement (due to error or fraud), and

critical assessment of audit evidence.
7
ISAs – Summaries and Application Guide
ISA 200
It means auditor should not believe everything which management tells him. Rather, he should
obtain corroborative evidence and should investigate if there is a conflict.
Independence:
Independence means auditor should be free to perform audit procedures without any bias or
influence. Auditor should be Independent of financial, personal and employment relations with
client.
LO 6: ISAs AND CODE OF ETHICS:
Process of Developing and Issuing a new ISAs:
1. A subject is selected for detailed study.
2. After conducting comprehensive study and research, an exposure draft is produced which is
approved by IAASB and then distributed widely for public comments usually for a period of
120 days or more.
3. Comments and proposed amendments are considered by the IAASB.
4. The new ISA is then published.
Contents of ISAs:
1. Introductory Material, Objectives, Definition.
2. Requirements.
3. Application and Other Explanatory Material (including Appendices).
Auditor shall have understanding of entire text of ISAs (including Application and Other
Explanatory Material.
Auditor is permitted to apply an ISA before its effective date.
Complying with ISAs relevant to Audit:
To obtain reasonable assurance, it is compulsory for auditors to comply with all required
procedures of all ISAs. Auditor shall state compliance with ISAs in audit report only if he has
complied with requirements of all ISAs relevant to audit.
Exceptions to follow requirements of ISA:
A required procedure will not be performed if it is:
 not relevant (because condition does not exist) or
 not practicable.
In following cases, an ISA or its requirement is not relevant:
 If an entity does not have internal audit function, ISA 610 is not relevant.
 If an auditor expresses unmodified opinion, requirements relating to modification in ISA
705 do not apply.
 If no significance deficiencies are identified during audit, requirements relating to
communication with TCWG in ISA 265 do not apply.
 If entity has no segments, requirements relating to segment information in ISA 501 do not
apply.
 If an ISA requires auditor to do something unless prohibited by law or regulation (and law
prohibits it).
8
ISAs – Summaries and Application Guide
ISA 200
If a procedure is not practicable, auditor shall document:
 reason of departure from required procedure, and
 alternative procedures performed to obtain evidence/assurance.
Conduct of Audit in accordance with Ethical Requirements:
Auditor shall comply with ethical requirements (including independence) of Code of Ethics.
Code of ethics requires auditor to comply with following fundamental principles of ethics:
1. Integrity
2. Objectivity
3. Confidentiality
4. Professional competence and due care
5. Professional behaviour
Complying with local legal or regulatory requirements:
Auditor shall comply with local requirements (if any) in addition to ISAs.
LO 7: SMALLER ENTITY:
Smaller entity means Sole-proprietorship, Partnership or Unlisted entities.
Owner of smaller entity who is involved in management of entity is called “owner-manager”.
9
ISAs – Summaries and Application Guide
ISA 210
ISA 210
AGREEING THE TERMS OF AUDIT
ENGAGEMENTS
LO #
LEARNING OBJECTIVE
PART A – ACCEPTANCE AND CONTINANUCE PROCEDURES
LO 1
PRECONDITIONS FOR AN AUDIT
LO 2
SCOPE LIMITATION BEFORE ACCEPTANCE
LO 3
ADDITIONAL CONSIDERATIONS IN ENGAGEMENT ACCEPTANCE
PART B – AGREEING TERMS OF ENGAGEMENT
LO 4
TERMS OF AUDIT ENGAGEMENT
LO 5
AGREEING TERMS ON RECURRING AUDIT AND COMPONENT AUDIT
LO 6
ACCEPTANCE OF A CHANGE IN THE TERMS OF THE AUDIT ENGAGEMENT
APPENDIX:
APX
1
DETERMINING THE ACCEPTABILITY OF AFRF
ISAs – Summaries and Application Guide
ISA 210
PART A – ACCEPTANCE AND CONTINANUCE PROCEDURES
LO 1: PRECONDITIONS FOR AN AUDIT:
What are Preconditions for audit:
Preconditions for an audit means:
1. AFRF used by management in preparation of financial statements is acceptable.
2. Management (and TCWG where applicable) agrees to the premise on which an audit is
conducted.
How auditor establishes whether Preconditions for Audit are present/exist:
1. Auditor shall determine whether financial reporting framework adopted by management in
preparation of financial statements is acceptable considering nature of entity, nature of
financial statements, purpose of financial statements, and legal requirements.
2. Auditor shall obtain agreement from management (via engagement letter) that it understands
and acknowledges its responsibilities:
a. for preparation and presentation of financial statements.
b. for such internal control which management and TCWG determine necessary for
preparation of financial statements that are free from material misstatement; and
c. to provide the auditor all relevant information; additional information (e.g. Other
Information); and unrestricted access to personnel.
Course of Action if any of Preconditions for audit is NOT present:
Auditor should discuss the necessity of preconditions with management.
If management does not agree to premise on which audit is conducted:
Auditor shall not accept the proposed audit engagement.
If AFRF is not acceptable:
Auditor shall not accept the engagement unless AFRF is required by law.
If AFRF is not acceptable but is required by law, financial statements are misleading. Auditor shall
accept engagement if following conditions are met:
 Management provides additional disclosures to avoid financial statements being
misleading.
 It is stated in terms of the engagement that:
o Audit report shall include Emphasis of Matter paragraph to draw users’ attention to
additional disclosures.
o Auditor’s opinion shall not include phrases “True and fair view” or “presented fairly
in all material respects”, unless these phrases are required by law.
If above conditions are not met and auditor is required by law to conduct audit, auditor shall:
 Evaluate effect of misleading financial statements on audit report.
 Include reference of this matter in terms of engagement.
2
ISAs – Summaries and Application Guide
ISA 210
LO 2: SCOPE LIMITATION BEFORE ACCEPTANCE:
If before acceptance, there is a scope limitation by management whose effect is pervasive (e.g. not
allowing to communicate to predecessor auditor), auditor shall not accept proposed audit
engagement, unless required by law or regulation to do so.
LO 3: ADDITIONAL CONSIDERATIONS IN ENGAGEMENT ACCEPTANCE:
Financial reporting standards supplemented by Law or Regulation:
If local laws or regulations (e.g. Companies Act 2017) supplement Financial Reporting Standards
(e.g. IFRS), management will comply both unless they are in conflict.
If compliance with both can be met through additional disclosures (or narrowing choice):
1. Management shall include additional disclosures in financial statements, or shall narrow
choice.
2. Both will be mentioned as AFRF e.g. “International Financial Reporting Standards and
requirements of Companies Act, 2017 of Pakistan”.
If compliance with both cannot be met through additional disclosures (or narrowing choice):
1. Management shall amend description of AFRF e.g. “accounting and reporting standards as
applicable in Pakistan and requirements of Companies Act, 2017”.
Auditor can still audit the financial statements in both cases after ensuring that AFRF is acceptable.
Auditor’s report prescribed by Law or Regulation:
If layout/wording of local audit report is significantly different from ISAs (particularly opinion),
auditor shall evaluate whether users may misunderstand assurance obtained from audit and
whether additional explanation in auditor’s report can mitigate this misunderstanding.
If additional explanation cannot mitigate misunderstanding:
 If engagement is not required by law, auditor shall not accept audit engagement.
 If engagement is required by law, auditor shall not state compliance with ISAs in report.
3
ISAs – Summaries and Application Guide
ISA 210
PART B – AGREEING TERMS OF ENGAGEMENT
LO 4: TERMS OF AUDIT ENGAGEMENT:
Auditor shall agree (in an audit engagement letter or other form of written agreement) following
terms of audit engagement with management or TCWG:
a) The objective and scope of audit.
b) The responsibilities of the auditor;
c) The responsibilities of management;
d) Identification of the applicable financial reporting framework;
e) Reference to expected form and content of any reports to be issued by auditor
f) A statement that there may be circumstances in which a report may differ from its expected
form and content.
Terms Prescribed by Law
If law or regulation prescribes these terms in sufficient details, auditor need not include them in
engagement letter and may state that such law or regulation applies. However, management’s
responsibilities shall be included in engagement letter even if specified by law (same wordings may be
used as specified by law if effect is equivalent).
An audit engagement letter may also include following:
a) Elaboration of the scope of the audit.
b) Form of any other communication as a result of the audit engagement (e.g. Letter of
Weakness).
c) Requirement for auditor to communicate key audit matter
d) Fact that there may be undetected material misstatements due to inherent limitations of an
audit
e) Arrangements regarding the planning and performance of the audit, including composition
of the engagement team.
f) The expectation that management will provide written representations, and access to all
relevant information.
g) The expectation that management will provide draft financial statements and other
information on timely basis.
h) Fee or Basis of fee and billing arrangement.
i) Agreement of management to inform the auditor of subsequent events affecting financial
statements (after the date of auditor’s report).
An audit engagement letter shall also include following when relevant:
a) Arrangements concerning involvement of component auditor and experts in some aspects
of audit.
b) Arrangements concerning involvement of internal auditor.
c) Arrangements concerning involvement of predecessor auditor.
d) Reference to any further agreements between auditor and the entity.
e) Obligations to provide audit working papers to other parties.
f) Restriction of auditor’s liability (if such possibility exists)
It is better to agree terms before commencement of audit.
4
ISAs – Summaries and Application Guide
ISA 210
LO 5: AGREEING TERMS ON RECURRING AUDIT AND COMPONENT AUDIT:
Recurring Audit:
Auditor may decide not to send a new audit engagement letter each period. However, it should be
sent again on recurring audit to revise or remind management of existing terms of engagement
when there is change in circumstances e.g.
1) Any indication that client misunderstands the objective and scope of the audit.
2) A recent change in senior management.
3) A significant change in ownership.
4) A change in legal or regulatory requirements.
5) A significant change in nature or size of entity’s business.
6) A change in applicable financial reporting framework of entity.
7) A change in other reporting requirements
8) Any revised or special terms of the audit engagement.
Audit of Components:
If auditor of parent entity is also the auditor of component, auditor shall consider following factors
to determine whether a separate engagement letter is to be sent to component:
1. Legal requirements.
2. Who appoints auditor of component.
3. Whether a separate report is to be issued on component.
4. Degree of independence of component management, and Degree of ownership by parent.
LO 6: ACCEPTANCE OF A CHANGE IN THE TERMS OF THE AUDIT ENGAGEMENT:
If management requests to change the terms of Engagement:
Factors to consider:
Auditor shall consider whether there is a reasonable justification to do so.
A change in circumstances that affects the need for the service or a misunderstanding as to nature
of the service originally requested may be a reasonable justification. In contrast, a change may not
be reasonable if it relates to information that is incorrect, incomplete or otherwise unsatisfactory.
If there is Reasonable Justification:
Auditor shall agree revised terms of engagement.
If management requests to change Audit Engagement to Review or Related Services:
Factors to consider:
Auditor shall consider:
 whether there is a reasonable justification to do so (as discussed above), and
 any legal or contractual implications for the change.
If there is Reasonable Justification:
If audit engagement is changed to Review or Related services:
1. Procedures to be performed and Report to be issued shall be according to revised
engagement (already performed work may still be relevant).
2. Report shall NOT refer to original audit engagement or any procedures performed in
original audit engagement (except agreed-upon procedures).
5
ISAs – Summaries and Application Guide
ISA 210
If there is NO Reasonable Justification:
Auditor shall continue to perform the audit engagement as per original terms of engagement.
If management does not permit auditor to continue original engagement, it will be scope limitation
whose effect is pervasive. Auditor shall withdraw from engagement and shall consider whether
there is any obligation to report to TCWG, owners or regulators. If withdrawal is not possible and
practicable, auditor shall express disclaimer of opinion on financial statements.
APPENDIX
APX: DETERMINING THE ACCEPTABILITY OF AFRF:
Factors to consider:
Auditor determines whether AFRF is acceptable considering following factors:
1. Nature of entity (e.g. profit oriented, not for profit, or public-sector entity)
2. Nature of financial statements (e.g. complete set of financial statements, or single financial
statement)
3. Purpose of financial statements (e.g. prepared for wide range of users or for specific users).
4. Whether law or regulation prescribes the AFRF (if prescribed, such framework is presumed
to be acceptable unless there are indications of deficiencies).
Attributes of AFRF:
Auditor shall determine whether framework exhibits the following attributes i.e.
 Relevance
 Completeness
 Reliability
 Neutrality
 Understandability
6
ISAs – Summaries and Application Guide
ISA 220
ISA 220
QUALITY CONTROL FOR AN AUDIT
OF FINANCIAL STATEMENTS
LO #
LEARNING OBJECTIVE
LO 1
INTRODUCTION (SCOPE, OBJECTIVE, AND DEFINITION)
LO 2
LEADERSHIP RESPONSIBILITIES FOR QUALITY ON AUDITS
LO 3
RELEVANT ETHICAL REQUIREMENTS
LO 4
ACCEPTANCE AND CONTINUANCE OF CLIENT RELATIONSHIPS AND AUDIT
ENGAGEMENTS
LO 5
HUMAN RESOURCE AND ASSIGNMENT OF ENGAGEMENT TEAMS
LO 6
ENGAGEMENT PERFORMANCE
LO 7
MONITORING
LO 8
DOCUMENTATION
1
ISAs – Summaries and Application Guide
ISA 220
LO 1: INTRODUCTION (SCOPE, OBJECTIVE, AND DEFINITION):
The system of quality control includes policies and procedures that address each of the following
elements:
1. Leadership
2. Ethics
3. Engagement Acceptance and continuance Procedures
4. Human Resource (Assignment of Engagement Team)
5. Engagement Performance
6. Monitoring
LO 2: LEADERSHIP RESPONSIBILITIES FOR QUALITY ON AUDITS:
ISQC 1
Firm’s CEO or Board of Partners (or equivalent) shall
assume ultimate responsibility for firm’s system of
quality control.
ISA 220
The engagement partner shall take responsibility for the overall
quality and quality control procedures on each audit
engagement.
Firm shall promote a culture in which quality is
essential in performing engagement.
Actions and messages of engagement partner should emphasize
the fact that quality is essential in performing audit
engagements.
LO 3: RELEVANT ETHICAL REQUIREMENTS:
ISQC 1
Firm shall establish policies and procedures to ensure that firm and
others maintain independence requirements (where applicable). This
include:
 Communicating independence requirements to its personnel and
others.
 Identify, evaluate and address threats to independence.
Policies and procedures shall also include requirements for:
 Personnel to promptly notify the firm of independence breaches of
which they become aware.
 Firm to promptly notify engagement partner and other relevant
personnel.
Atleast annually, firm shall obtain written confirmation fo compliance
with its policies and procedure son independence from all firm
personnel who are subject to independence requirements. .
2
ISA 220
Throughout the audit engagement, the
engagement partner shall remain alert, through
observation and making inquiries as necessary,
for evidence of non-compliance with relevant
ethical requirements by members of the
engagement team. If any non-compliance comes
to engagement partner’s attention, he shall
determine appropriate action, in consultation
with others in the firm.
Engagement Partner should form a conclusion
on compliance with independence requirements
that apply to the audit engagement.
ISAs – Summaries and Application Guide
ISA 220
LO 4: ACCEPTANCE AND CONTINUANCE OF CLIENT RELATIONSHIPS AND
AUDIT ENGAGEMENTS:
ISQC 1
 Firm shall establish policies and procedures to
ensure that it accepts or continues only those
engagement in which firm has considered
integrity of client, is competence, and can
comply with ethical requirements.
ISA 220
Engagement Partner should be satisfied that:
 Procedures regarding acceptance and continuance have been
followed.
 Conclusions reached are appropriate and have been
documented.
If Engagement Partner obtains information that would have caused to
decline the engagement if obtained earlier, he will promptly notify
firm so that necessary actions can be taken.
LO 5: HUMAN RESOURCE AND ASSIGNMENT OF ENGAGEMENT TEAMS:
ISQC 1
Human Resource:
 Firm shall ensure that it has sufficient personnel
with competence, capability and commitment to
ethical principles.
Assignment of Engagement Team:
Firm shall ensure that:
 identity and role of engagement partner is
communicated to key management and TCWG of
client.
 Engagement partner has appropriate authority,
competence and capability to perform the
engagement.
 Responsibilities of engagement partner are clearly
defined and communicated to that partner.
ISA 220
Assignment of Engagement Team
 Engagement partner shall ensure that engagement team and
auditor’s expert has competence, and capability to perform
the engagement.
When considering the competence and capabilities, the
engagement partner considers whether team has:

Understanding of professional standards and legal
requirements.

Experience of audit engagements of similar nature.

Technical expertise e.g. expertise with information
technology and specialized areas of accounting or
auditing.

Ability to apply professional judgment.
LO 6: ENGAGEMENT PERFORMANCE:
Direction, supervision and Review:
ISQC 1
 Firm shall establish policies and procedures to ensure that
engagements are performed in accordance with professional
standards and reports are appropriate.
 Such policies and procedures shall include Direction,
Supervision and Review responsibilities.
3
ISA 220
 Engagement partner shall take responsibility of
performance of audit in accordance with ISAs and
regulatory requirements.
 On or before the date of auditor’s report,
engagement partner shall be satisfied that sufficient
appropriate audit evidence has been obtained, and
report is appropriate.
ISAs – Summaries and Application Guide
ISA 220
Consultation:
ISQC 1
Firm shall ensure:
 Sufficient resources are available for consultation.
 Appropriate consultation is obtained on difficult or
contentious matters.
 Nature of consultation and conclusion are documented, and
are agreed between parties.
 Conclusions are implemented.
ISA 220
Engagement partner shall:
 take responsibility that engagement team
undertakes consultation.
 Be satisfied that appropriate consultation is
obtained within the engagement team, with others
within the firm or outside the firm.
 Nature of consultation and conclusion are
documented, and are agreed between parties.
 Conclusions are implemented.
Difference of opinion:
ISQC 1
 Firm shall establish policies and procedures to resolve
differences of opinion within engagement team, or between
engagement partner and quality control reviewer. Such
procedures may include consulting with other practitioner or
firm, or a professional or regulatory body.
ISA 220
 If difference of opinion arises, the engagement
team shall follow the firm’s policies and procedures
to resolve difference of opinion.
Quality Control Review:
This is an objective evaluation of significant judgments and conclusions made by engagement team.
Basis for Selecting engagements for quality control review:
ISQC 1
ISA 220
 For audits of listed entities, quality control review is Engagement partner shall:
required.
 Ensure that Quality control reviewer has been
 For other assurance, and related engagements, firm shall
appointed (if required).
set out criteria considering public interest, presence of
 Discuss significant matters with him.
unusual circumstances and legal requirements etc.
 Not date audit report until QCR has been completed.
Responsibilities of Quality Control Reviewer:
ISQC 1
Firm shall establish policies and procedures to require quality
control reviewer to:
 Review financial statements and proposed report.
 Discuss significant matters with engagement partner.
 Review documentations relating to significant judgments
and conclusions reached.
 Evaluate conclusions reached and appropriateness of report.
ISA 220
Same.
For audits of listed entities, reviewer shall also ensure:
 Independence of engagement team.
 Consultation on difficult/contentious matters, or difference
of opinion and conclusions reached.
Eligibility criteria for appointment of Quality Control Reviewer:
ISQC 1
Firm shall establish eligibility criteria including:
None.
 Technical qualification (i.e. a partner or other suitably
qualified internal or external person having appropriate
experience and authority).
 Objectivity (i.e. not selected by engagement partner, and
does not participate in audit)
4
ISA 220
ISAs – Summaries and Application Guide
ISA 220
LO 7: MONITORING:
ISQC 1
Firm shall establish a monitoring process to ensure that
policies and procedures relating to quality control are
Relevant, Adequate and Operating effectively.
ISA 220
Engagement partner shall review the latest results of firm’s
monitoring process and whether any deficiencies noted
may affect the current audit engagement.
LO 8: DOCUMENTATION:
ISQC 1
Firm shall establish policies and
procedures to document:

evidence of operation of each
system of quality control.

complaints and allegations and
responses to them.
Retention period shall be sufficient to
complete monitoring procedures.
ISA 220
The auditor shall include in the audit documentation:
1. Conclusions on compliance with independence requirements.
2. Issues identified with respect to compliance with relevant ethical
requirements and how they were resolved.
3. Conclusions reached regarding the acceptance and continuance of
client.
4. The nature and scope of consultations undertaken during the course
of the audit engagement.
The engagement quality control reviewer shall document that:
1. The procedures required by the firm’s policies on engagement
quality control review have been performed.
2. The engagement quality control review has been completed on or
before the date of the auditor’s report.
3. The reviewer is not aware of any unresolved matters that would
cause the reviewer to believe that the significant judgments the
engagement team made and the conclusions it reached were not
appropriate.
5
ISAs – Summaries and Application Guide
ISA 230
ISA 230
AUDIT DOCUMENTATION
LO #
LEARNING OBJECTIVE
INTRODUCTION (SCOPE, OBJECTIVE, AND
DEFINITION)
TIMELY
PREPARATION
OF
AUDIT
DOCUMENTATION
DOCUMENTATION
OF
THE
AUDIT
PROCEDURES PERFORMED AND AUDIT
EVIDENCE OBTAINED
LO 1
LO 2
LO 3
LO 4
ASSEMBLY OF THE FINAL AUDIT FILE
SPECIFIC
AUDIT
DOCUMENTATION
REQUIREMENTS IN OTHER ISAs
PRACTICAL INSIGHT OF ISA AND REAL WORLD
CASES
APX 1
APX 2
1
APPLICATION
REQUIREMENTS PARAGRAPHS
1–6
N/A
7
A1
8 – 13
A2 – A20
14 – 16
A21 – A24
APPENDIX 1
N/A
ISAs – Summaries and Application Guide
ISA 230
LO 1: INTRODUCTION (SCOPE, OBJECTIVE, AND DEFINITION):
Audit Documentation (or Working Papers):
Audit Documentation is the written record of audit procedures performed, evidence obtained and
conclusions reached by auditor.
Audit Files:
“Audit Files” are folders or (other storage media) in physical or electronic form containing audit
documentation for whole engagement.
There are two types of audit files i.e. Current File and Permanent File.
Experienced Auditor
An Experienced Auditor is an individual who has practical audit experience, and a reasonable
understanding of:
(i) Audit processes;
(ii) ISAs and applicable regulatory requirements;
(iii) The business environment in which the entity operates; and
(iv) Auditing and financial reporting issues relevant to the entity’s industry.
Purposes of Audit Documentation:
Primary Purposes:
Audit documentation provides evidence that:
 audit is planned and performed in accordance with ISAs and regulatory requirements, and
 auditor has appropriate basis for opinion in audit report and achievement of overall
objectives.
Additional Purposes:
Audit documentation also helps to:
a) assist engagement team in planning and performance of audit.
b) assist seniors in direction, supervision and review of audit team.
c) enable quality control reviews.
d) enable accountability of engagement team for its work.
e) retain a record of matters of continuing significance to future audits.
LO 2: TIMELY PREPARATION OF AUDIT DOCUMENTATION:
Audit documentation should be prepared on timely basis i.e. at the time when work is performed.
 Timely preparation enhances the quality of audit
 Timely preparation facilitates the effective review of procedures performed, conclusions
reached and evidence obtained
 Documentation prepared after work is performed, is likely to be less accurate
2
ISAs – Summaries and Application Guide
ISA 230
LO 3: DOCUMENTATION OF THE AUDIT PROCEDURES PERFORMED AND AUDIT
EVIDENCE OBTAINED:
Form, Content and Extent of Audit Documentation:
Experienced Auditor Principle:
Audit Documentation shall be sufficient to enable an Experienced Auditor*** (having no previous
connection with the audit) to understand:
 Nature, timing and extent of audit procedures performed (to comply ISAs and regulatory
requirements)
 Audit procedures performed, evidence obtained and conclusion reached.
 Significant matters arising during audit, significant judgments made in reaching
conclusions, and conclusions reached.
Factors affecting form, content and extent:
i.
Size and Complexity of Entity
ii.
Risk identified
iii.
Nature of audit procedures to be performed
iv.
Significance of evidence obtained
Documenting the identifying characteristics of items tested:
In documenting audit procedures performed, the auditor shall record:
a) The identifying characteristics of the specific items tested***;
b) Who performed the work and date of work; and
c) Who reviewed the work and date of review
*** Identifying characteristics of items tested means indicating source from which items were selected and selection
criteria e.g.
Audit Procedure
Selecting high value items from a population
Systematic selection from a population
Inquiries of specific entity personnel
Identifying characteristics
All journal entries over Rs. 50,000 from the purchase journal
Started with voucher#23 and selected every 125th voucher
from the sales journal
Inquired from Mr. Ali (CFO) in a meeting dated January 7, 2012
Auditor shall document following in respect of Significant Matters:
 Nature of significant matters
 Discussion with management, TCWG or other external parties on significant matters
 When and with whom discussion took place
If there is inconsistency between auditor’s final conclusion on a significant matter and identified
information, auditor shall document how he addressed the inconsistency. However, auditor is not
required to retain incorrect or superseded documents.
Completion Memorandum is a document that describes:
– The significant matters identified during the audit and
– How they were addressed (or references to documentation that provides such information).
Documentation of professional judgment
Documentation of professional judgment:
 Explains auditor’s conclusion
 Is useful in quality control review and subsequent audits
3
ISAs – Summaries and Application Guide
ISA 230
In following circumstances, it is appropriate to document professional judgments made (when
significant):
1) Determination off reasonableness in areas of subjectivity (e.g. estimates)
2) Determination of Key Audit Matter
3) When authenticity of a document was in doubt
Considerations specific to smaller entities:
 Audit documentation of a smaller entity is generally less extensive than a larger entity.
 In case of smaller entity, where engagement partner performs all the audit work, the
documentation will not include matters related to direction, supervision or review.
 Auditor of a smaller entity may record various aspects of the audit together in a single
document with cross reference to working papers e.g. Audit Strategy, Audit Program,
Materiality, Risk assessment, Significant matters and Conclusions reached.
Departure from a Relevant Requirement:
If, in exceptional circumstances, auditor judges it necessary to depart from a relevant requirement
of an ISA, auditor shall document:
 Reason of departure
 How alternative audit procedures achieved aim of requirement (which was departed)
Matters Arising after the Date of the Auditor’s Report:
If exceptional circumstances occur after auditor’s report (e.g. subsequent event occurs, or misstatement is
identified), auditor may perform new audit procedures and may add new documents.
In this case, auditor shall document following:
 The specific reasons for making change.
 The new or additional audit procedures performed relating to event, audit evidence
obtained and conclusions reached, and their effect on the auditor’s report.
 Who made the changes, and when.
 Who reviewed the changes, and when.
LO 4: ASSEMBLY OF THE FINAL AUDIT FILE:
Completion and retention of audit documentation:
 An appropriate time for completion of assembly of audit file is 60 days after the date of
auditor’s report.
 An appropriate time for retention of audit documents should not be shorter than 5 years
from date of auditor’s report or from date of group auditor’s report, whichever is later.
Changes in documentation during file assembly period:
Assembly of audit file is an administrative process which includes following types of changes to
audit file:
 Adding/replacing documentation for evidence which has been obtained prior to auditor’s
report
 Deleting superseded/duplicate pages
 Sorting and cross- referencing working papers
 Sign-off completion checklist
Changes in documentation after file assembly period:
Auditor can modify existing documents, or add new documents after the file assembly period if it is
necessary e.g. there is need to clarify existing documentation from comments received during QCR.
4
ISAs – Summaries and Application Guide
ISA 230
APX 1: SPECIFIC AUDIT DOCUMENTATION REQUIREMENTS IN OTHER ISAs:
Standard
ISA 210, Agreeing the Terms of
Audit Engagements
ISA 220, Quality Control for an Audit
of Financial Statements
ISA
240,
The
Auditor’s
Responsibilities Relating to Fraud in
an Audit of Financial Statements
ISA 250, Consideration of Laws and
Regulations in an Audit of Financial
Statements
ISA 260 (Revised), Communication
with
Those
Charged
with
Governance
ISA 300, Planning an Audit of
Financial Statements
ISA 315 (Revised), Identifying and
Assessing the Risks of Material
Misstatement”
“ISA 320, Materiality in Planning
and Performing an Audit”
ISA 330, The Auditor’s Responses to
Assessed Risks







identified or suspected non-compliance with laws and regulations

Copy (or other Record) of matters communicated with TCWG





Audit strategy
Audit Plan
Any significant change alongwith reason
Discussion among engagement team
Key elements of the understanding obtained regarding each aspects of
the entity and its internal control.
identified and assessed risks of material misstatement at the financial
statement level and at the assertion level
Materiality, performance materiality
Any revision
Overall response to risk at financial statements level.
Nature, timing and extent of audit procedures and linking with risk at
assertion level.
The results of the audit procedures
The amount below which misstatements would be regarded as clearly
trivial;
All misstatements accumulated during the audit and whether they have
been corrected; and
The auditor’s conclusion as to whether uncorrected misstatements are
material, individually or in aggregate,
The basis for the auditor’s conclusions about the reasonableness of
accounting estimates and their disclosure that give rise to significant
risks; and
Indicators of possible management bias, if any.
names of the identified related parties and the nature of the related party
relationships
An analysis of components, indicating those that are significant, and the
type of work performed on the financial information of the components.
The nature, timing and extent of the group engagement team’s
involvement in the work performed by the component auditors.
Written communications between the group engagement team and the
component auditors about the group engagement team’s requirements
Documentation regarding work of internal auditor used by auditor
Documentation regarding internal auditor if direct assistance is obtained.







ISA
450,
Evaluation
of
Misstatements Identified during the
Audit



ISA 540,
Estimates”
Auditing
Accounting
ISA 550, Related Parties



ISA 600, Special Considerations—
Audits
of
Group
Financial
Statements
ISA 610 (Revised 2013), Using the
Work of Internal Auditors
ISA 720 (Revised), The Auditor’s
Responsibilities Relating to Other
Information
5
Required matter to communicate to TCWG
Agreed terms of the audit engagement shall be recorded in an audit
engagement letter
Conclusion regarding acceptance of audit client
Issues relating to compliance with ethical requirements.
Information regarding performance of quality control review.
Assessed risk of material misstatement (at financial statement level and
at assertion level)
Response to assessed risk of material misstatement (overall, and specific
audit procedures)





final version of the other information on which the auditor has
performed the work required under this ISA
ISAs – Summaries and Application Guide
ISA 240
ISA 240
FRAUD IN AN AUDIT OF FINANCIAL
STATEMENTS
LO #
LEARNING OBJECTIVE
LO 1
FRAUD, TYPES OF FRAUD, AND RESPONSIBILITIES FOR FRAUD
LO 2
RISK ASSESSMENT PROCEDURES AND RISK OF FRAUD
LO 3
AUDITOR’S COURSE OF ACTION RELATING TO FRAUD
LO 4
MANAGEMENT OVERRIDE OF CONTROL AND AUDITOR’S COURSE OF
ACTION
1
ISAs – Summaries and Application Guide
ISA 240
LO 1: FRAUD, TYPES OF FRAUD, AND RESPONSIBILITIES FOR FRAUD:
Distinction between Error and Fraud:
Misstatements in the financial statements can arise from either fraud or error.
 Error: an unintentional misstatement in financial statements.
 Fraud: An intentional act by one or more individuals involving the use of deception to
obtain an unjust or illegal advantage.
Types of Fraud:
There are two types of fraud i.e. Misappropriation of Assets and Fraudulent Financial Reporting.
Misappropriation of Assets:
Misappropriation of assets involves the theft of an entity’s assets and is often committed by
employees.
Misappropriation of assets includes:
 Embezzling receipts (e.g. depositing cash received from customers into personal account).
 Stealing physical assets or intellectual property (e.g. stealing inventory or scrap, selling
trade secrets to competitors).
 Causing an entity to pay for goods and services not received (e.g. payments to fictitious
suppliers or fictitious employees).
 Using an entity’s assets for personal use.
Fraudulent Financial Reporting:
Fraudulent financial reporting involves intentional misstatements in financial statements to deceive
financial statements’ users.
Fraudulent financial reporting includes:
 Recording fictitious journal entries, particularly close to year-end to achieve targets.
 Inappropriately changing assumptions and judgments used to estimate account balances.
 Advancing or delaying recognition of events and transactions.
 Altering records and terms related to significant transactions.
 Engaging in complex transactions that are structured to misrepresent the financial statements.
 Concealing facts that could affect the amounts recorded in the financial statements.
Fraudulent financial reporting is often committed by management through override of controls:
Responsibilities of Management and Auditor Regarding Fraud:
Responsibility of Management (& TCWG) regarding Fraud:
The primary responsibility for the prevention and detection of fraud rests with both TCWG and
management.
 Management should establish systems and controls to prevent and detect fraud.
 TCWG should monitor the systems and controls, and should also consider potential for
management override of control.
Responsibility of Auditor regarding Fraud:
Auditor’s primary responsibility is to express an opinion on financial statements (i.e. whether
financial statements are free from material misstatement).
Auditor is not primarily responsible to prevent or detect frauds, because fraud may involve
sophisticated techniques, and collusion.
2
ISAs – Summaries and Application Guide
ISA 240
Regarding fraud, auditor is responsible to:
 Perform procedures to identify risk of material misstatement due to fraud,
 Respond to risk of fraud.
 Maintain professional skepticism throughout the audit recognizing the possibility that a
misstatement due to fraud may exist.
LO 2: RISK ASSESSMENT PROCEDURES AND RISK OF FRAUD:
Risk Assessment Procedures to identify risk of fraud:
ISAs require the auditor to perform the following procedures to identify the risks of material
misstatement due to fraud:
1. Make inquiries of management in respect of:
a) their process in place for identifying and responding to the risks of fraud.
b) their assessment of the risk of fraud.
c) any specific risks of fraud identified or likely to exist.
d) any communications within the entity in respect of fraud (e.g. code of conduct).
2. Make inquiries of management and others within the entity as to whether they have
knowledge of any actual, suspected or alleged frauds.
3. Evaluate any unusual or unexpected relationships identified in performing analytical
procedures which may indicate a risk of material fraud.
4. Evaluate information obtained from other risk assessment procedures whether any fraud
risk factors are present.
Fraud Risk Factors:
Incentives or
Pressures
(i.e. Motives)
Opportunity
Misappropriation of Assets
1. Personal Financial Obligations.
2. Adverse Relationships between entity and
employee having access to cash and other
portable and precious assets.
1. Existence of precious and movable items
(e.g. cash, inventory).
2. Deficiencies in internal control over assets
( e.g. inadequate physical
safeguards,
inadequate
record
keeping
and
reconciliations, or inadequate segregation of
duties).
1.
2.
3.
4.
5.
1.
2.
3.
4.
5.
Attitudes/
Rationalizations
(of management &
employees)
1. Failing to correct known internal control
deficiencies.
2. Overriding existing controls.
3. Tolerance on petty theft.
4. Behavior indicating dissatisfaction or
displeasure with entity.
5. Change in lifestyle.
1.
2.
3.
4.
5.
3
Fraudulent Financial Reporting
Intended sale of shares/ business, or acquiring loan.
Management holds majority shareholding.
Management’s bonuses based on financial performance.
Pressure on management to achieve financial targets.
Financial stability or profitability of entity is threatened
(e.g. increased competition, going concern issues).
Significant related party transactions.
Income, Expenses, Assets, and Liabilities are based on
significant estimates.
Deficiencies in internal control over financial
reporting.
Domination of management by a single person or
small group without audit committee or internal audit
function.
Ineffective oversight by BOD or audit committee or
internal audit
function (e.g. due to
lack of
independence from management).
Ineffective
communication
or
ineffective
implementation of entity’s values or ethical standards.
Lack of integrity in management (e.g. known history of
violation of laws).
Low morale among senior management.
The practice by management of committing to bankers,
creditors, and other third parties to achieve aggressive
or unrealistic targets.
Not providing information or providing wrong
information to auditor.
ISAs – Summaries and Application Guide
ISA 240
Circumstances that indicate the possibility of fraud in Financial Statements:
Discrepancies in accounting records:
 Unsupported or unauthorized balances or transactions.
 Last minute adjustments that significantly affect financial statements.
 Transactions that are not recorded in a complete or timely manner or improperly recorded
as to amount, or period.
 Tips or complaints to the auditor about the alleged fraud.
 Employees’ access to systems and records is more than what is necessary to do their job.
Conflicting or missing evidence:
 Missing accounting records.
 Documents that appear to have been altered.
 Unavailability of original documents when they are expected to exist.
 Significant unexplained items on reconciliations.
 Unusual changes in ratios, relationships and trends in financial statements.
 Inconsistent or vague responses of inquiries or analytical procedures from management
 Unusual discrepancies between the entity’s record and confirmation replies.
 Large amount of credit entries and other adjustments at year end.
 Missing inventory or physical assets of significant value.
 Non-availability of evidence of system development and program changes during the year.
Problematic or unusual relationships between the auditor and management:
 Denial of access to records, facilities, certain employees, customers, vendors, or others from
whom audit evidence might be sought.
 Undue time pressure by management to resolve complex or contentious issues.
 Complaints by management about the conduct of the audit or management intimidation.
 Unusual delays by entity in providing requested information.
 Denial of access to key IT operations staff, facilities, and electronic files for testing through
CAAT.
 An unwillingness to address identified deficiencies in internal control on a timely basis.
 An unwillingness to correct misstatements in financial statements.
Others:
 Accounting policies at variance with industry norms.
 Frequent changes in accounting estimates without changes in circumstances.
 Unwillingness by management to permit the auditor to meet privately with those charged with
governance.
 Tolerance of violations of the entity’s code of conduct.
4
ISAs – Summaries and Application Guide
ISA 240
LO 3: AUDITOR’S COURSE OF ACTION RELATING TO FRAUD:
Course of Action if there is a fraud risk factor:
Auditor shall revise risk of fraud, and shall modify his audit procedures to respond to revised risk of
material misstatement due to fraud e.g.
 Increased level of professional skepticism specially during audit of judgmental areas.
 Adequate planning, and reduced materiality level.
 Assigning more experienced and specialized staff e.g. use of experts if necessary.
 Increased supervision and review of the audit work performed (e.g. quality control
review of the engagement).
 Incorporating unpredictability in nature, timing and extent of audit procedures.
 Making changes to audit procedures.
 More audit procedures at period end rather than at interim date.
 Obtaining more reliable audit evidence (e.g. from external sources).
Course of Action if auditor identifies (or suspects) a fraud:
1. Auditor shall communicate fraud to appropriate level of management (i.e. atleast one level
above the persons involved in fraud) on timely basis.
2. Auditor shall communicate fraud to TCWG if amount involved is significant, or management
is involved.
3. Auditor shall communicate fraud to regulatory authority only if such communication is
required by law.
4. If due to involvement in fraud, there are doubts on integrity of management (e.g.
management is involved in fraud, and TCWG do not take appropriate actions), auditor may
consider withdrawal.
5. If fraud results in misstatement in financial statements, auditor shall also consider its
impact on report.
5
ISAs – Summaries and Application Guide
ISA 240
LO 4: MANAGEMENT OVERRIDE OF CONTROL AND AUDITOR’S COURSE OF ACTION:
Definition:
The term ‘management override of control’ means ability of management to overrule prescribed
policies and procedures to prepare fraudulent financial statements, even where controls otherwise
appear to operate effectively.
This risk exists in every entity.
Techniques:
Fraudulent financial reporting can be committed by management overriding controls using
techniques such as:
 Recording fictitious journal entries, particularly close to year-end to achieve targets.
 Inappropriately changing assumptions and judgments used to estimate account balances.
 Advancing or delaying recognition of events and transactions.
 Altering records and terms related to significant transactions.
 Engaging in complex transactions that are structured to misrepresent the financial statements.
 Concealing facts that could affect the amounts recorded in the financial statements.
Audit Procedures to address risk of Management override of control:
Irrespective of the auditor’s assessment of the risks of management override of controls, the
auditor shall design and perform following audit procedures:
1. Test the appropriateness of journal entries.
Auditor shall:
 Make inquiries about inappropriate or unusual activity relating to the processing of journal
entries and other adjustments;
 Select journal entries and other adjustments made at the end of a reporting period; and
 Consider the need to test journal entries and other adjustments throughout the period.
2. Review accounting estimates for possible biases.
In performing this review, the auditor shall:
 Evaluate whether judgments and assumptions by management in making estimates,
indicate a possible bias (even if they are individually reasonable). If so, the auditor shall reevaluate the accounting estimates taken as a whole; and
 Perform a retrospective review of management judgments and assumptions related to
significant accounting estimates reflected in the financial statements of the prior year.
3. Evaluate business rationale for significant transactions outside the normal course of
business.
6
ISAs – Summaries and Application Guide
ISA 250
ISA 250
CONSIDERATION OF LAWS AND
REGULATIONS IN AN AUDIT OF
FINANCIAL STATEMENTS
LO #
LO 1
LO 2
LO 3
LO 4
LO 5
LEARNING OBJECTIVE
INTRODUCTION
(SCOPE,
OBJECTIVE,
AND
DEFINITION)
THE AUDITOR’S CONSIDERATION OF COMPLIANCE
WITH LAWS AND REGULATIONS
AUDIT PROCEDURES WHEN NON-COMPLIANCE IS
IDENTIFIED OR SUSPECTED
COMMUNICATING AND REPORTING IDENTIFIED OR
SUSPECTED NON-COMPLIANCE
DOCUMENTATION
1
REQUIREME
NTS
APPLICATION
PARAGRAPHS
1 – 12
A1−A10
13 – 18
A11−A16
19 – 22
A17−A25
23 – 25
A26−A34
26 – 29
A35−A36
ISAs – Summaries and Application Guide
ISA 250
LO 1: INTRODUCTION (SCOPE, OBJECTIVE, AND DEFINITION):
An audit client may subject to some laws and regulations. Some client operates in heavily regulated
industry (e.g. banks, insurance), and some may operate in less regulated industry.
There are two categories of laws and regulations i.e.
1. Those laws which directly affect financial statements (e.g. tax laws, pension laws, money
laundering).
2. Those laws which indirectly affect financial statements (e.g. licensing requirements,
environmental regulations).
Non-compliance with these laws may result in fines, litigations and other regulatory actions.
LO 2: THE AUDITOR’S CONSIDERATION OF COMPLIANCE WITH LAWS AND
REGULATIONS:
As part of understanding of entity (as per ISA 315), auditor shall obtain understanding of:
 Laws applicable on entity.
 How the entity is complying with laws.
If laws directly affect financial statements, auditor shall obtain sufficient appropriate audit evidence
SAAE
regarding compliance with laws.
audit evidence
If laws do not directly affect financial statements, auditor shall:
 Inquire management whether entity is complying laws and regulations.
 Inspect correspondence with relevant licensing/regulatory authorities.
Auditor shall obtain written representation from management that it has considered all known
non-compliances in preparation of financial statements and has disclosed them to auditor.
LO 3: AUDIT PROCEDURES WHEN NON-COMPLIANCE IS IDENTIFIED OR
SUSPECTED:
If non-compliance with laws or suspected non-compliance with laws is identified, the auditor shall
obtain:
 Understanding of nature of act, and
 Further information to evaluate the possible effect on financial statements.
Auditor shall also discuss the matter with TCWG (unless prohibited by law or regulation). If TCWG
do not provide sufficient information that entity is complying with legal requirements, auditor
shall:
 Evaluate effect on auditor’s opinion.
 Evaluate effect on other aspects of audit e.g. risk assessment, reliability of representations,
and
 Obtain legal advice.
2
ISAs – Summaries and Application Guide
ISA 250
LO 4: COMMUNICATING AND REPORTING IDENTIFIED OR SUSPECTED NONCOMPLIANCE:
Communicating identified or suspected non-compliance with TCWG:
Auditor shall communicate matters involving non-compliance with TCWG, unless matters are
clearly inconsequential.
If non-compliance appears to be intentional and material, auditor shall communicate with TCWG as
soon as possible.
If management or TCWG is involved, auditor shall communicate the non-compliance with next
higher level of authority (e.g. audit committee or supervisory board). If no higher authority exists,
auditor shall obtain legal advice.
Potential Implications of identified or suspected non-compliance for the auditor’s report:
If effect of non-compliance with laws and regulation is not reflected in financial statements, auditor
shall express qualified opinion (if effect is material) or adverse opinion (if effect is pervasive) on
financial statements.
If auditor is unable to determine whether non-compliance has occurred, auditor shall evaluate
effect on auditor’s opinion.
Reporting identified or suspected non-compliance to appropriate authority outside the
entity:
Auditor shall determine whether reporting non-compliance to appropriate authority outside the
entity may be required or appropriate (e.g. when auditor has right to do so). In such situation, this
communication would not be considered a breach of duty of confidentiality.
LO 5: DOCUMENTATION:
Auditor shall document following with respect to non-compliance with laws and regulations:
 Identified or suspected non-compliance.
 Audit procedures performed, judgments made and conclusion reached.
 Discussion with management and TCWG, and how management and TCWG have responded
to the matter.
APX 1: EXAM TIP:
In case of NOCLAR, discuss:
1. Impact on financial statements (due to legal actions and penalties)
2. Impact on audit and audit report (including Withdrawal due to integrity)
3. Communication to regulators
3
ISAs – Summaries and Application Guide
ISA 260
ISA 260
COMMUNICATION WITH THOSE
CHARGED WITH GOVERNANCE
LO #
APPLICATION
REQUIREMENTS PARAGRAPHS
LEARNING OBJECTIVE
LO 1
INTRODUCTION
DEFINITION)
LO 2
(SCOPE,
OBJECTIVE,
AND
1 – 10
N/A
THOSE CHARGED WITH GOVERNANCE
11 – 13
A1–A8
LO 3
MATTERS TO BE COMMUNICATED
14 – 17
A9–A36
LO 4
THE COMMUNICATION PROCESS
18 – 22
A37–A53
LO 5
DOCUMENTATION
23
A54
APX
SPECIFIC REQUIREMENTS IN OTHER ISAS TO
COMMUNICATIONS WITH TCWG
1
APPENDIX 1
ISAs – Summaries and Application Guide
ISA 260
LO 1: INTRODUCTION (SCOPE, OBJECTIVE, AND DEFINITION):
This ISA deals with auditor’s responsibility to communicate with TCWG.
Both management and auditor have responsibilities to communicate with TCWG. Communication
by management does not relieve auditor of this responsibility (and vice-versa).
Matters to be communicated to TCWG may be required by ISA 260, by other ISAs, by law or
regulations, by terms of engagement. Auditor may also communicate “supplementary” matters to
TCWG.
However, law or regulations may restrict auditor to communicate certain matters to TCWG e.g. a
communication which may disturb an investigation of fraud or illegal act by TCWG.
Objectives of Communication with TCWG:
ISAs state four objectives of communication with TCWG i.e.
1. To promote two-way communication between auditor and TCWG.
2. To communicate responsibility of auditor, and planned scope and timing of audit.
3. To communicate significant matters arising during audit, relating to oversight of financial
reporting process by TCWG.
4. To obtain information from TCWG relevant to audit.
LO 2: THOSE CHARGED WITH GOVERNANCE:
Difference between Management and TCWG:
Management:
The persons with executive responsibility for the conduct of the entity’s operations.
Those charged with governance:
The persons responsible for overseeing the strategic direction and accountability of entity
(including overseeing the financial reporting process) e.g. board of directors in a company, or
owner-manager in small entity.
Determination of to whom to communicate within governance structure:
Governance structure vary by entity and by jurisdiction e.g.
 Sometimes, TCWG may also be involved in management.
 Sometimes, a sub-group (e.g. audit committee) may be formed to assist TCWG.
Because of these variations, it may not be clear as to which persons are appropriate to
communicate matters (particularly in in family owned businesses, not-for-profit organizations,
government entities). Therefore, ISA requires auditor to identify the appropriate persons within the
entity to whom to communicate matters.
Communication with a subgroup of those charged with governance:
If the auditor communicates with a subgroup of TCWG (e.g. audit committee), the auditor shall
determine whether the auditor also needs to communicate with the governing body.
2
ISAs – Summaries and Application Guide
ISA 260
When all of those charged with governance are involved in managing the entity:
This may happen in small entity. The matters need not be communicated again with those same
person, provided auditor is satisfied that matter is communicated to all persons with governance
responsibilities.
LO 3: MATTERS TO BE COMMUNICATED:
Matters required by ISA 260:
Auditor is required to communicate following matters to TCWG:
The Auditor’s Responsibilities in Relation to the Financial Statement Audit:
 The auditor is responsible for forming and expressing an opinion on the financial
statements
 The audit of the financial statements does not relieve management or TCWG of their
responsibilities
Planned Scope and Timing of the Audit:
 How the auditor plans to address significant and higher risk of material misstatements.
 The auditor’s approach to internal control
 application of the concept of materiality
 Planned use of work of internal auditor, or use of internal auditor to provide direct
assistance.
 Nature and use of specialized skills needed, include use of expert.
 Auditor’s preliminary views about Key Audit Matters.
Communication regarding planned scope and timing of audit helps auditor to better understand
entity; and also helps TCWG to better understand issues like Risk, Materiality and areas in which
they may want auditor to undertake additional procedures.
Significant Audit Findings:
 The auditor’s views about qualitative aspects of the entity’s accounting practices.
 Significant difficulties, if any, encountered during the audit
 Circumstances affecting form and content of auditor’s report.
 Significant matters discussed with management, and requested written representation (if
TCWG are different from management).
Auditor Independence (for listed entities):
 A statement that engagement team has complied with ethical requirements including
independence.
 Situations creating threat to independence (e.g. fee for assurance and non-assurance
services), and related Safeguards.
3
ISAs – Summaries and Application Guide
ISA 260
LO 4: THE COMMUNICATION PROCESS:
Establishing the communication process:
Communication with TCWG:
The auditor shall communicate with TCWG
 Form of communication
 Who from auditors will communicate whom from TCWG.
Communication with Management:
It may be necessary to discuss some matters to management (or internal auditors) before
communication with TCWG unless inappropriate (e.g. issues regarding competence and integrity of
management).
Communication with Third Parties:
TCWG may provide communication by auditor to third parties, therefore, auditor should include in
his communication:
 restriction on use and distribution, and
 disclaimer of responsibilities to third parties.
Auditor will need prior approval of TCWG to provide copy of communication to third parties, unless
required by law.
Forms of communication:
Matters relating to auditor’s independence will be communicated in writing.
Other matters may be communicated:
 orally or
 in writing (if oral communication is not adequate), considering significance of the matter,
legal requirement, effect on report.
Timing of communication:
Matter(s) should be communicated on timely basis. What is appropriate timing, depends on nature
and significance of the matter, and other factors e.g.
 Planning matters may be communicated at start of the engagement.
 Significant difficulties encountered during audit (e.g. significant misstatements, scope
limitations or deficiencies in internal control) are communicated as soon as practicable.
LO 5: DOCUMENTATION:
Where matters required by this ISA to be communicated are communicated orally, the auditor shall
include them in the audit documentation, and when and to whom they were communicated (e.g.
through minutes of the meeting prepared by entity).
Where matters have been communicated in writing, the auditor shall retain a copy of the
communication as part of the audit documentation
4
ISAs – Summaries and Application Guide
ISA 260
APX 1: SPECIFIC REQUIREMENTS IN OTHER ISAS TO COMMUNICATIONS WITH
TCWG:
Standard
ISQC 1, “Quality Control for
Firms…..”
Required matter to communicate to TCWG
Identity and role of engagement partner

ISA 240 “Fraud”.



ISA 250 “Consideration of
laws…”
ISA 265 “Communicating
deficiencies in …”.
ISA 450 “Evaluation of
misstatements…”
ISA 505 “External
confirmation”
ISA 510 “Initial Audit
Engagement ….”
ISA 550 “Related Parties”
ISA 560 “Subsequent
Event”
ISA 570 “Going Concern”.
ISA 600 “Group Audit”
ISA 610 “Internal Auditor”
ISA 701 “Key Audit
Matters”
ISA 705 “Modified Opinion”
ISA 706 “EOM/OM
Paragraphs”
ISA 710 “Comparative
Information…”
ISA 720 “Other
Information”

Inquiring TCWG whether they have knowledge of any actual, suspected or alleged
fraud affecting the entity
If auditor identifies fraud or obtains information indicating fraud.
Decision of withdrawal and reason of withdrawal if auditor withdraws from
engagement
Inquiring TCWG whether they have knowledge of any non-compliance with laws
affecting the entity
If auditor identifies non-compliance or obtains information indicating noncompliance.
Significant deficiencies in internal control identified during the audit
Uncorrected misstatements affecting opinion, individually (if individually material), or in
aggregate (if individually immaterial).
If the auditor concludes that management’s refusal to allow the auditor to send a
confirmation request is unreasonable
If misstatement in opening balance is identified which affects current period.
Non-disclosure of significant related party or transaction.
significant related party transactions that have not been appropriately approved
Disagreement with management regarding the accounting for and disclosure of
significant related party transactions

Non-compliance with applicable law or regulations prohibiting or restricting
specific types of related party transactions

Inquiring TCWG whether they have knowledge of any subsequent event affecting
the entity

If auditor identifies subsequent event after the date of auditor’s report.

If misstatement is identified after issuance of audit report or financial statements.
Events or conditions casting doubt on entity’s ability to continue as going concern.
Overview of work to be performed on components.
Planned use and involvement in work of component auditor
how the external auditor has planned to use the work of the internal audit function



KAMs to communicate in audit report.
If management imposes scope limitation.
If auditor expects to modify his opinion.
If auditor withdraws from engagement.
Wording of EOM/OM if auditor expects to include in audit report.
If a misstatement is identified in prior period financial statements.
Uncorrected misstatement in other information.
In a given case study, examiner may require you to identify which matters are required to be reported to TCWG.
5
ISAs – Summaries and Application Guide
ISA 265
ISA 265
COMMUNICATING DEFICIENCIES IN
INTERNAL CONTROL
LO #
LEARNING OBJECTIVE
INTRODUCTION (SCOPE, OBJECTIVE, AND
DEFINITION)
DETERMINE WHETHER DEFICIENCY HAS BEEN
IDENTIFIED
SIGNIFICANT DEFICIENCIES IN INTERNAL
CONTROL
COMMUNICATION OF DEFICIENCIES IN
INTERNAL CONTROL TO MANAGEMENT
COMMUNICATION OF DEFICIENCIES IN
INTERNAL CONTROL TO TCWG
CONTENT OF WRITTEN COMMUNICATION OF
SIGNIFICANT DEFICIENCIES IN INTERNAL
CONTROL
LO 1
LO 2
LO 3
LO 4
LO 5
LO 6
1
APPLICATION
REQUIREMENTS PARAGRAPHS
1–6
N/A
7
A1–A4
8
A5–A11
10
A19–A27
9
A12–A18
11
A28–A30
ISAs – Summaries and Application Guide
ISA 265
LO 1: INTRODUCTION (SCOPE, OBJECTIVE, AND DEFINITION):
This ISA specifies which identified deficiencies in internal control the auditor is required to
communicate to management and TCWG.
LO 2: DETERMINE WHETHER DEFICIENCY HAS BEEN IDENTIFIED:
The auditor shall determine whether, on the basis of the audit work performed, the auditor has
identified one or more deficiencies in internal control.
For this purpose, auditor may discuss the relevant facts and circumstances of the auditor’s findings
with the appropriate level of management.
LO 3: SIGNIFICANT DEFICIENCIES IN INTERNAL CONTROL:
If a deficiency is identified by auditor shall determine whether it constitutes significant deficiency.
Following are matters to consider whether deficiency is significant:
 Likelihood of misstatement.
 Magnitude of misstatement.
 Volume of activities exposed to deficiency.
 Importance of control.
LO 4: COMMUNICATION OF DEFICIENCIES IN INTERNAL CONTROL TO
MANAGEMENT:
The auditor shall communicate to appropriate level of management (on a timely basis):
1. In writing, significant deficiencies in internal control that the auditor intends to
communicate to TCWG.
2. Other deficiencies in internal control identified during the audit that have not been
communicated to management by other parties and that, in the auditor’s professional
judgment, are of sufficient importance.
Ordinarily, the appropriate level of management is the one that has responsibility and authority to
evaluate the deficiencies in internal control and to take the necessary remedial action
Deficiencies communicated in prior period:
Significant Deficiencies:
If such deficiencies are uncorrected, auditor is required to repeat the communication (or to refer to
previous communication).
Other Deficiencies:
Auditor need not communicate deficiencies (other than significant) in internal control to
management if:
 it has been previously communicated to management by auditor in prior periods
 it has been previously communicated to management by other parties, such as the internal
audit function or regulators
2
ISAs – Summaries and Application Guide
ISA 265
However, if management fails to correct previously identified deficiencies, this may become a
significant deficiency requiring communication with TCWG.
LO 5: COMMUNICATION OF DEFICIENCIES IN INTERNAL CONTROL TO TCWG:
The auditor shall communicate in writing significant deficiencies in internal control identified
during the audit to those charged with governance on a timely basis
When to issue communication:
Auditor may communicate these orally in the first instance to management and, when appropriate,
to those charged with governance to assist them in taking timely remedial action.
 For listed entities in certain jurisdictions, TCWG may need to receive the auditor’s written
communication before the date of approval of the financial statements to discharge specific
responsibilities in relation to internal control for regulatory or other purposes.
 For other entities, the auditor may issue the written communication at a later date (subject
to ISA 230’s requirement to complete the assembly of the final audit file)
LO 6: CONTENT OF WRITTEN COMMUNICATION OF SIGNIFICANT DEFICIENCIES
IN INTERNAL CONTROL:
The auditor shall include following in the written communication of significant deficiencies:
 A description of the deficiencies (significant deficiencies may be grouped together for
reporting purposes where it is appropriate to do so)
 explanation of their potential effects
 explanation of context of information
The auditor may also include in the written communication suggestions for remedial action on the
deficiencies, management’s actual or proposed responses, and a statement as to whether or not the
auditor has undertaken any steps to verify whether management’s responses have been
implemented.
3
ISAs – Summaries and Application Guide
ISA 315
ISA 315
RISK ASSESSMENT
LO #
LEARNING OBJECTIVE
RISK
ASSESSMENT
PROCEDURES
AND
RELATED ACTIVITIES
THE REQUIRED UNDERSTANDING OF THE
ENTITY AND ITS ENVIRONMENT, INCLUDING
THE ENTITY’S INTERNAL CONTROL
IDENTIFYING AND ASSESSING THE RISKS OF
MATERIAL MISSTATEMENT
LO 1
LO 2
LO 3
LO 4
DOCUMENTATION
1
APPLICATION
REQUIREMENTS PARAGRAPHS
5–10
A1–A24
11–24
A25–A121
25–31
A122–A152
32
A153–A156
ISAs – Summaries and Application Guide
ISA 315
LO 1: RISK ASSESSMENT PROCEDURES AND RELATED ACTIVITIES:
Risk Assessment Procedures and Related Activities:
Auditor shall perform risk assessment procedures to obtain understanding of Entity, and Internal control to
identify and assess the risk of material misstatement, at assertion level and financial statement level.
 Benefits of obtaining understanding of entity and its internal control:
o
o
o
o
o
To assess Inherent Risk and Control Risk (i.e. Risk of material misstatement)
To identify Significant Risks (i.e. risks which require special audit considerations)
To determine materiality
To determine nature, timing and extent of further audit procedures
To determine appropriateness of accounting policies and estimates
 Extent and Depth of understanding required:
Extent and depth of understanding to be obtained depends on professional judgment of auditor. It may be
less than that possessed by management but should be sufficient enough to identify and assess the risk of
material misstatement.
 Risk Assessment Procedures:
o
o
o
Inquiries of management, internal audit function and others within the entity
Observation, and Inspection
Analytical procedures
 Related Activities:
o
o
o
o
Information obtained from client acceptance and continuance process
Information obtained from other engagement for the entity
Information obtained from previous audits
Discussion among engagement team
Explanation:
Inquiry of management:
Much of the information obtained by the auditor’s inquiries is obtained from management and those
responsible for preparation of financial statements.
Inquiry of Internal audit function:
Auditor may inquire of chief internal audit executive or others within internal audit function to obtain
information about entity’s risk assessment process, control deficiencies, and matters raised with TCWG.
Auditor may also consider to reading reports of internal audit function.
Inquiry of others within the entity:
Inquiry to
TCWG
Employees
Marketing /Sales Personnel
Purpose
To understand environment in which financial statements are prepared.
To understand process of initiation and recording of transactions
To understand sales trends and contractual agreements with customers
In-House Legal Counsel
To understand compliance with laws/regulations, litigation and fraud
Production Department
To understand operations and productions
To obtain information about operational and regulatory risks affecting financial
statements.
To obtain information about system changes, system or control failures or other
risks.
Risk management function
Information system personnel
2
ISAs – Summaries and Application Guide
ISA 315
Observation and Inspection:
Observation and Inspection support inquiries and also provides further information about entity. Examples
include:
 Observation of Entity’s Premises and Plant facilities
 Observation of Entity’s operations
 Inspection of documents (e.g. Business Plans, Strategies, SOPs, Internal Controls, etc.)
 Inspection of Reports by Management (e.g. Interim financial statements and minutes of meetings)
Analytical Procedures:
Analytical procedures performed as risk assessment procedures identify Unusual or Unexpected
relationships and amounts which may indicate existence of error/fraud. Analytical procedures performed as
risk assessment procedures may include both financial and non-financial information.
Information Obtained in Prior Periods:
Information obtained in prior periods may also be relevant and may be used by auditor in current period e.g.
information about following matters:
 Use of risk assessment procedures performed last year
 Use of tests of controls performed last year
 Use of substantive procedures performed last year
ISA – 330 provides guidance on use of information obtained in prior periods.
Discussion among the Engagement Team:
Objectives/Benefits:
1. More experienced members share their insights based on their knowledge of the entity.
2. Team members exchange information about the business risks of entity and how financial
statements may be misstated.
3. Team members gain a better understanding of audit risk in specific areas assigned to them, and how
the results of their work can affect other aspects of audit.
4. Team members communicate and share new information obtained throughout the audit that may
affect the audit risk or audit procedures
What is discussed:
Business Risks, Audit Risks, Professional Skepticism, Fraud consideration, application of AFRF on entity, New
information during audit affecting risk and audit procedures
When:
It also depends on professional judgment. Usually this discussion starts from planning phase and there may
be further discussions throughout the audit to exchange ongoing information.
Who is involved:
It is a matter of professional judgment as to which members to include. Usually Key members of engagement
teams are included. All members are not necessary. Involvement of Expert and auditors of components is also
considered.
3
ISAs – Summaries and Application Guide
ISA 315
LO 2: THE REQUIRED UNDERSTANDING OF THE ENTITY AND ITS
ENVIRONMENT, INCLUDING THE ENTITY’S INTERNAL CONTROL:
The Entity and Its Environment:
Auditor is required to obtain understanding of entity. This understanding shall cover following:
1) Entity’s Environment
2) Nature of entity
3) Entity’s Selection and Application of Accounting Policies
4) Objectives, Strategies and related Business Risks
5) Measurement and Review of entity’s Financial Performance
Industry, Regulatory and Other External Factors:
Auditor shall consider following factors in obtaining understanding of entity’s environment:
Industry Factors
Regulatory Factors
Other External Factors
Market and competition
Applicable legislation and
General economic conditions
regulation
Seasonal activity
Taxation Laws
Interest rates
Product technology
AFRF
Inflation rate
Energy supply and cost
Industry-specific practices
Availability of financing
Government policies (monetary
Currency revaluation
policy, fiscal policy, foreign
exchange policy)
Nature of the Entity:
Examples of matters that the auditor may consider when obtaining an understanding of the nature of the
entity include:
Operations and
Investment and Investing Activities
Finance and Financing Activities
Operating Activities
–Types of products or –Acquisitions or disposal of property, –The entity’s ownership structures
services, and markets
plant and equipment (executed or (e.g. who are owners)
–Location of production planned)
–The way entity is financed (e.g.
facilities
and –Investments and dispositions of shares debts, leasing etc)
warehouses.
and debentures (executed or planned)
–Common control relationship (e.g.
–Key customers and –Investments in partnerships, joint parents, subsidiaries, associates etc.)
suppliers
ventures and special-purpose entities
The Entity’s Selection and Application of Accounting Policies:
It is auditor’s responsibility to evaluate that selection and application of accounting policies is in accordance
with AFRF and Industry.
Particular focus should be on:
 Accounting policies for significant, controversial or unusual areas e.g. for derivative securities
 Change in accounting policies
 Newly adopted or to-be-adopted accounting standards, laws and regulations
Objectives and Strategies and Related Business Risks:
Each entity sets its Objectives and strategies to achieve those objectives. But there is always a risk that entity
will not be able to achieve its objectives, this risk is called Business Risk.
4
ISAs – Summaries and Application Guide
ISA 315
Following are the examples of matters that auditor should consider while obtaining understanding of entity’s
business risks:
Matter
Business Risk
Audit
Risk
(Risk
of
Material
misstatement)
Industry/Technology
Entity may not have personnel Performance may be misstated.
Development
or expertise to deal with
changes in industry
Expansion of Business
– Products become faulty.
– NRV/Warranties/Contingencies for faulty
(New products/locations)
– Demand may not be
products may not be incorporated.
estimated accurately.
– Impairment of Assets may not be recorded.
New accounting
Lack of personnel with
Inappropriate treatment of accounting
requirements or New
appropriate accounting and
requirements
Personnel
financial reporting skills.
Increased regulatory
Non-compliance with laws and Going concern assumption may not be
requirements
regulations and
appropriate
Increased Legal cost
Current/Prospective
Loss of financing due to the
Going concern assumption may not be
Financing Requirements
entity’s inability to meet
appropriate
requirements
Use of IT
-Hardware and software (or
Duplicate/omitted/wrongly processed
System and Process) may not
transactions
be compatible
-Breakdown of system
Measurement and Review of the Entity’s Financial Performance:
Following are different ways used to measure and review entity’s performance by management and external
parties (e.g. analysts and credit rating agencies):
i.
Key Performance Indicators (e.g. Sales, Profit, Assets, Number of branches/customers)
ii.
Ratios (e.g. EPS, G.P. ratio, N.P. ratio etc.)
iii.
Performance/Variance Analysis (prior year, with budget, with industry average)
Reason of understanding:
Performance measures create pressure on management and in turn management may be motivated to
improve the performance or misstate the financial performance particularly when there is some
pressure/incentive to meet such unrealistic targets e.g. an unusual growth/profitability indicate a risk of
misstatement in financial statements particularly when there are contingent compensations or requirements
of a debt-covenant.
The Entity’s Internal Control:
Auditor is required to obtain understanding of Internal Control (relevant to audit).
General Nature and Characteristics of Internal Control:
 Purpose of Internal Control:
“Internal Control means policies and procedures designed, implemented and operated by management
and TCWG (to address business risks) to provide reasonable assurance about achievement of entity’s
objectives with regard to:
o Reliability of the entity’s financial reporting
o Effectiveness and efficiency of its operations
o Compliance with applicable laws and regulations
5
ISAs – Summaries and Application Guide
ISA 315
 Limitations of Internal Control:
Internal control cannot provide absolute assurance because of following inherent limitations:
o Breakdowns caused by human errors
o Cost-benefit trade off may not justify a control
o Segregation of duties in smaller entities not possible.
o Often Judgments are involved in risk assessment, and implementation of control which can be
faulty
o Management may also override the controls
o Circumvented intentionally through collusion
 Characteristics of Manual and Automated Elements of Internal Control:
Benefits in IT system:
An IT system can have many benefits (e.g. Performing complex calculation, Accuracy and Timeliness of
information, Facilitates additional analysis, Handles large volume of transactions, Facilitates monitoring).
Risks in IT system:
However there are specific risks which IT poses to system (e.g. Failure to make changes when required,
Unauthorized changes to data or programs, IT personnel gaining more than necessary privileges and
breaking segregation of duties, Potential loss of data, Inability to access data, Unauthorized access to data,
Inaccurate processing in system).
Controls in IT system:
Controls in an IT system could be classified into Manual Controls and Automated Controls. A programmed
control is performed by computer software (e.g. validation checks). A manual control is performed by
people (e.g. Authorization, Review, Reconciliations).
Manual system is better in following circumstances:
 Large, unusual or non-recurring transactions
 When errors are difficult to define and anticipate
 Changing circumstances requiring extra controls
 In monitoring the effectiveness of automated controls
Automated system is better in following circumstances:
 High volume or Recurring transactions
 Where automation of controls is possible
Controls in an IT system could be classified into General Controls, and Application Controls (to be
explained in component of control activities).
Controls Relevant to the Audit:
Following are general rules used by auditors in determining which controls are relevant:
1) Usually controls related to financial reporting are relevant to audit, however not all controls related
to financial reporting are relevant.
2) Controls relating to operations and compliance objectives may be relevant when they relate to the
data which auditor uses in audit procedures (e.g. in Analytical Procedures)
3) Controls related to completeness and accuracy of information produced by entity may be relevant if
auditor intends to use them in further audit procedures (e.g. related parties information)
Nature and Extent of the Understanding of Relevant Controls:
In obtaining understanding of controls, auditor shall evaluate whether controls have been DESIGNED and
IMPLEMENTED.
Understanding of Internal Control means evaluating design (i.e. whether it is able to prevent/detect/correct
misstatements) and implementation (i.e. whether control exists and entity is using it) of internal control.
6
ISAs – Summaries and Application Guide
ISA 315
Evaluating operating effectiveness is NOT part of understanding controls. It is called Test of Controls.
Components of Internal Control:
 Control Environment
Control environment includes awareness and actions of TCWG and management regarding entity’s
internal control and its importance in the entity. It provides an atmosphere in which people conduct their
activities and carry out their control responsibilities.
Elements of Control Environment and how they can be evaluated:
Elements
Evaluation
Participation
by
TCWG “Tone at the top” should observe following:
(Board of Directors or Audit – Independence from management.
Committee)
– Involvement and scrutiny of activities.
– Interaction with internal and external auditors.
– Oversight of ‘whistle-blowing’ procedures.
Integrity and Ethical Values
– Top level should set examples of ethical behavior.
– Ethical requirements should be communicated to staff in written e.g. code
of conduct.
– A disciplinary mechanism should be in place.
– Removing Incentive/Pressure to meet unrealistic targets.
Commitment to Competence
Management should specify the competence levels for particular jobs.
Management’s philosophy and This shows attitude towards risk-taking, risk management, selection of
operating style
accounting policies (e.g. conservative or aggressive).
Organizational structure
Organizational structure (e.g. tall or flat) should be appropriate according
to size and nature of entity’s activities.
Assignment of authority and Authorities and responsibilities should be appropriately assigned and
responsibility
clearly communicated to individuals.
Human resource policies and There should be fair standards for hiring, orientation, training,
practices
compensating, evaluating and promoting.
 The Entity’s Risk Assessment Process
Entities identify business risks by following risk assessment process:
a) Identifying business risks;
b) Determine significance of risks;
c) Determine likelihood of their occurrence; and
d) Determine whether any action should be taken to address those risks.
Auditor shall obtain an understanding of whether or not entity has a Business/Entity Risk Assessment
Process:
 If entity has no Risk Assessment Process or there is ad-hoc process, auditor shall:
o discuss how management identifies and address business risks.
o determine whether absence of process is appropriate or not.
 If entity has a Risk Assessment Process, auditor shall obtain understanding of it. If auditor identifies a
risk which was not identified by entity's risk assessment process, auditor shall consider whether
entity's process is appropriate or deficient.
 The Information System, Including Related Business Processes, Relevant to Financial Reporting, and
Communication
Relevant Information system means methods and processes by which entity obtains, record and presents
transactions. This system could be manual as well as IT.
7
ISAs – Summaries and Application Guide
ISA 315
In obtaining understanding of information system, auditor should consider following areas:
 How information system (both IT and manual)initiates, records, processes and reports significant
classes of transactions
 How the information system captures significant events and conditions (other than transactions)e.g.
depreciation and provision for bad debts
 Related accounting records (manual or electronic) in support of initiation, recording and processing
of transactions
 How entity resolves incorrect processing of transactions e.g. clearing suspense files
 How system bypasses and overriding of controls are accounted for.
 Controls over standard journal entries (e.g. sales, purchases, cash payments) and non-standard
journal entries (e.g. consolidation adjustments, disposal of non-current assets, impairment of assets)
 Control Activities Relevant to the Audit
Control activities are the policies and procedures that help ensure that management directives are carried
out. Auditor shall obtain an understanding of control activities/procedures relevant to audit (including
control activities on risks arising from I.T.) to assess risk at assertion level.
Controls Activities/Procedures may be categorized as follows:
 Authorization (e.g. Authorization of Expenses)
 Physical controls (e.g. physical security measures for assets and periodic verification)
 Performance Reviews (e.g. Variance Analysis with budget/last year)
 Information Processing Controls (e.g. IT General Controls and IT Application Controls)
 Segregation of duties (e.g. separating receiving, recording and custodian functions)
Controls in these Control Activities could be:
1. Preventative (e.g. Authorization for stock issue)
2. Detective (e.g. physical verification of stock)
3. Corrective (e.g. follow up of exceptions)
Controls in IT system could be:
1. Application controls:
Application controls are those controls that operate at assertion level and relate to the processing of
transactions in individual applications. Application controls help to ensure that transactions are
properly authorized, accurately processed and timely distributed.
2.
IT General Controls:
General Controls are those controls that operate at financial statement level and relate to all or many
applications. General Controls help to ensure the effective functioning of application controls.
 Monitoring of Controls
Monitoring of controls is a process to assess the effectiveness of internal control performance and taking
necessary remedial actions.
The auditor shall obtain an understanding of the major activities used by entity to monitor internal control
over financial reporting and how the entity initiates remedial actions to deficiencies in its controls.
If the entity has an internal audit function, auditor shall obtain an understanding of:
 Objectivity of Internal Audit Function (evaluating its organizational status)
 Nature (i.e. objectives and scope) of the work of internal audit function
 Activities performed by internal audit function
8
ISAs – Summaries and Application Guide
ISA 315
LO 3: IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT:
There are two levels of risk of material misstatement i.e. at Financial Statement Level and at Assertion Level.
Assessment of Risks of Material Misstatement at the Financial Statement Level:
Risks at the financial statement level refer to risks that affect financial statements pervasively and potentially
affect many assertions.
Consideration of Risk at Financial Statement Level assists an auditor to:
 Determine overall Audit Strategy
Assessment of Risks of Material Misstatement at the Assertion Level:
Risk at assertion level refers to risks that do not affect financial statements pervasively and affect only
specific identifiable assertions.
Consideration of Risk at Assertion Level assists an auditor to:
 Determine Audit Plan/Audit Program/Audit Procedures
Examples of Risk of Material Misstatement
Levels
Components
Due
to
Inherent
Risk
Due
to
Control Risk
At Financial Statements Level
At Assertion Level
-Adverse economic and competitive conditions
-Hi-tech, complex industry
-Liquidity or Going concern problem
-Weak control environment.
- High turnover of senior finance team members.
-Complex transactions and calculations
-Estimates, judgments, uncertainties in
account balance or classes of transactions
-Not preparing BRS
-Not sending monthly statements to
debtors
Assertions about classes of transactions, account balances, and related disclosures:
Assertions about account balances at the period end:
1. Existence i.e. recorded assets, liabilities, and equity actually exist.
2. Rights and obligations i.e. entity holds or controls the rights to assets, and liabilities are obligations
of entity.
3. Accuracy, Valuation and allocation i.e. assets, liabilities, and equity are included in the financial
statements at appropriate amounts; and adjustments relating to valuation/allocation have been
recorded.
4. Completeness i.e. all assets, liabilities and equity that should have been recorded, have been
recorded.
5. Classification i.e. assets, liabilities and equity have been recorded in the proper accounts.
6. Presentation i.e. assets, liabilities and equity are appropriately aggregated or disaggregated, and
disclosures are according to AFRF.
Assertions about classes of transactions and events for the period:
1. Occurrence i.e. all transactions and events, that have been recorded, have actually occurred and
pertain to the entity (i.e. there is no overstatement).
2. Accuracy i.e. amounts and other data relating to transactions and events have been recorded
appropriately.
3. Cutoff i.e. transactions and events have been recorded in correct accounting period.
4. Completeness i.e. all transactions and events, that should have been recorded, have been recorded
(i.e. there is no understatement).
5. Classification i.e. transactions and events have been recorded in the proper accounts.
6. Presentation i.e. transactions and events are appropriately aggregated or disaggregated, and
disclosures are according to AFRF.
9
ISAs – Summaries and Application Guide
ISA 315
Significant Risks:
Identifying Significant Risks:
“An identified and assessed risk of material misstatement that, in the auditor’s judgment, requires special
audit consideration.”
Factors to consider in exercising judgment as to which risks are significant risks:
 Significant non-routine transactions
 Judgmental Matters
 Risk of material misstatement due to fraud
 Risk related to recent economic, accounting or other development
 Complexity of transactions
 Significant related parties’ Transactions
Significant risks are assessed before consideration of any mitigating controls so they are based on the
inherent risk only.
Understanding Controls Related to Significant Risks:
If auditor identifies any Significant Risk, auditor shall obtain understanding (i.e. design and implementation)
of controls (including Control Activities) relevant to that risk.
Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate Audit
Evidence:
Example:
When there are numerous and significant transactions, with highly automated processing and little or no
manual intervention.
Auditor’s Procedures:
If substantive procedures alone do not provide sufficient appropriate audit evidence, auditor is also required
to test the entity’s controls over the completeness and accuracy of the recording.
Revision of Risk Assessment:
During the audit, information may come to the auditor’s attention that differs significantly from the
information on which the risk assessment was based.
The auditor shall revise his assessment of risks of material misstatement, and shall modify the audit
procedures if there is additional evidence from further audit procedures which is inconsistent with the
evidence on which auditor based his original assessment e.g.
 In performing tests of those controls, the auditor may obtain audit evidence that they were not
operating effectively at relevant times during the audit.
 In performing substantive procedures, the auditor may detect misstatements in amounts or
frequency greater than original assessment
LO 4: DOCUMENTATION:
Auditor shall document following:
 The discussion among the engagement team, and the significant decisions reached;
 Risk assessment procedures performed, and key elements of the understanding obtained regarding
each of the aspects of the entity and of each of the internal control components
 The identified risks at the financial statement level and at the assertion level.
 Significant risks and risks for which substantive procedures alone do not provide sufficient
appropriate audit evidence, and related controls.
10
How to attempt Case Studies
Risk Assessment and Response to Risks
SALES ***
*** Similar approach is applicable on Purchases.
Occurrence of Sales:
Circumstances which increases risk:

Unusual growth of sales

Bonus on achievement of sale target
Evaluation of Risk


Revenue may be overstated to meet
expectations or targets.

Key Audit Procedures
Perform tests of controls over recording of revenue.
Checked sales recorded at year end and credit notes issued after the year
end, to assess whether these have been recorded in appropriate periods.
For sales recorded during the year, select a sample of significant sales
recorded, and inspect sales orders, sales invoices, GDN and other underlying
documents.
Completeness of Sales:
Circumstances which increases risk:

Unusual decrease in sales
Evaluation of Risk
There is a risk that some of the goods
despatched may not have been
recorded.



Key Audit Procedures
Select a sample of Goods Desptach Notes and check their recording in sales
account.
Perform cut-off test on sales.
Send confirmation letters to major debtors with low balance.
Accuracy of sales:
Income is received (or expense is paid) in advance:
Evaluation of Risk
Income may be recorded when cash is
received, instead of when risk and
rewards are transferred.


Key Audit Procedures
Perform tests of controls to ensure that cash received is recorded as
deferred revenue, and subsequently recorded as sales when risks and
rewards are transferred.
Perform cut-off tests on sales.
INVENTORY
Valuation of inventory:
Circumstances which increases risk:

Decrease in sales/demand (due to change in fashion/technology or launch of new products)

Long-standing inventory/increase in inventory turnover ratio

Defective goods in inventory

Cost of production increases, or Sale price decreases.

If product is malfunctioning,

New products are launched by company or competitor.

Contract of specialized inventory is cancelled or customer goes bankrupt.

Defective goods returned by customers.
1
How to attempt Case Studies
Risk Assessment and Response to Risks
Evaluation of Risk

Due to ______, there is risk that NRV of
inventory may be lower than its cost.



Key Audit Procedures
Inquire client about calculation of NRV of inventory, and check
reasonableness of the basis of calculations (e.g. subsequent sale price of
inventory).
Obtain the aging analysis of inventory. Test its accuracy and identify any
slow-moving/obsolete inventory which needs to be written down to its
NRV.
Compare NRV of each inventory item to its cost.
Physical verification for damaged items.
Existence of Inventory:
Circumstances which increases risk:

Inventory is held at various locations or

Inventory is held with third party or
Evaluation of Risk

It is difficult to verify existence and
completeness of inventory if ……………

Key Audit Procedures
Select a sample of locations to be physically inspected by auditor.
Conduct simultaneous stock checking for selected locations.
For locations not selected for stock-count, compare inventory level
with previous periods. Obtain working papers of internal auditors, if
relevant.
FIXED ASSETS
Additions to fixed assets:
Circumstances which increases risk:

Major fixed assets purchased during the year.

Significant capital expenditures incurred during the year.
Evaluation of Risk

There may be misclassification
between
capital
and
revenue
expenditure. Further, there may also be
implications on depreciation expense
because of this misclassification.





Key Audit Procedures
Check approval of fixed assets acquired purchased or capital
expenditure incurred during the year.
Perform tests of details on additions to PPE, and perform physical
verification of PPE acquired.
Select a sample of cost incurred, and check with supporting
documents to ensure expense has been properly classified.
Inspected supporting documents to ensure it has been capitalized
from date when asset was ready for intended use.
Assessed reasonableness of useful life of fixed asset.
Tested calculation of depreciation expense.
Revaluation of PPE:
Circumstances which increases risk:

Revaluation policy adapted by management.
Evaluation of Risk
Process of valuation is a highly
complex and judgmental process which
involves assumptions and methods
affected by future economic and
market conditions.
2
Key Audit Procedures
 Assessed competence, capability and objectivity of expert.
 Obtained revaluation report from valuer and check source data,
assumptions and methodologies used, and conclusions.
 Ensured that revaluation is properly accounted for and disclosed in
financial statements.
How to attempt Case Studies
Risk Assessment and Response to Risks
Impairment of Machinery:
Circumstances which increases risk:

Decrease in sales/demand of inventory

Faults in production process (e.g. increase in scrap/wastage of inventory during production)

Destroyed or Unused or Under-utilized Fixed Assets.
Evaluation of Risk
Due to ____, Value in use of asset may
have decreased which is an indication
of impairment.



Key Audit Procedures
Ask management to carry out impairment review.
Obtain working of client relating to impairment and review source data and
assumptions to check their reasonableness.
Consider involving use of expert to verify working of impairment loss.
Classification as Non-current assets held for sale under IFRS – 5:
Circumstances which increases risk:

Closure of a factory
Evaluation of Risk
Due to closure of a factory, there may
be non-current assets held for sale.
This is a non-routine transaction,
involving significant management
judgments. Further, there are also
requirements regarding determination
of fair value, presentation and
disclosures relating to assets held for
sale.
Key Audit Procedures





Read minutes of board meeting to check approval to sell assets.
Review steps taken by management to sell the assets e.g. any
correspondence or agreement with prospective buyer.
Check whether non-current assets held for sale are
o Measured at lower of carrying amount and fair value less costs to sell.
o Presented separately in balance sheet under Current Assets.
o No more depreciated.
Obtain valuation report of expert to confirm fair value of assets.
Check that discontinued operations are separately presented, and disclosed.
DEBTORS
Valuation of debtors:
Circumstances which increases risk:

Increase in Debtors’ turnover ratio

Increase in Debtors/Receivables

Dispute with debtors
Evaluation of Risk

Receivables have become doubtful and
full recovery is not expected.


Key Audit Procedures
Obtain understanding and test internal controls over debtors (e.g. approval
and review of credit limit, receivables’ aging report, and credit period).
Checked subsequent receipts of cash.
Assess appropriateness of provision for bad debts by comparing it with
previous years, with industry and with subsequent status.
Valuation of Foreign Currency Receivables/Payables:
Circumstances which increases risk:

Imports and Exports
Evaluation of Risk
Changes in rates of FCY at year end
may not be recorded, or may be
wrongly recorded in Purchases/Sales
instead of charging as income/expense
in P & L.
3
Key Audit Procedures
 If there are goods in transit at year end, inspect their respective purchase
orders and ensure that rights and rewards have been transferred in respect
of inventory.
 Perform tests of controls to ensure that appropriate exchange rates are used
in translation of foreign currency.
 Ensure that any gain/loss on closing balances of foreign currency are
correctly recognized as per IFRS.
 Review the insurance policies at year end to ensure they Goods-in-transit are
adequately covered.
How to attempt Case Studies
Risk Assessment and Response to Risks
CREDITORS
Completeness of creditors:
Circumstances which increases risk:

Decrease in creditors’ ratio.

Decrease in creditors.
Evaluation of Risk
Decrease indicates understatement of
creditors.




Key Audit Procedures
Send confirmation letters to major creditors having low balance.
Perform cut-off test on purchases.
Review pending Goods Received Note, to identify any purchase not
recorded.
Review significant payments made after the year to identify if any payment
relates to current year.
PROVISIONS
Provision for warranty:
Circumstances which increases risk:

Company provides warranty to its customers.

Increase in warranty period/complains.

Malfunctioning of products

Not in alignment with sales
Evaluation of Risk
Estimated expense for provision of
warranty may not be reasonable
considering warranty period, level of
sales, or complains by customers.



Key Audit Procedures
Review warranty claims after the year.
Review client’s working for warranty provision, and check appropriateness
of assumptions in the current situations.
Consider need to engage an expert to calculate warranty provision.
Provision for restructuring/ staff termination:
Circumstances which increases risk:

Closure of a factory.
Evaluation of Risk
Due to announcement of closure of a
factory before year-end, there is a risk
that restructuring provision is not
appropriately recorded in respect of
employees who were made redundant.




Key Audit Procedures
Obtain working papers prepared by client for restructuring provision.
Obtain list of redundant employees and ensure all of them are included in
calculation.
Inquire from terminated employees/labour union regarding agreed
termination payments.
Inspect appointment letters.
Provision for Onerous contracts:
Circumstances which increases risk:

Loss making non-cancellable contracts
Evaluation of Risk
Management may not have recorded
appropriate amount of loss on noncancellable contract.
4




Key Audit Procedures
Review the sale agreement to confirm sale price.
Review purchase agreement and other components of cost to confirm the
purchase price.
Ensure cost exceeds sale price.
Review sale agreement to confirm if there is any right to cancel the
agreement and any penalty clause.
Risk Assessment and Response to Risks
How to attempt Case Studies
Provision for Legal cases:
Circumstances which increases risk:

unfair dismissal of staff

serious accident damaging environment or injuring people

malfunctioning of product
Evaluation of Risk
Key Audit Procedures
Circularize confirmation to company’s external legal consultants for their
views on pending litigations, and discussed the rationale and justification of
their views.
Use our own legal expert to consider the level of provision required
considering nature of case, legal precedents, and company’s
correspondence with opponents.
Analyze significant changes from prior period.
Assess the adequacy of disclosures related to pending litigations in notes to
the accounts.

There is judgment involved to assess
the outcome (i.e. level of provisions
and disclosures) of pending litigations.
Complete provision or disclosure may
not have been recorded by client.



INTANGIBLE ASSETS
Existence and Valuation of Goodwill:
Circumstances which increases risk:

Business purchased during the year.
Evaluation of Risk
Goodwill may not have been
recognized
and
measured
at
appropriate amount.
Further, annual testing of impairment
of goodwill is a highly complex and
judgmental process
Key Audit Procedures
For recognition:
 Inspect the sale agreement and agree cost of acquisition paid to cash book
and bank statement, and
 Inspect due-diligence report for the acquisition, and ensure that all
identifiable assets have been included and are reasonably valued.
For impairment testing:
 Evaluate appropriateness of assumptions (e.g. sales volume, prices,
operating cost, growth rates) by comparing with our own assessment based
on our knowledge of client and industry.
Recognition of Development Cost:
Circumstances which increases risk:

Product developed/launched during the year.
Evaluation of Risk

There may be misclassification
between Research and Development
costs. Further, development cost may
not have met recognition criteria.



5
Key Audit Procedures
Ensure that development cost is recognized only if criteria is met as
required by IAS – 38.
Discuss the project with management to assess the feasibility of the project,
and obtain representation from management regarding intention to
complete the project.
For a sample of costs, inspect supporting documents e.g. development
contracts, billing and timesheets
Review development cost to verify that cost is appropriately classified and
does not include research expenses.
How to attempt Case Studies
Risk Assessment and Response to Risks
YOU ARE APPOINTED THIS YEAR (FIRST YEAR OF AUDIT)
Risk (What) and Explanation (Why)
Opening Balances:
There may be misstatements in
opening balances, and balances may
not be correctly brought forward.
Further, accounting policies may not be
consistently applied.
Key Audit Procedures (How)



Review predecessor auditor’s working papers (if applicable).
Evaluate whether audit procedures performed in current year provide
evidence about opening balances.
Perform specific procedures to verify opening balances (e.g. review of
previous period's accounting records).
GOING CONCERN UNCERTANITY
Going Concern Uncertainty:
Circumstances which increases risk:

Loss during the year,

Bankruptcy of major customer.

Adverse key financial ratios (e.g. Current ratio, Quick-asset ratio, Debt-equity ratio)

Ceased substantial manufacturing activities

Serious accident damaging environment or injuring people
Evaluation of Risk


There is a risk that entity may not be
able to continue as a going concern.

Key Audit Procedures
Inquire management about its plan to resolve the liquidity issues.
Review management’s plan and analyze the assumptions used by
management to ensure their reasonableness.
Ensure proper disclosure in management regarding material
uncertainty.
RISK OF FRAUD
Risk of Overstatement of Revenue/ Understatement of expenses:
Circumstances which increases risk:

Issue of Shares is planned.

Sale of business is planned.

Contingent remuneration of CFO/CEO.

Other fraud risk factors
Evaluation of Risk


Company may be inclined to show
better results to ………….



6
Key Audit Procedures
Perform analytical review of income and expenses.
Perform cut-off test to ensure transactions have been recorded in correct
period.
Review accounting estimates for reasonableness.
Evaluate selection and application of accounting policies, particularly those
related to subjective measurements..
Check transactions outside the normal course of business.
How to attempt Case Studies
Risk Assessment and Response to Risks
TAX
Tax litigation/Contingencies:
Risk (What) and Explanation (Why)

There are judgments involved to assess
the outcome (i.e. level of provisions
and disclosures) of tax litigations.




Key Audit Procedures (How)
Circularize confirmation to company’s external tax consultants for their
views on tax assessment, and discussed the rationale and justification of
their views.
Use our own tax specialist to consider the level of provision required
considering nature of case, legal precedents, and company’s
correspondence with the tax authorities.
Analyze significant changes from prior period.
Assess the adequacy of disclosures related to tax contingencies in notes to
the accounts.
Review calculation.
Deferred tax assets:
Circumstances which increases risk:

Deferred tax recognized.
Evaluation of Risk
Recognition of deferred tax is a highly
complex and judgmental area which
involves assumptions about future.
Further, it may be difficult for to
generate future taxable profits to
utilize deferred tax asset.
Key Audit Procedures
 Performed substantive procedures on calculation of deferred tax balances,
based on tax regulations.
 Performed analysis of recoverability of deferred tax assets, and evaluated
company’s assumptions and estimates in generating sufficient future
taxable profits.
 Used an internal tax specialist to support us in these procedures.
CUSTOMER LOYALTY PROGRAMS
Risk (What) and Explanation (Why)
Improper
recognition
and
measurement
of
Revenue
&
Provision:
Due to customer loyalty points, there is
risk that provision for loyalty points
may not be estimated and recorded
correctly as per IFRS 15.
Key Audit Procedures (How)



Obtain understanding of management’s process to record revenue and
related liability.
Evaluate reasonableness of management assumption regarding redemption
of points.
Obtain valuation report of expert to confirm amount of liability relating to
loyalty points.
NON-COMPLIANCE WITH LAWS AND REGULATIONS
Risk of Non-compliance with laws and regulations:
Circumstances which increases risk:

New accounting or legal regulations/guidelines.

Implementation of new IT system)

Change in accounting policies
Risk (What) and Explanation (Why)
Changes in reporting and legal
requirements may not be appropriately
met by financial reporting system.
Further, non-compliance may result in
misstatement or penalties.
7
Key Audit Procedures (How)


Review the accounting and reporting requirements according to
new/changed accounting policy or regulatory requirements.
Ensured appropriateness of accounting treatment and disclosures made.
How to attempt Case Studies
Risk Assessment and Response to Risks
NON-COMPLIANCE OF CODE OF CORPORATE GOVERNANCE
Risk (What) and Explanation (Why)
Ineffective Governance Structure:
Management
decisions
are
not
overseen by directors, therefore,
governance structure is likely to be
ineffective.
Key Audit Procedures (How)


Obtain minutes of BOD meeting and audit committee meetings to evaluate
their involvement and role in decision making process.
Inquire about the competencies, skills, knowledge and experience of the
board of directors.
BANK LOAN
Evaluation of Risk

There may be misclassification of loan,
incorrect recording of interest or
inadequate disclosures.
Further, there may be breaches of debtcovenants requirements.




Key Audit Procedures
Ensure proper classification of borrowings between current and noncurrent portion by reviewing loan agreement.
Send confirmation letter to confirm outstanding amounts and other
terms and conditions.
Test calculation of markup.
Assess adequacy of compliance with debt-covenant requirements.
Assess adequacy of disclosures in financial statements.
RELATED PARTY TRANSACTIONS
Evaluation of Risk


There is inherent risk in related party
transactions due to its nature and
significance.



Key Audit Procedures
Obtained understanding of controls over identification, recording and
disclosure of related party transactions. Also, tested such controls.
Inspected minutes of BOD meetings and shareholders’ meetings to
understand nature and approval of transactions.
On a sample basis, compared transactions with related parties with
underlying supporting documents and agreements.
Obtained confirmation (on sample basis) from related parties for
transactions and balances.
Assessed the adequacy of disclosures related to related parties in notes to
the accounts.
INCORRECT RECORDING OF TRANSACTIONS
Risk of incorrect recording of transactions:
Circumstances which increases risk:

Few/overburdened staff in accounting and finance department.

Finance department is working without financial controller (or IT department working without IT manager).

Introduction of new IT system.
Evaluation of Risk
There is a risk of errors due to lack of
segregation of duties/supervision, or
due to inexperienced staff.
8
Key Audit Procedures

Auditor shall place less reliance on internal controls and shall
increase substantive testing.
How to attempt Case Studies
Risk Assessment and Response to Risks
OTHER RISKS
Circumstances which increases risk:

Company deals in large number of products (Segment Reporting)

Recording contingent asset as receivable.

Weak internal controls: e.g. Reconciliations not being prepared (in bank, debtors, creditors, inventory)

Predecessor auditor did not wish to be reappointed (This is an indication of disagreement and/or inappropriate
scope limitation.)

Restricted time schedule for audit (Audit team may not have time to obtain sufficient appropriate audit
evidence.)

Predecessor auditor expressed modified opinion.
Tips:
One information may lead to many risks.
9
ISAs – Summaries and Application Guide
ISA 320
ISA 320
MATERIALITY IN PLANNING AND
PERFORMING AN AUDIT
LO #
LEARNING OBJECTIVE
LO 1
WHAT IS MATERIALITY AND WHY IS IT
DETERMINED
LO 2
HOW IS MATERIALITY DETERMIEND
LO 3
REVISION AS THE AUDIT PROGRESSES
LO 4
CONCEPT OF PERFORMANCE MATEIRALITY
LO 5
DOCUMENTATION
1
APPLICATION
REQUIREMENTS PARAGRAPHS
2, 3, 5, 6
A1 – A2
10
A4 – A8, A11
12, 13
A14
9, 11
A13
14
N/A
ISAs – Summaries and Application Guide
ISA 320
LO 1: WHAT IS MATERIALITY AND WHY IS IT DETERMINED:
What is Materiality:
Items (i.e. misstatements or scope limitation) are considered material if they, individually or in
aggregate, could reasonably be expected to influence the economic decisions of users taken on the
basis of financial statements.
Materiality depends on size (materiality for financial statements as whole), as well as nature of
misstatement (Materiality determined for one or more particular classes of transactions, account
balances or disclosures).
Why is materiality determined:
Concept of materiality is applied by auditor:
 In planning the audit.
o To identify and assess risk of material misstatement.
o To decide nature timing and extent of audit procedures to be performed.
 In evaluating effect of identified misstatements on audit.
 In evaluating the effect of uncorrected misstatements on financial statements and in
forming opinion in auditor’s report.
LO 2: HOW IS MATERIALITY DETERMIEND:
At time of establishing overall audit strategy, auditor is required to determine materiality for the
financial statements as a whole. Materiality can be determined on the basis of Size (Quantitative
materiality) as well as Nature (Qualitative materiality).
How Materiality is determined Quantitatively:
A percentage is applied to a chosen benchmark i.e.
Materiality = Chosen Benchmark * Chosen Percentage
Choice of Benchmark:
Choice of Benchmark is a matter of professional judgment. Following factors are considered when
identifying an appropriate benchmark:
 Elements of Financial Statements (e.g. profit before tax, gross profit, total revenue, total
expenses, total assets, total equity)
 Nature of entity:
o If profit oriented, materiality will be based on profit before tax.
o If not-for-profit, materiality will be based on total assets/revenue/expenses.
 Which items are focused by users (e.g. users focus on total assets in case of banks)
 Ownership and Financing structure (i.e. if most users are shareholders, materiality will be
based on net profit but if most users are debenture-holders, materiality will be based on
total assets)
 Volatility of Benchmark (less volatile is better)
Relevant Financial data to be used for selection of benchmark includes ①Draft financial statements,
② Interim Period Financial Statements (projected for whole year), ③Budgets (adjusted for
significant changes) or ④Prior period financial statements (using a normalized profit figure).
2
ISAs – Summaries and Application Guide
ISA 320
If auditor is reporting for a period more or less than 12 months, materiality shall be calculated from
financial statements of the same period.
If an entity’s profit before tax is consistently nominal (e.g. when owner of a small entity takes much
of the profit in form of remuneration), a profit before tax and before remuneration may be more
relevant.
Choice of Percentage:
Choice of percentage is also a matter of professional judgment and it depends on:
 Risk (the higher the risk, the lower should be percentage to balance)
 Benchmark (the higher the benchmark the lower should be percentage to balance)
Rule of Thumb:
Following rule of thumb has been established to determine materiality:
Nature of Entity
Benchmark (to be used) Percentage (to be applied)*
Profit-oriented entity Profit before tax
5%
Not-for-Profit Entity Total Revenue/Expenses
1%
*Depending on individual circumstances, higher or lower percentages may also be used.
LO 3: REVISION AS THE AUDIT PROGRESSES:
Materiality is revised if auditor obtains new information/evidence which is inconsistent with
information/evidence on which original assessment was based e.g.
1. Change in the auditor’s understanding of the entity and its operations (e.g. if actual financial
statements are substantially different from budgets).
2. Change in circumstances during audit (e.g. a decision to dispose a major part of the
business)
3. Revision in risk
Effect of Revision of Materiality on Audit:
Auditor shall determine whether it is necessary to revise:
 Performance materiality and
 Nature, timing and extent of further audit procedures
LO 4: CONCEPT OF PERFORMANCE MATEIRALITY:
What is Performance Materiality:
Performance Materiality is the amount set by the auditor, less than materiality for the financial
statements as a whole, to reduce the risk that the aggregate of uncorrected and undetected
misstatements exceeds materiality for the financial statements as a whole.
If applicable, performance materiality also refers to the amount or amounts set by the auditor at
less than the materiality levels for particular classes of transactions, account balances or
disclosures.
3
ISAs – Summaries and Application Guide
ISA 320
Why is performance materiality determined:
Performance materiality is determined to reduce the probability that aggregate of uncorrected and
undetected misstatements exceeds materiality for the financial statements as a whole.
Performance materiality can be calculated both as a sub level of:
 materiality over the financial statements as a whole; and
 materiality of a particular class of transaction, account balance or disclosure.
How is performance materiality determined:
Determination of Performance materiality is not a mechanical calculation. It involves professional
judgment which is based on:
 auditor’s understanding of the entity;
 misstatements identified in previous periods and
 expected misstatements in current periods.
LO 5: DOCUMENTATION:
The auditor shall document the following aspects of materiality:
(i)
Materiality for the financial statements as a whole
(ii)
Performance materiality
(iii)
Basis of computing materiality
(iv)
Any revision in (i) or (ii) above.
4
ISAs – Summaries and Application Guide
ISA 330
ISA 330**
RESPONSE TO RISKS
LO #
LO 1
LEARNING OBJECTIVE
SCOPE AND OBJECTIVE
REQUIREMENTS
APPLICATION
PARAGRAPHS
1, 3
N/A
5
A1 – A3
6–7
A4 – A19
8–9
A20 – A25
10 – 11
A26 – A32
12
A33 – A34
13 – 15
A35 – A39
16 – 17
A40 – A41
18 – 19
A42 – A51
20
A52
21
A53
22 – 23
A54 – A58
24
A59
25 – 27
A60 – A62
28 – 30
A63
PART A – RISK AT FINANCIAL STATEMENT LEVEL
LO 2
OVERALL RESPONSE
PART B – RISK AT ASSERTION LEVEL
LO 3
FURTHER AUDIT PROCEDURES
PART C – TESTS OF CONTROLS
LO 4
LO 5
LO 6
LO 7
LO 8
DESIGNING AND PERFORMING TESTS OF
CONTROLS
NATURE, TIMING AND EXTENT OF TESTS OF
CONTROLS
USING AUDIT EVIDENCE OBTAINED DURING AN
INTERIM PERIOD
USING AUDIT EVIDENCE OBTAINED IN PREVIOUS
AUDITS
EVALUATING OPERATING EFFECTIVENESS OF
CONTROLS
PART D – SUBSTANTIVE PROCEDURES
LO 9
LO 10
LO 11
LO 12
NATURE AND EXTENT OF SUBSTANTIVE
PROCEDURES
SUBSTANTIVE PROCEDURES RELATED TO THE
FINANCIAL STATEMENT CLOSING PROCESS
SUBSTANTIVE PROCEDURES RESPONSIVE TO
SIGNIFICANT RISKS
TIMING OF SUBSTANTIVE PROCEDURES
PART E – OTHER CONCEPTS
LO 13
LO 14
LO 15
ADEQUACY OF PRESENTATION OF FINANCIAL
STATEMENTS
EVALUATING
THE
SUFFICIENCY
AND
APPROPRIATENESS OF AUDIT EVIDENCE
DOCUMENTATION
** Effective from December 15, 2009
1
ISAs – Summaries and Application Guide
ISA 330
LO 1: SCOPE AND OBJECTIVE:
ISA 315 required auditor to assess following types of risks:
1. Risk at financial statements level.
2. Risk at assertion level.
3. Significant risks (i.e. risk at assertion level which require special audit consideration).
ISA 330 provides guidance about procedures to be performed to address these risks.
 To address risk at financial statement level, auditor adapts “Overall Response”.
 To address risk at assertion level, auditor performs “further audit procedures” i.e.
a) Tests of Controls, and
b) Substantive Procedures (i.e. Analytical Procedures and Tests of Details).
PART A – RISK AT FINANCIAL STATEMENT LEVEL
LO 2: OVERALL RESPONSE:
To address risk at financial statement level, auditor designs and implements overall responses e.g.
 Increased level of professional skepticism specially during audit of judgmental areas.
 Adequate planning, and reduced materiality level.
 Assigning more experienced and specialized staff e.g. use of experts if necessary.
 Increased supervision and review of the audit work performed.
 Incorporating unpredictability in nature, timing and extent of audit procedures.
 Making changes to audit procedures.
 More audit procedures at period end rather than at interim date.
 Obtaining more reliable audit evidence (e.g. from external sources).
PART B – RISK AT ASSERTION LEVEL
LO 3: FURTHER AUDIT PROCEDURES:
To address risk at assertion level, auditor performs “further audit procedures”.
In deciding which procedures to be performed, auditor considers Inherent Risk (i.e. risk due to
particular characteristics of the area), as well as Control Risks (risk due to internal control).
 Auditor is required to perform Substantive Procedures for every material class of
transaction/ account balance.
 If risk is high, auditor shall obtain more Persuasive audit evidence (i.e. more sufficient and
more appropriate).
 If auditor’s risk assessment includes expectation that controls are operating effectively,
auditor is also required to perform Tests of Controls.
Examples
Example 1:
If risk is high, in addition to obtaining evidence from internal source (e.g. inspecting documents) auditor may also obtain
evidence from external sources (e.g. sending confirmation letter to third parties).
2
ISAs – Summaries and Application Guide
ISA 330
Example 2:
Some audit procedures may be relevant for one assertion and some may be relevant for other assertions. For example:

To test Completeness assertion of sales, Tests of Controls may be relevant.

To test Occurrence assertion of sales, Substantive Procedures may be relevant.
Nature, timing and extent of such procedure depends on auditor’s judgment.
 Nature of audit procedures means:
o Its Type (i.e. Inquiry, observation, inspection, reperformance, recalculation, external
confirmation, analytical procedures).
o Its Purpose (i.e. Risk assessment, Test of control or Substantive procedure), and
 Timing of audit procedures means when to perform procedures i.e. whether to perform at
interim date or at final date. Factors to consider in this regard are Risk, Control
Environment, Availability of information.
 Extent of audit procedures means quantity i.e. sample size.
Examples
Example 1:
Perform procedures at interim date helps auditor to identify significant matters earlier and develop an effective approach
to address them. However, if risk is high or there is risk of fraud in overstatement of sales, auditor is likely to perform
procedures at period end rather than at interim date.
Example 2:
Use of CAATs (Computer Assisted Audit Techniques) may enable auditor to perform extensive testing of transactions.
PART C – TESTS OF CONTROLS
LO 4: DESIGNING AND PERFORMING TESTS OF CONTROLS:
Tests of controls are required when:
1. If auditor’s risk assessment includes expectation that controls are operating effectively.
2. When substantive procedures alone do not provide sufficient appropriate audit evidence.
Examples
Example 1:
Substantive procedures alone do not provide sufficient appropriate audit evidence when:

Entity is using IT system, and

No documentation of transactions is produced other than through IT system.
(like Uber)
Understanding of tests of controls (i.e. evaluating design and implementation of controls) is
different from Testing of controls (i.e. testing operating effectiveness of controls).
Some risk assessment procedures may also provide evidence about operating effectiveness of
controls.
Examples
Example 1:
Inquiring management about use of budget, and inspecting reports to confirm investigation of variance between budget
and actual amounts.
3
ISAs – Summaries and Application Guide
ISA 330
Sometimes auditor may perform Tests of controls and Tests of details concurrently on the same
transaction. This is called “Dual Purpose Test”.
Examples
Example 1:
Selecting a sales invoice to confirm whether amount is correctly recorded (test of detail), and whether invoice has been
approved (test of control).
If auditor wants to place greater reliance on control, auditor shall obtain higher assurance about
operating effectiveness of controls.
LO 5: NATURE, TIMING AND EXTENT OF TESTS OF CONTROLS:
Nature of Tests of Controls:
In performing tests of controls, auditor shall perform Inquiry in combination with other procedures
(e.g. observation, inspection or reperformance).
Inquiry alone is not sufficient to test operating effectiveness of controls.
Auditor shall evaluate how, by whom or by what means controls were applied. This will influence
the type of procedures to be performed to test the controls.
Examples
Example 1:

If control is performed through documentation, auditor shall select a sample and inspect documents to perform
test of controls.

If documentations is not available, auditor shall inquire and observe to perform test of controls.

If control activities are performed by computers, auditor shall use CAATs (i.e. Test Data) to perform test of
controls.
If a control depends on some other control (called indirect controls), auditor may also have to test
indirect control.
Examples
Example 1:
If an auditor wants to test whether exception reports are being reviewed and followed up (direct control), auditor may
also have to test accuracy of information in the reports (indirect control)
Timing of Tests of Controls:
Auditor shall test the controls:
 For a particular point in time (e.g. testing controls on physical inventory count), or
 Throughout the period
Extent of Tests of Controls:
Auditor considers various factors to determine tests of controls e.g. degree of reliance, desired level
of assurance, expected rate of deviation, tolerable rate of deviation. (This concept will be further
be discussed in ISA – 530)
If client uses IT system, once auditor determines that automated control is functioning as intended,
it is assumed that such automated control is functioning consistently unless program is changed.
Thereafter, auditor may perform tests only to determine that:
 Authorized version of program is used.
 Changes to program are not made without Program changes controls.
4
ISAs – Summaries and Application Guide
ISA 330
LO 6: USING AUDIT EVIDENCE OBTAINED DURING AN INTERIM PERIOD:
If auditor obtained evidence about operating effectiveness of controls at interim period, auditor
shall determine what additional audit evidence to be obtained for remaining period.
Additional evidence to be obtained depend on Changes to control, Risk of misstatement, Length of
remaining period, Extent of reliance on controls and Control environment.
LO 7: USING AUDIT EVIDENCE OBTAINED IN PREVIOUS AUDITS:
Auditor shall determine whether it is appropriate to use audit evidence about operating
effectiveness of controls obtained in previous audits. If auditor plans to use that evidence, he shall
establish their continuing relevance by obtaining evidence (e.g. through inquiry of management or
inspect of log-files) whether those controls have changed.
Controls over significant risks:
Auditor shall test the controls in current audit.
If controls have changed from previous audits:
Auditor shall test the controls in current audit.
If controls have not changed from previous audits:
Auditor shall test the controls at least once in every third audit, and shall test some controls in each
audit.
However, factors like deficient control environment, deficient general IT controls, personnel
changes, significant manual involvement may decrease period of retesting a control.
LO 8: EVALUATING OPERATING EFFECTIVENESS OF CONTROLS:
When evaluating operating effectiveness of controls, auditor shall evaluate whether identified
misstatements indicate deficiency in internal control.
In evaluating operating effectiveness of controls, auditor shall consider Actual rate of deviation with
expected rate of deviation and tolerable rate of deviation and shall determine whether:
 Controls are operating effectively.
 Controls are not operating effectively.
 Additional tests of controls are necessary.
5
ISAs – Summaries and Application Guide
ISA 330
PART D – SUBSTANTIVE PROCEDURES
LO 9: NATURE AND EXTENT OF SUBSTANTIVE PROCEDURES:
Irrespective of assessed risk of material misstatement, auditor is required to perform substantive
procedures:
 for each material class of transactions, account balance, and disclosure.
 for financial statements closing process
 for significant risks
Nature of Substantive Procedures:
Auditor may decide to perform:
 Only analytical procedures, or
 Only tests of details, or
 Combination of analytical procedures and tests of details.
Analytical procedures are generally performed when controls are strong and there are large
volume of transactions that are predicable over time
Design of tests of details depend on assertion and risk.
Examples
Example 1:

If auditor wants to test existence or occurrence assertion, test of detail will involve selecting from items
contained in financial statements and obtaining relevant audit evidence.

If auditor wants to test completeness assertion, test of detail will involve selecting from items expected to be
included in financial statements and checking whether they are included.
Auditor shall consider whether external confirmation procedures are to be performed as
substantive procedures. (This topic will be discussed in detail in ISA – 505)
Extent of Substantive Procedures:
Extent of substantive procedures means sample size which is affected by different factors e.g.
results of tests of controls. (Further factors will be discussed in detail in ISA – 530)
LO 10: SUBSTANTIVE PROCEDURES RELATED TO THE FINANCIAL STATEMENT
CLOSING PROCESS:
Auditor is also required to perform following substantive procedures related to the financial
statement closing process:
 Agreeing or reconciling the financial statements with the underlying accounting records;
and
 Examining material journal entries and other adjustments made during the course of
preparing the financial statements.
6
ISAs – Summaries and Application Guide
ISA 330
LO 11: SUBSTANTIVE PROCEDURES RESPONSIVE TO SIGNIFICANT RISKS:
For significant risks (e.g. risk that management may overstate revenue to meet earnings
expectations), auditor shall perform substantive procedures specifically response to that risk. If
tests of controls are not performed, auditor shall include tests of details in substantive procedures.
LO 12: TIMING OF SUBSTANTIVE PROCEDURES:
Using audit evidence from a previous audit’s substantive procedures:
Usually, previous year’s substantive procedures do not provide evidence for current year. However,
in expectation situations previous year’s evidence can used if:
 Related subject matter and evidence have not changed, and
 Auditor has performed procedures to determine continuing relevance.
Examples
Example 1:
A legal opinion obtained in previous audit regarding legal status of client may be relevant in current year.
Whether or not to perform substantive procedures at interim date:
Auditor considers various factors e.g. risk, control environment, availability of information.
If substantive procedures are performed at Interim Date:
If auditor decides to perform substantive procedures at interim date, auditor shall perform
following procedures at period end:
 Identify amounts that appear unusual.
 Investigate such amounts.
 Perform analytical procedures or tests of details to test the intervening period. This
decision (whether to perform analytical procedures or tests of details) depends on various
factors e.g. whether amounts are predictable.
If greater than expected misstatements are identified during interim period, auditor shall revise its
risk assessment and shall modify nature, timing and extent of audit procedures and may increase
or repeat procedures at final date.
PART E – OTHER CONCEPTS
LO 13: ADEQUACY OF PRESENTATION OF FINANCIAL STATEMENTS:
Auditor shall perform audit procedures to evaluate whether overall presentation of financial
statements is in accordance with AFRF including classification and description of financial
information, terminology used, level of detail provided, aggregation an disaggregation of amounts.
7
ISAs – Summaries and Application Guide
ISA 330
LO 14: EVALUATING THE SUFFICIENCY AND APPROPRIATENESS OF AUDIT
EVIDENCE:
Based on audit procedures performed, auditor shall evaluate whether:
 Risk assessment is appropriate or there is need to revise risk (revision in risk is discussed
in ISA 315).
 Sufficient appropriate audit evidence has been obtained (sufficiency and appropriateness of
evidence is discussed in ISA 500). If sufficient appropriate audit evidence is not obtained,
auditor shall express qualified or disclaimer of opinion.
LO 15: DOCUMENTATION:
Auditor shall document:
 Overall response.
 Further audit procedures performed and their linkage with assertions having risk.
 Results of audit procedures.
 If auditor is relying on tests of controls performed in previous audit, auditor shall document
conclusions reached about such controls.
 Evidence showing information in financial statements agrees with underlying accounting
records.
8
ISAs – Summaries and Application Guide
ISA 402
ISA 402
AUDIT CONSIDERATIONS
RELATING TO AN ENTITY USING A
SERVICE ORGANIZATION
LO #
LEARNING OBJECTIVE
REQUIREME
NTS
APPLICATION
PARAGRAPHS
1 – 8, 18
A40
LO 1
INTRODUCTION
LO 2
IF A CLIENT USES A SERVICE ORGANIZATIONS
9−14
LO 3
USING THE REPORT OF SERVICE AUDITOR
15−17
A24−A39
LO 4
OTHER CONCEPTS
18 – 22
A40 – A44
1
A1−A23
ISAs – Summaries and Application Guide
ISA 402
LO 1: INTRODUCTION:
This standard applies when an audit client has outsourced its accounting system (or part of it .g.
payroll services, invoices and debtor’s management services).
Following terms are used in this standard:
 User entity i.e. audit client
 User auditor i.e. auditor of user entity.
 Service entity i.e. organization to whom operations are outsourced.
 Service auditor i.e. auditor of service entity.
LO 2: IF A CLIENT USES A SERVICE ORGANIZATIONS:
If an entity uses service organization, auditor shall have to obtain understanding of:
 nature and significance of the services outsourced, and
 related controls over service at service organization.
Obtaining understanding of controls at service organization:
Understanding of controls at service organization may be obtained by:
1. Obtaining understanding from user entity, or
2. Contacting the service organization , or
3. Visiting the service organization and performing procedures, or
4. Using another auditor to perform procedures to obtain understanding, or
5. Obtaining report*** of service auditor on controls of service entity.
***There are two types of reports of service auditor i.e.
(i) Type 1 Report:
It includes the service auditor’s opinion on:
 description of system and control objectives, and
 design of controls at service organization to achieve control objectives.
It does not provide any evidence of the operating effectiveness of the relevant controls.
(ii) Type 2 Report:
In this report, service auditor expresses opinion on:
 description of system and control objectives, and
 design of controls at service organization to achieve control objectives, and
 operating effectiveness of the relevant controls.
Report also describes tests of controls performed.
2
ISAs – Summaries and Application Guide
ISA 402
LO 3: USING THE REPORT OF SERVICE AUDITOR:
User auditor shall:
1. Evaluate competence and independence of service auditor from service organization.
2. Evaluate adequacy of standards and regulatory environment under which report is
prepared.
If report is to be used as evidence of understanding of controls at service organization:
(For this purpose Type 1 or Type 2 both reports are relevant)
User auditor shall:
1. Evaluate whether the date and period of report is appropriate for user auditor’s purpose.
2. Evaluate whether user entity has designed and implemented complementary controls (e.g.
final authorization).
3. Evaluate whether evidence provided by report is sufficient and appropriate for
understanding of controls.
If report is to be used as evidence of operating effectiveness of controls at service
organization:
If Type 2 report is available:
Obtain a Type 2 report (if available), and:
1. Evaluate whether the date and period of report is appropriate for user auditor’s purpose.
2. Evaluate whether user entity has designed and implemented complementary controls, and
if so, also perform tests of controls.
3. Evaluate the adequacy of the time period covered by the tests of controls performed by
service auditor.
4. Evaluate whether tests of controls performed by service auditor provide sufficient and
appropriate evidence.
If Type 2 report is not available:
1. Performing appropriate tests of controls at the service organization; or
2. Using another auditor to perform tests of controls at the service organization
3
ISAs – Summaries and Application Guide
ISA 402
LO 4: OTHER CONCEPTS:
If Service Auditor’s Report is Outside of Reporting Period
Report may still assist user auditor in obtaining understanding of controls if it is supplemented by
additional information.
For example, if report is as on a date (or for a period) that is before the beginning of the period
under audit, auditor may perform following procedures to update information in report:
 Discuss changes in service organization with personnel of user entity.
 Reviewing current documentation and correspondence issued by service organization.
 Discuss the changes with personnel of service organization.
Scope Limitation:
Auditor may express Qualified opinion (if effect is material) or Disclaimer of opinion (if effect is
pervasive), if auditor is unable to obtain sufficient:


understanding of the services provided by the service organization
evidence about operating effectiveness of controls.
Auditor shall not include reference to the service auditor in audit report unless:
1. it is required by Law or Regulation, or
2. such reference is relevant to understand nature of modification to the auditor’s opinion.
In such circumstances, the auditor may need the permission of the service auditor before making
such a reference. Further, if such reference is included in report, the auditor’s report shall indicate
that the reference does not reduce the auditor’s responsibility for audit opinion.
Fraud, non-compliance and misstatements:
User auditor shall inquire from management of user entity whether it is aware or service
organization has reported any:
 fraud
 non-compliance with laws and regulation or
 uncorrected misstatements.
If so, user auditor shall evaluate how this matter affects user auditor’s procedures, conclusions and
report.
4
ISAs – Summaries and Application Guide
ISA 450
ISA 450
EVALUATION OF MISSTATEMENTS
IDENTIFIED DURING THE AUDIT
LO #
LEARNING OBJECTIVE
LO 1
DEFINITION AND TYPES OF MISSTATEMENTS
LO 2
EVALUATE THE EFFECT OF MISSTATEMENTS ON AUDIT AND FINANCIAL
STATEMENTS
LO 3
EVALUATING EFFECT ON FINANCIAL STATEMENTS
LO 4
REPRESEENTATION AND DOCUMENTATION
1
ISAs – Summaries and Application Guide
ISA 450
ISA 450 requires an auditor to evaluate the effect of misstatements on audit and financial
statements.
LO 1: DEFINITION AND TYPES OF MISSTATEMENTS:
Definition of Misstatement:
Misstatement means IFRS has not been properly applied on financial statements.
There may be:
 Incorrect Amount (e.g. Depreciation is not correctly recorded)
 Incorrect Classification (e.g. other income is included in sales, or interest expense is
included in cost of sales)
 Incorrect Presentation (e.g. Discontinuing operations are not separately presented)
 Incorrect Disclosure (e.g. EPS of a listed company is not disclosed, or Contingent liability is
either not disclosed or disclosed inadequately)
Types of Misstatements:
ISA 450 categorizes misstatements as:
1. Factual misstatements (misstatement in which there is no doubt e.g. not recording accrued
expenses)
2. Judgmental misstatements (misstatement in which judgment of management is
unreasonable or inappropriate e.g. determination of recoverable amount of debtors, or fair
value of non-current assets)
3. Projected misstatements (this is auditor’s best estimate of misstatements in population,
based on sample)
Factual misstatements are easily corrected by management. Judgmental misstatements require lot
of discussion with management to convince them to correct misstatement.
However, auditor does not use projected misstatements correct financial statements. Rather,
projected misstatements are used to decide whether further audit testing is appropriate or not.
LO 2: EVALUATE THE EFFECT OF MISSTATEMENTS ON AUDIT AND FINANCIAL
STATEMENTS:
Identification/Accumulation of Identified Misstatements:
Auditor shall accumulate all identified misstatements unless:
 they are clearly trivial, or
 prohibited by law (e.g. relating to an illegal act)
Difference between “Immaterial” and “Clearly Trivial”
Immaterial misstatements can have material effect on financial statements when accumulated.
Clearly Trivial misstatements cannot have material effect on financial statements even if accumulated.
2
ISAs – Summaries and Application Guide
ISA 450
Effect of identified misstatements on audit:
Under following situations risk increases and auditor may revise the audit plan:
1. Aggregate of misstatements exceeds materiality level.
2. Nature and circumstances of a misstatement indicate that there may be some other
misstatements which could be material.
If auditor asks management to perform procedures to find the actual misstatements in
population, the auditor will still need to do some additional procedures to confirm if any
misstatements remain.
Communication of Identified Misstatements:
Communication to Management:
Auditor shall communicate all identified misstatements (other than clearly trivial) to management
and shall request them to correct misstatements.
Communication to TCWG:
If any misstatement is not corrected by management, auditor shall communicate them to TCWG
alongwith their effect on audit report and shall request TCWG to correct them.
 Material misstatements should be communicated individually.
 Immaterial misstatements can be aggregated (e.g. communicating number of misstatements
and overall monetary effect).
LO 3: EVALUATING EFFECT ON FINANCIAL STATEMENTS:
At the end of audit, auditor shall evaluate effect of uncorrected misstatements on financial
statements i.e. whether they are material or not (considering Size as well as Nature).
Considering Size/Quantitative Criteria:
Auditor shall determine whether uncorrected misstatements are material (individually or in
aggregate) by comparing them with overall materiality level.
At this point, auditor shall re-assess materiality before evaluation, because initially materially was
determined on the basis of draft/projected financial statements, instead of actual financial
statements.
Considering Nature/Qualitative Criteria:
In following cases, misstatement lesser than materiality for financial statements as whole may
affect users’ economic decisions:
 Improper or Inadequate description of an Accounting policy, or Related party transactions
 Fraud
 Non-compliance of laws and regulations (NOCLAR) e.g. illegal payments, money laundering.
 Remuneration of management and TCWG.
 Failure to meet requirements of debt-covenants
 Key Performance Indicators of the company (e.g. a small misstatement converting loss into
profit, research & development cost for a pharmaceutical company)
 Affects key ratios focused by users.
3
ISAs – Summaries and Application Guide
ISA 450
LO 4: REPRESEENTATION AND DOCUMENTATION:
Representation:
Auditor shall obtain written representation from management and TCWG that
“They believe that effect of uncorrected misstatement is immaterial.”
A summary of misstatements should be included in this representation.
Documentation:
Auditor shall document following:
 Amount below which misstatements are considered clearly trivial.
 Misstatements identified during the year, and whether they have been corrected or not.
 Auditor’s conclusion whether effect of uncorrected misstatements is immaterial, material or
pervasive, and basis for this conclusion.
4
ISAs – Summaries and Application Guide
ISA 500
ISA 500
AUDIT EVIDENCE
LO #
LEARNING OBJECTIVE
PART A – AUDIT PROCEDURES
LO 1
TYPES OF AUDIT PROCEDURES
LO 2
PURPOSE OF AUDIT PROCEDURES
LO 3
SELECTING ITEMS FOR TESTING TO OBTAIN AUDIT EVIDENCE
LO 4
IF WORK OF MANAGEMENT’S EXPERT IS USED AS AUDIT EVIDENCE
PART B – AUDIT EVIDENCE
LO 5
SUFFICIENT APPROPRIATE EVIDENCE
LO 6
SOURCES OF EVIDENCE
LO 7
DOUBTS OVER RELIABILITY OF EVIDENCE
1
ISAs – Summaries and Application Guide
ISA 500
To provide reasonable assurance:
 auditor obtains sufficient appropriate audit evidence.
 by performing audit procedures.
PART A – AUDIT PROCEDURES
LO 1: TYPES OF AUDIT PROCEDURES:
1. Inquiry:
Inquiry means seeking information from knowledgeable persons within the entity or outside the
entity. Auditor should always obtain corroborative evidence to inquiries. Auditor may obtain
written representations from management to confirm some of oral inquiries.
Reliability of management’s response is affected by integrity of management and consistency of
response with other evidence.
Examples:
1. Inquiry from management about legal cases against company and assessment of their
outcomes.
2. Inquiry management about unusual transactions in books of accounts.
3. Inquiry of management’s intention about future course of action (this should be
corroborated by understanding management’s past history of carrying out its stated
intentions, management’s stated reasons for choosing a particular course of action, and
management’s ability to pursue a specific course of action).
2. Observation:
Observation consists of looking at a process or procedure (e.g. controls) being performed by others.
Evidence from observation is limited to the time of observation, and is also affected when people
know that they are being observed.
Examples:
1. Observing inventory counting by the entity’s personnel.
2. Observing cash receiving process.
3. Observing distribution of wages.
3. Inspection:
Inspection involves examining records or documents (whether internal or external), or a physical
examination of an asset.
Examples:
1. Inspection of invoices (to confirm accuracy) or contracts (to confirm revenue recognition).
2. Physical examination of inventory or fixed assets (to confirm existence).
3. Inspection of financial instrument e.g. shares or debentures (to confirm existence).
2
ISAs – Summaries and Application Guide
ISA 500
4. Recalculation:
Recalculation consists of checking the mathematical accuracy of documents or records.
Recalculation may be performed manually or electronically.
Examples:
1. Recalculation of sales invoices or purchase invoices.
2. Recalculate the profit or loss on disposal of fixed assets.
3. Adding up list of debtors.
4. Checking of figure of bonus paid to directors to confirm its accuracy.
5. Reperformance:
Reperformance means auditor independently performing procedures or controls that were
originally performed by entity as part of its internal control.
It is a high quality evidence because it is directly performed by auditor himself.
Examples:
1. Reperforming aging of accounts receivable balances.
2. Reperforming the extraction of a trial balance from company’s general ledger.
6. External Confirmation:
External confirmation is a process of obtaining evidence by auditor directly from a third party in
written form (e.g. on paper, electronic or other medium).
In addition to closing balances, other information can also be confirmed (e.g. terms of agreement,
subsequent modification, right to return, warranty period).
Examples:
1. Circularization of sample of debtors/creditors.
2. Sending confirmation letter to banks/lawyers.
7. Analytical Procedures:
Analytical Procedures means evaluation of financial information through:
 comparisons, and
 plausible relationships with other financial and non-financial information.
Analytical procedures also include investigation if actual values are significantly different from
expected values.
Examples:
1. Comparing sales for the year with last year.
2. Calculating Ratios (e.g. GP Ratio, Current Ratio, Debtors’ Turnover Ratio and Creditors’
Turnover Ratio) and compare with last year.
Study Tip
Above procedures can be performed for different purposes e.g. as Risk Assessment Procedures, as
Test of Control or as Substantive Procedures.
3
ISAs – Summaries and Application Guide
ISA 500
LO 2: PURPOSE OF AUDIT PROCEDURES:
1. Risk Assessment Procedures (required for every material area)
2. Further Audit Procedures
a. Tests of Controls (when required by ISAs or when auditor has chosen to do so)
b. Substantive Procedures (required for every material area)
Risk Assessment Procedures:
Risk Assessment Procedures are auditor’s procedures to obtain understanding of the entity and its
internal control to assess the risk of material misstatement at financial statement level and at
assertion level.
Tests of Controls:
Tests of Controls are performed to confirm the operating effectiveness of internal control in
preventing, detecting and correcting misstatements at assertion level.
Substantive Procedures:
Substantive Procedures are performed to detect material misstatements in financial statements at
assertion level.
LO 3: SELECTING ITEMS FOR TESTING TO OBTAIN AUDIT EVIDENCE:
Following are different means of selecting items:
1) Selecting all items (100% examination)
2) Selecting Specific items (or Judgmental selection)
3) Audit sampling
Any one or combination of these means may be used.
100% Selection:
Normally auditors do not check 100% transactions. However, it may be appropriate to test entire
population in following cases:
o Population consists of small number of large value items or
o There is a significant risk which cannot be reduced by other means of selection or
o Population has repetitive nature or involves automated processing, therefore 100%
examination using CAAT becomes cost effective
100% selection is not used in Tests of Controls.
Specific item selection:
Following items may be relevant for auditor while selecting specific items for examination:
 All items over a certain amount (to verify a large portion)
 Key items showing certain characteristics (e.g. suspicious, unusual, risky or that have
history of errors)
 Items to obtain information about entity or its transactions.
Specific item selection does not provide evidence about remainder of the population.
4
ISAs – Summaries and Application Guide
ISA 500
Audit Sampling:
Audit Sampling is the application of audit procedures to less than 100% of items within a
population selected in such a way that all sampling units have a chance of selection. Objective of
sampling is to provide basis for reaching a conclusion about entire population.
Audit Sampling is used in Tests of Controls and Tests of Details.
LO 4: IF WORK OF MANAGEMENT’S EXPERT IS USED AS AUDIT EVIDENCE:
If entity uses work of management’s expert, auditor shall:
1. Evaluate the competence, capabilities and objectivity of that expert.
2. Obtain an understanding of the work of that expert, and
3. Evaluate the appropriateness of that expert’s work as audit evidence for the relevant
assertion.
This topic will be further discussed in ISA 620.
PART B – AUDIT EVIDENCE
LO 5: SUFFICIENT APPROPRIATE EVIDENCE:
Audit evidence should be Sufficient and Appropriate.
What is meant by Sufficient Evidence:
Sufficiency is the measure of the quantity of audit evidence. Sufficiency of the audit evidence is
affected by:
 Assessed risk of material misstatement.
 Quality of audit evidence.
What is meant by Appropriate Evidence:
Appropriateness is the measure of the quality of audit evidence. Quality of evidence is affected by
its relevance and reliability.
Relevance:
Relevance of evidence depends on purpose of the audit procedure, assertion under consideration,
direction of testing.
For example:
1. If auditor wants to test overstatement of accounts payable, testing recorded payables will
be relevant procedure.
However, if auditor wants to test understatement of accounts payable, testing information
e.g. pending GRN, unpaid invoices, supplier’s statements, subsequent payments will be
relevant.
2. A procedure relevant for one assertion may not be relevant for other e.g. inspection of
tangible assets may provide evidence for Existence, but not for Rights & Obligation.
Similarly, subsequent receipts from debtors provides evidence for Existence and Valuation,
but not for cut-off.
5
ISAs – Summaries and Application Guide
ISA 500
3. Tests of controls are designed to obtain evidence about operating effectiveness of controls.
4. Substantive Procedures are designed to obtain evidence whether misstatement exists.
Reliability:
Reliability of evidence depends on its source, nature, circumstances under which it is obtained, and
controls over its preparation e.g.
 Evidence from independent external source is more reliable than internal evidence (e.g.
confirmation from customer is more reliable than a sales invoice)
 Evidence in documentary form (whether paper, electronic or other medium) is more
reliable than evidence in oral form (e.g. a written minutes of a meeting are more reliable
than oral representation).
 Evidence in the form of original document is more reliable than photocopy or fax.
 Evidence obtained directly by the auditor is more reliable than evidence obtained indirectly
or by inference (e.g. observation of a control is more reliable than inquiry of a control)
 Evidence generated internally is more reliable when related controls over its preparation
and maintenance are effective (e.g. pre-numbered documents are more reliable than
unnumbered documents because their numerical sequence can be checked).
Above general rules are subject to some exceptions e.g. information from external sources is not
reliable if source is not knowledgeable, or lacks independence.
Exam Tips
1. A shortcut to remember the reliability criteria of evidence is that evidence should be “CODED” i.e. Controlled,
Original, Documentary, External and Direct.
2. You should be able to comment on:
 Relevance of a procedure (e.g. whether a procedure is relevant for given assertion or not).
 Reliability of a procedure (e.g. which of two procedures is more reliable).
LO 6: SOURCES OF EVIDENCE:
Evidence may be obtained from different sources e.g.
 From audit procedures performed during the course of audit
 From previous audits (if evidence is still relevant)
 From acceptance and continuance procedures.
Sources of evidence can also be:
 Within the entity (e.g. accounting records, minutes of the meeting, management
representations)
 Outside the entity (e.g. third parties, industry data, analysts’ report)
 Work of management’s expert.
If auditor uses information produced by entity, auditor shall evaluate whether it is reliable by
checking its accuracy and completeness.
6
ISAs – Summaries and Application Guide
ISA 500
LO 7: DOUBTS OVER RELIABILITY OF EVIDENCE:
If there are doubts over reliability of evidence (e.g. there is inconsistency between evidence, or
evidence is not from reliable source), auditor shall:
 perform additional audit procedures to resolve the matter.
 also consider effect on other aspects of audit (e.g. risk, procedures).
Examples of Inconsistency:
 Inquiries from management are inconsistent with internal audit or TCWG.
 Evidence from internal sources is inconsistent with external sources (e.g. legal advisor or
debtors, creditors, bankers).
7
ISAs – Summaries and Application Guide
ISA 501
ISA 501
AUDIT EVIDENCE—SPECIFIC
CONSIDERATIONS FOR SELECTED
ITEMS
LO #
LEARNING OBJECTIVE
LO 1
INVENTORY
LO 2
LITIGATION AND CLAIMS
LO 3
SEGMENT INFORMATION
1
ISAs – Summaries and Application Guide
ISA 501
LO 1: INVENTORY:
In following situations, auditor performs specific audit procedures to verify existence and condition
of inventory:
 Inventory count at balance sheet date
 Inventory count at a date other than balance sheet date
 If attendance at physical inventory count is impracticable
 If inventory is under the custody and control of a third party
Inventory count at balance sheet date:
If inventory is material to the financial statements, the auditor shall perform following procedures:
1) Read management’s instructions/procedures for physical inventory count.
2) Observe whether inventory count is performed as per management’s instructions.
3) Perform test counts (list to floor and floor to list). Also inspect condition of the inventory.
Auditor shall also perform audit procedures on inventory record to ensure they accurately reflect
inventory count results.
Evaluate Management’s Instructions and Procedures:
Auditor shall evaluate whether instructions address:
 Application of appropriate control activities.
 Control over the movement of inventory before, during and after physical count.
 Checking inventory owned by a third party (e.g. on "consignment basis" or "approval basis")
is separately identifiable, and not included in closing inventory.
 Checking of condition of inventory to identify slow moving, obsolete or damaged inventory
for possible NRV adjustment.
 Identification of the stage of completion of work in process.
 Procedures used to estimate physical quantities, where applicable, e.g. in case of mineral
resources.
Inventory count at a date other than balance sheet date:
If physical inventory count is conducted at a date other than balance sheet date, auditor shall:
1) Perform above audit procedures at inventory count, and
2) Perform audit procedures to ensure that intervening transactions (between balance sheet
date and count-date) are properly recorded. These procedures will depend on:
a. Whether entity uses perpetual system.
b. Reliability of the entity’s perpetual inventory records.
c. Reasons for significant differences between physical count and inventory records.
If attendance at physical inventory count is impracticable:
If attendance at physical inventory count is impracticable (e.g. because of nature or location of
inventory), auditor shall perform alternative audit procedures to obtain audit evidence about
existence and condition of inventory e.g. Inspecting documents for subsequent sale of inventory
purchased prior to year end.
If evidence cannot be obtained from alternative audit procedures, it will be a scope limitation and
auditor will modify his opinion.
2
ISAs – Summaries and Application Guide
ISA 501
If inventory is under the custody and control of a third party:
Auditor shall perform one or both of the following:
1) Inspect or arranging for another auditor to attend physical count of inventory, if practicable.
2) Request confirmation from the third party as to the quantities and condition of inventory
held on behalf of the entity.
3) Other audit procedures appropriate in the circumstances.
 Inspecting documentation regarding inventory held by third parties e.g. warehouse
receipts.
 Obtaining another auditor’s report on the adequacy of the third party’s internal
control over inventory.
LO 2: LITIGATION AND CLAIMS:
To identify all contingencies and commitments, auditor should perform following procedures:
1. Inquiry of management and, where applicable, others within the entity, including in-house
legal counsel;
2. Reviewing minutes of meetings of those charged with governance and correspondence
between the entity and its external legal counsel; and
3. Reviewing legal expense accounts.
4. Communicate with external legal counsel.
Communicate with external legal counsel:
Auditor may communicate with entity’s external legal counsel in following manners:
1. Letter of inquiry (either general or specific) prepared by management and sent by the
auditor
2. Direct meeting
Letter of general Inquiry:
A letter of general inquiry requests the entity’s external legal counsel to inform the auditor of any
litigation and claims that the counsel is aware of, together with an assessment of the outcome of the
litigation and claims, and an estimate of the financial implications (e.g. costs involved).
Letter of specific Inquiry:
A letter of specific inquiry includes:
a) A list of litigation and claims;
b) Where available, management’s assessment of the outcome of each of the identified
litigation and claims and its estimate of the financial implications, including costs involved;
and
c) A request that the entity’s external legal counsel confirm the reasonableness of
management’s assessments and provide the auditor with further information if the list is
considered by the entity’s external legal counsel to be incomplete or incorrect.
(a letter of specific inquiry is sent if it is unlikely that external legal counsel will respond
appropriately to a letter of general inquiry e.g. where law or any professional body prohibits
response to such letter).
3
ISAs – Summaries and Application Guide
ISA 501
Direct Meeting:
In certain circumstances, the auditor also may judge it necessary to meet with the entity’s external
legal counsel to discuss the likely outcome of the litigation or claims. This may be the case, for
example, where:
a) The auditor determines that the matter is a significant risk.
b) The matter is complex.
c) There is disagreement between management and the entity’s external legal counsel.
Ordinarily, such meetings require management’s permission and are held with a representative of
management in attendance.
LO 3: SEGMENT INFORMATION:
If entity is required to report segment information, auditor shall:
 obtain understanding of methods used by management in determining segment
information.
 Test application of methods, if appropriate.
 Perform analytical procedures.
Particular matter to focus when evaluating segment information are:
 Inter-segments Sales, transfers and charges, and elimination of such transactions.
 The allocation of assets and costs among segments
 Consistency with prior periods
4
ISAs – Summaries and Application Guide
ISA 505
ISA 505
EXTERNAL CONFIRMATIONS
LO #
LEARNING OBJECTIVE
LO 1
INTRODUCTION (SCOPE, OBJECTIVE, AND DEFINITION)
LO 2
EXTERNAL CONFIRMATION PROCEDURES
LO 3
RESULTS OF THE EXTERNAL CONFIRMATION PROCEDURES
LO 4
NEGATIVE CONFIRMATIONS
LO 5
MANAGEMENT’S REFUSAL TO ALLOW THE AUDITOR TO SEND A CONFIRMATION
REQUEST
1
ISAs – Summaries and Application Guide
ISA 505
LO 1: INTRODUCTION (SCOPE, OBJECTIVE, AND DEFINITION):
Definition:
External confirmation is a process of obtaining evidence by auditor directly from a third party in
written (on paper, electronic or other medium).
External Confirmation as evidence:
External confirmation is frequently used in audits because it provides highly reliable evidence
(being written, external and direct evidence).
Examples of situations where external confirmation is used:
Usually, confirmation procedure is used to confirm information from Debtors, Creditors, Banks,
Lawyers, Inventories held by third parties, and investments held by brokers.
Exam Tips
1. Debtors and Creditors are circularized on sample basis. However, banks and lawyers are
circularized 100% and it is required to obtain reply in each case.
2. Be careful for difference between following situations:
 Auditor decides not to use confirmation in obtaining evidence.
 Client requests auditor not to send confirmation.
 Confirming party does not reply to a confirmation request.
LO 2: EXTERNAL CONFIRMATION PROCEDURES:
If auditor decides to use external confirmation, he performs following procedures:
1. Decide timing of confirmation (i.e. whether to be used at interim date or at final date).
2. Decide appropriate confirming parties (e.g. major parties, or where risk is high).
3. Decide the information to be confirmed (i.e. only closing balance or also other information)
4. Decide type of confirmation (i.e. whether positive or negative)
5. Obtain Authorized signature of CFO (or other responsible official) and despatch letters.
6. Appropriate procedures should be performed on replies (e.g. if reply is not received or
there is disagreement).
7. Preparation of summary and reaching a conclusion
LO 3: RESULTS OF THE EXTERNAL CONFIRMATION PROCEDURES:
A response indicating agreement:
If response indicates agreement, it forms sufficient appropriate audit evidence. No further work is
required.
A response indicating exception/disagreement:
If there is a disagreement, auditor shall ask client to reconcile the balances in its records with the
balances confirmed by the parties.
2
ISAs – Summaries and Application Guide
ISA 505
Reconciliation prepared by client should be checked to determine whether this exception is
because of:
 timing difference (i.e. cash in transit or goods are in transit), or
 misstatements in record of third party, or
 misstatement in accounts of client
Auditor shall also increase risk of material misstatement if exception is indicative of weakness in
internal control or fraud.
Reply of confirmation
This amount was paid on December
28
We received these goods on January
3
We have paid this amount since
long. OR
We have returned these goods since
long. OR
We never ordered/received these
goods.
We are unable to confirm this
amount (for certain reasons)
Confirmation returned undelivered
Interpretation and Audit Procedures
This account is probably valid; however, auditor should verify date of receipt:
– if date of receipt is before year end, cut-off on cash receipts is not proper (i.e. this
year’s collection is not recorded).
– if date of receipt is after year end, this indicates timing difference.
This account is probably valid; however, auditor should verify date of shipment:
– if date of shipment is before year end, this indicates timing difference. Ensure
that inventory is also excluded from closing stock.
– if date of shipment is after year end, cut-off on sales is not proper (i.e. next year’s
sale is recorded this year).
This indicates misstatement and auditor should investigate it and should:
̶
Discuss it with client and confirming party.
̶
Test internal control over transactions.
̶
If there is misstatement in client’s record, propose adjustment and reassesses risk (including risk of fraud i.e. existence of Teeming and
Lading).
This should be treated same as non-response. Auditor should perform alternative
audit procedures to obtain evidence.
This indicates either wrong address or non-existent customer. Address should be
rechecked or alternative audit procedures should be applied.
A non-response of positive confirmation:
In such case, auditor shall perform alternative procedures to obtain evidence.
Alternative procedures if positive confirmation from accounts receivable is not received:
1. Compare balance with monthly account statements sent by confirming party (if available).
2. Examine cash received from customer after the balance sheet date. Obtain explanation for
cash not received within credit period.
3. If cash is not received or partly received from customer, auditor shall inspect customer
signed sales orders, sales invoices, Goods Dispatch Notes and other documents
acknowledged by customer.
4. Perform cut-off test by examining sales near balance sheet date.
5. If any amount is disputed, examine correspondence with receivable, lawyer opinion,
appropriateness of provision.
Alternative procedures if positive confirmation from accounts payable is not received:
1. Compare balance with monthly account statements sent by confirming party (if available).
2. Examine cash paid to supplier after the balance sheet date. Obtain explanation for cash not
paid within credit period
3. If cash is not paid or partly paid to supplier, auditor shall inspect valid supporting
documents e.g. supplier signed purchase orders, suppliers’ invoices, Goods Received Notes
and other documents.
4. Perform cut-off test by examining purchases near balance sheet date.
3
ISAs – Summaries and Application Guide
ISA 505
When a response is oral (e.g. through telephone):
 Auditor shall request confirming party to confirm balance in writing because oral response
does not meet definition of Confirmation Letter.
 If written response is not received, this is same as non-response and auditor shall perform
alternative audit procedures (discussed above)
When a response is received indirectly (via management):
Auditor shall request confirming party to confirm balance directly because indirect response does
not meet definition of Confirmation Letter.
When a response is received electronically (e.g. email or fax):
Auditor shall obtain evidence whether communication process is secured and controlled e.g. by use
of encryption, digital signature.
When a confirming party uses a third party to coordinate and provide response:
Following risks are present in such case (and should be addressed):
̶
the response may not be from the proper source
̶
respondent may not be authorized to respond
̶
integrity of transmission may have been compromised.
When a response to a confirmation is necessary to obtain evidence:
If the auditor has determined that a response to a positive confirmation request is necessary to
obtain evidence***, alternative audit procedures will not provide the evidence the auditor
requires. In such case, auditor shall determine implications on audit and auditor’s opinion.
***Such circumstances may include where:
 Corroborative information is available only outside the entity. or
 Corroborative information is available inside the entity but specific fraud risk factors
prevent the auditor from relying on evidence from the entity.
Exam Tip: A response with restrictive language does not invalidate reliability of response.
LO 4: NEGATIVE CONFIRMATIONS:
Broadly, there are two types of confirmation requests which are used by auditors i.e.
1. Positive Confirmation Request (in which confirming party is requested to reply in all cases)
2. Negative Confirmation Request (confirming party is requested to reply only if he disagrees)
Risk in negative confirmation:
Negative confirmation is less reliable because there is no explicit evidence that confirming party
received and verified confirmation. Confirmation may be lost or disregarded by party.
To reduce this risk, negative confirmation is used only when all of following conditions are met:
1. Relevant population consists of large number of small balances.
2. Inherent risk and control risk are low, and auditor has obtained evidence about operating
effectiveness of controls.
3. A very low exception rate is expected, and
4. Auditor is not aware of any circumstances that confirming party will disregard such
requests.
4
ISAs – Summaries and Application Guide
ISA 505
LO 5: MANAGEMENT’S REFUSAL TO ALLOW THE AUDITOR TO SEND A
CONFIRMATION REQUEST:
If management refuses to allow the auditor to send a confirmation request, the auditor shall:
 inquire reason for refusal from management (e.g. it may be a legal dispute or ongoing
negotiation), and
 obtain evidence to their validity and reasonableness. (because management may be trying
to hide error or fraud).
If refusal is reasonable:
Auditor shall try to perform alternative audit procedures (discussed above) to obtain evidence. If
auditor is unable to obtain evidence from alternative procedures, it will be a scope limitation.
Auditor shall express Qualified opinion (if effect is material) or Disclaimer of opinion (if effect is
pervasive).
If refusal is not reasonable:
Discuss the issue with TCWG and request to allow auditor to send confirmation letter. If auditor is
still not permitted, it will affect audit as follows:
Implications on auditor’s report:
It will be a scope limitation imposed by management. Auditor shall express Qualified opinion (if
effect is material) or Disclaimer of opinion (if effect is pervasive).
Other implications on audit:
 Auditor shall communicate the matter with TCWG.
 Auditor shall re-evaluate integrity of management and shall consequently revise risk of
material misstatement (including risk of fraud) and shall also modify nature, timing and
extent of audit procedures.
 If auditor has serious concerns about integrity of management, he may also consider
withdrawal from engagement.
5
ISAs – Summaries and Application Guide
ISA 510
ISA 510
INITIAL AUDIT ENGAGEMENTS—
OPENING BALANCES
LO #
LEARNING OBJECTIVE
LO 1
DEFINITION
LO 2
OPENING BALANCES
LO 3
ACCOUNTING POLICIES
1
ISAs – Summaries and Application Guide
ISA 510
LO 1: DEFINITION:
Initial Audit:
Initial audit means an audit in which prior period’s financial statements are either unaudited, or
audited by another auditor.
Predecessor auditor:
The auditor from a different audit firm, who has audited the financial statements of prior period.
Opening balances:
Those account balances that exist at the beginning of the period. These also include disclosure (e.g.
contingencies and commitments).
LO 2: OPENING BALANCES:
Responsibility:
Auditor is required to obtain sufficient appropriate audit evidence whether opening balances are
free from material misstatement, and are correctly brought forward.
Audit Procedures to obtain sufficient appropriate audit evidence on opening balances:
Auditor shall perform following procedures to obtain sufficient appropriate audit evidence on
opening balances:
 Read most recent financial statements and predecessor auditor’s report for information
regarding opening balances.
 Ensure that opening balances are correctly brought forward from prior period, or have been
appropriately restated (e.g. if there is change in accounting policy or correction of error).
 Perform one or more of followings:
i.
Review predecessor auditor’s working papers (if applicable).
ii.
Evaluate whether audit procedures performed in current year provide evidence
about opening balances.
iii.
Perform specific procedures to verify opening balances.
Procedure
Review predecessor
auditor’s working papers
How audit procedures
performed in current year
may provide evidence about
opening balances
Explanation
Whether such a review provides sufficient appropriate audit evidence is influenced by the
professional competence and independence of the predecessor auditor.
For example, collection of opening debtors (or payment of opening creditors) during the
year will provide some audit evidence.
Opening Inventory:
 Observe physical inventory count during current year, and roll-back to opening
quantities.
 Perform procedures on valuation of opening inventory items.
 Perform procedures on gross profit and cut-off.
Specific procedures to verify
opening balances
Non-Current Assets and Liabilities:
 Physically inspect non-current assets appearing in opening balances.
 Examine accounting records and other information underlying opening balances
(e.g. PPE).
 Send confirmation letter to third parties (e.g. in Long-term loan, and investments).
Share Capital and Reserves etc.:
 Share capital, reserves and movements during the year can be verified by inspection
of statutory filing with SECP.
2
ISAs – Summaries and Application Guide
ISA 510
Impact on Report:
After performing above procedures:
 If auditor is unable to obtain sufficient appropriate evidence on opening balances, auditor
shall express Qualified Opinion (if effect is material), or Disclaimer of Opinion (if effect is
pervasive).
 If auditor obtains evidence regarding opening balances but faced significant difficulty,
auditor may determine it a Key Audit Matter.
 If there is a misstatement in opening balances, auditor shall express Qualified Opinion (if
effect is material), or Adverse Opinion (if effect is pervasive).
LO 3: CHANGE IN ACCOUNTING POLICIES:
Responsibility:
Auditor is required to obtain sufficient appropriate audit evidence whether accounting policies are
consistently applied, and any change in accounting policy is appropriately accounted for and
disclosed.
Audit Procedures if accounting policy is changed:
Auditor shall ensure that change in accounting policy:
 Results in fair presentation.
 Is applied retrospectively.
 Is adequately disclosed.
Impact on Report:
If change in accounting policy has been appropriately accounted for and disclosed, auditor may
include Key Audit Matter on this issue.
If change in accounting policy has been NOT appropriately accounted for and disclosed, auditor
shall express Qualified Opinion (if effect is material), or Adverse Opinion (if effect is pervasive).
3
ISAs – Summaries and Application Guide
ISA 520
ISA 520
ANALYTICAL PROCEDURES
LO #
LEARNING OBJECTIVE
LO 1
DEFINITION, EXAMPLES AND USES OF ANALYTICAL PROCEDURES
LO 2
USE AS RISK ASSESSMENT PROCEDURES
LO 3
USE AS SUBSTANTIVE ANALYTICAL PROCEDURES
LO 4
USE IN FORMING OVERALL CONCLUSION
1
ISAs – Summaries and Application Guide
ISA 520
LO 1: DEFINITION, EXAMPLES AND USES OF ANALYTICAL PROCEDURES:
Definition of Analytical Procedures:
Analytical Procedures means evaluation of financial information through Plausible relationships,
with other financial and non-financial information and Comparisons.
Analytical procedures also include investigation if actual values are significantly different from
expected values.
Examples of Analytical Procedures:
1. Calculating plausible relationships
o Among financial information (e.g. GP ratio).
o Among financial and non-financial information (e.g. Payroll expenses to number of
employees).
2. Making comparison of current year’s financial results with:
o Prior accounting periods
o Industry average results (as whole or with individual companies)
o Comparable parts of the same entity (branches or divisions doing same business)
o Budgets.
Use/Purposes of Analytical Procedures:
Analytical procedures can be used:
1. As Risk assessment Procedures (called Preliminary Analytical Procedures, covered in ISA 315).
2. As Substantive Procedures (called Substantive Analytical Procedures).
3. Near the end of the audit in forming overall conclusion (called Final Analytical Procedures).
Analytical procedures are required to be performed as risk assessment and in forming overall
conclusion.
LO 2: USE AS RISK ASSESSMENT PROCEDURES:
Analytical procedures can be used to identify risk of material misstatement at assertion level.
Risk Factor
Increase in Sales
Areas at Risk
Occurrence and cut-off of sales
Sales may have been overstated.
Valuation of Inventory:
Inventory may have become obsolete.
Decrease in Sales
Valuation of PPE:
PPE may have impaired.
Valuation of Intangible Assets:
Intangible assets may have impaired.
Decrease in Cost of sales
(% as compared to sales)
2
Completeness and Cut-off of purchases:
Some purchases may have been omitted.
Existence and valuation of inventory:
Closing stock may have been overstated.
ISAs – Summaries and Application Guide
This year the gross profit
is 25% of sales, but last
year it was 20%.
Combine risk assessment of:
- Increase in Sales, and
- Decrease in Cost of sales
Decrease in Selling
expense
(% as compared to sales)
Completeness and Classification of selling expense:
Selling expenses may have been omitted or misclassified.
Increase in Admin
expense
Decrease in Interest
expense
(% as compared to loan)
Occurrence and classification of admin expense:
Admin expenses may have been misclassified.
Increase in Debtors
(% as compared to sales)
Valuation of Debtors:
Some debtors may have become doubtful.
Increase in Inventory
(% as compared to cost
of sales)
Decrease in Creditors
(% as compared to
purchases)
- Decrease in profitability
ratios, current ratio,
interest coverage ratios,
ISA 520
Accuracy and completeness of interest expense:
Interest expense may not have been accurately and completely calculated.
Valuation of Inventory:
Some inventory may have become obsolete.
Completeness of creditors:
Some creditors may have been omitted.
Going Concern Issues.
Due to adverse events and conditions, entity may not be a going concern.
LO 3: USE AS SUBSTANTIVE ANALYTICAL PROCEDURES:
If auditor decides to use analytical procedures as substantive procedures, auditor shall perform
following steps:
1. Determine the suitability of analytical procedures for given assertion:
Suitability of analytical procedures depends on auditor’s assessment of how efficient and
effective it will be in detecting a misstatement.
Substantive analytical procedures are generally suitable for large volume of transactions that
are predictable, and it is expected that relationship between data exists e.g. when known
number of employees are paid at fixed rate (in Payroll).
Suitability also depends on assessment of Risk and nature of Assertion e.g. comparison of GP
ratio to confirm sales is not a persuasive procedure.
2. Evaluate the reliability of data from which auditor’s expectation is developed:
Following factors affect Reliability of data for analytical procedures:
 Source of information (e.g. information from independent source is more reliable)
 Controls over preparation (to confirm accuracy and completeness of information).
 Nature and Relevance of information (e.g. budget can be used if they are prepared as
results to be expected and not as challenging goals to be achieved).
 Comparability of financial information (e.g. broad industry data may need to be
supplemented to be comparable for company selling single product)
3
ISAs – Summaries and Application Guide
ISA 520
3. Develop sufficiently precise expectation to identify misstatement:
Precise expectation depends on:
 Whether financial and non-financial information is available (e.g. whether budgets or
number of employees are available).
 Whether information can be disaggregated (e.g. analytical procedures performed on
individual sections/ components are more effective than performed on entire entity).
 How accurately results can be predicted (e.g. comparing GP ratio with last year gives more
accurate result than comparing research or advertisement expenses)
4. Determine acceptable difference: (called “Threshold”)
Difference between recorded and expected amount which can be accepted without further
investigation depends on:
 Risk Assessment (e.g. if risk is high, acceptable difference decreases)
 Materiality.
 Desired Level of Assurance.
Investigating Results of Analytical Procedures
If analytical procedures show significant differences or inconsistent relations:
1. Auditor shall inquire of management, and shall evaluate those responses by taking into
account:
 auditor’s understanding of entity and its environment and
 other audit evidence obtained during audit:
2. If no adequate explanation is given by management, auditor shall perform other audit
procedures (e.g. tests of details).
Study Tips
1. Substantive analytical procedures provide evidence about Completeness and Accuracy.
2. Depending on auditor’s judgment about the expected efficiency and effectiveness of audit procedure,
auditor may perform only analytical procedures (e.g. when risk is low), only tests of details or both.
3. Major areas where substantive analytical procedures are performed include Sales (if sale price is fixed),
Payroll expenses. Rent Expenses, Depreciation Expense, Selling commission, Interest Expense, Accruals.
Examples: How Substantive Analytical Procedures are performed in different Areas
Sales:

Unit Price * Number of units sold.
Depreciation:

Depreciation Rate * Balance of fixed asset (separate adjustment should be made for Additions/Disposals)
Salaries Expense:

Pay for the first month of the year * 12 + Effect of increment + Salaries of Joiners – Salaries of Leavers.

Alternatively Average pay rate * No. of employees * Rate of Increment * No. of months
Commission Expense:

Commission rate * Sales
Rent Expense:

Monthly Rent * Months Occupied
4
ISAs – Summaries and Application Guide
ISA 520
Interest Expense:

Principal x Interest Rate x Period
Completeness of Accruals:

Compare detailed list of accruals of current year with last year.
LO 4: USE IN FORMING OVERALL CONCLUSION:
Analytical procedures are performed near the end of the audit:
 To corroborate conclusions formed during audit of individual components.
 To assist auditor in forming overall conclusion whether the financial statements are
consistent with auditor’s understanding of the entity.
These may also identify previously unrecognized risk of material misstatements, in which case
auditor shall revise his risk and audit procedures.
Analytical Procedures performed at overall conclusion stage are similar to those used as Risk
Assessment Procedures and are performed because auditor’s understanding may have increased
during the audit.
APX: PRACTICAL INSIGHT OF ISA AND REAL WORLD CASES:
Deficiencies identified in Quality Control Reviews by ICAP:
 Auditor did not adequately evaluate reliability of data obtained from management.
5
ISAs – Summaries and Application Guide
ISA 530
ISA 530
AUDIT SAMPLING
LO #
LEARNING OBJECTIVE
LO 1
INTRODUCTION TO AUDIT SAMPLING
LO 2
SAMPLE DESIGN
LO 3
PERFORMING AUDIT PROCEDURES
LO 4
EVALUATION OF DEVIATION/MISSTATEMENT AND PROJECTION
LO 5
EVALUATING RESULTS OF AUDIT SAMPLING
1
ISAs – Summaries and Application Guide
ISA 530
LO 1: INTRODUCTION TO AUDIT SAMPLING:
Sampling is one mean of selecting items for testing (others being 100% Selection and Specific item
selection). (ISA 500)
Audit Sampling:
Audit Sampling is the application of audit procedures to less than 100% of items within a
population selected in such a way that all sampling units have a chance of selection. Objective of
sampling is to provide basis for conclusion about entire population.
Auditor uses audit sampling in Tests of Controls and Tests of Details.
Relationship between Sampling and Audit Risk:
Audit Risk has three components i.e. Inherent Risk, Control Risk and Detection Risk.
Detection risk arises because of two components/reasons:
 Sampling risk
 Non-Sampling risk
Therefore, to reduce detection risk, it is necessary to understand and reduce sampling risk and nonsampling risk.
Sampling Risk:
“Sampling risk is the risk that auditor’s conclusion based on sampling might be different from the
conclusion if entire population would have been tested.”
Sampling risk can lead to two types of erroneous conclusions:
1. Risk of under-reliance/Incorrect Rejection (affecting audit efficiency leading to increased work)
a. Controls are less effective (than they actually are)
b. Material misstatement exists (infact it does not)
2. Risk of over-reliance/incorrect Acceptance (affecting audit effectiveness leading to incorrect opinion)
a. Controls are more effective (than they actually are)
b. Material misstatement does not exist (infact it does)
Sampling risk can be reduced by increasing sample size.
Non-Sampling Risk:
“Non-sampling risk is the risk that auditor’s conclusion may be wrong for any reasons other than
sampling risk e.g. use of inappropriate procedures by auditor, or misinterpretation of evidence,
failing to recognize a misstatement, or need to work on very tight deadline. “
This can be reduced by proper planning, supervision and review.
2
ISAs – Summaries and Application Guide
ISA 530
Steps in Sampling: (for Tests of Controls as well as Tests of Details)
1. Sample Design
a.
b.
c.
d.
e.
f.
g.
h.
Determine Purpose and Characteristics of Population for Sampling.
Define what will be Deviation or Misstatement.
Make assessment of Expected Rate of Deviation, or Expected Misstatement.
Make assessment of Tolerable Rate of Deviation or Tolerable Misstatement.
Determine Sampling Approach (i.e. whether Statistical or Non-Statistical)
Determine sample size.
Decide whether to use Stratification or Value-weight selection
Select items by choosing appropriate method.
2. Performing Audit Procedures on Sample
3. Projecting Rate of Deviation/Misstatements
4. Evaluating results of Sampling
LO 2: SAMPLE DESIGN:
Determine Purpose:
Purpose could be:
 tests of controls, or tests of details
 overstatement or understatement
Purpose then determines what would be relevant population.
Determine Population and Sampling Units:
Population is the entire set of data from which a sample is selected and about which the auditor
wishes to draw conclusions. Auditor should ensure that population is complete.
Sampling Units are the individual items constituting a population. The sampling units might be:
 physical items (a sale invoice or a debtor or a cheque or an entry in bank statement) or
 monetary units (every single rupee is a unit.)
Define what will be Deviation or Misstatement:
For example:
 If auditor wants to test accuracy of receivables, a posting into wrong customers’ account is
not a misstatement because total balance is correct. (however, this may have implications
for other audit areas e.g. risk of fraud, provision for bad debts).
 Similarly, a timing difference between client record and customer’s record is not a
misstatement.
 If documentation relating to item has been lost, it will be a deviation (in tests of controls) or
misstatement (in tests of details).
Make Assessment of Expected Rate of Deviation, or Expected Misstatement:
Expected Rate of Deviation:
Determination of Expected Rate of deviation depends on:
 Risk assessment procedures to obtain understanding of business and in particular
understanding of internal control.
 Changes in personnel or in internal controls.
 Results of audit procedures performed in prior periods.
 Results of other audit procedures.
If the expected rate of deviation is unacceptably high, the auditor will normally decide not to
perform tests of controls.
3
ISAs – Summaries and Application Guide
ISA 530
Expected Misstatement:
Determination of Expected Misstatement depends on:
 Subjectivity involved in item.
 Results of risk assessment procedures.
 Results of tests of controls.
 Results of audit procedures performed in prior periods.
 Results of other substantive procedures.
If the expected misstatement is high, use of a large sample size (or 100% examination) may be
appropriate.
Make Assessment of Tolerable Rate of Deviation or Tolerable Misstatement.
Tolerable Rate of Deviation:
A rate of deviation (in internal control procedures) set by the auditor in respect of which the
auditor obtains assurance that the actual rate of deviation in the population does not exceed rate of
deviation set by the auditor.
Tolerable Misstatement:
It is the amount of misstatement (in financial statements) set by auditor for which auditor obtains
assurance that actual amount of misstatements in population does not exceed from amount set by
auditor.
Tolerable misstatement is the application of performance materiality to sampling procedure.
Tolerable misstatement may be the same amount or an amount lower than performance
materiality.
Determine Sampling Approach:
Auditor shall determine whether to use Statistical Sampling or Non-Statistical Sampling.
Statistical Sampling:
An approach of sampling that involves:
(i)
random selection of items, and
(ii)
application of probability theory to evaluate results of the sample including measurement of
sampling risk.
Non-Statistical Sampling:
A sampling approach that does not have characteristics (i) or (ii) is considered non-statistical
sampling (or Judgmental Sampling).
The decision whether to use a statistical or non-statistical sampling approach is a matter of
judgment; however, sample size is not a valid criteria.
4
ISAs – Summaries and Application Guide
ISA 530
Determine sample size:
Factors for Test of Controls
(Increase in)
Tolerable rate of deviation
Expected Rate of deviation
Desired Level of Assurance
Extent to which auditor plans to rely on controls
Population Size
Effect on Sample Size
Factors for Test of Details
(Increase in)
Tolerable misstatement
Expected Misstatement (or risk of material misstatement)
Desired Level of Assurance
Stratification of Population
Other Substantive Procedures (e.g. analytical procedures)
Population Size
Effect on Sample Size
Decrease
Increase
Increase
Increase
Negligible
Decrease
Increase
Increase
Decrease
Decrease
Negligible
Stratification or Value-weight selection:
Stratification:
In Stratification, population is sub-divided into different segments (which have similar
characteristics) and then sample is selected from each segment.
Population can be stratified by:
 monetary value (to focus on large value items).
 other particular characteristic (indicating risk of misstatement) e.g. receivable balances
may be stratified by age.
Note: If a class of transactions or account balance has been divided into strata, the misstatement is projected for each
stratum separately. Projected misstatements for each stratum are then combined when considering the possible effect of
misstatements on the total class of transactions or account balance.
Value-weighted selection:
In value-weight selection, monetary units sampling is used i.e. every nth rupee is selected.
After selecting monetary units from population (e.g. population of Total Debtors or Inventory), the
auditor then examines particular items that contains those monetary units (e.g. Debtor A, Debtor F).
Benefits:
 it focuses on larger value items because they have a greater chance of selection, and
 it can result in smaller sample sizes.
5
ISAs – Summaries and Application Guide
ISA 530
Methods of Selection.
Systematic Selection:
In this method, the number of sampling units in the population are divided by the sample size. This
gives a sampling interval (e.g. 50). A random starting point is chosen (e.g. within the first 50 items),
and then items are selected with a standard gap between them (e.g. every 50th item).
Random Selection:
In this method, all items in the population have an equal chance of selection. Random numbers are
used to select items for testing.
Monetary Unit Sampling:
Monetary Unit Sampling is a type of value-weighted selection in which sample size, selection and
evaluation results in a conclusion in monetary amounts.
Haphazard Selection:
In this method, auditor selects the sample on arbitrary basis, without a structured technique e.g.
choosing any 100 items from population. Haphazard selection is not appropriate when using
statistical sampling because sample may contain bias.
Block Selection:
Block selection involves selection of a complete block of contiguous items from the population e.g.
selecting all sales invoices of a particular week or month.
Study Tips
1. In statistical sampling, every item has an Equal chance of selection.
2. In statistical sampling, only Systematic, Random and Monetary Unit Sampling is used. In non-statistical
sampling, any method can be used (except Block Selection).
LO 3: PERFORMING AUDIT PROCEDURES:
Performing Procedures:
Auditor shall perform audit procedures on EACH item selected.
If audit procedure is not applicable to selected item: (e.g. cancelled cheque)
Auditor shall perform procedures on a replacement item (e.g. by selecting very next cheque).
If auditor is unable to apply desired or alternative procedures on selected item: (e.g. when a
cheque/documentation is lost)
Auditor shall treat this item as a deviation (in case of tests of controls) or a misstatement (in case of
tests of details).
6
ISAs – Summaries and Application Guide
ISA 530
LO 4: EVALUATION OF DEVIATION/MISSTATEMENT AND PROJECTION:
Nature and Cause of Deviations and Misstatements:
If a deviation or misstatement is identified in Sampling, auditor shall investigate their nature and
cause.
Auditor may observe that some of the deviations/misstatements are:
1. If deviation/misstatement is Anomalous.
In such case, auditor shall obtain high degree of certainty that the deviation or
misstatement does not affect the remainder of the population. Auditor shall not consider it
for projection. However, this still shall be included in list of identified misstatements.
2. If deviations/misstatements share common features (e.g. type of transaction, location,
product line, or period of time):
Auditor shall select all such items in the population and shall extend its procedures on those
items. If, such deviation/misstatements are intentional, auditor shall also increase risk of
fraud.
Anomaly:
Anomaly is a deviation or misstatement that occurs because of a one-off event and is not
representative of misstatements or deviations in a population e.g. error by a temporary employee.
Projecting Misstatements:
Projecting Deviation Rate (for T.O.C.):
Sample Deviation Rate is always the Projected Deviation Rate for population. No separate
calculation is required.
Projecting Misstatements (for T.O.D.):
Auditor is required to project misstatement for the population. Misstatements based on projection
are not adjusted (unless identified).
Auditor’s best estimate of misstatements in the population = Projected misstatement + Anomalous misstatement
LO 5: EVALUATING RESULTS OF AUDIT SAMPLING:
Evaluating results of Tests of Controls:
If Projected Deviation Rate is below Tolerable Rate of Deviation:
Controls are operating effectively. Auditor can rely on internal control, and can decrease
substantive testing.
If Projected Deviation Rate is above Tolerable Rate of Deviation:
If projected deviation rate is unexpectedly high, auditor shall increase his assessment of control
risk, and may place no reliance on controls.
7
ISAs – Summaries and Application Guide
ISA 530
Evaluating results of Tests of Details:
If Projected Misstatement is below Tolerable Misstatement:
Population is not materially misstated. No further work necessary.
If Projected Misstatement is above Expected Misstatement (used to determine sample size):
Auditor may conclude that there is an unacceptable sampling risk that actual misstatement in
population exceed tolerable misstatements. This risk can be reduced if additional evidence is
obtained.
If Projected Misstatement is above Tolerable Misstatement:
Sample has not provided a reasonable basis for conclusion about population that has been tested. In
this situation, auditor may:
 request management to investigate identified misstatements and search further
misstatements to make adjustments.
 shall revise the nature, timing and extent of further audit procedures e.g. in tests of controls
extend the sample size, test alternative control, modify related substantive procedures.
Numeric Example on Projection and Evaluation of Results
Population
Sample Size
Tolerable Rate of Deviation
Tolerable Misstatement
Number of Transactions
(For Tests of Controls)
550
50
10%
N/A
Amount of Transactions
(For Tests of Details)
10,000,000
2,000,000
N/A
175,000
Required:
(a) Assume you are performing tests of controls:
(i) Calculate projected rate of deviation and evaluate result if 4 deviations are found in the sample.
(ii) Calculate projected rate of deviation and evaluate result if 6 deviations are found in the sample.
(b) Assume you are performing tests of details:
(i) Calculate projected misstatements and evaluate result if misstatements of Rs. 25,000 are found in the sample.
(ii) Calculate projected misstatements and evaluate result if misstatements of Rs. 45,000 are found in the sample.
Solution:
(a)
(i) Projected rate of deviation is 8% (= 4/50*100). As projected rate of deviation is less then Tolerable rate of deviation,
controls are operating effectively and auditor can rely on them.
(ii) Projected rate of deviation is 12% (= 6/50* 100). As projected rate of deviation is more than Tolerable rate of
deviation, controls are not operating effectively. Auditor should not rely on controls and should increase control risk.
(b)
(i) Projected misstatements are 125,000 (= 25,000/2,000,000 * 10,000,000). As projected misstatements are less than
Tolerable misstatements, auditor concludes that population is not materially misstated.
(ii)Projected misstatements are 225,000 (= 45,000/2,000,000* 10,000,000). As projected misstatements are more than
Tolerable misstatements, sampling does not provide reasonable basis about population that has been tested. Auditor shall
perform further audit procedures.
8
ISAs – Summaries and Application Guide
ISA 540
ISA 540
AUDITING ACCOUNTING
ESTIMATES, INCLUDING FAIR
VALUE ACCOUNTING ESTIMATES,
AND RELATED DISCLOSURES
LO #
APPLICATION
REQUIREMENTS PARAGRAPHS
LEARNING OBJECTIVE
LO 1
INTRODUCTION
DEFINITION)
LO 2
RISK
ASSESSMENT
RELATED ACTIVITIES
LO 3
IDENTIFYING AND ASSESSING THE RISKS OF
MATERIAL MISSTATEMENT
10–11
LO 4
RESPONSES TO THE ASSESSED RISKS OF
MATERIAL MISSTATEMENT
FURTHER SUBSTANTIVE PROCEDURES TO
RESPOND TO SIGNIFICANT RISKS
EVALUATING THE REASONABLENESS OF THE
ACCOUNTING ESTIMATES, AND DETERMINING
MISSTATEMENTS
DISCLOSURES RELATED TO ACCOUNTING
ESTIMATES
12–14
LO 8
LO 5
(SCOPE,
OBJECTIVE,
PROCEDURES
AND
AND
1–7
8–9
A1–A11
A12–A44
A45–A51
A52–A101
15–17
A102–A115
18
A116–A119
19–20
A120–A123
INDICATORS OF POSSIBLE MANAGEMENT BIAS
21
A124–A125
LO 9
WRITTEN REPRESENTATIONS
22
A126–A127
LO 10
DOCUMENTATION
23
A128
LO 6
LO 7
1
ISAs – Summaries and Application Guide
ISA 540
LO 1: INTRODUCTION (SCOPE, OBJECTIVE, AND DEFINITION):
There may be three types of transactions in accounting with respect to measurement:
 Actual measurement is possible (e.g. sales)
 Reasonable measurement is possible i.e. estimates and fair values. These may have:
o High estimation uncertainty e.g. Legal Cases, Pension liability, Revaluation of fixed
assets.
o Low estimation uncertainty e.g. Provision for bad debts, Provision for taxation,
Provision for warranty, marketable securities)
 No measurement is possible
This ISA deals with " how to audit” second category of transactions i.e. Estimates and Fair Value.
LO 2: RISK ASSESSMENT PROCEDURES AND RELATED, ACTIVITIES:
As part of obtain understanding of entity (in accordance with ISA 315), auditor shall obtain
understanding of:
1. Requirements of AFRF regarding Accounting Estimates.
2. How management identifies events requiring estimates.
3. How management makes estimates (e.g. which methods and assumptions are used, whether
expert is used, related controls, any change from previous year)
4. Outcome of prior period estimates.
LO 3: IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT:
Auditor shall assess which of the accounting estimates are significant risks (e.g. estimates with High
Estimation Uncertainty may be significant risk).
LO 4: RESPONSES TO THE ASSESSED RISKS OF MATERIAL MISSTATEMENT:
In performing procedures to verify estimates, auditor shall evaluate whether entity has complied
with requirements of AFRF and methods used are appropriate and consistent with prior year.
Auditor shall perform one or more of following:
1. Determine subsequent events that provide evidence regarding estimates.
2. Develop his own point estimate or a range to evaluate management’s point estimate.
3. Perform tests of controls and substantive procedures over management’s process of making
estimates (including whether methods and assumptions used are reasonable).
In performing these procedures, auditor may consider to use the work of an expert.
2
ISAs – Summaries and Application Guide
ISA 540
LO 5: FURTHER SUBSTANTIVE PROCEDURES TO RESPOND TO SIGNIFICANT
RISKS:
For accounting estimates that give rise to significant risks, auditor shall perform following further
procedures:
1. Whether significant assumption used by management is reasonable.
2. How management considered alternative assumptions or outcomes, and why it rejected
them.
3. Management’s intent and ability to carry out a specific course of action, when it is relevant
to assumptions.
If management has not considered adequately effects of estimation uncertainty, auditor shall
himself develop a range to evaluate reasonableness of accounting estimate.
Auditor shall also evaluate that accounting estimates (whether recognized or not recognized) meet
recognition and measurement criteria of AFRF.
LO 6: EVALUATING THE REASONABLENESS OF THE ACCOUNTING ESTIMATES,
AND DETERMINING MISSTATEMENTS:
Based on audit evidence obtained, auditor shall evaluate whether accounting estimates are
reasonable, or misstated.
LO 7: DISCLOSURES RELATED TO ACCOUNTING ESTIMATES:
Auditor shall obtain sufficient appropriate audit evidence that disclosures relating to accounting
estimates are in accordance with AFRF.
For estimates that give rise to significant risk, disclosures relating to estimation uncertainty are
reasonable.
LO 8: INDICATORS OF POSSIBLE MANAGEMENT BIAS:
Auditor shall review whether judgments and decisions by management in making estimates
indicate possibility of management bias.
LO 9: WRITTEN REPRESENTATIONS:
Auditor shall obtain written representation that significant assumptions used in making accounting
estimates are reasonable.
LO 10: DOCUMENTATION:
Auditor shall document:
 Basis of auditor’s conclusion about reasonableness of accounting estimates and their
disclosure that give rise to significant risk.
 Indicators of management bias.
3
ISAs – Summaries and Application Guide
ISA 550
ISA 550
RELATED PARTIES
LO #
LEARNING OBJECTIVE
LO 1
INTRODUCTION
LO 2
RESPONSIBILITIES OF MANAGEMENT AND AUDITOR
LO 3
AUDIT PROCEDURES ASSOCIATED WITH RELATED PARTIES
LO 4
MISCELLANEOUS CONCEPTS
1
ISAs – Summaries and Application Guide
ISA 550
LO 1: INTRODUCTION:
Related Parties:
Related Parties are individuals or organizations that has control or influence (directly or indirectly
through intermediaries) over the entity.
Examples of related parties include:
 Companies in the same group e.g. holding company, subsidiary, associated company.
 Majority shareholders, Directors, Key management of the company and their close relatives.
 Other entities controlled by majority shareholders, directors, key management or their
relatives.
Related Party Transactions:
Related party transactions are transactions between the client company and its related party.
Examples of related party transactions include:
 Sale (or purchase) of assets.
 Receiving (or providing) services e.g. consultancy/management/accounting services.
 Giving (or obtaining) loan or guarantee or repayment of loan.
Why risk is high in related party transactions:
1. All related party relationships or transactions may not be identified and disclosed in
accordance with AFRF.
2. There is an opportunity of fraud by management through collusion with related parties.
LO 2: RESPONSIBILITIES OF MANAGEMENT AND AUDITOR:
Responsibilities of Management:
If AFRF prescribes related party requirements, it is the responsibility of management to identify,
account for and disclose related party relationships and transactions in financial statements in
accordance with AFRF.
Responsibilities/Objectives of Auditor:
If AFRF prescribes related party requirements:
Auditor is responsible to obtain sufficient appropriate evidence that related party relationships and
transactions have been identified, accounted for and disclosed in financial statements in accordance
with AFRF.
Whether AFRF prescribes requirements or not:
Auditor is also responsible to ensure that:
 financial statements give true and fair view (if fair presentation framework is used),
 financial statements are not misleading (if compliance framework is used),
Auditor is also responsible to obtain understanding of related party relationships and transactions
to recognize risk of fraud.
Due to inherent limitations of audit, auditor may not detect all related parties.
2
ISAs – Summaries and Application Guide
ISA 550
LO 3: AUDIT PROCEDURES ASSOCIATED WITH RELATED PARTIES:
Risk Assessment Procedures:
These are procedures to obtain information to identify risk associated with related parties.
Inquiry:
1. Auditor shall inquire of management regarding:
a. identity of entity’s related parties (including changes from prior period)
b. nature of relationships with related parties.
c. types and purpose of transactions with related parties (if any)
2. Auditor shall inquire of management and others within the entity (e.g. TCWG, internal audit
function, legal counsel, persons involved in recording transactions) to obtain understanding of controls
to:
a. To identify, account for and disclose related party relationships and transactions in
financial statements in accordance with AFRF.
b. To approve significant transactions with related parties and outside the normal
course of business.
3. Auditor shall discuss and share related party information with engagement team.
Inspection:
Auditor shall remain alert when inspecting records or documents, including:
1. Bank and legal confirmations obtained as part of the auditor’s procedures;
2. Minutes of meetings of shareholders and of those charged with governance; and
3. Such other records or documents as the auditor considers necessary in the circumstances
e.g. Third-party confirmations, Register of shareholders/directors/officers/investment, Entity’s income tax
return, documents filed to regulatory authorities (e.g. prospectus), internal audit reports, contracts outside
normal course of business or re-negotiated by entity, statements of conflicts of interest by management and
TCWG.
Identification and Assessment of Risks
Significant Risk:
If there is a significant risk (e.g. significant related party transaction outside the normal course of business***),
auditor shall identify it separately as required by ISA 315.
*** Examples of transactions outside the entity’s normal course of business may include:
• Equity transactions.
•Transactions with offshore entities.
• Providing property or services without consideration.
• Sales with unusually large discounts or returns or with commitment to repurchase.
• Transactions whose terms are changed before expiry.
Risk of Fraud:
If there is a fraud risk factor (e.g. related party with dominant influence***), auditor shall identify it and address
it as required by ISA 240.
***Following are indicators of related party with dominant influence:

Founder of entity who is also currently managing the entity.

Significant transactions referred for final approval.

Vetoed significant business decisions.

Little or no debate on proposals by related party.

Transactions involving the related party are not reviewed and approved.
Risk of Management Override of control:
Risk of management override of control will be higher if management has financial interest with related parties.
3
ISAs – Summaries and Application Guide
ISA 550
Evaluation of Controls:
Auditor shall evaluate control environment by considering following:
 Code of conduct, to enter into related party transactions, has been developed,
communicated and enforced.
 Assignment of responsibilities within the entity to identify, record and disclose related
party transactions.
 Policies and procedures for disclosure of interest in transactions.
 Clear guidelines for disclosure, discussion and approval of:
o transactions which involve conflict of interest of management/TCWG
o significant transactions with related parties outside the normal course of business.
 Periodic reviews by internal audit function.
 Existence of whistle-blowing policies and procedures.
Exam Tip – Implication on Report
If these controls are ineffective, there may be scope limitation and auditor may express Qualified
Opinion or Disclaimer of Opinion.
Substantive Procedures:
Auditor shall evaluate whether:
 related party relationships and transactions have been appropriately accounted for and
disclosed in accordance with AFRF, and
 financial statements give true and fair view (if fair presentation framework is used), or are
not misleading (if compliance framework is used)
If auditor identifies related party relationships or transactions not identified by management:
Auditor shall perform following procedures:
 Promptly communicate the relevant information to other members of engagement to assist
them in determining whether to re-assess risk of material misstatement.
 If AFRF prescribed related party requirements:
o Inquire as to why entity’s process and controls failed to identify or disclose such
related party relationship/transaction.
o Request management to identify all transactions with newly identified related party
for auditor’s further evaluation.
 Perform appropriate substantive procedures on newly identified related party, and/or
significant related party transactions.
o Inquire nature of relationship with new party.
o Analyze transactions with related party (e.g. using CAAT)
o Verify the terms and conditions of transactions.
o Evaluate whether transactions have been appropriately accounted for and
disclosed.
 Reconsider risk of completeness of related party information because other unidentified
related parties may also exist. Also perform additional audit procedures as necessary.
 If non-disclosure appears intentional, reconsider risk of fraud. Also evaluate other
implications on the audit (e.g. re-evaluate integrity of management and reliability of
representations given to auditor).
4
ISAs – Summaries and Application Guide
ISA 550
If there is a significant transaction outside the normal course of business:
Auditor shall inquire management about business rationale of such transactions, and whether
related party is involved.
If related party is involved in a significant transaction outside the normal course of business,
auditor shall consider it a Significant Risk, and shall perform following procedures:
 Inspect underlying contracts or agreements to evaluate:
o If there is indication of fraudulent financial reporting or misappropriation of assets.
o Terms of transactions are consistent with management’s explanation.
o Transaction has been appropriately accounted for and disclosed in accordance with
AFRF.
 Obtain evidence of appropriate authorization of such transactions.
If management states in F/S that transactions with related party are on arm’s length:
Auditor shall obtain evidence whether price as well as other terms (e.g. credit period) are
equivalent to those that would be agreed between independent parties.
Management’s support for assertion may include:
 comparing terms of transactions with open market, or with unrelated parties, or
 engaging expert to evaluate assertion.
Auditor’s may evaluate management’s support by:
 considering appropriateness of management’s process for supporting the assertion.
 Evaluating source data on which assertion is based, and testing the relevance,
completeness, and accuracy of that source data.
 Evaluating relevance and reasonableness of assumptions on which assertion is based.
Exam Tip – Implication on Report
If a related party transaction is not adequately disclosed, this will be a misstatement. Auditor shall
express Qualified Opinion or Adverse Opinion.
5
ISAs – Summaries and Application Guide
ISA 550
LO 4: MISCELLANEOUS CONCEPTS:
Materiality:
Transactions with related parties are considered material irrespective of size of transaction.
Written Representation:
If AFRF prescribes related party requirements, auditor shall obtain written representations from
management and directors that:
1. They have disclosed to the auditor the identity of the entity’s related parties and all the
related party relationships and transactions.
2. They have appropriately accounted for and disclosed related party relationships and
transactions in financial statements in accordance with AFRF.
Communication with TCWG:
Auditor shall communicate significant matters associated with related parties to TCWG e.g.:
 Identification of related party not identified by management, or
 Significant transactions with related party without proper approval).
 Disagreement with management on accounting for and disclosure.
 Non-compliance with laws and regulations regarding related parties.
Documentation:
The auditor shall include in the audit documentation:
 Names of identified related parties
 Nature of relationships with related parties
6
ISAs – Summaries and Application Guide
ISA 560
ISA 560
SUBSEQUENT EVENTS
LO #
LEARNING OBJECTIVE
LO 1
INTRODUCTION
LO 2
SUBSEQUENT EVENTS OCCURRING TILL THE DATE OF AUDITOR’S REPORT
LO 3
LO 4
1
FACTS BECOME KNOWN TO THE AUDITOR AFTER AUDITOR’S REPORT
BUT BEFORE ISSUE OF FINANCIAL STATEMENTS
FACTS BECOME KNOWN TO THE AUDITOR AFTER ISSUANCE OF
FINANCIAL STATEMENTS
ISAs – Summaries and Application Guide
ISA 560
LO 1: INTRODUCTION:
Important dates in sequence:
 Date of financial statements (year-end, or B/S date).
 Date of approval of financial statements (i.e. approval by directors, not by shareholders)
 Date of audit report
 Date of issuance of financial statements
Events occurring after the issuance of financial statements do NOT come under definition of
subsequent events.
Examples of Subsequent Events:







Adjusting Events
Settlement of legal case after the year end.
Subsequent bankruptcy of debtors.
Subsequent sale of inventory below cost.
Subsequent finalization of purchase/sale price of
assets which are purchased/sold before year end.
Subsequent discovery of errors or fraud in F/S.
Return of defective inventory after year end.
Change in going concern assumption after the
year end.









Non-Adjusting Events
Sale or purchase of significant assets or business
units.
major
restructuring,
discontinuance
of
operations,
Issue of shares or debentures.
Appropriate of assets by government.
Destruction of assets by fire/flood.
Issuance of guarantees or commitments.
Major litigation started after reporting period.
Changes in tax law (or foreign exchange rates if
abnormally large change).
Customer cancelled order due to change in law.
LO 2: SUBSEQUENT EVENTS OCCURRING TILL THE DATE OF AUDITOR’S
REPORT:
Auditor’s Responsibility: (Active Review)
Auditor shall perform procedures to identify subsequent events affecting financial statements till
the date of auditor’s report.
Auditor’s Procedures to identify subsequent events affecting financial statements:
1. Obtaining an understanding of procedures established by management to identify
subsequent events.
2. Inquiring of management and TCWG as to whether any subsequent events have occurred
which requires adjustment or disclosure in financial statements.
3. Reading minutes of meetings (for period after B/S date) of the entity’s owners, management
and TCWG and inquiring about matters discussed at any such meetings for which minutes
are not yet available.
4. Reading subsequent interim financial statements, if any (whether for internal or external
purposes).
5. Requesting management to provide written representation that “all events subsequent to
the date of the financial statements requiring adjustment or disclosure have been adjusted
or disclosed”.
Auditor may also perform following procedures:
 Read budgets, cash flow forecasts, management reports (for period after B/S date).
 Inquire entity’s legal counsel.
 Inquire or obtain written representation concerning particular subsequent events.
2
ISAs – Summaries and Application Guide
ISA 560
Study Tip – If subsequent event is identified
If any subsequent event is identified, auditor shall perform procedures (depending on event) to
determine whether it is included in financial statements in accordance with AFRF.
LO 3: FACTS BECOME KNOWN TO THE AUDITOR AFTER AUDITOR’S REPORT
BUT BEFORE ISSUE OF FINANCIAL STATEMENTS:
Auditor’s Responsibility: (Passive Review)
Auditor does not perform procedures to identify subsequent events. However, if an event comes to
his knowledge, auditor discusses with management whether financial statements need amendment
and inquires how management intends to address the matter in financial statements.
Auditor’s Procedures if management amends financial statement:
Auditor shall carry out audit procedures on amendment.
Where law or framework prohibits (i.e. do not allow) restricted-amendment:
 Provide new audit report on amended financial statements.
 New audit report should be dated on or after the date of approval of amended financial
statements.
 Auditor shall extend his procedures for subsequent events up to the date of new audit
report.
Where law or framework does not prohibit (i.e. allow) restricted-amendment:
Auditor can restrict audit procedures to the amendment in financial statements. In such case,
auditor shall amend audit report (or issue new report) that includes Dual Dating or Emphasis of
Matter (and Other Matter) to describe that his procedures on subsequent are restricted only to
amendment of F/S described in notes.
Auditor’s Procedures if management does NOT amend financial statement:
Where management is required to issue amended financial statements:
If audit report has not been provided to the entity, auditor shall modify his opinion and then
provide report to entity.
If report has been provided to entity:
1. Auditor shall notify management and TCWG not to issue financial statements without
amendment to third parties.
2. If despite such notification, management and TCWG issue financial statements, the auditor
shall obtain legal advice and shall take appropriate action to present reliance on auditor
report e.g. auditor can speak at AGM.
Where management is not required to issue amended financial statements:
No need to provide new or amended audit report.
(e.g. when issuance of financial statements of following period is imminent)
3
ISAs – Summaries and Application Guide
ISA 560
LO 4: FACTS BECOME KNOWN TO THE AUDITOR AFTER ISSUANCE OF
FINANCIAL STATEMENTS:
Auditor’s Responsibility:
If an event occurred after issuance of F/S, it is not required to be adjusted or disclosed. However, if
subsequent event occurred before issuance of F/S but became known after issuance of F/S, auditor
discusses with management whether financial statements need amendment and inquires how
management intends to address the matter in financial statements.
Auditor’s Procedures if management amends financial statement:
Auditor shall carry out necessary audit procedures on amendment.
Where law or framework prohibits restricted-amendment:
 Auditor shall review the steps taken by management to ensure that misstatement in
financial statements is communicated to users.
 Auditor shall provide a new audit report on amended financial statements. New audit
report should be dated on or after the date of approval of amended financial statements by
directors. Auditor shall extend his review of subsequent events up to the date of new audit
report.
 New audit report shall also include an Emphasis of Matter Paragraph or Other Matter
Paragraph which shall state reason for revision of financial statements, and audit report.
Where law or framework does not prohibit restricted-amendment:
Auditor shall amend audit report to communicate to users that his responsibility to perform
procedures for subsequent event is restricted to amendment. This may be done by:
 Dual dating audit report, or
 By including such statement in Emphasis of Matter Paragraph, or in Other Matter
paragraph.
Auditor’s Procedures if management does NOT amend financial statement:
1. Auditor shall notify management and TCWG that the auditor will seek actions to prevent
users from relying on auditor’s report.
2. If despite such notification, management or TCWG do not take necessary steps, auditor shall
take appropriate action to communicate misstatement in financial statements to users
(considering legal advice).
4
ISAs – Summaries and Implementation Guide
ISA 570
ISA 570
GOING CONCERN
LO #
LEARNING OBJECTIVE
LO 1
MANAGEMENT’S RESPONSIBILITIES
LO 2
AUDITOR’S RESPONSIBILITIES
LO 3
IMPLICATIONS FOR AUDITOR REPORT
LO 4
EVENTS OR CONDITIONS CASTING DOUBT ON ENTITY’S ABILITY TO CONTINUE
AS A GOING CONCERN
LO 5
DRAFTING OF MODIFICATIONS RELATING TO GOING CONCERN
1
ISAs – Summaries and Implementation Guide
ISA 570
LO 1: MANAGEMENT’S RESPONSIBILITIES:
If management is preparing general purpose financial statements, it is required to assess whether
entity is going concern for atleast 12 months.
 If assessment period is less than 12 months, it will be a scope limitation.
 If entity has profitable operations and ready access to financial resources, management may
make assessment without detailed analysis.
LO 2: AUDITOR’S RESPONSIBILITIES:
Risk assessment Procedures to identify events/conditions:
Auditor shall perform following risk assessment procedures and related activities to identify events
or conditions which may cast doubt on entity’s ability to continue as going concern:
 Inquire from management whether it has identified any events or conditions.
 When performing risk assessment procedures (required by ISA 315), consider whether
events or conditions exist.
 Remain alert throughout the audit.
Study Tips
If there is significant delay in approval of financial statements, auditor shall inquire reason of delay. If
auditor believes that delay could be related to going concern issues, auditor shall perform additional
audit procedures.
Additional procedures if events/conditions are identified:
1. Evaluate management’s plan for future action, and whether it is feasible***.
2. Obtain representation from management/TCWG regarding these plans and their feasibility.
3. If management has prepared a cash flow forecast, evaluate:
a. reliability of data used, and
b. adequate support for assumptions used.
4. Consider additional facts or information after the date of assessment.
***Exam Tip
In exam question, you have to specifically comment on each and every plan of action mentioned in
question (in addition to above general procedures) e.g. it could be support from a related party,
temporarily closing plant, investment in capital expenditure.
2
ISAs – Summaries and Implementation Guide
ISA 570
LO 3: IMPLICATIONS FOR AUDITOR REPORT:
Conclusion
Events/Condition existed, but
there
is
no
material
uncertainty, and Going Concern
is appropriate
Material Uncertainty Exists, but
Going Concern is appropriate
Going Concern assumption is
not appropriate
Effect on Audit Report
Auditor shall express unmodified opinion, provided events or conditions are
adequately disclosed in financial statements.
However, auditor may determine one or more of these events to be Key Audit Matter.
If adequate disclosure*** is included in financial statements:
Auditor shall express an unmodified opinion, and shall include “Material Uncertainty
Related to Going Concern” paragraph in his report to:

Draw user’s attention to note that discloses the events/conditions.

State that these events/conditions indicate that material uncertainty exists.

Auditor’s opinion is not modified in respect of this matter.
If adequate disclosure is NOT included in financial statements:
Auditor shall express a qualified opinion (if effect is material) or adverse opinion (if
effect is pervasive).
Auditor shall also state in “Basis for Qualified/Adverse) Opinion paragraph that
material uncertainty exists and that the financial statements do not adequately disclose
this matter.
If financial statements are prepared on going concern basis:
Auditor shall express adverse opinion.
If financial statements are prepared on alternate basis (e.g. liquidation basis,
break-up value basis):
Auditor shall express unmodified opinion and shall include Emphasis of Matter
paragraph in his report to draw users’ attention to alternate Basis of Accounting.
***Adequate disclosures mean financial statements disclose:

events/conditions,

management’s plan to deal and

clear description that a material uncertainty exists which may cast significant doubt on the entity’s ability to
continue as a going concern.
LO 4: EVENTS OR CONDITIONS CASTING DOUBT ON ENTITY’S ABILITY TO
CONTINUE AS A GOING CONCERN:
Financial conditions:
 Substantial losses or negative equity.
 Net liability position (short-term and/or long-term)
 Inability to obtain financing (e.g. financial arrangements expire and there is no
renegotiation/replacement, suppliers changing terms to cash).
 Non-compliance with terms of loan agreements
 Negative operating cash flows (i.e. inability to pay debts, dividends).
 Long term borrowing becoming payable and there is no arrangement for renewal or
repayment.
 Arrears or discontinuance of dividends
 Adverse key financial ratios.
3
ISAs – Summaries and Implementation Guide
ISA 570
Operating conditions:
 Loss of key management without replacement.
 Loss of a major market, key customer, franchise, license, or principal supplier.
 Labor difficulties.
 Shortages of important supplies.
 Entry of a highly successful competitor.
Legal and Other conditions:
 Non-compliance with legal requirements.
 Changes in law or government policy expected to adversely affect the entity.
 Pending legal or regulatory proceedings against the entity which entity will not be able to
pay if lost, and may have to file for bankruptcy.
 Uninsured catastrophes when they occur.
LO 5: DRAFTING OF MODIFICATIONS RELATING TO GOING CONCERN:
Illustration 1: A material uncertainty exists and disclosure in the financial statements is adequate
Material Uncertainty Related to Going Concern:
We draw attention to Note XXX in the financial statements, which indicates that the Company incurred a net
loss of ZZZ during the year ended December 31, 20X1 and, as of that date, the Company’s current liabilities
exceeded its total assets by YYY. As stated in Note 6, these events or conditions, along with other matters as
set forth in Note 6, indicate that a material uncertainty exists that may cast significant doubt on the
Company’s ability to continue as a going concern. Our opinion is not modified in respect of this matter.
Illustration 2: A material uncertainty exists and disclosure in the financial statements is not adequate
Basis for Qualified Opinion:
As discussed in Note yy, the Company’s financing arrangements expire and amounts outstanding are payable
on March 19, 20X2. The Company has been unable to conclude re-negotiations or obtain replacement
financing. This situation indicates that a material uncertainty exists that may cast significant doubt on the
Company’s ability to continue as a going concern. The financial statements do not adequately disclose this
matter.
4