Audit Procedures: Practical Aspects (Covering ISA 265,300,315, 330,520) © Copyright: Md. Gulam Kibria ACA 1 © Copyright: Md. Gulam Kibria ACA 2 Starting point is ……….. © Copyright: Md. Gulam Kibria ACA 3 How Do Understand the Entity’s Environment and Its Accounting & Internal Control Systems Inquiries of the Management Observation & Inspection Analytical Procedures ISA 315 Prior Period Knowledge Discussion with Engagement Team © Copyright: Md. Gulam Kibria ACA 4 Understand the Entity’s Environment and Its Accounting & Internal Control Systems Paragraph 11 of ISA 315 requires the auditor to obtain an understanding of the entity and the environment in which it operates. This includes: Objectives & Strategies of Entity Financial Reporting Framework Measurement & Review of Financial Performance Nature & Structure of the Entity Internal Control Systems © Copyright: Md. Gulam Kibria ACA 5 Internal Control Systems © Copyright: Md. Gulam Kibria ACA 6 Why Do Focus on Internal Control Systems? Auditors need to perform two types of test to obtain sufficient & appropriate audit evidence: - Test of Controls Substantive Procedures Test of Design Test of Effectiveness Test of Details Audit Procedures © Copyright: Md. Gulam Kibria ACA Analytical Procedures 7 Compliance Requirements ISA 300: Planning an Audit of FS ISA 265: Communicating Deficiencies in IC ISA 315: Identifying and Assessing ROMM ISA 402: Audit Considerations Relating to an Entity Using a Service Organization Audit Procedures © Copyright: Md. Gulam Kibria ACA ISA 330: The Auditor’s Responses to Assessed Risks 8 Definition of Internal Control ISA 315 defined Internal Control as following: “The process designed, implemented, and maintained by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of an entity’s objective with regard to reliability of financial reporting, effectiveness, and efficiency of operations and compliance with applicable laws and regulations.” Business Activities/ Transactions Process Designed and Implemented © Copyright: Md. Gulam Kibria ACA Financial Reporting 9 Delegation of Authority Management of the Company Design and Implement Internal Control Test of Design and Effectiveness of Internal Control Auditor Reliable and Accurate Financial Information © Copyright: Md. Gulam Kibria ACA 10 Worked Example “The financial statements may not report financial position, financial performance, and information about cash flows correctly due to computer failure and consequent destruction of the financial records.” Identify risks to these objectives not being fulfilled Management of the Company Implement internal controls to mitigate this risk © Copyright: Md. Gulam Kibria ACA Incorrect financial reporting ▪ Limit to unauthorized access ▪ Backup Plan 11 Components of Internal Controls Tones of the Entity Control Environment Business Risk & Action Entity’s Risk Assessment Financial Reporting System The Information System relevant to Financial Reporting © Copyright: Md. Gulam Kibria ACA Policy, Procedures, Directives Control Environment Review & Corrective Action Monitoring of Controls 12 Writing Client Procedures Client procedure must include following matter precisely: Brief Description of Related Head ERP Accounting Systems Walk Through Test Related Regulatory Requirements Related Internal Controls © Copyright: Md. Gulam Kibria ACA 13 Writing Client Procedures © Copyright: Md. Gulam Kibria ACA 14 Drawing of the Client Procedure Drawing of the client procedure assist auditor to identify the risky area and relevant internal control: Process Decision Document Connector Service Provider Start or End © Copyright: Md. Gulam Kibria ACA Data One Page Reference Data Storage 15 Drawing of the Client Procedure & Identification of the Risk © Copyright: Md. Gulam Kibria ACA 16 Development of Audit Program “The plan that must be followed by the auditor to obtain sufficient and appropriate audit evidence is known as the development of the audit program. The audit program is need to be developed by the JIC and validated by the audit manager before starting of the field work” The JIC and audit manger needs consider the following matter during preparation and reviewing of the audit program: Risk of Material Misstatements Nature of the Organization Accounting System and Internal Control of the Organization Regulatory Requirements © Copyright: Md. Gulam Kibria ACA 17 Development of Audit Program © Copyright: Md. Gulam Kibria ACA 18 Test of Design & Implementation of Control “When an internal control cannot address and prevent risk of misstatement over the financial reporting or existing control is not properly designed, then control is concluded as design deficiency” The auditor need to consider the following matter during test of Design and Implementation of Control Consistent & Frequency Design by experience & competence person Aggregation & Precision Authority of the person Investigation & Followup © Copyright: Md. Gulam Kibria ACA 19 Some Examples of Design Deficiency © Copyright: Md. Gulam Kibria ACA 20 Level of Comfort Test of Operating Effectiveness of the Control Direct Test © Copyright: Md. Gulam Kibria ACA 21 Number of Sample & Frequency Table Testing Manual Control Frequency of Control Control Frequency Number of Items to Test High Medium Population Size Frequency 01 Annual Low Annual 01 02-04 Quarterly Quarterly 02 05-12 Monthly Monthly 04 03 02 13-52 Weekly Weekly 10 07 05 53-250 Daily Daily 30 25 20 > 250 Multiples times per day Multiples times per day 45 30 20 © Copyright: Md. Gulam Kibria ACA 22 Test of Operating Effectiveness of the Control © Copyright: Md. Gulam Kibria ACA 23 © Copyright: Md. Gulam Kibria ACA 24 © Copyright: Md. Gulam Kibria ACA 25 Prepared By- Md. Gulam Kibria ACA Manager (Audit & Consultancy) ACNABIN, Chartered Accountants E-mail: g.kibria@acnabin-bd.com © Copyright: Md. Gulam Kibria ACA 26
