Home Resources Practice resources. Hub page Resources. No content type Contact us. Hub page Support for member firms. Hub page Home. Promotional material Communities. Digital Practice See more of our content on the digital practice. Article Go digital: facilitate advice. Article Digital transformation. Setting up in practice See more of our content on setting up in practice. Helpsheets and support Regulation.
Helpsheets and support Setting up in practice. Running your practice View all our resources. Hub page Running your practice. New resource template Running your practice. Listing Running your practice. Listing Supporting your staff. Listing Practice structure.
Supporting your clients View all our resources. Best practice in drawing up an engagement letter. Audit Practice Manual 2. It also demonstrates that the firm has adequate resources and the appropriate technical knowledge necessary to carry out the audit properly. The form must be completed and signed by the partner prior to any detailed work being commenced on the audit.
This includes the completion of the detailed planning. Where any of the questions have been answered with a 'yes', the partner must specify precisely what action is to be taken to safeguard independence or overcome the problems with available resources or technical knowledge.
Any 'yes' answer will create either an ethical or practical issue, which may require consultation. As a result, the form may have to be signed off by a second partner who is independent from the audit.
This is a mandatory requirement in the case of listed or other public interest audits and those of higher audit risk. If this is not possible, the form may have to be signed by the firm or organisation with which consultation takes place. However, the audit firm retains ultimate responsibility for the audit. Where a 'yes' answer is given to question 11 'rotation of audit engagement partner' it may not be necessary to have a second partner review.
However, there must be evidence to show that the engagement partner has carefully considered any long relationship with the client as this could affect auditor independence.
A second partner or other independent agency will normally corroborate this decision. There will normally be an undertaking that the file will be subjected to a second review where any contentious issues, such as a potential or actual qualification, have arisen. Where there are any fees outstanding IFAC Ethical Standards require the responsible individual to consider whether the fees outstanding taken together with the fees for the current audit could constitute a significant loan.
Significance should be measured in respect of the individual partner and the practice fees and not in respect of materiality for the client. If the decision is that the work can commence this should be corroborated by a second partner. This is not necessary if you are a sole practitioner. This is undertaken on the B3.
Audit Practice Manual C2 Audit planning checklist This checklist should be completed as a control over the planning of the audit. It will ensure that all initial steps are properly taken. In particular it will guide users through completion of the risk assessment and internal control evaluation forms.
The planning checklist C2 is set out in the order that the various tasks should be completed. It therefore starts with preliminary engagement activities including agreement of engagement terms and then moves onto planning activities: firstly at a strategic level, and then in greater detail.
An example form C3 provides an outline for such a memorandum. It should be stressed that the form at C3 is an example showing the sort of headings that should be included.
This form should not be used as a record of the planning memorandum! A well-planned audit will save considerable time, particularly in the final stages. Proper planning will also help ensure compliance with auditing standards.
Care must be taken to ensure that all the points have been properly addressed and dealt with. These should be recorded in the relevant part of the file and cross-referenced on the form itself. Audit Practice Manual misstatement due to fraud or error. The purpose of C4 is to provide a convenient layout to record the results of that meeting.
It is not essential to use the form provided at C4. The relevant matters could easily be recorded in the detailed planning memorandum. Where that is the case the C4 slot should be used to file notes used to brief staff at the planning meeting.
C5 Systems and internal controls summary BSA Understanding the entity and its environment and assessing the risks of material misstatement requires a much deeper understanding of the client's procedures and systems of internal control than was the case previously.
The approach to systems and internal control required by the APM is set out below. Understanding of the company BSA The following paragraphs see BSA A 'Know your client' checklist PAF Schedule 3 has been provided in the permanent file to assist firms in recording the necessary detail. A proforma register of laws and regulations is also provided PAF Again this in itself does not sound onerous; however, BSA Evaluating the design of a control involves considering whether the control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements'.
An Internal Control Questionnaire S4 has been provided to assist with the identification of controls relevant to the audit. This is required regardless of whether any reliance will be placed on those controls. Testing the operational effectiveness of controls traditional compliance testing is a different issue. BSA The review of the design and implementation of controls relevant to the audit should be documented on C5.
This form must be completed on every audit as a review of the design and implementation of controls relevant to the audit is required on every audit. Testing the operational effectiveness of internal controls so as to reduce the amount of substantive testing should be considered where this approach is expected to be more effective. However, there are two occasions where testing the operational effectiveness of controls is a requirement.
When the auditor's assessment of risks of material misstatement at the assertion level includes an expectation that controls are operating effectively, the auditor should perform tests of controls to obtain sufficient appropriate audit evidence that the controls were operating effectively at relevant times during the period under audit.
When the auditor has determined that it is not possible or practicable to reduce the risks of material misstatement at the assertion level to an acceptably low level with audit evidence obtained only from substantive procedures, the auditor should perform tests of relevant controls to obtain audit evidence about their operating effectiveness.
Completing C5. As the precise nature of controls and their relevance to the audit will vary from one company to another the form is of necessity mainly blank boxes.
Guidance is given below on completion of this form. There is also a partially completed 9 Audit Practice Manual example included in the case study. Where this is completed manually it is likely that some of the boxes will not be big enough! If this is the case the schedule should be blown-up to A3 on a photocopier or use made of continuation sheets. Heading Outline of information system and controls Comment on design and effectiveness of controls Comment on implementation of controls Is this a key control?
It is not necessary to reproduce the system notes from the permanent file here! The description should be sufficient to identify the controls being evaluated.
Comment on the design and potential effectiveness of a control by considering whether the control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements.
Inquiry alone is not sufficient to evaluate the design of a control: further work such as inspecting documents or tracing transactions through the system is required. Comments made on the design should include the nature of the work undertaken. Any weaknesses in design should be flagged and recorded on the draft letter of comment to the client. Comment on the implementation of the control: did the control exist and was the company using it as intended?
Again inquiry alone is not sufficient to evaluate the implementation of a control: further work such as inspecting documents or tracing transactions through the system is required. Comments made on the implementation should include the nature of the work undertaken. And again, any weaknesses in implementation should be also be flagged and recorded on the draft letter of comment to the client.
Not all controls relevant to the audit will be key controls. If a control could be relied upon to reduce the level of substantive testing in a particular area then it is a key control.
This is only relevant if tests of the operational effectiveness of controls are to be undertaken. Clearly there will be little value in testing the operational effectiveness of controls that are not key controls. If either of these circumstances applies the question should be answered yes and a compliance test of the operational effectiveness designed on S2 and S3.
In addition, where testing the operational effectiveness of controls is more effective than relying solely on substantive procedures this question should be answered yes and a suitable test designed.
This is simply a cross-reference to one of the schedules referred to above. C6 is a summary sheet that confirms that the necessary procedures have been undertaken at the planning stage and reviewed as part of the audit completion. It also summarises the response to financial statement level risks that do not have a direct impact at the assertion level.
The approach to risk assessment under the APM is set out below. Risk assessment As noted above in relation to controls, BSA This is the starting point, as this process should gather sufficient information that will enable identification of the various risks facing the company. This assessment is also used to determine the overall risk at the 11 Audit Practice Manual financial statement level attaching to the assignment, which plays an important part in determining sample sizes.
Response to risk Once risks have been identified BSA Documenting the response to risk at the assertion level is considered on the C6. The response to risk at the financial statement level to the extent that it is not already addressed on C6.
Guidance on the completion of these forms is given below. Risks on this schedule are therefore considered in summary and are categorised by financial statement area rather than by the nature of the risk or the order they were recorded.
The risk response summary relates to the individual financial statement areas. For example, the audit could be generally high risk, because there are outside shareholders, and the company is being sold based on balance sheet values.
That said, fixed assets may specifically be a low risk area, because there is little or no danger of misstatement within this area of the audit. Conversely, it is quite feasible for areas of the audit to be identified as a specific high risk, even where the general risk is low.
The risk response summary sets out the approach by financial statement area in such circumstances. In addition to summarising risks by financial statement area the risk response summary plays an important part in determining sample sizes through the setting of a risk level for each financial statement area. Completing C6. If this is the case use should be made of continuation sheets. Heading Guidance on completion Major Risk The major risk factors affecting the financial statement area that have been 12 Audit Practice Manual Factors identified should be noted.
These need not be in any great detail as this will identified be set out on C6. The purpose here is to give an overview of main risks. Heading Guidance on completion Other risks H, The assessment here is effectively the residual risk. If there is a major risk M or L?
Specific procedures will be documented on C6. It will also be possible to conclude that the risk in a particular area is medium or high even though there are no specific risk factors. This may be because of value - perhaps say trade debtors are the largest item in the balance sheet and whilst there are no indications of problems and the controls are good, if there is going to be a material error in the accounts this is where it would be!
This approach allows the audit work to be increased in areas where the risk is higher and reduced where the risk is lower since the risk assessments made for each section affect the sample size for that area. Justification for This column provides space for an explanation of the risk assessed as other Risks discussed above.
In particular, an explanation should be given where the assessment is other than low, or where the assessment is apparently low but there are factors that suggest that this may not be the case. Audit Approach A summary of the approach to this financial statement area should be given. This will often be completion of the standard programme as amended by additional tests identified on C6. Where a decision is taken to use a bespoke programme then this should be explained.
Where the standard programme is not used, explain what work is to be carried out on that section or cross-reference it to a tailored audit programme. Audit Practice Manual The purpose of C6. Proper completion of this schedule is therefore crucial to conducting an audit in compliance with Bangladesh Standards on Auditing BSA. The schedule provides a link between the risks assessed, the controls if any in those areas, the audit approach and the outcome of the work.
Users of the Excel version can simply insert additional rows. When completing the form a summary of the relevant issues in each column should always be given and not simply a cross-reference. In this way C6. Heading Guidance on completion Specific risk Details of the specific risk affecting the client should be recorded here. A risk should be categorised as high where it is so significant as to require special audit consideration in accordance with BSA Risks recorded on this schedule would not normally be categorised as low as specific testing would not normally be undertaken in response to a low risk.
Where a low risk is recorded careful consideration should be given as to whether any specific testing is necessary or whether the risk is properly assessed as low. Management This column should be used to record the management response to each response risk.
This may be in the form of relevant procedures; control activities such as authorisation or reconciliation; or monitoring controls by management. Where it appears that management were not aware of a risk or had ignored it then careful consideration should be given to the design of the audit approach.
Any weaknesses in internal controls identified at this stage should be noted on the draft letter of comment. Details of any internal controls implemented by management should be cross-referenced to the review of the design and implementation of those controls on C5.
Audit Practice Manual Heading Guidance on completion misstatement at the assertion level to an acceptably low level on the basis of substantive testing alone. There is a requirement to review the design and implementation of all controls relevant to the audit and it hard to see how a control referred to on C6. The assertion affected should be expressed in terms specific to the client so it is clear exactly how the risk will impact.
For example, the assertion relating to completeness BSA But, if the risk is that cash sales at a particular location may not have been recorded then the assertion should be worded in those terms. Audit approach The specific work to be undertaken in response to the identified risk should be recorded. This work will normally be additional bespoke tests.
It is not necessary to specify in detail on C6. Where the reference is to one or more of the standard tests then an explanation as to why these are sufficient should be given. Outcome A summary of the outcome of the work referred to above should be given. The key issue here is to record the overall conclusion on the work undertaken and whether the risk has been reduced to an acceptably low level. A cross-reference should be given as to where the detailed results can be found.
The latter point is important as this has an impact on the sampling approach in the APM but also has wider implications for quality control issues such as the need for an engagement quality control review second partner review as part of the firm's procedures under ISQC1: Quality control for firms that perform audits and reviews of historical financial information, and other assurance and related-services engagements. It is not expected that this checklist will be completed every year.
It will be acceptable only to complete the checklist afresh every third year. However, the completed checklist should obviously be reviewed with the client in the intervening years with particular attention paid to areas assessed as high risk or where further information available to the auditor suggests that an area should be reassessed as being higher risk. Heading Guidance on completion Specific risk The first column of the checklist identifies general risk questions. The affecting the client purpose of this column is to translate those general risk questions into a specific risk affecting the client.
How will the audit Where a risk is assessed as medium or high this will normally be carried risk be managed?
Where a risk is assessed as low then this column should explain how that risk would be managed. Once the individual points on the form have been assessed as high, medium or low, the major risk areas must be identified in the 'conclusion' section, and an overall assessment of risk given to the audit. It must be stressed that the overall assessment is not an arithmetic average of the number of high, medium and low points recorded above.
Indeed, any one high-risk item in the section, 'other external factors', may be enough to give an overall high-risk assessment. Conversely, a number of the detailed points may be identified as high risk, but the overall general risk may still be set as medium. This is very much a matter of exercising professional judgment. C7 Preliminary analytical review BSA This applies even where there are no draft accounts available for analysis and comparison but there may be, for 16 Audit Practice Manual example, management accounts.
When undertaking detailed analytical review, it is necessary to set expectations. In setting these expectations, auditors need to establish plausible and predictable relationships relevant to the figures being audited. Often, analytical review is confined to a mere comparison of trends and ratios. This is of limited value as the information is all generated by the client. For stronger analytical review, procedures involve the reconciliation of non-financial to financial data.
It might also be possible to compare external data with internal data. An example of the latter is industry statistics widely available on the web. Where autonomous divisions are operated, these can also be a subject of good analytical review procedures. Proof in total' is the strongest form of analytical review. By breaking down a balance, it is often possible to prove the total of a stratum for example, purchases from a main supplier leaving only the remainder of the population to be substantively sampled.
Having set expectations, it is then necessary to predict the expected outcome. This prediction must then be compared with the actual figures and any material differences enquired into. Explanations given as to any variances must be corroborated, fully documented and the analytical review concluded upon. For those entities with less formal means of controlling and monitoring performance, it may be possible to extract relevant financial information from the accounting system perhaps from the draft financial statements, VAT returns or bank statements.
Discussions with management, focused on identifying significant changes in the business since the prior financial period, may also be useful. In this scenario the auditor should look at whatever records the client has in order to assess if there are any particular changes indicated by the books and records.
For example, if the auditor can see, on looking at the bank statements, that the company appears to be trading at or around its overdraft limit, then this could indicate a potential going concern problem.
Many smaller clients, although not being able to produce full financial accounts for the auditor to audit, may well prepare certain schedules from which the auditor can prepare the accounts.
A potential example of this would be a sales daybook. The auditor could then assess whether or not the sales daybook indicated sales on a seasonal basis were consistent with expectations and previous years.
The client may also have computerised purchase and sales ledgers. These might give the auditor not only balances owed to suppliers and due from customers but also the level of activity. From this information basic ratios can be calculated, such as creditors days and debtors days. If this is not possible at the outset of the job, then the auditor should be looking to calculate 17 Audit Practice Manual key ratios such as stock turnover and debtors days as and when the relevant information becomes available during accounts preparation work.
If the figures and ratios vary significantly from previous periods and this cannot be adequately explained, then the risk assessments relating to that particular area need to be revised wherever necessary. The other form that the analytical review at the planning stage may take is a discussion with the directors of the business as to how they feel the business has performed over the last accounting period.
The auditor will find among his or her clients that the bulk of them has a reasonable idea as to how they have fared in the last 12 months. It is, however, important that the discussion is undertaken close to the year-end so that any relevant events are still fresh in the minds of the directors and management of the entity.
When conducting this discussion with the directors, the auditor needs to ensure that he or she collects as much information as possible in respect of significant changes in the business and the resulting effect on the figures that they would expect to see in this year's accounts.
It may well be sufficient for the auditor to include narrative notes of his or her discussions with the directors as to what their expectations are and what the accounts will show for the year in question.
This actually achieves two things, not only does it help the efficiency and effectiveness of the audit but it will also help client relations if the auditor shows willingness to discuss results with them before his or her work starts. However, the preliminary analytical review still needs to be reviewed on an ongoing basis as detailed audit procedures may result in original ratios being changed as errors are corrected during the audit and other judgmental adjustments are made.
Once the preliminary analytical review is carried out, it will have to be repeated at the final analytical review stage if the figures have changed significantly.
In other cases, the final ratios of the current year should be compared to the preliminary ones, with an explanation being given of changes arising during the course of the audit.
Preliminary analytical review will not always provide audit assurance of itself, but may be used as an introduction to extensive analytical review, which forms part of substantive audit testing. The most important point to note is that a conclusion to the work is required. C8 Materiality summary This is the third of the planning schedules that affects the level of sampling during an audit. Guidance on the various factors which will determine materiality on an individual audit is given in Chapter 6 of these Guidance Notes.
Since this is a planning document, figures for the accounts being audited will on occasions not be available.
Where this is the case the anticipated figures for the current year perhaps 18 Audit Practice Manual based on VAT or sales records and, if appropriate, the figures for the previous years should be used.
The materiality figure established sets the overall materiality to apply to the audit as a whole. This content is available to ACA students. If you want to start the ACA qualification there are several routes you can take.
Gain access to world-leading information resources, guidance and local networks. Skip to content. Continue reading. Find out more Log in. Audit and Assurance Exam resources to help you prepare for your exam.
0コメント