Financial Audit
-
Upload
khangminh22 -
Category
Documents
-
view
1 -
download
0
Transcript of Financial Audit
iCAT:FinancialAudit
Howtoreadthisdocument
TheISSAIComplianceAssessmentTool(iCAT)isdetaileddrilleddowntool,basedentirelyontheISSAIsat
level2andlevel4oftheISSAIframework.ThistoolismeanttoassistSAIsinmappingtheircurrentaudit
practicestoISSAIrequirements,sothattheycanidentifytheirneedsforISSAIimplementation.
This document is divided into seven chapters. The first chapter explains briefly the ISSAIs, the ISSAI
framework and the format of the iCAT. The ISSAI requirements at level 2 of the ISSAI framework are
detailed in Chapter 2. This chapter needs to be readwithAnnexe1. Chapters 3 to 6 contain detailed
guidanceonhowtoassessthecurrentauditpracticeagainsteachISSAIrequirementforfinancialauditat
level 4 of the ISSAI framework. For the purpose of assessing current audit practice, the ISSAI
requirements at level 4 have been categorised as per the stages of a financial audit process. These
chaptersshouldbereadwithAnnexe2thatcontainsall ISSAIrequirementsat level4.Thelastchapter
providesguidanceonwritingareportbasedontheuseoftheiCAT.Thisreportwouldbenecessaryfor
theSAImanagementtoformulateitsstrategyforISSAIimplementation.
Thisisthefirstdraftversionoftheguidancedocument.Itisstillworkinprogress.Yourcomments,
suggestionsandfeedbackwillhelptheprojectteaminfurtherrefiningthistoolandmakingitmore
relevantandusefulforallstakeholders.
iCAT:FinancialAudit
TableofContent:
Chapter Topic Pageno.
1. ImplementingISSAIsandIntroductiontoISSAIComplianceAssessmentTools(iCATs)
4
2. UnderstandingthePrerequisitesforRobustAuditPractices–ISSAIsatlevel2andAscertainStatusonLevel2ISSAIRequirements
20
3. Pre-engagement
29
4. PlanninganAuditofFinancialStatement
44
5. Fieldwork
58
6. ConclusionandReporting
69
7. WritingtheISSAIComplianceAssessmentReport
80
iCAT:FinancialAudit
Chapter1:ImplementingISSAIsandIntroductiontoiCAT
Page4
Chapter1
ImplementingISSAIsandIntroductiontoISSAIComplianceAssessmentTools(iCATs)
Introduction
The International Organization of Supreme Audit Institutions (INTOSAI), the umbrella organization for
the external auditing community, has, since it was founded in 1953, developed and improved public
sectorauditingworldwide.Standards,guidelinesandbestpracticesaredevelopedundertheauspicesof
three of INTOSAI’s standing committees, the Professional Standards Committee (PSC), the Knowledge
SharingCommittee(KSC)andtheCapacityBuildingCommittee(CBC).Theadoptionofacomprehensive
setofInternationalStandardsforSupremeAuditInstitutions(ISSAIs)atthe2010INTOSAICongressgives
INTOSAImembers anupdated frameworkof international standards, guidelines andbestpractices for
public sector auditing. The standards are of significant value for member SAIs as well as providing a
commonframeofreferenceforpublicsectorauditing.In2010INTOSAIidentifiedtheimplementationof
theInternationalStandardsforSupremeAuditInstitutions(ISSAIs)frameworkasakeystrategicpriority
forthecomingyears.
In line with the Lima and Mexico Declarations and recognizing the independence of each individual
INTOSAI member to determine its own approach consistent with national legislation, through the
JohannesburgAccords theXX INCOSAI calledupon INTOSAImembers touse the ISSAI frameworkasa
common frameof reference. InadditionSAIswereencouraged to implement the ISSAIs inaccordance
with their mandate and national legislation and to measure their own performance and auditing
guidanceagainsttheISSAIs.
The implementation of the ISSAI framework is a demanding task that requires attention at global,regionalandcountrylevels.
The INTOSAI Strategic Plan and the ISSAI Rollout Model approved by INTOSAI Governing Board inOctober2011mandatedtheIDIto‘supportISSAIImplementation’.InkeepingwiththismandatetheIDIhas launched a comprehensive capacity development programme called the ISSAI ImplementationInitiative(3iprogramme).
InthischapterwewillprovidebriefinformationontheISSAIFramework,discussstrategicconsiderationsthat an SAI needs to think of in implementing ISSAIs, the process of ISSAI implementation and alsointroduceyoutotheISSAIComplianceAssessmentTool.Inthischapterwewillgetabriefoverviewof
iCAT:FinancialAudit
Chapter1:ImplementingISSAIsandIntroductiontoiCAT
Page5
theISSAIComplianceAssessmentTool(iCAT)intermsofitspurpose,formatandsomebroadprinciplesonhowtousethetool.
ISSAIFramework
INTOSAI issues two sets of professional standards: The International Standards of Supreme AuditInstitutions(ISSAIs)andtheINTOSAIGuidanceforGoodGovernance(INTOSAIGOV).
The ISSAIs and INTOSAI GOVs convey the generally recognized principles and shared professionalexperiencesoftheinternationalcommunityofSupremeAuditInstitutions.AllISSAIsandINTOSAIGOVsaredevelopedandmaintainedinaccordancewiththeDueProcessforINTOSAI’sProfessionalStandardsandissuedafteradecisionoffinalendorsementbyallSupremeAuditInstitutionsatINTO-SAI’scongress(INCOSAI).
TheISSAIsaimtosafeguardindependentandeffectiveauditingandsupportthemembersofINTOSAIinthedevelopmentoftheirownprofessionalapproachonthebasisoftheirspecificmandate.
TheISSAIsformahierarchyofofficialpronouncementswithfourlevels:
Level1-FoundingPrinciples(ISSAI1)
Level1oftheISSAIframeworkcontainsthefoundingprinciplesofINTOSAI.ISSAI1TheLimaDeclarationfrom1977callsfortheestablishmentofeffectiveSupremeAuditInstitutionsandprovideguide-linesonauditingprecepts.ThefullsetofISSAIsdrawandelaborateonthishistoricaldocument.
Level2-PrerequisitesfortheFunctioningofSupremeAuditInstitutions(ISSAIs10-99)
ThePrerequisitesfortheFunctioningofSupremeAudit InstitutionscontainINTOSAI’spronouncementson thenecessarypreconditions for theproper functioningandprofessional conductof SupremeAuditInstitutions. These include principles and guidance on independence, transparency and accountability,ethics and quality control. The prerequisites may concern the institution’s mandate and furtherlegislationaswellastheestablishedproceduresanddailypracticesoftheorganizationanditsstaff.Byissuing pronouncements on these generally accepted prerequisites, INTOSAI aims to advance soundprinciplesfortheeffectivefunctioningofpublicsectorauditingonaninternationallevel.2/2
Level3-FundamentalAuditingPrinciples(ISSAIs100-999)
The PSC Harmonisation Project is drafting new ISSAIs 100, 200, 300 and 400 on Level 3 of the ISSAIframework.Youcanreadmoreabouttheprojectatwww.psc-intosai.org
Level4-AuditingGuidelines(ISSAIs1000-5999)
TheAuditingGuidelines translate the fundamental auditing principles intomore specific, detailed andoperationalguidelinesthatcanbeusedonadailybasisintheconductofauditingtasks.ThepurposeoftheguidelinesistoprovideabasisforthestandardsandmanualsonpublicsectorauditingwhichmaybeappliedbytheindividualmembersofINTOSAI.Eachguidelinehasadefinedscopeofapplicationandmaybeadoptedinfulloradaptedasnecessarytoreflecttheindividualcircumstancesofthejurisdiction.Such
iCAT:FinancialAudit
Chapter1:ImplementingISSAIsandIntroductiontoiCAT
Page6
circumstancesmayincludethelegalmandateandfurtherstrategiesandcapacityoftheSupremeAuditInstitutionaswellas thespecificpurposeandcharacterof theauditassignments.Someof the level4guidelines include specific requirements related to authority. The General auditing guidelines (ISSAIs1000-4999)containtherecommendedrequirementsoffinancial,performanceandcomplianceauditingand provide further guidance to the auditor. They are developed and continuously updated byspecialized subcommitteesanddefine the internationally recognizedbest currentpracticewithin theirgeneral scope of application. The Guidelines on specific subjects (ISSAIs 5000-5999) pro-videsupplementary guidance on specific subjectmatters or other important issueswhichmay require thespecialattentionofSupremeAuditInstitutions.TheseguidelinesexpressthekeylessonsresultingfromthesharingofknowledgeandgoodpracticesamongINTOSAI’sexperts.
WhyshouldanSAIconsiderimplementingISSAIs?
Before any SAI takes on theonerous taskof implementing the ISSAIs, a question thatwould come to
mindis‘whatpossiblebenefitcantheSAIgetfromtakingonsuchaproject’.ItisimportantfortheSAI
topmanagementtoanswerthisquestionandbeconvincedabouttheanswerbeforeplungingintoISSAI
implementation.ThedraftCBCguidanceonImplementingtheISSAIs–StrategicConsiderationsliststhe
followingthreebenefits
Quality -Carryingoutaudits inaccordancewithglobally
accepted standardswill ensure a certain level of quality
andconsistencyinaudits.AllSAIsstrivetoearnthetrust
of citizens and stakeholders alike. Applying
internationally accepted standards in audits is one
important step in the direction of earning this trust. A
high-quality standard will reduce auditor’s risk. The
credibility of all audit organizations is built on the quality achieved in its audits. The use of globally
acceptedstandardswillsimplifybenchmarking,regionalqualityassuranceinitiativesandpeerreviewsas
wellasthesharingofexperiencesinotherways.Usingsimilarauditmethodsindifferentcountriescan
inspireorganizationstocontinuousimprovement.
Credibility - Using globally accepted standards will strengthen the credibility of both the audit
organizationanditsauditors.Externalstakeholderswillgainincreasedconfidenceandtrustinthework
of auditors using globally accepted standards. The results and conclusions of an audit conducted in
accordancewithgloballyacceptedstandardscanstandexternalscrutiny.Thetransparencyprovidedby
using standards well-known to audited organizations and other stakeholders also leads to increased
credibility of the audit results. Increase in credibilitywill help SAIs engagewith their stakeholders for
improvedinstitutionalframeworkandstrongerauditmandates.
iCAT:FinancialAudit
Chapter1:ImplementingISSAIsandIntroductiontoiCAT
Page7
Professionalism-Standardsformthebasisforprofessionalizationofauditorsandauditorganizationsby
providing a structured process for the audit work. Common standards can improve opportunities for
exchange of professional views and experiences across national and sector borders. Joint training
activitiesandsharingexperienceswillbeeasierifauditorsapplythesamesetofprofessionalstandards.
Globallyacceptedstandardsalsoprovideacommonlanguagebetweenpublicandprivatesectorauditors
in areas of similar responsibilities. Applying globally accepted standards will strengthen the audit
professioningeneral.
StrategicConsiderationsinImplementingISSAIs
If an SAI decides to implement ISSAIs, it is recommended that theymay like to thinkof the following
considerations
1. Implementing ISSAIs involves institutional, organisational and professional staff capacity
development – As you have seen above the ISSAI framework operates at both the SAI and the
individual audit level. As such it encompasses not only all functions in an SAI, but also covers the
institutionalframeworkwithinwhichtheSAIoperates.WhileconsideringISSAI implementationthe
SAImanagementwouldneed toput inplace strategies that coverall threeaspects. E.g. if theSAI
management is considering ISSAI compliance in its performance audit function, it would not be
enoughto justtrainSAIstaff inperformanceaudit ISSAIs.TheSAIwouldneedto lookat introduce
changesinitsperformanceauditpracticeatanorganisationallevel.Itwouldneedtoconsiderissues
like appropriatemandate, competent staff, ethical considerations, auditmethodology and quality
control.
2. ISSAI Implementation, Strategic Planning and SAI Capacity Development may not be different
process–WebelievethatimplementingISSAIs,developingandimplementingastrategytoachievea
vision and developing capacity of the SAI are all different aspects of one and same process. It is
important for the SAI leadership to understand and integrate these processes and not to start
separateprocessesthatmayleadtoduplication.
3. RoleofSAILeadership–SAIleadershipneedstoplayadefiningroleinimplementingISSAIs.Creating
a conducive culture and environment, formulating a strategy for implementation, engaging with
internal and external stakeholders and putting in place a robust monitoring and evaluation
mechanismaresomeofthekeyrolesforSAIleadership.
4. Leading and Managing change – One important aspect of ISSAI Implementation is change
management.Asdiscussedearlier,ISSAIimplementationwouldimplyarelookandpossiblechanges
inallareasoffunctioninginanSAI.Thiscancreateuncertainty,fearandresistanceinSAIstaff.The
iCAT:FinancialAudit
Chapter1:ImplementingISSAIsandIntroductiontoiCAT
Page8
SAImanagementandleadershipneedstocarefullyconsidertheimplicationsofchangeandthinkof
measure tomanagechange.Raisingawarenessof ISSAIs,adoptingaparticipatoryapproach to the
implementationprocess, creating champions for ISSAI implementation,providingopportunities for
acquiringrequiredknowledgeandskillscouldbesomeofthechangemanagementstrategiesthatan
SAIemploy.
5. SAI environment - Regardless of whether a SAI decides to implement the ISSAIs for financial,
compliance,orperformanceaudit,theorganisationneedstotakeintoconsiderationbothitsinternal
andexternalconditions.TheimportanceofdifferentconditionsmayvarydependingonwhatISSAIs
are being implemented. However, accounting and financial management systems, access to
necessaryinformation,relationstoparliamentandotherstakeholdersaswellasthecountry’saudit
culture are relevant to all audit tasks. These conditions may provide opportunities or limitations
whichwill influence the implementation of ISSAIs. If the SAI is considering introducing new audit
tasksinaccordancewiththeISSAIs,itisimportanttoensurethattheSAIhastherequiredmandate
and all legal prerequisites are in place. Furthermore, it is important to ensure that there is an
appropriateandfunctioningrecipientofauditresults.Introducingnewauditstandardsandpractices
willnotonlyaffecttheSAI,butalsotheauditedorganizationsandtheparliament.Itisthereforevery
important to consider when and how to communicate with external stakeholders to ensure a
smooth implementationprocess. Informingstakeholdersofthemotivesbehindandbenefitsofthe
introduction of new standards is very important in order to create a supportive environment for
auditsinaccordancewithISSAIs.
6. Stakeholder Expectations – In decidingon the implementationpath tobe followedan SAI should
ascertainandconsidertheexpectationsthatitsclientsandexternalstakeholdershave.
7. Impact of implementation - It is important to differentiate ISSAI requirements that will create a
paradigmshiftintheauditpractice,fromthosethatmightonlyinvolvechangesinsomeprocedures.
8. Resources required – If the ISSAIs are to be implemented and its requirements followed, an SAI
would require considerable resources in terms of funds, systems, people etc.While developing a
strategy the SAI should develop an implementationmatrix where it details its plan for putting in
placetherequiredresources.
ProcessofISSAIImplementation
In our view an ISSAI Implementation Process is the same as a strategic planning process.We would
recommendthefollowingstagesintheimplementationprocess
iCAT:FinancialAudit
Chapter1:ImplementingISSAIsandIntroductiontoiCAT
Page9
Assessing ComplianceNeeds
•ThefirststepforaSAIistoascertainISSAIrequirements,assessthestatusoftheSAIvisavistherequirements,thecausesfornoncomplianceandSAIneedsinordertobecompliant.TheendproductofthisstagewouldbeanISSAIComplianceAssessmentReport.
DevelopISSAIImplementation
Strategy
•BasedontheissuesandcausesidentifiedintheISSAIComplainceAssessmentreport,theSAImanagementshoulddetermineanimplementationstrategythatarticluatesitsvisionandgoalsforISSAIimplementationandthestrategythattheSAIwillemploytoreachthegoals.Abroadbasedparticipatoryapproachisrecommended.
ImplementStrategy
• TheSAIleadershipshouldputinplaceamechanismforimplementingitsstrategy.ItisadvisablethatthismechanismbeintegratedwiththelinefunctionoftheSAIandnotrunparalleltothesefucntions.TheSAIwouldberequiredtodothingsdifferentlyratherthatdifferentthiings.
MonitorandEvaluate&LessonsLearned
•TheSAIneedstohavearegualrmechanismformonitoringimplementationacitivtiesandmanagingimplementationrisks.TheSAIshouldalsoprovideforperiodicevaluationofitsISSAIimplementationefforts.ThelessonslearnedinimplementationwouldhelptheSAIinenhancingitsfutureimplementationefforts.
ReportonPerformance
•TheSAIshouldreportontheextentofitsachievementsinaoverallperformancereporttoitsstakeholders.
iCAT:FinancialAudit
Chapter1:ImplementingISSAIsandIntroductiontoiCAT
Page10
IntroductiontoISSAIComplianceAssessmentTool(iCAT)
Asmentionedintheprevioussection,thefirststepinimplementingISSAIsisassessingtheSAI’spresent
levelofcompliance.Thisisdonebycomparingitsauditpracticestotherequirementsrecommendedby
the ISSAIs. In order to assist the SAIs in assessing their complianceneeds the IDI has developed ISSAI
ComplianceAssessmentTools.AtoolsetoffouriCATshavebeendeveloped.Theyare
1. iCATforLevel2ISSAIs
2. iCATforLevel4FinancialAuditISSAIs
3. iCATforLevel4PerformanceAuditISSAIs
4. iCATforLevel4ComplianceAuditISSAIs
ThepurposeoftheiCATsistopresenttheISSAIrequirementsinasimpleformanddefineaprocessfor
assessingcompliance
iCATFormat
While the individual iCATsmayhave some variation in their formats, depending on the nature of the
level4ISSAIs,alltheiCATShavethefollowingcommoncomponents
ISSAIReference
ISSAIRequirement
StatusofCompliance
Mechanism/InstrumentofCompliance
Reasonsfornoncompliance
This columnreferences theISSAIrequirementtotheISSAI
This columncontains theISSAIrequirementinabriefform.
Three options areavailable for statusofcomplianceMet–Tobeselectedwhen therequirement isentirelymetPartially Met – Thisoption covers theentire gamut fromwhere the SAI hasjust startedimplementation ofthis requirement, ithas some elementsof compliance inplace, it has a largeextentofcompliancein place but is notentirelycomplaint,Not met – The SAI
Inthiscolumnthepersonconducting theiCAT shouldmention thespecificdocument,provision, systemthrough whichthe SAI complieswith the ISSAIrequirement. Thiscolumn will befilled inwhen thestatus ofcomplianceismetorpartiallymet
When the status ofcompliance is notmetor partially met, thereasons for noncompliance should berecorded here. Thiscolumnisimportantindetermining futureimplementationstrategy, which willinvolveaddressing thereasons for noncompliance
iCAT:FinancialAudit
Chapter1:ImplementingISSAIsandIntroductiontoiCAT
Page11
does not complywith therequirementatallNot applicable– Therequirement is notapplicable to the SAIdue the laws andregulations thatgovernit.
GuidingPrinciplesforconductinganiCAT
iCATisnotanevaluationtool–TheiCATsformulatedasapartofthe3iprogrammeaimtohelpSAIsin
understandingISSAIrequirementsandassessingtheirneedsforcomplyingwithISSAIs.TheiCATisthus
formulatedasaneedsassessmenttoolratherthananevaluationtool.
ScopeoftheiCAT-Asapartofthe3iprogrammefour iCATshasbeendeveloped.Level2 ISSAIs iCAT,
FinancialAudit Level4 iCAT,PerformanceAudit Level4 iCAT,ComplianceAudit Level4 iCAT.As faras
possible, it is better to conduct all four iCATs so that a consolidated strategy can be developed for
implementationofISSAIs.However,ifthatisnotfeasibleinanSAI,thenitisrecommendedthattheSAI
conductthelevel2iCATalongwiththelevelfouriCATofthechosenauditstream.Thisisbecause,the
compliancegapsidentifiedatauditlevel(level4)wouldinvariablyhavetheirreasonsattheinstitutional
level(level2).
WhocanconductaniCAT–IftheSAIhasadequatecapacityitcandecidetoconductitsowniCATs.An
SAImayalsoaskforexternalsupportinhelpingitconducttheiCAT.ItisenvisagedthatthepoolofISSAI
facilitatorscreatedasapartof the3iprogrammewillhelptheirownSAIs,aswellasotherSAIs in the
regionsconductiCATs.ForthepurposeofobjectivityanSAImayalsoexercisethechoiceofhavingthe
iCATconductedbyanexternalteamfromtheregion.
iCATteam-WhatevertheapproachtheSAIselects,itisrecommendedthattheiCATbeusedbyateam
andnotasingleperson.FormingacompetentandcredibleneedsiCATteamisthefirststeptobetaken.
The iCAT team should consist of at least one trained ISSAI facilitator. Team members must have
managerial backgrounds so that they have a good organisational overview and necessary influence in
subsequentimplementation.BesidesmemberswhohaveagoodunderstandingofSAIlevelissues(level
2ISSAIs),theteamshouldalsohavememberswhoarewellconversantwiththerelevantauditpractice
asdefinedintheISSAIsandasactuallypracticedintheSAI.
iCAT:FinancialAudit
Chapter1:ImplementingISSAIsandIntroductiontoiCAT
Page12
ParticipatoryApproach-Abroad-basedconsultativeprocessisrecommendedforconductingiCATs.Itis
importantfortheiCATteamtoconsultwithacrosssectionofSAIstaffacrossvariouslevels.Stafffrom
differentlevelsanddifferentareasoftheSAIshouldbeconsultedinthisprocessandtheirviewsshould
begivendueweightiniCAT.Externalstakeholders’viewsandneedsshouldalsobetakenintoaccount.
The involvement ranges from providing information or opinion to having an integral part on making
decisionsonneedsandpriorities.Themorepeoplefeeltheyareinvolved,thegreatertheownershipand
thuseffectivenessoftheresults.IftheSAImanagementisabletofacilitateownershipfortheprocessat
theiCATstageitself,thesubsequentstagesofdevelopingandimplementinganISSAIstrategywillhave
greateracceptanceintheSAI.
Top and senior management support – The success of the iCAT is highly dependent on the level of
commitmentathigh levels intheSAI.TheSAImanagementshould insistonknowingthesituationand
the needs as they are. The SAImanagement should also ensure that the iCAT team has the required
resourcestoconducttheiCAT.
Documentation – The iCAT team should systematically document all the working papers and the
evidencethat itgenerates infillingouttheiCATformat.Besideshelpingtheteaminlatercompilingits
ISSAIComplianceAssessmentReport,documentationwillalsobehelpfulinillustratingthefindingofthe
iCATtotheSAImanagementandhelpfutureiCATteamsinconductingsimilarexercises.
ProcessofconductinganiCAT
Planning the
iCAT–Likeany
other project,
conductinganiCATwouldrequireresourcesintermsoffinancialresources,infrastructure,time,people
etc.ItisrecommendedthattheiCATteamprepareanactionplandetailingthemilestones,theresource
requirementandtherisksattachedtotheachievementofeachmilestone.
Usevarietyofdatagathering tools– Inorder togatherdata to fill in the iCAT format the iCAT team
shoulduseavarietyofdatagatheringtoolslikefocusgroups,interviews,documentreview,surveyand
physical observation. It is important that the tool used is appropriate for gathering valid and relevant
information forassessing compliance. Forexample if the ISSAI facilitatorwants to check theextent to
whichapolicy isactually implemented, interviewingpeoplemaynotbeenough,he/shewouldhaveto
PlanningtheiCAT
Gatheringdatatofillintheformat
WritingISSAIComplianceAssessment
Report
iCAT:FinancialAudit
Chapter1:ImplementingISSAIsandIntroductiontoiCAT
Page13
review documentation supporting implementation. A table listing the pros and cons of each tool is
attachedasAnnexe1.
WritingtheISSAIComplianceAssessmentReport–TheendproductofaniCATistheISSAICompliance
assessment report. The format of this report and guiding principles while writing this report are
containedinthelastchapter.
iCAT:FinancialAudit
Chapter1:ImplementingISSAIsandIntroductiontoiCAT
Page14
Annexe1
ThefollowingfivetoolscanbeusedforgatheringdatatofilltheiCATformat.Theseare:
Document review: Process to gather/organise information contained in various documents to
achievepre-definedobjectives.
Interview: Data and information collection procedure in the form of a carefully planned set of
questionsthatisaskedthroughaconversationtoobtainin-depthideasandperceptionsonatopic
ofinterest
Focus group: Group of interacting individuals having some common interest or characteristics,
brought together by a facilitator, who uses the group and its interaction as a way to gain
informationaboutaspecificorfocusedissue.Discussionmethodcentresonkeylimitedquestions
Physical observation: Site visit by observers who record what they see/hear on site, using a
checklist
Survey: systematic process that uses standardised questionnaires to obtain information from a
largenumberofrespondents
Thisdocumentlistsvariousaspectsofthesetoolsinatable.
iCAT:FinancialAudit
Chapter1:ImplementingISSAIsandIntroductiontoiCAT
Page15
Tools Purpose Skillsrequired Target Whentoconduct
Howtoconduct/Steps
Strengths Limitations
Documen
tReview
• UnderstandfunctioningofSAI• UnderstandenvironmentalforcesinfluencinganSAI• Identifyareasoffocus• Identifyinformationtobegathered• Validategatheredinformation• Findweaknesses/theircauses
• Languageproficiency• Abilitytoassimilatelargeamountsofinformation• Speedreading• Structured/systematicapproach• Analysis,evaluation,synthesis• Subjectmatterknowledge• Writingskills
• Initialreview-attheverybeginningofplanning• Continuousprocessas/whenneed/opportunityarises
1. Input2. Proces
sing3. Outpu
t
• ProvidesoverviewofSAI,itsactivitiesandtheenvironmentinwhichitoperates.• Allowstoreducevolumeofinformationtobeprobed• Canbeacrediblesourceofinformation
• Timeconsuming• Difficulttofindaskilfulperson• Lackofrelevantwrittenmaterialsoravailabilityoftoomanydocuments• Documentsmaynotmatchwithactualsituation
iCAT:FinancialAudit
Chapter1:ImplementingISSAIsandIntroductiontoiCAT
Page16
Tools Purpose Skillsrequired Target Whentoconduct
Howtoconduct/Steps
Strengths Limitations
Interview
Toobtainviews/opinionsoftheintervieweeondevelopmentneedsoftheSAI,suchas;• Keyresultareas• Challengestobeaddressed• Capacitybuildingstrategies• Supportrequired• etc.
• Languagefluency• Listeningskills• Goodobservationskills• Discussionleadingskills• Timemanagementskills• Abilitytoremainneutral• Goodwritingskills• Abilitytotakenotesquickly• Analyticalandsynthesisingskills• Knowledgeandexperienceonthesubject
Dependsontheinterviewpurpose:• FromwithinSAI• Fromamongexternalstakeholders
• AfterobtaininganunderstandingoftheSAI• Aftersurvey/documentreview
1. Planning
2. Conducting
3. Concluding
4. Documenting
• Providesflexibilitytoexplorenewideas/issues• Facilitatesexpressionofdiverseopinions/ideas• Allowsrespondenttoelaborate• Allowsprobing/clarification• Facilitatescommonunderstanding• Providesopportunitytoobtainsensitive/confidentialinformation• Providesopportunitytoobtaininformationfromnon-verbalcommunication
• Notappropriateforquantitativedata• Riskofgatheringunreliableinformation• Informationprovidedmaynotberepresentative• Susceptibletointerviewerbias• Difficulttoprovefindings• Noteasytoquantify/analyseinformationgathered• Canbetime-consuming
iCAT:FinancialAudit
Chapter1:ImplementingISSAIsandIntroductiontoiCAT
Page17
Tools Purpose Skillsrequired Target Whentoconduct
Howtoconduct/Steps
Strengths Limitations
FocusG
roup
• Togainaninsightintocertainissuesthrougha‘groupthinking’process
Knowledge:
• Groupinteractionanddynamics• Topicsofdiscussion
Skills:
• Activelistening/effectivesummarising• Askingquestions• Givingfeedback• Observingbehaviours• Focusingattention• Leadingdiscussions• Stimulatingandsustaininginterest
Attitudes:
• Empathy• Acceptance• Flexibility• Notdogmatic,opinionated,rigid,orauthoritarian• Dealingwithanotherpersonathis/herpace• Objectivityandimpartiality• Freedominexpressingideasandopinions• Displayingfaithandtrustinthegroup
• Composedofpeoplewhohavesomethingincommononsomespecifiedcriteriaofinterest• LevelofhomogeneitydependsonpurposeofFG• Notmorethan12ifdiscussionsinplenary• Asmanyas30ifdiscussionswillbeheldinsub-groups
AtanystageoftheNAprocess:• beforeothertoolsareused• Inpreparationforothertools• Afterhavinggathereddata
BeforeFocusGroup:• Definepurpose• Specifyparticipants• Developquestions• Checkthesettings
During
Focus
Group:
• Settheenvironment• Setexpectations• Askquestionsandgetresponses• Encouragefullparticipation• Keepthegroupontrack• Summarizeandclosethesession
After
Focus
Group:
• Makeconclusi
• Groupthinkingprocesscanenrichideasofindividualparticipants/qualityofdiscussions.• Caninteractdirectlywithparticipants(allowclarification,follow-upquestions,probing)• Cangaininformationfromnon-verbalresponsestosupplementverbalresponses.• Veryflexible
• Difficulttobringeveryonetogether• Requiresfinancialandmaterialresources• Limitedabilitytogeneralisetolargerpopulations• Maybiasresultsbyprovidingcuesaboutwhattypesofresponsesaredesirable• Resultsmaybebiasedbydominant/opinionatedmember• Dataanalysisisoftencomplexandtime-consuming
iCAT:FinancialAudit
Chapter1:ImplementingISSAIsandIntroductiontoiCAT
Page18
Tools Purpose Skillsrequired Target Whentoconduct
Howtoconduct/Steps
Strengths Limitations
PhysicalObservatio
n
• Toverify/appraiseSAI’sinfrastructure,technologyandsupportservices• Tocheckexistenceofdocuments• Tohavemoreconfidence,accuracy,reliabilityandvalidityoftheresultsofpriorNAtoolsused
• Atleasttwoobserverstomaximiseobjectivity• Observersnotworkingatthesitetoensureimpartial/externalviewpoint• Experiencedobserversonthesubjecttoenhanceappraisalsandcredibility
• Physicalinfrastructure(premises,offices,facilities,utilities)• Peopleworkingonsite,theirinteraction,• Interpersonalrelations• Workclimate• Stakeholdersrelations
• Aspreliminarytaskbeforeinterviews/documentreviews• AsvalidatingtooltoconfirmresultsofpriorNAtools.
1. Planning
2. Conducting
3. Concluding
4. Documenting
• Revealsrealconditionsofnaturalsettings• Timesavingtool• Providesquickappraisaloftheconditions/thingsorpeople• Requiresnoexpertisewhenanalysingtheresults
• Notrelevantforgeneralisation• Observerbias• Mayaffectbehavioursandreducereliabilityofresults
iCAT:FinancialAudit
Chapter1:ImplementingISSAIsandIntroductiontoiCAT
Page19
Tools Purpose Skillsrequired Target Whentoconduct
Howtoconduct/Steps
Strengths Limitations
Survey
• ToobtainfeedbackonSAIenvironment• TogatherinformationonSAIstructures,operationalframeworks,andemployees
• Formulatingquestions• Analyticalskills• Abilitytosynthesize• Dataanalysisskills• Subjectmatterknowledge
Dependsonfocusarea:• ForHR:employeesatalllevels• Forexternalstakeholderrelations:externalstakeholders• Forauditmethodologyandstandards:fieldauditorsandsenior/middlemanagement• etc.
• AtthebeginningofNAtogainoverallunderstandingofSAI’soperations• Atalaterstagetofocusonspecificareas• Whereinformationisrequiredfromawiderangeofgeographicallydispersedemployees• Whenintentionistoarriveataggregatedquantifiedinformation
1. Developingthesurvey
2. Implementingthesurvey
3. Dataentry
4. Dataanalysis
5. Recordingresults
• Informationcanbeobtainedfromalargenumberofrespondents• Widerangeofinformationcanbecollectedatonetime• Consistencyofdata• Easytoadminister• Costeffective
• Dependentonrespondents’motivation,memory,abilitytorespondeffectively• Respondentsnotmotivatedtoaccuratelyanswer,butpresentthemselvesinfavourablelight• Doesn’tfacilitatein-depthexaminationofcauses• Errorsduetononresponsemayexist• Couldhavesubjectiveresponses• Canbetimeconsuming• Doesn’tallowprobingformoredetailedinformation
InthenextchapterwewilldiscussabouttheLevel2ISSAIrequirements.Theserequirementsarethebasicpre-requisitesforrobustauditpracticesintheSAI.
iCAT:FinancialAudit
Chapter2:UnderstandingthePrerequisitesforRobustAuditPractices–level2ISSAIsandAscertainStatusonLevel2ISSAIRequirements
Page20
Chapter2
UnderstandingthePrerequisitesforRobustAuditPractices–level2ISSAIsandAscertainStatusonLevel2ISSAIRequirements
Introduction
As mentioned in the previous chapter the ISSAI framework is a very comprehensive framework thatarticulatesboth–thenatureofrobustauditpracticesinanSAIandthekeydriversat institutionalandSAI level that need to be in place for implementation of robust audit practices on a consistent basis.WhilethenatureandrequirementsforrobustauditpracticesareoutlinedinLevel3andLevel4ISSAIs,thekeydriversandprerequisitesforthesearehighlightedatlevel1andlevel2oftheISSAIFramework.
Assuchbeforegoingintothedetailsofimplementinglevel4ISSAIs,weneedtolookatthelevel2ISSAIsandunderstandtheir impactonLevel4 implementation issues.Forthepurposeofclarityandprocess,thischapterisdividedintotwoparts:
Part1–UnderstandingthePrerequisitesforRobustAuditPractices
Part2–AscertainstatusonLevel2Requirements.
Forunderstandingoflevel2ISSAIspart1canbeused.FromChapter3toChapter6level4iCATguidanceisdiscussed.Please consider that, status Level 2 requirementsof an SAIwill beascertainedonly afterchecking the Level 4 requirements (by following the guidance from Chapter 3 to 6). Though Level 2guidanceismentionedinChapter2,pleasecomebacktothischapteraftercompletingChapter3to6onLevel 4. At the endof the twoparts youwould be able to identify your SAIs needs regarding Level 2requirementsandalso link thegaps in Level2 requirements to thegaps in implementing level4 ISSAIrequirementswhichyouwillbeabletofindwhilegoingthroughChapter3to6.
Part1UnderstandingthePrerequisitesforRobustAuditPractices
Whatdoesa SAIneed forputting inplacewell functioningauditpractices that generatevalue for SAIstakeholders?AspertheISSAIsanSAIwould need the following fourprerequisites
These four prerequisites are the fourmain ISSAIs level2 ISSAIs thatwewilllook at.- ISSAI 10, 20, 30 and 40. Inrecent years SAIs have beenincreasingly expected to demonstratetheir own value and benefit to theirstakeholders. This has resulted in anumber of initiatives at the INTOSAI
ISSAILevel4RobustAuditPractices
ISSAI10Independence &LegalFramework
ISSAI30CodeofEthics
ISSAI20Accountability&TransparencyMechanisms
ISSAI40QualityControl
iCAT:FinancialAudit
Chapter2:UnderstandingthePrerequisitesforRobustAuditPractices–level2ISSAIsandAscertainStatusonLevel2ISSAIRequirements
Page21
levelthathavecentredaroundtheSAIatastrategiclevel.Suchinitiativesinclude:
• Mexicodeclaration (now incorporated in ISSAI10withexamples in ISSAI11) – lookingat therolesandresponsibilitiesofSAIs
• PrinciplesofTransparencyandAccountabilityofSAI (ISSAI20andexamplesprovided in ISSAI21)– lookingat fundamental goodprinciplesofhowanSAI shouldperform its functionsandwhattypeoffunctionsitshouldperform.
• CodeofEthics(ISSAI30)–providingaframeworkforensuringSAIbehaveatthehighestlevelofcredibility
• Quality Assurance (ISSAI 40) looking at the critical ingredients required to make a SAI meetstandardsrequiredtoaddcredibilitytoanyresultsorreportspublishedbytheSAIs.
The above documents form the basis for level 2 of the ISSAI framework and the participant shouldfamiliarizethemselveswiththedocuments.
The level 2 framework is also supported by a number of other publications and initiatives aimed atsupportingSAIs.Someofthesethatareimportantfortheparticipantsinclude:
• IDICapacitybuildinginitiativesandframeworks-thisprovidesamechanismforassistingSAIinidentifyingtheirneedstoachievethedevelopmentsrequiredtoperformtheirtaskswithintheISSAIframework.
• SAIPerformanceManagementFramework–thisprovidesaframeworkforreportingtheresultsoftheSAIandmeasuringitsimprovementovertime.(version2.0ofthisdocumentisavailableonwww.idi.no)
• SAIvalueandbenefits–thiswasthetheme1paperfromINCOSAIXXanditsummarizesalltheaspectsofdemonstratinghowSAIcanshowtheirvaluetotheirstakeholders.ItisintendedthatthedocumentwouldbeincorporatedintotheISSAIframework.
Therearenumerousotherdocumentsavailablearoundthistopic;howevertheoneslistedaboveprovideasufficientoverview.
TheISSAIsatlevel2requirecapacitydevelopmentofanSAIinallthreeareas
1. InstitutionalCapacityDevelopment2. OrganisationalSystemsCapacityDevelopment3. ProfessionalStaffCapacityDevelopment
Institutional capacity of an SAI refers to the SAI having the appropriate Independence and LegalFramework,mandateandenvironmenttocarryoutitscorebusinessfunctionseffectively.OrganisationalCapacityreferstotheinternalsystemsandprocessofaSAIandprofessionalstaffcapacityreferstoSAIpeopleandtheirabilitytocarryouttheirrolesprofessionally.
In order to have robust audit practices as described by level 4 ISSAIs, a SAI would need all threecapacities – Independence and Legal Framework, appropriate internal processes and structures andsufficient number of qualified people. The IDI’s Capacity Building Framework shown explains therelationshipbetweentherequirementsoflevel2ISSAIsandthethreeaspectsofcapacitybuilding.
iCAT:FinancialAudit
Chapter2:UnderstandingthePrerequisitesforRobustAuditPractices–level2ISSAIsandAscertainStatusonLevel2ISSAIRequirements
Page22
ThecapacitybuildingframeworkattemptstoshowapictureofboththecapacitiesthataSAImusthaveand the performance that the SAI must deliver to generate value for its stakeholders. For a SAI tocontribute to good governance, it needs to have required audit impact. In order to achieve the auditimpact the SAImust havehighquality audit outputs. These audit outputs are a result of robust auditpractices (ISSAI Level 4) or ‘SAI Core Processes’ as they are referred to in the capacity buildingframework. The key drivers of robust audit practices within the SAI are SAI Leadership and internalgovernance mechanism, SAI resources and SAI external stakeholder relations (Parliament, Executive,Media, Civil Society etc). It is the SAI leadership’s role to ensure that the governance mechanism(includingimplementationofcodeofethics),requiredresourcesandstakeholderrelationsareinplace.AcriticalfactoroutsidetheSAIthatcanhamperorhelptheSAI’sperformanceandeffectivenessistheSAI independenceandlegalframeworkandthegeneralpublicfinancialmanagementenvironmentthattheSAIoperatesin.
SAILeadershipdrivestheperformanceandcapacitybuildinginitiativesoftheSAI.TheleadersintheSAI
needtosetthetoneandtenorfordetermininghowthingswillbedoneintheSAI.TheSAIasawhole
also should set an example in good governance to be emulated by the audited entities. As such the
leadership should ensure good SAI governance in terms of its planning, code of ethics and conduct,
accountability&transparency,internalcontrolsandcontinuousimprovement.TheSAIleadershipwillbe
considerablyeffectiveinitsinternalgovernanceeffortsiftheyhaveinplacearobustandvibrantinternal
communicationmechanism.
ThiselementisthekeydrivertoensurethattheSAImakesthemostofwhatiswithinitscontrolthroughamongst others, effective strategic and operational planning. The category of managementarrangementshasbeenusedtoidentifythesekeydrivers.Thiselementthenbecomesthedriverfortheothersubelementsof:
iCAT:FinancialAudit
Chapter2:UnderstandingthePrerequisitesforRobustAuditPractices–level2ISSAIsandAscertainStatusonLevel2ISSAIRequirements
Page23
• Humanresources• Supportstructuresandinfrastructure
These two elements are taken as sub elements of the leadership and internal governance. As oftendeficiencies or areas for improvement in these areas require senior management intervention, forexample,identifyingandrunningtrainingprograms.
SAICoreProcessesconsistof:
• Auditstandards(aselaboratedintheISSAIFramework)• Auditmanualsandguidance• Auditplansshorttermandlongterm• Audittoolssuchascomputerassistedaudittechniques• Qualityassurance
AlltheseaspectsareaimedatensuringthatprofessionalandconsistentauditproductsaredeliveredbySAIs on a sustainable basis. The critical aspects are to ensure that the processes and intentions arereflected in the practice of the SAI and are not simply documents produced but not followed by theauditors.
ExternalStakeholderscanbeseenfromtwodistinctperspectives,namely:
• Reportingtostakeholders• Communicationwithstakeholders
Reporting is often a combination of what is mandated and what may be good practice. This oftenincludesreportstoparliamentandtotheauditedentities.SAIareoftenalsoexpectedtoproducereportson their own performance. SAI annual report or equivalent provides an opportunity for the SAI todocumentitsachievementsaswellastheresultsfromtheauditsconducted.
IntermsofcommunicationwithstakeholdersSAIshaveaveryimportantroleindealingwithlegislatures,mediaandauditedentity.OftenenhancingtheprofileandimageoftheSAIcanimproveitseffectivenessincarryingoutitsauditsthroughimprovedcooperation.
ForexampleifanSAIwheretoconsiderimplementingLevel4ISSAIinPerformanceaudititwouldneedanappropriatemandatetodoso,strongsupporting institutionalstructures i.e.awell functioningPAC.Leadershipthatdrivestheimplementationprocessandputsinplacenecessarysystemsandstructurestoensure implementation, qualified people and adequate resources and good relations with importantstakeholders.
AssuchimplementingISSAIsandbuildingcapacityofaSAIareinactualfactoneandthesameprocess.!
Seeingthismatch,wehavetriedtocategorisetheISSAIrequirementsat level2intothefollowingfourcategoriesandsubcategories
iCAT:FinancialAudit
Chapter2:UnderstandingthePrerequisitesforRobustAuditPractices–level2ISSAIsandAscertainStatusonLevel2ISSAIRequirements
Page24
The first category refers to the institutional capacityof the SAI anddescribes the requirementsunderISSAI10.ThesecondcategoryreferstotheorganizationalandprofessionalstaffcapacityoftheSAIthatisdrivenbySAIleadership.AcombinationofLevel2ISSAIrequirementsareplacedunderthiscategory.The third category refers to SAI coreprocesses,whichare theSAI level requirements specific toauditprocesses. The fourth category refers to external stakeholder relations both in terms of reportingrequirementsandcommunicatingwithstakeholdersforauditeffectivenessandimpact.
Thelevel2ISSAIrequirementsplacedunderthesefourcategoriescanbeseenintheexcelsheetcalledISSAILevel2Requirements.
Part2ofthischapterdescribestherequirementsandhowtoassessneedsrelatedtotherequirements.Whilewewould recommend that you read through thePart 2 now, the actual collectionof data andfillinginoftheformatshouldbedoneafteryouhavecompletedtheiCATformatforlevel4.
Independence&Legal
Framework
Leadership&InternalGovernance•Codeofethics•ManagementArrangements•Resources
SAICoreProcesses
ExternalStakeholderRelations•ReportingPractices•Communication
iCAT:FinancialAudit
Chapter2:UnderstandingthePrerequisitesforRobustAuditPractices–level2ISSAIsandAscertainStatusonLevel2ISSAIRequirements
Page25
Part2–AscertainStatusonLevel2ISSAIRequirements
The ISSAI framework is a very comprehensive framework that articulates the nature of robust auditpractices inanSAIaswell as thekeydriversat institutionalandSAI level thatneed tobe inplace forimplementationofrobustauditpracticesonaconsistentbasis.ThenatureandrequirementsforrobustauditpracticesareoutlinedinLevel3andLevel4ISSAIs,andthekeydriversandprerequisitesforthesearehighlightedatlevel1andlevel2oftheISSAIFramework.
Inpart1wehavementionedthatbeforegoingintothedetailsofimplementinglevel4ISSAIs,weneedtolookatthelevel2ISSAIsandunderstandtheirimpactonLevel4implementationissues.FromChapter3 to Chapter 6 you will conduct the check for the Level 4 ISSAIs. You will ascertain the status ofcompliance at Level 4 in these four modules. You will also identify what are the reasons for non-complianceoftherequirementsatLevel4intheChapter3to6.
You will see that the reasons for non-compliance lies at the issues which actually the drivers orprerequisitesforLevel4ISSAIs.TheseareallhighlightedatLevel2ISSAIs.SoitisclearthatatLevel2onastrategiclevelSAIscantakemeasuresthatwouldsolvetheissuesofnon-complianceattheLevel4.InthischapteryouwilllookintothislinkagebetweenLevel2andLevel4ISSAIs,alsohowthegapsinLevel2requirements linedtothegaps in implementing level4 ISSAIrequirements.BasedonyoufindingsatLevel2andLevel4youwillwritetheISSAIComplianceAssessmentReport.
1. AscertainthestatusofLevel2ISSAIrequirements
Beforeascertainingthestatusoflevel2ISSAIrequirementsyouwouldhavedonethefollowingactivities:
• Understoodlevel2ISSAIrequirementsinChapter2• CompletedtheiCATformatforlevel4inChapter3toChapter6
OnthisbasiswewillnowproceedtodiscusshowtoidentifySAIneedsandascertainthestatusatlevel2.Thisstepintheprocesswillalsohelpyouinconsolidatingyourfindingsonlevel4ISSAIsparticularlythereasonfornon-compliancewhichisrelatedtotheLevel2ISSAIsandcreatethelinkagebetweenthetwolevelsofISSAIs.BasedonthiswewillpreparetheISSAIComplianceAssessmentReport.
4.1HowtocompletetheLevel2ISSAIRequirements
AswehavementionedinChapter2theiCATforLevel2containsalltherequirementsfromtheISSAI10-40.Alltheserequirementshavebeengroupedunderfollowingmajorcategories:
• Independenceandlegalframework• Leadershipandinternalgovernance
o Codeofethicso Managementarrangementso Resources
• SAIcoreprocesses
iCAT:FinancialAudit
Chapter2:UnderstandingthePrerequisitesforRobustAuditPractices–level2ISSAIsandAscertainStatusonLevel2ISSAIRequirements
Page26
• ExternalStakeholdero Reportingpracticeso Communication
In the following sectionswewill discusshow the columnsof the individual ISSAI requirements canbefilledinstepbystep.
Step1-CompletingColumns5and6ofLevel2ISSAIrequirement
Aftercompletionoflevel4oftheiCAT:
• workshopshouldbeheldwithrelevantseniormanagementtodiscussthefindingsonlevel4• Thepurposeoftheworkshopisforseniormanagementtoassignlevel4findingstotheirspecific
requirementswithinthelevel2ISSAIrequirements.
When completing the level 2 ISSAI requirement the participant should understand the relationshipbetween levels2 and4of the ISSAI Framework. Level 2provides the strategicdirectionand level 4 isaimedatthedetailsofauditpracticeswhenimplementingthestrategicaspects.
Therearethreepossibleresultstobeenteredintocolumn4SAIStatus,namely:
1. Fullcompliance–wherelevel2andlevel4requirementsaremet2. Partial Compliance – where level 2 requirements aremet but the implementation on
level4hasnotbeenachieved.(exampleprovidedbelow)orwhererequirementsaremetat level 4 and not at level 2 (This is highly possible for instance Principle 8, ISSAI 20requires that “The SAI reports are available and understandable to the wide publicthroughvariousmeans(e.g.summaries,graphics,videopresentations,pressreleases)”.While,attheSAIleveltheremaynotbesucharequirement,somefieldofficesmaybringoutsummaryoftheirperformanceauditreportsandissuepressreleasesaftertablingofaPerformanceAuditReport and satisfy ISSAI 3100, Section35onmakingaudit reporteasilyaccessibletogeneralpublic).Anotherreal-lifeexamplethatwasquotedbyseveralparticipantsoniCATrelatingtodisclosureofthesourceofdataintheauditreportisthatwhile there isnosuchrequirement in their standards todisclosesourceofdata, ithasbeenfollowedintheperformanceauditengagementsreviewedbythem.
3. Noncompliance–whererequirementsonlevel2and4arenotmet
ExampleofPartialCompliance:
If the SAI has no individual declaration of interests for each audit, but the SAI has an organizationalpolicy.ThenthiswouldbereflectedintheiCATasfollows:
• Withincolumn4theSAIstatuswouldbepartiallyimplemented• Within column 5 the entry should be that there is a finding with regard to “no individual
declarationintheauditfiles”fortherequirementsunderISSAI30paragraph13.
Column6shouldbeusedtostatewhatactionneedstobetakenandwithinwhattimeframe.
iCAT:FinancialAudit
Chapter2:UnderstandingthePrerequisitesforRobustAuditPractices–level2ISSAIsandAscertainStatusonLevel2ISSAIRequirements
Page27
Information gathered in Column 6 can then be used to complete the ISSAI Compliance AssessmentReport.
Step2-CompletingColumns3and4ofLevel2ISSAIrequirement
i. Independence and Legal Framework
ThissectionlargelydealswithISSAI10whichaspreviouslystatedlinkstotheMexicoDeclaration. TheISSAIrequirementscan largelybe linked inmost jurisdictionstotheenabling legislationoftheSAI (SAIlaw).Mostoftheaspectsshouldbereadilyidentifiablefromthelaw.FurtherenquiriesfromtheHeadoftheSAItoclarifyuncertaintiesmaybeuseful.
It is important tosimply identify theresponsibilitiesandnotnecessarily toassess the implementation.ForexampleifaSAIcan“selecttheauditissues”butinpracticeisnotdoingsothisshouldbeincludedincolumn4(SAIstatus)aspartiallycomplying.TheremaybereferencestotheSAIsinotherlegislation,forexample,relatingtotheSAIbudget(principle8ISSAI10).Intheseinstancestheparticipantmayneedtobeawareofsuchdocumentsandreferencethemincolumn3oftheiCAT.
ii. Leadership and Internal Governance
CodeofEthics
ThissectionlargelydealswiththeISSAI30CodeofEthics.InmanySAIsthisiscoveredthroughpoliciesattheentitylevelaswellasthroughdeclarationsmadeineachauditengagement.Theparticipantshouldobtainthesedocumentsandassesswhattypeofcomplianceisexpectedbythestaff(forexampleannualdeclarationsofincomeandassets).
If there is anabsenceof compliance tools suchasannualdeclarations thesewill behighlighted in thelevel4assessmentandwillbeincludedincolumns5and6oftheiCAT.
ManagementArrangements
This section takes fundamental aspects of the SAI leadership and internal arrangements at a strategiclevel.Thissectionwillgiverisetotheimportantelementsthatincludestrategicplanningandthereforeprioritization for future decisionmaking.Whatever the SAI is deciding to domust be communicatedthroughthisareaandthereforerepresentsafundamentalareawheremanyimprovementsatlevel4oftheframeworkwillbemanaged.
Thissectionshouldbecompletedthroughreviewsofstrategies,businessplansandotherkeystrategicdocumentationincludingperformancemanagementpolicies,qualityassurancepoliciesandrecruitmentplans.
Resources
This aspect of the internal governance and leadership follows directly from the managementarrangements.This is theassessmentof the requirementsof theSAIandshouldbe identified throughreviews and studies and be included in key policies and strategies. Therefore operational documentssuchasannualworkplansanddelegationsshouldbereviewed.
iCAT:FinancialAudit
Chapter2:UnderstandingthePrerequisitesforRobustAuditPractices–level2ISSAIsandAscertainStatusonLevel2ISSAIRequirements
Page28
Responses to this section should also relate to themanagement arrangementswhen considering thelevel 4 gaps. For example, issues regarding ISSAI 40 element 4 “ensuring staff have competencies tocarryouttheirwork”canbe linkedtothe itemunder managementarrangementsprinciple6 ISSAI20“the SAI measures the efficiency and effectiveness with which it uses its funds”. When completingcolumns5and6oftheiCATtheserelationshipswillbeanalyzedtoensurethattheactionplansareaspracticalaspossible.
iii. SAICoreProcesses
ThisareaoftheLevel2ISSAIrequirementsismainlyconcernedwiththeISSAI40QualityAssurance.Forthe SAI tomeet the requirements of level of the framework a numberof factors are required fromatechnicalperspective.Theseinclude:
• Auditreporting• Followuponauditfindings• Methodology• AuditingStandards
Alltheaboveneedtobeinplacetoensurethattheauditrisk(therisktheauditorreachesanincorrectconclusion)isminimized.Toassesstherequirements, itwillbeadvisabletoscheduleaninterviewwiththe person responsible for quality assurance and control in the SAI.Many of the practices should bedocumentedin instructionsthroughmanualsand/orcirculars.TheseshouldbeassessediftheyincludetheelementsstatedintheLevel2ISSAIRequirements.Ifthepracticeisstatedindocumentationandnotfollowed:atthisstagesimplystateundercolumn4thatthereispartialcompliance(tobeconsistentwiththe viewespousedat Step2 i. Independence and Legal Framework). When the level 4 assessment isundertakenthiswillidentifytheproblemoftheimplementation.
iv. ExternalStakeholder
ReportingPractices
This section lists all the reporting requirements identified in level 2 of the framework. There are 18requirements.ThisrepresentsalargeexpectationonSAIstoreportontheiractivitiesandresults.Manyof these reports can be included in a single SAI annual report for example. The participant shouldtherefore obtain all external correspondences that the SAI issues and assess them against the 18requirements.
ExternalStakeholderRelations
This section assesses the SAI relationship with its primary stakeholders. This can include: legislature,parliaments and special committees of parliament. The SAI may include this information in acommunicationstrategyandoftenhaveaspokespersonoranofficedirectly linkedto theHeadof theSAI.Itisadvisabletointerviewtherelevantpersonnelandobtainthenecessaryprotocols,strategiesandpolicies.Fromnextchapterguidanceonlevel4ISSAIsforFinancialaudit iselaborated.Guidancefor irststepofthe Financial audit process is Pre engagement and relevant ISSAIs is described in chapter 3.
iCAT:FinancialAudit
Chapter3:Preengagement
Page29
Chapter3
Pre-engagement
Introduction
ThischapterisrequiredtoensurethatthefacilitatoridentifiesthepreconditionsforenablingtheSAItoimplementlevel4ofISSAIframeworkoffinancialauditing.ItisimportantthatthefacilitatorunderstandstherequirementsexpectedwithinaSAIenvironmentbeforeconsideringanyspecificaudit.TheseaspectsincludefactorswhichrequiredecisionsthatareconsistentwithSAIpoliciesasdiscussedonlevel2.Inthischapterspecificreferencestopoliciesandareasforconsiderationarehighlightedfortheappropriatefoundationtobeputinplacebeforeanauditcommences.
Section1providesanoverviewofthefinancialauditprocessasisexplainedinthestandards.Section2highlightsalltheareaswheretherequirementswithintheiCATarecontained.Section3-6providesemphasistothemostimportantelementsofpre-engagement.
1. OverviewofthefinancialauditprocessandtheexpectationoftheISSAIfacilitator
1.1FinancialAuditProcess:
Figure1belowprovidesanunderstandingoftheauditprocess.Itisessentialtounderstandthattheauditprocessisnotsimplyaonewayprocessfromplanningthroughtoreporting.Reconsiderationofthecriticalaspectsoftheauditprocessiscontinuallyinneedofre-evaluation.Thisisreflectedinthefeedbackloopsinthefigurebelow.Forexample,whenevaluatingtheresultsfromtheauditfieldwork,theassumptionsmadeintheplanningregardingmaterialmisstatementmaybeincorrect.Inthissituationtheauditorisrequiredtoreflectthechangesintheplanningdocumentation.
iCAT:FinancialAudit
Chapter3:Preengagement
Page30
Figure1:AuditProcess
RBAAuditProcess
FormOpinionandReport
PreliminaryEngagementActivities
OverallAuditStrategy
RiskAssessmentandresponse
Designfurtherauditprocedures
IdentifyingandAssessingriskofmaterialmisstatement
Understandingtheentity’senvironmentincludinginternalcontrols
Understandingtheentity
ConductingFieldAudit
– Testsofcontrols– Substantiveprocedures
EvaluateResults
Accumulateandevaluatemisstatements
iCAT:FinancialAudit
Chapter3:Preengagement
Page31
1.2ExpectationsfromtheISSAIFacilitators
Table1belowprovidesanoverviewofwhattheISSAIfacilitatorisrequiredtodoateachstageoftheauditprocess.InadditiontotheexpectationsinTable1,theISSAIfacilitatorisrequiredtobefamiliarwiththeissuesdiscussedinlevel2oftheISSAIframeworkcoveredinChapter2.Forfinancialauditsomeoftheseissuesaregivenmoreemphasisasdiscussedintable2ofthismodule.
Atthisstage,theISSAIfacilitatorisexpectedtohaveaccesstoSAIfinancialauditseniormanagementandselectaminimumoftwoauditfilestosupporttheconclusionsdrawnfromthediscussionswithmanagement.
BeforelookingattheiCAT,thefacilitatorshouldunderstandtheauditingstandards.TheInternationalStandardsofSupremeAuditInstitutions(ISSAIs)forfinancialauditingarebasedontheprivatesectorInternationalStandardsonAuditing(ISA)issuedbytheInternationalFederationofAccountants(IFAC).TheISSAIsthereforecomprisesoftheentireISA.TheISAshaveaconsistentstructuresincludingrequirementsofthestandardsandthenreferencedtothisiswhatiscalledtheapplicationoftherequirements.Theapplicationiseffectivelyguidanceonunderstandingtherequirements.
TheISSAIsthenenhancestheISAwithspecificguidancefortheSAIenvironmentthroughtheuseofpracticenotes.Theseoftenprovideexamplesforthepublicsectorcontextorexplainsituationsinwhichthestandardsapply.
iCATcomprisesallrequirementsfrom36ISSAIs.InadditiontorequirementsfromInternationalStandardsonAuditing(ISAs)therequirementsfromthepracticenoteshavebeenadded.Altogether531requirementsareincludediniCAT.
InordertofacilitatetheuseofiCAT:
• Requirementshavebeensplitintoauditingphases:Pre-engagement,Planning,FieldworkandReportinganddescribedintherespectivemodulesofthecourse.Someoftheserequirementsflowthroughouttheauditprocessandthefacilitatorwillberequiredtounderstandthestartingpointoftherequirement.
• Whethertherequirementisimportantoninstitutionallevelorauditlevelhasalsobeenidentified.
• Documentsthatprovetheapplicationoftherequirementhavebeenoutlined,e.g.planningdocuments,workingpapers,auditreportetc.
iCAT:FinancialAudit
Chapter3:Preengagement
Page32
Table1:Overview–ActivitiesofISSAIFacilitator
AuditProcessReference
CoreTextmodule BriefDescription ISSAIreference ExplanationofISSAIFacilitatorknowledge
Preliminaryauditengagement
Chapter3 Thisstageoftheauditiswhereassessmentoftheauditrequirementsaremadeandtheauditteamcommunicateswiththeauditedentity
ISSAI1210 ThefacilitatorshouldunderstandtheSAIsstandardpracticeandassessifithasbeenappliedconsistently
OverallAuditStrategy
Chapter4 Togainahighlevelunderstandingoftheauditedentityandassessthemateriality.
ISSAI1300,1315and1320
ThefacilitatorshouldbeabletoidentifythedocumentationwithintheSAItorelatestotherequirementsoftheoverallauditstrategyandassesswhethertheelementsofthestrategyarecovered.
Riskassessmentandriskresponses
Chapter4 Theprocessinvolves:Understandingtheentityincludingitscontrolenvironment.Identifyingtheriskofmaterialmisstatementanddesigningfurtherauditproceduresforassessingtherisks.
ISSAI1200and1300series
TheISSAIfacilitatorisrequiredtounderstandtheSAImethodologyandhowitcoversthemainaspectsoftheauditplanningrequirements.AnassessmentofthemainelementsoftheSAIsprocessisthenassessedagainstauditfilestoseeiftheycontaintheinformationexpected.Assessmentoftheadequacyofthe
iCAT:FinancialAudit
Chapter3:Preengagement
Page33
AuditProcessReference
CoreTextmodule BriefDescription ISSAIreference ExplanationofISSAIFacilitatorknowledgeplanningconclusionsandthedesignofauditproceduresisbeyondthescopeofthefacilitator.
FieldAudit Chapter5 Atthisstagetheauditorisattemptingtoprovidesufficientappropriateandreliableevidencetosupporttheconclusionsreachedbasedontestofcontrolsandsubstantiveprocedures.
ISSAI1500series Thefacilitatorisrequiredtoreviewauditfilesandassesstheadequacyandsufficiencyofdocumentationincludingtheapplicationofprofessionaljudgmentandprofessionalskepticism.Thefacilitatorisnotexpectedassesswhethertheproceduresfollowedareadequatetoaddresstherisksidentified
Evaluatingresults Chapter6 Thissectionisconcernedwithevaluatingresultsandassessingtheeffectoftheresultsonthenature,extentandtimingofauditworkaswellasconsiderationofreportingconsequences
ISSAI1450 ThefacilitatorshouldunderstandtheauditmethodologyfollowedbytheSAIandassesstheauditfilesselectedagainstthecriteria.
Forminganopinionandreport
Chapter6 Thisiswheretheoutputsfromtheauditprocess,namely:auditreportsandotherreportsare
ISSAI1700seriesand1800series
Thefacilitatorisexpectedtounderstandthedecisionstakentoarriveattheitemsincludedinthe
iCAT:FinancialAudit
Chapter3:Preengagement
Page34
AuditProcessReference
CoreTextmodule BriefDescription ISSAIreference ExplanationofISSAIFacilitatorknowledge
produced reportandassessiftheyarecomplianttotherelevantstandardsandSAIpractice.
2. Institutionallevelconsiderationspriortoassessinganindividualaudit
Asthefacilitatoryouarealreadyfamiliarwiththelevel2considerationsoftheISSAIframework.Level2ISSAIsstateandexplainthebasicprerequisitesfortheproperfunctioningandprofessionalconductofSAIs.Thesearetheinstitutionallevelconsiderationsthatrequiredtobeanalyzedbeforeassessinganindividualauditprocess.
Thefocusshiftsslightlytoassessingtheseconsiderationsinthespecificcontextoffinancialauditing.Themainareaswheretheseconsiderationsarenecessaryarebroadlycoveredby:
2.1 Compliancetothelevel4financialauditISSAIs2.2 Assessmentoftheaccountingandlegalframeworkgoverningthefinancialstatementsin
yourjurisdiction2.3 ConsiderationoftheSAIbeforecommencingwithindividualaudits
2.1Compliancetothelevel4financialauditISSAIs
TheiCAThasidentifiedseveralreferencesforexampleISSAI1200.20wheretheuseofISAhastobecarefullyconsidered.Itstates“TheauditorshallnotrepresentcompliancewithISAsintheauditor’sreportunlesstheauditorhascompliedwiththerequirementsofthisISAandallotherISAsrelevanttotheaudit”.ThismeanstheSAIcannotdecidetofollowafewaspectsofISAanddepartfromothersandstillstatetheyarecomplyingwithISAsandthereforetheISSAIsforfinancialaudit.
Exampleswherethissituationwillneedtobeconsideredcouldincludethefollowingscenarios:
• WheretheSAIhasfundamentalcapacityrestrictionsinmeetingtheISSAIrequirementsfromcurrentresources
• Wherethestakeholderexpectationsortheauditingenvironmentdoesn’tprovideforfullISSAIimplementation
InthecaseofcapacityrestrictionstheSAIcanconsiderassessingthescopeoftheauditsandasstatedunderISSAI40(acceptanceandcontinuation)andshouldbringthistotheattentionoftheHeadofSAIoreventhelegislatureorbudgetauthority.TheSAIinthisregardshouldhaveanoverallplanthatwillbediscussedunderresourceconsiderationsbelow.
InthesituationwherefullISSAIimplementationmaybelimitedbytheenablingenvironment,forexample,wheretheaccountingframeworkisstillunderdevelopedorthescrutinyofthefinancialstatementsandauditreportishighlylimitedthereareseveralfactorsthattheSAIshouldconsider.
iCAT:FinancialAudit
Chapter3:Preengagement
Page35
FirstlytheSAIshouldassesswhataspectsoftheISSAIsarethemostrelevanttoimplementandbeginwiththese.InthisinstanceasstatedinISSAI1805.8theauditorcanconsidertheapplicabilityoftheISSAIs.IngeneraliftheinformationprovidedtousersisinsufficienttocovertheirneedsthentheSAIshouldidentifythedeficienciesandreportthemtotheappropriatestakeholders.
Secondly,SAIshouldassessoveralltheimportanceoftheISSAIsandidentifythekeyvaluetheISSAIswillprovideandfocusontheseareas.However,inthesesituationsitmaynotbepossiblefortheSAItostatethatitisauditingincompliancewiththeISSAIs.AstatementintheSAI’sstrategicdocumentationshouldreflectthisposition.TheSAIshouldrefertoISSAI1000.28forotheralternativesforcompliancetotheISSAIFramework.
InthespecificinstanceofthedeficiencyofthefinancialreportingframeworktheSAIshouldconsiderthesectionbelow.
2.2Assessmentoftheaccountingandlegalframeworkgoverningthefinancialstatementsinyourjurisdiction
TheISAsmakereferencetotheaccountingframeworkunderwhichthefinancialstatementsaremade.Therearetwoverypopularframeworksthatarewellestablishedintheinternationalcommunitynamely:
• InternationalFinancialReportingStandards(IFRS)• InternationalPublicSectorAccountingStandards(IPSAS)
TheseframeworksprovidecoveragefortherequirementsoftheISSAIs.Forexample,disclosuresinrelationtorelatedpartiesarecoveredbytheframeworks.Itisinthisregardthatthefinancialreportingframeworkneedstobecomprehensiveastoprovidetheusersofthestatementswiththerelevantinformationprovidedinasuitablyunderstandableformat.
Manyjurisdictionsareoperatingwithentitiesatdifferentlevelsofaccountingbases.ForexampleMinistriesmaybeoncashormodifiedcashbasiswhereascorporationscanbefullycomplianttoIFRS.TheIPSASexplainsthedifferentbasisofaccountingandprovidesforthemigrationfromfullcashtofullaccruals.ThefacilitatorcanobtainreviewtheIPSASandIFRSframeworksthroughthewebsitewww.ifac.org(publicsectorforIPSAS).
IftheaccountingframeworkislimitedorunderdevelopmentthefacilitatorshouldconsiderwhethertheSAIhasenquiredoftherelevantmanagementwhetherthefinancialstatementsaresufficienttomeettheuserrequirements(ISSAI1200practicenote5refers).
ManySAIsoperateinenvironmentswheretheaccountingframeworkisprescribedwithinthelegislationofthecountry.Inthesecasestheassessmentoftheapplicabilityoftheframeworkforusersshouldstillbeundertakenandrecommendationsmadetotherelevantstandardsetterse.g.MinistryofFinanceorAccountantGeneral.
iCAT:FinancialAudit
Chapter3:Preengagement
Page36
2.3ConsiderationoftheSAIbeforecommencingwithindividualaudits
WhenconsideringtheoverallfinancialauditstrategyfortheSAItherearemanyfactors.Thesefactorsneedtobeconsideredpriortoanyresourceallocationandassessmentofindividualauditstrategy.Manyoftheseaspectsarealsoreferredtoatlevel2oftheISSAIframeworkandarereflectedinSAIpolicyandprocedures;however,thereisaneedforsomeannualconsiderations.Table2belowissummaryofthetypeofconsiderationsaSAIshouldconsider.
Table2:SAIPrecondition
Considerations Decision Guidance ISSAIReferenceISSAIcompliancelevel4financial
Full/Partial TheSAIneedstodecideontheapplicabilityoftheframeworkandtheintentiontocomplywiththerequirements.Iftherearereasonsforelementsoftheframeworktobeomittedtheyshouldbestated.Thestatementofthebasisoftheopinionandanyoverallmodificationstotheauditreportsshouldbeprovided.
AllISSAIslevel4
AdequacyofFinancialReportingFramework
Adequate/Limited/Notapplicable
SAIshouldconsidercommunicatingitsconclusioniftheframeworkisnotadequatetotherelevantstandardsettingbodies.Inextremesituationsmodificationstotheauditreportsorspecialreportsshouldbeconsidered
ISSAI40underacceptanceandcontinuanceandISSAI1000(paragraphs43and44)
Auditresourcesrequiredinternally(ISSAI40acceptanceandcontinuation)
Adequate/inadequate
InthecaseofinadequateauditresourcestheSAIshouldconsidertheeffectonthescopeoftheauditoridentifyalternativeapproachestoobtainassurancee.g.contractingoutfunctionsThisisparticularlyimportantinthecaseofsmallSAIswhohavelimitedcapacityTheSAIisalsorequiredtohaveresponsesinplacetoanauditedentity,whichmaybepreventingtheSAIfromadequatelycarryingoutitsresponsibilities.AswithdrawalisnotusuallyanoptioninSAIenvironmentalternativesmeasuresmayneedtobesought.
iCAT:FinancialAudit
Chapter3:Preengagement
Page37
Considerations Decision Guidance ISSAIReferenceManagementofAuditresourcescontractedout
Appropriate/trainingorguidanceneeded
WhereotherauditorsoutsidetheSAIareemployedtoconductaudits,particularassessmentshouldbemadeoftheirprofessionalcompetenceandtheirunderstandingofthepublicsectorrequirements(aselaboratedinthepracticenotes)
ISSAI1600practicenote
UseofExperts(includinginternalauditors)
Required/Notrequired
Astrategicdecisionisrequiredtoassesstheneedforexpertsorothergovernmentalagencies(e.g.antimoneylaunderingagencies).Theauditstowhichtheyrelatedandthescopeofworkshouldbeunderstood.TheSAIshouldthenassesstheauditriskoverallandprioritizetheexpertsrequired.
ISSAI1610andISSAI1620
Specificcomplexitiesintheauditedentitiesthateffecttheindividualauditstrategies
Yes/No Thesecaninclude:• Serviceorganizations• Specificreporting
requirements• Highriskclients• Otheraudits/investigations
beingperformedbytheSAI• Relatedparties• Particularissuesinthepublic
intereste.g.highrankingofficialexpenses
• Consolidations• Restructuringofgovernment
organizations• Specificinstructionsfrom
legislature/thirdparties• Previousallegations
Alltheaboveshouldbeconsideredandtheeffectontheauditstrategiesandresourceallocationsshouldbestated.
ISSAI1402ISSAI1700ISSAI1300ISSAI1240ISSAI1550IISSAI1315ISSAI1600ISSAI1510ISSAI1210ISSAI1240
ReportsissuedotherthanthoseincompliancetoISSAI1700and1800series.
Yes/No IftheSAIintendstoissueotherauditreportsthatarenotinconformancetothestandards.ThentheSAIshouldstatethebasisandcriteriaforsuchreports.AnydiscussionofkeyauditthemesandthemethodtheSAIusestoincludetheseissuesinthereportshouldbeexplained.
ISSAI1700seriesand1800series
iCAT:FinancialAudit
Chapter3:Preengagement
Page38
Considerations Decision Guidance ISSAIReference
Qualitycontrolplan Yes/no Aqualitycontrolplanfortheyearshouldbeprovided
ISSAI40andISSAI1220
EvidenceofEthicalRequirementsinplacepriortothecommencementoftheaudits
Yes/no TheSAIshouldoperationalizetherequirementsofISSAI30toensureanannualprocessforethicalrequirementsisundertaken.
ISSAI30
3. QualityControl
ISSAI40principle1Leadershipstatesclearlytheimportanceofqualitycontrolasshownbelow:
An SAI should establish policies and procedures designed to promote an internal culturerecongnisingthatquality isessential inperformingallof itswork.SuchpoliciesandproceduresshouldbesetbytheHeadoftheSAI,whoretainsoverallresponsibilityforthesystemofqualitycontrol.
ThefacilitatorhasalreadyunderstoodtheroleoftheISSAI40onlevel2oftheISSAIFramework.AtthisstagetheSAIalsorequiresamechanismfortranslatingtheseinstitutionalrequirementsintotheindividualauditprocess.ISSAI1220providesforsuchalink.Itlooksatthequalitycontrolfunctionemployedattheauditlevel.Thequalitycontrolprocessisrelativelystraightforwardandiscapturedintheflowbelow.
1. Planning2. Conducting3. Monitoring
3.1PlanningQualityControlReview
AtthecommencementoftheauditcycletheSAIshouldbeawareoftheengagementqualitycontrolreviewsthatarerequiredtotakeplace.TheSAIshouldensurethattheengagementqualitycontrolreviewsinclude:
• AnylistedcompaniesauditedbytheSAI(ISSAI220.19)• OtherentitiesthattheSAIdeemsnecessaryduetothenatureoftheengagement.
ThecriteriatheSAIemploysforselectingtheauditstobequalitycontrolreviewedshouldbeexplicitlystatedandapprovedaspertheengagementqualitycontrolpolicy.Thecriteriacouldconsider:
• Auditswheremodifiedopinionswerepreviouslyissued• Auditswhichhaveahighpublicprofile• Auditswhichhaveallegationsrelatedtotheauditentity• Coveragetoincludeallengagementpartners
iCAT:FinancialAudit
Chapter3:Preengagement
Page39
ThequalitycontrolplanshouldbeapprovedandcommunicatedinlinewiththeSAIpoliciesandprocedures.ThecarryingoutoftheQAfunctioncaninvolveoutsideexpertise,adedicatedQAfunctionordelegationstospecificindividualsorcommittees.
3.2Conducting-EngagementPerformance
3.2.1Overview
Duringthefieldworktheengagementleadershalltakeresponsibility,amongotherthings,for:
a. thedirection,supervisionandperformanceoftheauditengagementincompliancewithprofessionalstandardsandapplicablelegalandregulatoryrequirements;andtheauditor’sreportbeingappropriateinthecircumstances;
b. reviewsbeingperformedinaccordancewiththefirm’sreviewpoliciesandprocedures;c. theengagementteamundertookappropriateconsultationondifficultorcontentiousmatters;d. determiningwhetherthereisaneedforanengagementqualityreviewandifsodetermined,
ensuringthatanengagementqualityassurancereviewerhasbeenappointed.
Wheredifferencesofopinionarisewithintheauditteamwiththoseconsultedand,whereapplicable,betweentheengagementleaderandtheengagementqualitycontrolreviewer,theauditteam,shouldfollowtheSAI’spoliciesandproceduresfordealingwithandresolvingdifferencesofopinion.
TheengagementleaderensuresreviewsareperformedinaccordancewiththeSAI’sreviewpoliciesandprocedureswhichshouldmeettherequirementsofISSAI40.(Ref:ISSAI1220paragraphs16andA.16toA.17,A.20andISSAI40-paragraphs32andA.34)
Theengagementleader/supervisorisresponsibleforensuringthatreviewsoftheworkingpapersarecarriedoutinordertobesatisfiedthattheydemonstratethatsufficientappropriateauditevidencehasbeenobtainedtosupportconclusionsreachedfortheauditor’sreporttobeissued.(Ref.ISSAI1220paragraphs17andA.18toA.20)
3.2.2ConsultationandDifferencesofOpinion
ISSAI1220givesresponsibilitytotheHeadoftheSAIforensuringthattheengagementteamundertakesappropriateconsultationondifficultorcontentiousmatters,andthattheconclusionsofconsultationsaredocumentedandimplemented.
Wheredifferencesofopinionarisewithintheengagementteam,withthoseconsultedand,whereapplicable,withintheSAI,theSAIshouldhavepoliciesandproceduresfordealingwithandresolvingdifferencesofopinion.
3.2.3EngagementQualityControlReview(EQCR)
EQCRistheobjectiveevaluationofthesignificantjudgmentsmadebytheauditteamandtheconclusionsreachedinformulatingtheindependentauditor’sreport.
Aspartofthesystemofqualitycontrol,ISSAI40statesthatanEQCRshouldbeperformedforallauditsmeetingtheagreedcriteria.Examples:
iCAT:FinancialAudit
Chapter3:Preengagement
Page40
• whereaqualifiedoradverseopinionisbeingproposedoranticipated;
• whereclientactivitiesareofspecialinteresttothegeneralpublicormedia;and
• whereclientsareconsideredasbeingofhigherauditrisk,forexampledueto:ahistoryofweakinternalsystemsofcontrol;orwherecomplexornovelaccountingissuesexist
ISSAI40requiresthatanEQCRisconductedinatimelymannersothatsignificantmattersareresolvedpriortotheopinionbeingissued.ThereforetheEQCRisperformedbeforetheissuingofthereport.
3.3. Monitoring
TheISSAI1220.32to1220.34explainsthatmonitoringisinrespectsoftwoelements:
• assessment,correctingandimprovinganyissueswithauditengagements• assessmentandimprovingthequalitycontrolprocessitself
AnyissueshighlightedarenotnecessarilydemonstratingfailuretomeetthestandardbutaremerelyaspectsthatrelatetooperationalaspectsoftheSAIsactivities.
4. Keyaspectsofauditevidenceincludinglinkagestoprofessionalskepticism
4.1OverviewTheISSAIfacilitatorhastobeawarethatthroughouttheauditprocesscertainrequirementsinregardtoauditevidencemustbekeptinmind.Thesearesummarizedinthetablebelow.
Table3:AspectsofAuditEvidence
Description ISSAIReference CommentUnderstandabilityofauditevidenceincludingsignificantprofessionaljudgment
ISSAI1230.8 Withintheapplicationtothestandardreferencesaremadetothepracticalitiesrelatedtoevidence.Clearlyauditorscannotrecordalldocumentationandjudgmentstaken.Theneedtorelatewhatisdocumentedtoassisttheusers(includingreviewersandfutureauditors)indischargingtheirfunctionsisthecriteria.
Typeofworkperformed,whoperformeditandwhoreviewedit
ISSAI1230.9 Ownershipandevidenceofreviewisessentialtotheauthorityoftheworkperformedandtoaccountabilityandresponsibilityfortheauditasawhole.
ConsiderationofSmallSAI
NotspecificallytoISSAIframework
Asdiscussedabovetheimplicationsontheauditscopeandcompliancetostandardshastobeconsidered.
Professionalskepticism
ISSAI1240.12 Thisisperhapsoneofthemostdifficultareasfacingtheauditors.Theabilitytodemonstrateskepticismwithintheauditevidencemaynotbestraightforward.Itmayrequireevidencethroughforexample,teammeetings.Considerationofallegationsandothersourcessuchaspress
iCAT:FinancialAudit
Chapter3:Preengagement
Page41
coverageshouldbeassessed.Seesection4.2belowforfurtherillustrationAcceptanceofdocumentationprovidedbytheauditedentityshouldbelinkedtotheinternalcontrolassessment.
SpecialconsiderationsinjudicialaspectsrelatingSAIfunctions
ISSAI1230PN15and16
InSAIswherethereisaresponsibilitybeyondfinancialreportingandexpressinganopiniontheSAImayhaveadditionalevidentialrequirements.Forexample,inpreparingdocumentationforimposingfinestheevidentialrequirementmaybestrongerthansimplyhighlightingthefinding.ThisshouldbereflectedinthepoliciesandproceduresoftheSAI.
4.2Skepticism
RecognizingThatManagementCanAlwaysCommitFraud
Managementisalwaysinapositiontooverrideotherwisegoodinternalcontrol.
Engagementteammembersaretosetasideanybeliefsthatmanagementandthosechargedwithgovernancearehonestandhaveintegrity,notwithstandingtheauditor’spastexperienceoftheirhonestyandintegrity.
AQuestioningMind Makecriticalassessmentsaboutthevalidityofauditevidenceobtained.
BeingAlert Doesauditevidencecontradictorbringintoquestionthereliabilityof:
•Documentsandresponsestoinquiries?
•Otherinformationobtainedfrommanagementandthosechargedwithgovernance?
BeingCareful Avoid:
•Overlookingunusualcircumstances.
•Over-generalizingwhendrawingconclusionsfromauditobservations.
•Usingfaultyassumptionsindeterminingthenature,timing,andextentoftheauditproceduresandevaluatingtheresultsthereof.
•Acceptinglessthanpersuasiveauditevidenceinabeliefthatmanagementandthosechargedwithgovernancearehonestandhaveintegrity.
•Acceptingrepresentationsfrommanagementasasubstituteforobtainingsufficientappropriateauditevidence.
iCAT:FinancialAudit
Chapter3:Preengagement
Page42
5. AuditCommunication
5.1OverviewIntheiCATthereareover70requirementswhereformalcommunicationisidentified.Thisthereforeemphasizestheimportanceplaceduponthiselementoftheaudit.
Thefacilitatorshouldappreciatetheimportanceoftheformalcommunicationwithmanagementandthosechargedwithgovernancerelatingtotheauditedentities.Inmanycasesthosechargedwithgovernancecanbeauditcommittees.Ininstanceswheretheauditorneedstocommunicatetothosechargedwithgovernance,includingonsensitivematters,thestandardhassomebroadinstructionsISSAI1260.29refers.
5.2 TypesandReasonsforFormalCommunication
StandardtemplatesandpoliciesandproceduresarerequiredtoensurethattheSAIcommunicatesinaconsistentandprofessionalmannerwithoutsideparties.
Table4belowprovidesexamplesofthetypesofformalcommunicationusedduringthecourseofanaudit:
Table4:TypesofCommunicationwithexternalstakeholders
TypeofCommunication Example ReferenceInformative Engagementletter ISSAI1210.16Clarification Furtherexplanationisrequiredontheaccounting
frameworkorsignificanttransactionsISSAI1210.18andISSAI1550.14
Representations Managementrepresentationlettersupportingthefinancialstatements.AnentireISSAIisconcernedwithmanagementrepresentations
ISSAI1580
Permission Insomeinstancestheauditormayrequirepermissionfromtheauditedentitytocontactthirdpartiesforconfirmations
ISSAI1501.11
Goingtoahigherauthority
Theauditormaybefacedwithallegationsorproblemswiththeentitywhichneedtobeaddressedatahigherlevel.
ISSAI1250.24
Instruction Forexampleinsituationswheretheauditorrequestsmodificationstothefinancialstatements
ISSAI1720.16
Informingauditentityofauditresults
Informingtheauditedentitiesofpotentialissuesthatcanaffecttheauditopinion
ISSAI1720.15
6. Engagementletter
‘ISSAI1300-PlanninganAuditofFinancialStatements’stipulatesthattheauditorplansanaudittoperformitinaneffectivemanner.Theinitialstageofplanningrequirestheauditortocarryoutspecificpreliminaryactivitiesbeforeagreeingtobeassociatedwithanentityforanauditengagement.TheauditengagementincludesanytypeofauditarrangementwhethergovernedbytheauditmandateoftheSAIoranyspecialauditworktakenupbytheSAI.
iCAT:FinancialAudit
Chapter3:Preengagement
Page43
Inthepublicsector,auditorsusuallyappointedbystatuteandgovernedbytheauditmandateoftheSAI,oftenhavenodiscretioninbeingassociatedwithanentityforaparticularauditengagement.However,carryingoutpreliminaryengagementactivitiescanprovidetheSAIwithassurancethatitanditsstaffcomplywithindependencerequirement,identifytheneedforspecificcompetenciestodealwithcomplextransactions,andidentifyissuesassociatedwiththeintegrityofentitymanagement;andcanremindentitymanagement,throughanengagementletter,oftheirresponsibilitiesforfinancialreporting.
Thepreliminaryengagementactivities,tobecarriedoutpriortoauditengagement,assisttheauditorinidentifyingandevaluatingtheeventsorcircumstancesthatmayadverselyaffecttheauditor’sabilitytoplanandperformtheauditengagementwithintegrityandimpartialityandtoreduceauditrisktoanacceptablelowlevel.Performingtheseactivitiesalsohelpstoidentifyissueswithmanagementthatmayaffecttheaudit.Italsoensuresthatmanagementisfullyawareofitsresponsibilitiesinrelationtofinancialreporting.
IninstanceswherethefinancialreportingframeworkhasdeficienciesthepracticenotewithinISSAI1210.5urgestheSAItoinformthelegislatureandthestandardsetters.Alsothepracticenotehighlightsotherssignificantissuesthatneedtobecommunicatedtomanagementandthosechargedwithgovernanceregardingthespecificfocusareasanauditinthepublicsectorcaninclude.Theseare:
• Non-performanceofoperations• Non-compliancewithauthorities• Waste• Instancesofabuse.
AlthoughtheSAI’smandatemaynotrequiretheissuanceofanengagementletter,thepracticeisrecommendedandprovidesanopportunitytoclearlyidentifypotentialproblemssuchasscopelimitationsplacedupontheauditorsbymanagement.Anexampleofanengagementletterisprovidedattheendofthepracticenote1210.Itprovidesthescopeandkeyconsiderationsfortheaudit.
Conclusion
AttheendofthechapterthefacilitatorshouldappreciatetheinstitutionalandexternalrequirementsthatfacilitatetheenvironmentforISSAIFrameworkimplementation.ThisalsoanticipatesmanagementoftheSAItakingvariouspolicydecisionsthatdirecttheenvironmentwithintheSAI.
Thechapterhasprovidedguidanceonalltheelementsthatarerequiredtobeconsideredbeforeanindividualaudittakesplace.ManyoftheserequirementsarerequiredtobedoneacrossthewholeSAIandarethereforecategorizedasinstitutionallevel.Othersuchasqualitycontrolrequiresapracticethatcanaffectallauditsandthereforerequirescentralplanning.BycompletingtheiCATforthepre-engagementthefacilitatorisprovidingareadinessassessmentoftheSAItoengageintheauditplanningofasingleauditedentity.
InthenextchaptertheguidanceontheISSAIrequirementspertainingtotheplanninganauditoffinancialstatementsisdiscussed.
iCAT:FinancialAudit
Chapter4:Planninganauditoffinancialstatement
Page44
Chapter4
PlanninganAuditofFinancialStatement
Introduction
ThepreviouschapteronPreengagementprovidedthefacilitatortheinformationrequirespriortothecommencementofanindividualaudit.Thischaptertakesthefacilitatorthroughtheplanningstageofanindividualaudit.ThisisregardedasthemosttheimportantstageoftheauditprocessandthereforeincludesasignificantnumberofiCATrequirementsasstatedbelow.
Inthischapterthefacilitatorwillreceiveanoverviewofpreparinganoverallauditstrategyandadetailedauditplan.Theprocessofidentifyingandassessingrisksofmaterialmisstatementsaswellauditor’sresponsestoassessedriskswillbealsodiscussed.
TheguidanceissuedinthecoretextistoensurethatISSAIFacilitatorbecomesfamiliarwithauditplanningprocessbutthecoretextisnotdirectlylinkedtoalliCATrequirements.Thereareapproximately180requirementsforplanningandthereforealloftherequirementscannotbemappeddirectlytotheguidance.
Thefacilitatorwillunderstandtheprimaryrequirementsofplanningthroughthiscoretextandcompletingtherelatedexercisesofthemodule.Otherrequirementswillflowfromthosethatarecoveredinthedetailinthecoretext.However,thefacilitatorshouldalsofamiliarizethemselveswiththecontentoftheiCATforplanningastheyworkthroughthismodule.
1. OverviewofPlanning
Theoverviewofplanningprovidesthekeyoverallrequirementsincludingthepurposeofanaudit.TheremainingsectionsgointothedetailsoftheiCATplanningrequirements.
Auditplanningisimportanttoensurethattheauditisperformedinanefficientandeffectivemannerandthatauditriskhasbeenreducedtoanacceptablylowlevel.Thismeansprovidingthecorrectopiniononthefinancialstatements.Auditplanningisnotadiscretephaseoftheaudit.Itisacontinualanditerativeprocessthatstartsshortlyaftercompletionofthepreviousaudit,andcontinuesuntilthecompletionofthecurrentaudit(1).
Objectivesofafinancialaudit
AccordingtoISSAI1200inconductinganauditoffinancialstatements,theoverallobjectivesoftheauditorare:
iCAT:FinancialAudit
Chapter4:Planninganauditoffinancialstatement
Page45
a. Toobtainreasonableassuranceaboutwhetherthefinancialstatementsasawholearefreefrommaterialmisstatement,whetherduetofraudorerror,therebyenablingtheauditortoexpressanopiniononwhetherthefinancialstatementsareprepared,inallmaterialrespects,inaccordancewithanapplicablefinancialreportingframework;and
b. Toreportonthefinancialstatements,andcommunicateasrequiredbytheISSAIs,inaccordancewiththeauditor’sfindings.
Auditriskofexpressinganinappropriateauditopiniononfinancialstatementsusuallymeansissuinganunqualifiedauditreportonfinancialstatementsthataremateriallymisstated.However,itcanalsomeanissuingaqualifiedauditreportonfinancialstatementsthatarenotmateriallymisstated.Inordertoplanandcarryoutanauditthatreducesauditrisktoalowenoughlevel,anauditorhastohaveagoodunderstandingofwhatmakesupthatrisk.Theauditorisrequiredtoidentifyandassesstheriskofmaterialmisstatement,whetherduetofraudorerror,atthefinancialstatementandassertionlevelsthroughunderstandingtheentityanditsenvironment,includingtheentity’sinternalcontrol.Ariskofmaterialmisstatementthataffectsmanyassertionswillaffectthefinancialstatementsasawhole.Ariskofmaterialmisstatementattheassertionlevelmayaffectonlyaparticularclassoftransactionoranaccountbalance.Thisassessmentprovidesabasisfordesigningandimplementingresponsestotheassessedrisksofmaterialmisstatement.PracticenoteinISSAI1315P3mentionsthattheobjectivesofafinancialauditinthepublicsectorareoftenbroaderthanexpressinganopinionwhetherthefinancialstatementshavebeenprepared,inallmaterialrespects,inaccordancewiththeapplicablefinancialreportingframework.Theauditmandate,orobligationsforpublicsectorentities,arisingfrom:
• legislation,
• regulation,
• ministerialdirectives,
• governmentpolicyrequirements,or
• resolutionsofthelegislature.
Theseadditionalobjectivesmayincludeauditandreportingresponsibilities,forexample,relatingtoreportingwhethertheSAIfoundanyinstancesofnoncompliancewithauthoritiesincludingbudgetsandaccountabilityframeworks,and/orreportingontheeffectivenessofinternalcontrol.TheseadditionalobjectivesmayleadtheSAItoassessadditionalrisksofmaterialmisstatement.Evenwheretherearenosuchadditionalobjectives,theremaybegeneralpublicorotherstakeholderexpectationsinregardtotheSAI’sreportingofnon-compliancewithauthoritiesorreportingoneffectivenessofinternalcontrol.InsomesituationswherethishasbeenapreviouspracticeoftheSAItheremayneedtobeanawarenessarisingtoexplainchangestotheSAIpractice.Therefore,public
iCAT:FinancialAudit
Chapter4:Planninganauditoffinancialstatement
Page46
sectorauditorskeepsuchexpectationsinmind,andareawareoftheareasthatmaygiverisetorisksofnon-compliancewithauthoritiesorrisksrelatingtoeffectivenessofinternalcontrolwhenplanningandperformingtheaudit.ISSAI1200statesthatinordertoachievetheoverallobjectivesoftheaudit,theauditorshallusetheobjectivesstatedinrelevantISAsinplanningandperformingtheaudit,havingregardtotheinterrelationshipsamongtheISAs.Inexceptionalcircumstances,theauditormayjudgeitnecessarytodepartfromarelevantrequirementinanISA.Insuchcircumstances,theauditorshallperformalternativeauditprocedurestoachievetheaimofthatrequirement.
2. DevelopingOverallAuditStrategy
ISSAI1300outlinestheprocessfordevelopinganoverallauditstrategyfortheauditengagement.Thefirststepinauditplanninginvolvesestablishingtheoverallauditstrategythatformsabasisfordevelopingadetailedauditplan.Theoverallauditstrategyisdistinctfromtheauditplaninthatitsetsaframeworkforthescope,timinganddirectionoftheaudit.Thisratherguidesthepreparationofthedetailedauditplan,whichcontainsmorein-depthinformationontheresultsoftheriskassessmentandontheactualauditprocedurestobeconducted.Theoverallstrategymaybeinfluencedbyadditionalinformationobtainedwhileunderstandingtheentityanditsenvironment,performingriskassessmentprocedures,performingfurtherauditprocedures,evidencegatheringandatthetimeofaccumulatingmisstatements.Suchadditionalinformationmaybeusedtoreviewandupdatethestrategy.AsstatedinISSAI1300.10overallstrategydocumentisalivedocumentthatwillbecontinuouslyupdatedateachstageofaudit,dependingontheadditionalinformationgatheredbytheauditor.Theoverallauditstrategyandanysignificantchangesthereinshouldbedocumented.AccordingtoISSAI1300.7theauditorshallestablishanoverallauditstrategythatsetsthescope,timinganddirectionoftheauditandthatguidesthedevelopmentoftheauditplan.ISSAI1300.8requiresthatinestablishingtheoverallauditstrategy,theauditorshall:
a. identifythecharacteristicsoftheengagementthatdefineitsscope,e.g.additionalfundsfromdonorsmayextendthescope;
b. ascertainthereportingobjectivesoftheengagementtoplanthetimingoftheauditandthenatureofthecommunicationsrequired;
c. considerthefactorsthat,intheauditor’sprofessionaljudgment,aresignificantindirectingtheengagementteam’sefforts,inareassuchasauditinginsensitiveenvironments;
d. considertheresultsofpreliminaryengagementactivitiesand,whereapplicable,whetherknowledgegainedonotherengagementsperformedbytheengagementpartnerfortheentityisrelevant;and
e. ascertainthenature,timingandextentofresourcesnecessarytoperformtheengagement.
iCAT:FinancialAudit
Chapter4:Planninganauditoffinancialstatement
Page47
Theserequirementswillbeexplainedinfollowingparagraphs.Theissuesofresourcesisoftendeterminedwithoutassessmentoftheassignment,thisshouldbebroughttotheattentionofmanagement.
a. Thecharacteristicsoftheengagementthatdefineitsscopeare:ISSAI1300.8
1) UndercharacteristicsoftheauditengagementtheauditorwillneedtoconsidertheFinancialReportingFrameworkfortheFinancialStatements.Thisreferstothesourceofaccountingprinciplesusedtopreparethefinancialstatements(e.g.IFRS,IPSAS,legislation,nationalaccountingstandards,governmentdirectivesetc.).Knowledgeofthebasisofthefinancialreportingframeworkisfundamentaltotheauditor’sunderstanding.Thefinancialreportingframeworkestablishesthecriteriaforpreparationofthefinancialstatements.Anexampleofariskthatcanarisemaybethattheentitydoesnothavestaffthatisknowledgeableaboutaccrualaccountingandtherelatedfinancialreportingstandards.Theriskthatthefinancialstatementsdonotmeetthestandardsisthereforeincreasedandwillhaveanimpactatthefinancialstatementslevel.Disclosureandrecognitionrequirementsforthefinancialstatementsmaynotbemet.
2) Theentitymayalsohavereportswhicharerequiredbyregulatorsoftheirspecificindustry.Thenatureofthepublicsectorissuchthatisrarelysubjecttoindustry-specificregulation.However,inthepublicsectortheremaybespecificreportingrequirementsinlegislationthattheauditormustunderstand.Forexample,theremayberegulationorpolicythatrequiresagovernmententitytoreportonactualresultsversusbudgetorappropriation.
3) Thescopeoftheauditoutlinestheaspectsoftheauditsuchasthefinancialreportingframework,thenumberandlocationofcomponentstobeaudited,whetherthefinancialstatementsarestand-aloneorconsolidated.SeealsorequirementsstatedinISSAI1600“SpecialConsiderations–AuditsofGroupFinancialStatements(IncludingtheWorkofComponentAuditors).Italsodetailstheextenttowhichcomponentsareauditedbyotherauditors,andtherequirementtoproduceregulatoryreports.Timingsetsoutthetimeframeforreportingbytheentity,auditbythefinancialstatementauditor,andthecommunicationwiththeentityandwithintheauditoffice.
4) AsstatedinpracticenotetoISSAI1300indefiningthescopeofauditpublicsectorauditorsneedtoconsideradditionalcharacteristics.Examplesofsuchcharacteristicsmayencompass:
• Additionalreportingresponsibilitiesfortheentityestablishedbythelegislaturethatmayinfluencethescopeandtimingoftheaudit,andthenatureofcommunication.Examplesofsuchadditionalrequirementsmayincludearequirementfortheentitytoreportongovernmentfunding,includinggrants;
• Additionalreportingresponsibilitiesforthepublicsectorauditorsasaresultoftheauditmandateorotherrequirementsthatmayinfluencethescopeandtimingoftheaudit,andthenatureofcommunicationExamplesofsuchadditionalresponsibilitiesforthepublic
iCAT:FinancialAudit
Chapter4:Planninganauditoffinancialstatement
Page48
sectorauditorsmayincludereportinginstancesofnon-compliancewithauthoritiesincludingbudgetsandaccountabilityframeworks,and/orreportingoneffectivenessofinternalcontrol.
b. TimetableforReportingandCommunication:ISSAI1300.8
Reportingobjectivesdealwiththeentity’sreportingtimetable,thetimingoftheauditandauditreportandcommunicationbetweenauditorsandmanagement,thosechargedwithgovernanceandthirdparties,aswellasamongtheauditteam.Theoverallstrategywillhavetoconsidertheavailabilityofstafftomeetthedeadlines.Thiswillbeimpactedbytheresultsoftheriskassessmentproceduresandtheextentofworktobeperformed.Themannerandtimingofcommunicationswithmanagementandthosechargedwithgovernanceconcerningthenature,timingandextentoftheauditwork,auditor’sreport,managementlettersandothercommunicationsshouldbedocumentedatthisstage.Forexample,arrangementsforentranceinterviewsandpreliminaryreviewoffinancialinformationcanbemade.Minutesofthosemeetingsshouldbeagreedanddocumented.Referencesforthoseminutescanbeincludedintheworkingpaper.Communicationwillalsobetakingplaceamongtheauditteamandwithauditorsofothercomponents,whererelevant.Timelinesforteammeetingsandagendasforthosemeetingsandreviewscanbelistedwithreferencetothesupportingdocuments.c. Indevelopingtheoverallauditstrategy,theauditorshouldconsiderfollowingsignificant
factors:ISSAI1300.81) Materiality
Theauditorshoulddeterminematerialityforthefinancialstatementsasawhole,forspecificclassesoftransactions,balancesandevents(ifapplicable)andperformancemateriality.Performancematerialityisusedintheplanningstageforassessingtheriskofmaterialmisstatementsandthenature,timingandextentoffurtherauditprocedures.Formaterialityseesection3.
2) MaterialmisstatementsIncertainareasthereisahigherriskofmaterialmisstatementbasedontheknowledgeoftheentityandinformationgathered.Theauditorconsidersthelikelihoodandtheimpactoftheriskofmaterialmisstatementatthefinancialstatementlevelandforthosespecificcomponents,classesoftransactions,balancesandeventsforwhichalowermaterialityhasbeenset.Formaterialmisstatementsseesection4.
3) InternalcontrolEvidenceofmanagement’scommitmenttothedesign,implementationandmaintenanceofsoundinternalcontrolsshouldbeobtained.Theauditorusestheresultsofpreviousauditsaspartoftheevaluationoftheoperatingeffectivenessofinternalcontrols.Forexample,auditorscannotethenature
iCAT:FinancialAudit
Chapter4:Planninganauditoffinancialstatement
Page49
ofidentifieddeficienciesandtheactiontakentoaddressthem.AdditionalconsiderationsinobtainingtheunderstandingofinternalcontrolpublicsectorarestatedinpracticenotetoISSAI
4) OthersignificantfactorsSignificantchangesinthebusinessdevelopmentsuchaschangesininformationtechnologyandbusinessprocessesandkeymanagement:changesintheindustrysuchasindustryrelationsandnewfinancialreporting:changesinthefinancialreportingframework,suchaschangesintheaccountingstandards;changesinthelegalenvironmentaffectingtheentityshouldbedocumented.SuchfactorsmayaffectmorethanoneauditedentityandshouldbeidentifiedattheoverallSAIlevel.
5) ConsideringfraudTheprimaryresponsibilityforthepreventionanddetectionoffraudrestswithboththosechargedwithgovernanceoftheentityandmanagement.AnauditorconductinganauditinaccordancewithISAsisresponsibleforobtainingreasonableassurancethatthefinancialstatementstakenasawholearefreefrommaterialmisstatement,whethercausedbyfraudorerror.Owingtotheinherentlimitationsofanaudit,thereisanunavoidableriskthatsomematerialmisstatementsofthefinancialstatementsmaynotbedetected,eventhoughtheauditisproperlyplannedandperformed.Whenobtainingreasonableassurance,theauditorisresponsibleformaintainingprofessionalskepticismthroughouttheaudit,consideringthepotentialformanagementoverrideofcontrolsandrecognizingthefactthatauditproceduresthatareeffectivefordetectingerrormaynotbeeffectiveindetectingfraud.(e)Issuessuchasthenature,timingandextentofresourcesneedtobeconsidered.ISSAI1300.8Theresourcesrequiredforspecificauditareasshouldbedetermined,allowingforhighriskareastobeassignedtoexperiencedteammembersandconsideringwhetherthereisaneedforexperts.Theamountofresourcestoallocatetospecificauditareas,suchasthenumberofteammembersassignedtoobservetheinventorycountatthemateriallocations,theextentofreviewofotherauditor’sworkortheauditbudgetinhourstoallocatetohighriskareas.Otherfactorstobeconsidered:InadditiontoISSAI1300.8requirementscompletingoverallauditstrategy:
• Whethertheentityhasmorethanonedivisiontobeauditedandtheirlocations;incaseofgovernmentorganizations,thereareoftenmultiplelocationswherecontrolovertransactionsisexertedlocally.
• Whethertheentityutilizessegmentreportingand/orthereisneedforspecializedknowledge.
• SomeentitiesmayuseserviceorganizationsasexplainedinISSAI1402.Forexamplepayrollprocessingmaybedonebyacompanyofferingsuchservices.Inothercases,theentireaccountingprocessmaybeoutsourcedtotheentity’sparentministryordepartment.Whilethelattercasemaynotmeetthetechnicaldefinitionofserviceorganization,itdoesraisethesametypesofissuesfor
iCAT:FinancialAudit
Chapter4:Planninganauditoffinancialstatement
Page50
auditors-i.e.howdoestheauditorgainanunderstandingoftheprocessesandcontrolsrelevanttotheaudit,fortransactionsprocessedoutsidetheauditedentity?Theoverallauditstrategymusttakeintoconsiderationtheimplicationsofsucharrangements,particularlyonauditrisk.
• Manyministriesandgovernmententitiesutilizeinternalauditaspartoftheircontrolmechanism.
Theavailabilityoftheworkofinternalauditorsandthelevelofreliancethatistobeplacedonsuchworkshouldbeconsideredintheoverallauditstrategy.UseofworkofinternalauditorsisdescribedinISSAI1610.Informationtobedocumentedaboutinternalauditatthisstageincludes:
• Thesizeandstructureofinternalauditandtheirworkreviewprocess.• Whointernalauditreportsto(i.e.todeterminethedegreeofindependencefromclients).• Thequalificationandexperienceoftheinternalauditors.• Anoutlineofhowtheirworkisdocumented.
Theabilitytoplacerelianceontheworkofinternalauditcanreduceauditrisk.Theauditormaythenbeabletofocusresourcesonareasnotcoveredbyinternalaudit.Totalcoverageintermsofauditreviewwouldthenbeincreased.Theworkofinternalauditcouldalsohelpinfocusingauditresourcesinareasofhighriskidentifiedininternalauditreports.TheconsiderationsinestablishinganoverallauditstrategyhavebeenlistedinappendixtoISSAI1300.Toconcludeonoverallauditstrategysetsthedirectionoftheauditandrelatestowheretheresourcesoftheauditwillbefocused.Thisisbasedonsignificantfactorssuchasmaterialityandtheimpactofassessedrisksofmaterialmisstatement,theresultsofpreliminaryengagementactivitiesandreviewofknowledgegainedonotherengagements.3. MaterialityinPlanningandPerforminganAuditAspartoftheoverallauditstrategy,theauditorestablishesoverallmaterialityforthefinancialstatementsasawholeasstatedinISSAI1320.10.Thisisoneamountcoveringallfinancialstatements.Theconceptofmaterialityisconsideredinfinancialreportingframeworksincontextofpreparationandpresentationoffinancialstatements.Thisincludesconsiderationof:
• Misstatements,includingomissionsthatareconsideredtobematerialifthey,individuallyorinaggregate,couldreasonablybeexpectedtoinfluencetheeconomic(orinthecaseofpublicsectorentities,otherrelevant)decisionsofuserstakenonthebasisofthefinancialstatements;
• Judgmentsaboutmateriality,thataremadeinlightofsurroundingcircumstances,andareaffectedbythesizeornatureofamisstatement,oracombinationsofboth;and
• Judgmentsaboutmattersthatarematerialtousersofthefinancialstatementsarebasedonaconsiderationofthecommonfinancialinformationneedsofusersasgroup.
Thedeterminationofmaterialityisalwaysamatterofauditor’sprofessionaljudgment,andisaffectedbyhisorherperceptionofthefinancialinformationneedsofusersofthefinancialstatements.SAIsmustalsoconsiderthepublicsectorenvironmentinwhichtheentitiesoperate.Thereforetheimpactoflegislation,otherregulationsorauthorityandmoregeneralexpectationsofstakeholdersarealsoconsideredbySAIswhenestablishingmaterialityforaudit.PracticenoteinISSAI1315elaboratesthat
iCAT:FinancialAudit
Chapter4:Planninganauditoffinancialstatement
Page51
whendeterminingmaterialityforplanningpurposesinthepublicsectorbothquantitativeandqualitativemattersaswellasthenatureofitemsareofimportance.Thecontextinwhichthematterappearsmaybeofimportance.ISSAI1315.P10:Whendeterminingwhetheraparticularclassoftransactions,accountbalance,disclosure,orotherassertionwhichispartofthefinancialreportingframework,ismaterialbyvirtueofitsnature,publicsectorauditorstakeintoaccountqualitativeaspectssuchas:
• Thecontextinwhichthematterappears,forexampleifthematterisalsosubjecttocompliancewithauthorities,legislationorregulations,oriflaworregulationprohibitsoverspendingofpublicfunds,regardlessoftheamountsinvolved;
• Theneedsofthevariousstakeholdersandhowtheyusethefinancialstatements;• Thenatureofthetransactionsthatareconsideredsensitivetousersofthefinancial
statements;• Publicexpectationsandpublicinterest,includingemphasisplacedontheparticularmatterby
relevantcommitteesinthelegislature,suchasapublicaccountscommittee,includingthenecessityofcertaindisclosures;
• Theneedforlegislativeoversightandregulationinaparticulararea;and• Theneedforopennessandtransparency,forexampleifthereareparticulardisclosure
requirementsforfraudsorotherlosses.Theconceptofmaterialityisappliedbytheauditorthroughouttheauditin:
• Planning;• Performingtheaudit;• Evaluatingtheeffectofidentifiedmisstatementsontheauditandofuncorrected
misstatements,ifany,onthefinancialstatements;and• Formingtheopinionintheauditor’sreport.
ISSAI1320.11hasanadditionalconceptthatauditorsmustconsiderwhenplanningandperforminganaudit-thatofperformancemateriality.Performancematerialityistheamount(s)setbytheauditoratlessthanoverallmaterialityforthefinancialstatementsasawholeor,ifapplicable,forthematerialityestablishedforparticularclassesoftransactions,accountbalancesordisclosures.Performancematerialityisusedtoreducetoanappropriatelylowleveltheprobabilitythatuncorrectedandundetectedmisstatementswillexceedmaterialityforthefinancialstatementsasawholeorforthematerialityestablishedforparticularclassesoftransactions,accountbalancesordisclosures.Alowerperformancematerialityincreasestheamountofworkthattheauditorwillhavetoperform.Ontheotherhand,ahigherperformancematerialityincreasestheriskofundetectedmisstatements,increasingdetectionriskandthepossibleresultingconclusionthatinsufficientevidencehasbeengathered.Insuchacasetheauditorwouldhavetorevisetheoverallauditstrategy(i.e.knownandprojectedmisstatementsplusuncertaintyaboutundetectedmisstatementsexceedsoverallmaterialityfortheaudit)andcarryoutfurtherauditprocedures.
iCAT:FinancialAudit
Chapter4:Planninganauditoffinancialstatement
Page52
4. PerformingRiskAssessmentProcedures
Theobjectiveoftheriskassessmentphaseoftheauditistoidentifysourcesofrisk,andthentoassesswhethertheycouldpossiblyresultinamaterialmisstatementinthefinancialstatements.
Riskassessmentconsistsoffollowingsteps:
1. Inherentriskidentification;
2. Inherent(preliminary)riskassessment;
3. Identificationofsignificantrisk;
4. Understandinginternalcontrol;
5. Evaluatinginternalcontrol;
6. Finalriskassessment;
Therearetwomajorclassificationsofinherentrisk:businessriskandfraudrisk.Businessrisksresultfromsignificantconditions,events,circumstances,actionsthatcouldadverselyaffecttheentity’sabilitytoachieveitsobjectivesandexecuteitsstrategies.Fraudriskrelatestoeventsorconditionsthatindicateanincentiveorpressuretocommitfraudorprovideanopportunitytocommitfraud(2).
1. InherentRiskIdentification
Tobeginwiththeriskassessmentprocessistogatherrelevantinformationabouttheentity.Thefirststepiscalledriskidentificationandthisinvolves:
• Identifyingsourcesofinherentriskthroughunderstandingtheentity;
• Determiningthepossibleeffectsoftherisksourcesidentified(potentialmisstatementsinthefinancialstatements),includingthepossibilityoffraud;
• Relatingtheeffectsofriskstothefinancialstatementareaandassertionsaffected,ordeterminingthattherisksarepervasivetothefinancialstatementsasawholeandpotentiallyaffectmanyassertions.
Foridentifyingrisksauditormayconsiderfollowingareas:
1) Externalfactorslikenatureofindustry,regulatoryenvironment,financialreportingframework;
2) Natureofentitylikeoperationsandkeypersonnel,governance,investment,structureandfinancing;
3) Accountingpolicieslikeselectionandapplicationofpolicy,reasonsforchangesandappropriatenesstoentity
4) Entityobjectivesandstrategiesandfinancialimplications;
5) Reviewoffinancialperformance;
iCAT:FinancialAudit
Chapter4:Planninganauditoffinancialstatement
Page53
6) Internalcontrolrelevanttotheaudit–processesandrelevantcontrolstomitigaterisksattheentitylevelandatthetransactionallevel.
AsstatedinPracticenotetoISSAI1315identifyingandassessingtherisksofmaterialmisstatementauditormayhavetoconsideraneedforadditionalassertionthattransactionsandeventshavebeencarriedoutinaccordancewithlegislation.InherentriskidentificationisdescribedinISSAI1200.13;1240.11-15,17-18,22-24,44;1315.11.
2. Inherent(preliminary)RiskAssessment
Thesecondstepistoassesstheidentifiedrisksanddeterminetheirimportancefortheauditofthefinancialstatements.Itispreferabletoassesstheinherentrisksbeforeconsideringanyinternalcontrolthatmightmitigatesuchrisks.
Riskassessmentinvolvesconsiderationoftwoattributesabouttherisk:
• Thelikelihoodofamisstatementoccurringasaresultoftherisk.Theauditorcouldevaluatethisprobabilitysimplyashigh,medium,orlow,orcouldassignanumericalscore.
• Themagnitude(monetaryimpact)iftheriskwouldoccur.
Riskassessmentshouldbeaddressedbytheentity’smanagementaswell.Theauditorshallmakeinquiriesofmanagementastohowitidentifiesandmanagesrisk,andthenastowhatriskshaveactuallybeenidentifiedandmanaged.RequirementsofassessmentofinherentriskshavebeencoveredinISSAI1240.25-27;1315.25-26.
3. IdentificationofSignificantRisks
Thirdstepafterthebusinessandfraud(inherent)riskshavebeenidentifiedandassessedistoconsidertheexistenceofsignificantrisks.Asignificantriskiswheretheassessedriskofmaterialmisstatementissohighthat,intheauditor’sjudgment,itwillrequirespecialauditconsideration.Significantrisksareassessedbeforeconsiderationofanymitigatingcontrols.Significantriskisbasedontheinherentrisk(beforeconsideringtherelatedinternalcontrol)andnotthecombinedrisk(consideringbothinherentandinternalcontrolrisks).
Examplesforsignificantrisksarelargenon-routinetransactions;mattersrequiringjudgmentormanagementinterventionorpotentialfraud.
Whenariskisclassifiedassignificant,theauditorshouldconsidertherespond:
1) Evaluatinginternalcontroldesignandimplementationovereachsignificantrisk.Considertheexistenceofdirectcontrolssuchascontrolactivitiesandindirect(pervasive)controlswhichmaybeincludedinthecontrolenvironment,riskassessment,informationsystems,andmonitoringelements.
2) Designinganauditresponsetotheidentifiedsignificantrisks.Theseprocedureswouldbedesignedtoobtainauditevidencewithhighreliability,andcouldincludetestsofcontrolsandsubstantiveprocedures.
iCAT:FinancialAudit
Chapter4:Planninganauditoffinancialstatement
Page54
3) Substantiveanalyticalproceduresalonearenotsufficient.Theuseofsubstantiveanalyticalproceduresisnotconsideredanappropriateresponsetoaddressasignificantrisk.
ISSAIsrequirementsconcerningsignificantrisksareasfollowing:1240.26;1315.4,25,27-29;1330.21;1550.18-19.
4. UnderstandingInternalControl
Nextstepinriskassessmentphaseistounderstandinternalcontrolrelevanttotheaudit.Internalcontrolreferstotheprocesses,policies,andproceduresdesignedbymanagementtoensurereliablefinancialreportingandthepreparationoffinancialstatementsinaccordancewiththeapplicableaccountingframework.Internalcontroladdressessuchmattersasmanagement’sattitudetowardcontrol,competenceofkeypeople,riskassessment,accounting,andotherfinancialinformationsystemsinuse,aswellasthetraditionalcontrolactivities.Internalcontrolscanbebroadlycategorizedaspervasive(orentity-level)controlsthataddresspervasiverisksandspecific(transactional)controlsthataddressspecificrisks.
Obtainingasufficientunderstandingofinternalcontrolrelevanttotheauditinvolvestheperformanceofriskassessmentprocedurestoidentifythecontrolsthatwilldirectlyorindirectlymitigatematerialmisstatements.Notallcontrolactivitiesarerelevanttotheauditandauditorisonlyconcernedwithevaluatingthosecontrolsthatmitigateariskofamaterialmisstatementinthefinancialstatements.
Theinformationobtainedaboutinternalcontrolswillassisttheauditorinassessingtheresidualrisk(inherentandcontrolrisk)ofmaterialmisstatementatthefinancialstatementandassertionlevelsanddesigningfurtherauditproceduresthatareresponsivetotheassessedrisks.UnderstandingofinternalcontrolsiscoveredinISSAI1315.4,12,14-15,18-22.
5. EvaluatingInternalControl
Nextauditorwillevaluatecontroldesignandimplementationofinternalcontrols(3).Evaluationofcontroldesignandimplementationofinternalcontrolsmeansthatauditorshall:
• Identifytheinherentrisksofmaterialmisstatement(businessandfraudrisks),andwhethertheyarepervasiverisksorspecificrisks.
• Identifythecontrolsmitigatetherisksidentifiedandassesswhetherthecontrolsdoinfactmitigatetherisks.
• Observeorinspecttheoperationofrelevantinternalcontrolstoensurethattheyhaveindeedbeenimplemented.
• Documenttheoperationoftherelevantinternalcontrolsidentified.
EvaluatinginternalcontrolsISSAIhasfollowingrequirementsISSAI1315.13,29,32;1260.10;1265.6-11.
6. RiskAssessment
iCAT:FinancialAudit
Chapter4:Planninganauditoffinancialstatement
Page55
Thefinalstepintheriskassessmentphaseoftheauditistoreviewtheresultsoftheriskassessmentproceduresperformed,andassesstherisksofmaterialmisstatementsatthefinancialstatementlevelandtheassertionlevelforclassesoftransactions,accountbalances,anddisclosures.
Theresultinglistofassessedriskswillformthefoundationforthenextphaseintheaudit,whichistodeterminehowtorespondappropriatelytotheassessedrisksthroughthedesignoffurtherauditprocedures.
Theevidenceobtainedtodate,byperformingriskassessmentprocedures,consistsofidentificationandassessmentofinherentrisks,andthedesignandimplementationofinternalcontrolsthataddressthoserisks.Theriskofmaterialmisstatementistheremainingriskaftertakingintoaccounttheeffectofinternalcontrolsputinplacetomitigatetheinherentrisks.AssessingtheriskofmaterialmisstatementshasbeenexplainedISSAI1315.25,26,32.
Thesummaryofassessedriskscanbedocumented:
• Aseparatedocumentthatsummarizestheinherentandcontrolriskassessments.
• Includewiththeoverallauditstrategyandauditplan.Thefirstpartofeachsectionoftheauditplan(suchasforreceivables,payables,etc.)couldoutlinetheriskassessmentsandtheimpactontheplannedauditprocedures.
• Incorporateriskassessmentsaspartoftheauditor’sdocumentationoffurtherprocedures.Inthiscase,theriskassessments,auditplans,andtheresultsofworkperformedcouldallbedocumentedinonecomprehensiveworkingpaperforeachfinancialstatementarea.
5. RiskResponse
Intheriskresponsephaseoftheaudit,theobjectiveistoobtainsufficientappropriateauditevidenceregardingtheassessedrisks.Thismeansdesigningandimplementingappropriateresponsestotheassessedrisksofmaterialmisstatementatthefinancialstatementandassertionlevels.Theobjectiveindesigninganappropriateauditresponseistoobtainevidencethataddressestheriskassessmentsdevelopedforeachrelevantassertion.Pervasiverisksatthefinancialstatementlevelareaddressedthroughthedesignandimplementationofanoverallresponsebytheauditor.
Developinganauditplaninvolves3generalsteps.Thefirststepistodevelopanappropriateoverallresponsetoassessedrisksatthefinancialstatementlevel.Thenextstepistoidentifyspecificproceduresrequiredformaterialfinancialstatementareas.Iftheassertionscannotbeaddressedbysubstantivetestsalone,testsofcontrolswillberequired.Thelaststepistodeterminethenatureandextentofauditproceduresrequired.Auditorshalluseprofessionaljudgmenttochoosetheappropriatemixofproceduresandextentoftestingrequiredtorespondappropriatelytotheassessedrisksattheassertionlevel.
Acompleteauditplanshouldcoverareas:
• Allmaterialfinancialstatementareasbeenaddressed
iCAT:FinancialAudit
Chapter4:Planninganauditoffinancialstatement
Page56
• Useofevidenceobtainedinpriorperiodsisdecided
• Thefinancialstatementclosingprocessbeenaddressed
• Significantriskshavebeenaddressed
• Evidenceobtainedfrominterimtestinghasbeenupdated
• Potentialrisksoffraudhavebeenaddressed
Documentationofriskresponse:
Theoverallriskresponsesmaybedocumentedasastand-alonedocumentoraspartoftheoverallauditstrategy.Thedetailedauditplancanbedocumentedintheformofanauditprogramthatoutlinesthenatureandextentofproceduresandtheassertion(s)beingaddressed.
ISSAIrequirementsconcerningriskresponsearefollowing:ISSAI1330.5-10,15,18-22,24;ISSAI1260.15;ISSAI1300.9-12;ISSAI6-7,10.
6. FurtherExplanationsofConsiderationintheAuditPlanningAccountingestimates:Whenandhowpublicsectorentities’useaccountingestimatesdependsonthetypesoffinancialitemsreportedandontheapplicablefinancialreportingframework.Someimportantestimatesinthepublicsectormayrelatetoassets,liabilitiesanddisclosureitemsandarelistedinpracticenoteofISSAI1540.Theobjectiveofthepublicsectorauditoristoobtainsufficientappropriateauditevidenceaboutwhetheraccountingestimatesarereasonableandrelateddisclosuresareadequateinthecontextofthefinancialreportingframework.Relatedparties:AsstatedinthepracticenoteISSAI1550publicsectorentitiesmayalsobesubjecttospecificrestrictionsonthenatureandscopeofthetransactionsthattheycanhavewithrelatedparties.Therestrictionsmayprohibittransactionsorpracticesthatmightbepermissibleinrelatedpartyrelationshipsoutsidethepublicsector.Thespecifiesforpublicsectorauditorsinobtaininganunderstandingofthepublicsectorentity’srelatedpartyrelationshipsandtransactionsareexplainedinpracticenotetoISSAI1550.Goingconcern:AsexplainedinpracticenoteofISSAI1570publicsectorentitiesmayspendmoreinoneyearthantheyhaveresourcestocover,suchthattheirincomemaybelessthantheirexpenditureorthereisanexcessofliabilitiesoverassets.However,itisuncommonfortheoperationalexistenceofapublicsectorentitytoceaseoritsscaleofoperationstobesubjecttoaforcedreductionasaresultofaninabilitytofinanceitsoperationsorofnetliabilities.Informingaviewoftheentity’sabilitytocontinueitsoperations,publicsectorauditors’considerationofgoingconcernembracestwoseparate,butsometimesoverlapping,factors:
iCAT:FinancialAudit
Chapter4:Planninganauditoffinancialstatement
Page57
• Thegreaterriskassociatedwithchangesinpolicydirection(forexample,wherethereisachangeingovernment);and
• Thelesscommonoperational,orbusiness,risk(forexample,whereanentityhasinsufficientworkingcapitaltocontinueitsoperationsatitsexistinglevel).FurtherguidanceongoingconcernissuesinpublicsectorisoutlinedinpracticenoteofISSAI1570.
Summary
Thischapteroutlinedtheprocessfordevelopinganoverallauditstrategyfortheaudit.Itindicatedthatthefirststepinauditplanninginvolvesestablishingtheoverallauditstrategyfortheengagementasabasisfordevelopingadetailedauditplan.Theoverallauditstrategyisdistinctfromtheauditplaninthatitsetsaframeworkforthescope,timinganddirectionoftheaudit.Thisratherguidesthedevelopmentofthedetailedauditplan,whichcontainsmorein-depthinformationontheresultsoftheriskassessmentandontheactualauditprocedurestobeconducted.
Theobjectiveoftheriskassessmentphaseoftheauditistoidentifysourcesofrisk,andthentoassesswhethertheycouldpossiblyresultinamaterialmisstatementinthefinancialstatements.Riskassessmentconsistsofidentificationofinherent(businessandfraud)risk,preliminaryassessmentofthoserisks,thenidentificationofsignificantrisks,followedbyunderstandingandevaluatingofinternalcontrolsrelevanttoaudit.Thefinalstepintheriskassessmentphaseoftheauditistoreviewtheresultsoftheriskassessmentproceduresperformed,andthenassess(or,ifalreadyassessed,summarize)therisksofmaterialmisstatementsatfinancialstatementlevelorassertionlevel.Thenextphaseoftheauditisdetermininghowtorespondappropriatelytotheassessedrisksthroughthedesignoffurtherauditprocedures.
NextchapteronFieldworkprovideguidanceontheissuesofconductingauditproceduresandobtainingsufficientauditevidence.
iCAT:FinancialAudit
Chapter5:Fieldwork
Page58
Chapter5
Fieldwork
Introduction
In the previous chapter the facilitator has becomeaware of the various phases of the planning cycle.After assessing the risk the auditor’s response is to design audit procedures to address those risksidentified.Inthischapterthefacilitatorwillbetakenthroughtherequirementsofthefieldworkstageoftheaudit.
ISSAI 1330 notes that the auditor needs to design and implement overall responses to address theassessedrisksofmaterialmisstatementatthefinancialstatementlevelaswehavediscussedinthelastmodule.Suchoverallresponsestoaddresstheassessedrisksofmaterialmisstatementinclude:
• Emphasizingtotheauditteamtheneedtomaintainprofessionalscepticism.ItisdiscussedinPre-engagementchaptercoretextinsection4.
• Assigningmoreexperiencedstafforthosewithspecialskillsorusingexperts.
• Providingmoresupervision.
• Designingfurtherauditprocedurestoaddresstheelementsofunpredictability.
• Makinggeneral changes to thenature, timing,orextentofauditprocedures; forexample,performing substantive procedures at the period end instead of at an interim date; ormodifyingthenatureofauditprocedurestoobtainmorepersuasiveauditevidence. (ISSAI1330Para3)
TheISSAIshas123requirementsforthefieldworkstageoftheauditandtheserequirementsarecrossreferencedintheiCAT.ThiscoretextisnotasubstituteforthereadingoftheISSAIsbutitcanbeusedtodevelopabetterunderstandingofthestandardsrelatingtofieldwork.
In thecore textwewillbe focusingon theauditdocumentation,auditprocedures, thequalitycontrolrelatingtotheauditfieldworkandexplanationofsomekeyconceptsrelevanttoconductinganaudit.
1. AuditDocumentation
1.1 PurposeofAuditDocumentation
The audit documentation shall include theoverall responses to address the assessed risks ofmaterialmisstatement at the financial statement level, and thenature, timing, andextentof the further auditprocedures performed. Documentation should establish the linkage of those procedures with theassessedrisksat theassertion level;andtheresultsof theauditprocedures, includingtheconclusionswherethesearenototherwiseclear.
iCAT:FinancialAudit
Chapter5:Fieldwork
Page59
Theformandextentofauditdocumentationisamatterofprofessionaljudgment,andisinfluencedbythenature,sizeandcomplexityoftheentityanditsinternalcontrol,availabilityofinformationfromtheentityandtheauditmethodologyandtechnologyusedintheaudit.
If the auditor plans to use audit evidence about the operating effectiveness of controls obtained inprevious audits, the auditor shall include in the audit documentation the conclusions reached aboutrelying on such controls that were tested in a previous audit. The auditor’s documentation shalldemonstratethatthefinancialstatementsagreeorreconcilewiththeunderlyingaccountingrecords.
1.2 Workingpapers
Theworkingpapersofauditshoulddocumenttheauditproceduresundertaken, theconclusiondrawnand implicationsontheauditopinion.Theyshouldalsorecordthereasoningonall significantmatterswhere the auditors have used their judgment. This documentation will help auditors of financialstatementsensurethattheycompletedall theworkrequired.Thedocumentsprovidetheevidencetosupporttheauditopinionreachedandallowreviewoftheauditwork.
Theworkingpapersshouldrecord:
• All the audit procedures in the plan performed and the justification given for any deviation therefrom;
•Resultsoftheauditprocedures,drawingoutclearlyanyerrorsorcontrolweaknessesidentified;
•Allerrorsorcontrolweaknessesinvestigatedanddiscussedwiththemanagement,asnecessary;
•Anymattersthatareunresolvedorthatshouldbeinformedtotheentity;and
• The conclusions made by the auditors from the audit execution phase, the judgments made inreachingsuchconclusionsandreasonsunderlyingthem.
All correspondence with the entity should be retained together with any minutes of the meeting inaccordancewiththeSAI’spolicy.
Auditdocumentationshouldbeofgoodqualitysothatanexperiencedandcompetentauditorwithnopreviousassociationwiththeentityshouldbeabletoascertaintheevidencegatheredandunderstandandsupporttheconclusionsreachedwithoutanydifficulty.Thiswillalsobemorerelevantintheeventthatthereisanunexpectedchangeintheauditteam.
2. AuditSampling
2.1Overview
After designing tests of controls and substantive tests, the auditor should identify the items ortransactionsonwhichtoperformtheauditprocedures,appropriatetothepurpose.Thisshouldbedoneinordertogathersufficientappropriateauditevidencetomeettheobjectivesoftheauditproceduresincludingwhentheobjectiveistoevaluatethecompliancewithlawsandregulations.Theobjectiveisto
iCAT:FinancialAudit
Chapter5:Fieldwork
Page60
provide a reasonable basis for the auditor to draw conclusions about the population fromwhich thesampleisselected.(ISSAI1530.4-9)
InthePublicSectorauditsamplingmaybeaffectedbytheSAI’smandate,whichinadditiontoexpressingan opinion on the financial statement may be to report on compliance with legislature, regulatory,ministerial directive and government policies. Also, reviewing non-financial information contained infinancialstatements,publicsectorauditorsconsiderwhethersamplingwillbeusefulintestingsuchnon-financialinformationcontainedinfinancialstatements.
The use of audit sampling for testing compliance with authorities is similar to other uses of auditsamplinginthatpublicsectorauditors:
• Determinesampledesignandauditparameters,includingmateriality,desiredconfidencelevel,andsampleselectionmethod;
• Performrelevantauditproceduresoneachitemselected;
• Investigatethenatureandcausesofnon-compliance;and
• Evaluate the results, including projecting the results across the population if the sample wasselectedusingstatisticalprocedures
2.2SampleDesign,SizeandSelectionofItemsforTesting
WhendesigninganauditsampleasrequiredbyISSAI1530publicsectorauditorsmaysetdifferentlevelsofparameters,includingmaterialityandahigherlevelofconfidence,andthismayaffectthesamplesize.Publicsectorauditorsmightdesignseparatesamplestotestcontrolsandcomplianceormaydesignonesample to test both. For example, a sample of disbursements might be used to test controls overdisbursementsaswellaswhetherthedisbursementswereinaccordancewithauthorities.
The auditor should select items for the sample with the expectation that all sampling units in thepopulation have a chance of selection. The sample size can be determined by the application of astatistically-based formulaor through theexerciseofprofessional judgmentobjectively applied to thecircumstances.
2.3Performrelevantauditprocedures
Theauditorshouldperformauditproceduresappropriatetotheparticularauditobjectiveoneachitemselected. If a selected item is not appropriate for the application of the audit procedure, the auditprocedureshouldbeperformedonareplacementitem.
Sometimes however, the auditor is unable to apply the designed audit procedures to a selected itembecause, for instance, documentation relating to that item has been lost. If suitable alternative auditprocedurescannotbeperformedonthatitem,theauditorordinarilyconsidersthatitemtobeeitheradeviationfromtheprescribedcontrol,inthecaseoftestsofcontrols,oramisstatement,inthecaseofsubstantivetests.(ISSAI1530.11)
2.4EvaluationofResults
iCAT:FinancialAudit
Chapter5:Fieldwork
Page61
The auditor should evaluate the sample results, the nature and cause of any deviations ormisstatements identified,andtheirpossibleeffecton theparticularauditobjectiveandotherareasofthe audit. At the end the auditors should evaluatewhether the use of audit sampling has provided areasonablebasisforconclusionsaboutthepopulationthathasbeentested.(ISSAI1530.12;15)
Auditors should also consider instances where for example management cannot provide adequateexplanations for deviations and misstatements. In some environments such as a Court of Accountsenvironment auditors may be obliged to investigate further the underlying reasons for the lack ofinformationanddeterminewhoisresponsible.(ISSAI1530P11;P12)
Inthecaseoftestsofcontrols,anunexpectedlyhighsampleerrorratemay leadtoan increase intheassessed risk of material misstatement, unless further audit evidence substantiating the initialassessmentisobtained.Auditorsshouldre-assessthecontrolreliancetoalowerlevel(mediumornone)intheRelianceonkeycontrolsforcomponents.
Inthecaseofsubstantivetesting,unexpectedlyhighrateofmisstatements inasamplemaycausetheauditor to believe that an account balancemay bemateriallymisstated. This is the case for examplewhen the total accumulated errors andmisstatements on the account balance projected to the totalaccountbalanceexceedthetolerablemisstatement.
3. AuditProcedures
3.1Overview
After gaining an understanding of the audit entity, its environment and internal controls and havingconducted a risk assessment, audit procedures are identified to address those risks. These can besummarizedasfollows:
• Testofcontrol
• Substantiveprocedures
o Substantiveanalyticalprocedures
o Testofdetails
3.2TestsofcontrolsTest of controls areperformed to address the effectiveness of the entity’s controls. In designing andperformingtestsofcontrols,theauditorshouldconsiderhowthecontrolswereapplied,theconsistencyof application and bywhomor bywhatmeans theywere applied. The auditor should also establishwhetherthecontrolstobetestedareaffectedbyotherindirectcontrolsandifitisnecessarytoconsiderthesecontrolswhenobtainingsupportiveauditevidence.Testsofcontrolsshouldbeconductedfortheparticulartimeorperiodforwhichtheauditorintendstorelyonthesecontrols(ISSAI1330,Para10to11).Thecontrolsthatarerequiredtobeassessedare:
• Relevantcontrols• Controlsrelatingtosignificantrisks
iCAT:FinancialAudit
Chapter5:Fieldwork
Page62
3.3 SubstantiveProceduresISSAI1330stipulatesthat,irrespectiveoftheassessedrisksofmaterialmisstatement,theauditorshoulddesign and perform substantive procedures (i.e. substantive analytical procedures and/or substantivetestofdetails)foreachmaterialclassoftransactions,accountbalance,anddisclosure.Thisrequirementreflectsthefactthat(a)theauditor’sassessmentofriskisjudgmentalandsomaynotidentifyallrisksofmaterialmisstatement;and(b)thereareinherentlimitationstointernalcontrol,includingmanagementoverride.3.3.1NatureandExtentofSubstantiveProceduresDependingonthecircumstances,theauditormaydeterminethat:• Performing only substantive analytical procedures will be sufficient to reduce audit risk to an
acceptably low level. For example, where the auditor’s assessment of risk is supported by auditevidencefromtestsofcontrols.
• Onlytestsofdetailsareappropriate.• A combinationof substantive analytical procedures and testsof details aremost responsive to the
assessedrisks.Ifsubstantiveproceduresareperformedataninterimdate,theauditorshallcovertheremainingperiodbyperforming:
a. substantiveprocedures,combinedwithtestsofcontrolsfortheinterveningperiod;orb. if the auditor determines that further substantive procedures alone is sufficient to provide a
reasonablebasisforextendingtheauditconclusionsfromtheinterimdatetotheperiodend.
TheextentoftestingshouldbelinkedtotheSAIssamplingmethodologyandassessmentofmateriality.3.3.2SubstantiveAnalyticalProcedures
Analyticalprocedurescanbeusedineachphaseoftheaudit.
•Atthebeginningoftheaudit,analyticalproceduresareusedasariskassessmentprocedure.
•During the audit, analytical procedures are performed to analyze variances in data and tosubstantiatecertaintransactionstreamsandaccountbalances.
•Near the end of the audit, analytical procedures are performed to determine whether thefinancialstatementsareconsistentwiththeauditor’sunderstandingoftheentity,ortoindicateapreviouslyunrecognizedriskofmaterialmisstatementduetofraud.
3.3.3TestofDetailsTheauditopinionrequiresassuranceontheassertionsthatwhenaggregatedprovidesanopiniononthefinancialstatements.Thetestofcontrolsandsubstantiveanalyticalprocedurescanprovideasubstantial
iCAT:FinancialAudit
Chapter5:Fieldwork
Page63
amount of assurance; however, there are instances where they may not be comprehensive. Twoexamplesofwherefurthertestofdetailsmayberequiredinclude:
• Testingcomplianceoflawsandregulations• Testingofitemslinkedtosignificantrisks
4. AuditEvidence4.1OverviewDuring the audit execution phase, the auditor should obtain the audit evidence from a number ofsourcesinanumberofwaysinsupportofbothtestingofcontrolsandsubstantiveprocedures.Followingarethemethodsofobtainingauditevidence:• Inspection• Observation• Inquiryandconfirmation• Computation• Analyticalprocedure• Surveys• Interviews
4.2EvaluatingtheSufficiencyandAppropriatenessofAuditEvidenceIftheauditorhasnotobtainedsufficientappropriateauditevidenceastoamaterialfinancialstatementassertion, theauditorshallattempt toobtain furtherauditevidence. If theauditor isunable toobtainsufficientappropriateauditevidence,theauditorshallexpressaqualifiedopinionordisclaimanopiniononthefinancialstatements.The reliability of audit evidence is increased (with some exceptions) when it is obtained fromindependentsourcesoutsidetheentity.Toavoidunwarrantedrelianceonasourceofdataused,theauditorwouldperformsubstantivetestsoftheunderlyingdatatodeterminewhetheritissufficientlyreliable,ortestwhetherinternalcontrolsoverthedata’scompleteness,existence,andaccuracyareoperatingeffectively.Insomecases,non-financialdata (for example, quantities and types of items produced) will be used in performing analyticalprocedures. Accordingly, the auditor needs an appropriate basis for determining whether the non-financialdataissufficientlyreliableforthepurposesofperformingtheanalyticalprocedures.Auditevidence intheformofexternalconfirmationsreceiveddirectlybytheauditor fromappropriateconfirmingpartiesmayassisttheauditorinobtainingauditevidencewiththehighlevelofreliabilitythattheauditor requires to respond to significant risksofmaterialmisstatement,whetherdue to fraudorerror.4.3DifferencesfromExpectations/ContradictoryEvidenceWhendifferencesareidentifiedbetweenrecordedamountsandtheauditor’sexpectations,theauditorwould consider the level of assurance that the procedures are intended to provide and the auditor’s
iCAT:FinancialAudit
Chapter5:Fieldwork
Page64
performancemateriality.Theamountof theacceptabledifferencewithout investigationwould, inanyevent,needtobelessthanperformancemateriality.Proceduresusedfortheinvestigationcouldinclude:• Reconsideringthemethodsandfactorsusedinformingtheexpectation;• Making inquiries of management regarding the causes of differences from the auditor’s
expectations and assessing management’s responses, taking into account the auditor’sunderstandingofthebusinessobtainedduringthecourseoftheaudit;and
• Performing other audit procedures to corroboratemanagement’s explanationsAs a result of thisinvestigation,theauditormayconcludethat:
• Differences between the auditor’s expectations and recorded amounts do not representmisstatements;or
• Differencesmay representmisstatements,and furtherauditproceduresneed tobeperformed toobtain sufficient appropriate audit evidenceas towhether amaterialmisstatementdoesordoesnotexist.
5. CommunicationwiththeAuditTeam5.1InternalCommunicationCommunicationwith the audit team should be throughout the audit and this should be documented.Discussioncouldfocusonthe:• Auditresults• Progress,andissuesidentified• Changesinauditplan• Newinformation• Unusualevents/transactions,suchasfraudandrelatedpartiestransactions• Suggestionsfornextperiod’saudit
Auditteammembersshouldbeencouragedtocommunicateandsharetheinformationthattheyobtainthroughouttheauditonanymattersofrelevance,particularlywhenitaffectstheassessmentofriskandplannedauditprocedure.ISSAI1240Paragraph15requiresadiscussionamongtheengagementteammembersanddetermination by the engagement partner of whichmatters are to be communicated to those teammembersnotinvolvedinthediscussion.Inthepublicsector,thediscussionmayalsocovertheadditionalobjectives and related risks of material misstatement. Public sector auditors may include auditorsengagedinperformanceauditsandotherauditactivitiesoftheentityinsuchadiscussion.Discussing thesusceptibilityof theentity’s financial statements tomaterialmisstatementdue to fraudwiththeengagementteam:• Providesanopportunityformoreexperiencedengagementteammemberstosharetheirinsights
abouthowandwherethefinancialstatementsmaybesusceptibletomaterialmisstatementduetofraud.
• Enables the auditor to consider an appropriate response to such susceptibility and to determinewhichmembersoftheengagementteamwillconductcertainauditprocedures.
iCAT:FinancialAudit
Chapter5:Fieldwork
Page65
• Permits the auditor to determine how the results of audit procedureswill be shared among theengagement teamandhow todealwith any allegations of fraud thatmay come to the auditor’sattention.ISSAI1240(A10)
5.2ExternalCommunication:WrittenRepresentationsWrittenrepresentationsareanimportantsourceofauditevidence,forreasonssuchasthefollowing:• Ifmanagementmodifiesordoesnotprovidetherequestedwrittenrepresentations,itmayalertthe
auditortothepossibilitythatoneormoresignificantissuesmayexist;and• Arequestforwritten(ratherthanoral)representationsmaypromptmanagementtoconsidersuch
mattersmorerigorously,therebyenhancingthequalityoftherepresentations.Writtenrepresentationsarerequestedfromthoseresponsible for thepreparationandpresentationofthefinancialstatementsandknowledgeofthemattersconcerned.Theauditorisrequiredtorequestmanagementtoprovideawrittenrepresentationthat:• Ithas fulfilled its responsibility for thepreparationof the financial statements inaccordancewith
theapplicablefinancialreportingframework;• Ithasprovidedtheauditorwithall relevant informationandaccessasagreed in thetermsof the
auditengagement;and• Alltransactionshavebeenrecordedandarereflectedinthefinancialstatements.
If management does not provide these required representations, or if the auditor concludes there issufficient doubt about the integrity ofmanagement such that these representations are not reliable,then the auditor must disclaim an opinion on the financial statements. Written representations alsosupportotherevidencerelevanttothefinancialstatements.6. QualityControl6.1BeforetheAuditBefore the commencement of the audit, the engagement leader should ensure that the engagementteamis:
• Independent,andthatnoconflictsofinterestexist:and• Competenttoperformtheworkwiththerequiredresourcesandtimeavailability;
Theengagement shouldensure that if the SAIpolicy includes completionof adeclaration toattest toindependence,thenthisformiscompletedandplacedonfileaspartofthedocumentation.Also,duringtheaudittheengagementshouldbealertofanymatterorcircumstancesthatmightthreatentheteam’sindependence.6.2DuringtheAuditEngagementPerformanceDuringthefieldworktheengagementleadershalltakeresponsibility,amongotherthings,for:
iCAT:FinancialAudit
Chapter5:Fieldwork
Page66
a. the direction, supervision and performance of the audit engagement in compliance with
professionalstandardsandapplicablelegalandregulatoryrequirements;andtheauditor’sreportbeingappropriateinthecircumstances;
b. reviewsbeingperformedinaccordancewiththefirm’sreviewpoliciesandprocedures;c. theengagementteamundertookappropriateconsultationondifficultorcontentiousmatters;d. determining whether there is a need for an engagement quality review and if so determined
ensuringthatanengagementqualityassurancereviewerhasbeenappointed.Wheredifferencesofopinionarisewithin theaudit reamwith thoseconsultedand,whereapplicable,betweentheengagement leaderandtheengagementqualitycontrolreviewer, theaudit team,shouldfollowtheSAI’spoliciesandproceduresfordealingwithandresolvingdifferencesofopinion.Theengagement leadershouldensurethatreviewsareperformedinaccordancewiththeSAI’sreviewpoliciesandprocedureswhichshouldmeettherequirementsofISSAI40.(Ref:ISSAI1220paragraphs16andA.16toA.17,A.20andISSAI40-paragraphs32andA.34)The engagement leader/supervisor is responsible for ensuring that reviews of theworking papers arecarriedoutinordertobesatisfiedthattheydemonstratethatsufficientappropriateauditevidencehasbeen obtained to support conclusions reached for the auditor’s report to be issued (Ref. ISSAI 1220paragraphs17andA.18toA.20).Evidenceofworkingpaperreviewshouldindicatewhatauditworkwasreviewed,whoreviewedsuchwork,andwhenitwasreviewed.6.3ConsultationandDifferencesofOpinionWheredifferencesofopinionariseduringtheauditwithintheengagementteam,withthoseconsultedand,whereapplicable,withintheSAI,theSAIshouldhavepoliciesandproceduresfordealingwithandresolvingdifferencesofopinion.TheengagementleaderincarryingoutreviewsshouldensurethattheSAI’spolicyandprocedureswerefollowedandresultsdocumented.6.4EngagementQualityControlReview(EQCR)EQCR is the objective evaluation of the significant judgments made by the audit team and theconclusions reached in formulating the independent auditor’s report. As part of the systemof qualitycontrol, ISSAI 40 states that an EQCR should be performed for all auditsmeeting the agreed criteria.Examples:
• whereaqualifiedoradverseopinionisbeingproposedoranticipated;• whereclientactivitiesareofspecialinteresttothegeneralpublicormedia;and• whereclientsareconsideredasbeingofhigherauditrisk, forexampledueto:ahistoryofweak
internalsystemsofcontrol;orwherecomplexornovelaccountingissuesexistDuringthefieldwork,theengagementleadershouldensurethatEQCRisconductedinatimelymannerin accordance with the SAI’s policy and significant matters were resolved prior to the opinion beingissued. Also, the engagement leader should ensure that the person who conducted the ECQR wasobjective and not involved with the audit. Additionally, conclusions reached on the EQCR must bedocumented.
7. Otherkeyareasnamely:AccountingEstimatesandGoingConcern
iCAT:FinancialAudit
Chapter5:Fieldwork
Page67
7.1AccountingEstimates
ReviewingestimatesrelatingtospecifictransactionsandbalancestoidentifypossiblebiasesonthepartofmanagementaccordingtoISSAI1540.Furtherprocedurescouldincludethefollowing:• Reconsideringtheestimatestakenasawhole;• Performing a retrospective review of management’s judgments and assumptions related to
significantaccountingestimatesmadeinthepriorperiod;and• Determining whether the cumulative effect of bias in management’s estimates amounts to a
materialmisstatementinthefinancialstatements.
7.2GoingConcernPublicSectorAssumptiononGoingConcernCessationof apublic sector entity ismost likely to result froma governmentpolicydecision.Apolicydecisionmaybetakentowindupanddissolveanentityinitsentirety,toscalebackitsoperationsandtransfersomeofitsfunctionstoanotherpublicentity,mergewithanotherpublicentityorprivatizetheentity.Ineachofthesecasestheoperationalexistenceofallorpartoftheentityceases.Only in thecaseofdissolutionwithoutanycontinuationof theentitywould thegoingconcernbasisceasetobeappropriateinthepublicsector.Informingaviewoftheentity’sabilitytocontinueitsoperations,publicsectorauditors’considerationofgoingconcernembracestwoseparate,butsometimesoverlapping,factors:
• Thegreaterriskassociatedwithchangesinpolicydirection(forexample,wherethereisachangeingovernment);and
• The less common operational, or business, risk (for example, where an entity has insufficientworkingcapitaltocontinueitsoperationsatitsexistinglevel;cessationofdonorfunding).
AnomalyandmisstatementsidentifiedToprogresstheaudit, thefacilitatorwillevaluateallmisstatementsandotheraudit findings(includinganomalies)andconsiderthemforthereportingphasewhichiscoveredinthenextmoduleConclusionInthischapterwehavecoveredtheauditor’sresponsetotheassessedriskofmaterialmisstatementatthefinancialstatementandassertionlevel.Inrespondingtosuchrisktheauditorshoulddeterminethenature,timingandextentoftestingthatwillbeperformed.Thesufficiencyandappropriatenessofauditevidence will then be assessed. The results of the audit will also be assessed, documenting workperformedandcommunicationbothinternallyandexternally.Havingcompletedthischapter it isexpectedthatfacilitators/personscarryingoutthe iCATassessmentwillbefamiliarwiththerequirementsoftheISSAIsthatrelatestofieldworkandshouldensurethatthe
iCAT:FinancialAudit
Chapter5:Fieldwork
Page68
SAIhasdocumentary evidencemaybe in the formof an audit program that link the audit plan to theassessed risk, the work performed, audit results that will form the basis of the audit opinion, staffsupervisionandworkingpaperreview.InfillingthecolumnsoftheiCATwheresuchevidenceexiststhefacilitator should ensure that itmeets the requirement of the ISSAIs and indicate this in the relevantcolumn. If the SAI is non-compliant the reason for non-compliance should also be indicated in therelatediCATcolumn.Attheendofthischapterthefacilitatorwillbeabletoevaluatethecriticalaspectsofthefieldworkstageoftheaudit.Themainissuessurroundensuringthattheauditevidencesupportsanyconclusionsdrawnfromthefieldwork.Furthermore,thattheconclusionsdrawnareinlinewiththeauditapproachoftheSAI as to minimize audit risk and make an appropriate assessment as to whether there is materialmisstatementsinthefinancialstatements.Nextchapter is the lastpartofguidance for level4 ISSAIsonreporting.Aftercompletingnextchapterpleaseconsiderascertainingthestatusoflevel2ISSAIsasmentionedinchapter2..
iCAT:FinancialAudit
Chapter6:Conclusionandreporting
Page69
Chapter6
ConclusionandReporting
Introduction
In the previous chapter the focus was on the concepts of designing and implementing further auditprocedures,which includedwhether tests of control or substantive procedures (substantive analyticalproceduresandtestofdetails)havebeendeterminedandconducted.Inthischapterwewillcoverhowthe misstatements accumulated during the audit will be evaluated and the preparation of auditor’sreportwithanopiniononthefinancialstatement.
ISSAI1450 (EvaluatingMisstatements Identifiedduring theAudit) stipulates that, after completing theaudit, theauditorshallaccumulate themisstatementsandevaluate themisstatementsonbasisof theoverallmateriality.Afterevaluatingtheauditevidenceobtained,theauditors’needstoformanopinionon the financial statements based on conclusions drawn and express that opinion through a writtenreport.1. AccumulatingMisstatements
To evaluate the aggregate effects ofmisstatements on the financial statements, the auditor needs toaccumulateall knownand likelymisstatements.This should includeallmisstatementsdetectedby theauditor, including any that the entity corrected during the audit. It is important to consider allmisstatements tohavearecordof the impactof theaudit,bringallmisstatements totheattentionofthe appropriate level of management, and assist the auditor in evaluating the risk of furthermisstatementasapartoftheconsiderationofunadjustedmisstatements.ISSAI1450.5-9.Misstatements may result from incorrect data, omission of an amount or disclosure, incorrectaccounting, judgmentsofmanagement that theauditorconsidersunreasonable.Publicsectorauditorsmayhaveanadditionalresponsibilitytoincludeinstancesofnon-complianceandweaknessesininternalcontrolsinaccumulatingmisstatements.ISSAI1450PNP9,PNP10Theauditor’sresponsibilityinaccumulatingmisstatementsistodetermine:• whethertheauditstrategyandplanneedtoberevisedinordertodomoredetailedtesting,ifthere
isevidencethatthemisstatementmaynotbeanisolatedincidence;• ifanaggregateofmisstatementsislikelytoexceedthematerialitylevel;• furtherauditprocedures, ifmanagementhasexaminedthecauseofmisstatements,and identified
theamountmisstated.
iCAT:FinancialAudit
Chapter6:Conclusionandreporting
Page70
2. EvaluatingMisstatementsThroughout the course of audit, the auditor proposes adjusting entries for allmaterialmisstatementsthatarediscoveredinthefinancialrecords.Toissueanunmodifiedopiniononthefinancialstatementsanymaterialmisstatementdiscoveredbytheauditorneedtobecorrected.Todoso,theauditormustconclude that there is a low level of risk of material misstatement of the financial statements. Inevaluating this risk, the auditor develops an estimate of the total likelymisstatement in the financialstatement.Theauditordesignsanaudittoobtainreasonableassurancethatallmisstatements,eitherindividuallyorin combination with others, greater than materiality is detected. In evaluating misstatements, theauditor considers the impact of uncertainty in the audit. The amount of materiality represents thisuncertainty–theauditorhasonlydesignedanaudittodetectmisstatementsgreaterthanthisamount.
2.1ImpactofuncorrectedmisstatementinthefinancialstatementHavingaccumulatedallnon-trivialmisstatementsthroughouttheaudit,theauditorshouldevaluatetheimpactofthosemisstatementstodetermine, if individuallyor intotal,themisstatementsarematerial.ISSAI1450.10-11.Misstatements donot just consist ofmonetary errors on thebalance sheet or income statement. Forexample, theauditormustalsoconsiderthe impactofanymisstatementsthataffectpresentationanddisclosuresuchasfailuretopresentordiscloseitemsrequiredbytheapplicableframework.3. ForminganOpinion
The auditor delivers an opinion on whether the financial statements are prepared, in all materialrespects,inaccordancewiththeapplicablefinancialreportingframework.Fortheauditofpublicsectorentities the auditor often needs to report onmatters such as regularity and/or legal compliance. It isreportedunderthesubtitleOtherMattersintheauditorsreport.It istheauditor’sresponsibilitytoconsiderwhetherthefinancialreportingframeworkisappropriateinjurisdictionandtheactualcircumstances.Auditorsofpublicsectorentities(SupremeAuditInstitutions)mustoftenconsiderwhetherthereareadditional legislativeorregulatoryrequirementsthataffecttheauditorsreport.TheseadditionalrequirementsoftenobligetheSAIauditortoprovideanopinionontheentity’scompliancewithlegislativeorregulatoryrequirementsoronthestrengthofinternalcontrols.If the auditor concludes that the financial statements are free frommaterialmisstatement,he or sheissuesanunmodifiedauditorsreport.However,iftheauditorconcludesthatmaterialmisstatementsarepresent,theauditorsreportmustbemodified.Thefollowingparagraphswilloutline:• The steps the auditor takes to determine if financial statements are free from material
misstatement;• Theauditor’sstandardreport;and• Modifications to the opinion in the auditor’s report if there arematerial misstatements or if the
auditorcannotobtainsufficientappropriateevidencetoconcludethatthefinancialstatementsarefreefrommaterialmisstatement;
iCAT:FinancialAudit
Chapter6:Conclusionandreporting
Page71
• TheotherreportingmattersincludingEmphasisofMatterandOtherMatterparagraphsthathaveanimpactonthereportingoftheSAIs.
3.1MisstatementlessthanthresholdofmaterialityThe basic steps in reaching a conclusion on whether the financial statements are free frommaterialmisstatement,andthereforecallforauditorsunmodifiedopinionare:1) Considerationofwhethersufficientappropriateauditevidencehasbeenobtained.2) Consideration of whether the financial statements have been prepared in accordance with the
applicablereportingframework.Ifthefinancialstatementsarepreparedbasedoncomplianceframework,thenthisisastraightforwardconsideration of whether the financial statements have been prepared in all material respects inaccordance with the framework. However, if the financial statements are prepared based on a fairpresentation framework, the auditor must also consider whether the fair presentation has beenachieved. Inotherwords, if theauditorsreportuseswordssuchas“fairlypresented”or“trueandfairview”,theauditormustconcludewhetherthatobjectivehasbeenachieved.Insuchcasesitispossiblefortheauditortoconcludethatthefinancialstatementsarenotfairlypresentedeveniftheyhavebeenpreparedinaccordancewiththeapplicablereportingframework.3.2MisstatementoverthethresholdofmaterialityWhentheauditordiscoversamisstatementofthefinancialstatementoverthethresholdofmaterialityhe or she has to issue amodified opinion. Misstatements arematerial either individually or in totalwhichdependsonthenatureoftheauditevidence.Thedifferenttypesofmodificationsoftheopinion,andcircumstancesdescribingwhyandhowsuchanopinionintheauditorsreportismodifiedareexplainedbelow-ISSAI1700.7-15:QualifiedOpinionAqualifiedopinionisgivenwhen:i. Theauditorhasobtainedsufficientappropriateauditevidenceandhasconcludedthatthereare
misstatementsthatarematerial;butnotpervasive;orii. The auditor is unable to obtain sufficient appropriate audit evidence on which to base the
opinion and concludes that the possible effects on the financial statements of undetectedmisstatements,ifany,couldbematerialbutnotpervasive.
AdverseOpinionAn adverse opinion is givenwhen, having obtained sufficient appropriate audit evidence, the auditorconcludesthatmisstatementsarebothmaterialandpervasivetothefinancialstatements.DisclaimerofOpinionWhentheauditorisunabletoobtainsufficientappropriateauditevidenceonwhichtobasetheopinion,andconcludesthatthepossibleeffectsonthefinancialstatementsofundetectedmisstatements,ifany,couldbebothmaterialandpervasive,theauditordisclaimsanopinion.
iCAT:FinancialAudit
Chapter6:Conclusionandreporting
Page72
Theauditoralsodisclaimsanopinion in some rare circumstances involvingmultipleuncertainties.Theauditorconcludesthat,althoughheorshehasobtainedsufficientappropriateauditevidenceregardingeachoftheindividualuncertainties,itisnotpossibletoformanopiniononthefinancialstatementsdueto the potential interaction of the uncertainties and their possible cumulative effect on the financialstatements.Thedifferenttypesofopinionsunderwhichtheyarisearelistedbelow:Nature of Matter Giving risetotheModification
Auditors judgment about the pervasiveness of the Effects orPossibleEffectsontheFinancialStatements
MaterialbutnotPervasive MaterialandPervasive
Financial statements aremateriallymisstated
Qualifiedopinion Adverseopinion
Inability to obtain sufficientappropriateauditevidence
Qualifiedopinion Disclaimerofopinion
4. ReportingThis sectionexemplifies the formsand contentof a standard audit report.Once the auditor formsanopinionon financial statements, it is his or her responsibility to express clearly theopinion through awrittenreportwhichprovidesabasis for thatopinion.Thecontentsofanauditor’sstandardreport inrelation to theopinionon the financial statementarecovered in this section.Other reportingmattersthatfrequentlyimpactthereportingofSAIs,includingEmphasisofMatterandOtherMatterparagraphsarealsocoveredinthissection.4.1TheAuditor’sStandardReportAn auditor presents a standard report which contains the opinion formed by the auditor. The keyelementsrequiredforauditorsreporttomeetInternationalAuditingStandardsare:
• Thereportisinwriting;• Thereporthasatitlethatclearlyindicatesthatitisthereportofanindependentauditor;ISSAI
1700.21• The report is addressed as required by the circumstances of the engagement. This is usually
specifiedinlaworregulation;Theauditorissuesastandardreportwhenheorshehasformedanunmodifiedopinion.Contentsofareport-Theauditor’sstandardreportshallincludethefollowingninesections(A-I):ISSAI1700.20-42A. IntroductoryParagraphB.Management’sResponsibilityfortheFinancialStatementsC.Auditor’sResponsibilityD.Auditor’sOpinion
iCAT:FinancialAudit
Chapter6:Conclusionandreporting
Page73
E.OtherReportingResponsibilitiesF.SignatureoftheAuditorG.DateoftheAuditor’sReportH.Auditor’sAddressI.OtherIssues4.2FormandContentoftheAuditor’sReportwhenmodified
Whentheauditormodifiestheauditopinion,theauditorusestheheading“QualifiedOpinion,”“AdverseOpinion,”or“DisclaimerofOpinion,”asappropriate,fortheopinionparagraph.
To modify an auditors report, the auditor needs to include an extra paragraph before the auditor’sopinion that describes the basis for the modified opinion. This paragraph has a heading that isappropriate,forexample,“BasisfortheQualifiedOpinion”.
Theparagraph“Basisformodification”includesadescriptionandquantificationofthefinancialeffectsofthemisstatement.Ifitisnotpracticabletoquantifythefinancialeffects,thisisstatedinthebasisformodificationparagraph. If there is amaterialmisstatementof the financial statements that relates tonarrativedisclosures,thebasisformodificationparagraphhasanexplanationofhowthedisclosuresaremisstated.
When an auditor reports his or her opinion: “Disclaimer of opinion”, it also includes special textconcerningtheauditorsresponsibility.
Different audit opinions: For financial statement with the material misstatement depending on thepervasivenessandthequalityoftheauditevidence.If there is a material misstatement of the financial statements that relates to the nondisclosure ofinformationrequiredtobedisclosed,theauditor:
a. Discussesthenon-disclosurewiththosechargedwithgovernance;b. Inthebasisformodificationparagraph,describesthenatureoftheomittedinformation;andc. Unlessprohibitedbylaworregulation,includestheomitteddisclosures,provideditispracticableto
do so and the auditor has obtained sufficient appropriate audit evidence about the omittedinformation.
Ifthemodificationresultsfromaninabilitytoobtainsufficientappropriateauditevidence,thebasisformodificationparagraphdescribesthereasonsforthatinability.
Opinionparagraphwhenmodified
This subsection illustrates how the auditor’s different opinion is formulated and presented using fourexamples, depending on the opinion the auditor has formed on basis of the audit evidence. Thecircumstancesofallfourexamplesarebasedonfollowingtwocommonassumptions:i. Auditofacompletesetofgeneralpurposefinancialstatementspreparedbymanagementofthe
entityinaccordancewithInternationalFinancialReportingStandards.ii. The termsof the audit engagement reflect the descriptionofmanagement’s responsibility for
thefinancialstatementsasdepictedinISSAI1210:AgreeingtheTermsofAuditEngagements.
Qualifiedopinion
iCAT:FinancialAudit
Chapter6:Conclusionandreporting
Page74
When expressing a qualified opinion due to amaterialmisstatement in the financial statements, theauditor states in the opinion paragraph that, in the auditors opinion, except for the effects of thematter(s)describedintheBasisforQualifiedOpinionparagraph:
a. The financial statements present fairly, in all material respects (or give a true and fair view) inaccordancewiththeapplicablefinancialreportingframeworkwhenreporting inaccordancewithafairpresentationframework;or
b. The financial statements have been prepared, in all material respects, in accordance with theapplicable financial reporting framework when reporting in accordance with a complianceframework.
4.3OtherReportingConsiderations
Up to this point, this chapter has focused on the auditor’s standard report, with and withoutmodifications,inrelationtothepresentationofthegeneralpurposefinancialstatementsinaccordancewith a financial reporting framework.However, there are a number of other reporting considerationsthatmay be relevant to SAIs. Auditors should consult the respective ISSAIs for further information ifcircumstanceswarrant.
ReportonOtherLegalandRegulatoryRequirements
Insomejurisdictions,theauditormayhaveadditionalresponsibilitiestoreportonothermattersthataresupplementarytotheauditor’sresponsibilityundertheISSAIstoreportonthefinancialstatements.Forexample, the auditormaybeasked to report certainmatters if those come to the auditor’s attentionduring the audit of the financial statements. Alternatively, the auditormay be asked to perform andreport on additional specified procedures, or to express an opinion on specific matters, such as theadequacy of accounting books and records. Such responsibilities are often given to SAI. Auditingstandards in the specific jurisdiction or ISSAIs provide guidance on the auditor’s responsibilities withrespecttospecificadditionalreportingresponsibilitiesinthatjurisdiction.
Insomecases,therelevantlaworregulationmayrequireorpermittheauditortoreportontheseotherresponsibilitieswithintheauditorsreportonthefinancialstatements.Inothercases,theauditormayberequiredorpermittedtoreportonthoseinaseparatereport.
These Other Reporting Responsibilities are addressed in a separate section of the auditors report inorder to clearly distinguish them from the auditor’s responsibility under the ISSAIs to report on thefinancial statements. Where relevant, this section may contain sub-heading(s) that describe(s) thecontentoftheotherreportingresponsibilityparagraph(s).
If the auditor has been given additional reporting responsibilities by law or regulation, considerationmust be given to whether sufficient appropriate evidence has been gathered to meet theseresponsibilities.Auditoralsoconsiderswhetherthereisaneedtomodifyhisorheropinioninrelationtotheseotherresponsibilities.
iCAT:FinancialAudit
Chapter6:Conclusionandreporting
Page75
These considerations affect the section of the auditors report under “Report on Other Legal andRegulatoryRequirements”butnotthe“Opinion”paragraph.The“Opinion”paragraphisusedtoexpressthe auditor’s opinionon the presentationof the financial statements in accordancewith the financialreportingframework.
Becausethesereportingresponsibilitiesvaryamongjurisdictions,auditorsmayrefertotheirrespectiveSAImandateandlegalprovisionsforfurtherguidance.
EmphasisofMatterParagraphsandOtherMatterParagraphsintheAuditor’sReportEmphasisofMatter:
Theauditormayencountercircumstanceswhereheorsheconsidersitnecessaryto:
a. Draw users‟ attention to a matter presented or disclosed in the financial statements that is soimportantthatitisfundamentaltousers‟understandingofthefinancialstatements;or
b. Drawusers‟attention toanymatter that isnotpresentedordisclosed in the financial statementsthat is relevant to users‟ understandingof the audit, the auditor’s responsibilities or the auditorsreport.
To address the circumstances described above an “Emphasis ofMatter” paragraph is included in theauditors report. Such a paragraph is only included if auditor has obtained sufficient appropriate auditevidence that the matter is not materially misstated in the financial statements. In other words, an“EmphasisofMatter”paragraph isnotasubstituteoradditiontomatters thatrequiremodificationofthe auditor’s opinion. Such a paragraph shall refer only to information presented or disclosed in thefinancial statements. If included in the auditors report, an “Emphasis ofMatter” paragraph is placedaftertheopinionparagraph.
An exampleof howan “Emphasis ofMatter” paragraphmight beused tohighlight a lawsuit that hasbeenproperlydisclosedinthefinancialstatements:Illustration:EmphasisofMatterWedrawattentiontoNoteXtothefinancialstatementswhichdescribetheuncertaintyrelatedtotheoutcomeofthelawsuitfiledagainstthecompanybyXYZCompany.Ouropinionisnotqualifiedinrespectofthismatter.In some cases the auditor considers it necessary to communicate amatter other than those that arepresentedordisclosedinthefinancialstatementsthatisrelevanttousers‟understandingoftheaudit,auditor’sresponsibilitiesortheauditorsreport.Theauditorcommunicatesthesemattersinaparagraphin the auditors report, with the heading “Other Matter,” or other appropriate heading. The auditorincludes this paragraph immediately after the “Opinion” paragraph and any “Emphasis of matter”paragraph,orelsewhereintheauditorsreportifthecontentofthe“Othermatter”paragraphisrelevanttothe“OtherReportingResponsibilities”section.
Anexampleofan“OtherMatter”paragraphisprovidedbelow.Illustration:OtherMatterTheauditfoundfundamentaldeficienciesintheassetmanagementprocessoftheentityincluding:
• Anincompleteassetregister• Noyear-endreconciliationbetweenrecordedandphysicalassets
iCAT:FinancialAudit
Chapter6:Conclusionandreporting
Page76
• Poorcontrolsoverthesafeguardingofassets
Comparativeinformation–Theamountsanddisclosuresincludedinthefinancialstatementsinrespectofoneormorepriorperiodsinaccordancewiththeapplicablefinancialreportingframework.
Corresponding figures – Comparative information where amounts and other disclosures for the priorperiodareincludedasanintegralpartofthecurrentperiodfinancialstatements.Theseareintendedtobe read only in relation to the amounts and other disclosures relating to the current period whichreferredtoas“currentperiod figures.The levelofdetailpresented in thecorrespondingamountsanddisclosuresisdictatedprimarilybyitsrelevancetothecurrentperiodfigures.
Comparativefinancialstatements–Comparative informationwhereamountsandotherdisclosuresforthepriorperiodareincludedforcomparisonwiththefinancialstatementsofthecurrentperiodbut, ifaudited,arereferredtointheauditor’sopinion.Thelevelofinformationincludedinthosecomparativefinancialstatementsiscomparablewiththatofthefinancialstatementsofthecurrentperiod.
Financial statements prepared following International Financial Reporting Standards (IFRS) havecorresponding figures. However, the nature of the comparative information that is presented in anentity’s financial statements can vary depending on the requirements of the applicable financialreportingframework.
There are two different approaches to the auditors reporting responsibilities in respect of suchcomparativeinformation:correspondingfiguresandcomparativefinancialstatements.Theapproachtobeadoptedisoftenspecifiedbylaworregulationbutmayalsobespecifiedinthetermsofengagement.
Theauditreportingdifferencesbetweenthetwoapproachesare:
a. For corresponding figures, the auditor’s opinion on the financial statements refers to the currentperiodonly;whereas
b. Forcomparativefinancialstatements,theauditor’sopinionreferstoeachperiodforwhichfinancialstatementsarepresented.
Auditors shouldbe awareof the approach requiredby the financial reporting frameworkusedby theentity being audited. ISSAI 1710 (Comparative Information – Corresponding Figure and ComparativeFinancial Statements) provides guidance on the auditors responsibility relating to comparativeinformationwhenauditingfinancialstatements.The Auditor’s Responsibilities Relating to Other Information in Documents Containing AuditedFinancialStatements
Other information–Eitherby law,regulationorcustom,financialandnon-financial information(otherthan the financial statements and the auditors report thereon) which is included in a documentcontainingaudited financialstatementsandtheauditorsreport.Usually thedocumentscontainingtheaudited financial statements are annual reports that are issued to stakeholders. SAIs may adapt thisguidancenecessaryinthecircumstances,tootherdocumentscontainingauditedfinancialstatements.
iCAT:FinancialAudit
Chapter6:Conclusionandreporting
Page77
Itmaybementionedthattheauditor’sresponsibilitiesextendbeyondissuingtheauditorsreportonthefinancialstatements.
Theauditor is required toanalyze theother informationdescribed in theprecedingparagraph.This isdone as soon as possible, preferably before the other information is released. Under the ISSAIs, theauditor’s opinion does not cover other information and the auditor has no specific responsibility fordetermining whether or not other information is properly stated. However, the auditor analyzes theother information because the credibility of the audited financial statementsmay be undermined bymaterialinconsistenciesbetweentheauditedfinancialstatementsandotherinformation.
If the auditor identifies a material inconsistency between unaudited information and the auditedfinancial statements, the auditor determines whether the audited financial statements or the otherinformation needs to be revised. ISSAI 1710 (Comparative Information – Corresponding Figures andComparative Financial Statements) provides guidance on the auditors responsibility relating to otherinformationcontainingauditedfinancialstatements.
SpecialConsiderations–AuditsofFinancialStatementsPrepared inAccordancewithSpecialPurposeFrameworks
ISSAIs1000–1700seriesapplytoanauditoffinancialstatements.However,specialconsiderationsaregiventoapplyingthoseISSAIstoanauditoffinancialstatementspreparedinaccordancewithaspecialpurposeframework.SAIsmayencounterfinancialstatementspreparedonthebasisofspecialpurposeframeworks.Theconsiderationsdiscussedbelowdonotoverrideotherauditingstandards–theyprovideadditionalguidancethatmaynotcoverallconsiderationsrelatedtoaspecialpurposeframework.
Keyconsiderationswhenauditingfinancialstatementspreparedusingspecialpurposeframeworksare:
a. Theauditordeterminestheacceptabilityofthefinancialreportingframeworkinthecircumstances.Todoso,theauditorobtainsanunderstandingofthepurposeforwhichthefinancialstatementsareprepared,theintendedusers,andthestepstakenbymanagementtodeterminethattheapplicablefinancialreportingframeworkisacceptableinthecircumstances.
b. Inplanningandperforminganauditofspecialpurposefinancialstatements,theauditordetermineswhether application of the ISSAIs requires special consideration in the circumstances of theengagement.
c. When planning the audit, the auditormust obtain an understanding of the entity’s selection andapplicationofaccountingpolicies. If the financial statementsarepreparedbasedona contractorother governing document, the auditor must obtain an understanding of any significantinterpretationsmadebymanagementwhenpreparingthefinancialstatements.
d. The auditor evaluates whether the financial statements adequately refer to or describe theapplicablefinancialreportingframework.Inthecaseoffinancialstatementspreparedinaccordancewith the provisions of a contract, the auditor shall evaluate whether the financial statements
iCAT:FinancialAudit
Chapter6:Conclusionandreporting
Page78
adequatelydescribeanysignificantinterpretationsofthecontractonwhichthefinancialstatementsarebased.
e. Inthecaseofanauditorsreportonspecialpurposefinancialstatements:i. Theauditorsreportalsodescribesthepurposeforwhichthefinancialstatementsareprepared
and, if necessary, the intended users, or refers to a note in the special purpose financialstatementsthatcontainsthatinformation;and
ii. If management has a choice of financial reporting frameworks in the preparation of suchfinancial statements, the explanation of management’s responsibility for the financialstatements shall also make reference to its responsibility for determining that the applicablefinancialreportingframeworkisacceptableinthecircumstances.
f. Theauditors reportonspecialpurpose financial statements shall includean“Emphasisofmatter”paragraph alerting users of the auditors report that the financial statements are prepared inaccordance with a special purpose framework. As a result, the financial statements may not besuitable for another purpose. The auditor includes this paragraph under an appropriate heading.ISSAI 1800 (Special Considerations – Audits of Financial Statements Prepared in Accordance withSpecialPurposeFrameworks)providesguidanceonauditing financial statementspreparedusingaspecialpurposeframework.
SpecialConsiderations–AuditsofSingleFinancialStatementsandSpecificElements,AccountsorItemsofaFinancialStatement
Onoccasions,SAIsarerequiredtogiveauditorsreportsonasingle financialstatementorofaspecificelement,accountoritemofafinancialstatement.Thesinglefinancialstatementorthespecificelement,account or item of a financial statement may be prepared in accordance with a general or specialpurpose framework. If prepared in accordance with a special purpose framework ISSAI 1800 (SpecialConsiderations – Audits of Financial Statements Prepared in Accordance with Special PurposeFrameworks)alsoappliestotheaudit.
ISSAI 1805 (Special Considerations – Audits of Single Financial Statements and Specific Elements,Accountsor ItemsofaFinancial Statement)dealswith special considerations in theapplicationof theISSAIs(100to1700series)toanauditofasinglefinancialstatementorofaspecificelement,accountoritemofafinancialstatement.ThisISSAIdoesnotoverridetherequirementsoftheotherISSAIs;nordoesit necessarily deal with all special considerations that may be relevant in the circumstances of theengagement. ISSAI 1805 provides guidance to an auditorwhen applying ISSAIs in an audit of a singlefinancial statement or of a specific element, account or item of a financial statement, in addressingappropriatelythespecialconsiderationsthatarerelevantto:
a. Theacceptanceoftheengagement;b. Theplanningandperformanceofthatengagement;andc. Forming an opinion and reporting on the single financial statement or on the specific element,
accountoritemofafinancialstatement.
EngagementstoReportonSummaryFinancialStatements
iCAT:FinancialAudit
Chapter6:Conclusionandreporting
Page79
Occasionally SAIs may be required to provide an auditors report on summary financial statementsderivedfromfinancialstatementsthathavealreadybeenaudited.ISSAI1810(EngagementtoReportonSummaryFinancialStatements)providesguidancewhenrequiredtoprovidesuchareport.
Conclusion
In this chapter we have covered the evaluation of misstatements accumulated during the audit andimpact of uncorrectedmisstatement in the financial statement. On the basis of an evaluation of theaccumulatedmisstatementandtheperformancematerialitywiththeoverallmateriality,auditorformsan opinion which is embedded in the auditors report. These evaluations will lead to preparation ofauditorsreportwithanopiniononthefinancialstatement.
Withthiswehavecompletedthelevel4ISSAIguidanceonfinancialaudit.Atthisstageyouarerequiredtocompletethestatusoflevel2ISSAIsinyourSAI.Aftercompletingthelevel2requirements,andbasedontheresultsoftheiCATatlevel4youwillwritetheISSAIcomplianceassessmentreportwhichisdiscussedinthenextchapter.
iCAT:FinancialAudit
Chapter7:WritingISSAIcomplianceassessmentreport
Page80
Chapter7
WritingtheISSAIcomplianceAssessmentReport
TheendproductofaniCATisanISSAIComplianceAssessmentReportthattheiCATteampreparesandpresentstotheSAItopManagement.ThereportisbasedontheiCATformatfilledbytheiCATteamandalltheinformationthattheteamhascollectedfromvarioussourceswhileconductingtheiCAT.
ThisreportaimstopresentacomprehensivepictureofthestateofmattersintheSAIinrelationtotherequirementsoflevel2andLevel4ISSAIs.ThereportwillalsobringouttheSAIlevelandindividualauditlevel issues in implementing the framework.The report isenvisaged toprovideSAImanagementwiththenecessaryinformationtodecideontheISSAIImplementationStrategy.
BeforewritingtheISSAIComplianceAssessmentReport,theiCATteamneedstocompletethefollowingtwoprocedures:
1. FindingsfromtheiCATatLevel4needtobecategorizedintermsofthestagesoftheaudit2. Foreachstageoftheaudittheissuesshouldbegroupedonthecommoncausesasidentified
fromLevel2.
InearlierpartofthechapterwehaveascertainedthestatusofLevel2requirementsandlinkedthatwithLevel4compliancefindings.TheISSAIComplianceAssessmentreportwillhighlightthisissueaswell.BydoingthistheiCATteamwillbeabletoidentifymaincomplianceissuesthattheSAIneedstofocusatthestrategiclevel.
FormatoftheISSAIComplianceAssessmentReport
ThefollowingformatisrecommendedforwritingtheISSAIComplianceAssessmentReport:
STRUCTUREOFTHEISSAICOMPLIANCEASSESSMENTREPORT
1.ExecutiveSummaryhighlightingthekeymessagesfromtheiCAT.
2.Introduction–Purpose,scopeandtimingoftheiCAT
WhytheSAItookuptheiCAT,doestheiCATcoverLevel2andallLevel4requirements(Financial,PerformanceandComplianceaudit)orhastheSAIchosentoconducttheiCATforLevel2andonlyoneauditstream.ThetimeperiodofconductingtheiCAT.
3.AbouttheSAI3.1DescriptionoftheenvironmentthattheSAIoperatesin3.2DescriptionoftheSAI’slegalandinstitutionalframeworkandorganizationalstructure3.DescriptionoftheiCATprocess
• iCATteam• Datagatheringprocess• Qualitycontrolmechanismused
4.SAIComplianceStatusonLevel2ISSAIRequirements
iCAT:FinancialAudit
Chapter7:WritingISSAIcomplianceassessmentreport
Page81
(Categorywisedescriptionofthestatus,mechanismsofcomplianceandreasonsfornoncompliance)
AlsodescribesignificantongoinginitiativesforISSAIImplementation
5.SAIComplianceStatusonLevel4ISSAIRequirements(Financial,Performance,ComplianceAudit)
(Categorywisedescriptionofthestatus,mechanismsofcomplianceandreasonsfornoncompliance)
AlsodescribesignificantongoinginitiativesforISSAIImplementation
ThecausesofLevel4deficienciesshouldrelatetoitemslistedinLevel2.E.g.Ifplanningisnotproperlydone(Level4),itcouldbelinkedtonon-compliancewithLevel2requirements.6.DescriptionofStrategicISSAIImplementationIssuesOverallSAILevelandIndividualAuditLevelcompliancegapsandreasons7.ResponseofSAITopManagementSignaturesoftheiCATteamAnnex1:ISSAIRequirementsLevel2Annex2:iCATFormatLevel4Annexe3:Datagatheringtoolsusedforcollectinginformation
GuidingprinciplesinwritingISSAIComplianceAssessmentReport
Highlightkeymessages–
As the report is meant for the top management of a SAI, key messages from the iCAT should behighlightedintheexecutivesummary,sothattheSAImanagementcangetagoodoverviewofthestatusofcomplianceandtheissuesthatneedtobesortedoutinareaswheretheSAIdoesnotcomply.
Involvetheentireteamindevelopingthereport–
At the end of the iCAT process the team would have gathered a lot of information about differentrequirements.Ascomplianceissuesareinterrelated,theiCATteamneedstoworktogethertodeterminethecategorisationoftheissuesandtheircauses.
Distinguishbetweenhighimpactinstitutionalissuesandoperationalissues–
WhentheiCATteamreportsoncompliancestatusoftheSAI,itshoulddistinguishbetweencompliancegapsthatarecentraltotheauditpracticeandcompliancegapsthataremoreattheprocedurelevelthanatan institutional level. Inorder tobecome ISSAI compliant it is the institutional issuesat level2 thatneedtobeaddressed.TheiCATteamwouldalsofindthatthecompliancegapsobservedattheleveloftheauditpracticeatlevel4havetheirrootsininstitutionallevelissuesatlevel2oftheISSAIframework.
iCAT:FinancialAudit
Chapter7:WritingISSAIcomplianceassessmentreport
Page82
Afterascertainingthestatusonlevel2requirementsthesewouldbehighlightedinthereportfortheSAItopmanagement.
Ensurethatthecausesarecorrectlyidentified–
Thestrategyforimplementationwillbebasedontheidentifiedcausesofthecompliancegaps.AssuchitisimportantfortheiCATteamtohighlighttherightcauses.E.g.insomecasesnonimplementationofanISSAIcompliantpracticemaynotbeduetoknowledgeandskillsgapbutbeamanagementissue.
4. Conclusion
Inthischapterwehaveidentifiedstatusoflevel2requirementsandthelinkagebetweentheLevel2ISSAIsandtheLevel4ISSAIs.InpreparingtheISSAIComplianceAssessmentReportwhichistheendproductoftheiCATwealsoconsideredhowthetwoLevelsofISSAIareinterrelated.Thereporthighlightsthestrategicissuesatlevel2thatwouldbeconsideredtoaddresstheissuesofnon-complianceatlevel4.