BCTA Day 3 Lecture Slides 002

Endunamoo BCTA Auditing Koena Gerald Moabelo CA (SA) | 24/03/2018 Preliminary engagement activities Planning Establi...

0 downloads 128 Views 542KB Size
Endunamoo BCTA Auditing Koena Gerald Moabelo CA (SA) | 24/03/2018

Preliminary engagement activities

Planning

Establish overall audit strategy

The Code of Professional Conduct, By-Laws and rules regarding improper conduct

Develop an audit plan

Obtain audit evidence (the auditor’s response to assessed risk)

King IV

The Auditing Profession Act (IRBA)

The Companies Act (2008)

The Audit Process

Perform tests of control

Perform substantive procedures

Evaluation, concluding and reporting

2

Materiality

3

Materiality Learning objectives: ➢ Understand the concept of planning vs performance materiality ➢ Identify appropriate threshold to base planning materiality ➢ Be able to calculate planning materiality ➢ Criticise a planning materiality calculation

Planning - Planning Materiality Materiality  Planning Materiality (ISA 320) ▪ Planning phase ▪ Affected by risk  Performance Materiality (ISA 320) ▪ Materiality for a specific class for transaction, account balance or disclosure ▪ Affects sample size ▪ Represents: Maximum potential error (Sample size) –”Catch all”link with evaluation of identified errors. ▪ Less than overall materiality ▪ Used to scope in accounts

5

Planning - Planning Materiality Setting of materiality  Indicators: ▪ Quantitative • Turnover ½ - 1% • Gross profit 1 - 2% • PBT 5 - 10% • Total assets 1 - 2% • Equity 2 - 5%. • Qualitative: • Regulation, Accounting Standard • Control environment/ effectiveness of IC • Integrity of management • irregularities  Relationship between risk and materiality ▪ High audit risk → lower materiality and vice versa 6

Planning - Planning Materiality Exam Technique / Approach 1. Determine the relevant figures to use CY TB/ CY Forecast / PY Audited results 2. Consider nature of an entity Revenue, GP, Profit for the year, Total assets 3. % and calculations 4. Motivate your answer 5. Conclusion Net loss is not considered an appropriate base Relationship with audit risk Performance materiality always lower than planning materiality 7

Internal controls

Obtaining audit evidence Learning objectives: ➢ Understand the concept of internal controls and why we need to assess the control environment ➢ Understand the cycles and be able to identify controls as well as control weaknesses within the cycles ➢ Understand IT control environment including difference between general and application controls ➢ Understand how application controls address certain assertions

What is the relevance of controls to the audit? ➢ ➢ ➢

ISA 315 requires auditors to gain an understanding of the entity and its environment This includes gaining an understanding of the control environment Business processes and IT environment

Implications: ➢ If controls are designed and implemented appropriately, we can place reliance on the control environment ➢ This means we can incorporate tests of controls in our approach (combined approach) ➢ Weak control environment = No control reliance = Fully substantive audit approach

10

Definition: Internal control Internal control is designed and implemented to address identified business risks that threaten the achievement of any of the above objectives • Definition ISA 315 par 4 • It is a process designed, implemented and maintained • By those charged with governance, management and other personnel • To achieve an entity’s objectives with regards to: ➢ Reliability of financial reporting ➢ Effectiveness and efficiency of operations; and ➢ Compliance with applicable laws and regulations 11

Why does it matter to the Auditor? When the auditor obtains an understanding of internal control, he/she has to: •



evaluate the design of those controls. Does a control (individually or in combination with others) effectively prevent, detect and correct material misstatements? determine whether these controls have been implemented (ISA315.13)

12

Business Cycles Revenue & Receipts

Finance & Investment

Business Cycles

Payroll & Personnel

Acquisitions & Payments

Inventory & Production

13

IT Controls are categorized in the following categories: ➢ General controls ➢ Application controls

14

General controls • Definition & components ISA 315.A104 • Controls which establish an overall framework of control for computer activities • Address the risks at the overall financial statement level (Control risk) - ISA 315 para A63 • Controls which are in place before any processing of transactions • Refer to your text for categories of general controls (Page 8/7 – 8/25, Auditing Notes)

15

General controls • • • • • • • • • •

Management support; IT governance policy Segregation of duties Server physically secure Computer terminals visible Managed by a database administrator – pre-authorisation; regular reviews ID logins Passwords regularly updated Control tested regularly – outsource?; SLA Segregation of duties Data recovery plan; Regular back ups

16

Application controls

Accuracy

Validity

Completeness

Control Objectives

17

Application controls • Definition ISA315.A105 • Controls relevant to a specific task within an accounting business cycle • Address the risks of material misstatement level at the assertion level • Include both manual and automated (computerised) controls • If general controls are poor no reliance can be placed on application control

18

Application controls Control objective

Classes of transactions (IS)

Account balances (BS)

Validity

Occurrence, Cut-off

Existence, Rights, Obligations

Accuracy

Accuracy, Classification

Valuation, Allocation

Completeness

Completeness, Cut-off

Completeness, Existence 19

Application controls - Summary Validity • Access controls (passwords; usernames; access to specific functions; revoke access for terminated employees) • Unique numbering of transactions

20

Application controls Accuracy • Alpha numeric (Letters not accepted in number fields) • Sign check (e.g., debits and credits) • Drop down menus (to minimize finger errors) • Echo check / Screen prompts (Are you sure? Prompts) • Limit check / Reasonableness test • Recons

21

Application controls Completeness • The system should not allow the transaction to be processed until all compulsory information is captured • An error message should be displayed on screen until all compulsory info is completed • All transaction should be sequentially numbered • Email / text confirmation to customer before transaction is processed (validity as well) • Reconciliation between transactions processed and money received • Screen aid

22

Application controls - Summary Validity • Access controls • Unique numbering of transactions Accuracy • Edit checks • Recons Completeness • Sequence numbering of transactions • Compulsory fields • Recons

23

Internal control Internal control activities: • Authorisation • Review • Information processing • Physical controls • Segregation of duties

24

Examination technique Identify weaknesses in the systems o Internal controls performed incorrectly + internal controls omitted o Describe from what you see as wrong and the right not there • Identify weaknesses + risks o Link the potential risks / consequences with weaknesses (a table might be appropriate) o Risks = management and auditors are concerned with these because they have an impact on financial statements and/or client’s financial / reputational impact • Identify weaknesses + risks + recommendations o Link the recommendation with the potential risks / consequences with weaknesses (a table might be appropriate) o Practical and cost effective recommendations o Appropriate verb = should •

25

Examination technique Evaluate the effectiveness of the internal controls • Address both the negative and positive aspects • Do not forget to conclude on the effectiveness Identify the internal controls to be incorporated in the client’s system • Identify the internal control objectives • Understand the cycle you are looking at (study your textbook!!!) Question 6 page 39 Health and Wellness (“H&W”), Audit Approach and Key controls

26

Preliminary engagement activities

Planning

Establish overall audit strategy

The Code of Professional Conduct, By-Laws and rules regarding improper conduct

Develop an audit plan

Obtain audit evidence (the auditor’s response to assessed risk)

King IV

The Auditing Profession Act (IRBA)

The Companies Act (2008)

The Audit Process

Perform tests of control

Perform substantive procedures

Evaluation, concluding and reporting

27

Thank you Presenter’s details Koena Gerald Moabelo +2763 774 7577

BCTA2018 Administration [email protected] +2711 056 6359 28