-
1
Audit Junior Induction Training17 June 2009
2006-09 Nelson Consulting Limited 1
Nelson LamNelson Lam MBA MSc BBA ACA ACIS CFA CPA(Aust.) CPA(US)
FCCA FCPA FHKIoD MSCA
HK Framework of AssuranceHKSQCs Hong Kong Standards on Quality
ControlHKSQCs Hong Kong Standards on Quality Control
(only HKSQC 1 issued so far)(only HKSQC 1 issued so far)
Hong Kong Framework for Assurance Engagements
Audits and Reviews of Historical Fin. Information
Other Assurance
Engagements
Related Services
2006-09 Nelson Consulting Limited 2
HK Standards on Assurance Engagements
(HKSAEs)
HK Standards on Inv. Circular
Reporting Engagements
(HKSIRs)
HK Standards on Auditing (HKSAs)
HK Standardson Review
Engagements (HKSRE)
HK Standards on Related Services
(HKSRSs)
-
2
HK Framework of AssuranceHKSQCs Hong Kong Standards on Quality
ControlHKSQCs Hong Kong Standards on Quality Control
(only HKSQC 1 issued so far)(only HKSQC 1 issued so far)
Hong Kong Framework for Assurance Engagements
Audits and Reviews of Historical Fin. Information
2006-09 Nelson Consulting Limited 3
HK Standards on Auditing (HKSAs)
Overview of Audit Process
Preliminary engagement activities
Pl i ti iti
Planning
Audit Process
Planning activities
Understanding the entity
Assess risksof material misstatements
A dit t d i k
Risk assessment
Ri k
A cumulative and iterative process
2006-09 Nelson Consulting Limited 4
Auditor responses to assessed risks
Overall reviewing
Drawing conclusions and reportingDrawing conclusions and
reporting
Risk response
Reviewing and reporting
Adapted from Auditing and Assurance in HK (2009) by Peter Lau
and Nelson Lam
-
3
Audit Process: Planning
Preliminary engagement activities
The auditor should perform the following activities at the
beginning of the current audit engagement: (HKSA 300.6)1. Perform
procedures regarding the continuance of the client relationship
and the specific audit engagement2. Evaluate compliance with
ethical requirements, including independence3. Establish an
understanding of the terms of the engagement
2006-09 Nelson Consulting Limited 5
Audit Process: Planning
Preliminary engagement activities
Pl i ti iti
Overall Audit Strategy
Planning activities
Audit Plan
The auditor should establish and document Overall audit strategy
for the audit and Audit plan for the audit in order to reduce audit
risk to an
acceptably low level
2006-09 Nelson Consulting Limited 6
acceptably low level. Both the overall audit strategy and audit
plan should be
updated and changed as necessary during the course of the
audit.
-
4
The overall audit strategy sets the scope, timing and direction
of the
audit, and
Overall Audit Strategy
Audit Process: Planning
audit, and guides the development of the more detailed
audit plan. The establishment of the overall audit
strategy involves:a) Determining the characteristics of the
engagement that define its scopeb) Ascertaining the reporting
objectives of the
2006-09 Nelson Consulting Limited 7
b) Ascertaining the reporting objectives of the engagement to
plan the timing of the audit and the nature of the communications
required
c) Considering the important factors that will determine the
focus of the engagement teams efforts
The audit plan is more detailed than the audit strategy and
includes:
Audit Process: Planning
includes: A description of the nature, timing and extent of
planned risk assessment procedures sufficient to assess the
risks of material misstatements(as determined under HKSA 315)
A description of the nature, timing and extent of planned
further audit procedures at the assertion level for each material
class of t ti t b l d di l (
Risk Assessment Risk Assessment Procedures
Further Audit P d
Audit Plan
2006-09 Nelson Consulting Limited 8
transactions, account balance and disclosures (as determined
under HKSA 330)
Such other audit procedures required to be carried out for the
engagement to comply with HKSAs.
Procedures
Other Audit Procedures
-
5
The auditor should plan the nature, timing and extent of
direction and
supervision of engagement team members and review
Audit Process: Planning
supervision of engagement team members and review of their work.
(HKSA 300.18)
document the overall audit strategy and the audit plan including
any significant changes made during the
audit engagement. (HKSA 300.22)
2006-09 Nelson Consulting Limited 9
Overview of Audit Process
Planning
Audit Process Preliminary engagement activities
Pl i ti iti
Risk assessment
Ri k
Planning activities
Understanding the entity
Assess risksof material misstatements
A dit t d i k
A cumulative and iterative process
2006-09 Nelson Consulting Limited 10
Risk response
Reviewing and reporting
Adapted from Auditing and Assurance in HK (2009) by Peter Lau
and Nelson Lam
Auditor responses to assessed risks
Overall reviewing
Drawing conclusions and reportingDrawing conclusions and
reporting
-
6
Overview of Audit Process
Understanding the entity
Assess risksof material misstatements
Risk assessment
A dit t d i kRi k
2006-09 Nelson Consulting Limited 11
Auditor responses to assessed risksRisk response
The auditor should obtain an understanding of the entity and its
environment, including its internal control, sufficient to identify
and assess the risks of material misstatement of the
fi i l h h d f d d
Audit Process: Understand Entity
financial statements whether due to fraud or error, and
sufficient to design and perform further audit procedures.
(HKSA 315.2)
HKSA 315 specifically requires that: The auditor should perform
the following risk assessment procedures to
obtain an understanding of the entity and its environment
including its
Understanding the entity
2006-09 Nelson Consulting Limited 12
obtain an understanding of the entity and its environment,
including its internal control: a) Inquiries of management and
others within the entity; b) Analytical procedures; and c)
Observation and inspection. (HKSA 315.7)
-
7
Perform risk assessment procedures
Audit Process: Understand Entity
Gather information
Understanding the entity
The entity and its environment
Internal control
2006-09 Nelson Consulting Limited 13
Identify and assess risks of material misstatements
Adapted from Auditing and Assurance in HK (2009) by Peter Lau
and Nelson Lam
Audit Process: Understand Entity
Gather information
Understanding the entity
The entity and its environment
Internal control
2006-09 Nelson Consulting Limited 14
Industry, Regulatory, and Other External Factors
Nature of the Entity
Objectives and
Strategies, and Related
Business Risks
Measurement and Review of the the Entitys
Financial Performance
Internal Control
-
8
Audit Process
Understanding the entity
Assess risksof material misstatements
2006-09 Nelson Consulting Limited 15
Industry, Regulatory, and Other External Factors
Nature of the Entity
Objectives and
Strategies, and Related
Business Risks
Measurement and Review of the the Entitys
Financial Performance
Internal Control
Audit Process: Assess Risks
For the purpose of assessing the risks, the auditor: Identifies
risks throughout the process of obtaining an understanding of
the
entity and its environment, including
Assess risksof material misstatements
y , g relevant controls that relate to the risks, and by
considering the classes of transactions, account balances, and
disclosures in the financial statements;
A dit t d i k
2006-09 Nelson Consulting Limited 16
Auditor responses to assessed risks
-
9
Audit Process: Assess Risks
Audit risk
Risk of material misstatement Detection risk
Financial statement level Assertion level
HKSA 315 requires that
2006-09 Nelson Consulting Limited 17
HKSA 315 requires that The auditor should identify and assess
the
risks of material misstatement at the financial statement level,
and at the assertion level for classes of transactions,
account balances, and disclosures (HKSA 315.100)
Perform risk assessment procedures
Audit Process: Assess Risks
Gather information
Understanding the entity
The entity and its environment
Internal control
2006-09 Nelson Consulting Limited 18
Identify and assess risks of material misstatements
Adapted from Auditing and Assurance in HK (2009) by Peter Lau
and Nelson Lam
Financial statement level Assertion level
-
10
Audit Process: Assess Risks
The risk of material misstatement at the overall financial
statement level refers to risks of material misstatement that
relate pervasively to the financial statements as a whole
andrelate pervasively to the financial statements as a whole and
potentially affect many assertions.
Risks of this nature often relate to the entitys control
environment, say weak control
environment (although these risks may also relate to other
factors, such as declining economic conditions), and
are not necessarily risks identifiable with specific assertions
at the class of transactions, account balance, or disclosure
level.
2006-09 Nelson Consulting Limited 19
Identify and assess risks of material misstatements
Financial statement level
Audit Process: Assess Risks
The risk of material misstatement at the assertion level
consists of two components as follows: Inherent risk is the
susceptibility of an assertion to a misstatement thatInherent risk
is the susceptibility of an assertion to a misstatement that
could be material, either individually or when aggregated with
other misstatements, assuming that there are no related
controls.
Control risk is the risk that a misstatement that could occur in
an assertion and that could be material, either individually or
when aggregated with other misstatements, will not be prevented, or
detected and corrected, on a timely basis by the entitys internal
control.
2006-09 Nelson Consulting Limited 20
Identify and assess risks of material misstatements
Assertion level
-
11
As part of the risk assessment, the auditor should determine
which of the risks identified are, in the auditors judgment,
Audit Process: Assess Risks
which of the risks identified are, in the auditor s judgment,
risks that require special audit consideration
such risks are defined as significant risks. (HKSA 315.108) The
determination of significant risks, which arise on most
audits, is a matter for the auditors professional judgment. In
exercising this judgment, the auditor excludes the effect of
identified controls related to the risk to determine whether the
nature of the risk,
2006-09 Nelson Consulting Limited 21
the likely magnitude of the potential misstatement including the
possibility that the risk may give rise to multiple misstatements,
and
the likelihood of the risk occurring are such that they require
special audit consideration.
Significant risks are often derived from business risks that may
result in a material misstatement. In considering the nature of the
risks, the auditor considers a number of
Audit Process: Assess Risks
,matters, including the following: Whether the risk is a risk of
fraud. Whether the risk is related to recent significant
economic,
accounting or other developments and, therefore, requires
specific attention.
The complexity of transactions. Whether the risk involves
significant transactions with related
2006-09 Nelson Consulting Limited 22
gparties.
-
12
Significant risks often relate to significant non-routine
transactions and judgmental matters. Non-routine transactions are
transactions that are unusual
Audit Process: Assess Risks
Non routine transactions are transactions that are unusual,
either due to size or nature, and that therefore occur
infrequently.
Judgmental matters may include the development of accounting
estimates for which there is significant measurement
uncertainty.
2006-09 Nelson Consulting Limited 23
Significant risks?
Audit Process: Assess Risks
Identify and assess risks of material misstatements
Describe what can go wrong at
assertion levelassertions?
Can risks be related to
specific assertions?
Yes
Financial statement level Assertion level
2006-09 Nelson Consulting Limited 24
Significant risks?
Adapted from Auditing and Assurance in HK (2009) by Peter Lau
and Nelson Lam
-
13
Audit Process: Assess Risks
Risks of material misstatement may be greater for risks relating
to significant non-routine transactions arising from matters such
as:
Greater management intervention to specify the accounting
treatment
Example
Greater management intervention to specify the accounting
treatment. Greater manual intervention for data collection and
processing. Complex calculations or accounting principles. The
nature of non-routine transactions, which may make it difficult
for
the entity to implement effective controls over the risks.
Risks of material misstatement may be greater for risks relating
to significant judgmental matters that require the development
of
2006-09 Nelson Consulting Limited 25
significant judgmental matters that require the development of
accounting estimates, arising from matters such as the following:
Accounting principles for accounting estimates or revenue
recognition
may be subject to differing interpretation. Required judgment
may be subjective, complex or require
assumptions about the effects of future events, for example,
judgment about fair value.
Audit Process: Assess Risks
Risks for which Substantive Procedures Alone do not Provide
Sufficient Appropriate Audit Evidence As part of the risk
assessment the auditor shouldAs part of the risk assessment, the
auditor should
evaluate the design and determine the implementation of the
entitys controls, including relevant
control activities, over those risks for which, in the auditors
judgment, it is not possible or practicable to
reduce the risks of material misstatement at the assertion level
to an acceptably low level with audit evidence obtained only from
substantive procedures. (HKSA 315.115)
2006-09 Nelson Consulting Limited 26
Ordinarily, such risks relate to significant classes of
transactions such as an entitys revenue, purchases, and cash
receipts or cash payments.
Any Any examples?examples?
-
14
Audit Process: Assess Risks
The auditors assessment of the risks of material misstatement at
the assertion level is based on available audit evidence andis
based on available audit evidence and may change during the course
of the audit as additional audit
evidence is obtained.
2006-09 Nelson Consulting Limited 27
Overview of Audit Process
Planning
Audit Process Preliminary engagement activities
Pl i ti iti
Risk assessment
Ri k
Planning activities
Understanding the entity
Assess risksof material misstatements
A dit t d i k
2006-09 Nelson Consulting Limited 28
Risk response
Reviewing and reporting
Adapted from Auditing and Assurance in HK (2009) by Peter Lau
and Nelson Lam
Auditor responses to assessed risks
Overall reviewing
Drawing conclusions and reportingDrawing conclusions and
reporting
-
15
Audit Process: Auditors Response
Identify and assess risks of material misstatements
Based on the understanding of the entity and the assessed risks,
HKSA 330 imposes requirements on the auditor to determine the
relevant
and appropriate response to those assessed risks. HKSA 330
clearly requires that:
Financial statement level Assertion level
2006-09 Nelson Consulting Limited 29
HKSA 330 clearly requires that: In order to reduce audit risk to
an acceptably low level, the auditor
should determine overall responses to assessed risks at the
financial statement level, and
should design and perform further audit procedures to respond to
assessed risks at the assertion level. (HKSA 330.3)
Identify and assess risks of material misstatements
Audit Process: Auditors Response
Describe what can go wrong at
assertion level
Yes
Financial statement level Assertion level
assertions?
Can risks be related to
specific assertions?
2006-09 Nelson Consulting Limited 30
Significant risks?
Further audit procedures
Further audit Further audit procedures for procedures for
significant significant risksrisks
Overall Response
No No Yes
Adapted from Auditing and Assurance in HK (2009) by Peter Lau
and Nelson Lam
-
16
Audit Process: Auditors Response
Overall responses may include: emphasizing to the audit team the
need to maintain professional
Example
p g pskepticism in gathering and evaluating audit evidence,
assigning more experienced staff or those with special skills or
using experts,
providing more supervision, or incorporating additional elements
of unpredictability in the selection of
further audit procedures to be performed. making general changes
to the nature, timing, or extent of audit
2006-09 Nelson Consulting Limited 31
procedures as an overall response, for example, performing
substantive procedures at period end instead of at an interim
date.
Overall Response
Audit Process: Auditors Response
HKSA 500 requires the auditor to use assertions for classes of
transactions,
account balances and account balances, and presentation and
disclosures
in sufficient detail to form a basis for the assessment of risks
of material misstatement and the design and performance of further
audit procedures.
FAPs (from the nature perspective) are divided into: Test of
controls
2006-09 Nelson Consulting Limited 32
Substance procedures HKSA 330 imposes certain requirements on
performing these two kinds
of procedures.
Further audit procedures
Tests of Controls
Substantive Procedures
-
17
Assertions used by the auditor fall into the following
categories: About Classes of Transactions and Events for the period
under audit
Occurrence
Audit Process: Auditors Response
Completeness Accuracy Cutoff Classification
About Account Balances at the period end Existence Rights and
obligations Completeness
2006-09 Nelson Consulting Limited 33
Completeness Valuation and allocation
About Presentation and Disclosure Occurrence and rights and
obligations Completeness Classification and understandability
Accuracy and valuation
Account Balances
Class of Transactions
Presentation and Disclosure
Audit Process: Auditors Response
The auditors assessment of the identified risks at the assertion
level provides a basis for considering the
In some cases, only performing tests of controls may achieve a
good response to the assessed risk at an assertion. I th f i
lprovides a basis for considering the
appropriate audit approach for designing and performing further
audit procedures.
Often the auditor may determine that a combined approach is an
effective approach, such approach would use
In other cases, performing only substantive procedures is
appropriate for an assertions and the relevant control is not
considered in risk assessment (say, no relevant effective controls
have been identified or such test of control may be
inefficient)
2006-09 Nelson Consulting Limited 34
tests of the operating effectiveness of controls and
substantive procedures.
Overall Response
Further audit procedures
Tests of Controls
Substantive Procedures
-
18
Audit Process: Auditors Response
When the auditors assessment of risks of material misstatement
at the assertion level includes an expectation that controls are
operating effectively, y,
the auditor should perform tests of controls to obtain
sufficient appropriate audit evidence that the controls were
operating effectively at relevant times during the period under
audit. (HKSA 330.23)
When the auditor has determined that it is not possible or
practicable to reduce the risks of material misstatement at the
assertion level to an acceptably low level with audit evidence
obtained only from substantive procedures,
2006-09 Nelson Consulting Limited 35
the auditor should perform tests of relevant controls to obtain
audit evidence about their operating effectiveness. (HKSA
330.25)
Further audit procedures
Tests of Controls
Audit Process: Auditors Response
HKSA 330 requires that the auditor always performs substantive
procedures for each material class of transactions, account
balance, and disclosure:
Irrespective of the assessed risk of material misstatement, the
auditor should design and perform substantive procedures for each
material class of transactions, account balance, and disclosure.
(HKSA 330.49)
This requirement reflects the fact that the auditors assessment
of risk is judgmental and may not be sufficiently
precise to identify all risks of material misstatement. Further,
there are inherent limitations to internal control including
2006-09 Nelson Consulting Limited 36
, gmanagement override.
Further audit procedures Substantive
Procedures
-
19
Audit Process: Auditors Response
When the auditor has determined that an assessed risk of
material misstatement at the assertion level is a significant
risk,, the auditor should perform substantive procedures that
are
specifically responsive to that risk. (HKSA 330.51)
2006-09 Nelson Consulting Limited 37
Further audit procedures
Further audit Further audit procedures for procedures for
significant significant risksrisks
Identify and assess risks of material misstatements
Audit Process: Auditors Response
Describe what can go wrong at
assertion level
Yes
Financial statement level Assertion level
assertions?
Can risks be related to
specific assertions?
2006-09 Nelson Consulting Limited 38Adapted from Auditing and
Assurance in HK (2009) by Peter Lau and Nelson Lam
Significant risks?
Further audit procedures
Further audit Further audit procedures for procedures for
significant significant risksrisks
Overall Response
No No Yes
-
20
Audit Process: Auditors Response
HKSA 330 requires that: The auditor should perform audit
procedures
to evaluate whether the overall presentation ofto evaluate
whether the overall presentation of the financial statements,
including the relateddisclosures, are in accordance with
theapplicable financial reporting framework. (HKSA 330.65)
2006-09 Nelson Consulting Limited 39
Overview of Audit Process
Planning
Audit Process Preliminary engagement activities
Pl i ti iti
Risk assessment
Ri k
Planning activities
Understanding the entity
Assess risksof material misstatements
A dit t d i k
2006-09 Nelson Consulting Limited 40
Risk response
Reviewing and reporting
Adapted from Auditing and Assurance in HK (2009) by Peter Lau
and Nelson Lam
Auditor responses to assessed risks
Overall reviewing
Drawing conclusions and reportingDrawing conclusions and
reporting
-
21
Audit Process: Evaluation
HKSA 330 requires that: Based on the audit procedures performed
and the audit
evidence obtained,evidence obtained, the auditor should evaluate
whether the assessments
of the risks of material misstatement at the assertion level
remain appropriate. (HKSA 330.66)
An audit of financial statements is a cumulative and iterative
process. As the auditor performs planned audit procedures, the
audit evidence obtained may cause the auditor to modify
2006-09 Nelson Consulting Limited 41
the nature, timing, or extent of other planned audit
procedures.
Audit Process: Evaluation
HKSA 330 requires that: The auditor should conclude whether
sufficient appropriate
audit evidence has been obtainedaudit evidence has been obtained
to reduce to an acceptably low level the risk of material
misstatement in the financial statements. (HKSA 330.70) If the
auditor has not obtained sufficient appropriate audit
evidence as to a material financial statement assertion, the
auditor should attempt to obtain further audit
evidence. If the auditor is unable to obtain sufficient
appropriate audit
2006-09 Nelson Consulting Limited 42
evidence, the auditor should express
a qualified opinion or a disclaimer of opinion. (HKSA
330.72)
-
22
Overview of Audit Process
Planning
Audit Process Preliminary engagement activities
Pl i ti iti
Risk assessment
Ri k
Planning activities
Understanding the entity
Assess risksof material misstatements
A dit t d i k
2006-09 Nelson Consulting Limited 43
Risk response
Reviewing and reporting
Adapted from Auditing and Assurance in HK (2009) by Peter Lau
and Nelson Lam
Auditor responses to assessed risks
Overall reviewing
Drawing conclusions and reportingDrawing conclusions and
reporting
Audit Junior Induction Training17 June 2009
2006-09 Nelson Consulting Limited 44
Nelson LamNelson Lam
[email protected]
-
23
Audit Junior Induction Training17 June 2009
Q&A SessionQ&A SessionQ&A SessionQ&A Session
2006-09 Nelson Consulting Limited 45
Nelson LamNelson Lam
[email protected]