The EISA Audit A Continuous Improvement Approach to Audit Methodology
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
The EISA Audit
A Continuous Improvement Approach
to Audit Methodology
Audit Agenda • Governance of EISA Audit
• Overview of recent evolution of EISA Audit
• Overview key elements of EISA Audit – Acceptance and
Continuance– Audit Comfort Cycle– Substantive Procedures– Other Audit Procedures– Audit Committee
Communications Plan
2
3
EISA Audit Governance
Global Audit Policy BoardEstablish global overarching policy principles & goals
and ratify policy statements.
Global R&QEnsure methodology is consistently implemented by providing feedback
on practice issues.
Global Audit Methodology Steering GroupDrive execution of policy in practice through
processes, tools, guidance, training content, etc.
Implementation Partner Network
4
Towards Performance Audit: a continuous improvement program
EISAAudit
EISAAudit
• Audit Comfort Cycle
• Management controls focus
• Show me and Taking stock
• Team re-deployment
2004:
Historical Financial Statements Opinion
Changes in Deliverables
• Business analysis framework
• Enhanced audit guides/ practices
• Scaling up - different client situations
• MyClient integration
2005: • Converged approach, enhanced testing guidance
• Enhanced client communications, transparency focus
• Application to small companies/ MNCs
• Better use of specialists and knowledge sources
2006:
Time
5
Changing the Focus of the Audit Model
Audit Risks Identified
RiskKey
RiskKey
Key Risk
Key Risk
Key Risk
Key Risk
Business Risks
6
EISA Audit in 2004
• Acceptance and Continuance (FRISK)
• Audit Comfort Cycle– Scoping– Understanding– Evaluating – Validating
• Substantive Testing
• Other Audit Procedures
• Audit Committee Communications Plan
7
EISA Audit Approach
•Other audit procedures•Financial statements•Completion
No / Limitedcontrolscomfort
Significantcontrolscomfort
Other audit evidenceMainly Mainly
tests of details substantive analyticalprocedures
AuditComfort
Cycle
Acceptance/Continuance Assessment
8
EISA Audit Approach – With Attestation
•Other audit procedures•Financial statements•Completion
No / Limitedcontrolscomfort
Significantcontrolscomfort
Other audit evidenceMainly Mainly
tests of details substantive analyticalprocedures
AuditComfort
Cycle
Broader and deeper assessment of COSO controls over financial reporting, including
management’s evaluation of those controls. e.g., estimates, fraud, tax accrual, more
locations.
Additional procedures deemed necessary to provide independent assurance on
financial statements, taking into consideration the internal controls
assessment.
Report on management’s assertions on internal controls over financial reporting
Report on Financial Statements
Acceptance/Continuance Assessment
9
Acceptance & Continuance Process
• Governance and oversight of management• Past performance• Management’s expertise and skill • Adequacy of management resources• Audit relationship• Audit adjustments• Revenue recognition• Accounting control• Integrity and ethics• Management inclination for intentional misstatement in financial reporting• Reliability of estimates• Incentive for intentional misstatements in financial reporting• Risk of insolvency
10
Acceptance & Continuance Process
Risk Conditions (13)
(defined within Acceptance &
Continuance module)
Key Risks
(user defined or selected from Master Data)
Engagement Leader and Team Manager apply professional judgment in describing specific Key
Risks that relate to the broader Risk Conditions
Risk andApproachSchedule The Risk and Approach Schedule is populated
by the Key Risks selected and completed by the
Engagement Leader and Team Manager
1
2
3 MyClient Client File
Audit ComfortMatrix
11
Audit Comfort Cycle
4 Key Questions• What does management
need to get comfort on?• How does management
get comfort?• Are they entitled to that
comfort?• Can we audit that comfort?
Market Overview
Strategy Value Creating Activities
Financial Performance
OTHER AUDIT PROCEDURES FINANCIAL STATEMENTS
COMPLETION
ACCEPTANCE/CONTINUANCE ASSESSMENT
SUBSTANTIVE AUDIT EVIDENCE
MAINLY SUBSTANTIVEANALYTICAL
PROCEDURES
SIGNIFICANTCONTROLSCOMFORT
NO/LIMITEDCONTROLSCOMFORT
Auditcomfortcycle
MAINLY TESTSOF DETAILS
12
Audit Comfort Cycle
Market Overview
Strategy Value Creating Activities
Financial Performance
OTHER AUDIT PROCEDURES FINANCIAL STATEMENTS
COMPLETION
ACCEPTANCE/CONTINUANCE ASSESSMENT
SUBSTANTIVE AUDIT EVIDENCE
MAINLY SUBSTANTIVEANALYTICAL
PROCEDURES
SIGNIFICANTCONTROLSCOMFORT
NO/LIMITEDCONTROLSCOMFORT
Auditcomfortcycle
MAINLY TESTSOF DETAILS
• What does management need to get comfort on?
13
Scoping: Forming a Point of View
• Perform company and industry analytical procedures
• Research and analyze external communications
• Partners connect with staff members
• Document the team’s understanding of the business
• Knowledge broker to capture and share industry information
• Form a point of view on the risks that management should be concerned about
14
Scoping: Business Analysis Framework
15
Scoping:Risk Assessment – Key Risks
Key Risk
We identify audit risk through understanding the entity’s business objectives and related risks.
Business Risks
Audit Risks
Key Risk
Key Risk Key Risk
Key Risk
Key risks are those conditions or factors within an audit that, in the judgment of the auditor, give rise to a greater risk of material financial misstatement or other matters resulting in the issuance of an inappropriate audit report.
16
Scoping: Analytical Procedures
• High Level– Understand the business– Identify areas of risk
• Disaggregated Account Level– Determine the nature, timing & extent of testing
• External benchmarking to peers, market trends– Looking for anomalies, areas of risk – Use of extensive knowledge management tools
available
17
Scoping Translated into Audit Strategy
Where controls over significant account balances or classes of transaction are not aligned, we will need to perform substantive tests of details.
StakeholdersRisks Controls
Alignment
Business Objectives
18
Scoping: Audit Team of Specialists
Our best teams use our specialist capabilities to help in forming a point of view.
Stakeholders
Business Objectives
Financial Risk
Business Process
Enterprise-wide Risk
Systems & Technology
Energy Trading Risk
Business Resilience
Project Management
Internal Audit Security
Data Risk
Regulatory/ Compliance
Performance Improvement
Treasury
Risks Controls
Alignment
Computer-Assisted Audit Techniques
Fraud
19
Scoping: Use of Specialists
• Policies for the use of Systems and Process Assurance specialists and Fraud Risk & Controls specialists are based around risk attributes
• Policies are for consultation with specialists – level of involvement remains a decision of engagement leader
• At a minimum, RequiredRequired to consider use of specialists at mobilization stage
20
Audit Comfort Cycle
4 Key Questions• What does management
need to get comfort on?
Market Overview
Strategy Value Creating Activities
Financial Performance
OTHER AUDIT PROCEDURES FINANCIAL STATEMENTS
COMPLETION
ACCEPTANCE/CONTINUANCE ASSESSMENT
SUBSTANTIVE AUDIT EVIDENCE
MAINLY SUBSTANTIVEANALYTICAL
PROCEDURES
SIGNIFICANTCONTROLSCOMFORT
NO/LIMITEDCONTROLSCOMFORT
Auditcomfortcycle
MAINLY TESTSOF DETAILS
• How does management get comfort?
• Are they entitled to that comfort?
• Can we audit that comfort?
21
Applying Audit Comfort Cycle from the Top-Down
• Organize audit team to align with how management runs the business.
• Extend discussions about business objectives & risk to management controls.
• Understand & evaluate how management controls risk.
• Validate controls against engagement team’s point of view.
Audit controls from the top down
BoardSr Mgmt
DepartmentHeads
Operations
Transaction Processing
22
“Taking Stock”: Real-Time Linkage in the Iterative Process
• Share team members’ cumulative knowledge
• Update risk identification and assessment
• Consider the audit comfort gained to date, by audit assertion
• Answer: “Do we have enough comfort?”
• Answer: “What do we do next?”
23
BusinessRisks
related to achieving Objectives
………………
Business Process A Completeness Accuracy Validity Restricted Access
Business Process B Completeness Accuracy Validity Restricted Access
Business Process C Completeness Accuracy Validity Restricted Access
Account Balances and Transactions
Account Balances and Transactions
General Computer Controls
Account Balances and Transactions
Connecting the Dots …
Business ObjectivesFinancial Statement Assertions/Audit Objectives
Classes of Transactions Occurrence Completeness Accuracy Cutoff ClassificationAccount Balances Rights &
Obligations Existence Completeness Accuracy/ValuationPresentation & Disclosure Occurrence/R&O Completeness Understandability Accuracy/Valuation
24
Audit Comfort Matrix
25
Summary of ComfortSummary of Comfort
26
Substantive Audit Evidence
Market Overview
Strategy Value Creating Activities
Financial Performance
OTHER AUDIT PROCEDURES FINANCIAL STATEMENTS
COMPLETION
ACCEPTANCE/CONTINUANCE ASSESSMENT
SUBSTANTIVE AUDIT EVIDENCE
MAINLY SUBSTANTIVEANALYTICAL
PROCEDURES
SIGNIFICANTCONTROLSCOMFORT
NO/LIMITEDCONTROLSCOMFORT
Auditcomfortcycle
MAINLY TESTSOF DETAILS
27
Achieving the Right Balance
No/Limited Controls Comfort Significant Controls Comfort
28
Assurance Hierarchy
Will we obtain audit assurance from tests of controls?
Test controls.
No further testing required.
Can we obtain audit assurance from substantive analytical procedures?
Perform substantive analytical procedures.
Perform tests of details.
Do we need additional audit assurance?
No
Yes No
No
Yes
Yes
29
Other Audit Procedures
Market Overview
Strategy Value Creating Activities
Financial Performance
OTHER AUDIT PROCEDURES FINANCIAL STATEMENTS
COMPLETION
ACCEPTANCE/CONTINUANCE ASSESSMENT
SUBSTANTIVE AUDIT EVIDENCE
MAINLY SUBSTANTIVEANALYTICAL
PROCEDURES
SIGNIFICANTCONTROLSCOMFORT
NO/LIMITEDCONTROLSCOMFORT
Auditcomfortcycle
MAINLY TESTSOF DETAILS
30
Other Audit Procedures: More Connecting the Dots
• Link management informationmanagement information to financial statements
• Review adjustmentsadjustments necessary to reconcile management information to the financial statements
• Review non-standard journal entries and other adjustments to ascertain whether entries may be indicative of fraudindicative of fraud based upon the risk of management override on controls
• Perform ongoing analytical procedures, including updating analytical procedures related to revenueanalytical procedures related to revenue
31
Audit Committee Communications Framework: Objectives
• Promote effective and candid communications
• Enhance timely reporting, dialogue and sharing views– Service approach – Risk and Control– Financial Reporting– Governance
• Provide consistency in our deliverables through recommended templates and practice aids
32
Service approach
Risk and control
Financial reporting
Governance
Ongoing assessment of needs & expectations
[Indicate timing] [Indicate timing] [Indicate timing] [Indicate timing]
Understanding the audit Staying informed Resolution and completion
Corporate governance:roles and practices
Internal control and business issues report
Assessing our performance and yours
– Reporting timetable– Business unit
scope– Engagement team– Other deliverables
Risk analysis
Perspectives on fraud risk
Other regulatory requirements – plan
Our audit plan
Communications plan
Risk condition alert
Transparency of corporate reporting
Reportingrequirements
– Internal control deficiencies
– Accounting policies
– Management judgments
– Quality of earnings
– Independence
– Transparency
Audit opinionBest
practices in corporate reporting
Audit principles and practices
Engagement letter and independence confirmation
Update on accounting/audit issues and risk analysis
Quarterly review
Quarterly review
Quarterly review
Getting started
Audit Committee Communications Plan
33
The EISA Audit
• Global approach adaptable to all clients
• Designed for continuous improvement
• Performance metrics will play a larger role in future audits
• Audit quality is at the core of our long term business objectives.
Related Documents
