Audit & Assurance 3

This flashcard set covers the audit process phases, pre-engagement procedures, internal control components (CRIME), and methods for documenting and testing auditing environments based on lecture notes.

The Audit Process- Phase 1: Plan and design the audit approach

The initial stage of the audit process including pre-engagement procedures, accepting the client, understanding the business, understanding internal control, assessing risk, and finalizing the audit strategy.

Phase 2: Perform tests of controls and substantive tests of transactions

The stage where the auditor tests controls they plan to rely on and conducts tests of specific transactions.

Phase 3: Perform substantive analytical procedures and tests of details

Includes analytical procedures, tests of key items, additional tests of balances, and tests for presentation and disclosure.

Phase 4: Complete the audit and issue the audit report

The final stage involving accumulating final evidence, evaluating results, issuing the report, and communicating with the audit committee.

Professional clearance

The process where a proposed new auditor contacts the outgoing auditor before accepting appointment, requiring initial permission from the client.

ISA 210

The international standard under which the auditor must check that preconditions for an audit exist before acceptance.

Preconditions for an audit

Acceptable financial reporting framework, Management accepts its responsibilities: preparing the financial statements, maintaining internal controls, providing additional info requested by auditors and access to relevant info, giving unrestricted access to staff

Engagement letter

A written agreement between auditor and client issued before the audit starts to confirm acceptance, avoid misunderstandings, and set out responsibilities and scope.

ISA 315

The standard that requires auditors to understand the client and its environment to help assess audit risk, decide strategy, and design procedures.

Procedures used to understand the client: Inquiry

A procedure used to understand the client by asking management and others questions.

Analytical procedures

Comparing financial and non-financial information to identify unusual trends or relationships, such as revenue increasing while profit decreases.

Observation

A procedure used to understand the client by watching processes or controls being performed.

Inspection

A procedure used to understand the client by reviewing documents, records, reports, and manuals.

Internal control

A process designed, implemented, and maintained by management to provide reasonable assurance about reliable financial reporting, effective operations, and legal compliance.

CRIME

A mnemonic for the five components of internal control: Control activities, Risk assessment process, Information system, Monitoring of controls, and Environment/Control environment.

Control activities

The 'C' in CRIME; policies and procedures like segregation of duties, access controls, and reconciliations that ensure management instructions are carried out.

Risk assessment process

How the business identifies & responds to risks relevant to financial reporting

Information system, including financial reporting system

Processes & records for initiating, recording, processing and reporting transactions

Monitoring of controls

Ongoing review of whether controls are working effectively, e.g. document review, supervision, following up customer complaints

Environment/Control environment

The 'E' in CRIME; the tone set by management and directors, including management philosophy, operating style, and organizational structure.

Evaluating Internal Controls- Step 1: Obtain Preliminary Understanding

auditor gains an initial understanding by asking client personnel, inspecting documents, observing control procedures

Step 2: Document the understanding

The auditor documents the accounting system using flowcharts, narrative descriptions and internal control does questionnaires

Step 3: Evaluate internal accounting controls

The auditor classifies controls as either strengths or deficiencies

Step 4: Report on internal control (ISA 265)

The standard requiring auditors to report significant control deficiencies to management and those charged with governance, preferably in writing.

Narrative descriptions

Written descriptions of accounting routines, including who prepares, reviews, and files documents, and authorization procedures.

Flowcharts

Diagrams used to document an understanding of the accounting system by showing the flow of documents or information.

Internal control questionnaires

A list of control-related questions usually answered 'yes' or 'no' to identify whether expected controls exist.

Compliance testing

Tests that determine whether controls are in place and consistently applied, such as checking approval procedures or reviewing system logs.

Substantive testing

Tests that determine whether transactions and balances are correct, such as checking calculations or verifying data accuracy.

Inherent limitations of internal controls

Factors that prevent a guarantee of error-free/fraudulent operations, including cost-benefit limitations, human error, collusion, management override, and non-routine transactions.

Internal audit

An independent assurance and consulting activity designed to improve operations; it is more detective in nature than internal control as it reviews whether controls and processes are working and can identify weaknesses and recommend improvements

Internal Control

A system/process designed to help achieve reliable reporting, efficient operations and legal compliance, it’s preventive in nature and includes segregation duties, approvals, backups

Three lines of defence model

A model where the 1st line is management/internal control measures, the 2nd line is risk management/compliance, and the 3rd line is internal audit. External audit sits outside the organisation and provides independent assurance.