Audit Planning and Risk Assessment

PLANNING AN AUDIT OF FINANCIAL STATEMENTS

  • This ISA deals with the auditor's responsibility to plan an audit of financial statements.

  • It is written in the context of recurring audits, with additional considerations for initial audit engagements.

The Role and Timing of Planning

  • Planning involves establishing the overall audit strategy and developing an audit plan.

  • Adequate planning benefits the audit in several ways:

    • Focusing attention on important areas.

    • Identifying and resolving potential problems on a timely basis.

    • Organizing and managing the audit effectively and efficiently.

    • Selecting appropriate engagement team members and assigning work properly.

    • Facilitating direction, supervision, and review of team members' work.

    • Assisting in coordination with auditors of components and experts.

Effective Date

  • This ISA is effective for audits of financial statements for periods beginning on or after December 15, 2009.

Objective

  • The auditor's objective is to plan the audit so that it will be performed effectively.

Requirements

Involvement of Key Engagement Team Members

  • The engagement partner and other key team members must be involved in planning, including participating in discussions among team members.

Preliminary Engagement Activities

  • The auditor must undertake these activities at the beginning of the audit:

    • Performing procedures required by ISA 220 regarding the continuance of the client relationship and the specific audit engagement.

    • Evaluating compliance with relevant ethical requirements, including independence, in accordance with ISA 220.

    • Establishing an understanding of the terms of the engagement, as required by ISA 210.

Planning Activities

  • The auditor must establish an overall audit strategy that sets the scope, timing, and direction of the audit and guides the development of the audit plan.

  • In establishing the overall audit strategy, the auditor must:

    • Identify the characteristics of the engagement that define its scope.

    • Ascertain the reporting objectives of the engagement to plan the timing of the audit and the nature of the communications required.

    • Consider factors that are significant in directing the engagement team's efforts.

    • Consider the results of preliminary engagement activities and relevant knowledge gained on other engagements.

    • Ascertain the nature, timing, and extent of resources necessary to perform the engagement.

Audit Plan

  • The auditor must develop an audit plan that includes a description of:

    • The nature, timing, and extent of planned risk assessment procedures, as determined under ISA 315.

    • The nature, timing, and extent of planned further audit procedures at the assertion level, as determined under ISA 330.

    • Other planned audit procedures required to comply with ISAs.

Updating the Audit Strategy and Plan

  • The auditor shall update and change the overall audit strategy and the audit plan as necessary during the course of the audit.

Direction, Supervision and Review

  • The auditor must plan the nature, timing, and extent of direction and supervision of engagement team members and the review of their work.

Documentation

  • The auditor must include in the audit documentation:

    • The overall audit strategy.

    • The audit plan.

    • Any significant changes made during the audit engagement to the overall audit strategy or the audit plan, and the reasons for such changes.

Additional Considerations in Initial Audit Engagements

  • The auditor must undertake these activities prior to starting an initial audit:

    • Performing procedures required by ISA 220 regarding the acceptance of the client relationship and the specific audit engagement.

    • Communicating with the predecessor auditor, where there has been a change of auditors, in compliance with relevant ethical requirements.

Application and Other Explanatory Material

The Role and Timing of Planning

  • The nature and extent of planning activities vary according to the size and complexity of the entity, the engagement team's previous experience, and changes in circumstances.

  • Planning is a continual and iterative process that begins shortly after the completion of the previous audit and continues until the completion of the current audit engagement.

  • Planning includes considering the timing of activities and audit procedures that need to be completed prior to performing further audit procedures.

    • Analytical procedures to be applied as risk assessment procedures.

    • Obtaining a general understanding of the legal and regulatory framework applicable to the entity and how the entity is complying with that framework.

    • The determination of materiality.

    • The involvement of experts.

    • The performance of other risk assessment procedures.

  • The auditor may discuss elements of planning with the entity's management to facilitate the conduct and management of the audit engagement, but the overall audit strategy and the audit plan remain the auditor's responsibility.

  • Care is required when discussing matters included in the overall audit strategy or audit plan in order not to compromise the effectiveness of the audit.

Involvement of Key Engagement Team Members

  • Involving the engagement partner and other key members of the engagement team in planning the audit enhances the effectiveness and efficiency of the planning process.

Considerations in Establishing the Overall Audit Strategy

Characteristics of the Engagement

  • The financial reporting framework on which the financial information to be audited has been prepared, including any need for reconciliations to another financial reporting framework.

  • Industry-specific reporting requirements such as reports mandated by industry regulators.

  • The expected audit coverage, including the number and locations of components to be included.

  • The nature of the control relationships between a parent and its components that determine how the group is to be consolidated.

  • The extent to which components are audited by other auditors.

  • The nature of the business segments to be audited, including the need for specialized knowledge.

  • The reporting currency to be used, including any need for currency translation for the financial information audited.

  • The need for a statutory audit of standalone financial statements in addition to an audit for consolidation purposes.

  • The availability of the work of internal auditors and the extent of the auditor's potential reliance on such work.

  • The entity's use of service organizations and how the auditor may obtain evidence concerning the design or operation of controls performed by them.

  • The expected use of audit evidence obtained in previous audits, for example, audit evidence related to risk assessment procedures and tests of controls.

  • The effect of information technology on the audit procedures, including the availability of data and the expected use of computer-assisted audit techniques.

  • The coordination of the expected coverage and timing of the audit work with any reviews of interim financial information and the effect on the audit of the information obtained during such reviews.

  • The availability of client personnel and data.

Reporting Objectives, Timing of the Audit, and Nature of Communications

  • The entity's timetable for reporting, such as at interim and final stages.

  • The organization of meetings with management and those charged with governance to discuss the nature, timing and extent of the audit work.

  • The discussion with management and those charged with governance regarding the expected type and timing of reports to be issued and other communications, both written and oral, including the auditor's report, management letters and communications to those charged with governance.

  • The discussion with management regarding the expected communications on the status of audit work throughout the engagement.

  • Communication with auditors of components regarding the expected types and timing of reports to be issued and other communications in connection with the audit of components.

  • The expected nature and timing of communications among engagement team members, including the nature and timing of team meetings and timing of the review of work performed.

  • Whether there are any other expected communications with third parties, including any statutory or contractual reporting responsibilities arising from the audit.

Significant Factors, Preliminary Engagement Activities, and Knowledge Gained on Other Engagements

  • The determination of materiality in accordance with ISA 320 and, where applicable:

    • The determination of materiality for components and communication thereof to component auditors in accordance with ISA 600.

    • The preliminary identification of significant components and material classes of transactions, account balances and disclosures.

  • Preliminary identification of areas where there may be a higher risk of material misstatement.

  • The impact of the assessed risk of material misstatement at the overall financial statement level on direction, supervision and review.

  • The manner in which the auditor emphasizes to engagement team members the need to maintain a questioning mind and to exercise professional skepticism in gathering and evaluating audit evidence.

  • Results of previous audits that involved evaluating the operating effectiveness of internal control, including the nature of identified deficiencies and action taken to address them.

  • The discussion of matters that may affect the audit with firm personnel responsible for performing other services to the entity.

  • Evidence of management's commitment to the design, implementation and maintenance of sound internal control, including evidence of appropriate documentation of such internal control.

  • Volume of transactions, which may determine whether it is more efficient for the auditor to rely on internal control.

  • Importance attached to internal control throughout the entity to the successful operation of the business.

  • Significant business developments affecting the entity, including changes in information technology and business processes, changes in key management, and acquisitions, mergers and divestments.

  • Significant industry developments such as changes in industry regulations and new reporting requirements.

  • Significant changes in the financial reporting framework, such as changes in accounting standards.

  • Other significant relevant developments, such as changes in the legal environment affecting the entity.

Nature, Timing and Extent of Resources

  • The selection of the engagement team (including, where necessary, the engagement quality control reviewer) and the assignment of audit work to the team members, including the assignment of appropriately experienced team members to areas where there may be higher risks of material misstatement.

  • Engagement budgeting, including considering the appropriate amount of time to set aside for areas where there may be higher risks of material misstatement.

IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT

Introduction

Scope of this ISA

  • This ISA deals with the auditor's responsibility to identify and assess the risks of material misstatement in the financial statements through understanding the entity and its environment, including the entity's internal control.

Effective Date

  • This ISA is effective for audits of financial statements for periods beginning on or after December 15, 2009.

Objective

  • The auditor's objective is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, through understanding the entity and its environment, including the entity's internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.

Definitions

  • Assertions - Representations by management, explicit or otherwise, that are embodied in the financial statements, as used by the auditor to consider the different types of potential misstatements that may occur.

  • Business risk - A risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entity's ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies.

  • Internal control - The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity's objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations. The term "controls" refers to any aspects of one or more of the components of internal control.

  • Risk assessment procedures - The audit procedures performed to obtain an understanding of the entity and its environment, including the entity's internal control, to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels.

  • Significant risk - An identified and assessed risk of material misstatement that, in the auditor's judgment, requires special audit consideration.

Requirements

Risk Assessment Procedures and Related Activities

  • The auditor must perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels. Risk assessment procedures by themselves, however, do not provide sufficient appropriate audit evidence on which to base the audit opinion.

  • The risk assessment procedures shall include the following:

    • Inquiries of management, and of others within the entity who in the auditor's judgment may have information that is likely to assist in identifying risks of material misstatement due to fraud or error.

    • Analytical procedures.

    • Observation and inspection.

  • The auditor must consider whether information obtained from the auditor's client acceptance or continuance process is relevant to identifying risks of material misstatement.

  • If the engagement partner has performed other engagements for the entity, the engagement partner must consider whether information obtained is relevant to identifying risks of material misstatement.

  • Where the auditor intends to use information obtained from the auditor's previous experience with the entity and from audit procedures performed in previous audits, the auditor must determine whether changes have occurred since the previous audit that may affect its relevance to the current audit.

  • The engagement partner and other key engagement team members shall discuss the susceptibility of the entity's financial statements to material misstatement, and the application of the applicable financial reporting framework to the entity's facts and circumstances. The engagement partner shall determine which matters are to be communicated to engagement team members not involved in the discussion.

The Required Understanding of the Entity and Its Environment, Including the Entity's Internal Control
The Entity and Its Environment

  • The auditor must obtain an understanding of the following:

    • Relevant industry, regulatory, and other external factors including the applicable financial reporting framework.

    • The nature of the entity, including:

      • its operations;

      • its ownership and governance structures;

      • the types of investments that the entity is making and plans to make, including investments in special-purpose entities; and

      • the way that the entity is structured and how it is financed,
        to enable the auditor to understand the classes of transactions, account balances, and disclosures to be expected in the financial statements.

    • The entity's selection and application of accounting policies, including the reasons for changes thereto. The auditor must evaluate whether the entity's accounting policies are appropriate for its business and consistent with the applicable financial reporting framework and accounting policies used in the relevant industry.

    • The entity's objectives and strategies, and those related business risks that may result in risks of material misstatement.

    • The measurement and review of the entity's financial performance.

The Entity's Internal Control

  • The auditor must obtain an understanding of internal control relevant to the audit. Although most controls relevant to the audit are likely to relate to financial reporting, not all controls that relate to financial reporting are relevant to the audit. It is a matter of the auditor's professional judgment whether a control, individually or in combination with others, is relevant to the audit.

Nature and Extent of the Understanding of Relevant Controls

  • When obtaining an understanding of controls that are relevant to the audit, the auditor must evaluate the design of those controls and determine whether they have been implemented, by performing procedures in addition to inquiry of the entity's personnel.

Components of Internal Control

  • Control environment

    • The auditor must obtain an understanding of the control environment. As part of obtaining this understanding, the auditor must evaluate whether:

      • Management, with the oversight of those charged with governance, has created and maintained a culture of honesty and ethical behavior; and

      • The strengths in the control environment elements collectively provide an appropriate foundation for the other components of internal control, and whether those other components are not undermined by deficiencies in the control environment.

  • The entity's risk assessment process

    • The auditor shall obtain an understanding of whether the entity has a process for:

      • Identifying business risks relevant to financial reporting objectives;

      • Estimating the significance of the risks;

      • Assessing the likelihood of their occurrence; and

      • Deciding about actions to address those risks.

    • If the entity has established such a process (referred to hereafter as the "entity's risk assessment process"), the auditor shall obtain an understanding of it, and the results thereof. If the auditor identifies risks of material misstatement that management failed to identify, the auditor shall evaluate whether there was an underlying risk of a kind that the auditor expects would have been identified by the entity's risk assessment process. If there is such a risk, the auditor shall obtain an understanding of why that process failed to identify it, and evaluate whether the process is appropriate to its circumstances or determine if there is a significant deficiency in internal control with regard to the entity's risk assessment process.

    • If the entity has not established such a process or has an ad hoc process, the auditor shall discuss with management whether business risks relevant to financial reporting objectives have been identified and how they have been addressed. The auditor shall evaluate whether the absence of a documented risk assessment process is appropriate in the circumstances, or determine whether it represents a significant deficiency in internal control.

  • The information system, including the related business processes, relevant to financial reporting, and communication

    • The auditor must obtain an understanding of the information system, including the related business processes, relevant to financial reporting, including the following areas:

      • The classes of transactions in the entity's operations that are significant to the financial statements;

      • The procedures, within both information technology (IT) and manual systems, by which those transactions are initiated, recorded, processed, corrected as necessary, transferred to the general ledger and reported in the financial statements;

      • The related accounting records, supporting information and specific accounts in the financial statements that are used to initiate, record, process and report transactions; this includes the correction of incorrect information and how information is transferred to the general ledger. The records may be in either manual or electronic form;

      • How the information system captures events and conditions, other than transactions, that are significant to the financial statements;

      • The financial reporting process used to prepare the entity's financial statements, including significant accounting estimates and disclosures; and

      • Controls surrounding journal entries, including non-standard journal entries used to record non-recurring, unusual transactions or adjustments.

    • The auditor must obtain an understanding of how the entity communicates financial reporting roles and responsibilities and significant matters relating to financial reporting, including:

      • Communications between management and those charged with governance; and

      • External communications, such as those with regulatory authorities.

  • Control activities relevant to the audit

    • The auditor must obtain an understanding of control activities relevant to the audit, being those the auditor judges it necessary to understand in order to assess the risks of material misstatement at the assertion level and design further audit procedures responsive to assessed risks. An audit does not require an understanding of all the control activities related to each significant class of transactions, account balance, and disclosure in the financial statements or to every assertion relevant to them.

    • In understanding the entity's control activities, the auditor must obtain an understanding of how the entity has responded to risks arising from IT.

  • Monitoring of controls

    • The auditor must obtain an understanding of the major activities that the entity uses to monitor internal control over financial reporting, including those related to those control activities relevant to the audit, and how the entity initiates remedial actions to deficiencies in its controls.

    • If the entity has an internal audit function, the auditor shall obtain an understanding of the following in order to determine whether the internal audit function is likely to be relevant to the audit:

      • The nature of the internal audit function's responsibilities and how the internal audit function fits in the entity's organizational structure; and

      • The activities performed, or to be performed, by the internal audit function.

    • The auditor must obtain an understanding of the sources of the information used in the entity's monitoring activities, and the basis upon which management considers the information to be sufficiently reliable for the purpose.

Identifying and Assessing the Risks of Material Misstatement

  • The auditor must identify and assess the risks of material misstatement at:

    • the financial statement level; and

    • the assertion level for classes of transactions, account balances, and disclosures,
      to provide a basis for designing and performing further audit procedures.

  • For this purpose, the auditor must:

    • Identify risks throughout the process of obtaining an understanding of the entity and its environment, including relevant controls that relate to the risks, and by considering the classes of transactions, account balances, and disclosures in the financial statements;

    • Assess the identified risks, and evaluate whether they relate more pervasively to the financial statements as a whole and potentially affect many assertions;

    • Relate the identified risks to what can go wrong at the assertion level, taking account of relevant controls that the auditor intends to test; and

    • Consider the likelihood of misstatement, including the possibility of multiple misstatements, and whether the potential misstatement is of a magnitude that could result in a material misstatement.

Risks That Require Special Audit Consideration

  • As part of the risk assessment, the auditor must determine whether any of the risks identified are, in the auditor's judgment, a significant risk. In exercising this judgment, the auditor must exclude the effects of identified controls related to the risk.

  • In exercising judgment as to which risks are significant risks, the auditor must consider at least the following:

    • Whether the risk is a risk of fraud;

    • Whether the risk is related to recent significant economic, accounting or other developments and, therefore, requires specific attention;

    • The complexity of transactions;

    • Whether the risk involves significant transactions with related parties;

    • The degree of subjectivity in the measurement of financial information related to the risk, especially those measurements involving a wide range of measurement uncertainty; and

    • Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual.

  • If the auditor has determined that a significant risk exists, the auditor must obtain an understanding of the entity's controls, including control activities, relevant to that risk.

Risks for Which Substantive Procedures Alone Do Not Provide Sufficient Appropriate Audit Evidence

  • In respect of some risks, the auditor may judge that it is not possible or practicable to obtain sufficient appropriate audit evidence only from substantive procedures. Such risks may relate to the inaccurate or incomplete recording of routine and significant classes of transactions or account balances, the characteristics of which often permit highly automated processing with little or no manual intervention. In such cases, the entity's controls over such risks are relevant to the audit and the auditor must obtain an understanding of them.

Revision of Risk Assessment

  • The auditor's assessment of the risks of material misstatement at the assertion level may change during the course of the audit as additional audit evidence is obtained. In circumstances where the auditor obtains audit evidence from performing further audit procedures, or if new information is obtained, either of which is inconsistent with the audit evidence on which the auditor originally based the assessment, the auditor must revise the assessment and modify the further planned audit procedures accordingly.

Documentation

  • The auditor must include in the audit documentation:

    • The discussion among the engagement team where required by paragraph 10, and the significant decisions reached;

    • Key elements of the understanding obtained regarding each of the aspects of the entity and its environment specified in paragraph 11 and of each of the internal control components specified in paragraphs 14–24; the sources of information from which the understanding was obtained; and the risk assessment procedures performed;

    • The identified and assessed risks of material misstatement at the financial statement level and at the assertion level as required by paragraph 25; and

    • The risks identified, and related controls about which the auditor has obtained an understanding, as a result of the requirements in paragraphs 27-30.

Risk Assessment Procedures and Related Activities

  • Obtaining an understanding of the entity and its environment, including the entity's internal control (referred to hereafter as an “understanding of the entity”), is a continuous, dynamic process of gathering, updating and analyzing information throughout the audit. The understanding establishes a frame of reference within which the auditor plans the audit and exercises professional judgment throughout the audit, for example, when:

    • Assessing risks of material misstatement of the financial statements;

    • Determining materiality in accordance with ISA 320;

    • Considering the appropriateness of the selection and application of accounting policies, and the adequacy of financial statement disclosures;

    • Identifying areas where special audit consideration may be necessary, for example, related party transactions, the appropriateness of

MATERIALITY IN PLANNING AND PERFORMING AN AUDIT

Introduction

Scope of this ISA

  • This International Standard on Auditing (ISA) deals with the auditor's responsibility to apply the concept of materiality in planning and performing an audit of financial statements. ISA 450 explains how materiality is applied in evaluating the effect of identified misstatements on the audit and of uncorrected misstatements, if any, on the financial statements.

Materiality in the Context of an Audit

  • Financial reporting frameworks often discuss the concept of materiality in the context of the preparation and presentation of financial statements.

  • Although financial reporting frameworks may discuss materiality in different terms, they generally explain that:

    • Misstatements, including omissions, are considered to be material if they, individually or in the aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements;

    • Judgments about materiality are made in light of surrounding circumstances, and are affected by the size or nature of a misstatement, or a combination of both; and

    • Judgments about matters that are material to users of the financial statements are based on a consideration of the common financial information needs of users as a group. The possible effect of misstatements on specific individual users, whose needs may vary widely, is not considered.

  • Such a discussion, if present in the applicable financial reporting framework, provides a frame of reference to the auditor in determining materiality for the audit. If the applicable financial reporting framework does not include a discussion of the concept of materiality, the characteristics referred to in paragraph 2 provide the auditor with such a frame of reference.

  • The auditor's determination of materiality is a matter of professional judgment, and is affected by the auditor's perception of the financial information needs of users of the financial statements. In this context, it is reasonable for the auditor to assume that users:

    • Have a reasonable knowledge of business and economic activities and accounting and a willingness to study the information in the financial statements with reasonable diligence;

    • Understand that financial statements are prepared, presented and audited to levels of materiality;

    • Recognize the uncertainties inherent in the measurement of amounts based on the use of estimates, judgment and the consideration of future events; and

    • Make reasonable economic decisions on the basis of the information in the financial statements.

  • The concept of materiality is applied by the auditor both in planning and performing the audit, and in evaluating the effect of identified misstatements on the audit and of uncorrected misstatements, if any, on the financial statements and in forming the opinion in the auditor's report.

  • In planning the audit, the auditor makes judgments about the size of misstatements that will be considered material. These judgments provide a basis for:

    • Determining the nature, timing and extent of risk assessment procedures;

    • Identifying and assessing the risks of material misstatement; and

    • Determining the nature, timing and extent of further audit procedures.

  • The materiality determined when planning the audit does not necessarily establish an amount below which uncorrected misstatements, individually or in the aggregate, will always be evaluated as immaterial. The circumstances related to some misstatements may cause the auditor to evaluate them as material even if they are below materiality.

  • Although it is not practicable to design audit procedures to detect misstatements that could be material solely because of their nature, the auditor considers not only the size but also the nature of uncorrected misstatements, and the particular circumstances of their occurrence, when evaluating their effect on the financial statements.

Effective Date

  • This ISA is effective for audits of financial statements for periods beginning on or after December 15, 2009.

Objective

  • The objective of the auditor is to apply the concept of materiality appropriately in planning and performing the audit.

Definition

  • For purposes of the ISAs, performance materiality means the amount or amounts set by the auditor at less than materiality for the financial statements as a whole to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole.

  • If applicable, performance materiality also refers to the amount or amounts set by the auditor at less than the materiality level or levels for particular classes of transactions, account balances or disclosures.

Requirements

Determining Materiality and Performance Materiality When Planning the Audit

  • When establishing the overall audit strategy, the auditor must determine materiality for the financial statements as a whole.

  • If, in the specific circumstances of the entity, there is one or more particular classes of transactions, account balances or disclosures for which misstatements of lesser amounts than materiality for the financial statements as a whole could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements, the auditor must also determine the materiality level or levels to be applied to those particular classes of transactions, account balances or disclosures.

  • The auditor must determine performance materiality for purposes of assessing the risks of material misstatement and determining the nature, timing and extent of further audit procedures.

Revision as the Audit Progresses

  • The auditor must revise materiality for the financial statements as a whole (and, if applicable, the materiality level or levels for particular classes of transactions, account balances or disclosures) in the event of becoming aware of information during the audit that would have caused the auditor to have determined a different amount (or amounts) initially.

  • If the auditor concludes that a lower materiality for the financial statements as a whole (and, if applicable, materiality level or levels for particular classes of transactions, account balances or disclosures) than that initially determined is appropriate, the auditor must determine whether it is necessary to revise performance materiality, and whether the nature, timing and extent of the further audit procedures remain appropriate.

Documentation

  • The auditor must include in the audit documentation the following amounts and the factors considered in their determination:

    • Materiality for the financial statements as a whole.

    • If applicable, the materiality level or levels for particular classes of transactions, account balances or disclosures.

    • Performance materiality.

    • Any revision of (a)-(c) as the audit progressed.

Materiality and Audit Risk

  • In conducting an audit of financial statements, the overall objectives of the auditor are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework; and to report on the financial statements, and communicate as required by the ISAs, in accordance with the auditor's findings.

  • The auditor obtains reasonable assurance by obtaining sufficient appropriate audit evidence to reduce audit risk to an acceptably low level. Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk.

  • Materiality and audit risk are considered throughout the audit, in particular, when:

    • Identifying and assessing the risks of material misstatement;

    • Determining the nature, timing and extent of further audit procedures; and

    • Evaluating the effect of uncorrected misstatements, if any, on the financial statements and in forming the opinion in the auditor's report.

Determining Materiality and Performance Materiality When Planning the Audit
Considerations Specific to Public Sector Entities

  • In the case of a public sector entity, legislators and regulators are often the primary users of its financial statements. Furthermore, the financial statements may be used to make decisions other than economic decisions. The determination of materiality for the financial statements as a whole (and, if applicable, materiality level or levels for particular classes of transactions, account balances or disclosures) in an audit of the financial statements of a public sector entity is therefore influenced by law, regulation or other authority, and by the financial information needs of legislators and the public in relation to public sector programs.

Use of Benchmarks in Determining Materiality for the Financial Statements as a Whole

  • Determining materiality involves the exercise of professional judgment. A percentage is often applied to a chosen benchmark as a starting point in determining materiality for the financial statements as a whole.

  • Factors that may affect the identification of an appropriate benchmark include the following:

    • The elements of the financial statements (for example, assets, liabilities, equity, revenue, expenses);

    • Whether there are items on which the attention of the users of the particular entity's financial statements tends to be focused (for example, for the purpose of evaluating financial performance users may tend to focus on profit, revenue or net assets);

    • The nature of the entity, where the entity is in its life cycle, and the industry and economic environment in which the entity operates;

    • The entity's ownership structure and the way it is financed (for example, if an entity is financed solely by debt rather than equity, users may put more emphasis on assets, and claims on them, than on the entity's earnings); and

    • The relative volatility of the benchmark.

  • Examples of benchmarks that may be appropriate, depending on the circumstances of the entity, include categories of reported income such as profit before tax, total revenue

AUDIT EVIDENCE

Introduction

Scope of this ISA

  • This ISA explains what constitutes audit evidence in an audit of financial statements, and deals with the auditor's responsibility to design and perform audit procedures to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor's opinion.

  • This ISA is applicable to all the audit evidence obtained during the course of the audit. Other ISAs deal with specific aspects of the audit (for example, ISA 315), the audit evidence to be obtained in relation to a particular topic (for example, ISA 570), specific procedures to obtain audit evidence (for example, ISA 520), and the evaluation of whether sufficient appropriate audit evidence has been obtained (ISA 200 and ISA 330).

Effective Date

  • This ISA is effective for audits of financial statements for periods beginning on or after December 15, 2009.

Objective

  • The objective of the auditor is to design and perform audit procedures in such a way as to enable the auditor to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the auditor's opinion.

Definitions

  • Accounting records - The records of initial accounting entries and supporting records, such as checks and records of electronic fund transfers; invoices; contracts; the general and subsidiary ledgers, journal entries and other adjustments to the financial statements that are not reflected in journal entries; and records such as work sheets and spreadsheets supporting cost allocations, computations, reconciliations and disclosures.

  • Appropriateness (of audit evidence) – The measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for the conclusions on which the auditor's opinion is based.

  • Audit evidence – Information used by the auditor in arriving at the conclusions on which the auditor's opinion is based. Audit evidence includes both information contained in the accounting records underlying the financial statements and other information.

  • Management's expert - An individual or organization possessing expertise in a field other than accounting or auditing, whose work in that field is used by the entity to assist the entity in preparing the financial statements.

  • Sufficiency (of audit evidence) - The measure of the quantity of audit evidence. The quantity of the audit evidence needed is affected by the auditor's assessment of the risks of material misstatement and also by the quality of such audit evidence.

Requirements

Sufficient Appropriate Audit Evidence

  • The auditor must design and perform audit procedures that are appropriate in the circumstances for the purpose of obtaining sufficient appropriate audit