recent developments in auditing standards n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Recent developments in auditing standards PowerPoint Presentation
Download Presentation
Recent developments in auditing standards

Loading in 2 Seconds...

play fullscreen
1 / 103

Recent developments in auditing standards - PowerPoint PPT Presentation


  • 212 Views
  • Uploaded on

Recent developments in auditing standards. Bangalore Branch of SIRC of ICAI 15 th December 2010. CA Suresh DM. A ll U D O I S T ICKING. Auditing Standards: Indian Perspective. Auditing Standards are codification of existing best practices in the area of auditing .

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Recent developments in auditing standards' - zarita


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
recent developments in auditing standards

Recent developments in auditing standards

Bangalore Branch of SIRC of ICAI

15th December 2010

CA Suresh DM

auditing standards indian perspective
Auditing Standards: Indian Perspective
  • Auditing Standards are codification of existing best practices in the area of auditing.
  • International Standards on Auditing (ISAs) are issued by the IAASB of IFAC.
  • In India, the ICAI formulates Auditing and Assurance Standards (AASs).
  • Basic Considerations behind AASs formulation
    • Harmonization with ISAs, to the extent possible – a Membership obligation for ICAI
    • Applicable laws in India.
    • Customs, usages & business environment in India.
auditing standards indian perspective1
Auditing Standards: Indian Perspective
  • Companies Bill 2009 – NACAAS to be given authority to notify Auditing Standards
  • MCA has observed that Auditing Standards are currently issued by a “Single Institute”.

The fact is standards are issued after due consultations by releasing Exposure Drafts

auditing standards indian perspective contd
Auditing Standards: Indian Perspective (contd. …)

Scope of AASs

  • Apply whenever independent audit carried out.
  • Apply irrespective of size, legal form or commercial motives of the client.
  • May appropriately apply to other functions of auditors.

Authority Attached to AASs

  • Mandatory compliance by members of ICAI.
  • Material departures from AASs to be brought out in the report
engagement quality control standards
Engagement & Quality Control Standards

Road to Convergence – Clarity Project

AASB founder member of IFAC

Auditing standards based to the extent possible on corresponding International Standards (IS) of International Auditing and Assurance Standards Board (IAASB).

Chalked out timeline for bridging gap in convergence with IS under IAASB Clarity Project

Revised the entire suite of 36 Standards on Auditing in line with the International Standards.

engagement quality control standards1
Engagement & Quality Control Standards

AASB’s response to IAASB Clarity Project (2006 till date):

Revised & more rigorous Due Process

Revised Framework & Preface

AASs renamed & renumbered in line with IAASB terminology – ENGAGEMENT STANDARDS:

Standards on Auditing

Standards on Review Engagements

Standards on Assurance Engagements

Standards on Related Services

Mother Standard on Quality Control

Revised/ new Standards on Fraud, Audit Planning & Risk-based Audits

Many new/ revised Standards in pipeline

clarity project
Clarity Project
  • Exercise to rewrite and Update.

Includes :

  • Identifying the overall objectives of the auditor when conducting an audit in accordance with ISAs, setting an objective in each ISA, and establishing an obligation on the auditor in relation to those objectives
  • Clarifying the obligations imposed on auditors by the requirements of the ISAs and the language used to communicate such requirements
  • Eliminating ambiguity about the requirements the auditor needs to fulfil.
layout of standards
Layout of Standards
  • Scope
  • Effective Date
  • Objective
  • Definitions
  • Requirements
  • Application and Other Explanatory material ( Basically details out requirements)
standard on quality control sqc 1
Standard on Quality Control – SQC 1

QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF HISTORICAL FINANCIAL INFORMATION, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS

sqc 1 quality control for firms
SQC 1 – Quality Control for Firms
  • Definitions
  • Elements of a System of Quality Control
  • Leadership Responsibilities for quality within the Firm
  • Ethical Requirements
  • Acceptance and Continuance of Client Relationships
  • Human Resources
  • Engagement Performance
  • Monitoring
  • Documentation
objective of sqc 1
Objective of SQC 1

The firm should establish a system of quality control designed to

  • provide it with reasonable assurance
  • that the firm and its personnel comply with professional standards and regulatory and legal requirements,
  • and that reports issued by the firm or engagement partner(s) are appropriate in the circumstances
meaning of certain terms
Meaning of certain terms

Engagement quality control review –

How:

  • a process designed to provide an

Why

  • objective evaluation,

When

  • before the report is issued,

What

  • of the significant judgments the engagement team made and the conclusions they reached in formulating the report
meaning of certain terms1
Meaning of Certain Terms

Any individual with capabilities to act as engagement partner or

an employee of another firm

Engagement quality control reviewer

    • a partner, other person in the firm,
    • suitably qualified external person,
    • a team made up of such individuals,
  • with sufficient and appropriate experience and authority to objectively evaluate, before the report is issued, the significant judgments the engagement team made and the conclusions they reached in formulating the report.
  • However, in case the review is done by a team of individuals, such team should be headed by a member of the Institute
meaning of certain terms2
Meaning of Certain Terms

Engagement team –

  • all personnel performing an engagement,
  • including any experts contracted by the firm in connection with that engagement
meaning of certain terms network firm change made during clarity project
Meaning of Certain TermsNetwork Firm – Change made during Clarity Project

An entity

  • under common control, ownership or management with the firm or
  • Any entity that a reasonable and informed third party having knowledge of all relevant information would reasonably conclude as being part of the firm nationally or internationally
  • That is aimed at cooperation, and aimed at
    • profit or cost-sharing
    • or shares common ownership, control or management,
    • common quality control policies and procedures,
    • common business strategy,
    • Use of a common brand name, or a significant part of professional resources.

BEFORE

AFTER

leadership responsibilities for quality within the firm
Leadership Responsibilities for Quality within the Firm
  • promote an internal culture for stressing upon quality in deliverance
  • firm’s chief executive officer to assume ultimate responsibility for the firm’s system of quality control
  • Perform work that complies with professional standards and regulatory and legal requirements
how to promote quality oriented internal culture
How to promote quality-oriented internal culture
  • clear, consistent and frequent actions and messages from all levels
  • culture that recognizes and rewards high quality work
  • training seminars, meetings, formal or informal dialogue, mission statements, newsletters, or briefing memoranda.
ethical requirements
Ethical Requirements

The firm should establish procedures that enable its personnel comply with ethical requirements:

(a) Integrity;

(b) Objectivity;

(c) Professional competence and due care;

(d) Confidentiality; and

(e) Professional behavior.

independence
INDEPENDENCE
  • Scope of various services provided to Client not to be threat to Independence
  • Annual Independence confirmation from all the personnel of the Audit Firm regarding independence.
  • Rotation of Partners and Managers to reduce familiarity threat

( SEC Rules – 7 years for listed entities and 10 years for other engagements)

Note: For Sole Proprietors/Individuals auditing listed entities, rotation policy is not applicable. However they need to undergo compulsory Peer Review Process.

threats to independence prohibited activities
Threats to Independence - Prohibited Activities
  • An auditor of an entity is prohibited from providing an audit client, any of nine specified non-audit services.
prohibited non audit activities
Prohibited Non-Audit Activities
  • Bookkeeping or other services related to the accounting records or financial statements of the audit client;
  • Financial information systems design and implementation;
  • Appraisal or valuation services, fairness opinions, or contribution-in-kind reports;
  • Actuarial services;
prohibited non audit activities1
Prohibited Non-Audit Activities
  • Internal audit services;
  • Management functions or human resources;
  • Broker or dealer, investment adviser, or investment banking services;
  • Legal services and expert services unrelated to the audit; and
independence1
Independence
  • Firm Should frame policies so that
    • Firm’s personnel are aware of the independence requirements
    • Partners are provided with relevant data about client hierarchy and threats to independence.
threats to independence
Threats to Independence
  • Independence of Mind
  • Independence of Appearance
    • Threat of potential employment
    • Threat of undue dependence on fees and fear of losing client
    • Threat of self review – review of judgements made in earlier periods
    • Threat of investment in client’s shares
acceptance continuance a c
Acceptance & Continuance ( A&C)
  • Undertake or continue relationships and engagements.
  • Ascertain Integrity of Client
  • Auditor is competent to perform and has sufficient resources.
  • Compliance with ethical requirements achieved
human resource
Human Resource
  • Firms should frame policies to address
    • (a) Recruitment;
    • (b) Performance evaluation;
    • (c) Capabilities;
    • (d) Competence;
    • (e) Career development;
    • (f) Promotion
    • (g) Compensation; and
    • (h) Estimation of personnel needs
engagement performance
Engagement Performance
  • establish consistency in the quality of engagement performance which is accomplished through standardized documentation.
  • Qualitative deliverance involves consultation
review of quality controls and risks rqr process
Review of Quality Controls and Risks ( RQR process)
  • Engagement Quality control review – Objective evaluation of Judgments used, which should be done before issue of report.
  • Must for all Listed Companies Audit
  • Criteria to be set out for other Audits
rqr process
RQR Process
  • Nature, Timing and Extent
  • Criteria for Reviewers
  • Documentation Requirements
other matters
Other Matters
  • Engagement Documentation
    • Final Working Files to be completed and assembled before reports have been finalized.
    • (Means before release of report)
    • Confidentiality, Safe Custody, Integrity, Accessibility and Retrievability of Documentation
    • Retention of Documentation
    • Ownership of Documentation
    • Monitoring Process
slide39
SA 265 - COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT
  • Scope
    • Auditor is required to obtain understanding of internal Control.
    • This understanding is to design appropriate audit procedures and not for purpose of expressing opinion on internal controls.
    • Standard is only a carve out standard from SA 260 – Communicating to those charged with governance.
    • No such separate reporting requirements normally.(Other than SOX assignments)
slide40
SA 265 - COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT
  • This standard is very simple. Contains Just 11 Para in the Main Text.
  • Others clauses are Application and explanatory Material
slide41
SA 265 - COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT
  • Identify deficiencies in Internal Controlon the basis of audit work performed
  • Determine whether they constitute significant deficiencies ( Deficiency which merit immediate attention of Management in terms of likelihood, susceptibility to Loss or Fraud, Amount exposed)
  • Communicate to those charged with Governance
  • Please note it is “communicate to the Management” and not the owners.
    • (Auditor Report under legal framework will be addressed to the Owners/Shareholders.)
slide42
SA 265 - COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT
  • What Should be Communicated
    • Description of Deficiencies
    • Context and effect of such deficiencies
    • Highlight the fact that these are only identified deficiencies in designing the Audit Procedures.
slide43
SA 265 - COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT
  • What type of controls are analysed.
    • General monitoring controls (such as oversight of management).
    • Controls over the prevention and detection of fraud.
    • Controls over the selection and application of significant accounting policies.
    • Controls over significant transactions with related parties.
    • Controls over significant transactions outside the entity’s normal course of business.
    • Controls over the period-end financial reporting process (such as controls over non-recurring journal entries).
sa 402 audit considerations relating to an entity using a service organisation
SA 402 – Audit Considerations relating to an entity using a service organisation.
  • This standard deals with auditors responsibility to obtain sufficient appropriate audit evidence when an entity uses the services of service organisations.
  • Common examples are Actuary Services, Payroll outsourcings, Vendor payment process etc.
sa 402 audit considerations relating to an entity using a service organisation1
SA 402 – Audit Considerations relating to an entity using a service organisation.
  • Methodology of obtaining Audit Comfort
    • Obtain a Type 1 or Type 2 Report
    • Contact/Visit the Service Organization.
    • Using the work of another auditor.
sa 501 audit evidence selected items
SA 501 – Audit Evidence – Selected Items
  • This standard mainly deals with
    • Inventory
    • Litigation and Claims
    • Segment Information
    • Compared to earlier SA 501, this revised standard does not deal with Valuation and Disclosure of Long Term Investments.
sa 501 audit evidence selected items inventory
SA 501 – Audit Evidence – Selected Items - Inventory
  • Attendance at Physical Count
    • Evaluate managements instructions and procedures
    • Observe the performance of managements count procedures
    • Inspect the inventory
    • Perform test counts
    • Verify financial inventory records to ensure it reflects physical counts
sa 501 audit evidence selected items inventory1
SA 501 – Audit Evidence – Selected Items - Inventory
  • If count < or > “Balance Sheet Date”, perform roll forward/backward testing
  • Inventory lying with third party
    • Obtain confirmation
    • Perform Inspection
inventories basic principles

Quantities and prices

Inventories – Basic Principles

50,000 lbs

Ending inventories =

Net income

cenco corporation
Cenco Corporation
  • Changed quantities on inventory tags
  • Altered quantities on computer listings
  • Management created fictitious tags
cenco corporation1
Cenco Corporation

=

  • Management explains:
    • Computer keypunch errors
    • Tags discarded
cenco corporation2
Cenco Corporation

"I am unable to definitely say that the inventory is being inflated, but there are a few things about the new tags which bother me."

sa 501 audit evidence selected items litigations and claims
SA 501 – Audit Evidence – Selected Items – Litigations and Claims
  • Inquiry of in house legal personnel/ Management
  • Reviewing Minutes of Meetings
  • Review Legal Expenses accounts
  • Request confirmation from External Legal Counsel
  • Written representations about completeness of disclosures
sa 520 r analytical procedures
SA 520(R) – Analytical Procedures
  • Types of Procedures
    • Trends
    • Reasonableness Testing
      • For Eg: Bank Deposits to Interest earned
      • Raw Material Consumption to Production
    • Ratios
  • Affected by reliability of data, precision of estimation, source of information etc
gist of requirements of the new sas
Gist of requirements of the new SAs
  • Indicate on the top of the report that it is “INDEPENDENT AUDITORS REPORT”
  • Title should be prominently indicated about
    • “MANAGEMENT RESPONSIBILITY
    • “AUDITOR’S RESPONSIBILITY”
    • “OPINION”
    • Report under other LEGAL FRAMEWORK
      • Reference to CARO, Companies Act to be included in this clause.
gist of requirements of the new sas1
Gist of requirements of the new SAs
  • Opinion on corresponding figures in financial statements
    • Generally audit report is for current period numbers
    • If corresponding figure in previous period was qualified and such matter is unresolved than report should continue reference to the previous corresponding number also.
risk and assessment

RISK AND ASSESSMENT

ASSESSING RISK IN AUDIT PLANNING

focus on risk management
Focus on Risk Management
  • Out of the total 35 general standards
    • There are 6 standards on Risk Management
    • ICAI has come up with a separate Implementation Guide to Risk Based Audit
    • Hence Risk Management is important as the entire Audit Process Revolves around Risk
audit involves
Audit involves
  • Assessing the risks – Risk of Material Misstatements
  • Designing and performing audit procedures to obtain reasonable assurance
  • Issue of audit report
key definitions
Key Definitions
  • Risk: The uncertainty of an event occurring that could have an impact on the achievement of objectives.
  • Risk assessment: A systemic process for assessing and integrating professional judgments about probable adverse conditions and/or events.
  • Risk management: The culture, processes and structures that are directed towards the effective management of potential opportunities and adverse effects.
why only reasonable assurance and not absolute assurance
Why only reasonable assurance and not absolute assurance
  • Limitation on Testing – Use of sampling
  • Internal Control Limitations
  • Undetected Frauds
  • Persuasive nature of audit evidence
  • Reliance on Judgement
results of risk assessment process

H

Impact on Financials

L

H

Probability of Risk

Results of Risk Assessment Process

Target audit resources where risk is greatest!

components of fire
Components of Fire

Heat

Oxygen

FIRE

Fuel

components of fraud
Components of Fraud

Rationalization

Situational Opportunity

FRAUD

Pressureor Motive

top management
Top Management

The ability of top management to override controls significantly increases the likelihood of fraud

fraud comes in bunches
Fraud Comes in Bunches

Theft

Embezzlement

Check Kiting

Conversion

Expense Report

Credit Card

Financial Statement

Laundering

the perfect crime
The Perfect Crime

Any three people can commit the perfect crime as long as two of the three are dead

materiality
Materiality

Immaterial

documentation
Documentation
  • Standardized Documentation to be practiced
slide82

Risk Assessment in Annual Planning:The Tennessee Valley Authority Model

  • A systemic process designed to yield a comprehensive risk assessment
    • core business processes
    • enabling processes
risk planning model
Risk Planning Model

Risk Assessment in Annual Planning:The Tennessee Valley Authority Model

MATERIALITY

PROBABILITY

PROBABILITY

Impact on Enterprise Operations

Visibility and Sensitivity

IDENTIFY AUDIT AREAS

risk factors
Risk Factors

Risk Assessment in Annual Planning:The Tennessee Valley Authority Model

MaterialityPoints

( account balances in INR)

  • Audit Area > 100 million 8-10
  • Audit Area 10 million < 100 million 4-7
  • Audit Area < 10 million 1-3
risk factors1
Risk Factors

Risk Assessment in Annual Planning:The Tennessee Valley Authority Model

Impact on OperationsPoints

  • Significant impact on core business 8-10
  • Significant impact on specificprogram moderate impact on corebusiness 4-7
  • Negligible impact on specific programor core business 1-3
risk factors2
Risk Factors

Risk Assessment in Annual Planning:The Tennessee Valley Authority Model

Public SensitivityPoints

  • Likely to result in public orcongressional interest 8-10
  • May result in public orcongressional interest 4-7
  • Unlikely to result in public orcongressional interest 1-3
probability factors
Probability Factors

Risk Assessment in Annual Planning:The Tennessee Valley Authority Model

Probability of RiskPoints

  • High probability of significant issues 0.8-1.0
  • Moderate probability of significantissues and high probability ofimprovement needed 0.4-0.7
  • Low probability of significant issuesand moderate to low probability ofimprovement needed 0.1-0.3
example of risk assessment
Example of Risk Assessment

Risk Assessment in Annual Planning:The Tennessee Valley Authority Model

Materiality

Impact

Visibility

Subtotal

Probability

Risk Score

Potential Audit Subject

Asset Capitalisation

Payroll Processing

Bank Transactions

  • 7 5 16 0.5 8.0
  • 7 8 22 0.6 13.2
  • 3 5 9 17 0.3 5.1
risk based audit engagements

1

2

6

Understand Processes and Objectives

Identify Risks

Measure Potential Impacts

Evaluate Controls and Estimate Probability

Evaluate and Prioritize Risks

Develop Audit Objectives & Program

5

3

4

Risk-Based Audit Engagements:
slide93

RISK ASSESMENT METHODOLOGY – BY A QUANTIFICATION MODEL

Key business processes in Sales and Distribution (SD), Materials Management (MM) and Financial Accounting (FI) need to be studied in detail to identify their vulnerability to threats from within and outside. Based on this and experience of internal audit team, risk statements relevant to businesses are to be captured.

For each risk statement, risk impact and risk exposure is to be assessed as under

slide94

Risk impact-Severity X Detection

Risk impact ( Severity x Detectability) to be assessed on a scale of 1 – 100 (100 being the highest adverse impact.

A-Risk Severity ( on a scale of 1- 10 ) is determined based on weighted average affect on 5 parameters ie

i- PBT, ii- Statutory / regulatory compliance iii- Strategic value iv- Financial statement accuracy , v- Reliability/ operational effectiveness .

B- Risk Detectability( on a scale of 1 – 10 ) is determined based on the stage of detectability of adverse event ie with in the co.or from outside customers.

slide95

Risk exposure

Risk exposure(likelihood of occurrence) to be assessed on a scale of 1-10 (10 being most likely).

Risk exposure is determind based on weighted average effect of 10 parameters,responsible for the exposure ie

I-Incorrect source data/ data entry ii Incorrect incomplete execution iii-Incorrect/ non verification of output iv-Skill/ resource constraint v-Inadequate segregation of duties vi-Lack of system documentation vii-Authority norms not defined/ followed viii- Inappropriate configuration/ process logic ix-Weak internal/ compensating controls x-Others (i.e.: process complexity, frequency of changes, software limitation, unassignable causes etc.)  

slide96

S. No

Risk statement

Risk

Risk exposure

Heat zone

Severity

DetectabIlity

Impact

1

Invoice may be raised without effecting physical delivery of the goods from depot/ plant (bill and hold)

7

8

56

5

R1

2

Sales order may not be executed in time and in full

4

6

24

3

Y2

3

Debit / credit notes sent to customers may not contain adequate supporting details

2

4

8

4

G2

RISK STATEMENTS – SD-Examples

slide97

S. No

Risk statement

Risk

Risk exposure

Heat zone

Severity

DetectabIlity

Impact

1

Financial authority norms for release of PO may not be mapped into SAP

4

8

32

6

R3

2

GR may be prepared for a quantity lower/ higher than vendor delivery challan

4

6

24

4

Y2

3

CENVAT credit availed may be lower than CENVATABLE excise duty credited to vendor through invoice verification

3

6

18

4

G2

RISK STATEMENTS – MM-Examples

slide98

S. No

Risk statement

Risk

Risk exposure

Heat zone

Severity

DetectabIlity

Impact

1

Depreciation rates may have been incorrectly set up

5

6

30

5

R3

2

Vendors account may not have been reconciled/ confirmed as per laid down frequency

5

6

30

4

Y2

3

Line items (individual entries) clearing may not have been carried out in vendor accounts

3

6

18

4

G2

RISK STATEMENTS – FI-Examples

slide99

S. No

Risk statement

Risk

Risk exposure

Heat zone

Severity

DetectabIlity

Impact

1

SAP transaction authorizations granted to users may not relate to their assigned role/responsibility

8

8

64

8

R1

2

SAP transactions may be carried out using group IDs resulting in non traceability of transactions to any specific individual (employee)

8

8

64

8

R1

3

Audit trails (chronological log of changes) may not be reviewed/ analyzed by process owners

5

8

40

7

R3

RISK STATEMENTS – Common to all functionsExamples

slide100

R

I

SK

IMPACT

HIGH

100

Y1

R2

R1

MEDIUM

40

G1

Y2

R3

LOW

20

G3

G2

Y3

0

2

4

10

LOW

MEDIUM

HIGH

RISK EXPOSURE →

Risk Registers and Heat Maps – Module wise

Using the risk impact and risk exposure scores as worked out above,all possible risk statements ( like 3 examples given for each SD/MM/FI ) need to be prepared in the form of a RISK REGISTER of many pages and ultimately ,all risk statement Srnos to be plotted on 1 page HEAT MAP.

slide102

THANK YOU

suresh _dms@rediffmail.com

thank you
Thank You

suresh _dms@rediffmail.com