71305 Auditing Module 3 2016

Assertions of balances

+existence, +rights and obligations, +valuation & allocation, and +completeness

Internal control components

- overall control environment, in large part driven by the 'tone at the top' - entity's own risk assessment processes. If such processes are not in place the audit risk is heightened - information system (generally computerised) employed by the entity to ensure everything is captured for subsequent financial reporting - entity's control activities carried out over transactions and account balances in the general ledger - monitoring controls which ensure that the general ledger is regularly reconciled and properly maintained.

Module 3 Topics

1. Overview of the audit process 2. Auditor judgement 3. Responsibilities with respect to fraud 4. Understanding the industry and the entity 5. Evaluating internal controls 6. Identifying risks of material misstatements in the financial statements 7. Related parties 8. Materiality 9. Assessment of going concern

Minimising detection risk (ISA NZ 315)

1. Whether the risk is a risk of fraud; 2. Whether the risk is related to recent significant economic, accounting or other developments and, therefore, requires specific attention; 3. The complexity of transactions; 4. Whether the risk involves significant transactions with related parties; 5. The degree of subjectivity in the measurement of financial information related to the risk, especially those measurements involving a wide range of measurement uncertainty; 6. Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual.

Finance company failures

A number of failed finance companies in New Zealand in recent times received unqualified audit reports, only to go into receivership or liquidation soon afterwards, most with substantial deficits in shareholders' funds. In most cases the failure occurred less than 12 months after the auditor gave a 'clean' audit opinion, either through the annual financial statements audit or lending their name to the director's prospectus extension certificate. The directors will extend the life of their entity prospectus by issuing a certificate stating that there have been no significant changes in the entity, including its ability to meet its debts when they fall due. The directors may attach updated audited financial statements or refer to the last audited financial statements.

Fraud risk factors

Appendix 1 ISA (NZ) 240 In order to detect fraud and errors, the auditor must be able to recognise the conditions that are likely to lead to them and recognise how they can be committed. For example, many people think that perpetrators of computer fraud must be very clever. However, most computer fraud involves basic manipulation of data that any robust internal control system or properly applied audit procedure should be able to detect. Unfortunately, many computer frauds go undetected for long periods because these controls are not properly exercised and audit procedures not competently performed.

Sceptic mind

Auditor starts off with the assumption that everything is fine until something contrary is found (ISA 200) Being alert to: +Audit evidence that contradicts other evidence obtained. +Information that brings into question the reliability of documents and responses to inquiries to be used as audit evidence. +Conditions that may indicate possible fraud. +Circumstances that suggest the need for audit procedures in addition to those required by the ISAs.

Audit decisions

Auditors are faced with two important decisions: 1. How much risk they are willing to take that they will give a wrong audit opinion. 2. The total error they are prepared to accept in the audit engagement. Throughout the audit engagement, the audit team needs to exercise judgement in response to these two decisions within the parameters documented in the audit plan.

Walk-through tests

Auditors use walk-through tests to confirm their understanding of their accounting systems, gained from reviewing entity documentation. Such tests involve selecting a transaction at its inception and 'walking it through', to sight evidence of the various controls as the transaction works its way through the entity control systems. The final step is to see it recorded in the subsidiary ledger and/or general ledger. For example, the transaction for the payment for goods supplied to entity could entail: 1. a purchase order raised by the entity on the supplier authorised by two personnel in the entity 2. a goods received note in the warehouse recording that the items ordered were received 3. a supplier invoice matched against the purchase order and goods received note and authorised for payment and entry in the creditors subsidiary ledger and general ledger 4. a payment authorised by internet banking of the supplier invoice 5. the payment being reconciled and approved as part of the regular (daily/weekly/monthly) bank reconciliation process, by an electronic matching of payments in the bank statement with the payments in the creditors subsidiary ledger.

Business risks

Business risks arise from day-to-day external and internal factors that threaten the achievement of the entity's business objectives. It is important for the auditor to understand how the entity is managing its exposure to its business risks so it meets its business objectives.

ISA (NZ) 250

Consideration of laws and regulations in an audit of financial statements. As part of obtaining an understanding of the entity and its environment the auditor shall, in accordance with ISA (NZ) 250 obtain a general understanding of: the legal and regulatory framework applicable to the entity and the industry or sector in which the entity operates how the entity is complying with that framework.

Inherent risk

Defined as, 'the susceptibility of an assertion about a class of transaction, account balance or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls'. Cash is a readily convertible commodity to anyone contemplating fraud. It is an inherent risk common to most entities around which the auditor has to design procedures to have a reasonable chance of identifying misstatements. Yealands, based in Marlborough, is a major wine exporter. As such, monies they receive from their customers overseas are subject to movements in the New Zealand exchange rate relative to the exchange rate of the country in which their customers reside. Therefore the auditor needs to design audit procedures to ensure that monies owing by customers at balance date have been properly recorded by Yealands to reflect this inherent risk of a New Zealand exporter.

Detection risk

Detection risk is the risk that the auditor will conclude that no material errors are present when in fact there are. Detection risk is one of the three elements that comprise audit risk, the other two being inherent risk and control risk. In determining the overall audit risk, you should always review management's understanding of, and responses to, both inherent and control risks in their business. If management do not understand these risks, then as auditor you probably do not need the audit. Detection risk would be significant. Attempting the audit and missing something important is not worth the risk of damage to an auditor's reputation.

AG 3

Effectiveness and efficiency, waste and a lack of probity or financial prudence. The objectives of the Appointed Auditor, in carrying out the annual audit are to: (a) maintain alertness for and awareness of issues and risks related to the Auditor-General's concerns over effectiveness and efficiency, waste, and a lack of probity or financial prudence; (b) plan and audit areas of sensitive expenditure; and (c) report in an appropriate manner on any matters identified in (a) and (b) above. Maintain alertness and awareness for any indication that: (a) the public entity has not applied its resources effectively or efficiently; (b) waste has occurred, either by the public entity itself or as a result of action or inaction on the part of the public entity; or (c) there has been an act or omission that shows or appears to show a lack of probity or financial prudence on the part of the public entity or one or more of its members, office holders, or employees.

Errors

Errors are not just financial errors, they are also non-financial errors, such as misleading disclosures in the accounting policies and notes to the financial statements. When auditors discover errors, the important issue for the auditor to determine is why the misstatement occurred. In determining why, the auditor may discover fraud, rather than what appears initially to be an unintended error.

Sensitive expenditure

Expenditure by a public entity that provides, has the potential to provide, or has the perceived potential to provide, a private benefit to an individual staff member of a public entity that is additional to the business benefit to the entity of the expenditure. It also includes expenditure by a public entity that could be considered unusual for the entity's purpose and/or functions. Sensitive expenditure may include: - board and senior management pay, travel, and expenses; - management of large contracts; - tendering processes used for large dollar value purchases; - payments to or from related parties; and - payments to or from other countries, particularly those with a history of different ethical standards or where bribery is more prevalent

How do you decide competency

Experience / prior audits Responsibilities of the past Training Qualifications (Accounting) Portrad failed exams twice More to auditing than passing exams Capable and able to handle the job Knowing the industry / company Having a plan / knowing what to do

Transaction cycle

For any transaction cycle, from the source document(s) through to the transactions being recorded in the general ledger, you should be able to: -identify key controls -explain the problems that may occur if any control is absent or does not work - describe control tests the auditor could employ to see if the controls have operated properly -describe substantive tests, where the auditor has determined that no reliance will be placed on the controls.

Internal controls (ISA NZ 315)

ISA (NZ) 315 at paragraph 4 (c) defines Internal Control as: The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity's objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations. The term 'controls' refers to any aspects of one or more of the components of internal control. Internal controls help to ensure that financial statements, as well as information produced for management during the year, are reliable. As noted by ISA (NZ) 315, this information includes far more than just accounting data. It may also include market research, production, economic and many other indicators necessary to control an entity in the modern business environment and ensure that its objectives are met effectively, efficiently and economically.

ISA (NZ) 550 Related Parties

If the auditor identifies related parties or significant related party transactions that management has not previously identified or disclosed to the auditor, the auditor shall, [inter alia]: 1. Promptly communicate the relevant information to the other members of the engagement team; [as a minimum the engagement partner must be notified] 2. Enquire as to why the entity's controls over related party relationships and transactions failed to enable the identification or disclosure of the related party relationships or transactions; 3. If the non-disclosure by management appears intentional (and therefore indicative of a risk of material misstatement due to fraud), evaluate the implications for the audit.

ISA (NZ) 720 The auditor's responsibility in relation to other information in documents containing audited financial statements

Imposes an obligation on the auditor to make sure there are no inconsistencies with other information contained in documents which include their audited financial statements. The likelihood of a prospectus extension certificate needs to be incorporated in the planning. This enables the auditor to subsequently review the inclusion of their audit report (in a prospectus for example), to ensure it is not being used by the directors inappropriately to support an entity whose circumstances have adversely since changed.

Materiality adjustments

In determining whether the error in net income is material, the auditor would need the following additional information: - the budgeted net income for the year ended - the 'normal' net income achieved in past years and expected in future years - the 'normal' net income achieved by competitors in the same industry Most importantly the auditor needs to gain an understanding of WHY these errors occurred. The control environment may not be operating in the manner expected by the auditor, such that these errors are just the 'tip of the iceberg'. Because of a weak control environment there may be many other errors, as yet uncovered by the auditor.

ISA (NZ) 315 Identifying and assessing the risks of material misstatement through understanding the entity and its environment

In particular paragraphs 11 and 12 outline the minimum it can be presumed will be known by the auditor: 1. Relevant industry, regulatory, and other external factors including the applicable financial reporting framework. 2. Nature of the entity, including: - its operations; - its ownership and governance structures; - types of investments that the entity is making and plans to make, including investments in special-purpose entities; - Way that the entity is structured and how it is financed. 3. Entity's selection and application of accounting policies, including the reasons for changes thereto, their appropriateness for its business, consistency with the applicable financial reporting framework and accounting policies used in the relevant industry. 4. Entity's objectives and strategies, and those related business risks that may result in risks of material misstatement if not properly managed. 5.Measurement and review of the entity's financial performance. 6.Entity's Internal Control.

Confidentiality 'need to know'

In the Portrad case the engagement partner said that the reason he did not tell the audit staff about the Transnational takeover was confidentiality. He trusted that the staff would not breach confidentiality, however in his judgement the likelihood of takeover was not relevant to the audit procedures. This demonstrated a lack of judgement by the engagement partner. The takeover was significant in that the financial statements could be manipulated by management to show Portrad in a good light to ensure a good price was obtained from Transnational. The CFO was a shareholder in Portrad, so he had a reason to manipulate the financial statements. The audit team were not on alert for possible manipulation as they were unaware of the takeover. A heightened scepticism by the audit staff would have resulted had the engagement partner advised the team of the takeover.

Interim audit

It is difficult to verify most assets and liabilities in the balance sheet/statement of financial position until after the end of the financial year. Because of this, the interim audit mainly consists of testing the system of internal control and verifying transactions comprising account balances. However, it may also be possible and cost efficient to confirm items such as debtors and inventory before the end of the year. If this is the case, you will be relying on the system of internal controls to ensure that transactions are properly recorded so as to produce the correct balance at the end of the year.

Judgement

Judgement lies at the heart of any professional activity, if judgement was not required, auditing would be no more than a mechanical check of accuracy, and the audit report would be a statement of fact rather than opinion. There isn't time to look at everything in depth. Even if there was, the cost of doing so would be prohibitive. You must therefore use your judgement to decide which areas need to be looked at most closely and which areas can be safely given only a brief examination or no examination at all. Auditors can never gain absolute assurance that there are no errors of any kind in the financial statements. It requires expert judgement and experience for auditors to decide how certain they need to be, and how big an error they are prepared to accept, before providing an unmodified/unqualified audit report.

Materiality (IAS NZ 320)

Materiality varies significantly, depending whether the entity is: 1. small or large 2. in the business of making a profit or providing a service 3. a listed or unlisted entity 4. regulated or not and what type of industry the entity operates. Collating all errors identified during the audit is important whether or not they are individually material. In Module 5 we will examine unders/overs schedules that auditors employ to record these errors.

Misstatement

Misstatement may be the result of psychological pressure on management, rather than any deliberate intent. For example, when profits are lower than expected, company management will look at the financial records very closely and will probably correct any error that has understated profit. However, they may overlook errors that overstate profits, simply because they are not looking for them.

The going concern assumption

One of the key foundations that underpin financial statements and relied on by owners and users of financial statements is that the entity has the ability to continue for the foreseeable future. Should this not be the case then the factors likely to impact the going concern need to be explained in the financial statements by the governing board and attested to by the auditors.

Analytical procedures

Overall analytical procedures are used as an audit planning tool to identify the areas of the financial statements that appear most likely to contain material issues requiring particular attention. This will determine the amount of substantive testing required in these areas and the amount of time allocated to the various aspects of the financial statements in the audit budget.

Three phases of audit

Planning Interim Final

Documenting audit plan

Portrad auditors did not document their audit plan. ISA (NZ) 200 requires the auditor to plan the audit in a way to obtain sufficient and appropriate evidence in the most cost-effective manner. The auditor documents how this will be achieved and the plan needs to be communicated to and understood by all staff working on the engagement. The problem for the Portrad engagement partner is there is no evidence on the audit file of a plan having been agreed between the partner and manager. Nor is there any documentation on file to suggest staff participated in the development of the plan, or that it was communicated to the audit staff. As there is no evidence of appropriate planning on the audit file, a reviewer of the file would conclude that the engagement partner and audit team were not aware of the agreed audit approach.

Professional judgement and scepticism

Professional Skepticism and Professional Judgment both are required to conduct the assurance engagements properly. But both are two separate requirements and are not one and the same and are different in their meaning and also in their application.

ISA (NZ 300) Planning

Provides the framework for planning the minimum amount of work the auditor will need to carry out for an effective audit. This will be documented in an audit plan.

Related parties

Related party transactions are an important consideration at the planning stage of the audit, particularly as just discussed when assessing inherent and control risks. The audit team need to be aware of where they might encounter such transactions, but importantly be on the lookout for related parties and associated transactions during the audit. Related parties disclosed by the governing board and management are generally not the problem in substantiating and ensuring if disclosures in the financial statements are appropriate. The bigger challenge lies in the related parties and related party transactions that the governing board and/or management have not disclosed to the auditor (inadvertently or intentionally). The 'you scratch my back and I'll scratch yours' mentality can be as common in business as in any other part of life. Related party transactions are not necessarily against the interests of owners, but if they are not made at market value, owners are entitled to know about them.

Related party issues

Related party transactions occur when a party has the ability to influence or exercise control of another party, or a familial relationship, or has influence on policies that affect the transacting party. e.g. Parent & subsidiaries, affiliates, joint ventures, family of management. The transaction might not ordinarily have taken place or may have been quite different had the parties not been related. Typically purchases of assets at greater than market rates, leases of property, interest on loans and borrowings at below market rate, payment for services not rendered or at inflated rates, consulting fees paid to directors and transactions with no economic substance via shell companies. Related party transactions are not necessarily fraudulent but often cause issues for auditors in determining those that are legitimate and those that are intended to mislead. auditors need to be alert to transactions that have not been disclosed. Single one-off transactions may be difficult to find and may not be material but large volumes in one period might require disclosure. Auditors need to be aware of complex transactions at year end whose substance is difficult to ascertain and have potential to hide economic substance of events.

ISA (NZ) 240 The Auditors Responsibilities relating to fraud

Requires the auditor to remain sceptical throughout the audit, with an attitude of mind that fraud could be present in any activity of the entity. Particularly important aspects of this standard are: The fraud standard references ISA (NZ) 315 which requires a discussion among the engagement team members on how and where the entity's financial statements may be susceptible to material misstatement due to fraud, including how fraud might occur. The engagement team members must set aside any beliefs that management and those charged with governance are honest and have integrity. Determining management's assessment of the risk that the financial statements may be materially misstated due to fraud. This will include the nature, extent and frequency of such management assessments. Determining how those charged with governance exercise oversight of management's processes for identifying and responding to the risks of fraud in the entity, and the internal control that management has established to mitigate these risks. Management is in a unique position to commit fraud because of their ability to manipulate accounting records and prepare fraudulent financial statements by overriding controls that otherwise appear to be operating effectively. Irrespective of the auditor's assessment of the risks of management override of controls, the auditor shall design and perform audit procedures to test the appropriateness of journal entries recorded in the general ledger. In designing and performing audit procedures for such tests, the auditor shall: - make enquiries of individuals involved in the financial reporting process about inappropriate or unusual activity relating to the preparation and processing of journal entries - select journal entries and other adjustments made at the end of a reporting period - consider the need to test journal entries and other adjustments throughout the reporting period.

Audit plan (3) risk assessmens

Risk assessment procedures, per ISA (NZ) 315: - Enquiries of management, of appropriate individuals within the internal audit function (if the function exists), and of others within the entity who in the auditor's judgement may have information that is likely to assist in identifying risks of material misstatement due to fraud or error. - Significant industry and business developments affecting the entity, including changes in information technology and business processes, changes in key management, regulations, and - acquisitions, mergers and divestments. - Analytical procedures. - Observation and inspection. - Whether information obtained from previous experience with the entity has changed. - The susceptibility of the entity's financial statements to material misstatement. Responses to assessed risks, as outlilned in ISA (NZ) 330, by setting up - tests of controls (that is, checking approrpriate controls are in place) - substantive tests (if deemed necessary). These procedures will be informed by the results of evaluating the operating effectiveness of internal control in previous audits, including the nature of identified deficiencies and action taken by the governing body to address them. Audits will look for evidence of management's commitment to the design, implementation and maintenance of sound internal control, including evidence of appropriate documentation of such internal controls. The volume of transactions may determine it is more efficient for the auditor to rely on internal controls. The effect of information technology on the audit procedures, including the availability of data and the expected use of computer-assisted audit techniques (CAATs).

Investigative mind

Starts off straight doubting everything and thus requires confirmation for all information

Public entities (AG 3)

The Appointed Auditor should, when maintaining alertness and awareness of the standards expected of public entities, consider the following: - whether the public entity has acquired resources in an economical manner, with due regard to probity; - whether the public entity has applied its resources in an effective and efficient manner, and there is no evidence waste has occurred; and - whether employees and members of the public entity have acted with proper regard to probity and financial prudence.

Professional judgement

The Institute of Chartered Accountants of Scotland in 2012 says 'making a decision is difficult and there is not necessarily one correct answer'. Canadian Institute says: "Professional judgment in auditing is the application of relevant knowledge and experience, within the context provided by auditing and accounting standards and Rules of Professional Conduct, in reaching decisions where a choice must be made between alternative possible courses of actions." Auditor applies professional judgment to reach appropriate decisions concerning the engagement in a given situation. Professional judgment is a skill that an auditor acquires over time Auditors acquire this skill by obtaining relevant training and experience. Professional judgment is necessary in particular regarding decisions about: Materiality and audit risk. The nature, timing and extent of audit procedures in accordance with auditing standards. Evaluating whether sufficient appropriate audit evidence has been obtained, or if further procedures are required to meet the audit objectives and the requirements of standards. The evaluation of management's judgments in applying the entity's applicable financial reporting framework. Drawing conclusions based on the audit evidence obtained.

Professional scepticism

The auditor is required to maintain an attitude of professional skepticism while planning and performing the audit engagement. Professional skepticism refers to the state of mind which auditor must maintain to help himself in conducting audit engagement appropriately. Skeptic mind enables auditor to recognize that circumstances may exist that cause the financial statements to be material misstated so he should be alert and remain cautious about such information and events that indicate the existence of material misstatement in the financial statements. However, skeptic state of mind does not amount to investigative state of mind.

Understanding the industry

The auditor will not undertake an audit where they do not properly understand the entity's business and/or the industry in which it operates. Conducting a competent audit entails understanding the entity's business risks. The owners of the business expect that the auditor will have a thorough knowledge of the entity's business. This knowledge enables the conduct of a searching, comprehensive examination of the entity's financial statements.

Undisclosed related party transactions

The auditor's search could include: 1. Discussion within the engagement team of the susceptibility of the financial statements to material misstatement due to fraud or error that could result from the entity's related party relationships and transactions. 2. Enquiring of management regarding: - the identity of the entity's related parties, including changes from the prior period - the nature of the relationships between the entity and these related parties - whether the entity entered into any transactions with these related parties during the period and, if so, the type and purpose of the transactions. 3. Inspecting bank and legal confirmations obtained as part of the auditor's procedures. 4. Reading minutes of meetings of shareholders and of those charged with governance, including conflicts of interest disclosed. 5. Obtaining written representations from those charged with governance that they have disclosed to the auditor the identity of the entity's related parties and all the related party relationships and transactions of which they are aware. 6. Obtain information concerning the entity's ownership and governance structures, types of investments that the entity is making and plans to make, and, the way the entity is structured and how it is financed. In the particular case of common control relationships, as management is more likely to be aware of such relationships if they have economic significance to the entity, the auditor's enquiries are likely to be more effective if they are focused on whether parties with which the entity engages in significant transactions, or shares resources to a significant degree, are related parties. 7. Enquiries of the internal audit function. 8. Enquiries of in-house legal counsel. 9. Enquiries of the chief ethics officer or equivalent person. 10. Inspecting entity income tax returns. 11. Reviewing information supplied by the entity to regulatory authorities. 12. Inspecting shareholder registers to identify the entity's principal shareholders. 13. Inspecting records of the entity's investments and those of its pension plans. 14. Reviewing contracts and agreements with key management or those charged with governance. 15. Examining significant contracts and agreements not in the entity's ordinary course of business. 16. Inspecting correspondence and invoices from the entity's professional advisors. 17. Understanding the purpose of life insurance policies acquired by the entity. 18. Reviewing prospectuses and other documents filed with regulators.

ISA (NZ) 320 Materiality

The determination of materiality in accordance with ISA (NZ) 320 includes a preliminary identification of areas where there may be a higher risk of material misstatement.

Audit plan (4) use of audit evidence

The expected use of audit evidence obtained in previous audits - for example, audit evidence related to risk assessment procedures [(x) above] and tests of controls [(xi) above]. The financial reporting framework on which the financial information to be audited has been prepared, including any need for reconciliations to another financial reporting framework. Industry-specific reporting requirements such as reports required by industry regulators. The need for a statutory audit of standalone financial statements in addition to an audit for consolidation purposes. The extent to which components are audited by other auditors. Communication with auditors of components per ISA (NZ) 600 regarding the expected types and timing of reports to be issued and other communications in connection with the audit of components. - The nature of the control relationships between a parent and its components (subsidiaries, associate entities, special purpose entities, and so on) that determine how the group is to be consolidated. Appendix 3 to ISA (NZ) 600 outlines examples of risks that need to be addressed by the group entity auditor, including: - a complex group structure, especially where there are frequent acquisitions, disposals or reorganisations - poor corporate governance structures, including decision-making processes that are not transparent - non-existent or ineffective group-wide controls, including inadequate group management information on monitoring of components' operations and their results - components operating in foreign jurisdictions that may be exposed to factors such as unusual government intervention in areas like trade and fiscal policy, and restrictions on currency and dividend movements, and fluctuations in exchange rates - business activities of components that involve high risk, such as long-term contracts or trading in innovative or complex financial instruments - uncertainties regarding which components' financial information require incorporation in the group financial statements in accordance with the applicable financial reporting framework - for example, whether any special-purpose entities or non-trading entities exist and require incorporation - unusual related party relationships and transactions - prior occurrences of intra-group account balances that did not balance or reconcile on consolidation - the existence of complex transactions that are accounted for in more than one component - components' application of accounting policies that differ from those applied to the group financial statements - components with different financial year-ends, which may be utilised to manipulate the timing of transactions - prior occurrences of unauthorised or incomplete consolidation adjustments - aggressive tax planning within the group, or large cash transactions with entities in tax havens frequent changes of auditors engaged to audit the financial statements of components. The nature of the business segments to be audited, including any need for specialised knowledge. The reporting currency to be used, including any need for currency translation for the financial information audited. Whether the entity has an internal audit function and if so, whether the work of the function can be used for purposes of the audit. The areas and extent of the internal audit function will be specified. The coordination of the expected coverage and timing of the audit work with any reviews of interim financial information and the effect on the audit of the information obtained during such reviews. The availability of client personnel and data. Whether there are any other expected communications with third parties, including any statutory or contractual reporting responsibilities arising from the audit. The determination of materiality in accordance with ISA (NZ) 320 including a preliminary identification of areas where there may be a higher risk of material misstatement. The auditor shall update and change the audit plan as necessary during the course of the audit.

Audit manual

The firm will have an audit manual which is based around the International Standards on Auditing (NZ) (ISA (NZ)) prescribing the minimum requirements of an audit. The audit manual will recommend audit tests necessary to respond to these risks. The engagement partner will use their firm's audit manual as a guide in planning the most cost efficient and effective mix of controls and/or substantive tests to gain material comfort on the general ledger account balances and the other disclosures in the financial statements.

AG 4

The objectives of the Appointed Auditor are to plan an audit approach so as to be able to form an opinion on the public entity's service performance report by: (a) considering, where relevant, the forecast non-financial performance report to establish whether it will be able to provide an adequate framework for reporting service performance; and (b) auditing the performance information to confirm that it complies with GAAP and fairly reflects the service performance of the public entity for the period. The audit of service performance reports - review the performance targets and measures to be used in the statement of service performance and, in consultation with management, the process for establishing those measures. This should be conducted at an early stage, preferably when the performance measures are being drafted and before public consultation and/or formal approval of the measures. Performance targets and measures are established at the stage at which the public entity draws up its forecast non-financial performance reports (for example, the statement of intent, LTCCP, annual plan or estimates) most of which may take place up to six months before the start of the reporting period to which they relate.

Computerised information

The potential for fraud or error is higher in CIS because: +the audit trail is reduced or disappears completely +without adequate audit trail or other compensating controls, processing errors and fraud may not be detected +data may be extracted and manipulated by unauthorised persons + if duties are not segregated, designers, programmers and users may design and/or abuse a system for their own (illegal) benefit without detection.

Related party business failures in NZ

The related party transactions of the 13 companies examined had four common characteristics, namely excessive lending without satisfactory securities, management fraud, deliberate non-disclosure of significant lending and breaches of statutory requirements and agreements. Common auditing deficiencies included auditors failing to identify the amounts of funds involved in unregistered or undisclosed related party transactions, failure to plan and perform auditing work with professional scepticism, failure to obtain sufficient appropriate evidence and failure to perform with due care and diligence. The collapse of so many New Zealand finance companies led to New Zealand joining this worldwide trend towards greater regulation of the financial sector. Some significant changes have occurred in New Zealand, including licensing requirements for major financial service providers including auditors, financial advisors and trustees, and more rigorous disclosure requirements for finance companies and financial advisors. In addition, New Zealand has implemented independent regulation of auditors and harsher penalties for financial market misconduct. +Excessive lending to related parties without satisfactory securities; +Directors' control over finance companies and their related parties; +Deliberate non-disclosure of significant lending to related parties; and +Breach of statutory requirements and agreements.

Audit plan (2)

The selection of the engagement team (including, where necessary, the engagement second partner) and the assignment of audit work to the team members, including the assignment of appropriately experienced team members to areas where there may be higher risks of material misstatement. Engagement budgeting, including considering the appropriate amount of time to set aside for areas where there may be higher risks of material misstatement. The discussion with management regarding the expected communications on the status of audit work throughout the engagement. The discussion with management and those charged with governance regarding the expected type and timing of reports to be issued, including the auditor's report, management letters and communications to those charged with governance.

Portrad - state of the industry

There was no evidence on the audit file to suggest the auditors were aware that Portrad was operating in a very difficult industry where sales were depressed. The fact that Portrad was doing significantly better than other industry participants should have put the auditors on alert to understand WHY Portrad was doing so much better than any of its competitors. By not understanding WHY Portrad was doing better (which they were not!) the auditors were not sceptical of management's 'inflated' assertions in the financial statements.

Competency

To carry out a competent audit in accordance with these minimum requirements the auditor needs to understand the business and its controls at least as well as the CEO of the entity and the chairman of the governing body.

Audit plan (1)

Typically contains information on and evidence of all the following aspects of the audit and will be signed as read and understood by every member of the engagement team: Involvement of the engagement partner and other key members of the engagement team in planning the audit. The discussion of matters that may affect the audit with firm personnel responsible for performing other services to the entity. The expected nature and timing of communications among engagement team members, including the nature and timing of team meetings. The nature, timing and extent of direction and supervision of engagement team members and the review of their work. This entails determining when the interim and final stages of the audit will be conducted. The need to maintain a questioning mind and to exercise professional scepticism in gathering and evaluating audit evidence.

High detection risk

When inherent and control risks are low, you may decide to accept a high detection risk. Because the auditor is satisfied that management is responding appropriately to the business inherent risks and the system of internal control is likely to detect material errors, the auditor will carry out minimal tests in the knowledge that a material misstatement in the financial statements is unlikely. The auditor may also accept a high detection risk in small businesses where all the internal controls that might otherwise be desirable are uneconomic for the business to have in place. However, robust substantive tests can be used to mitigate the high detection risk.

Existence assertion

an auditor may physically examine inventory as evidence that inventory shown in the accounting records actually exists (existence assertion)

Audit procedures

are tailored for each client based on an assessment by the engagement team of the risks that are most likely to cause significant misstatements in the financial statements.

Related party disclosure

generally shows the nature and substance of the relationship, description of the transactions, $s involved and balances due or owed at year end, with a comparison to prior year.

substantive

having a firm basis in reality and so important, meaningful, or considerable. e.g. "there is no substantive evidence for the efficacy of these drugs"

Occurrence

inspect supporting documents like invoices to confirm that sales did occur (occurrence)

ISA (NZ) 300 Planning an Audit

provides the framework for planning the minimum amount of work the auditor will need to carry out for an effective audit. This will be documented in an audit plan.

Going concern - ISA (NZ) 570

requires that auditors, 'obtain sufficient appropriate audit evidence about the appropriateness of management's use of the going concern assumption in the preparation and presentation of the financial statements and to conclude whether there is a material uncertainty about the entity's ability to continue as a going concern'. The auditor needs to be satisfied that the entity will be a going concern for at least one year from the date of the audit report and has no reason to believe that the entity will not continue beyond one year. Commonly, in gaining this comfort, the auditor will examine management's cash flow forecast, by: - evaluating the reliability of the underlying data generated to prepare the forecast -determining whether there is adequate support for the assumptions underlying the forecast. You will note in a number of auditing texts that 'going concern' is one of those activities undertaken at or near the end of the audit. While it is important that the auditor obtains the latest information on going concern right up until the date of signing the audit report, the audit of going concern must be planned with the entity at an early stage. This ensures the governing body and management understand its importance to the auditor and to the audit of the entity's financial statements.

Control Risks

the risk that a misstatement that could occur in an assertion about a class of transaction, account balance or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity's internal control