A2 M7
Audit Data Analytics (ADAs)
-An auditor may choose to use ADAs when performing risk assessment procedures -ADAs involve analyzing patterns, identifying anomalies, and extracting other useful information in data underlying or related to the subject matter of an audit through analysis, modeling, and visualization -ADAs may also be used in other areas of the audit, such as testing controls, performing substantive procedures, and performing concluding procedures
Objectives, Strategies, and Business Risks
-An entity's objectives are the overall plans for an entity -Its strategies are the means sued to achieve objectives -Business risks result from events or circumstances that could adversely affect the entity's ability to achieve its objectives and execute its strategies
Analytical Procedures Required to Be Performed During Planning
-During planning, analytical procedures consist of a review of data aggregated at a high level, such as comparing financial statements to budgeted or anticipated results -Generally, financial data are used, although relevant non-financial data and their relationship with related financial data may also be considered
The objective of analytical procedures used during planning is to:
-Enhance the auditor's understanding of the entity and of transactions and events that have occurred since the last audit date -Identify unusual transactions and events, and amounts, ratios, or trends that might be significant to the financial statements and may represent specific risks relevant to the audit
Inquiries
-Inquiries are generally made of management and others within the entity -Inquiries may also be made of other parties, including the board of directors and audit committee, internal auditors, and parties outside the entity
Entity's Financial Performance
-Management measures and reviews the entity's financial performance to evaluate whether business performance is meeting the desired objectives -The auditor should obtain an understanding of this measurement and review, as it may indicate a risk of misstatement -To obtain an understanding of the entity's performance and the incentives or pressures that may exist to commit fraud, the auditor may consider: 1. Measures that form the basis for contractual commitments or incentive compensation arrangements; 2. Measures used by external parties, such as analysts and rating agencies, to review a company's financial performance; and 3. Indicators of key performance (both financial and non-financial)
Ongoing Assessment
-Obtaining an understanding of the entity and its environment is a process that continue and evolves throughout the audit, and the auditor's assessment of risk may change as additional audit evidence is obtained. -For example, the initial risk assessment may presume effective operation of controls, but: 1. Tests of controls may indicate that controls are not operating effectively; or 2. The auditor may detect more or less frequent misstatements than would have been expected given the initial risk assessment -In such situations, the auditor should revise the assessment and modify planned audit procedures
Obtaining an Understanding of the Entity and Its Environment
-Obtaining an understanding of the entity and its environment is critical, as it established a frame of references for planning and performing the audit -While the extent of this understanding is left to the auditor's professional judgment, it must be sufficient both to assess the risk of material misstatement and to design and perform further audit procedures -The auditor should obtain an understanding of the following factors, and should also consider whether any of the factors have changed significantly as compared with the prior period
Risk Assessment Procedures and Audit Evidence
-Risk assessment procedures sometimes provide audit evidence about transaction, balances, disclosures, or controls, even if they were not designed to provide such evidence -The auditor may also choose to perform substantive procedures or tests of controls concurrently with risk assessment procedures, if it is efficient to do so
Notable Items
-The application of ADAs may result in the identification of notable items -Notable items include items that may identify a previously unidentifiable risk, modify or support the assessment of risks of material misstatement, or provide the auditor with information to better plan audit procedures -In situations in which there are a large number of notable items, the auditor may decide to group the data for items that have common characteristics -For each group, the auditor should determine which data include: a) Items that do not identify new or higher risks of material misstatements (also known as false positives) b) Items requiring further consideration because they may represent new or higher risks of material misstatements -Based on the evaluation of results, the auditor should determine the level of risk of material misstatement and plan audit procedures that appropriately respond to the assessed risk
Selection and Application of Accounting Policies
-The auditor should understand the entity's section and application of accounting policies, including the reasons for changes -The auditor should evaluate whether the accounting policies are appropriate for the entity's business and consistent with the applicable financial reporting framework and the industry in which the entity operates -In addition, the auditor should obtain an understanding of the accounts or disclosures for which judgment is used in the application of significant accounting principles, especially in determining management's estimates and assumptions. -The auditor should also review the financial reporting competencies of personnel involved in selecting and applying significant new or complex accounting standards
Risk Assessment Discussion
-The members of the audit team, including the auditor with final responsibility for the audit, other key members of the audit team, and specialists, should discuss the susceptibility of the financial statements to material misstatement -If the audit involves multiple locations, then there can be multiple discussions. -Important matters should be communicated to all engagement members not present for the discussion(s). -This discussion: 1. Can be held concurrently with the fraud risk discussion 2. Should include areas of significant audit risk, the company's selection and application of accounting principles, including disclosure requirements, areas involving unusual accounting procedures, important control systems, and materiality levels 3. Allows more experienced team members to share their insights with less experienced staff 4. Should emphasize the need to exercise professional skepticism, and to be alert for and rigorously investigate any potential misstatements, whether due to error or fraud 5. Should continue throughout the audit, including when conditions change
Steps for ADAs
1. Plan the ADA. This includes determining the objective of the ADA, the data population to be analyzed, selecting the ADA that best meets these objectives, and selecting the tools, graphics, and tables that will be used 2. Access and prepare the data for the purposes of the ADA 3. Consider the relevance and reliability of the data used 4. Perform the ADA 5. Evaluate the results and conclude whether the purpose and specific objectives of performing the ADA have been achieved. If the purpose and objectives have not been achieved, the auditor should redesign and re-perform the ADA or select a different procedure that will meet the intended objective
Purpose
An auditor should perform risk assessment procedures, which enable the auditor to: 1. Identify and assess the risks of material misstatement 2. Make informed judgments about other audit matters, including: -Materiality and tolerable misstatement -The entity's selection and application of accounting procedures -Areas that require special audit consideration -The development of expectations for analytical procedures -The deign and performance of further audit procedures, including tests of controls, when applicable, and substantive procedures -The evaluation of audit evidence
Analytical Procedures
Analytical procedures are evaluations of financial information made by a study of plausible relationships among both financial and non-financial data
Other External Factors
Examples of other external factors affecting the entity that the auditor may consider include: -general economic conditions -interest rates -availability of financing -inflation -currency revaluation
Industry Factors
Relevant industry factors include industry conditions, such as the competitive environment, supplier and customer relationships, and technological developments. Examples of matters the auditor may consider include: -The market and competition, including demand, capacity, and price competition -Cyclical or seasonal activity -Product technology relating to the entity's products -Energy supply and cost (The industry in which the entity operates may give risk to specific risks of material misstatement arising from the nature of the business or the degree of regulation)
Regulatory Factors
Relevant regulatory factors include the regulatory environment. The regulatory environment encompasses, among other matters, the applicable financial reporting framework and the legal and political environment. Examples of matters the auditor may consider include the following: -Accounting principles and industry-specific practices -Regulatory framework for a regulated industry, including requirements for disclosures -Laws and regulations that significantly affect the entity's operations -Taxation -Government policies currently affecting the conduct of the entity's business -Environmental requirements affecting the industry and the entity's business
Risk Assessment Procedures
The auditor performs the following risk assessment procedures: -Obtain an understanding of the entity and its environment -Obtain an understanding of internal control over financial reporting -Inquire of the audit committee, management, and others within the company about the risks of material misstatement -Perform analytical procedures to assist with planning -Conduct a discussion among engagement team members regarding the risk of material misstatement -Perform other procedures
Other Procedures
The auditor should also consider: -Reviewing external information -The results of the fraud risk assessment -Information obtained during the client acceptance or continuance process -Information obtained on other engagements performed for the entity -Prior period evidence, to the extent that it is still relevant
Required Documentation
The auditor should document the key elements of the understanding obtained regarding the entity and its environment, the sources of information used to develop the understanding, and the risk assessment procedures performed. The key elements that should be documented include: -Relevant industry, regulatory, and other external factors, including the applicable financial reporting framework -The nature of the entity include: 1. Its operations 2. Its ownership and governance structures 3. The types of investments that the entity is making and plans to make, including investments in entities formed to accomplish specific objectives; and the way the entity is structured and how its financed 5. The entity's selection and application of accounting policies, including the reasons for changes thereto. Documentation should include the auditor's evaluation of whether the entity's accounting policies are appropriate for its business and consistent with the applicable financial reporting framework and accounting policies used in the relevant industry 6. The entity's objectives and strategies and those related business risks that may result in risks of material misstatement 7. Review of the entity's financial performance
Nature of the Entity
The auditor's understanding of the nature of the entity should include an understanding of the entity's operations, ownership, corporate governance, investments, financing methods, and financial reporting practices
Understanding the Group, Its Components, and Their Environment
When obtaining an understanding of the entity and its environment in a group audit, the group engagement team should do the following: -Enhance its understanding of the group, its components, and their environments, including group-wide controls -Obtain an understanding of the consolidation process, including the instructions issued by group management to components -Confirm or revise its initial identification of significant components