Clarified Auditing Standards—Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (AU-C 315)—Part 2

Understanding the Entity and Its Environment

The standard requires an auditor to obtain an understanding of these issues that are applicable to each engagement:

• Industry, regulatory, and other factors, including management’s selection of the applicable financial reporting framework.
• The organization, nature and operation of the entity, including:
• Operations process.
• The ownership structure and design of its governance body.
• The nature of investments that the entity has made or makes, including those in which the entity has significant influence or it uses to accomplish other objectives..
• The management and operational structures of the entity.
• Sources of financing used by the entity.
• An understanding of the entity’s transactions, account balances, and financial statement disclosures.
• The appropriateness of the entity's selection of an applicable financial reporting framework, the application of accounting policies within the framework and any changes made in the financial statements presented currently.
• Risks of material misstatement that may result from the entity’s operations, strategies and business.
• The entity's financial performance, including potential threats to its operation as a going concern.

Practical Issues

AU-C 315 provides the framework for these practical issues:

·        The purpose of obtaining an understanding of the entity and its environment, including its internal control, is to identify and assess risks of material misstatement and to design and perform procedures that respond to such risks.

·        Risk assessment procedures include inquiries of management and client personnel, observation and inspection procedures and various analytical procedures.

·        The auditor is required to obtain a sufficient understanding of the five elements of internal control to evaluate their design and operation.

·        Substantive procedures must be performed for significant risks.

·        Tests of controls are required only when other substantive procedures alone are not sufficient to test financial statement assertions, such as the completeness assertion for revenues.

For smaller audit engagements, understanding the entity and its environment may be achieved by obtaining appropriate substantive evidence and preparing this minimum documentation:

1. Completing an appropriately designed Client Acceptance and Continuance Form to provide a basic understanding of the client’s business, industry and environment.
2. Reading, analyzing and documenting significant transactions in the general ledger account activity for support tests, unusual transactions, general journal entries, errors, etc. (a multi-column spreadsheet is usually most efficient for this purpose).
3.  Preparing financial reporting and internal control systems flowcharts for major transaction cycles.
4. Documenting the auditor’s systems walk-through procedures for major transactions cycles (usually sales and collections, payments and acquisitions and payroll).
5. Preparing a Planning Document summarizing all engagement risk assessment and planning procedures, along with planned audit strategies and plans.

 The next article will discuss requirements in AU-C 315 for understanding an entity’s internal control.

More Information

These eBook resources, without CPE credit, can be obtained from my website:

• Small Audits Made Easy and Profitable
• Performing Auditing Tests of Balances Procedures
• Staff Training Series for Entry-Level Accountants, New In-Charge Accountants and Engagement Leaders
• Key Accounting Issues for Non-Profit Organizations
• A Practical Potpourri of Time Savings on Audits
• The Financial Reporting Framework for Small- and Medium-Sized Entities

Clarified Auditing Standards—Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (AU-C 315)—Part 1

The Objective of AU-C 315

“The objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and relevant assertion levels through understanding the entity and its environment, including the entity's internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.”

Risk Assessment Procedures Identified in the Standard

Basic risk assessment procedures include:

• Inquiries of management, employees and others.
• Analytical procedures.
• Observation and inspection.

Information obtained from client acceptance and continuance decision-making, from previous engagements performed for a client and from fraud inquiries also provide sources for identifying and considering risks of material misstatement due to error or fraud.

The Practical Nature of Risk Assessment Procedures

Risk assessment procedures include all engagement activities from the planning phase up to the development of the audit plan or detailed audit program. Below is an outline and brief discussion of common risk assessment procedures and related documentation.

1. Creating and documenting client acceptance or continuance decisions.
2. Reviewing prior year audit documentation; considering findings and conclusions; adjusting journal entries and uncorrected audit differences; and assessing their impact on the current year’s risk assessment.
3. Reading the current year’s general ledger activity and preparing a memo documenting parameters and findings.
4. Performing and documenting other preliminary analytical procedures such as comparing the current year’s unadjusted account balances with prior year adjusted balances.
5. Preparing flowcharts or memos documenting the client’s accounting and internal control systems and the performance of systems walk-through procedures for major transactions cycles.
6. Calculating tolerable misstatement (performance materiality) by financial statement classification based on risk.
7. Completing applicable practice aids and other documentation from the firm’s accounting and auditing manuals.
8. Preparing a linking working paper combining risk of misstatements due to error and fraud to determine the level of risk of material misstatement for relevant assertions in material financial statement classifications.
9. Designing a detailed audit plan/program that links significant risks with appropriate procedures, i.e., tests of control, analytical procedures and/or detailed tests of balances.

 The risk assessment standards make clear that all risk assessment procedures produce substantive evidence that contributes toward accomplishing audit objectives. When considering the evidence necessary to decrease detection risk to an acceptably low level, obtaining evidence from the performance of risk assessment procedures will reduce the evidence required from other auditing procedures.

The Power to Audit Efficiently

Risk-driven approaches to engagements not only produce high quality, they can maximize audit efficiency. Understanding the opportunities the risk assessment standards provide to obtain substantive evidence in less costly ways, an auditor has the power to produce the most efficient audit in each engagement’s circumstances. Designing cost-beneficial audit strategies is decision-making of the highest order, the heart of an auditor’s professional judgment and result from the auditor’s effective application of risk assessment procedures. The next article will discuss the entity, its environment and its internal control.

More Information

My exclusive presentations of webcasts on CPE Credit.com and self-study courses covering various applications of auditing standards can be accessed by clicking the appropriate box on the left side of my home page, www.cpafirmsupport.com. Registered users accessing CPE webcasts and self-study courses on my website presented by myself and numerous other authors on a variety of professional topics receive a 20% discount on all registrations.

My assistance in CPA firm quality control consulting, audit planning and peer review preparation can be obtained by sending an email using the “Contact Us” tab on my home page.

CLARIFIED AUDITING STANDARDS—PLANNING AN AUDIT (AU-C 300)—Part 2

More Audit Planning

In Part 1, we discussed required and practical pre-planning activities.  This Part focuses on planning requirements from the standard, along with a listing of practical activities that will result in quality, profitable audit engagements.

Planning Activities Required by AU-C 300

Auditors are required to establish an audit strategy that includes the scope, timing and direction for the audit to guide the development of the audit plan (program). The audit plan should include appropriate risk assessment procedures, analytical procedures and tests of balances procedures, including audit responses necessary to investigate material risks of misstatement due to error or fraud. The audit strategy and plan should be documented in engagement files.

Practical Considerations—Planning Phase

Planning Phase:

1. Complete or update basic documentation necessary to demonstrate an understanding of the client’s business and environment, including internal control.
1. Client Acceptance and Continuance Form. This Form should include documentation of basic organizational and operational information for use in engagement planning. It should also include information for assessing risk at the financial statement level, such as the integrity of management, use of the financial statements and any going concern problems or issues.
2. General Ledger Analysis Worksheet.  This spreadsheet can be used to centralize documentation of all unusual matters identified when scanning general ledger account activity. Instead of numerous individual account analysis requiring indexing, cross-referencing and initialing and dating by both the preparer and reviewer, this spreadsheet can centralize the documentation of unusual matters, related inquiries and management responses, and auditor’s resulting actions. 
3. Flowchart or other documentation of the entity’s financial reporting and internal control systems.  Accompanied by evidence of appropriate system’s walk-through procedures using 10 to 15 transactions, this procedure can contribute substantive evidence, when combined with that from the procedures listed above, that may enable the assessment of risk at a level slightly less than high to moderate on smaller audits.
4. Documentation of any and all inquiries of management or client personnel.
2. Assess control risk by financial statement classifications, combine with inherent risk documentation, and assess level of risk of material misstatement.
3. Use assessed risk at the financial statement level from a Client Acceptance and Continuance Form and other documentation to establish planning materiality, tolerable misstatement (performance materiality), and the lower limit for individually significant items at the financial statement level.
4. Use assessed risk of material misstatement at the assertion (financial statement classification) level to establish tolerable misstatement (performance materiality) and the lower limit for individually significant items at the financial statement classification level.
5. Design a sampling or non-sampling plan using materiality levels for financial statement classifications.
6. Document planning activities and decisions in a Planning Document.
7. Hold meeting with the in-charge accountant and engagement leader to discuss planning results and finalize audit strategy.
8. Design the audit plan (program).
9. Make work assignments and provide necessary training for staff personnel.
10. Hold planning and brainstorming meeting with all engagement personnel.
11. Prepare planning communication with persons charged with governance.
12. Plan the maximum amount of interim work that is practical before client’s fiscal year end.

a.       Risk assessment procedures

b.      Reading minutes

c.       Substantive tests for PP&E, debt and expenses

d.      Interim analytical procedures—reading general ledger

e.       Cycle counts of perpetual inventories

f.        Receivables confirmations

g.       Loan files exams--banks

h.       Site inspections--contractors

i.         Planning activities

j.        Oversee client working paper preparation

k.      Block out audit documentation

l.         Other work

13. Design highly-effective, predictive analytical procedures whenever possible that can generate evidence to evaluate all financial statement assertions for accounts such as sales and revenues, certain salaries and wages, payroll taxes, depreciation, interest income and expense, etc.

The effectiveness of the auditor’s planning activities contributes directly to the efficiency with which an audit engagement is performed and completed.  As we have sometimes learned the hard way, poor planning often results in budget overruns during the completion phase when problem resolution takes more time and is more costly!

CLARIFIED AUDITING STANDARDS—PLANNING AN AUDIT (AU-C 300)—Part 1

Audit Planning

Some readers with grey hair like mine will remember the days of planning audits in the back seat of the car on the way to a client’s office! Those days passed away as we realized the specific requirements for planning in the audit standards. Once our audit engagement teams established a paradigm for effective audit planning, we also began to realize the time saving benefits that resulted from well-planned audit engagements.

Like the other so-called risk assessment standards, AU-C Section 300 is a redraft of the 2006 audit standards.  Requirements for the preliminary engagement activities are presented below, followed by a list of practical activities that are normally necessary for effective engagement planning.

Preliminary Engagement Activities

These are required engagement pre-planning activities:

• Performing client acceptance and engagement continuance activities required by Section AU-C 220 on quality control.
• Evaluating ethical requirements, particularly the independence of engagement personnel, required by AU-C Section 220.
• Establishing, communicating and documenting an understanding of engagement terms in an engagement letter as required by AU-C Section 210.

Practical Considerations—Pre-planning Phase:

These activities are normally performed by an in-charge accountant and/or an engagement leader.

1. Obtain the prior year’s permanent, tax, correspondence and current files.

a.       Become familiar with the auditor’s report, financial statements and footnotes.

b.      Determine that the reporting framework is appropriate given the nature, size, and complexity of the client.

c.       If a change to a special purpose framework, IFRS or IFRS for SMEs can reduce financial statement preparation time for the client, as well as save audit engagement time, consult with the client and the user of the financials to determine if a change is beneficial.

d.      Review the prior year’s risk assessment procedures, levels of assessed risk, audit strategy and audit plan (program) to determine if there are opportunities for changes that will save audit time charges in the current year.

e.       Review the key forms, practice aids, working papers, and other documentation in last year’s current file to determine any client documents, unnecessary working papers or correspondence that can be eliminated this year.

f.        Determine if it is possible to use the prior year’s control risk assessment in the current year and if doing so can reduce the current year’s risk assessment procedures and other substantive tests.

g.       Read the internal control communication letter and investigate the current status of significant deficiencies and material weaknesses and their affects on the current year auditing procedures.

h.       Prepare a list of procedures and activities that can be performed during interim work, make staffing requests and schedule the interim work

i.         Determine if specialists will be needed, e.g., IT persons, attorneys, valuation experts, actuaries, etc.

j.        Prepare a list of schedules and other assistance to request from client and deliver at least 30 days before the engagement date.

2. Hold pre-planning meeting with in-charge accountant and engagement leader.

 a.       Discuss client changes in business, organization, accounting, internal control, personnel and current events that may affect this year’s audit.

b.      Discuss any effects of the current economic climate, any going concern issues and the need for management to develop plans to overcome potential threats to the continuing existence of the entity.

c.       Discuss findings, questions and other issues from the review of the prior year’s working papers.

d.      Schedule due dates, interim and year-end fieldwork and assign staff personnel.

e.       Discuss fees, billing policies, budgets and other administrative issues.

3. Schedule time for engagement leader to meet with the management and governance persons that engaged the firm to deliver the engagement letter.

 a.       Reach an understanding about the nature of the engagement, as well as client management and CPA firm responsibilities.

b.      Discuss current client issues, including any affects of economic climate

c.       Make fraud inquiries.

d.      Arrange for proper workspace.

e.       Arrange for client assistance.

f.        Finalize dates for interim and year end fieldwork.

g.       Discuss target dates.

h.       Discuss range of audit fees and effects of variables (problems, no client assistance, etc.).

4. If possible, prepare a rough draft or block out financial statements and footnotes for use in planning activities.

Part 2 will begin to discuss planning requirements in AU-C Section 300, along with other practical planning activities.