Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
Guide to Using International Standards on Auditing in - IFAC
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
29<br />
<str<strong>on</strong>g>Guide</str<strong>on</strong>g> <str<strong>on</strong>g>to</str<strong>on</strong>g> <str<strong>on</strong>g>Us<strong>in</strong>g</str<strong>on</strong>g> <str<strong>on</strong>g>Internati<strong>on</strong>al</str<strong>on</strong>g> <str<strong>on</strong>g>Standards</str<strong>on</strong>g> <strong>on</strong> <strong>Audit<strong>in</strong>g</strong> <strong>in</strong> the Audits of Small- and Medium-Sized Entities Volume 1—Core C<strong>on</strong>cepts<br />
An effective risk assessment phase would <strong>in</strong>clude the follow<strong>in</strong>g.<br />
Exhibit 3.3-4<br />
Requirements<br />
Up-Fr<strong>on</strong>t<br />
Involvement<br />
of Senior Team<br />
Members<br />
An Emphasis <strong>on</strong><br />
“Professi<strong>on</strong>al<br />
Skepticism”<br />
Plann<strong>in</strong>g<br />
Team Discussi<strong>on</strong>s<br />
and Ongo<strong>in</strong>g<br />
Communicati<strong>on</strong><br />
Focus <strong>on</strong> Risk<br />
Identificati<strong>on</strong><br />
Ability <str<strong>on</strong>g>to</str<strong>on</strong>g> Evaluate<br />
Management’s<br />
Resp<strong>on</strong>se(s) <str<strong>on</strong>g>to</str<strong>on</strong>g><br />
Risk<br />
Descripti<strong>on</strong><br />
The engagement partner and other key members of the engagement team need<br />
<str<strong>on</strong>g>to</str<strong>on</strong>g> be actively <strong>in</strong>volved <strong>in</strong> plann<strong>in</strong>g the audit, and <strong>in</strong> plann<strong>in</strong>g and participat<strong>in</strong>g <strong>in</strong><br />
the discussi<strong>on</strong> am<strong>on</strong>g engagement team members. This will ensure the audit plan<br />
takes advantage of their experience and <strong>in</strong>sight. Note that ISAs usually refer <str<strong>on</strong>g>to</str<strong>on</strong>g> the<br />
term “audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r” as the pers<strong>on</strong>(s) perform<strong>in</strong>g the engagement. Where an ISA <strong>in</strong>tends<br />
a requirement or resp<strong>on</strong>sibility be fulfilled by the engagement partner, the term<br />
"engagement partner" rather than "audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r" is used.<br />
The audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r cannot be expected <str<strong>on</strong>g>to</str<strong>on</strong>g> disregard past experience of the h<strong>on</strong>esty<br />
and <strong>in</strong>tegrity of the entity’s management and those charged with governance.<br />
Nevertheless, a belief that management and those charged with governance are<br />
h<strong>on</strong>est and have <strong>in</strong>tegrity does not relieve the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r of the need <str<strong>on</strong>g>to</str<strong>on</strong>g> ma<strong>in</strong>ta<strong>in</strong><br />
professi<strong>on</strong>al skepticism, or allow the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r <str<strong>on</strong>g>to</str<strong>on</strong>g> be satisfied with less-than-persuasive<br />
audit evidence when obta<strong>in</strong><strong>in</strong>g reas<strong>on</strong>able assurance.<br />
The time spent <strong>in</strong> audit plann<strong>in</strong>g (develop<strong>in</strong>g the overall audit strategy and audit plan)<br />
will ensure that audit objectives are properly met, and that the work of audit staff is always<br />
focused <strong>on</strong> gather<strong>in</strong>g evidence <strong>on</strong> the most critical areas of potential misstatement.<br />
A team plann<strong>in</strong>g discussi<strong>on</strong>/meet<strong>in</strong>g with the engagement partner present provides<br />
an excellent forum for:<br />
• Inform<strong>in</strong>g staff about the client <strong>in</strong> general and discuss<strong>in</strong>g potential risk areas;<br />
• Discuss<strong>in</strong>g the effectiveness of the overall audit strategy and the audit plan and<br />
then mak<strong>in</strong>g changes as necessary;<br />
• Bra<strong>in</strong>s<str<strong>on</strong>g>to</str<strong>on</strong>g>rm<strong>in</strong>g how fraud could occur and then design<strong>in</strong>g an appropriate<br />
resp<strong>on</strong>se; and<br />
• Allocat<strong>in</strong>g audit resp<strong>on</strong>sibilities and sett<strong>in</strong>g timeframes.<br />
Ongo<strong>in</strong>g communicati<strong>on</strong> am<strong>on</strong>g the audit team throughout the engagement is<br />
also important, the better <str<strong>on</strong>g>to</str<strong>on</strong>g> discuss and address audit issues as they arise, any<br />
unusual activities noted, or possible <strong>in</strong>dica<str<strong>on</strong>g>to</str<strong>on</strong>g>rs of fraud. This will enable timely<br />
communicati<strong>on</strong>s <str<strong>on</strong>g>to</str<strong>on</strong>g> management and, where necessary, changes <str<strong>on</strong>g>to</str<strong>on</strong>g> the audit<br />
strategy and audit procedures.<br />
The most important step <strong>in</strong> a risk assessment process is <str<strong>on</strong>g>to</str<strong>on</strong>g> identify all the relevant<br />
risks. If bus<strong>in</strong>ess and fraud risk fac<str<strong>on</strong>g>to</str<strong>on</strong>g>rs are not identified by the audi<str<strong>on</strong>g>to</str<strong>on</strong>g>r, they will not<br />
be assessed or documented, and an appropriate audit resp<strong>on</strong>se (if required) will not<br />
be designed. This is why well-designed risk assessment procedures are so important<br />
<str<strong>on</strong>g>to</str<strong>on</strong>g> the effectiveness of the audit. These risk assessment procedures also need <str<strong>on</strong>g>to</str<strong>on</strong>g> be<br />
performed by the appropriate level of staff.<br />
A key step <strong>in</strong> the risk assessment process is <str<strong>on</strong>g>to</str<strong>on</strong>g> evaluate the effectiveness of<br />
management’s resp<strong>on</strong>ses (that is, management’s c<strong>on</strong>trol design/implementati<strong>on</strong>),<br />
if any, <str<strong>on</strong>g>to</str<strong>on</strong>g> mitigate the identified risks of material misstatement <strong>in</strong> the f<strong>in</strong>ancial<br />
statements. In smaller entities, more reliance will likely be placed <strong>on</strong> the c<strong>on</strong>trol<br />
envir<strong>on</strong>ment and m<strong>on</strong>i<str<strong>on</strong>g>to</str<strong>on</strong>g>r<strong>in</strong>g of c<strong>on</strong>trols, and less <strong>on</strong> the traditi<strong>on</strong>al c<strong>on</strong>trol activities.