Standards for Audits and Reviews of Historical Financial Information
SA 200: Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Standards on Auditing
This Standard establishes the independent auditor’s overall responsibilities when conducting an audit of financial statements in accordance with SAs
1. Ethical
Requirements Relating to an Audit of Financial Statements — The
auditor should apply the following fundamental principles of professional
ethics relevant when conducting an audit of financial statements; (a)
Integrity; (b) Objectivity; (c) Professional competence and due care; (d)
Confidentiality; and (e) Professional behaviour
2. Professional
Skepticism—
Professional skepticism includes being alert to, for example; (a) Audit
evidence that contradicts other audit evidence obtained;
(b) Information that brings into question the reliability of documents and responses to inquiries to be used as audit evidence; (c) Conditions that may indicate possible fraud; (d) Circumstances that suggest the need for audit procedures in addition to those required by the SAs
(b) Information that brings into question the reliability of documents and responses to inquiries to be used as audit evidence; (c) Conditions that may indicate possible fraud; (d) Circumstances that suggest the need for audit procedures in addition to those required by the SAs
3. Professional
Judgment—
Professional judgment is necessary in particular regarding decisions about:
(a) Materiality and audit risk; (b) The nature, timing, and extent of audit procedures used to meet the requirements of the SAs and gather audit evidence; (c) Evaluating whether sufficient appropriate audit evidence has been obtained, and whether more needs to be done to achieve the objectives of the SAs and thereby, the overall objectives of the auditor; (d) The evaluation of management’s judgments in applying the entity’s applicable financial reporting framework; (e) The drawing of conclusions based on the audit evidence obtained, for example, assessing the reasonableness of the estimates made by management in preparing the financial statements
(a) Materiality and audit risk; (b) The nature, timing, and extent of audit procedures used to meet the requirements of the SAs and gather audit evidence; (c) Evaluating whether sufficient appropriate audit evidence has been obtained, and whether more needs to be done to achieve the objectives of the SAs and thereby, the overall objectives of the auditor; (d) The evaluation of management’s judgments in applying the entity’s applicable financial reporting framework; (e) The drawing of conclusions based on the audit evidence obtained, for example, assessing the reasonableness of the estimates made by management in preparing the financial statements
4. Sufficient
Appropriate Audit Evidence and Audit Risk— To obtain reasonable
assurance, the auditor shall obtain sufficient appropriate audit evidence to
reduce audit risk to an acceptably low level and thereby enable the auditor to
draw reasonable conclusions on which to base the auditor’s opinion
Ø Sufficiency
and Appropriateness of Audit Evidence — Audit evidence is necessary
to support the auditor’s opinion and report. It is cumulative in nature and is
primarily obtained from audit procedures performed during the course of the
audit. Sufficiency is the measure of quantity of audit evidence whereas
appropriateness is the measure of quality of audit evidenceØ Audit Risk — Audit risk is a function of the risks of material misstatement and detection risk. The risks of material misstatement may exist at two levels:
(a) The overall financial statement level; and (b) The assertion level for classes of transactions, account balances, and disclosures. For a given level of audit risk, the acceptable level of detection risk bears an inverse relationship to the assessed risks of material misstatement at the assertion level
·
Conduct of an Audit in Accordance with SAs — The auditor shall
comply with all SAs relevant to the audit. An SA is relevant to the audit when
the SA is in effect and the circumstances addressed by the SA exist. The
auditor shall have an understanding of the entire text of an SA, including its
application and other explanatory material, to understand its objectives and to
apply its requirements properly. The auditor shall not represent compliance
with SAs in the auditor’s report unless the auditor has complied with the
requirements of this SA and all other SAs relevant to the audit
SA 210:
Agreeing the Terms of Audit Engagements
1. Auditor and client
should agree on terms of engagement. Agreed terms would need to be recorded in
an audit engagement letter or other suitable form of contract
2. The form and
content of audit engagement letter may vary for each client, but would
generally include reference to (a) objective and scope of the audit of
financial statements; (b) responsibilities of the auditor; (c) responsibilities
of management; (d) Identification of applicable financial reporting framework
for the preparation of financial statements; and (e) Reference to the expected
form and content of any reports to be issued by the auditor and a statement
that there may be circumstances in which a report may differ from its expected
form and content. Other matters as per the circumstances should also be
included
3. In case of
recurring audits, auditor should consider whether circumstances require the
terms of engagement to be revised
4. Where the terms of
engagement are changed, auditor and client should agree on the new terms. If
auditor is unable to agree to a change of engagement and is not permitted to
continue the original engagement, the auditor should consider withdrawing from
the engagement and determine whether there is any obligation, either
contractual or otherwise, to report the circumstances to other parties, such as
those charged with governance, owners or regulators.
1. Quality control
policies and procedures should be implemented at both level — of audit
firm and on individual audits
2. To implement
quality control policies and procedures designed to ensure that all audits are
conducted in accordance with Standards of Auditing
3. Objectives of
quality control policies to be adopted will incorporate Professional
Requirements, Skills and Competence, Assignment, Delegation, Consultation,
Acceptance and Retention of Clients, Monitoring
4. To be communicated
to its personnel in a manner that provides reasonable assurance that the
policies and procedures are understood and implemented
5. To implement those
quality control procedures which are, in the context of policies and procedures
of the firm, appropriate to individual audit. To consider professional
competence of assistants performing work delegated to them when deciding extent
of direction, supervision and review appropriate for each assistant. Assistants
to whom work is delegated need appropriate direction, supervision and review of
audit work performed by them.
1. Audit documentation
that meets the requirements of this SA and the specific documentation
requirements of other relevant SAs provides (a) evidence of auditor’s basis for
a conclusion about the achievement of overall objective of audit; and (b)
evidence that the audit was planned and performed in accordance with SAs and
applicable legal and regulatory requirements
2. Audit Documentation
refers to the record of audit procedures performed, relevant audit evidence
obtained, and conclusions the auditor reached. Preparing sufficient and
appropriate audit documentation on a timely basis helps to enhance the quality
of audit and facilitates effective review and evaluation of audit evidence
obtained and conclusions reached before finalizing auditor’s report
3. To document
discussions of significant matters with management, those charged with
governance, and others, including the nature of significant matters discussed
and when and with whom the discussions took place
4. Auditor may
consider preparing and retaining a summary (Completion Memorandum) that
describes significant matters identified during the audit and how they were
addressed. SA 220 requires auditor to review audit work performed through
review of audit documentation. Standards on Quality Control (SQC) 1 require
firms to establish policies and procedures for timely completion of assembly of
audit files. An appropriate time limit within which to complete the assembly of
final audit file is ordinarily not more than 60 days after the date of
auditor’s report. SQC 1 requires firms to establish policies and procedures for
retention of engagement documentation
5. Retention period
for audit engagements ordinarily is no shorter than ten years from the date of
auditor’s report, or, if later, the date of group auditor’s report
1. Auditor is
concerned with fraud that causes a material misstatement in financial
statements
2. Two types of
intentional misstatements are relevant — misstatements resulting from
fraudulent financial reporting and misstatements resulting from
misappropriation of assets
3. Primary
responsibility of prevention and detection of frauds is of the management as
well as those charged with governance. It is important that management, with
oversight of those charged with governance; place a strong emphasis on fraud
prevention which may reduce opportunities for fraud to take place and act as a
deterrent
4. Auditor is
responsible for obtaining reasonable assurance that financial statement taken
as a whole are free from material misstatement, whether caused by fraud or
error. While auditor may be able to identify potential opportunities for fraud
to be perpetrated, it is difficult for him to determine whether misstatements
in judgment areas such as accounting estimates are caused by fraud or error
5. Risk of auditor not
detecting a material misstatement resulting from management fraud is greater
than for employee fraud, because management is frequently in a position to
directly or indirectly manipulate accounting records, present fraudulent
financial information or override control procedures designed to prevent
similar frauds by other employees. Auditor is responsible for maintaining an
attitude of professional skepticism throughout the audit, considering the
potential for management override of controls and recognizing the fact that
audit procedures that are effective for detecting error may not be effective in
detecting fraud
6. Auditor shall
identify and assess risks of material misstatement due to fraud at financial
statement level, and at assertion level for classes of transactions, account
balances and disclosures. Auditor must make appropriate inquiries of the
management. Auditor must discuss with those charged with governance as they have
oversight responsibility for systems for accounting risk, financial control and
compliance with the law
7. When auditor
identifies a misstatement, s/he should consider whether such a misstatement may
be indicative of fraud and if there is such an indication, s/he should consider
the implications of misstatement in relation to other aspects of the audit,
particularly the reliability of management representations
8. When the auditor
identifies a misstatement resulting from fraud, or a suspected fraud, s/he
should consider auditor’s responsibility to communicate that information to
management, those charged with governance and, in some circumstances, when so
required by laws and regulations, to regulatory and enforcement authorities
also
9. To obtain written
representations from management
10. To document the
understanding of entity and its environment and the assessment of risks of
material misstatement, responses to assessed risks of material misstatement and
communications about fraud made to management, those charged with governance,
regulators and others
1. To recognise that
non–compliance by entity with laws and regulations may materially affect
financial statements. It is management’s responsibility to ensure that entity’s
operations are conducted in accordance with laws and regulations
2. Auditor is not
responsible for preventing non–compliance. The auditor is responsible for
obtaining reasonable assurance that the financial statements, taken as a whole,
are free from material misstatement, whether caused by fraud or error
3. Risk of non
detection of material misstatements is higher with regard to material
misstatements resulting from non–compliance with laws and regulations due to
various factors. To obtain a general understanding of legal and regulatory
framework applicable to the entity and how it is complying with that framework
4. After obtaining
general understanding, auditor should perform procedures to identify instances
of non–compliance with these laws and regulations where non–compliance should
be considered when preparing financial statements. Further, auditor should
obtain sufficient appropriate audit evidence about compliance with those laws
and regulations generally recognised by Auditor to have an effect on
determination of material amounts and disclosures in financial statements
5. To obtain written
representations that management has disclosed all known actual or possible
non–compliance with laws and regulations whose effects should be considered
when preparing financial statements. This SA does not apply to other assurance
engagements in which auditor is specifically engaged to test and report
separately on compliance with specific laws and regulations. Whether an act
constitutes a non–compliance can be determined only by a court of law
6. The Standard
envisages "engaging a legal advisor to assist in monitoring legal
requirements" instead of "establishing a legal department" as
one of the policies to ensure compliance with laws and regulations. The
Standard, in larger entities, also envisages existence of a separate
"compliance function" in addition to internal audit function and
audit committee to supplement policies and procedures for ensuring compliance
with laws and regulations
1. To communicate with
those charged with governance, auditor’s responsibilities in relation to
financial statements audit, an overview of planned scope and timing of audit
and significant findings from the audit
2. Such matters
include: Overall scope of audit; selection of/ changes in significant
accounting policies; potential effect on financial statements of any
significant risks and exposures, such as pending litigation; adjustments to
financial statements arising out of audit that have a significant effect on
entity’s financial statements; material uncertainties related to events and
conditions that may cast significant doubt on entity’s ability to continue as a
going concern, disagreements with management about matters that could be
significant to entity’s financial statements or auditor’s report; expected
modifications to auditor’s report. Auditors should communicate matters of
governance interest on timely basis
3. Auditor’s
communication may be made orally or in writing. In case of oral communication,
auditor should document their oral communications and response thereof
1. The objective of
the auditor is to communicate appropriately to those charged with governance
and management deficiencies in internal control that the auditor has identified
during the audit and that, in the auditor’s professional judgment, are of
sufficient importance to merit their respective attentions
2. The auditor shall
determine whether, on the basis of the audit work performed, the auditor has
identified one or more deficiencies in internal control. If the auditor has
identified one or more deficiencies in internal control, the auditor shall
determine, on the basis of the audit work performed, whether, individually or
in combination, they constitute significant deficiencies.
1. Joint auditors
should, by mutual discussion, divide audit work. Division of work would usually
be in terms of audit of identifiable units or specified areas. Division of work
may be with reference to items of assets or liabilities or income or
expenditure or with reference to periods of time
2. If a Joint auditor
comes across matters which are relevant to areas of responsibility of other
joint auditors and which deserve their attention, or which require disclosure
or discussion with, or application of judgment by, other joint auditors, he
should communicate the same to all other joint auditors in writing prior to
finalisation of audit
3. Certain areas of
work, owing to their importance or owing to the nature of work involved, would
often not be divided and would have to be covered by all joint auditors
4. Each joint auditor
is responsible only for the work allocated to them, whether or not s/he has
prepared a separate report on work performed by them
5. All joint auditors
are jointly and severally responsible in respect of the audit work which is not
divided amongst them, for the appropriateness of decisions taken by them
concerning the nature, timing or extent of the audit procedures to be performed
by any of the joint auditors, for examining that the financial statements of
the entity comply with disclosure requirements of relevant statute, for
ensuring that audit report complies with the requirements of relevant statute
and in respect of matters which are brought to the notice of joint auditors by
any one of them and on which there is an agreement among joint auditors
6. Each joint auditor
is entitled to assume that other joint auditors have carried out their part of
audit work in accordance with generally accepted audit procedures. Normally,
joint auditors are able to arrive at an agreed report. However, where the joint
auditors are in disagreement with regard to any matters to be covered by the
report, each one of them should express his own opinion through a separate
report
1. Planning an audit
involves establishing the overall audit strategy for the engagement and
developing an audit plan. The objective of auditor is to plan the audit so that
it will be performed in an effective manner
2. Once the overall
audit strategy has been established, an audit plan can be developed to address
various matters identified in the overall audit strategy, considering the need
to achieve the audit objectives through efficient use of auditor’s resources
3. To consider various
matters in developing the overall plan like: terms of engagement; nature and
timing of reports; applicable legal or statutory requirements; accounting
policies adopted by the client; identification of significant audit areas;
setting of materiality levels, etc.
4. To obtain a level
of knowledge of client’s business that will enable them to identify events,
transactions and practices that, in their judgment, may have a significant
effect on financial information. Audit plan is more detailed than overall audit
strategy that includes the nature, timing and extent of audit procedures to be
performed by engagement team members
5. Engagement partner
and other key members of engagement team shall be involved in planning the
audit, including planning and participating in the discussion among engagement
team members so as to enhance effectiveness and efficiency of planning process
6. To plan the nature,
timing and extent of direction and supervision of engagement team members and
review of their work. Auditor shall document overall audit strategy, audit plan
and any significant changes made during audit engagement to the overall audit
strategy or audit plan, and reasons for such changes
7. Audit planning
ideally commences at the conclusion of previous year’s audit, and along with
related programme, it should be reconsidered for modification as the audit of
their compliance and substantive procedures progress. For an initial audit,
auditor may need to expand the planning activities because the auditor does not
ordinarily have previous experience with the entity that is considered when
planning recurring engagements
1. To provide a basis
for identification and assessment of risks of material misstatement at the
financial statement and assertion levels, the auditor shall perform risk
assessment procedures. Thus procedures shall include: Inquiries with
management; Analytical Procedures; Observation and Inspection
2. Where Auditor has
performed other engagements with the entity, auditor shall consider whether
information obtained is relevant for identifying the risk of material
misstatement. If Auditor intends to use his/her previous experiences with the
entity, he shall determine whether changes have occurred since previous audit
that may affect its relevance on current audit
3. To obtain an
understanding of the following: Industry, regulatory and other external
factors; Nature of entity; Selection and application of accounting policies;
Objectives and strategies and related business risks; Measurement and review of
entity’s financial performance; Internal control
4. SA 315 sets out
five components of Internal control: Control environment; Entity’s risk
assessment process; the information system, including related business
processes, relevant to financial reporting and communication; Control
activities relevant to audit; Monitoring of controls
5. Usually, those
controls which pertain to entity’s objective of preparing financial statements
are subject to risk assessment procedures
6. Obtaining an
understanding of entity and its environment including entity’s internal control
is a continuous, dynamic process of gathering, updating and analyzing
information throughout the audit
7. To identify and
assess risks of material misstatement at financial statement level, and at
assertion level for classes of transactions, account balances and disclosures
8. Auditors are
required to: Relate identified risks to what can go wrong at assertion level;
Consider potential magnitude of risks in the context of financial statements;
Consider the likelihood that risks could result in a material misstatement of
financial statements
9. Documentation
should cover: Discussion among engagement team; Key elements of understanding
obtained; Sources of information; Risk assessment process; the identified and
assessed risks; Significant risks evaluated; Risks evaluated for which
substantive procedures done
10. Auditor uses
professional judgment to determine the extent of understanding required.
Auditors primary consideration is whether the understanding that has been obtained
is sufficient to meet the objective stated in the SA
1. SA 320 deals with
the auditor’s responsibility to apply the concept of materiality in planning
and performing an audit of financial statements
2. In planning the
audit, the auditor makes judgments about the size of misstatements that will be
considered material
3. These judgments
provide a basis for:
• Determining the
nature, timing and extent of risk assessment procedures;
• Identifying and
assessing the risks of material misstatement; and
• Determining the
nature, timing and extent of further audit procedures
4. For purposes of the
SAs, performance materiality means the amount or amounts set by the auditor at
less than materiality for the financial statements as a whole to reduce to an
appropriately low level the probability that the aggregate of uncorrected and
undetected misstatements exceeds materiality for the financial statements as a
whole. If applicable, performance materiality also refers to the amount or
amounts set by the auditor at less than the materiality level or levels for
particular classes of transactions, account balances or disclosures
5. The auditor shall
revise materiality for the financial statements as a whole (and, if applicable,
the materiality level or levels for particular classes of transactions, account
balances or disclosures) in the event of becoming aware of information during
the audit that would have caused the auditor to have determined a different
amount (or amounts) initially
6. The audit
documentation shall include the following amounts and the factors considered in
their determination:
•
Materiality for the financial statements as a whole
•
If applicable, the materiality level or levels for particular classes of
transactions, account balances or disclosures
•
Performance materiality and
•
Any revision of above as the audit progressed
No comments:
Post a Comment