AYB301 MidTerm Full Sets of Notes

50 Pages
Unlock Document

All Professors

AYB301 REVISION LECTURE 1: INTRODUCTION • Auditing: a type of assurance service, provides assurance on the quality of information in financial statements to external users. o Evidence (obtaining and evaluating) o Information (economic actions and events) o Criteria – not just applying accounting standards – allow discretion by users, are the statements true and fair? o Communicating to interested users  Type of report (unqualified etc) • Audit Report: Components: o Introduction o Director’s responsibility o Auditor’s responsibility o Independence o Auditor’s opinion • Need for assurance: potential bias in management’s info, remoteness of users (can’t interview management), complexity of transactions • Public Policy response: CLERP 9 Act 2004 in Aus, Sarbanes-Oxley Act 2002 in US • Levels of Assurance: Positive (audit opinion) / Limited or Negative (eg. Review of fin statements) / No (compilation of fin statements • Providers of Assurance Services: o Public AC Profession:  Compliance Audits  Operational Audits  Performance Audits o Internal Audit Profession o Public Sector Audit Profession • Regulatory Bodies: CPA Australia (CPAA), Institute of Chartered ACs in Aus (ICAA), National Institute of ACs (NIA), Aus Prof Ethical Stds Board (APESB), Aus Securities and Investment Com (ASIC) • Rules governing auditing: Corps Act / Auditing Stds / Ethical Code Page 1 of 50 Page 2 of 50 LECTURE 3: AUDIT RISK AND BUSINESS RISK (in Phase 1 of Audit: Planning) 4 components of risk that affect the audit approach and audit outcome: • Enterprise risk: risks that affect the operations (ERM – ent risk m/ment) • Engagement risk: comes with association with a specific client (bad rep..) o Risk is high whenever increased likelihood that:  Auditor is associated with a failed client  Financial statements contain material misstatement that the auditor fails to find o Conditions increase the likelihood of the auditor being sued o Audit must make client acceptance / retention decision  Decision depends on client’s corp gov / financial health  Auditor will analyse (re corp gov): • Management integrity • Independence and competence of Audit Committee and Board • Quality of ERM and controls • Regulatory and reporting requirements • Existence of related party transactions o Minimising risk when accepting new clients:  Auditor should initiate discussions with predecessor re reason for the change in auditors • Successor must have client permission to do so (APES 210, ASA 220.A8) • Auditor will be interested in: management integrity / disagreements with management / predecessor’s understanding of reasons for the change / any communications between predecessor and management or audit committee re: fraud, illegal acts or internal control matters  Auditor and client should have a mutual understanding of the audit process – auditor should prepare an engagement letter (clarifying the responsibilities and expectations of each party): • Nature of the services to be provided • Time of those services • Expected fees and basis for billing • Financial reporting risk: risks that relate directly to recording transactions and presentation of financial statements Page 3 of 50 • Audit risk: the risk that an auditor may provide an unqualified opinion on financial statements that are materially misstated o Model: AR = IR (inherent risk) x CR (control risk) x DR (detection risk)  Environment risk = IR + CR, reflects likelihood of material misstatements occurring  Detection risk: risk that audit procedures will fail to detect material misstatements – effectiveness of audit procedures and their application • Level of DR = rigour of substantive audit work performed o Inherent risk: risk that account / section being audited is materially misstated (assuming no controls) o Set inversely to the assessed level of engagement risk o DR set inversely to ER  DR = AR/(IR x CR) o Low DR means a low probability of not detecting material misstatements, to achieve this, auditor must perform more rigorous substantive testing eg:  Larger sample sizes, more reliable evidence, more experienced authors etc Business risk approaches: o Transaction approach – looks at trees, not the forest, traditional approach o Top-down: business risk auditing, looks a the forest Developing an Understanding of Bus and Fin Misstatement Risks: Auditor should: o understand the company and its operations o develop an understanding of the market in which the company operates o develop expectations about financial results or transaction outcomes (independently of management, communicated to all team members) Preliminary Financial Statement Review: Techniques and Expectations: o “Analytical Review” – auditors use analytical procedures to develop expectations of a/c balances, compare to recorded book value to identify misstatements o Sources of data:  Financial info for prior periods  Expected / planned results from budgets  Comparisons of liknes accounts (eg. interest expense and debt)  Ratios of financial information  Company and industry trends  Relevant nonfinancial information (eg. transport, L of petrol not $) Page 4 of 50 o Techniques: trend analysis / comparative financial statements / ratio analysis Page 5 of 50 Materiality & Audit Risk: the auditor must plan and perform an audit that provides reasonable assurance that material misstatements will be detected o Information is material if its omission, misstatement or non-disclosure has the potential to influence the economic decisions of users or affect the discharge of accountability by the management o Materiality has 3 dimensions:  Size of misstatement ($ amount)  Circumstances  User impact (impact on potential users and the type of judgements made) Managing Audit Risk: o Adjusting audit staff to reflect risk level associated with a client o Developing direct tests of a/c balances o Anticipating potential misstatements o Adjusting the timing of audit tests to minimise overall audit risk FOUR PHASES OF AUDIT: • Phase 1 – Planning (Wk 8) – includes Risk Assessment (Wk 3) • Phase 2 – Tests of controls and substantive tests of transactions (Wk 4&5) • Phase 3 – Perform analytical procedures and tests of balances (Wk 5) • Phase 4 – Complete the audit and issue audit report (Wk 12) Page 6 of 50 LECTURE 4: INTERNAL CONTROL: ASA 315 – Understanding the Entity • Internal Control: a process designed to provide reasonable assurance of generating reliable a/c info, safeguarding assets, operating efficiently and effectively, complying with applicable laws and regulations • Framework: Objectives & Examples of Control: Objective: Example of Control (all ASA 315): Tests of Controls (later on): 1. Reliability of financial Review IT committee reporting Purchase good IT system meetings, contracts etc. Review m/ment meetings, what 2. Effectiveness and Monitoring, budget to actual per store actions taken if budget Efficiency of operations variations found etc. Review minutes for Board approval for cheques > $X mil, 3. Safeguarding assets Check-out procedures, receipts, til appropriate approval, Review store mgr sign-offs, surprise balancing audit checks 4. Compliance with law Audit committee review Review minutes of Audit Committee meetings COSO 5 Components of an Internal Control System: • Control Environment: overall attitude, awareness and actions of significant internal groups (management integrity) o Auditor should look at (when evaluating control environment):  Management’s philosophy and operating style  Organisational structure, including assignment of authority etc.  Board of directors and audit committee  HR policies  Integrity and ethical values  Commitment to competence  Compensation and evaluation programs  Effectiveness of the internal audit function • Risk Assessment: process designed to identify and manage risks that may affect the org’s ability to achieve its objectives o Auditor should look at (when evaluating org’s risk assessment):  Set KPIs such as gross margin per store and review regularly Page 7 of 50  Number of customer complaints • Control Activities: policies and procedures established by management to help insure internal control objectives are achieved and risks are mitigated. o Common control procedures found in most accounting systems:  Segregation of incompatible duties  Authorisation procedures  Documented transaction trail  Physical controls to limit access to assets • Eg. related to IT equipment, programs, data files o Physical controls – swipe cards o Access controls – ID + Password o Backup and recovery procedures – backup to …  Independent reconciliation  Competent trustworthy employees  Adequate docs and records: • Pre-numbered consecutively, prepared at time of transaction, simple enough to ensure understanding, designed for multiple uses, constructed to encourage right preparation, chart of accounts • Information and Communication: process of identifying, capturing and exchanging information in a timely fashion to enable the org to achieve its objectives o Accounting Information Systems: capture, record, summarise and report info  Usually a network of smaller accounting applications – each application system processes unique types of transactions: sales / ac rec / ac payable / cash receipts / payroll / inventory etc. Source Docs (Data Trans Update Master Print Docs & (Data entry) File master / Trans docs & reports prep) file File reports • Monitoring: process that assesses the quality of internal controls over time o Management often requests reports on the quality of its internal control to ensure the company can achieve its major objs and not be exposed to unnecessary risks o Management receives reports from 3 sources:  Ongoing monitoring from operations  Internal audit reports  External audit reports Page 8 of 50 Page 9 of 50 Breakdowns in Internal Control System: • Circumvention (evading) of internal controls: Prevented by proper separation of duties (not allowing one employer to transfer to another position with opportunity to defraud without measures in place to prevent!) • Inadequate security over IT systems: if person changes positions, access to IT should change too! • Lack of password protection: knowing other people’s passwords – regular password changes required • Lack of adequate confirmations / reconciliations: eg. ext confirmations with outside parties • Lack of review for cancelled / changed transactions: computer system can easily be programmed to test for such ‘unusual’ levels of activity – or software might be generating reports but need people to check them! • Inadequate monitoring of employee behaviour: never taking holidays and working later – HR records should monitor for unusual behaviour in employees Internal Control and Financial Statement Account Balances: • Auditors assess control risk for each relevant assertion for each important class of transactions and account balance as basis for planning the audit • Auditors need to evaluate the effectiveness of internal control over financial reporting for accounting applications that process material transactions Sales Transaction-Related Audit Objectives: Objective – General Form Related Audit Objective 1. Occurrence (recorded transaction occurred) Sales are for actual shipments to existing customers 2. Completeness (existing trans are recorded) Existing sales transactions are recorded 3. Accuracy (trans are stated correctly) Sales for goods shipped are correctly billed 4. Classification (trans are properly classified) Sales trans are properly classified 5. Timing (trans are recorded on correct dates) Sales are recorded on the correct dates Relationship of controls to auditing: • Minimum level of control is needed for the entity to be auditable • Quality of controls affects orgs operating effectiveness & ability to remain going concern • Quality of internal controls drives the audit approach and amount of testing Page 10 of 50 Risk Assessment: effect of control strength on the audit approach… Assurance (good controls) Risk Initial Situation 0% 100% Inherent Assurance 20% 80% Control Assurance 30% 50% Det Ass: Analytical Tests 15% 35% Det Ass: Substantive Tests 30% 5% Assurance (poor controls) Risk Initial Situation 0% 100% Inherent Assurance 20% 80% Control Assurance 0% 80% Det Ass: Analytical Tests 0% 80% Det Ass: Substantive Tests 75% 5% *** where poor controls, will need 75% substantive testing to reduce the risk to 5%, only needed 30% where there were good internal controls *** Control Effectiveness & Control Risk Assessment: Process for evaluating controls: • Phase 1: obtain understanding of risks and internal controls o Through walk-throughs of acc system / inquiring of management / taking plant and operational tours / reviewing documentation etc • Phase 2: make preliminary assessment of control risk and decide whether to test operation of control procedures o Drives the planning for the rest of the audit: r/ship between assessed level of control risk and rigour of substantive testing is inverse  If control risk = high, no reliance on internal controls, amount and rigour of substantive testing is increased  If control risk = low, auditor would like to rely on internal controls, auditor must test controls to make sure they’re operating effectively • Phase 3: test operating effectiveness of controls • Phase 4: based on results of testing, determine whether to revise the assessment of control risk, and incorporate this revision into the substantive testing Ext auditors must report significant internal control weaknesses to management (ASA 260) Page 11 of 50 LECTURE 5: AUDIT EVIDENCE: A Framework for directly testing account balances and transactions (ASA 500 Audit Evidence) Sufficiency & Appropriateness • ASA 500: Auditor has to obtain the right quantity (sufficient) of the right quality (appropriate) evidence o Inverse r/ship between quality and quantity – higher the risk, the more evidence required AND higher the quality of evidence, the less quantity of evidence required o Evidence from independent outside sources = more reliable that evidence obtained from the client o Evidence from auditor’s direct knowledge = more reliable that evidence obtained indirectly o Evidence from client with strong internal controls = more reliable than evidence obtained from client with weak internal controls Audit Evidence • Certain assertions embodied in financial statements – audit evidence comprises info that supports m/ment’s assertions and any info that contradicts such assertions (ASA 500) o Eg. Contradiction: m/ment withholding info – WHY are they withholding??? • Assertion Model: auditor gathers evidence to evaluate m/ment’s assertions embodied in the financial statements and individual accounts o Assertions lead to procedures that the auditor will use to gather evidence to test fin statements are true and fair  then becomes audit program Assertion Categories (ASA 500) (internal controls should be sufficient to achieve management assertions): Transactions A/C Balances Disclosure Occurrence X X Completeness X X X Cont Accuracy X X Objs Cutoff (Timing) X Classification X X Existence X Rights and obligations X X Valuation and Allocation X X Understandability X Page 12 of 50 Transaction-Related Audit Objectives (see above for Sales Trans Audit Objs…) • Occurrence: recorded transaction exists / actually occurred (valid sale, not fictitious) • Completeness: all existing transactions are recorded • Accuracy: recorded transactions are stated with correct details (date/quantity/amount etc) • Classification: trans are recorded in the correct accounts (double entry) • Cutoff: trans are recorded in the correct accounting period (important for sales!) Account Balance Audit Objectives • Completeness: amounts included exist for Assets, Liabilities and Owners Equity • Existence: All A, L and OE are recorded that should be recorded • Rights and Obligations: The entity has the rights to assets, liabilities are the entity’s obligations, (eg. do they have rights to put contracts on bal sheet; put assets on bal sheet) • Valuation and Allocation: amounts included are stated at the correct amounts in correct accounts (are assets value correctly?) Disclosure Audit Objectives • Occurrence / Rights and Obligations: disclosed events and transactions have occurred and pertain to the entity • Completeness: all disclosures that should have been included are included • Classification / Understandability: info is appropriately presented and disclosures clearly expressed • Accuracy / Valuation: info is disclosed fairly and at the appropriate amounts Steps in Overall Audit Process: • Understand the client and industry • Assess environment risk (some a/cs are more riskier than other) • Directly test trans and / or a/c balances o Traditionally checked year-end a/c balances – IF a/cs have high turnover of transactions, the auditor may have to focus on the trans that occurred during that audit period (eg. Acc Rec) o If risky, more reliable evidence usually exists for an ending balance than for trans Page 13 of 50 Commonly Used Evidence Gathering procedures: Procedure Good For… But Beware… Observation of Understanding the process Obtrusive, changes behaviour personnel of staff, time consuming Inspection of tangible Verifying existence and Assets might be at remote assets identifying any obsolescence locations Inquiry of client Must be confirmed by other Easy to gather evidence personnel sources Only tests existence, not External Confirmations Independent (strong evidence) valuation, can be expensive Inspection of documents Useful for all assertions Must establish authenticity Testing the accuracy of Detailed process, knowledge Recalculation of data estimates required Reprocessing of trans Establishing that all items were Examining a sample of (trace from source doc records, sample should be to a/c bal) recorded (completeness) carefully selected Vouching of trans – tracing trans back to source docs Analytical procedures (compare a/c bals, Directing audit procedures Can mislead if used incorrectly rations to expectations) Direct Tests of Account Balances v Other Business Measurements: • Examining outside documentation v inquiry of client personnel o If management integrity is low and IC are weak = need more outside verification o Auditor’s task is to determine which procedures provide appropriate evidence with the least amount of audit cost Page 14 of 50 Directional Testing (a means to achieve audit efficiency): • Directional Testing: testing in one direction for either an overstatement or understatement o Increases audit efficiency as:  Misstatements are more likely to occur in one direction (eg. assets and rev – overstated, liabilities and expenses understated)  Auditor uses procedures that focus on the most likely misstatements (rev usually a high priority!)  Vouching (looking for source documents) and reprocessing (trace from source doc to a/c balance) are examples of directional tests  Can also provide evidence about complementary accounts  Some m/ment assertions are directional by nature (existence addresses overstatement; completeness addresses understatement) Timing of Procedures and Extent of Procedures: • Timing: auditor must decide when to perform the procedures o As of balance sheet date o After the balance sheet date o Before the balance sheet date (interim testing)  Advantages of interim testing: • Audit may be completed sooner • Typically means less overtime for audit staff (auditing is a business)  Disadvantages of interim testing: • Risk of material misstatement between interim date and year end  Interim testing is feasible when: • The client has strong internal controls • Low probability of significant change in a/c balances between interim work and year end • Auditor focuses on tests of transactions rather than the year-end balance (eg. non-current assets) • Extent: auditor must decide how much evidence is needed (may also be influences by auditor’s individual risk preferences) o Extent of testing is affected by:  The auditor’s assessment of the risk of a/c balance misstatement Page 15 of 50  The amount of misstatement considered material  The persuasiveness of alternative forms of evidence Audit Programs: • Audit programs are about managing the audit; they specify the objectives and the procedures used to gather, document and evaluate evidence • Audit programs guide the conduct of the audit and provide an effective means for: o Organising and distributing audit work o Monitoring the audit process o Recording audit work performed o Reviewing the audit procedures performed and the evidence gathered • Audit programs and evidence are documented in audit working papers: o Audit working papers:  Are design-driven by the audit program  Are the primary evidence in support of the audit conclusions and should: • Cover all relevant audit work • Support the audit report • Leave no significant points unresolved Generalised Audit Software (ACL): • Designed to read existing computer files and perform functions such as: o Footing a file o Selecting a sample (judgementally or statistically) o Extracting, sorting and summarising data o Obtaining file statistics o Performing analytical procedures o Finding how many trans or population items meet specific criteria o Checking for gaps in processing sequences o Checking for duplicates o Performing arithmetic calculations o Analysing data for validity (eg. neg amounts where shouldn’t be…) o Scanning accounts for unusual entries (eg. much higher sales returns than before) Page 16 of 50 LECTURE 6: AUDITING FOR FRAUD Modern View • Previously, view that auditors only had to take reasonable steps to detect fraud. This is no longer the case: Auditors must assume greater responsibility for detecting fraud: o The detection of material fraud is a reasonable expectation of users of audited financial statements. Unless an audit can provide assurance that the information has not been materially misstated because of fraud, the audit has little, if any, value to society. Fraud: intentional concealment or misrepresentation of material facts in order to deceive • Intention to deceive separates fraud from unintentional errors • Fraud is traditionally separated into broad categories: o Misappropriation of assets: is the theft or misuse of an org’s assets by m/ment or employees for personal gain  Eg. theft, cash schemes, fraudulent suppliers, inventory theft, payroll fraud, embezzlement etc  Corruption occurs when someone uses their influence in a transaction to gain personal benefit (eg. kickbacks, conflict of interest, bribery, extortion) o Fraudulent financial reporting: is the intentional manipulation of financial statements by management, overriding internal controls  Usually involves: • Manipulation, falsification or alteration of accounting records or supporting documents • Misrepresentation or omission of events, transactions or significant information • Intentional misapplication of accounting standards eg. o Overstating assets and understating expenses (capitalising on RD rather than expensing it) / overstating revenue and assets / understating liabilities Auditor’s Responsibility: ASA 240: auditor must search for risk factors related to fraud, • If risk factors are present, the auditor must modify the audit to: o actively search for fraud Emphasises the need o require more substantive audit evidence for professional scepticism o assign forensic (fraud) auditors to the engagement Page 17 of 50 Proactive Approach to Fraud Detection: Planning the Audit • The audit must be planned to detect material misstatements due to errors or fraud • The auditor must understand: o The business o How changes in the economy affect the business (GFC) o Management’s motivation for committing fraud o Identify opportunities for employees to misappropriate assets (access to cash etc) o Analyse changes in company’s financial results for reasonableness o Identify areas that might suggest fraud Conducting the Financial Report Audit: Fraud Awareness • The process to integrate fraud risk assessment and fraud procedures into the audit includes 10 major steps: 1. Understand the nature of the fraud, motivations to commit fraud and how fraud may be committed 2. Develop and implement approach based on professional scepticism 3. Brainstorm and share knowledge within the audit team (required by ASA 240) a. Brainstorming is designed to allow experienced auditors to educate less experienced auditors and set the proper level of professional scepticism for the audit b. Topics covered during the brainstorming should include: i. how fraud can be perpetrated and concealed ii. presumption of fraud in revenue recognition iii. incentives, opportunities and rationalisations for fraud (triangle) iv. industry conditions v. operating characteristics and financial stability 4. Obtain information useful in identifying and assessing fraud risk 5. Identify specific fraud risks and areas likely to be affected by fraud 6. Evaluate the quality and effectiveness of company controls in mitigating the risk of fraud 7. Respond; adjust audit procedures to address the risk of fraud and gather evidence specifically related to the possibility of fraud 8. Evaluate findings; if evidence signals fraud might exist, consider whether specialists are needed for the audit team 9. Communicate the possibility of fraud to management and the audit committee 10.Document the audit approach Page 18 of 50 The Fraud Triangle (argued that you can’t have 1 or 2, need all 3) Incentives / Pressures Opportunities Attitudes / Rationalisations • Incentives / Pressures to Commit Fraud: include: o Management compensation schemes o Personal wealth tied to financial results / survival of the company (eg. m/ment owns shares in the company) o Other financial pressures to improve earnings or the balance sheet (eg. avoid violating debt covenant) o Personal factors:  Personal financial needs  Gambling problems  Drug addiction • Opportunities to Commit Fraud: warning signs indicating opportunities for fraud include: o Weak or non-existent internal controls  Eg. low separation of duties o Complex or unstable organisational structure o Ineffective monitoring of management (Audit Committee, BofD should be independent from management) o Significant accounting estimates made by management o Significant related party transactions o Industry dominance, dictate terms suppliers / customers o Simple transactions made complex through disjointed recording process o Complex or difficult to understand transactions • Attitude or Ability to Rationalise the Fraud: nature of rationalisation depends on type: o For misappropriations, rationalisations often revolve around personal issues:  Financial problems (gambling etc); Mistreatment by the company; sense of entitlement; “everyone does it” o Fraudulent financial reporting, rationalisations involve personal / org issues: Page 19 of 50  Compensation based on financial results (personal); ego (personal), necessary for the organisation to survive (organisational) Fraud Risk • Obtaining information about fraud risk: the auditor should specify procedures that could signal the possibility of fraud, including: o Making inquiries of management about fraud risk o Performing analytical procedures – some of the key analytical factors the auditor should develop include:  large rev increase at end of period (eg. bring rev forward from next period or make up fictitious revenue)  sales increase larger than industry – not justified  unusually large increase in gross margin  large number of sale returns after year end (have sale been legitimate if have lots coming back… - warranties…) etc. • To identify fraud risk – auditor should examine each fraud risk condition in the triangle o Auditor should consider the types of fraud that might occur, potential significance of the fraud (quant and qual), likelihood of the fraud occurring, pervasiveness of the risk that fraud might occur • ASA 240: auditor to presume risks with rev recognition and m/ment overriding ICs o Internal control weaknesses are a strong indicator of fraud risk  Auditor should examine: • Corp Gove / Audit Committee • Management control and influence • Corp culture • Internal auditing • Monitoring controls • Code of Ethics (does comp have one), Whistleblowers (protected?) • Related-party transactions • Auditor should develop hypotheses about how fraud could be committed and concealed – depending on hypothesised fraud risks, auditor may have to change the audit procedures, the timing of audit procedures and the staffing of the engagement (more exp eg.) o Extended audit procedures can include:  Performing procedures on a surprise basis  Requiring inventories be counted and observed at yr end (not interim)  Making oral inquiries of major customers / suppliers  Examining major sales contract details, financial viability of customers, similar trans between two entites etc • Auditor should be particularly sceptical wherever: Page 20 of 50 o Discrepancies in acc records o Missing / conflicting evidential matter o Relationship with management is strained o Significant / unusual trans round year end Communicating the existence of fraud: • Should be communicated to a level at which effective action can be taken, eg. BoD, Audit Committee, outside parties… • If fraud involves top management, auditor must assess actions taken by the Board o If actions not taken, auditor must consider control environment, and the need to resign the engagement or report to ASIC or the police • Auditor must determine is F/S have been correct and fraud disclosed, else issue a qualified / adverse opinion • Material fraud in public comps indicates weak internal controls – need reporting Misappropriations of Assets / Fraudulent Reporting: • Fraudulent disbursements are the most common and include: o Billing – Setting up fake suppliers and paying for fictitious goods  Set up fake vendor, submit false invoices, alter the amount, double pay invoices, make personal purchases with company CC, etc etc. o Payroll – overtime and excessive hours o Expense reimbursements, overstating expenses o Payment tampering – changing payee / amount • Revenue fraud o Fictitious revenue, premature recognition – goods invoiced but not shipped, side agreements, recognise rev before earned etc. o Symptoms: rev appears too high, discount returns / bad debts / cash collections appear too low, docs missing, CEOs lavish lifestyle, m/ment vague when questioned etc… Forensic Accounting: • Involves detailed investigation where fraud is identified or suspected • Focuses on identifying perpetrators and getting a confession • Builds support for legal action against perpetrator • Provides litigation support • Extensive use of interviews • 100% examination of fraud related docs • Broader scope than auditing Page 21 of 50 Page 22 of 50 LECTURE 7: CORPORATE GOVERNANCE Corporate Governance: the framework of rules, relationships, systems and processes within and by which authority is exercised and controlled in corporations • Parties involved include: shareholders, BoD, Audit Committees (sub-committee of the Board), management, regulatory agencies (ASIC), self-regulatory orgs (Acc eg. CPAA; and other eg. ASX), external and internal auditors Audit Committee: has oversight responsibilities. They should: • Be appraised of all significant acc decisions made by management • Be appraised of all significant changes in acc systems and system controls • Be involved in the engagement of the external auditor, review the audit plan, discuss the audit results with the auditor • Have the authority to hire / fire the head of the internal audit function and set the budget for the internal audit function • Review the audit plan and discuss all significant results • Receive all regulatory reports (eg. for APRA – regulates fin institutions) Audit Practice: ASIC / CLERP 9 found concerns eg. auditors no longer willing to confront clients over questionable acc practices, consulting fees were impairing auditor independence. Issues that arose: • Analytical procedures were used inappropriately to replace direct tests of a/c balances • Audit firms were not thoroughly evaluating internal control etc. • Audit documentation, especially related to audit planning, did not meet professional stds • Auditors ignored warning signs of fraud, not providing sufficient warning about companies that might not continue as going concerns CLERP 9: Corporate Law Economic Reform Act 2004. • Amendments: lots about independence of auditors!! Eg: o Can’t go from being auditor to working for client straight away o New restrictions on financial r/ships – loans to auditors / their families = NO! o Mandatory disclosure of fees paid etc etc. FRC: Financial Reporting Council – responsible for overseeing auditing stds setting arrangements, etc. Sarbanes-Oxley Act: affects any Aus companies with business in US – much stricter than CLERP 9 (eg. requirement that auditors report on internal control, not require in Aus) Page 23 of 50 ASX Corporate Government Principles / Recommendations • Foundation for management oversight; structure board to add value etc etc. • Principle 4: Safeguard integrity in financial reporting: o 4.1: The board should establish an audit committee o 4.2: The AC should be structured so that it consists only of non-executive directors / consists of majority of independent directors / has at least 3 members o 4.3: AC should have a formal charter o 4.4: Companies should provide the info indicated in the Guide to reporting on Principle 4 • Companies in the All Ordinaries Index Top-500 MUST have an audit committee! • Companies in the All Ords Index Top-300 MUST dollow 4.3, 4.3, 4.4 Auditor’s Communication with the Audit Committee • ASA 260: requires specific communication between auditor and audit committee: o Eg. M/ment judgements and acc estimates; disagreements with m/ment; internal audit activities; major issues discussed with m/ment; internal control evaluation etc.  Things that should be reported to audit committee without m/ment present General Standards & Fieldwork Standards General Standards: • Must be independent in fact and in appearance • Due professional care must be exercised • Persons performing must have adequate technical training and proficiency as an auditor Fieldwork Standards: • Work shall be adequately planned and assistants, if any, properly supervised • Sufficient understanding of the entity and its environment Audit Process: Standards-Based Approach: Planning the Audit • Develop understanding with audit client – scope of services to be provided, m/ment’s responsibilities, audit fees etc. • Develop an understanding of materiality (material misstatements) • Develop preliminary audit program – understanding of client’s business and industry; risks they face, how they could affect F/S; etc. • Gather audit evidence • Summarise audit evidence and reach audit conclusion and issue report Page 24 of 50 Audit Contribution to Corp Governance: Quality and credibility of F/S; review of IC structure etc… Page 25 of 50 LECTURE 8: AUDIT LIABILITY Legal Environment: • Auditors are liable for negligence and / or breach of contract if they fail to provide services or not exercise ‘due care’ • Responsibility of auditors to safeguard the public’s interest has increased as the: o number of investors has increased, o r/ship between corporate managers and stockholders has become more personal o the government increasingly relies on accounting information • Auditor liability developed from the following laws: o Contract law (breach of contract – not properly performing the audit) o Tort law (negligence) o Staute (eg. TPA, Qld CC, Corporations Act 2001 – registration / monitoring or auditors; auditor independence; auditing changes; reports; standards etc) Causes of Legal Action: • Causes of action from not using reasonable care and skill in completing an audit (Caparo (1990): “duty owed to exercise standard of skill and care appropriate to profession status”) o Breach of contract: where auditor fails to perform a contractual duty.  Includes:  Failing to complete the engagement within the agreed-upon time  Withdrawing from the engagement without sufficient justification  Violating client confidentiality  Failing to provide professional quality work  Remedies include:  Ordering auditors to fulfil the contract (specific performance)  Issuing injunction to prohibit auditor from continuing the breach  Ordering the auditor to pay compensatory damages  Defences can include (where relevant):  Auditor did not breach the contract  The client was contributory negligent  The client’s losses were not caused by the breach  Auditor did use professional skill and care  NOTE: Only parties to the contract can file suit o Fraud: intentional concealment or misrepresentation of material facts that causes damage to those deceived Page 26 of 50 o Negligence: failure to exercise reasonable care that causes damage to another  Conduct that is careless or unintentional and breaches
More Less

Related notes for AYB301

Log In


Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.