The revised International Standard on Auditing (ISA) 315 introduces major changes in the approach to risk identification and assessment. The enhancements will affect the planning section of all audits, and audit firms of all sizes will need to revise their approach to risk assessment.
The changes will be effective for audits of financial statements for periods beginning on or after 15 December 2021. The effects of the revisions will be far-reaching and will require firms of all sizes to revise their approach to risk assessments.
This course explains how audits can be planned and performed effectively based on the 2022 version of CaseWare Probe.
The delegates will be provided with a case study including all the information necessary regarding the client to perform the planning section. They will then need to complete the following planning sections:
Programme changes and updates
• New update process
• Changes to groupings and sections
• Updated document manager
• Changes to the recording dialogue - new risk record mode
• Changes in the way controls are documented
• Use of technology in an audit which includes the understanding of the use of IT by the entity and the understanding of IT risks and IT general controls
• Core vs Extended options
• Probe Small - A detailed risk assessment must be performed
• New election in Probe Firm Settings whether walk through procedure should be elected per engagement or not
• Procedures previously performed on audit programmes are moved to the risk assessment section and are now performed as Risk Assessment Procedures (RAP)
• Certain audit considerations such as the use of experts, other practitioners, inventory count and obtaining confirmations were moved to the Audit plan and strategy document (12.20)
• New document to obtain an understanding of the complexity of the Information System
• Individual assessments of identified inherent (IR), fraud (FR) and control (CR) risks at the financial statement level
• The overall lR, FR and CR at the financial statement level will be automated based on the auditor's assessment of the individual IR, FR and CR at FS Level.
• Evaluation of whether the entity's processes for the different components of the system of internal control are appropriate
• New overall response(s) to address the assessed risks of material misstatement at the financial statement level.
New terminology, concepts and requirements
• New assertions and combinations of assertions
• New risk assessment procedures (RAP) to obtain an understanding of the entity and its environment
• Document the sources of information from which the understanding was obtained
• Class of transaction or account balance ("COTAB")
• Individual Account balance, class of transaction and other disclosure ("COTABD")
• Significant classes of transactions, account balances and disclosures (“SCOTABD)
• Transactions related to account balances (“TRAB”)
• Relevant assertions
• Controls to be identified for purposes of evaluating the design of a control and determining whether the control has been implemented
• Identification of the risk of material misstatement at the assertion level for COTABD and then assess only the identified risks of material misstatement at the assertion level
• Consideration of whether automated tools and techniques should be used to assist with obtaining an understanding of the entity and its environment and to perform risk assessment procedures.
• Extent of work needed for indirect and direct controls
• Use of inherent risk factors
• Spectrum of inherent risk
• Likelihood and magnitude of a possible misstatement on a range from higher to lower, when assessing risks of material misstatement
• “Stand-back" provision to evaluate the completeness of SCOTABD
• Design and perform substantive procedures for each material COTABD
• Substantive procedures for SCOTABD, i.e., those with relevant assertions
• Assertions to be tested for material COTABD.
Pre-engagement planning
• 10.20 Engagement evaluation
• 10.30 Discussion with management
• 10.50 Gathering information
• 10.51 Type and volumes of transactions
• 10.52 Preliminary analytical procedures
• 10.53 Understanding of accounting estimates (based on the new ISA 540)
• 10.55 Understanding the Information Technology Environment
• 10.60 Overall assessment.
Planning and risk assessment procedures
• 11.10 Risk assessment procedures
• 10.20 Inherent risk assessment
• 11.21 Laws and regulations
• 11.25 Fraud risk assessment
• 11.30 Evaluation of system on internal control
• 11.50 Information system and control activities
• 11.60 Risk assessment at the assertion level.
Audit planning
• 12.20 Audit plan and strategy
• 12.30 Planning memorandum.
Work programs
• New lead sheets
• New layout of work programs based on the new risk assessment process.
Finalisation
Before the audit report can be signed, an audit file must be finalised and the evidence obtained reviewed to ensure the proper opinion is being expressed. The auditor may also have other reporting obligations that needs to be considered.
Ensure your team members know how to assess whether or not enough evidence was obtained to substantiate your opinion and avoid practical pitfalls and deficiencies.
The following topics will be discussed in detail during the session:
• Sampling
• Related parties
o Risk assessment
o Identifying the related parties
o Performing specific fraud tests on related party transactions
o Testing the disclosure.
• Significant transactions outside the normal course of business with or without related parties
• Going concern
o Evaluate the client plan
o Audit the cash flow forecast.
• Subsequent events
o Identifying the subsequent events
o Documenting the treatment
o Assessing the impact on the financial statements.
• Final/Overall analytical review
• Reporting significant deficiencies to management in writing
• Evaluation of misstatements
The folloiwng CaseWare documents will be discussed
• 02.10 Subsequent events
• 02.20 Going concern
• 02.30 Overall analytical review
• 02.40 Evaluation of misstatements
• 02.50 Consideration of the audit report
• 02.90 Report to management and those charged with governance