Hongkong Audit

8/4/2019 Hongkong Audit

1/46

1

Audit Practice Introduced by HKSA(HKSA 230, 300, 315, 330 and 500) Part 1 25 August 2008

2006-08 Nelson 1

Nelson LamNelson LamMBA MSc BBA ACA ACS CFA CPA(Aust)

CPA(US) FCCA FCPA(Practising) MSCA

HK auditing standards was fully converged to

International Auditing Standards from 2005

Become art of the standards under standards on

Overview

quality control, auditing, assurance and related

services

Critical points Firm-wide standard issued (HKSQC): not only

applicable to audit but also other assurance and

related services

Revised planning and risk assessment approach

2006-08 Nelson 2

More correlation between assessed risks with audit

procedures


2/46

2

Overview

HKSQCs Hong Kong Standards on Quality ControlHKSQCs Hong Kong Standards on Quality Control(only HKSQC 1 issued so far)(only HKSQC 1 issued so far)

Hong Kong Framework for Assurance Engagements

Audits and Reviews of

Historical Fin. Information

Other

Assurance

Engagements

Related

Services

2006-08 Nelson 3

HK Standards

on Assurance

Engagements

(HKSAEs)

HK Standards

on Inv. Circular

Reporting

Engagements

(HKSIRs)

HK Standards

on Auditing

(HKSAs)

HK Standards

on Review

Engagements

(HKSRE)

HK Standards

on Related

Services

(HKSRSs)

HKSQC and HKSAs


Hong Kong Framework for Assurance Engagements

Audits and Reviews of

Historical Fin. Information

2006-08 Nelson 4

HK Standards

on Auditing

(HKSAs)

Practice Notes and

Auditing Guideline


3/46

3

HKSQC and HKSAs


Activity

Activity 1 Introduction

The partner of MTK CPA, Melody Tong, seeks

your sharing on the critical issues of the new

practices introduced by HKSAs and briefing to

the engagement team.

2006-08 Nelson 5

HK Standards

on Auditing

(HKSAs)

HKSQC and HKSAs

HKSA 200 299HKSA 230

HKSA 500 599

Audit Evidence

HKSA 300 499

Risk Assessment & Response to Assessed RisksHKSA 300, 315 & 330

2006-08 Nelson 6

HK Standards

on Auditing

(HKSAs)

HKSA 600 699

Using Work of Others

HKSA 700 799

Audit Conclusions and Reporting


4/46

4

New Terms, New Approach

Preliminary engagement activities (HKSA 300)

Overall audit strategy (HKSA 300)

Risk assessment procedures (HKSA 315)

Understanding the entity and its environment,

including internal control (HKSA 315)

Risk of material misstatement at financial statement level (HKSA 315)

Risk of material misstatement at assertion level (HKSA 315)

Significant risks (HKSA 315)

2006-08 Nelson 7

Overall response(HKSA 330)

Further audit procedures (HKSA 330)

60-day rule (HKSQC 1 & HKSA 230)

Audit Process Overview

Preliminary engagement activities

Audit plan

Risk assessment procedures

In understanding the entity & environment, incl. Internal control

Assessin risks of material misstatements

2006-08 Nelson 8

Auditors procedures in response to assessed risks

Evaluating sufficiency & appropriateness of evidence

Auditors reportAuditors report


5/46

5

Agenda for Part 1 and Part 2

Understanding the Entity and its

Environment (HKSA 315)

Assessing the Risks of Material

Misstatement HKSA315

Planning (HKSA 300)

2006-08 Nelson 9

Audit Documentation (HKSA 230)

The Auditors Procedures in Responseto the Assessed Risks (HKSA 330)

Comprehensive

Critical and NewIssues

Templates andExamples

Todays Agenda




Planning (HKSA 300)

2006-08 Nelson 10

Comprehensive

Critical and NewIssues

Templates andExamples


6/46

6

Todays Agenda

Planning (HKSA 300)

2006-08 Nelson 11

Planning an Audit

HKSA 300 specifically requires that:

The auditor should plan the audit so that

effective manner. (HKSA 300.2)

The issues involved are:

What should be involved in such a plan?

What should be the nature, timing and

extent of such plan?

2006-08 Nelson 12

a are e ene s n p ann ng e au


7/46

7

Planning Benefits

Adequate planning can have the following benefits:

appropriate attention is devoted to important areas of the audit

the audit engagement is properly organized and managed in order to be

performed in an effective and efficient manner

assisting the proper assignment of work to engagement team members

facilitating the direction and supervision of engagement team members and

the review of their work

assisting, where applicable, in coordination of work done by auditors of

components and experts

2006-08 Nelson 13

Planning involves the engagement partner and other key members of

the engagement team

to benefit from their experience and insight and

to enhance the effectiveness and efficiency ofthe planning process.

Planning Nature, Extent & Timing

Nature and extent

The nature and extent of planning activities

the size and complexity of the entity,

the auditors previous experience with the

entity, and

changes in circumstances that occur

during the audit engagement.

What should be involved in the planning?

2006-08 Nelson 14

Timing

What is the timing of the planning?


8/46

8

Planning OverviewActivity

What should be involved in the planning?

Activity 2 Planning

2006-08 Nelson 15

What is the timing of the planning?

Planning Overview

1. Preliminary engagement activities

HKSA 300 Planning an Audit of Financial Statements

2. Planning activities

3. Additional considerations in initial audit engagement

2006-08 Nelson 16


9/46

9

Preliminary Engagement Activities



The auditor should perform the following activities at the

beginning of the current audit engagement: (HKSA 300.6)

1. Perform procedures regarding the continuance of the

client relationship and the specific audit engagement

2. Evaluate compliance with ethical requirements, including

independence

2006-08 Nelson 17

3. Establish an understanding of the terms of the

engagement




Performing preliminary engagement activities helps ensure

that

the auditor has considered any events or circumstances that

may adversely affect the auditors ability to plan and perform theaudit engagement to reduce audit risk to an acceptably low

level.

the auditor lans an audit en a ement for which:

2006-08 Nelson 18

the auditor maintains the necessary independence and

ability to perform the engagement.

there are no issues with management integrity that may

affect the auditors willingness to continue the engagement.

there is no misunderstanding with the client as to the terms

of the engagement.


10/46

10

Planning Activities



Changes to Planning Decisions During the Course of the Audit

Overall Audit Strategy

Audit Plan

Planning Activities

2006-08 Nelson 19

The auditorshould establish and document Overall audit strategy for the audit and

Audit plan for the audit in order to reduce audit risk to an acceptably

low level.

Both the overall audit strategy and audit plan should be updated

and changed as necessary during the course of the audit.

Planning Overall Audit Strategy


The auditor should establish the overall audit strategy for the auditHKSA 300.8

Overall Audit Strategy The overall audit strategy

sets the scope, timing and

direction of the audit, and

guides the development of the

more detailed audit plan.

2006-08 Nelson 20


11/46

11


The establishment of the overall

audit strategy involves:


a e erm n ng e c arac er s csof the engagement that define

its scope

b) Ascertaining the reportingobjectives of the engagement

to plan the timing of the audit

and the nature of the

communications required

2006-08 Nelson 21

c) Considering the importantfactors that will determine the

focus of the engagement

teams efforts


The establishment of the overall

audit strategy involves: Financial reporting framework used Industry-specific reporting requirements

Example


a e erm n ng e c arac er s csof the engagement that define

its scope

b) Ascertaining the reporting

objectives of the engagementto plan the timing of the audit

and the nature of the

communications required

ocat ons o t e components o t e

entity

Reporting deadlines (interim & final)

Key dates for expected communicationwith management and those charged

with governance

Determine materiality levels

Identify potential areas with higher risks

2006-08 Nelson 22

c) Considering the important

factors that will determine the

focus of the engagement

teams efforts

of material misstatement

Identify material areas, balances & etc.

Evaluate whether plan to test the

effectiveness of internal control

Identify recent significant entity-specific,

industry, or other developments


12/46

12



In develo in the overall audit strate the auditor also considers


Planning Activities

2006-08 Nelson 23

,

the results of preliminary engagement activities and, where practicable, experience gained on other engagements

performed for the entity.


The process of developing the overall audit strategy helps

the auditor to ascertain the nature, timing and extent of

.


In response to the matters identified (and subject to any updates

and changes), the overall audit strategy sets out clearly:

Resources

2006-08 Nelson 24

a) The resources to deploy for specific audit areas

b) The amount of resources to allocate to specific audit areas

c) When these resources are deployed

d) How such resources are managed, directed and supervised


13/46

13


a) The resources to deploy for specific audit areas

the use of appropriately experienced team members for high risk areas or

the involvement of ex erts on com lex matters

Example

b) The amount of resources to allocate to specific audit areas

the number of team members assigned to observe the inventory count at

material locations

the extent of review of other auditors work in the case of group audits, or

the audit budget in hours to allocate to high risk areas;

c) When these resources are deployed

-

2006-08 Nelson 25

-

d) How such resources are managed, directed and supervised when team briefing and debriefing meetings are expected to be held

how engagement partner and manager reviews are expected to take place

(for example, on-site or off-site)

whether to complete engagement quality control reviews

From Strategy to Audit Plan



Audit Plan

Planning Activities

Once the overall audit strategy has been established, the auditor is

2006-08 Nelson 26

a e o s ar e eve opmen o a more e a e au p an o a ress

the various matters identified in the overall audit strategy.

Although the auditor ordinarily establishes the overall audit strategy

before developing the detailed audit plan, the two planning activities

are not necessarily discrete or sequential processes

but are closely inter-related since changes in one may result in

consequential changes to the other.


14/46

14

Planning Audit Plan

The auditor should develop an audit plan for the audit in order toreduce audit risk to an acceptably low level. (HKSA 300.13)

is more detailed than the audit strategy and

includes:

A description of the nature, timing and extent of

planned risk assessmentprocedures sufficient to assessthe risks of material misstatements

(as determined under HKSA 315)

Audit Plan

Risk Assessment

2006-08 Nelson 27

A description of the nature, timing and extent of

planned further audit procedures at the assertionlevel for each material class of transactions, accountbalance and disclosures (as determined under HKSA

330)

Such other audit procedures required to be carriedout for the engagement to comply with HKSAs

Procedures

Further AuditProcedures

Other AuditProcedures

Planning Audit Plan

Planning for these audit procedures takes place over the course of the

audit as the audit plan for the engagement develops.

Example

For example, planning of the auditors risk

assessment procedures ordinarily occursearly in the audit process.

Audit Plan

Risk Assessment

However, planning of the nature, timing and

extent of specific further audit procedures

depends on the outcome of those risk

2006-08 Nelson 28

Procedures

Further AuditProcedures

Other AuditProcedures

assessment procedures.

In addition, the auditor may begin the execution

of further audit procedures for some areas

before completing the more detailed audit plan of

all remaining further audit procedures.


15/46

15

Planning Audit PlanExample

In planning an audit, the auditor may also consider the timing of certain

planning activities and audit procedures that need to be completed prior

to the performance of further audit procedures.

Prior to identifying and assessing the risks of material

misstatement and performing further audit procedures, the

auditor can perform the following planning activities at the

beginning of the current engagement:

1. the discussion among engagement team members,

2. the analytical procedures to be applied as risk assessment

2006-08 Nelson 29

,

3. the obtaining of a general understanding of the legal andregulatory framework applicable to the entity and how the

entity is complying with that framework,

4. the determination of materiality,

5. the involvement of experts and

6. the performance of other risk assessment procedures

Planning Continual and Iterative



Audit Plan

Planning Activities

2006-08 Nelson 30

Planning is not a discrete phase of an audit, but rathera continualand iterative process that

often begins shortly after (or in connection with) the completion of the

previous audit and

continues until the completion of the current audit engagement.


16/46

16





Audit Plan

Planning Activities

2006-08 Nelson 31

The planning activities, and during the course of an audit, should include

a process of update and changes since HKSA 300 requires that:

The overall audit strategy and the audit plan should be updated and

changed as necessary during the course of the audit.(HKSA 300.16)


As a result of unexpected events, changes in conditions, or the audit

evidence obtained from the results of audit procedures,

Example

plan, and

thereby the resulting planned nature, timing and extent of further

audit procedures.

Information may come to the auditors attention that differs significantly

from the information available when the auditor planned the audit

procedures.

2006-08 Nelson 32

e au or may o a n au ev ence roug e per ormance o

substantive procedures that contradicts the audit evidence obtained with

respect to the testing of the operating effectiveness of controls.

In such circumstances, the auditor re-evaluates the planned audit

procedures, based on the revised consideration of assessed risks at

the assertion level for all or some of the classes of transactions,

account balances or disclosures.


17/46

17

Planning Activities

The auditor should

lan the nature timin and extent of direction and

2006-08 Nelson 33

,

supervision of engagement team members and reviewof their work. (HKSA 300.18)

document the overall audit strategy and the audit plan

including any significant changes made during the

audit engagement. (HKSA 300.22)

Planning ActivitiesSample



2006-08 Nelson 34

Audit Plan


18/46

18

Considerations in an Initial Audit

The auditor should perform the following activities prior

to starting an initial audit:

a) Perform procedures regarding the acceptance of

the client relationship and the specific audit

engagement (see HKSA).

b) Communicate with the previous auditor, where

there has been a change of auditors, in

compliance with relevant ethical requirements.

2006-08 Nelson 35

Considerations in an Initial Audit

For initial audits, additional matters the auditor may

consider in developing the overall audit strategy and

Arrangements to be made with the previous auditor, e.g.

to review the previous auditors working papers.

Any major issues discussed with management in

connection with the initial selection as auditors, the

communication of these matters to those charged with

governance and how these matters affect the overall

audit strategy and audit plan

2006-08 Nelson 36

The planned audit procedures to obtain sufficientappropriate audit evidence regarding opening balances

The assignment of firm personnel with appropriate

levels of capabilities and competence

Other procedures required by the firms system of

quality control for initial audit engagements


19/46

19

Planning an Audit




Audit Plan

Planning Activities

2006-08 Nelson 37

Todays Agenda



2006-08 Nelson 38


20/46

20

Purpose of HKSA 315

HKSA 315 Understanding the Entity and its Environmentand Assessing the Risks of Material Misstatement

One of the critical re uirements in HKSAs

Its purpose is to establish standards and to provide

guidance

on obtaining an understanding of the entity and its

environment, including its internal control, and

on assessing the risks of material misstatement in a

financial statement audit.

2006-08 Nelson 39

its environment, including its internal control, sufficient to identify and assess the risks of material

misstatement of the financial statements whether due to

fraud or error, and

sufficient to design and perform further audit procedures.(HKSA 315.2)

Purpose of HKSA 315

Obtaining an understanding of the entity and its environment

establishes a frame of reference within which the auditor

p ans e au an exercses pro essona u gmen a ou assessngrisks of material misstatement of the financial statements and responding

to those risks throughout the audit, for example when:

Establishing materiality and evaluating materiality for individual items

Considering the appropriateness of the selection

and application of accounting policies

Identifying areas where special audit

consideration ma be needed

2006-08 Nelson 40

Developing expectations for use in

performing analytical procedures

Designing and performing further audit

procedures

Evaluating the sufficiency and appropriateness

of audit evidence obtained


21/46

21

Audit Process Overview


Audit plan


In understanding the entity & environment, incl. internal control

2006-08 Nelson 41

1. Risk Assessment Procedures (and other sources)2. Understanding the Entity and its Environment

1. Risk Assessment Procedures

Audit procedures to obtain an understanding are referred to

as risk assessment procedures



procedures may be used by the auditor as audit evidence to

support assessments of the risks of material misstatement

2006-08 Nelson 42

Obtaining an understanding of the entity and its

environment, including its internal control, is

a continuous, dynamic process of gathering, updating

and analyzing information throughout the audit.


22/46

22



The auditor should perform the following risk assessment

environment, including its internal control:

a) Inquiries of management and others within the entity;

b) Analytical procedures; and

c) Observation and inspection. (HKSA 315.7)

2006-08 Nelson 43

e au or s no requ re o per orm a e r s assessmen

procedures described above for each aspect of theunderstanding required in HKSA 315 (to be discussed)

All the risk assessment procedures are performed by the

auditor in the course of obtaining the required understanding

Other audit procedures, if helpful, can also be performed.


For continuing engagement, when the auditor intends to

use information about the entity and its environment

the auditor should determine whether changes have

occurred that may affect the relevance of such

information in the current audit. (HKSA 315.12)

The members of the engagement team should discuss

the susceptibility of the entitys financial statements to

material misstatements. (HKSA 315.14)

2006-08 Nelson 44


23/46

23

2. Understanding of the Entity

Risk assessment procedures are used to obtain an

understanding of the entity



2006-08 Nelson 45

Industry,

Regulatory,

and Other

External

Factors

Nature of the

Entity

Objectivesand

Strategies,

and Related

Business

Risks

Measurementand Review

of the the

Entitys

Financial

Performance

Internal

Control


The auditors understanding of the entity and its environment consists of

an understanding of the following aspects:

. , , ,

financial reporting framework.

2. Nature of the entity, including the entitys selection and application of

accounting policies.3. Objectives and strategies and the related business risks that may result in a

material misstatement of the financial statements.

4. Measurement and review of the entitys financial performance.

5. Internal control.

2006-08 Nelson 46

Industry,

Regulatory,

and Other

External

Factors

Nature of the

Entity

Objectives

and

Strategies,

and Related

Business

Risks

Measurement

and Review

of the the

Entitys

Financial

Performance

Internal

Control


24/46

24


1. Industry, Regulatory and Other External Factors, Including theApplicable Financial Reporting Framework

,

regulatory, and other external factors including the applicable

financial reporting framework. (HKSA 315.22)

These factors include

industry conditions, such as the competitive environment,

supplier and customer relationships, and technological

developments;

2006-08 Nelson 47

Industry,

Regulatory,

and Other

External

Factors

the regulatory environment encompassing, among other

matters, the applicable financial reporting framework, thelegal and political environment, and environmental

requirements affecting the industry and the entity; and

other external factors such as general economic conditions.


2. Nature of the Entity

The auditor should obtain an understanding of the nature of the

. .

The nature of the entity refers to

the entitys operations,

its ownership and governance,

the types of investments that it is making and plans to make,

the way that the entity is structured and

how it is financed.

2006-08 Nelson 48

Nature of the

Entity

An understanding of the nature of an

entity enables the auditor to understand

the classes of transactions, account

balances, and disclosures to be

expected in the financial statements.


25/46

25


2. Nature of the Entity

The auditor should

obtain an understanding of the entitys selection and application

of accounting policies and

consider whether they are

appropriate for its business and

consistent with the applicable financial reporting framework

and accounting polices used in the relevant industry.(HKSA 315.28)

2006-08 Nelson 49

Nature of the

Entity


3. Objectives and Strategies and Related Business Risks

The auditor should obtain an understanding of

the entitys objectives and strategies, and

the related business risks that may result in material

misstatement of the financial statements. (HKSA 315.30) Business risks result from significant conditions, events,

circumstances, actions or inactions that could adversely affect the

entitys ability to achieve its objectives and execute its strategies,

or through the setting of inappropriate objectives and strategies

2006-08 Nelson 50

Objectives

and

Strategies,

and Related

Business

Risks


26/46

26


4. Measurement and Review of the Entitys Financial Performance


the measurement and review of the entitys financial

performance.

Performance measures, whether external or internal, create

pressures on the entity that, in turn, may motivate

management to take action to improve the business

performance or to misstate the financial statements.

Obtaining an understanding of the

2006-08 Nelson 51


of the the

Entitys

Financial

Performance

en y s per ormance measures

assists the auditor in consideringwhether such pressures result in

management actions that may

have increased the risks of material

misstatement.


5. Internal Control


internal control relevant to the audit.

The auditor uses the understanding of internal

control to

identify types of potential misstatements,

consider factors that affect the risks of

material misstatement, and

2006-08 Nelson 52

Internal

Control

es gn e na ure, m ng, an ex en o

further audit procedures.


27/46

27


5. Internal Control

Ordinarily, controls that are relevant to an audit pertain to

the entitys objective of preparing financial statements for external

purposes and

the management of risk that may give rise to a material misstatement in

those financial statements.

In exercising its judgment whether a control is relevant to the audit,

the auditor considers :

The auditors judgment about materiality.

2006-08 Nelson 53

Internal

Control

The size of the entity.

The nature of the entitys business.

The diversity and complexity of the entitys operations.

Applicable legal and regulatory requirements.

The nature and complexity of the systems that are part

of the entitys internal control


5. Internal Control

An entitys internal control consists

Focus on theFocus on therequirementsrequirementsin HKSA 315in HKSA 315

o t e o ow ng components :

The Control

EnvironmentThe Entitys Risk

Assessment Process

The Information

2006-08 Nelson 54

Internal

Control

Control Activities

Monitoring ofControls


28/46

28


The ControlEnvironment

The Entitys RiskAssessment Process

Overall Audit Strategy obtain an understanding of the control

environment. (HKSA 315.67)

obtain an understanding the entitys process foridentifying business risks relevant to financial

reporting objectives and deciding about actions

to address those risks, and the results thereof.(HKSA 315.76)

2006-08 Nelson 55

Internal

Control


obtain an understanding of the information

system, including the related business The auditor should understand

how the entity communicates

The Information

, ,

including the following areas:

The classes of transactions that are

significant to the financial statements The procedures (IT and manual) by whichthose transactions are initiated, recorded,

processed and reported

The related accounting records (electronic

or manual , su ortin information, and

responsibilities and significant

matters relating to financial

reporting. (HKSA 315.89)

2006-08 Nelson 56

Internal

Control

specific accounts in respect of the above

procedures

How the information system capturesevents and conditions that are significant to

the financial statements.

The financial reporting process used to

prepare the entitys financial statements(HKSA 315.81)


29/46

29


The auditor should obtain a sufficient

understanding of control activities to assess

2006-08 Nelson 57

Internal

Control

Control Activities

e r s s o ma er a m ss a emen a e

assertion level and to design further auditprocedures responsive to assessed risks.(HKSA 315.90)


how the entity has responded to risks arising

from IT. (HKSA 315.93)


2006-08 Nelson 58

Internal

ControlMonitoring of

Controls

The auditor should obtain an understanding

of the major types of activities that the entity

uses to monitor internal control over financialreporting, including those related to those

control activities relevant to the audit, and

how the entity initiates corrective actions to its

controls. (HKSA 315.96)


30/46

30




2006-08 Nelson 59

Industry,

Regulatory,

and Other

External

Factors

Nature of the

Entity

Objectivesand

Strategies,

and Related

Business

Risks


of the the

Entitys

Financial

Performance

Internal

Control

2. Understanding of the EntitySample



2006-08 Nelson 60

Template (Key Points) on Understanding an Entity and Environment


31/46

31




2006-08 Nelson 61

Todays Agenda


2006-08 Nelson 62


32/46

32

Assessing the Risks


Audit plan



Assessin risks of material misstatements

2006-08 Nelson 63

What is Audit Risk?

What is audit risk? What is risk of material misstatement?

Financial Statementsdescribes that

Audit risk is a function of

the risk of material misstatement of the financial statements(or simply, the risk of material misstatement)

i.e., the risk that the financial statements are materially

misstated prior to audit, and

the risk that the auditor will not detect such misstatement

2006-08 Nelson 64

(detection risk).


33/46

33

Assessing the Risks

Audit Risk

Risk of Material Misstatement Detection Risk

HKSA 200 further clarifies that

the auditor is concerned with material misstatements, and is not responsible

for the detection of misstatements that are not material to the financial

statements taken as a whole.

2006-08 Nelson 65

In order to design audit procedures to determine whether there are

misstatements that are material to the financial statements taken as a whole,

the auditor considers the risk of material misstatement at two levels:

the overall financial statement level and

in relation to classes of transactions, account balances, and disclosuresand the related assertions.

Assessing the Risks

Audit Risk


At Financial

Statement LevelAt Assertion Level

2006-08 Nelson 66

Inherent

Risk

Control

Risk

The risk of material misstatement at the assertion

level consists of two components:

1. Inherent risk

2. Control risk


34/46

34

Assessing the Risks

Audit Risk


At Financial


2006-08 Nelson 67

Inherent

Risk

Control

Risk

Even HKSA 200 only states that inherent risk and control risk are considered

at the assertion level, it is also common for the auditor to consider them at the

overall financial statement level.

Inherent

Risk

Control

Risk

Assessing the Risks

Risk of Material Misstatement

At Financial


2006-08 Nelson 68

The auditor should identify and assess the risks of material

misstatement

at the financial statement level, and

at the assertion level for classes of transactions, account

balances, and disclosures (HKSA 315.100)


35/46

35

Assessing the Risks

For the purpose of assessing the risks, the auditor:

Identifies risks throughout the process of obtaining an

understandin of the entit and its environment,

including

relevant controls that relate to the risks, and

by considering the classes of transactions, account

balances, and disclosures in the financialstatements;

Relates the identified risks to what can go wrong at theassertion level;

2006-08 Nelson 69

ons ers w e er e r s s are o a magn u e a

could result in a material misstatement of the financialstatements; and

Considers the likelihood that the risks could result in a

material misstatement of the financial statements.

Assessing the Risks

Perform risk assessment procedures to gather

information about the entity and its environment

Industry,

Regulatory,and Other

Factors

Nature ofclient

Objectives,

Strategies,and Business

Risks

Measurement

of financialperformance

Internalcontrol

Consider other information

2006-08 Nelson 70

Identify and assess risks of material

misstatement

Adapted from Audit Guide of AICPA

At FinancialStatement Level

At Assertion Level


36/46

36

Assessing the Risks

The auditor uses information gathered by performing risk

assessment procedures as audit evidence to support the risk

assessment, and

in turn, uses the risk assessment to determine the nature, timing, and

extent of further audit procedures to be performed.

The auditor determines

whether the identified risks of material misstatement relate to specificclasses of transactions, account balances, and disclosures and related

assertions, or

whether they relate more pervasively to the financial statements as a

2006-08 Nelson 71


misstatement


At Assertion Level

whole and potentially affect many assertions

Activity 3 Planning and Response

Based on the case in Activity 3

Risks at Financial Statement LevelActivity

assess the risk of material misstatements at the financial statement level.

write down the specific circumstances of ABC that you have considered and

your judgment about the risk level (i.e. low, medium, or high)

2006-08 Nelson 72



37/46

37

Risks at Financial Statement Level

The risk of material misstatement at the overall financial statement

level

refers to risks of material misstatement that

relate pervasively to the financial statements as a whole and

potentially affect many assertions.

Risks of this nature

often relate to the entitys control environment, say weak control

environment (although these risks may also relate to other factors, such as

declining economic conditions), and

are not necessarily risks identifiable with specific

2006-08 Nelson 73


assertions at the class of transactions, account

balance, or disclosure level.

Risks at Financial Statement Level

The overall financial statement risk represents circumstances that

increase the risk that there could be material misstatements in any

number of different assertions,

for example, through management override of internal control.

Such risks may be especially relevant to the auditors consideration of

the risk of material misstatement arising from fraud.

The auditors response to the assessed risk of material misstatement at

the overall financial statement level includes

consideration of the knowledge, skill, and ability of personnel assigned

si nificant en a ement res onsibilities includin whether to involve ex erts

2006-08 Nelson 74


,

the appropriate levels of supervision; and

whether there are events or conditions that may cast

significant doubt on the entitys ability to continue as a

going concern.


38/46

38

Risks at Assertion Level

The risk of material misstatement at the assertion level consists of

two components as follows:

Inherent risk is the susce tibilit of an assertion to a misstatement that

could be material, either individually or when aggregated with other

misstatements, assuming that there are no related controls.

Control risk is the risk that a misstatement that could occur in an

assertion and that could be material, either individually or when

aggregated with other misstatements, will not be prevented, or detected

and corrected, on a timely basis by the entitys internal control.

That risk is a function of the effectiveness of the design and

2006-08 Nelson 75

At Assertion Level

relevant to preparation of the entitys financial statements.

Some control risk will always exist because of the inherent

limitations of internal control.

Activity 4 Risks of Material Misstatement at the Assertion Level

Melody, Tony and Kurt and Company, CPA (MTK CPA), has accepted

Risks at Assertion LevelActivity

to audit the consolidated financial statements of Bonnie Hong Kong

Limited for 2006 and 2007. MTK CPA is required to implement the new

requirements of HK Standard on Quality Control and HK Standards on

Auditing.

Required:

The partner of MTK CPA, Melody Tong, seeks your sharing on the

requirements on assertion level and briefing to the engagement

2006-08 Nelson 76

team the different kinds of assertions.

(Hints: what are assertions for classes of transactions, account

balances, and presentation and disclosures?)

At Assertion Level


39/46

39

Assessing the Risks




misstatement

Financial statement

level risksAssertion level risks

Can risks

2006-08 Nelson 77Adapted from Audit Guide of AICPA

can go wrong at

assertion level

be related to

specificassertions?

es

Determine Significant Risks

As part of the risk assessment, the auditor should determine

which of the risks identified are, in the auditors judgment,

such risks are defined as significant risks. (HKSA 315.108)

The determination of significant risks, which arise on most

audits, is a matter for the auditors professional judgment.

In exercising this judgment, the auditor excludes the effect

of identified controls related to the risk to determine whether

the nature of the risk,

2006-08 Nelson 78

e ey magn u e o e po en a mssa emen

including the possibility that the risk may give rise

to multiple misstatements, and

the likelihood of the risk occurring

are such that they require special audit

consideration.


40/46

40





misstatement

Financial statement


Can risks


can go wrong at

assertion level

be related to

specificassertions?

es

Significant

risk?

Significant

risk?


Significant risks are often derived from business risks that may result in

a material misstatement. In considering the nature of the risks, the

auditor considers a number of matters, includin the followin :

Whether the risk is a risk of fraud.

Whether the risk is related to recent significant economic, accounting or

other developments and, therefore, requires specific attention. The complexity of transactions.

Whether the risk involves significant transactions with related parties.

Significant risks often relate to significant non-routine transactionsand judgmental matters.

2006-08 Nelson 80

Non-routine transactions are transactions that are unusual, either due tosize or nature, and that therefore occur infrequently.

Judgmental matters may include the development of accountingestimates for which there is significant measurement uncertainty.

Significant

risk?

Significant

risk?


41/46

41


Risks of material misstatement may be greater for risks relating to

significant non-routine transactions arising from matters such as:

Example

.

Greater manual intervention for data collection and processing.

Complex calculations or accounting principles.

The nature of non-routine transactions, which may make it difficult for

the entity to implement effective controls over the risks.

Risks of material misstatement may be greater for risks relating to

2006-08 Nelson 81

Significant

risk?

Significant

risk?

accounting estimates, arising from matters such as the following: Accounting principles for accounting estimates or revenue recognition

may be subject to differing interpretation.

Required judgment may be subjective, complex or require

assumptions about the effects of future events, for example, judgment

about fair value.


For significant risks, to the extent the auditor has not already done so,

the auditor should

evaluate the desi n of the entit s related controls includin relevant control ,

activities, and

determine whether they have been implemented. (HKSA 315.113)

An understanding of the entitys controls related to significant risks isrequired to provide the auditor with adequate information to develop an

effective audit approach.

Management ought to be aware of significant risks; however, risks

relatin to si nificant non-routine or ud mental matters are often less

2006-08 Nelson 82

likely to be subject to routine controls.

Significant

risk?

Significant

risk?


42/46

42

Determine Other Risks

Risks for which Substantive Procedures Alone do not ProvideSufficient Appropriate Audit Evidence

,

evaluate the design and

determine the implementation of the entitys controls, including

relevant control activities, over those risks

for which, in the auditors judgment, it is not possible or

practicable to reduce the risks of material misstatement at the

assertion level to an acceptably low level with audit evidence

2006-08 Nelson 83

Ordinarily, such risks relate to significant

classes of transactions such as an

entitys revenue, purchases, and cash

receipts or cash payments.

. .

AnyAnyexamples?examples?

Assessing the Risks




misstatement

Financial statement


Can risks


can go wrong at

assertion level

be related to

specific

assertions?

es

Significant

risk?

Significant

risk?


43/46

43

Assessing the Risks

Guide to Using International Standards on Auditing in the Audits of

Small- and Medium-sized Entities (IFAC SMPC)

2006-08 Nelson 85

Assessing the Risks

2006-08 Nelson 86


44/46

44

Revision of Risk Assessment

The auditors assessment of the risks of material

misstatement at the assertion level

may change during the course of the audit as

additional audit evidence is obtained.

2006-08 Nelson 87

Communication

Communicating with Those Charged withGovernance and Management

The auditor should make those charged with

governance or management aware, as soon

as practicable, and at an appropriate level of

2006-08 Nelson 88

respons ty, o mater a wea nesses n t e

design or implementation of internal control

which have come to the auditors attention.(HKSA 315.120)


45/46

45

Documentation

The auditor should document:

a) The discussion among the engagement teamregar ng e suscep y o e en y s nanc a

statements to material misstatement due to error or

fraud, and the significant decisions reached;

b) Key elements of the understanding obtainedregarding each of the aspects of the entity and its

environment (identified in HKSA 315.20), including

each of the internal control components (identified in

2006-08 Nelson 89

. ,

misstatement of the financial statements; thesources of information from which the understandingwas obtained; and the risk assessment procedures;

Documentation

The auditor should document:

c) The identified and assessed risks of materialm ss a emen

at the financial statement level and

at the assertion; andd) The risks identified and related controls evaluated

as a result of the requirements in respect of

significant risks and

2006-08 Nelson 90

do not provide sufficient appropriate auditevidence


46/46


Full version of the slides can be found in

. . .

2006-08 Nelson 91

Nelson LamNelson [email protected]


Full version of the slides can be found in

Q&A SessionQ&A SessionQ&A SessionQ&A Session

. . .

Nelson LamNelson [email protected] nelsoncpa com hk

Documents

Hongkong Audit