Download - Hongkong Audit
-
8/4/2019 Hongkong Audit
1/46
1
Audit Practice Introduced by HKSA(HKSA 230, 300, 315, 330 and 500) Part 1 25 August 2008
2006-08 Nelson 1
Nelson LamNelson LamMBA MSc BBA ACA ACS CFA CPA(Aust)
CPA(US) FCCA FCPA(Practising) MSCA
HK auditing standards was fully converged to
International Auditing Standards from 2005
Become art of the standards under standards on
Overview
quality control, auditing, assurance and related
services
Critical points Firm-wide standard issued (HKSQC): not only
applicable to audit but also other assurance and
related services
Revised planning and risk assessment approach
2006-08 Nelson 2
More correlation between assessed risks with audit
procedures
-
8/4/2019 Hongkong Audit
2/46
2
Overview
HKSQCs Hong Kong Standards on Quality ControlHKSQCs Hong Kong Standards on Quality Control(only HKSQC 1 issued so far)(only HKSQC 1 issued so far)
Hong Kong Framework for Assurance Engagements
Audits and Reviews of
Historical Fin. Information
Other
Assurance
Engagements
Related
Services
2006-08 Nelson 3
HK Standards
on Assurance
Engagements
(HKSAEs)
HK Standards
on Inv. Circular
Reporting
Engagements
(HKSIRs)
HK Standards
on Auditing
(HKSAs)
HK Standards
on Review
Engagements
(HKSRE)
HK Standards
on Related
Services
(HKSRSs)
HKSQC and HKSAs
HKSQCs Hong Kong Standards on Quality ControlHKSQCs Hong Kong Standards on Quality Control(only HKSQC 1 issued so far)(only HKSQC 1 issued so far)
Hong Kong Framework for Assurance Engagements
Audits and Reviews of
Historical Fin. Information
2006-08 Nelson 4
HK Standards
on Auditing
(HKSAs)
Practice Notes and
Auditing Guideline
-
8/4/2019 Hongkong Audit
3/46
3
HKSQC and HKSAs
HKSQCs Hong Kong Standards on Quality ControlHKSQCs Hong Kong Standards on Quality Control(only HKSQC 1 issued so far)(only HKSQC 1 issued so far)
Activity
Activity 1 Introduction
The partner of MTK CPA, Melody Tong, seeks
your sharing on the critical issues of the new
practices introduced by HKSAs and briefing to
the engagement team.
2006-08 Nelson 5
HK Standards
on Auditing
(HKSAs)
HKSQC and HKSAs
HKSA 200 299HKSA 230
HKSA 500 599
Audit Evidence
HKSA 300 499
Risk Assessment & Response to Assessed RisksHKSA 300, 315 & 330
2006-08 Nelson 6
HK Standards
on Auditing
(HKSAs)
HKSA 600 699
Using Work of Others
HKSA 700 799
Audit Conclusions and Reporting
-
8/4/2019 Hongkong Audit
4/46
4
New Terms, New Approach
Preliminary engagement activities (HKSA 300)
Overall audit strategy (HKSA 300)
Risk assessment procedures (HKSA 315)
Understanding the entity and its environment,
including internal control (HKSA 315)
Risk of material misstatement at financial statement level (HKSA 315)
Risk of material misstatement at assertion level (HKSA 315)
Significant risks (HKSA 315)
2006-08 Nelson 7
Overall response(HKSA 330)
Further audit procedures (HKSA 330)
60-day rule (HKSQC 1 & HKSA 230)
Audit Process Overview
Preliminary engagement activities
Audit plan
Risk assessment procedures
In understanding the entity & environment, incl. Internal control
Assessin risks of material misstatements
2006-08 Nelson 8
Auditors procedures in response to assessed risks
Evaluating sufficiency & appropriateness of evidence
Auditors reportAuditors report
-
8/4/2019 Hongkong Audit
5/46
5
Agenda for Part 1 and Part 2
Understanding the Entity and its
Environment (HKSA 315)
Assessing the Risks of Material
Misstatement HKSA315
Planning (HKSA 300)
2006-08 Nelson 9
Audit Documentation (HKSA 230)
The Auditors Procedures in Responseto the Assessed Risks (HKSA 330)
Comprehensive
Critical and NewIssues
Templates andExamples
Todays Agenda
Understanding the Entity and its
Environment (HKSA 315)
Assessing the Risks of Material
Planning (HKSA 300)
2006-08 Nelson 10
Comprehensive
Critical and NewIssues
Templates andExamples
-
8/4/2019 Hongkong Audit
6/46
6
Todays Agenda
Planning (HKSA 300)
2006-08 Nelson 11
Planning an Audit
HKSA 300 specifically requires that:
The auditor should plan the audit so that
effective manner. (HKSA 300.2)
The issues involved are:
What should be involved in such a plan?
What should be the nature, timing and
extent of such plan?
2006-08 Nelson 12
a are e ene s n p ann ng e au
-
8/4/2019 Hongkong Audit
7/46
7
Planning Benefits
Adequate planning can have the following benefits:
appropriate attention is devoted to important areas of the audit
the audit engagement is properly organized and managed in order to be
performed in an effective and efficient manner
assisting the proper assignment of work to engagement team members
facilitating the direction and supervision of engagement team members and
the review of their work
assisting, where applicable, in coordination of work done by auditors of
components and experts
2006-08 Nelson 13
Planning involves the engagement partner and other key members of
the engagement team
to benefit from their experience and insight and
to enhance the effectiveness and efficiency ofthe planning process.
Planning Nature, Extent & Timing
Nature and extent
The nature and extent of planning activities
the size and complexity of the entity,
the auditors previous experience with the
entity, and
changes in circumstances that occur
during the audit engagement.
What should be involved in the planning?
2006-08 Nelson 14
Timing
What is the timing of the planning?
-
8/4/2019 Hongkong Audit
8/46
8
Planning OverviewActivity
What should be involved in the planning?
Activity 2 Planning
2006-08 Nelson 15
What is the timing of the planning?
Planning Overview
1. Preliminary engagement activities
HKSA 300 Planning an Audit of Financial Statements
2. Planning activities
3. Additional considerations in initial audit engagement
2006-08 Nelson 16
-
8/4/2019 Hongkong Audit
9/46
9
Preliminary Engagement Activities
HKSA 300 Planning an Audit of Financial Statements
Preliminary Engagement Activities
The auditor should perform the following activities at the
beginning of the current audit engagement: (HKSA 300.6)
1. Perform procedures regarding the continuance of the
client relationship and the specific audit engagement
2. Evaluate compliance with ethical requirements, including
independence
2006-08 Nelson 17
3. Establish an understanding of the terms of the
engagement
Preliminary Engagement Activities
Preliminary Engagement Activities
HKSA 300 Planning an Audit of Financial Statements
Performing preliminary engagement activities helps ensure
that
the auditor has considered any events or circumstances that
may adversely affect the auditors ability to plan and perform theaudit engagement to reduce audit risk to an acceptably low
level.
the auditor lans an audit en a ement for which:
2006-08 Nelson 18
the auditor maintains the necessary independence and
ability to perform the engagement.
there are no issues with management integrity that may
affect the auditors willingness to continue the engagement.
there is no misunderstanding with the client as to the terms
of the engagement.
-
8/4/2019 Hongkong Audit
10/46
10
Planning Activities
Preliminary Engagement Activities
HKSA 300 Planning an Audit of Financial Statements
Changes to Planning Decisions During the Course of the Audit
Overall Audit Strategy
Audit Plan
Planning Activities
2006-08 Nelson 19
The auditorshould establish and document Overall audit strategy for the audit and
Audit plan for the audit in order to reduce audit risk to an acceptably
low level.
Both the overall audit strategy and audit plan should be updated
and changed as necessary during the course of the audit.
Planning Overall Audit Strategy
HKSA 300 specifically requires that:
The auditor should establish the overall audit strategy for the auditHKSA 300.8
Overall Audit Strategy The overall audit strategy
sets the scope, timing and
direction of the audit, and
guides the development of the
more detailed audit plan.
2006-08 Nelson 20
-
8/4/2019 Hongkong Audit
11/46
11
Planning Overall Audit Strategy
The establishment of the overall
audit strategy involves:
Overall Audit Strategy
a e erm n ng e c arac er s csof the engagement that define
its scope
b) Ascertaining the reportingobjectives of the engagement
to plan the timing of the audit
and the nature of the
communications required
2006-08 Nelson 21
c) Considering the importantfactors that will determine the
focus of the engagement
teams efforts
Planning Overall Audit Strategy
The establishment of the overall
audit strategy involves: Financial reporting framework used Industry-specific reporting requirements
Example
Overall Audit Strategy
a e erm n ng e c arac er s csof the engagement that define
its scope
b) Ascertaining the reporting
objectives of the engagementto plan the timing of the audit
and the nature of the
communications required
ocat ons o t e components o t e
entity
Reporting deadlines (interim & final)
Key dates for expected communicationwith management and those charged
with governance
Determine materiality levels
Identify potential areas with higher risks
2006-08 Nelson 22
c) Considering the important
factors that will determine the
focus of the engagement
teams efforts
of material misstatement
Identify material areas, balances & etc.
Evaluate whether plan to test the
effectiveness of internal control
Identify recent significant entity-specific,
industry, or other developments
-
8/4/2019 Hongkong Audit
12/46
12
Planning Overall Audit Strategy
Preliminary Engagement Activities
In develo in the overall audit strate the auditor also considers
Overall Audit Strategy
Planning Activities
2006-08 Nelson 23
,
the results of preliminary engagement activities and, where practicable, experience gained on other engagements
performed for the entity.
Planning Overall Audit Strategy
The process of developing the overall audit strategy helps
the auditor to ascertain the nature, timing and extent of
.
Overall Audit Strategy
In response to the matters identified (and subject to any updates
and changes), the overall audit strategy sets out clearly:
Resources
2006-08 Nelson 24
a) The resources to deploy for specific audit areas
b) The amount of resources to allocate to specific audit areas
c) When these resources are deployed
d) How such resources are managed, directed and supervised
-
8/4/2019 Hongkong Audit
13/46
13
Planning Overall Audit Strategy
a) The resources to deploy for specific audit areas
the use of appropriately experienced team members for high risk areas or
the involvement of ex erts on com lex matters
Example
b) The amount of resources to allocate to specific audit areas
the number of team members assigned to observe the inventory count at
material locations
the extent of review of other auditors work in the case of group audits, or
the audit budget in hours to allocate to high risk areas;
c) When these resources are deployed
-
2006-08 Nelson 25
-
d) How such resources are managed, directed and supervised when team briefing and debriefing meetings are expected to be held
how engagement partner and manager reviews are expected to take place
(for example, on-site or off-site)
whether to complete engagement quality control reviews
From Strategy to Audit Plan
Preliminary Engagement Activities
Overall Audit Strategy
Audit Plan
Planning Activities
Once the overall audit strategy has been established, the auditor is
2006-08 Nelson 26
a e o s ar e eve opmen o a more e a e au p an o a ress
the various matters identified in the overall audit strategy.
Although the auditor ordinarily establishes the overall audit strategy
before developing the detailed audit plan, the two planning activities
are not necessarily discrete or sequential processes
but are closely inter-related since changes in one may result in
consequential changes to the other.
-
8/4/2019 Hongkong Audit
14/46
14
Planning Audit Plan
The auditor should develop an audit plan for the audit in order toreduce audit risk to an acceptably low level. (HKSA 300.13)
is more detailed than the audit strategy and
includes:
A description of the nature, timing and extent of
planned risk assessmentprocedures sufficient to assessthe risks of material misstatements
(as determined under HKSA 315)
Audit Plan
Risk Assessment
2006-08 Nelson 27
A description of the nature, timing and extent of
planned further audit procedures at the assertionlevel for each material class of transactions, accountbalance and disclosures (as determined under HKSA
330)
Such other audit procedures required to be carriedout for the engagement to comply with HKSAs
Procedures
Further AuditProcedures
Other AuditProcedures
Planning Audit Plan
Planning for these audit procedures takes place over the course of the
audit as the audit plan for the engagement develops.
Example
For example, planning of the auditors risk
assessment procedures ordinarily occursearly in the audit process.
Audit Plan
Risk Assessment
However, planning of the nature, timing and
extent of specific further audit procedures
depends on the outcome of those risk
2006-08 Nelson 28
Procedures
Further AuditProcedures
Other AuditProcedures
assessment procedures.
In addition, the auditor may begin the execution
of further audit procedures for some areas
before completing the more detailed audit plan of
all remaining further audit procedures.
-
8/4/2019 Hongkong Audit
15/46
15
Planning Audit PlanExample
In planning an audit, the auditor may also consider the timing of certain
planning activities and audit procedures that need to be completed prior
to the performance of further audit procedures.
Prior to identifying and assessing the risks of material
misstatement and performing further audit procedures, the
auditor can perform the following planning activities at the
beginning of the current engagement:
1. the discussion among engagement team members,
2. the analytical procedures to be applied as risk assessment
2006-08 Nelson 29
,
3. the obtaining of a general understanding of the legal andregulatory framework applicable to the entity and how the
entity is complying with that framework,
4. the determination of materiality,
5. the involvement of experts and
6. the performance of other risk assessment procedures
Planning Continual and Iterative
Preliminary Engagement Activities
Overall Audit Strategy
Audit Plan
Planning Activities
2006-08 Nelson 30
Planning is not a discrete phase of an audit, but rathera continualand iterative process that
often begins shortly after (or in connection with) the completion of the
previous audit and
continues until the completion of the current audit engagement.
-
8/4/2019 Hongkong Audit
16/46
16
Planning Continual and Iterative
Preliminary Engagement Activities
Changes to Planning Decisions During the Course of the Audit
Overall Audit Strategy
Audit Plan
Planning Activities
2006-08 Nelson 31
The planning activities, and during the course of an audit, should include
a process of update and changes since HKSA 300 requires that:
The overall audit strategy and the audit plan should be updated and
changed as necessary during the course of the audit.(HKSA 300.16)
Planning Continual and Iterative
As a result of unexpected events, changes in conditions, or the audit
evidence obtained from the results of audit procedures,
Example
plan, and
thereby the resulting planned nature, timing and extent of further
audit procedures.
Information may come to the auditors attention that differs significantly
from the information available when the auditor planned the audit
procedures.
2006-08 Nelson 32
e au or may o a n au ev ence roug e per ormance o
substantive procedures that contradicts the audit evidence obtained with
respect to the testing of the operating effectiveness of controls.
In such circumstances, the auditor re-evaluates the planned audit
procedures, based on the revised consideration of assessed risks at
the assertion level for all or some of the classes of transactions,
account balances or disclosures.
-
8/4/2019 Hongkong Audit
17/46
17
Planning Activities
The auditor should
lan the nature timin and extent of direction and
2006-08 Nelson 33
,
supervision of engagement team members and reviewof their work. (HKSA 300.18)
document the overall audit strategy and the audit plan
including any significant changes made during the
audit engagement. (HKSA 300.22)
Planning ActivitiesSample
Overall Audit Strategy
Preliminary Engagement Activities
2006-08 Nelson 34
Audit Plan
-
8/4/2019 Hongkong Audit
18/46
18
Considerations in an Initial Audit
The auditor should perform the following activities prior
to starting an initial audit:
a) Perform procedures regarding the acceptance of
the client relationship and the specific audit
engagement (see HKSA).
b) Communicate with the previous auditor, where
there has been a change of auditors, in
compliance with relevant ethical requirements.
2006-08 Nelson 35
Considerations in an Initial Audit
For initial audits, additional matters the auditor may
consider in developing the overall audit strategy and
Arrangements to be made with the previous auditor, e.g.
to review the previous auditors working papers.
Any major issues discussed with management in
connection with the initial selection as auditors, the
communication of these matters to those charged with
governance and how these matters affect the overall
audit strategy and audit plan
2006-08 Nelson 36
The planned audit procedures to obtain sufficientappropriate audit evidence regarding opening balances
The assignment of firm personnel with appropriate
levels of capabilities and competence
Other procedures required by the firms system of
quality control for initial audit engagements
-
8/4/2019 Hongkong Audit
19/46
19
Planning an Audit
Preliminary Engagement Activities
Changes to Planning Decisions During the Course of the Audit
Overall Audit Strategy
Audit Plan
Planning Activities
2006-08 Nelson 37
Todays Agenda
Understanding the Entity and its
Environment (HKSA 315)
2006-08 Nelson 38
-
8/4/2019 Hongkong Audit
20/46
20
Purpose of HKSA 315
HKSA 315 Understanding the Entity and its Environmentand Assessing the Risks of Material Misstatement
One of the critical re uirements in HKSAs
Its purpose is to establish standards and to provide
guidance
on obtaining an understanding of the entity and its
environment, including its internal control, and
on assessing the risks of material misstatement in a
financial statement audit.
2006-08 Nelson 39
its environment, including its internal control, sufficient to identify and assess the risks of material
misstatement of the financial statements whether due to
fraud or error, and
sufficient to design and perform further audit procedures.(HKSA 315.2)
Purpose of HKSA 315
Obtaining an understanding of the entity and its environment
establishes a frame of reference within which the auditor
p ans e au an exercses pro essona u gmen a ou assessngrisks of material misstatement of the financial statements and responding
to those risks throughout the audit, for example when:
Establishing materiality and evaluating materiality for individual items
Considering the appropriateness of the selection
and application of accounting policies
Identifying areas where special audit
consideration ma be needed
2006-08 Nelson 40
Developing expectations for use in
performing analytical procedures
Designing and performing further audit
procedures
Evaluating the sufficiency and appropriateness
of audit evidence obtained
-
8/4/2019 Hongkong Audit
21/46
21
Audit Process Overview
Preliminary engagement activities
Audit plan
Risk assessment procedures
In understanding the entity & environment, incl. internal control
2006-08 Nelson 41
1. Risk Assessment Procedures (and other sources)2. Understanding the Entity and its Environment
1. Risk Assessment Procedures
Audit procedures to obtain an understanding are referred to
as risk assessment procedures
Risk assessment procedures
In understanding the entity & environment, incl. internal control
procedures may be used by the auditor as audit evidence to
support assessments of the risks of material misstatement
2006-08 Nelson 42
Obtaining an understanding of the entity and its
environment, including its internal control, is
a continuous, dynamic process of gathering, updating
and analyzing information throughout the audit.
-
8/4/2019 Hongkong Audit
22/46
22
1. Risk Assessment Procedures
HKSA 315 specifically requires that:
The auditor should perform the following risk assessment
environment, including its internal control:
a) Inquiries of management and others within the entity;
b) Analytical procedures; and
c) Observation and inspection. (HKSA 315.7)
2006-08 Nelson 43
e au or s no requ re o per orm a e r s assessmen
procedures described above for each aspect of theunderstanding required in HKSA 315 (to be discussed)
All the risk assessment procedures are performed by the
auditor in the course of obtaining the required understanding
Other audit procedures, if helpful, can also be performed.
1. Risk Assessment Procedures
For continuing engagement, when the auditor intends to
use information about the entity and its environment
the auditor should determine whether changes have
occurred that may affect the relevance of such
information in the current audit. (HKSA 315.12)
The members of the engagement team should discuss
the susceptibility of the entitys financial statements to
material misstatements. (HKSA 315.14)
2006-08 Nelson 44
-
8/4/2019 Hongkong Audit
23/46
23
2. Understanding of the Entity
Risk assessment procedures are used to obtain an
understanding of the entity
Risk assessment procedures
In understanding the entity & environment, incl. internal control
2006-08 Nelson 45
Industry,
Regulatory,
and Other
External
Factors
Nature of the
Entity
Objectivesand
Strategies,
and Related
Business
Risks
Measurementand Review
of the the
Entitys
Financial
Performance
Internal
Control
2. Understanding of the Entity
The auditors understanding of the entity and its environment consists of
an understanding of the following aspects:
. , , ,
financial reporting framework.
2. Nature of the entity, including the entitys selection and application of
accounting policies.3. Objectives and strategies and the related business risks that may result in a
material misstatement of the financial statements.
4. Measurement and review of the entitys financial performance.
5. Internal control.
2006-08 Nelson 46
Industry,
Regulatory,
and Other
External
Factors
Nature of the
Entity
Objectives
and
Strategies,
and Related
Business
Risks
Measurement
and Review
of the the
Entitys
Financial
Performance
Internal
Control
-
8/4/2019 Hongkong Audit
24/46
24
2. Understanding of the Entity
1. Industry, Regulatory and Other External Factors, Including theApplicable Financial Reporting Framework
,
regulatory, and other external factors including the applicable
financial reporting framework. (HKSA 315.22)
These factors include
industry conditions, such as the competitive environment,
supplier and customer relationships, and technological
developments;
2006-08 Nelson 47
Industry,
Regulatory,
and Other
External
Factors
the regulatory environment encompassing, among other
matters, the applicable financial reporting framework, thelegal and political environment, and environmental
requirements affecting the industry and the entity; and
other external factors such as general economic conditions.
2. Understanding of the Entity
2. Nature of the Entity
The auditor should obtain an understanding of the nature of the
. .
The nature of the entity refers to
the entitys operations,
its ownership and governance,
the types of investments that it is making and plans to make,
the way that the entity is structured and
how it is financed.
2006-08 Nelson 48
Nature of the
Entity
An understanding of the nature of an
entity enables the auditor to understand
the classes of transactions, account
balances, and disclosures to be
expected in the financial statements.
-
8/4/2019 Hongkong Audit
25/46
25
2. Understanding of the Entity
2. Nature of the Entity
The auditor should
obtain an understanding of the entitys selection and application
of accounting policies and
consider whether they are
appropriate for its business and
consistent with the applicable financial reporting framework
and accounting polices used in the relevant industry.(HKSA 315.28)
2006-08 Nelson 49
Nature of the
Entity
2. Understanding of the Entity
3. Objectives and Strategies and Related Business Risks
The auditor should obtain an understanding of
the entitys objectives and strategies, and
the related business risks that may result in material
misstatement of the financial statements. (HKSA 315.30) Business risks result from significant conditions, events,
circumstances, actions or inactions that could adversely affect the
entitys ability to achieve its objectives and execute its strategies,
or through the setting of inappropriate objectives and strategies
2006-08 Nelson 50
Objectives
and
Strategies,
and Related
Business
Risks
-
8/4/2019 Hongkong Audit
26/46
26
2. Understanding of the Entity
4. Measurement and Review of the Entitys Financial Performance
The auditor should obtain an understanding of
the measurement and review of the entitys financial
performance.
Performance measures, whether external or internal, create
pressures on the entity that, in turn, may motivate
management to take action to improve the business
performance or to misstate the financial statements.
Obtaining an understanding of the
2006-08 Nelson 51
Measurementand Review
of the the
Entitys
Financial
Performance
en y s per ormance measures
assists the auditor in consideringwhether such pressures result in
management actions that may
have increased the risks of material
misstatement.
2. Understanding of the Entity
5. Internal Control
The auditor should obtain an understanding of
internal control relevant to the audit.
The auditor uses the understanding of internal
control to
identify types of potential misstatements,
consider factors that affect the risks of
material misstatement, and
2006-08 Nelson 52
Internal
Control
es gn e na ure, m ng, an ex en o
further audit procedures.
-
8/4/2019 Hongkong Audit
27/46
27
2. Understanding of the Entity
5. Internal Control
Ordinarily, controls that are relevant to an audit pertain to
the entitys objective of preparing financial statements for external
purposes and
the management of risk that may give rise to a material misstatement in
those financial statements.
In exercising its judgment whether a control is relevant to the audit,
the auditor considers :
The auditors judgment about materiality.
2006-08 Nelson 53
Internal
Control
The size of the entity.
The nature of the entitys business.
The diversity and complexity of the entitys operations.
Applicable legal and regulatory requirements.
The nature and complexity of the systems that are part
of the entitys internal control
2. Understanding of the Entity
5. Internal Control
An entitys internal control consists
Focus on theFocus on therequirementsrequirementsin HKSA 315in HKSA 315
o t e o ow ng components :
The Control
EnvironmentThe Entitys Risk
Assessment Process
The Information
2006-08 Nelson 54
Internal
Control
Control Activities
Monitoring ofControls
-
8/4/2019 Hongkong Audit
28/46
28
2. Understanding of the Entity
The ControlEnvironment
The Entitys RiskAssessment Process
Overall Audit Strategy obtain an understanding of the control
environment. (HKSA 315.67)
obtain an understanding the entitys process foridentifying business risks relevant to financial
reporting objectives and deciding about actions
to address those risks, and the results thereof.(HKSA 315.76)
2006-08 Nelson 55
Internal
Control
2. Understanding of the Entity
obtain an understanding of the information
system, including the related business The auditor should understand
how the entity communicates
The Information
, ,
including the following areas:
The classes of transactions that are
significant to the financial statements The procedures (IT and manual) by whichthose transactions are initiated, recorded,
processed and reported
The related accounting records (electronic
or manual , su ortin information, and
responsibilities and significant
matters relating to financial
reporting. (HKSA 315.89)
2006-08 Nelson 56
Internal
Control
specific accounts in respect of the above
procedures
How the information system capturesevents and conditions that are significant to
the financial statements.
The financial reporting process used to
prepare the entitys financial statements(HKSA 315.81)
-
8/4/2019 Hongkong Audit
29/46
29
2. Understanding of the Entity
The auditor should obtain a sufficient
understanding of control activities to assess
2006-08 Nelson 57
Internal
Control
Control Activities
e r s s o ma er a m ss a emen a e
assertion level and to design further auditprocedures responsive to assessed risks.(HKSA 315.90)
The auditor should obtain an understanding of
how the entity has responded to risks arising
from IT. (HKSA 315.93)
2. Understanding of the Entity
2006-08 Nelson 58
Internal
ControlMonitoring of
Controls
The auditor should obtain an understanding
of the major types of activities that the entity
uses to monitor internal control over financialreporting, including those related to those
control activities relevant to the audit, and
how the entity initiates corrective actions to its
controls. (HKSA 315.96)
-
8/4/2019 Hongkong Audit
30/46
30
2. Understanding of the Entity
Risk assessment procedures
In understanding the entity & environment, incl. internal control
2006-08 Nelson 59
Industry,
Regulatory,
and Other
External
Factors
Nature of the
Entity
Objectivesand
Strategies,
and Related
Business
Risks
Measurementand Review
of the the
Entitys
Financial
Performance
Internal
Control
2. Understanding of the EntitySample
Risk assessment procedures
In understanding the entity & environment, incl. internal control
2006-08 Nelson 60
Template (Key Points) on Understanding an Entity and Environment
-
8/4/2019 Hongkong Audit
31/46
31
2. Understanding of the Entity
Risk assessment procedures
In understanding the entity & environment, incl. internal control
2006-08 Nelson 61
Todays Agenda
Assessing the Risks of Material
2006-08 Nelson 62
-
8/4/2019 Hongkong Audit
32/46
32
Assessing the Risks
Preliminary engagement activities
Audit plan
Risk assessment procedures
In understanding the entity & environment, incl. internal control
Assessin risks of material misstatements
2006-08 Nelson 63
What is Audit Risk?
What is audit risk? What is risk of material misstatement?
Financial Statementsdescribes that
Audit risk is a function of
the risk of material misstatement of the financial statements(or simply, the risk of material misstatement)
i.e., the risk that the financial statements are materially
misstated prior to audit, and
the risk that the auditor will not detect such misstatement
2006-08 Nelson 64
(detection risk).
-
8/4/2019 Hongkong Audit
33/46
33
Assessing the Risks
Audit Risk
Risk of Material Misstatement Detection Risk
HKSA 200 further clarifies that
the auditor is concerned with material misstatements, and is not responsible
for the detection of misstatements that are not material to the financial
statements taken as a whole.
2006-08 Nelson 65
In order to design audit procedures to determine whether there are
misstatements that are material to the financial statements taken as a whole,
the auditor considers the risk of material misstatement at two levels:
the overall financial statement level and
in relation to classes of transactions, account balances, and disclosuresand the related assertions.
Assessing the Risks
Audit Risk
Risk of Material Misstatement Detection Risk
At Financial
Statement LevelAt Assertion Level
2006-08 Nelson 66
Inherent
Risk
Control
Risk
The risk of material misstatement at the assertion
level consists of two components:
1. Inherent risk
2. Control risk
-
8/4/2019 Hongkong Audit
34/46
34
Assessing the Risks
Audit Risk
Risk of Material Misstatement Detection Risk
At Financial
Statement LevelAt Assertion Level
2006-08 Nelson 67
Inherent
Risk
Control
Risk
Even HKSA 200 only states that inherent risk and control risk are considered
at the assertion level, it is also common for the auditor to consider them at the
overall financial statement level.
Inherent
Risk
Control
Risk
Assessing the Risks
Risk of Material Misstatement
At Financial
Statement LevelAt Assertion Level
2006-08 Nelson 68
The auditor should identify and assess the risks of material
misstatement
at the financial statement level, and
at the assertion level for classes of transactions, account
balances, and disclosures (HKSA 315.100)
-
8/4/2019 Hongkong Audit
35/46
35
Assessing the Risks
For the purpose of assessing the risks, the auditor:
Identifies risks throughout the process of obtaining an
understandin of the entit and its environment,
including
relevant controls that relate to the risks, and
by considering the classes of transactions, account
balances, and disclosures in the financialstatements;
Relates the identified risks to what can go wrong at theassertion level;
2006-08 Nelson 69
ons ers w e er e r s s are o a magn u e a
could result in a material misstatement of the financialstatements; and
Considers the likelihood that the risks could result in a
material misstatement of the financial statements.
Assessing the Risks
Perform risk assessment procedures to gather
information about the entity and its environment
Industry,
Regulatory,and Other
Factors
Nature ofclient
Objectives,
Strategies,and Business
Risks
Measurement
of financialperformance
Internalcontrol
Consider other information
2006-08 Nelson 70
Identify and assess risks of material
misstatement
Adapted from Audit Guide of AICPA
At FinancialStatement Level
At Assertion Level
-
8/4/2019 Hongkong Audit
36/46
36
Assessing the Risks
The auditor uses information gathered by performing risk
assessment procedures as audit evidence to support the risk
assessment, and
in turn, uses the risk assessment to determine the nature, timing, and
extent of further audit procedures to be performed.
The auditor determines
whether the identified risks of material misstatement relate to specificclasses of transactions, account balances, and disclosures and related
assertions, or
whether they relate more pervasively to the financial statements as a
2006-08 Nelson 71
Identify and assess risks of material
misstatement
At FinancialStatement Level
At Assertion Level
whole and potentially affect many assertions
Activity 3 Planning and Response
Based on the case in Activity 3
Risks at Financial Statement LevelActivity
assess the risk of material misstatements at the financial statement level.
write down the specific circumstances of ABC that you have considered and
your judgment about the risk level (i.e. low, medium, or high)
2006-08 Nelson 72
At FinancialStatement Level
-
8/4/2019 Hongkong Audit
37/46
37
Risks at Financial Statement Level
The risk of material misstatement at the overall financial statement
level
refers to risks of material misstatement that
relate pervasively to the financial statements as a whole and
potentially affect many assertions.
Risks of this nature
often relate to the entitys control environment, say weak control
environment (although these risks may also relate to other factors, such as
declining economic conditions), and
are not necessarily risks identifiable with specific
2006-08 Nelson 73
At FinancialStatement Level
assertions at the class of transactions, account
balance, or disclosure level.
Risks at Financial Statement Level
The overall financial statement risk represents circumstances that
increase the risk that there could be material misstatements in any
number of different assertions,
for example, through management override of internal control.
Such risks may be especially relevant to the auditors consideration of
the risk of material misstatement arising from fraud.
The auditors response to the assessed risk of material misstatement at
the overall financial statement level includes
consideration of the knowledge, skill, and ability of personnel assigned
si nificant en a ement res onsibilities includin whether to involve ex erts
2006-08 Nelson 74
At FinancialStatement Level
,
the appropriate levels of supervision; and
whether there are events or conditions that may cast
significant doubt on the entitys ability to continue as a
going concern.
-
8/4/2019 Hongkong Audit
38/46
38
Risks at Assertion Level
The risk of material misstatement at the assertion level consists of
two components as follows:
Inherent risk is the susce tibilit of an assertion to a misstatement that
could be material, either individually or when aggregated with other
misstatements, assuming that there are no related controls.
Control risk is the risk that a misstatement that could occur in an
assertion and that could be material, either individually or when
aggregated with other misstatements, will not be prevented, or detected
and corrected, on a timely basis by the entitys internal control.
That risk is a function of the effectiveness of the design and
2006-08 Nelson 75
At Assertion Level
relevant to preparation of the entitys financial statements.
Some control risk will always exist because of the inherent
limitations of internal control.
Activity 4 Risks of Material Misstatement at the Assertion Level
Melody, Tony and Kurt and Company, CPA (MTK CPA), has accepted
Risks at Assertion LevelActivity
to audit the consolidated financial statements of Bonnie Hong Kong
Limited for 2006 and 2007. MTK CPA is required to implement the new
requirements of HK Standard on Quality Control and HK Standards on
Auditing.
Required:
The partner of MTK CPA, Melody Tong, seeks your sharing on the
requirements on assertion level and briefing to the engagement
2006-08 Nelson 76
team the different kinds of assertions.
(Hints: what are assertions for classes of transactions, account
balances, and presentation and disclosures?)
At Assertion Level
-
8/4/2019 Hongkong Audit
39/46
39
Assessing the Risks
Perform risk assessment procedures to gather
information about the entity and its environment
Identify and assess risks of material
misstatement
Financial statement
level risksAssertion level risks
Can risks
2006-08 Nelson 77Adapted from Audit Guide of AICPA
can go wrong at
assertion level
be related to
specificassertions?
es
Determine Significant Risks
As part of the risk assessment, the auditor should determine
which of the risks identified are, in the auditors judgment,
such risks are defined as significant risks. (HKSA 315.108)
The determination of significant risks, which arise on most
audits, is a matter for the auditors professional judgment.
In exercising this judgment, the auditor excludes the effect
of identified controls related to the risk to determine whether
the nature of the risk,
2006-08 Nelson 78
e ey magn u e o e po en a mssa emen
including the possibility that the risk may give rise
to multiple misstatements, and
the likelihood of the risk occurring
are such that they require special audit
consideration.
-
8/4/2019 Hongkong Audit
40/46
40
Determine Significant Risks
Perform risk assessment procedures to gather
information about the entity and its environment
Identify and assess risks of material
misstatement
Financial statement
level risksAssertion level risks
Can risks
2006-08 Nelson 79Adapted from Audit Guide of AICPA
can go wrong at
assertion level
be related to
specificassertions?
es
Significant
risk?
Significant
risk?
Determine Significant Risks
Significant risks are often derived from business risks that may result in
a material misstatement. In considering the nature of the risks, the
auditor considers a number of matters, includin the followin :
Whether the risk is a risk of fraud.
Whether the risk is related to recent significant economic, accounting or
other developments and, therefore, requires specific attention. The complexity of transactions.
Whether the risk involves significant transactions with related parties.
Significant risks often relate to significant non-routine transactionsand judgmental matters.
2006-08 Nelson 80
Non-routine transactions are transactions that are unusual, either due tosize or nature, and that therefore occur infrequently.
Judgmental matters may include the development of accountingestimates for which there is significant measurement uncertainty.
Significant
risk?
Significant
risk?
-
8/4/2019 Hongkong Audit
41/46
41
Determine Significant Risks
Risks of material misstatement may be greater for risks relating to
significant non-routine transactions arising from matters such as:
Example
.
Greater manual intervention for data collection and processing.
Complex calculations or accounting principles.
The nature of non-routine transactions, which may make it difficult for
the entity to implement effective controls over the risks.
Risks of material misstatement may be greater for risks relating to
2006-08 Nelson 81
Significant
risk?
Significant
risk?
accounting estimates, arising from matters such as the following: Accounting principles for accounting estimates or revenue recognition
may be subject to differing interpretation.
Required judgment may be subjective, complex or require
assumptions about the effects of future events, for example, judgment
about fair value.
Determine Significant Risks
For significant risks, to the extent the auditor has not already done so,
the auditor should
evaluate the desi n of the entit s related controls includin relevant control ,
activities, and
determine whether they have been implemented. (HKSA 315.113)
An understanding of the entitys controls related to significant risks isrequired to provide the auditor with adequate information to develop an
effective audit approach.
Management ought to be aware of significant risks; however, risks
relatin to si nificant non-routine or ud mental matters are often less
2006-08 Nelson 82
likely to be subject to routine controls.
Significant
risk?
Significant
risk?
-
8/4/2019 Hongkong Audit
42/46
42
Determine Other Risks
Risks for which Substantive Procedures Alone do not ProvideSufficient Appropriate Audit Evidence
,
evaluate the design and
determine the implementation of the entitys controls, including
relevant control activities, over those risks
for which, in the auditors judgment, it is not possible or
practicable to reduce the risks of material misstatement at the
assertion level to an acceptably low level with audit evidence
2006-08 Nelson 83
Ordinarily, such risks relate to significant
classes of transactions such as an
entitys revenue, purchases, and cash
receipts or cash payments.
. .
AnyAnyexamples?examples?
Assessing the Risks
Perform risk assessment procedures to gather
information about the entity and its environment
Identify and assess risks of material
misstatement
Financial statement
level risksAssertion level risks
Can risks
2006-08 Nelson 84Adapted from Audit Guide of AICPA
can go wrong at
assertion level
be related to
specific
assertions?
es
Significant
risk?
Significant
risk?
-
8/4/2019 Hongkong Audit
43/46
43
Assessing the Risks
Guide to Using International Standards on Auditing in the Audits of
Small- and Medium-sized Entities (IFAC SMPC)
2006-08 Nelson 85
Assessing the Risks
2006-08 Nelson 86
-
8/4/2019 Hongkong Audit
44/46
44
Revision of Risk Assessment
The auditors assessment of the risks of material
misstatement at the assertion level
may change during the course of the audit as
additional audit evidence is obtained.
2006-08 Nelson 87
Communication
Communicating with Those Charged withGovernance and Management
The auditor should make those charged with
governance or management aware, as soon
as practicable, and at an appropriate level of
2006-08 Nelson 88
respons ty, o mater a wea nesses n t e
design or implementation of internal control
which have come to the auditors attention.(HKSA 315.120)
-
8/4/2019 Hongkong Audit
45/46
45
Documentation
The auditor should document:
a) The discussion among the engagement teamregar ng e suscep y o e en y s nanc a
statements to material misstatement due to error or
fraud, and the significant decisions reached;
b) Key elements of the understanding obtainedregarding each of the aspects of the entity and its
environment (identified in HKSA 315.20), including
each of the internal control components (identified in
2006-08 Nelson 89
. ,
misstatement of the financial statements; thesources of information from which the understandingwas obtained; and the risk assessment procedures;
Documentation
The auditor should document:
c) The identified and assessed risks of materialm ss a emen
at the financial statement level and
at the assertion; andd) The risks identified and related controls evaluated
as a result of the requirements in respect of
significant risks and
2006-08 Nelson 90
do not provide sufficient appropriate auditevidence
-
8/4/2019 Hongkong Audit
46/46
Audit Practice Introduced by HKSA(HKSA 230, 300, 315, 330 and 500) Part 1 25 August 2008
Full version of the slides can be found in
. . .
2006-08 Nelson 91
Nelson LamNelson [email protected]
Audit Practice Introduced by HKSA(HKSA 230, 300, 315, 330 and 500) Part 1 25 August 2008
Full version of the slides can be found in
Q&A SessionQ&A SessionQ&A SessionQ&A Session
. . .
Nelson LamNelson [email protected] nelsoncpa com hk