GAAP and GAAS 2007/2008 Highlights: An Update on Assurance Standards The Audit Risk Model and Related Sections

Transcription

1 Intrductin Audit risk mdel Sectin 5095, Reasnable assurance and audit risk Sectin 5135, The auditr s respnsibility t cnsider fraud Sectin 5141, Understanding the entity and its envirnment and assessing the risks f material misstatement Sectin 5142, Materiality Sectin 5143, The auditr s prcedures in respnse t assessed risks Sectin 5300, Audit evidence Sectin 5301, Analysis Sectin 5370, Management representatins Sectin 5150, Planning Sectin 5110, Terms f the engagement Sectin 5145, Dcumentatin GAAP and GAAS 2007/2008 Highlights: An Update n Assurance Standards The Audit Risk Mdel and Related Sectins By STEPHEN SPECTOR, MA, FCGA This is the secnd f three articles by Mr. Spectr n GAAP and GAAS Highlights t be published n PD Net. Intrductin Tw years ag, the AASB issued a cmprehensive update t assurance standards t reflect changes in the audit risk mdel. Based n U.S. and internatinal auditing standards, the revised sectins increased the emphasis n risk assessment, ging s far as t rephrase the key bjective f the audit as ensuring that the financial statements are free f material misstatements. The changes were effective with respect t financial statements and financial reprts fr perids beginning n r after January 1, Alng with the amendments specifically required because f the changes t the risk mdel, a number f ther sectins als were implemented and/r mdified t cnfrm t, r prvide supprting guidance fr, the audit risk mdel. The material that fllws prvides a brief verview f these changes; because f the extent f the changes, reference t the CICA Handbk is recmmended. The audit risk mdel revisins were released as part f the May 2005 Handbk update. The ther sectins were released during 2005 and early All f the standards apply t all audits in Canada, fr bth small and large entities. The requirements are effective with respect t financial statements and financial reprts fr perids beginning n r after January 1, Audit risk mdel The audit risk mdel is cdified in GAAS (althugh nt by name). It was frmalized in the AICPA s Statement f auditing standards, SAS N. 47, issued in SAS N. 82, Cnsideratin f fraud in a financial statement audit, amended SAS 47 in In Canada, the Handbk was amended t reflect a similar apprach. Since 1984, auditrs have been required t emply the audit risk mdel. CGA-Canada 2007

2 The fallut frm the U.S. crprate failures in 2002 highlighted sme f the weaknesses f the current methdlgy. Cnsequently, a call fr revisins t the audit risk mdel began t circulate in the U.S. In the hubbub ver the U.S. audit failures, the fact that the audit risk mdel is a planning mdel seems t have been verlked. It is nt a magic bullet that allws the auditr t cnclusively establish the amunt and/r type f testing that needs t be perfrmed. Mrever, it is used mainly fr cnceptual purpses. The auditr uses the audit risk mdel t estimate the amunt f assurance needed frm the substantive prcedures (analysis and tests f details f balances) when cnsidering the desired level f audit risk (AR) fr the audit and the assessed levels f inherent risk (IR) and cntrl risk (CR) fr a particular management assertin r accunt balance. In practice, mst firms will use a high, medium, and lw scheme t assign risk within this mdel. Nt nly wuld it be difficult t calculate and assign abslute percentages, but als it wuld be hard t establish r defend a ratinale fr making the calculatin (fr example, in a lawsuit). The imprtance f the audit risk mdel is nt that it quantifies audit risk, but, rather, that it frces the auditr t cnsider each f the cmpnent risks in cntext and t dcument each decisin made. The auditr must first determine the acceptable level f audit risk fr the audit. Next, IR is usually assessed fr each f the assertins made by client management as well as fr the entity as a whle. Then CR must be assessed n an assertin-by-assertin basis. Finally, audit prcedures are develped such that the detectin risk (DR), when cmbined with IR and CR, can be expected t reduce audit risk t the level deemed t be acceptable at the utset f the prcess. It is against that fcus that ne must assess the success f the mdel. In the wake f the cllapse f Enrn, a great deal f analysis has been expended trying t find ut hw and why Arthur Andersen s audits failed t detect the fraud that had taken place. Pst-Enrn activities Spurred by the demand fr imprvements t the audit risk mdel, the Auditing Standards Bard apprved changes fr the U.S. in Octber Subsequently, IFAC s Internatinal Auditing and Assurance Standards Bard apprved the internatinal versins f the amended standards in Octber One f the key ntins assciated with these revisins was recgnitin f the fact that the auditr is ften expsed t risks that are nt embraced in the audit risk mdel. Fr example, auditrs may be expsed t lss r injury t their prfessinal practice frm litigatin, adverse publicity, r ther events arising in cnnectin with financial statements they audited and n which they reprted. This expsure is present even thugh the auditr has perfrmed the audit in accrdance with GAAS and has reprted apprpriately n the financial statements. Even if the auditr assesses this expsure as lw, the auditr is nt permitted t perfrm less extensive prcedures than therwise wuld be apprpriate under GAAS. In particular, the auditr is expsed t what is called business risk. Business risk can be defined as the risk that an entity s business bjectives will nt be achieved because f external and internal pressures and frces. In ther wrds, business risk is the risk assciated with the entity s prfitability and survival. Therefre, t prperly perfrm the audit, the auditr must have extensive knwledge abut the nature f the client s business and industry in rder t determine whether financial reprt assertins are valid. Sme assertins cannt be appraised meaningfully withut auditr attentin being given t the client s interactins with its envirnment. The auditr must understand the strategic business risks faced by the client, as well as the risks that affect the traditinal prcessing and recrding f transactins. The auditr needs t knw the client s The Audit Risk Mdel and Related Sectins 2

3 The revisins business strategy and hw it plans t respnd t r cntrl changes in its business envirnment. S what exactly are the changes? Assurance standards have been adjusted t meet the bjective f gaining an expanded understanding f the entity and its envirnment, including its internal cntrl structure. They nw detail requirements and guidance n where and hw the auditr shuld btain the expanded understanding f the entity and its envirnment, including its internal cntrl. The auditr must nw interact with persnnel ther than thse invlved in financial reprting and management by cntacting individuals with peratinal rles within the entity. Infrmatin btained as the auditr gains an expanded understanding f the entity and its envirnment may cnstitute valid audit evidence. It is nt, hwever, sufficient in and f itself t supprt the auditr s pinin. Nte that this is cnsistent with the ntin that the auditr must perfrm risk assessment prcedures in all audits t btain the necessary understanding. This includes updating infrmatin btained in prir audits, especially if that infrmatin is t be used in the current audit. The assessment f cntrl risk and inherent risk as determinants f audit risk will give way t the gal f assessing the risk f material misstatement. Given that the auditr will nw have an expanded understanding f the entity and its envirnment, they will have a better starting pint t identify the risks f material misstatement. In perfrming the risk assessment prcedures necessary t btain evidence regarding the risks f material misstatements, the auditr is required t assess these risks at the assertin level identify risks that are significant in the auditr s judgment identify assertins where substantive prcedures alne will nt be sufficient in ther wrds, where testing the internal cntrls wuld be necessary t btain sufficient cmfrt ver a balance r assertin T meet these gals, the risk assessment must ultimately cmbine the assessment f inherent risk and cntrl risk, but the auditr may perfrm cmbined r separate assessments. In keeping with the abve change, the term significant risks is intrduced. A significant risk is a risk that is s significant as t require special audit cnsideratin. The assessment f risks at maximum withut evaluatin r supprt is prscribed. The auditr must supprt risk assessments, at whatever level, based n the understanding f the entity and its envirnment, including its internal cntrl. Thus, testing cntrls is encuraged. In circumstances where assessing risks at maximum is warranted, the auditr must dcument the basis fr that cnclusin. Cnsistent with existing guidance, the auditr is nt required t perfrm tests f cntrls unless they intend t rely n the perating effectiveness f cntrls t alter the nature, timing, r extent f substantive prcedures; r the auditr has determined that evidence btained frm substantive prcedures alne will nt reduce risk t an apprpriate level and that audit evidence abut the effectiveness f cntrls must be btained. Fr significant risks, the auditr will be required t perfrm substantive prcedures, cnsisting f tests f details alne r tests f details cmbined with substantive analytical prcedures that are specifically respnsive t thse risks. The Audit Risk Mdel and Related Sectins 3

4 The auditr s required understanding f internal cntrl nw cmpels the auditr t evaluate the design f cntrls ver significant risks, including relevant cntrl prcedures, and t determine whether the cntrls have been implemented. In particular, the auditr has t evaluate the design and determinatin f hw the cntrls are implemented bth cntrls that address significant risks and thse that relate t assertins fr which substantive prcedures alne are nt sufficient. There is greater emphasis n the entity s risk assessment prcess. The auditr needs t gain an understanding f the entity s risk assessment prcess as a cmpnent f internal cntrl. Such an analysis assists the auditr in assessing the entity s bjectives and strategies and any related business risks, allwing the auditr t identify and respnd t risks t the achievement f the entity s bjectives, including its financial reprting bjectives. If the auditr identifies risks that may result in material misstatement f the financial statements that the entity s risk assessment prcess has failed t identify, the auditr has t address why the prcess failed t d s and whether the prcess is apprpriate in the circumstances. The auditr s ability t rely n audit evidence gathered in prir audits is strengthened in the fllwing ways: If the auditr relies n cntrls that have nt changed since they were last tested (based n the auditr s evaluatin f design and whether they are implemented in the current perid), the auditr must nnetheless test the perating effectiveness f such cntrls at least every third audit. The lnger the elapsed time since a cntrl has been tested, the less audit evidence the cntrl may prvide abut its effectiveness in the current year. When a significant risk is identified and the auditr intends t rely n the perating effectiveness f cntrls intended t mitigate that risk, they must btain audit evidence abut the perating effectiveness f relevant cntrls in every perid that is audited. The perfrmance f substantive prcedures fr material classes f transactins and accunt balances has been extended t disclsures, given their increased significance under financial reprting framewrks. In particular, assertins related t presentatin and disclsure nw requires the auditr t btain evidence specifically related t hw cmplete and understandable the disclsures are t their users. Dcumentatin requirements have been expanded t demnstrate that the auditr has cmplied with the standards. Requirements are mre specific than previus standards with respect t details f each aspect f understanding the entity and its envirnment, including internal cntrl the prcedures perfrmed t btain the understanding including the surces f infrmatin discussin with the audit team members the verall respnses t the risks f material misstatement at the financial statement level the linkage f the further audit prcedures with the assessed risks at the assertin level Key changes t the Handbk Because f the pervasive nature f the changes embdied in the revisins t the audit risk mdel, there have been significant changes t GAAS as reflected in many sectins f the Handbk. In additin t new sectins being added, many existing sectins in the Handbk were revised. We ll lk at the mst significant f these changes next. Fllwing the discussin n the related sectins, yu will find a summary f the changes. The Audit Risk Mdel and Related Sectins 4

5 Sectin 5095, Reasnable assurance and audit risk This sectin defines the cncept f reasnable assurance ntes that the auditr cannt btain abslute assurance that the financial statements are free frm material misstatement because f varius factrs defines the cncept f audit risk permits the auditr t make separate r cmbined assessments f inherent and cntrl risk Sectin 5135, The auditr s respnsibility t cnsider fraud Sectin 5135 has been revised t narrw its scpe t address nly misstatements due t fraud. Material previusly dealing with misstatements due t errr has been mved t sectins 5095, 5142, and Additinally, the material dealing with cmmunicatin matters has been mved t sectins 5750 and The revised sectin als intrduces the cncept f significant risk. There are tw requirements fr significant risks: The auditr must identify risks that are significant s as t require special audit cnsideratin. The auditr must understand related cntrl prcedures t the extent that identificatin has nt yet been dne. Sectin 5141, Understanding the entity and its envirnment and assessing the risks f material misstatement This sectin requires the auditr t understand the entity s business risks t the extent that they are relevant t the financial statements understand each cmpnent f the entity s internal cntrls as defined in the Treadway Reprt understand the design and implementatin f cntrls n all audits understand an entity s risk assessment prcess and its mnitring f cntrls specifically address significant risks In additin, sectin 5141 places mre emphasis n using varius surces t btain a brader understanding f the entity and its envirnment, including its internal cntrl supprting the assessment f the risks f material misstatement at the financial statement level and at the assertin level adhering t mre rigrus dcumentatin requirements The Audit Risk Mdel and Related Sectins 5

6 Sectin 5142, Materiality This sectin revises and replaces sectin 5130, Materiality and audit risk in cnducting an audit. The scpe f sectin 5130, which previusly dealt with materiality and audit risk, has been narrwed in sectin 5142 t address nly materiality. Audit risk is addressed in sectin Sectin 5143, The auditr s prcedures in respnse t assessed risks This sectin establishes standards and prvides guidance n determining verall respnses t assessed risks. It als addresses designing and perfrming further audit prcedures t respnd t the assessed risks f material misstatement at the financial statement and assertin levels. Sectin 5143 cntains requirements fr specifically addressing significant risks and places mre emphasis n directly linking assessed risks t audit prcedures that are respnsive t thse risks perfrming tests f cntrls when the auditr has determined that evidence btained frm substantive prcedures alne will nt reduce risk t an acceptably lw level assessing whether, in certain circumstances, reliance can be placed n evidence frm prir perids btaining evidence abut disclsures like sectin 5141, adhering t mre rigrus dcumentatin requirements Sectin 5300, Audit evidence New sectin 5300 revises and replaces the existing sectin 5300 t incrprate ISA 500, Audit evidence, int the Handbk with as few changes as pssible t cnfrm t existing Handbk references and terminlgy. There are n substantive changes frm the material in the previus versin f sectin Sectin 5301, Analysis This sectin was revised t incrprate int the Handbk cncepts related t the new audit risk mdel. The key changes t the sectin are increased emphasis n the use f analysis and analytical prcedures as risk assessment prcedures t btain an understanding f the entity and its envirnment, including its internal cntrl additinal guidance prvided when analytical prcedures are used as substantive prcedures, when their use can be mre effective r efficient than tests f details in reducing the risk f material misstatement at the assertin level t an acceptably lw level additinal guidance prvided related t the use f analytical prcedures as an verall review f the financial statements at r near the end f the audit Sectin 5370, Management representatins Handbk sectin 5090, Audit f financial statements an intrductin, stipulates that the auditr must maintain an attitude f prfessinal scepticism regarding management assertins. Mrever, revisins t the audit risk mdel and the standards dealing with fraud bth stressed the imprtance f btaining and using management representatins by the The Audit Risk Mdel and Related Sectins 6

7 public accuntant as part f the prcess f btaining sufficient apprpriate audit evidence t supprt the cnclusin in a reprt n financial statements. Cnsequently, the AASB undertk a prject dealing with management representatins. The gal was t develp specific assurance recmmendatins requiring the practitiner t btain written representatins frm management as part f the evidence btained t supprt the cnclusin in their reprt prviding assurance n financial statements. Why? There were recmmendatins in varius sectins thrughut the Handbk regarding management representatins and the need fr the public accuntant t btain them, but there was n single standard within Canadian GAAS that established basic principles and essential prcedures. Sectin 5370, Management representatins, incrprates the basic principles and essential prcedures included in Internatinal Standard n Auditing 580, Management representatins (ISA 580), and in AICPA Statement f Auditing Standards N. 85, Management representatins (SAS 85). By drawing n U.S. and internatinal standards, the AASB ensured that Canadian GAAS was aligned with U.S. and internatinal standards n management representatins. Sectin 5370 prvides guidance regarding the crrbratin f management s representatins and the auditr s actins when ther audit evidence refutes management s representatins. The Handbk requires that in an engagement t audit financial statements presented in accrdance with generally accepted accunting principles, r n a disclsed basis f accunting described in the ntes t the financial statements, the auditr btain management s written cnfirmatin f representatins that relate t the fllwing matters: financial statements cmpleteness f infrmatin fraud and errr recgnitin, measurement, and disclsure Specifically, paragraph states that Management s representatins include, but are nt limited t: (a) matters cmmunicated in discussins with the auditr, whether slicited r unslicited; (b) matters cmmunicated electrnically t the auditr; (c) schedules, analyses, and reprts prepared by the entity, and management s ntatins and cmments theren, whether r nt in respnse t a request by the auditr; (d) internal and external memranda r crrespndence; (e) minutes f meetings f the bard f directrs r similar bdies such as audit cmmittees and cmpensatin cmmittees; (f) a signed cpy f the financial statements; and (g) a representatin letter frm management. Similarly, paragraph requires that when a representatin made by management is cntradicted by evidence btained thrugh the perfrmance f ther audit prcedures, additinal prcedures shuld be perfrmed t either supprt r refute that representatin. If the representatin turns ut t be false, the auditr has t assess the likelihd that ther representatins are als false, in which case the issue f whether reliance can be placed n management s ther representatins must be addressed. Again, this is nt smething new it is a fundamental aspect f any audit. If management lies abut ne thing, what else have they lied abut? Althugh much f sectin 5370 simply cdifies existing practice, there are als imprtant new requirements that must be addressed. Fr example, management representatins must be The Audit Risk Mdel and Related Sectins 7

8 in writing, with ral representatins subsequently cnfirmed in writing by management. Previusly, it was assumed that the auditr wuld btain written representatins; nw it is mandatry. Current management n the hk Paragraph requires that management s written representatins be signed by thse members f management with verall respnsibility fr financial and perating matters members the auditr believes t be respnsible fr, directly r indirectly, the matters cvered by the representatins. What is new is that even if current management was nt present during all perids cvered by the auditr s reprt, current management is respnsible fr the representatins prvided n all such perids. This directive may generate cnsiderable difficulty fr an auditr, especially if current management is unwilling t prvide the representatins because they (current management) cannt satisfy themselves that all representatins are accurate. What happens in a case like this? If current management refuses t prvide a written representatin required by the auditr, the auditr faces a scpe limitatin. The auditr wuld then express a qualified pinin r deny an pinin. Furthermre, the auditr has n chice: A refusal by management t prvide a written representatin required by the auditr is a limitatin impsed by the entity and cnstitutes a scpe limitatin, regardless f whether the auditr is able t btain the necessary evidence by perfrming alternative prcedures. Review engagements One f the issues under cnsideratin when the tpic was expsed was whether the need t btain written representatins frm management wuld be mre than just an audit engagement requirement. The cnclusin f the AASB was that there shuld be smething similar fr review engagements. Hwever, the mderate degree f assurance prvided by a review engagement meant that the review engagement representatin letter wuld be much less detailed and extensive. Why? In a review engagement, the emphasis is n plausibility as ppsed t reasnableness. The bjective f the review is t enable the practitiner t cnclude that the financial statements are plausible assuming nthing cmes t the practitiner s attentin that wuld lead t a different cnclusin. As part f that assessment, the practitiner makes enquiries f management, and they make representatins as t the state f the entity s affairs. The practitiner must then decide whether management s representatins are plausible. That is, are these representatins cnsistent with evidence btained thrugh enquiry and analytical prcedures? If s, then the practitiner may cnclude that the statements are plausible. Hwever, if the assessment is nt psitive, this may lead the practitiner t dubt the plausibility f representatins made by management. In turn, the practitiner wuld then have t perfrm sufficient additinal r mre extensive prcedures s as t reslve such dubt, r t cnfirm that a reservatin is required in the review engagement reprt. Accrdingly, sectin 8200, Public accuntant s review f financial statements, was amended t require the practitiner t btain written representatins frm management relating t imprtant matters. Further, sectin 8200 was amended t mirrr sectin 5370 with respect t the rle f current management. As with an audit, shuld current management decline t prvide written representatins cvering all perids under review, the same utcme ccurs: there is a scpe limitatin and the practitiner wuld have t express negative assurance with a qualificatin r even a denial f pinin. The Audit Risk Mdel and Related Sectins 8

9 Sectin 5150, Planning Handbk sectin 5150, frmerly entitled Planning and supervisin, is nw titled Planning. It is harmnized with Internatinal Standard n Auditing 300, Planning the audit (ISA 300), which was itself revised and issued by the IAASB in July The revisins t sectin 5150 als cnfrm t the Handbk amendments arising frm the audit risk mdel prject. The new audit risk standards require audit prcedures, r risk assessment prcedures, t be perfrmed by the auditr in rder t btain an understanding f the entity s business. The prcedures have been bradened t encmpass a mre in-depth understanding f the entity and its envirnment, including its internal cntrl. Sectin 5150 builds n the new audit risk standards. The revisins als address matters raised in Handbk sectin 5049, Use f specialists in assurance engagements; sectin 5030, Quality cntrl prcedures fr assurance engagements; and the firm-specific quality cntrl standards set ut in General standards f quality cntrl fr firms perfrming assurance engagements. ISA 300 emphasizes that planning is a cntinual and repeated prcess thrughut the engagement and that unexpected events, changes in cnditins, r ther circumstances may lead the auditr t re-evaluate the planned audit prcedures. It als requires the auditr t establish the verall strategy fr the audit that sets the scpe, timing, and directin f the audit. As well, ISA 300 recgnizes that audit planning plays a critical rle in setting the tne and directin f the audit, and in ensuring that the right resurces are allcated t the higher risk areas at the apprpriate time. The establishment f the verall audit strategy helps guide the develpment f the mre detailed audit plan and ensures that risk assessment prcedures and further detailed audit prcedures are apprpriately targeted. Sectin 5150 is intended t prvide the necessary requirements and guidance fr the auditr t perfrm this imprtant aspect f the audit. It intrduces the ISA 300 ntin f an verall audit strategy. It stresses that planning an audit invlves establishing an verall audit strategy fr the engagement and develping an audit plan, in rder t reduce audit risk t an acceptably lw level. The prcess f develping the verall audit strategy helps the auditr t ascertain the nature, timing, and extent f resurces necessary t perfrm the engagement. Sectin 5150 requires the auditr t plan the audit s that the engagement will be perfrmed in an effective manner perfrm preliminary engagement activities including engagement acceptance and cntinuance prcedures, evaluating cmpliance with ethical requirements, and establishing an understanding f the terms f the engagement establish the verall audit strategy develp an audit plan during the curse f the audit, update and change as necessary the verall audit strategy and audit plan plan the nature, timing, and extent f directin and supervisin f engagement team members and review f their wrk dcument the verall audit strategy and audit plan prir t starting an initial audit engagement, perfrm client and engagement acceptance prcedures and cmmunicate with the predecessr auditr What the sectin makes clear is that planning is nt a discrete phase f an audit, but rather a cntinual and repeated prcess that shuld begin shrtly after (r in cnnectin with) the cmpletin f the previus audit (if applicable) and cntinue until the cmpletin f the current audit engagement. The sectin als makes the pint that preliminary planning has a The Audit Risk Mdel and Related Sectins 9

10 special rle: t ensure that the auditr has cnsidered events r circumstances that culd adversely affect the planning and perfrming f the audit engagement such that it reduces audit risk t an acceptably lw level. Sectin 5150 stipulates als that fr first-time engagements, the auditr must perfrm prcedures regarding the acceptance f the client relatinship and the specific audit engagement as discussed in sectin 5030, as well as cmmunicate with the predecessr auditr (where there has been a change f auditrs) in cmpliance with relevant ethical requirements. Sectin 5110, Terms f the engagement The AASB released Handbk sectin 5110, Terms f the engagement, t establish standards and prvide guidance regarding agreeing with the client n the terms f the engagement relating t the audit f financial statements. In additin, sectin 8200, Public accuntant s review f financial statements, was revised t incrprate guidance fr agreeing n the terms f the engagement relating t the review f financial statements. As with sectin 5370, the AASB drew n U.S. and internatinal prnuncements. The auditrelated sectin is based n the AICPA s Audit Sectin 310, Appintment f the independent auditr (AU 310), and the IAASB s Internatinal Standard n Auditing 210, Terms f audit engagements (ISA 210), while sectin 8200 incrprated material cntained in AICPA Statements n Standards fr Accunting and Review Services, AR 100, Cmpilatin and review f financial statements, and IAASB ISA 910, Engagements t review financial statements. Requirements The purpse f this sectin is t reduce the risk that either the auditr r the client may misinterpret the needs r expectatins f the ther party. It is in the interest f bth parties, preferably befre the engagement cmmences, t establish an understanding f the bjective, scpe, and limitatins f the audit, as well as the respective respnsibilities f the auditr and management. In additin, it is apprpriate fr the engagement letter t dcument ther matters relevant and imprtant t the engagement. Therefre, the engagement letter must set ut the mutual understandings f the auditr and the client, beginning with the scpe f the financial statement audit, including reference t applicable legislatin, regulatins, cntracts, and prnuncements. In additin, the engagement letter must state that the fllwing: The bjective f the engagement is t express an pinin n the financial statements, and that there may be circumstances where the auditr is unable t reprt withut reservatin. Financial statement audits cannt prvide abslute assurance because f factrs such as the use f judgment, the inherent limitatins f internal cntrl, the use f testing, and the fact that much f the evidence is persuasive rather than cnclusive in nature. Fraud, errr, and illegal acts may nt be detected. Why shuld these items be raised? As nted, the gal is t prevent misunderstandings between the auditr and the client. Setting ut just what the audit can and cannt d, and what the auditr is expected t d, is essential t that gal. In particular, the specific respnsibilities f the auditr shuld be nted in the terms f the engagement. Fr example, while it is bvius, it needs t be explicitly nted that the auditr will keep the client s infrmatin cnfidential and maintain independence. Likewise, the engagement letter lets the client knw that the auditr will cmmunicate with management r the audit cmmittee r equivalent. It als alerts the client t the fact that the auditr will have t btain an understanding f internal cntrl t identify types f ptential misstatements, as well as cnsider factrs that The Audit Risk Mdel and Related Sectins 10

11 affect the risks f material misstatement, in rder t design the nature, timing, and extent f further audit prcedures. The engagement letter is a tw-way street. Nt nly des it specify the auditr s respnsibilities, it als clarifies what is expected f management. The engagement letter must describe management s respnsibility fr the financial statements cmpleteness f infrmatin related t the engagement fraud and errr recgnitin, measurement, and disclsure f specific items prviding written cnfirmatin f significant representatins t the auditr (as required by sectin 5370) Finally, the engagement letter shuld address items necessary t prevent misunderstanding. Fr a practitiner, paramunt are arrangements regarding fees and billings. Specifying up frnt the services t be prvided and the cmpensatin expected can alleviate disputes after the engagement is cncluded. Anther key matter is management s acknwledgment that all wrking papers and files, ther materials, reprts, and wrk created, develped, r perfrmed by the auditr during the curse f the engagement are the prperty f the auditr. Having this cnditin agreed t prevents awkward exchanges during and after the engagement. In additin, the engagement letter can cver a diverse range f issues, including arrangements relating t dispute reslutin arrangements cncerning invlvement f specialists, internal auditrs, r reliance n anther auditr additinal services prvided in relatin t regulatry requirements r clarificatin f respnsibilities regarding persnal infrmatin cllected by the entity that will be used in the engagement The scpe is pen-ended anything that clarifies the expectatins and bligatins f bth parties t the engagement is fair game fr the letter. Of curse, it is f little value if it is nt signed and getting it signed at the end f the engagement is nt an ptin. Review engagements As with the sectin dealing with management representatins, ne f the issues under cnsideratin when this tpic was expsed was whether the need t btain a written engagement letter wuld be mre than just an audit engagement requirement. The cnclusin f the AASB was that there shuld be smething similar fr review engagements. Hwever, the mderate degree f assurance prvided by a review engagement meant that the engagement letter culd be smewhat less detailed than that required fr an audit mainly because the respnsibilities f the practitiner were less. As with an audit, the specific respnsibilities f the practitiner shuld be nted in the terms f the engagement. And, as with an audit, the engagement shuld indicate that the practitiner will keep the client s infrmatin cnfidential and maintain independence. Likewise, the engagement letter lets the client knw that the practitiner will cmmunicate with thse having financial versight respnsibility. Where it differs is in the specific matters fr which the practitiner is respnsible. The engagement letter must state the reduced rle f the practitiner (as cmpared t an audit) and ensure that the expectatins f the client are similarly reduced. Management is mre r less respnsible fr the same set f factrs as nted fr an audit. One difference is that management representatins related t significant matters are crss- The Audit Risk Mdel and Related Sectins 11

12 referenced t paragraphs t , rather than t sectin A secnd difference is the list f issues cntained in paragraph The list is the same fr a review engagement, except fr matters related t fraud and errr. Instead f the five sub-factrs cited under the heading prviding the auditr with infrmatin related t fraud and errr, management s bligatins in a review engagement are reduced t the design and implementatin f internal cntrl t prevent and detect fraud and errr. Sectin 5145, Dcumentatin In keeping with the revisins t the audit risk mdel, sectin 5145, Dcumentatin, was updated. The sectin was harmnized with ISA 230, Dcumentatin and AICPA SAS 96, Audit dcumentatin. In additin t revising sectin 5145, the AASB mdified the Handbk sectin entitled General standards f quality cntrl fr firms perfrming assurance engagements, GSF-QC, t incrprate guidance n plicies and prcedures designed t maintain the cnfidentiality, safe custdy, and retentin f engagement dcumentatin. Sectin 5145 nw prvides recmmendatins establishing the verarching requirement fr sufficient audit dcumentatin. It requires that the auditr dcument significant issues and findings in what is t be called an engagement cmpletin dcument. The auditr will have t dcument the identifying characteristics f specific items tested during the audit, and will als have t dcument audit evidence that the auditr has identified as being cntradictry r incnsistent with the final cnclusins. Mrever, the auditr will have t explain hw the cntradictin r incnsistency was addressed. Further, sectin 5145 includes guidance n making changes t audit dcumentatin between the audit reprt date and the date the auditr s reprt is issued. Sectin 5145 stipulates the fllwing requirements: The auditr will have t assemble and cmplete the final audit file within 45 days after the date the auditr s reprt is issued, after which nthing can be deleted frm the file and any additins r mdificatins must be explained and currently dated. An experienced auditr must serve as a pint f reference fr assessing the adequacy f dcumentatin. The preparer and reviewer f audit dcumentatin must be explicitly identified in the file. In additin, sectin 5145 requires the auditr t dcument significant issues and findings in an engagement cmpletin dcument audit evidence the auditr has identified as cntradictry r incnsistent with the final cnclusins, and hw the auditr addressed the cntradictin r incnsistency the identifying characteristics f the specific items tested during the audit The changes t GSF-QC fcus n three key issues: 1) A new element will have t be added t the firm s system f quality cntrl, namely engagement dcumentatin. 2) A firm will have t explicitly establish plicies and prcedures designed t maintain the cnfidentiality, safe custdy, integrity, accessibility, and retrievability f engagement dcumentatin. 3) A firm must establish plicies and prcedures requiring the retentin f engagement dcumentatin fr a perid sufficient t meet the needs f the firm, r as required by law r regulatin. The Audit Risk Mdel and Related Sectins 12

13 This article prvides an update n the audit risk mdel and related sectins. The cmprehensive GAAP/GAAS Highlights 2007/2008 nline curse is available n PD Net. Yu must be registered t access and purchase the curse. Register nw it s fast, easy, and free. A CGA, Stephen Spectr als hlds a master s degree in ecnmics. In 1999 he received the Fellw Certified General Accuntant (FCGA) award fr distinguished service t the Canadian accunting prfessin. Stephen has served n the Internatinal Accunting Standards Cmmittee s Canadian Advisry Grup and he was als ne f Canada s technical advisrs t the IFAC Ethics Cmmittee frm 1999 t He is a member f the Canadian Academic Accunting Assciatin, where he served as an executive member frm 1992 t Currently, he is a Lecturer at Simn Fraser University, where he teaches curses n financial and managerial accunting. The Audit Risk Mdel and Related Sectins 13