CGA-Canada. Auditing Guideline No. 3 Audit planning and control. Introduction. Objective. Overall audit strategy

Transcription

1 CGA-Canada Auditing Guideline No. 3 Audit planning and control Introduction Experience has proven that there is a significant, favourable impact in the quality and cost-effectiveness of an audit if major emphasis is placed on planning and control. Conversely, it is true that unplanned and uncontrolled audits tend to be ineffective (in terms of achieving Canadian generally accepted auditing standards) and inefficient (in terms of the use of auditor and staff time). Experience suggests that approximately 25% of the total engagement hours should be devoted to planning, both before commencement of the audit and during the term of the engagement. If sufficient time is invested in planning, ample time will be left for investigation, evaluation and reporting. Three kinds of audit plans can be identified. General plans are concerned with issues of overall assurance, materiality, and basic timing. Logistical plans are concerned with arrangements made with the client respecting space, equipment, and access to records. Detailed plans concern the choice of internal control questionnaires, audit programs, and actual staffing for the engagement. Some detailed plans can be made in advance and some must be made during the audit. However, an understanding of the client s internal control structure must be obtained as part of the planning process. Objective The objective of this Guideline is to provide auditors with recommendations for the efficient, effective planning and control of an audit engagement. This Guideline will assist auditors in the attainment of the overall audit objective (the expression of an opinion), while conforming to Canadian generally accepted auditing standards (Canadian GAAS) and the CGA-Canada Code of Ethical Principles and Rules of Conduct (CEPROC). Generally, this Guideline will provide direction for the performance of the audit with due care by qualified personnel who are adequately supervised. This Guideline includes advice in planning for: the evaluation of control risk, the gathering of sufficient appropriate evidence, the preparation of working papers, communication with the client, and preparation of audit reports. Overall audit strategy The overall audit strategy should be aimed at developing a control structure for: Planning Investigation Evaluation Reporting This control structure is otherwise known as PIER. This strategy should aim at the control of each of these functions in an integrated system. As implied in the Introduction, a strategy may mean moving from an engagement where, for example, 97% of time and effort is devoted to Investigation to engagements where, for example, 25% of time is for Planning, 60% for Investigation, 10% for Evaluation, and 5% for Reporting. The emphasis on planning in a control structure results in efficiency and cost effectiveness. This Guideline focuses on Planning, which involves the methods which will be used to gather evidence (see CGA-Canada Auditing Guideline No. 1) [E-101], and the use of professional judgment (see CGA-Canada Auditing Guideline No. 2) [E-102]. It is organized as follows: Section 4: Preliminary plans Sections 5 and 6: Planning and control responsibilities of the audit personnel Section 7: Planning orientation work Section 8: The interim audit Section 9: Detailed plans and schedules Sections 10 and 11: Partners reviews Section 12: Review of reports Investigation must be planned with consideration of the auditors assessment of materiality and risk, as well as the professional skills and judgment of the audit staff. Although covered by CGA-Canada Auditing Guideline No. 2, materiality level determination requires awareness of the interrelated nature of the financial statements. Accordingly, the auditor must consider materiality in terms of the lowest aggregate level of errors. For example, if errors aggregating $50,000 would have a material effect on financial position, but errors would only have to aggregate $20,000 to have a material effect on income, then auditing procedures would have to be designed to detect at the $20,000 level, not at the $50,000 level. Evaluation is a key element in the control structure, and it is important that it not be short-circuited in the Public Practice Audit Case Auditing Guideline No. 3 1

2 E-103(2) rush to complete work. Sections 10, 11, and 12 provide guidance for the review of plans, performance and reports. Plans for specific evaluation procedures ensure that the function is properly completed. Auditors should consider audit risk and materiality to obtain sufficient appropriate evidence on which to properly evaluate the financial statements. Reporting is covered in CGA-Canada Auditing Guideline No. 4 [E-104] and, as the culmination of the whole audit process, reporting should be an integral element of the planning and control structure. The overall audit strategy is dependent on the basic audit approach adopted. Within the required overall risk-based approach, the auditor can utilize: tests of control tests of balances tests of transactions analytical procedures computer-assisted auditing techniques (CAATs) Depending on circumstances and the auditor s professional style, some combination of these five approaches should be chosen. Different approaches may be used to address specific financial statement assertions. In determining the overall audit strategy, the auditor must consider: materiality; audit risk; whether the financial statements, taken as a whole, are presented fairly in conformity with Canadian generally accepted accounting principles (Canadian GAAP); and whether planned audit procedures are in accordance to Canadian generally accepted auditing standards (Canadian GAAS). Although there is no absolute way to structure an engagement, diagrams can clarify the process. The following flowchart provides a suggested sequence which culminates in selection of an overall audit strategy: Tests of control Audit strategy overview Assess engagement risk and independence Preliminary analysis of financial statements Determination of preliminary materiality and assurance guidelines Preliminary evaluation of critical factors: Inherent risk/control risk/risk of misstatement due to fraud and error Consider some combination of possible risk-based audit strategies, ensuring that the significant risks are adequately addressed Tests of balances Tests of transactions Analytical procedures Decision leads to selection of audit approach (combined or substantive) CAATs Public Practice Audit Case Auditing Guideline No. 3 2

3 E-103(3) Preliminary plans Preliminary plans (sometimes called pre-engagement plans) include procedures employed before the auditors begin to plan for the collection of evidence. Preliminary plans are usually general plans, although some detailed planning may be done at this time. Provision for preliminary plans is important in order to avoid the danger of jumping into detailed plans for the audit before necessary preliminary steps have been planned. Special plans should be set up for first engagements. These plans include procedures for consideration of the prospective client, communication with the preceding auditors, inquiries regarding independence, review of working papers, review of financial statements, and the obtaining of credit reports or other documentation. [A- 140] Plans should provide for the documentation of all these preliminary procedures, including the filing of the signed engagement letter. [See appropriate samples in 1010-B.] If the audit is a repeat engagement, less preliminary planning is required. However, it is still necessary to plan for procedures which ensure that the firm is appropriately engaged [A-101] and that an adequate review will be completed of prior years working paper files. In addition, planning steps will ensure that opening balances for the current year s records agree with the closing balances on the prior year s audited financial statements. Planning is also aided by a preliminary review of the prior year s audit program, adjusting journal entries, management letter, and any carry-forward notes from the prior year s audit. When the preliminary plans have been completed, it is useful to plan for the consideration of any non-audit services that may be rendered to the client. It is important to ensure that the non-audit services do not jeopardize the auditors objectivity or independence. Preliminary planning should provide for: special plans for first audits, confirmation of engagement, verification of opening balances, review of prior-year plans and data, and consideration of non-audit services. Planning and control responsibilities of auditors in charge The audit program in CGA-Canada Public Practice Manual, Volume II, includes planning instructions for the partner in charge of the audit ( partner ). [A-101] At the same time as the preliminary planning is underway, plans for scheduling and time budget(s) for the audit can be undertaken. [A-620] These plans are made in the context of the firm s overall work flow, in order to eliminate peak loads and work gaps in the firm. The review of prior year s files and discussions with the client will enable the partner to plan for the involvement of consultants, other professionals, internal auditors (if any), and the firm s staff who will work on the engagement. The partner should plan for instructions to assistants, for the monitoring of staff performance, for the appointment of an engagement quality control reviewer (if the engagement meets the criteria in the firm s quality control manual for an objective quality control review), and for means of handling auditing problems which are encountered by staff during the examination. Planning for the management of an engagement is important because an organized approach is necessary due to the many activities which need to be coordinated and the many technical points which must be adequately covered during the audit. Plans must be made for the matching of personnel competence with the tasks assigned and for the supervisory and consultative attention of the partner. The partner is responsible for: scheduling and time budget(s) in the context of the firm s work flow, staffing, delegation, and supervision, and control structures for the engagement. Planning and control responsibilities of audit staff Instructions for participating staff are contained in the audit program of CGA-Canada Public Practice Manual, Volume II. The term audit staff refers to qualified audit assistants who are responsible for conducting sections of the field work under adequate supervision. In larger audits, audit staff are typically expected to prepare detailed planning and control procedures, in the context of the general and logistical plans previously prepared by the partner. The partner will usually review and approve the detailed plans before the field work is started. Because planning and controlling continue as the audit progresses, the partner may delegate portions of the ongoing planning and controlling work to audit staff. Participation in planning and control by audit staff is important, not only to relieve demands on the partner, but also to contribute to the professional development of the audit staff. Audit staff have planning and controlling responsibilities, as delegated to them by the partner. Public Practice Audit Case Auditing Guideline No.3 3

4 E-103(4) Orientation Auditors must aim to obtain a level of knowledge of the client s business which will enable them to plan the performance of the examination in accordance with Canadian GAAS. This level of knowledge should enable the auditors to have an understanding of the events, transactions, and practices which may have a significant effect on the financial statements. Knowledge of the client s business helps the auditors to make detailed plans such as: identify significant risks of misstatement, identify areas that need special attention, assess the conditions under which accounting data are processed, evaluate the reasonableness of estimates (e.g., bad debts), evaluate the validity of management representations, make judgments about the appropriateness of accounting principles, and make judgments on the adequacy of disclosure. The audit program in CGA-Canada Public Practice Manual, Volume II, deals with obtaining knowledge of the client. [A-130] [A-131] The auditor may have to go outside the firm to obtain knowledge about matters affecting the industry, economic conditions, government regulations, changes in technology, and competitive conditions. [A-111, A-121] As part of the planning process, auditors should obtain an overall understanding of the client s internal control structure. The control structure encompasses the control environment, the accounting system, and the internal control system. The control environment consists of characteristics of an organization, such as management s philosophy and the functioning of the board of directors, which enhance or diminish the effectiveness of specific methods, policies, and procedures included in the accounting and control systems. The audit program in CGA-Canada Public Practice Manual, Volume II, addresses the control environment. [A-610] [A-611] [A-612] An overall understanding of the control structure is obtained through inquiry of management and other client personnel, observation of the entity s operations, and a review of relevant documents and records. In a continuing engagement, much of this understanding will have been obtained through experience with the entity. Understanding of the control structure aids auditors in making a preliminary assessment of inherent and control risks. Auditors should plan orientation procedures which document knowledge relevant to the audit client. Such documentation should include knowledge of: the economic environment, including the competition and relevant technologies, the client, its administrative systems, internal control structure, and accounting system. Planning and controlling interim audit work A key decision necessary for the planning of the interim audit work is the relative emphasis which will be placed on this component of the total audit. Depending on circumstances, interim audit work can consume a varying proportion of the total audit time. It would be rare for no interim audit work to be undertaken in an audit engagement. The objectives of the interim audit are to: obtain adequate knowledge and understanding of the client s organization and operations (i.e., complete the orientation work), gain an understanding of the control environment and control systems sufficient to assess control risk and plan the remainder of the audit, plan and conduct tests of control where a combined approach is selected, and complete a maximum amount of audit work, leaving only necessary year-end functions to be completed. The planning of interim audit work should provide for the accomplishment of the above objectives. Also, it is imperative that planning should provide for the timely review of all work done by interim audit staff. Interim audit plans depend on the nature and size of the client, the complexity of the client s system, and the assessment of control risk. In some engagements, a combined approach is taken; that is, some control systems are tested, while a substantive approach is taken in others. [B-101] It is essential that the interim audit planning decisions be documented to verify that interim audit work was properly planned and to provide guidance for the audit staff. Documentation will facilitate the completion of plans for the evaluation and control of interim audit work as well as subsequent years planning. Public Practice Audit Case Auditing Guideline No. 3 4

5 E-103(5) Plans should be prepared and documented to ensure that interim audit objectives are met and the audit approach is specified. Aspects of these plans include the: evaluation of control systems which will affect the depth and direction of planned substantive procedures, decisions on use of internal auditors work, statistical sampling decisions, use of computer-assisted audit techniques, need for involvement of other professionals, contents and design of the management letter, and integration and coordination of interim audit procedures with plans for the financial statement audit procedures. Completion of the interim audit will enable the finalization of audit planning and control details. Detailed plans and schedules The CGA-Canada Public Practice Manual, Volume II, provides sample forms which can be used for the detailed planning and scheduling of the control risk assessment, audit approach selection, and performance of audit procedures and tests. [A-510] [A-600] [B-101] [C1-101] The planning and scheduling of the control risk assessment is complex because, as indicated above, most of the actual work will be performed at interim dates. However, at the balance sheet date, plans must be made for extensions and modifications resulting from the evaluation of tests made at the interim dates. Also, necessary testing must be done to ensure that the control systems applications have not changed since the interim dates. The decisions on detailed procedures should be based on the results of interim audit work and auditor judgments. Planning decisions should be made to specify and document the detailed procedures and schedules to be used in the assessment of control risk. Planning decisions for the audit programs themselves are also complicated, partly due to the fact that final decisions hinge on the assessment of control risk as indicated above. In addition to the evaluation of control risk, the critical factors of audit assurance and inherent risk must be taken into account in planning detailed audit procedures. Planning decisions should be made to specify and document the detailed procedures and schedules to be used in audit testing and verification. Partner s review of planning and control It is important that the partner review the proposed planning and control structure early in the engagement, because many of the detailed planning and control procedures are specified by audit staff. The reason for review is to ensure an appropriate level of quality, compliance with Canadian GAAS, proper communication among members of the auditing team, and provision for integration of the various sections of the audit. Before commencement or early in the engagement, the partner should review the proposed planning and control structure, with particular emphasis on sections which have been delegated to staff. After the interim audit procedures have been completed, the partner should conduct another review (often called a preliminary review ) to assess the verification work completed and the results obtained. This review serves as a basis for completing or changing detailed auditing plans, based on the results of the assessment of control risk. The partner s responsibilities include: maintaining general contact with the client, ensuring that objectivity and independence is maintained, ensuring that audit staff is properly supervised and adequately trained, reviewing working papers, and discussing contentious points with the client. Some of these activities may be delegated by the partner, depending on the size of the team and the capability of staff working on the engagement. In any case, partners must plan to ensure that these activities are performed. After completion of interim audit procedures, the partner should review results and the proposed planning and control structure for completion of the audit. Specific attention should be given to plans for: additional substantive procedures, year-end procedures for the reconciliation of the roll-forward period, external confirmations, and reconciliations, establishment of the total fee, the management letter, client representation letters, and the auditor s report. Public Practice Audit Case Auditing Guideline No. 3 5

6 E-103(6) If an engagement quality control reviewer (EQCR) has been appointed for the engagement, the EQCR should also review the proposed planning and control structure early in the engagement, as well as significant findings of the interim audit and the control tests, and should provide the audit team with feedback on the findings of this objective review in a timely manner, to assist in maintaining a high standard of quality in the performance of the engagement. Final partner review of audit performance The audit program in CGA-Canada Public Practice Manual, Volume II (Part D), is designed to provide for the partner s overall evaluation of the audit performance. [D-401, D-410] The timing of the partner s review will vary with the circumstances of individual engagements, the level of staff competence, staff continuity, and the nature of problems encountered during the audit. Periodically during the audit, reviews will have been made. However, there must also be an overall review. Partners often perform key verification checks themselves (e.g., updating permanent files, summarizing detailed steps, performing specific steps) in order to complete their review. The partner s review should be conducted so as to ensure that: proper evaluation has been made of the accuracy and reliability of accounting records and methods, a proper basis for planning the timing, nature, and extent of substantive procedures was established (including evaluation of control systems), substantive procedures planned were performed, working papers contain adequate documentation to substantiate the work performed and to support the conclusions reached, sufficient audit evidence was obtained to complete the audit and the audit was performed in accordance with Canadian GAAS, all files are in compliance with the firm s policies and procedures, irregularities encountered have been reported to the client, appropriate recommendations have been carried forward to the management letter, and the financial statements are not materially misstated and are in accordance with Canadian GAAP. Public Practice Audit Case Auditing Guideline No. 3 6

7 E-103(7) Quality control review Most firms design a system for the review of financial statements and working paper files by a partner who did not work on the file. This is to ensure quality and compliance with firm policies and procedures. The comments by a third party (who has not been involved in the preparation of the working papers and financial statements) provide an objective viewpoint. The quality control manual of each firm should describe criteria for the selection of engagements that require the appointment of an objective engagement quality control reviewer (EQCR). All public enterprise audits must be reviewed by an EQCR, and all audits could benefit from this objective review. The quality control review consists of an objective evaluation of: the significant judgments made by the assurance team, the conclusions reached in formulating the auditor s report, and other significant matters that come to the attention of the EQCR. The audit program in CGA-Canada Public Practice Manual, Volume II (Part D), is designed to provide for the quality control review. [D-301, D-310] Review of the financial statements and auditor s report (preferably by an independent partner) is an essential, final control procedure. Please see Section 100, Quality Control, of the CGA-Canada Public Practice Manual, Volume I, for additional instruction. See Handbook Assurance, GSF-QC General Standards of Quality Control for firms performing assurance engagements See Handbook, section 5150, Planning See Handbook, section 5030, Quality Control, procedures for assurance engagements Note: All relevant forms needed to complete the case have been included in the question case file. The PPM form references above are only for review purposes, in case you have a copy of the Public Practice Manual at your firm. Public Practice Audit Case Auditing Guideline No. 3 7