New Zealand Institute of Chartered Accountants INTERNATIONAL STANDARD ON AUDITING (NEW ZEALAND)

Transcription

1 Issued 10/07 Updated 03/09 Updated 06/09 New Zealand Institute f Chartered Accuntants INTERNATIONAL STANDARD ON AUDITING (NEW ZEALAND) IDENTIFYING AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT THROUGH UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT Issued by the Cuncil f the New Zealand Institute f Chartered Accuntants Intrductin CONTENTS Paragraph Scpe f this ISA (NZ)... 1 Effective Date... 2 Objective... 3 Definitins... 4 Requirements Risk Assessment Prcedures and Related Activities The Required Understanding f the Entity and Its Envirnment, Including the Entity s Internal Cntrl Identifying and Assessing the Risks f Material Misstatement Dcumentatin Applicatin and Other Explanatry Material Risk Assessment Prcedures and Related Activities... The Required Understanding f the Entity and Its Envirnment, Including the Entity s Internal Cntrl... A1-A16 A17-A ISA (NZ) 315, Identifying and Assessing the Risks f Material Misstatement Thrugh Understanding the Entity and its Envirnment is drawn primarily frm Internatinal Standard n Auditing ISA 315, Identifying and Assessing the Risks f Material Misstatement Thrugh Understanding the Entity and its Envirnment issued by the Internatinal Auditing and Assurance Standards Bard (IAASB), published by the Internatinal Federatin f Accuntants (IFAC) in 2007 and is used with the permissin f IFAC. ISA (NZ) 550, Related Parties and ISA (NZ) 610, Using the Wrk f Internal Auditrs gave rise t cnfrming amendments t this ISA (NZ). See paragraphs 22a, A23a, A23b and A96a A96c. Release f ISA (NZ) 520, Analytical Prcedures included the additin f paragraphs A6a and A8a. Release f subsequent ISAs (NZ) has als given rise t minr wrding changes t this ISA (NZ). The June 2009 update includes minr editrial amendments made by the IAASB t ISA 315 as a result f the IAASB s review f clarified ISAs fr cnsistency. 1

2 Identifying and Assessing the Risks f Material Misstatement... A105-A130 Dcumentatin... A131-A134 Appendix 1: Internal Cntrl Cmpnents Appendix 2: Cnditins and Events that may Indicate Risks f Material Misstatement Cmpliance with this Standard is mandatry in terms f Rule 11 (paragraph 97) f the Cde f Ethics. Internatinal Standard n Auditing (New Zealand) (ISA (NZ)) 315, Identifying and Assessing the Risks f Material Misstatement thrugh Understanding the Entity and Its Envirnment is t be read in the cntext f the Explanatry Frewrd t Engagement Standards and the Framewrk fr Assurance Engagements issued by the New Zealand Institute f Chartered Accuntants and in cnjunctin with ISA (NZ) 200, Overall Objectives f the Independent Auditr and the Cnduct f an Audit in Accrdance with Internatinal Standards n Auditing (New Zealand). Intrductin Scpe f this ISA (NZ) 1. This Internatinal Standard n Auditing (New Zealand) (ISA (NZ)) deals with the auditr s respnsibility t identify and assess the risks f material misstatement in the financial statements, thrugh understanding the entity and its envirnment, including the entity s internal cntrl. Effective Date 2. This ISA (NZ) is effective fr audits f financial statements fr perids beginning n r after 1 January, Objective 3. The bjective f the auditr is t identify and assess the risks f material misstatement, whether due t fraud r errr, at the financial statement and assertin levels, thrugh understanding the entity and its envirnment, including the entity s internal cntrl, thereby prviding a basis fr designing and implementing respnses t the assessed risks f material misstatement. Definitins 4. Fr purpses f the ISAs (NZ), the fllwing terms have the meanings attributed belw: (a) (b) Assertins Representatins, explicit r therwise, that are embdied in the financial statements, as used by the auditr t cnsider the different types f ptential misstatements that may ccur. Business risk A risk resulting frm significant cnditins, events, circumstances, actins r inactins that culd adversely affect an entity s ability t achieve its bjectives and execute its strategies, r frm the setting f inapprpriate bjectives and strategies. 2

3 (c) (d) (e) Internal cntrl The prcess designed, implemented and maintained by thse charged with gvernance, management and ther persnnel t prvide reasnable assurance abut the achievement f an entity s bjectives with regard t reliability f financial reprting, effectiveness and efficiency f peratins, and cmpliance with applicable laws and regulatins. The term cntrls refers t any aspects f ne r mre f the cmpnents f internal cntrl. Risk assessment prcedures The audit prcedures perfrmed t btain an understanding f the entity and its envirnment, including the entity s internal cntrl, t identify and assess the risks f material misstatement, whether due t fraud r errr, at the financial statement and assertin levels. Significant risk An identified and assessed risk f material misstatement that, in the auditr s judgement, requires special audit cnsideratin. Requirements Risk Assessment Prcedures and Related Activities 5. The auditr shall perfrm risk assessment prcedures t prvide a basis fr the identificatin and assessment f risks f material misstatement at the financial statement and assertin levels. Risk assessment prcedures by themselves, hwever, d nt prvide sufficient apprpriate audit evidence n which t base the audit pinin. (Ref: Para. A1-A5) 6. The risk assessment prcedures shall include the fllwing: (a) (b) Enquiries f thse charged with gvernance, management, and thers within the entity wh in the auditr s judgement may have infrmatin that is likely t assist in identifying risks f material misstatement due t fraud r errr. (Ref: Para. A6) Analytical prcedures. (Ref: Para. A7-A10) (c) Observatin and inspectin. (Ref: Para. A11) 7. The auditr shall cnsider whether infrmatin btained frm the auditr s client acceptance r cntinuance prcess is relevant t identifying risks f material misstatement. 8. If the engagement partner has perfrmed ther engagements fr the entity, the engagement partner shall cnsider whether infrmatin btained is relevant t identifying risks f material misstatement. 9. Where the auditr intends t use infrmatin btained frm the auditr s previus experience with the entity and frm audit prcedures perfrmed in previus audits, the auditr shall determine whether changes have ccurred since the previus audit that may affect its relevance t the current audit. (Ref: Para. A12-A13) 10. The engagement partner and ther key engagement team members shall discuss the susceptibility f the entity s financial statements t material misstatement, and the applicatin f the applicable financial reprting framewrk t the entity s facts and circumstances. The engagement partner shall determine which matters are t be cmmunicated t engagement team members nt invlved in the discussin. (Ref: Para. A14-A16) 3

4 The Required Understanding f the Entity and its Envirnment, Including the Entity s Internal Cntrl The Entity and Its Envirnment 11. The auditr shall btain an understanding f the fllwing: (a) (b) (c) (d) (e) Relevant industry, regulatry, and ther external factrs including the applicable financial reprting framewrk. (Ref: Para. A17-A22) The nature f the entity, including: (i) (ii) its peratins; its wnership and gvernance structures; (iii) the types f investments that the entity is making and plans t make, including investments in special-purpse entities; and (iv) the way that the entity is structured and hw it is financed, t enable the auditr t understand the classes f transactins, accunt balances, and disclsures t be expected in the financial statements. (Ref: Para. A23-A27) The entity s selectin and applicatin f accunting plicies, including the reasns fr changes theret. The auditr shall evaluate whether the entity s accunting plicies are apprpriate fr its business and cnsistent with the applicable financial reprting framewrk and accunting plicies used in the relevant industry. (Ref: Para. A28) The entity s bjectives and strategies, and thse related business risks that may result in risks f material misstatement. (Ref: Para. A29-A35) The measurement and review f the entity s financial perfrmance. (Ref: Para. A36-A41) The Entity s Internal Cntrl 12. The auditr shall btain an understanding f internal cntrl relevant t the audit. Althugh mst cntrls relevant t the audit are likely t relate t financial reprting, nt all cntrls that relate t financial reprting are relevant t the audit. It is a matter f the auditr s prfessinal judgement whether a cntrl, individually r in cmbinatin with thers, is relevant t the audit. (Ref: Para. A42-A65) Nature and Extent f the Understanding f Relevant Cntrls 13. When btaining an understanding f cntrls that are relevant t the audit, the auditr shall evaluate the design f thse cntrls and determine whether they have been implemented, by perfrming prcedures in additin t enquiry f the entity s persnnel. (Ref: Para. A66-A68) Cmpnents f Internal Cntrl Cntrl envirnment 14. The auditr shall btain an understanding f the cntrl envirnment. As part f btaining this understanding, the auditr shall evaluate whether: (a) Management, with the versight f thse charged with gvernance, has created and maintained a culture f hnesty and ethical behaviur; and 4

5 (b) The strengths in the cntrl envirnment elements cllectively prvide an apprpriate fundatin fr the ther cmpnents f internal cntrl, and whether thse ther cmpnents are nt undermined by deficiencies in the cntrl envirnment. (Ref: Para. A69-A78) The entity s risk assessment prcess 15. The auditr shall btain an understanding f whether the entity has a prcess fr: (a) (b) (c) Identifying business risks relevant t financial reprting bjectives; Estimating the significance f the risks; Assessing the likelihd f their ccurrence; and (d) Deciding abut actins t address thse risks. (Ref: Para. A79) 16. If the entity has established such a prcess (referred t hereafter as the entity s risk assessment prcess ), the auditr shall btain an understanding f it, and the results theref. If the auditr identifies risks f material misstatement the entity has failed t identify, the auditr shall evaluate whether there was an underlying risk f a kind that the auditr expects wuld have been identified by the entity s risk assessment prcess. If there is such a risk, the auditr shall btain an understanding f why that prcess failed t identify it, and evaluate whether the prcess is apprpriate t its circumstances r determine if there is a significant deficiency in internal cntrl with regard t the entity s risk assessment prcess. 17. If the entity has nt established such a prcess r has an ad hc prcess, the auditr shall discuss with management and thse charged with gvernance whether business risks relevant t financial reprting bjectives have been identified and hw they have been addressed. The auditr shall evaluate whether the absence f a dcumented risk assessment prcess is apprpriate in the circumstances, r determine whether it represents a significant deficiency in internal cntrl. (Ref: Para. A80) The infrmatin system, including the related business prcesses, relevant t financial reprting, and cmmunicatin 18. The auditr shall btain an understanding f the infrmatin system, including the related business prcesses, relevant t financial reprting, including the fllwing areas: (a) (b) (c) The classes f transactins in the entity s peratins that are significant t the financial statements; The prcedures, within bth infrmatin technlgy (IT) and manual systems, by which thse transactins are initiated, recrded, prcessed, crrected as necessary, transferred t the general ledger and reprted in the financial statements; The related accunting recrds, supprting infrmatin and specific accunts in the financial statements that are used t initiate, recrd, prcess and reprt transactins; this includes the crrectin f incrrect infrmatin and hw infrmatin is transferred t the general ledger. The recrds may be in either manual r electrnic frm; 5

6 (d) (e) (f) ISA (NZ) 315 Hw the infrmatin system captures events and cnditins, ther than transactins, that are significant t the financial statements; The financial reprting prcess used t prepare the entity s financial statements, including significant accunting estimates and disclsures; and Cntrls surrunding jurnal entries, including nn-standard jurnal entries used t recrd nn-recurring, unusual transactins r adjustments. (Ref: Para. A81-A85) 19. The auditr shall btain an understanding f hw the entity cmmunicates financial reprting rles and respnsibilities and significant matters relating t financial reprting, including: (a) (b) Cmmunicatins between management and thse charged with gvernance; and External cmmunicatins, such as thse with regulatry authrities. (Ref: Para. A86-A87) Cntrl activities relevant t the audit 20. The auditr shall btain an understanding f cntrl activities relevant t the audit, being thse the auditr judges it necessary t understand in rder t assess the risks f material misstatement at the assertin level and design further audit prcedures respnsive t assessed risks. An audit des nt require an understanding f all the cntrl activities related t each significant class f transactins, accunt balance, and disclsure in the financial statements r t every assertin relevant t them. (Ref: Para. A88-A94) 21. In understanding the entity s cntrl activities, the auditr shall btain an understanding f hw the entity has respnded t risks arising frm IT. (Ref: Para. A95- A97) Mnitring f cntrls 22. The auditr shall btain an understanding f the majr activities that the entity uses t mnitr internal cntrl ver financial reprting, including thse related t thse cntrl activities relevant t the audit, and hw the entity initiates remedial actins t deficiencies in its cntrls. (Ref: Para. A98-A100) 23. If the entity has an internal audit functin, 4 the auditr shall btain an understanding f the fllwing in rder t determine whether the internal audit functin is likely t be relevant t the audit: (a) (b) The nature f the internal audit functin s respnsibilities and hw the internal audit functin fits in the entity s rganisatin structure; and The activities perfrmed, r t be perfrmed, by the internal audit functin. (Ref: Para. A101-A103) 4 The term internal audit functin is defined in ISA (NZ) 610, Using the Wrk f Internal Auditrs, paragraph 7(a), as: An appraisal activity established r prvided as a service t the entity. Its functins include, amngst ther things, examining, evaluating and mnitring the adequacy and effectiveness f internal cntrl. 6

7 24. The auditr shall btain an understanding f the surces f the infrmatin used in the entity s mnitring activities, and the basis upn which infrmatin is cnsidered t be sufficiently reliable fr the purpse. (Ref: Para. A104) Identifying and Assessing the Risks f Material Misstatement 25. The auditr shall identify and assess the risks f material misstatement at: (a) (b) the financial statement level; and (Ref: Para. A105-A108) the assertin level fr classes f transactins, accunt balances, and disclsures, (Ref: Para. A109-A113) t prvide a basis fr designing and perfrming further audit prcedures. 26. Fr this purpse, the auditr shall: (a) (b) (c) (d) Identify risks thrughut the prcess f btaining an understanding f the entity and its envirnment, including relevant cntrls that relate t the risks, and by cnsidering the classes f transactins, accunt balances, and disclsures in the financial statements; (Ref: Para. A114-A115) Assess the identified risks, and evaluate whether they relate mre pervasively t the financial statements as a whle and ptentially affect many assertins; Relate the identified risks t what can g wrng at the assertin level, taking accunt f relevant cntrls that the auditr intends t test ; (Ref: Para. A1169- A118) and Cnsider the likelihd f misstatement, including the pssibility f multiple misstatements, and whether the ptential misstatement is f a magnitude that culd result in a material misstatement. Risks that Require Special Audit Cnsideratin 27. As part f the risk assessment as described in paragraph 25, the auditr shall determine whether any f the risks identified are, in the auditr s judgement, a significant risk. In exercising this judgement, the auditr shall exclude the effects f identified cntrls related t the risk. 28. In exercising judgement as t which risks are significant risks, the auditr shall cnsider at least the fllwing: (a) Whether the risk is a risk f fraud; (b) Whether the risk is related t recent significant ecnmic, accunting r ther develpments and, therefre, requires specific attentin; (c) The cmplexity f transactins; (d) Whether the risk invlves significant transactins with related parties; (e) (f) The degree f subjectivity in the measurement f financial infrmatin related t the risk, especially thse measurements invlving a wide range f measurement uncertainty; and Whether the risk invlves significant transactins that are utside the nrmal curse f business fr the entity, r that therwise appear t be unusual. (Ref: Para. A119-A123) 7

8 29. If the auditr has determined that a significant risk exists, the auditr shall btain an understanding f the entity s cntrls, including cntrl activities, relevant t that risk. (Ref: Para. A124-A126) Risks fr Which Substantive Prcedures Alne D Nt Prvide Sufficient Apprpriate Audit Evidence 30. In respect f sme risks, the auditr may judge that it is nt pssible r practicable t btain sufficient apprpriate audit evidence nly frm substantive prcedures. Such risks may relate t the inaccurate r incmplete recrding f rutine and significant classes f transactins r accunt balances, the characteristics f which ften permit highly autmated prcessing with little r n manual interventin. In such cases, the entity s cntrls ver such risks are relevant t the audit and the auditr shall btain an understanding f them. (Ref: Para. A127-A129) Revisin f Risk Assessment 31. The auditr s assessment f the risks f material misstatement at the assertin level may change during the curse f the audit as additinal audit evidence is btained. In circumstances where the auditr btains audit evidence frm perfrming further audit prcedures, r if new infrmatin is btained, either f which is incnsistent with the audit evidence n which the auditr riginally based the assessment, the auditr shall revise the assessment and mdify the further planned audit prcedures accrdingly. (Ref: Para. A130) Dcumentatin 32. The auditr shall include in the audit dcumentatin: 5 (a) The discussin amng the engagement team where required by paragraph 10, and the significant decisins reached; (b) (c) (d) Key elements f the understanding btained regarding each f the aspects f the entity and its envirnment specified in paragraph 11 and f each f the internal cntrl cmpnents specified in paragraphs 14-24; the surces f infrmatin frm which the understanding was btained; and the risk assessment prcedures perfrmed; The identified and assessed risks f material misstatement at the financial statement level and at the assertin level as required by paragraph 25; and The risks identified, and related cntrls abut which the auditr has btained an understanding, as a result f the requirements in paragraphs (Ref: Para. A131-A134) *** 5 ISA (NZ) 230, Audit Dcumentatin, paragraphs 8-11, and paragraph A6. 8

9 Applicatin and Other Explanatry Material Risk Assessment Prcedures and Related Activities (Ref: Para. 5) ISA (NZ) 315 A1. Obtaining an understanding f the entity and its envirnment, including the entity s internal cntrl (referred t hereafter as an understanding f the entity ), is a cntinuus, dynamic prcess f gathering, updating and analysing infrmatin thrughut the audit. The understanding establishes a frame f reference within which the auditr plans the audit and exercises prfessinal judgement thrughut the audit, fr example, when: Assessing risks f material misstatement f the financial statements; Determining materiality in accrdance with ISA (NZ) 320; 6 Cnsidering the apprpriateness f the selectin and applicatin f accunting plicies, and the adequacy f financial statement disclsures; Identifying areas where special audit cnsideratin may be necessary, fr example, related party transactins, the apprpriateness f the use f the ging cncern assumptin, r cnsidering the business purpse f transactins; Develping expectatins fr use when perfrming analytical prcedures; Respnding t the assessed risks f material misstatement, including designing and perfrming further audit prcedures t btain sufficient apprpriate audit evidence; and Evaluating the sufficiency and apprpriateness f audit evidence btained, such as the apprpriateness f assumptins and f the ral and written representatins f management and thse charged with gvernance. A2. Infrmatin btained by perfrming risk assessment prcedures and related activities may be used by the auditr as audit evidence t supprt assessments f the risks f material misstatement. In additin, the auditr may btain audit evidence abut classes f transactins, accunt balances, r disclsures and related assertins and abut the perating effectiveness f cntrls, even thugh such prcedures were nt specifically planned as substantive prcedures r as tests f cntrls. The auditr als may chse t perfrm substantive prcedures r tests f cntrls cncurrently with risk assessment prcedures because it is efficient t d s. A3. The auditr uses prfessinal judgement t determine the extent f the understanding required. The auditr s primary cnsideratin is whether the understanding that has been btained is sufficient t meet the bjective stated in this ISA (NZ). The depth f the verall understanding that is required by the auditr is less than that pssessed by management in managing the entity. A4. The risks t be assessed include bth thse due t errr and thse due t fraud, and bth are cvered by this ISA (NZ). Hwever, the significance f fraud is such that further requirements and guidance are included in ISA (NZ) 240 in relatin t risk 6 ISA (NZ) 320, Materiality in Planning and Perfrming an Audit. 9

10 assessment prcedures and related activities t btain infrmatin that is used t identify the risks f material misstatement due t fraud. 7 A5. Althugh the auditr is required t perfrm all the risk assessment prcedures described in paragraph 6 in the curse f btaining the required understanding f the entity (see paragraphs 11-24), the auditr is nt required t perfrm all f them fr each aspect f that understanding. Other prcedures may be perfrmed where the infrmatin t be btained therefrm may be helpful in identifying risks f material misstatement. Examples f such prcedures include: Reviewing infrmatin btained frm external surces such as trade and ecnmic jurnals; reprts by analysts, banks, r rating agencies; r regulatry r financial publicatins. Making enquiries f the entity s external legal cunsel r f valuatin experts that the entity has used. Enquiries f Thse Charged with Gvernance, Management and Others within the Entity (Ref: Para. 6(a)) A6. Much f the infrmatin btained by the auditr s enquiries is btained frm management and thse respnsible fr financial reprting. Hwever, the auditr may als btain infrmatin, r a different perspective in identifying risks f material misstatement, thrugh enquiries f thers within the entity and ther emplyees with different levels f authrity. Fr example: Enquiries directed twards thse charged with gvernance may help the auditr understand the envirnment in which the financial statements are prepared. Enquiries directed tward internal audit persnnel may prvide infrmatin abut internal audit prcedures perfrmed during the year relating t the design and effectiveness f the entity s internal cntrl and whether management and/r thse charged with gvernance have satisfactrily respnded t findings frm thse prcedures. Enquiries f emplyees invlved in initiating, prcessing r recrding cmplex r unusual transactins may help the auditr t evaluate the apprpriateness f the selectin and applicatin f certain accunting plicies. Enquiries directed tward in-huse legal cunsel may prvide infrmatin abut such matters as litigatin, cmpliance with laws and regulatins, knwledge f fraud r suspected fraud affecting the entity, warranties, pst-sales bligatins, arrangements (such as jint ventures) with business partners and the meaning f cntract terms. Enquiries directed twards marketing r sales persnnel may prvide infrmatin abut changes in the entity s marketing strategies, sales trends, r cntractual arrangements with its custmers. 7 ISA (NZ) 240, The Auditr s Respnsibilities Relating t Fraud in an Audit f Financial Statements, paragraphs

11 Analytical Prcedures (Ref: Para. 6(b)) ISA (NZ) 315 A7. Analytical prcedures perfrmed as risk assessment prcedures may identify aspects f the entity f which the auditr was unaware and may assist in assessing the risks f material misstatement in rder t prvide a basis fr designing and implementing respnses t the assessed risks. Analytical prcedures perfrmed as risk assessment prcedures may include bth financial and nn-financial infrmatin, fr example, the relatinship between sales and square ftage f selling space r vlume f gds sld. A8. Analytical prcedures may help identify the existence f unusual transactins r events, and amunts, ratis, and trends that might indicate matters that have audit implicatins. Unusual r unexpected relatinships that are identified may assist the auditr in identifying risks f material misstatement, especially risks f material misstatement due t fraud. A9. Hwever, when such analytical prcedures use data aggregated at a high level (which may be the situatin with analytical prcedures perfrmed as risk assessment prcedures), the results f thse analytical prcedures nly prvide a brad initial indicatin abut whether a material misstatement may exist. Accrdingly, in such cases, cnsideratin f ther infrmatin that has been gathered when identifying the risks f material misstatement tgether with the results f such analytical prcedures may assist the auditr in understanding and evaluating the results f the analytical prcedures. Cnsideratins Specific t Smaller Entities A10. Sme smaller entities may nt have interim r mnthly financial infrmatin that can be used fr purpses f analytical prcedures. In these circumstances, althugh the auditr may be able t perfrm limited analytical prcedures fr purpses f planning the audit r btain sme infrmatin thrugh enquiry, the auditr may need t plan t perfrm analytical prcedures t identify and assess the risks f material misstatement when an early draft f the entity s financial statements is available. Observatin and Inspectin (Ref: Para. 6(c)) A11. Observatin and inspectin may supprt enquiries f management and thers, and may als prvide infrmatin abut the entity and its envirnment. Examples f such audit prcedures include bservatin r inspectin f the fllwing: The entity s peratins. Dcuments (such as business plans and strategies), recrds, and internal cntrl manuals. Reprts prepared by management (such as quarterly management reprts and interim financial statements) and thse charged with gvernance (such as minutes f bard f directrs meetings). The entity s premises and plant facilities. Infrmatin Obtained in Prir Perids (Ref: Para. 9) A12. The auditr s previus experience with the entity and audit prcedures perfrmed in previus audits may prvide the auditr with infrmatin abut such matters as: 11

12 Past misstatements and whether they were crrected n a timely basis. ISA (NZ) 315 The nature f the entity and its envirnment, and the entity s internal cntrl (including deficiencies in internal cntrl). Significant changes that the entity r its peratins may have undergne since the prir financial perid, which may assist the auditr in gaining a sufficient understanding f the entity t identify and assess risks f material misstatement. A13. The auditr is required t determine whether infrmatin btained in prir perids remains relevant, if the auditr intends t use that infrmatin fr the purpses f the current audit. This is because changes in the cntrl envirnment, fr example, may affect the relevance f infrmatin btained in the prir year. T determine whether changes have ccurred that may affect the relevance f such infrmatin, the auditr may make enquiries and perfrm ther apprpriate audit prcedures, such as walkthrughs f relevant systems. Discussin amng the Engagement Team (Ref: Para. 10) A14. The discussin amng the engagement team abut the susceptibility f the entity s financial statements t material misstatement: Prvides an pprtunity fr mre experienced engagement team members, including the engagement partner, t share their insights based n their knwledge f the entity. Allws the engagement team members t exchange infrmatin abut the business risks t which the entity is subject and abut hw and where the financial statements might be susceptible t material misstatement due t fraud r errr. Assists the engagement team members t gain a better understanding f the ptential fr material misstatement f the financial statements in the specific areas assigned t them, and t understand hw the results f the audit prcedures that they perfrm may affect ther aspects f the audit including the decisins abut the nature, timing, and extent f further audit prcedures. Prvides a basis upn which engagement team members cmmunicate and share new infrmatin btained thrughut the audit that may affect the assessment f risks f material misstatement r the audit prcedures perfrmed t address these risks. ISA (NZ) 240 prvides further requirements and guidance in relatin t the discussin amng the engagement team abut the risks f fraud. 8 A15. It is nt always necessary r practical fr the discussin t include all members in a single discussin (as, fr example, in a multi-lcatin audit), nr is it necessary fr all f the members f the engagement team t be infrmed f all f the decisins reached in the discussin. The engagement partner may discuss matters with key members f the engagement team including, if cnsidered apprpriate, specialists and thse respnsible fr the audits f cmpnents, while delegating discussin with thers, taking accunt f the extent f cmmunicatin cnsidered necessary thrughut the 8 ISA (NZ) 240, paragraph

13 engagement team. A cmmunicatins plan, agreed by the engagement partner, may be useful. Cnsideratins Specific t Smaller Entities A16. Many small audits are carried ut entirely by the engagement partner (wh may be a sle practitiner). In such situatins, it is the engagement partner wh, having persnally cnducted the planning f the audit, wuld be respnsible fr cnsidering the susceptibility f the entity s financial statements t material misstatement due t fraud r errr. The Required Understanding f the Entity and Its Envirnment, Including the Entity s Internal Cntrl The Entity and Its Envirnment Industry, Regulatry and Other External Factrs (Ref: Para. 11(a)) Industry Factrs A17. Relevant industry factrs include industry cnditins such as the cmpetitive envirnment, supplier and custmer relatinships, and technlgical develpments. Examples f matters the auditr may cnsider include: The market and cmpetitin, including demand, capacity, and price cmpetitin. Cyclical r seasnal activity. Prduct technlgy relating t the entity s prducts. Energy supply and cst. A18. The industry in which the entity perates may give rise t specific risks f material misstatement arising frm the nature f the business r the degree f regulatin. Fr example, lng-term cntracts may invlve significant estimates f revenues and expenses that give rise t risks f material misstatement. In such cases, it is imprtant that the engagement team include members with sufficient relevant knwledge and experience. 9 Regulatry Factrs A19. Relevant regulatry factrs include the regulatry envirnment. The regulatry envirnment encmpasses, amng ther matters, the applicable financial reprting framewrk and the legal and plitical envirnment. Examples f matters the auditr may cnsider include: Accunting principles and industry specific practices. Regulatry framewrk fr a regulated industry. Legislatin and regulatin that significantly affect the entity s peratins, including direct supervisry activities. Taxatin (crprate and ther). 9 ISA (NZ) 220, Quality Cntrl fr an Audit f Financial Statements, paragraph

14 Gvernment plicies currently affecting the cnduct f the entity s business, such as mnetary, including freign exchange cntrls, fiscal, financial incentives (fr example, gvernment aid prgrammes), and tariffs r trade restrictins plicies. Envirnmental requirements affecting the industry and the entity s business. A20. ISA (NZ) 250 includes sme specific requirements related t the legal and regulatry framewrk applicable t the entity and the industry r sectr in which the entity perates. 10 Cnsideratins specific t public sectr entities A21. Fr the audits f public sectr entities, law, regulatin r ther authrity may affect the entity s peratins. Such elements are essential t cnsider when btaining an understanding f the entity and its envirnment. Other External Factrs A22. Examples f ther external factrs affecting the entity that the auditr may cnsider include the general ecnmic cnditins, interest rates and availability f financing, and inflatin r currency revaluatin. Nature f the Entity (Ref: Para. 11(b)) A23. An understanding f the nature f an entity enables the auditr t understand such matters as: Whether the entity has a cmplex structure, fr example with subsidiaries r ther cmpnents in multiple lcatins. Cmplex structures ften intrduce issues that may give rise t risks f material misstatement. Such issues may include whether gdwill, jint ventures, investments, r special-purpse entities are accunted fr apprpriately. The wnership, and relatins between wners and ther peple r entities. This understanding assists in determining whether related party transactins have been identified and accunted fr apprpriately. ISA (NZ) establishes requirements and prvides guidance n the auditr s cnsideratins relevant t related parties. A24. Examples f matters that the auditr may cnsider when btaining an understanding f the nature f the entity include: Business peratins such as: Nature f revenue surces, prducts r services, and markets, including invlvement in electrnic cmmerce such as Internet sales and marketing activities Cnduct f peratins (fr example, stages and methds f prductin, r activities expsed t envirnmental risks) ISA (NZ) 250, Cnsidering Laws and Regulatins in an Audit f Financial Statements, paragraph 12. ISA (NZ) 550, Related Parties. 14

15 Alliances, jint ventures, and utsurcing activities Gegraphic dispersin and industry segmentatin ISA (NZ) 315 Lcatin f prductin facilities, warehuses, and ffices, and lcatin and quantities f inventries Key custmers and imprtant suppliers f gds and services, emplyment arrangements (including the existence f unin cntracts, pensin and ther pst emplyment benefits, share ptin r incentive bnus arrangements, and gvernment regulatin related t emplyment matters) Research and develpment activities and expenditures Transactins with related parties. Investments and investment activities such as: Planned r recently executed acquisitins r divestitures Investments and dispsitins f securities and lans Capital investment activities Investments in nn-cnslidated entities, including partnerships, jint ventures and special-purpse entities. Financing and financing activities such as: Majr subsidiaries and assciated entities, including cnslidated and nncnslidated structures Debt structure and related terms, including ff-balance-sheet financing arrangements and leasing arrangements Beneficial wners (lcal, freign, business reputatin and experience) and related parties Use f derivative financial instruments. Financial reprting such as: Accunting principles and industry specific practices, including industryspecific significant categries (fr example, lans and investments fr banks, r research and develpment fr pharmaceuticals) Revenue recgnitin practices Accunting fr fair values Freign currency assets, liabilities and transactins Accunting fr unusual r cmplex transactins including thse in cntrversial r emerging areas (fr example, accunting fr share-based cmpensatin). A25. Significant changes in the entity frm prir perids may give rise t, r change, risks f material misstatement. 15

16 Nature f Special-Purpse Entities ISA (NZ) 315 A26. A special-purpse entity (smetimes referred t as a special purpse vehicle) is an entity that is generally established fr a narrw and well-defined purpse, such as t effect a lease r a securitisatin f financial assets, r t carry ut research and develpment activities. It may take the frm f a crpratin, trust, partnership r unincrprated entity. The entity n behalf f which the special-purpse entity has been created may ften transfer assets t the latter (fr example, as part f a derecgnitin transactin invlving financial assets), btain the right t use the latter s assets, r perfrm services fr the latter, while ther parties may prvide the funding t the latter. As ISA (NZ) 550 indicates, in sme circumstances, a special-purpse entity may be a related party f the entity. 12 A27. Financial reprting framewrks ften specify detailed cnditins that are deemed t amunt t cntrl, r circumstances under which the special-purpse entity shuld be cnsidered fr cnslidatin. The interpretatin f the requirements f such framewrks ften demands a detailed knwledge f the relevant agreements invlving the special-purpse entity. The Entity s Selectin and Applicatin f Accunting Plicies (Ref: Para.11(c)) A28. An understanding f the entity s selectin and applicatin f accunting plicies may encmpass such matters as: The methds the entity uses t accunt fr significant and unusual transactins. The effect f significant accunting plicies in cntrversial r emerging areas fr which there is a lack f authritative guidance r cnsensus. Changes in the entity s accunting plicies. Financial reprting standards and laws and regulatins that are new t the entity and when and hw the entity will adpt such requirements. Objectives and Strategies and Related Business Risks (Ref. Para. 11(d)) A29. The entity cnducts its business in the cntext f industry, regulatry and ther internal and external factrs. T respnd t these factrs, the entity s management r thse charged with gvernance define bjectives, which are the verall plans fr the entity. Strategies are the appraches by which management and thse charged with gvernance intend t achieve the bjectives. The entity s bjectives and strategies may change ver time. A30. Business risk is brader than the risk f material misstatement f the financial statements, thugh it includes the latter. Business risk may arise frm change r cmplexity. A failure t recgnise the need fr change may als give rise t business risk. Business risk may arise, fr example, frm: The develpment f new prducts r services that may fail; A market which, even if successfully develped, is inadequate t supprt a prduct r service; r 12 ISA (NZ) 550, Related Parties, paragraph A7. 16

17 Flaws in a prduct r service that may result in liabilities and reputatinal risk. A31. An understanding f the business risks facing the entity increases the likelihd f identifying risks f material misstatement, since mst business risks will eventually have financial cnsequences and, therefre, an effect n the financial statements. Hwever, the auditr des nt have a respnsibility t identify r assess all business risks because nt all business risks give rise t risks f material misstatement. A32. Examples f matters that the auditr may cnsider when btaining an understanding f the entity s bjectives, strategies and related business risks that may result in a risk f material misstatement f the financial statements include: Industry develpments (a ptential related business risk might be, fr example, that the entity des nt have the persnnel r expertise t deal with the changes in the industry). New prducts and services (a ptential related business risk might be, fr example, that there is increased prduct liability). Expansin f the business (a ptential related business risk might be, fr example, that the demand has nt been accurately estimated). New accunting requirements (a ptential related business risk might be, fr example, incmplete r imprper implementatin, r increased csts). Regulatry requirements (a ptential related business risk might be, fr example, that there is increased legal expsure). Current and prspective financing requirements (a ptential related business risk might be, fr example, the lss f financing due t the entity s inability t meet requirements). Use f IT (a ptential related business risk might be, fr example, that systems and prcesses are incmpatible). The effects f implementing a strategy, particularly any effects that will lead t new accunting requirements (a ptential related business risk might be, fr example, incmplete r imprper implementatin). A33. A business risk may have an immediate cnsequence fr the risk f material misstatement fr classes f transactins, accunt balances, and disclsures at the assertin level r the financial statement level. Fr example, the business risk arising frm a cntracting custmer base may increase the risk f material misstatement assciated with the valuatin f receivables. Hwever, the same risk, particularly in cmbinatin with a cntracting ecnmy, may als have a lnger-term cnsequence, which the auditr cnsiders when assessing the apprpriateness f the ging cncern assumptin. Whether a business risk may result in a risk f material misstatement is, therefre, cnsidered in light f the entity s circumstances. Examples f cnditins and events that may indicate risks f material misstatement are indicated in Appendix 2. A34. Usually, management and thse charged with gvernance identify business risks and develp appraches t address them. Such a risk assessment prcess is part f internal cntrl and is discussed in paragraph 15 and paragraphs A79-A80. 17

18 Cnsideratins Specific t Public Sectr Entities ISA (NZ) 315 A35. Fr the audits f public sectr entities, management bjectives may be influenced by cncerns regarding public accuntability and may include bjectives which have their surce in law, regulatins r ther authrity. Measurement and Review f the Entity s Financial Perfrmance (Ref: Para.11(e)) A36. Management and thers will measure and review thse things they regard as imprtant. Perfrmance measures, whether external r internal, create pressures n the entity. These pressures, in turn, may mtivate management and/r thse charged with gvernance t take actin t imprve the business perfrmance r t misstate the financial statements. Accrdingly, an understanding f the entity s perfrmance measures assists the auditr in cnsidering whether pressures t achieve perfrmance targets may result in actins that increase the risks f material misstatement, including thse due t fraud. See ISA (NZ) 240 fr requirements and guidance in relatin t the risks f fraud. A37. The measurement and review f financial perfrmance is nt the same as the mnitring f cntrls (discussed as a cmpnent f internal cntrl in paragraphs A98-A104), thugh their purpses may verlap: The measurement and review f perfrmance is directed at whether business perfrmance is meeting the bjectives set by management and thse charged with gvernance (r third parties). Mnitring f cntrls is specifically cncerned with the effective peratin f internal cntrl. In sme cases, hwever, perfrmance indicatrs als prvide infrmatin that enables the identificatin f deficiencies in internal cntrl. A38. Examples f internally-generated infrmatin used fr measuring and reviewing financial perfrmance, and which the auditr may cnsider, include: Key perfrmance indicatrs (financial and nn-financial) and key ratis, trends and perating statistics. Perid-n-perid financial perfrmance analyses. Budgets, frecasts, variance analyses, segment infrmatin and divisinal, departmental r ther level perfrmance reprts. Emplyee perfrmance measures and incentive cmpensatin plicies. Cmparisns f an entity s perfrmance with that f cmpetitrs. A39. External parties may als measure and review the entity s financial perfrmance. Fr example, external infrmatin such as analysts reprts and credit rating agency reprts may represent useful infrmatin fr the auditr. Such reprts can ften be btained frm the entity being audited. A40. Internal measures may highlight unexpected results r trends requiring management r thse charged with gvernance t determine their cause and take crrective actin (including, in sme cases, the detectin and crrectin f misstatements n a timely basis). Perfrmance measures may als indicate t the auditr that risks f misstatement f related financial statement infrmatin d exist. Fr example, 18

19 perfrmance measures may indicate that the entity has unusually rapid grwth r prfitability when cmpared t that f ther entities in the same industry. Such infrmatin, particularly if cmbined with ther factrs such as perfrmance-based bnus r incentive remuneratin, may indicate the ptential risk f management bias in the preparatin f the financial statements. Cnsideratins Specific t Smaller Entities A41. Smaller entities ften d nt have prcesses t measure and review financial perfrmance. Enquiry f management and thse charged with gvernance may reveal that rely n certain key indicatrs fr evaluating financial perfrmance and taking apprpriate actin. If such enquiry indicates an absence f perfrmance measurement r review, there may be an increased risk f misstatements nt being detected and crrected. The Entity s Internal Cntrl A42. An understanding f internal cntrl assists the auditr in identifying types f ptential misstatements and factrs that affect the risks f material misstatement, and in designing the nature, timing, and extent f further audit prcedures. A43. The fllwing applicatin material n internal cntrl is presented in fur sectins, as fllws: General Nature and Characteristics f Internal Cntrl. Cntrls Relevant t the Audit. Nature and Extent f the Understanding f Relevant Cntrls. Cmpnents f Internal Cntrl. General Nature and Characteristics f Internal Cntrl (Ref: Para. 12) Purpse f Internal Cntrl A44. Internal cntrl is designed, implemented and maintained t address identified business risks that threaten the achievement f any f the entity s bjectives that cncern: The reliability f the entity s financial reprting; The effectiveness and efficiency f its peratins; and Its cmpliance with applicable laws and regulatins. The way in which internal cntrl is designed, implemented and maintained varies with an entity s size and cmplexity. Cnsideratins specific t smaller entities A45. Smaller entities may use less structured means and simpler prcesses and prcedures t achieve their bjectives. Limitatins f Internal Cntrl A46. Internal cntrl, n matter hw effective, can prvide an entity with nly reasnable assurance abut achieving the entity s financial reprting bjectives. The likelihd f 19

20 their achievement is affected by the inherent limitatins f internal cntrl. These include the realities that human judgement in decisin-making can be faulty and that breakdwns in internal cntrl can ccur because f human errr. Fr example, there may be an errr in the design f, r in the change t, a cntrl. Equally, the peratin f a cntrl may nt be effective, such as where infrmatin prduced fr the purpses f internal cntrl (fr example, an exceptin reprt) is nt effectively used because the individual respnsible fr reviewing the infrmatin des nt understand its purpse r fails t take apprpriate actin. A47. Additinally, cntrls can be circumvented by the cllusin f tw r mre peple r inapprpriate management verride f internal cntrl. Fr example, management may enter int side agreements with custmers that alter the terms and cnditins f the entity s standard sales cntracts, which may result in imprper revenue recgnitin. Als, edit checks in a sftware prgram that are designed t identify and reprt transactins that exceed specified credit limits may be verridden r disabled. A48. Further, in designing and implementing cntrls, management may make judgements n the nature and extent f the cntrls it chses t implement, and the nature and extent f the risks it chses t assume. Cnsideratins specific t smaller entities A49. Smaller entities ften have fewer emplyees which may limit the extent t which segregatin f duties is practicable. Hwever, in a small wner-managed entity, the wner-manager may be able t exercise mre effective versight than in a larger entity. This versight may cmpensate fr the generally mre limited pprtunities fr segregatin f duties. A50. On the ther hand, the wner-manager may be mre able t verride cntrls because the system f internal cntrl is less structured. This is taken int accunt by the auditr when identifying the risks f material misstatement due t fraud. Divisin f Internal Cntrl int Cmpnents A51. The divisin f internal cntrl int the fllwing five cmpnents, fr purpses f the ISAs (NZ), prvides a useful framewrk fr auditrs t cnsider hw different aspects f an entity s internal cntrl may affect the audit: (a) (b) (c) (d) (e) The cntrl envirnment; The entity s risk assessment prcess; The infrmatin system, including the related business prcesses, relevant t financial reprting, and cmmunicatin; Cntrl activities; and Mnitring f cntrls. The divisin des nt necessarily reflect hw an entity designs, implements and maintains internal cntrl, r hw it may classify any particular cmpnent. Auditrs may use different terminlgy r framewrks t describe the varius aspects f internal cntrl, and their effect n the audit than thse used in this ISA (NZ), prvided all the cmpnents described in this ISA (NZ) are addressed. 20

21 A52. Applicatin material relating t the five cmpnents f internal cntrl as they relate t a financial statement audit is set ut in paragraphs A69-A104 belw. Appendix 1 prvides further explanatin f these cmpnents f internal cntrl. Characteristics f Manual and Autmated Elements f Internal Cntrl Relevant t the Auditr s Risk Assessment A53. An entity s system f internal cntrl cntains manual elements and ften cntains autmated elements. The characteristics f manual r autmated elements are relevant t the auditr s risk assessment and further audit prcedures based theren. A54. The use f manual r autmated elements in internal cntrl als affects the manner in which transactins are initiated, recrded, prcessed, and reprted: Cntrls in a manual system may include such prcedures as apprvals and reviews f transactins, and recnciliatins and fllw-up f recnciling items. Alternatively, an entity may use autmated prcedures t initiate, recrd, prcess, and reprt transactins, in which case recrds in electrnic frmat replace paper dcuments. Cntrls in IT systems cnsist f a cmbinatin f autmated cntrls (fr example, cntrls embedded in cmputer prgrams) and manual cntrls. Further, manual cntrls may be independent f IT, may use infrmatin prduced by IT, r may be limited t mnitring the effective functining f IT and f autmated cntrls, and t handling exceptins. When IT is used t initiate, recrd, prcess r reprt transactins, r ther financial data fr inclusin in financial statements, the systems and prgrams may include cntrls related t the crrespnding assertins fr material accunts r may be critical t the effective functining f manual cntrls that depend n IT. An entity s mix f manual and autmated elements in internal cntrl varies with the nature and cmplexity f the entity s use f IT. A55. Generally, IT benefits an entity s internal cntrl by enabling an entity t: Cnsistently apply predefined business rules and perfrm cmplex calculatins in prcessing large vlumes f transactins r data. Enhance the timeliness, availability, and accuracy f infrmatin; Facilitate the additinal analysis f infrmatin; Enhance the ability t mnitr the perfrmance f the entity s activities and its plicies and prcedures; Reduce the risk that cntrls will be circumvented. Enhance the ability t achieve effective segregatin f duties by implementing security cntrls in applicatins, databases, and perating systems. A56. IT als pses specific risks t an entity s internal cntrl, including, fr example: Reliance n systems r prgrams that are inaccurately prcessing data, prcessing inaccurate data, r bth. Unauthrised access t data that may result in destructin f data r imprper changes t data, including the recrding f unauthrised r nn-existent 21