Standards for Audits and Reviews of Historical Financial Information
SA 200: Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Standards on Auditing
This Standard establishes the independent auditor’s overall responsibilities when conducting an audit of financial statements in accordance with SAs
- Ethical Requirements Relating to an Audit of Financial Statements — The auditor should apply the following fundamental principles of professional ethics relevant when conducting an audit of financial statements; (a) Integrity; (b) Objectivity; (c) Professional competence and due care; (d) Confidentiality; and (e) Professional behaviour
- Professional Skepticism— Professional skepticism includes being alert to, for example; (a) Audit evidence that contradicts other audit evidence obtained;
(b) Information that brings into question the reliability of documents and responses to inquiries to be used as audit evidence; (c) Conditions that may indicate possible fraud; (d) Circumstances that suggest the need for audit procedures in addition to those required by the SAs - Professional Judgment— Professional judgment is necessary in particular regarding decisions about:
(a) Materiality and audit risk; (b) The nature, timing, and extent of audit procedures used to meet the requirements of the SAs and gather audit evidence; (c) Evaluating whether sufficient appropriate audit evidence has been obtained, and whether more needs to be done to achieve the objectives of the SAs and thereby, the overall objectives of the auditor; (d) The evaluation of management’s judgments in applying the entity’s applicable financial reporting framework; (e) The drawing of conclusions based on the audit evidence obtained, for example, assessing the reasonableness of the estimates made by management in preparing the financial statements - Sufficient Appropriate Audit Evidence and Audit Risk— To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion
Ø Sufficiency and Appropriateness of Audit Evidence — Audit evidence is necessary to support the auditor’s opinion and report. It is cumulative in nature and is primarily obtained from audit procedures performed during the course of the audit. Sufficiency is the measure of quantity of audit evidence whereas appropriateness is the measure of quality of audit evidence
Ø Audit Risk — Audit risk is a function of the risks of material misstatement and detection risk. The risks of material misstatement may exist at two levels:
(a) The overall financial statement level; and (b) The assertion level for classes of transactions, account balances, and disclosures. For a given level of audit risk, the acceptable level of detection risk bears an inverse relationship to the assessed risks of material misstatement at the assertion level
- Conduct of an Audit in Accordance with SAs — The auditor shall comply with all SAs relevant to the audit. An SA is relevant to the audit when the SA is in effect and the circumstances addressed by the SA exist. The auditor shall have an understanding of the entire text of an SA, including its application and other explanatory material, to understand its objectives and to apply its requirements properly. The auditor shall not represent compliance with SAs in the auditor’s report unless the auditor has complied with the requirements of this SA and all other SAs relevant to the audit
SA 210: Agreeing the Terms of Audit Engagements
- Auditor and client should agree on terms of engagement. Agreed terms would need to be recorded in an audit engagement letter or other suitable form of contract
- The form and content of audit engagement letter may vary for each client, but would generally include reference to (a) objective and scope of the audit of financial statements; (b) responsibilities of the auditor; (c) responsibilities of management; (d) Identification of applicable financial reporting framework for the preparation of financial statements; and (e) Reference to the expected form and content of any reports to be issued by the auditor and a statement that there may be circumstances in which a report may differ from its expected form and content. Other matters as per the circumstances should also be included
- In case of recurring audits, auditor should consider whether circumstances require the terms of engagement to be revised
- Where the terms of engagement are changed, auditor and client should agree on the new terms. If auditor is unable to agree to a change of engagement and is not permitted to continue the original engagement, the auditor should consider withdrawing from the engagement and determine whether there is any obligation, either contractual or otherwise, to report the circumstances to other parties, such as those charged with governance, owners or regulators.
SA 220: Quality Control for an Audit of Financial Statements
- Quality control policies and procedures should be implemented at both level — of audit firm and on individual audits
- To implement quality control policies and procedures designed to ensure that all audits are conducted in accordance with Standards of Auditing
- Objectives of quality control policies to be adopted will incorporate Professional Requirements, Skills and Competence, Assignment, Delegation, Consultation, Acceptance and Retention of Clients, Monitoring
- To be communicated to its personnel in a manner that provides reasonable assurance that the policies and procedures are understood and implemented
- To implement those quality control procedures which are, in the context of policies and procedures of the firm, appropriate to individual audit. To consider professional competence of assistants performing work delegated to them when deciding extent of direction, supervision and review appropriate for each assistant. Assistants to whom work is delegated need appropriate direction, supervision and review of audit work performed by them.
SA 230: Audit Documentation
- Audit documentation that meets the requirements of this SA and the specific documentation requirements of other relevant SAs provides (a) evidence of auditor’s basis for a conclusion about the achievement of overall objective of audit; and (b) evidence that the audit was planned and performed in accordance with SAs and applicable legal and regulatory requirements
- Audit Documentation refers to the record of audit procedures performed, relevant audit evidence obtained, and conclusions the auditor reached. Preparing sufficient and appropriate audit documentation on a timely basis helps to enhance the quality of audit and facilitates effective review and evaluation of audit evidence obtained and conclusions reached before finalizing auditor’s report
- To document discussions of significant matters with management, those charged with governance, and others, including the nature of significant matters discussed and when and with whom the discussions took place
- Auditor may consider preparing and retaining a summary (Completion Memorandum) that describes significant matters identified during the audit and how they were addressed. SA 220 requires auditor to review audit work performed through review of audit documentation. Standards on Quality Control (SQC) 1 require firms to establish policies and procedures for timely completion of assembly of audit files. An appropriate time limit within which to complete the assembly of final audit file is ordinarily not more than 60 days after the date of auditor’s report. SQC 1 requires firms to establish policies and procedures for retention of engagement documentation
- Retention period for audit engagements ordinarily is no shorter than ten years from the date of auditor’s report, or, if later, the date of group auditor’s report
SA 240: The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements
- Auditor is concerned with fraud that causes a material misstatement in financial statements
- Two types of intentional misstatements are relevant — misstatements resulting from fraudulent financial reporting and misstatements resulting from misappropriation of assets
- Primary responsibility of prevention and detection of frauds is of the management as well as those charged with governance. It is important that management, with oversight of those charged with governance; place a strong emphasis on fraud prevention which may reduce opportunities for fraud to take place and act as a deterrent
- Auditor is responsible for obtaining reasonable assurance that financial statement taken as a whole are free from material misstatement, whether caused by fraud or error. While auditor may be able to identify potential opportunities for fraud to be perpetrated, it is difficult for him to determine whether misstatements in judgment areas such as accounting estimates are caused by fraud or error
- Risk of auditor not detecting a material misstatement resulting from management fraud is greater than for employee fraud, because management is frequently in a position to directly or indirectly manipulate accounting records, present fraudulent financial information or override control procedures designed to prevent similar frauds by other employees. Auditor is responsible for maintaining an attitude of professional skepticism throughout the audit, considering the potential for management override of controls and recognizing the fact that audit procedures that are effective for detecting error may not be effective in detecting fraud
- Auditor shall identify and assess risks of material misstatement due to fraud at financial statement level, and at assertion level for classes of transactions, account balances and disclosures. Auditor must make appropriate inquiries of the management. Auditor must discuss with those charged with governance as they have oversight responsibility for systems for accounting risk, financial control and compliance with the law
- When auditor identifies a misstatement, s/he should consider whether such a misstatement may be indicative of fraud and if there is such an indication, s/he should consider the implications of misstatement in relation to other aspects of the audit, particularly the reliability of management representations
- When the auditor identifies a misstatement resulting from fraud, or a suspected fraud, s/he should consider auditor’s responsibility to communicate that information to management, those charged with governance and, in some circumstances, when so required by laws and regulations, to regulatory and enforcement authorities also
- To obtain written representations from management
- To document the understanding of entity and its environment and the assessment of risks of material misstatement, responses to assessed risks of material misstatement and communications about fraud made to management, those charged with governance, regulators and others
SA 250: Consideration of Laws and Regulations in an Audit of Financial Statements
- To recognise that non–compliance by entity with laws and regulations may materially affect financial statements. It is management’s responsibility to ensure that entity’s operations are conducted in accordance with laws and regulations
- Auditor is not responsible for preventing non–compliance. The auditor is responsible for obtaining reasonable assurance that the financial statements, taken as a whole, are free from material misstatement, whether caused by fraud or error
- Risk of non detection of material misstatements is higher with regard to material misstatements resulting from non–compliance with laws and regulations due to various factors. To obtain a general understanding of legal and regulatory framework applicable to the entity and how it is complying with that framework
- After obtaining general understanding, auditor should perform procedures to identify instances of non–compliance with these laws and regulations where non–compliance should be considered when preparing financial statements. Further, auditor should obtain sufficient appropriate audit evidence about compliance with those laws and regulations generally recognised by Auditor to have an effect on determination of material amounts and disclosures in financial statements
- To obtain written representations that management has disclosed all known actual or possible non–compliance with laws and regulations whose effects should be considered when preparing financial statements. This SA does not apply to other assurance engagements in which auditor is specifically engaged to test and report separately on compliance with specific laws and regulations. Whether an act constitutes a non–compliance can be determined only by a court of law
- The Standard envisages "engaging a legal advisor to assist in monitoring legal requirements" instead of "establishing a legal department" as one of the policies to ensure compliance with laws and regulations. The Standard, in larger entities, also envisages existence of a separate "compliance function" in addition to internal audit function and audit committee to supplement policies and procedures for ensuring compliance with laws and regulations
SA 260: Communication with those Charged with Governance
- To communicate with those charged with governance, auditor’s responsibilities in relation to financial statements audit, an overview of planned scope and timing of audit and significant findings from the audit
- Such matters include: Overall scope of audit; selection of/ changes in significant accounting policies; potential effect on financial statements of any significant risks and exposures, such as pending litigation; adjustments to financial statements arising out of audit that have a significant effect on entity’s financial statements; material uncertainties related to events and conditions that may cast significant doubt on entity’s ability to continue as a going concern, disagreements with management about matters that could be significant to entity’s financial statements or auditor’s report; expected modifications to auditor’s report. Auditors should communicate matters of governance interest on timely basis
- Auditor’s communication may be made orally or in writing. In case of oral communication, auditor should document their oral communications and response thereof
SA 265: Communicating Deficiencies in Internal Control to those Charged with Governance and Management
- The objective of the auditor is to communicate appropriately to those charged with governance and management deficiencies in internal control that the auditor has identified during the audit and that, in the auditor’s professional judgment, are of sufficient importance to merit their respective attentions
- The auditor shall determine whether, on the basis of the audit work performed, the auditor has identified one or more deficiencies in internal control. If the auditor has identified one or more deficiencies in internal control, the auditor shall determine, on the basis of the audit work performed, whether, individually or in combination, they constitute significant deficiencies.
SA 299 (AAS 12): Responsibility of Joint Auditors
- Joint auditors should, by mutual discussion, divide audit work. Division of work would usually be in terms of audit of identifiable units or specified areas. Division of work may be with reference to items of assets or liabilities or income or expenditure or with reference to periods of time
- If a Joint auditor comes across matters which are relevant to areas of responsibility of other joint auditors and which deserve their attention, or which require disclosure or discussion with, or application of judgment by, other joint auditors, he should communicate the same to all other joint auditors in writing prior to finalisation of audit
- Certain areas of work, owing to their importance or owing to the nature of work involved, would often not be divided and would have to be covered by all joint auditors
- Each joint auditor is responsible only for the work allocated to them, whether or not s/he has prepared a separate report on work performed by them
- All joint auditors are jointly and severally responsible in respect of the audit work which is not divided amongst them, for the appropriateness of decisions taken by them concerning the nature, timing or extent of the audit procedures to be performed by any of the joint auditors, for examining that the financial statements of the entity comply with disclosure requirements of relevant statute, for ensuring that audit report complies with the requirements of relevant statute and in respect of matters which are brought to the notice of joint auditors by any one of them and on which there is an agreement among joint auditors
- Each joint auditor is entitled to assume that other joint auditors have carried out their part of audit work in accordance with generally accepted audit procedures. Normally, joint auditors are able to arrive at an agreed report. However, where the joint auditors are in disagreement with regard to any matters to be covered by the report, each one of them should express his own opinion through a separate report
SA 300: Planning an Audit of Financial Statements
- Planning an audit involves establishing the overall audit strategy for the engagement and developing an audit plan. The objective of auditor is to plan the audit so that it will be performed in an effective manner
- Once the overall audit strategy has been established, an audit plan can be developed to address various matters identified in the overall audit strategy, considering the need to achieve the audit objectives through efficient use of auditor’s resources
- To consider various matters in developing the overall plan like: terms of engagement; nature and timing of reports; applicable legal or statutory requirements; accounting policies adopted by the client; identification of significant audit areas; setting of materiality levels, etc.
- To obtain a level of knowledge of client’s business that will enable them to identify events, transactions and practices that, in their judgment, may have a significant effect on financial information. Audit plan is more detailed than overall audit strategy that includes the nature, timing and extent of audit procedures to be performed by engagement team members
- Engagement partner and other key members of engagement team shall be involved in planning the audit, including planning and participating in the discussion among engagement team members so as to enhance effectiveness and efficiency of planning process
- To plan the nature, timing and extent of direction and supervision of engagement team members and review of their work. Auditor shall document overall audit strategy, audit plan and any significant changes made during audit engagement to the overall audit strategy or audit plan, and reasons for such changes
- Audit planning ideally commences at the conclusion of previous year’s audit, and along with related programme, it should be reconsidered for modification as the audit of their compliance and substantive procedures progress. For an initial audit, auditor may need to expand the planning activities because the auditor does not ordinarily have previous experience with the entity that is considered when planning recurring engagements
SA 315: Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment
- To provide a basis for identification and assessment of risks of material misstatement at the financial statement and assertion levels, the auditor shall perform risk assessment procedures. Thus procedures shall include: Inquiries with management; Analytical Procedures; Observation and Inspection
- Where Auditor has performed other engagements with the entity, auditor shall consider whether information obtained is relevant for identifying the risk of material misstatement. If Auditor intends to use his/her previous experiences with the entity, he shall determine whether changes have occurred since previous audit that may affect its relevance on current audit
- To obtain an understanding of the following: Industry, regulatory and other external factors; Nature of entity; Selection and application of accounting policies; Objectives and strategies and related business risks; Measurement and review of entity’s financial performance; Internal control
- SA 315 sets out five components of Internal control: Control environment; Entity’s risk assessment process; the information system, including related business processes, relevant to financial reporting and communication; Control activities relevant to audit; Monitoring of controls
- Usually, those controls which pertain to entity’s objective of preparing financial statements are subject to risk assessment procedures
- Obtaining an understanding of entity and its environment including entity’s internal control is a continuous, dynamic process of gathering, updating and analyzing information throughout the audit
- To identify and assess risks of material misstatement at financial statement level, and at assertion level for classes of transactions, account balances and disclosures
- Auditors are required to: Relate identified risks to what can go wrong at assertion level; Consider potential magnitude of risks in the context of financial statements; Consider the likelihood that risks could result in a material misstatement of financial statements
- Documentation should cover: Discussion among engagement team; Key elements of understanding obtained; Sources of information; Risk assessment process; the identified and assessed risks; Significant risks evaluated; Risks evaluated for which substantive procedures done
- Auditor uses professional judgment to determine the extent of understanding required. Auditors primary consideration is whether the understanding that has been obtained is sufficient to meet the objective stated in the SA
SA 320: Materiality in Planning and Performing an Audit
- SA 320 deals with the auditor’s responsibility to apply the concept of materiality in planning and performing an audit of financial statements
- In planning the audit, the auditor makes judgments about the size of misstatements that will be considered material
- These judgments provide a basis for:
- Determining the nature, timing and extent of risk assessment procedures;
- Identifying and assessing the risks of material misstatement; and
- Determining the nature, timing and extent of further audit procedures
- For purposes of the SAs, performance materiality means the amount or amounts set by the auditor at less than materiality for the financial statements as a whole to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds materiality for the financial statements as a whole. If applicable, performance materiality also refers to the amount or amounts set by the auditor at less than the materiality level or levels for particular classes of transactions, account balances or disclosures
- The auditor shall revise materiality for the financial statements as a whole (and, if applicable, the materiality level or levels for particular classes of transactions, account balances or disclosures) in the event of becoming aware of information during the audit that would have caused the auditor to have determined a different amount (or amounts) initially
- The audit documentation shall include the following amounts and the factors considered in their determination:
• Materiality for the financial statements as a whole
• If applicable, the materiality level or levels for particular classes of transactions, account balances or disclosures
• Performance materiality and
• Any revision of above as the audit progressed
Regards,
Aryan Singhania
Courtesy: ICAI Journals, Books and own