ISA 200 Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with

International Standards on Auditing

Scope of this ISA:

Independent auditor’s overall responsibilities when conducting an audit of financial statements.

An Audit of Financial Statements:

Purpose of an audit is to enhance confidence of intended users in the financial statements and is achieved by
expression of an opinion by the auditor on whether the financial statements are prepared, in all material respects,
in accordance with an applicable financial reporting framework. In general purpose frameworks, opinion is on
whether the financial statements are presented fairly, in all material respects, or give a true and fair view in
accordance with the framework. An audit in accordance with ISAs and relevant ethical requirements enables the
auditor to form that opinion. (A1)

Auditor’s opinion does not assure future viability nor the efficiency or effectiveness with which management has
conducted the affairs of the entity.

Some jurisdictions may require auditors to provide opinions on effectiveness of internal control, and consistency of
a separate management report with the financial statements.

Financial statements subject to audit are those of the entity, prepared by management with oversight from those
charged with governance. ISAs do not impose responsibilities on management or those charged with governance
and do not override laws and regulations. Audit of financial statements does not relieve management or those
charged with governance of their responsibilities. (A2-A11)

Audit in accordance with ISAs is conducted on the premise that management and those charged with governance
acknowledged and understand that they have responsibility:

a. Preparation of financial statements in accordance with applicable financial reporting framework,

including, where relevant, their fair presentation
b. Internal control necessary to enable the preparation of financial statements free from material
misstatement, whether due to fraud or error
c. To provide the auditor with:

(i) Access to all information relevant to the preparation of the financial statements such as records, documentation

(ii) Additional information auditor may request for the purpose audit

(iii) Unrestricted access to persons within the entity from whom the auditor determines it necessary to obtain
audit evidence

Preparation of the financial statements requires:

 Identification of applicable financial reporting framework, in the context of any relevant laws or
regulations
 Preparation of financial statements in accordance with that framework
 Adequate description of framework in financial statements

Preparation requires management to exercise judgment in making accounting estimates as well as to select and
apply appropriate accounting policies.

Financial statements may be prepared in accordance with:

  General purpose financial statements (IFRS, US GAAP)
 Special purpose financial statements (Cash, Contractual, Regulatory, Tax etc.)

Requirements of applicable financial reporting framework determine the form and content and a complete set of
financial statements. Financial Statements may be:

 Complete Set of Financial Statements

 Single Financial Statement and related notes
 Summary Financial Statements

Financial reporting frameworks are:

 Fair presentation frameworks (IFRS/IASB)

 Compliance frameworks (does not require departure from requirements of framework to achieve fair
presentation)

Basis for auditor’s opinion, ISAs require auditor to obtain reasonable assurance about whether financial
statements as a whole are free from material misstatement, whether due to fraud or error. Reasonable assurance
is a high level of assurance and obtained when auditor has obtained sufficient appropriate audit evidence to
reduce audit risk to an acceptably low level. However, reasonable assurance is not an absolute level of assurance,
because there are inherent limitations of an audit which result in most of the audit evidence on which the auditor
draws conclusions and bases the auditor’s opinion being persuasive rather than conclusive. (Ref: Para. A31–A57)

Sufficiency and Appropriateness of Audit Evidence:

Audit evidence support auditor’s opinion and report and primarily obtained from audit procedures performed
during the course of the audit. It may also include:

 Acceptance or continuance of the client relationship or engagement

 Accounting records
 Expert employed or engaged
 Previous audits

Audit evidence comprises both information that supports and that contradicts such assertions. Absence of
information also constitutes audit evidence.

Sufficiency is the measure of quantity of audit evidence and is affected by risks of misstatement and quality of
audit evidence.

Appropriateness is the measure of the quality of audit evidence and is affected by relevance and reliability. The
reliability of evidence is influenced by its source and nature, and is dependent on the individual circumstances
under which it is obtained.

Audit Risk:
Audit risk is a function of the risks of material misstatement and detection risk. Assessment of risks is based on
audit procedures and is a matter of professional judgment.

Risks of Material Misstatement:

The risks of material misstatement may exist at two levels:

 Financial statement level (affect many assertions)

 Assertion level for classes of transactions, account balances, and disclosures (affects specific assertion)

Risks of material misstatement at the assertion level are assessed in order to determine the nature, timing and
extent of further audit procedures necessary to obtain sufficient appropriate audit evidence.

Risks of material misstatement at the assertion level consist of two components: inherent risk and control risk.
Inherent risk and control risk are the entity’s risks; they exist independently of the audit of the financial
statements.

Inherent risk is influenced by inherent risk factors. Accounting estimates that are subject to significant estimation
uncertainty. External circumstances may also influence inherent risk. Technological developments causing
inventory to be obsolete and more susceptible to overstatement. Lack of sufficient working capital to continue
operations or a declining industry characterized by a large number of business failures.

Control risk is a function of effectiveness of design, implementation and maintenance of controls by management
to address identified risks. Internal control, can only reduce, but not eliminate, risks of material misstatement in
the financial statements, because of the inherent limitations of controls.

Inherent limitations of controls:

 Controls being circumvented by collusion

 Human errors or mistakes
 Management override of controls

Assessment of risks of material misstatement may be expressed in quantitative terms (numbers) or in non-
quantitative terms (material or nonmaterial).

Detection Risk:

Detection risk bears an inverse relationship to the assessed risks of material misstatement at the assertion level.

Detection risk relates to the nature, timing and extent of the auditor’s procedures. Detection risk can be reduced
by:

 Adequate planning
 Assignment of competent personnel
 Application of professional skepticism
 Supervision and review of the audit work performed

Detection risk, can only be reduced, not eliminated, because of the inherent limitations of an audit.

Inherent Limitations of an Audit:

 Nature of financial reporting (accounting estimates, judgment and uncertainties)

 Nature of audit procedures (incomplete information from management, fraud, auditor is not given
specific legal powers)
  Time and cost (Direct audit effort to risky areas, Use sampling)
 Other Matters that Affect the Inherent Limitations of an Audit (fraud, non-compliance with laws and
regulations, related party relationships and transactions, going concern issues etc.)

Materiality is applied by auditor in planning and performing the audit, and in evaluating the effect of identified
misstatements on the audit and of uncorrected misstatements on the financial statements. Misstatements,
including omissions, are considered material if, individually or in the aggregate, they could reasonably be expected
to influence the economic decisions of users taken on the basis of the financial statements. Judgments about
materiality are made in the light of surrounding circumstances, and affected by auditor’s perception of the
financial information needs of users of the financial statements, and by the size or nature of a misstatement, or a
combination of both. Auditor’s opinion deals with the financial statements as a whole and therefore the auditor is
not responsible for the detection of misstatements that are not material to the financial statements as a whole.

ISAs require auditor exercise professional judgment and maintain professional skepticism throughout the
planning and performance of the audit and:

 Identify and assess risks of material misstatement, whether due to fraud or error, based on an
understanding of the entity and its environment, applicable financial reporting framework and entity’s
system of internal control.
 Obtain sufficient appropriate audit evidence about whether material misstatements exist, through
designing and implementing appropriate responses to the assessed risks.
 Form an opinion on the financial statements based on conclusions drawn from the audit evidence
obtained.

Form of opinion depend applicable financial reporting framework and applicable law or regulation.

Definitions:

 Applicable financial reporting framework – Financial reporting framework that is acceptable in view of
the nature of the entity and the objective of the financial statements, or that is required by law or
regulation.

Fair presentation framework requires compliance with the requirements of the framework and:

Acknowledges explicitly or implicitly that, to achieve fair presentation of the financial statements, it may be
necessary for management to provide disclosures beyond those specifically required by the framework.

Acknowledges explicitly that it may be necessary for management to depart from a requirement of the framework
to achieve fair presentation of the financial statements.

 Management – The person(s) with executive responsibility for the conduct of the entity’s operations.
 Misstatement – A difference between the amount, classification, presentation, or disclosure of a reported
financial statement item and the amount, classification, presentation, or disclosure that is required for the
item to be in accordance with the applicable financial reporting framework. Misstatements can arise from
error or fraud.
 Professional judgment – The application of relevant training, knowledge and experience, within the
context provided by auditing, accounting and ethical standards, in making informed decisions about the
courses of action that are appropriate in the circumstances of the audit engagement.
  Professional skepticism – An attitude that includes a questioning mind, being alert to conditions which
may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence.
 Risk of material misstatement – The risk that the financial statements are materially misstated prior to
audit. This consists of two components, described as follows at the assertion level: Inherent risk &
Inherent risk. A risk of material misstatement exists when there is a reasonable possibility of:
i. Misstatement occurring
ii. Being material if it were to occur
 Those charged with governance – The person(s) or organization(s) (for example, a corporate trustee)
with responsibility for overseeing the strategic direction, obligations related to the accountability and
overseeing the financial reporting process of the entity.

Ethical Requirements: A17–A20

a. Integrity
b. Objectivity
c. Professional competence and due care
d. Confidentiality
e. Professional behavior

The fundamental principles of ethics establish the standard of behavior expected of a professional accountant.

Professional Skepticism: A21–A25

Professional skepticism includes being alert to:

 Audit evidence that contradicts other audit evidence

 Conditions indicate possible fraud
 Circumstances suggest the need for further audit procedures
 Information brings question the reliability of documents and responses to inquiries

Maintaining professional skepticism reduce the risks of:

 Overlooking unusual circumstances

 Over generalizing when drawing conclusions from audit observations
 Using inappropriate assumptions in determining the nature, timing and extent of the audit procedures
and evaluating the results thereof.

Auditor may accept records and documents as genuine unless the auditor has reason to believe the contrary.

Professional Judgment: A26–A30

Professional judgment is necessary for:

 Materiality and audit risk.

 Nature, timing and extent of audit procedures to meet the requirements
 Evaluating whether sufficient appropriate audit evidence has been obtained
 Evaluating management judgments in applying applicable financial reporting framework
 Drawing conclusions based on the audit evidence obtained e.g. reasonableness of the estimates
 Complying with ISAs Relevant to the Audit:

 ISAs deal with the general responsibilities of the auditor

 ISAs do not override law or regulation that governs an audit of financial statements

If audit evidence is not sufficient and appropriate, auditor may:

 Audit evidence has been, obtained as a result of complying with other ISAs
 Extend the work performed
 Perform other procedures judged necessary

Smaller entity which typically possesses qualitative characteristics such as:

a. Concentration of ownership and management in a small number of individuals (single individual – either a
natural person or another enterprise)
b. One or more of the following:
 Simple transactions
 Simple record-keeping
 Simpler systems of internal control
 Few lines of business and few products within business lines
 Few levels of management with responsibility for a broad range of controls
 Few personnel, many having a wide range of duties

Auditor shall comply with each requirement of an ISA unless:

 ISA is not relevant (internal audit function does not exist)

 Requirement is not relevant because it is conditional and the condition does not exist (e.g. modify the
auditor’s opinion if there is a scope limitation, communicate significant deficiencies in internal control)

ISA 210 Agreeing the Terms of Audit Engagements

Objective:
 (a) Establishing whether the preconditions for an audit are present
(b) Confirming that there is a common understanding between the auditor and management and, where
appropriate, those charged with governance of the terms of the audit engagement

Preconditions for an audit – The use by management of an acceptable financial reporting framework in the
preparation of the financial statements and the agreement of management and, where appropriate, those
charged with governance to the premise on which an audit is conducted.

To establish whether the preconditions for an audit are present, the auditor shall:

(a) Determine whether the financial reporting framework to be applied in the preparation of the financial
statements is acceptable. (A2–A10)

Factors relevant to the acceptability include:

 Nature of entity (business enterprise, public sector entity or not-for-profit organization)

 Purpose of financial statements (common needs of a wide range of users or needs of specific users)
 Nature of financial statements (complete set of financial statements or a single financial statement)
 Whether law or regulation prescribes the applicable financial reporting framework

(b) Obtain agreement of management that it acknowledges and understands its responsibility (A11–A14,
A21)

Where management will not acknowledge its responsibilities, or agree to provide the written representations, the
auditor will be unable to obtain sufficient appropriate audit evidence. In such circumstances, it would not be
appropriate for the auditor to accept the audit engagement, unless law or regulation requires the auditor to do so.

(i) For the preparation of the financial statements in accordance with the applicable financial reporting
framework, including where relevant their fair presentation (A15)

(ii) For such internal control as management determines is necessary to enable the preparation of financial
statements that are free from material misstatement, whether due to fraud or error (A16–A19)

Audit in accordance with ISAs does not act as a substitute for the maintenance of internal control and does not
imply that the auditor will find internal control maintained by management has achieved its purpose or will be free
of deficiencies.

(iii) To provide the auditor with:

 Access to all information of which management is aware that is relevant to the preparation of the
financial statements such as records, documentation and other matters
 Additional information that the auditor may request from management for the purpose of the audit
 Unrestricted access to persons within the entity from whom the auditor determines it necessary to obtain
audit evidence

If management or those charged with governance impose a limitation on the scope of auditor’s work in the terms
of a proposed audit engagement, the auditor shall not accept limited engagement as an audit engagement, unless
required by law or regulation to do so.

Auditor shall not accept the proposed audit engagement if financial reporting framework is unacceptable.
Agreement on Audit Engagement Terms:

Auditor shall agree the terms of the audit engagement with management or those charged with governance. The
terms are recorded in a written audit engagement letter and should include:

(a) Objective and scope of the audit of the financial statements

(b) Responsibilities of the auditor
(c) Responsibilities of management
(d) Identification of the applicable financial reporting framework for the preparation of financial statements
(e) Reference to the expected form and content of any reports to be issued by the auditor (Ref: Para. A24)
(f) Statement that there may be circumstances in which a report may differ from its expected form and
content

If law or regulation prescribes terms of the audit engagement, the auditor need not record them in a written
agreement.

Form and Content of the Audit Engagement Letter:

Items noted above should be included in every engagement letter. However, the wider form and content of
engagement letters may vary depending upon the nature of the client and the audit being conducted. In addition,
it may make reference to:

 Applicable legislation, regulations, ISAs, and ethical and other pronouncements

 Form of any other communication as a result of audit engagement
 Inherent limitations of an audit and internal control and there is an unavoidable risk that some material
misstatements may not be detected
 Arrangements regarding the planning and performance of the audit, composition of engagement team
 Expectation that management will provide written representations
 Agreement of management to make available to auditor draft financial statements, including all
information relevant to their preparation
 Agreement of management to inform the auditor of facts that may affect the financial statements, of
which management may become aware during the period from the date of the auditor’s report to the
date the financial statements are issued
 Basis on which fees are computed and billed
 Request for management to acknowledge receipt of the audit engagement letter and to agree to the
terms of the engagement
 Requirement to communicate key audit matters in the auditor’s report

When relevant, following points could also be made in the audit engagement letter:

 Involvement of other auditors and experts

 Involvement of internal auditors and other staff of the entity
 Involvement of predecessor auditor in the case of an initial audit
 Obligations to provide audit working papers to other parties
 Reference to reporting identified or suspected non-compliance to an appropriate authority
 Reference to any further agreements between the auditor and the entity
 Restriction of the auditor’s liability when such possibility exists

Audits of Components:
When auditor of a parent entity is also the auditor of a component, factors that may influence the decision
whether to send a separate audit engagement letter to the component include:

 Who appoints the component auditor

 Whether a separate auditor’s report is to be issued on the component
 Legal requirements in relation to audit appointments
 Degree of ownership by parent
 Degree of independence of the component management from the parent entity

Recurring Audits:

Following factors make it appropriate to revise the terms of the audit engagement or to remind the entity of
existing terms:

 Any indication entity misunderstands the objective and scope of the audit
 Any revised or special terms of the audit engagement
 Change in nature or size of the entity’s business
 Change in ownership
 Change of senior management
 Change in legal or regulatory requirements
 Change in the financial reporting framework adopted in the preparation of the financial statements
 Change in other reporting requirements

Acceptance of a Change in the Terms of the Audit Engagement

Auditor shall not agree to a change in the terms of the audit engagement without reasonable justification.
Reasonable justification maybe:

 Change in circumstances
 Misunderstanding concerning the nature of the service originally requested

Change relates to information that is incorrect, incomplete or otherwise unsatisfactory are not reasonable.

If auditor is requested to change audit engagement to a review or a related Service, auditor assess legal or
contractual implications. However, report on the related service would not include:

 Original audit engagement

 Any procedures performed in the original audit engagement

If terms of audit engagement are changed, auditor and management shall agree and record new terms of the
engagement in an engagement letter or other suitable form of written agreement.

If change of the terms of audit engagement is not acceptable and auditor is not permitted by management to
continue the original audit engagement, the auditor shall:

a. Withdraw from the audit engagement where possible under applicable law or regulation
b. Determine whether there is any obligation, either contractual or otherwise, to report the circumstances
to other parties, such as those charged with governance, owners or regulators
Additional Considerations in Engagement Acceptance:

1. Financial Reporting Standards Supplemented by Law or Regulation:

If conflicts exist, auditor discuss with management the nature of additional requirements and shall agree whether:

a. Additional requirements can be met through additional disclosures

b. Description of the applicable financial reporting framework in the financial statements can be amended
accordingly

If above actions are not possible, auditor shall determine whether it will be necessary to modify the auditor’s
opinion.

2. Financial Reporting Framework Prescribed by Law or Regulation—Other Matters Affecting Acceptance:

If financial reporting framework prescribed by law or regulation is not unacceptable, auditor shall accept audit
engagement if the following conditions are present:

a. Management agrees to provide additional disclosures to avoid the financial statements being misleading
b. It is recognized in the terms of the audit engagement that:
(i) Auditor’s report on the financial statements will incorporate an Emphasis of Matter paragraph
(ii) Unless required by law or regulation, auditor’s opinion on the financial statements will not
include such phrases “present fairly, in all material respects,” or “give a true and fair view”
3. Auditor’s Report Prescribed by Law or Regulation:

Auditor shall evaluate:

a. Whether users misunderstand the assurance obtained and, if so,

b. Whether additional explanation in auditor’s report can mitigate possible misunderstanding

If auditor concludes additional explanation cannot mitigate possible misunderstanding, auditor shall not accept
the audit engagement, unless required by law or regulation to do so. Auditor shall not include any reference within
the auditor’s report to the audit having been conducted in accordance with ISA.

Determining the Acceptability of General Purpose Frameworks:

Acceptable financial reporting frameworks exhibit the following attributes:

 Relevance, information relevant to the nature of entity and purpose of financial statements
 Completeness, transactions, account balances and disclosures are not omitted
 Reliability, information provided in the financial statements:

(i) Reflects the economic substance of events and transactions and not merely their legal form

(ii) Results in reasonably consistent evaluation, measurement, presentation and disclosure, when
used in similar circumstances

 Neutrality, free from bias

 Understandability, information not subject to significantly different interpretation

Conglomeration of accounting conventions to suit individual preferences is not an acceptable financial reporting
framework for general purpose financial statements.
Compliance framework will not be an acceptable financial reporting framework, unless it is generally accepted in
the particular jurisdictions by preparers and users.

ISA 220 Quality Management for an Audit of Financial Statements

Specific responsibilities of the auditor regarding quality management at the engagement level, and the related
responsibilities of the engagement partner. (A1, A38)

Firm’s System of Quality Management and Role of Engagement Teams:

Objective of the firm is to design, implement and operate a system of quality management for audits or reviews
of financial statements, or other assurance or related services engagements performed by the firm that provides
the firm with reasonable assurance that: (A13–A14)
 (a) Firm and its personnel fulfill their responsibilities in accordance with professional standards and
applicable legal and regulatory requirements
(b) Engagement reports issued by firm or engagement partners are appropriate in the circumstances

Engagement team, led by engagement partner, is responsible: (A4–A11)

(a) Implementing firm’s responses to quality risks (i.e., firm’s policies or procedures) that are applicable to
the audit engagement using information communicated by, or obtained from, the firm
(b) Determining whether to design and implement responses at the engagement level beyond those in the
firm’s policies or procedures
(c) Communicating to the firm information from the audit engagement that is required to be communicated
by the firm’s policies or procedures to support the design, implementation and operation of the firm’s
system of quality management

Firm is responsible for communicating information that enables the engagement team to understand and carry
out their responsibilities relating to performing engagements.

Firm is responsible to enable engagement teams to implement or use network requirements or network services
on the audit engagement.

Engagement team depend firm’s policies or procedures unless:

 Engagement team’s understanding or practical experience indicates firm’s policies or procedures will not
effectively address the nature and circumstances of the engagement
 Information provided by the firm or other parties, about the effectiveness of such policies or procedures
suggests otherwise (e.g., information provided by the firm’s monitoring activities, external inspections or
other relevant sources, indicates that the firm’s policies or procedures are not operating effectively)

Professional skepticism may be demonstrated through the actions and communications of the engagement team.
Impediments to the exercise of professional skepticism at the engagement level may include:

 Budget constraints
 Difficulties in obtaining access to records, facilities, employees, customers, vendors or others
 Insufficient understanding of entity and its environment, internal control and applicable financial
reporting framework
 Lack of cooperation or undue pressures imposed by management
 Overreliance on automated tools and techniques
 Tight deadlines

Unconscious auditor biases that may impede the exercise of professional skepticism:

 Availability bias, more weight on events or experiences that immediately come to mind
 Confirmation bias, place more weight on information that corroborates an existing belief
 Groupthink, tendency to think or make decisions as a group that discourages creativity
 Overconfidence bias, tendency to overestimate one’s own ability to make accurate assessments of risk
 Anchoring bias, tendency to use an initial piece of information as an anchor
 Automation bias, tendency to favor output generated from automated systems

Possible actions to mitigate impediments to the exercise of professional skepticism at the engagement level may
include:
  Alert to changes in the nature or circumstances of the audit engagement
 Alert engagement team to situations when vulnerability may be greater (areas involving greater
judgment)
 Changing the composition of the engagement team
 Involving more experienced members when dealing with challenging management
 Involving members with specialized skills and knowledge or an auditor’s expert
 Modifying the nature, timing and extent of direction, supervision or review

The Engagement Partner’s Responsibilities:

Engagement partner is responsible and accountable for compliance with the requirements of this ISA.

Objective:

Objective of the auditor is to manage quality at the engagement level to obtain reasonable assurance that quality
has been achieved such that:

(a) Auditor has fulfilled responsibilities, and has conducted the audit, in accordance with professional
standards and applicable legal and regulatory requirements
(b) Auditor’s report issued is appropriate in the circumstances

Definitions:

Engagement partner – Partner or other individual, appointed by the firm, responsible for audit engagement,
performance, auditor’s report that is issued on behalf of the firm, and has the appropriate authority from a
professional, legal or regulatory body.

Engagement quality review – Objective evaluation of significant judgments made by the engagement team and
completed on or before the date of engagement report.

Engagement quality reviewer – Partner, other individual in the firm, or an external individual.

Engagement team – All partners and staff performing audit engagement, and any other individuals who perform
audit procedures on the engagement, excluding an auditor’s external expert, engagement quality reviewer and
internal auditors who provide direct assistance on an engagement. (A15–A25)

Engagement teams include personnel and other individuals who perform audit procedures who are from:

(a) A network firm

(b) A firm that is not a network firm, or another service provider

For example, an individual from another firm may perform audit procedures on the financial information of a
component in a group audit engagement, attend a physical inventory count or inspect physical fixed assets at a
remote location.

Engagement teams may also include individuals from service delivery centers, expertise in a specialized area of
accounting or auditing (income taxes).
Engagement team members from another firm are neither partners nor staff of the engagement partner’s firm,
they may not be subject to the firm’s system of quality management or the firm’s policies or procedures. Further,
the policies or procedures of another firm may not be similar to that of the engagement partner’s firm.

In case of an individual from another firm:

 Competence and capabilities can be confirmed from other firm or a licensing or registration body.
 Ethical requirements by providing information, manuals, or guides containing the provisions.
 Independence through written confirmation.

Leadership Responsibilities for Managing and Achieving Quality on Audits:

Engagement partner shall take overall responsibility for managing and achieving quality on the audit engagement,
including taking responsibility for creating an environment for the engagement that emphasizes the firm’s culture
and expected behavior of engagement team members.

Larger engagement team dispersed over many locations, more formal communications may be necessary.

Relevant Ethical Requirements, Including Those Related to Independence:

Engagement partner shall have an understanding of relevant ethical requirements, including independence that
are applicable audit engagement. (A38–A42, A48)

Relevant ethical requirements vary. For example, certain requirements to independence applicable only when
performing audits of listed entities

Firm’s information system and resources assist engagement team in understanding and fulfilling relevant ethical
requirements. Firm may:

 Communicate independence requirements

 Training on relevant ethical requirements
 Manuals and guides (i.e., intellectual resources)
 Assign personnel to manage and monitor compliance with relevant ethical requirements (ISQM 1 requires
firm obtains, at least annually, documented confirmation of compliance with the independence
requirements from all personnel) or provide consultation

Engagement partner responsible for other members of engagement team awareness of relevant ethical
requirements applicable for audit engagement, and firm’s related policies or procedures, including: (A23–A25,
A40–A44)

a) Identifying, evaluating and addressing threats to compliance with relevant ethical requirements, including
those related to independence
b) Circumstances that may cause a breach of relevant ethical requirements, including those related to
independence, and the responsibilities of members of the engagement team when they become aware of
breaches
c) Responsibilities members of engagement team when they become aware of an instance of
noncompliance with laws and regulations by the entity
If relevant ethical requirements have not been fulfilled, engagement partner, shall take appropriate action
including:

 Communicating with those charged with governance

 Communicating with regulatory authorities or professional bodies
 Seeking legal advice
 Withdrawing from the audit engagement, when withdrawal is possible

Acceptance and Continuance of Client Relationships and Audit Engagements:

Engagement partner determine firm’s policies or procedures for acceptance and continuance of client
relationships and audit engagements have been followed, and that conclusions reached are appropriate. (A49–
A52, A58)

Following information may assist in determining whether the conclusions reached regarding the acceptance and
continuance of client relationships and audit engagements are appropriate:

 Integrity and ethical values of the principal owners, key management and those charged with governance
of the entity
 Whether sufficient and appropriate resources are available to perform the engagement
 Whether management and those charged with governance have acknowledged their responsibilities in
relation to engagement
 Whether engagement team has the competence and capabilities, including sufficient time
 Whether significant matters that have arisen during the current or previous engagement have
implications for continuing the engagement

Engagement partner use information obtained in the acceptance and continuance process in planning and
performing the audit engagement. (A53–A56)

Information may include:

 Information about size, complexity and nature of entity, including whether it is a group audit, the industry
and applicable financial reporting framework
 Timetable for reporting, such as at interim and final stages
 In relation to group audits, nature of control relationships between parent and its components
 Changes in the entity or industry since the previous audit engagement

Law, regulation, or relevant ethical requirements may require successor auditor to request the predecessor
auditor to provide information regarding any facts or circumstances that, successor auditor needs to be aware of
before deciding whether to accept the engagement.

Predecessor auditor may be required, to provide information regarding identified or suspected non-compliance
with laws and regulations to the proposed successor auditor.

Engagement Resources:

Engagement partner determine sufficient and appropriate resources to perform the engagement available to the
engagement team in a timely manner. (A59–A70, A73–A74, A79)

Resources include:
  Human resources (engagement team members, external expert, individuals from entity’s internal audit
function)
 Technological resources (evaluate large amounts of data)
 Intellectual resources (audit methodologies, implementation tools, auditing guides, model programs,
templates, checklists or forms)

Engagement partner may involve an individual who has specialized skills or knowledge in project management in
an audit of a larger or more complex entity.

Engagement partner determine members of the engagement team, auditor’s external experts and internal
auditors who provide direct assistance, collectively have the appropriate competence and capabilities. (A62, A71–
A74)

When determining engagement team has appropriate competence and capabilities, the engagement partner may
take into consideration:

 Understanding of firm’s policies or procedures

 Understanding of, and practical experience with, audit engagements of a similar nature and complexity
 Understanding of professional standards and applicable legal and regulatory requirements
 Understanding of relevant industries in which entity operates
 Expertise in specialized areas of accounting or auditing
 Expertise in IT used by entity or automated tools or techniques that are to be used by engagement team
 Ability to exercise professional skepticism and professional judgment

If resources are insufficient and additional or alternative resources have not been made available, appropriate
actions may include:

 Changing the planned approach to the nature, timing and extent of direction, supervision and review
 Discussing an extension to reporting deadlines with management or those charged with governance,
when an extension is possible under applicable law or regulation
 Following firm’s policies or procedures for resolving differences of opinion if the engagement partner
does not obtain the necessary resources for the audit engagement
 Following firm’s policies or procedures for withdrawing from the audit engagement, when withdrawal is
possible under applicable law or regulation

Engagement Performance:

Engagement partner shall take responsibility for direction and supervision and review.

Engagement partner shall determine nature, timing and extent of direction, supervision and review is: (A81–A89,
A94–A97)

(a) Planned and performed in accordance with the firm’s policies or procedures, professional standards and
applicable legal and regulatory requirements
(b) Responsive to the nature and circumstances of the audit engagement and the resources assigned or made
available to the engagement team by the firm

Direction, supervision and review are firm-level responses that are implemented at the engagement level.

Direction involve informing the members of engagement team of their responsibilities, such as:
  Contributing to the management and achievement of quality through their personal conduct,
communication and actions
 Maintaining a questioning mind and aware of unconscious or conscious auditor biases in exercising
professional skepticism
 Responsibilities of relevant ethical requirements
 Responsibilities of respective partners when more than one partner is involved
 Responsibilities of respective engagement team members to perform audit procedures and of more
experienced engagement team members to direct, supervise and review the work of less experienced
engagement team members
 Understanding the objectives of the work to be performed and the detailed instructions regarding the
nature, timing and extent of planned audit procedures as set forth in the overall audit strategy and audit
plan
 Addressing threats to the achievement of quality, and the engagement team’s expected response. For
example, budget constraints or resource constraints should not result in the engagement team members
modifying planned audit procedures or failing to perform planned audit procedures

Supervision may include:

 Tracking the progress of the audit engagement, which includes monitoring:

i. Progress against the audit plan
ii. Objective of work performed has been achieved
iii. Ongoing adequacy of assigned resources
 Taking appropriate action to address issues arising during the engagement, including for example,
reassigning planned audit procedures to more experienced engagement team members when issues are
more complex than initially anticipated
 Identifying matters for consultation or consideration by more experienced engagement team members
during the audit engagement
 Training engagement team members to develop skills or competencies

Review consists:

 Work performed in accordance with firm’s policies or procedures, professional standards and applicable
legal and regulatory requirements
 Work performed supports the conclusions reached and is appropriately documented
 Significant matters have been raised for further consideration
 Sufficient and appropriate evidence to provide a basis for auditor’s opinion
 Appropriate consultations have taken place and resulting conclusions documented and implemented
 Need to revise the nature, timing and extent of work performed
 Objectives of audit procedures have been achieved

Approach to direction, supervision and review may be tailored depending on:

 Engagement team member’s previous experience with entity and the area to be audited
  Complexity of audit engagement
 Competence and capabilities of individual engagement team members (less experienced require detailed
instructions)
 Structure of engagement team and location of engagement team members
 Assessed risks of material misstatement
 Manner in which the reviews of the work performed are expected to take place (remote reviews vs in-
person)

Engagement partner review audit documentation at appropriate points in time during the audit engagement,
including audit documentation relating to: (A90–A93)

(a) Significant matters

(b) Significant judgments, relating to difficult or contentious matters identified during the audit engagement,
and the conclusions reached
(c) Other matters that, in the engagement partner’s professional judgment, are relevant to the engagement
partner’s responsibilities

Engagement partner documents the date, extent of the review and need not review all audit documentation.

Significant judgments to audit engagement may include matters related to overall audit strategy and audit plan,
execution of engagement and overall conclusions reached by engagement team.

 Matters related to planning the engagement, such as materiality

 Composition of engagement team, including:
i. Personnel using expertise in a specialized area of accounting or auditing
ii. Personnel from service delivery centers.
 Decision to involve auditor’s expert, including the decision to involve an external expert
 Engagement team’s consideration of information obtained in acceptance and continuance process
 Engagement team’s risk assessment process
 Engagement team’s consideration of related party relationships and transactions and disclosures
 Results of the procedures performed by engagement team on significant areas of the engagement
(accounting estimates, accounting policies or going concern considerations)
 In group audit:
i. Overall group audit strategy and audit plan
ii. Decisions about involvement of component auditors
iii. Evaluation of work performed by component auditors and the conclusions drawn therefrom

Consultation

Engagement partner shall: (A99–A102)

a. Take responsibility for the engagement team undertaking consultation on:

(i) Difficult or contentious matters and matters on which firm’s policies or procedures require consultation

(ii) Other matters that require consultation

b. Determine that members of engagement team have undertaken appropriate consultation during the
audit engagement, both within the engagement team, and between the engagement team and others at
the appropriate level within or outside the firm
 c. Determine nature, scope and conclusions resulting from consultations are agreed with the party
consulted
d. Determine that conclusions agreed have been implemented

ISQM 1 requires firm to establish a quality objective that addresses consultation on difficult or contentious matters
and how the conclusions agreed are implemented. Consultation may be required for:

 Issues that are complex or unfamiliar (accounting estimate with a high degree of estimation uncertainty)
 Limitations imposed by management
 Non-compliance with laws or regulations
 Significant risks
 Significant transactions outside the normal course of business for the entity, or unusual

Engagement Quality Review:

Audit engagements for which an engagement quality review is required, engagement partner shall: (A103)

(a) Determine that an engagement quality reviewer has been appointed

(b) Cooperate with engagement quality reviewer
(c) Discuss significant matters and judgments arising during the audit engagement, including those identified
during the engagement quality review, with the engagement quality reviewer
(d) Not date the auditor’s report until the completion of the engagement quality review. (A104–A106)

Engagement partner may assign responsibility for coordinating requests from the engagement quality reviewer
to another member of the engagement team.

Differences of Opinion

If differences of opinion arise within the engagement team, or between the engagement team and the
engagement quality reviewer or individuals performing activities within the firm’s system of quality
management, including those who provide consultation, the engagement team shall follow the firm’s policies or
procedures for dealing with and resolving such differences of opinion. (A107–A108)

The engagement partner shall:

(a) Take responsibility for differences of opinion being addressed and resolved in accordance with the firm’s
policies or procedures
(b) Determine that conclusions reached are documented and implemented
(c) Not date the auditor’s report until any differences of opinion are resolved

If engagement partner is not satisfied with resolution of the difference of opinion, he will:

 Seeking legal advice

 Withdrawing from audit engagement, when withdrawal is possible under applicable law or regulation

Monitoring and Remediation:

ISQM 1 requires the firm to communicate to engagement team information about the firm’s monitoring and
remediation process.
Engagement partner may also determine whether additional remedial actions are needed. For example:

 Auditor’s expert is needed

 Nature, timing and extent of direction, supervision and review needs to be enhanced in an area of the
audit where deficiencies have been identified

Identified deficiency in firm’s system of quality management does not necessarily indicate that an audit
engagement was not performed in accordance with professional standards and applicable legal and regulatory
requirements, or that the auditor’s report was not appropriate in the circumstances.

Taking Overall Responsibility for Managing and Achieving Quality:

ISQM 1 requires firm to establish a quality objective addressing engagement team’s understanding and fulfillment
of their responsibilities in connection with the engagement.

Indicators engagement partner may not have been sufficiently and appropriately involved include:

 Evidence that those to whom tasks, actions or procedures assigned were not adequately informed
 Lack of timely review by engagement partner (reviewing assessment of risks of material misstatement)
 Lack of evidence of engagement partner’s direction and supervision of other members and review of their
work

Documentation:

Auditor shall include in audit documentation: (A117–A120)

(a) Matters identified, relevant discussions with personnel, and conclusions reached with respect to:

(i) Fulfillment of responsibilities relating to relevant ethical requirements, including those related to independence

(ii) Acceptance and continuance of client relationship and audit engagement

(b) Nature, scope and conclusions from consultations and how conclusions were implemented

(c) If audit engagement is subject to engagement quality review, that engagement quality review has been
completed on or before the date of the auditor’s report

It is neither necessary nor practicable for auditor to document every matter considered, or professional judgment
made, in an audit.

Documentation of the performance of the requirements of this ISA, may be accomplished in different ways.

 Direction can be documented through signoffs of the audit plan and project management activities
 Minutes from formal meetings may provide evidence of clarity, consistency and effectiveness of
engagement partner’s communications and other actions in respect of culture and expected behaviors
that demonstrate the firm’s commitment to quality
 Signoffs by engagement partner and other members of the engagement team provide evidence that the
working papers were reviewed
ISA 230 Audit Documentation

Purpose of Audit Documentation:

Audit documentation provides evidence:

(a) Auditor’s basis for conclusion about the achievement of overall objectives
(b) Audit planned and performed in accordance with ISAs and applicable legal and regulatory requirements

Additional purposes of audit documentation:

 Assisting engagement team to plan and perform the audit

 Assisting engagement team members responsible for supervision
 Enabling engagement team to be accountable for its work
  Enabling conduct of engagement quality and other types of reviews, and monitoring activities under the
firm’s system of quality management
 Enabling conduct of external inspections in accordance with applicable legal, regulatory or other
requirements
 Retain a record of matters of continuing significance to future audits

Definitions:

Experienced auditor – An individual (whether internal or external to the firm) who has practical audit experience,
and a reasonable understanding of:

 Audit processes (e.g. Planning and performance, Test of internal control etc.)
 ISAs and applicable legal and regulatory requirements
 Business environment in which entity operates
 Auditing and financial reporting issues relevant to the entity’s industry

Documentation prepared after the audit work has been performed is likely to be less accurate.

Documentation of the Audit Procedures Performed and Audit Evidence Obtained:

Form, Content and Extent of Audit Documentation

Auditor prepare audit documentation sufficient to enable an experienced auditor, having no previous connection
with the audit, to understand: (A2–A5, A16–A17)

(a) Nature, timing and extent of audit procedures performed to comply with ISAs and applicable legal and
regulatory requirements (A6–A7)
(b) Results of audit procedures performed, audit evidence obtained
(c) Significant matters arising during the audit, conclusions reached, and professional judgments made in
reaching those conclusions (A8–A11)

Form, content and extent of audit documentation depend on factors:

 Nature of audit procedures to be performed

 Identified risks of material misstatement
 Size and complexity of entity
 Significance of audit evidence obtained
 Audit methodology and tools used
 Need to document a conclusion or the basis for a conclusion

Types of audit documentation:

Audit documentation may be recorded on paper or on electronic or other media and include:

 Audit programs
 Analyses
 Written representation
 Summaries of significant matters
 Checklists
  Correspondence (including e-mail) concerning significant matters

Audit documentation is not a substitute for entity’s accounting records. It is neither necessary nor practicable for
auditor to document every matter considered, or professional judgment made, in an audit.

Permanent audit file:

a. Names of shareholders, those charged with governance, management

b. Client’s industry and business
c. Systems information
d. Copies of contract and agreements

Current audit file:

Audit work for a specific period is kept on a current file and include:

a. Planning
 Client information
 Accounting policies
 Laws and regulations affecting the company
 Audit risks
 Audit strategy
 Materiality assessment
 Draft financial statements
 Preliminary analytical procedures
b. Performance
 Lead schedule (total figures which agree to the financial statement)
 Back-up schedules (breakdowns of totals into relevant sub-totals)
 Audit work program detailing (objectives, Work completed, samples selection, Conclusions)
c. Completion
 Going concern review
 Subsequent events review
 Written representation from management
 Draft final financial statements

Documentation of Significant Matters and Related Significant Professional Judgments:

Significant matters include:

 Results of audit procedures indicating financial statements could be materially misstated or need to revise
auditor’s previous assessment of risks of material misstatement
 Difficulty in applying audit procedures
 Matters that give rise to significant risks
 Modification to the audit opinion or inclusion of an Emphasis of Matter paragraph in auditor’s report

Audit documentation relating to the use of professional judgment include:

  Document authenticity when further investigation (appropriate use of an expert) caused the auditor to
believe that document may not be authentic
 Accounting estimate and disclosures are reasonable or are misstated
 Reasonableness of areas of subjective judgments made by management
 Key audit or nor no key audit matters to be communicated

Considerations Specific to Smaller Entities:

 Audit documentation for audit of smaller entity is less extensive than a larger entity
 Where engagement partner performs all the audit work, the documentation will not include matters
related to direction, supervision or review

In documenting nature, timing and extent of audit procedures performed, the auditor shall record:

(a) Identifying characteristics of specific items or matters tested

(b) Who performed the audit work and the date work was completed
(c) Who reviewed the audit work performed and the date and extent of such review

Identifying characteristics of items tested means indicating source from which items were selected and selection
criteria.

 Selecting high value items from a population (All journal entries over certain amount)
 Systematic selection from a population (Started with specific voucher and select every nth voucher)
 Inquiries of specific entity personnel ()

Requirement to document who reviewed the audit work performed does not imply a need for each specific
working paper to include evidence of review.

Departure from a Relevant Requirement:

If, auditor depart from a relevant requirement in an ISA, auditor shall document how the alternative audit
procedures performed achieve the aim of that requirement, and the reasons for departure.

Matters arising after the Date of the Auditor’s Report:

If auditor performs new or additional audit procedures or draws new conclusions after the date of the auditor’s
report, auditor shall document:

(a) Circumstances
(b) New or additional audit procedures performed, audit evidence obtained, and conclusions reached, and
their effect on auditor’s report
(c) When and by whom the resulting changes to audit documentation were made and reviewed

Assembly of the Final Audit File:

Appropriate time limit to complete the assembly of the final audit file is ordinarily not more than 60 days after the
date of the auditor’s report.

Retention period for audit engagements ordinarily is no shorter than five years from the date of the auditor’s
report, or from group auditor’s report, when applicable.

Completion of the assembly of final audit file is an administrative process and changes may be made if they are
administrative in nature. Examples of such changes include:

 Signing off on completion checklists

 Sorting and cross-referencing working papers
 Superseded documentation deletion

ISA 240 (AUDITOR’S RESPONSIBILITIES RELATING TO FRAUD IN AN AUDIT OF FINANCIAL STATEMENTS)

Misstatements in financial statements can arise from:

 Fraud (intentional)
 Error (unintentional)

Two types of intentional misstatements:

 Fraudulent financial reporting

 Misappropriation of assets

Auditor does not make legal determinations of whether fraud has actually occurred
Fraudulent financial reporting may be accomplished by the following:

 Manipulation, falsification, or alteration of accounting records or supporting documentation from which

the financial statements are prepared
 Misrepresentation in, or intentional omission from, the financial statements of events, transactions or
other significant information
 Intentional misapplication of accounting principles relating to amounts, classification, presentation, or
disclosure

Fraudulent financial reporting often involves management override of controls and include:

 Misstating or omitting disclosures required by applicable financial reporting framework

 Inappropriately changing assumptions and judgments used to estimate account balances
 Recording fictitious journal entries, particularly close to year end to manipulate results
 Omitting, advancing or delaying recognition of events and transactions
 Concealing facts that affect amounts recorded in financial statements
 Complex transactions structured to misrepresent financial performance or financial position

Misappropriation of assets involves theft of an entity’s assets and is often perpetrated by employees in relatively
small and immaterial amounts. However, it can also involve management and include:

 Embezzling receipts (misappropriating collections on accounts receivable or diverting receipts in respect

of written-off accounts to personal bank accounts)
 Stealing physical assets or intellectual property (stealing inventory, scrap, disclosing technological data)
 Causing an entity to pay for goods and services not received (payments to fictitious vendors, employees,
kickbacks for inflating prices)
 Using an entity’s assets for personal use (entity’s assets as collateral for a personal loan or a loan to a
related party)

Responsibility for the Prevention and Detection of Fraud:

Primary responsibility for prevention and detection of fraud rests with those charged with governance and
management. Risk of not detecting a material misstatement from fraud is higher than risk of not detecting one
resulting from error. Fraud may involve sophisticated schemes designed to conceal it. Such concealment may be
even more difficult to detect when accompanied by collusion. Collusion may cause auditor to believe that audit
evidence is persuasive when it is false.

Risk of the auditor not detecting a material misstatement resulting from management fraud is greater than for
employee fraud. Audit procedures that are effective for detecting error may not be effective in detecting fraud.

Auditor may have additional responsibilities under law, regulation or relevant ethical requirements which may
differ from this and other ISAs: (A6)

(a) Responding to identified or suspected non-compliance with laws and regulations, including
communications with management and those charged with governance, assessing their response to non-
compliance and determining whether further action is needed
 (b) Communicating identified or suspected non-compliance with laws and regulations to other auditors
(audit of group financial statements)
(c) Documentation requirements regarding identified or suspected non-compliance with laws and regulations

Fraud – Intentional act by one or more individuals among management, those charged with governance,
employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage.

Fraud risk factors – Events or conditions that indicate an

 Incentive or pressure (inherent risk / earnings target / individuals are living beyond their means)
 Opportunity (inherent risk / deficiencies in internal control)
 Rationalizations (deficiencies in control environment)

Professional Skepticism:

Auditor maintain professional skepticism throughout the audit, notwithstanding the auditor’s past experience of
honesty and integrity of the entity’s management and those charged with governance.

Audit rarely involves authentication of documents, nor auditor trained as or expected to be an expert in
authentication.

Discussion among the Engagement Team:

Discussion:

 Provide opportunity for experienced engagement team members to share insights where financial
statements may be susceptible to material misstatement due to fraud
 Enables auditor to consider appropriate response to such susceptibility and determine which members of
engagement team will conduct certain audit procedures
 Permits auditor to determine how the results of audit procedures will be shared among engagement team
and how to deal with any allegations of fraud that may come to the auditor’s attention

Discussion may include such matters as:

 Exchange of ideas among engagement team members

 Circumstances of earnings management
 Management may present disclosures that may obscure a proper understanding (including too much
immaterial information)
 Incorporate unpredictability into the nature, timing and extent of audit procedures to be performed
 Allegations of fraud that have come to the auditor’s attention
 Risk of management override of controls

Risk Assessment Procedures and Related Activities:

1. Management and Others within the Entity:

(a) Management’s assessment of risk including nature, extent and frequency of such assessments (A13–A14)
(b) Management’s process for identifying and responding to risks of fraud (A15)
 (c) Management’s communication to those charged with governance regarding its processes for identifying
and responding to risks of fraud
(d) Management’s communication to employees regarding business practices and ethical behavior

2. Others within the entity to whom auditor may inquire about the existence or suspicion of fraud include:

 Operating personnel not directly involved in financial reporting process

 Employees with different levels of authority
 Employees involved in initiating, processing or recording complex or unusual transactions and those who
supervise or monitor such employees
 In-house legal counsel

3. Those Charged with Governance:

Those charged with governance oversee entity’s systems for monitoring risk, financial control and compliance with
the law. Understanding of the oversight exercised by those charged with governance may be obtained by:

 Attend meetings
 Minutes of meetings
 Inquiries

4. Unusual or Unexpected Relationships Identified in performing analytical procedures

5. Other Information such as review interim financial information

Evaluation of Fraud Risk Factors:

1. Risk Factors Relating to Misstatements Arising from Fraudulent Financial Reporting:

Incentives/Pressures

Financial stability or profitability is threatened by economic, industry, or entity operating conditions, such as:

 High degree of competition

 High vulnerability to rapid changes, such as changes in technology
 Significant declines in customer demand
 Operating losses
 Recurring negative cash flows from operations

Excessive pressure to meet the requirements of third parties due to the following:

 Profitability or trend level expectations

 Obtain additional debt or equity financing
 Exchange listing requirements

Personal financial situation of management or those charged with governance is threatened by the entity’s
financial performance:

 Significant financial interests

  Significant portions of contingent compensation
 Personal guarantees of debts of the entity

Opportunities

Nature of industry or entity’s operations provides opportunities

 Significant related-party transactions

 Significant estimates that involve subjective judgments
 Significant transactions close to period end

Monitoring of management is not effective as a result of following:

 Domination of management by a single person or small group

 Oversight by those charged with governance over financial reporting process and internal control is not
effective

Attitudes/Rationalizations

 Nonfinancial management’s excessive participation in selection of accounting policies or determination of

significant estimates
 Known history of violations of securities laws or other laws and regulations
 Committing to analysts, creditors, and other third parties to achieve aggressive or unrealistic forecasts
 Minimize reported earnings for tax-motivated reasons
 Relationship between management and current or predecessor auditor is strained

2. Risk Factors Arising from Misstatements Arising from Misappropriation of Assets

Incentives/Pressures

 Personal financial obligations may create pressure on management or employees with access to cash or
other assets susceptible to theft
 Adverse relationships between entity and employees with access to cash or other assets susceptible to
theft (anticipated future employee layoffs, employee compensation)

Opportunities

 Large amounts of cash on hand

 Inventory items that are small in size, of high value, or in high demand
 Easily convertible assets, such as bearer bonds, diamonds, or computer chips

Inadequate controls over assets

 Lack of timely reconciliations of assets.

 Lack of timely documentation of transactions
 Lack of segregation of duties

Attitudes/Rationalizations

 Disregard for controls over misappropriation of assets

 Changes in behavior or lifestyle
 Tolerance of petty theft
Identification and Assessment of the Risks of Material Misstatement Due to Fraud

Auditor shall identify and assess risks of material misstatement due to fraud. Auditor based on presumption that
there are risks of fraud in revenue recognition, evaluate which types of revenue, revenue transactions or
assertions give rise to such risks. Auditor shall identify entity’s controls that address such risks, and evaluate their
design and determine whether they have been implemented.

Risks of fraud in revenue recognition

 Overstatement of revenues, for example, premature revenue recognition or recording fictitious revenues
 Understatement of revenues, for example, improperly shifting revenues to a later period
 Substantial portion of revenues through cash sales

Responses to the Assessed Risks of Material Misstatement Due to Fraud

Overall Responses

(a) Assign and supervise personnel taking account of knowledge, skill and ability (e.g. forensic and IT experts)
(b) Evaluate selection and application of accounting policies, particularly those related to subjective
measurements and complex transactions, may be indicative of fraudulent financial reporting
(c) Unpredictability in selection of nature, timing and extent of audit procedures (e.g. different sampling
methods, audit procedures at different locations)

Audit Procedures Responsive to Assessed Risks of Material Misstatement Due to Fraud at the Assertion Level

Responses to fraud at the assertion level may include changing the nature, timing and extent of audit procedures:

 Nature of audit procedures changed to obtain audit evidence that is more reliable and relevant or to
obtain additional corroborative information. (use computer-assisted audit techniques)
 Timing of substantive procedures may need to be modified. (performing substantive testing at or near
period end)
 Extent reflects the assessment of risks of material misstatement due to fraud. (Increasing sample sizes or
performing analytical procedures at a more detailed level)

If auditor identifies a risk of material misstatement due to fraud that affects inventory quantities, auditor observe
inventory counts at certain locations on an unannounced basis or to conduct inventory counts at all locations on
the same date.

Audit Procedures Responsive to Risks Related to Management Override of Controls

(a) Test journal entries in general ledger and other adjustments. Auditor shall:

(i) Inquire from individuals about inappropriate or unusual activity relating to the processing of journal entries and
other adjustments

(ii) Select journal entries and other adjustments at year end

(iii) Consider the need to test journal entries and other adjustments throughout the period

When identifying and selecting journal entries and other adjustments for testing, the following matters are of
relevance:
  Identification and assessment of risks of material misstatement due to fraud
 Controls over journal entries and other adjustments
 Characteristics of fraudulent journal entries or other adjustments (end of the period or post-closing
entries)
 Nature and complexity of accounts (inter-company transactions, unreconciled differences)

(b) Review accounting estimates.

i. Evaluate whether accounting estimates indicate a possible bias. Reevaluate estimates as a whole
ii. Retrospective review significant accounting estimates

(c) Transactions outside the normal course of business (complex, inadequate documentation)

Evaluation of Audit Evidence

 Whether analytical procedures indicate unrecognized risk of material misstatement due to fraud (e.g.
Unusual relationships involving year-end revenue and income)
 Whether misstatement is indicative of fraud (insignificant fraud may be significant if it involves senior
management)
 Whether conditions indicate possible collusion when reconsidering the reliability of evidence previously
obtained

Auditor Unable to Continue the Engagement

(a) Determine professional and legal responsibilities, whether to report persons who made the audit
appointment or regulatory authorities
(b) Withdraw from engagement, where withdrawal is possible under applicable law or regulation
(c) If the auditor withdraws:
i. Discuss with management and those charged with governance and reasons for withdrawal
ii. Determine professional or legal requirement to report to persons who made the audit appointment
or regulatory authorities, the auditor’s withdrawal from the engagement and the reasons for
withdrawal

Auditor may seek legal advice when deciding withdraw from engagement and of reporting to shareholders,
regulators or others.

Written Representations:

Auditor obtain written representations from management and those charged with governance that they:

(a) Acknowledge their responsibility for internal control to prevent and detect fraud
(b) Disclosed management’s assessment of risk that financial statements may be materially misstated as a
result of fraud
(c) Disclosed their knowledge of fraud, or suspected fraud involving:
 Management
  Employees who have significant roles in internal control
 Others where fraud have a material effect on financial statements
d. Disclosed their knowledge of any allegations of fraud, or suspected fraud communicated by employees,
former employees, analysts, regulators or others

Communications to Management and with Those Charged with Governance

 If fraud exist, auditor communicate, unless prohibited by law or regulation, with appropriate level of
management and those charged with governance. A61–A66
 Appropriate level of management is at least one level above the persons who appear to be involved with
the suspected fraud
 Auditor’s communication with those charged with governance may be made orally or in writing
 If auditor has doubts about the integrity or honesty of management or those charged with governance,
the auditor may obtain legal advice in determining the appropriate course of action

Reporting Fraud to an Appropriate Authority outside the Entity

Auditor determine whether law, regulation or relevant ethical requirements require auditor to report to an
appropriate authority outside the entity.

Documentation:

(a) Significant decisions during the discussion among engagement team regarding susceptibility of the entity’s
financial statements to material misstatement due to fraud
(b) Identified and assessed risks of material misstatement due to fraud at the financial statement level and at
the assertion level
(c) Identified controls address assessed risks of material misstatement due to fraud

Audit documentation include overall responses, results of audit procedures and communications about fraud to
management, those charged with governance, regulators and others.
ISA 250 CONSIDERATION OF LAWS AND REGULATIONS IN AN AUDIT OF FINANCIAL STATEMENTS

Effect of Laws and Regulations:

Provisions of laws or regulations have a direct effect on the financial statements that they determine:

 Reported amounts and disclosures

 Legal rights and obligations
 Applicable financial reporting framework
 Non-compliance penalties

Responsibility for Compliance with Laws and Regulations:

Management, with oversight of those charged with governance, responsible to ensure entity’s operations are
conducted in accordance with provisions of laws and regulations.

Entity Policies and procedures in prevention and detection of non-compliance with laws and regulations:

 Register of laws and regulations within its industry

  Developing a code of conduct
 Instituting systems of internal control
 Monitoring legal requirements and any changes
 Maintaining a record of complaints
 Legal advisors to assist in legal requirements

In larger entities, policies and procedures may be supplemented by assigning appropriate responsibilities to:

 Internal audit function

 Audit committee
 Compliance function

Responsibility of the Auditor:

Auditor is not responsible for preventing non-compliance and cannot be expected to detect non-compliance with
all laws and regulations. Non-compliance is ultimately determined by court or other appropriate body.

Auditor’s responsibilities:

 Obtain a general understanding of legal and regulatory framework applicable to entity and industry (by
consulting the register of relevant laws and regulations or discussion with in-house legal staff)
 Determining how entity is complying with that framework
 Obtain sufficient appropriate audit evidence regarding compliance with those laws and regulations
directly effect financial statements (e.g. Tax and pension laws)
 Obtaining general understanding of other laws and regulations applicable to the entity which may
fundamentally affect the operations of the entity (operating license, solvency requirements and
environmental regulations)

Non-compliance does not include personal misconduct unrelated to the business activities of the entity.

Auditor perform following audit procedures to identify non-compliance with other laws and regulations:

a. Inquiring management, those charged with governance and in-house or external legal counsel
b. Inspecting correspondence with licensing or regulatory authorities
c. Other audit procedures that may bring instances of non-compliance. Such as:
I. Reading minutes
II. Performing substantive tests of details of classes of transactions, account balances or disclosures

Written representations do not provide sufficient appropriate audit evidence.

Audit Procedures When Non-Compliance Is Identified or Suspected:

1. Auditor shall obtain:

a. Understanding of nature of act and circumstances in which it has occurred

b. Possible effect on financial statements (e.g. fines, penalties, litigation)

2. Auditor discuss the matter, unless prohibited by law or regulation, with appropriate level of management and
those charged with governance. If management or those charged with governance do not provide sufficient
information to the auditor, auditor may consult:
  In-house or external legal counsel
 Others within the firm, a network firm, a professional body

3. Auditor evaluate effect of lack of sufficient appropriate audit evidence on:

 Auditor’s opinion
 Other aspects of audit e.g. risk assessment and reliability of written representations (e.g. evidence of
involvement of management and TCWG)

Indication of non-compliance with laws and regulations:

 Investigations by regulatory organizations and government departments or payment of fines or penalties

 Purchasing at prices significantly different from market prices
 Unauthorized transactions or improperly recorded transactions
 Adverse media comment
 Excessive sales commissions or agents’ fees
 Unusual transactions with companies registered in tax havens

Communicating and Reporting Identified or Suspected Non-Compliance:

Auditor communicate, unless prohibited by law or regulation, with those charged with governance matters
involving non-compliance with laws and regulations.

If management or those charged with governance are involved in non-compliance, auditor shall communicate the
matter to next higher level of authority, if it exists, such as an audit committee or supervisory board. Where no
higher authority exists, or if auditor believes that communication may not be acted upon or is unsure as to the
person to whom to report, the auditor shall obtain legal advice.

Potential Implications of Identified or Suspected Non-Compliance for the Auditor’s Report:

If auditor concludes non-compliance has a material effect, and has not been adequately reflected in the financial
statements, auditor express a qualified opinion or an adverse opinion on the financial statements.

If auditor is precluded from obtaining sufficient appropriate audit evidence, auditor express qualified opinion or
disclaim an opinion on the basis of a limitation on the scope of audit.

If auditor is unable to determine whether non-compliance has occurred because of limitations imposed by the
circumstances, auditor shall evaluate the effect on auditor’s opinion.

In certain other circumstances, auditor may communicate non-compliance in auditor’s report:

 Auditor has other reporting responsibilities, in addition ISAs

 Auditor determines non-compliance is a key audit matter
 If management or those charged with governance do not take remedial action that auditor considers
appropriate and withdrawal from engagement is not possible, auditor may consider describing identified
or suspected non-compliance in an Other Matter paragraph

Documentation:

Audit documentation include non-compliance with laws and regulations and:

 a. Audit procedures performed, professional judgments made and conclusions reached
b. Discussions related to non-compliance with management, those charged with governance and others with
their response

ISA 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE

Scope

Applies irrespective of an entity’s governance structure or size and to audit of other historical financial information
when those charged with governance responsible to oversee the preparation of other historical financial
information.

Management and auditor both have responsibilities to communicate with TCWG. Communication by management
does not relieve auditor of this responsibility or vice versa.

Objectives (Reasons for communicating to those charged with governance):

a. To communicate TCWG responsibilities of auditor and planned scope and timing of audit
b. To obtain from TCWG information relevant to audit
c. To provide TCWG significant matters on a timely basis
d. To promote two-way communication between auditor and TCWG

Auditor determine appropriate person(s) within the entity’s governance structure with whom to communicate.

 In some cases, TCWG are involved in managing entity or approving financial statements
 In some smaller entities, one person may be charged with governance
  In some cases, governance is a collective responsibility, a subgroup such as audit committee, assist
governing body in meeting its responsibilities

If auditor communicates subgroup of TCWG, auditor determine whether there is also a need to communicate with
the governing body. (A5–A7)

When communicate subgroup, auditor may take into account:

 Responsibilities of subgroup and governing body

 Nature of matter to be communicated
 Legal or regulatory requirements
 Subgroup has authority to take action and can provide further information

Auditor may make explicit in agreeing terms of engagement that, unless prohibited by law or regulation, the
auditor retains the right to communicate directly with the governing body.

Matters to Be Communicated:

1. Auditor’s Responsibilities in relation to Financial Statement Audit (e.g. opinion on financial statements)
2. Planned Scope and Timing of Audit (A11–A16)

Communication regarding planned scope and timing of audit may:

(a) Assist TCWG to understand auditor’s work, discuss risk, materiality, areas in which they request auditor to
undertake additional procedures

(b) Assist auditor to understand entity and its environment

Matters communicated may include:

 How auditor plans to address significant and higher assessed risks of material misstatement, whether due
to fraud or error
 Auditor approach to internal control
 Application of materiality
 Auditor’s preliminary views about key audit matters
 Use of an auditor’s expert
 Use work of internal audit function or internal auditors to provide direct assistance

3. Significant findings from audit, such as:

(a) Auditor’s views about qualitative aspects of accounting practices, including accounting policies, accounting
estimates and financial statement disclosures (A19–A20 Appendix 2)

(b) Significant difficulties during audit

 Unexpected effort to obtain sufficient appropriate audit evidence

 Restrictions from management
 Management’s unwillingness to make assessment of entity’s ability to continue as a going concern

(c) Unless all of TCWG involved in managing the entity:

(i) Significant matters discussed with management (A22)

 Significant events or transactions during the year

 Business conditions affecting entity
 Significant matters on which there was disagreement with management

(ii) Written representations

(d) Circumstances that affect the form and content of auditor’s report (A23–A25)

 Material uncertainty related to going concern

 Key audit matters
 Emphasis of Matter paragraph or Other Matter paragraph
 Auditor expects to modify opinion in auditor report
 Uncorrected material misstatement of other information

(e) Other matters arising during audit (A26–A28)

4. Auditor Independence

In case of listed entities, auditor communicate with TCWG:

 Engagement team and others have complied with relevant ethical requirements regarding independence
 Professional fees for audit and non-audit services charged during the period
 Applying safeguards to reduce the threats to an independence

Communication Process:

1. Establishing the Communication Process (A37–A45)

Matters contribute to effective two-way communication include:

 Purpose of communications
 Form of communications
 Person(s) in engagement team and TCWG who will communicate
 Auditor’s expectation TCWG communicate with the auditor matters they consider relevant to the audit
 Process for taking action and reporting back on matters communicated by the auditor
 Process for taking action and reporting back on matters communicated by those charged with governance

Communication process vary with the circumstances, including size and governance structure, how those charged
with governance operate, and auditor’s view of the significance of matters to be communicated.

Before communicating matters with TCWG, auditor discuss them with management, unless inappropriate. When
entity has an internal audit function, auditor may discuss matters with internal auditor before communicating with
TCWG.

2. Forms of Communication

 Auditor independence will be communicated in writing with TCWG

 Other matters may be communicate in writing considering significance of the matter (e.g. legal
requirement) or oral. Written communications need not include all matters. (A46–A48)
3. Timing of Communications (A49–A50)

 Planning matters early in the audit engagement and, for an initial engagement, as part of agreeing the
terms of the engagement
 Significant difficulty (e.g. significant misstatements, scope limitations or deficiencies in internal control) as
soon as practicable
 Preliminary views about key audit matters when discussing planned scope and timing of audit
 Independence whenever significant judgments are made about threats to independence

4. Adequacy of the Communication Process (A51–A53)

 Appropriateness and timeliness of actions taken by TCWG in response to matters raised by auditor
 Openness of TCWG in their communications with auditor
 Willingness of TCWG to meet with the auditor without management present
 Communication between auditor and TCWG meets applicable legal and regulatory requirements

If two-way communication between auditor and TCWG is not adequate, auditor may take such actions:

 Modifying auditor’s opinion on the basis of a scope limitation

 Obtaining legal advice
 Communicating with third parties
 Withdrawing from the engagement, where withdrawal is possible under applicable law or regulation

Documentation:

 In oral, auditor shall include them in audit documentation, and when and whom they were communicated
(copy of minutes prepared by entity)
 In writing, auditor shall retain a copy of communication as part of audit documentation
ISA 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND
MANAGEMENT

Scope:

In making risk assessments, auditor considers entity’s internal control to design audit procedures, but not for the
purpose of expressing an opinion on the effectiveness of internal control.

Definitions:

(a) Deficiency in internal control:

 Control is designed, implemented or operated in such a way that it is unable to prevent, or detect and
correct, misstatements in financial statements on a timely basis
 Control necessary to prevent, or detect and correct, misstatements in financial statements on a timely
basis is missing

(b) Significant deficiency in internal control – A deficiency or combination of deficiencies in internal control that, in
the auditor’s professional judgment, is of sufficient importance to merit the attention of those charged with
governance (A5)

Determination of Whether Deficiencies in Internal Control Have Been Identified:

Auditor determine deficiencies in internal control and discuss findings with level of management:

 Familiar with internal control area

 Authority to take remedial action
Significant Deficiencies in Internal Control: (A5–A11)

Following matters auditor consider in determining significant deficiency:

 Likelihood of deficiencies leading to material misstatements

 Susceptibility to loss or fraud of the related asset or liability
 Subjectivity and complexity of estimated amounts, such as fair value accounting estimates
 Financial statement amounts exposed to deficiencies
 Importance of controls to financial reporting process:
General monitoring controls (such as oversight of management)
Controls over prevention and detection of fraud
Controls over selection and application of significant accounting policies
Controls over significant transactions with related parties
Controls over significant transactions outside the entity’s normal course of business
Controls over period-end financial reporting process (such as controls over non-recurring journal entries)

Indicators of significant deficiencies in internal control include:

 Ineffective aspects of control environment, such as:

Significant transactions in which management is financially interested are not being scrutinized by TCWG

Identification of management fraud not prevented by internal control

Management’s failure to implement remedial action deficiencies previously communicated

 Absence of risk assessment process

 Ineffective risk assessment process
 Ineffective response to identified significant risks
 Management’s inability to oversee preparation of financial statements
 Restatement of previously issued financial statements

Significant deficiencies may exist even though the auditor has not identified misstatements during the audit.

Communication of Deficiencies in Internal Control:

1. Communication of Significant Deficiencies in Internal Control to Those Charged with Governance (A12–A18, A27)

Communicating in writing assists TCWG fulfilling their oversight responsibilities

Communication enabling TCWG to discharge their oversight responsibilities. For listed entities, TCWG may need to
receive auditor’s written communication before the date of approval of financial statements to discharge
responsibilities in relation to internal control for regulatory or other purposes.

Factors that auditor consider in determining an appropriate level of detail for the communication include:

 Nature of entity
 Size and complexity of entity
 Nature of significant deficiencies
 Governance composition
  Legal or regulatory requirements

Auditor communicated a significant deficiency to TCWG and management in a previous audit does not eliminate
the need for the auditor to repeat the communication if remedial action has not yet been taken.

Auditor communicate to management at an appropriate level of responsibility on a timely basis: (A19, A27)

(a) In writing, significant deficiencies in internal control that auditor has communicated or intends to communicate
to TCWG, unless it would be inappropriate to communicate directly to management (A14, A20–A21)

(b) Other deficiencies in internal control identified during the audit that are of sufficient importance to merit
management’s attention (A22–A26)

Communication of other deficiencies in internal control need not be in writing but may be oral.

If auditor has communicated deficiencies in internal control other than significant deficiencies to management in a
prior period and management has chosen not to remedy, auditor need not repeat the communication in the
current period.

Content of Written Communication of Significant Deficiencies in Internal Control:

Auditor include in written communication:

a. Description of deficiencies and potential effects (A28)

b. Sufficient information to enable TCWG and management to understand the context of
communication. Auditor shall explain that: (A29–A30)

(i) Purpose of the audit was for the auditor to express an opinion on the financial statements;

(ii) The audit included consideration of internal control relevant to the preparation of the financial statements in
order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing
an opinion on the effectiveness of internal control

(iii) The matters being reported are limited to those deficiencies that the auditor has identified during the audit
and that the auditor has concluded are of sufficient importance to merit being reported to those charged with
governance
ISA 300 PLANNING AN AUDIT OF FINANCIAL STATEMENTS

Purpose of planning:

Planning an audit involves establishing overall audit strategy for the engagement and developing an audit plan.
Planning benefits audit in several ways: (A1–A4)

 Selection of engagement team members with appropriate capabilities and competence

 Identify and resolve potential problems on a timely basis
 Properly organize and manage audit engagement
 Coordination of work done by auditors of components and experts
 Attention to important areas of the audit
 Direction, supervision and review of engagement team members

Planning includes the need to consider, prior to auditor’s identification and assessment of risks of material
misstatement, such matters as:

 Materiality determination
 Experts involvement
 General understanding of legal and regulatory framework
 Analytical procedures to be applied as risk assessment procedures

In planning the audit, auditor may use project management techniques and tools. The overall audit strategy and
the audit plan remain the auditor’s responsibility.
Involvement of Key Engagement Team Members:

Engagement partner and other key members of engagement team involved in planning the audit, including
planning and participating in the discussion among engagement team members.

Preliminary Engagement Activities:

Auditor undertake following activities at the beginning of current audit engagement:

a. Performing procedures regarding acceptance and continuance of client relationship and the specific
audit engagement
b. Evaluating compliance with relevant ethical requirements, including those related to independence
c. Establishing an understanding of terms of engagement (A6–A8)

Preliminary engagement activities enables auditor to plan audit engagement in order to:

 Maintain independence
 Determine there are no issues with management integrity that may affect the auditor’s willingness to
continue the engagement
 Determine that there is no misunderstanding with the client as to the terms of the engagement

For continuing audit engagements, initial procedures often occur shortly after the completion of previous audit.

Planning Activities – (Audit strategy and plan):

In overall audit strategy, auditor shall consider:

a. Factors significant in directing the engagement team’s efforts

 Materiality
 Areas of higher risk of material misstatement
 Impact of assessed risk of material misstatement at the overall financial statement level
b. Characteristics of engagement
 Financial reporting framework
 Industry-specific reporting requirements
 Internal auditors can be used to provide direct assistance
 Entity’s use of service organizations
 Effect of information technology on the audit procedures
 Availability of client personnel and data
c. Results of preliminary engagement activities and whether knowledge gained on other engagements
performed by engagement partner for the entity is relevant
d. Engagement reporting objectives to plan timing of audit and nature of communications required
 Timetable for reporting, such as at interim and final stages
 Communication with auditors of components
 Communications among engagement team members
 Communications with third parties
e. Nature, timing and extent of resources
 Human, technological and intellectual resources
 Budgeting including appropriate time for areas of higher risks of material misstatement
Process of establishing overall audit strategy, subject to the completion of the auditor’s risk assessment
procedures, may include:

 Nature of resources (human, technological or intellectual) deployed for specific audit areas (experienced
team members for high risk areas or experts to address complex matters)
 Allocation of resources to specific audit areas (team members to attend physical inventory count or audit
budget in hours to allocate to high risk areas)
 When these resources are deployed (interim audit stage or key cutoff dates)

Audit plan include a description of:

a. Nature, timing and extent of planned direction, supervision and review work of engagement
team members
b. Nature, timing and extent of planned risk assessment procedures
c. Nature, timing and extent of planned further audit procedures at assertion level
d. Any other procedures necessary to conform to ISAs (A15-A17)

Audit plan is more detailed than overall audit strategy. Certain disclosures may contain information that is
obtained from outside of the general and subsidiary ledgers.

Documentation:

Audit documentation include:

a. Overall audit strategy (summarize in the form of memorandum)

b. Audit plan (standard audit programs or audit completion checklists)
c. Any significant changes to the overall audit strategy or audit plan

Additional Considerations in Initial Audit Engagements:

Auditor shall undertake the following activities prior to starting an initial audit:

a. Performing procedures regarding the acceptance of client relationships and audit engagement
b. Communicating with predecessor auditor (A24)

Additional matters:

 Review predecessor auditor’s working papers, unless prohibited by law or regulation

 Audit procedures necessary to obtain sufficient appropriate audit evidence regarding opening balances
ISA 320 MATERIALITY IN PLANNING AND PERFORMING AN AUDIT

Materiality in the Context of an Audit

 Misstatements, including omissions, are material if they, individually or in aggregate, could reasonably be
expected to influence economic decisions of users taken on the basis of financial statements
 Judgments about materiality affected by size or nature of a misstatement
 Judgments about materiality are based on common financial information needs of users as a group.
Specific individual user’s needs are not considered.

Materiality applied by auditor:

(a) Planning and performing audit:

 Determining nature, timing and extent of risk assessment procedures

 Identifying and assessing the risks of material misstatement
 Determining nature, timing and extent of further audit procedures

(b) Evaluating effect of identified misstatements on audit

(c) Uncorrected misstatements on financial statements and in forming opinion in auditor’s report. When evaluating
the effect on financial statements of all uncorrected misstatements, auditor considers not only size but also nature
of uncorrected misstatements.
Determining Materiality and Performance Materiality When Planning the Audit

When establishing the overall audit strategy, the auditor shall determine materiality for the financial statements as
a whole.

Use of Benchmarks in Determining Materiality for the Financial Statements as a Whole:

 Materiality = Chosen Benchmark x Chosen Percentage

Following factors affect benchmark:

 Elements of financial statements (assets, liabilities, equity, revenue, expenses)

 Focus of financial statements users (profit, revenue or net assets)
 Nature of entity
If profit oriented, materiality will be based on profit before tax
If not-for-profit, materiality will be based on total assets/revenue/expenses
 Entity’s ownership structure and financing (users emphasis on assets if financed by debt, users emphasis
on earnings if finance by equity)
 Relative volatility of benchmark (Less volatile is better)

Benchmarks include categories of reported income such as total revenue, gross profit and profit before tax, and
total expenses, total equity or net asset value.

Relevant financial data for benchmark includes:

 Draft financial statement

 Interim financial statement
 Budgets or forecasts for the current period, adjusted for changes in the circumstances
 Prior periods’ financial statement

If financial statements are prepared for a period of more or less than twelve months, materiality relates to the
financial statements prepared for that financial reporting period.

Performance materiality is determined to reduce the probability that aggregate of uncorrected and undetected
misstatements exceeds materiality for the financial statements as a whole.

Performance materiality can be calculated as a sub level of:

 Materiality for financial statements as a whole

 Materiality for a particular class of transaction, account balance or disclosure

Auditor determine performance materiality for assessing risks of material misstatement and determining the
nature, timing and extent of further audit procedures. (A13)

Determination of performance materiality is not a mechanical calculation. It involves exercise of professional

judgment and is based on:

 Auditor’s understanding of entity

 Misstatements identified in previous audits
 Expected misstatements in current period
Revision as the Audit Progresses:

Auditor revise materiality if new information inconsistent with information on which original assessment was
based. (A14)

 Change in circumstances (dispose major part of business)

 Change in auditor’s understanding of the entity and its operations (actual financial results substantially
different from anticipated period-end financial results)

Effect of Revision of Materiality on Audit:

Auditor determine whether it is necessary to:

 Revise performance materiality

 Nature, timing and extent of further audit procedures

Documentation:

Auditor include in audit documentation:

a. Materiality for financial statements as a whole

b. Materiality level for particular classes of transactions, account balances or disclosures
c. Performance materiality
d. Any revision of (a)–(c)

ISA 330 THE AUDITOR’S RESPONSES TO ASSESSED RISKS

Objective:

ISA 315 required auditor to assess following types of risks:

1. Risk at financial statements level

2. Risk at assertion level
3. Significant risks (i.e. risk at assertion level which require special audit consideration)

ISA 330 provides guidance about procedures to be performed to address these risks.

1. To address risk at financial statement level, auditor adapts “Overall Response”

2. To address risk at assertion level, auditor performs “further audit procedures” i.e.
a. Tests of Controls
b. Substantive Procedures (i.e. Analytical Procedures and Tests of Details)

Definitions:

a. Test of controls – Audit procedure designed to evaluate the operating effectiveness of controls
in preventing, or detecting and correcting, material misstatements at the assertion level.
b. Substantive procedure – Audit procedure designed to detect material misstatements at the
assertion level. Substantive procedures comprise:
i. Analytical procedures
ii. Tests of details (of classes of transactions, account balances, and disclosures)
Overall Responses:

To address risks of material misstatement at financial statement level, auditor overall response include:

 Increased professional skepticism during audit of judgmental areas

 Assigning more experienced staff or using experts
 Increased supervision and review of work performed
 Incorporating unpredictability in selection of further audit procedures
 Changes to overall audit strategy, include changes to:
a. Determination of performance materiality
b. Auditor’s plans to tests operating effectiveness of controls
c. Nature, timing and extent of substantive procedures

Auditor response ineffective control environment by:

 Conducting more audit procedures at period end rather than at an interim date
 Obtaining more reliable audit evidence (e.g. from external sources)
 Increasing locations included in audit scope

Audit Procedures Responsive to the Assessed Risks of Material Misstatement at the Assertion Level:

Auditor design and perform further audit procedures whose nature, timing and extent are responsive to the
assessed risks of material misstatement at the assertion level (A4–A8; A43–A54)

Auditor will not design and perform further audit procedures where assessment of risk of material misstatement
is below acceptably low level. However, auditor designs and performs substantive procedures for each material
class of transactions, account balance, and disclosure.

 Nature of audit procedure refers to purpose (risk assessment, test of controls or substantive procedure)
and type (inquiry, inspection, observation, confirmation, recalculation, re performance, or analytical
procedure)
 Timing of audit procedure refers to when it is performed (at interim date or at final date)
 Extent of an audit procedure refers to the quantity (sample size or number of observations of a control)

In designing further audit procedures, auditor shall:

(a) Consider the reasons for the assessment given to the risk of material misstatement at the assertion level for
each significant class of transactions, account balance, and disclosure, including:

i. Likelihood and magnitude of misstatement due to particular characteristics of significant

class of transactions, account balance, or disclosure (inherent risk)
ii. Risk assessment takes account of controls that address risk of material misstatement
(control risk), thereby requiring the auditor to obtain audit evidence to determine
whether the controls are operating effectively (that is, the auditor plans to test the
operating effectiveness of controls in determining the nature, timing and extent of
substantive procedures) (A9–A18)

Nature

Certain audit procedures may be more appropriate for some assertions than others.

 Revenue, tests of controls may be most responsive to completeness assertion

 Substantive procedures may be most responsive to occurrence assertion
Timing

Auditor may perform tests of controls or substantive procedures at an interim date or at period end. Certain audit
procedures can be performed only at or after the period end (reconciling, adjustments, transactions may not have
been finalized)

Extent

Extent of audit procedure is determined after considering materiality, assessed risk, and degree of assurance
auditor plans to obtain. Use of computer-assisted audit techniques (CAATs) enable more extensive testing of
electronic transactions and can be used to select sample transactions, sort transactions with specific
characteristics, or test an entire population.

(b) Obtain more persuasive audit evidence the higher the auditor’s assessment of risk (A19)

Tests of Controls

Tests of controls are required when:

(a) Auditor’s assessment of risks of material misstatement at the assertion level includes an expectation that
controls are operating effectively.
(b) Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level.

Nature of Tests of Controls

In designing and performing tests of controls, auditor shall:

a. Perform inquiry in combination with other audit procedures (observation, inspection or re-performance)
b. If controls depend upon other controls (indirect controls e.g. general IT controls), auditor may also have to
test indirect control (A32)

Inquiry alone is not sufficient to test operating effectiveness of controls

Timing of Tests of Controls

 Particular point in time (physical inventory count)

 Throughout the period

Extent of Tests of Controls

Auditor consider various factors in determining the extent of tests of controls:

 Frequency of the performance of the control by the entity during the period
 Length of time during the audit period that the auditor is relying on the operating effectiveness of the
control
 Expected rate of deviation from a control
 Relevance and reliability of the audit evidence to be obtained regarding the operating effectiveness of the
control at the assertion level
 Extent to which audit evidence is obtained from tests of other controls related to the assertion

Because of inherent consistency of IT processing, it may not be necessary to increase the extent of testing of an
automated control.
Using audit evidence obtained during an interim period

If auditor obtains audit evidence about operating effectiveness of controls during an interim period, auditor
determine additional audit evidence to be obtained for remaining period. Additional evidence to be obtained
depend:

 Changes to control
 Risks of material misstatement
 Length of remaining period
 Extent of reliance of controls
 Control environment

Using audit evidence obtained in previous audits

If auditor use audit evidence obtained in previous audits, auditor determine continuing relevance and reliability
(e.g. inquiries of management and inspection of logs).

a. Controls that have changed from previous audits, auditor test controls in current audit
b. Controls that have not changed from previous audits, auditor test controls at least once in every third
audit and test some controls each audit
c. Controls over significant risk, auditor test controls in current period

Factors decrease reliance on audit evidence obtained in previous audits, include:

 Deficient control environment

 Deficient general IT controls
 Deficient internal controls
 Significant manual element to controls
 Personnel changes

Evaluating the Operating Effectiveness of Controls

When evaluating operating effectiveness of controls, auditor shall evaluate whether identified misstatements
indicate deficiency in internal control.

If deviations from controls are detected, auditor determine whether: (A42)

a. Tests of controls provide basis for reliance on controls

b. Additional tests of controls are necessary
c. Risks of material misstatement need to be addressed using substantive procedures

Deviations from controls may be caused by factors:

 Changes in key personnel

 Human error
 Significant seasonal fluctuations in volume of transactions

Substantive Procedures:

Auditor design and perform substantive procedures:

  For each material class of transactions, account balance, and disclosure (A43–A49)
 For Financial Statement Closing Process
 For Significant Risks

Nature of Substantive Procedures

Auditor may decide to perform:

 Only substantive analytical procedures

 Only tests of details
 Combination of substantive analytical procedures and tests of details

Substantive analytical procedures are generally more applicable to large volumes of transactions that tend to be
predictable over time.

Design of tests of details depend assessment of risk or nature of assertion.

Extent of Substantive Procedures

Extent of substantive procedures increased when results from tests of controls are unsatisfactory. In designing
tests of details, extent of testing is thought of in terms of sample size.

Auditor consider whether external confirmation procedures are to be performed as substantive audit procedures.
Auditor may request external confirmation of:

 Terms of agreements, contracts, or transactions between an entity and other parties

 Bank balances
 Accounts receivable balances and terms (less relevant audit evidence about recoverability)
 Accounts payable balances and terms
 Inventories held by third parties

Factors assist auditor whether external confirmation procedures are to be performed as substantive audit
procedures include:

 Confirming party’s knowledge of subject matter

 Ability or willingness of confirming party to respond (concerns about legal liability from responding)
 Objectivity of confirming party (related party responses may be less reliable)

Substantive Procedures Related to the Financial Statement Closing Process

a. Reconciling information in financial statements with underlying accounting records

b. Examining material journal entries and other adjustments (A54)

Substantive Procedures Responsive to Significant Risks:

If risk of material misstatement (inflating sales by improperly recognizing revenue) at assertion level is high,
auditor perform substantive procedures specifically responsive to that risk. When the approach to a significant risk
consists only of substantive procedures, those procedures shall include tests of details.

Timing of Substantive Procedures:

Using audit evidence obtained previous audit

Previous audit substantive procedures provides little or no audit evidence for current period. However, exceptions
such as, legal opinion obtained in previous audit to which no changes have occurred, may be relevant in current
period.

Using audit evidence obtained during an interim period

Auditor may perform substantive procedures at interim date and reconcile the balance at period end to:

a. Identify unusual amounts

b. Investigate any such amounts
c. Perform substantive analytical procedures or tests of details to test the intervening period

Factors influence whether to perform substantive procedures at an interim date:

 Control environment
 Availability of information
 Risk of material misstatement

Factors influence whether to perform substantive analytical procedures to the period between the interim date
and the period end:

 Period-end balances are reasonably predictable

 Procedures for analyzing and adjusting transactions or account balances are appropriate

If unexpected misstatements detected at an interim date, auditor repeat the procedures performed at interim
date at the period end.

If auditor perform substantive procedures at interim date, following procedures are performed at year end:

a. Substantive procedures, with tests of controls

b. If auditor determines that it is sufficient, further substantive procedures only, that provide a
reasonable basis for extending the audit conclusions from the interim date to the period end
(A56–A59)

Adequacy of Presentation of the Financial Statements

Auditor consider whether financial statements are presented in a manner that reflects appropriate:

 Classification and description of financial information and the underlying transactions, events and
conditions
 Presentation, structure and content of financial statements (A61)
Evaluating the Sufficiency and Appropriateness of Audit Evidence

Sufficient appropriate audit evidence influenced by following factors:

 Persuasiveness of audit evidence

 Results of audit procedures performed
 Experience gained during previous audits with respect to similar misstatements
 Significance of misstatement and likelihood of having a material effect
 Source and reliability of available information

Documentation:

Auditor will document:

a. Overall responses to assessed risks of material misstatement at financial statement level, and nature,
timing and extent of further audit procedures performed
b. Linkage of those procedures with assessed risks at assertion level
c. Results of audit procedures, including the conclusions where these are not otherwise clear

If auditor plans to use audit evidence about the operating effectiveness of controls obtained in previous audits, the
auditor document the conclusions reached about relying on such controls that were tested in a previous audit

Information in financial statements reconciles with underlying accounting records and disclosures, whether
information obtained from within or outside of the general and subsidiary ledgers
ISA 402 AUDIT CONSIDERATIONS RELATING TO AN ENTITY USING A SERVICE ORGANIZATION

Services relevant to the audit of a user entity’s financial statements when those services are part of user entity’s
information system, relevant to the preparation of financial statements. Service organization’s services are part of
a user entity’s information system if these services affect any of the following:

(a) Information flow relating to significant classes of transactions, account balances and disclosures, whether
manually or using IT, and whether obtained from within or outside the general ledger and subsidiary ledgers. This
includes when the service organization’s services affect how:

(i) Transactions of the user entity are initiated, and how information about them is recorded, processed, corrected
as necessary, and incorporated in the general ledger and reported in the financial statements

(ii) Information about events or conditions, other than transactions, is captured, processed and disclosed by the
user entity in the financial statements

(b) Accounting records

(c) Financial reporting process, including disclosures and accounting estimates

(d) Entity’s IT environment

Report on description and design of controls at service organization (type 1 report) that comprises:

(i) Description, prepared by management of the service organization, of the service organization’s system, control
objectives and related controls that have been designed and implemented as at a specified date

(ii) Report by the service auditor with reasonable assurance that includes service auditor’s opinion on the
description of the service organization’s system, control objectives and related controls and the suitability of the
design of the controls to achieve the specified control objectives
Report on description, design, and operating effectiveness of controls at a service organization (type 2 report)
that comprises:

(i) Description, prepared by management of the service organization, of the service organization’s system, control
objectives and related controls, their design and implementation as at a specified date or throughout a specified
period and, in some cases, their operating effectiveness throughout a specified period

(ii) Report by service auditor with reasonable assurance that includes:

a. Service auditor’s opinion on description of service organization’s system, control objectives and related controls,
the suitability of the design of the controls to achieve the specified control objectives, and the operating
effectiveness of the controls

b. Description of service auditor’s tests of controls and results thereof

Obtaining an Understanding of the Services provided by a Service Organization, Including Internal Control

User auditor obtain understanding of: (A1–A2)

(a) Nature and significance of services including effect on user entity’s internal control (A3–A5)

(b) Nature and materiality of transactions processed or accounts or financial reporting processes affected by the
service organization (A6)

(c) Degree of interaction between the activities of the service organization and those of the user entity (A7)

(d) Nature of relationship between user entity and service organization (A8–A11)

Sources of Information

Information on nature of services available from a variety of sources:

 User manuals
 Technical manuals
 System overviews
 Service level agreement
 Reports by service organizations, internal audit function or regulatory authorities on controls at service
organization
 Reports by service auditor

Nature of the Services Provided by the Service Organization

Services relevant to audit include:

 Maintenance of accounting records

 Management of assets
 Initiating, recording or processing transactions as agent
The Degree of Interaction between the Activities of the Service Organization and the User Entity

A high degree of interaction when user entity authorizes transactions and service organization processes and does
the accounting for those transactions

Nature of the Relationship between the User Entity and the Service Organization

Service level agreement may provide for matters:

 Information provided to user entity and responsibilities for initiating transactions

 Application of requirements of regulatory bodies concerning the form of records to be maintained
 Indemnification to user entity in the event of performance failure
 Whether service organization provide type 1 or type 2 report on its controls
 User auditor rights of access to accounting records
 Whether direct communication between user auditor and service auditor allow

There is a direct relationship between the service organization and the user entity and between the service
organization and the service auditor.

If user auditor is unable to obtain a sufficient understanding from user entity, user auditor obtain that
understanding from one or more of the following procedures:

(a) Obtaining type 1 or type 2 report

(b) Contacting service organization to obtain specific information

(c) Visiting service organization and performing procedures that will provide information about relevant controls

(d) Using another auditor to perform procedures that will provide the necessary information about controls at the
service organization (Ref: Para. A15–A20)

User auditor’s decision as which procedure to undertake influenced by:

 Size of user entity and service organization

 Complexity of transactions and services
 Location of service organization
 Nature of relationship between user entity and service organization

Using Type 1 or Type 2 Report to Support the User Auditor’s Understanding of the Service Organization

User auditor evaluate:

(a) Service auditor’s professional competence and independence from service organization (e.g. professional
organization)

(b) Adequacy of standards under which type 1 or type 2 report issued (A 21)

If user auditor use type 1 or type 2 report as audit evidence to understand controls, user auditor shall:

(a) Evaluate date or period appropriate for user auditor’s purposes

(b) Evaluate sufficiency and appropriateness of evidence for understanding of controls

(c) Evaluate complementary controls relevant to user entity (A22–A23)

Type 1 or type 2 report assist user auditor in obtaining sufficient understanding to identify and assess risks of
material misstatement.

Type 1 or type 2 report that is of a date or period outside of reporting period:

Assist user auditor in obtaining preliminary understanding of controls if report is supplemented by additional
current information from other sources.

If type 1 or type 2 report is as of a date or period that precedes the beginning of period under audit, user auditor
may perform following procedures to update information:

 Discussing changes at service organization with user entity personnel

 Reviewing current documentation and correspondence issued by service organization
 Discuss changes with service organization personnel

Responding to the Assessed Risks of Material Misstatement

User auditor consider following procedures in determining audit evidence:

(a) Inspecting records and documents held by user entity

(b) Inspecting records and documents held by service organization

(c) Confirmations of balances and transactions from the service organization

(d) Performing analytical procedures on records maintained by user entity or reports received from service
organization

Test of Controls

Using Type 2 Report as Audit Evidence that Controls at Service Organization Are Operating Effectively

If type 2 report is available:

Obtaining type 2 report, if available and:

 Evaluate date or period appropriate for user auditor’s purposes

 Evaluate complementary controls relevant to user entity
 Evaluate adequacy of time period covered by tests of controls and time elapsed since the performance of
the tests of controls
 Evaluating tests of controls performed by service auditor relevant to the assertions of financial
statements and provide sufficient appropriate audit evidence

If type 2 report is not available:

Performing appropriate tests of controls at the service organization

Using another auditor to perform tests of controls at the service organization on behalf of the user auditor
User auditor obtain additional evidence about significant changes to the controls at the service organization
outside of the period covered by the type 2 report. Relevant factors may include:

 Significance of assessed risks of material misstatement at the assertion level

 Specific controls tested during the interim period, and significant changes to them
 Degree to which audit evidence about the operating effectiveness of those controls was obtained
 Length of remaining period
 Extent to which user auditor intends to reduce further substantive procedures based on the reliance on
controls
 Effectiveness of control environment and user entity’s process to monitor system of internal control

Fraud, NonCompliance with Laws and Regulations, and Uncorrected Misstatements:

User auditor inquire management of user entity whether service organization report or user entity is aware of,
any:

 Fraud
 Non-compliance with laws and regulations
 Uncorrected misstatements

User auditor evaluate how such matters affect nature, timing and extent of user auditor’s further audit
procedures, auditor’s conclusions and auditor’s report.

Reporting by the User Auditor

User auditor express Qualified opinion (effect is material) or Disclaimer of opinion (effect is pervasive), if auditor is:

 Unable to obtain sufficient understanding of services provided by service organization and does not have
a basis for identification and assessment of risks of material misstatement
 Unable to obtain sufficient appropriate audit evidence about operating effectiveness
 Unable to obtain direct access to records held at service organization

User auditor shall not refer service auditor in user auditor’s report containing an unmodified opinion unless:

 Required by law or regulation

 Reference is relevant to understand nature of modification to user auditor’s opinion

In such circumstances, user auditor may need the consent of service auditor before making a reference. If such
reference included, user auditor’s report shall indicate that the reference does not diminish user auditor’s
responsibility for audit opinion.
ISA 450 EVALUATION OF MISSTATEMENTS IDENTIFIED DURING THE AUDIT

Objective:

Objective of auditor is to evaluate:

(a) The effect of identified misstatements on the audit

(b) The effect of uncorrected misstatements, if any, on the financial statements

Misstatement

Misstatements may result from:

(a) Inaccuracy in gathering or processing data from which financial statements are prepared

(b) Omission of amount or disclosure

(c) Incorrect accounting estimate, or clear misinterpretation of facts

(d) Accounting estimates auditor considers unreasonable or selection and application of accounting policies
auditor considers inappropriate

(e) Inappropriate classification, aggregation or disaggregation, of information

(f) For financial statements prepared in accordance with a fair presentation framework, the omission of a
disclosure necessary for the financial statements to achieve fair presentation beyond disclosures specifically
required by the framework

Accumulation of Identified Misstatements

Auditor accumulate misstatements identified during the audit, other than those that are clearly trivial (A2–A6)
Clearly Trivial: When there is any uncertainty about whether one or more items are clearly trivial, the
misstatement is considered not to be clearly trivial

Misstatements in Individual Statements: Misstatements relating to amounts may not be clearly trivial when judged
on criteria of nature or circumstances

Misstatements in Disclosures: Misstatements in disclosures that are not clearly trivial are also accumulated to
assist auditor in evaluating the effect of such misstatements on relevant disclosures and financial statements as a
whole

Accumulation of Misstatements: Misstatements by nature or circumstances, cannot be added together as is

possible in the case of misstatements of amounts

Types of Misstatements:

 Factual misstatements: Misstatements about which there is no doubt (e.g. not recording accrued
expenses)
 Judgmental misstatements: Judgments of management including those concerning recognition,
measurement, presentation and disclosure in financial statements (including the selection or application
of accounting policies) that the auditor considers unreasonable or inappropriate
 Projected misstatements: Auditor’s estimate of misstatements in populations based on sample

Consideration of Identified Misstatements as the Audit Progresses

Auditor determine whether overall audit strategy and audit plan need to be revised if:

(a) Nature and circumstances of misstatements indicate that other misstatements may exist that could be material
(A7)

(b) Aggregate of misstatements accumulated during the audit approaches materiality (A8)

Communication and Correction of Misstatements

Auditor shall communicate, unless prohibited by law or regulation, all misstatements with appropriate level of
management and request management to correct those misstatements (A10–A12)

Evaluating the Effect of Uncorrected Misstatements

Prior to evaluating the effect of uncorrected misstatements, auditor reassess materiality to confirm whether it
remains appropriate in the context of actual financial results (A14–A15)

Auditor determine whether uncorrected misstatements are material, individually or in aggregate and consider:

(a) Size and nature of misstatements, both in relation to particular classes of transactions, account balances or
disclosures and the financial statements as a whole, and the particular circumstances of their occurrence (A16–
A22, A24–A25)

(b) Effect of uncorrected misstatements related to prior periods on the relevant classes of transactions, account
balances or disclosures, and the financial statements as a whole (A23)
Each individual misstatement of a qualitative disclosure is considered to evaluate its effect on relevant
disclosure(s), as well as its overall effect on financial statements as a whole. Examples where such misstatements
may be material include:

 Incomplete descriptions of information about the objectives, policies and processes for managing capital
for entities with insurance and banking activities
 Omission of information about the events or circumstances that have led to an impairment loss
 Incorrect description of an accounting policy relating to a significant item
 Inadequate description of the sensitivity of an exchange rate in an entity that undertakes international
trading activities

Misstatements in disclosures could also be indicative of fraud, and, for example, may arise from:

 Misleading disclosures
 Extensive or uninformative disclosures

Auditor shall communicate with those charged with governance uncorrected misstatements and the effect on
opinion in auditor’s report, unless prohibited by law or regulation.

Auditor’s communication shall identify material uncorrected misstatements individually (A26–A28)

Auditor shall also communicate with those charged with governance the effect of uncorrected misstatements
related to prior periods on the relevant classes of transactions, account balances or disclosures, and the financial
statements as a whole

Documentation:

Auditor shall include in audit documentation: (A30)

(a) Amount below which misstatements would be regarded as clearly trivial

(b) All misstatements accumulated during the audit and whether they have been corrected

(c) Auditor’s conclusion as to whether uncorrected misstatements are material and the basis for that conclusion
ISA 500 AUDIT EVIDENCE

Information to Be Used as Audit Evidence:

Auditor consider the relevance and reliability of information used as audit evidence, including information
obtained from an external source (A30–A44)

Relevance

Relevance deals with the purpose of audit procedure and assertion under consideration. The relevance of
information used as audit evidence affected by direction of testing.

Audit procedures may provide audit evidence relevant to certain assertions, but not others. Obtaining audit
evidence regarding particular assertion, for example, existence of inventory, is not a substitute for obtaining audit
evidence regarding another assertion, for example, valuation of that inventory.

Substantive procedures are designed to detect material misstatements at the assertion level.

Reliability

Reliability of information is influenced by its source, nature and circumstances, including controls over its
preparation and maintenance. Reliability of audit evidence increased when:

 Obtained from independent sources

 Controls are effective
 Obtained directly by auditor (for example, observation) than obtained indirectly or by inference (for
example, inquiry about the application of a control)
 Documentary form is more reliable than orally
 Original documents is more reliable than audit evidence provided by photocopies

External Information Sources

Following factors may be important when considering the relevance and reliability of information obtained from
an external information source:

 Nature and authority of external information source

 Ability to influence the information obtained
 Competence and reputation of external information source with respect to information
 Past experience of auditor with reliability of information
 Whether information is suitable for use and developed taking into account the applicable financial
reporting framework
 Information about methods used in preparing the information

Auditor may have a scope limitation if sufficient appropriate audit evidence cannot be obtained through
alternative procedures.

If information used as audit evidence has been prepared using the work of management’s expert, auditor shall, to
the extent necessary, having regard to the significance of that expert’s work for the auditor’s purposes: (A45–A47)

(a) Evaluate competence, capabilities and objectivity of expert (A48–A54)

(b) Obtain an understanding of the work of that expert (A55–A58)

(c) Evaluate appropriateness of expert’s work as audit evidence for the relevant assertion

Information regarding competence, capabilities and objectivity of a management’s expert may come from a variety
of sources:

 Personal experience with previous work of expert

 Discussions with expert
 Discussions with others familiar with expert’s work
 Knowledge of expert’s qualifications, membership of a professional body or industry association
 Published papers or books written by expert
 An auditor’s expert who assists auditor in obtaining sufficient appropriate audit evidence with respect to
information produced by management’s expert

Other matters that may be relevant:

 Relevance of management’s expert’s competence to the matter

 Management’s expert’s competence with respect to relevant accounting requirements
 Unexpected events, changes in conditions, or audit evidence indicate that it may be necessary to
reconsider initial evaluation of competence, capabilities and objectivity of management’s expert

Evaluate threats to objectivity of expert engaged by entity by considering:

 Financial interests
 Business and personal relationships
 Provision of other services

Aspects of management’s expert’s field relevant to auditor’s understanding may include:

 Whether expert’s field has areas of specialty within it that are relevant to audit
 Whether any professional or other standards, and regulatory or legal requirements apply
  Assumptions and methods used by management’s expert
 Nature information management’s expert uses

Considerations when evaluating appropriateness of management’s expert’s work as audit evidence:

 Relevance and reasonableness of expert’s findings, consistency with other audit evidence
 Relevance and reasonableness of assumptions and methods used
 Relevance, completeness, and accuracy of source data
 Relevance and reliability of external information source

When using information produced by entity, auditor shall evaluate whether information is sufficiently reliable for
auditor’s purposes, including, as necessary in the circumstances:

(a) Obtaining audit evidence about the accuracy and completeness of information (A60–A61)

(b) Evaluating whether the information is sufficiently precise and detailed for auditor’s purposes (A62)

Selecting Items for Testing to Obtain Audit Evidence

When designing tests of controls and tests of details, auditor determine means of selecting items for testing.
Means available to auditor for selecting items for testing are:

(a) Selecting all items (100% examination)

 Small number of large value items

 significant risk

(b) Selecting specific items

 High value or key items (suspicious, unusual or history of error)

 All items over a certain amount (e.g. Over 500,000)
 Items to obtain information (nature of entity or transaction)

Selective examination of specific items from a class of transactions or account balance will often be an efficient
means of obtaining audit evidence, it does not constitute audit sampling.

(c) Audit sampling

 Conclusions drawn about an entire population on the basis of testing a sample

Inconsistency in, or Doubts over Reliability of, Audit Evidence:

(a) Audit evidence from one source is inconsistent with another

(b) Auditor has doubts over reliability of information to be used as audit evidence (A68)
ISA 501 AUDIT EVIDENCE—SPECIFIC CONSIDERATIONS FOR SELECTED ITEMS

Objective:

Objective of the auditor is to obtain sufficient appropriate audit evidence regarding:

(a) Existence and condition of inventory

(b) Completeness of litigation and claims involving the entity

(c) Presentation and disclosure of segment information in accordance with applicable financial reporting
framework

In following situations, auditor performs specific audit procedures to verify existence and condition of inventory:

1. Inventory count at balance sheet date

2. Inventory count at a date other than balance sheet date
3. If attendance at physical inventory count is impracticable
4. If inventory is under the custody and control of a third party

1. Inventory count at balance sheet date:

If inventory is material to the financial statements, auditor obtain sufficient appropriate audit evidence regarding
existence and condition of inventory by:

(a) Attendance at physical inventory counting, unless impracticable (A1–A3)

(b) Performing audit procedures over final inventory records to determine they accurately reflect count results

Attendance at inventory count is required to:

(i) Evaluate management’s instructions and procedures for recording and controlling results of physical inventory
counting (A4)
  Application of appropriate controls, for example, collection of used physical inventory count records,
accounting for unused physical inventory count records
 Work in progress stage, slow moving, obsolete or damaged items and inventory owned by a third party
 Procedures to estimate physical quantities, where applicable (In case of mineral resources)
 Control over movement of inventory before, during and after physical count

(ii) Observe performance of management’s count procedures (A5)

(iii) Inspect inventory (assists identifying obsolete, damaged or aging inventory)

(iv) Perform test counts (tracing items selected from management’s count records to the physical inventory and
tracing items selected from the physical inventory to management’s count records)

Matters relevant in planning attendance at physical inventory counting include:

 Risks of material misstatement related to inventory

 Nature of internal control related to inventory
 Timing of physical inventory counting
 Whether adequate procedures are established and proper instructions issued for physical inventory
counting
 Whether entity maintains perpetual inventory system
 Whether assistance of an auditor’s expert is needed

2. Inventory count at a date other than balance sheet date

Perform above audit procedures at inventory count

Perform audit procedures to ensure that intervening transactions are properly recorded. These procedures will
depend on:

 Whether perpetual inventory records are properly adjusted

 Reliability of perpetual inventory records
 Reasons for significant differences between physical count and perpetual inventory records

3. If attendance at physical inventory count is impracticable

Auditor shall perform alternative audit procedures to obtain sufficient appropriate audit evidence regarding
existence and condition of inventory. If it is not possible, auditor shall modify the opinion in the auditor’s report.
(E.g. Inspect documents for subsequent sale of inventory purchased prior to year-end)

4. If inventory is under the custody and control of a third party

(a) Request confirmation from third party to the quantities and condition of inventory

(b) Other audit procedures (A16)

 Attending, or arranging for another auditor to attend, third party’s physical counting of inventory
  Obtaining another auditor or service auditor report on third party’s internal control over inventory
 Inspecting documentation regarding inventory held by third parties, for example, warehouse receipts
 Requesting confirmation from other parties when inventory has been pledged as collateral

Litigation and Claims

Auditor design and perform audit procedures to identify litigation and claims including: (A17–A19)

(a) Inquiry of management and others, including in-house legal counsel

(b) Reviewing minutes of meetings of those charged with governance and correspondence between entity and its
external legal counsel

(c) Reviewing legal expense accounts (examine related source documents, such as invoices for legal expenses)

(d) Communication with the entity’s external legal counsel

Communication with the Entity’s External Legal Counsel

Auditor may communicate with entity’s external legal counsel through:

 Letter of general or specific inquiry

 Direct meeting

If external legal counsel will not respond to a letter of general inquiry, due to prohibition, auditor seek direct
communication through a letter of specific inquiry. Letter of specific inquiry includes:

(a) List of litigation and claims

(b) Management’s assessment of outcome of each identified litigation and claims and its estimate of financial
implications, including costs involved

(c) Request external legal counsel to confirm reasonableness of management’s assessments and provide auditor
with further information if the list is considered by the entity’s external legal counsel to be incomplete or incorrect

Direct meeting:

In certain circumstances, auditor also may judge it necessary to meet with entity’s external legal counsel to discuss
likely outcome of litigation or claims. This may be the case where:

 Auditor determines that the matter is a significant risk

 Matter is complex
 Disagreement between management and entity’s external legal counsel

Ordinarily, such meetings require management’s permission and are held with a representative of management in
attendance.

If:
(a) Management refuses to give the auditor permission to communicate with external legal counsel, or external
legal counsel refuses to respond appropriately to the letter of inquiry, or is prohibited from responding

(b) Auditor is unable to obtain sufficient appropriate audit evidence by performing alternative audit procedures,
the auditor shall modify the opinion in the auditor’s report.

Segment Information

Auditor shall obtain sufficient appropriate audit evidence regarding the presentation and disclosure of segment
information in accordance with the applicable financial reporting framework by:

(a) Obtaining an understanding of methods used by management in determining segment information, and: (A27)

(i) Evaluating whether such methods are likely to result in disclosure in accordance with applicable financial
reporting framework

(ii) Where appropriate, testing the application of such methods

(b) Performing analytical procedures or other audit procedures appropriate in the circumstances

Understanding of the Methods Used by Management

Matters that may be relevant:

 Sales, transfers and charges between segments, and elimination of inter-segment amounts
 Comparisons with budgets and other expected results
 Allocation of assets and costs among segments
 Consistency with prior periods, and the adequacy of the disclosures with respect to inconsistencies
ISA 505 EXTERNAL CONFIRMATIONS

Definitions

(a) External confirmation – Audit evidence obtained as a direct written response to the auditor from a third party,
in paper form, or by electronic or other medium

(b) Positive confirmation request – Confirming party respond directly to the auditor indicating whether confirming
party agrees or disagrees, or providing the requested information

(c) Negative confirmation request – Confirming party respond directly to the auditor only if the confirming party
disagrees with the information

(d) Non-response – Failure of confirming party to respond, or fully respond, to a positive confirmation request, or a
confirmation request returned undelivered

(e) Exception – A response that indicates a difference between information requested to be confirmed, or
contained in the entity’s records, and information provided by the confirming party

External Confirmation Procedures

When using external confirmation procedures, the auditor shall maintain control over external confirmation
requests, including:

(a) Determining information to be confirmed or requested (A1)

 Account balances
 Terms of agreements, contracts, or transactions between an entity and other parties

(b) Selecting appropriate confirming party (A2)

(c) Designing the confirmation requests (A3–A6)

(d) Sending the requests, including follow-up requests, to the confirming party (A7)

Factors to consider when designing confirmation requests include:

 Assertions being addressed

 Specific identified risks of material misstatement, including fraud risks
  Layout and presentation of the confirmation request
 Prior experience on the audit or similar engagements
 Method of communication

Management’s Refusal to Allow the Auditor to Send a Confirmation Request

If management refuses to allow the auditor to send a confirmation request, the auditor shall:

(a) Inquire management’s reasons for refusal (e.g. legal dispute), and seek audit evidence as to their validity and
reasonableness (A8)

(b) Evaluate the implications of management’s refusal on the auditor’s assessment of the relevant risks of material
misstatement, including the risk of fraud, and on the nature, timing and extent of other audit procedures (A9)

(c) Perform alternative audit procedures designed to obtain relevant and reliable audit evidence (A10)

Results of the External Confirmation Procedures

1. Reliability of Responses to Confirmation Requests

2. Non-Responses
3. When a Response to a Positive Confirmation Request Is Necessary to Obtain Sufficient Appropriate Audit
Evidence
4. Exceptions

1. Reliability of Responses to Confirmation Requests:

Factors indicate doubts about the reliability of a response include that it:

 Was received by the auditor indirectly

 Appeared not to come from the originally intended confirming party

If a confirming party uses a third party to coordinate and provide responses to confirmation requests, the auditor
may perform procedures to address the risks that:

(a) The response may not be from the proper source

(b) A respondent may not be authorized to respond

(c) The integrity of the transmission may have been compromised

An oral response to a confirmation request does not meet the definition of an external confirmation because it is
not a direct written response to the auditor.

When auditor concludes that a response is unreliable, auditor may need to revise the assessment of risks of
material misstatement at the assertion level and modify planned audit procedures.

2. Non-Responses
In the case of each non-response, the auditor shall perform alternative audit procedures to obtain relevant and
reliable audit evidence.

Alternative audit procedures auditor may perform include:

 For accounts receivable balances – examining specific subsequent cash receipts, shipping documentation,
and sales near the period end
 For accounts payable balances – examining subsequent cash disbursements or correspondence from third
parties, and other records, such as goods received notes

3. When a Response to a Positive Confirmation Request Is Necessary to Obtain Sufficient Appropriate

Audit Evidence

If the auditor has determined that a response to a positive confirmation request is necessary to obtain sufficient
appropriate audit evidence, alternative audit procedures will not provide the audit evidence the auditor requires.

In certain circumstances, the auditor may identify an assessed risk of material misstatement at the assertion level
for which a response to a positive confirmation request is necessary to obtain sufficient appropriate audit
evidence. Such circumstances may include where:

 Information available to corroborate management’s assertion(s) is only available outside the entity
 Specific fraud risk factors, such as the risk of management override of controls, or the risk of collusion
which can involve employee(s) and/or management, prevent the auditor from relying on evidence from
the entity

4. Exceptions

Exceptions in responses to confirmation requests may indicate misstatements or potential misstatements in the
financial statements. Exceptions may provide a guide to the quality of responses from similar confirming parties or
for similar accounts. Exceptions also may indicate a deficiency in internal control over financial reporting

Negative Confirmations

Auditor shall not use negative confirmation requests as the sole substantive audit procedure to address an
assessed risk of material misstatement at the assertion level unless all of the following are present: (A23)

(a) Auditor has assessed the risk of material misstatement as low and has obtained sufficient appropriate audit
evidence regarding the operating effectiveness of controls relevant to the assertion

(b) Population of items subject to negative confirmation procedures comprises a large number of small,
homogeneous account balances, transactions or conditions

(c) Very low exception rate is expected

(d) Auditor is not aware of circumstances or conditions that would cause recipients of negative confirmation
requests to disregard such requests

Evaluating the Evidence Obtained

When evaluating the results of individual external confirmation requests, auditor may categorize results as follows:

(a) Response agree with information provided in confirmation request

(b) Response deemed unreliable

(c) Non-response

(d) Response indicating an exception

ISA 510 INITIAL AUDIT ENGAGEMENTS—OPENING BALANCES

Objective

In conducting an initial audit engagement, the objective of the auditor with respect to opening balances is to
obtain sufficient appropriate audit evidence about whether:

 Opening balances contain misstatements that materially affect the current period’s financial statements
 Appropriate accounting policies reflected in the opening balances have been consistently applied in the
current period’s financial statements, or changes thereto are appropriately accounted for and adequately
presented and disclosed in accordance with the applicable financial reporting framework

Initial audit engagement – An engagement in which either:

(i) The financial statements for the prior period were not audited

(ii) The financial statements for the prior period were audited by a predecessor auditor

Audit Procedures

1. Opening Balances
2. Consistency of Accounting Policies
3. Relevant Information in the Predecessor Auditor’s Report

1. Opening Balances

Auditor obtain sufficient appropriate audit evidence about whether opening balances contain misstatements that
materially affect current period’s financial statements by: (A1–A2)

(a) Determining whether prior period’s closing balances correctly brought forward or have been restated

(b) Determining whether opening balances reflect the application of appropriate accounting policies

(c) Performing one or more of the following: (A3–A7)

(i) Where prior year financial statements were audited, reviewing predecessor auditor’s working papers to obtain
evidence regarding opening balances

(ii) Evaluating whether audit procedures performed in the current period provide evidence relevant to the opening
balances

(iii) Performing specific audit procedures to obtain evidence regarding the opening balances

Audit procedures necessary to obtain sufficient appropriate audit evidence regarding opening balances depend on
such matters as:

 Accounting policies followed by the entity

 Nature of account balances, classes of transactions and disclosures and risks of material misstatement in
the current period’s financial statements
 Significance of opening balances relative to current period’s financial statements
 Whether prior period’s financial statements were audited and, if so, whether the predecessor auditor’s
opinion was modified

One or more of the following audit procedures may provide sufficient appropriate audit evidence for inventories:

 Observing a current physical inventory count and reconciling it to the opening inventory quantities
 Performing audit procedures on the valuation of the opening inventory items
 Performing audit procedures on gross profit and cutoff

2. Consistency of Accounting Policies

Auditor obtain sufficient appropriate audit evidence:

 accounting policies reflected in opening balances consistently applied in current period’s financial
statements
 changes in accounting policies appropriately accounted for and adequately presented and disclosed in
accordance with applicable financial reporting framework

3. Relevant Information in the Predecessor Auditor’s Report

If prior period’s financial statements were audited by a predecessor auditor and there was a modification to the
opinion, auditor shall evaluate the effect of the matter giving rise to modification in assessing the risks of material
misstatement in the current period’s financial statements

Audit Conclusions and Reporting

1. Opening Balances

If auditor is unable to obtain sufficient appropriate audit evidence regarding opening balances, auditor shall
express a qualified opinion or disclaim an opinion on the financial statements. (A8)
If auditor concludes that opening balances contain a misstatement that materially affects current period’s
financial statements, and effect of misstatement is not appropriately accounted for or not adequately presented
or disclosed, auditor shall express a qualified opinion or an adverse opinion.

2. Consistency of Accounting Policies

If auditor concludes that:

(a) current period’s accounting policies are not consistently applied in relation to opening balances in accordance
with the applicable financial reporting framework; or

(b) change in accounting policies is not appropriately accounted for or not adequately presented or disclosed in
accordance with the applicable financial reporting framework

the auditor shall express a qualified opinion or an adverse opinion as appropriate

3. Modification to the Opinion in the Predecessor Auditor’s Report

In some situations, modification to the predecessor auditor’s opinion may not be relevant and material to the
opinion on the current period’s financial statements. for example, there was a scope limitation in the prior period,
but the matter giving rise to the scope limitation has been resolved in the current period
ISA 520 ANALYTICAL PROCEDURES

Objectives

The objectives of the auditor are:

(a) To obtain relevant and reliable audit evidence when using substantive analytical procedures

(b) To design and perform analytical procedures near the end of the audit that assist the auditor when forming an
overall conclusion as to whether the financial statements are consistent with the auditor’s understanding of the
entity

Definition of Analytical Procedures

Analytical procedures include the consideration of comparisons of the entity’s financial information with:

 Comparable information for prior periods

 Anticipated results of the entity, such as budgets or forecasts, or expectations of the auditor, such as an
estimation of depreciation
 Similar industry information

Analytical procedures also include consideration of relationships:

 Among elements of financial information that would be expected to conform to a predictable pattern
based on the entity’s experience, such as gross margin percentages
 Between financial information and relevant non-financial information, such as payroll costs to number of
employees

Substantive Analytical Procedures

When designing and performing substantive analytical procedures, either alone or in combination with tests of
details, the auditor shall:

(a) Determine suitability of particular substantive analytical procedures for given assertions, taking account of
the assessed risks of material misstatement and tests of details, if any, for these assertions (A6–A11)
(b) Evaluate reliability of data from which auditor’s expectation of recorded amounts or ratios is developed, taking
account of source, comparability, and nature and relevance of information available, and controls over preparation
(A12–A14)

(c) Develop an expectation of recorded amounts or ratios and evaluate whether the expectation is sufficiently
precise to identify a misstatement that, individually or when aggregated with other misstatements, may cause the
financial statements to be materially misstated (A15)

(d) Determine the amount of any difference of recorded amounts from expected values that is acceptable
without further investigation (A16)

Suitability of Particular Analytical Procedures for Given Assertions

 Substantive analytical procedures are generally more applicable to large volumes of transactions that tend
to be predictable over time
 Unsophisticated predictive model may be effective as an analytical procedure
 Different types of analytical procedures provide different levels of assurance
 Determination of suitability of particular substantive analytical procedures is influenced by nature of
assertion and auditor’s assessment of risk of material misstatement

Reliability of the Data

Reliability of data is influenced by its source and nature and is dependent on circumstances under which it is
obtained. Following are relevant when determining whether data is reliable for purposes of designing substantive
analytical procedures:

(a) Source of the information. For example, information from independent sources more reliable

(b) Comparability of information. For example, broad industry data may need to be supplemented to be
comparable to that of an entity that produces and sells specialized products

(c) Nature and relevance of information. For example, whether budgets have been established as results to be
expected rather than as goals to be achieved

(d) Controls over the preparation of the information that are designed to ensure its completeness, accuracy and
validity. For example, controls over the preparation, review and maintenance of budgets

The above matters are relevant for period-end or interim date financial statements

Evaluation Whether the Expectation Is Sufficiently Precise (Para. 5)

Matters relevant to the auditor’s evaluation of whether the expectation can be developed sufficiently precisely to
identify a misstatement that, when aggregated with other misstatements, may cause the financial statements to
be materially misstated, include:

 Accuracy with which expected results of substantive analytical procedures can be predicted. For example,
the auditor expect greater consistency in comparing gross profit margins than in comparing discretionary
expenses, such as research or advertising
 Degree to which information can be disaggregated. For example, substantive analytical procedures may
be more effective when applied to financial information on individual sections of an operation or to
 financial statements of components of a diversified entity, than when applied to the financial statements
of the entity as a whole
 Availability of information, both financial and non-financial. For example, financial information, such as
budgets or forecasts, and non-financial information, such as the number of units produced or sold, is
available to design substantive analytical procedures

Amount of Difference of Recorded Amounts from Expected Values that Is Acceptable

Amount of difference from the expectation that can be accepted without further investigation is influenced by
materiality and consistency with the desired level of assurance, taking account of the possibility that a
misstatement, individually or when aggregated with other misstatements, may cause the financial statements to
be materially misstated

Analytical Procedures that Assist When Forming an Overall Conclusion

 Conclusions from the results of analytical procedures are intended to corroborate conclusions formed
during the audit of individual components or elements of financial statements. This assists auditor to draw
reasonable conclusions on which to base the auditor’s opinion.
 Analytical procedures may identify a previously unrecognized risk of material misstatement. In such
circumstances, auditor revise assessment of risks of material misstatement and modify further planned
audit procedures
 Analytical procedures may be similar to those that would be used as risk assessment procedures

Investigating Results of Analytical Procedures

(a) Inquiring of management and obtaining appropriate audit evidence relevant to management’s responses

(b) Performing other audit procedures (A20–A21)

Other audit procedures need arise when management is unable to provide an explanation, or the explanation is
not considered adequate
ISA 530 AUDIT SAMPLING

Objective:

Objective of the auditor, when using audit sampling, is to provide a reasonable basis for the auditor to draw
conclusions about the population from which the sample is selected.

Definitions:

Audit sampling – Application of audit procedures to less than 100% of items within a population that all sampling
units have a chance of selection.

Auditor uses audit sampling in Tests of Controls and Tests of Details.

Sampling risk – The risk that auditor’s conclusion based on a sample may be different from conclusion if entire
population were subjected to same audit procedure. Sampling risk can lead to two types of erroneous conclusions:

(i) In test of controls, that controls are more effective than they actually are, or in test of details, that a material
misstatement does not exist when in fact it does. This type of erroneous conclusion affects audit effectiveness
and lead to an inappropriate audit opinion.

(ii) In test of controls, that controls are less effective than they actually are, or in test of details, that a material
misstatement exists when in fact it does not. This type of erroneous conclusion affects audit efficiency as it would
lead to additional work to establish that initial conclusions were incorrect.

Non-sampling risk – The risk that auditor reaches an erroneous conclusion for any reason not related to sampling
risk. (E.g. inappropriate audit procedures, misinterpretation of audit evidence, failure to recognize a misstatement
or deviation)

Anomaly – A misstatement or deviation that is demonstrably not representative of misstatements or deviations in

a population.

Sampling unit – The individual items constituting a population. Sampling units might be:

 Physical items (checks, entry in bank statements, sales invoices)

 Monetary units (every single rupee is a unit)

Statistical sampling – An approach to sampling that has the following characteristics:

(i) Random selection of sample items

(ii) Use of probability theory to evaluate sample results, including measurement of sampling risk
A sampling approach that does not have characteristics (i) and (ii) is considered non-statistical sampling.

Stratification – The process of dividing a population into sub-populations, each of which is a group of sampling
units which have similar characteristics (often monetary value)

Tolerable misstatement – A monetary amount set by auditor in respect of which auditor obtain an appropriate
level of assurance that monetary amount set by auditor is not exceeded by actual misstatement in the population.
(A3)

Tolerable misstatement is the application of performance materiality to a particular sampling procedure. Tolerable
misstatement may be the same amount or an amount lower than performance materiality.

(j) Tolerable rate of deviation – A rate of deviation from prescribed internal control procedures set by the auditor
in respect of which the auditor seeks to obtain an appropriate level of assurance that the rate of deviation set by
the auditor is not exceeded by the actual rate of deviation in the population.

Sample Design, Size, and Selection of Items for Testing

1. Sample Design
a. Purpose of audit procedure and characteristics of population. (A4–A9)
b. What constitutes a deviation or misstatement?
c. Makes an assessment of expected rate of deviation or misstatement
d. Determine whether to use stratification or value-weighted selection
e. Decision sampling approach (statistical or non-statistical)
f. Determine sample size
g. Select Items by choosing appropriate method

Performing Audit Procedures:

Auditor shall perform audit procedures on each item selected.

If audit procedure is not applicable to the selected item (cancelled cheque), auditor shall perform procedure on a
replacement item (selecting very next cheque).

If auditor is unable to apply designed audit procedures or alternative procedures (documentation lost), to a
selected item, auditor shall treat that item as a deviation, in case of tests of controls, or misstatement, in case of
tests of details. (A15–A16)

Nature and Cause of Deviations and Misstatements

Auditor shall investigate nature and cause of deviations or misstatements identified in sampling. (A17)

If deviations and misstatements have a common feature, for example, type of transaction, location, product line or
period of time. Auditor identify all items in the population that possess the common feature, and extend audit
procedures to those items.

In the extremely rare circumstances when the auditor considers a misstatement or deviation discovered in a
sample to be an anomaly, the auditor shall obtain a high degree of certainty that such misstatement or deviation is
not representative of the population. The auditor shall obtain this degree of certainty by performing additional
audit procedures to obtain sufficient appropriate audit evidence that the misstatement or deviation does not
affect the remainder of the population.

Projecting Misstatements

Auditor is required to project misstatements for the population.

For tests of controls, no explicit projection of deviations is necessary since the sample deviation rate is also the
projected deviation rate for the population.

Evaluating Results of Audit Sampling

Auditor shall evaluate:

(a) Results of sample (A21–A22)

(b) Whether the use of audit sampling has provided a reasonable basis for conclusions about the population. (A23)
ISA 540 AUDITING ACCOUNTING ESTIMATES AND RELATED DISCLOSURES

Nature of Accounting Estimates

Accounting estimates are required to be made by management when monetary amounts cannot be directly
observed. Accounting estimates involves selecting and applying a method using assumptions and data.

Accounting estimates:

 Inventory obsolescence
 Depreciation of property and equipment
 Valuation of infrastructure assets
 Valuation of financial instruments
 Outcome of pending litigation
 Warranty obligations

Methods:

Method is applied using a computational tool or process and involves applying assumptions and data and taking
into account a set of relationships between them. (E.g. Black-Scholes option pricing formula for share-based
payment)

Assumptions and Data:

Assumptions involve judgments based on available information about matters such as the choice of an interest
rate, a discount rate, or judgments about future conditions or events.

Data is information obtained through direct observation or from external party. Information obtained by applying
analytical techniques is referred to as derived data otherwise, such information is an assumption.

Examples of data include:

 Prices agreed in market transactions

 Output from a production machine
 Historical prices or other contracts terms, such as interest rate, payment schedule, and term included in a
loan agreement
 Forward-looking information such as economic or earnings forecasts
 Future interest rate determined using interpolation techniques from forward interest rates (derived data)
Data can come from a wide range of sources including:

 Internally or externally
 Within or outside general or subsidiary ledgers
 Observable in contracts
 Observable in regulatory pronouncements

Objective:

Objective of the auditor is to obtain sufficient appropriate audit evidence about whether accounting estimates and
related disclosures in the financial statements are reasonable in the context of applicable financial reporting
framework.

Definitions:

Accounting estimate – A monetary amount for which the measurement, with the requirements of applicable
financial reporting framework, is subject to estimation uncertainty. Accounting estimates include monetary
amounts included in disclosures.

Auditor’s point estimate or auditor’s range – An amount, or range of amounts developed by auditor in evaluating
management’s point estimate.

 Fair value of financial instruments

 non-monetary item (estimated useful life)

Estimation uncertainty – Susceptibility to an inherent lack of precision in measurement. Active market for financial
statement items reduce uncertainty.

Management bias – A lack of neutrality by management in the preparation of information. Subjectivity increases
management bias.

Management’s point estimate – The amount selected by management for recognition or disclosure in the financial
statements as an accounting estimate.

Outcome of an accounting estimate – The actual monetary amount that results from the resolution of the
transaction(s), event(s) or condition(s) addressed by an accounting estimate. (A18)

Risk Assessment Procedures and Related Activities

1. Obtaining an Understanding of Entity and Its Environment and Applicable Financial Reporting Framework
2. Obtaining an Understanding of Entity’s System of Internal Control

Obtaining an Understanding of Entity and Its Environment and Applicable Financial Reporting Framework

a. Entity’s transactions and other events or conditions that may give rise to the need for, or changes in,
accounting estimates to be recognized or disclosed in the financial statements. (A23)
b. Requirements of applicable financial reporting framework related to accounting estimates (including
recognition criteria, measurement bases, and presentation and disclosure). Understanding the
 requirements of applicable financial reporting framework provides auditor with a basis for discussion with
management and those charged with governance.
c. Regulatory factors relevant to the entity’s accounting estimates

Regulatory factors relevant to accounting estimates assist auditor in identifying applicable regulatory frameworks.

d. Nature of accounting estimates and related disclosures

Obtaining an Understanding of Entity’s System of Internal Control

e. Oversight and governance over financial reporting process relevant to accounting estimates

Auditor obtain an understanding of whether those charged with governance:

I. Have the skills or knowledge to understand the characteristics of a particular method or model
II. Have the skills and knowledge to understand whether management made the accounting estimates in
accordance with applicable financial reporting framework
III. Independent from management
IV. Oversee management’s process for making accounting estimates
f. Need for specialized skills or knowledge related to accounting estimates, including with respect to the
use of a management’s expert

Auditor may consider whether following circumstances increase the likelihood that management needs to engage
an expert:

 Specialized nature of matter requiring estimation, for example, mineral or hydrocarbon reserves or
evaluation of complex contractual terms
 Complex nature of models required to apply requirements of applicable financial reporting framework,
such as level 3 fair values
 Unusual or infrequent nature of condition, transaction or event requiring an accounting estimate

g. How entity’s risk assessment process identifies and addresses risks relating to accounting estimates

Understanding how entity’s risk assessment process identifies and addresses risks relating to accounting estimates
assist auditor in considering changes in:

 Requirements of applicable financial reporting framework related to accounting estimates

 Availability or nature of data sources relevant to making accounting estimates
 Entity’s information system or IT environment
 Key personnel

h. Entity’s information system as it relates to accounting estimates, including:

I. How information relating to accounting estimates and disclosures flow. (A34–A35)

In obtaining understanding of entity’s information system as it relates to accounting estimates, auditor may
consider:

 accounting estimates arise from routine and recurring transactions or from non-recurring transactions
 completeness of accounting estimates and related disclosures
 II. For such accounting estimates and disclosures, how management:

a. Identifies relevant methods, assumptions or sources of data in the context of applicable financial reporting
framework, including how management: (A36–A37)

i. Selects and applies methods, including the use of models (A38–A39)

Methods:

 Applicable financial reporting framework may prescribe method, may not prescribe a single method or
use of alternative methods

Models:

Factors appropriate for auditor to understand model and related controls include:

 relevance and accuracy of the model

 validation or back testing of the model
 appropriate change control policies over the model
 made to the output of the model
 Whether adjustments are made to output of model
 Documentation including its applications, limitations, key parameters, required data and assumptions

ii. Selects assumptions, including alternatives (A40–A43)

Assumptions

 basis for management’s selection

 How management assesses whether assumptions are relevant and complete
 Requirements of applicable financial reporting framework related to disclosure of assumptions

With respect to fair value accounting estimates, assumptions vary in terms of sources of data and the basis for the
judgments to support them, as follows:

a. Those that reflect what marketplace participants would use in pricing an asset or liability, developed
based on market data obtained from sources independent of the reporting entity
b. Those that reflect the entity’s own judgments about what assumptions marketplace participants would
use in pricing the asset or liability, developed based on the best data available in the circumstances.

Inactive or illiquid markets

When markets are inactive or illiquid, auditor’s understanding of how management selects assumptions may
include understanding whether management has:

 appropriate policies for adapting the application of the method

 Resources with the necessary skills or knowledge to adapt or develop a model
 resources to determine the range of outcomes, for example by performing a sensitivity analysis
 means to assess how deterioration in market conditions has affected entity’s operations
 how the price data from particular external information sources may vary

iii. Selects the data to be used (A44)

Matters that auditor may consider in obtaining an understanding of how management selects the data on which
the accounting estimates are based include:
  nature and source of data
 How management evaluates whether data is appropriate
 Accuracy and completeness of data
 Consistency of data used with data used in previous periods

b. Understands the degree of estimation uncertainty, including through considering the range of possible
measurement outcomes (A45)

Matters appropriate for auditor to consider whether and how management understands the degree of estimation
uncertainty include:

 how management identified alternative methods, significant assumptions or sources of data that are
appropriate in the context of the applicable financial reporting framework
 how management considered alternative outcomes

c. Addresses the estimation uncertainty, including selecting a point estimate and related disclosures for inclusion
in the financial statements. (A46–A49)

Requirements of applicable financial reporting framework may specify approach to selecting management’s point
estimate from possible measurement outcomes.

Disclosure objectives may address:

 Method of estimation used, including any applicable model and the basis for its selection
 Effect of any changes to the method of estimation from the prior period
 Sources of estimation uncertainty
 Fair value information

In some cases, applicable financial reporting framework may require specific disclosures regarding estimation
uncertainty, for example:

 Nature of assumption or other source of estimation uncertainty

 Sensitivity of carrying amounts to the methods and assumptions used
 Expected resolution of an uncertainty and range of possible outcomes
 Explanation of changes made to past assumptions

Disclosure of range of possible outcomes, and assumptions used in determining the range.

Identified Controls over management’s process for making accounting estimates

 How management determines appropriateness of data used to develop accounting estimates

 Review and approval of accounting estimates, including the assumptions or data used
 Segregation of duties
 Effectiveness of the design of the controls

IT controls:

 IT applications have the capability to process large volumes of data

 Design and calibration of models is periodically evaluated
 Complete and accurate extraction of data regarding accounting estimates
 Controls around access, change and maintenance of individual models
Reviewing the Outcome or Re-Estimation of Previous Accounting Estimates

Through performing a retrospective review, auditor may obtain:

 Information regarding effectiveness of management’s previous estimation process

 Audit evidence of matters, such as the reasons for changes required to be disclosed in financial
statements
 Information regarding complexity or estimation uncertainty pertaining to accounting estimates
 Information regarding the susceptibility of accounting estimates to possible management bias

For detailed retrospective review, auditor may pay particular attention to the effect of data and significant
assumptions used in making previous accounting estimates. For accounting estimates arise from routine and
recurring transactions, auditor may judge application of analytical procedures as risk assessment procedures is
sufficient.

Specialized Skills or Knowledge

Matters affect auditor’s determination of whether engagement team requires specialized skills or knowledge,
include:

 Nature of accounting estimates for particular business or industry (mineral deposits, agricultural assets,
complex financial instruments, insurance contract liabilities)
 Degree of estimation uncertainty
 Complexity of the method or model used
 Complexity of the requirements of applicable financial reporting framework relevant to accounting
estimates
 Need for judgment about matters not specified by applicable financial reporting framework
 Degree of judgment needed to select data and assumptions

Identifying and Assessing the Risks of Material Misstatement

Identifying and assessing risks of material misstatement at the assertion level relating to accounting estimates is
important for all accounting estimates, including not only those that are recognized in the financial statements, but
also those that are included in the notes to the financial statements.

Events occurring after the date of financial statements may provide additional information relevant to the auditor’s
assessment of risks of material misstatement at the assertion level.

Auditor take the following into account in identifying risks of material misstatement and in assessing inherent risk:

(a) The degree to which accounting estimate is subject to estimation uncertainty (A72–A75)

(b) The degree to which the following are affected by complexity, subjectivity, or other inherent risk factors: (A76–
A79)

(i) The selection and application of the method, assumptions and data in making the accounting estimate

(ii) The selection of management’s point estimate and related disclosures for inclusion in the financial statements
Estimation Uncertainty

Whether applicable financial reporting framework requires:

 Use of a method that inherently has high level of estimation uncertainty. For example, use of
unobservable inputs
 Use of assumptions that inherently have a high level of estimation uncertainty, such as long forecast
period
 Disclosures about estimation uncertainty

The business environment

Whether it is possible for management:

 To make a precise and reliable prediction about future realization of past transaction
 To obtain precise and complete information about a present condition

Complexity or Subjectivity

The Degree to Which Complexity Affects the Selection and Application of the Method

Auditor consider:

Need for specialized skills or knowledge by management, management has developed a model internally or uses a
model that applies a method that is not established or commonly used in a particular industry or environment.

Nature of measurement basis required by applicable financial reporting framework result in need for a complex
method that requires multiple sources of historical and forward-looking data or assumptions

The Degree to Which Complexity Affects the Selection and Application of the Data

 The complexity of the process to derive the data, taking into account the relevance and reliability of the
data source.
 The inherent complexity in maintaining the integrity of the data
 The need to interpret complex contractual terms

The Degree to Which Subjectivity Affects the Selection and Application of the Method, Assumptions or Data

 The degree to which applicable financial reporting framework does not specify valuation approaches,
concepts, techniques and factors to use in the estimation method.
 The uncertainty regarding the amount or timing, including the length of the forecast period.

Responses to the Assessed Risks of Material Misstatement

Auditor’s further audit procedures shall be responsive to the assessed risks of material misstatement at the
assertion level and shall include:

(a) Obtaining audit evidence from events occurring up to the date of the auditor’s report
(b) Testing how management made the accounting estimate

(c) Developing an auditor’s point estimate or range

When the Auditor Intends to Rely on the Operating Effectiveness of Controls

In determining the nature, timing and extent of testing of the operating effectiveness of controls relating to
accounting estimates, the auditor may consider factors such as:

 Nature, frequency and volume of transactions

 Effectiveness of the design of controls
 Monitoring of controls and identified deficiencies in internal control
 Competency of those involved in control activities
 Frequency of performance of control activities

Substantive Procedures Alone Cannot Provide Sufficient Appropriate Audit Evidence

Circumstances when risks for which substantive procedures alone cannot provide sufficient appropriate audit
evidence at the assertion level may exist include:

 When controls are necessary to mitigate risks relating to the initiation, recording, processing, or reporting
of information obtained from outside of the general and subsidiary ledgers.
 Information supporting one or more assertions is electronically initiated, recorded, processed, or
reported.

Significant Risks

When the approach to a significant risk consists only of substantive procedures, those procedures shall include
tests of details. Tests of details for significant risks related to accounting estimates include:

 Examination, for example, examining contracts to corroborate terms or assumptions

 Recalculation, for example, verifying the mathematical accuracy of a model
 Agreeing assumptions used to supporting documentation, such as third-party published information

Obtaining Audit Evidence from Events Occurring up to the Date of the Auditor’s Report

 In some circumstances, obtaining audit evidence from events occurring up to the date of the auditor’s
report may provide sufficient appropriate audit evidence. For example, inventory sale of discontinued
product after period end may provide sufficient appropriate audit evidence relating to the estimate of its
net realizable value.
 For some accounting estimates, events occurring up to the date of the auditor’s report unlikely to provide
sufficient appropriate audit evidence regarding accounting estimate. For example, fair value accounting
estimates.

Testing How Management Made the Accounting Estimate

Testing how management made the accounting estimate may be an appropriate approach when:

 Auditor’s review of similar accounting estimates made in the prior period financial statements suggests
that management’s current period process is appropriate
 Accounting estimate is based on a large population of items of a similar nature
 Applicable financial reporting framework specifies how management is expected to make the accounting
estimate
 Accounting estimate is derived from the routine processing of data

a. Selection and application of methods, significant assumptions and data used by management in making
accounting estimate
b. How management selected the point estimate and developed related disclosures about estimation
uncertainty

Methods

With respect to methods, the auditor’s further audit procedures shall address:

(a) Selected method and changes are appropriate in the context of applicable financial reporting framework (A95,
A97)

(b) Whether judgments in selecting method give rise to indicators of possible management bias (most favorable
measurement outcome)

(c) Whether calculations in accordance with the method and are mathematically accurate

(d) Whether judgments have been applied consistently, when method involves complex modelling (A98–A100)

Auditor consideration when management uses a complex model include:

 Model is validated prior to usage or when there has been a change to the model
 Appropriate change control policies and procedures exist
 Management uses appropriate skills and knowledge in using the model

(e) Whether integrity of significant assumptions and data maintained in applying the method (A101)

Significant Assumptions

With respect to significant assumptions, the auditor’s further audit procedures shall address:

(a) Whether significant assumptions changes are appropriate in the context of applicable financial reporting
framework (A95, A102–A103)

(b) Whether judgments in selecting significant assumptions give rise to indicators of possible management bias
(A96)

(c) Whether significant assumptions are consistent with each other and with those used in other accounting
estimates (A104)
(d) Whether management has the intent to carry out specific courses of action and has the ability to do so. (A105)

Nature and extent of audit evidence obtained about management’s intent and ability is a matter of professional
judgment. When applicable, auditor’s procedures may include:

 Review of management’s history of carrying out its stated intentions

 Inspection of written plans and other documentation, including formally approved budgets, authorizations
or minutes
 Inquiry of management about its reasons for a particular course of action
 Review of events occurring subsequent to the date of the financial statements and up to the date of the
auditor’s report
 Applicable documentation requirements of the applicable financial reporting framework

Data

With respect to data, the auditor’s further audit procedures shall address:

(a) Whether the data is appropriate in the context of the applicable financial reporting framework, and, if
applicable, changes from prior periods are appropriate (A95, A106)

(b) Whether judgments made in selecting the data give rise to indicators of possible management bias (A96)

(c) Whether the data is relevant and reliable in the circumstances (A107)

(d) Whether the data has been appropriately understood or interpreted by management, including with respect to
contractual terms (A108)

Procedures that the auditor may consider when the accounting estimate is based on complex legal or contractual
terms include:

 Whether specialized skills or knowledge needed to understand the contract

 Inquiring of the entity’s legal counsel
 Inspecting the underlying contracts to evaluate underlying business purpose for the transaction or
agreement and whether the terms of the contracts are consistent with management’s explanations

Management’s Selection of a Point Estimate and Related Disclosures about Estimation Uncertainty

Auditor’s further audit procedures address whether management:

(a) Understand estimation uncertainty (A109)

Relevant considerations include:

 Identifying sources, and assessing inherent variability in measurement outcomes and the resulting range
of reasonably possible measurement outcomes
 Applying skills, knowledge and professional judgment in making accounting estimates
 Appropriately selecting management’s point estimate and related disclosures

(b) Address estimation uncertainty by selecting an appropriate point estimate and related disclosures about
estimation uncertainty (A110–A114)

Relevant matters include whether:

  Methods and data were selected appropriately
 Valuation attributes used were appropriate and complete
 Assumptions were selected from a range of reasonably possible amounts
 Data used was appropriate, relevant and reliable, and the integrity of that data was maintained
 Calculations were applied in accordance with the method and were mathematically accurate

Relevant considerations for the auditor regarding management’s disclosures about estimation uncertainty include
the requirements of the applicable financial reporting framework, which may require disclosures:

 That describe the amount as an estimate and explain the nature and limitations of the process for making
it, including the variability in reasonably possible measurement outcomes. The framework also may
require additional disclosures to meet a disclosure objective
 About significant accounting policies related to accounting estimates
 About significant or critical judgments as well as significant forward-looking assumptions or other sources
of estimation uncertainty

When management has not taken appropriate steps to understand or address estimation uncertainty, the auditor
shall: (A115–A117)

(a) Request management to perform additional procedures to understand estimation uncertainty or to address it
by reconsidering the selection of management’s point estimate or considering providing additional disclosures
relating to the estimation uncertainty

(b) If management’s does not address estimation uncertainty, develop an auditor’s point estimate or range

(c) Evaluate whether a deficiency in internal control exists and, if so, communicate

Developing an Auditor’s Point Estimate or Using an Auditor’s Range

Developing an auditor’s point estimate or range to evaluate management’s point estimate and related disclosures
about estimation uncertainty may be an appropriate approach when, for example:

 Auditor’s review of similar accounting estimates made in the prior period financial statements suggests
that management’s current period process is not expected to be effective
 Entity’s controls within and over management’s process for making accounting estimates are not well
designed or properly implemented
 Events or transactions between the period end and the date of the auditor’s report have not been
properly taken into account, when it is appropriate for management to do so, and such events or
transactions appear to contradict management’s point estimate
 Appropriate alternative assumptions or sources of relevant data can be used in developing an auditor’s
point estimate or a range

Auditor may develop a point estimate or a range in a number of ways by:

 Using a different model than the one used by management, for example, commercially available or
auditor-developed model
 Using management’s model but alternative assumptions or data sources to those used by management
 Using auditor’s own method but developing alternative assumptions to those used by management
 Employing a person with specialized expertise to develop a model, or to provide relevant assumptions
Other Considerations Relating to Audit Evidence