auditing: the art and science of assurance engagements chapter 8: client risk profile and...

Auditing: The Art and Science of Assurance Engagements

Chapter 8: Client Risk Profile and Documentation

Copyright © 2011 Pearson Canada Inc.

Auditing, Canadian Eleventh Edition

Chapter 8 Learning Objectives

1. Explain the importance of adequate audit planning.

2. Explain the components of understanding the client’s business and industry and assessing client business risk.

3. Describe the type of evidence that the auditor collects when developing the client risk profile and assessing client business risk.

4. Explain the purposes of working papers.

8-2Copyright © 2011 Pearson Canada Inc.


Planning the Audit

• According to CAS 300 the purpose of planning is to provide for effective conduct of the audit.



CAS 300

The auditor must develop an audit plan that includes

the following components:

1. The nature, timing, and extent of audit procedures for the purpose of risk assessment.

2. The nature, timing, and extent of additional audit procedures, linked to the individual audit assertions.

3. Any other audit procedures that are needed for the audit to be conducted in accordance with GAAS (CASs).



Develop Client Risk Profile

• Client Risk Profile is developed to assess the client’s business risk and document portions of the audit risk model.



Client Risk Profile



Understand Client’s Business and Industry

• The nature of the client’s business and industry affects client business risk and the risk of material misstatements in the financial statements.

• CAS 315 requires the auditor to obtain knowledge of the entity’s business and environment in order to assess risks and conduct the audit.



Industry andExternal Environment

Why is this necessary?

1. Many industries have unique accounting environments

2. Risks in the industry may affect the auditor’s assessment of audit risk for this client

3. Some inherent risks are common to all businesses in an industry



Business Operationsand Processes

• The auditor should understand factors such as major sources of revenue, key customers and suppliers, sources of financing, and information about related parties that may indicate areas of increased client business risk.



How to Obtain Knowledge of Client’s Business and Industry

• Tour the plant and offices

• Identify related parties• Review articles of

incorporation and bylaws

• Read minutes of directors’ meetings

• Review significant contracts

• Perform preliminary analytical procedures

• Document control environment and corporate governance processes



Discussion Problem 8-20, p. 261

• Understand the business and industry for a car dealership.



Management andGovernance

• An auditor should assess management’s philosophy and operating style and its ability to identify and respond to risk, as these significantly influence the risk of material misstatements in the financial statements.



Objectives andStrategies

Auditors should understand client objectives related to:

1. Reliability of financial reporting.

2. Effectiveness and efficiency of operations.

3. Compliance with laws and regulations.



Measurement andPerformance

• Performance measurement includes ratio analysis and benchmarking against key competitors.

• As part of understanding the client’s business, the auditor should perform ratio analysis or review the client’s calculations of key performance ratios.



Assess Client Business Risk

• This is the risk that the client will fail to achieve its objectives.

• Client business risk can arise from any of the factors affecting the client and its environment.

• The auditor’s primary concern is the risk of material misstatements in the financial statements due to client business risk.



Client Risk Profile Evidence Gathering

During the risk assessment process, the auditor uses primarily four of types of evidence:

1. Inquiries of management and others

2. Observation

3. Inspection

4. Analytical procedures



Preliminary Analytical Review

• Auditors perform preliminary analytical procedures to better understand the client’s business and to help assess client business risk.

• One such procedure compares client ratios with industry or competitor benchmarks to provide an indication of the company’s performance.



Related Parties

• What is a related party?• Why is it important to find out about related parties as

part of our knowledge of business?• What could go wrong if we did not find out about

related parties?



Related Parties

• A related-party transaction is any transaction between the client and a related party.

• These transactions must be disclosed in the financial statements if they are material or information about them could affect decision making.

• The auditor should identify all related parties and related-party transactions.



Professional Judgment Problem 8-25, p. 264

• Here’s an example of a possible related party situation.

• How does this affect your audit opinion?



Working Papers

• According to CAS 230 working papers are the written or electronic audit documentation kept by the auditor to support audit conclusions;

• Working papers aid the auditor in providing reasonable assurance that an adequate audit was conducted in accordance with GAAS.



Purposes of Working Papers

• Basis for planning the audit.• Record of the evidence accumulated and the results

of the tests.• Data for determining the proper type of auditor’s

report.• Basis for review.



How are Working Papers Organized?

• Each firm has its own approach for organizing working papers.

• Organization will depend upon whether they are manual or electronic.

• Depends upon the firm standards used for documentation: may be firm specific or standard approaches that can be purchases.



Working Paper Contents and Organization



Types of Working Paper Files

Permanent Files

• Intended to contain data of a historical or continuing nature pertinent to the current examination.

• These files provide a convenient source of information about the audit that is of continuing interest from year to year.

(Continued)



Types of Working Paper Files (Continued)

Current Files

• Include all working papers applicable to the year

under audit.• Much of this information is prepared and maintained

electronically on secure systems.

(Continued)



Types of Working Paper Files (Continued)

The types of information included in the current file are:

– Risk assessment and materiality– Audit program– Overall planning information– Working trial balance– Adjusting and reclassification entries– Supporting schedules



Standards for Preparing Working Papers

• Properly identified• Well organized (indexed and cross-referenced)• Clearly indicate the work performed (including

supervision)• Sufficient documentation to indicate that it meets the

purpose for which it was prepared• Conclusions clearly stated



Discussion Problem 8-22, p. 263

• Let’s look at an example working paper• What have they done appropriately?• What is missing or what needs to be done differently?



Ownership and Confidentiality of Working Papers

• Ownership: auditor• Client documentation must be kept confidential: may

be disclosed only to peer review, when subpoenaed, or in other circumstances with the consent of the client.


auditing: the art and science of assurance engagements chapter 8: client risk profile and...

Documents