ISA (UK) 450: Evaluation of Misstatements Identified During the Audit

 A difference between the reported amount, classification, presentation, or disclosure of a financial statement item and the amount, classification, presentation, or disclosure that is required for the item to be in compliance with the applicable financial reporting framework is referred to as a misstatement. Errors or fraud can lead to misstatements. When the auditor expresses an opinion on whether the financial statements are presented fairly, in all material respects, or give a true and fair view, misstatements also include any adjustments to amounts, classifications, presentation, or disclosures that the auditor believes are required for the financial statements to be presented fairly, in all material respects, or to give a true and fair view. Except for those that are manifestly inconsequential, the auditor must keep track of any misstatements discovered throughout the audit.

The auditor's goals, according to ISA 450, are to examine the following: The impact of recognized misstatements on the audit, and the impact of uncorrected misstatements, if any, on the financial statements. A misrepresentation happens when anything in the financial accounts is not treated appropriately, implying that the applicable financial reporting framework, particularly IFRS, has not been applied effectively.

The following are some examples of misstatement that can occur as a result of human error or fraud:

§  An inaccurate amount was recognized, such as when an asset was not appraised in compliance with the appropriate IFRS requirement.

§  An item is misclassified - for example, finance costs are included in cost of sales in the profit and loss statement.

§  The presentation is ineffective; for example, the results of discontinued operations are not displayed individually.

§  A contingent liability disclosure is missing or inadequately detailed in the notes to the financial statements, for example a disclosure related to contingent liability is not correct or deceptive disclosure has been added as a result of management bias.

Management is responsible for correcting any errors brought to their attention by the auditor. If management refuses to rectify any or all of the misstatements, ISA 450 requires the auditor to learn about management's reasons for not making the corrections and to include that information when determining whether the financial statements are free of material misrepresentation as a whole.

 

Practice:

According to ISA 450, the auditor must inform those in charge of governance of uncorrected misstatements and the impact they would have on the auditor's report's conclusion, either individually or collectively. The auditor's communication should identify important uncorrected misstatements one by one, and it should request that the misstatements be addressed. The auditor may examine the reasons for, and the ramifications of, a failure to correct misstatements with those in charge of governance, as well as probable repercussions for future financial statements.

 

Reference:      https://bit.ly/3wRCcpe

https://bit.ly/3wVJNTA

ISA (UK) 330: The Auditor’s Responses To Assessed Risks

 The auditor's goal is to collect enough suitable audit evidence to support the evaluated risks of material misstatement, as well as to create and implement effective solutions to such risks. The auditor is responsible for developing and implementing overall remedies to the risks of substantial misstatement in the financial statements.

Test of controls as defined by ISA (UK) 330 – An audit procedure designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting, material misstatements at the assertion level.

Examining a sample of purchase orders to confirm that they have been properly authorized would be a control test. A 'yes' response indicates that the internal control requiring purchase order permission is operational, whereas a 'no' response indicates that the internal control does not appear to be operational, necessitating further audit inquiry.

 

Substantive procedure as defined by ISA (UK) 330 – An audit procedure designed to detect material misstatements at the assertion level. Substantive procedures comprise:

(i) Tests of details (of classes of transactions, account balances, and disclosures); and

(ii) Substantive analytical procedures.

According to ISA 330, the auditor must always execute substantive procedures on material items, regardless of the risk of substantial misstatement, and must design and perform substantive procedures for each material class of transactions, account balance, and disclosure. Invariably, substantive procedures will need more effort than control testing. Consider the example of a manufacturing company's purchasing system and the assertion of account balances' existence in the statement of financial position. Typical detail checks would entail receiving and examining the closing purchase ledger account balances for a sample of purchase ledger accounts with selected suppliers, as well as some physical verification of year-end balances outstanding. Typically, this entails agreeing on the closing balance figure with the supplier's statement, or even asking third-party confirmation of the amount owing from the supplier.

An effective control environment may enable the auditor to have greater confidence in internal control and the reliability of audit evidence generated internally within the entity, allowing the auditor, for example, to conduct some audit procedures at an interim date rather than at the end of the period. Deficiencies in the control environment, on the other hand, have the opposite impact; for example, an ineffective control environment may prompt the auditor to:

§  Conduct more audit processes at the end of the period rather than at an interim date;

§  Obtaining more extensive audit evidence from fundamental procedures;

§  Expanding the audit scope to include more locations.

 

Practice:

Control tests are often brief, rapid audits, whereas substantive procedures will necessitate more extensive auditing. The auditor must create and perform substantial processes for each type of transactions, account balance, and disclosure, regardless of the assessed risks of material misstatement, according to ISA 330.

 

Reference:      https://bit.ly/34QrvaI

https://bit.ly/3uawuvw

ISA (UK) 315: Identifying and Assessing the Risks of Material Misstatement Through Understanding of the Entity and Its Environment

 The auditor's goal is to detect and analyze the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels, so that responses to the estimated risks of material misstatement can be designed and implemented. ISA 315 (Revised) outlines the reasons "why" risk assessment processes should be performed, as well as "what" has to be evaluated and "how" it should be assessed.

The following steps for risk assessment must be followed:

(a)        Inquiries of management, suitable personnel within the internal audit function (if    one exists), and others inside the organization who, in the auditor's opinion,   may have knowledge that can help detect substantial misstatement risks due to   fraud or error.

(b)        Analytical procedures.

c)         Inspection and observation

In September 2019, the International Audit and Assurance Standards Board (IAASB) authorized major revisions to ISA 315. The modifications will apply to financial statement audits for periods beginning on or after December 15, 2021. The adjustments will have far-reaching consequences, requiring businesses of all kinds to rethink their risk-assessment strategies. The key areas of the revisions are shown below.

§  Subjectivity, complexity, uncertainty, change, and susceptibility to misstatement due to managerial bias or fraud are five new inherent risk characteristics that have been introduced to aid in risk assessment.

§  A new risk spectrum has emerged, with major dangers at the higher end.

§  The risk evaluation must be based on "adequate, appropriate" evidence acquired via risk assessment methods.

§  There will be a lot greater emphasis on IT, particularly on IT general controls.

§  More on audit-relevant controls, as well as the design and implementation effort that goes into them.

§  The removal of smaller entity considerations as a separate category of paragraph and the inclusion of that content inside the main body of the text, as well as the addition of new material.

 

Practice:

The improvements attempt to improve the quality and consistency of risk evaluations while also encouraging professional skepticism. Understanding the nature and scope of the required modifications will be a major task for those conducting ISA audits. ISA 315 (Revised) contains new and updated content for understanding IT and general IT controls, as well as expanded auditor concerns relating to IT. The auditor must be aware of how the entity handles data and how it is used within the organization. The accounting records, how information is gathered and maintained, and how these flow into the accounts in the financial statements should all be understood.

 

References:    https://bit.ly/3vRIswE

https://bit.ly/34ujhF2

https://bit.ly/3HSVLPO

https://bit.ly/3Kv5nlt

ISA (UK) 265: COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT

 The auditor's goal is to report to those charged with governance and management any flaws in internal control that the auditor discovered during the audit and that, in the auditor's professional opinion, are important enough to warrant their attention. When identifying and assessing the risks of material misstatement, the auditor must have a thorough understanding of the internal controls that are relevant to the audit.  In making those risk assessments, the auditor considers internal control in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of internal control. Internal control deficiencies may be discovered by the auditor not only during the risk assessment process but also at any other stage of the audit. This ISA (UK) defines which detected problems the auditor must notify to those charged with governance and management.

The auditor may examine the following factors when deciding whether a defect in internal control or a combination of failures constitutes a substantial deficiency.

§  The possibility of major misstatements while preparing the financial statements in the future as a result of internal control weaknesses.

§  The associated asset's or liability's susceptibility to loss or fraud.

§  Estimated amounts, such as fair value accounting estimates, are prone to subjectivity and complexity.

§  The amounts on the financial statement that are vulnerable to flaws.

§  The amount of activity in the account balance or class of transactions exposed to the shortfall or deficiencies that have occurred or could occur.

§  The value of controls in the financial reporting process, such as:

 

ü  General monitoring controls (such as oversight of management).

ü  Maintains control over fraud prevention and detection.

ü  Has authority over the selection and application of major accounting policies.

ü  Maintains control over major transactions involving associated parties.

ü  Has authority over large transactions that occur outside of the normal course of business.

ü  Period-end financial reporting process controls (such as non-recurring journal entry controls).

§  The reason for the exceptions found as a result of control flaws, as well as the frequency with which they occur.

§  The interaction of the weakness with other internal control problems.

Practice:

Internal control problems that have been identified may call into doubt management's integrity or competence. For example, there could be proof of management fraud or purposeful non-compliance with rules and regulations, or management could show an incapacity to oversee the preparation of the proper financial statements, raising questions about management's competency. As a result, it may not be acceptable to inform management about such deficiencies immediately. When an auditor discovers or suspects fraud involving management, ISA (UK) 240 establishes requirements and provides guidance on how to communicate with those charged with governance.

Reference:      https://bit.ly/35NC6U9