Story Neeta Gobin & Richard Mifsud
Highlighting the key implications applicable to auditors following the implementation of new audit risk standards.
Earlier this year, the Australian Auditing and Assurance Standards Board (AUASB), formerly known as the Auditing & Assurance Standards Board (AuASB), revised its Audit Risk Standards and issued a set of revised/new Auditing and Assurance Standards (AUSs). These AUSs will become operative for audits of financial reports commencing on or after 15 December 2004.
Table 1, outlines the newly issued AUSs and the existing AUSs – to be withdrawn when the revised/new AUSs become operative.
The revised/new AUSs are based on the corresponding International Standards on Auditing (ISAs) which were issued by the International Auditing and Assurance Standards Board (IAASB) in late 2003. The impetus to revise these standards came from the need to improve the quality of audits as they occur in a changing business environment.
The revised/new AUSs deal with the core of the audit – the auditor’s assessment of the risk that the financial report could be wrong, and the way in which the auditor designs the rest of the audit in response to the identified risks.
It is expected that these AUSs will improve the linkage between the assessed risks of material misstatements and audit procedures, resulting in better quality audits, and ultimately contribute to enhancing confidence in the audited financial reports.
In many cases, implementation of the revised/new AUSs may result in some overall work increases for auditors. Training could be required for auditors to understand the practical applications of these standards, and the need for specialist assistance might occur in certain cases. Auditors may have to modify their audit approach, including the audit procedures to respond to the assessed risks to conform to the standards.
The following sections describe the main changes and main additional or new requirements of each of the revised/new AUSs.
AUS 202
Objective and General Principles Governing an Audit of a Financial Report: The revised AUS 202 includes one addition only to the existing AUS to express the basic ‘Audit Risk Model’, which is the fundamental statement of the theoretical basis of today’s audit. There are new requirements and expanded guidance to enhance the auditor’s implementation of the model.
There is particular emphasis on the requirement for the auditor to reduce audit risk to an acceptably low level that is consistent with the objective of an audit. To facilitate implementation of the audit risk model, the revised AUS now incorporates a description of the three components of audit risk namely inherent risk, control risk and detection risk.
Auditors are required to assess inherent and control risks (commonly referred to as the ‘risk of material misstatement’) at the assertion level as a basis for further audit procedures. The AUS also highlights the inverse relationship between the risk of material misstatement and detection risk.
AUS 402
Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatements: The revised AUS 402 combines relevant material from the existing AUS 214, AUS 304 and AUS 402 into one AUS.
There is a specific section on risk assessment procedures to obtain an understanding of the entity and its environment, including its internal control; the risk assessment procedures include in-quiries of management and others within the entity, analytical procedures and observation and inspection.
Moreover, there is a new requirement for the engagement team to discuss the susceptibility of the entity’s financial report to material misstatements, including those due to fraud.
Furthermore, the section on the auditor’s requirements to understand the business has been substantially expanded. Among other requirements, the auditor is now required to obtain an understanding of business risks to the extent they are relevant to the financial report.
In addition, the requirements and guidance on internal control have been substantially increased; two new components, namely ‘the entity’s risk assessment process’ and ‘monitoring of controls’ have been added to the existing three components of internal control which are ‘the control environment’, ‘the information system’ and ‘control procedures’.
This addition is meant to assist the auditor in having a better understanding of the role that management and those charged with governance have in the entity’s internal control and of the effect of these controls on the audit procedures.
The revised AUS requires the auditor to assess the risks of material misstatement at the financial report and assertion level. There is an added requirement for the auditor to identify significant risks. The auditor also has to identify assertions where substantive procedures alone will not be sufficient. Finally, there are various additional documentation requirements for the auditor to adhere to under this standard.
AUS 406
The Auditor’s Procedures in Response to Assessed Risks: The rational behind this new AUS 406 was to emphasise the fundamental importance of the auditor’s requirement to determine overall responses to assessed risks and to design and perform audit procedures to respond to the assessed risks of material misstatement, at the financial report and assertion levels, in a financial report audit.
Specifically, the new AUS provides guidance on the link between risk assessments and the nature – ie. tests of controls and substantive procedures – timing and extent of further audit procedures.
There is a more elaborate discussion on the use of tests of controls and the use of substantive procedures. The AUS contains a number of additional requirements when the auditor uses tests of controls, including the requirement that the auditor should test the operating effectiveness of controls at least once in every third audit, if the auditor plans to rely on controls that have not changed since they were last tested.
Another requirement, when the auditor has identified a significant risk and plans to rely on the operating effectiveness of controls, is for the auditor to obtain evidence about such effectiveness from the tests of controls performed in the current period.
As for substantive procedures, while there is no change to the current requirement to perform substantive procedures for material classes of transactions and account balances, the requirement has been extended to disclosures given their increased significance under financial reporting frameworks.
AUS 406 also contains guidance on the auditor’s evaluation of sufficiency and appropriateness of audit evidence ob-tained. The auditor is required to express a qualified opinion or a disclaimer of opinion if the auditor is unable to obtain sufficient appropriate evidence.
There are additional documentation requirements for the auditor under the revised AUS 406.
AUS 502
Audit Evidence: The two main differences between the revised and existing AUS 502 is the additional guidance about the qualitative aspects of audit evidence and the auditor’s use of assertions.
The revised version provides more guidance on what constitutes audit evidence, including situations where information is available in electronic form. In addition, there is more clarification on what constitutes sufficient appropriate evidence; auditors now have a clearer understanding of the link between the quantity of evidence (sufficiency), the risk of material misstatement and the quality of the evidence (appropriateness). There is also a requirement that when using information produced by the entity to perform audit procedures, auditors are required to obtain audit evidence about the accuracy and completeness of the information.
The second important aspect is the additional guidance about the auditor’s use of assertions in obtaining audit evidence. There is a new requirement for auditors to use various assertions in sufficient detail to form a basis for the assessment of risks of material misstatement and then design and perform further audit procedures; the assertions are now classified into three different categories namely ‘classes of transactions and events for the period under audit’, ‘account balances at period end’ and ‘presentation and disclosure’.
Summary Of Changes
The significant changes underlying the set of new/revised Audit Risk Standards and the implications for the work of the auditor can be summarised as follows:
- The auditor is required to perform audit procedures to obtain a broader understanding of the entity and its environment; specifically the requirements and guidance in relation to internal control have been substantially increased
- The auditor is required to make risk assessments in all cases, identifying risk of material misstatements at the financial report level and in classes of transactions, account balances and disclosures and perform more rigorous assessments at the assertion level
- The auditor is required to design and perform other audit procedures that are linked to the assessed risks.
Neeta Gobin is the assistant project manager for the Auditing and Assurance Standards Board.
Richard Mifsud is principal executive of the Auditing and Assurance Standards Board.
DISCLAIMER: The views and opinions of the authors appearing in Charter are not necessarily those of the Institute of the Chartered Accountants and should be viewed as such.
|
|
The Institute’s education and training pathway is the preferred choice for industry professionals.
Considering a career as a Chartered Accountant? Looking for the next step in your professional life?
The Institute is leading the debate in the areas that matter most to business and the accounting profession. 
The Institute produces an invaluable suite of tools, guidance, products and services to help members in their work. 
Print this Article
Email this Article
