3.2. Understanding the activities of the audited entity and the environment in which it is carried out
This problem is addressed to Federal Standard No. 8 "Understanding the activities of the entity being audited, the environment in which it is carried out, and the assessment of the risks of material misstatement of the audited financial statements."
The specified federal standard of auditing activity is developed taking into account international auditing standards, establishes unified requirements for understanding the activities of the audited entity and the environment in which it is implemented, including the internal control system and the assessment of risks of material misstatement of the audited financial statements.
The auditor should examine the activities of the audited entity and the environment in which it is carried out, including the internal control system, in an amount sufficient to identify and assess the risks of material misstatement of accounting statements resulting from errors or unfair actions by management and/or employees of the entity being audited , as well as sufficient for planning and performing further audit procedures.
Ready to make your order?Get your great paper now
Understanding the activities of the audited entity and the environment in which it is carried out is of great importance in conducting the audit. In particular, this understanding provides the basis for planning an audit and expressing the professional judgment of the auditor on the assessment of the risks of material misstatement of accounting reports and the response to these risks in the audit process, such as:
a) establishing the level of materiality and evaluating whether the judgment of materiality remains unchanged in the course of the audit;
b) consideration of the appropriateness of the choice and procedure for applying accounting policies and the adequacy of disclosure in accounting reports;c) identifying areas of the audited entity that require special attention of the auditor, in particular transactions with related parties, the appropriateness of management's assumptions about the continuity of the organization's activities or the study of the objectives of business operations;
d) determination of the expected economic indicators of the entity being audited for use in performing analytical procedures;
e) planning and performing further audit procedures to reduce audit risk to an acceptable low level;
e) an assessment of the adequacy and appropriateness of the audit evidence obtained, such as the appropriateness of the assumptions, as well as oral and written statements and explanations of the management of the audited entity.
The auditor uses professional judgment to determine the required amount of knowledge about the entity's activities and its environment, including the internal control system. The primary task of the auditor is to determine whether the achieved understanding of the activity is sufficient to assess the risks of material misstatement of the financial statements, as well as to plan and perform further audit procedures. The amount of knowledge of the audited person's activities required by the auditor is generally lower than the amount of knowledge that the management of the audited entity has.
Acquiring knowledge about the activities of the audited entity and the environment in which it is implemented, including the internal control system, is a continuous dynamic process of collecting, updating and analyzing information at all stages of the audit. Audit procedures performed to acquire knowledge of the entity's activities are related to risk assessment procedures because certain information obtained through the implementation of such procedures can be used by the auditor as audit evidence in assessing the risks of material misstatement of financial statements. In addition, by performing risk assessment procedures, the auditor can obtain audit evidence in respect of groups of similar business transactions, balances on accounting accounts and disclosure of information and related preconditions for the preparation of financial statements, as well as on the operational effectiveness of controls, even if such audit procedures They were not specifically planned as substantive procedures or tests of controls. The auditor has the right to also plan implementation of substantive inspection procedures or tests of controls in parallel with risk assessment procedures if he considers such an approach to be effective.
Ready to make your order?Get your great paper now
The auditor must perform the following risk assessment procedures in order to familiarize himself with the activities of the audited entity and the environment in which it is carried out, including the internal control system:
- requests to the management or other employees of the audited entity;
- analytical procedures;
- observation and inspection.
In addition to risk assessment procedures, the auditor performs other audit procedures that allow obtaining information that may be useful in identifying the risks of material misstatement. For example, the auditor may consider the expediency of sending requests.
Determining the staff of the audited entity to whom requests can be sent, and the number of such requests, the auditor considers what kind of information can be obtained to help the auditor identify the risks of material misstatement.
Responses to requests sent to representatives of the owner can help the auditor understand the situation in which the financial (accounting) statements are prepared.
Responses to requests sent to internal auditors may be relevant to their activities related to the organization and functioning of the entity's internal control system and to provide an idea of how satisfactory the management of the audited entity has reacted to the results of this activity.
Responses to requests for employees participating in the initiation, execution or reflection of complex or unusual transactions in accounting can help the auditor in assessing the appropriateness of the choice and application of certain accounting rules by the audited entity.
Answers to inquiries sent to employees of the legal department of an audited person may be related to such issues as litigation and claim disputes in which the audited entity participates, compliance by an audited person with normative legal acts, knowledge of fraudulent acts or circumstances indicating the possibility of unfair acts, guarantees, obligations, agreements (in particular, on joint activities) with counterparties and the content of contractual terms.
Answers to inquiries sent to marketing or sales personnel may concern questions about changes in marketing strategies of an audited entity, sales trends or contractual agreements with customers and customers.
Analytical procedures can help identify unusual transactions or events, as well as indicators, ratios and trends that may indicate possible problems that are important for accounting and auditing.
Observation and inspection can become a basis for sending requests to management and other employees of the audited entity, as well as a source of information on the activities of the entity being audited and the environment in which it is carried out. Such audit procedures usually include:
a) observation of various areas of activity and operations of the audited entity;
b) inspection of documents (such as business plans and development strategies), accounts and regulations of the internal control system;c) reviewing reports prepared by management (such as quarterly management reports and interim financial statements), reports of representatives of the owner (for example, minutes of meetings of the board of directors);
d) Visit to the administrative buildings and industrial premises of the audited entity;
e) tracking the reflection of business transactions in information systems that form data for financial statements (end-to-end inspections).
In the event that the auditor intends to use information about the entity's activities and its environment collected in previous periods, the auditor must determine whether there have been any changes that could affect the relevance of such information for the current audit. With repeated audits, the experience gained during the previous audit contributes to a better understanding of the entity's activities.
In particular, audit procedures performed in previous audits usually provide audit evidence on the entity's organizational structure and controls, as well as information on past misstatements and whether they have been corrected in a timely manner. All this helps the auditor in assessing the risks of material misstatement during the current audit. However, such information may become inappropriate for the current audit due to changes in the activities of the audited entity and its environment. Therefore, the auditor should send relevant inquiries and perform other relevant audit procedures, including end-to-end audits, in order to identify possible changes that may affect the relevance of such information.
The auditor considers other information if it is appropriate for the current audit, in particular the one that was collected when deciding whether to conclude an agreement with an audited entity or continuing cooperation with it, or information obtained from the experience of rendering other audit services for the audited entity, in particular for the review of interim financial information.
The members of the audit team should discuss the susceptibility of the audited entity's financial statements to material misstatements.
Discussion of the exposure of the audited entity to the material misstatements enables more qualified members of the audit team, including the head of the audit, to share their knowledge about the entity's activities, and to exchange information on the possible risks of the entity's business with other participants, how and where the financial statements may be subject to material misstatement. Particular attention is paid to the susceptibility of the financial statements of the audited entity to material misstatement due to unfair acts. The procedure for applying the established principles for drawing up financial statements to specific conditions and facts of economic activity of the entity being audited should also be discussed.
In accordance with the rule (standard) No. 1, the auditor should show professional skepticism in the course of planning and conducting the audit. The discussions held for the audit team participants should emphasize the need for professional skepticism throughout the period of the audit, so as not to miss information or other circumstances indicating the possibility of significant distortions due to fraud or error.
It is possible to conduct other discussions facilitating the exchange between the members of the audit team information on the exposure of the financial (accounting) statements of the audited entity to material misstatements. The goal in this case is to communicate the audit team members and exchange information obtained during the audit, which may have an impact both on the assessment of the risks of material misstatement due to unfair actions or mistakes, and on the audit procedures performed with respect to risks.
The auditor understands the activities of the audited entity and the environment in which it is carried out, is to understand the following problems:
- sectoral, legal and other external factors affecting the activities of the entity being audited, including the methods of accounting used and the preparation of the financial (accounting) statements of the audited entity;
- the nature of the entity's activities, including the choice and application of accounting policies;
- the objectives and strategic plans of the entity being audited, the risks of economic activity associated with them, indicating a possible material misstatement of the financial (accounting) statements;
- the main indicators of the entity's activities and trends in their changes;
- internal control system.
The nature, timing and scope of the risk assessment procedures performed depend on the scope and complexity of the entity's activities and the experience of the auditor with the entity being audited. In addition, the identification of significant changes in any of these issues compared to previous periods is particularly important in order to achieve a sufficient understanding of the entity's activities in order to identify and assess the risks of material misstatement.
The auditor should familiarize with the relevant industry, legal and other external factors affecting the activities of the audited entity, including the methods of accounting and reporting used. These factors include the following industry features:
a) competition in the industry;
b) relationship with suppliers and buyers;
c) changes in production technology;
d) environmental requirements affecting the industry and the entity being audited;
e) applied methods of accounting and preparation of financial (accounting) statements;
e) requirements of regulatory legal acts, including those governing the scope of the entity being audited;
g) the prevailing general economic conditions.
Industries in which the audited entity carries out its activities may have specific risks of possible material misstatement of information related to the nature of the activity or its regulatory framework. In such cases, the audit team should include persons with adequate and sufficient knowledge and experience.
Normative legal acts establish applicable methods of accounting and preparation of financial statements, which the management of the audited entity should use when preparing financial (accounting) statements and which are guided by the auditor. At the same time, both the auditor and the audited person should understand these methods.
The auditor should familiarize himself with the characteristics of the entity's activities. The specifics of the entity's activities are determined by the economic transactions carried out, the form of ownership and management method, the type of financial investments that it implements and intends to implement, its structure and source of financing. Understanding the characteristics of the entity's activities allows the auditor to understand the groups of transactions of the same type, balances on the accounts of accounting and disclosure of information in the accounts.
The audited person may have a complex structure, including subsidiaries or geographically distant structural units, which complicates the process of consolidation of reporting and may cause risks of material misstatement of information.
Understanding who is the owner of the entity, and what the relationship between owners and other persons is, is important to determine whether related party transactions are properly identified and accounted for.
The auditor should have knowledge of the accounting policy chosen and applied by the audited entity, the auditor also must determine whether it is appropriate for the entity's activities and whether it is consistent with the methods of accounting and reporting. The knowledge necessary for the auditor to perform the audit task also includes knowledge:
- the ways an audited person uses to account for complex or unusual transactions;
- the consequences of accounting for business transactions in respect of which there is uncertainty or ambiguity due to inconsistency of regulatory requirements or their absence;
- changes in the accounting policy of the entity being audited.
The auditor should also identify cases when the audited entity first applies the requirements of new regulatory legal acts governing accounting. If changes in the audited entity's accounting policies have occurred, the auditor should consider the reasons for the changes, and determine whether the changes are appropriate and consistent with the established methods of accounting and the preparation of financial (accounting) statements.
Accounting statements prepared in accordance with the applicable accounting and reporting methods should include proper disclosure of material information. This information relates to the forms, presentation structure and content of accounting reports, notes, including the terminology used, the level of detail, the classification of articles in the statements and the grounds for the reported numeric indicators. The auditor pays attention to whether the audited person disclosed any problem properly in the light of circumstances and facts that the auditor became aware of at the time of the audit.
The auditor needs to have knowledge about the objectives and strategic plans of the entity being audited and the risks of economic activity associated with them that can lead to a material misstatement of the financial statements.
Audited persons, related to small business entities, as a rule, do not set long-term goals and do not develop strategic plans, but manage risks through specific actions or procedures. In many cases, the auditee may not have documentation relating to such matters. In such cases, the auditor will normally receive information from written statements and clarifications requested from the management of the audited entity and to monitor how the management of the audited entity reacts to such problems.
The auditor should familiarize with an estimation and the analysis of financial results of activity аудируемого persons. The financial results of the audited person's activity and their analysis help the auditor to recognize the areas of activity of the audited entity that management and other employees consider important. Introduction of the auditor to the financial performance of the audited entity provides an opportunity to understand whether the impact of these estimates can lead to management actions that increase the risks of material misstatement of information.
Accounting data for management purposes, formed by the entity being audited, may contain:
- key performance indicators (financial and non-financial);
- analysis of various options for the development of activities;
- information on activity segments;
- reporting departments or other units of different levels;
- information containing a comparative analysis of the performance of the entity being audited with similar indicators of competitors.
There may be information on the evaluation of the financial performance of the entity being audited by third-party lindens, in particular analytical materials and reports prepared by banks and participants in the securities market, which may contain information useful to the auditor in terms of understanding the activities of the audited entity and the environment , in which it is implemented. Such materials should be tried by the auditor directly from the audited person.
The auditor should have knowledge of the internal control system necessary to conduct the audit and use them to identify possible distortions when considering factors that affect the risks of material misstatement of information and when planning the nature, timing and extent of further audit procedures./p> The internal control system is a process organized and implemented by representatives of the owner, management, and other employees of the audited entity in order to ensure sufficient confidence in achieving the objectives in terms of reliability of financial (accounting) reporting, efficiency and effectiveness of business operations and compliance of the entity's activities with regulatory legal acts. This means that the organization of the internal control system and its functioning are aimed at eliminating any risks of economic activity that threaten achievement of any of these goals.
The internal control system includes the following elements:
- the control environment;
- the process of risk assessment by an audited entity;
- an information system, including those related to the preparation of financial (accounting) statements;
- control actions;
- monitoring of controls.
Separation of the internal control system into five elements provides auditors with a convenient approach for analyzing how various elements of the entity's internal control system can influence the audit. Such an approach does not necessarily reflect how the entity audited organizes and applies the internal control system. It is important for the auditor to establish that specific controls effectively prevent or identify and eliminate significant distortions at the level of the prerequisites for the preparation of financial statements in groups of similar transactions, balances on accounting accounts or disclosure cases.
The order of organization and functioning of the internal control system depends on the size and complexity of the structure of the entity being audited. In particular, audited persons related to small business entities can use to a lesser extent formalized controls, replacing them with simpler processes and procedures to achieve their goals.
Audited persons related to small business entities in which management is actively involved in the process of drawing up financial statements may not have detailed descriptions of accounting procedures or detailed accounting policies.
Most audited persons use computerized information systems to compile accounting reports and reports for management purposes. However, even with the widespread use of information technologies in internal control systems, there will be elements that are performed manually. The relationship between automated and manual elements is different. In some cases, audited individuals belonging to small businesses, internal control systems are mainly implemented manually. In other cases, for similar audited persons, the scope of automation may vary from systems with significant automation and a small amount of manual elements to systems with predominantly automated elements. Thus, the entity's internal control system includes both automated and manual elements of the internal control system, the characteristics of which are relevant and useful for auditing risk assessment and performing further audit procedures.
The use of automated or manually implemented internal controls affects how economic transactions are initiated, recorded, processed and included in financial statements.
The scale and nature of the risks of the internal control system vary depending on the type and characteristics of the information systems of the entity being audited. Therefore, when acquainted with the internal control system, the auditor pays attention to whether the audited person has reacted adequately to the risks arising from the use of information systems or systems implemented manually, by creating effective controls.
The internal control system can only reasonably provide the auditee with confidence in achieving his goals in the preparation of financial statements due to the influence of limitations inherent in the internal control system. Also, restrictions are due to the fact that a person's judgment in making a decision may turn out to be erroneous and that in the system of internal control there can be failures due to the human factor, expressed in the form of simple errors and distortions.
In addition, controls can be circumvented as a result of collusion between two or more persons or inadequate management intervention in the internal control system.
The auditor needs to have knowledge of the control environment. The control environment assumes the performance of management and management functions, as well as the opinion, knowledge and actions of the representatives of the owner and managers regarding the internal control system of the audited entity, as well as understanding the significance of such a system for the entity's activities. The control environment is the basis for an effective system of internal control, ensuring the maintenance of discipline and order.
The primary responsibility for preventing and detecting unfair acts and mistakes lies both in the representatives of the owner and in the management of the audited entity. In assessing the reliability of the control environment and determining whether it functioned, the auditor receives an understanding of how management and supervision of the owner's representatives have been able to create and maintain honesty and ethical conduct, and have established appropriate controls to prevent and detect dishonest acts or mistakes inside of the entity being audited.
In assessing the control environment, the auditor considers how the following elements are implemented in the entity's activities:a) informing employees of the principle of honesty and other ethical values and their maintenance (essential elements that affect the effectiveness of the organization of control, management and monitoring of their performance);
b) commitment to professionalism (management's opinion on the level of professional knowledge required to perform the relevant types of work);c) the participation of representatives of the owner (independence from management, their experience and status, the extent of their involvement in and supervision of activities, the information they receive, the level of complexity of issues raised and discussed with the management of the entity being audited, their interaction with internal and external auditors);
d) management philosophy and style (management approach to identifying business risks and management, the position and actions of management with respect to the preparation of financial (accounting) statements, information processing, and personnel and tasks related to accounting) ;
e) organizational structure (the system within which it is planned, implemented, monitored and tracked the activities of the entity to achieve its objectives);
e) distribution of responsibility and authority (how is the division of responsibility and authority in the course of the activities carried out, and how is the hierarchy of accountability of staff established to each other)
g) personnel policy and practice (recruitment, adaptation, training, assessment, counseling, promotion and remuneration).
The nature of the auditing environment of the entity being audited is such that it influences the process of assessing the risks of material misstatement of information.
The control environment does not in itself prevent, detect or correct a material misstatement of information at the level of the preconditions for the preparation of financial statements in groups of similar transactions, balances on accounting accounts or in cases of disclosure of information. Therefore, the auditor, along with the control environment, usually considers the impact of other elements of the internal control system in assessing the risks of material misstatement, such as monitoring of controls and the operation of certain control actions.
Information systems related to the preparation of accounting reports, including the accounting system, consist of the relevant procedures and records established to initiate the business operations of the entity being audited (both in relation to the occurrence of the event and the state), their registration, processing and including them in the financial statements, as well as for maintaining records of the relevant assets, liabilities and capital.
The auditor should have knowledge of information systems related to the preparation of accounting reports and related activities that cover the following:
a) groups of transactions of the same type in the entity that are significant for the financial statements;
b) procedures for both computerized and manual accounting systems, through which business transactions are initiated, registered, processed and included in the financial statements;
c) the relevant accounting records on paper or in electronic form, information and specific items of accounting statements relating to the initiated business transactions, their registration, processing and generalization;
d) the fixation by the information systems of data on events and conditions that are not part of the same operations, but, nevertheless, may be significant for accounting reporting;
e) the process of preparation and preparation of financial statements, including procedures and methods used by the management of the audited entity in the calculation of important estimates and in cases of necessary disclosure.
The auditor should understand the work of the information systems of the audited entity related to the preparation and preparation of financial statements in order to make a conclusion about their compliance with the conditions of the entity being audited. The auditor should represent:
a) how the economic transactions take place in the framework of various actions of the entity being audited, aimed at its development, acquisition, production and sale of its goods, works and services;
b) how the compliance of the performed activity with regulatory legal acts is ensured;
c) how the information is recorded, including the accounting records and the preparation of financial statements.
The auditor needs to have sufficient knowledge about the auditor's control actions in order to assess the risks of material misstatement of information at the level of the preconditions for the preparation of financial statements and to develop further audit procedures taking into account the estimated risks. Controlling actions of the audited entity include policies and procedures that help to ensure that management orders are being executed, that necessary measures are taken with respect to risks that may hinder the achievement of the objectives of the audited entity. Control actions of the audited entity, carried out manually or with the use of information systems, have different purposes and are applied at various organizational and functional levels. Examples of such specific control actions are:
a) approval (approval) by management of an audited entity of control actions;
b) checking the performance of control actions;
c) processing of information obtained as a result of control actions;
d) checking the presence and condition of objects of the entity being audited;
e) division of duties between employees of the audited entity during control actions.
The auditor should promptly inform the management of the audited entity and the representatives of the owner of the information received on the audit results about significant deficiencies in the organization and application of the internal control system that became known to the auditor during the audit.
If the auditor identifies the risks of material misstatement of information that the audited entity did not control or for which appropriate control is inadequate, or if, in the auditor's opinion, there is a significant shortcoming in the risk assessment process of the entity being audited, the auditor includes information on the specified shortcomings of the internal control in the information received on the audit results, which informs the management of the audited entity and the representatives of the owner. The requirements for communication of information obtained from the audit of the financial (accounting) statements to the management of the audited entity and the representatives of the owner of this person are set out in regulation (standard) No. 22.
Price Plan & Our Features
- Free Outline
- Free Formatting
- Free Title page
- Free Reference Page
- Free Revisions
- Free Submission by Chapters
- Free Plagiarism Report
- Free Customer Service
- 1 – page abstract
- VIP Support
- Expedited delivery
- Essay outline
How to ...
We made your life easier with putting together a big number of articles and guidelines on how to plan and write different types of assignments (Essay, Research Paper, Dissertation etc)