Auditing Lovitts

Boon Sim Murray Standard Audit Working Papers WP CODE

PLANNING

WP NAME
Risks of material misstatement and audit responses Understanding of the clients business Analytical review procedures for audit planning Preliminary materiality estimation and allocation Control environment evaluation Risk assessment and monitoring Understanding of the information systems Summary of application system IT environment appreciation General audit strategy Instructions to IT Audit

COMMENT
Comprises descriptions of the process and any revisions; attach minutes of team meetings

PL1-RMR

PL2-UCB PL3-ARP

Attach data tables and calculations, including annualisation of current part year data First part of internal control structure Further analysis of internal control structure Summary of clients applications Summary flowchart for each system supported by further explanation as needed for the audit response Preliminary investigation of IT general controls Memorandum containing instructions if further evaluation of IT controls is needed for audit response

PL4-PME PL5-CEE PL6-RAM PL7-UIS PL8-SAS-x

PL9-IEA PL10-GAS PL11-ITA

PL-TCR-x-yPL-TCT-x-y PL-ART-x-z
TESTING

Transaction class risk assessment Transaction class testing Account balance risk assessment and testing Audit test programme Matters to report to management

TE-ATP-x
REPORTING

RP1-MRM

For x above, substitute letters for appropriate cycle where transaction cycle audit approach is adopted: Rev for revenue, Inv for inventory, Exp for expenditure, Int for investments, Cap for capital expenditure. For y above, substitute letters for transaction class: CrS for Credit Sales Invoices, CaS for Cash Sales Invoices, CrN for Credit Notes (for returns from debtors), CaR for Cash Receipts; PrI for Purchase Invoices, DeN for Debit Notes (for returns to suppliers), PaS for Payments to Suppliers, HuI (for Human resource inputs (i.e., hours worked, leave taken, etc.)). For z above, substitute letter for account balance: AcR for Accounts Receivable, AcP for Accounts Payable, ClI for Closing Inventory, CaD for Cash, Bank Balances and Deposits, HuL for Human resource liabilities (deducted tax, superannuation, etc.), ShE for Shareholders Equity.

PL1-RMR: Client Audit for year ending

Risks of material misstatement and audit responses

(Summary of audit risk assessment process and conclusions)

FACTOR
Process in assessment of risk of material misstatement through fraud or error

COMMENTS <this section requires a summary of our process in arriving at our assessment of the risk of material misstatements, including a summary of: a) our inquiries within the entity, including our discussions with management on the business and on their assessments of the risks and the controls they have in place to address them, b) our observations and inspections, c) our analytical review procedures, d) if we are relying on audit work performed last year and have copies working papers prepared then, how we have confirmed that the information remains true>

Audit team meeting held to discuss risk of material misstatement

<this section requires a summary of the meeting of the audit team and a cross reference to the attached Minutes of Meeting; these will include the location, date and time of the meeting, the name and level of personnel involved, and a summary of the discussions and conclusions; the record of discussions must include staff assessments of risks of material misstatement, from error or fraud, both at the financial report level and at the assertion level, and the responses in the audit to these assessments of risk (the proposed audit strategy)>

Revision of risk assessments

<this section will include a summary of any revisions to the initial risk assessments and comment on how the audit testing strategy was revised as a result of the revisions>

Summary of final audit strategy

<this section will include a summary of the audit strategy as it was after any revisions; it will refer to PL10-GAS and other working papers for points of detail>

Prepared by/Date

Signature

Reviewed by/Date

Signature

PL2-UCB: Client Audit for year ending

Understanding of the clients business

FACTOR
Explain relevant industry, regulatory and other external factors, including the applicable financial framework Explain nature of entity: operations ownership and governance investments made or planned structure financing Explain and evaluate managements selection and application of accounting policies Summarise entitys objectives and strategies and related business risks that may result in material misstatement of the financial report Evaluate the processes for measurement and review of the clients financial performance, including their implications for risk of material misstatement Implications for the current years audit

COMMENTS

Prepared by/Date

<include here comment on the risk of material misstatements at the financial report level> Signature Reviewed by/Date Signature

PL3-ARP: Client Audit for year ending

Analytical review procedures for audit planning

FACTOR
Discussion of analysis

COMMENTS

<this section must include a summary and discussion of attached tabulations of data, including explanation of the assumptions and calculations behind the current year data that was used (required to be calculated from the year to date data and equivalent to a revised company budget)>

Implications for the audit

<this section must include comment on the implications for the current audit and where appropriate (e.g., where the client seems likely to experience increasing liquidity problems) on future audits>

Prepared by/Date

Signature

Reviewed by/Date

Signature

PL4-PME: Client Audit for year ending

Preliminary materiality estimation and allocation

FACTOR Discussion of source of data

COMMENTS

<justify data used in calculations>

Operating profit base method

<calculate 5% and 10% of estimated before tax profit for the year under audit and discuss judgement of place within range>
Judgement from profit base method

Blended method

0.5% of assets ($ ) 0.5% of revenue ($ ) 5% of profit before tax ($ ) 2% of gross profit after depreciation ($ 1% of equity ($ ) Total Average /5 Judgement from blended method

$ $

Planning materiality conclusion Allocation of planning materiality to components discus sion allocat ion

<explain decision on figure derived from the above> <comment on reasons for allocation of preliminary materiality to components>

Revenue/accounts receivable Expenditure/accounts payable Cost of sales/inventory Non-current assets (tangible) Non-current assets (intangible) Cash/deposits etc

TOTAL
Prepared by/Date Signature Reviewed by/Date Signature

PL5-CEE: Client Audit for year ending

Control environment evaluation

FACTOR
Communication and enforcement of integrity and ethical values - means Commitment to competence recognition of skill requirements for jobs and implementation Participation by those charged with governance (e.g., activities of audit committee) Managements philosophy and operating style (including interest in accounting) Organisational structure (e.g., structure for achievement of entitys objectives) Assignment of authority and responsibilities Human resource policies and practices recruitment, training, evaluating, compensation, etc Conclusion (e.g., potential for material misstatement)

COMMENTS

<attach outline organisational charts, with detail for accounting function (IT function chart appears under PL9IEA)> <include comment on evidence of effective delegation and supervision>

<include comment on implications for risk of material misstatements at the financial report level> Signature Reviewed by/Date Signature

Prepared by/Date

PL6-RAM: Client Audit for year ending

Risk assessment and monitoring

FACTOR
Explain managements process for identifying business risks and taking action to address those risks
(NB: Circumstances giving rise to risks include:

COMMENTS

Changes in operating environment New personnel New or revamped information systems Rapid growth New technology New business models, products or activities Corporate restructurings Expanded foreign operations New accounting pronouncements)

<summarise the processes, formal or informal, by which management identifies business risks and decides on action to mitigate them to an appropriate level, focusing on those risks that may cause material misstatements>

Explain how the entity: monitors internal control over financial reporting takes corrective action

<summarise monitoring by management and/or internal auditors or other monitoring agencies>

Evaluate the effectiveness of the risk assessment and monitoring processes and comment on implications for the current years audit

Prepared by/Date

Signature

Reviewed by/Date

Signature

PL7-UIS: Client Audit for year ending

Understanding of the information systems

FACTOR
Summarise the entitys information systems, including related business processes, relevant to financial reporting: Relevant classes of transactions Processing and reporting procedures Accounting records Capturing events significant to the financial report Financial reporting process

COMMENTS

<give in this section an overall summary of the clients information systems and cross reference it to a summary flowchart (PL8-SAS) for each major accounting application; give narrative explanations, here or below the flowchart, to meet the specified requirements; the explanations should cover all transaction classes, including changes to accounting estimates, and should follow the processing through transaction processing systems to the general ledger>

Summarise the means by which the entity communicates financial reporting roles and responsibilities and significant matters relating to financial reporting

<focus on communication processes pertinent to governance and control, including policy and accounting manuals, training for those with supervisory responsibilities, etc.>

Prepared by/Date

Signature

Reviewed by/Date

Signature

Cycle Client Audit for year ending Summary of application system

PL8-SAS-x

<insert system name here>

<add or remove inputs, outputs and databases on the attached flowchart as required>

Standing data changes

Databases Inputs Processes Outputs

Various performance reports

Summary of programmed processes and controls:

<give a narrative summary of the programmed processes; if a detailed understanding of any programmed process is required in the audit, attach this here or give the cross reference to it>

Summary of manual processes and controls

<to support the summary flowchart, give narrative descriptions (or attach detailed flowcharts) of the transaction flows, with enough information for the design of substantive tests of details of the transactions and balances> <only if the audit strategy is likely to include an expectation of the operating effectiveness of internal controls, include a summary of the key controls, but note that details of the assessment of control are given later with form PL-TCR-x-y if this audit strategy is adopted>

Preliminary assessment of the operating effectiveness of identified internal controls

TRANSACTION CLASS/ ACCOUNT BALANCE ASSESSMENT OF INTERNAL CONTROLS FOR POSSIBLE AUDIT RELIANCE

<from the examination of the systems and controls, give a preliminary assessment of the potential for audit reliance on the operating effectiveness of the controls for each assertion for each transaction class and account balance; include general or specific comment on the dependence of the controls on IT-general controls>

Dependence of the controls on IT-general controls

Potential for the use of computer assisted auditing techniques

TRANSACTION CLASS/ ACCOUNT BALANCE POSSIBLE USES

<from the examination of the systems and controls, suggest uses for CAATs, including: uses of client software (e.g., inquiry language), use of BSMs PC-based audit software, and techniques for testing client programs>

Prepared by/Date

Signature

Reviewed by/Date

Signature

PL9-IEA: Client Audit for the year ending

IT environment appreciation
(To be prepared by IT Audit specialist if clients system is multi-user)

FACTOR
Explain governance and management of IT function

COMMENTS <e.g., IT Steering Committee, IT Manager reporting line>

Summarise segregation of functions within computer department, referring to organisational chart Summarise computer department physical controls (access, climate, etc.) Summarise logical access controls and monitoring through automated logs Summarise control over data centre and network operations (backup, monitoring, etc) Summarise system software acquisition, change and maintenance Summarise controls over application system acquisition, development and maintenance, including program change controls Summarise current or planned projects, including in-house and outsourced developments Explain extent and apparent effectiveness of quality assurance and/or IT audit Comment on potential for use of computer assisted auditing techniques

<e.g., feasibility of data testing or programmed process testing> Signature Reviewed by/Date Signature

Prepared by/Date

PL10-GAS: Client Audit for year ending

General audit strategy

COMPONENT GENERAL

STRATEGY
Risks of material misstatement at the financial report level

<explain any identified risk at the financial report level>

Overall audit responses to address these risks

<comment on intended responses in terms of audit strategy and resources required>

Revenue

<For each component: Recommend an audit strategy, including particularly whether we should include an expectation of the operating effectiveness of internal control in our assessment of the risk or material misstatements, referring as appropriate to PL8SAS and other working papers containing assessments of risk. Explain any risks that we have assessed to be significant risks, including the transaction class or account balance assertions which they affect, and explain whether we should report these to management. Explain any assertions for which, in our assessment, the audit strategy must comprise the testing of the relevant internal controls.>

Inventory Expenditure Non-Current Assets Liquid Assets

(Cash, Deposits)

Investments Loans Equity

Prepared by/Date

Signature

Reviewed by/Date

Signature

Cycle Client Audit for the year ending Transaction class

Assertions/ Possible material misstatements Occurrence Controls to prevent or detect the misstatements - complete this column only if assessment includes expectation of effectiveness of controls)

PL-TCR-x-y

Transaction class risk assessment

Risk of material misstatement give level (significant, auditcritical, high, medium, low) and comment

O1 O2

Completeness

C1 C2

Accuracy/Classification

A1 A2

Presentation/Disclosure

P1

Prepared by/Date

Signature

Reviewed by/Date

Signature

Cycle Client Audit for the year ending

PL-TCT-x-y

Transaction class testing

Transaction class
Assertions

Proposed control tests if applicable

(cross reference to controls)

Proposed substantive tests (analytical review procedures and tests of details) Analytical procedures

Occurrence

OC1

OS1 OS2

Tests of details

Completeness

CC1

Analytical procedures

CS1 CS2

Tests of details

Accuracy/ Classification

AC1

Analytical procedures

AS1 AS2

Tests of details

Presentation/ Disclosure

PC1

Tests of details

P1

Prepared by/Date

Signature

Reviewed by/Date

Signature

Cycle Client Audit for the year ending Account balance

Assertions/ Possible material misstatements Existence Assessed risk of material misstatements after taking into account transaction class controls

PL-ART-x-z

Account balance risk assessment and testing

Proposed substantive tests (analytical review procedures and tests of details) Analytical procedures

ES1 ES2

Tests of details

Completeness

Analytical procedures

CS1 CS2

Tests of details

Rights/Obligations

Analytical procedures

RS1 RS2

Tests of details

Valuation/Allocation

Analytical procedures

VS1 VS2

Tests of details

Presentation/Disclosure

Tests of details

PS1

Prepared by/Date

Signature

Reviewed by/Date

Signature

TE-ATP-x Client Audit for the year ending

Audit test programme

Audit Tests
Risk assessment references Sample size (if applicable) Working paper references Done by

Prepared by/Date

Signature

Reviewed by/Date

Signature

RP1-MRM: Client Audit for year ending

Matters to report to management

W/P R E F E R E N C E

EXPLANATION

<give reference to working paper(s) in which the risk was identified>

Evaluation

<comment on overall degree of risk arising from factors listed above>

Prepared by/Date

Signature

Reviewed by/Date

Signature