WP NAME
Risks of material misstatement and audit responses Understanding of the clients business Analytical review procedures for audit planning Preliminary materiality estimation and allocation Control environment evaluation Risk assessment and monitoring Understanding of the information systems Summary of application system IT environment appreciation General audit strategy Instructions to IT Audit
COMMENT
Comprises descriptions of the process and any revisions; attach minutes of team meetings
PL1-RMR
PL2-UCB PL3-ARP
Attach data tables and calculations, including annualisation of current part year data First part of internal control structure Further analysis of internal control structure Summary of clients applications Summary flowchart for each system supported by further explanation as needed for the audit response Preliminary investigation of IT general controls Memorandum containing instructions if further evaluation of IT controls is needed for audit response
PL-TCR-x-yPL-TCT-x-y PL-ART-x-z
TESTING
Transaction class risk assessment Transaction class testing Account balance risk assessment and testing Audit test programme Matters to report to management
TE-ATP-x
REPORTING
RP1-MRM
For x above, substitute letters for appropriate cycle where transaction cycle audit approach is adopted: Rev for revenue, Inv for inventory, Exp for expenditure, Int for investments, Cap for capital expenditure. For y above, substitute letters for transaction class: CrS for Credit Sales Invoices, CaS for Cash Sales Invoices, CrN for Credit Notes (for returns from debtors), CaR for Cash Receipts; PrI for Purchase Invoices, DeN for Debit Notes (for returns to suppliers), PaS for Payments to Suppliers, HuI (for Human resource inputs (i.e., hours worked, leave taken, etc.)). For z above, substitute letter for account balance: AcR for Accounts Receivable, AcP for Accounts Payable, ClI for Closing Inventory, CaD for Cash, Bank Balances and Deposits, HuL for Human resource liabilities (deducted tax, superannuation, etc.), ShE for Shareholders Equity.
FACTOR
Process in assessment of risk of material misstatement through fraud or error
COMMENTS <this section requires a summary of our process in arriving at our assessment of the risk of material misstatements, including a summary of: a) our inquiries within the entity, including our discussions with management on the business and on their assessments of the risks and the controls they have in place to address them, b) our observations and inspections, c) our analytical review procedures, d) if we are relying on audit work performed last year and have copies working papers prepared then, how we have confirmed that the information remains true>
<this section requires a summary of the meeting of the audit team and a cross reference to the attached Minutes of Meeting; these will include the location, date and time of the meeting, the name and level of personnel involved, and a summary of the discussions and conclusions; the record of discussions must include staff assessments of risks of material misstatement, from error or fraud, both at the financial report level and at the assertion level, and the responses in the audit to these assessments of risk (the proposed audit strategy)>
<this section will include a summary of any revisions to the initial risk assessments and comment on how the audit testing strategy was revised as a result of the revisions>
<this section will include a summary of the audit strategy as it was after any revisions; it will refer to PL10-GAS and other working papers for points of detail>
Prepared by/Date
Signature
Reviewed by/Date
Signature
COMMENTS
Prepared by/Date
<include here comment on the risk of material misstatements at the financial report level> Signature Reviewed by/Date Signature
COMMENTS
<this section must include a summary and discussion of attached tabulations of data, including explanation of the assumptions and calculations behind the current year data that was used (required to be calculated from the year to date data and equivalent to a revised company budget)>
<this section must include comment on the implications for the current audit and where appropriate (e.g., where the client seems likely to experience increasing liquidity problems) on future audits>
Prepared by/Date
Signature
Reviewed by/Date
Signature
COMMENTS
<calculate 5% and 10% of estimated before tax profit for the year under audit and discuss judgement of place within range>
Judgement from profit base method
Blended method
0.5% of assets ($ ) 0.5% of revenue ($ ) 5% of profit before tax ($ ) 2% of gross profit after depreciation ($ 1% of equity ($ ) Total Average /5 Judgement from blended method
$ $
Planning materiality conclusion Allocation of planning materiality to components discus sion allocat ion
<explain decision on figure derived from the above> <comment on reasons for allocation of preliminary materiality to components>
Revenue/accounts receivable Expenditure/accounts payable Cost of sales/inventory Non-current assets (tangible) Non-current assets (intangible) Cash/deposits etc
TOTAL
Prepared by/Date Signature Reviewed by/Date Signature
COMMENTS
<attach outline organisational charts, with detail for accounting function (IT function chart appears under PL9IEA)> <include comment on evidence of effective delegation and supervision>
<include comment on implications for risk of material misstatements at the financial report level> Signature Reviewed by/Date Signature
Prepared by/Date
COMMENTS
Changes in operating environment New personnel New or revamped information systems Rapid growth New technology New business models, products or activities Corporate restructurings Expanded foreign operations New accounting pronouncements)
<summarise the processes, formal or informal, by which management identifies business risks and decides on action to mitigate them to an appropriate level, focusing on those risks that may cause material misstatements>
Explain how the entity: monitors internal control over financial reporting takes corrective action
Evaluate the effectiveness of the risk assessment and monitoring processes and comment on implications for the current years audit
Prepared by/Date
Signature
Reviewed by/Date
Signature
COMMENTS
<give in this section an overall summary of the clients information systems and cross reference it to a summary flowchart (PL8-SAS) for each major accounting application; give narrative explanations, here or below the flowchart, to meet the specified requirements; the explanations should cover all transaction classes, including changes to accounting estimates, and should follow the processing through transaction processing systems to the general ledger>
Summarise the means by which the entity communicates financial reporting roles and responsibilities and significant matters relating to financial reporting
<focus on communication processes pertinent to governance and control, including policy and accounting manuals, training for those with supervisory responsibilities, etc.>
Prepared by/Date
Signature
Reviewed by/Date
Signature
PL8-SAS-x
<give a narrative summary of the programmed processes; if a detailed understanding of any programmed process is required in the audit, attach this here or give the cross reference to it>
<from the examination of the systems and controls, give a preliminary assessment of the potential for audit reliance on the operating effectiveness of the controls for each assertion for each transaction class and account balance; include general or specific comment on the dependence of the controls on IT-general controls>
<from the examination of the systems and controls, suggest uses for CAATs, including: uses of client software (e.g., inquiry language), use of BSMs PC-based audit software, and techniques for testing client programs>
Prepared by/Date
Signature
Reviewed by/Date
Signature
IT environment appreciation
(To be prepared by IT Audit specialist if clients system is multi-user)
FACTOR
Explain governance and management of IT function
Summarise segregation of functions within computer department, referring to organisational chart Summarise computer department physical controls (access, climate, etc.) Summarise logical access controls and monitoring through automated logs Summarise control over data centre and network operations (backup, monitoring, etc) Summarise system software acquisition, change and maintenance Summarise controls over application system acquisition, development and maintenance, including program change controls Summarise current or planned projects, including in-house and outsourced developments Explain extent and apparent effectiveness of quality assurance and/or IT audit Comment on potential for use of computer assisted auditing techniques
<e.g., feasibility of data testing or programmed process testing> Signature Reviewed by/Date Signature
Prepared by/Date
STRATEGY
Risks of material misstatement at the financial report level
Revenue
<For each component: Recommend an audit strategy, including particularly whether we should include an expectation of the operating effectiveness of internal control in our assessment of the risk or material misstatements, referring as appropriate to PL8SAS and other working papers containing assessments of risk. Explain any risks that we have assessed to be significant risks, including the transaction class or account balance assertions which they affect, and explain whether we should report these to management. Explain any assertions for which, in our assessment, the audit strategy must comprise the testing of the relevant internal controls.>
Prepared by/Date
Signature
Reviewed by/Date
Signature
PL-TCR-x-y
O1 O2
Completeness
C1 C2
Accuracy/Classification
A1 A2
Presentation/Disclosure
P1
Prepared by/Date
Signature
Reviewed by/Date
Signature
PL-TCT-x-y
Proposed substantive tests (analytical review procedures and tests of details) Analytical procedures
Occurrence
OC1
OS1 OS2
Tests of details
Completeness
CC1
Analytical procedures
CS1 CS2
Tests of details
Accuracy/ Classification
AC1
Analytical procedures
AS1 AS2
Tests of details
Presentation/ Disclosure
PC1
Tests of details
P1
Prepared by/Date
Signature
Reviewed by/Date
Signature
PL-ART-x-z
ES1 ES2
Tests of details
Completeness
Analytical procedures
CS1 CS2
Tests of details
Rights/Obligations
Analytical procedures
RS1 RS2
Tests of details
Valuation/Allocation
Analytical procedures
VS1 VS2
Tests of details
Presentation/Disclosure
Tests of details
PS1
Prepared by/Date
Signature
Reviewed by/Date
Signature
Prepared by/Date
Signature
Reviewed by/Date
Signature
EXPLANATION
Evaluation
Prepared by/Date
Signature
Reviewed by/Date
Signature