FOR CONTROL OVER EXECUTION OF THE REPUBLICAN BUDGET
Mass media about the Accounts Committee
Proper Audit Planning
Proper Audit Planning
Article for “State Audit” Magazine, Astana, Kazakhstan
Alina Undrits, Senior Auditor, State control of Estonia
Andrei Katsuba, Auditor, State control of Estonia
The Republic of Kazakhstan has worked out the Concept on the implementation of state audit. The objective of the Concept is to define the key directions of reforming of the public financial control system and conceptual approaches to the implementation of state audit. For the purpose of creating the state audit system, among other activities, it is expected to make transition to international standards in the field of financial reporting and auditing, which will ensure the transparency of the public resource management. In this article we would like to draw your attention to some key points of application of international standards in the audit planning.
Proper audit planning helps to achieve the audit objectives in the most effective way, i.e. provide reasonable assurance as to avoid gaps and excessive consumption of resources.
In the process of application of the International Standards for Supreme Audit Institutions (ISSAI) published by the International Organization of Supreme Audit Institutions (INTOSAI), emphasis is placed on the concept of identifying and assessing the risks of material misstatement, whether due to fraud or error, at the financial statement level and at the level of management approval.
In their statement about whether the financial statements are prepared in accordance with the applicable financial reporting standards, the management of the audited company explicitly or implicitly makes assertions regarding recognition, measurement, presentation and disclosure of the various elements of the financial statements. In other words, by providing financial statements to the auditor for control, the management, in fact, states that the data presented in the financial statements are true in such essential parameters as classes of transactions and events, account balances, presentation and disclosure of financial information. All these statements are hidden in the general information contained in the report, they are not shown separately, but it is important for the auditor to identify and assess their associated risks.
The auditor’s task is to identify and assess the risks of material misstatement, thus providing a basis for developing and implementing responses to the assessed risks.
According to the International Standard on Auditing 315 “Identification and Assessment of Risks of Material Misstatement based on the Knowledge of an Entity and its Environment”, assertions used by the auditor to consider different types of potential misstatements that may occur fall into the following three categories and may take the following forms:
1. Assertions about classes of transactions and events during an audit period:
• Creation – shown transactions and events have taken place and are associated with the subject.
• Completeness – all transactions and events that should be reflected are recorded.
• Accuracy – amounts and other data related to the shown transactions and events are recorded properly.
• Clipping – transactions and events are recorded in the proper accounting period.
• Classification – transactions and events are separated by appropriate accounts.
2. Allegations of account balances at a period end:
• Existence – assets, liabilities and equity in really exist.
• Rights and responsibilities – the audited entity owns or controls the rights to assets, while liabilities are the obligations of the entity.
• Completeness – all assets, liabilities and equity which need to be disclosed are disclosed.
• Valuation and allocation – assets, liabilities and equity in the financial statements are included in the appropriate amount, and all appropriate valuation adjustments and distribution are disclosed properly.
3. Approval as of presentation and disclosure:
• Creation of right and obligation – disclosed events, transactions and other matters have occurred and are associated with the entity.
• Completeness – all disclosures that should have been included in the financial statements are included.
• Classification and understandability – financial information is presented and described properly, disclosure is clearly expressed.
• Accuracy and evaluation – financial and other information are disclosed fairly and at appropriate amounts.
An auditor can use assertions as described above, or may express them in a different way, provided that all the aspects described above are covered. For example, an auditor may choose a combination of assertions on transactions and events with the assertions on account balances.
The framework of the financial audit includes an opinion whether or not the audited financial statements of an entity give true and fair view of their financial position and financial performance. Making assertions about the financial statements of public-sector entities, in addition to the assertions set forth above, the management may assert that transactions and events have been carried out in accordance with the laws, regulations or other regulations. Such assertions may be within the scope of the audit of public-sector financial statements.
At a practical level, when assessing risks, an auditor sets hypothesis to the risk associated with a particular statement. For example, as regards the “Creation” Assertion an auditor assesses the likelihood that not all of transactions and events disclosed have really happened, not all of them are connected with the entity. Another example – “Completeness” Statement – an auditor comes from the fact that there is a risk that not all transactions and events, that should be disclosed, have been disclosed in the financial statements. And so on. In his later work, when carrying out audit procedures, an auditor seeks to confirm or refute the hypothesis set.
Audit procedures can be divided into tests of the internal control system and substantive testing, which in turn can be divided into analytical procedures and detailed testing.
How much is enough?
To what extent an auditor should conduct certain audit procedures?
The answer to this question is provided by the model of reasonable assurance used in the Supreme Audit Institution of Great Britain. This model makes it possible to answer the question “How much is enough?” and helps to avoid gaps or processing. According to the model, an auditor should provide 95% confidence as the optimal index of balance between certainty and the volume of work to be done. For added convenience, the model uses system of coefficients or items in which 95% reasonable certainty corresponds to coefficient A = 3. That is an auditor must calculate risks and plan procedures so as to gain 3 points from the diagram below.
Based on the model of reasonable assurance used in the Supreme Audit Institution of Great Britain, the description and tests of the internal control system may allow an auditor to get the lion’s share of (77%) reasonable assurance of the presence or absence of material misstatements in the financial statements of an auditee. Therefore it is reasonable to begin with the description of procedures of the internal control system.
During the review of the internal control system, an auditor primarily seeks to answer the question, which elements of the internal control system prevent or reduce the probability of risk associated with the assertion. For example, as regards “Creation” Assertion an auditor identifies a control element responsible to ensure that all transactions and events reflected in the financial statements have actually occurred, and all of them are connected with the auditee. At this stage, you need to evaluate whether this item is appropriate (in the right place and commensurate to the risk), comprehensive, reasonable and directly connected with the purposes of control.
Considering the internal control system, an auditor should answer the question whether it is possible to rely on the internal control system?An auditor plans further actions based on the answer to this question. If an auditor believes that the internal control system works, then the next step will be to test the operating effectiveness of the control elements – whether or not they operate consistently in accordance with the plan for an entire period and are carefully observed by all staff. If an auditor believes that the internal control system is unreliable – do not waste time on its testing. Then we can proceed to substantive testing.
It is important to emphasize that at the planning stage an auditor does not assess the level of the internal control system, and only assumes a level of reasonable assurance we can get from the internal control. The model assumes the existence of two levels of inherent risks – medium and low levels (high and significant risks are considered separately).
Audit approaches based on the model of reasonable assurance
– inherentriskLOWA= 1
– inherentriskMEDIUMA= 0
In this scheme, tests of internal control are marked in blue, substantive tests – gray and the assurance of the control risk – green.
If an auditor believes that the inherent risk is medium, he/she must conduct a sufficient number of tests in order to get the “3” coefficient. If an auditor believes that the inherent risk is low, he/she assigns “1” coefficient to the control system (marked in green), and plans to conduct a number of tests in order to get another 2 points. Further, an auditor considers the possibility of using four basic approaches:
1. Emphasis on internal control – suitable for audits of regular transactions and significant amounts.
2. Approach 50/50 – equally tests of internal controls and substantive tests.
3. Emphasis on substantive testing – if internal controls of an audited entity raises some doubts.
4. Exclusively substantive testing – suitable for small entities with weak internal controls.
Having defined the approach, an auditor calculates the optimal number of sampling objects based on the following table
For example, if an auditor believes that the inherent risk is low, and he/she has to deal with a set consisting of regular transactions and significant amounts, he/she assigns “1” coefficient to the control system and selects the first approach – emphasis on internal control. He/she plans to carry out 26 tests of internal controls in order to obtain the “1.3” coefficient. An auditor draws remainder of the reasonable assurance from the analytical procedures and detailed testing. They take longer, but give reliable evidence. The volume and the number of tests depend on the auditor’s assessment of the reliability of the internal control system. In our example, an auditor should make 14 detailed tests in order to get the remaining 0.7 points. As a result, an auditor obtains the “3” coefficient, which is equal to 95% of reasonable assurance.
It is worth noting that the model makes two exceptions. For a set of less than 200 elements, the sample is 5 - 10% of the number of elements (depending on risk). For a set of less than 50 items, the sample is 60-75% of the invoice amount of money (depending on risk).
Analytical procedures and detailed testing must always be associated with the management approval.For example, the “Accuracy” Assertion – based on the control of primary documents, an auditor becomes convinced that amounts and other data relating to transactions and events recorded in the financial statements are recorded properly.
As of 15-19 September 2014, the Accounts Committee for Control over Execution of the Republican Budget of the Republic of Kazakhstan organized in Astana the workshop on “Audit of Consolidated Financial Statements” at which we, Alina Undrits and Andrei Katsuba, auditors of the State Audit of Estonia, acted as lecturers. The workshop was held as part of measures to reform the current system of state financial control in Kazakhstan.
We thank the Accounts Committee and the Center for Financial Violations Research for their work on organization of the workshop. Thank you for your hospitality and a warm welcome accorded to us. Special thanks to the Director of the Centre for Financial Violations Research Mr. Murzin, to the staff of the Center and the Accounts Committee Asiya Uskenbayeva, Akylbay Kulumshin, Bulat Mukhamedzhanov and all others whose work has ensured success of the workshop and thanks to whom we have got acquainted with the life and culture of Kazakhstan.
We consider it necessary to note especially the active involvement and participation of students in the workshop, openness and willingness to discuss. We were impressed with the audience’s interest in the development of the methodology on auditing of the consolidated financial statements in accordance with international standards. We hope that this workshop, along with other measures, will facilitate introduction of new audit methods and establish a unified methodological framework that meets the requirements of international standards. We are look forward to continued fruitful and mutually beneficial cooperation in the future and are willing to cooperate fully in the work on development of state audit in Kazakhstan.