Objectives of an audit
In conducting an audit of financial statements, our overall objectives are:
- To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling us to express an opinion on whether the financial statements are prepared (and presented fairly when relevant) in all material respects, in accordance with the applicable financial reporting framework and
- To report on the financial statements and communicate our findings
To achieve our overall objectives, we can comply with the requirements of Tianlong Audit Methodology (TAM) and determine whether:
- Audit procedures in addition to those stated in TAM are necessary to address the particular facts and circumstances to achieve our overall objectives
- We have obtained sufficient appropriate audit evidence to conclude whether the financial statements taken as a whole are free from material misstatement, whether due to fraud or error
Premise underlying the conduct of an audit
Our audit is conducted on the premise that management, with appropriate oversight from those charged with governance, has acknowledged and understand that they are responsible:
- For preparing the financial statements in accordance with the applicable financial reporting framework, including, when relevant, their fair presentation
- For such internal control as they determine is necessary to enable the preparation and fair presentation, where relevant, of financial statements that are free from material misstatement, whether due to fraud or error
- To provide us with:
- Access to all information of which they are aware that is relevant to the preparation (and fair presentation, where relevant) of financial statements (such as records, documentation and other matters)
- Additional information that we may request from them for the purpose of the audit
- Unrestricted access to persons within the entity from whom we determine it necessary to obtain audit evidence
Our audit of the financial statements does not relieve management and those charged with governance of their responsibilities.
Sufficient appropriate audit evidence
As the basis for our audit opinion, we obtain reasonable assurance about whether the financial statements taken as a whole are free from material misstatement, whether due to fraud or error. To do so, we obtain sufficient appropriate audit evidence to reduce audit risk (the risk that we may unknowingly fail to appropriately modify our opinion when the financial statements are materially misstated) to an acceptably low level and to enable us to draw reasonable conclusions on which to base our audit opinion.
Reasonable assurance is high, but not absolute, level of assurance because audits have inherent limitations. These limitations are due to factors such as:
- The use of sampling
- The inherent limitations of internal control (e.g., the possibility of management override or collusion)
- The fact that audit evidence is typically persuasive rather than conclusive
- The need for the audit to be conducted within a reasonable period of time and at a reasonable cost
Audit evidence is information we use in arriving at the conclusions on which we base our audit opinion. Audit evidence is cumulative in nature and is primarily obtained from audit procedures performed throughout the audit. Audit evidence may include information obtained from sources such as:
- The entity’s accounting records
- Previous audits (assuming we determine it is still relevant to the current audit)
- Our quality control procedures for client and engagement acceptance and continuance
- A specialist employed or engaged by the entity
- Industry and market data
Audit evidence comprises both information that supports and corroborates management’s assertions, and any information that contradicts such assertions.
The absence of information (e.g., management’s refusal to provide a requested representation) is also audit evidence.
Sufficiency and appropriateness
The sufficiency and appropriateness of audit evidence are interrelated.
- Sufficiency is the measure of the quantity of audit evidence. The quantity of audit evidence required is affected by our combined risk assessment (CRA) (i.e., the higher the CRA, the more audit evidence is likely to be required) and by the quality of audit evidence (i.e., the higher the quality, the less audit evidence may be required). Obtaining more audit evidence, however, may not necessarily compensate for its poor quality.
- Appropriateness is the measure of the quality of audit evidence, that is, its relevance and reliability in providing support for the conclusions on which we base our audit opinion. The reliability of evidence is influenced by its source and its nature and depends on the individual circumstances under which the evidence is obtained.
Audit procedures consisting primarily of inquiry do not generally provide sufficient appropriate audit evidence.
If audit evidence obtained from one source is inconsistent with that obtained from another, or we have doubts about the reliability of information to be used as audit evidence, we:
- Determine what modifications or additions to our audit procedures are necessary to resolve the matter
- Consider the effect of the matter, if any, on other aspects of our audit
We use our professional judgment to determine whether we have obtained sufficient appropriate audit evidence. Requirements and guidance are provided throughout TAM to help us determine the sufficiency and appropriateness of audit evidence as we perform our procedures.
Professional skepticism is an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence. We plan and perform our audit with professional skepticism recognizing that circumstances may exist that cause the financial statements to be materially misstated.
It is important to maintain professional skepticism throughout the audit, to reduce the risks of:
- Overlooking unusual circumstances
- Overgeneralizing when drawing conclusions from audit observations
- Using inappropriate assumptions to determine the nature, timing, and extent of our audit procedures and to evaluate the results thereof
Although professional skepticism is important in all aspects of the audit, it is particularly important in those areas of the audit that involve significant management judgments or transactions outside the normal course of business.
Applying professional skepticism involves:
- Diligently obtaining sufficient appropriate audit evidence rather than merely the most readily available evidence that corroborates management’s assertions
- Explicitly considering the existence of new or contrary evidence
- Critically assessing all the evidence obtained, including evidence that corroborates or contradicts information used by management
Questions to ask
The following questions may help us maintain professional skepticism throughout the audit:
- Have we evaluated all relevant information available (both supporting and contrary or conflicting evidence)?
- Are the sources of information used to provide audit evidence appropriate and have we independently verified such information?
- Have we appropriately challenged management’s assertions and explanations, and obtained sufficient evidence to corroborate or refute such assertions and explanations?
- Are management’s assertions and explanations consistent with or contradictory to other information obtained during the audit or external factors (e.g., industry data, analysts’ information specific to the entity or its peer group or industry or the economic environment)?
- Have we appropriately considered indicators of risk rather than assuming that they are not relevant because of our past experience with the entity?
- Is the audit evidence we obtained sufficient and appropriate? Have we challenged whether such evidence is authentic when we have a reason to believe it may not be?
Is our documentation complete and adequate to demonstrate how we have exercised professional skepticism (i.e., the factors we considered and judgments we made)? Does our documentation reflect the full extent of our audit work?
Critically assessing audit evidence involves querying the:
- Reliability of information to be used as audit evidence and the controls over its preparation and maintenance
- Sufficiency and Appropriateness of audit evidence
- The consistency of the responses we receive – consistent responses to inquiries are generally more reliable
The reliability of audit evidence is influenced by its source and nature and is dependent on the circumstances under which it is obtained. Audit evidence is generally more reliable in its original documentary form, whether paper, electronic or another medium, rather than oral representation. When fraud factors exist and a single document, of a nature that is susceptible to fraud, is the sole supporting evidence for a material financial statement amount, we consider its sufficiency and appropriateness.
We exercise professional judgment in planning and performing the audit.
Professional judgment is the application of relevant training, knowledge, and experience, within the context provided by auditing, accounting, and ethical standards, in making informed decisions about the course of action that is appropriate in the circumstance of the audit. Our professional judgment is based on the facts and circumstances that are known to us at the time, up to the date of our auditor’s report.
We do not use professional judgment as an explanation to justify decisions that are not otherwise supported by the facts and circumstances of the audit or by sufficient appropriate audit evidence.
We document the significant professional judgments made in reaching conclusions on significant findings as well as significant accounting and auditing issues arising.
Audit risk model
TAM can help us to use our professional judgment to:
- Identify and assess risks of material misstatement, due to fraud or error, based on our understanding of the entity and its environment, including its internal control, and
- Respond to those risks by determining what tests of controls, if any, and substantive procedures to perform to obtain sufficient appropriate audit evidence.
TAM uses the audit risk model as the basis for assessing risks of material misstatement and responding to those risks.
The audit risk model demonstrates the relationship between inherent risk and control risk and the level of detection risk we are willing to accept when performing our audit procedures. The objective of an audit is to limit audit risk to an acceptably low level (i.e., 5%). This level of audit risk is generally accepted in the profession as an acceptable level of audit risk and recognizes that we perform an audit to obtain reasonable, not absolute, assurance that the financial statements as a whole are not materially misstated.
The audit risk model is described as:
Inherent risk and control risk are the entity’s risks and exist independently of our audit. They arise from many factors including, but not limited to, the nature of the entity’s business and the strategies that it undertakes. They can be increased or reduced by the management’s attitude toward risk. Some businesses and strategies are inherently more (or less) risky than others and result in higher (or lower) inherent risks that material misstatements of the financial statements may occur.
Management can mitigate inherent risk by implementing effective internal control; however, inherent risk cannot be totally eliminated due to the limitations of controls arising from the realities that human judgment in decision-making can be faulty and that breakdowns in internal control can occur because of human error or fraud.
Detection risk is the risk that a material misstatement would not be detected by our substantive procedures. Our substantive procedures include Primary Substantive Procedures (PSPs) and Other Substantive Procedures (OSPs) as appropriate. PSPs and OSPs comprise:
- Substantive analytical procedures
- Test of details, which may include testing of key items and/or representative samples
Risks of material misstatement at the financial statement level
Risks of material misstatement at the financial statement level refer to risks that relate pervasively to the financial statements as a whole and potentially affect many assertions. Such risks are typically not associated with specific assertions. Rather, they represent circumstances that may increase the risks of material misstatement across many assertions (e.g., through management override of internal control). When we identify risks of material misstatement at the financial statement level we determine our overall response to those risks, such as including professionals with relevant knowledge and experience in the audit team.
Risks of material misstatement at the assertion level
We assess risks of material misstatement at the assertion level to help determine the nature, timing and extent of any additional audit procedures at the assertion level that are necessary to obtain sufficient appropriate audit evidence. We determine relevant assertions at the significant account and disclosure level.
Risks of material misstatement at the assertion level consist of inherent risk and control risk. Therefore, our Combined Risk Assessment (CRAs) represent our assessed risks of material misstatement at the assertion level for each significant account and disclosure. The nature, timing and extent of our audit procedures are a direct result of the CRAs we make. Making the appropriate CRAs is therefore important in executing an effective and efficient audit.
Understanding the audit risk model
The audit risk model allows us to take a variety of circumstances into account when selecting an effective and efficient audit approach to reduce audit risk to an acceptably low level. We make judgments about the level of inherent risk related to an account balance or disclosure and decide whether to rely or not to rely on controls. These judgments have a direct effect on the nature, timing and extent of our substantive procedures.
In TAM, the audit risk model is stated as:
Although the audit risk model is expressed in mathematical terms (i.e., a multiplicative model), the application of the audit risk model is highly judgmental.
Understanding detection risk
The audit risk model shows the connection between inherent risk, control risk and detection risk. Detection risk is directly influenced by the procedures we perform and judgments we make throughout the audit. TAM provides us with the framework to adjust detection risk to an acceptable level. Our combined risk assessment (CRA) is a crucial element of that framework.
The lower our confidence that a material misstatement may not exist based on our combined risk assessment (i.e., from our assessments of inherent risk and control risk), the greater the confidence we require from our detection procedures, resulting in “more” substantive procedures to be performed to maintain audit risk at 5% (“more” includes the nature and timing of procedures as well as their extent).
Our documentation provides:
- A sufficient and appropriate record of the basis for our conclusions and our auditor’s report
- Evidence that the planning and performance of our audit is consistent with professional standards, legal and regulatory requirements, and Tianlong Services policies
Our documentation serves a number of additional purposes, including:
- Helping the audit team to plan and perform the audit
- Helping members of the audit team responsible for supervision to direct and supervise the audit work and to fulfill their review responsibilities
- Enabling the audit team to be accountable for its work
- Retaining a record of matters of significance to future audits
- Enabling the conduct of quality control reviews and inspections by regulators
We prepare our audit documentation on a timely basis. We use professional judgment to determine the nature and extent of our documentation. Our documentation contains sufficient information to enable an experienced auditor with no previous connection with the audit to understand:
- The nature, timing and extent of the procedures performed
- Results of the procedures performed
- Evidence obtained and conclusions reached, including inconsistent or contrary information we considered and our conclusions regarding such information
- Significant findings and issues arising during the audit, actions taken to address them (including any additional evidence obtained), and our conclusions, including significant professional judgments made in reaching those conclusions
In documenting our work and completing our procedures, we include in our documentation:
- The identifying characteristics of the specific items or matters tested
- Who performed the audit work and the date it was completed
- Who reviewed the audit work and the date of such review
Each TAM topic contains the specific documentation requirements necessary to demonstrate that we have complied with the requirements of the topic.
Visit our TAM page here.