Overview - Printing
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Overview - Printing as PDF for free.
More details
- Words: 4,132
- Pages: 10
Loading documents preview...
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
Ernst & Young Global Audit Methodology Overview Introduction The Ernst & Young Global Audit Methodology (EY GAM) provides a global framework for the application of a consistent thought process to all audits. EY GAM is based on International Standards on Auditing (ISAs)1 and is supplemented with local content developed by individual member firms to comply with local auditing standards and regulatory or statutory requirements of the countries in which they practice. EY GAM contemplates timely executive involvement in the audit and allows the use of alternative strategies based on professional judgment and engagement team input. EY GAM is a means to an end and not a set of rigid instructions that should be followed without the use of professional judgment.
Objective of an audit In conducting an audit of financial statements, our overall objectives are: a)
To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling us to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework; and
b)
To report on the financial statements and communicate in accordance with our findings.
Premise underlying the conduct of an audit Our audit is conducted on the premise that management, and where appropriate those charged with governance, have acknowledged the following responsibilities that are fundamental to the conduct of an audit: (a)
For the preparation of the financial statements in accordance with the applicable financial reporting framework, including where relevant their fair presentation
(b)
For such internal control as management and, where appropriate those charged with governance, determine is necessary to enable the preparation of the financial statements that are free from material misstatement, whether due to fraud or error
(c)
To provide us with: (i)
Access to all information of which management and, where appropriate those charged with governance, are aware that is relevant to the preparation of financial statements such as records, documentation and other matters
(ii)
Additional information that we may request from management and, where appropriate those charged with governance, for the purpose of the audit
(iii) Unrestricted access to persons within the entity from whom we determine it necessary to obtain audit evidence Our audit of the financial statements does not relieve management and those charged with governance of their responsibilities. We achieve our audit objective by: • • • • • •
Complying with our policies and procedures Obtaining sufficient appropriate audit evidence Exercising professional skepticism Applying professional judgment Applying our risk based methodology Preparing documentation
Printed 01 Dec 2014
Page 1 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
To assist us in achieving our overall objective we: • Understand the structure of EY GAM
Comply with our policies and procedures The Ernst & Young Global policies on client acceptance and continuance, quality control, communication and coordination among member firms, international reporting and engagement agreements are included in the Ernst & Young Global Assurance Policy Manual (GAPM). The Ernst & Young Global Independence Policy is designed to comply with the elements of the IFAC Code of Ethics for Professional Accountants that deals with independence, objectivity and integrity. Compliance with EY GAM, the relevant policies in GAPM and the Ernst & Young Global Independence Policy will result in compliance with the ISAs. The Ernst & Young Global policies may also be supplemented with local content developed by individual member firms to comply with the local auditing standards and regulatory or statutory requirements of the countries in which they practice.
Obtain sufficient appropriate audit evidence As the basis of our audit opinion, we obtain reasonable assurance about whether the financial statements taken as a whole are free from material misstatement, whether due to fraud or error. To do so we obtain sufficient appropriate audit evidence to reduce audit risk (the risk that we may unknowingly fail to appropriately modify our opinion when the financial statements are materially misstated) to an acceptably low level.2 Reasonable assurance is a high level of assurance but not an absolute level of assurance because there are inherent limitations of an audit. These limitations result from factors such as: • The use of sampling • The inherent limitations of internal control (for example, the possibility of management override or collusion) • The fact that audit evidence is typically persuasive rather than conclusive. • The need for the audit to be conducted within a reasonable period of time and at a reasonable cost Audit evidence is information we use in arriving at the conclusions on which we base our audit opinion. Audit evidence is cumulative in nature and is primarily obtained from audit procedures performed throughout the audit. Audit evidence may include information obtained from sources such as: • The entity’s accounting records • Previous audits (assuming we have determined it is still relevant to the current audit) • The firm’s quality control procedures for client acceptance and continuance • An expert employed or engaged by the entity • Industry and market data Audit evidence comprises information that supports and corroborates management’s assertions and any information that contradicts such assertions. The absence of information (for example, management’s refusal to provide a requested representation) also constitutes audit evidence. The sufficiency and appropriateness of audit evidence are interrelated. • Sufficiency is the measure of the quantity of audit evidence. The quantity of audit evidence required is affected by our combined risk assessment (CRA), (the higher the CRA, the more audit evidence is likely to be required) and also by the quality of audit evidence (the higher the quality, the less audit evidence may be required). Printed 01 Dec 2014
Page 2 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
Obtaining more audit evidence, however, may not necessarily compensate for its poor quality. • Appropriateness is the measure of the quality of audit evidence, that is, its relevance and its reliability in providing support for the conclusions on which we base our audit opinion. The reliability of evidence is influenced by its source and by its nature, and is dependent on the individual circumstances under which the evidence is obtained. We obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level, and allow us to draw reasonable conclusions on which to base our audit opinion. Determining whether we have obtained sufficient appropriate audit evidence is a matter of professional judgment. Requirements and guidance are provided throughout EY GAM to assist us in determining the sufficiency and appropriateness of audit evidence as we perform our procedures.
Exercise professional skepticism Professional skepticism is an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence. We plan and perform our audit with professional skepticism recognizing that circumstances may exist that cause the financial statements to be materially misstated.3 Maintaining professional skepticism throughout the audit is important to reduce the risks of overlooking unusual circumstances, over generalizing when drawing conclusions from audit observations and using inappropriate assumptions in determining the nature, timing and extent of our audit procedures and evaluating the results thereof.
Apply professional judgment We exercise professional judgment in planning and performing the audit.4 Professional judgment is the application of relevant training, knowledge and experience, within the context provided by auditing, accounting and ethical standards, in making informed decisions about the course of action that is appropriate in the circumstance of the audit engagement. The exercise of professional judgment is based on the facts and circumstances that are known to us at the point in time up to the date of our opinion. We do not use professional judgment as the justification for decisions that are not otherwise supported by the facts and circumstances of the engagement or sufficient appropriate audit evidence. We document the significant professional judgments made in reaching conclusions on significant accounting and auditing issues arising during the audit.
Apply our risk based methodology EY GAM helps us to identify and assess risks of material misstatement, due to fraud or error, based on our understanding of the entity and its environment, including the entity’s internal control, and respond to those risks. Definition: Risk of material misstatement: The risk that the financial statements are materially misstated prior to the performance of our audit procedures. EY GAM uses the audit risk model as the basis for assessing risks of material misstatement and responding to those risks.
Audit risk model The audit risk model demonstrates the relationship between inherent risk and control risk and the level of detection risk we are willing to accept when performing our audit procedures. The Printed 01 Dec 2014
Page 3 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
objective of an audit is to limit audit risk to an acceptably low level (i.e., 5%). This level of audit risk is generally accepted in the profession as an acceptable level of audit risk and recognizes that we perform an audit to obtain reasonable, not absolute, assurance that the financial statements as a whole are not materially misstated. Inherent risk and control risk are the entity’s risks and exist independently of our audit. Inherent risk and control risk arise from many factors including, but not limited to, the nature of the entity’s business and the strategies that the entity undertakes, and can be increased or reduced by management’s attitude to risk. Some businesses and strategies are inherently more (or less) risky than others and result in higher (or lower) risks that material misstatements of the financial statements may occur. Management can mitigate inherent risk by implementing effective internal control; however, inherent risk cannot be totally eliminated due to the limitations of controls arising from the realities that human judgment in decision-making can be faulty and that breakdowns in internal control can occur because of human error. Detection risk is directly influenced by the procedures we perform and judgments we make throughout the audit process. EY GAM provides us with the framework by which we may reduce detection risk to an acceptable level and our CRA is a crucial element of that framework. Risks of material misstatement at the financial statement level Risks of material misstatement at the financial statement level refer to risks that relate pervasively to the financial statements as a whole and potentially affect many assertions. Risks of this nature are typically not associated with specific assertions. Rather, they represent circumstances that may increase the risks of material misstatement across many assertions, for example, through management override of internal control. When we identify risks of material misstatement at the financial statement level we determine our overall response to those risks, such as including professionals in the engagement team with relevant knowledge and experience. Risk of material misstatement at the assertion level We assess risks of material misstatement at the assertion level to assist us in determining the nature, timing and extent of any additional audit procedures at the assertion level that are necessary to obtain sufficient appropriate audit evidence. We determine relevant assertions at the significant account and disclosure level. Risks of material misstatement at the assertion level consist of inherent risk and control risk. Therefore, our combined risk assessments (CRA) represent our assessed risks of material misstatement at the assertion level. The nature, timing and extent of our audit procedures are a direct result of the combined risk assessments we make. Making the appropriate combined risk assessments and then reflecting them in our audit strategy contributes significantly to executing an effective and efficient audit. Refer to S08 Make combined risk assessments for further requirements and guidance.
Risk assessment procedures Risk assessment procedures are those procedures performed to obtain an understanding of the entity and its environment, including the entity’s internal control, to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels and include: • Inquiries of management, of appropriate individuals within the internal audit function (if the function exists), and of others within the entity • Analytical procedures • Observation and inspection5 Printed 01 Dec 2014
Page 4 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
Our risk assessment procedures provide a basis for designing and executing audit procedures to respond to the assessed risks of material misstatement. Risk assessment procedures by themselves, however, do not provide sufficient appropriate audit evidence on which to base our audit opinion.6 In other words, we perform tests of controls and substantive procedures in addition to risk assessment procedures to obtain sufficient appropriate audit evidence to conclude whether the financial statements are presented fairly, in all material respects.
Understanding the audit risk model Professional standards and EY GAM require us to use our judgment in assessing risks of material misstatement and in determining what tests of controls, if any, and substantive procedures to perform to obtain sufficient appropriate audit evidence. This concept is referred to in the standards as the audit risk model and forms the foundation of EY GAM. The audit risk model allows us to take a variety of circumstances into account in selecting the most effective and efficient audit approach to reduce audit risk to an acceptably low level. We make judgments about the level of inherent risk related to an account balance or disclosure and decide whether to rely or not to rely on internal controls. These judgments have a direct effect on the nature, timing and extent of the substantive procedures we perform. For example, if controls over sales and accounts receivable are effective and we intend to rely on them, we are able to reduce the number of accounts receivable confirmation requests that we send at an interim date. Conversely, if controls are not effective, we may send a larger number of accounts receivable confirmations at period end as we perceive there is greater risk of material misstatement because we have not obtained evidence about the operating effectiveness of the controls. The audit risk model is described as:
Where: Definition: Audit risk: The risk that we express an inappropriate audit opinion, for example, expressing an unmodified opinion when the financial statements are materially misstated. Definition: Inherent risk: The susceptibility of an assertion about a class of transactions, account balance or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls. Definition: Control risk: The risk that a misstatement, which could occur in an assertion about a class of transactions, account balance or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control. Definition: Detection risk: The risk that the procedures we perform to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements. Detection risk is the risk that a material misstatement would not be detected by our substantive procedures. Our substantive procedures include Primary Substantive Procedures (PSPs) and Other Substantive Procedures (OSPs) as appropriate. PSPs and OSPs comprise: • Substantive analytical procedures Printed 01 Dec 2014
Page 5 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
• Test of details, which may include testing of key items and/or representative samples For further discussion on substantive procedures refer to S11_Design substantive procedures. In EY GAM, our CRA represents our judgment about the risk of material misstatement at the assertion level for each significant account and disclosure as follows:
Thus, in EY GAM the audit risk model can also be stated as:
Although the audit risk model is expressed in mathematical terms (i.e., a multiplicative model), the application of the audit risk model is highly judgmental. Our objective in performing our tests of controls and substantive procedures is to limit audit risk to an appropriately low level, thus enabling us to achieve reasonable assurance that the financial statements are free from material misstatement.
Understanding detection risk The audit risk model shows the connection between inherent risk, control risk and detection risk. The importance of making a proper assessment of inherent risk and control risk is highlighted by their effects on detection risk. The lower the confidence we have that a material misstatement may not exist based on our combined risk assessment (i.e., from our inherent risk assessment and control risk assessment), the greater the confidence we require Printed 01 Dec 2014
Page 6 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
from our detection procedures, resulting in “more” substantive procedures we need to perform to maintain audit risk at 5% (“more” includes the nature and timing of procedures as well as their extent).
Prepare documentation Our workpapers provide the principal support for our conclusions reached and evidences that the planning and performance of our audit is consistent with professional standards, legal and regulatory requirements and firm policies. Audit documentation serves a number of additional purposes, including: • Assisting the engagement team to plan and perform the audit • Assisting members of the engagement team responsible for supervision of the audit to direct and supervise the audit work and to fulfill their review responsibilities • Enabling the engagement team to be accountable for its work • Retaining a record of matters of significance to future audits • Enabling the conduct of quality control reviews and inspections by regulators Our audit documentation is prepared on a timely basis.7 We use professional judgment to determine the nature and extent of the documentation needed for each relevant assertion. Our documentation contains sufficient information to enable an experienced auditor having no previous connection with the engagement to understand: • The nature, timing, extent and results of the procedures performed • Evidence obtained and conclusions reached • Significant accounting and auditing issues identified during the audit and the conclusions reached, including significant professional judgments made in reaching those conclusions8 An experienced auditor is an individual who has practical audit experience and a reasonable understanding of the audit processes, our policies and procedures, applicable local professional standards and/or local legal and regulatory requirements, the business environment in which the entity operates and auditing and reporting issues relevant to the entity’s industry. In documenting our work and completing our procedures, we: • Document the specific items or matters tested in our audit procedures9 • Document who performed the audit work and the date the work was completed10 • Document who reviewed the audit work and the date and extent of such review11 • Determine that all audit procedures have been completed and signed off. Each objective within EY GAM contains the specific documentation requirements that are required to be completed in order to demonstrate that we have complied with the requirements of each EY GAM objective. Refer to C07 Complete documentation and archive engagement for further requirements and guidance.
Understand the structure of EY GAM The sections of EY GAM, including this overview, represent our comprehensive methodology and consist of the following: • • • •
EY GAM Objectives EY GAM Supplements Enablers Frequently asked questions (FAQs)
Printed 01 Dec 2014
Page 7 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
EY GAM, including the supplements, is relevant for us to obtain reasonable assurance from the performance of the audit as a whole. The procedures included in the supplements are mandatory if applicable in the circumstances of the engagement.
EY GAM objectives EY GAM reflects the typical flow of the execution of an audit in four broad phases: • Planning and risk identification We preliminarily establish the scope of the audit and meet with those charged with governance and/or management to determine expectations and service requirements. We obtain a broad understanding of the entity, including the nature of the business and its environment and the risks that the entity faces. We determine materiality and what accounts and disclosures are significant. We identify risks of material misstatement due to fraud or error and relate these risks to the financial statements as a whole and to relevant assertions for significant accounts and disclosures. • Strategy and risk assessment We determine our audit strategy and audit plan. From our understanding of the significant classes of transactions, the financial statement close process (FSCP) and IT General Controls (ITGCs) we make our combined risk assessments and determine the nature, timing and extent of our tests of controls and substantive procedures that we plan to perform to respond to the assessed risks. In addition, we plan the general audit procedures. • Execution We perform the tests of controls and substantive procedures we planned in the strategy and risk assessment phase. We reassess our combined risk assessments throughout the audit and determine whether changes are necessary to our audit strategy in response to a change in our combined risk assessments. • Conclusion and reporting We perform the procedures to complete our audit and communicate with those charged with governance and/or management our significant findings and issues. We assess whether we have obtained sufficient appropriate audit evidence to provide us with reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. The four phases of EY GAM and the objectives within each phase are illustrated in the GAM Navigator below.
Printed 01 Dec 2014
Page 8 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
The objectives and procedures in EY GAM reflect the typical flow of an audit’s execution. However, they are not necessarily performed in a linear manner. Certain objectives occur concurrently with other objectives. In addition, throughout the audit we continually revisit and revise our procedures within an objective as appropriate when we obtain new or updated information. Each objective of EY GAM includes an introduction, requirements which are outlined by a solid line shaded box, explanatory guidance providing considerations on how to execute the requirements and documentation requirements summarizing the minimum documentation that is required for each objective. Some GAM objectives also contain, when applicable, requirements for the partner in charge of the engagement and consultation requirements and recurring engagement considerations. These sections are described below: • The introduction provides an explanation of the purpose and scope of the objective and the procedures we perform in that objective. • The EY GAM requirements are the minimum we perform for each EY GAM objective. Each EY GAM requirement is cross referenced to the appropriate ISA requirement. When no cross reference is present, the EY GAM requirement represents a firm’s policy or procedure that operationalizes the relevant ISA requirement, and/or provides risk management or audit quality considerations as described above under ‘Comply with our policies and procedures’.
Printed 01 Dec 2014
Page 9 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
• The explanatory guidance provides considerations on how to execute a requirement. Unless otherwise stated, these considerations are not intended to be applied in all circumstances. Instead, they are reminders for potential facts or circumstances that may assist us in determining the risks of material misstatement, designing our tests of control or substantive procedures to respond to the assessed risks of material misstatement and reaching our conclusions. • The examples included in the explanatory guidance provide context of how the requirements may be applied. The examples are not requirements themselves therefore it is expected that an engagement team, facing the same fact pattern as an example, may determine a different approach or strategy. Some EY GAM objectives include appendices which provide further guidance and examples and/or describe detailed procedures that are applied when the circumstances in the appendix exist.
EY GAM supplements The EY GAM supplements deal with specific situations or circumstances. When a specific situation or circumstance is present on an audit, the requirements and guidance included in the supplement apply.
EY GAM enablers The EY GAM enablers consist of templates, examples, checklists and leading practice illustrations to assist in performing and documenting our procedures. Certain EY GAM enablers are required to be completed on each audit. Refer to the master list of forms and templates in GAAIT for requirement for use of the EY GAM enablers. Go To Document ID: 100296566 System ID: 201001276~443989 Date: 20 Aug 2013
Printed 01 Dec 2014
Page 10 of 10
Ernst & Young Global Audit Methodology Overview Introduction The Ernst & Young Global Audit Methodology (EY GAM) provides a global framework for the application of a consistent thought process to all audits. EY GAM is based on International Standards on Auditing (ISAs)1 and is supplemented with local content developed by individual member firms to comply with local auditing standards and regulatory or statutory requirements of the countries in which they practice. EY GAM contemplates timely executive involvement in the audit and allows the use of alternative strategies based on professional judgment and engagement team input. EY GAM is a means to an end and not a set of rigid instructions that should be followed without the use of professional judgment.
Objective of an audit In conducting an audit of financial statements, our overall objectives are: a)
To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling us to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework; and
b)
To report on the financial statements and communicate in accordance with our findings.
Premise underlying the conduct of an audit Our audit is conducted on the premise that management, and where appropriate those charged with governance, have acknowledged the following responsibilities that are fundamental to the conduct of an audit: (a)
For the preparation of the financial statements in accordance with the applicable financial reporting framework, including where relevant their fair presentation
(b)
For such internal control as management and, where appropriate those charged with governance, determine is necessary to enable the preparation of the financial statements that are free from material misstatement, whether due to fraud or error
(c)
To provide us with: (i)
Access to all information of which management and, where appropriate those charged with governance, are aware that is relevant to the preparation of financial statements such as records, documentation and other matters
(ii)
Additional information that we may request from management and, where appropriate those charged with governance, for the purpose of the audit
(iii) Unrestricted access to persons within the entity from whom we determine it necessary to obtain audit evidence Our audit of the financial statements does not relieve management and those charged with governance of their responsibilities. We achieve our audit objective by: • • • • • •
Complying with our policies and procedures Obtaining sufficient appropriate audit evidence Exercising professional skepticism Applying professional judgment Applying our risk based methodology Preparing documentation
Printed 01 Dec 2014
Page 1 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
To assist us in achieving our overall objective we: • Understand the structure of EY GAM
Comply with our policies and procedures The Ernst & Young Global policies on client acceptance and continuance, quality control, communication and coordination among member firms, international reporting and engagement agreements are included in the Ernst & Young Global Assurance Policy Manual (GAPM). The Ernst & Young Global Independence Policy is designed to comply with the elements of the IFAC Code of Ethics for Professional Accountants that deals with independence, objectivity and integrity. Compliance with EY GAM, the relevant policies in GAPM and the Ernst & Young Global Independence Policy will result in compliance with the ISAs. The Ernst & Young Global policies may also be supplemented with local content developed by individual member firms to comply with the local auditing standards and regulatory or statutory requirements of the countries in which they practice.
Obtain sufficient appropriate audit evidence As the basis of our audit opinion, we obtain reasonable assurance about whether the financial statements taken as a whole are free from material misstatement, whether due to fraud or error. To do so we obtain sufficient appropriate audit evidence to reduce audit risk (the risk that we may unknowingly fail to appropriately modify our opinion when the financial statements are materially misstated) to an acceptably low level.2 Reasonable assurance is a high level of assurance but not an absolute level of assurance because there are inherent limitations of an audit. These limitations result from factors such as: • The use of sampling • The inherent limitations of internal control (for example, the possibility of management override or collusion) • The fact that audit evidence is typically persuasive rather than conclusive. • The need for the audit to be conducted within a reasonable period of time and at a reasonable cost Audit evidence is information we use in arriving at the conclusions on which we base our audit opinion. Audit evidence is cumulative in nature and is primarily obtained from audit procedures performed throughout the audit. Audit evidence may include information obtained from sources such as: • The entity’s accounting records • Previous audits (assuming we have determined it is still relevant to the current audit) • The firm’s quality control procedures for client acceptance and continuance • An expert employed or engaged by the entity • Industry and market data Audit evidence comprises information that supports and corroborates management’s assertions and any information that contradicts such assertions. The absence of information (for example, management’s refusal to provide a requested representation) also constitutes audit evidence. The sufficiency and appropriateness of audit evidence are interrelated. • Sufficiency is the measure of the quantity of audit evidence. The quantity of audit evidence required is affected by our combined risk assessment (CRA), (the higher the CRA, the more audit evidence is likely to be required) and also by the quality of audit evidence (the higher the quality, the less audit evidence may be required). Printed 01 Dec 2014
Page 2 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
Obtaining more audit evidence, however, may not necessarily compensate for its poor quality. • Appropriateness is the measure of the quality of audit evidence, that is, its relevance and its reliability in providing support for the conclusions on which we base our audit opinion. The reliability of evidence is influenced by its source and by its nature, and is dependent on the individual circumstances under which the evidence is obtained. We obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level, and allow us to draw reasonable conclusions on which to base our audit opinion. Determining whether we have obtained sufficient appropriate audit evidence is a matter of professional judgment. Requirements and guidance are provided throughout EY GAM to assist us in determining the sufficiency and appropriateness of audit evidence as we perform our procedures.
Exercise professional skepticism Professional skepticism is an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence. We plan and perform our audit with professional skepticism recognizing that circumstances may exist that cause the financial statements to be materially misstated.3 Maintaining professional skepticism throughout the audit is important to reduce the risks of overlooking unusual circumstances, over generalizing when drawing conclusions from audit observations and using inappropriate assumptions in determining the nature, timing and extent of our audit procedures and evaluating the results thereof.
Apply professional judgment We exercise professional judgment in planning and performing the audit.4 Professional judgment is the application of relevant training, knowledge and experience, within the context provided by auditing, accounting and ethical standards, in making informed decisions about the course of action that is appropriate in the circumstance of the audit engagement. The exercise of professional judgment is based on the facts and circumstances that are known to us at the point in time up to the date of our opinion. We do not use professional judgment as the justification for decisions that are not otherwise supported by the facts and circumstances of the engagement or sufficient appropriate audit evidence. We document the significant professional judgments made in reaching conclusions on significant accounting and auditing issues arising during the audit.
Apply our risk based methodology EY GAM helps us to identify and assess risks of material misstatement, due to fraud or error, based on our understanding of the entity and its environment, including the entity’s internal control, and respond to those risks. Definition: Risk of material misstatement: The risk that the financial statements are materially misstated prior to the performance of our audit procedures. EY GAM uses the audit risk model as the basis for assessing risks of material misstatement and responding to those risks.
Audit risk model The audit risk model demonstrates the relationship between inherent risk and control risk and the level of detection risk we are willing to accept when performing our audit procedures. The Printed 01 Dec 2014
Page 3 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
objective of an audit is to limit audit risk to an acceptably low level (i.e., 5%). This level of audit risk is generally accepted in the profession as an acceptable level of audit risk and recognizes that we perform an audit to obtain reasonable, not absolute, assurance that the financial statements as a whole are not materially misstated. Inherent risk and control risk are the entity’s risks and exist independently of our audit. Inherent risk and control risk arise from many factors including, but not limited to, the nature of the entity’s business and the strategies that the entity undertakes, and can be increased or reduced by management’s attitude to risk. Some businesses and strategies are inherently more (or less) risky than others and result in higher (or lower) risks that material misstatements of the financial statements may occur. Management can mitigate inherent risk by implementing effective internal control; however, inherent risk cannot be totally eliminated due to the limitations of controls arising from the realities that human judgment in decision-making can be faulty and that breakdowns in internal control can occur because of human error. Detection risk is directly influenced by the procedures we perform and judgments we make throughout the audit process. EY GAM provides us with the framework by which we may reduce detection risk to an acceptable level and our CRA is a crucial element of that framework. Risks of material misstatement at the financial statement level Risks of material misstatement at the financial statement level refer to risks that relate pervasively to the financial statements as a whole and potentially affect many assertions. Risks of this nature are typically not associated with specific assertions. Rather, they represent circumstances that may increase the risks of material misstatement across many assertions, for example, through management override of internal control. When we identify risks of material misstatement at the financial statement level we determine our overall response to those risks, such as including professionals in the engagement team with relevant knowledge and experience. Risk of material misstatement at the assertion level We assess risks of material misstatement at the assertion level to assist us in determining the nature, timing and extent of any additional audit procedures at the assertion level that are necessary to obtain sufficient appropriate audit evidence. We determine relevant assertions at the significant account and disclosure level. Risks of material misstatement at the assertion level consist of inherent risk and control risk. Therefore, our combined risk assessments (CRA) represent our assessed risks of material misstatement at the assertion level. The nature, timing and extent of our audit procedures are a direct result of the combined risk assessments we make. Making the appropriate combined risk assessments and then reflecting them in our audit strategy contributes significantly to executing an effective and efficient audit. Refer to S08 Make combined risk assessments for further requirements and guidance.
Risk assessment procedures Risk assessment procedures are those procedures performed to obtain an understanding of the entity and its environment, including the entity’s internal control, to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and assertion levels and include: • Inquiries of management, of appropriate individuals within the internal audit function (if the function exists), and of others within the entity • Analytical procedures • Observation and inspection5 Printed 01 Dec 2014
Page 4 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
Our risk assessment procedures provide a basis for designing and executing audit procedures to respond to the assessed risks of material misstatement. Risk assessment procedures by themselves, however, do not provide sufficient appropriate audit evidence on which to base our audit opinion.6 In other words, we perform tests of controls and substantive procedures in addition to risk assessment procedures to obtain sufficient appropriate audit evidence to conclude whether the financial statements are presented fairly, in all material respects.
Understanding the audit risk model Professional standards and EY GAM require us to use our judgment in assessing risks of material misstatement and in determining what tests of controls, if any, and substantive procedures to perform to obtain sufficient appropriate audit evidence. This concept is referred to in the standards as the audit risk model and forms the foundation of EY GAM. The audit risk model allows us to take a variety of circumstances into account in selecting the most effective and efficient audit approach to reduce audit risk to an acceptably low level. We make judgments about the level of inherent risk related to an account balance or disclosure and decide whether to rely or not to rely on internal controls. These judgments have a direct effect on the nature, timing and extent of the substantive procedures we perform. For example, if controls over sales and accounts receivable are effective and we intend to rely on them, we are able to reduce the number of accounts receivable confirmation requests that we send at an interim date. Conversely, if controls are not effective, we may send a larger number of accounts receivable confirmations at period end as we perceive there is greater risk of material misstatement because we have not obtained evidence about the operating effectiveness of the controls. The audit risk model is described as:
Where: Definition: Audit risk: The risk that we express an inappropriate audit opinion, for example, expressing an unmodified opinion when the financial statements are materially misstated. Definition: Inherent risk: The susceptibility of an assertion about a class of transactions, account balance or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls. Definition: Control risk: The risk that a misstatement, which could occur in an assertion about a class of transactions, account balance or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control. Definition: Detection risk: The risk that the procedures we perform to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements. Detection risk is the risk that a material misstatement would not be detected by our substantive procedures. Our substantive procedures include Primary Substantive Procedures (PSPs) and Other Substantive Procedures (OSPs) as appropriate. PSPs and OSPs comprise: • Substantive analytical procedures Printed 01 Dec 2014
Page 5 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
• Test of details, which may include testing of key items and/or representative samples For further discussion on substantive procedures refer to S11_Design substantive procedures. In EY GAM, our CRA represents our judgment about the risk of material misstatement at the assertion level for each significant account and disclosure as follows:
Thus, in EY GAM the audit risk model can also be stated as:
Although the audit risk model is expressed in mathematical terms (i.e., a multiplicative model), the application of the audit risk model is highly judgmental. Our objective in performing our tests of controls and substantive procedures is to limit audit risk to an appropriately low level, thus enabling us to achieve reasonable assurance that the financial statements are free from material misstatement.
Understanding detection risk The audit risk model shows the connection between inherent risk, control risk and detection risk. The importance of making a proper assessment of inherent risk and control risk is highlighted by their effects on detection risk. The lower the confidence we have that a material misstatement may not exist based on our combined risk assessment (i.e., from our inherent risk assessment and control risk assessment), the greater the confidence we require Printed 01 Dec 2014
Page 6 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
from our detection procedures, resulting in “more” substantive procedures we need to perform to maintain audit risk at 5% (“more” includes the nature and timing of procedures as well as their extent).
Prepare documentation Our workpapers provide the principal support for our conclusions reached and evidences that the planning and performance of our audit is consistent with professional standards, legal and regulatory requirements and firm policies. Audit documentation serves a number of additional purposes, including: • Assisting the engagement team to plan and perform the audit • Assisting members of the engagement team responsible for supervision of the audit to direct and supervise the audit work and to fulfill their review responsibilities • Enabling the engagement team to be accountable for its work • Retaining a record of matters of significance to future audits • Enabling the conduct of quality control reviews and inspections by regulators Our audit documentation is prepared on a timely basis.7 We use professional judgment to determine the nature and extent of the documentation needed for each relevant assertion. Our documentation contains sufficient information to enable an experienced auditor having no previous connection with the engagement to understand: • The nature, timing, extent and results of the procedures performed • Evidence obtained and conclusions reached • Significant accounting and auditing issues identified during the audit and the conclusions reached, including significant professional judgments made in reaching those conclusions8 An experienced auditor is an individual who has practical audit experience and a reasonable understanding of the audit processes, our policies and procedures, applicable local professional standards and/or local legal and regulatory requirements, the business environment in which the entity operates and auditing and reporting issues relevant to the entity’s industry. In documenting our work and completing our procedures, we: • Document the specific items or matters tested in our audit procedures9 • Document who performed the audit work and the date the work was completed10 • Document who reviewed the audit work and the date and extent of such review11 • Determine that all audit procedures have been completed and signed off. Each objective within EY GAM contains the specific documentation requirements that are required to be completed in order to demonstrate that we have complied with the requirements of each EY GAM objective. Refer to C07 Complete documentation and archive engagement for further requirements and guidance.
Understand the structure of EY GAM The sections of EY GAM, including this overview, represent our comprehensive methodology and consist of the following: • • • •
EY GAM Objectives EY GAM Supplements Enablers Frequently asked questions (FAQs)
Printed 01 Dec 2014
Page 7 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
EY GAM, including the supplements, is relevant for us to obtain reasonable assurance from the performance of the audit as a whole. The procedures included in the supplements are mandatory if applicable in the circumstances of the engagement.
EY GAM objectives EY GAM reflects the typical flow of the execution of an audit in four broad phases: • Planning and risk identification We preliminarily establish the scope of the audit and meet with those charged with governance and/or management to determine expectations and service requirements. We obtain a broad understanding of the entity, including the nature of the business and its environment and the risks that the entity faces. We determine materiality and what accounts and disclosures are significant. We identify risks of material misstatement due to fraud or error and relate these risks to the financial statements as a whole and to relevant assertions for significant accounts and disclosures. • Strategy and risk assessment We determine our audit strategy and audit plan. From our understanding of the significant classes of transactions, the financial statement close process (FSCP) and IT General Controls (ITGCs) we make our combined risk assessments and determine the nature, timing and extent of our tests of controls and substantive procedures that we plan to perform to respond to the assessed risks. In addition, we plan the general audit procedures. • Execution We perform the tests of controls and substantive procedures we planned in the strategy and risk assessment phase. We reassess our combined risk assessments throughout the audit and determine whether changes are necessary to our audit strategy in response to a change in our combined risk assessments. • Conclusion and reporting We perform the procedures to complete our audit and communicate with those charged with governance and/or management our significant findings and issues. We assess whether we have obtained sufficient appropriate audit evidence to provide us with reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. The four phases of EY GAM and the objectives within each phase are illustrated in the GAM Navigator below.
Printed 01 Dec 2014
Page 8 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
The objectives and procedures in EY GAM reflect the typical flow of an audit’s execution. However, they are not necessarily performed in a linear manner. Certain objectives occur concurrently with other objectives. In addition, throughout the audit we continually revisit and revise our procedures within an objective as appropriate when we obtain new or updated information. Each objective of EY GAM includes an introduction, requirements which are outlined by a solid line shaded box, explanatory guidance providing considerations on how to execute the requirements and documentation requirements summarizing the minimum documentation that is required for each objective. Some GAM objectives also contain, when applicable, requirements for the partner in charge of the engagement and consultation requirements and recurring engagement considerations. These sections are described below: • The introduction provides an explanation of the purpose and scope of the objective and the procedures we perform in that objective. • The EY GAM requirements are the minimum we perform for each EY GAM objective. Each EY GAM requirement is cross referenced to the appropriate ISA requirement. When no cross reference is present, the EY GAM requirement represents a firm’s policy or procedure that operationalizes the relevant ISA requirement, and/or provides risk management or audit quality considerations as described above under ‘Comply with our policies and procedures’.
Printed 01 Dec 2014
Page 9 of 10
EY Global Audit Methodology and Supplemental Audit Guidance / EY Global Audit Methodology / Overview
• The explanatory guidance provides considerations on how to execute a requirement. Unless otherwise stated, these considerations are not intended to be applied in all circumstances. Instead, they are reminders for potential facts or circumstances that may assist us in determining the risks of material misstatement, designing our tests of control or substantive procedures to respond to the assessed risks of material misstatement and reaching our conclusions. • The examples included in the explanatory guidance provide context of how the requirements may be applied. The examples are not requirements themselves therefore it is expected that an engagement team, facing the same fact pattern as an example, may determine a different approach or strategy. Some EY GAM objectives include appendices which provide further guidance and examples and/or describe detailed procedures that are applied when the circumstances in the appendix exist.
EY GAM supplements The EY GAM supplements deal with specific situations or circumstances. When a specific situation or circumstance is present on an audit, the requirements and guidance included in the supplement apply.
EY GAM enablers The EY GAM enablers consist of templates, examples, checklists and leading practice illustrations to assist in performing and documenting our procedures. Certain EY GAM enablers are required to be completed on each audit. Refer to the master list of forms and templates in GAAIT for requirement for use of the EY GAM enablers. Go To Document ID: 100296566 System ID: 201001276~443989 Date: 20 Aug 2013
Printed 01 Dec 2014
Page 10 of 10
Related Documents
Overview - Printing
January 2021 1
Batik Printing
January 2021 1
3d Printing
March 2021 0
Flexo Printing
January 2021 1
Ddr Overview
February 2021 1
Opc Overview
January 2021 1More Documents from "LAVA1971"
Overview - Printing
January 2021 1
Katarungang Pambarangay: A Handbook
February 2021 1
The Philippine Revolution By Apolinario Mabini Highlighted
January 2021 4
Chapter 16 Ppe (part 2)_for Distribution.pdf
February 2021 1
