An orientation slide deck on the IFAC SMP Committee's Guide to Using International Standards on Auditing in the Audits of Small- and Medium-Sized Entities (ISA Guide) that IFAC member bodies may use in training and orientation seminars to introduce staff and members to the ISA Guide.
1. ISA Guide—Orientation
IFAC SMP Committee
An Introduction to the Guide to
Using ISAs in the Audits of
Small- and Medium-Sized
Entities
May 2012
Page 1
2. ISA Guide—Orientation
Contents
• International Standards on Auditing (ISAs)
• The ISA Guide
– Introduction
– Structure and Content
– Ethics, ISAs, and Quality Control
– Phase l—Risk Assessment
– Phase ll—Risk Response
– Phase lll—Reporting
• IFAC Resources
Page 2
3. The ISAs
• A suite of standards applicable to all audits
– Can be applied in a manner proportionate with the size
and complexity of any entity
– Designed to achieve reasonable assurance on all
audits, regardless of the size and complexity of an
entity
– Recognize that the characteristics of SMEs differ
significantly from those of larger, more complex entities
Page 3
4. The ISA Guide
Introduction
• Developed by the IFAC SMP Committee
• Responds to a need for practical support in implementing
the ISAs on SME audits
• Helps firms apply the ISAs proportionately and
efficiently on SME audits
Although SMPs are a significant user group, the ISA Guide is
intended to help all practitioners implement ISAs on SME
audits.
Page 4
6. The ISA Guide
Introduction
• Provides practical guidance, but is no substitute for:
– Reading and understanding the ISAs (itself, a requirement of the ISAs)
– Using professional judgment
• Helps develop a deeper understanding of an audit
conducted in compliance with the ISAs, for example as
– A basis for training and education
– Reference material
• Refer to the Companion Manual at
www.ifac.org/publications-resources/companion-manual-0
for more ways to use the ISA Guide
Page 6
7. The ISA Guide
Structure and Content
• Volume 1
– Fundamental concepts of a risk-
based audit in conformance with
the ISAs
Page 7
8. The ISA Guide
Structure and Content
• Volume 2
– Practical guidance on
performing SME audits
– Includes two illustrative case
studies, one of an SME
audit and one of a micro-
entity audit
Page 8
9. The ISA Guide
Schematic
Both volumes explain and illustrate the three phases of
performing a risk-based audit—Risk Assessment, Risk
Response, and Reporting
Page 9
10. The ISA Guide
Case Studies
Case Study A— Case Study B—
Dephta Kumar
Business Furniture Furniture
manufacturing manufacturing
Sales 1.5 million 230,000
Staff 15 2 + owner
Sample audit Generally Simple memos to
documentation structured file
Page 10
11. The ISA Guide
Ethics, ISAs, and Quality Control
• Firm level objective (ISQC 1.11): to establish and maintain a
system of quality control to provide the firm with reasonable
assurance that:
– (a) The firm and its personnel comply with professional standards and
applicable legal and regulatory requirements; and
– (b) Reports issued by the firm or engagement partners are appropriate in the
circumstances.
• Engagement level objective (ISA 220.6): to implement
quality control procedures at the engagement level that
provide the auditor with reasonable assurance that:
– (a) The audit complies with professional standards and applicable legal and
regulatory requirements; and
– (b) The auditor's report issued is appropriate in the circumstances.
Page 11
26. SMP Committee Home Page
www.ifac.org/smp
Access ISA Guide
and Implementation
Resources from here
Page 26
27. IFAC Resources
• Guide to Using International Standards on Auditing in the
Audits of Small- and Medium-Sized Entities
– www.ifac.org/publications-resources/guide-using-international-standards-
auditing-audits-small-and-medium-sized-en
• For the clarified ISAs, ISQC 1, and related implementation
resources, see IAASB Clarity Center:
– www.ifac.org/auditing-assurance/clarity-center
• Tips for Cost-Effective ISA Application article
– www.ifac.org/publications-resources/tips-cost-effective-isa-application
Page 27
28. IFAC Resources
• Policy Position Paper 2, Promoting a Single Set of
Auditing Standards for All Audits, Including of Small- and
Medium-Sized Entities
– www.ifac.org/publications-resources/single-set-auditing-standards-audits-
small-and-medium-sized-entities
• Links to other implementation resources
– www.ifac.org/relevant-links-implementation
Page 28
For permission to reproduce, adapt, and/or translate the ISA Guide to suit local, national, or regional requirements, best practices, custom/culture, and language, contact permissions@ifac.org. Permission is also required to reproduce, adapt, and/or translate extracts from the ISA Guide for use in other publications.
See also the IAASB Staff Questions and Answers publication,Applying ISAs Proportionately with the Size and Complexity of an Entity, issued in August 2009 and available at www.ifac.org/sites/default/files/publications/files/applying-isas-proportionate.pdf Regarding the last bullet point, typical characteristics of SMEs would be such as those set out in the Glossary of Terms in the IAASB Handbook, which refers to a “smaller entity” as:An entity which typically possesses qualitative characteristics such as:(a) Concentration of ownership and management in a small number of individuals(often a single individual – either a natural person or another enterprise that ownsthe entity provided the owner exhibits the relevant qualitative characteristics); and(b) One or more of the following:(i) Straightforward or uncomplicated transactions;(ii) Simple record-keeping;(iii) Few lines of business and few products within business lines;(iv) Few internal controls;(v) Few levels of management with responsibility for a broad range ofcontrols; or(vi) Few personnel, many having a wide range of duties.These qualitative characteristics are not exhaustive, they are not exclusive tosmaller entities, and smaller entities do not necessarily display all of thesecharacteristics.
Regarding the 3rd bullet point, the concept of proportionate application of the ISAs using professional judgment is explained further in the following extract from IFAC Policy Position 2: IFAC’ s Support for a Single Set of Auditing Standards: Audits of Small- and Medium-Sized Entities: Auditors’ Approach to an Audit When conducting audits using ISAs, all auditors are required to meet stringent quality control and ethical requirements, regardless of the size and complexity of the entity being audited. ISAs define the responsibilities of auditors in obtaining reasonable assurance that a set of financial statements is fairly presented and free from material misstatement. In conducting an audit,auditors evaluate the information provided, and assertions made, by management and/or those charged with governance in their financial statements. ISAs set out the auditor’s objectives and specify requirements designed to help achieve those objectives in conducting an audit and forming an opinion. They also provide guidance to assist in the consistent application of therequirements in practice. They do not ordinarily specify or limit the procedures that an auditor must perform to arrive at a level of assurance sufficient to enable the auditor to express an auditopinion. Each audit is different and in conducting the audit the auditor must use professional judgment. ISAs focus on the objectives to be achieved and the essential considerations for the auditor in planning, conducting, documenting, and reporting on the audit. ISAs acknowledge that some requirements may not be relevant in the circumstances of a particular audit (e.g., an audit of an SME), in which case that requirement is not applicable. In exceptional cases—where a specific procedure would be ineffective in achieving the aim of a requirement—the auditor may judge it necessary to depart from a relevant requirement; the auditor is then required to conduct alternative procedures in order to achieve the aim of that requirement. Also, there will be situations where an entire standard will not be relevant (e.g., ISA 600, Special Considerations—Audits of Group Financial Statements [including the work of Component Auditors]may not be relevant for an audit of an SME). The facts and circumstances surrounding theaudit dictate whether particular ISAs, orrequirements within ISAs, are relevant to the audit. In applying ISAs, the auditor exercises professional judgment to determine the most effectiveapproach for an audit of a particular entity.
Introductory slide.Edition 3 published November 2011.
Regarding the 1st bullet point, the requirement to read and understand the ISAs is set out in ISA 200.19: “The auditor shall have an understanding of the entire text of an ISA, including its application and other explanatory material, to understand its objectives and to apply its requirements properly.”
Slides 7 and 8 introduce the aims of each of the two volumes (i.e., one conceptual, one practical), and serve as a lead into slides 9 (the schematic) and 10 (the case studies).
Slides 7 and 8 introduce the aims of each of the two volumes (i.e., one conceptual, one practical), and serve as a lead into slides 9 (the schematic) and 10 (the case studies).
This diagram, extracted from the ISA Guide,signifies the top layer of an “audit process diagram.” Each of these three phases is expanded upon within the ISA Guide, and appears regularly throughout the ISA Guide in order to help illustrate the context in which specific subject matter is being explained/illustrated.Slides 13, 19, and 23 depict the expanded audit process diagram for each of the respective three phases.A conceptual overview of the approach to a risk-based audit is covered in Volume 1, Chapter 4 of the ISA Guide. See also Exhibit 2.2-1 on page 19 of Volume 1 of the ISA Guide for the entire audit process diagram.
The case studies are introduced in Volume 2, Chapter 2 of the ISA Guide (pages 13–23), and are also used throughout subsequent chapters to illustrate the various concepts covered (for example, by means of sample work papers or checklists).
ISA 220, Quality Control for an Audit of Financial Statements, is premised on the basis that the firm is subject to International Standard on Quality Control (ISQC) 1 or to national requirements that are at least as demanding (ISA 220.2).Volume 1, Chapter 3 of the ISA Guide examines the interaction between quality control procedures at the firm level and the engagement level and focuses on developing the system of quality control within a firm, providing practical guidance on matters that need to be considered whenever a firm decides to perform audit engagements.See also ISQC 1 (together with the ISAs) at www.ifac.org/auditing-assurance/clarity-center, and the Code of Ethics for Professional Accountants at www.ifac.org/publications-resources/2010-handbook-code-ethics-professional-accountants.For further guidance on ISQC 1, see the ISA Guide’s sister publication, the Guide to Quality Control for Small- and Medium-Sized Practices, available to download at www.ifac.org/publications-resources/guide-quality-control-small-and-medium-sized-practices-third-edition-0.
Covered in Volume 2, Chapters 3–14. The following basic concepts addressed at the risk assessment phase are also covered in Volume 1: - Internal Control (Chapter 5) - Financial Statement Assertions (Chapter 6) - Materiality and Audit Risk (Chapter 7) - Risk Assessment Procedures (Chapter 8)
This is an expanded illustration of Phase l (Risk Assessment) of the audit, as depicted in the audit process diagram introduced on slide 9.See slides 14–17 for further illustration of the three “Activity” areas above i.e., preliminary engagement activities (slide 14), planning the audit (slide 15) and risk (slides 16–17).
This diagram further illustrates the preliminary engagement activities, referred to in the first row of the audit process diagram extract, shown on the previous slide.Preliminary engagement activities are covered in Volume 2, Chapter 4.
This diagram further illustrates the audit planning activities, referred to in the second row of the audit process diagram extract, shown on slide 13.Planning the audit is covered in Volume 2, Chapters 5–7.
Risk is a wide-ranging and fundamental concept behind the ISAs. Various aspects of risk, such as those outlined in this slide, and how they fit into the risk-based approach to an audit, are covered further in Volume 2, Chapters 8–14. See also Volume 1: - Internal Control (Chapter 5) - Financial Statement Assertions (Chapter 6) - Materiality and Audit Risk (Chapter 7) - Risk Assessment Procedures (Chapter 8)
The evidence obtained by performing risk assessment procedures (referred to in the third row of the audit process diagram extracton slide 13) consists of identification and assessment of inherent risks, and the design and implementation of internal controls that address those risks. What is left is the risk of material misstatement (RMM). This is simply the remaining risk after taking into account the effect of internal controls put in place to mitigate the inherent risks.RMM is assessed at both the financial statement level (i.e., for the financial statements as a whole) and the assertion level (i.e., for each class of transactions, account balance, and disclosure). Slide 20 then builds on this illustration to show how Phase ll (risk response) reduces the RMM to an acceptable level.
Covered in Volume 2, Chapters 15–19. The following basic concepts addressed at the risk response phase are also covered in Volume 1: - Responding to Assessed Risks (Chapter 9) - Further Audit Procedures (Chapter 10) - Accounting Estimates (Chapter 11) - Related Parties (Chapter 12) - Subsequent Events (Chapter 13) - Going Concern (Chapter 14) - Summary of Other ISA Requirements (Chapter 15) - Audit Documentation (Chapter 16)
This is an expanded illustration of Phase ll (Risk Response) of the audit, as depicted in the audit process diagram introduced on slide 9.See next slide for expanded illustration of the two Activity areas i.e., designing and then performing audit responses (at two levels—overall and procedural) to the assessed risks of material misstatement.
This diagram illustrates how the risks assessed in Phase l form the basis for the auditor’s response, both at the overall level and in terms of designing audit procedures. The auditor’s response should be developed with the aim of obtaining sufficient evidence to reduce risk to an acceptably low level.This is further illustrated on the next slide.
This diagram depicts how the risk of misstatement, which was assessed in Phase l (see illustration on slide 17), is reduced to an acceptable level by the design of appropriate audit responses.
Covered in Volume 2, Chapters 20–25. The following basic concepts addressed at the reporting phase are also covered in Volume 1: - Subsequent Events (Chapter 13) - Going Concern (Chapter 14) - Audit Documentation (Chapter16) - The Auditor’s Report (Chapter 17)
This is an expanded illustration of Phase lll (Reporting) of the audit, as depicted in the audit process diagram introduced on slide 9.See next slide for expanded illustration of the two Activity areas above i.e., (1) evaluating the audit evidence obtained and (2) preparing the auditor’s report.
This further explains the steps taken in the two Activity areas shown on the previous slide.
The final bullet refers to links to resources relevant to SMPs from IFAC member bodies and other professional organizations, focusing in particular on practical implementation of a variety of accounting, audit/assurance, and ethical requirements.