战略系统审计战略系统审计Scoping: Forming a Point of View Perform company and industry analytical procedures Research and analyze external communicationsPartners connect with staff membersDocument the teams understanding of the businessKnowledge broker to capture and share industry information Form a point of view on the risks that management should be concerned about1Scoping: Business Analysis Framework23Strategic AnalysisUnderstand the clients strategic advantage 456Risk AssessmentUnderstand the risks that threaten attainment of the clients business objectives“The primary goal of management control is to ensure that risk monitoring and control activities are aligned properly with overall strategic objectives” p. 35Strategic risksProcess risks7Scoping:Risk Assessment Key Risks Key RiskWe identify audit risk through understanding the entitys business objectives and related risks.Business RisksAudit Risks Key Risk Key Risk Key Risk Key RiskKey risks are those conditions or factors within an audit that, in the judgment of the auditor, give rise to a greater risk of material financial misstatement or other matters resulting in the issuance of an inappropriate audit report. 8Scoping: Analytical Procedures High LevelUnderstand the businessIdentify areas of risk Disaggregated Account LevelDetermine the nature, timing & extent of testing External benchmarking to peers, market trendsLooking for anomalies, areas of risk Use of extensive knowledge management tools available9Business Process AnalysisUnderstand the key processes and related competencies needed to realize strategic advantageProcess driven competitionMeasure and benchmark process performanceDocument understanding of the clients ability to create value and generate future cash flows using a client business model, process analyses, key performance indicators, and a business risk profile10BusinessRisks related to achieving ObjectivesBusiness Process A CompletenessAccuracyValidityRestricted AccessBusiness Process B CompletenessAccuracyValidityRestricted Access Business Process C CompletenessAccuracyValidityRestricted AccessAccount Balances and TransactionsAccount Balances and TransactionsGeneral Computer ControlsAccount Balances and TransactionsConnecting the Dots Business ObjectivesFinancial Statement Assertions/Audit ObjectivesClasses of TransactionsOccurrenceCompletenessAccuracyCutoffClassificationAccount BalancesRights & ObligationsExistenceCompletenessAccuracy/ValuationPresentation & DisclosureOccurrence/R&OCompletenessUnderstandabilityAccuracy/Valuation1112Assess implications for business and auditIs risk identification complete?Are they prioritized properly?Are there controls to minimize risks to acceptable level?Do accounting choices and disclosures adequately reflect uncontrolled risks?Groups residual business risk by financial statement assertion13Scoping Translated into Audit StrategyWhere controls over significant account balances or classes of transaction are not aligned, we will need to perform substantive tests of details.StakeholdersRisksControlsAlignmentBusiness Objectives14Business MeasurementUse the comprehensive business knowledge decision frame to develop expectations about key assertions embodied in the overall financial statementsCompare reported financial result to expectations and design additional audit test work to address any gaps between expectations and reported resultsTransaction based auditing procedures are applied to non-routine transactions and non-routine and highly judgmental accounting estimates (p. 36).Computer audit techniques filter routine transactions for unusual itemsAdditional test work is performed when interrelated financial and Nonfinancial performance measures are inconsistent and when key financial-statement assertions are not consistent with the auditors understanding of the organizations strategic-systems dynamicQuality of earnings are assessedProcess performance evaluated onCycle timeProcess qualityProcess cost15Scoping: Audit Team of SpecialistsOur best teams use our specialist capabilities to help in forming a point of view.StakeholdersBusiness ObjectivesFinancial RiskBusiness ProcessEnterprise-wide RiskSystems & TechnologyEnergy Trading RiskBusiness ResilienceProject ManagementInternal Audit Security Data RiskRegulatory/ CompliancePerformance ImprovementTreasuryRisksControlsAlignmentComputer-Assisted Audit TechniquesFraud16Audit Comfort Cycle4 Key QuestionsWhat does management need to get comfort on?Market OverviewStrategyValue Creating ActivitiesFinancial PerformanceOTHER AUDIT PROCEDURES FINANCIAL STATEMENTSCOMPLETIONACCEPTANCE/CONTINUANCE ASSESSMENTSUBSTANTIVE AUDIT EVIDENCEMAINLY SUBSTANTIVEANALYTICAL PROCEDURESSIGNIFICANTCONTROLSCOMFORTNO/LIMITEDCONTROLSCOMFORTMAINLY TESTSOF DETAILSHow does management get comfort?Are they entitled to that comfort?Can we audit that comfort?17“Taking Stock”: Real-Time Linkage in the Iterative ProcessShare team members cumulative knowledgeUpdate risk identification and assessmentConsider the audit comfort gained to date, by audit assertionAnswer: “Do we have enough comfort?”Answer: “What do we do next?”18Substantive Audit EvidenceMarket OverviewStrategyValue Creating ActivitiesFinancial PerformanceOTHER AUDIT PROCEDURES FINANCIAL STATEMENTSCOMPLETIONACCEPTANCE/CONTINUANCE ASSESSMENTSUBSTANTIVE AUDIT EVIDENCEMAINLY SUBSTANTIVEANALYTICAL PROCEDURESSIGNIFICANTCONTROLSCOMFORTNO/LIMITEDCONTROLSCOMFORTMAINLY TESTSOF DETAILS19Assurance HierarchyWill we obtain audit assurance from tests of controls?Test controls.No further testing required.Can we obtain audit assurance from substantive analytical procedures?Perform substantive analytical procedures.Perform tests of details.Do we need additional audit assurance?No Yes No No Yes Yes 20Other Audit ProceduresMarket OverviewStrategyValue Creating ActivitiesFinancial PerformanceOTHER AUDIT PROCEDURES FINANCIAL STATEMENTSCOMPLETIONACCEPTANCE/CONTINUANCE ASSESSMENTSUBSTANTIVE AUDIT EVIDENCEMAINLY SUBSTANTIVEANALYTICAL PROCEDURESSIGNIFICANTCONTROLSCOMFORTNO/LIMITEDCONTROLSCOMFORTMAINLY TESTSOF DETAILS21Other Audit Procedures: More Connecting the DotsLink management informationmanagement information to financial statementsReview adjustmentsadjustments necessary to reconcile management information to the financial statementsReview non-standard journal entries and other adjustments to ascertain whether entries may be indicative of fraudindicative of fraud based upon the risk of management override on controlsPerform ongoing analytical procedures, including updating analytical proceduresanalytical procedures related to revenue22Continuous ImprovementFeedback to capital suppliers and inside process owners23