List and explain 5 key business risks which would impact on the audit of JB Hi-Fi. Include the account and assertion most affected by the risks identified. Be sure to link audit risks to their applicable business risks.

Please refer business risks topic in lecture 3.

hints

Make sure that your business risks are supported with facts and figures.

Make sure that your business risks are material

Make sure that your business risks are going to affect this financial year. Things that might happen beyond the end of the financial year are not relevant here.

If you think there is a risk of financial statement manipulation, you must support this with an incentive for management to do so. I suggest you look at the slides for Lecture 9.

Please give me the answers and any research resources you used or any articles.

University of New South Wales School of Accounting Auditing and Assurance Services 2017 LECTURE 3 Business Risk Lecture Summary The aims of this lecture are - To discuss the requirements to perform risk assessment procedures. - To discuss business risk and its link to financial statement errors. - To discuss the qualitative and quantitative factors that auditors examine when assessing business risk. The Audit Process The basic audit process is - Decide to accept or decline the audit. - Assess the risk of the client Business risk. Internal controls - Collect sufficient appropriate audit evidence Tests of controls Substantive procedures - Form and issue an audit opinion Risk Assessment Procedures The auditor shall perform risk assessment procedures to provide a basis for the identification and assessment of the risk of material misstatement at the financial report and assertion levels. Risk assessment procedures do not provide sufficient appropriate audit evidence on which to base the audit opinion. - ASA 315.5 Identifying and Assessing Risk The Auditor shall identify and assess the risk of material misstatement at: - (a) the financial report level; and - (b) the assertion level for account balances, classes of transactions and disclosures to provide a basis for designing and performing further audit procedures. - ASA 315.25 Identifying and Assessing Risk For this purpose the auditor shall: - (a) Identify risks throughout the process of obtaining an understanding of the entity and its environment including relevant controls that relate to the risks and by considering the classes of transactions, account balances and disclosures in the financial report; - (b) Assess the identified risks and evaluate whether they relate more pervasively to the financial report as a whole and potentially affect many assertions; ASA 315.26 Identifying and Assessing Risk For this purpose the auditor shall: - (c) Relate the identified risk to what can go wrong at the assertion level, taking account of relevant controls that the auditor intends to test; and - (d) Consider the likelihood of misstatement, including the possibility of multiple misstatements, and whether the potential misstatement is of a magnitude that could result in a material misstatement. ASA 315.26 Business Risk Business risk means a risk resulting from significant conditions, events, circumstances, actions or inactions that could adversely affect an entity's ability to achieve its objectives and execute its strategies, or from the setting of inappropriate objectives and strategies. (ASA 315.4(b)) Business Risk and Error Business risk matter because business risks are the sources of errors. If you can identify where the business risks are, you have a better chance of finding the errors. For example: - A company that is doing badly is more likely to manipulate financial figures that one that is doing well, - A company in a rapidly changing industry is more likely to have overvalued assets that one that is in a stable industry. Risk Assessment Procedures The risk assessment procedures shall include the following: - (a) Enquiries of management..., - (b) Analytical procedures. [quantitative techniques] - (c) Observation and inspection. (ASA 315.6) You must actively collect evidence and use professional judgment to assess risks based on this evidence. You must document your evidence and judgments. Sources of Business Risk Business risk comes from both internal and external factors. Examples include: - Laws and regulations, - Economic conditions, - Market conditions, - Business structure and operations - Board and management quality, - Company strategy, - Financial Reporting issues. Laws and Regulations Taxation Specific industry regulations (e.g. banks) Labour laws Environmental laws Health and safety laws Foreign trade regulations - Free trade agreements ASX listing rules Economic Conditions Economic growth - Local - International Interest rates and availability of financing Inflation Unemployment Foreign exchange rate movements Market Conditions Demand - New customers, loss of customers Capacity - New competitors Industry structure - Competitive, oligopoly, monopoly Cyclical or seasonal activity. Technological change Availability of supplies - Raw materials, labour, energy, transport etc. Business Structure and Operations Nature of revenue sources, products or services Conduct of operations - How does the company make and distribute its products and services? Alliances, joint ventures, and outsourcing activities. Geographic dispersion and industry segmentation. Location of production facilities, warehouses, and offices, and location and quantities of inventories. Board and Management Quality Quality of the members of the board. - Experience, reputation. Quality of board procedures. Independence of the board. Quality of senior management. - In particular, the quality of those managers in the finance/accounting area (e.g. the CFO). Business Strategy Growth vs defensive strategy Revenue growth vs profit growth Organic growth vs growth by takeover - Disinvestment and spin-offs - New capital investment Horizontal and vertical integration Product line expansion and reduction IPOs Capital structure choices Financial Reporting Accounting principles and industry specific practices, including industry-specific significant categories (for example, loans and investments for banks, or research and development for pharmaceuticals). Revenue recognition practices. Accounting for fair values. Foreign currency assets, liabilities and transactions. Accounting for unusual or complex transactions including those in controversial or emerging areas Analytical Procedures Analytical procedures are quantitative procedures that auditors use for - Risk assessment and planning to be covered this lecture - Evidence gathering (substantive analytical procedures) to be covered in lecture 8 - Review of financial statements at end of audit. The relevant standard is ASA 520 Analytical Procedures Definition (ASA 520.4) For purposes of the Australian Auditing Standards, the term \"analytical procedures\" means evaluations of financial information through analysis of plausible relationships among both financial and non-financial data. Analytical procedures also encompass such investigation as is necessary of identified fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount. Definition (ASA 520.A1) Analytical procedures include the consideration of comparisons of the entity's financial information with, for example: - Comparable information for prior periods. - Anticipated results of the entity, such as budgets or forecasts, or expectations of the auditor, such as an estimation of depreciation. - Similar industry information, such as a comparison of the entity's ratio of sales to accounts receivable with industry averages or with other entities of comparable size in the same industry. Definition (ASA 520.A2) Analytical procedures also include consideration of relationships, for example: - Among elements of financial information that would be expected to conform to a predictable pattern based on the entity's experience, such as gross margin percentages. - Between financial information and relevant nonfinancial information, such as payroll costs to number of employees. The Basic Idea The auditor forms a prediction about the value an item (such as revenue) should have. The auditor compares the predicted value to the actual value. If the value differ by a significant amount, this is evidence of an error. Prediction Methods Ratio analysis Trend analysis Common size financial statements Comparisons with other firms in industry Comparisons with budgeted figures Mathematical relationship with other financial statement figures. Mathematical relationship with non financial information. Predictions Example 1 XYZ's sales figures - 2012 - $25 million - 2013 - $26 million - 2014 - $28 million - 2015 - $40 million A simple trend analysis suggests that sales may be overstated in 2015. Are there overstated sales? 25 Predictions Example 1 No! Investigation of XYZ's business indicates that it was involved in a merger with a large competitor in 2015. This accounts for the large jump in sales In this case, a simple trend analysis suggested a problem that needed to be further investigated. 26 Predictions Example 2 XYZ's wages expense - 2012 - $10 million - 2013 - $11 million - 2014 - $10 million - 2015 - $10.5 million - A simple trend analysis suggests that there are no problems with the wages expense account. - Is this correct? 27 Predictions Example 2 No! XYZ's merger should have increased wages expense (more employees). The message - Sometimes deviations from trends (and expected ratios) should be expected. - A consistent trend can indicate errors. To distinguish, understand the business 28 Analytical Procedures - Example You are the auditor of Charles Coy, a large hardware retailer operating with stores throughout the country. As part of the planning stage of the audit you have performed analytical procedures with the following results: ACTUAL RESULTS BUDGETED RESULTS PREVIOUS YEAR INDUSTRY AVERAGE Inventory Turnover Ratio 4.35 5.00 4.70 4.66 Current Ratio 1.80 1.70 1.51 1.66 Quick Asset Ratio 1.10 1.10 1.10 1.20 Debt to Equity Ratio 0.60 0.55 0.62 0.58 8.50 7.20 6.80 5.00 Number of Times interest earned ratio 29 Analytical Procedures - Example Decrease in Inventory turnover - presence of obsolete stock. Increase in the current ratio - due to increase in inventory. Quick asset ratio unchanged - indicating increase in current ratio could be due to increase in inventory levels. Liquidity position important in ensuring that the going concern basis of accounting is appropriate. No problems here, quick asset ratio is above normal benchmark of 1:1. Debt to equity - gearing high but consistent with industry Interest - rise indicates reduced audit risk re meeting commitments possibly due to decreasing interest rates, good profitability or understatement of interest expense. Further investigation needed here. 30 Putting it Together Quantitative factors (analytical Procedures) tell you that something has happened. Qualitative factors tell you why it has happened. When you have both qualitative and quantitative factors you have a strong basis for having identified a risk of misstatement. - Only substantive testing will tell you if there is an actual error. Business Risk Example 1 ABC Ltd manufactures and sells beach towels - Its inventory balance is $5,000,000. - It is facing increasing competition from Chinese imports. - Inventory turnover has decreased from 5.6 to 4.4 times per year. - The current ratio has increased from 1.2 to 1.8 while the quick ratio has remained at 0.9. What is the risk to the auditor? Business Risk Example 1 The ratios show that the inventory is selling more slowly and the stock is building up. The qualitative factor (Chinese competition) explain why the inventory is not selling. Conclusion - Inventory might be overvalued and might need to be written down. - This is the assertion of Accuracy, Valuation and Allocation. Business Risk Example 2 XYZ Ltd employs a group of salespeople to sell machinery to small construction firms. - XYZ has recently introduced a commission structure for its sales staff. - Sales have increased by 15% during the year, compared to 5% for each of the previous three years. - Accounts receivable have increased by 25% and debtors turnover has fallen from 11.5 to 8.4. Business Risk Example 2 Sales people have an incentive to overstate sales to make more commissions - Big jump in sales supports this. There may be fake sales This is the assertion of Occurrence. Business Risk Example 2 Even if the sales are real, some of them might be made to customers who can't pay for their equipment. - Sales people have an incentive to relax credit terms to make more sales. - Large increase in accounts receivable and fall in debtors turnover supports this. - XYZ might have a problem with bad debts. - This is Accuracy, Valuation and Allocation of A/C Rec Business Risk Example 3 FGH Ltd is an ASX listed retailer of whitegoods - Sales have fallen from $150 million in 2014 to $120 m in 2015. - Earnings has fallen from $6 million in 2014 to $500,000 in 2015. - The compensation of the CEO and senior management is linked to meeting earnings targets. If a loss is made, no executive bonuses will be paid. - The CEO, Mr Brian Shifty \"resigned\" from his previous company without explanation. Business Risk Example 3 FGH Ltd has a clear incentive to misstate profit. - Executive pay linked to earnings - Massive fall in sales. - Only just making a profit Or are they? Is profit decline believable given fall in sales. - Management team may lack integrity. Business Risk Example 3 Profit cannot be manipulated directly. - Very few entries in the actual Profit account. - Need to manipulate revenues up and/or expenses down. How is this done? Business Risk Example 3 Increasing revenues through manipulation - Fake sales (occurrence) - Bring forward sales from next period (cut-off) - Record sales at higher prices or fail to recognise discounts (accuracy) - Fail to recognise sales returns (completeness) - Channel stuffing (classification) Business Risk Example 3 Decreasing costs through manipulation - Omit costs (completeness) - Delay costs till next period (cut-off) - Record costs at lower amounts or recognise unearned discounts (accuracy) - Capitalise costs that should be expensed (existence/accuracy, valuation and allocation) - Fail to write down inventory (accuracy, valuation and allocation) Business Risk Example 3 Decreasing costs through manipulation - Fail to impair assets (accuracy, valuation and allocation) - Under-provision e.g. bad debts (accuracy, valuation and allocation/completeness) - Lengthen useful lives of depreciable assets (accuracy) - Incorrect amortisation (accuracy) All of these will need to be tested for. Overall risk of financial statements is high. Business Risk Summary Business risks cause financial statement errors. Business risks can be internal or external. To efficiently find errors, business risk must be analysed and linked to possible errors at - The financial statement level. - The assertion level Both qualitative and quantitative techniques (analytical procedures) should be used. University of New South Wales School of Accounting Auditing and Assurance Services 2017 LECTURE 9 Using the Work of Others Fraud Reliance on the Work of Others Auditors often use the work of other parties - Another external auditor - Auditor's expert ASA 600 ASA 620 This may impact on the planning, including business risk and control system evaluation, as well as on audit evidence gathering processes. 2 Complex Corporate Structures Many companies have complex structures - - - - Subsidiaries (wholly or partially owned) Joint ventures and associated companies Divisions in different lines of business Divisions or subsidiaries in different countries Often the principal auditor cannot perform the whole audit. Because of this other auditors (component auditors) are used. 3 Responsibility of Group Auditor The group engagement partner is responsible for the direction, supervision and performance of the group audit engagement... As a result, the auditor's report on the group financial reports shall not refer to a component auditor, unless required by law or regulation to include such reference... - ASA 600.11 4 Acceptance and Continuation Where component auditors will perform work on the financial information of such components, the group engagement partner shall evaluate whether the group engagement team will be able to be involved in the work of those component auditors to the extent necessary to obtain sufficient appropriate audit evidence. - ASA 600.12 If this is not possible, either - Do not take up the audit engagement in the first place - Resign from the audit if legally allowable. 5 Use of Component Auditors If the group engagement team plans to request a component auditor to perform work on the financial information of a component, the group engagement team shall obtain an understanding of the following: - (a) Whether the component auditor understands and will comply with the ethical requirements that are relevant to the group audit and, in particular, is independent. - (b) The component auditor's professional competence. - (c) Whether the group engagement team will be able to be involved in the work of the component auditor to the extent necessary to obtain sufficient appropriate audit evidence. - (d) Whether the component auditor operates in a regulatory environment that actively oversees auditors. (ASA 600.19) 6 Audit Evidence and Errors If the group engagement team concludes that the work of the component auditor is insufficient, the group engagement team shall determine what additional procedures are to be performed, and whether they are to be performed by the component auditor or by the group engagement team. - ASA 600.43 7 Audit Evidence and Errors The group engagement partner shall evaluate the effect on the group audit opinion of any uncorrected misstatements (either identified by the group engagement team or communicated by component auditors) and any instances where there has been an inability to obtain sufficient appropriate audit evidence. - ASA 600.45 Reporting (ASA 610.Aus 49.1) Where a component auditor issues, or intends to issue, a modified auditor's report, the group engagement partner shall consider: - (a) the nature and significance of the modification, in relation to the financial report of the entity on which the group engagement partner is reporting; and - (b) whether a modification is also required to the group engagement partner's audit report, under ASA 705 9 Auditor's Experts To audit financial statements requires specialist non accounting/auditing knowledge for areas such as - - - - Valuation of assets (land, art, intellectual property) Determination of quantities or physical condition of assets Complex financial issues (insurance, derivatives) Measuring work complete/to be completed on construction contracts - Estimation of oil and gas reserves - Legal opinions 10 Auditor's Experts Auditor's may employ experts (land valuers, actuaries, lawyers etc) to help them with these issues. Use of auditors experts is covered in the standards ASA 620 Using the Work of an Auditor's Expert Note, this standard does not cover experts who are employed by the client. 11 Reasons for Using Expert Considerations when deciding whether to use an auditor's expert may include: - Whether management has used a management's expert in preparing the financial report. - The nature and significance of the matter, including its complexity. - The risks of material misstatement in the matter. - The expected nature of procedures to respond to identified risks... - the availability of alternative sources of audit evidence. 12 Internal vs. External Experts Large audit firms may employ experts in common areas (e.g. lawyers) - These are referred to as auditor's internal experts. They may also use experts who are not employed by the firm - These are referred to as auditor's external experts. 13 Selecting an Expert The auditor shall evaluate whether the auditor's expert has the necessary competence, capabilities and objectivity for the auditor's purposes. In the case of an auditor's external expert, the evaluation of objectivity shall include enquiry regarding interests and relationships that may create a threat to that expert's objectivity. 14 Competence of Expert The competence of an expert can be judged by - Personal experience with expert - Discussion with the expert - Discussions with other auditors or others who are familiar with that expert's work. - Knowledge of that expert's Qualifications membership of a professional body licence to practice. 15 Communication The auditor shall agree, in writing when appropriate, on the following matters with the auditor's expert: - (a) The nature, scope and objectives of that expert's work; - (b) The respective roles and responsibilities of the auditor and that expert; - (c) The nature, timing and extent of communication between the auditor and that expert, including the form of any report to be provided by that expert; and - (d) The need for the auditor's expert to observe confidentiality requirements. ASA 620.11 16 Evaluating Expert's Work The auditor cannot just trust the expert's conclusions. Findings need to be evaluated - Are the expert's conclusions reasonable, based on auditor's other knowledge - Are the expert's assumptions reasonable? - Is the source data correct and relevant to the problem? 17 Reporting Requirements The auditor shall not refer to the work of an auditor's expert in an auditor's report containing an unmodified opinion unless required by law or regulation to do so. - ASA 620.14 If the auditor makes reference to the work of an auditor's expert in the auditor's report because such reference is relevant to an understanding of a modification to the auditor's opinion, the auditor shall indicate in the auditor's report that such reference does not reduce the auditor's responsibility for that opinion. - ASA 620.15 18 Fraud Dealing with possible fraud is one of the most important risks faced by auditors - It is hard to find because the perpetrators attempt to cover it up. - Failure to detect fraud is seen to be particularly grievous by the public. For this reason, fraud has its own standard. ASA 240 The Auditor's Responsibilities Relating to Fraud in an Audit of a Financial Report Fraud Defined Fraud means an intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage. - ASA 240.11(a) There are two types of fraud - Fraudulent Financial Reporting - Misappropriation of Assets Fraudulent Financial Reporting Recording fictitious journal entries to manipulate operating results Inappropriately adjusting assumptions/judgments used to estimate account balances Omitting, advancing or delaying recognitions of events or transactions Concealing or not disclosing facts Engaging in complex transactions structured to misrepresent Altering records ASA 240.A4 Misappropriation of Assets Embezzling/misappropriating receipts Stealing physical assets or intellectual property Paying for goods and services not received Using an entity's assets for personal use - ASA 240.A5 Objectives of Auditor The objectives of the auditor are: - (a) To identify and assess the risks of material misstatement of the financial report due to fraud; - (b) To obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud, through designing and implementing appropriate responses; and - (c) To respond appropriately to fraud or suspected fraud identified during the audit. ASA 240.10 Professional Scepticism In accordance with ASA 200, the auditor shall maintain professional scepticism throughout the audit, recognising the possibility that a material misstatement due to fraud could exist, notwithstanding the auditor's past experience of the honesty and integrity of the entity's management and those charged with governance. - ASA 240.12 Engagement Team Discussion The engagement partner and other key engagement team members shall discuss the susceptibility of the entities financial report to material misstatement... - ASA 315.10 ... This discussion shall place particular emphasis on how and when the entity's financial report may be susceptible to material misstatement due to fraud, including how fraud might occur... - ASA 240.15 Fraud Risk Factors Fraud risk factors can be split into three categories (called the Fraud Triangle): - An incentive or pressure to commit fraud, - A perceived opportunity to commit fraud, and - An ability to rationalise the fraudulent action. If factors from all three categories are present, fraud is more likely. Auditor must assess and discuss risk factors Fraudulent Financial Reporting Incentives/pressures - Financial stability or profitability is threatened by economic, entity or industry conditions - Excessive pressure exists for management to meet the requirements of third parties. - Information available indicates that the personal financial position of management and/or directors is threatened by the entity's financial performance. - There is excessive pressure on management or operating personnel to meet financial targets. Fraudulent Financial Reporting Opportunities - Nature of the entity's industry or operations - The monitoring of management is not effective - There is a complex or unstable organisational structure. - Internal control components are deficient. Fraudulent Financial Reporting Attitudes/rationalisations - Failure to support good or supporting of bad ethical values - Known history of violation of financial rules - Excessive interest in maximising earnings or share price - Failure to fix internal control weaknesses - Aggressive tax minimisation - Low morale among senior management - Strained relationship with current/previous auditor Misappropriation of Assets Incentives/pressures - Known or anticipated future employee layoffs - Recent or anticipated changes to employee compensation or benefit plans - Promotions compensation or other rewards inconsistent with expectations Misappropriation of Assets Opportunities - Large amounts of cash on hand or processed - Inventory items that are small in size, of high value or in high demand - Easily convertible assets such as gold/diamonds - Inadequate internal controls Misappropriation of Assets Attitudes/rationalisations - Disregard for the need for monitoring or reducing risk related to misappropriation of assets - Disregard for internal control over misappropriation of assets - Behaviour indicating displeasure or dissatisfaction with the entity or its relationship with the employee - Change in behaviour or lifestyle that might indicate that assets have been misappropriated. - Tolerance of petty theft Circumstances that Indicate Fraud The following circumstances might indicate the possibility of fraud Discrepancies in the accounting records - Transactions that are not recorded in a complete or timely manner or are improperly recorded - Unsupported or unauthorised or unsupported transactions or balances - last minute adjustments that significantly affect financial results Circumstances that Indicate Fraud Conflicting or missing evidence - Missing documents - Documents that appear to have been altered - Significant unexplained items or reconciliations - Inconsistent, vague or implausible responses from management or employees - Missing inventory or physical assets - Inability to produce evidence of key system development and program changes. Circumstances that Indicate Fraud Problematic relationship with management - Denial of access to records, facilities or personnel - Undue time pressure to resolve complex or contentious issues - Complaints about conduct of the audit - Intimidation of engagement team members - Unusual delays in providing requested information - Unwillingness to add or revise disclosures to make them more complete and understandable. Circumstances that Indicate Fraud Other Factors - Unwillingness by management to permit the auditor to meet privately with those charged with governance - Accounting policies appear to be at variance with industry norms. - Frequent changes in accounting estimates that do not appear to result from changes in circumstances. Audit Procedures In accordance with ASA 330, the auditor shall design and perform further audit procedures whose nature, timing and extent are responsive to the assed risks of material misstatement due to fraud at the assertion level. - ASA 240.30 Procedures Examples Visiting locations or performing certain tests on a surprise or unannounced basis Requesting that inventories be counted as close to balance date as possible Change the audit approach (e.g. Control or substantive test mix) from the previous year More detailed checks for unusual year end or month end adjusting entries Procedures Examples For significant or unusual year end transactions, check the role of related parties and the sources of financing Performing substantive analytical procedures using disaggregated data Conducting interviews of personnel where there is a fraud risk, to obtain their assessment of the risk Procedures Examples Communicate with other auditors about risk of fraud Perform additional procedures before relying on the work of an expert Examine opening balances to determine how the underlying assumptions reflected the actual outcomes over the year Seek additional external audit evidence Communication with Management If the auditor has identified a fraud or has obtained information that indicates that a fraud may exist, the auditor shall communicate these matters on a timely basis to the appropriate level of management in order to inform those with primary responsibility for the prevention and detection of fraud of matters relevant to their responsibilities. - ASA 240.40 Communication with Regulators If the auditor has identified or suspects a fraud, the auditor shall determine whether there is a responsibility to report the occurrence or suspicion to a third party outside the entity. Although the auditor's professional duty to maintain the confidentiality of client information may preclude such reporting, the auditor's legal responsibilities may override the duty of confidentiality in some circumstances - ASA 240.43