Chapter 17 Advanced Topics in Assurance Services Copyright  2006 McGraw-Hill Australia Pty Ltd 17- Learning Objective 1: E-Commerce Environments • E-commerce: The use of electronic transmission mediums (telecommunications) to engage in the exchange, including buying and selling, of products and services requiring transportation, either physically or digitally, from location to location • E-commerce is changing how many organisations currently undertake business Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-2 Early E-Commerce Systems: Electronic Data Exchange (EDI) • Forerunner to e-commerce was EDI • Example: Manufacturer requires suppliers to accept orders through electronically transmitted purchase orders: – – when parts are shipped, supplier electronically transmits invoice to manufacturer because it reduces data entry, mailing costs and time to complete transactions Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-3 Current Categories of E-Commerce Systems • Business-to-business (B2B) e-commerce: – – Companies buying from and selling to each other online EDI was the early form for undertaking B2B e-commerce Business-to-consumer (B2C) e-commerce:  Any business or organisation that sells its products or services to consumers over the Internet, e.g Amazon.com Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-4 Learning Objective 2: Business Risk Assessments and Control Considerations in E-Commerce • Number of differences for business risk assessment and related controls for B2B compared with B2C ecommerce • B2B: audit client is transacting with small group of other businesses (identity known, authorisation procedures in place) • B2C: audit client is transacting with the world at large (identity unknown) Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-5 Business risk considerations • E-commerce risks include: – – – – – Risks arising from the nature of relationships with ecommerce trading partners; Risks related to the recording and processing of ecommerce transactions; Pervasive e-commerce security risks, including privacy issues; Fraud risks; and Risks of systems failures or ‘crashes’ Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-6 E-Commerce controls • Include: – – – Security infrastructure controls (firewalls, encryption and other security controls); Systems controls (controls over systems development, systems monitoring); and Programmed controls (e.g to ensure customer is authentic – payment authorised with approved credit card, order is reasonable, method of payment or creditworthiness have been established) Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-7 Learning Objective 3: Evidence-Gathering in an E-Commerce Environment • Tests of controls: – – B2B – authorisation system between transacting parties important Tested as part of general control review Programmed controls are tested by test data techniques B2C – authorisation of transactions established on many occasions by quoting valid credit card Funds are usually received before goods are shipped System reviewed as a part of general controls Programmed controls tested by the use of test data Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-8 Substantive tests in an E-Commerce environment • There should be evidence to support figures contained in the financial report Auditor can substantively verify these figures • There may be assertions, such as rights and obligations (who owns the inventory the entity is selling?), to which auditor has to pay closer attention • Caution should be exercised with regard to analytical procedures, as some traditional relationships between account balances might no longer hold (e.g a supplier might not hold inventory) Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-9 Learning Objective 4: Continuous Assurance • Rapid advances in information technology enable information to be made available to users on a more timely basis • E.g in the future, entities might have financial reports on Internet and show current status of accounts (as impacted by transactions as they flow into system) • Assurance may be requested on such reporting advances • Assurance is more likely on system generating numbers (tests of controls) than on the numbers themselves (substantive testing) Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-10 Conditions necessary for a continuous audit Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-11 Examples of continuous assurance • Continuous assurance can be on either financial or non- financial information Examples include: – – – – – specific financial information required by debt covenants; an entity’s compliance with stated policies and practices with regard to e-commerce transactions; completeness and accuracy of frequently updated key information provided publicly on a website; financial reports available on demand; and effective operation of controls over specified systems or publicly accessible databases Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-12 Continuous assurance and XBRL eXtensible Business Reporting Language (XBRL): is a new technology bringing continuous assurance closer to reality • • Uses accepted standards and practice to encourage standardisation and exchange of financial information (including financial reports) across different technologies Takes transactions and maps onto a standard structure for financial reports, and provides tags attached to transactions that permit the tracing of these transactions Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-13 Learning Objective 5: Forensic Auditing • Forensic auditing is called upon when there are large systems and corporate failures, or when fraud is suspected • One of the fastest growing areas in public accounting over past 10 years Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-14 What forensic auditors • Investigative engagements: – – • Fraud investigations – determining existence, nature and extent of fraud and funds tracing Business economic loss analysis – contract disputes, product liability claims, etc Litigation support: – – Review of evidence to form assessment of case and identify areas of loss Obtain relevant evidence to support or refute legal claims Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-15 Typical approach to forensic auditing assignment • • • • • • • Plan meeting with client; Perform an engagement acceptance check; Perform a preliminary investigation; Develop an action plan; Obtain the relevant evidence; Evaluate the evidence; and Prepare the report Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-16 Learning Objective 6: Environmental and Sustainability Assurance • Environmental reporting is becoming increasingly prevalent, with the advent of triple bottom line and sustainability reporting • IAASB has identified this as a major assurance service on which it will be concentrating on in 2005-2006 Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-17 International developments • • • • • • • Many groups encouraging or creating standards or criteria for environmental and sustainability reporting: IAASB Fédération des Experts Comptables Européens (FEE) The Global Reporting Initiative (GRI) Institute of Social and Ethical Accountability (AccountAbility) The International Organisation for Standardisation (ISO) 14,000 series CPA Australia Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-18 Providing assurance on environmental and sustainability reports • In its 2002 survey of corporate sustainability reporting, KPMG observed a significant rise in the number of companies issuing such reports (45 per cent in 2002, compared with 35 per cent in 1999) • There was a large increase in the proportion of those reporting being independently assured (27 per cent in 2002 compared with 19 per cent in 1999) • The major accounting firms performed the majority of these verifications (65 per cent) Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-19 Current practice – CPA Australia Accounting firms provided 87 per cent of assurance reports in Japan, 60 per cent in continental Europe, 23 per cent in the UK, and 15 per cent in Australia Is acknowledged that few such assurance reports are issued in the USA and Canada • Suitable criteria – survey showed that only 40 per cent of assurance reports refer to the reporting criteria used Criteria that are mentioned most frequently are the GRI guidelines (11 per cent), followed by the AA 1000 framework • Assurance standards that were being followed - it was found that 66 per cent of all reports (accounting firms: 55 per cent) not mention any standards in accordance with which the assurance engagement has been performed • Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-20 Current practice – CPA Australia (Cont.) • The assurance standard that was most often referred to was AccountAbility’s ‘AA 1000 Assurance Standard’ (AA1000AS) • With the issuing of AUS 110 (ISAE 3000) in 2004, it is expected that the use of this standard will become increasingly prevalent, especially by the major accounting firms Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-21 Overarching principles Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-22 Assurance currently provided • Environment Australia notes that there are primarily four levels of assurance services currently provided These are: – – – – Level 1: Data verification – the checking of randomly selected data Level 2: Verification of completeness of reporting – assessing the level of reporting against the organisation’s policy, aspects and impacts, and objectives and targets Level 3: Report verification incorporating site level compliance auditing Level 4: Report verification incorporating re-sampling and analysis Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-23 Assurance reporting on sustainability reports • An assurance report should contain: – – – – – – a title that clearly indicates the report is an independent engagement report; an addressee; a description of the subject matter; identification of the suitable criteria; a description of any inherent limitations; a statement to identify the responsible party and to describe the responsible party’s and the assurance provider’s responsibilities; Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-24 Assurance reporting on sustainability reports (Cont.) – – – – – a statement the engagement was performed in accordance with AUSs/ ISAEs; a summary of the audit procedures performed; the practitioner’s conclusion expressed in the form that is appropriate to either a reasonable-assurance or a limitedassurance engagement; the assurance report date; and the name and location of the firm or the assurance provider Copyright  2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17-25 ... Simnett Slides prepared by Roger Simnett 17- 7 Learning Objective 3: Evidence-Gathering in an E-Commerce Environment • Tests of controls: – – B2B – authorisation system between transacting parties... Assurance Services in Australia 3e by Grant Gay and Roger Simnett Slides prepared by Roger Simnett 17- 17 International developments • • • • • • • Many groups encouraging or creating standards or criteria... Institute of Social and Ethical Accountability (AccountAbility) The International Organisation for Standardisation (ISO) 14,000 series CPA Australia Copyright  2006 McGraw-Hill Australia Pty Ltd