Kế toán, kiểm toán - Chapter 17: Advanced topics in assurance services

CHAPTER 17ADVANCED TOPICS IN ASSURANCE SERVICES1Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettAUDITING IN AN E-COMMERCE ENVIRONMENTE-commerce defined: The use of electronic transmission mediums (telecommunications) to engage in the exchange, including buying and selling, of products and services requiring transportation, either physically or digitally, from location to location.E-commerce is changing how organisations currently undertake business.2Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettEARLY E-COMMERCE SYSTEMS: ELECTRONIC DATA INTERCHANGE (EDI)When parts are shipped, supplier transmits an invoice to manufacturerReduces data entry, mailing costs and time to complete transactions Forerunner to e-commerce was EDI.Example: Manufacturer requires suppliers to accept orders through electronically transmitted purchase orders:3Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettCURRENT CATEGORIES OF E-COMMERCE SYSTEMSBusiness-to-business (B2B) e-commerce:Companies buying from and selling to each other online. EDI was the early form for undertaking B2B e-commerce.Business-to-consumer (B2C) e-commerce:Any business or organisation that sells its products or services to consumers over the Internet, e.g. Amazon.com.4Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettBUSINESS RISK ASSESSMENTS AND CONTROL CONSIDERATIONSNumber of differences for business risk assessment and controls for B2B compared with B2C e-commerceB2B: audit client is transacting with small group of other businesses (identity known, authorisation procedures in place)B2C audit client is transacting with world at large (identity unknown)5Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettRISK CONSIDERATIONSE-commerce risks include:Risks arising from the nature of relationships with e-commerce trading partnersRisks related to the recording and processing of e-commerce transactionsPervasive e-commerce security risks, including privacy issuesFraud risksRisks of systems failures or ‘crashes’6Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettE-COMMERCE CONTROLSInclude:Security infrastructure controls (firewalls, encryption and other security controls)Systems controls (controls over systems development, systems monitoring)Programmed controls (e.g. to ensure customer is authentic – payment authorised with approved credit card, order is reasonable, method of payment or credit-worthiness have been established)7Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettTESTS OF CONTROLSB2B – authorisation system between transacting parties important. Tested as part of general control review. Programmed controls tested by test data techniques.B2C – authorisation of transactions established on many occasions by quoting valid credit card. Funds usually received before goods shipped. System reviewed as part of general controls. Programmed controls tested by use of test data.8Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettSUBSTANTIVE TESTS IN AN E-COMMERCE ENVIRONMENTShould be evidence to support figures contained in financial report. Auditor can substantively verify these figures.May be assertions, such as rights and obligations (at what time do transactions take place?), to which auditor has to pay closer attention.Caution should be exercised with regard to analytical procedures, as some traditional relationships between account balances might no longer hold (e.g. a supplier might not hold inventory).9Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettCONTINUOUS ASSURANCERapid advances in information technology enable information to be made available to users on a more timely basis. For example, in the future entities might have financial reports on Internet and show current status of accounts (as impacted by transactions as they flow into system).Assurance will be required on such reporting advances.Assurance more likely on system generating figures (tests of controls) than on figures themselves (substantive testing).10Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettCONDITIONS NECESSARY FOR A CONTINUOUS AUDIT11Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettEXAMPLES OF CONTINUOUS ASSURANCESpecific financial information required by debt covenantsAn entity’s compliance with stated policies and practices with regard to e-commerce transactionsCompleteness and accuracy of frequently updated key information provided publicly on a websiteFinancial reports available on demandEffective operation of controls over specified systems or publicly accessible databasesContinuous assurance can be on either financial or non-financial information. Examples include:12Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettCONTINUOUS ASSURANCE AND XBRLUses accepted standards and practice to encourage standardisation and exchange of financial information (including financial reports) across different technologies.Takes transactions and maps onto a standard structure for financial reports, and provides tags that permit the tracing of transactions.eXtensible Business Reporting Language (XBRL) is a new technology bringing continuous assurance closer to reality.13Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettFORENSIC AUDITINGOne of the fastest growing areas in public accounting over past 10 years. Forensic auditing is called upon when there are large systems and corporate failures, or when fraud is suspected.14Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettFORENSIC AUDITORS UNDERTAKE:Investigative engagements:Fraud investigations – determining existence, nature and extent of fraud and funds tracingBusiness economic loss analysis – contract disputes, product liability claims, etc.Litigation support:Review of evidence to form assessment of case and identify areas of lossObtain relevant evidence to support or refute legal claim15Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettTYPICAL APPROACH TO FORENSIC AUDITING ASSIGNMENTPlan meeting with clientPerform an engagement acceptance checkPerform a preliminary investigationDevelop an action planObtain the relevant evidenceEvaluate the evidencePrepare the report16Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettENVIRONMENTAL AND SUSTAINABILITY ASSURANCEEnvironmental reporting is becoming increasingly prevalent, with the advent of triple bottom line and sustainability reporting.Assurance on such reports is becoming more common. KPMG 2002 survey 2002 1999 No. of companies issuing such reports 45% 35% No. of such reports independently assured 27% 19%17Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettINTERNATIONAL DEVELOPMENTSMany groups encouraging or creating standards or criteria for environmental and sustainability reportingFédération des Experts Comptables Européens (FEE)The Global Reporting Initiative (GRI)Environment AustraliaThe International Organisation for Standardisation (ISO) 14,000 series18Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettOVERARCHING PRINCIPLES19Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettASSURANCE CURRENTLY PROVIDEDLevel 1: Data verification — the checking of randomly selected data.Level 2: Verification of completeness of reporting — assessing the level of reporting against the organisation’s policy, aspects and impacts, and objectives and targets.Level 3: Report verification incorporating site level compliance auditing.Level 4: Report verification incorporating re-sampling and analysis.Environment Australia notes that there are primarily four levels of assurance services currently provided by assurance providers. These are:20Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger SimnettASSURANCE REPORTS ON ENVIRONMENT AND SUSTAINABILITY MATTERSAn assurance report should contain:Identification of the subject matter Acknowledgment that the reported subject matter is the responsibility of management and that the verification statement is the responsibility of the assurance providerPurpose of carrying out the verificationNature and source of criteria used in evaluating the subject matter, developing findings and reaching conclusionsProcedures carried out and any standards followed Identification of the party or parties responsible for the verification, including relevant qualifications or competenciesA statement or opinion as to the conclusions reached and an indication of the level of assurance providedDate and place of issuing the assurance report21Copyright  2003 McGraw-Hill Australia Pty Ltd PPTs t/a Auditing and Assurance Services in Australia by Gay & SimnettSlides prepared by Roger Simnett