Within the conceptual framework of this research, we will critically analyze CICA guideline for auditors, called “The First Audit Engagement.” The adequacy of the instructions presented will be considered using the accounting principles; detailed analysis of various activities will be performed as well to assess the overall assurance achieved if the guidelines are followed. It is apparent that the guidelines present a set of valuable instructions that should not be underestimated when it comes to the risks associated with the first audit engagement.
For auditors, the first-time client tends to indicate increased engagement risk and the procedures to be undertaken when assessing the engagement risk need to be more rigorously applied because:
clients can be highly geared and exposed to more risks than most already audited organizations
- There may be more stakeholders who rely on the accuracy of financial reporting and the integrity of policies, procedures, and controls
- Many companies handle complex and innovative financial products
- They may operate in a volatile industry and markets
- There may be additional reporting requirements imposed by regulatory authorities. (CICA, 1995)
Measuring these interactions and assessing the consolidated risk profile are two key tasks of the audit group. At present, the auditors identify five risks “cylinders”: credit, market (including rate risk), operations, reputation, and liquidity. When asked about, say, strategy risk, the reply is that since this important exposure is common to all the cylinders, it is not separately identified.
Other strategy-involved auditors, clearly diligent on the practical assessment of risk, remain less articulate about the risk management process itself. This accords with the CICA guidelines that these perceptions and redefinitions first grow out of behavior and only later condense into a management philosophy. Thus the new approach to risk management will inevitably supplant the old, at least in strategically transforming banks. But standardization is not to be expected. Whether the stable of risks, in other words, contains three, four, or thirteen horses will depend upon the size, complexity, and sheer style of particular companies.
“Risk factors for first audit engagement may be higher than normal because of the business environment in which they operate.” (CICA, 1995) Conditions that would indicate increased risk include: capital ratios that are deteriorating or are near regulatory minimums; rating downgrades or indications of less than well-capitalized status; restriction orders from the regulators or a history of problems with the regulators; key ratios not in line with industry norms or peer group ratios; interest rates not in line with industry norms or peer groups.
Financial data/ratios need to be examined in considering past performance, adequacy of provisioning, capital adequacy, increases in the volume of activities, concentrations of lending activities, etc. Auditors also review for any signs of deteriorating performance such as increased delinquency ratios for consumer and credit card loans; increases in nonperforming assets; decreasing coverage of the provision (allowance) for loan losses to nonperforming loans and assets and the total loan portfolio. However, this review has one inherent weakness: knowledgeable management can manipulate various pictures to draw rather a plausible picture when needed.
Increased risk for auditors may apply if a significant portion of management and other staff’s remuneration is based on financial results. An understanding of the client’s attitude to remuneration is therefore necessary. Proper benchmarks for performance need to be in place that avoids creating inappropriate incentives for staff. Auditors need to consider whether, based on the prior knowledge, there are factors that considerably increase the assessment of engagement risk.
There may be: poor underwriting standards; inadequate loan documentation; lack of or outdated appraisals or financial statements of borrowers; deficiencies in internal control; inability to recognize impaired credits; inadequate provision (allowance) for loan losses; lack of an asset/liability function; lack of an independent credit review function; lack of written lending and treasury policies and procedures; inaccurate regulatory reports or numerous amendments to regulatory reports; significant findings by the internal audit department; inadequate internal audit function; frequent limit violations; poor risk management; history of treasury losses.
Most companies usually have well-developed risk management practices that address risks related to their business. Although management may expect auditors to examine such practices, they need to clarify the extent of the work they plan to perform. Auditors normally consider the newly audited client’s risk management practices as part of the assessment of engagement risk, and they may thus decide to assess business risks through discussions with management and tests of control activities with few or no corresponding substantive tests. Alternatively, if these control activities are relevant to the audit, such as those relating to credit management, and are effective and efficient to test, it would be appropriate to plan to rely on them and perform appropriate tests for the purpose of obtaining audit assurance.
In the case of a first audit engagement, it is important to prepare and send a letter to the client confirming the terms of the engagement and including information relevant to the current audit engagement since the scope of the audit may be dictated by statutory requirements, group auditors’ instructions, and/or regulatory reporting. (CICA, 1995) To acquire a knowledge of a business auditors may wish to understand some or all of the following matters that will ultimately facilitate the performance of an effective and efficient audit and enable auditing company to serve as effective business advisers:
- Range of services offered by the client and the principal characteristics of each significant area of business
- Motivation, experience, competence, and style of management
- Extent to which decision making is centralized or decentralized and management’s attitude to risk and acceptable level of risk
- Level of management commitment to a high-quality control environment, including consolidated risk management
- Economic and regulatory environment prevailing for each of the countries in which the client operates
- Market conditions existing in each of the sectors in which the client operates. (CICA, 1995)
Auditors may seek to understand the risk management processes that address business risks specific to a first time client. They would not necessarily represent specific risks related to account balances and potential error(s). Auditors need to consider the client’s countries of operation and evaluate the risk of foreign customers and counterparties failing to settle their obligations due to economic, political, and social factors of their country. In addition, they also need to consider the markets in which the client operates. A consideration of markets generally covers:
- The geographical location of markets. Credit risk may be heightened if the client’s credit portfolio is concentrated in a particular region rather than being widely spread.
- The market sectors served, such as retail or corporate.
- The competitive strengths and weaknesses of the products and services offered. Auditors need to evaluate whether the competitive advantage of the client may be reduced by “disintermediation”.
- Knowledge of industries in which the client’s customers operate. Often a bank’s loan portfolio could be concentrated in highly specialized industries such as real estate, shipping, and natural resources.
Evaluating the nature of these portfolios may require a knowledge of the business and reporting practices of those industries.
To gain further knowledge about a first time client, it may be helpful to benchmark the financial information available to local industry statistics published by the central banks and market information providers. It may also be useful to compare financial results with those of similar size competitors, considering the relative strengths, weaknesses, and market position within the client’s market.
From the legislative point of view, the most important legislation for first-time audit clients is that issued by the relevant supervisory agencies, commissions, or central banks. The supervisory agencies may restrict certain business activities based on capital levels. Such agencies also generally require that the control activities operate within safety and soundness standards and also impose reporting requirements. Usually, such agencies have enforcement powers that may affect internal control.
Auditors need to consider examining the relationship between the client and the banking regulators, particularly the ease (or difficulty) with which the client meets the requirements set by the regulators. Reviewing a client’s regulatory correspondence files and regulatory returns will enable the auditing company to evaluate whether or not the client is complying with capital adequacy, minimum capitalization, minimum liquidity levels, exchange controls, foreign currency positions, lending limits, and any relevant requirements set by the regulators.
Client Management is likely to develop control activities and use performance indicators to aid in designing information and communication systems that address key business and financial risks. Effective risk management in any environment generally includes: approved policies and documented limits that control the levels of risk accepted; monitoring compliance with such policies and limits and reporting on an exception basis; accurate measurement and reporting of positions prepared by an independent middle office function; procedures and the ability to react quickly and control losses if positions assumed become unfavorable.
Before auditors can rely on first time client’s internal controls, they need to determine whether the control environment is conducive to such reliability. The elements needed to consider for a banking client are:
- The role of the board of directors in determining policies for the levels of risk that the client is willing to accept in its daily operations
- The role of senior management in designing, implementing, and monitoring effective risk management systems to implement the policies prescribed by the board of directors
- The presence of nonexecutive directors on the board and independent compensation committee that reviews incentive plans, including commissions, discretionary bonuses, directors’ service contracts, and profit-sharing plans
- The role of line management in carrying out the prescribed procedures and control activities
- The strength of the internal audit function and the audit committee and their role as an independent appraisal function
- Other significant committees, for example, asset and liability management committee, credit committee, or general management committee
- The role of regulators and the extent and results of their review
- The strength of the compliance function
- The adequacy of segregation of duties. (CICA, 1995)
Many companies have highly complex organizational structures with diversified and decentralized operations, multiple locations (branches, agencies, and foreign representative offices and subsidiaries), and multiple layers of management. In many instances, transactions are recorded at a central booking point, while execution occurs in various markets. This may involve centralized global trading with positions being passed on to other locations within the organization.
Effective senior management control methods often include the following: risk management strategies established by senior management with the approval of the board of directors for use in monitoring and controlling the business; an internal audit department, which is a key element of internal control; management reports, such as daily financial statements, monthly average balance and interest margin reports, monthly aging reports, and monthly budget-to-actual reports.
Preliminary analytical procedures for first-time audits require different criteria. The main difficulties that arise concerning the implementation of analytical procedures result from the specific nature of client’s activities, including multicurrency activities; significant fluctuations in interest-bearing asset and liability accounts between period ends; large number of products and fluctuating reference rates; global trading.
The ratio of commission received to revenue may also be calculated differently according to whether the activities are market related or corporate finance in nature. For market-related activities, the best approach is to separate the various functions of the organization, such as trading and new listings, and calculate relevant ratios, such as commission received to third-party-issues volumes. For corporate finance activities, the commission is determined by business combinations, acquisitions, and other corporate finance activities on an individual case basis. It is not relevant to review consultancy activities of this nature using standard ratios.
In circumstances where the income after tax is nominal or negative, planning materiality needs to be based on some alternative stable base, which represents the normalized ongoing level of profitability. Inappropriate circumstances, net interest income or income after a normal level of bad debt provisions may represent a stable base for a banking client.
One of the requirements for using larger materiality guidelines is that wholly owned subsidiaries do not operate in a regulated business environment. Many subsidiaries, particularly those in the financial services sector, are likely to be regulated by other supervisors. The auditors, therefore, need to consider the regulatory environment within which the subsidiaries operate to ensure that the level of materiality is adequate for reporting to the relevant regulatory body. In the case of first-time audit, the auditors do not take advantage of the relaxation of the quantitative guidelines for planning materiality.
The planning materiality to be set for branch audits depends on the scope of the work and whether such audits are governed by regulatory or statutory requirements. Where no such requirements apply, and the branches are not separate reporting entities, the extent of the audit work will depend on the instructions sent by the group auditors. If the auditors are required to issue a separate report on the branch’s financial statements, the quantitative guidelines set by the company will usually apply.
There may also be specifically identified risks that may not relate to specific account balances but that present risk to a client in that they may result in contingent or future liabilities or have other effects on a bank’s overall operations. For example, such threats are often associated with regulatory capital, investment management, and trust and custody operations.
In the case of such activities, there may be local regulatory requirements for which auditors are required to test compliance. Where there are no such requirements, the auditors will consider the significance of the area and the effect of any potential risk of loss (after insurance) to the bank. Such specific risks are generally addressed through discussions and tests of controls, and if there is no impact on the financial statements, with few or no similar substantive tests.
1. Canadian Institute of Chartered Accountants (1995). The First Audit Engagement, 3rd edition., CICA, Toronto.
NOTE!!! Above provided critical analysis research paper sample is 100% plagiarized. If you need a customized research project written by highly qualified writers - follow the writing company: http://writemypaperhub.com/critical-analysis.html.