17-1 copyright 2006 mcgraw-hill australia pty ltd revised ppts t/a auditing and assurance services...

17-1Copyright 2006 McGraw-Hill Australia Pty Ltd Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger SimnettSlides prepared by Roger Simnett

Chapter 17

Advanced Topics in Assurance Services


E-Commerce Environments

• E-commerce: The use of electronic transmission mediums (telecommunications) to engage in the exchange, including buying and selling, of products and services requiring transportation, either physically or digitally, from location to location.

• E-commerce is changing how many organisations currently undertake business.

Learning Objective 1:


Early E-Commerce Systems: Electronic Data Exchange (EDI)

• Forerunner to e-commerce was EDI.• Example: Manufacturer requires suppliers to accept

orders through electronically transmitted purchase orders:

– when parts are shipped, supplier electronically transmits invoice to manufacturer.

– because it reduces data entry, mailing costs and time to complete transactions.


Current Categories of E-Commerce Systems

• Business-to-business (B2B) e-commerce:– Companies buying from and selling to each other online.

EDI was the early form for undertaking B2B e-commerce.– Business-to-consumer (B2C) e-commerce:

Any business or organisation that sells its products or services to consumers over the Internet, e.g. Amazon.com.


Business Risk Assessments and Control Considerations in E-Commerce

• Number of differences for business risk assessment and related controls for B2B compared with B2C e-commerce.

• B2B: audit client is transacting with small group of other businesses (identity known, authorisation procedures in place).

• B2C: audit client is transacting with the world at large (identity unknown).



Business risk considerations

• E-commerce risks include:– Risks arising from the nature of relationships with e-

commerce trading partners;– Risks related to the recording and processing of e-

commerce transactions;– Pervasive e-commerce security risks, including privacy

issues;– Fraud risks; and– Risks of systems failures or ‘crashes’.


E-Commerce controls

• Include:– Security infrastructure controls (firewalls, encryption and

other security controls);– Systems controls (controls over systems development,

systems monitoring); and– Programmed controls (e.g. to ensure customer is

authentic – payment authorised with approved credit card, order is reasonable, method of payment or credit-worthiness have been established).


Evidence-Gathering in an E-Commerce Environment

• Tests of controls:– B2B – authorisation system between transacting parties

important. Tested as part of general control review. Programmed controls are tested by test data techniques.

– B2C – authorisation of transactions established on many occasions by quoting valid credit card. Funds are usually received before goods are shipped. System reviewed as a part of general controls. Programmed controls tested by the use of test data.



Substantive tests in an E-Commerce environment

• There should be evidence to support figures contained in the financial report. Auditor can substantively verify these figures.

• There may be assertions, such as rights and obligations (who owns the inventory the entity is selling?), to which auditor has to pay closer attention.

• Caution should be exercised with regard to analytical procedures, as some traditional relationships between account balances might no longer hold (e.g. a supplier might not hold inventory).


Continuous Assurance

• Rapid advances in information technology enable information to be made available to users on a more timely basis.

• E.g. in the future, entities might have financial reports on Internet and show current status of accounts (as impacted by transactions as they flow into system).

• Assurance may be requested on such reporting advances.

• Assurance is more likely on system generating numbers (tests of controls) than on the numbers themselves (substantive testing).



Conditions necessary for a continuous audit


Examples of continuous assurance

• Continuous assurance can be on either financial or non-financial information. Examples include:

– specific financial information required by debt covenants;– an entity’s compliance with stated policies and practices

with regard to e-commerce transactions;– completeness and accuracy of frequently updated key

information provided publicly on a website;– financial reports available on demand; and– effective operation of controls over specified systems or

publicly accessible databases.


Continuous assurance and XBRL

eXtensible Business Reporting Language (XBRL): is a new technology bringing continuous assurance closer to reality.

• Uses accepted standards and practice to encourage standardisation and exchange of financial information (including financial reports) across different technologies.

• Takes transactions and maps onto a standard structure for financial reports, and provides tags attached to transactions that permit the tracing of these transactions.


Forensic Auditing

• Forensic auditing is called upon when there are large systems and corporate failures, or when fraud is suspected.

• One of the fastest growing areas in public accounting over past 10 years.



What forensic auditors do

• Investigative engagements:– Fraud investigations – determining existence, nature and

extent of fraud and funds tracing.– Business economic loss analysis – contract disputes,

product liability claims, etc.

• Litigation support:– Review of evidence to form assessment of case and

identify areas of loss.– Obtain relevant evidence to support or refute legal claims.


Typical approach to forensic auditing assignment

• Plan meeting with client;• Perform an engagement acceptance check;• Perform a preliminary investigation;• Develop an action plan;• Obtain the relevant evidence;• Evaluate the evidence; and• Prepare the report.


Environmental and Sustainability Assurance

• Environmental reporting is becoming increasingly prevalent, with the advent of triple bottom line and sustainability reporting.

• IAASB has identified this as a major assurance service on which it will be concentrating on in 2005-2006.



International developments

• Many groups encouraging or creating standards or criteria for environmental and sustainability reporting:

• IAASB• Fédération des Experts Comptables Européens (FEE)• The Global Reporting Initiative (GRI)• Institute of Social and Ethical Accountability

(AccountAbility)• The International Organisation for Standardisation (ISO)

14,000 series• CPA Australia


Providing assurance on environmental and sustainability reports

• In its 2002 survey of corporate sustainability reporting, KPMG observed a significant rise in the number of companies issuing such reports (45 per cent in 2002, compared with 35 per cent in 1999).

• There was a large increase in the proportion of those reporting being independently assured (27 per cent in 2002 compared with 19 per cent in 1999).

• The major accounting firms performed the majority of these verifications (65 per cent).


Current practice – CPA Australia

• Accounting firms provided 87 per cent of assurance reports in Japan, 60 per cent in continental Europe, 23 per cent in the UK, and 15 per cent in Australia. Is acknowledged that few such assurance reports are issued in the USA and Canada.

• Suitable criteria – survey showed that only 40 per cent of assurance reports refer to the reporting criteria used. Criteria that are mentioned most frequently are the GRI guidelines (11 per cent), followed by the AA 1000 framework.

• Assurance standards that were being followed - it was found that 66 per cent of all reports (accounting firms: 55 per cent) do not mention any standards in accordance with which the assurance engagement has been performed.


Current practice – CPA Australia (Cont.)

• The assurance standard that was most often referred to was AccountAbility’s ‘AA 1000 Assurance Standard’ (AA1000AS).

• With the issuing of AUS 110 (ISAE 3000) in 2004, it is expected that the use of this standard will become increasingly prevalent, especially by the major accounting firms.


Overarching principles


Assurance currently provided

• Environment Australia notes that there are primarily four levels of assurance services currently provided. These are:

– Level 1: Data verification – the checking of randomly selected data.

– Level 2: Verification of completeness of reporting – assessing the level of reporting against the organisation’s policy, aspects and impacts, and objectives and targets.

– Level 3: Report verification incorporating site level compliance auditing.

– Level 4: Report verification incorporating re-sampling and analysis.


Assurance reporting on sustainability reports

• An assurance report should contain:– a title that clearly indicates the report is an independent

engagement report;– an addressee;– a description of the subject matter;– identification of the suitable criteria;– a description of any inherent limitations;– a statement to identify the responsible party and to

describe the responsible party’s and the assurance provider’s responsibilities;


Assurance reporting on sustainability reports (Cont.)

– a statement the engagement was performed in accordance with AUSs/ ISAEs;

– a summary of the audit procedures performed;– the practitioner’s conclusion expressed in the form that is

appropriate to either a reasonable-assurance or a limited-assurance engagement;

– the assurance report date; and– the name and location of the firm or the assurance

provider.

17-1 copyright 2006 mcgraw-hill australia pty ltd revised ppts t/a auditing and assurance services...

Documents

business b2b ecommerce

ecommerce controlsinclude

ecommerce environmentthere

early ecommerce systems

undertaking b2b ecommerce

related controls

general controls

consumer b2c ecommerce