| Statements of Auditing Standards (SASs) are to be read in the light of SAS 010 "The scope and authority
of auditing pronouncements". In particular, they contain basic principles and essential procedures, (auditing
standards), indicated by paragraphs in bold italic type, with which auditorsare required to comply in the
conduct of any audit including those of companies applying section 141D of the Companies Ordinance. SASs also include
explanatory and other material which is designed to assist auditors in interpreting and applying auditing standards. |
| |
|
|
|
Introduction
|
| 1. |
The purpose of this Statement of Auditing Standards (SAS) is to establish standards and provide guidance on the
objective and general principles governing an audit of financial statements. |
| |
|
Objective of an audit
|
| 2. |
The objective of an audit of financial statements is to enable auditors to express an opinion on whether
the financial statements are prepared, in all material respects, in accordance with an identified financial reporting
framework. (SAS 100.1) |
| 3. |
The phrase normally used to express the auditors' opinion is "give a true and fair view". The financial
reporting framework adopted may be accounting principles generally accepted in Hong Kong, International Accounting
Standards or other comprehensive basis of accounting. |
| 4. |
Although the auditors' opinion enhances the credibility of the financial statements, users cannot assume that the
opinion is an assurance as to the future viability of the entity nor the efficiency or effectiveness with which
management has conducted the affairs of the entity. |
| |
|
General principles of an audit
|
| 5. |
Auditors should comply with the Statements of Professional Ethics issued by the Hong Kong Institute of Certified Public Accountants.
(SAS 100.2) |
| 6. |
Ethical principles governing auditors' professional responsibilities are: |
| |
a. |
independence; |
| |
b. |
integrity; |
| |
c. |
objectivity; |
| |
d. |
professional competence and due care; |
| |
e. |
confidentiality; |
| |
f. |
professional behaviour; and |
| |
g. |
technical standards. |
| 7. |
Auditors should conduct an audit in accordance with SASs or, where an audit is being carried out of an overseas
enterprise for purposes other than Hong Kong reporting, the audit should conform to appropriate standards as set
out in paragraph 16 of SAS 010 "The scope and authority of auditing pronouncements". (SAS 100.3) |
| 8. |
SASs contain basic principles and essential procedures together with related guidance in the form of explanatory
and other material. |
| 9. |
Auditors should plan and perform an audit with an attitude of professional scepticism recognising that circumstances
may exist which cause the financial statements to be materially misstated. (SAS 100.4) |
| 10. |
An attitude of professional scepticism means the auditors make a critical assessment, with a questioning mind,
of the validity of audit evidence obtained and are alert to audit evidence that contradicts or brings into question
the reliability of documents or management representations. For example, an attitude of professional scepticism
is necessary throughout the audit process for the auditors to reduce the risk of overlooking suspicious circumstances,
of overgeneralizing when drawing conclusions from audit observations, and of using faulty assumptions in determining
the nature, timing and extent of the audit procedures and evaluating the results thereof.
In planning and performing an audit, the auditors neither assume that management is dishonest nor assume unquestioned
honesty. Accordingly, representations from management are not a substitute for obtaining sufficient appropriate
audit evidence to be able to draw reasonable conclusions on which to base the audit opinion. |
| |
|
|
|
Scope of an audit
|
| 11. |
The procedures required to conduct an audit in accordance with SASs should be determined by the auditors
having regard to the requirements of SASs, legislation, regulations and, where appropriate, the terms of the audit
engagement and reporting requirements. (SAS 100.5) |
| |
|
Reasonable assurance
|
| 12. |
An audit in accordance with SASs is designed to provide reasonable assurance that the financial statements taken
as a whole are free from material misstatement. The view given in financial statements is derived from a combination
of fact and judgement, and consequently cannot be characterised as "absolute". When reporting on financial
statements, therefore, auditors provide a level of assurance which is reasonable in that context but, equally,
cannot be absolute. |
| 13. |
However, there are inherent limitations in an audit that affect the auditors' ability to detect material misstatements.
These limitations result from factors set out below. |
| |
a. |
The impracticality of examining all items within an account balance or class of transactions. |
| |
b. |
The inherent limitations of any accounting and internal control system (for example, the possibility of collusion). |
| |
c. |
The fact that most audit evidence is persuasive rather than conclusive. |
| 14. |
Also the work undertaken by auditors to form an opinion is permeated by judgement, in particular regarding: |
| |
a. |
the gathering of audit evidence, for example, in deciding the nature, timing and extent of audit procedures; and |
| |
b. |
the drawing of conclusions based on the audit evidence gathered, for example, assessing the reasonableness of the
estimates made by management in preparing the financial statements. |
| 15. |
Further, other limitations may affect the persuasiveness of evidence available to draw conclusions on particular
financial statement assertions (for example, transactions between related parties). In these cases certain SASs
identify specified procedures which, because of the nature of the particular assertions1, provide sufficient
appropriate audit evidence in the absence of: |
| |
a. |
unusual circumstances which increase the risk of material misstatement beyond that which would ordinarily be expected;
or |
| |
b. |
any indication that a material misstatement has occurred. |
______________________________
1 Paragraphs 15 - 18 of SAS 500 "Audit evidence" discuss the use of assertions in obtaining
audit evidence. |
| |
| 16. |
Accordingly, because of the factors described above, an audit is not a guarantee that the financial statements
are free of material misstatement. |
| |
Audit Risk and materiality |
| 17. |
Entities pursue strategies to achieve their objectives, and depending on the nature of their operations and industry,
the regulatory environment in which they operate, and their size and complexity, they face a variety of business
risks2. Management is responsible for identifying such risks and responding to them. However, not all
risks relate to the preparation of the financial statements. The auditors are ultimately concerned only with risks
that may affect the financial statements. |
______________________________
2 Paragraphs 30 - 34 of SAS 315 "Understanding the entity and its environment and assessing the
risks of material misstatement," discuss the concept of business risks and how they relate to risks of material
misstatement. |
| |
|
|
| 18. |
The auditors obtain and evaluate audit evidence to obtain reasonable assurance about whether the financial statements
give a true and fair view in accordance with the applicable financial reporting framework. The concept of reasonable
assurance acknowledges that there is a risk the audit opinion is inappropriate. The risk that the auditors express
an inappropriate audit opinion when the financial statements are materially misstated is known as "audit risk"
3. |
______________________________
3 This definition of audit risk does not include the risk that the auditors might erroneously express
an opinion that the financial statements are materially misstated. |
| |
|
|
| 19. |
The auditors should plan and perform the audit to reduce audit risk to an acceptably low level that is consistent
with the objective of an audit. (SAS 100.6) |
| 20. |
The auditors reduce audit risk by designing and performing audit procedures to obtain sufficient appropriate audit
evidence to be able to draw reasonable conclusions on which to base an audit opinion. Reasonable assurance is obtained
when the auditors have reduced audit risk to an acceptably low level. |
| 21. |
Audit risk is a function of the risk of material misstatement of the financial statements (or simply, the "risk
of material misstatement") (i.e., the risk that the financial statements are materially misstated prior to
audit) and the risk that the auditors will not detect such misstatement ("detection risk"). The auditors
perform audit procedures to assess the risk of material misstatement and seek to limit detection risk by performing
further audit procedures based on that assessment (see SAS 315 "Understanding the entity and its environment
and assessing the risks of material misstatement" and SAS 330 "The auditor's procedures in response to
assessed risks"). The audit process involves the exercise of professional judgement in designing the audit
approach, through focusing on what can go wrong (i.e., what are the potential misstatements that may arise) at
the assertion level (see SAS 500 "Audit evidence") and performing audit procedures in response to the
assessed risks in order to obtain sufficient appropriate audit evidence. |
| 22. |
The auditors are concerned with material misstatements, and are not responsible for the detection of misstatements
that are not material to the financial statements taken as a whole. The auditors consider whether the effect of
identified uncorrected misstatements, both individually and in the aggregate, is material to the financial statements
taken as a whole. Materiality and audit risk are related (see SAS 220 "Audit materiality"). In order
to design audit procedures to determine whether there are misstatements that are material to the financial statements
taken as a whole, the auditors consider the risk of material misstatement at two levels: the overall financial
statement level and in relation to classes of transactions, account balances, and disclosures and the related assertions
4. |
______________________________
4 SAS 315 "Understanding the entity and its environment and assessing the risks of material misstatement"
provides additional guidance on the auditors' requirement to assess risks of material misstatement at the financial
statement level and at the assertion level. |
| |
|
|
| 23. |
The auditors consider the risk of material misstatement at the overall financial statement level, which refers
to risks of material misstatement that relate pervasively to the financial statements as a whole and potentially
affect many assertions. Risks of this nature often relate to the entity's control environment (although these risks
may also relate to other factors, such as declining economic conditions), and are not necessarily risks identifiable
with specific assertions at the class of transactions, account balance, or disclosure level. Rather, this overall
risk represents circumstances that increase the risk that there could be material misstatements in any number of
different assertions, for example, through management override of internal control. Such risks may be especially
relevant to the auditors' consideration of the risk of material misstatement arising from fraud. The auditors'
response to the assessed risk of material misstatement at the overall financial statement level includes consideration
of the knowledge, skill, and ability of personnel assigned significant engagement responsibilities, including whether
to involve experts; the appropriate levels of supervision; and whether there are events or conditions that may
cast significant doubt on the entity's ability to continue as a going concern. |
| 24. |
The auditors also consider the risk of material misstatement at the class of transactions, account balance, and
disclosure level because such consideration directly assists in determining the nature, timing, and extent of further
audit procedures at the assertion level 5. The auditors seek to obtain sufficient appropriate audit
evidence at the class of transactions, account balance, and disclosure level in such a way that enables the auditors,
at the completion of the audit, to express an opinion on the financial statements taken as a whole at an acceptably
low level of audit risk. Auditors use various approaches to accomplish that objective 6. |
______________________________
5 SAS 330 "The auditor's procedures in response to assessed risks" provides additional guidance
on the requirement for the auditors to design and perform further audit procedures in response to the assessed
risks at the assertion level.
6 The auditors may make use of a model that expresses the general relationship of the components of
audit risk in mathematical terms to arrive at an appropriate level of detection risk. Some auditors find such a
model to be useful when planning audit procedures to achieve a desired audit risk though the use of such a model
does not eliminate the judgement inherent in the audit process. |
| |
|
|
| 25. |
The discussion in the following paragraphs provides an explanation of the components of audit risk. The risk
of material misstatement at the assertion level consists of two components as follows:
- "Inherent risk" is the susceptibility of an assertion to a misstatement that could be material, either
individually or when aggregated with other misstatements, assuming that there are no related controls. The risk
of such misstatement is greater for some assertions and related classes of transactions, account balances, and
disclosures than for others. For example, complex calculations are more likely to be misstated than simple calculations.
Accounts consisting of amounts derived from accounting estimates that are subject to significant measurement uncertainty
pose greater risks than do accounts consisting of relatively routine, factual data. External circumstances giving
rise to business risks may also influence inherent risk. For example, technological developments might make a particular
product obsolete, thereby causing inventory to be more susceptible to overstatement. In addition to those circumstances
that are peculiar to a specific assertion, factors in the entity and its environment that relate to several or
all of the classes of transactions, account balances, or disclosures may influence the inherent risk related to
a specific assertion. These latter factors include, for example, a lack of sufficient working capital to continue
operations or a declining industry characterized by a large number of business failures.
- "Control risk" is the risk that a misstatement that could occur in an assertion and that could be
material, either individually or when aggregated with other misstatements, will not be prevented, or detected and
corrected, on a timely basis by the entity's internal control. That risk is a function of the effectiveness of
the design and operation of internal control in achieving the entity's objectives relevant to preparation of the
entity's financial statements. Some control risk will always exist because of the inherent limitations of internal
control.
|
| 26. |
Inherent risk and control risk are the entity's risks; they exist independently of the audit of the financial statements.
The auditors are required to assess the risk of material misstatement at the assertion level as a basis for further
audit procedures, though that assessment is a judgement, rather than a precise measurement of risk. When the auditors'
assessment of the risk of material misstatement includes an expectation of the operating effectiveness of controls,
the auditors perform tests of controls to support the risk assessment. The SASs do not ordinarily refer to inherent
risk and control risk separately, but rather to a combined assessment of the "risk of material misstatement".
Although the SASs ordinarily describe a combined assessment of the risk of material misstatement, the auditors
may make separate or combined assessments of inherent and control risk depending on preferred audit techniques
or methodologies and practical considerations. The assessment of the risk of material misstatement may be expressed
in quantitative terms, such as in percentages, or in non-quantitative terms. In any case, the need for the auditors
to make appropriate risk assessments is more important than the different approaches by which they may be made. |
| 27. |
"Detection risk" is the risk that the auditors will not detect a misstatement that exists in an assertion
that could be material, either individually or when aggregated with other misstatements. Detection risk is a function
of the effectiveness of an audit procedure and of its application by the auditors. Detection risk cannot be reduced
to zero because the auditors usually do not examine all of a class of transactions, account balance, or disclosure
and because of other factors. Such other factors include the possibility that auditors might select an inappropriate
audit procedure, misapply an appropriate audit procedure, or misinterpret the audit results. These other factors
ordinarily can be addressed through adequate planning, proper assignment of personnel to the engagement team, the
application of professional scepticism, and supervision and review of the audit work performed. |
| 28. |
Detection risk relates to the nature, timing, and extent of the auditors' procedures that are determined by the
auditors to reduce audit risk to an acceptably low level. For a given level of audit risk, the acceptable level
of detection risk bears an inverse relationship to the assessment of the risk of material misstatement at the assertion
level. The greater the risk of material misstatement the auditors believe exists, the less the detection risk that
can be accepted. Conversely, the less risk of material misstatement the auditors believe exist, the greater the
detection risk that can be accepted. |
| |
|
|
Responsibility for the financial statements |
| 29. |
While auditors are responsible for forming and expressing an opinion on the financial statements, the responsibility
for preparing and presenting the financial statements is that of the management of the entity. The audit of the
financial statements does not relieve management of its responsibilities. |
| |
|
|
Compliance with International Standards on Auditing |
| 30. |
Compliance with the auditing standards contained in this SAS ensures compliance in all material respects with the
basic principles and essential procedures in International Standard on Auditing 200 "Objective and General
Principles Governing an Audit of Financial Statements". |
| |
|
|
Effective date |
| 31. |
Auditors are required to comply with the requirements of this SAS in respect of audits of financial statements
for periods beginning on or after 15 December 2004. Early application of the provisions of this SAS is permissible. |
| 32. |
Auditors are required to comply with the requirements in paragraphs 1 to 15 and 29 of this SAS in respect of audits
of financial statements for periods beginning before 15 December 2004. |
| |
|
|
[End of Revised January 2004 (Supp. No. 01/04)]
|
| |
|
|
| |
|
|
| |
|
|
| |
|
|
