Chapter 17
Advanced Topics in
Assurance Services

Copyright  2006 McGraw-Hill Australia Pty Ltd

17-


Learning Objective 1:

E-Commerce Environments
•

E-commerce: The use of electronic transmission
mediums (telecommunications) to engage in the
exchange, including buying and selling, of products and
services requiring transportation, either physically or
digitally, from location to location.
• E-commerce is changing how many organisations
currently undertake business.

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-2


Early E-Commerce Systems:
Electronic Data Exchange (EDI)

•

Forerunner to e-commerce was EDI.
• Example: Manufacturer requires suppliers to accept
orders through electronically transmitted purchase
orders:
–
–

when parts are shipped, supplier electronically transmits
invoice to manufacturer.
because it reduces data entry, mailing costs and time to
complete transactions.

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-3


Current Categories of E-Commerce
Systems
•

Business-to-business (B2B) e-commerce:
–
–

Companies buying from and selling to each other online.

EDI was the early form for undertaking B2B e-commerce.
Business-to-consumer (B2C) e-commerce:


Any business or organisation that sells its products or
services to consumers over the Internet, e.g. Amazon.com.

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-4


Learning Objective 2:

Business Risk Assessments and Control
Considerations in E-Commerce
•

Number of differences for business risk assessment
and related controls for B2B compared with B2C ecommerce.
• B2B: audit client is transacting with small group of other
businesses (identity known, authorisation procedures in
place).
• B2C: audit client is transacting with the world at large
(identity unknown).

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

17-5


Business risk considerations
•

E-commerce risks include:
–
–
–
–
–

Risks arising from the nature of relationships with ecommerce trading partners;
Risks related to the recording and processing of ecommerce transactions;
Pervasive e-commerce security risks, including privacy
issues;
Fraud risks; and
Risks of systems failures or ‘crashes’.

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-6


E-Commerce controls

•

Include:
–
–
–

Security infrastructure controls (firewalls, encryption and
other security controls);
Systems controls (controls over systems development,
systems monitoring); and
Programmed controls (e.g. to ensure customer is
authentic – payment authorised with approved credit
card, order is reasonable, method of payment or creditworthiness have been established).

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-7


Learning Objective 3:

Evidence-Gathering in an E-Commerce
Environment

•

Tests of controls:

–

–

B2B – authorisation system between transacting parties
important. Tested as part of general control review.
Programmed controls are tested by test data techniques.
B2C – authorisation of transactions established on many
occasions by quoting valid credit card. Funds are usually
received before goods are shipped. System reviewed as a
part of general controls. Programmed controls tested by
the use of test data.

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-8


Substantive tests in an E-Commerce
environment
•

There should be evidence to support figures contained
in the financial report. Auditor can substantively verify
these figures.
• There may be assertions, such as rights and obligations
(who owns the inventory the entity is selling?), to which
auditor has to pay closer attention.

• Caution should be exercised with regard to analytical
procedures, as some traditional relationships between
account balances might no longer hold (e.g. a supplier
might not hold inventory).

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-9


Learning Objective 4:

Continuous Assurance

•

Rapid advances in information technology enable
information to be made available to users on a more
timely basis.
• E.g. in the future, entities might have financial reports
on Internet and show current status of accounts (as
impacted by transactions as they flow into system).
• Assurance may be requested on such reporting
advances.
• Assurance is more likely on system generating numbers
(tests of controls) than on the numbers themselves
(substantive testing).


Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-10


Conditions necessary for a continuous
audit

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-11


Examples of continuous assurance
• Continuous assurance can be on either financial or non-

financial information. Examples include:
–
–
–
–
–

specific financial information required by debt covenants;
an entity’s compliance with stated policies and practices
with regard to e-commerce transactions;

completeness and accuracy of frequently updated key
information provided publicly on a website;
financial reports available on demand; and
effective operation of controls over specified systems or
publicly accessible databases.

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-12


Continuous assurance and XBRL
eXtensible Business Reporting Language (XBRL): is a
new technology bringing continuous assurance closer
to reality.
•

•

Uses accepted standards and practice to encourage
standardisation and exchange of financial information
(including financial reports) across different technologies.
Takes transactions and maps onto a standard structure
for financial reports, and provides tags attached to
transactions that permit the tracing of these transactions.

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

17-13


Learning Objective 5:

Forensic Auditing

•

Forensic auditing is called upon when there are large
systems and corporate failures, or when fraud is
suspected.
• One of the fastest growing areas in public accounting
over past 10 years.

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-14


What forensic auditors do
•

Investigative engagements:
–
–


•

Fraud investigations – determining existence, nature and
extent of fraud and funds tracing.
Business economic loss analysis – contract disputes,
product liability claims, etc.

Litigation support:
–
–

Review of evidence to form assessment of case and
identify areas of loss.
Obtain relevant evidence to support or refute legal claims.

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-15


Typical approach to forensic auditing
assignment
•
•
•
•
•

•
•

Plan meeting with client;
Perform an engagement acceptance check;
Perform a preliminary investigation;
Develop an action plan;
Obtain the relevant evidence;
Evaluate the evidence; and
Prepare the report.

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-16


Learning Objective 6:

Environmental and Sustainability
Assurance

•

Environmental reporting is becoming increasingly
prevalent, with the advent of triple bottom line and
sustainability reporting.
• IAASB has identified this as a major assurance service
on which it will be concentrating on in 2005-2006.


Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-17


International developments
•
•
•
•
•
•
•

Many groups encouraging or creating standards or
criteria for environmental and sustainability reporting:
IAASB
Fédération des Experts Comptables Européens (FEE)
The Global Reporting Initiative (GRI)
Institute of Social and Ethical Accountability
(AccountAbility)
The International Organisation for Standardisation (ISO)
14,000 series
CPA Australia

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett

Slides prepared by Roger Simnett

17-18


Providing assurance on environmental and
sustainability reports
•

In its 2002 survey of corporate sustainability reporting,
KPMG observed a significant rise in the number of
companies issuing such reports (45 per cent in 2002,
compared with 35 per cent in 1999).
• There was a large increase in the proportion of those
reporting being independently assured (27 per cent in
2002 compared with 19 per cent in 1999).
• The major accounting firms performed the majority of
these verifications (65 per cent).

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-19


Current practice – CPA Australia
Accounting firms provided 87 per cent of assurance reports
in Japan, 60 per cent in continental Europe, 23 per cent in
the UK, and 15 per cent in Australia. Is acknowledged that

few such assurance reports are issued in the USA and
Canada.
• Suitable criteria – survey showed that only 40 per cent of
assurance reports refer to the reporting criteria used.
Criteria that are mentioned most frequently are the GRI
guidelines (11 per cent), followed by the AA 1000
framework.
• Assurance standards that were being followed - it was
found that 66 per cent of all reports (accounting firms: 55
per cent) do not mention any standards in accordance with
which the assurance engagement has been performed.
•

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-20


Current practice – CPA Australia (Cont.)
•

The assurance standard that was most often referred to
was AccountAbility’s ‘AA 1000 Assurance Standard’
(AA1000AS).
• With the issuing of AUS 110 (ISAE 3000) in 2004, it is
expected that the use of this standard will become
increasingly prevalent, especially by the major
accounting firms.


Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-21


Overarching principles

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-22


Assurance currently provided
•

Environment Australia notes that there are primarily four
levels of assurance services currently provided. These
are:
–
–

–
–

Level 1: Data verification – the checking of randomly

selected data.
Level 2: Verification of completeness of reporting –
assessing the level of reporting against the organisation’s
policy, aspects and impacts, and objectives and targets.
Level 3: Report verification incorporating site level
compliance auditing.
Level 4: Report verification incorporating re-sampling and
analysis.

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-23


Assurance reporting on sustainability
reports
•

An assurance report should contain:
–
–
–
–
–
–

a title that clearly indicates the report is an independent
engagement report;

an addressee;
a description of the subject matter;
identification of the suitable criteria;
a description of any inherent limitations;
a statement to identify the responsible party and to
describe the responsible party’s and the assurance
provider’s responsibilities;

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-24


Assurance reporting on sustainability
reports (Cont.)
–
–
–

–
–

a statement the engagement was performed in
accordance with AUSs/ ISAEs;
a summary of the audit procedures performed;
the practitioner’s conclusion expressed in the form that is
appropriate to either a reasonable-assurance or a limitedassurance engagement;
the assurance report date; and

the name and location of the firm or the assurance
provider.

Copyright  2006 McGraw-Hill Australia Pty Ltd
Revised PPTs t/a Auditing and Assurance Services in Australia 3e by Grant Gay and Roger Simnett
Slides prepared by Roger Simnett

17-25