To ensure that audit standards in Hong Kong conform with the best international practice, the Hong Kong Institute of Certified Public Accountants continues to introduce steps to make Hong Kong Standards on Auditing (HKSAs) - previously referred to as Statements on Auditing Standards (SASs) - dovetail with International Standards on Auditing (ISAs).

In response to the corporate failures that began in the late 1990s, the International Auditing and Assurance Standards Board (IAASB) has been revising the ISAs to place more responsibility on the auditor to detect incorrect or fraudulent financial reporting. As a consequence, a number of new and revised ISAs have been issued by the IAASB, which, in turn, resulted in significant changes to the corresponding HKSAs.

In particular, the new and revised Standards focus on the following key audit areas:

The Assessment of and Response to Audit Risk

Quality Control

The changes to the HKSAs are effective for audits for accounting periods beginning on or after December 15, 2004, with the exception of the Quality Control Standards, which are effective for audits for accounting periods beginning on or after June 15, 2005.

The following Standards have been issued to provide guidance on the auditor's assessment of, and response to, audit risk, including the risk of fraud, in the audit process:

HKSA 200 "Objectives and General Principles Governing an Audit of Financial Statements" (replaces SAS 100)

HKSA 240 "The Auditor's Responsibilities to Consider Fraud in an Audit of Financial Statements" (replaces SAS 110)

HKSA 315 "Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement" (replaces SAS 315)

HKSA 330 "The Auditor's Procedures in Response to Assessed Risks" (replaces SAS 330)

HKSA 500 "Audit Evidence" (replaces SAS 500)

The new and revised standards require a significant increase in the volume and depth of audit procedures in certain audit areas, and even fundamentally change the approach traditionally adopted by auditors in some areas. Due to the fact that many of the corporate failures involved some level of misleading or inadequate disclosure, the revised Standards have introduced the concept of controls over disclosure, such that the auditor is required not only to consider the form and content of the draft disclosure prepared by the directors but also to test the controls over these disclosures.

The new and revised Standards require the auditor to consider and test the design and implementation of controls (including automated controls) over significant account balances, classes of transactions and disclosures irrespective of the chosen audit strategy.

The auditor was previously not required to include within his audit testing strategy detailed testing of all internal controls of the company. Previously auditors could choose an audit strategy in many areas which was not internal controls based and was able to follow a purely substantive (tests of details) audit approach. For those significant accounting cycles where internal controls were previously not tested, or where a rotation plan for testing internal controls was employed, the auditors will have to devote additional time to document and test the design and implementation of internal controls.

In addition, the revised standards establish benchmarks for the amount of testing expected of the auditor.

Firstly, it is expected that most audits will have a number of significant risks, and, as a consequence, the auditors will have to design specific audit procedures to adequately respond to these risks.

Secondly, the risk of management override of controls is always expected to be a significant risk. The standards, therefore, require the auditors to adopt focused audit procedures to address the significant risk of management override of controls.

Thirdly, analytical review alone is now not adequate to test a balance where the auditor has identified a significant risk and additional detailed testing may be required to supplement analytical review procedures.

HKSA 240 recognizes that financial statement fraud is often perpetrated using inappropriate or unauthorized journal entries, in many cases due to management's ability to override the internal controls. The auditors are therefore now required to perform the following procedures in respect of journal entries for every audit:

Understand the financial reporting process, including the controls over journal entries;

Evaluate the design of these controls;

Discuss any unusual activity with respect to journal entries with management; and

Test journal entries and other adjustments (taking into account the effectiveness of the controls over this area).

In the past, the auditors would generally have reviewed certain year-end closing journal entries, as well as any other entries considered to be high risk. The new standard requires a more thorough understanding and documentation of the process (including the controls) by the auditors. This requirement will substantially increase the auditors' time and effort spent on reviewing journal entries and other adjustments in the general ledger, particularly those accounts that are complex or where there are a large number of non-standard accounting entries. Forensic analysis and testing will become more commonplace in the annual audit process.

It was previously sufficient for the auditors to assess whether a specific accounting policy was in accordance with the relevant framework of GAAP, and whether the assumptions underlying an accounting estimate were reasonable. The auditors are now, however, required to assess the accounting policies and estimates as a whole in order to assess whether choices and judgments made by management appear to be biased in a certain direction. Aggressive accounting policies and estimates may be an indicator of fraudulent corporate reporting (even if these individually comply with the requirements of GAAP).

In the past, revenue was tested in the same way as any other class of transactions. However, due to the high prevalence of the restatements of revenues within financial statements in recent corporate scandals, revenue recognition is presumed to be at a high risk of misstatement due to fraud (unless proved otherwise by the auditor).

In addition to the new and revised auditing standards addressing the assessment of and response to audit risk, a new series of audit pronouncements has been established, namely the Hong Kong Standards on Quality Control (HKSQC). The first Standard in the series is HKSQC 1 Quality Control for Firms that Perform Audits and Reviews of Historical Financial Information, and Other Assurance and Related Services Engagements. In addition, HKSA 220 Quality Control for Audits of Financial Information has been issued. These Standards establish a framework for quality control both at the audit firm level and on individual audits.

Cyrus Chan is Audit Manager, Deloitte Touche

Tohmatsu.

(HK Edition 11/09/2005 page4)