Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Revision Notes
Introduction 5
Assurance Engagements 7
Regulation of auditors 13
Code of ethics 21
Planning 37
Review 125
CAATs 171
Fraud 174
Computer-based exams
The total exam time is 3 hours and 20 minutes. Prior to the start of the exam candidates are given an extra 10
minutes to read the exam instructions.
Section A of the exam comprises three 10 mark case-based questions. Each case has five objective test questions
worth 2 marks each.
Section B of the exam comprises one 30 mark question and two 20 mark questions.
Section B of the exam will predominantly examine one or more aspects of audit and assurance from planning
and risk assessment, internal control or audit evidence, although topics from other syllabus areas may also be
included
For the computer-based exam candidates will be delivered an extra 10 marks of objective test content, for which
candidates are given an extra 20 minutes. These questions are included to ensure fairness, reliability and
security of exams. These questions do not directly contribute towards the candidate’s score. Candidates will not
be able to differentiate between the questions that contribute to the result and those that do not.
Paper-based exams
The total exam time is three hours and 15 minutes. Prior to the start of the exam candidates are given an extra
10 minutes to read the exam instructions.
Section A of the paper-based exam comprises three questions containing five multiple choice questions.
Section B of the exam comprises one 30 mark question and two 20 mark questions.
Section B of the exam will predominantly examine one or more aspects of audit and assurance from planning
and risk assessment, internal control or audit evidence, although topics from other syllabus areas may also be
included
1. Very brief answers to most, if not all questions. In other words, some of the basic knowledge is known,
but there is little or no application of that knowledge to the scenario
2. Significant lack of understanding of audit procedures and the audit process. For example, where a
question asks for audit procedures to be listed and explained, a typical answer is ‘check the ledger’
providing no indication of which ledger will be ‘checked’ or what the ledger is being checked for
3. Lack of exam practice. In a significant minority of scripts, it appears that candidates have not attempted
any mock exams prior to the ‘real’ exam. Poor exam technique is identified as:
answering questions in a random sequence (for example, Question 1 Part (a),
followed by Question 3 Part (b), followed by Question 2 Part (c), and so on)
spending far too much time on one question, leaving little or no time for the
other questions
not writing in the required style (eg providing the answer in one long paragraph
rather than splitting the answer up into individual points)
focusing on theory only with no attempt to use the scenario.
Marginal scripts
1. Answering questions correctly, but not including a sufficient number of relevant points to obtain a pass
standard.
2. Having a good knowledge of auditing, but being unable to apply that knowledge to the scenarios
provided in the question.
1. Are usually well presented, and make appropriate use of paragraphs, sentences and table formats
where appropriate.
2. Demonstrate that students are able to apply that knowledge to the question, clearly and succinctly.
Audit procedures are listed as well as explained.
3. All questions are attempted, even though some sections may not be answered that well. A few marks
could normally be obtained from a valid attempt; obviously, no marks are awarded if the question is not
attempted at all.
An audit can be compared to an annual checkup with the doctor. Just as the patient must pass certain exams to
ensure a clean bill of health, a company’s financial “good health” standing relies on whether or not its financial
statements abide by generally acceptable standards and accounting principles. While audit does not guarantee
perfect financial statements, it does provide reasonable assurance that the statements are free of
misstatements. In this case, the doctor is the auditor, and the company is the patient.
Almost every organization, whether it is a privately held business, a publicly owned corporation, or a nonprofit
organization, must prepare financial reports. These reports are like the lifeline of a company and help owners
and managers make decisions and help provide the company’s financial status to shareholders, employees,
regulators, and the public.
An external audit is performed by an outside auditor who does not have any ties to the organization or its
financial statements. The outside auditor examines financial statements prepared by management for a fair
presentation as well as relevance and accuracy. Most importantly, an auditor tests whether or not a company is
adhering to professional standards and IAS/IFRS.
Internal Auditing: Companies perform internal audits to ensure that the company is meeting internal and
external goals. Internal goals include productivity, quality, compliance controls, consistency, and cost, while
external goals deal with customer satisfaction and market share. Auditors check to make sure transactions are
executed with management’s authorization. Also, access to assets must have management’s authorization.
Generally speaking, an internal auditor rates the company’s overall effectiveness.
An audit of a company's accounts is needed because in companies, the owners of the business are often not the
same persons as the individuals who manage and control that business.
The shareholders own the company.
The company is managed and controlled by its directors.
The directors have a stewardship role. They look after the assets of the company and manage them on behalf
of the shareholders. In small companies the shareholders may be the same people as the directors. However, in
most large companies, the two groups are different.
The relationship between the shareholders of a company and the Board of Directors is also an application of the
general legal principle of agency. The concept of agency applies whenever one person or group of individuals
acts as an agent on behalf of someone else (the principal). The agent has a legal duty to act in the best interests
Over time, the annual audit was developed as a way of adding credibility to the financial statements produced
by management. The statutory audit is now a key feature of Company Law throughout the world. An auditor
reports to the shareholders on the financial statements produced by a company's management.
Accountability
It often means answerability and responsibility. (Management is accountable to shareholders)
Stewardship
Stewardship is the responsibility for taking good care of resources on behalf of someone else. (Management
acts as steward of shareholders’ investments)
Agency
Agency is a relationship between a principal (who engages the agent) and another party, (who is engaged i.e. an
agent), where the second party (agent) is authorised to carry out the principal's instructions in the transactions
with a third party.
2. A second element which is required for an assurance engagement is suitable subject matter. The
subject matter is the data which the responsible party has prepared and which requires verification.
3. Thirdly this subject matter is then evaluated or assessed against suitable criteria in order for it to be
assessed and an opinion provided.
4. Fourth, the practitioner must ensure that they have gathered sufficient appropriate evidence in order to
give the required level of assurance.
5. Last, an assurance report provides the opinion which is given by the practitioner to the intended user
An Assurance engagement in which the practitioner An assurance engagement in which the practitioner
reduces engagement risk to an acceptably low reduces engagement risk to a level that is
level in the circumstances of the engagement as acceptable in the circumstances of the engagement
the basis for the practitioner’s conclusion. but where that risk is greater than for a reasonable
assurance engagement
Example: External Audit Example: Review of financial statements
High level of assurance but NOT absolute or 100% Moderate level of assurance
A high but not absolute level of assurance is The practitioner gathers sufficient evidence to be
provided, this is known as reasonable assurance. satisfied that the subject matter is plausible; in this case
negative assurance is given whereby the practitioner
confirms that nothing has come to their attention which
indicates that the subject matter contains material
misstatements.
Sufficient appropriate evidence is obtained as part Lesser testing-focus on obvious errors only
of a systematic engagement process that includes: (Analytical testing and Enquiry)
- Obtaining an understanding of the
engagement circumstances No going concern review
- Assessing risks
- Responding to assessed risks The procedures undertaken are not nearly as
- Performing further procedures using a comprehensive as those in an audit, with procedures
combination of inspection, observation, such as analytical review and enquiry used extensively.
external confirmation, re-calculation, re- In addition, the practitioner does not need to comply
performance, analytical procedures and with ISAs as these only relate to external audits.
inquiry.
Positive conclusion- Wording: Negative conclusion-Wording:
‘in our opinion the financial statements give (or do “nothing has come to light to suggest errors or problems
not give) a true and fair view of the state of the exist’'
company’s affairs’.
The assurance is therefore given on the absence of any
The phrases used to express the auditor’s opinion indication to the contrary.
are ‘give a true and fair view’ or ‘present fairly, in
all material respects’ which are equivalent terms
Review engagements are often undertaken as an alternative
to an audit, and involve a practitioner reviewing financial
data, such as six-monthly figures. This would involve the
practitioner undertaking procedures to state whether
anything has come to their attention which causes the
practitioner to believe that the financial data is not in
accordance with the financial reporting framework.
1. Agreed-upon procedures : A report on factual findings is given but no assurance expressed. Users must
judge for themselves and drawn their own conclusions
2. Compilation engagement: Users of the compiled information gain benefit from the accountant’s
involvement but no assurance is expressed. It is used to collect, classify and summarise financial
information. It means to present data in a manageable and understandable form.
External audit
It is a review and assessment of the financial records to form an overall conclusion as to whether:
- The financial statements have been prepared using acceptable accounting policies, which have been
consistently applied.
- The financial statements comply with all the relevant regulations and statutory requirements.
- Adequate disclosure of all material matters relevant to the proper presentation of financial information
has been made.
Objective of external audit engagements: “Opinion”: The auditor’s report contains a clear written expression
of opinion on the financial statements.
• Auditors do not bear any responsibility for the preparation and presentation of the financial statements
• There are many misconceptions about the role of the auditors, which are referred to as ‘the
expectations gap’. The expectations gap is the gap between what auditors do and what people think
they (should) do
• Statutory audits
Various other bodies require an audit under law, including Building societies,
Some charities
- Non-statutory audits: Performed on various clubs, sole traders and partnerships because the owners
want them, not because it is legally needed
According to the International Standards on Auditing, the general principles of an audit are:
Important Terms
Financial statements are produced by management which give a true and fair view of the entity’s results. The
auditor in reviewing these financial statements gives an opinion on the truth and fairness of them. Although
there is no definition in the International Standards on Auditing of true and fair it is generally considered to have
the following meaning:
True – Information is factual and conforms with reality in that there are no factual errors. In addition it is
assumed that to be true it must comply with accounting standards and any relevant legislation. Lastly true
includes data being correctly transferred from accounting records to the financial statements.
Fair – Information is clear, impartial and unbiased, and also reflects plainly the commercial substance of the
transactions of the entity.
Those charged with governance – The person(s) with responsibility for overseeing the strategic direction of the
entity and obligations related to the accountability of the entity. This includes overseeing the financial reporting
process.
In some cases, all of those charged with governance are involved in managing the entity, for example, a small
business where a single owner manages the entity and no one else has a governance role
Engagement partner – The partner in the firm who is responsible for the audit engagement and its
performance, and for the auditor’s report that is issued on behalf of the firm, and who has the appropriate
authority from a professional, legal or regulatory body.
Professional judgment – The application of relevant training, knowledge and experience, within the context
provided by auditing, accounting and ethical standards, in making informed decisions about the courses of
action that are appropriate in the circumstances of the audit engagement.
Professional skepticism – An attitude that includes a questioning mind, being alert to conditions which may
indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence. Professional
skepticism includes being alert to, for example:
• Audit evidence that contradicts other audit evidence obtained.
• Information that brings into question the reliability of documents and responses to inquiries to be used as
audit evidence.
• Conditions that may indicate possible fraud.
• Circumstances that suggest the need for audit procedures in addition to those required by the ISAs.
Materiality
The objective of an audit of financial statements is to enable the auditor to express an opinion on whether the
financial statements are prepared in all material respects, with an identified financial reporting framework.
Information is material if its omission or misstatement could influence the economic decisions of users taken on
the basis of the financial statements.
The auditor must be concerned with identifying 'material' errors, omissions and misstatements. Both the
amount (quantity) and nature (quality) of misstatements need to be considered.
To put this into practice the auditor therefore has to set his own materiality levels – this will always be a matter
of judgement.
1. Sampling – it is not practical for an auditor to test 100% of transactions and so they have to apply
sampling methodologies in selecting balances/transactions to test. Therefore, there could be an error in
an item not selected for testing by the auditor.
2. Subjectivity – financial statements include judgmental and subjective areas and therefore the auditor is
required to use their judgment in assessing whether the financial statements are true and fair.
3. Inherent limitations of internal control systems – an internal control system is operated by people and
hence is liable to human error. In addition, there is the possibility of controls override by management
and of collusion and fraud. It is impossible to remove all of these inherent limitations and as the auditor
relies on the internal control systems, this can reduce the usefulness of the audit.
4. Evidence is persuasive not conclusive – the opinion is based on audit evidence gathered; however, while
this evidence can indicate possible issues affecting the audit opinion, evidence involves estimates and
judgments and hence does not give a definite conclusion.
5. Even if everything reported on was examined and found to be satisfactory, there may be other items
which should have been included– the completeness problem.
6. Auditors plan their work to detect material errors and frauds only – so small frauds (or large frauds split
into many small amounts) may go unnoticed.
An external audit has a number of other issues which reduce its usefulness
1. Audit report format – the format of the opinion is determined by International Standards on Auditing.
However, the terminology used is not usually understood by non-accountants. This means that users
may not actually understand the audit opinion given.
2. Historic information – the audit report is often issued some time after the year end, and so the financial
information can be quite different to the current position. In the current marketplace where companies’
financial positions can change quite quickly, the audit opinion may no longer be relevant as it is out of
date.
3. Auditors need to understand their clients in great depth if they are to understand how fraud could be
carried out and hidden. However, auditors cannot become too close to their clients or their
independence will be called into question.
4. Where auditors spot errors or fraud, their primary legal responsibility is to report this to management.
Any external reporting is hampered by rules on confidentiality.
b) Eligibility: there may well be statutory rules determining who can act as auditors. Membership of an
appropriate body is likely to be one criterion.
c) Supervision and monitoring: these activities initially came under particular scrutiny in a number of countries
during the 1990s and these activities are again under the spotlight following the recent global economic
crisis. Questions have been asked about why auditors have failed to identify impending corporate failures
and whether they were being regulated strongly enough. The supervision regime has come under particular
scrutiny in countries where regulation and supervision is done by the auditors' own professional body (self-
regulation). Suggestions have been made in these countries that supervision ought to be by external
government agencies.
To be allowed to perform external audits, an individual must go through an approval process. The individual
must:
Pass an approved set of examinations set by a Recognized Qualifying Body (RQB). Examples of an RQB
include the ACCA and the ICAEW;
Become a member (and stay a member) of a Recognized Supervisory Body (RSB). The ACCA and the ICAEW
are also examples of RSBs.
A business partner or employee of a director or employee of the client, or any of its associated companies.
Maintenance of adequate accounting records The auditor while performing his duties must
check whether proper and adequate accounting
records have been maintained and prepared.
Compliance with legislation It is the duty of an auditor to ensure that all the
applicable regulations have been complied with
while preparing the financial statements.
The regulatory framework, within which the auditors are required to perform, provides them with certain rights
to perform their duties effectively
(i) A right of access at all times to the books, accounts and vouchers of the company.
(ii) A right to require from officers of the company such information and explanations as they consider
necessary for the performance of their duties.
(iii) A right to attend any general meetings of the company and to receive all notices of and
communications relating to such meetings which any member of the company is entitled to receive.
(iv) A right to be heard at any general meeting on any part of the business of that meeting that concerns
them as auditors.
(v) A right, in the case of the auditors of a holding company, to request information and explanations from
subsidiaries of the holding company and their auditors.
(vi) Aright to make written representations when the company proposes to appoint auditors other than
them.
(vii) A right to requisition an extraordinary general meeting to consider any circumstances which members
or creditors ought to know about in connection with their resignation (which may be effected at any
time by giving written notice to the client setting out any such circumstances).
(viii) A right to give notice in writing requiring the holding of a general meeting for the purpose of laying the
accounts and report before the members.
Responsibilities of Directors
The directors and the auditors of a company are both appointed by the members of the company but their
duties are quite distinct.
Directors are appointed to fulfill the executive function of managing the company. In company law, company
directors also have specific responsibilities in relation to the accounting function.
(i) Directors are expected to safeguard the assets of the company.
(ii) The company is expected to keep accounting records sufficient to enable the directors to ensure that
the balance sheet and profit and loss account prepared under the Companies Act comply with the Act.
In practice, the directors will, in all but the smallest companies, delegate much accounting work to
employees of the company.
(iii) Directors are responsible for preventing errors, irregularities and fraud. This task should be addressed
by setting up appropriate controls within the company. There should be appropriate measures in place
to detect errors, irregularities and fraud which may occur. The auditors can only be expected to carry
out their work so as to have a reasonable expectation of detecting material errors and fraud which may
have occurred.
(iv) The directors must prepare financial statements for each financial year of the company. The annual
accounts are required to show a true and fair view of the state of affairs of the company at the balance
There are various legal and professional requirements on appointment, resignation and removal of auditors
which must be followed.
Appointment of Auditors
Usually, the external auditors are appointed by the shareholders at the annual general meeting (AGM) of
the company, and hold office until the next AGM. At the next AGM the auditors are re-appointed by the
shareholders, or different auditors are appointed.
However, directors may be allowed to appoint auditors in the following circumstances, as a matter of
practical convenience:
To fill a 'casual vacancy'; for example where the current auditor is no longer able to act
To appoint the first auditor of a newly-formed company.
An auditor appointed by the directors will normally hold office only until the next AGM, when they will have
to submit themselves for re-appointment by the shareholders.
If neither the shareholders of the company nor its directors have appointed auditors, company law may
allow for an appropriate government department to make the appointment.
In principle, the remuneration of the auditor is set by whoever appoints him. However, in practice, where
the shareholders make the appointment, it is usual to delegate to the board of directors the power to set
the auditor's remuneration. The directors are likely to be more familiar than the shareholders with the
nature and scope of the work involved in the audit process, and so the appropriate level of fees for that
work. (The board of directors may delegate the task of recommending or approving the audit fee to the
audit committee.)
Key points
RESIGNATION: Sometimes it is necessary for the auditors to resign. If an auditor resigns, they should do so in
writing and they may wish to speak to the shareholders to explain their reasons
The procedures for the resignation of the current auditors will normally include the following:
– The resignation should be made to the company in writing. The company should submit this resignation
letter to the appropriate regulatory authority.
– The auditor should prepare a Statement of the Circumstances. This sets out the circumstances leading to
the resignation, if the auditor believes that these are relevant to the shareholders or creditors of the
company. If no such circumstances exist, the auditor should make a statement to this effect. This statement
should be sent:
By the auditor to the regulatory authority
By the company to all persons entitled to receive a copy of the company's financial statements
(principally the shareholders).
FORCED REMOVAL: Sometimes, the Board of Directors or some shareholders may wish to remove the auditors.
A General Meeting must be called so that the shareholders can vote on the proposal (via an ordinary resolution).
The auditor will normally be allowed to attend such a meeting and make statements to the shareholders.
Alternatively, the auditor may require written statements to be circulated to the shareholders in advance of the
meeting.
AUDITORS DO NOT WISH TO SEEK REAPPOINTMENT: Sometimes the auditors finish the annual audit and decide
they do not wish to audit the company in future years. As such, when the board asks them to accept nomination
for the following year, the auditors should politely decline and issue a Statement of Circumstances.
International Standards on Auditing (ISAs) are issued by the International Auditing and Assurance Standards
Board (IAASB) and provide guidance on the performance of an audit.
ISAs only apply to the audit of historical financial information. They are written in the context of an audit of
financial statements by an independent auditor.
The ISAs contain basic principles and essential procedures together with related guidance in the form of
explanatory material and appendices. It is necessary to consider and understand the entire text of an ISA to
understand and apply the basic principles and essential procedures.
The basic principles and essential procedures of an ISA are to be applied in all cases. If in exceptional cases the
auditor deems it necessary to depart from an ISA to achieve the overall aim of the audit, then this departure
must be justified.
ISAs issued by the IAASB are not meant to override or supersede local auditing regulations. The reason for the
wide adoption is because of the fact that the IAASB has worked closely with many national standard setters. By
following the below diagrammed process the IAASB has managed to:
o Cooperate with national standard setters,
o Help minimise duplication of efforts and
o Gain support and acceptance of their standards during the early stages of their development
In addition, the IAASB also hosts an annual meeting with various national auditing standard setters to discuss
and debate proposed ISAs and drafts. In this way the board can reach a consensus with local standard setters at
an early stage of development for the ISAs.
Overall it can be said that the relationship that ISAs share with national standards is one of co-existence. By
working closely with various local standard setters, the IAASB has helped to make adoption / integration of ISAs
an almost seamless process in many countries.
Transport debate
A proposed standard is discussed at a meeting, open to the public
Consideration of comments
Any comments as a result of the exposure draft are considered at an open meeting of the
IAASB, and it is revised as necessary.
Affirmative approval
Approval is made by the affirmative vote of at least 2/3 of IAASB members.
Introduction
The IAASB is strongly of the view that an ‘audit is an audit’ and that users who receive audit reports expressing
an opinion have to have confidence in those opinions whether they are in relation to large or small entity
financial statements. However the IAASB have recognised the importance of those who audit small and medium
sized entities (SMEs) and in clarifying the ISAs was heavily influenced by their needs
The IESBA (International Ethics Standards Board for Accountants), a body of IFAC, also lays down fundamental
principles in its Code of Ethics for Professional Accountants. The fundamental principles of the two associations
are extremely similar.
Fundamental Principles
1. Integrity: Members should be straightforward and honest in all professional and business relationships.
Auditors should not knowingly be associated with reports, returns, communications or other
information where they believe that the information contains a materially false or misleading
statement.
2. Objectivity: Members should not allow bias, conflicts of interest or undue influence of others to
override professional or business judgements.
3. Professional competence and due care: to maintain professional knowledge and skill at the level
required to ensure that a client receives competent professional services, and to act diligently and in
accordance with applicable technical and professional standards.
Obligatory: Auditors are obliged to make disclosure where, for example, there is a statutory right or
duty to disclose, such as if the auditor suspects the client is involved in money laundering, terrorism or
drug trafficking in which case they must immediately notify the relevant authorities.
In addition, auditors must make disclosure if compelled by the process of law, for example under a court
order or summons, under which they are obliged to disclose information.
Voluntary
In certain circumstances auditors are free, as opposed to obliged, to disclose information without
obtaining the client’s permission first. These circumstances can be categorised into the four areas
below:
Public interest – An auditor may disclose information which would otherwise be confidential if
disclosure can be justified in the ‘public interest’. This would be perhaps if those charged with
governance are involved in fraudulent activities;
Authorised by statute/laws – There are cases of express statutory provision where disclosure of
information to a proper authority overrides the duty of confidentiality;
5. Professional behaviour: Members should comply with relevant laws and regulations and should avoid
any action that discredits the profession.
There are five general sources of threat ( explanation of the threats are given in the table with examples later):
The exam: Once you have identified a threat from the scenario, you will need to name the threat, explain WHY it
is a threat and tell the safeguard.
Important terms
QCR: Quality Control Review ( independent partner review)- Having a professional accountant who was not
involved with the non-assurance service review the non-assurance work performed
Chinese walls: The use of separate engagement teams, with different engagement partners and team members
Example Safeguard
A member of the assurance team or the firm having a Remove the individual from the audit team-the self-
direct financial interest in the assurance client. interest threat created would be so significant that no
safeguards could reduce the threat to an acceptable
level.
Gifts and hospitality - Nature, value and intent of offer to be
considered
- Not allowed unless insignificant ( politely
decline)
Recent Service with an Audit Client Remove from team if worked at the client in the year
being audited at a position to exert significant influence
(if a member of the audit team has recently served
over the subject matter.
an employee of the audit client)
A member of the assurance team(or the firm) having - If material, not allowed (The threat created
a significant close business relationship would be so significant that no safeguards could
- Commercial relationship reduce the threat to an acceptable level.)
- Common financial interest
Examples: joint venture with the client or a
controlling owner/ director, formal marketing of
each other’s product, combine the services of the
firm with those being offered by client and market
the package
Overdue fee-might be regarded as being equivalent Discuss with those charged with governance the reasons
to a loan to the client why the payments have not been made.
(if fees due from an audit client remain unpaid for a Should agree a revised payment schedule which will
long time, especially if a significant part is not paid result in the fees being settled before much more work
before the issue of the audit report for the following is performed for the current year audit.
year.)
Recruitment services ( especially hiring of senior - Listed clients: not allowed for directors or
management) senior positions related to f/s preparation
- Otherwise, final decision should be by the client
and DO NOT negotiate on the client’s behalf
Compensation and Evaluation Policies (when a A key audit partner shall not be evaluated on or
member of the audit team is evaluated on or compensated based on that partner’s success in selling
compensated for selling non-assurance services to non-assurance services to the partner’s audit client.
that audit client.)
Self-Review-the threat that the auditor will not appropriately evaluate the results of a previous judgment
made/or service performed by him
Example Safeguard
Provision of other services to an audit client Listed Clients: Most non-assurance services related to
financial reporting are not allowed.
(Note: other threats due to this are self-interest
because of the fee element and advocacy-see below) Other clients: Segregation of duties, Chinese walls, QCR
Temporary staff assignments-The lending of staff by Should ideally not be made a part of the audit team.
a firm to an audit client
Generally acceptable if no management responsibility
taken up and the audit client shall be responsible for
directing and supervising the activities of the loaned
staff
Recent Service with an Audit Client- a member of Remove from team if worked at the client in the year
the audit team has recently served as a employee of being audited at a position to exert significant influence
the audit client- The threat is that the member of the over the subject matter
audit team has to evaluate elements of the financial
statements for which he had prepared the
accounting records while with the client.
Family and Personal Relationships Remove from team if the relationship is with a senior
person at the client with influence over the f/s.
Employment with an Audit Client Listed client: for partners, ok if twelve months have
passed since the individual was Partner.
(the director or a senior member of the audit client
has been a member of the audit team or partner of Other safeguards
the firm in the past)
-Modifying the audit plan;
Legal services to audit client ( for example contract If they relate to resolving a dispute or litigation when
support, litigation, mergers and acquisition legal the amounts involved are material to the financial
advice and support to clients’ internal legal Statements: not allowed
departments)
Intimidation: the threat that the auditor will be deterred from acting objectively because of actual or perceived
pressures, including attempts to exercise undue influence over the auditor
A dominant personality at the client attempting to - ensure that all audit engagements are
influence the decision making process, for example conducted in accordance with International
the application of an accounting principle. Standards on Auditing
- Ensure you gather sufficient appropriate
A firm being pressured to reduce inappropriately the evidence
extent of work performed in order to reduce fees.
Fee dependence, close personal relationships, The safeguards for each will be the same as discussed
business relationships also cause intimidation earlier.
threats.
(Firm competes with client or firm has a joint venture with a competitor of a client or the firm has competitors as
clients)
Members should place their clients’ interests before their own and should not accept or continue engagements
which threaten to give rise to conflicts of interest between the firm and the client. Any advice given should be in
the best interests of the client.
A conflict of interest arises where an auditor acts for both a client company and for a competitor company of the
client. Where the acceptance/continuance of an engagement would, despite safeguards, materially prejudice
the interests of any clients, the appointment should not be accepted/continued, or one of the appointments
should be discontinued.
Members:
• Can advertise, but should have regard to relevant advertising codes and standards
• Should not make disparaging references to or comparisons with the work of others
Audit fee
• Lowballing is offering audit services at less than the market rate; undercutting others in a tender
• It can be an independence threat as such a fee is less than the work is worth
• However, audit does have a fluctuating market price and firms can reduce fees
The auditor should communicate 1.Formalities(of removal of outgoing 1.Any issues which might
with the outgoing auditor the auditor fulfilled) arise which could threaten
client to assess if there are any compliance with ACCA’s Code
ethical or professional reasons 2.Reputation and integrity of the client’s of Ethics and Conduct or any
why they should not accept management assessed- If necessary, the local legislation, including
appointment. firm may want to obtain references if they independence and conflict of
do not formally know the directors interest with existing clients.
They should obtain permission If issues arise, then their
from the client’s management to 3. Consider the level of risk attached to the significance must be
contact the outgoing auditor; if audit whether this is acceptable to the considered.
this is not given, then the firm. As part of this, they should consider
engagement should be refused. whether the expected audit fee is adequate 2.Whether they are
in relation to the risk auditing the client competent to perform the
The previous auditor must obtain work and whether they
permission from the client’s Client screening would have appropriate
management to respond; if not The purpose of client screening procedures resources( especially human
given, then the auditor should is to determine whether the prospective resource and time!) available,
refuse the engagement. client is suitable for the firm. as well as any specialist skills
or knowledge required for
The firm should evaluate the potential risk the audit
to the firm of acceptance.
When a client is deemed to represent a
high audit risk to the firm, the firm should
carefully consider the implications arising
should it fail in meeting its objective of
giving an accurate audit opinion. If the firm
is not confident that the benefit to be
derived from accepting the appointment
outweighs the potential risks (including
financial and reputational risk of being
sued), then the firm should decline the
appointment.
Factors to consider:
- The state of the economic
ISA 210 Agreeing the Terms of Audit Engagements provides guidance to auditors on the steps they should take
in accepting a new audit or continuing on an existing audit engagement. It sets out a number of processes that
the auditor should perform including agreeing whether the preconditions are present, agreement of audit terms
in an engagement letter, recurring audits and changes in engagement terms.
1. Determine whether the financial reporting framework to be applied in the preparation of the financial
statements is acceptable.
2. Obtain the agreement of management that it acknowledges and understands its responsibility:
(i) For the preparation of the financial statements in accordance with the applicable financial reporting
framework, including where relevant their fair presentation
(ii) For such internal control as management determines is necessary to enable the preparation of financial
statements that are free from material misstatement, whether due to fraud or error; and
***Additional information: Additional information that the auditor may request from management for the
purpose of the audit may include when applicable, matters related to other information in accordance with ISA
720 (Revised). When the auditor expects to obtain other information after the date of the auditor’s report, the
terms of the audit engagement may also acknowledge the auditor’s responsibilities relating to such other
information including, if applicable, the actions that may be appropriate or necessary if the auditor concludes
that a material misstatement of the other information exists in other information obtained after the date of the
auditor’s report.
An engagement letter provides a written agreement of the terms of the audit engagement between the auditor
and management or those charged with governance.
It confirms that there is a common understanding between the auditor and management, or those charged with
governance, of the terms of the audit engagement helps to avoid misunderstandings with respect to the audit.
2. Scope of the audit: Elaboration of the scope of the audit, including reference to applicable legislation,
regulations, ISAs, and ethical and other pronouncements of professional bodies to which the auditor
adheres.
5. The requirement for the auditor to communicate key audit matters in the auditor’s report in accordance
with ISA 701
6. Deliverables: The form of any other communication of results of the audit engagement.e.g. letters,
certificates or audit report.
8. The basis on which fees are computed and any billing arrangements.
9. Permission to communicate with the previous accountant (by sending the etiquette letter)
10. Access to all the records, documentation and other information requested in connection with the audit, e.g.
customs documents to verify whether the goods are being held by customs
11. Management’s responsibility for establishing and maintaining effective internal controls, e.g. maintenance
of proper accounting records
12. The fact that because of the inherent limitations of an audit, together with the inherent limitations of
internal control, there is an unavoidable risk that some material misstatements may not be detected, even
though the audit is properly planned and performed in accordance with ISAs.
14. The expectation that management will provide access to all information of which management is aware that
is relevant to the preparation of the financial statements, including an expectation that management will
provide access to information relevant to disclosures.
15. The agreement of management to make available to the auditor draft financial statements including all
information relevant to their preparation, whether obtained from within or outside of the general and
subsidiary ledgers (including all information relevant to the preparation of disclosures), and the other
information,3 if any, in time to allow the auditor to complete the audit in accordance with the proposed
timetable.
16. The agreement of management to inform the auditor of facts that may affect the financial statements, of
which management may become aware during the period from the date of the auditor’s report to the date
the financial statements are issued.
17. A request for management to acknowledge receipt of the audit engagement letter and to agree to the terms
of the engagement outlined therein.
Engagement letters for recurring/existing clients should be revised if any of the following factors are present:
- Any indication that the entity misunderstands the objective and scope of the audit, as this
misunderstanding would need to be clarified.
- Any revised or special terms of the audit engagement, as these would require inclusion in the
engagement letter.
- A recent change of senior management or significant change in ownership. The letter is signed by a
director on behalf of those charged with governance; if there have been significant changes in
management they need to be made aware of what the audit engagement letter includes.
- A significant change in nature or size of the entity’s business. The approach taken by the auditor
may need to change to reflect the change in the entity and this should be clarified in the
engagement letter.
- A change in legal or regulatory requirements. The engagement letter is a contract; hence if legal or
regulatory changes occur, then the contract could be out of date.
- A change in the financial reporting framework adopted in the preparation of the financial
statements. The engagement letter clarifies the role of auditors and those charged with governance,
it identifies the reporting framework of the financial statements and if this changes, then the letter
requires updating.
- A change in other reporting requirements. Other reporting requirements may be stipulated in the
engagement letter; hence if these change, the letter should be updated.
1. It helps the auditor to devote appropriate attention to important areas of the audit.
2. It helps the auditor to identify and resolve potential problems on a timely basis.
3. It helps the auditor to properly organise and manage the audit engagement so that it is performed in an
effective and efficient manner.
4. It assists in the selection of engagement team members with appropriate levels of capabilities and
competence to respond to anticipated risks and the proper assignment of work to them.
5. It facilitates the direction and supervision of engagement team members and the review of their work.
Planning
b) Risk assessment
o These procedures are conducted at the planning stage to assess the risk
of material misstatement in the financial statements. Examples are
given below.
Audit Risk: Is the risk that the auditor might give an incorrect opinion when the F/S are materially misstated.
Audit Risk has two components ( Risk of material misstatement in F/S and Detection Risk)
Audit Risk
(Risk that the F/S might be materially misstated before ( risk that the auditor’s procedures will
the audit) not detect misstatements in the F/S)
Inherent Risk Control Risk Possible reasons for high detection risk
include:
Important: If risk of material misstatements in financial statement is high, the auditor will need to reduce
detection risk in order to decrease audit risk.
Material by amount for F/S as a whole: The exam: 5% of PBT, 2% of Total Assets, 1% of
Revenue
Material by nature: related party transactions, Bank, items which affect debt covenants. Items
which affect statutory items ect.)
Materiality may be revised at a later stage in audit ( for example if auditor gets new information,
or if there is a change in auditor’s understanding of the client)
Performance materiality ( should be lower than the overall materiality level) The amount of
performance materiality is considered necessary to reduce to an appropriately low level the
probability that the aggregate of uncorrected and undetected misstatements is greater than
materiality.
d) Scope:
locations/branches
financial reporting framework
any industry specific regulation that apply
need of experts
reliance on internal auditor’s work
use of service org by client (outsourced functions)
use of computer aided audit techniques (CAATs) by the auditor
Timing:
reporting deadlines
meetings with the management/TCWG
expected communication with the management
team meetings
review of audit work by audit partner.
Direction:
Audit Strategy: An audit strategy sets the scope, timing and direction of the audit and guides the development
of the more detailed audit plan.
Audit plan: Once the overall strategy has been planned, detailed consideration can be given to each individual
audit objective and how it can be best met.
The auditor obtains an understanding of the entity, its control environment and its detailed internal controls:
to identify and assess the risks of material misstatements in the financial statements
and to provide a basis for designing and implementing responses to these risks
to determine the extent to which the auditor would rely on the internal control system.
- Industry, regulatory and other external factors( Prior year financial statements: Provides
for example financial reporting framework, laws information in relation to the size of the client
and regulations, stakeholders, economic as well as the key accounting policies,
disclosure notes and whether the audit
conditions like volatility of exchange rates,
opinion was modified or not.
competition, level of technology
Discussions with the previous auditors/access
- Nature of entity and accounting policies ( legal
to their files: Provides information on key
structure, ownership and governance, main issues identified during the prior year audit as
sources of finance) well as the audit approach adopted.
Examiner’s comments
Audit risk questions typically require a number of audit risks to be identified (½ marks each), explained (½ marks
each) and an auditor’s response to each risk (1 mark each).
To explain audit risk, candidates need to state the area of the accounts impacted with an assertion (e.g. cut off,
valuation etc.), or, a reference to under/over/misstated, or, a reference to inherent, control or detection risk.
Misstated is only awarded if it was clear that the balance could be either over or understated.
Candidates are reminded that audit risk questions may also require a calculation of relevant ratios that will allow
the auditor to identify the key areas of risk in the financial statements. If this is required, as it was in September
2015, it is noted that candidates should only provide one ratio per area of the financial statements (eg either
“inventory days” or “inventory turnover”), not include calculations of movements year on year (eg “revenue has
increased by x%), as while relevant in the discussion of risk, will not score the marks for calculating appropriate
ratios, and also come equipped with a calculator for the exam.
1. Assessing engagement risks at the planning stage, this will ensure that attention is focused early on the
areas most likely to cause material misstatements.
2. It will help the auditor to fully understand the entity, which is vital for an effective audit.
3. Any unusual transactions or balances would also be identified early, so that these could be addressed in
a timely manner.
4. Assessing risks early should also result in an efficient audit. The team will only focus their time and effort
on key areas as opposed to balances or transactions that might be immaterial or unlikely to contain
errors.
5. In addition assessing risk early should ensure that the most appropriate team is selected with more
experienced staff allocated to higher risk audits and high risk balances.
6. A thorough risk analysis should ultimately reduce the risk of an inappropriate audit opinion being given.
7. It should enable the auditor to have a good understanding of the risks of fraud, money laundering, etc.
8. Assessing risk should enable the auditor to assess whether the client is a going concern.
Audit Risk = Risk of material misstatement in the financial statements x Detection Risk
Audit risk is the risk that the auditor expresses an inappropriate audit opinion when the financial statements are
materially misstated.
Audit risk is a function of two main components being the risks of material misstatement and detection risk. Risk
of material misstatement is made up of two components, inherent risk and control risk.
Risk of material misstatement is made up of a further two components, inherent risk and control risk.
Inherent risk
Definition: The susceptibility of an assertion about a class of transaction, account balance or disclosure to a
misstatement that could be material, either individually or when aggregated with other misstatements, before
consideration of any related controls.
Inherent risk describes something about the nature of a business or its transactions that make it particularly
susceptible to material misstatements.
Inherent risk is affected by the nature of an entity and factors which can result in an increase include:
– Changes in the industry it operates in.
– Operations that are subject to a high degree of regulation.
– Going concern and liquidity issues including loss of significant customers.
– Developing or offering new products or services, or moving into new lines of business.
– Expanding into new locations.
– Application of new accounting standards.
– Accounting measurements that involve complex processes.
– Events or transactions that involve significant accounting estimates.
– Pending litigation and contingent liabilities.
Control risk
Definition: The risk that a misstatement that could occur in an assertion about a class of transaction, account
balance or disclosure and that could be material, either individually or when aggregated with other
misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal
control.
It is the risk that an organisation’s internal control systems do not adequately protect the organization either
because they have not been adequately designed and / or implemented.
It is important to appreciate that the auditor has no control over the extent of either inherent or control risk;
these are risks borne by the entity subject to audit. However, the auditor has to assess them in the process of
determining the extent of the detailed substantive procedures to be carried out.
Definition: The risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level
will not detect a misstatement that exists and that could be material, either individually or when aggregated
with other misstatements. Detection risk is affected by sampling and non-sampling risk.
Detection risk is all down to the auditors and is the risk that the auditor’s procedures fail to detect a material
misstatement.
Detection risk is affected by sampling and non-sampling risk and factors which can result in an increase include:
– Inadequate planning.
– Inappropriate assignment of personnel to the engagement team.
– Failing to apply professional scepticism.
– Inadequate supervision and review of the audit work performed.
– Incorrect sampling techniques performed.
– Incorrect sample sizes
Detection risk include sampling risk and non-sampling risk ( these are explained in detail with the topic of
sampling- below is an overview).
For example, on an audit assignment where the risk of material misstatement has been assessed as high, in
order to achieve a low level of audit risk, detection risk must be set as low.
In such circumstances the auditor would need to direct an appropriate level of resources to the testing of the
assertion in question. This will comprise adequate planning, proper assignment of personnel, the application of
professional scepticism and supervision and review of the audit work performed.
Analytical procedures
Analytical procedure is an audit procedure which seeks to provide evidence as to the completeness, accuracy
and validity of the information contained in the accounting records or in the financial statements.
The procedure consists of the systematic study and comparison of relationships among elements of financial
information and the investigation of significant fluctuations and variances from the expected relationship
1. Expectation:This step involves developing an expectation of what the financial information figures should be.
This can be agreed through comparisons of financial information or considerations of relationships (ratio
analysis).
2. Identification:This step involves identification of significant variations between the actual data with the
expected data.
3. Investigation of unusual variances: Once the variation has been computed, and if significant variations are
found, the auditor would consult the management in order to establish explanations for the variations revealed.
4. Performance of alternate procedures: If the auditor or the management does not find the variation
reasonable, then they investigate further and perform analytical procedures to satisfy themselves.
When performing an analytical procedure, the auditor compares numbers, ratios or even non-financial
information in order to identify unexpected trends or unexpected relationships,which may indicate the
existence of errors.
Analytical Procedures at to assist the auditor in planning the nature, timing and extent of other audit
the Planning stage procedures. Use at this stage should add to the firm’s understanding of the
business and identify risk areas to which audit resources should
be targeted.
Analytical Procedures at at the detailed testing stage – in most instances analytical procedures should be
substantive testing stage used in conjunction with tests of detail
to achieve a particular audit objective in relation to specific financial statement
assertions..
Analytical Procedures at At the final review stage the auditor must design and perform analytical
the Review stage procedures that assist him when forming an overall conclusion as to whether the
financial statements are consistent with the auditor’s understanding of the entity
and that all of the audit
objectives with regard to the financial statements have been met.
Using Ratios
In the exam you may be asked to compute and interpret the key ratios used in analytical procedures at both
the audit planning stage and when collecting audit evidence. Ratios and comparisons can be used to identify
where the accounts might be wrong, and where additional auditing effort should be spent.
Calculating a ratio is easy, and usually is little more than dividing one number by another. Indeed, the
calculations are so basic that they can be programmed into a spreadsheet. The real skill comes in interpreting
the results and using that information to carry out a better audit. Saying that a ratio has increased because the
top line in the calculation has increased (or the bottom line decreased) is rather pointless: this is simply
translating the calculation into words.
Quick ( or asset test) ratios =Current assets minus inventory/ current liabilities
Examiner’s comments
An auditor’s response does not have to be a detailed audit procedure, rather an approach the audit team will
take to address the identified risk.
Having identified the audit risk candidates are often required to identify the relevant response to these risks. A
common mistake made by candidates is to provide a response that management would adopt rather than the
auditor.
In the past exams, in relation to the risk of valuation of receivables if a company has a number of receivables
who were struggling to pay, many candidates suggested that management needed to chase these outstanding
customers. This is not a response that the auditor would adopt, as they would be focused on testing valuation
through after date cash receipts or reviewing the aged receivables ledger.
Auditor’s responses should focus on how the team will obtain evidence to reduce the risks identified to an
acceptable level. Their objective is confirming whether the financial statement assertions have been adhered to,
and whether the financial statements are true and fair. Responses are not as detailed as audit procedures;
instead they relate to the approach the auditor will adopt to confirm whether the transactions or balances are
materially misstated.
ISA 330 lists the following overall responses that may be used by auditors in order to address the assessed
risks of material misstatement at the financial statement level:
The finance director Abrahams is planning to capitalize the full A breakdown of the development expenditure
$2.2 million of development expenditure incurred. However in should be reviewed and tested in detail to
order to be capitalized it must meet all of the criteria under ensure that only projects which meet the
IAS 38 intangible Assets. The risk is that the criteria has not capitalization criteria are included as an
been and assets might be overstated. intangible asset, with the balance being
expensed.
In September Abrahams Co introduced a new accounting The new system will need to be documented in
system. This is a critical system for the accounts preparation full and testing should be performed over the
and if there were any errors that occurred during the transfer of data from the old to the new
changeover process, these could impact on the final amounts system.
in the trial balance.
Definition: ‘Misstatements, including omissions, are considered to be material if they, individually or in the
aggregate, could reasonably be expected to influence the economic decisions of users taken on the basis of the
financial statements.’
In assessing the level of materiality there are a number of areas that should be considered.
Firstly the auditor must consider both the amount (quantity) and the nature (quality) of any misstatements, or a
combination of both.
The quantity of the misstatement refers to the relative size of it and the quality refers to an amount that might
be low in value but due to its prominence could influence the user’s decision, for example, directors’
transactions.
In assessing materiality the auditor must consider that a number of errors each with a low value may when
aggregated amount to a material misstatement.
The assessment of what is material is ultimately a matter of the auditor’s professional judgement, and it is
affected by the auditor’s perception of the financial information needs of users of the financial statements and
the perceived level of risk; the higher the risk, the lower the level of overall materiality.
Materiality is often calculated using benchmarks such as 5% of profit before tax or 2% of total assets. These
values are useful as a starting point for assessing materiality.
Auditors need to establish the materiality level for the financial statements as a whole, as well as assess
performance materiality levels, which are lower than the overall materiality.
Performance materiality is normally set at a level lower than overall materiality. It is used for testing individual
transactions, account balances and disclosures. The aim of performance materiality is to reduce the risk that the
total of errors in balances, transactions and disclosures does not in total exceed overall materiality.
Scope
Timing
1. Financial reporting framework for the financial Deadlines for:
statements. Final reporting
2. Are there industry specific or other special Any interim report
reporting requirements?
Meeting with Those charged with governance and
3. Are there other factors which influence the overall
Management to discuss important matters of audit
approach to the audit?
Reports to management
Multiple locations
Reports to those charged with governance.
Need of expert
Whether the entity has an internal audit The normal timetable for an audit includes:
function, and if so, in which areas and to what - An interim visit, usually at least three-
extent work of the function can be used. quarters of the way through the
Nature of business (considering need of accounting year
specialized knowledge). - Attendance at inventory count
Effect of information technology on the audit - Year end confirmation letters
- The final audit shortly after the accounting
procedures
year-end
Audit plan
An audit plan converts the audit strategy into a more detailed plan and includes the nature, timing and extent
of audit procedures to be performed by engagement team members in order to obtain sufficient appropriate
audit evidence to reduce audit risk to a low level.
Audit planning is a detailed recording of each procedure and process required to perform an audit.
Once the overall strategy has been determined, the auditor should prepare a detailed plan of the areas
determined in the audit strategy. Once the audit strategy has been decided, the next stage is to decide how it is
going to be carried out; an audit plan is necessary. The audit plan contains the nature, timing and extent of the
procedures to be performed.
Interim Audit
An interim audit refers to audit work that is conducted during the accounting year, at intervals, fixed or not. The
audit of the remaining part of the year will be done at the end of the accounting year.
The auditor uses the interim audit to carry out procedures which would be difficult to perform at the year end
because of time pressure. There is no requirement to undertake an interim audit; factors to consider when
deciding upon whether to have one include the size and complexity of the company along with the effectiveness
of internal controls.
Final audit
The final audit will take place after the year end and concludes with the auditor forming and expressing an
opinion on the financial statements for the whole year subject to audit. It is important to note that the final
opinion takes account of conclusions formed at both the interim and final audit.
a) There is always a danger that the audited figures may be altered either innocently or
fraudulently. That is why ISA 330 states that when audit evidence (relating to the operating
effectiveness of internal controls or the financial statement assertions), is obtained during the
interim period, additional audit evidence (relating to the effectiveness of internal controls or the
financial statement assertions) must also be obtained for the remaining period.
b) It is just a waste of time in small entities.
c) The cost would be high.
Examiner’s comments
Internal control questions typically require internal control deficiencies to be identified (½ marks each), explained
(½ marks each), a relevant recommendation to address the control (1 mark), and, often a test of control the
external auditor would perform to assess whether each of these controls, if implemented, is operating correctly
(1 mark).
Internal control questions may also require a covering letter to management to accompany the list of deficiencies
and recommendations.
Occasionally, as in September 2015, candidates may be asked to identify internal control strengths as
well as deficiencies.
Internal control over financial reporting: The process designedimplemented maintained by TCWG to
provide reasonable assurance about the reliability of financial reporting, effectiveness of operations and
compliance with laws and regulations.
Internal controls assure management of the accuracy of the financial statements, that the operations of the
entity are conducted efficiently and that the entity has complied with all the laws and regulations which are
applicable to the entity.
ISA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its
Environment considers the components of an entity’s internal control. It identifies the following components:
1. Control environment
2. Entity’s risk assessment process
3. Information system and communication
4. Control activities
5. Monitoring of controls
Understand client’s Risk Auditor needs to understand the management’s process to identify and assess
Assessment Process risks in financial reporting. Auditor also needs to understand actions taken by
the management to address these risks.The auditor will then evaluate whether
there are deficiencies in the client’s risk assessment process.
Understand client’s Auditor will understand the process by which transactions and events are
Information systems initiated, recorded, processed, corrected, transferred to general ledger and
relevant to financial reported in the financial statements.
reporting
Auditor will also understand how the client communicates financial reporting
Plus roles and responsibilities as well as important matters relating to financial
reporting.
communication
Understand client’s Auditor will understand how internal controls over financial reporting
Monitoring process monitored ( including whether there is an effective internal audit department)
Controls on the information system environment which ensure proper development of applications.
Examples include
APPLICATION CONTROLS
Application controls are those controls that relate to the transaction and standing data relating to a computer-
based accounting system.
They are specific to a given application and their objectives are to ensure the completeness and accuracy of the
accounting records and the validity of entries made in those records.
An effective computer-based system will ensure that there are adequate controls existing at the point of input,
processing and output stages of the computer processing cycle and over standing data contained in master files.
Application controls need to be ascertained, recorded and evaluated by the auditor as part of the process of
determining the risk of material misstatement in the audit client’s financial statements.
Input controls
Data input controls ensure the accuracy, completeness, and timeliness of data during its conversion from its
original source into computer data, or entry into a computer application. Examples are given below:
- Format checks: These ensure that information is input in the correct form. For example, the
requirement that the date of a sales invoice be input in numeric format only – not numeric and
alphanumeric.
- Range /Reasonableness checks: These ensure that input data is rejected or highlighted if it is
outside pre-set parameters.For example, where an entity rarely, if ever, makes bulk-buy purchases
with a value in excess of $50,000, a purchase invoice with an input value in excess of $50,000 is
rejected for review and follow-up.
- Exception checks: These ensure that an exception report is produced highlighting unusual situations
that have arisen following the input of a specific item. For example, the carry forward of a negative
value for inventory held.
- Control totals: These also facilitate completeness of processing by ensure that pre-input, manually
prepared control totals are compared to control totals input. For example, the total of all the
invoices, such as the gross value, is manually calculated. The invoices are input, the system
aggregates the total of the input invoices’ gross value and this is compared to the control total. This
helps to ensure completeness and accuracy of input.
- Existence checks : the system is set up so that certain key data must be entered, such as supplier
name, otherwise the invoice is rejected. This helps to ensure accuracy of input.
- Check digit verification: Check digits are used to protect against the transposition of data i.e. errors
arising due to accidental reversal of digits. This process uses algorithms to ensure that data input is
accurate.
- Document counts :the number of invoices to be input are counted, the invoices are then entered
one by one, at the end the number of invoices input is checked against the document count. This
helps to ensure completeness of input.
- One for one checking: the invoices entered into the system are manually agreed back one by one to
the original purchase invoices. This helps to ensure completeness and accuracy of input.
Processing controls
Processing controls exist to ensure that all data input is processed correctly and that data files are appropriately
updated accurately in a timely manner.
For example, the balance carried forward on the bank account in a company’s general (nominal) ledger.
Other processing controls should include the subsequent processing of data rejected at the point of input, for
example:
- A computer produced print-out of rejected items.
- Formal written instructions notifying data processing personnel of the procedures to follow with regard
to rejected items.
- Appropriate investigation/follow up with regard to rejected items.
- Evidence that rejected errors have been corrected and re-input.
Output controls exist to ensure that all data is processed and that output is distributed only to prescribed
authorised users. While the degree of output controls will vary from one organisation to another (dependent on
the confidentiality of the information and size of the organisation), common controls comprise:
- Appropriate review and follow up of exception report information to ensure that there are no
permanently outstanding exception items.
- Careful scheduling of the processing of data to help facilitate the distribution of information to end users
on a timely basis.
- Ongoing monitoring by a responsible official, of the distribution of output, to ensure it is distributed in
accordance with authorised policy.
Standing data is the information that is held on computer files for long-term use. It is called standing data as it
tends to change less frequently than other data. Examples of standing data would be:
• the rate of sales tax to be applied to sales invoices;
• the hourly pay rate for a factory worker to be used when calculating payroll;
• employee bank account details.
- Controls are far more expensive compared to the benefits from the system.
- Overriding of controls by the management.
- Control systems are not geared up to cater to non-routine transactions.
- Possibility of human error.
- Possibility of fraud on account of collusion between employees.
- Possibility that, with a change in conditions, a control may not be modified and therefore may become
inadequate.
- Obsolescence of controls.
Management: design and implement and effective ICS. Check and ensure it is working effectively on a
continuous basis
BOD: ensure that an effective ICS is designed, implemented and monitored by the management. Ensure ICS are
reviewed by internal and external auditors and their recommendations are implemented
Document/Evaluate Narratives
Narrative notes consist of a written description of the system; they would detail what
occurs in the system at each stage and would include any controls which operate at
each stage.
– They can facilitate understanding by all members of the internal audit team, especially
more junior members who might find alternative methods too complex.
– This method can make it more difficult to identify missing internal controls as the
notes record the detail but do not identify control exceptions clearly.
Flowcharts
Flowcharts are a graphic illustration of the internal control system for the sales and
despatch system. Lines usually demonstrate the sequence of events and standard
symbols are used to signify controls or documents.
Questionnaires
Internal control questionnaires are used to assess whether controls exist which meet
specific objectives or prevent or detect errors and omissions.
A problem associated with ICQs is that whilst they do identify areas where controls
appear to be weak, they do not provide evaluation of those weaknesses. For example,
whilst a ‘No’ answer may indicate weakness in controls, it is possible that other controls
in the system, of which the auditor is unaware, may compensate for the weakness.
The ICEQs contain detailed questions relating to the functioning of internal controls.
They are to be answered by the clients. The answers to the questions are generally in a
narrative form.
Information relating to the following matters is included the ICQs and ICEQs:
_ segregation and rotation of duties
_ maintenance of records and documents
_ accountability for, and safeguarding of assets
_ procedure for authorisations
The feedback received on the questionnaires will then be tested by the auditors and the
weaknesses, if any, will be communicated in the form of a letter of weakness to the
client.
Advantages
Questionnaires are quick to prepare, which means they are a cost effective method for
recording the system.
They ensure that all controls present within the system are considered and recorded;
hence missing controls or deficiencies are clearly highlighted.
Questionnaires are simple to complete and therefore any members of the team can
complete them and they are easy to use and understand.
Disadvantages
It can be easy for the company to overstate the level of the controls present as they are
asked a series of questions relating to potential controls.
Test!
Test of controls are performed to obtain audit evidence about 2 things:
1. Whether the ICS is designed suitably (to prevent, detect or correct material
misstatements)
2. Whether the ICS are operating properly ( test of controls)
Test of controls- examples
If controls appear strong, they are tested to ensure they operated as described
throughout the year. If the results show they operated effectively, substantive testing
may be reduced.
Report control A letter on internal control (also referred to as a management letter or letter of
weaknesses to weakness) is a letter usually forwarded by an auditor to the senior management of a
management company.
The letter should normally be forwarded immediately following the completion of the
tests of control and before the commencement of substantive procedures.
The letter contains weaknesses identified in the entity’s system of internal control as
identified by the auditor when performing tests of control and the purpose of the letter
is to bring these weaknesses to the attention of management.
The weaknesses identified in the main body of the letter should be those which could
lead to fraud or material error in or omission from the company’s financial statements,
and will be classified as those relating to:
(i) the design of the systems of accounting and internal control.
(ii) the operation of the systems of accounting and internal control.
For both categories the implication(s) of the weakness(es) should be identified,
however minor control issues which the auditor would wish to bring to the attention of
the company’s senior management should be included in an appendix to the letter of
weakness or in a supplementary report.
Decide extent of Internal control over financial reporting strong- decrease substantive testing
substantive testing
Internal control over financial reporting weak- inccrease substantive testing
- To ensure that orders are only accepted if goods are available to be processed for customers.
- To ensure that all orders are recorded completely and accurately.
- To ensure that goods are not supplied to poor credit risks.
- To ensure that goods are despatched for all orders on a timely basis.
- To ensure that goods are despatched correctly to customers and that they are of an adequate quality.
- To ensure that all goods despatched are correctly invoiced.
- To ensure completeness of income for goods despatched.
- To ensure that sales discounts are only provided to valid customers.
Other Aged receivables report: prepare monthly and reviewed by a senior official
controls Exceptions reports created and reviewed ( old receivables, credit limit exceeded etc.)
Amendments to master file data should be restricted so that only senior officials can make
changes.
Check digits – this control helps to reduce the risk of transposition errors. Mathematical
calculations are performed by the system on a particular data field, such as supplier number, a
mathematical formula is run by the system, this checks that the data entered into the system is
accurate. This helps to ensure accuracy of input.
Range checks – a pre-determined maximum is input into the system for gross invoice value, for
example, $10,000; when invoices are input if the amount keyed in is incorrectly entered as
being above $10,000, the system will reject the invoice. This helps to ensure accuracy of input.
Existence checks – the system is set up so that certain key data must be entered, such as
supplier name, otherwise the invoice is rejected. This helps to ensure accuracy of input.
Key terms: 1. Clock cards/ timesheets 2.Payroll sheet 3.Pay slips 4.Bank Transfer List/payment list (instructions
to the bank)
Appointment/ leavers
- Appointments: All appointment of staff, whether temporary or permanent, should only be made by the
human resources department, separate from the payroll department
- There should be formal procedures requiring the interviews manager to provide detailed written
notification to a responsible official (for example the wages supervisor) of starters and leavers.
- Update ‘starters and leavers’ details on a timely basis. Procedures should ensure that ‘starters’ and
‘leavers’ details are added to or deleted from the master file immediately after starting or leaving the
company’s employment.
- All increases of pay should be proposed by the HR department and then formally agreed by the board of
directors.
At random intervals a more senior responsible official of the company (for example the company accountant),
should access the wages master file and check its contents to the manual records maintained, input
documentation and notifications from the interviews manager as appropriate.
- Clock cards sequentially pre-numbered (which details the employee number and name)
- Clock card machine supervised or in open view (Staff attendance machine kept near the security gate (to
ensure that there are no dummy attendances recorded).
- Head count by area supervisor ( attendance matched to actual employees present)
- Any overtime worked reviewed and then authorized. This should be evidenced by signature on the
employees’ overtime sheets.
- Periodic verification of staff cards with personal files of employees (to ensure that there are no ghost
employees).
- Data input: Use application and general IT controls ( for example range checks, passwords)
Payments
- Salaries:
Preferably through bank transfer
Bank transfer list/payment list matched to payroll sheet prior to authorising the bank payment.
When authorising the payments, the responsible official should on a sample basis perform
checks from payroll records to payment list and vice versa to confirm that payments are
complete and only made to bona fide employees.
Bank transfer list/payment list preferably authorized by someone other than the person who
authorized payroll ( for example the Finance Director)
Capital expenditure is incurred when a business spends money either to buy fixed assets or to add to the value
of an existing fixed asset.
Revenue expenditure is that expenditure which is incurred to maintain the existing capacity of an asset so that it
can do its daily work. Examples of revenue expenditure are cost of raw material and other stores, salaries and
wages, repairs and maintenance, stationery and printing, advertisements, postage, telephone, travel expenses
etc.
The main control objectives over revenue and capital expenditure are to ensure that:
All expenditure is authorised.
Proper segregation of capital and revenue expenses is made.
Expenses are properly accounted for.
The purpose of a tangible non-current assets register is to list details of all the non-current assets owned by an
entity, in order to facilitate control over those assets. Typically, the register should record cost, depreciation and
net book value information of each asset along with identifying details. For example in the case of plant and
machinery – gross cost, annual depreciation rate, depreciation provision, net book value, date of acquisition,
serial number and description and location of asset.
The register should be updated by individuals who are separated from the acquisition, custody and
disposal of assets.
Periodical reconciliation of non-current register with the general ledger to be done and any differences
to be investigated.
Preparation of an exception report if the non-current register does not match the non-current assets
account maintained in accounts.
Invoices should bear appropriate ledger code (distinguishing revenue items from capital expenditure) in
order to facilitate correct recording.
Depreciation rates should be reasonable and authorised.
Depreciation calculations should be checked
NCA register should be used to confirm physical existence on a periodic basis
To ensure completeness of recording, periodic checks should be made to ensure that assets in existence
are completely recorded in the register.
Test of controls
In the exam, you might be asked to:
- Identify and explain deficiencies in the system
- Recommend a control to address each of these deficiencies
- Describe a TEST OF CONTROL the external auditors would perform to assess if each of these controls, if
implemented, is operating effectively.
What is a Test of Control? An audit procedure designed to evaluate the operating effectiveness of controls in
preventing, or detecting and correcting, material misstatements at the assertion level.
Customer credit limits are set by sales Credit limits should be set by a senior The auditor should take a sample of new
ledger clerks. member of the sales ledger department customers accepted in the year and review
and not by sales ledger clerks. These limits the authorisation of the credit limit, and
Sales ledger clerks are not sufficiently should be regularly reviewed by a ensure that this was performed by a
senior and so may set limits too high, responsible official. responsible official.
leading to irrecoverable debts, or too low,
leading to a loss of sales. And/or
Supplier statement reconciliations are no Supplier statement reconciliations should The auditor should review the file of
longer performed. be performed on a monthly basis for all reconciliations to ensure that they are
suppliers and these should be reviewed by being performed on a regular basis and that
This may result in errors in the recording of a responsible official. they have been reviewed by a responsible
purchases and payables not being official.
identified in a timely manner.
The auditors need evidence that these financial statements are valid!
‘In representing that the financial statements are in accordance with the applicable financial reporting
framework, management implicitly or explicitly makes assertions regarding the recognition, measurement and
presentation of classes of transactions and events, account balances and disclosures’.
Consequently auditors use these assertions when considering the potential types of misstatements that may
occur and when designing and performing appropriate audit procedures.
Transactions include sales, purchases, and wages paid during the accounting period.
Account balances include all the asset, liabilities and equity interests included in the statement of financial
position at the period end.
ISA 315, Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its
Environment identifies the following assertions:
1. Assertions about classes of transactions and events and related disclosures for the period under audit
2. Assertions about account balances and related disclosures at the period end
3. Accuracy – amounts and other - This means that there have been no errors while preparing
data relating to recorded documents or in posting transactions to ledgers. The new
transactions and events have reference to disclosures being appropriately measured and
been recorded appropriately, and described means that the figures and explanations are not
related disclosures have been misstated.
appropriately measured and
described. - Relevant test – calculation checks on invoices, payroll, etc,
and the review of control account reconciliations are
designed to provide assurance about accuracy.
4. Cut–off – transactions and events - That transactions are recorded in the correct accounting
have been recorded in the period.
correct accounting period.
- Relevant test – recording last goods received notes and
despatch notes at the inventory count and tracing to
purchase and sales invoices to ensure that goods received
before the year–end are recorded in purchases at the year
end and that goods despatched are recorded in sales.
6. Presentation – transactions and - This means that the descriptions and disclosures of
events are appropriately transactions are relevant and easy to understand. There is a
aggregated or disaggregated and new reference to transactions being appropriately
clearly described, and related aggregated or disaggregated. Aggregation is the adding
disclosures are relevant and together of individual items. Disaggregation is the
understandable in the context of separation of an item, or an aggregated group of items, into
the requirements of the component parts. The notes to the accounts are often used
applicable financial reporting to disaggregate totals shown in the profit or loss account.
framework. Materiality needs to be considered when judgements are
made about the level of aggregation and disaggregation
.
- Relevant test – check the total employee benefits expense
is analysed in the notes to the financial statements under
separate headings– ie wages and salaries, pension costs,
social security contributions and taxes, etc.
1. Existence – assets, liabilities and - Means that assets and liabilities really do exist and there
equity interests exist. has been no overstatement – for example,by the inclusion
of fictitious receivables or inventory. This assertion is very
closely related to the occurrence assertion for transactions.
2. Rights and obligations – the - Means that the entity has a legal title or controls the rights
entity holds or controls the rights to an asset or has an obligation to repay a liability.
to assets, and liabilities are the
obligations of the entity - Relevant tests – in the case of property, deeds of title can
be checked. Current assets are often checked to purchase
invoices although these are primarily used to confirm cost.
Long term liabilities such as loans can be checked to the
relevant loan agreement.
3. Completeness – all assets, - That there are no omissions and assets and liabilities that
liabilities and equity interests should be recorded and disclosed have been. In other
that should have been recorded words there has been no understatement of assets or
have been recorded and all liabilities.
related disclosures that should
have been included in the - Relevant tests – A review of the repairs and expenditure
financial statements have been account can sometimes identify items that should have
included. been capitalised and have been omitted from non–current
assets. Reconciliation of payables ledger balances to
suppliers’ statements is primarily designed to confirm
completeness although it also gives assurance about
existence.
4. Accuracy, valuation and - Means that amounts at which assets, liabilities and equity
allocation – assets, liabilities and interests are valued, recorded and disclosed are all
equity interests have been appropriate. The reference to allocation refers to matters
included in the financial such as the inclusion of appropriate overhead amounts into
statements at appropriate inventory valuation.
amounts and any resulting
valuation or allocation - Relevant tests – Vouching the cost of assets to purchase
adjustments have been invoices and checking depreciation rates and calculations.
appropriately recorded and
related disclosures have been
appropriately measured and
described.
6. Presentation – assets, liabilities - This means that the descriptions and disclosures of assets
and equity interests re and liabilities are relevant and easy to understand. The
appropriately aggregated or points made above aggregation and disaggregation of
disaggregated and clearly transactions also apply to assets, liabilities and equity
described, and related disclosures interests.
are relevant and understandable
in the context of the - Relevant tests – auditors often use disclosure checklists to
requirements of the applicable ensure that financial statement presentation complies with
financial reporting framework. accounting standards and relevant legislation. These cover
all items (transactions, assets, liabilities and equity
interests) and would include for example checking that
disclosures relating to non–current assets include cost,
additions, disposals, depreciation, etc.
Audit evidence verifies the correctness of the assertions contained in the financial statements. Audit evidence
can be obtained from different sources.
Inspection Inspection involves examining Example – the physical inspection of a freehold office
records or documents, whether building to verify existence of the building.
internal or external, in paper form,
electronic form, or other media, or a Example – the examination of a purchase invoice to
physical examination of an asset. vouch the validity of an entry in the trade creditors
ledger.
Observation Observation consists of looking at a Example – the observation of the counting of
process or procedure being inventory by an entity’s personnel to ensure that they
performed by others are counted in accordance with procedures authorised
by the management of the entity.
Inquiry Inquiry consists of seeking Example- inquire of the management whether they
information of knowledgeable have opened/closed any bank accounts during the
persons, both financial and non- year.
financial, within the entity or outside
the entity.
Recalculation Recalculation consists of checking the Example – checking the accuracy of inventory
mathematical accuracy of documents calculations to verify the accuracy of the valuation of
or records. Recalculation may be reported inventory.
performed manually or electronically.
Re- Re-performance involves the Example – Using computer assisted audit techniques
performance auditor’s independent execution of to re-perform the ageing of accounts receivable
procedures or controls that were balances.
originally performed as part of the
entity’s internal control. Example – Re-performing the extraction of a trial
balance from the company’s general ledger.
The term ‘audit evidence’ describes the information obtained by the auditors in arriving at the conclusions on
which the audit opinion is based.
Audit evidence comprises source documents and accounting records underlying the financial statements
(subject to audit) and corroborating information from other sources.
The auditor should obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on
which to base the audit opinion.
3. The nature of the accounting and internal control systems. The auditor
will place more reliance on good accounting and internal control systems
limiting the amount of audit evidence required.
8. Evidence about the future is particularly diffi cult to obtain and is less
reliable than evidence about past events.
Substantive procedure
Substantive procedure is an audit procedure which is designed to detect material misstatements at the assertion
level.
Substantive procedures (or substantive tests) are those activities performed by the auditor that gather evidence
as to the completeness, validity and / or accuracy of account balances and underlying classes of transactions and
related disclosures.
a) Analytical procedures
b) Tests of details (of classes of transactions, account balances, and related disclosures)
a) Analytical procedures
Analytical procedures mean the analysis of significant ratios and trends. It also involves the investigation of
resulting fluctuations and inconsistent relationships. ISA 520 Analytical Procedures states that analytical
procedures may be applied as substantive procedures. For many areas of the audit the substantive procedures
will be a combination of tests of details and analytical procedures. The decision about which procedures to use
will be based on the auditor’s judgement about the expected effectiveness and efficiency of the available
procedures.
The auditor will need to consider :
- The suitability of analytical procedures to a particular assertion
- The reliability of the data from which the expected amounts or ratios are developed
- Whether the expectation is sufficiently precise to identify a material misstatementb) Test of detail
Details of transaction
These are tests to obtain evidence of individual debits and credits that make up an account to reach a conclusion
about the account.
The tests can be made through tracing and vouching of transactions.
Important!
Attempting questions on audit evidence or audit procedure- Mini-case studies might be given in the exam
Audit procedures are actions that auditors carry out during the audit. They are also known as ‘audit tests’ or
‘audit work’.
For example, ‘performing a circularisation of receivables/debtors’ is an audit procedure, whereas ‘replies from
customers’ is audit evidence.
2. Think about how to verify the other relevant facts in each case.
3. Consider the accounting/disclosure requirements of each scenario, and say how one can check if they
are being met.
1. Positive confirmation: Receivable asked to agree or disagree with the stated balance or write the
balance owing.
2. Negative confirmation: Receivable asked to reply only if he disagrees with the balance. This type of
confirmation should only be used when:
The audit client has a strong internal control system over sales and trade
receivables.
Other good corroborative evidence with regard to the existence of trade
receivables has already been obtained from other tests carried out.
There are a large number of small balances.
A substantial number of errors is not expected.
4. Get the details of the debtors and prepare letters on client’s letterhead.
7. Post/fax letters ensuring the replies are sent directly to the auditor.
Substantive testing
The receivable actually 2. Verify audit trail from records to source document: Select a sample of year-
exists end receivable balances and agree back to valid supporting documentation
of GDN and sales order to ensure existence
Review the aged receivable ledger to identify any slow moving or old
receivable balances, discuss the status of these balances with the
credit controller to assess whether they are likely to pay
Rights & obligation 1. Circularization of a sample of period end receivables (discussed above)
The receivable belongs 2. Invoice: inspect to confirm right over the receivable
to the client
Completeness 1. Verify audit trail from source document to record:
There has been no Select a sample of GDNs and agree to valid supporting
omission in recording of documentation of invoice.
receivables
Ensure these invoices have been entered in the day books and
individual ledgers.
2. Completeness: Select a sample of trade customer orders placed and agree these to the despatch notes
and sales invoices through to inclusion in the sales ledger to ensure completeness of revenue.
3. Cut-off: Note down the last GDN for the year. Take a sample of GDNs immediately before AND after the
year end and ensure they are recorded in the correct accounting period
4. Analytical procedure: Compare the overall level of revenue against prior years and budget and
investigate any significant fluctuations.
5. Analytical procedure: Calculate the gross profit margin for Heraklion Co and compare this to the prior
year and investigate any significant fluctuations.
6. Select a sample of credit notes raised, trace through to the original invoice and ensure invoice correctly
removed from sales.
1. Review the prior year audit files to identify whether there were any particular warehouses/areas where
significant inventory issues arose last year
2. Discuss with management whether any of the warehouses this year are new, or have experienced
significant control issues.
3. Consider locations. Ensure all locations are covered OR decide locations the audit team members will
attend, basing this on materiality and risk of each site.
4. Obtain a copy of the proposed inventory count instructions, review them to identify any control
deficiencies and if any are noted, discuss them with management prior to the counts.
5. Arrange to verify any inventory held by 3rd party
6. Establish whether expert help is needed
7. If an internal audit department exists, discuss the procedures that they carried out and review their
working papers.
The following matters should be covered in the instructions for the physical inventory count:
1. There should be adequate supervisory controls, with one individual assuming overall responsibility for
the inventory count.
2. Employees involved in the inventory count should be independent of those working in the stores and
production areas
3. Counters should work in pairs with one counting inventory and the other recording and checking
quantities counted.
4. Procedures should ensure that items are marked or tagged as ‘counted’ to avoid the possibility of
double counting or omission.
5. There should be adequate control over the issue and returning of inventory control sheets, possibly
involving the use of pre-numbered sheets with returned sheets being agreed to issued sequences for
completeness.
6. Inventory sheets should be completed in ink and signed by the relevant individuals involved in the
counting and recording process.
7. Movement of inventory during the count should be prohibited where possible and a special quarantine
area should be created in which to store any goods received.
8. In order to minimise disruption to the production process, raw materials together with parts and
finished goods inventories should be counted first with work-in-progress inventory being counted at the
end of the working day.
9. There should be stringent controls over cut-off issues with careful note being made of the number of the
last goods received, goods returned and goods despatched and raw materials/parts issued notes prior to
the inventory count.
10. There should be adequate procedures to identify, count and record inventory that is slow moving or
obsolete.
The purpose of an auditor’s attendance at a client’s year-end inventory count is to assess the effectiveness of the
client’s inventory counting procedures in order to determine whether reliance can be placed upon them to
provide assurance about the existence and condition of inventory.
1. Observe the counting teams to confirm whether the inventory count instructions mentioned above are
being followed correctly.
2. Perform a test of controls (i.e. test the system used for recording, issuing inventory etc.)
3. Confirm the procedures for identifying and segregating damaged goods are operating correctly, and
assess inventory for evidence of any damaged or slow moving items.
4. Test the counts that are being done by the client’s representative- Perform two-way testing: Match
physical stock with stock records(completeness) and records with physical stock(existence
5. Check cut-off arrangements- Identify and make a note of the last goods received notes and goods
despatched notes for the year end in order to perform cut-off procedures.
6. Note any inventory that is set aside or specially marked, providing possible indicators that inventory is
not owned by the company
7. Enquire as to the possibility of consignment or third party inventories being held by the company and
record appropriate notes for subsequent follow up
8. Obtain a photocopy of the completed sequentially numbered inventory sheets for follow up testing on
the final audit.
Completeness During the inventory count, take a sample of physical inventory and ensure it is
completed recorded in the records/inventory ledger
Existence During the inventory count, select a sample of inventory from the ledger and verify its
physical existence.
Rights and obligation 1. Inspect invoices/supporting documents to confirm right
2. IF there is any inventory at the 3rd party, confirmed it is owned by the client
by circularizing the 3rd party.
Accuracy, Valuation. 1. Select a representative sample of goods in inventory at the year end, agree
Allocation the cost per the records to a recent purchase invoice and ensure that the cost
is correctly stated.
b) For unsold items, discuss with mngt to determine whether they are
slow moving and provision has been created
c) Review aged inventory reports and identify any slow moving goods,
discuss with management why these items have not been written
down
d) Perform a review of the average inventory days for the current year
and compare to prior year inventory days .Discuss any significant
variations with management.
e) Compare the gross margin for current year with prior year.
Fluctuations in gross margin could be due to inventory valuation
issues. Discuss significant variations in the margin with management.
4. WIP
a) Cast the schedule of total WIP and agree to the trial balance and financial
statements.
Cut-off Note down the last GDN and GRN for the year. Take a sample of GDNs and GRNs
immediately before AND after the year end and ensure they are recorded in the
correct accounting period
Where the entity has inventory that is held by third parties and which is material to the financial statements, the
auditor shall obtain sufficient appropriate audit evidence by performing one or both of the following:
Direct confirmation from the third party regarding quantities and condition (in accordance with ISA 505
External confirmations)
Inspection or other appropriate audit procedures (if third party's integrity and objectivity are doubtful, for
example)
The other appropriate audit procedures referred to above could include the following:
1. Send a letter requesting direct confirmation of inventory balances held at year end from the third party
regarding quantities and condition.
2. Attend the inventory count (if one is to be performed) at the third party warehouses to review the
controls in operation to ensure the completeness and existence of inventory.
4. Requesting confirmation from other parties when inventory has been pledged as collateral
In order that the company’s auditors may rely on the company’s revised continuous inventory checking system,
the auditor should ensure that:
Procedures
1. The audit team should attend at least one of the continuous (perpetual) inventory counts to review
whether the controls over the inventory count are adequate.
2. The audit team should confirm that all of the inventory lines have been counted or are due to be
3. counted at least once a year by reviewing the schedules of counts undertaken/due to be undertaken.
4. Review the adjustments made to the inventory records on a monthly basis to gain an understanding of
the level of differences arising on a month by month basis.
5. If significant differences consistently arise, this could indicate that the inventory records are not
adequately maintained. Discuss with management how they will ensure that year-end inventory will not
be under or overstated.
6. Consider attending the inventory count at the year end to undertake test counts of inventory from
records to floor and from floor to records in order to confirm the existence and completeness of
inventory.
Completeness 1. Take a sample of physical assets and ensure they are completely recorded in the
NCA Register
3. Obtain a breakdown of additions, cast the list and agree included in the non-
current assets register to confirm completeness of PPE.
4. Review the repairs and maintenance ledger to ensure capital expenditure has
not been accidently expensed off
Existence 1. Select a sample of assets from the NCA Register and inspect them to verify their
physical existence
2. Ensure disposed-off assets have been removed from the NCA Register as they
no longer exist.
Rights & Obligation 1. Inspect the ownership documents (title deeds, registration documents etc) to
ensure they are in client’s names.
2. Ensure all additions were authorized by inspecting the minutes of the board
meetings
3. Review the list of additions and confirm that they relate to capital expenditure
items rather than repairs and maintenance.
2. Verify that the correct cost and depreciation has been removed from the
records
5. Examine the sales documentation relating to the disposal and ensure that the
sale details match those in the authorising documentation.
Revaluation
1. Obtain a schedule of assets revalued this year and cast to confirm completeness
and accuracy of the revaluation adjustment.
5. Inspect the valuer’s report to ensure the valuer was skilled and independent
6. Agree the revalued amounts for these assets are included correctly in the non-
current assets register.
Depreciation
review NCA Register with Net Book Value of zero which are
still in use
4. enquire from the management whether they consider the depreciation method
to be reasonable- obtain a ‘written representation’
General
Review the disclosure of the additions and disposals in the draft financial statements
and ensure it is in line with IAS 16 Property, Plant and Equipment.
Intangible assets
1. Obtain and cast a schedule of intangible assets, detailing opening balances, amount capitalised in the
current year, amortisation and closing balances.
2. Agree the opening balances to the prior year financial statements.
3. Agree the closing balances to the general ledger, trial balance and draft financial statements.
4. Recalculate the amortisation charge for a sample of intangible assets and confirm it is line with the
amortisation policy.
1. For those expensed as research, agree the costs incurred to invoices and supporting documentation and
to inclusion in profit or loss.
2. For those capitalised as development, agree costs incurred to invoices and confirm technically feasible
by discussion with development managers or review of feasibility reports.
3. Review market research reports to confirm client has the ability to sell the product once complete and
probable future economic benefits will arise.
4. Review the disclosures for intangible assets in the draft financial statements are in accordance with IAS
38 Intangible Assets.
1. Review board minutes for evidence of discussion of the purchase of the acquired brand, and for its
approval.
2. Agree the cost to the company’s cash book and bank statement.
3. Obtain the purchase agreement and confirm the rights of client in respect of the brand.
4. Discuss with management the estimated useful life of the brand and obtain an understanding of how
the useful life has been determined.
5. Recalculate the amortisation expense for the year and agree the charge to the financial statements
6. Confirm adequacy of disclosure in the notes to the financial statements.
2. Review the cash book and bank statements for any unusual items or large transfers
around the year end, as this could be evidence of window dressing.
3. Review the financial statements to ensure that the disclosure of cash and bank
balances are complete and accurate.
Ideally the letter should be sent before the end of the accounting period to enable the bank
to complete it on a timely basis e.g. at the year-end.
3. The bank will complete the letter and send it back directly to the auditor.
Period-end Bank Obtain a copy of client’s bank reconciliation and perform the procedures below:
Reconciliation
Statement (BRS)
1. Cast the reconciliation to check arithmetical accuracy
2. Agree the bank balance to the trial balance.
3. Agree the reconciliation’s balance per the cash book to the year-end cash book.
4. Agree the balance per the bank statement to an original year-end bank statement
and also to the bank confirmation letter.
5. Trace all of the outstanding lodgments to the pre year-end cash book, post year-
end bank statement and also to paying-in-book per year end.
6. Trace all un-presented cheques through to a pre year-end cash book and post year-
end statement. For any unusual amounts or significant delays obtain explanations
from management.
Completeness 1. Agree all balances listed on the bank confirmation letter to client’s bank
reconciliations or the trial balance to ensure completeness of bank balances.
2. Examine the bank confirmation letter for details of any security provided by client
as this may require disclosure.
Cash
Generally cash balance is immaterial to the financial statements. However, cash is an area which is prone to
fraud, especially if the internal controls are not efficient. That is why cash verification is an important audit
procedure for internal auditors.
4. Compare trade payables individually and in total to prior, investigate any significant
difference, in particular any decrease for this year.
5. Calculate the trade payable days and compare to prior years, investigate any
significant difference.
6. Current supplier list matched to last year’s supplier list and explanations sought for
suppliers missing this year
7. Select population from purchase invoices received after the year-end. Trace to
evidence of goods receipt and where goods received prior year-end, ensure invoice
amount included in purchase accrual
8. Post year end payments reviewed. If they relate to purchases made before the year
end, ensure they were recorded as a liability at the year end!
9. Verify the Audit trail from source document to records (Take a sample of GRNs prior
to the end of the year and trace to purchase invoice. Ensure a liability has been
recorded)
2. Review after date payments; if they relate to the year under audit, then follow
through to the purchase ledger listing to ensure they are recorded in the correct
period
2. Verify the Audit trail from records to source documents ( individual ledger to
purchase invoice and Goods Received Note)
1. Select a representative sample of year-end supplier statements and agree the balance to the purchase
ledger. If the balance agrees, then no further work is required.
2. Where differences occur due to invoices in transit, confirm from goods received notes (GRN) whether
the receipt of goods was pre year end, if so confirm that this receipt is included in year-end accruals.
3. Where differences occur due to cash in transit from client to the supplier, confirm from the cashbook
and bank statements that the cash was sent pre year end.
4. Discuss any further adjusting items with the purchase ledger supervisor to understand the nature of the
reconciling item, and whether it has been correctly accounted for.
Third party evidence is a good source of audit evidence and a large proportion of the documentation available
when auditing trade payables is produced by third parties, for example, suppliers’ invoices, statements and
correspondence.
2. If the list is prepared by the client company, check the calculations and additions far arithmetical
accuracy. Check the amounts in the listing against the balances in the relevant main ledger expense
accounts and ensure that the amounts are the same.
3. Sample check computations of accruals by comparing to earlier relevant invoices and payment
records.
4. Review the bank statement for post year end payments that may relate to services used before the
year end. Trace these items to the accruals listing.
5. Compare the list of accruals to those for the previous period to obtain assurance as to the
completeness of the accruals.
6. Review the list of accruals for completeness, based on the auditor's knowledge of the business. The
auditor will review expense categories included in the income statement to identify areas of
possible accruals and check to list of accruals for inclusion.
7. Relate items on the list of accruals to other audit areas, such as the bank confirmation letter (which
might provide details of unpaid/accrued bank charges).
8. Test transactions around the accounting period end to determine whether amounts have been
recognised in the correct period.
1. Compare the total payroll expense to the prior year and investigate any significant differences.
2. Review monthly payroll charges, compare this to the prior year and budgets and discuss with
management for any significant variances.
3. Perform a proof in total of total wages and salaries, incorporating joiners and leavers and the annual
pay increase. Compare this to the actual wages and salaries in the financial statements and investigate
any significant differences.
Other procedures
1. Cast a sample of payroll records to confirm completeness and accuracy of the payroll expense.
2. For a sample of employees, recalculate the gross and net pay and agree to the payroll records to
confirm accuracy.
3. Re-perform the calculation of statutory deductions to confirm whether correct deductions for this year
have been made in the payroll.
4. Select a sample of joiners and leavers, agree their start/leaving date to supporting documentation,
recalculate that their first/last pay packet was accurately calculated and recorded.
5. Agree the total net pay per the payroll records to the bank transfer listing of payments and to the
cashbook.
6. Agree the individual wages and salaries per the payroll to the personnel records for a sample to confirm
bona fide employees.
7. Select a sample of weekly overtime sheets and trace to overtime payment in payroll records to confirm
completeness of overtime paid.
1. Agree the year-end income tax payable accrual to the payroll records to confirm accuracy.
3. Agree the subsequent payment to the post year-end cash book and bank statements to confirm
completeness.
1. Agree the year end tax liability back to the year end tax computation.
2. Agree the year end tax liability to the post year end payment to the tax authorities.
3. Agree the corporation tax liability to the amount owed as per correspondence from the tax authorities.
Completeness of new Review Board minutes for evidence of new loans being taken out in the year and
loans during the year ensure they have been recorded.
Inspect the bank statements for the year for evidence of a significant deposit,
which may be proceeds of a loan.
Finance cost - Recalculate expected interest charges during the year and compare to the
client’s figure.
Other procedures ( - Verify the amount of the loan outstanding at the balance sheet date and
presentation and ensure that this is accurately stated and fully disclosed in the company’s
disclosure) balance sheet. The amount of the loan outstanding should be disclosed as
repayable within 12 months and repayable after 12 months from the
balance sheet date.
- Check the note to the company’s financial statements to ensure that full
disclosure is made with regard to any security for the loan.
2. For any loan payments made during the year, agree the cash outflow to the cash book and bank
statements.
3. Agree loan balances back to the loan statement from the bank.
4. Inspect the bank confirmation letter for details of loans and overdrafts and trace these amounts to the
balance sheet to ensure they have been recorded.
5. Review Board minutes for evidence of new loans being taken out in the year and ensure they have been
recorded.
6. Inspect the bank statements for the year for evidence of a significant deposit, which may be proceeds of
a loan.
7. Recalculate expected interest charges during the year and compare to the client’s figure.
8. Verify the amount of the loan outstanding at the balance sheet date and ensure that this is accurately
stated and fully disclosed in the company’s balance sheet. The amount of the loan outstanding should
be disclosed as repayable within 12 months and repayable after 12 months from the balance sheet date.
9. Examine the loan agreement to verify the amount of the loan, the rate of interest chargeable, the
security provided and the repayment terms.
10. Review the loan agreement for details of covenants and recalculate to identify any breaches in these.
11. Agree closing balance of the loan to the trial balance and draft financial statements.
12. Review that the F/S disclosures are adequate, including any security provided and that the disclosure is
in accordance with accounting standards and local legislation.
Accounting estimates are approximations. Approximations are often made in conditions of uncertainty
regarding the outcome of events.
When transactions involve precise amounts and are supported by specific documents, verification is relatively
easier. However, this comfort is not available in the case of accounting estimates. There is greater risk of
material misstatement. Therefore greater care is needed when auditing them.
The auditor should adopt one or a combination of the following approaches in the audit of an estimate:
– review and test the process used by management to develop the estimate
– use an independent estimate for comparison with that prepared by management
– review subsequent events which confirm the estimate made.
Exam focus: Provision for fines/penalties, provision for legal claims, provision for restructuring(detailed formal
plan, valid expectation raised in those affected, implementation of plan started/public announcement, DO NOT
include retraining/relocation,marketing expenses etc), provision for warranties, provision for redundancies, Fair
Value
Review and test the process used by management to 1. Enquire of management how the accounting
develop the estimate estimate is made
- Obtain written representations from management and, where appropriate, those charged with
governance whether they believe significant assumptions used in making accounting estimates are
reasonable.
- Ensure disclosures relating to accounting estimates are adequate and complete.
- If applicable, compare with last year to evaluate reasonableness of the estimate.
- If applicable, compare last year’s estimated with actual result to evaluate reasonableness of the
estimate.
11. Ensure disclosures relating to accounting estimates are adequate and complete
12. If applicable, compare with last year to evaluate reasonableness of the estimate.
13. If applicable, compare last year’s provision with actual result to evaluate reasonableness of the
estimate.
Scenario: Law suit filed by a former (ex) employee for unfair dismissal- decision pending
o Discuss with management the nature of the dispute between the client and the former
employee to ensure that a full understanding of the issue is obtained and to assess
whether an obligation exists.
o Review any correspondence with the former employee to assess if a reliable estimate of
any potential payments can be made.
o Write to the company’s lawyers to obtain their views as to the probability of the ex-
employeer’s claim being successful.
o Review board minutes and any company correspondence to assess whether there is any
evidence to support the former employee’s claims of unfair dismissal.
o Obtain a written representation from the directors of client confirming their view of
chances of a successful claim.
Scenario: sales ledger department is being made redundant and a redundancy provision has been
included in the financial statements.
o Discuss with the directors as to whether they have formally announced their intention to
make the sales ledger department redundant, to confirm that a present obligation exists
at the year end.
o If announced before the year end, review supporting documentation to verify that the
decision has been formally announced.
o Review the board minutes to ascertain whether it is probable that the redundancy
payments will be paid.
o Obtain a breakdown of the redundancy calculations by employee and cast it to ensure
completeness.
o Recalculate the redundancy provision to confirm completeness and agree components of
the calculation to supporting documentation.
o Review the post year-end period to identify whether any redundancy payments have
been made, compare actual payments to the amounts provided to assess whether the
provision is reasonable.
o Obtain a written representation from management to confirm the completeness of the
provision.
o Review the disclosure of the redundancy provision to ensure compliance with IAS 37
Provisions, Contingent Liabilities and Contingent Assets.
1. Review the correspondence from the customers claiming food poisoning to assess whether
client has a present obligation as a result of a past event.
2. Send an enquiry letter to the lawyers of client to obtain their view as to the probability of the
claim being successful.
3. Review board minutes to understand whether the directors believe that the claim will be
successful or not.
4. Review the post year-end period to assess whether any payments have been made to any of
the claimants.
5. Discuss with management as to whether they propose to include a contingent liability
disclosure or not, consider the reasonableness of this.
6. Obtain a written management representation confirming management’s view that the lawsuit is
unlikely to be successful and hence no provision is required.
7. Review the adequacy of any disclosures made in the financial statements.
1. Review the board minutes where the decision to reorganise the business was taken, ascertain if
this decision was made pre year end.
2. Review the announcement to shareholders to confirm that this was announced before the year
end.
3. Obtain a breakdown of the reorganisation provision and confirm that only direct expenditure
from restructuring is included.
4. Review the expenditure to confirm that there are no retraining costs included.
5. Cast the breakdown of the reorganisation provision to ensure correctly calculated.
6. For the costs included within the provision, agree to supporting documentation to confirm
validity of items included.
7. Obtain a written representation confirming management discussions in relation to the
announcement of the reorganisation.
8. Review the adequacy of the disclosures of the reorganisation in the financial statements to
ensure they are in accordance with IAS 37 Provisions, Contingent Liabilities and Contingent
Assets.
1. Review board minutes to confirm the issue of additional share capital during the year.
2. Agree the issue of shares is permitted from a review of any statutory constitution agreements in place
(Where local law requires that companies should have an authorised share capital, the auditor should
check that the total authorised capital in the draft financial statements is consistent with the company's
constitution)
3. Inspect the cash book and bank statements for evidence of cash receipts from the share issue.
4. Recalculate the split of proceeds between the nominal value of shares and premium on issue and agree
correctly recorded within share capital and share premium account.
5. Review the disclosure of the share issue in the draft financial statements and ensure it is in line with
relevant accounting standards and local legislation.
6. Check that the amount reported as issued share capital agrees with the amount recorded in the register
of members/shareholders, if the company has such a register. (In some countries there is a legal
requirement to maintain a register of members.)
The auditor-will usually carry out tire following substantive procedures on reserves:
Obtain an analysis of movements on all reserves during the period.
Check the accuracy of these movements by checking supporting documentation.
Ensure that any specific legal requirements relating to reserves have been complied with. (For example,
check that the entity has not breached legal restrictions on use of the share premium account.)
Confirm that dividends have been deducted only from those reserves that are legally distributable (usually
the accumulated profits reserve/retained earnings).
Check the authorisation for the amount of dividends paid by reviewing board minutes.
Check the dividend calculations and check that the total dividends paid are consistent with the amount of
issued share capital at the relevant date.
Emoluments include compensation paid for the services provided by the directors to the company and reward
for entrepreneurial contribution.
1. Obtain a schedule of the directors’ remuneration including any bonus paid and cast the addition of the
schedule.
2. Agree the individual bonus payments to the payroll records.
3. Confirm the amount of each bonus paid by agreeing to the cash book and bank statements.
4. Review the board minutes to confirm whether any additional bonus payments relating to this year have
been agreed.
5. Obtain a written representation from management confirming the completeness of directors’
remuneration including the bonus.
6. Review any disclosures made of the bonus and assess whether these are in compliance with local
legislation
Other procedures:
- Verify the accuracy of the emoluments recorded by recalculating the amount of emoluments
applicable to the directors with the recommendations of the remuneration committee.
- For all performance related bonus, verify the correctness of the bonus by comparing the bonus with
the achievement of the performance related targets i.e. ensure that performance related bonus is
supported with appropriate achievement of targets.
- Loyalty bonuses are given when a person completes a certain number of years in a company. Verify
the accuracy of the payments made along with adherence to the conditions of the loyalty bonus.
- Verify the directors’ rent accounts for the directors’ accommodation and trace entries therein with
the approvals of the remuneration committee and also confirm the correctness of the values with
the rent agreement.
- Verify the directors’ health insurance accounts paid for the directors and trace entries therein with
the approvals of the remuneration committee and also confirm the correctness of the values with
the insurance policies.
In certain cases, auditors may rely on the work of third parties when gathering their audit evidence.
• The client’s internal auditors (who have reviewed the internal controls).
• Another firm of external auditors (who may for example be auditing an overseas subsidiary of our client).
Why?
- Avoid duplication of work
- Improve efficiency and effectiveness
- Improve trust of shareholders
- Reduce cost
ISA 500 Audit Evidence requires auditors to evaluate the competence, capabilities including expertise and
objectivity of a management expert.
4. The auditor should meet with the expert and discuss with them their relevant expertise in order to
understand their field of expertise.
5. Evaluating the Adequacy of the Expert’s Work(the audit procedures carried out to evaluate the work
done by the expert!)
a) the relevance and reasonableness of that expert’s findings or conclusions, and their consistency
with other audit evidence
b) If that expert’s work involves use of significant assumptions and methods, the relevance and
reasonableness of those assumptions and methods in the circumstances
c) Adequacy and appropriateness of source data
Service organisation: third-party organisation providing services to user entities that are part of those entities’
information systems relevant to financial reporting
When any work is outsourced to the service organisation, the auditor should consider its impact on the internal
control of the entity.
If the auditor concludes that outsourcing to service organisation significantly affects the accounting and / or
internal control system of the entity, they should obtain sufficient understanding of the entity and its
environment, including the internal control.
This will help him in assessing the risk of material misstatement and designing and performing further audit
procedures
Factors auditors should consider in relation to client’s use of the service organisation include:
1. The audit team should gain an understanding of the services being provided by the service organisation ,
including the materiality of that area and the basis of the outsourcing contract.
2. They will need to assess the design and implementation of internal controls at the service organisation
3. The team may wish to visit the service organisation and undertake tests of controls to confirm the
operating effectiveness of the controls.
4. If this is not possible, auditors should contact the service organisation’s auditors to request either a type
1 (report on description and design of controls) or type 2 report (on description, design and operating
effectiveness of controls).
5. The auditor is responsible for obtaining sufficient and appropriate evidence, therefore no reference may
be made in the audit report regarding the use of information from the service organisation’s auditors
Exam Questions
- Adjusting or non-adjusting?
- Auditor’s responsibilities
- Procedures
- Impact on opinion
Adjusting event: An event after the reporting period that provides further evidence of conditions that existed at
the end of the reporting period, including an event that indicates that the going concern assumption in relation
to the whole or part of the enterprise is not appropriate.
Non-adjusting event: An event after the reporting period that is indicative of a condition that arose after the end
of the reporting period.
ADJUSTING NON-ADJUSTING
Adjust the financial Impacts going concern Does not impact going
statements to reflect the concern
event
If important to users
understanding disclose
in a note:
nature of event
estimate of financial
effect
Period between the year-end date and the date the auditor’s report is signed
The auditor shall perform audit procedures designed to obtain sufficient appropriate audit evidence that all
events occurring between the date of the financial statements and the date of the auditor’s report that require
adjustment of, or disclosure in, the financial statements have been identified.
A. Review procedures management has established to ensure that subsequent events are identified.
B. Inspect: Read minutes of board meetings, shareholder meetings and audit committees that have
taken place since the year-end.
C. Obtain and review the latest available interim financial statements and/or management accounts,
budgets and other related management reports.
D. Perform normal post balance sheet work( e.g. checking receipts from trade receivables after the
yearend)
F. Enquire of management as to whether any subsequent events have occurred which might affect the
financial statements
G. Checking whether any events have occurred that could call into question the validity of the going
concern assumption
Facts discovered after the date of the auditor’s report but before the date the financial statements are issued.
The auditor does not have any responsibility to perform audit procedures or make any enquiry regarding the
financial statements or subsequent events after the date of the auditor’s report.
In this period, it is the responsibility of management to inform the auditor of facts which may affect the financial
statements.
When the auditor becomes aware of a fact which may materially affect the financial statements, the matter
should be discussed with management.
If the financial statements are appropriately amended then a new audit report should be issued, and procedures
relating to subsequent events should be extended to the date of the new audit report.
After the financial statements have been issued, the auditor has no obligation to perform any audit procedures
regarding such financial statements. However, if, after the financial statements have been issued, a fact
becomes known to the auditor that, had it been known to the auditor at the date of the auditor’s report, may
have caused the auditor to amend the auditor’s report, the auditor shall:
(a) Discuss the matter with management and, where appropriate, those charged with governance;
(b) Determine whether the financial statements need amendment; and, if so,
(c) Inquire how management intends to address the matter in the financial statements.
(a) Carry out the audit procedures necessary in the circumstances on the amendment.
(b) Review the steps taken by management to ensure that anyone in receipt of the previously issued financial
statements together with the auditor’s report thereon is informed of the situation.
The Exam
- Indicators ( words from the scenario and explain why it is an indicator; what problems it can cause in the
future)
- Procedures
- Impact on audit opinion and audit report
Under the ‘going concern assumption’, an entity is ordinarily viewed as continuing in business for the
foreseeable future (being to a date of at least, but not limited to, 12 months from the end of the reporting
period); with neither the intention nor the necessity of liquidation, cessation of trading or the seeking of
protection from creditors pursuant to laws or regulations.
Accordingly assets and liabilities are recorded on the basis that the entity will be able to realise its assets and
discharge its liabilities in the normal course of business.
It is the responsibility of management to make an assessment of whether the going concern presumption is
appropriate, or not, when they are preparing the financial statements.
Auditor’s responsibilities
1. They carry out appropriate audit procedures to determine whether the management’s assumption of
going concern is appropriate and ensure that the organisation’s management have been realistic in
their use of the going concern assumption
2. Report if not appropriate. In forming the audit opinion, the auditor should consider two issues: have the
financial statements been prepared using the appropriate going concern assumption, and is there
adequate disclosure of any material uncertainty regarding the going concern status.
Financial Indicators
– Net liability or net current liability position.
– Fixed term borrowings approaching maturity without realistic prospects of renewal or repayment, or excessive
reliance on short-term borrowings to finance long-term assets.
– Adverse key financial ratios.
– Substantial operating losses.
– Arrears or discontinuance of dividends.
– Inability to pay payables on due dates.
– Difficulty in complying with the terms of loan agreements.
– Change from credit to cash-on-delivery transactions with suppliers.
– Inability to obtain financing for essential new product development or other essential investments.
Operating Indicators
– Loss of key management without replacement.
– Loss of major market, franchise, licence, or principal supplier.
– Labour difficulties or shortages of important supplies.
Other Indicators
– Non-compliance with capital or other statutory requirements.
– Pending legal proceedings against the entity that may, if successful result in judgements that could not be met.
– Changes in legislation or government policy.
o whether management has taken into consideration all the facts that the
auditor is aware of due to their audit procedures
2. Reading minutes of shareholders’ meetings to identify any current, or potential, cash flow
difficulties
4. Review cash flow forecast (sufficient cash to continue operations for next year?) In this
evaluation the auditor should pay particular attention to the\ reliability of the company’s
systems for generating the cash flow information, and whether the assumptions underlying the
cash flow appear reasonable.
6. Review events after the period end to identify those that affect the entity’s ability to continue as
a going concern
7. Review the terms of loan agreements and determining whether they have been breached
8. Requesting written representations from management and, where appropriate, those charged
with governance, regarding their plans for future action and the feasibility of these plans.
9. View correspondence with major customers, suppliers and banks for evidence of dispute
Auditor’s conclusions
Use of going concern basis of accounting is Use of Going Concern Basis of Accounting Is Inappropriate
appropriate
When the use of the going concern basis of accounting is not
but appropriate in the circumstances, management may be
required, or may elect, to prepare the financial statements on
a material uncertainty exists relating to another basis (e.g., liquidation basis). The auditor may be able
events or conditions that may cast significant to perform an audit of those financial statements provided that
doubt on the entity’s ability to continue as a the auditor determines that the other basis of accounting is
going concern. acceptable in the circumstances.
In auditor’s judgment, appropriate disclosure
of the nature and implications of the
uncertainty is necessary.
Example
Material Uncertainty
Related to Going Concern
We draw attention to
Note 6 in the financial
statements, which
indicates that the
Company
Exam questions might ask the candidate to recognise indicators that an entity may not be a going concern, or
require candidates to arrive at an appropriate audit opinion depending on the circumstances presented in the
scenario. It may be the case that candidates are presented with a situation where the auditor has concluded
that there are material uncertainties relating to going concern and the directors have made appropriate
disclosures in relation to going concern and candidates must understand the new auditor reporting
requirements in this respect.
Under ISA 570 (Revised), if the use of the going concern basis of accounting is appropriate but a material
uncertainty exists and management have included adequate disclosures relating to the material uncertainties
the auditor will continue to express an unmodified opinion, but the auditor must include a separate section
under the heading ‘Material Uncertainty Related to Going Concern’ and:
draw attention to the note in the financial statements that discloses the matters giving rise to the
material uncertainty, and
state that these events or conditions indicate that a material uncertainty exists which may cast
significant doubt on the entity’s ability to continue as a going concern and that the auditor’s opinion is not
modified in respect of the matter.
The section headed ‘Material Uncertainty Related to Going Concern’ is included immediately after the Basis for
Opinion paragraph but before the KAM section.
Over and above the new reporting requirements under ISA 570, candidates need to understand how issues
identified regarding going concern interact with the requirements of ISA 701. By their very nature, issues
identified relating to going concern are likely to be considered a key audit matter and hence need to be
communicated in the auditor’s report. Where the auditor has identified conditions which cast doubt over going
concern, but audit evidence confirms that no material uncertainty exists, this ‘close call’ can be disclosed in line
with ISA 701. This is because while the auditor may conclude that no material uncertainty exists, they may
determine that one, or more, matters relating to this conclusion are key audit matters. Examples include
substantial operating losses, available borrowing facilities and possible debt refinancing, or non-compliance with
loan agreements and related mitigating factors.
In summary if a confirmed material uncertainty exists it must be disclosed in accordance with ISA 570 and where
there is a ‘close call’ over going concern which has been determined by the auditor to be a KAM it will be
disclosed in line with ISA 701. This is illustrated in the following example:
Example – unmodified audit opinion but material uncertainty exists in relation to going concern and the
disclosures are adequate
Opinion: In our opinion, the accompanying financial statements present fairly, in all material respects, the
financial position of the Company as at 31 December 2015, and its financial performance and its cash flows for
the year then ended in accordance with International Financial Reporting Standards (IFRSs).
Basis for opinion: We conducted our audit in accordance with International Standards on Auditing (ISAs). Our
responsibilities under those standards are further described in theAuditor’s Responsibilities for the Audit of the
Material uncertainty related to going concern: We draw attention to Note 6 in the financial statements, which
indicates that the Company incurred a net loss of $125,000 during the year ended 31 December 2015 and, as of
that date, the Company’s current liabilities exceeded its total assets by $106,000. As stated in Note 6, these
events or conditions, along with other matters as set forth in Note 6, indicate that a material uncertainty exists
that may cast significant doubt on the Company’s ability to continue as a going concern. Our opinion is not
modified in respect of this matter.
Key audit matters: Key audit matters are those matters that, in our professional judgment, were of most
significance in our audit of the financial statements of the current period. These matters were addressed in the
context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not
provide a separate opinion on these matters. In addition to the matter described in the Material Uncertainty
Related to Going Concern section, we have determined the matters described below to be the key audit matters
to be communicated in our report.
[Include a description of each key audit matter]
Written representations are necessary information that the auditor requires in connection with the audit of the
entity’s financial statements. Accordingly, similar to responses to inquiries, written representations are audit
evidence.
The auditor needs to obtain written representations from management and, where appropriate, those charged
with governance that they believe they have fulfilled their responsibility for the preparation of the financial
statements and for the completeness of the information provided to the auditor.
Written representations are needed to support other audit evidence relevant to the financial statements or
specific assertions in the financial statements, if determined necessary by the auditor or required by other
International Standards on Auditing.
This may be necessary for judgemental areas where the auditor has to rely on management explanations.
Written representations can be used to confirm that management have communicated to the auditor all
deficiencies in internal controls of which management are aware.
Written representations are normally in the form of a letter, written by the company’s management and
addressed to the auditor. The letter is usually requested from management but can also be requested from the
chief operating officer or chief financial officer.
Throughout the fieldwork, the audit team will note any areas where representations may be required
During the final review stage, the auditors will produce a draft representation letter. The directors will review
this and then produce it on their letterhead.
It will be signed by the directors and dated as at the date the audit report is signed, but not after.
The ISAs require auditors to obtain written representations from management on matters material to the
Financial Statements where other sufficient, appropriate, audit evidence cannot reasonably be expected to
exist.
1. Acknowledging responsibility for the financial statements by management(ISA 580 requires that
“the auditor should obtain audit evidence that management acknowledges its responsibility for
fair presentation of the financial statements and for the completeness of the information
provided to the auditor)
2. Acknowledging responsibility for other matters (ICS, related party transactions etc)
3. Used as audit evidence there is no sufficient appropriate evidence in existence on a matter
which is material to the financial statements.
4. Acknowledges representations previously made verbally by management
5. Minimises misunderstandings between management and auditor
SPECIFIC MATTERS
Included here is anything else that the auditor would like a representation on for example:
that a certain debt is recoverable;
all bank accounts have been disclosed;
any plans to reorganise the business or discontinue product lines have already been disclosed.
If management refuses to provide a written representation, then the auditor should again review the possibility
of obtaining sufficient audit evidence from alternative sources in connection with the matter or issue under
review.
If the directors refuse to sign the representation letter, then the auditor has a number of options available to
him:
(i) The auditor could discuss the matter with the directors and try to resolve their problems with the letter.
(ii) The auditor could write a representation letter for the directors, then send this to the directors and ask
them to sign it.
(iii) If the auditor considers that he has not received all the information and explanations required for his
audit, then the auditor’s report should be qualified.
(iv) Before taking these actions, the auditor should explain to the directors the consequences of not signing
the representation letter, to try to avoid a confrontation.
If the representation is not consistent with other audit evidence, the auditor should perform audit procedures
to attempt to resolve the matter. For this, the auditor should reassess the appropriateness of the risk of material
misstatement on account of this inconsistency. If required, the auditor should revise the nature, timing and
extent of further audit procedures.
Before the audit report is signed, the auditor needs to know that the work is finished and that all necessary
issues have been dealt with. The easiest way to do this is to use a series of checklists:
The audit plan should be reviewed, to verify that all issues raised have been resolved.
An Accounting Standards Checklist will be completed, forcing the auditor to consider every possible
accounting issue that could affect the client’s Financial Statements.
Additional checklists may be necessary (e.g. Company Law) to make sure that any other issues have been
fully considered
All audit work should be subject to review. This is a basic quality control requirement of ISA 220, Quality Control
for an Audit of Financial Statements, and serves to ensure that sufficient appropriate audit evidence has been
obtained in respect of transactions and balances included in the financial statements.
In performing a file review, the reviewer should consider the sufficiency of evidence obtained and may need to
propose further audit procedures if evidence is found to be insufficient or contradictory. ISA 230, Audit
Documentation requires that documentation of the review process includes who reviewed the audit work
completed and the date and extent of such review.
1. Reviewing the financial statements to ensure compliance with accounting standards and local
legislation disclosure. This is sometimes done via the use of a disclosure checklist.
2. Reviewing the disclosure of the accounting policies to ensure that they are in accordance with the
accounting treatment adopted in the financial statements, and that they are sufficiently disclosed.
3. Reviewing the financial statements to ensure they are consistent with the auditor’s knowledge of the
business and the results of their audit work.
4. Reviewing the financial statements to assess whether they adequately reflect the information and
explanations previously obtained and conclusions reached during the course of the audit.
5. Performing analytical procedures of the financial statements, under ISA 520 Analytical Procedures; this
helps the auditor to form an overall conclusion on the financial statements ( explained separately below)
7. As part of the overall review, the auditor should assess whether the audit evidence gathered by the
team is sufficient and appropriate to support the audit opinion.
Before the audit report is signed, it is sensible to do some final analysis of the Financial Statements (e.g. ratio
analysis) – just to make sure that the auditor is confident in the audit opinion.
The Financial Statements may have been adjusted during the audit as mistakes were found, so the final figures
may never have been analysed or been subject to ratio analysis.
The auditor will have learned more about the company during the audit, so is in a better position at the end of
the audit to analyse the figures and understand trends in ratios.
The analytical procedures performed at this stage of the audit are not different to those performed at the
planning stage – the auditor will perform ratio analysis, comparisons with prior period financial statements and
other techniques to confirm that trends are as expected, and to highlight unusual transactions and balances that
The key issue is that, near the end of the audit, the auditor should have sufficient audit evidence to explain the
issues highlighted by analytical procedures, and should therefore be able to conclude as to the overall
reasonableness of the financial statements.
When the analytical procedures performed near the end of the audit reveal further previously unrecognised risk
of material misstatement, the auditor is required to revise the previously assessed risk of material misstatement
and modify the planned audit procedures accordingly. This means potentially performing further audit
procedures in relation to matters that are identified as high risk.
The auditor has a responsibility to accumulate misstatements which arise over the course of the audit.
Identified misstatements should be considered during the course of the audit to assess whether the audit
strategy and plan should be revised.
The auditor will communicate the uncorrected misstatements and their implication on the auditor’s report to
those charged with governance.
The auditor will also request a written representation (including a summary of uncorrected misstatements) from
management and – where appropriate – those charged with governance as to whether they believe the effects
of uncorrected misstatements are immaterial, individually and in aggregate to the financial statements as a
whole.
The auditor may find:
Examples of circumstances when misstatement is considered material when it lower than quantitative
(material by nature)
Questions historically in this area of the syllabus have required a discussion of the accounting treatment, a
materiality calculation, an assessment of the type of audit report modification and the impact on the auditor’s
report.
Candidates often find auditor’s reports a challenging part of the syllabus and in preparation for exams, it is
imperative that candidates can:
- describe the different elements of the auditor’s report
- determine the most appropriate type of audit opinion in a given scenario, often through an explanation
of why a certain opinion is appropriate which will test the application of the candidate’s knowledge
- understand the issues that may arise during the course of an audit that could require an Emphasis of
Matter or Other Matter paragraph to be included in the audit report, and
- identify Key Audit Matters (KAM) that are required to be disclosed in an auditor’s report.
Candidates will not be expected to draft an auditor’s report but may be asked to present reasons for an
unmodified or a modified opinion, or the inclusion of an Emphasis of Matter paragraph.
Candidates attempting the exam may be required to identify and describe the elements of the auditor’s report
and therefore candidates should ensure that they have a sound understanding of the revised ISA 700, Forming
an Opinion and Reporting on Financial Statements.
Candidates may also be presented with extracts from an auditor’s report and be asked to critically appraise the
extracts, or challenge the proposed audit opinion.
Form of opinion
Unmodified opinion The auditor shall express an unmodified opinion when the auditor concludes that
the financial statements are prepared, in all material respects, in accordance with
the applicable financial reporting framework.
-qualified (a) concludes that, based on the audit evidence obtained, the financial statements
as a whole are not free from material misstatement; or
-Adverse
(b) is unable to obtain sufficient appropriate audit evidence to conclude that the
-Disclaimer financial statements as a whole are free from material misstatement, the auditor
shall modify the opinion in the auditor’s report in accordance with ISA 705
(Revised).
Inability to obtain appropriate and sufficient evidence: The auditor was not able to get sufficient appropriate
audit evidence on which to base the opinion. The auditor’s inability to obtain sufficient appropriate audit
evidence is also referred to as a limitation on the scope of the audit and could arise from:
Pervasive: This is a term used to describe the effects or possible effects on the financial statements of
misstatements or undetected misstatements (i.e. due to an inability to obtain sufficient appropriate audit
evidence). There are three types of pervasive effect:
o Those that are not confined to specific elements, accounts or items in the financial
statements.
o Those that are confined to specific elements, accounts or items in the financial statements
and represent or could represent a substantial portion of the financial statements.
o Those that relate to disclosures which are fundamental to users understanding of the
financial statements.
Wording
In our opinion, the financial statements present fairly, in all material respects, (or
give a true and fair view of) the financial position of ABC Company as of December
31, 20X1, and (of) its financial performance and its cash flows for the year then
ended in accordance with International Financial Reporting Standards.
Wording:
QUALIFIED OPINION
In our opinion, except for the effects of the matter described in the Basis of
Qualified Opinion paragraph the financial statements present fairly, In all
material respects, (or give a true and fair view of) the financial position of ABC
Company as at December 31, 20X1 and (of) its financial performance and its cash
flows for the year then ended in accordance with International Financial Reporting
Standards.
Opinion: Adverse
Wording:
ADVERSE OPINION
In our opinion, because of the significance of the matter discussed in the Basis of
Adverse Opinion paragraph, the consolidated financial statements do not present
fairly (or do not give a nature and fair view of) the financial position of ABC
Company and its subsidiaries as at December 31, 20X1 and (of) their financial
performance and their cash flows for the year then ended in accordance with
International Financial Reporting Standards.
Opinion: Disclaimer
Wording:
DISCLAIMER OF OPINION
Because of the significance, of the matters described in the Basis for Disclaimer of
Opinion paragraph, we have not been able to obtain sufficient appropriate audit
evidence to provide a basis for an audit opinion. Accordingly, we do not express an
opinion on the financial statements
Emphasis of Matter paragraph :A paragraph included in the auditor’s report that refers to a matter
appropriately presented or disclosed in the financial statements that, in the auditor’s judgment, is of such
importance that it is fundamental to users’ understanding of the financial statements.
If the auditor considers it necessary to draw users’ attention to a matter presented or disclosed in the financial
statements that, in the auditor’s judgment, is of such importance that it is fundamental to users’ understanding
of the financial statements, the auditor shall include an Emphasis of Matter paragraph in the auditor’s report
provided:
- The auditor would not be required to modify the opinion in accordance with ISA 705 (Revised) as a
result of the matter; and
- When ISA 701 applies, the matter has not been determined to be a key audit matter to be
communicated in the auditor’s report. (When ISA 701 applies, the use of Emphasis of Matter paragraphs
is not a substitute for a description of individual key audit matters.)
When the auditor includes an Emphasis of Matter paragraph in the auditor’s report, the auditor shall:
(a) Include the paragraph within a separate section of the auditor’s report with an appropriate heading that
includes the term “Emphasis of Matter”;
(b) Include in the paragraph a clear reference to the matter being emphasized and to where relevant disclosures
that fully describe the matter can be found in the financial statements. The paragraph shall refer only to
information presented or disclosed in the financial statements; and
(c) Indicate that the auditor’s opinion is not modified in respect of the matter emphasized.
Examples of circumstances where the auditor may consider it necessary to include an Emphasis of Matter
paragraph are
Other Matter paragraph – A paragraph included in the auditor’s report that refers to a matter other than those
presented or disclosed in the financial statements that, in the auditor’s judgment, is relevant to users’
understanding of the audit, the auditor’s responsibilities or the auditor’s report.
If the auditor considers it necessary to communicate a matter other than those that are presented or disclosed
in the financial statements that, in the auditor’s judgment, is relevant to users’ understanding of the audit, the
auditor’s responsibilities or the auditor’s report, the auditor shall include an Other Matter paragraph in the
auditor’s report, provided:
(b) When ISA 701 applies, the matter has not been determined to be a key audit matter to be communicated in
the auditor’s report.
When the auditor includes an Other Matter paragraph in the auditor’s report, the auditor shall include the
paragraph within a separate section with the heading “Other Matter,” or other appropriate heading.
1. Relevant to Users’ Understanding of the Audit: In the rare circumstance where the auditor is unable to
withdraw from an engagement even though the possible effect of an inability to obtain sufficient
appropriate audit evidence due to a limitation on the scope of the audit imposed by management is
pervasive,the auditor may consider it necessary to include an Other Matter paragraph in the auditor’s
report to explain why it is not possible for the auditor to withdraw from the engagement.
2. Relevant to Users’ Understanding of the Auditor’s Responsibilities or the Auditor’s Report: Law,
regulation or generally accepted practice in a jurisdiction may require or permit the auditor to elaborate
on matters that provide further explanation of the auditor’s responsibilities in the audit of the financial
statements or of the auditor’s report thereon.
3. Reporting on more than one set of financial statements: An entity may prepare one set of financial
statements in accordance with a general purpose framework (e.g., the national framework) and another
set of financial statements in accordance with another general purpose framework (e.g., International
Financial Reporting Standards), and engage the auditor to report on both sets of financial statements. If
the auditor has determined that the frameworks are acceptable in the respective circumstances, the
auditor may include an Other Matter paragraph in the auditor’s report, referring to the fact that another
set of financial statements has been prepared by the same entity in accordance with another general
purpose framework and that the auditor has issued a report on those financial statements.
5. Prior Period Financial Statements Not Audited : If the prior period financial statements were not audited,
the auditor shall state in an Other Matter paragraph in the auditor’s report that the corresponding figures
are unaudited. Such a statement does not, however, relieve the auditor of the requirement to obtain
sufficient appropriate audit evidence that the opening balances do not contain misstatements that
materially affect the current period’s financial statements
1. The auditor’s responsibilities – A statement that the auditor is responsible for forming and
in relation to the financial expressing an opinion on the financial statements.
statements – That the auditor’s work is carried out in accordance with ISAs and in
accordance with local laws and regulations.
The lists of examples listed under the above headings are not exhaustive and in practice many more specific
matters would be communicated to those charged with governance such as:
Key audit matters: Those matters that, in the auditor’s professional judgment, were of most significance in the
audit of the financial statements of the current period. Key audit matters are selected from matters
communicated with those charged with governance.
Objectives: The objectives of the auditor are to determine key audit matters and, having formed an opinion on
the financial statements, communicate those matters by describing them in the auditor’s report.
Determining KAM
The auditor shall determine, from the matters communicated with those charged with governance, those
matters that required significant auditor attention in performing the audit. In making this determination, the
auditor shall take into account the following:
1. Areas of higher assessed risk of material misstatement, or significant risks identified in accordance with
ISA 315 (Revised).
2. Significant auditor judgments relating to areas in the financial statements that involved significant
management judgment, including accounting estimates that have been identified as having high
estimation uncertainty.
3. The effect on the audit of significant events or transactions that occurred during the period.
4. Other considerations
COMMUNICATING KAM
Once the auditor has determined which matters will be included as KAM, the auditor must ensure that each
matter is appropriately described in the auditor’s report including a description of:
1. Why the matter was determined to be one of most significance and therefore a key audit matter, and
2. How the matter was addressed in the audit (which may include a description of the auditor’s approach,
a brief overview of procedures performed with an indication of their outcome and any other key
observations in respect of the matter).
Column C explains the impact of various issues on the report-this will be in addition to Column B and C.
4 Basis for Opinion - Conducted audit according to ISAs Heading changes: Basis for
- Our responsibilities described in a Qualified/Adverse/Disclaimer Opinion
separate paragraph Nature, amount, impact and
- We are independent in accordance reference to accounting
with IESBA code of ethics/local codes standard given
- SAE gathered to provide a basis for
the opinion
Material uncertainty relating to going
concern” paragraph (if needed)
OMP
- placed here ( always AFTER Key audit
10 Engagement
partner’s name
11 Signatures
12 Auditor’s
address
13 Date
Audit sampling can be applied using either a statistical or a non-statistical approach. It involves testing a smaller
number of items and using the results to draw a conclusion about the whole balance or class of transactions.
It is necessary for auditors to sample as it is impossible to select all items for testing as this would take the audit
team too long and it would cost too much.
In addition, auditors do not provide 100% assurance in their audit report about the financial statements, they
only provide reasonable assurance and hence it is not necessary to test every item within a population.
Audit sampling is also widely known to reduce the risk of ‘over-auditing’ in certain areas, and enables a much
more efficient review of the working papers at the review stage of the audit.
In devising their samples, auditors must ensure that the sample selected is representative of the population. If
the sample is not representative of the population, the auditor will be unable to form a conclusion on the entire
population.
SAMPLING RISK
Sampling risk is the risk that the auditor’s conclusions based on a sample may be different from the conclusion if
the entire population were the subject of the same audit procedure.
ISA 530 recognises that sampling risk can lead to two types of erroneous conclusions:
1. The auditor concludes that controls are operating effectively, when in fact they are not. In substantive testing,
the auditor may conclude that a material misstatement does not exist, when in fact it does. These erroneous
conclusions will more than likely lead to an incorrect opinion being formed by the auditor.
2. The auditor concludes that controls are not operating effectively, when in fact they are. In terms of
substantive testing, the auditor may conclude that a material misstatement exists when, in fact, it does not.
Non-sampling risk is the risk that the auditor forms the wrong conclusion, which is unrelated to sampling risk. An
example of such a situation would be where the auditor adopts inappropriate audit procedures, or does not
recognise a control deviation.
Random selection: This method of sampling ensures that all items within a population stand an equal chance of
selection by the use of random number tables or random number generators. The sampling units could be
physical items, such as sales invoices or monetary units.
Systematic selection: This is a method of selection in which the auditor selects items using a constant interval
between selections. The first item may be selected on a random or haphazard basis, and thereafter the sampling
interval is derived by the auditor, for example, by dividing the population by the sample size.
Haphazard selection: The auditor selects the sample without following a structured technique – the auditor
would avoid any conscious bias or predictability.
Block selection: This involves selection of a block(s) of contiguous items from within the population. Block
selection cannot ordinarily be used in audit sampling because most populations are structured such that items in
a sequence can be expected to have similar characteristics to each other, but different characteristics from
items elsewhere in the population.
Monetary Unit Sampling: This is a type of value-weighted selection in which sample size, selection and
evaluation results in a conclusion in monetary amounts. This selection method ensures that each individual $1 in
the population has an equal chance of being selected.
The ISA goes on to specify that a sampling approach that does not possess the characteristics in (i) and (ii) above
is considered non-statistical sampling.
The advantages of using statistical sampling rather than judgemental sampling (non-statistical sampling) include:
(1) The size of the sample is determined objectively having regard to the degree of risk associated with the area
being tested.
i. Where there is a statutory requirement to disclose specific items in the financial statements, for
example directors’ remuneration.
ii. Where the population is very small and the results from sampling could not be relied on, for example
when conducting certain compliance tests.
iii. Where the population is small in number but comprises material individual balances or transactions, for
example property additions.
iv. Where the population is not homogenous and requires subdivision before sampling can be attempted,
for example purchase invoices and credit notes.
v. When the auditor is put ‘on enquiry’ for example when testing for fraud.
vi. Where the costs of sampling outweigh the benefits as compared to 100% testing.
EXTRAPOLATION: Extrapolation takes the result of a sample and projects that result over the whole population.
Imagine total sales are $10m. You select a sample of $1m (10% of the population) to test. If errors of $37k are
found in the sample, it could be inferred by extrapolation that there are errors of $370k in the total population.
Extrapolation can only be applied to statistical sampling.
The extent to which an auditor may choose between using CAATs and manual techniques on a specific audit
engagement depends on the following factors:
--the level of CAATs carried out by the audit client’s internal audit function and the extent to which the external
auditor can rely on this work
Test data Audit test data is used to test the existence and effectiveness of controls built
into an application program used by an audit client.
As such, dummy transactions are processed through the client’s computerised system. The
results of processing are then compared to the auditor’s expected results to determine
whether controls are operating efficiently and systems’ objectiveness are being achieved.
For example, two dummy bank payment transactions (one inside and one outside authorised
parameters) may be processed with the expectation that only the transaction processed
within the parameters is ‘accepted’ by the system. Clearly, if dummy transactions processed
do not produce the expected results in output, the auditor will need to consider the need for
increased substantive procedures in the area being reviewed.
Test data should contain valid data ( to ensure the system processes it correctly) and invalid
data (to ensure system rejects it).
Live test data: data processed on the client’s system during a normal production run
Dead test data: data processed at a time when the normal production run is not taking place
Integrated test facility: the auditor may seek permission from the client to establish an
integrated test facility within the accounting system. This entails the establishment of a
dummy unit, for example, a dummy supplier account against which the auditor’s test data is
processed during normal processing runs.
Computer programs designed to carry out tests of control and/or substantive procedures
Enquiry programs
These programs are integral to the client’s accounting system; however they may be adapted
for audit purposes. For example, where a system provides for
the routine reporting on a ‘monthly’ basis of employee starters and leavers,
this facility may be utilised by the auditor when auditing salaries and wages in the client’s
financial statements. Similarly, a facility to report trade payable (creditor) long outstanding
balances could be used by an auditor when verifying the reported value of creditors
Calculation checks- To ensure that overhead costs are totalled correctly in the general ledger.
Selection of items for testing – To select trade receivables accounts for circularisation, to
verify the existence of trade receivables.
Detecting violation of system rules – For example, where other people besides the
accountant have been overriding overtime payments or employees amending their own gross
wages.
1. Enable the auditor to test program controls – if CAATs were not used then those controls would not be
testable.
2. Enable the auditor to test a greater number of items quickly and accurately. This will also increase the
overall confidence for the audit opinion.
3. Allow the auditor to test the actual accounting system and records rather than printouts which are only
a copy of those records and could be incorrect.
4. Are cost effective after they have been setup as long as the company does not change its systems.
5. Allow the results from using CAATs to be compared with ‘traditional’ testing – if the two sources of
evidence agree then this will increase overall audit confidence
Fraud: ISA 240 (Redrafted) defines fraud as: ‘An intentional act by one or more individuals among management,
those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or
illegal advantage.’
Two types of intentional misstatements are relevant to the auditor – misstatements resulting from fraudulent
financial reporting and misstatements resulting from misappropriation of assets.
Fraudulent financial reporting often involves management override of controls that otherwise may appear to be
operating effectively. Fraud can be committed by management overriding controls using such techniques as
intentionally:
Recording fictitious journal entries, particularly close to the end of an accounting period, to manipulate
operating results or achieve other objectives.
Inappropriately adjusting assumptions and changing judgments used to estimate account balances.
Omitting, advancing or delaying recognition in the financial statements of events and transactions that
have occurred during the reporting period.
Omitting, obscuring or misstating disclosures required by the applicable financial reporting framework,
or disclosures that are necessary to achieve fair presentation.
Concealing facts that could affect the amounts recorded in the financial statements.
Engaging in complex transactions that are structured to misrepresent the financial position or financial
performance of the entity
Misappropriation of assets involves the theft of an entity’s assets and is often perpetrated by employees in
relatively small and immaterial amounts. However, it can also involve management who are usually more able
to disguise or conceal misappropriations in ways that are difficult to detect. Misappropriation of assets can be
accomplished in a variety of ways including:
• Stealing physical assets or intellectual property (for example, stealing inventory for personal use or for sale,
stealing scrap for resale, colluding with a competitor by disclosing technological data in return for payment).
• Causing an entity to pay for goods and services not received (for example, payments to fictitious vendors,
kickbacks paid by vendors to the entity’s purchasing agents in return for inflating prices, payments to
fictitious employees).
• Using an entity’s assets for personal use (for example, using the entity’s assets as collateral for a personal
loan or a loan to a related party).
The main focus of audit work is to ensure that the financial statements show a true and fair view. The detection
of fraud is therefore not the main focus of the external auditor’s work.
Learn!
1. In accordance with ISA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements,
external auditors are responsible for obtaining reasonable assurance that the financial statements taken as a
whole are free from material misstatement, whether caused by fraud or error.
2.In order to fulfil this responsibility, they are required to identify and assess the risks of material misstatement
of the financial statements due to fraud.
3.They need to obtain sufficient appropriate audit evidence regarding the assessed risks of material
misstatement due to fraud, through designing and implementing appropriate responses. In addition, auditors
must respond appropriately to fraud or suspected fraud identified during the audit.
4.When obtaining reasonable assurance, auditors are responsible for maintaining professional scepticism
throughout the audit, considering the potential for management override of controls and recognising the fact
that audit procedures which are effective in detecting error may not be effective in detecting fraud.
5. To ensure that the whole engagement team is aware of the risks and responsibilities for fraud and error, ISAs
require that a discussion is held within the team, placing particular emphasis on how and where the entity’s
financial statements may be susceptible to material misstatement due to faud, including how fraud might occur
1. Report to audit committee: Disclose the situation to the audit committee as they are charged with
maintaining a high standard of governance in the company. The committee should be able to discuss the
situation with the directors and recommend that they take appropriate action
2. Report to members: If the financial statements do not show a true and fair view then the auditor needs
to report this fact to the members through their audit report.
3. Report to professional body: If the auditor is uncertain as to the correct course of action, advice may be
obtained from the auditor’s professional body.
Commenting on the process used by management to identify and classify the specific fraud and error
risks to which the entity is subject (and in some cases helping management develop and implement that
process)
commenting on the appropriateness and effectiveness of actions taken by management to manage the
risks identified (and in some cases helping management develop appropriate actions by making
recommendations)
periodically auditing or reviewing systems or operations to determine whether the risks of fraud and
error are being effectively managed
monitoring the incidence of fraud and error, investigating serious cases and making recommendations
for appropriate management responses.
In practice, the work of internal audit often focuses on the adequacy and effectiveness of internal control
procedures for the prevention, detection and reporting of fraud and error. It should be recognised, however,
that many significant frauds bypass normal internal control systems and that, in the case of management fraud
in particular, much higher level controls (those relating to the high level governance of the entity) need to be
reviewed by internal audit in order to establish the nature of the risks and to manage them effectively.
An important part of an external audit is the consideration by the auditor as to whether the client has complied
with laws and regulations.
Key points
Management’s responsibility: Management have a responsibility to ensure that the operations of The client are
conducted in accordance with the provisions of laws and regulations. This includes compliance with laws and
regulations that determine amounts and disclosures in financial statements, including tax liabilities and charges.
Auditor’s responsibility: Auditors are not responsible for preventing non-compliance with laws and regulations,
and cannot be expected to detect non-compliance with all laws and regulations.
They have a responsibility to obtain reasonable assurance that the financial
statements are free from material misstatement, whether caused by fraud or error.
Auditor’s responsibility differs in relation to the two different categories of laws and regulations identified
below:
1. Laws and regulations which have a DIRECT effect on the determination of material amounts and
disclosures in financial statements. Here the auditor is responsible for obtaining sufficient appropriate
audit evidence regarding compliance.
2. Laws and regulations which DO NOT HAVE A DIRECT EFFECT on the determination of material amounts
and disclosures in financial statements, but may impact the entity’s ability to continue to trade. Here the
auditor’s responsibility is limited to specified audit procedures to help identify non-compliance with
those laws and regulations that may have a material effect on the financial statements. This includes
inquiring with management whether the entity is in compliance with such laws and regulations, and
inspecting correspondence with relevant licensing or regulatory authorities.
The auditor also has a responsibility to remain alert, by maintaining professional scepticism, to the possibility
that other audit procedures may bring instances of identified or suspected non-compliance with laws and
regulations.
Such laws and regulations will have both a direct effect on the financial statements and an indirect effect.
Gather sufficient and appropriate audit The auditor will undertake procedures with the objective of
evidence that the entity has complied with identifying non-compliance with such laws and regulations. ISA
such laws and regulations. For example, 250 gives examples of:
when auditing the payroll the auditor will be compliance with the terms of an operating license
concerned with gathering sufficient and compliance with regulatory solvency requirements, or
appropriate audit evidence to ensure that tax
compliance with environmental regulations.
legislation has been correctly applied by the
entity because if it has not (there is risk that
the entity could be fined for non-compliance When designing procedures to help to identify non-compliance
and the fines could be material, either in with laws and regulations, the auditor should obtain a general
isolation or when aggregated with other understanding of:
misstatements. In addition, amounts within the applicable legal and regulatory framework, and
the financial statements may also be how the entity complies with that framework.
misstated as a result of the non-compliance
with laws and regulations.
the auditor must maintain a degree of professional scepticism
and remain alert to the possibility that other audit procedures
applied may bring instances of non-compliance or suspected
non-compliance with laws and regulations to the auditor’s
attention, and such procedures could include:
reading minutes of board meetings
enquiring of management and/or legal advisers
concerning litigation or claims brought against the entity,
and
undertaking substantive tests on classes of transactions,
account balances or disclosures.
1. Provides evidence of the auditor’s basis for a conclusion about the achievement of the overall objective
of the audit.
2. Provides evidence that the audit was planned and performed in accordance with ISAs and applicable
legal and regulatory requirements.
3. Assists the engagement team to plan and perform the audit.
4. Assists members of the engagement team responsible for supervision to direct, supervise and review
the audit work.
5. Enables the engagement team to be accountable for its work.
6. Retains a record of matters of continuing significance to future audits.
2. Year-end date – identifies the year end to which the audit working papers relate.
3. Subject – identifies the area of the financial statements that is being audited, the topic area of the
working paper, such as receivables circularisation.
4. Working paper reference – provides a clear reference to identify the number of the working paper, for
example, R12 being the 12th working paper in the audit of receivables.
5. Preparer – identifies the name of the audit team member who prepared the working paper, so any
queries can be directed to the relevant person.
6. Date prepared – the date that the audit work was performed by the team member; this helps to identify
what was known at the time and what issues may have occurred subsequently.
7. Reviewer – the name of the audit team member who reviewed the working paper; this provides
evidence that the audit work was reviewed by an appropriate member of the team.
8. Date of review – the date the audit work was reviewed by the senior member of the team; this should
be prior to the date that the audit report was signed.
9. Objective of work/test – the aim of the work being performed, could be the related financial statement
assertion; this provides the context for why the audit procedure is being performed.
11. Results of work performed – whether any exceptions arose in the audit work and if any further work is
required.
12. Conclusion – the overall conclusion on the audit work performed, whether the area is true and fair.
The working papers should be so prepared so as to enable an experienced auditor, with no previous
connection to the audit, to understand:
-The nature, timing and extent of the audit procedures performed to comply with the International Standard on
Auditing (ISA).
-The results of the audit procedures and audit evidence obtained.
-Significant matters resulting during the audit and the conclusions expressed thereon.
The files in which all the working papers are put are termed audit files.
Information concerning legal structure of entity (e.g., Memorandum and Articles of Association).
Other documents of continuing importance:
o terms of engagement;
o minutes of important meetings;
o debenture deeds;
o title deeds and lease agreements;
o royalty agreements.
Descriptions of nature and history of client's business, locations and products.
A list of client's investments (if any).
Organisation charts, with extra details for finance department.
Main accounting records, showing where kept and of what type (e.g., handwritten, computerised).
Copies of previous financial statements and auditor's reports thereon.
Previous reports to management (detailing weaknesses found in the accounting system.
Client's other professional advisers.
Client's insurance cover details.
Significant ratios and trends.
Accounting systems descriptions in flow chart and narrative form.
Internal controls evaluation data: questionnaires and checklists.
Principal accounting policies.
The current file which is broadly concerned with the accounts being audited. This generally serves an immediate
purpose. It generally contains the following papers:
Examples of the working papers ordinarily contained in a typical current audit file include:
- Evidence of the planning process including audit programmes and any changes thereto.
- Evidence of the auditor’s consideration of the work of internal auditing and conclusions reached.
- Analyses of transactions and balances.
- Analyses of significant ratios and trends.
- The identified and assessed risks of material misstatements at the financial statement and assertion
level.
- A record of the nature, timing and extent of audit procedures performed in response to risks at the
assertion level and the results of such procedures.
- Evidence that the work performed by assistants was supervised and reviewed
- An indication as to who performed the audit procedures and when they were performed.
- Details of audit procedures applied regarding components whose financial statements are audited by
another auditor.
- Copies of communications with other auditors, experts and other third parties.
- Copies of letters or notes concerning audit matters communicated to or discussed with management or
those charged with governance, including the terms of the engagement and material weaknesses in
internal control.
- Letters of representation received from the entity.
- Conclusions reached by the auditor concerning significant aspects of the audit, including how exceptions
and unusual matters, if any, disclosed by the auditor’s procedures were resolved or treated.
- Copies of the financial statements and auditor’s report.
1. Maintain a log
2. Prevent unauthorised changes to the documentation
3. Protection from theft: passwords, access restrictions
4. Retention of working papers: minimum 5 years
2 Ethical requirements Engagement Partner to ensure independence not compromised throughout the
audit
3 Acceptance/ Matters to consider before accepting new clients/continuing with previous clients
continuance of client
4 HR policies Engagement Partner should have skills, authority, time required for audit. He
should also ensure the team has relevant skills
5 Engagement a) Direction
performance - Set by Engagement Partner
- Set in the planning meeting
- Responsibilities assigned to team
- Objective of work to be done communicated
- Risks
- Team told how to deal with problems as they arise
b) Supervision
- Should be continuous
- Ensure work according to planned approach (The competence and
capabilities of individual members of the engagement team should be
considered, including whether they have sufficient time to carry out
their work, whether they understand their instructions and whether
the work is being carried out in accordance with the planned
approach to the audit.)
- Ensure important matters told to seniors
- Ensure audit approach modified if needed ( based on any significant
matters that may arise during the audit)
- See if consultation is needed.
d) Review
- Hierarchical review (consider whether work has been performed in
accordance with professional standards and other regulatory
requirements and if the work performed supports the conclusions
reached and has been properly documented.)
- Check if objective of work has been achieved
- Ensure conclusions are supported by sufficient appropriate evidence
f) Documentation
- Maintain and retain all documentation ( working papers)
- Ensure confidentiality
6 Monitoring -The firm should ensure quality control procedures are adequate and complied
with.
Corporate governance is the system by which companies are directed and controlled.
Good corporate governance ensures that stakeholders with a relevant interest in the company are fully taken
into account
According to the UK Corporate Governance Code the ‘purpose of corporate governance is to facilitate effective,
entrepreneurial and prudent management that can deliver the long-term success of the company’.
Corporate governance considers the responsibilities of directors, how the board of directors should be run and
structured, the need for good internal controls and the relationship with external auditors.
It is important for companies to consider good corporate governance principles as often it is management or
those charged with governance who run the company, but the owners are the shareholders and they are not
involved in the running of the business.
For these shareholders their only opportunity to raise concerns is at the annual general meeting, which only
occurs once a year and often attendance is low.
Shareholders need to ensure that their needs are taken into account by management, and that there is a
process in place for them to be informed as to how the business is operating.
Corporate governance represents the set of policies and procedures that determine how an organisation is
directed, administered and controlled.
Although the contents of corporate governance will vary from organisation to organisation, almost all will have
the following components: Accountability, compliance, transparency and integrity
TCWG: Those “charged with governance” are defined as the persons who are “accountable for ensuring that
the entity achieves its objectives, with regard to reliability of financial reporting, effectiveness and efficiency of
operations, compliance with applicable laws, and reporting to interested parties.”
Although there is no universal rule, in most instances these persons will either be the board of directors and/or
the audit committee
Board of Directors
The ENTIRE board responsible for F/S, fraud prevention and detection, ICS, ethics, compliance etc.
Executive Directors: Remuneration package ( Basic Salary, Benefits in kind, Performance linked elements in
short term as well as long term, Retirement benefits)
Non-Executive Directors ( should be independent: No familiarity with the executive management, no financial
interest in company except a fixed fee for directors’ duties, not business relationship, not been an employee in
the recent past, can serve for maximum 9 years)
2. Balance in the board: equal number of EDs and NEDs excluding the independent Chairman
a) Audit Committee
b) Remuneration Committee
c) Risk Committee
d) Nomination Committee
- Induction
- CPD
6. Regular board meetings ( with agenda and minutes). No single individual should dominate discussions.
Provisions of international codes of corporate governance (such as OECD) that are most relevant to auditors.
An executive director: an executive director is a director responsible for the administration of a company.
They are primarily responsible for carrying out the strategic plans and policies as established by the board of
directors.
- The roles of chairman and CEO should not be performed by the same
individual. The roles of chairman (NED) and chief executive(ED) are both very
important and carry significant responsibilities; hence this prevents too much
power residing in the hands of one individual.
- All directors should receive induction training when they first join the board
so that they are fully aware of their responsibilities.
- The shareholders should review on a regular basis that the composition of the
board of directors is appropriate, and they do this by re-electing directors
every three years ( retirement by rotation).
Director’s No director should be involved in setting their own remuneration as this may result in
remuneration excessive levels of pay being set.
Levels of remuneration should be sufficient to attract and retain the directors needed
to run the company successfully, but companies should avoid paying more than is
necessary for this purpose. A proportion of executive directors’ remuneration should
be structured so as to link rewards to corporate and individual performance.
Internal control The board should maintain a safe and registered system of internal control to
safeguard the shareholders’ investment and the company’s assets.
Audit committee and i. The board should establish an audit committee of at least three directors, all non-
auditors executive, with written terms of reference which deal clearly with its authority and
duties.
ii. The audit committee should monitor and review the internal audit and the reports
prepared by the internal audit team.
iii. With regard to the external auditors, the audit committee should
-Recommend their appointment.
-Approve their remuneration and terms of engagement.
-Monitor and review their independence, objectivity and effectiveness.
Relations with All members of the board should be involved in ensuring that satisfactory dialogue
shareholders occurs with shareholders (for example all should attend meetings with shareholders).
Constructive use of the AGM: Boards should use the AGM to communicate with
private investors and encourage their participation.
Institutional investors Shareholder voting: Institutional shareholders have a responsibility to make careful
use of their votes.
Code provisions
i. Institutional shareholders should, on request, make available to their clients the
information on the proportion of resolutions on which votes were cast and non-
discretionary proxies lodged.
ii. Institutional shareholders should take steps to ensure that their voting intentions
are being translated into practice.
Composition: entirely NEDs-at least one of them should have recent and relevant financial experience.
4. It reviews control systems (internal controls, internal financial controls, risk management)
6. The audit committee should also review the procedures in place for whistle-blowing within the
company.
1. Improves Public confidence in the credibility and objectivity of the financial statements. (They can create
a climate of discipline and control and reduce the opportunity for fraud)
2. It will help to improve the quality of the financial reportingguidance to BOD
3. An audit committee can help to improve the internal control environment of the company. The audit
committee is able to devote more time and attention to areas such as internal controls.
4. Helps in risk management: The audit committee can also provide advice on risk management to the
executive directors.
5. The audit committee will be responsible for appointing the external auditors and this will strengthen the
auditors’ independence and contribute to a channel of communication and forum of issues.
6. The NEDs bring considerable external experience to the board as well as challenging the decisions of
executive directors and contributing to independent judgements.
1. Although audit committees do oversee the work of auditors (both internal and external) they do not
have the authority to appoint or dismiss them. This limits the amount of power the committee has over
the organisation’s auditors.
2. Audit committees generally do not have as much technical expertise and knowledge as the auditors
they are overseeing.
3. Independent directors often do not have as thorough a knowledge of the organisation’s operations and
functioning as executive directors.
4. Most of the members of the audit committee are non-executive directors. The board may feel that the
audit committee has been formed to limit its powers and allow outsiders to run the company.
5. The non-executive directors have to be paid more for carrying out the responsibilities associated with
the audit committee. Hence, it increases the cost of the organisation.
It functions by, amongst other things, examining, evaluating and reporting to management and the
directors on the adequacy and effectiveness of components of the accounting and internal control systems
( Internal Audit is NOT a regulatory requirement BUT is a corporate governance best practice guideline)
There is NO requirement for internal auditor to be professionally qualified.
INDEPENDENCE
1. Identify the risks which may occur if there are no controls in place
2. Identify controls in place
3. Evaluate whether the controls in place reduce the risk to an acceptable level, i.e. they are adequate.
4. Evaluate whether the controls are working effectively.
5. Report
1. Reviewing adequacy and effectiveness of financial and operational internal control systems
3. Examining operating and financial information (is it reliable, adequate, timely? How is it identified and
communicated?)
4. Review of compliance with laws, regulations and other external requirements and with management
policies and directives and other internal requirements.
Will it be cost-beneficial?
Consider the size and complexity of operations as well as number of employees- is more
monitoring needed due to increased chances of fraud and error?
Have key risks and processes changed? Internal audit can help in risk assessment and in
reviewing controls.
Need of special assignments that normally internal audit carries out. The ability of current
management to carry out these assignments will need to be considered. If they do not have the
ability, an IA department may be needed.
IA should report to the Audit Committee. The AC will monitor if internal audit is effective. If there is no
IA department, the AC should determine whether there is need for one. In case they believe the internal
audit department is not required, it needs to explain the reason for this in the annual report.
The IA department checks reports that are not audited by the external auditors.
It can help the board with regards to accounting and auditing standards when required.
IA can liaison with external auditors which can reduce the time and cost of external audit.
Objective The main objective of internal audit is to improve The main objective of the external
a company’s operations, primarily in terms of auditor is to express an opinion on
validating the efficiency and effectiveness of the the truth and fairness of the
internal control systems of a company. financial statements, and
other jurisdiction specific
requirements.
Report to Internal audit reports are normally addressed to External audit reports are provided
the board of directors, or other people charged to the shareholders of a company.
with governance such as the audit committee. The report is attached to the annual
Those reports are not publicly available, being financial statements of the
confidential between the internal auditor and company and is therefore publicly
the recipient. available to the shareholders and
any reader of the financial
statements.
Scope The work of the internal auditor normally relates The work of the external auditor
to the operations of the organisation, including relates only to the financial
the transaction processing systems and the statements of the organisation.
systems to produce the annual financial
statements. The internal auditor may also However, the internal control
provide other reports to management, such as systems of the organisation will be
value for money audits which external auditors tested as these provide evidence on
rarely become involved with. the completeness and accuracy of
the financial statements.
IA ensures risk management systems are operating effectively and that the strategies implemented for business
risks are operating effectively.
Business risk (risk that the company’s objectives are not met or strategy not executed properly or inappropriate
objectives and strategies were set).
Limitations of IA
Advantages
- Greater expertise, specialist skills and access to better audit technology without extra cost available
- Cost:
- The risk of staff turnover is passed on to the firm
- Lesser cost of training staff and retaining permanent staff
- Can budget better.
- May be more independent
- Lesser management time consumed in administering the department
- IA will be immediately available (also good for short term)
- The contract can be set for an appropriate time scale
- Flexibility in terms of that the staff can be called in according to workload
1. May not be independent if the same firm is offering external audit and internal audit
2. May be more expensive
3. The firm will not have in-depth knowledge of the company
4. Lesser control by the management over the standard of service
5. May have confidentiality issues
6. If the company has an existing IA department:
- they may face opposition from the other staff
- In-house skills will be lost
- Redundancy costs if these staff members cannot be re-allocated other roles
1. VFM audit : A value for money audit focuses on whether the best combination of services has been
obtained for the lowest level of resources. In performing a value for money audit there are three areas
which an auditor will commonly focus on being economy, efficiency and effectiveness, and these are
known as the three Es.
• Economy: attaining the appropriate quantity and quality of physical, human and financial resources
at the lowest cost
• Efficiency: this is a measure of the relationship between goods and services produced
(outputs) and the resources used to produce them (inputs)
• Effectiveness: how well an activity is achieving its policy objectives or other intended
effects
2. IT audit
4. Financial audit
The scope of internal audit for financial functions may involve internal control topics such as the efficiency of
operations, the reliability of financial reporting, deterring and investigating fraud, identifying errors,
safeguarding assets and compliance with laws and regulations.
ISA 610 Using the Work of Internal Auditors details the factors the external auditors should consider in order to
place reliance on the work of the internal audit (IA) department as follows:
1. Objectivity: They should consider the status of IA within the company and if they are independent of
other departments, in particular the finance department. In addition, consideration should be given as
to who IA reports to, whether this is directly to those charged with governance or to a finance director.
3. Due professional care: The external auditors should consider if the IA department have exercised due
professional care, the work would need to have been properly planned including detailed work
programmes, supervised, documented and reviewed.
4. Communication: In order to place reliance there needs to be effective communication between the
internal auditors and the external auditor. This is most likely to occur when the IA department is free to
communicate openly and regular meetings are held throughout the year.
Areas where external auditor can rely on/use internal auditor’s work:
- External Auditors could look to rely on any internal control documentation produced by
internal audit for changes in the control environment.
- If the IA department has performed test of controls during the year, such as the payroll,
sales and purchase systems, then external auditors could review and possibly place reliance
on this work. This may result in the workload reducing and possibly a decrease in the
external audit fee.
- IA department may have conducted a risk assessment which external auditors could use as
part of their initial planning process.
- External auditors would need to consider the risk of fraud and error and non-compliance
with law and regulations resulting in misstatements in the financial statements. This is also
an area for IA to consider, hence there is scope for the external auditor to review the work
and testing performed by IA to assist in this risk assessment.
- It is possible that the IA department may assist with year-end inventory counting and
controls and so external auditors can place some reliance on the work performed by them,
however, they would still need to attend the count and perform their own reduced testing.
Charities
Unlike publicly traded companies, charities are not required by the Securities and Exchange Commission to
undergo annual audits. Many not-for-profit organizations, however, are required to receive an audit if they
accept certain types of funding or earn a large amount of revenue. A positive audit opinion can increase donor
and board member confidence in the non-profit's operations. An audit may also be required by the regulators (
the charity commission for example).
The auditor should clarify who the addresses of the report will be along with the scope of the engagement.
- Inherent risk can be high in not-for-profit organizations that must report certain results to continue
receiving grants.
- Non-profits that pay low wages may have trouble attracting qualified accountants
- Higher level of cash transactions.
- Income – completeness problem.
- Lack of predictability regarding future income/expenditure. (analytical procedures aren’t very useful
here!)
- Potential restrictions regarding activities/use of income.
- Restricted number of employees so segregation of duties difficult
- Auditors should evaluate not only the number of people involved in the accounting process but the
level of supervision. If no one is approving junior-level accounting staff entries, mistakes are less
likely to be caught.
- Volunteer staff: Risks regarding their competence, training, lack of trust
- Informal environment
- Trustees (the time they give to the org, skills, qualifications, frequency of meetings, independence
from each other)
- Auditors typically test a variety of accounts and transactions. They should pay special attention to
revenue accounts when auditing a nonprofit. Nonprofit entities have different sources of revenue
than their for-profit counterparts, and all employees may not be familiar with the revenue
recognition rules for donations and grants. Auditors should check to see if the nonprofit has
The planning procedures undertaken for not-for-profit organisations will differ very little from those for profit
making organisations.
However, the auditor should have specific regard to any laws, regulations or guidelines imposed on the entity by
any regulatory body.
The scope of the auditor's work will be detailed in the engagement letter.
Risk assessment
The auditor should, during the planning stage, fully assess the risks associated with the not for-profit
organisation.
INHERENT RISK
Reporting
For incorporated not-for-profit organisations, the reporting requirements of ISA 700 the independent auditor's
report on a complete set of general purpose financial statements apply.
Additionally, the reporting requirements of the governing body will need to be encompassed in the auditor's
report.
For organisations not incorporated under statute, the auditor or review report will be determined in accordance
with the terms of appointment detailed in the letter of engagement.
Management letter
Board of Directors
XYZ Co
Address line 1
Address line 2
Address line 3
8 August 20XX
Dear Sirs,
This report is solely for the use of management and if you have any further questions, then please do not
hesitate to contact us.
Yours faithfully
An audit firm
ABC plc
Address line 1
Address line 2
Address line 3
Date
Dear Shareholders,
Subject
Do not start the letter right away. You need to have a formal introduction
Thank you
Yours sincerely
Mr. A
(Designation)
Memorandum
From:
To:
CC:
Date: DD/MM/YYYY
Subject: _____________________________:
Introduction
Explanation
Sincerely
AB