CPA I1.4 AUDITING Study Manual
User Manual:
Open the PDF directly: View PDF 
.
Page Count: 201
| Download | |
| Open PDF In Browser | View PDF |
CPA Certified Public Accountant Examination Stage: Intermediate Level I1.4 Subject Title: Auditing Study Manual INSIDE COVER - BLANK INTRODUCTION INSTITUTE OF CERTIFIED PUBLIC ACCOUNTANTS OF RWANDA INTERMEDIATE I1 I1.4 AUDITING First Edition 2012 This study manual has been fully revised and updated in accordance with the current syllabus. It has been developed in consultation with experienced lecturers. © CPA Ireland All rights reserved. The text of this publication, or any part thereof, may not be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, storage in an information retrieval system, or otherwise, without prior permission of the publisher. Whilst every effort has been made to ensure that the contents of this book are accurate, no responsibility for loss occasioned to any person acting or refraining from action as a result of any material in this publication can be accepted by the publisher or authors. In addition to this, the authors and publishers accept no legal responsibility or liability for any errors or omissions in relation to the contents of this book. Page 1 INTRODUCTION BLANK Page 2 CONTENTS CONTENTS Study Unit Title Page Introduction to Your Course 7 1 Introduction Assurance Levels of Assurance The Audit Function Types of Audits The Limitations of an Audit The need for Regulation Methodology of an Audit ISA 200 13 14 14 15 15 16 17 18 19 2 The Auditor and the Audit Environment Audit Opinion Role of the Auditor Relationships & Responsibilities The Audit Profession International Standards on Auditing Corporate Governance Codes of Best Practice 21 22 23 23 24 25 28 29 3 Auditors Legal, Ethical & Professional Responsibilities – Part 1 Professional & Ethical Responsibilities Statutory Responsibilities & Rights Appointment of Auditors Resignation & Removal of Auditors Auditor Duties & Rights 35 36 43 44 44 46 4 Auditors Legal, Ethical & Professional Responsibilities – Part 2 Auditor’s responsibilities in relation to fraud and for the entities compliance with Laws & Regulations Auditor’s responsibilities defined by case law arising from negligence and Related exposure and consequences Pre-Appointment Procedures Audit Planning and Supervision Materiality Audit Risk and its Components Audit Strategies Knowledge of the entity and its environment Response to assessed risks of material misstatement Documentation Audit Supervision and Review 49 50 5 Page 3 55 58 65 67 69 71 76 79 85 88 CONTENTS Study Unit Title 6 Internal Control – Assessing Control Risk & Tests of Control Internal Control Information Systems, including the Related Business Process relevant to Financial reporting and communication Control Activities Assessing the Risk of Material Misstatement Tests of Control Assessment of impact on audit strategy The recording of control systems Audit Programmes 97 98 100 100 102 7 Financial Statement items – Substantive Procedures Assertions Specific Audit Procedures Balance Sheet items Profit & Loss items Assessment of Misstatements Impact on Audit Reporting 115 116 116 119 137 139 140 8 Audit Execution – Other Considerations Sampling Analytical Review Going Concern Subsequent Events Accounting Estimates Commitments & Contingencies Management Representations Use of Experts Opening Balances Comparatives 141 142 144 146 150 153 154 156 158 161 163 Computer Information Systems Entity computer systems and controls Computer Assisted Audit Techniques (CAAT’s) Audit Reporting Review Considerations Reporting on audited financial statements Key concepts Basic element of report Modified Reports Circumstances giving rise to modified reports Auditors’ responsibilities before and after date of audit report Auditors’ responsibilities for other documents 167 168 175 179 180 183 185 186 188 190 191 191 9 10 Page Page 4 91 92 95 95 CONTENTS Study Unit Title Page 11 Public Sector Auditing The role of the Office of the Auditor General (OAG) 195 196 The Legal Environment in which the OAG and auditees function Specific considerations for public sector auditing The role of INTOSAI 196 198 198 Page 5 INTRODUCTION BLANK Page 6 INTRODUCTION INTRODUCTION TO THE COURSE Stage: Intermediate 1 Subject Title: I1.4 Auditing Aim The aim of this subject is to introduce students to the concepts and principles of the audit process and to develop their understanding of its application in the context of the legal, regulatory and ethical framework of the profession. Auditing as an Integral Part of the Syllabus Auditing is an essential foundation subject for the subsequent study of Audit Practice and Assurance Services at Advanced 2 Stage. It is also an essential component for the study of Advanced Financial reporting at Advanced 2 Stage. In carrying out the audit of an entity’s financial statements there is a critical need to identify the source, and test the treatment of financial statement items (period transactions and year-end balances) and disclosures, to ensure compliance with generally accepted accounting practice. The subjects: Financial Accounting and Financial Reporting will provide students with this necessary knowledge. Introduction to Law, Company Law, Taxation and Information Systems will increase students’ awareness of other matters that an auditor must consider in the audit process. Learning Outcomes On successful completion of this subject students should be able to: • • • • • • • • • • Interpret and discuss the legal, regulatory and ethical framework within which the auditor operates. Differentiate and explain the respective responsibilities of directors and auditors. Explain the nature, purpose and scope of an audit and discuss and defend the role of the auditor. Apply and explain the process relating to the acceptance and retention of professional appointments, to include the purpose and content of engagement letters. Devise an overall audit strategy and develop an audit plan. Supervise and review the various stages of the audit process. Outline the nature of internal controls and the procedures required to evaluate control risk relating to specific accounting systems, in order to identify internal controls and weakness within the systems. Distinguish between Tests of Control and Substantive Procedures. Design and apply the appropriate audit tests to include in the audit programme. Carry out analytical procedures and assess the implications of the outcome. Page 7 INTRODUCTION • • • • • • • • • Explain the significance, purpose and content of management letters and management representations. Explain the distinction between an internal and external audit. Apply and discuss audit sampling. Demonstrate the outcome and implications of subsequent event reviews. Plan and describe the audit of computer information systems. Draw appropriate conclusions leading to the formulation of the auditor’s opinion. Apply and explain the basic component elements of the Auditor’s Report. Identify and analyse matters that impact on the wording of Modified Reports differentiating between matters that do not affect the auditor’s opinion and matters that do affect the auditor’s opinion. Recognise ethical issues, discuss, escalate or resolve these as appropriate within the Institute’s ethical framework, demonstrating integrity, objectivity, independence and professional scepticism. Page 8 INTRODUCTION Syllabus: 1. The Auditor and the Audit Environment • • • • • • 2. Auditor’s Legal, Ethical and Professional Responsibilities • • 3. The Statutory Audit: need, objective, focus, nature and structure. Public interest, expectations, interrelationships between auditor, directors (management) and shareholders and other users of financial statements, including their respective roles and the auditor’s duties to these parties. The Rwandan audit profession and ICPAR: organisation and regulation. International Standards on Auditing (ISAs) and other technical pronouncements issued by APB: nature, formulation, issuance and compliance enforcement. The audit implications of International Accounting Standards (IFRS/IAS): understanding and basis for application. Directors’ responsibilities versus auditor’s responsibilities for financial statements and internal controls; distinction between external and internal audit. Corporate governance. Professional ethical responsibilities: - IFAC Code of Ethics. Statutory responsibilities and rights: - Key responsibilities derived from International Standards on Auditing (ISAs). - Auditor’s responsibility in relation to fraud and for the entity’s compliance with laws and regulations. - Auditor’s responsibilities defined by case law arising from alleged negligence (financial statements misstated) and related exposure and consequences - Pre-appointment procedures: client assessment (including management integrity) and completion of engagement letter. Audit Planning and Supervision • • • • • • • Materiality: nature (quantitative and qualitative), determination, impact and use throughout different phases of the audit. Audit risk and its components (inherent, control and detection risks): interrelationships, evolution as audit progresses and impact on nature, timing and extent of audit work. Audit strategies (risk based auditing, tests of control, substantive procedures, combined procedures, audit around and through computerised systems) and their impact on the conduct of the audit. Knowledge of the entity and its environment: business, risks, management, and accounting systems. Nature, extent and timing of audit procedures in response to assessed risks of material misstatement, sufficient and appropriate audit evidence, types of audit evidence, general audit techniques (enquiry, observation, inspection, analysis, computation, confirmation). Audit planning memo, audit programmes and working papers. Audit supervision and review. Page 9 INTRODUCTION 4. Audit Execution: Internal Control, Assessing Control Risk and Tests of Control • • • • • • • • 5. Entity’s control environment and control procedures, objectives, limitations, attributes. Auditor’s and management’s respective responsibilities. Internal control descriptions (flowcharts, narrative descriptions, walkthroughs) and internal control assessments (ICEs/ICEQs). Broad approach to internal controls, components of internal controls, limitations of internal control. Assessing the Risk of Material Misstatement, Internal Controls assessment and Tests of Control for the following major systems: sales, purchases, payroll, cash receipts and disbursements, inventory. Audit Programmes for Tests of Control. Final Assessment of Control Risk. Management letter reporting and assessment of impact on audit strategy. Audit Execution: Financial Statement Items Substantive Procedures. • • • • • Application of specific substantive procedures to test the following categories of assertions: - Assertions relating to classes of transactions and events; - Assertions relating to account balances; - Assertions relating to presentation and disclosure. Audit of statements of financial position, validation procedures, applied in audit of: - Tangible fixed assets. - Inventory. - Accounts receivable, prepayments & sundry debtors. - Investments and market securities. - Bank and cash balances. - Accounts Payable, accruals & sundry creditors, provisions for liabilities. - Debenture loans and bank borrowings. - Capital and Reserves, Equity. Audit of statements of comprehensive Income account, validation procedures, applied in audit of: - Revenues and expenses. - Sales/purchases. - Wages and salaries. - Other statement of comprehensive income account items. Understanding of IFRS/IAS concerning above items. Misstatements / aggregation / assessment / impact on audit reporting. Page 10 INTRODUCTION 6. Audit Execution: Other Considerations • • • • • • • • 7. Audit Execution: Computer Information Systems (Cis) Auditing • • 8. Sampling methods: decision to use, judgemental versus statistical (MUS) sampling methods for controls and financial statement items, sample selection and assessment. Analytical review: nature and use (financial statements/data) throughout audit. Going concern and its impact throughout the different phases of the audit. Subsequent events. Accounting estimates. Commitments and contingencies. Management representation letters. Use of experts. Entity’s computer systems and controls: - Computer systems: general applications of e-commerce and impact on control and audit work, key computer processes including data organisation and access, network and electronic transfers and transaction processing modes, key computer system hardware and software, including XBRL (eXtensible Business Reporting Language. - Key computer system general controls: design and implementation, data integrity, privacy and security, system program changes, system access and disaster recovery plans. - Key computer system application controls: transactions input, processing and output, master-file changes. Computer Assisted Audit Techniques (CAATs): - Nature (computer software including expert systems and test data), - Purpose (testing, administration), - Application and related audit concerns (integrity and security of CAATs, audit planning considerations). Audit Reporting • • • • • • • Reporting on Audited Financial Statements. Key concepts: opinion, true and fair view, materiality, statutory requirements. Basic elements of the Auditor’s Report. Modified Reports, differentiating between - Matters that do not affect the auditor’s opinion, and - Matters that do affect the auditor’s opinion. Circumstances giving rise to Modified Reports: - Limitations on Scope. - Disagreements with management. Auditor’s responsibility before and after the date of the Auditor’s Report. Auditor’s responsibility for other information in documents (e.g. Annual Report) containing audited financial statements. Page 11 INTRODUCTION 9. Public sector auditing • • • • The role of the OAG The legal environment in which the OAG and auditees function Specific considerations for public sector auditing The role of INTOSAI Page 12 UNIT 1 - INTRODUCTION Study Unit 1 Introduction to Auditing Contents A. Assurance B. Levels of Assurance C. The Audit Function D. Types of Audits E. The Limitations of an Audit F. The need for Regulation G. Methodology of an Audit H. ISA 200 Page 13 UNIT 1 - INTRODUCTION INTRODUCTION There has been a huge growth in information that is available today in all aspects of business. The use of the internet has made access to information relatively easy and more and more information is been required in all areas, not just financial. For example, take a look at the Bank of Kigali annual report. This growth in information has led to a need for assurance as to the quality and reliability of that information so that users can make informed decisions based on the information that is available to them. A. ASSURANCE The International Standards on Auditing (ISA) glossary of terms gives a definition of an assurance engagement as “one in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria.” In practice, this could be an auditor expressing an opinion to the shareholders of a company on a set of financial statements prepared by management as to whether they have been prepared in a true and fair manner in accordance with accounting standards and relevant company law. An audit is a type of assurance engagement. B. LEVELS OF ASSURANCE Various levels of assurance may be given but this depends very much on (1) the individual engagement, (2) the criteria applied and (3) the subject matter. The glossary of terms refers to two types but I will refer to three: • Reasonable level of assurance – subject matter materially conforms to criteria; i.e. accounts give a true and fair view having regard to the accounting standards and law, such as carried out in an audit. This can also be known as a positive expression. • Limited level of assurance – no reason to believe that subject matter does not conform to criteria. Essentially, a negative form of expression. Expect to see this in a review engagement. A review engagement is another type of assurance engagement. • Absolute assurance - Can never be given. There are inherent limitations of an audit that affect the auditor’s ability to detect material misstatements in a set of financial statements. Page 14 UNIT 1 - INTRODUCTION THE AUDIT FUNCTION C. What is an audit? An audit is an exercise, of which the objective is to enable an independent auditor to express an opinion on whether a set of financial statements has been prepared in a true and fair manner and in accordance with an identified financial reporting framework. An audit is an exercise the objective of which is: • • • • to enable an independent auditor to express an opinion, on whether a set of financial statements, are prepared, in a true and fair manner, in accordance with an identified financial reporting framework. Overview of Syllabus and audit Legal & Regulatory environment Ethics Internal controls & financial statements AUDIT Risk Assessment & Audit process D. Reporting Corporate Governance & current issues TYPES OF AUDITS • • • Statutory audits as required by companies’ legislation. Non-statutory audits preferred by interested parties rather than being required by law. For example, charities, societies, public interest companies Small entity audits. A statutory audit is an independent examination of a company’s financial statements in order to verify that the accounts have been prepared in accordance with company law and International Financial Reporting standards (IFRS) . Not all companies however, are required to have an audit. Audit exemption guidelines exist within certain jurisdictions. Page 15 UNIT 1 - INTRODUCTION Small companies depending on the jurisdiction could possibly avail of the audit exemption because: • • • • The cost may outweigh the benefit. Small companies are generally owner managers, so no distinction between shareholders and managers. Many small companies lack a system of internal controls. Their use of basic books of record. However, small companies can opt to have an audit carried out specifically where the potential users of financial statements may expect it. There are arguments for and against small company audits. For Reassurance given by audited accounts for shareholders not involved in management. Audited accounts provide a good indication of a fair valuation for shares particularly unquoted shares. An audit provides management with an independent check on the accuracy of their financial statements. Also, some auditors do provide decent management letters. Employees can gain comfort from audited accounts as to their job security and for wage negotiations. Bank managers often rely on audited accounts when reviewing security in the event of granting a loan. Suppliers can gain assurance from audited accounts when giving credit to customers. Revenue can rely on audited accounts to back up tax returns. E. Against Where shareholders are part of management, the whole audit exercise may not appear to be value for money. In reality, a more focused systems review or similar consultancy report would be of more benefit to management. In reality, I don’t think this actually happens. More importantly though, a bank manager may want to see a good credit history in a company’s transactions with the bank. On the contrary, the accounts might be out of date and the customer could be experiencing difficulties. Might be more appropriate to get relevant credit references. In reality, revenue accepts sets of accounts prepared by independent accountants. THE LIMITATIONS OF AN AUDIT • • Not every item is checked. In fact, only test checks are carried out by auditors. It would be impractical to examine all items within a class of transactions or account balance. Hence, it is not really possible to give absolute assurance. Auditors depend on representations from management and staff. Collusion can mitigate some good controls such as division of duties. There is always the possibility of collusion or misrepresentation for fraudulent purposes. Page 16 UNIT 1 - INTRODUCTION • • • • Evidence gathered is persuasive rather than conclusive. It often indicates what is probable rather than what is certain. Take for example vouching a bank statement. It only shows you that one account. Are there others? Auditing is not purely an objective exercise. Judgements have to be made in a number of areas. The view in financial statements is itself based on a combination of fact and judgement. For example, valuing stock in a grain silo or valuing jewellery. The timing of an audit. Significant credit notes after the year-end can alter a true and fair view. Problems arise whether you audit too early or too late. An unqualified audit opinion is not a guarantee of a company’s future viability, the effectiveness and efficiency of management, nor that fraud has not occurred in the company. Profit margins can differ from firm to firm yet both could have a clean audit report. So are there any benefits of an audit? Yes, there are. • • • • • F. The shareholders of a company are given an independent opinion as to the true and fair view of the accounts that have been prepared by management. The use made by third parties such as suppliers and banks of the accounts as confidence in the performance of a company. Auditors themselves can use the knowledge accumulated during the course of the audit to provide additional services to the company such as the provision of consultancy services or a management letter showing weaknesses in the business and recommendations to alleviate such weaknesses in the future. While not responsible for detecting fraud, the very fact that an audit is carried out and may uncover evidence of fraud, can help to mitigate against such risks. Managers in some firms may be removed from day to day transactions especially regarding remote locations and an audit can allay fears of fraud or simple bad bookkeeping THE NEED FOR REGULATION Where there is reduced confidence in the markets and this leads to business failure, this in turn leads to instability. As a result there is increased demand for regulation. There has been regulation in the markets since the introduction of the concept of limited liability. The requirement for audited financial statements is a way to protect the owners of a business from unscrupulous management and also prevent the abuse of the limited liability status. Standards used are a form of self-regulation. Company law is regulation, where selfregulation doesn’t appear to be working. Enron raised serious questions about self- regulation. In response the Sarbanes-Oxley Act of 2002 was passed in the USA. This set up improved corporate governance including Page 17 UNIT 1 - INTRODUCTION enhanced internal controls and improved levels of auditor independence. This has led to attempts to strengthen regulation in a number of other countries too. The conduct of audits is covered by: 1. A code of ethics 2. International Standards on Auditing 3. Company Law. In addition, Auditors are regulated by a number of different bodies, for example: • • • The International Auditing and assurance standards board (IAASB) The Government Professional Accountancy bodies such as ICPAR G. METHODOLOGY OF AN AUDIT 1. Determine the scope and the audit approach. Legislation and the auditing standards lay down the scope for statutory audits. An auditor should prepare a plan for his audit. 2. Ascertain the system and controls. Discuss the accounting system and the flow of documents with all the relevant personnel in the company. Document all your notes. Some auditors do flow charts, narrative notes and/or internal control questionnaires. Get to know the client’s business. Confirm that you have recorded the system accurately by carrying out walkthrough tests. 3. Assess the system and internal controls. Evaluate the system as it is, to weigh up its reliability and draw up a plan to test its effectiveness. At this stage you could draw up a letter to management recommending any improvements you consider from your findings. In addition, what you have learned here may influence the type of further audit testing you may carry out later on. 4. Test the system and internal controls. Above, you evaluated the controls that are in place. Now you need to test that they were effective, Compliance tests will cover many more transactions than the walkthrough tests. You need to carry out a representative sample through the accounting period. If you can establish that the controls are indeed effective, you can reduce the amount of detailed testing later on. However, if the controls turn out to be ineffective, then more substantive tests will need to be carried out. 5. Test the financial statements. This section covers the substantive testing which has been described earlier. You are effectively trying to stand over the figures in the financial statements. Substantive tests are audit procedures performed to detect material misstatements. Remember, if you think Page 18 UNIT 1 - INTRODUCTION that any error you might find in a class of transactions will not be significant, then there is little point carrying out the substantive test. 6. Review the financial statements. After all the testing has been done and the evidence gathered, you should review the accounts as to their overall reliability making a critical analysis of the content and presentation. 7. Express an opinion. You need to evaluate all the evidence you have gathered and express an opinion on a set of accounts by way of a written audit report. You may, in addition, write a management letter which can set out improvements you recommend or to place on record specific points in connection with the audit. H. ISA 200 ISA 200 International standards on auditing) 200: objective and general principles governing an audit of financial statements sets out what audits are all about. • The auditor should comply with the code of ethics for professional accountants issued by the International Federation of Accountants (IFAC) and the ethical pronouncements issued by the auditor’s relevant professional body. • The auditor should conduct an audit in accordance with International Standards of Auditing and should plan and perform an audit with an attitude of professional scepticism. • ISA 200 also makes a very important point in that while the auditor is responsible for forming and expressing an opinion on the financial statements, the responsibility for preparing and presenting those financial statements lies with the management. • Furthermore, the auditor does not have any responsibility with regard to the prevention and detection of fraud. Again, that lies with the management. Page 19 UNIT 2 – THE AUDITOR AND THE AUDIT ENVIRONMENT BLANK Page 20 UNIT 2 – THE AUDITOR AND THE AUDIT ENVIRONMENT Study Unit 2 The Auditor and the Audit Environment Contents A. Audit Opinion B. Role of the Auditor C. Relationships & Responsibilities D. The Audit Profession E. International Standards on Auditing F. Corporate Governance G. Codes of Best Practice Page 21 UNIT 2 – THE AUDITOR AND THE AUDIT ENVIRONMENT THE AUDITOR AND THE AUDIT ENVIRONMENT The Statutory Audit The Companies Acts depending on the applicable jurisdiction shall require that the majority of all companies must have an audit carried out. An exemption exists for small companies depending on the applicable jurisdiction. In addition to qualifying as a small company the following would need consideration depending on the applicable jurisdiction: • • • • A. Company must be a private company Company must not be a bank or insurance entity Company must not be part of a group All filing requirements within the applicable jurisdiction are kept up to date. AUDIT OPINION The objective of an audit is for an independent auditor to express an opinion on a set of financial statements. The key opinion is whether the accounts give a true and fair view. Unfortunately, there is no formal definition as it is not laid out in Company law. However, it is generally accepted that a set of accounts can only give a true and fair view if they are not factually incorrect and present information in an impartial way that is clearly understood by the reader. It could also be argued that in order to ensure that a set of accounts gives a true and fair view, an auditor should have regard for Company Law and Accounting Standards pertaining to those financial statements and that he himself has carried out the audit in accordance with the relevant regulatory pronouncements, codes of ethics and Auditing Standards. Aside from the key opinion, there are a number of other issues that the auditor needs to report on and these should be laid out by the companies’ acts. These are matters of opinion and matters of fact. Matters of opinion: 1. Have proper accounting records been kept? 2. Is the information in the directors’ report consistent with that given in the financial statements? 3. Does a financial situation exist which may require an Special Meeting? 4. Have the accounts been prepared in accordance with the provisions of the companies’ acts? Page 22 UNIT 2 – THE AUDITOR AND THE AUDIT ENVIRONMENT Matters of fact: 1. Has the auditor received all the information and explanations he deems necessary for the purposes of his audit? 2. Do the financial statements agree with the books of account? The statutory audit opinion is given by way of a written standard audit report addressed to the shareholders of a company. The report should be signed and dated by the auditor. B. THE ROLE OF THE AUDITOR The auditor is the independent person that gives his opinion on a set of financial statements. He does not provide absolute assurance. In other words he does not say the “accounts are correct”. Audits have their limitations. However, this is often misunderstood by users of accounts who seem to wrongly accuse the auditor of shortcomings especially where there are infamous business failures or perceived wrong doing. This is known as the “expectation gap”. The expectation gap exists because the role and duties of the auditor which are recommended to be laid out by the companies acts, codes of ethics and auditing standard could be different from the perceived role of the auditor by the general public and even company directors themselves. For example, it is believed that the auditor should find all errors whether unintentional or intentional such as fraud. C. RELATIONSHIPS AND RESPONSIBILITIES There are a number of stakeholders interested in financial statements from the shareholders to management, customers to suppliers, revenue authorities to bank managers, and even future investors. The audit report is prepared by the auditor for the shareholders on the actions of the management (directors). The auditor has no legal duty to report to management or anyone else in respect of the financial statements. However, in practice other parties do read the audit report and often rely on the assurance given by the auditors. Key issues: • Management are responsible for the preparation and presentation of the accounts • Management are responsible for the prevention and detection of fraud within a company Page 23 UNIT 2 – THE AUDITOR AND THE AUDIT ENVIRONMENT • Management are responsible for safeguarding the assets of a company • The auditor is responsible for expressing an opinion on a set of accounts prepared by management. D. THE AUDIT PROFESSION Depending on the jurisdiction it would be recommended to set up an Accounting Supervisory Authority together with an Auditing Authority. Its role would be to supervise the practice of auditing and accounting in the relevant country. Previously, each professional accounting body supervised their own members, however more recently Independent Supervisory Authorities are being established in countries e.g. in Ireland (IAASA) The main functions of an Auditing and Accounting Supervisory Authority would be: • • • To supervise how each body regulates its own members To promote adherence to the highest possible professional standards To monitor the accounts of companies to ensure compliance with companies legislation. Each professional body will regulate and monitor its own members. Each body will issue its own code of ethics. By and large the codes of ethics are very similar. Persons carrying out audits must have the permission of the relevant authorities. It is strongly recommended that all auditors have to be registered. Members of recognised bodies such as CPA, ACCA and Chartered Accountants are registered auditors if they have practising and auditing certificates from their respective bodies. The Institute of Certified Public Accountants of Rwanda (ICPAR) is the Professional Accountancy Organization (PAO) mandated by law number 11/2008 to regulate the Accounting profession in the Republic of Rwanda. ICPAR is the only authorized by law to register and grant practising certificates to Certified Public Accountants (CPAs) in Rwanda. Certified Public Accountant Certificate holders that are registered as members of ICPAR are entitled to the CPA( R ) designation. The Institute operates in the public interest including promotion of financial reporting, auditing and ethical standards. The practising audit firms in Rwanda are very small in size and need capacity building with respect to quality of audit. Page 24 UNIT 2 – THE AUDITOR AND THE AUDIT ENVIRONMENT E. INTERNATIONAL STANDARDS ON AUDITING Readers of information need assurance as to the reliability of that information. In addition, they will want to know that this reliability will not vary from one set of company accounts to another. In order to ensure this, an auditor audits a set of accounts in accordance with common standards. There is a need then for auditors to be regulated so that all auditors follow the same standards. One of the main points of IAS200 (objective and general principles governing an audit of financial statements) is that auditors must follow the international standards of auditing in the exercise of an audit. The International standards of auditing (ISAs) are produced by the International Auditing and Assurance Standards Board (IAASB), which is part of the International Federation of Accountants (IFAC). The IFAC is a global organisation for the accounting profession. The intention is that the standards issued will improve the degree of uniformity of auditing practices, both in a standardised approach to the audit and a standard reporting format. Only in exceptional circumstances, can an auditor judge if it is necessary to depart from an auditing standard in order to achieve the objective of an audit. The auditor would need to be able to justify his actions. ISAs need only be applied to material matters. What is material is not defined in law but it is generally accepted that something is material if its omission or misstatement could influence the economic decisions of users of financial statements. Materiality can be based on value, e.g. large amounts are more likely to be material than small ones, though sometimes they may also be material by nature, for example if it exposes inappropriate decision-making within an organisation possibly based on favouritism or personal bias. ISAs are mandatory in some jurisdictions for the audit of company’s accounts. Setting Standards - The Process: • • • • • • The IAASB identifies new developments, The IAASB appoints a task force to draft a standard, Consultation takes place, An “exposure draft” is produced, essentially a draft standard issued welcoming comments from the profession and any other interested party, The taskforce considers comments and may make amendments, The Standard is finalised and formally approved by the IAASB. Page 25 UNIT 2 – THE AUDITOR AND THE AUDIT ENVIRONMENT International standards of Auditing ISA 200 ISA 210 ISA 220 ISA 230 ISA 240 ISA 250 ISA 260 ISA 265 ISA 300 ISA 315 ISA 320 ISA 330 ISA 402 ISA 450 ISA 500 ISA 501 ISA 505 ISA 510 ISA 520 ISA 530 ISA 540 ISA 545 ISA 550 ISA 560 ISA 570 ISA 580 ISA 600 ISA 610 ISA 620 ISA 700 ISA 705 ISA 706 ISA 710 ISA 720 Glossary of terms ISQC 1 Objective and general principles governing an audit of financial statements Terms of audit engagements Quality control for audits of historical financial information (Revised) Audit Documentation The auditor's responsibility to consider fraud in an audit of financial statements Consideration of laws and regulations in an audit of financial statements Communication of audit matters with those charged with governance Communicating deficiencies in internal control to those charged with governance Planning an audit of financial statements Obtaining an understanding of the entity and its environment and assessing the risks of material misstatement Audit materiality The auditor's procedures in response to assessed risks Audit considerations relating to entities using service organisations Evaluation of misstatements identified during the audit Audit evidence Audit evidence - additional considerations for specific items External confirmations Initial engagements - opening balances and continuing engagements - opening balances Analytical procedures Audit sampling and other means of testing Audit of accounting estimates Auditing fair value measurements and disclosures Related parties Subsequent events Going concern Management Representations Using the work of another auditor Considering the work of internal audit Using the work of an expert The auditor's report on financial statements Modifications to opinions in the Independent Auditor’s Report Emphasis of matter paragraphs and other matter paragraphs in the Independent Auditor’s Report Comparatives (Revised) Section A - Other Information in Documents Containing Audited Financial Statements; Section B - The Auditor's Statutory Reporting Responsibility in Relation to Directors’ reports Page 26 UNIT 2 – THE AUDITOR AND THE AUDIT ENVIRONMENT International Accounting Standards, International Financial Reporting Standards and International Public Sector Accounting Standards) The auditor needs to express an opinion on a set of accounts as to whether they give a true and fair view. In order to give a true and fair view, a set of accounts should have regard for the provisions of company law and international accounting standards. Private sector standards are known as International Financial Reporting Standards (IFRSs). There are public sector equivalents, largely based on the IFRSs, known as International Public Sector Accounting Standards (IPSASs). The IFRSs are shown below (older Standards which have not been replaced by a more recent IFRS are still called International Accounting Standards (IASs). The private sector Standards in issue are shown below: IAS 1 IAS 2 IAS 7 IAS 8 IAS 10 IAS 11 IAS 12 IAS 16 IAS 17 IAS 18 IAS 19 IAS 20 IAS 21 IAS 23 IAS 24 IAS 26 IAS 27 IAS 28 IAS 31 IAS 32 IAS 33 IAS 34 IAS 36 IAS 37 IAS 38 IAS 39 IAS 40 IAS 41 IFRS 1 IFRS 2 IFRS 3 Presentation of Financial Statements Inventories Statement of Cash Flows Accounting Policies, changes in Accounting Estimates and Errors Events After the Reporting Period Construction contracts Income Taxes Property, Plant and Equipment Leases Revenue Employee Benefits Accounting of Government Grants and Disclosure of Assistance The Effects of Changes in Foreign Exchange Rates Borrowing Costs Related Party Disclosures Accounting and Reporting by Retirement Benefit Plans Consolidated and Separate Financial Statements Investments in Associates Interests in Joint Ventures Financial Instruments: Presentation Earnings per Share Interim Financial Reporting Impairment of Assets Provisions, Contingent Liabilities and Contingent Assets Intangible Assets Financial Instruments: Recognition and Measurement Investment Property Agriculture First Time Adoption of International Financial Reporting Standards Share - Based Payment Business Combinations Page 27 UNIT 2 – THE AUDITOR AND THE AUDIT ENVIRONMENT IFRS 5 Non-current Assets Held for Sale and Discontinued Operations IFRS 7 Financial Instruments: Disclosures IFRS 8 Operating Segments F. CORPORATE GOVERNANCE A string of high profile scandals and frauds in the 1980’s and the 1990’s forced the adoption of voluntary codes of best practice in many countries (for example the UK) to enforce good practice by directors and to communicate the adherence to good practice by management to the shareholders. These Codes could be applied globally. It was vital that companies were managed well i.e. there was good corporate governance. It would be recommended to bring in many aspects of good corporate governance into company law. For example: The Cadbury report defines Corporate Governance as: “The system by which companies are directed and controlled”. Why is good corporate governance important? Shareholders and managers are usually separate in a company and it is important that the management of a company deals fairly with the investment made by the owners. Corporate governance is about ensuring that public companies are managed effectively for the benefit of the company and its shareholders. In smaller companies, generally, shareholders are fully informed about the management of the business as they are the directors themselves. However, in large companies the day to day running of a company is the responsibility of the directors. Shareholders only get a lookin at the Annual Meeting. In addition, auditors only report on the truth and fairness of financial statements. They do not report on how the shareholders’ investment is being managed and whether their investment is subject to fraud. Why does the need for good corporate governance come about? • Unscrupulous management ignoring distinction between company’s money and their own, • Management manipulating share price for personal gain, Page 28 UNIT 2 – THE AUDITOR AND THE AUDIT ENVIRONMENT • Management disguising poor results and mismanagement, • • Management extracting funds from company and raising finance fraudulently. Management inefficiencies in decision-making and internal control systems (these might not be deliberate but are still problematic for shareholders) Authority Good corporate governance can be enforced by law (Sarbanes Oxley in the US) and/or by agreement through codes of best practice. So what does good corporate governance entail? • • • • • • • G. Effective management Support /oversight of management by non-exec directors with sufficient experience Fair appraisal of performance Fair remuneration and benefits Fair financial reporting Sound systems of internal control Constructive relationship with directors CODES OF BEST PRACTICE Two prominent codes have been formed in the UK and are considered best practice in modern times and could be applied internationally. For example: The Rwandan Stock Exchange commenced operations in January 2008 and has presently four listed companies, namely:1. 2. 3. 4. Balirwa KCB NMG BOK In Rwanda these codes could be applied as “Codes of Best Practice” • The Cadbury report • The Combined code The Cadbury Report The Cadbury report was issued in 1992. Its terms of reference considered: • The responsibilities of executive and non-executive directors and the frequency, clarity and form in which information should be provided to shareholders. Page 29 UNIT 2 – THE AUDITOR AND THE AUDIT ENVIRONMENT • The case for audit committees, their composition and role. • The responsibilities of auditors and the extent and value of the audit. • The links between auditors, shareholders and the directors. The Cadbury report was aimed at directors of all UK PLCs, however directors of all companies are encouraged to apply the code. Directors should state in the financial statements, normally through the director’s report, whether they comply with the code and must give any reasons for non-compliance. The Cadbury report covered a number of areas including the board of directors, nonexecutive directors, executive directors and the audit function. Some of the provisions include: Board of Directors • They should meet on a regular basis. • They should have clearly accepted divisions of responsibilities, so no one person has complete power. • The posts of chairman and CEO should be separate. • Decisions which require a single signature or several signatures need to be laid out in a formal schedule and procedures must be put in place to ensure that the schedule is followed. Non-executive directors • They are not involved in the day to day running of the company and should bring their independent judgment to bear in the affairs of the company. Such affairs may include key appointments and standards of conduct. • There should be no business or financial connection between the company and the nonexecutive directors other than fees and a shareholding. • Their fees should reflect the time they spend on the business. • They should not participate in share option schemes or pension schemes. • Appointments of non-executive directors should be for a specific term and automatic re-appointment is discouraged. • Procedures should exist whereby they may take independent advice. • A remuneration committee consisting of non-executive directors should decide on the level of pay for executive directors. Executive directors • They run the company on a day to day basis and should have service contracts in place of not more than three years in length, unless approved by the shareholders. • Directors’ emoluments should be fully disclosed in the accounts and should be analysed between salary and performance based pay. Page 30 UNIT 2 – THE AUDITOR AND THE AUDIT ENVIRONMENT Audit • The code states that the audit is the cornerstone of corporate governance. It is an objective and external check on the stewardship of management. • Some flaws exist in the framework for auditing, such as choices in accounting treatments, poor links between shareholders and auditors, price competition between audit firms and the “expectations gap” between auditors and the public. • Disclosing fees for audit in the financial statements should safeguard against the threat of objectivity where auditors offer other services to their audit clients. • Formal guidelines concerning audit rotation should be drawn up by the accounting profession. • The accountancy profession should be involved in setting criteria for the evaluation of internal control. • There is a need for auditors to report on going concern. This is now reflected in auditing standards. The Combined Code For example the UK stock exchange issues guidance on a regular basis. In 1998 it issued the combined code. This combined key guidance from various reports including the Cadbury report into the one code. Some of its principles included which can be adopted globally are: • • • • • • • • • • • • • • Every company should have an effective board. There should be clear divisions of responsibilities at board level. There should be an appropriate balance of executive and non-executive directors. A formal procedure for appointments to the board should exist. The board should receive timely information in order to discharge its duties. All directors should maintain and upgrade their skills and knowledge. There should be an annual evaluation of its own performance. All directors should be submitted to re-election at appropriate time intervals. There should be appropriate levels of remuneration that are sufficient to attract, retain and motivate individuals of the necessary quality required. A significant portion of pay should be performance related. A formal procedure for the fixing of pay levels should exist and no director should have a hand in fixing his/her own pay. The board should present a balanced assessment of the company’s performance. The board should implement a good system of internal control. The board should have meaningful communication with the shareholders and should use the Annual Meeting to communicate with investors. For example, the UK Stock exchange rules require that the annual report includes a statement of how a company has applied the principles of the combined code and must disclose whether there has been compliance with those principles. Auditors should review this statement. Page 31 UNIT 2 – THE AUDITOR AND THE AUDIT ENVIRONMENT Although the UK stock exchange rules require the code to be complied with, there is no statutory duty for companies to do so. It is in fact a voluntary code. This allows for flexibility in its application although shareholders will be aware of the position due to the disclosure requirements. In addition, being a voluntary code allows companies to opt out to the detriment of their shareholders and there are companies while unlisted companies should be encouraged to apply the codes. Making the code obligatory may create an excessive burden of requirement especially for smaller companies. Audit Committees Audit committees are generally made up of non-executive directors. They are perceived to increase confidence in financial reports. A number of recommendations contained in the combined code are: • Audit committee should comprise at least three non-executive directors (two for smaller companies). • Its main role and responsibilities should be clearly set out in written terms of reference. • The committee should be provided with sufficient resources to undertake its duties. Role and responsibilities • To monitor the integrity of the financial statements and other formal announcements. • To review the internal financial controls and the company’s control and risk management systems. • To monitor and review the effectiveness of the internal audit function. • To make recommendations regarding the appointment of external auditors and their remuneration. • To monitor and review the external auditor’s independence and objectivity. • To develop and implement policy on the engagement of the external auditor in other non-assurance services. Advantages of an audit committee • Provides an independent point of contact for the external auditor, particularly in the event of disagreements. • Can create a climate of discipline and control. Page 32 UNIT 2 – THE AUDITOR AND THE AUDIT ENVIRONMENT • Increased confidence in the credibility and objectivity of financial reports, by increasing the quality of the financial reporting and enabling the non-executive directors to contribute an independent judgment. • Internal auditors can report directly to the committee thereby providing a greater degree of independence from management. • The existence of such a committee should make the executive directors more aware of their duties and responsibilities. • Can act as a deterrent to fraud or illegal acts by executive directors. Disadvantages of an audit committee • Can be difficult to source sufficient non-executive directors with the necessary competence to be effective. • Auditors may not raise issues of judgment where there are formalised reporting procedures. • Costs may increase. • Findings are generally not made public, so it is not always clear what they actually do. Internal control effectiveness Internal control is an essential tool in having good corporate governance and impacts significantly on the audit approach that might be taken. The directors of a company are responsible for putting in place an effective system of internal control. An effective system of internal control will help management safeguard the assets of a company, prevent and detect fraud and therefore, safeguard the shareholders’ investment. In addition, it helps ensure reliability of reporting and compliance with laws. The use of the word ‘help’ denotes the fact that there are inherent limitations in any system of internal controls and as such there can be no such thing as absolute assurance. The directors need to set up internal control procedures and need to monitor these to ensure that they are operating effectively. The system of internal control will reflect the control environment which depends a lot on the attitude of the directors towards risk. The combined code recommends that the board of directors report on their review of internal controls. This assessment should cover the changes in risks which the company faces and its ability to respond to these changes, the scope and quality of management’s monitoring of risk and internal control and the extent and frequency of reports to the board. It should also assess the significant controls, failings and weaknesses that might have a material impact on the accounts. Page 33 UNIT 2 – THE AUDITOR AND THE AUDIT ENVIRONMENT Auditors should assess the review carried out by the directors. They should assess whether the company’s summary of the process of review is supported by documentation prepared by the directors and that it reflects that process. This review is not as defined as an audit. Therefore, it is only possible to give limited assurance. For this reason, the auditors are not expected to assess whether the director’s review covers all risks and controls and whether the risks are satisfactorily addressed by the internal controls. In order to avoid any misunderstandings, a paragraph is inserted into the audit report setting out the scope of the auditor’s role. Auditors should bring to the attention of directors any material weaknesses they find in the system of internal control. In order to monitor and assess the system of internal controls as to their reliability and effective operation, a company may set up an internal audit department to carry out the internal audit function. There are significant differences between the external audit and internal audit functions. 1. An internal auditor is an employee of the company. Therefore, under applicable company law, the internal auditor is precluded from acting as the external auditor of a company. 2. External auditors are required by appropriate laws to belong to a recognised body, which guarantees their appropriate qualification, adherence to technical standards and overall competence. The internal auditor on the other hand requires no formal training. 3. Unlike the external auditors, who are appointed at the Annual Meeting by the shareholders of a company, the internal auditor is hired by the management of the company. In turn this means he can be dismissed by the directors or other senior managers, subject only to normal employment rights. 4. The primary objective of the external auditor is laid down by the applicable companies’ acts, whereas the internal auditor’s objectives are dictated by the management of the company. As a result, management can place limitations on the scope of the internal auditor’s work. While some of his work may be similar to that of the external auditor, more of it could relate to areas such as value for money. Page 34 UNIT 3 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 1 Study Unit 3 Auditors Legal, Ethical & Professional Responsibilities – Part 1 Contents A. Professional & Ethical Responsibilities B. Statutory Responsibilities & Rights C. Appointment of Auditors D. Resignation & Removal of Auditors E. Auditors Duties & Rights I1.4 Auditing Page 35 UNIT 3 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 1 AUDITOR’S LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES PART 1 A. PROFESSIONAL AND ETHICAL RESPONSIBILTIES ISA 200 sets out the general principles of an audit. The auditor should comply with the code of ethics for professional accountants issued by the International Federation of Accountants. Accountants require ethics because people rely on them for their expertise in specific areas. Both the International Federation of Accountants (IFAC) and the Institute of Certified Public Accountants of Rwanda (ICPAR) have issued a code of ethics of which the fundamental principles of both associations are very similar. Both identify• Fundamental principles of ethical behaviour • Potential threats to those principles • Possible safeguards to counter those threats. If the code of ethics is contravened, members may face disciplinary proceedings which could result in a fine, censorship, suspension or withdrawal of membership and with it possibly the right to practice. The fundamental principles are as follows: • Integrity. A member should be straightforward and honest in all professional and business relationships. • Objectivity. A member should not allow bias, conflict of interest or undue influence of others to override professional or business judgements. • Professional competence and due care. A member has a continuing duty to maintain professional knowledge and skill at the level required to ensure that a client or employer receives competent professional service. If you are not up to the task, you shouldn’t take it on. • Confidentiality. A member should respect the confidentiality of information acquired as a result of professional and business relationships and should not disclose any such information to third parties without proper and specific authority unless there is a legal or professional right or duty to disclose. Any information acquired should not be used for the personal advantage of the member or third parties. • Professional behaviour. A member should comply with relevant laws and regulations and should avoid any action that discredits the profession. I1.4 Auditing Page 36 UNIT 3 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 1 The circumstances in which members operate may give rise to specific threats to compliance with the fundamental principles. However, it is impossible to define every situation that creates such threats and to specify the appropriate mitigating action. The Institute of Certified Public Accountants of Rwanda ( ICPAR) conceptual framework requires each member to identify, evaluate and address threats to compliance. ICPAR – Code of Ethics – Part A 100.2 If the threats are significant, then you need to identify and apply safeguards to eliminate the risk or to reduce it to an acceptable manner. If no appropriate safeguards are available, then you need to eliminate the activities causing the threat or decline the engagement or discontinue it as the case may be. It would be recommended to follow the relevant ethical pronouncements which the International Federation of Accountants (IFAC) outlines together with the auditor’s relevant professional body. ETHICAL STANDARDS 1. 2. 3. 4. 5. Integrity, Objectivity and Independence Financial, business, employment and personal relationships Long association with the audit engagement Fees, remuneration and evaluation policies, litigation, gifts and hospitality Non-Assurance Services provided to an Assurance Client Integrity, Objectivity and Independence An auditor should establish documented policies and procedures designed to ensure that in relation to each audit engagement, the audit firm and anyone in a position to influence the conduct and outcome of the audit should act with integrity, objectivity and independence. The leadership of the audit firm should take responsibility for establishing a good control environment within the firm. Independence needs to be considered at all stages of the audit process. The audit partner should ensure that the directors of an entity are informed of all matters that affect an auditor’s objectivity and independence. An auditor needs to be, and seen to be, independent. They must have independence of mind and independence in appearance. It is a fundamental principle. Independence is a state of mind that permits the provision of an opinion without being affected by influences that compromise professional judgement, allows an individual to act with integrity and exercises objectivity and professional judgement. I1.4 Auditing Page 37 UNIT 3 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 1 An auditor needs to avoid facts and circumstance that are so significant that a reasonable and informed third party would reasonably conclude an auditor’s integrity, objectivity or professional scepticism had been compromised. Public confidence in the operation of capital markets and in the conduct of public interest entities depends upon the credibility of the opinions and reports issued by auditors. What are the possible threats to independence? Integrity, objectivity and independence are the principal types of threats. • Self- interest. A financial interest in a client, undue dependence on fees, close business relationship, concern over losing a client, potential employment with client or loans from client; anything which may cause the auditor to be reluctant to make decisions during an audit. • Self -review. Reporting on the operation of financial systems after you were involved in their design and implementation. Preparation of the accounts which are now being audited. • Management threat. Making judgements and taking decisions which are the responsibility of management, such as changing journal entries, approving transactions or preparing source documents. This can be linked to self- review. • Advocacy. Acting as a legal advocate for a client in litigation or promoting shares in the company. • Familiarity. Allowing close personal relationships to develop with client personnel through long association or a family relationship. The auditor may not be sufficiently questioning of the client point of view. Accepting gifts of significant value is also a sign of excessive familiarity. • Intimidation. Threat of replacement due to disagreement, perhaps you want to qualify the accounts. Possible Safeguards to independence Safeguards that may eliminate or reduce threats to an acceptable level fall into two general categories: 1. Safeguards created by the profession, legislation or regulation and 2. Safeguards in the work environment whether within the auditor’s own systems and procedures or within the client company. I1.4 Auditing Page 38 UNIT 3 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 1 The first category includes: • • • • • Educational, training and experience requirements for entry into the profession. The existence of a clear and robust Code of Ethics Continuing professional development requirements. Corporate governance regulations and Professional standards. Professional or regulatory monitoring and disciplinary procedures. The second category would include for example: Firm wide safeguards • • • • • • Documented policies and procedures to implement and monitor quality control of engagements. Documented policies regarding identification of threats, their evaluation and application of safeguards. Policies and procedures to enable identification of interests and relationships between auditor and client. Monitoring the fee income received. Timely communication of a firm’s policies and procedures to all staff and appropriate training thereof. A suitable disciplinary mechanism to promote compliance with policies. Possible Engagement specific safeguards • • • • Involving an additional professional accountant to review the work done. Consulting independent third parties. Disclosing the nature of services provided and extent of fees charged to those charged with client governance. Rotating senior audit team personnel. Possible Safeguards within client systems and procedures • • • Persons other than management ratify auditor appointment. Client has competent employees with experience to make decisions. The client has a corporate governance structure that provides appropriate oversight and communications regarding the firm’s service. International standard on quality control (ISQC 1) sets out the standards and provides guidance regarding a firm’s responsibilities for its system of quality control for audits. • The firm should establish a system of quality control designed to provide it with reasonable assurance that the firm and its personnel comply with professional standards and regulatory and legal requirements. I1.4 Auditing Page 39 UNIT 3 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 1 • • The firm’s system of quality control should include policies and procedures addressing elements such as leadership responsibilities, ethical requirements, acceptance and continuance of client engagements, human resources, engagement performance and monitoring. The quality control policies and procedures should be documented and communicated to the firm’s personnel. Confidentiality There is a duty of confidence to the client. Confidentiality ensures that all information necessary for the audit is given to the auditor. However, there are several exceptions noted. The principle is twofold. One, you should refrain from disclosing any information acquired without proper authority to do so unless there exists a legal or professional right or duty to disclose. Secondly, you should refrain from using any information acquired for your own personal advantage or that of a third party. A member should maintain confidentiality even in a social environment and even needs to comply with the principle even after the end of the professional relationship. Exceptions when members may be required to disclose: • Disclosure permitted by law and authorised by client. • Disclosure by applicable law e.g. production of documents during course of legal proceedings or disclosure to appropriate public authorities of infringements of law that have come to light - EG: money laundering, Theft and Fraud Offences and a Duty to report where books of account have not been kept. • Professional duty or right to disclose when not prohibited by law, such as to comply with quality assurance reviews, to respond to an inquiry by an institute, to protect the professional interests of a member in legal proceedings or to comply with technical standards and ethics. Under ISA 250 consideration of laws and regulations in an audit of financial statements, if auditors become aware of a suspected or actual occurrence of non-compliance with law and regulation which give rise to a statutory right or duty to report, they should report it to the proper authority immediately. I1.4 Auditing Page 40 UNIT 3 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 1 Areas of controversy Independence • Multiple services Many audit firms are moving away from their traditional roles and are offering a wider variety of work to their clients. Audit is sometimes even seen as a loss leader in gaining other lucrative work. Having more legislation in this area could restrict clients and limit opportunities for further business and any synergies found in the auditor also providing additional services would be lost. Note, in the USA, SEC guidance suggests that an auditor is not independent in relation to a listed company if they provide certain non-assurance services, such as bookkeeping, internal audit, management or human resources functions. • Specialist services Services such as valuation of intangible assets, property or unquoted investments were carried out by a firm who are also a company’s auditors can lead to a self- review threat. A firm should not therefore audit a client’s accounts which include specialist work carried out by them. • Second opinions Second opinions are acceptable but not if the current auditors are pressurised to accept the second opinion. In order to avoid this, there should be constant communication between the two auditors. The second firm has a duty to seek permission to approach the current auditors from the client. Without such communication, the second opinion may be formed negligently, as the second opinion may not be based on the same set of facts or is based on inadequate evidence. Confidentiality • Conflicts of interest Conflicts of interest can arise when a firm has two or more audit clients, and the clients are in direct competition with each other e.g. major banks. An audit firm can argue that different audit teams are involved and this can maintain independence and confidentiality. However, clients may not perceive it this way and could well move the audit to another firm. Takeovers also need special consideration. You could be the auditor to both companies in a takeover. In these cases, the auditor should not be the principal I1.4 Auditing Page 41 UNIT 3 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 1 advisors to either and should not issue any assessment reports on either party other than the actual audit reports. • The public interest There is no legal definition and therefore ‘public interest’ is difficult to prove. Therefore, the auditor should be very careful here as any disclosure causing loss could result in litigation. Seek legal advice at all times. • Insider dealing Auditors can be seen as insiders as they often have access to very sensitive information. Auditors should see the duty not to deal as an insider as an extension of their duty of confidentiality to their clients. Again, it is not just in relation to third parties but also to their own personal gain. Financial, business, employment and personal relationships Any partner in a position to influence a client audit should not have a financial interest in that client and should not generally have any financial dealings other than those considered to be at arm’s length and such dealings should not be material in value to either party involved. As long as family members are not in a position of influence in relation to the accounting records or the financial statements, the threat to independence and objectivity would not be considered significant where a family member was employed in an audit client. An audit firm must resign for at least 2 years where a former audit partner takes up a senior position within an audit client. Long association with the audit engagement Long association can lead to a self- interest threat, self- review threat and a familiarity threat. These may give rise to threats against independence and objectivity. Firms need to monitor the length of time a specific senior person is engaged on a specific assignment and should take appropriate steps if there is a perceived threat to the firm’s objectivity. For listed companies, it is recommended that the audit partner should rotate after 7 years, other senior staff after 7 years also. For other companies, there is no compulsory rotation, but good advice is that partners should rotate off after 10 years. Fees, remuneration and evaluation policies, litigation, gifts and hospitality An audit should not be undertaken on a contingent fee basis. The fee charged should not impact on the performance of an audit. I1.4 Auditing Page 42 UNIT 3 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 1 If the total fees generated by a client or client group represents a large proportion of a firms total fee income then this could create a self- interest threat. The significance of the threat should be evaluated and possible safeguards that could be applied are:• • • • Discussing the extent and nature of fees charged with those charged with governance Taking steps to reduce dependency on the client External Quality Control Review Consult a third party e.g. Professional Regulatory Body Gifts should not be accepted from clients, unless the value is insignificant. Care needs to be taken with outstanding fees as they may be construed as loans. Remember; only transactions in the normal course of business are allowed; otherwise there is a risk that there is a perceived threat to independence. Where there is threatened or actual litigation, the audit firm should not continue to act as auditor. Non-Assurance services provided to audit client Firms need to have procedures in place to consider the impact of non-assurance services on the firm’s independence and objectivity. Internal Audit - audit firm should not provide such services where they intend to place significant reliance on such work as part of external audit. IT Services - audit firm should not undertake design or implement systems that are a significant part of the accounting systems. Valuation - auditors should not provide a valuation where it involves a significant degree of subjective judgement. Tax services - auditors should provide routine compliance work only. Corporate finance services - auditors should not accept any role on a contingent fee basis. Accounting services - auditors should not undertake such services for a listed company. B. STATUTORY RESPONSIBILITIES AND RIGHTS Statutory responsibilities and rights are laid out under companies and other related legislation such as • Companies Acts I1.4 Auditing Page 43 UNIT 3 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 1 We have already seen that company law - depending on the applicable jurisdiction - produces a requirement that companies’ financial statements are audited. Company Law should recommend dealing with a number of other auditor related issues depending on the applicable jurisdiction, such as: • • • • • Appointment of auditors Auditors’ remuneration Resignation or removal of auditors Auditors’ duties Auditors’ rights The Companies Acts of Rwanda – No 07/2009 of 27/4/09 – Law relating to Companies C. APPOINTMENT OF AUDITORS Auditors are appointed by members of a company at the Annual Meeting. The term lasts from the end of one Annual Meeting until the next Annual Meeting unless of course the auditor has resigned or has been removed during the year. Where at the annual meeting, the company fails to appoint an auditor during that annual meeting or the post continues to fall vacant for a one month period, the Registrar General shall have the powers to have the company appoint its auditor within thirty (30) days. Companies Acts – Article 238 Auditor’s remuneration The auditor’s remuneration should be fixed at the Annual Meeting and should be disclosed in the financial statements. It should be disclosed separately from those fees earned from nonassurance services. Companies Acts – Article 239 D. RESIGNATION & REMOVAL OF AUDITORS An auditor who does not wish to be reappointed or wishes to resign Where an auditor gives the Board of Directors of a company written notice that he/she does not wish to be reappointed, the Board shall, if requested to do so by that auditor: • distribute to all shareholders and to the Registrar General, at the expense of the company, a written statement of the auditor’s reasons for his/her wish not to be reappointed; • permit the auditor or his/her representative to explain at a shareholder’ meeting the reasons for his/her wish not to be reappointed. I1.4 Auditing Page 44 UNIT 3 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 1 An auditor may resign prior to the Annual Meeting of the company. This shall, after receiving the notification thereof, call on the Board of Directors to a special meeting to receive the auditor’s notice of resignation. The auditor shall provide a written report which gives to him/her representative the opportunity to give an explanation why he/she does not wish to be re- appointed as auditor. Also during that meeting, the Board of Directors or the meeting of shareholders shall appoint a new auditor. The auditor has the right to require that the directors call a Special Meeting to discuss his resignation and the auditor can attend and speak at this meeting on any matter that concerns him as the retiring auditor. Directors should send out notice of this meeting within a 30 day period. The auditor also has the right to receive all notices that relate to a general meeting at which their term of office would have expired. Companies Acts Articles 244 and 245 Removal An auditor of a company shall be automatically reappointed at an annual meeting of the company unless the company passes a resolution at the annual meeting appointing another person to replace the auditor; Companies Acts Article 243. The directors of a company should give at least 30 days’ notice to all those entitled to receive a set of accounts if a motion to remove the auditors is to be put to the members at an Annual Meeting. The auditors also have the right to receive a copy of such notice. The motion to remove the auditor can be passed by a simple majority. The auditor should have a right to make representations as to why they should retain their office and they can require that a copy of these representations be sent to all the members. The company should notify the registrar on the removal of the auditors and the auditor should forward the statement of circumstances to the company within a period of at least 14 days of ceasing to hold that office. A copy of this statement should be forwarded by the company to the Registrar General. The auditor has a right to receive notice of and speak at such an Annual Meeting where their term of office would have expired. I1.4 Auditing Page 45 UNIT 3 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 1 Communication between auditors The new auditor is likely to request authorisation from the company to contact the previous auditor in order to ascertain if there are any circumstances which should be brought to their attention before accepting the appointment as auditors. The previous auditor will forward copies of previous audited accounts together with sufficient information relating to lead schedules of all the major areas of the audit. The previous audit files remain in the ownership of the previous auditor. E. AUDITORS DUTIES & RIGHTS Auditors’ duties We have already covered the fundamental duties as to issuing an auditor’s report on forming an opinion on the financial statements as well as looking at a number of other areas which were matters of opinion and matters of fact. Auditors’ rights Auditors should have the following rights: • • • • Access to all relevant documents and books and any information and explanations that they require from the directors of a company which they deem necessary in the conduct of the audit. Attendance at any general meeting and to receive all notices and written resolutions which any member of the company is entitled to receive. To be heard at any general meeting on any matters that concern them as auditors To give written notice requiring that an Annual Meeting be held for the reason of laying the accounts and reports before the members of a company. Companies Acts Articles 248 and 249 Possible Company Law offences could include: • • • • • Non-filing of annual returns Directors’ loan infringements Non-holding of Special Meetings Failure to keep proper books of accounts No director resident in state I1.4 Auditing Page 46 UNIT 3 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 1 • Acting as an auditor while not qualified to do so It would be considered the auditor’s duty to report any offences outlined above to the Police or the Revenue Authorities. The main offence an auditor should be aware of is money laundering activities. Money laundering is the process by which criminals attempt to conceal the true origin and ownership of the proceeds of their criminal activity, allowing them to maintain control over the proceeds and ultimately, providing a legitimate cover for the source of their income. Audit firms are required to report suspicions that a criminal offence has been committed, regardless of whether the offence has been committed by a client or by a third party. In addition, they need to be alert to the danger of making disclosures that are likely to tip off a money launderer, as this is a criminal offence There is no legal right not to make a report and the auditor is not constrained by his professional duty of confidence, although in all cases any such reporting must be made in good faith. In this case, he is protected by law from having the client take a civil case against him. However, if he did not have reasonable grounds on which to make a report to a third party, he may be sued by his client for breach of confidentiality. I1.4 Auditing Page 47 UNIT 4 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 2 BLANK Page 48 UNIT 4 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 2 Study Unit 4 Auditors Legal, Ethical & Professional Responsibilities – Part 2 Contents A. Auditor’s responsibilities in relation to fraud and for the entities compliance with Laws & Regulations B. Auditor’s responsibilities defined by case law arising from negligence and related exposure and consequences C. Re-appointment Procedures Page 49 UNIT 4 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 2 AUDITOR’S LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES PART 2 A. AUDITOR’S RESPONSIBILITY IN RELATION TO FRAUD AND FOR THE ENTITIES COMPLIANCE WITH LAWS AND REGULATIONS Fraud An auditor’s main concern in an audit is the risk of a material misstatement in the financial statements. These material misstatements can arise from fraud or error. An error is an unintentional misstatement in the financial statements, whether an omission of an amount or a disclosure. It can be a mistake in gathering or processing data for the accounts, an incorrect accounting estimate or a mistake in the application of accounting principles. Fraud is an intentional act by one or more individuals among management, employees or third parties, involving the use of deception to obtain an unjust or illegal advantage. Auditors do not make legal determination of whether fraud has actually occurred; the auditor is concerned to the extent that fraud has caused a material misstatement in the financial statements. Responsibility ISA 240 the auditor’s responsibility to consider fraud in an audit of financial statements, states quite clearly in paragraph 240.13 that the primary responsibility for the prevention and detection of fraud rests with the management and those charged with governance of the entity. It is their responsibility to establish a control environment to assist in achieving the orderly and efficient conduct of the entity’s operations. It is up to them to put a strong emphasis on fraud prevention. The auditor does not have a specific responsibility to prevent or detect fraud, but he must consider whether it has caused a material misstatement in the financial statements. Types of fraud There are two types of intentional misstatement: 1. Fraudulent financial reporting 2. Misappropriation of assets Page 50 UNIT 4 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 2 Fraudulent financial reporting This may be accomplished by the following: • Manipulation, falsification, or alteration of accounting records or supporting documentation from which the accounts are prepared • Misrepresentation in, or intentional omission from, the accounts of events, transactions or other significant information • Intentional misapplication of accounting principles relating to amounts, classification, manner of presentation or disclosure. Misappropriation of assets This involves the theft of a company’s assets. While management are in a position to be able to disguise or conceal misappropriations in ways that are difficult to detect, small and immaterial amounts misappropriated are often perpetrated by employees. Misappropriations can be accomplished in a number of ways: • • • • Embezzling receipts Stealing physical assets or intellectual property Causing an entity to pay for something they never received Using an entity’s assets for own personal use. The misappropriation of assets is often accompanied by false or misleading records or documents in order to conceal the fact that the assets are missing. Why is there fraud Fraud occurs because: • • • • • • There is an incentive or pressure to commit fraud A perceived opportunity to do so Rationalisation of the act. Individuals may be living beyond their means Management is under pressure to reach targets An individual may believe internal controls can be over-ridden. The auditor identifies the risks of fraud, relates the identified risks to what can go wrong at the assertion level and considers the likely magnitude of a potential misstatement. Finally, he should respond to those risks. Page 51 UNIT 4 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 2 Reporting The auditor should communicate to the appropriate level of management any identified fraud. Where the fraud involves management or key employees in internal control operations, the auditor should communicate as soon as possible any such fraud to those charged with governance. The auditor may have a statutory duty to report fraudulent behaviour to a regulator outside the entity for example the police authorities. Law and Regulation Companies are statutorily bound to comply with laws and regulations. Some of the laws and regulations affecting companies are: • • • • • Company law Health and safety regulations Employment law Civil law, both tort and contract Environmental law and regulation The auditor should identify the laws and regulations that an entity operates within. ISA 250 consideration of laws and regulations in an audit of financial statements establishes standards and guidance on the auditor’s responsibilities to consider laws and regulations in an audit of financial statements. ISA 250.2 states that when designing and performing audit procedures and in evaluating and reporting the results thereof, the auditor should recognise that non-compliance by the entity with laws and regulations may materially affect the financial statements. So the auditor’s responsibility is to plan and perform the audit to obtain reasonable assurance that the company has in fact complied with relevant laws and regulations. An audit cannot be expected to detect non-compliance with all the laws and regulations applicable to a company. Detection, regardless of materiality, requires consideration of the implications for the integrity of management or employees and the possible effect on other aspects of the audit. Non-compliance is a legal determination and is beyond the auditor’s professional competence and while an auditor’s experience and training may well provide a basis for recognition, ultimately, it can only be determined by a court of law. Page 52 UNIT 4 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 2 The further removed the non-compliance is from the events and transactions normally reflected in the financial statements, the less likely the auditor is to become aware of it or recognize non-compliance. Responsibility of Management It is management’s responsibility to ensure that the entity’s operations are conducted in accordance with laws and regulations. The responsibility for the prevention and detection of non-compliance rests with management. In larger companies, policies and procedures may be supplemented by an internal audit function and an audit committee possibly split between a legal department and a compliance function. Directors of the company have responsibility to provide information required by the auditor, to which he/she has a legal right of access. Such legislation also provides that it is a criminal offence to give the auditor information or explanations which are misleading, false or deceptive. The auditor’s consideration The auditor cannot be held responsible for preventing non-compliance, although an annual audit may act as a deterrent. Even though an audit is properly planned and performed in accordance with standards, there is the unavoidable risk that some material misstatements will not be detected in the financial statements. ISA250.13 states that auditors should plan and perform the audit with an attitude of professional scepticism recognising that the audit may reveal conditions or events that would lead to questioning whether an entity is complying with laws and regulations. The auditor would test for compliance with specific laws and regulations only if engaged to do so as otherwise outside the scope of his audit. ISA250.18 lays out that the auditor should design procedures to help identify possible or actual instances of non-compliance with the laws and regulations, which are central to the entity’s ability to conduct its business and hence to its financial statements. Further, the auditor should obtain sufficient, appropriate audit evidence about compliance with those laws and regulations, which the auditor recognises as having an effect on the determination of material amounts and disclosures in the financial statements. Some of the laws and regulation include ones which prohibit a company from making distributions except out of distributable profits and laws which require the auditor to Page 53 UNIT 4 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 2 expressly report on non-compliance such as maintenance of proper books of account or disclosures of directors’ remuneration. The auditor should obtain written representations from management that they have disclosed to the auditor all known actual or possible non-compliance with laws and regulations whose effects should be considered when preparing the financial statements. In addition, where applicable, the written representations should include the actual or contingent consequences which may arise from the non-compliance. In the absence of audit evidence to the contrary, the auditor is entitled to assume the entity is in compliance with these laws and regulations. The auditor’s responsibility in expressing an opinion on financial statements does not extend to determining whether the entity has complied in every respect with tax legislation. The auditor only needs sufficient audit evidence to give a reasonable assurance that the tax amounts in the financial statements are not materially misstated. What to do when non-compliance is discovered When the auditor becomes aware of non-compliance, the auditor should obtain an understanding of the nature of the act and the circumstances in which it has occurred, and sufficient other information to evaluate the possible effect on the financial statements. The auditor must consider: • The potential financial consequences such as fines, penalties and/or litigation. • Whether the potential financial consequences require disclosure. • Whether these consequences are so serious they call into question the truth and fairness of the accounts. Reporting of non-compliance As soon as possible, the auditor should communicate with management, or obtain audit evidence that management are appropriately informed, regarding non-compliance that comes to the auditor’s attention. If in the auditor’s judgment, the non-compliance is intentional and/or material, the auditor should communicate without delay. If the auditor suspects senior management, then he should communicate to the next higher level, such as the audit committee. Failing that, he should seek legal advice. In the case of money laundering it may be appropriate to report the matter directly to the appropriate authority. Page 54 UNIT 4 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 2 Audit report implications • If the auditor concludes that the non-compliance has a material effect on the accounts and has not been properly reflected, he should express a qualified or adverse opinion. • If the auditor has not been able to obtain sufficient evidence to evaluate whether a material non-compliance has occurred, he should qualify his report or issue a disclaimer of opinion on the basis of a scope limitation. Third part reporting Although the auditor has a duty of confidentiality, where non-compliance gives rise to a statutory duty to report, the auditor should do so without undue delay. B. AUDITOR’S RESPONSIBILITIES DEFINED BY CASE LAW ARISING FROM NEGLIENCE AND RELATED EXPOSURE AND CONSEQUENCES Professional Liability Auditors may have professional liability under statute law and in the tort of negligence. Statute law There are occasions when auditors have professional liability under statute law: • In insolvency legislation, the auditor could be found to be an officer of the company and thus could be charged with a criminal offence in connection with the winding up of the company. • An auditor could be found to be guilty of insider dealing, which is a criminal offence. • Auditors could be found guilty of a criminal offence in respect of money laundering issues as to their failure to report any known suspicions to the proper authority. • Failure to report issues that are required under company law such as those mentioned on the audit report. Tort of negligence Negligence is based on common/customary law. It seeks to provide compensation to loss suffered by one due to another’s wrongful neglect. To succeed, an injured party must prove: • A duty of care existed • The duty of care was breached • The actual breach caused the loss. Page 55 UNIT 4 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 2 Who would take an action against an Auditor If an auditor gave an incorrect audit opinion the following parties might take an action: • • • • • The company The shareholders The bank Other lenders Other interested third parties The key difference between all the above mentioned parties is the nature and duty of care owed to them by the auditor. Audit client An auditor owes a duty of care to the company as it is the audit client. The company has a contract with the audit firm. Therefore, the duty of care is automatic under law. The company is all the shareholders acting as a body; it cannot be represented by one shareholder alone. The standard of work of the auditor is generally defined by legislation. A number of judgements exist which have gauged the level of care as specific legislation does not exist which states clearly how an auditor should discharge his duty of care. For Example: Re Kingston cotton mills 1896 Court of Appeal, England “.it is the duty of the auditor to bring to bear on the work he has performed that skill, care and caution which a reasonably competent, careful and cautious auditor would use. What is reasonable skill, care and caution, must depend on the particular circumstances of the case.” For Example: Re Thomas Gerrard & son Ltd 1967 Chancery Division, England “…the real ground on which re Kingston cotton mills….is, I think, capable of being distinguished is that the standards of reasonable care and skill are, upon the expert evidence, more exacting today than those which prevailed in 1896.” For Example: Re Fomento(sterling area) Ltd v Selsdon fountain pen co ltd 1958 “…they must come to it with an inquiring mind, not suspicious of dishonesty…..but suspecting that someone may have made a mistake somewhere and that a check must be made to ensure that there has been none.” Auditors have to be careful in forming an opinion and they must give consideration to all relevant matters. Page 56 UNIT 4 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 2 If an opinion reached by an auditor is one that no reasonably competent auditor would be likely to reach, then the auditor would possibly be held for negligence. Third parties The auditor can only owe a duty of care to parties other than the audit client, if one can be established. Third parties will include any individual shareholders, potential investors and the bank. In these cases, there is no contract with the audit firm. Therefore, there is no implied duty of care. Case law seems to suggest that the courts have been reluctant to attribute a duty of care for third parties to the auditor. Caparo industries plc v Dickman and others 1990 England House of Lords - Tort Caparo relied on a set of accounts to purchase shares in a company. Subsequently, they alleged that the accounts were misleading. They argued the auditors owed a duty of care. The House of Lords found that there was no duty of care. The audit complied with the company’s legislation and there was no mention in that legislation to suggest that auditors should protect the interests of investors. James McNaughton paper group ltd v Hicks Anderson 1990 The position held that a restrictive approach was now adopted to any extension of the scope of the duty of care beyond the person directly intended by the auditor. In addition, all circumstances should now be taken into account in deciding on a duty of care. However, in 1995, a high court judge made an award against BDO as their joint audit of a company in which ADT were investing was held to be a contractual relationship with ADT. Problems however still arise after this case law. The reality is that third parties do rely on audited accounts. The perception is, if you are required to file your accounts with the Office of the Registrar General, then this information must be credible and independent. It seems unfair that auditors should bear full responsibility for something for which they do not have the primary responsibility. In recent times, directors of companies are required by company law not to make misleading statements to auditors. Banks and other major lenders appear to have a more special relationship than other third parties. Page 57 UNIT 4 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 2 Loan facilities will often contain clauses requiring audited accounts and up to date financial information on a regular basis. This may be seen to document a relationship with the auditor that establishes a duty of care. For Example: Royal bank of Scotland v Bannerman, Johnstone Maclay and other 2002 The bank provided an overdraft facility to the company, who it is claimed misstated its position due to a fraud. It was argued that the auditors neglected to find the fraud. The judge found that the auditors had a duty of care. They knew that the bank need audited accounts as part of the overdraft arrangement and could have issued a disclaimer to the bank. But they didn’t and this was an important factor in deciding that they did owe a duty of care. Litigation avoidance One way of dealing with litigation is to try and avoid it. How? • • • • Have clear client acceptance procedures, screen new clients, use an engagement letter. Perform all audit work in accordance with standards and best practice. Have sensible and effective quality control procedures in place. Issue appropriate disclaimers. Auditors may attempt to limit their liability by issuing disclaimers, although this may not always be effective in law. C. PRE-APPOINTMENT PROCEDURES Advertising ISA 200 sets out the ethical principles governing the auditor’s professional responsibilities. One of them is professional behaviour. A member is expected to comply with relevant laws and regulations and should avoid any action that discredits the profession. Now, auditors are like anyone else in business and in business it is necessary to advertise. But this advertising should be aimed at informing the public in an objective manner and should be in good taste. The code of ethics goes on to say that in promoting themselves and their work, members should be honest and truthful and should not make any exaggerated claims for the services they are able to offer, the qualifications they possess or the experience they have gained. In addition, they should not make any disparaging references or unsubstantiated comparisons to the work of others. If reference is made in promotional material to fees, the basis on which the fees are calculated should be stated. The greatest care should be taken to ensure that any reference does not mislead as to the precise range of services and time commitment that the reference is Page 58 UNIT 4 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 2 intended to cover. The danger of giving a misleading impression is great when there are constraints in respect of space limits for advertisements. It is for this reason that it is generally inappropriate to advertise fees. It is probably better to advertise free consultations to discuss fee issues. Use of logos Persons can only use the designated letters of a profession after their name such as in advertisements when they are members of the said profession. A firm should hold a practicing/auditing certificate to describe themselves as registered auditors. Tendering Client companies can change auditors. In this regard a firm may be approached to submit a tender for an audit. When approached to tender, an audit firm must consider whether they want to do the work and they must have regard for the ethical considerations, such as independence and professional competence. In addition, they need to consider fees and other practical issues. Fees A member may quote whatever fee is deemed to be appropriate. The fact that one may quote a lower fee than another auditor is not in itself unethical. However, it does raise the risk of a threat to the principles of professional competence and due care in that the fee quoted may be so low as to make it appear to be difficult to perform the audit to the expected standards. Therefore, it is wise to set out the basis of the calculation of the fee. The following factors should be considered when setting out a fee: • What does the job involve. Is it audit and/or tax or is there some other complicated work involved. • Which staff will need to be involved, numbers and quality. How long will they be required. Is the nature of the business complex. • What charge out rates are to be applied. The practice of undercutting fees has been called lowballing and can be seen in action generally where large audits are concerned. We have seen that having a lower fee may seem to have a negative impact on an auditor’s perceived independence but there are other factors to be considered: • Auditors operate in a market like any other business where supply and demand very often dictate the price. Page 59 UNIT 4 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 2 • Fees may be lower due to reasons such as better internal audit functions and simplified group structures within client companies. • Auditing firms have increased productivity, whether through the use of more sophisticated IT or experience gained through understanding the clients business. Practical issues It is important that the auditor also considers a number of other issues: • • • • • Can the audit assignment be fitted in to the audit firms current work plan? Is suitable audit staff available? Will any specialist skills be required? What are the future plans for the company? Is there any training required for current staff and what will be the cost of that training? • What work does the client actually want - Audit and/or tax? • Is this the first time the company has been audited? • Whether the client is seeking to change its auditors and if so what is the reason behind it? Submitting an audit proposal There is no set format. In fact, the client may dictate the format whether it be a written submission or a presentation to the board of directors. Whatever the form of the tender submission, the following matters should be included in the proposal: • • • • • • • The audit fee and the basis for its calculation An assessment of the needs of the client How the firm means to meet the needs of the client Any assumptions made to support the proposal The audit approach to be adopted by the firm A brief outline of the firm as seen by the proposer Details and background of the key audit staff on the proposed engagement. Evaluating the tender Different clients will have different ways of evaluating a tender. Some of the more general points are listed below. It is important to bear these in mind when preparing a proposal: • Fee. This can be the most vital point. Some clients go straight to this figure and don’t even bother with the rest of the document. Page 60 UNIT 4 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 2 • Professionalism. Auditors are expected to be professional. Remember, first impressions count and the audit team and the tender documents are often the first factors. • Proposed audit approach. Clients are always looking for the least amount of disruption to their already busy schedules, so the shortest number of days on-site may be the key to winning a tender. • Personal service. Fostering relationships is vital. Client should always feel he is getting value for money. Acceptance You have submitted a tender. You have been successful and the client has offered you the audit. Before you accept and commence the audit you should carry out a number of procedures in order to comply with the provisions in ISQC 1 quality control (section 26 to 28). Before accepting the assignment • Make sure there are no ethical issues which would prevent you from accepting this assignment. • Make sure that you are professionally qualified to carry out the work requested and that your firm has the resources available in terms of staff, expertise and time. • Check out references for the directors of the client firm especially if they are unknown to the audit firm. • Consult previous auditors as a matter of professional courtesy and establish from them whether there is anything that you ought to know about this vacancy. After accepting the assignment • Make sure the resignation of the previous auditors has been properly carried out and that the new appointment is valid. A board resolution of the company is required. • Submit a letter of engagement to the directors of the client company and ensure it is signed before any audit work is carried out. ISQC 1 states that a firm should establish policies and procedures for the acceptance and continuance of client relationships and specific engagements, designed to provide it with reasonable assurance that it will only undertake or continue relationships and engagements where it: • Has considered the integrity of the client and does not have any information that would lead it to conclude that the client lacks integrity, Page 61 UNIT 4 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 2 • Is competent to perform the engagement and has the capabilities, time and resources to do so and • Can comply with the ethical requirements. The firm should obtain such information as it considers necessary in the circumstances before accepting an engagement with a new client, when deciding whether to continue an existing engagement, and when considering acceptance of a new engagement with an existing client. Where issues have been identified and the firm decides to accept or continue the relationship or a specific engagement, it should document how the issues were resolved. Integrity of client Matters to be considered: • Identity and business reputation of owners, key management and those charged with governance. • Nature of the clients operations and its business practices. • Attitude of the owners, key management and those charged with governance towards matters such as aggressive interpretation of accounting standards and the internal control environment. • Client’s attitude to fees. • Indications of inappropriate limitation in the scope of work. • Indications that client may be involved in money laundering or other criminal activities. • Reasons given for non-reappointment of previous auditors. Information can be gathered through communications with previous auditors or other professionals who may have provided services and through other third parties such as bankers, legal counsel and industry peers. Competence of the firm Matters to be considered: • Has the firm got sufficient knowledge of the relevant industry and the relevant regulatory environment? • Are there sufficient personnel within the firm having the necessary capabilities and competence and are experts/specialists available when needed? • Are competent individuals available to perform quality control reviews? • Will the firm be able to complete the engagement within the reporting deadline? Page 62 UNIT 4 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 2 Other issues • Where a potential conflict of interest is identified, the firm should consider whether it is appropriate to accept the engagement. • Need to consider any significant matters that may have arisen during the current or previous engagements of whatever description. Agreeing the terms Once an engagement has been accepted it is important to agree the terms. It is essential that both parties fully understand what the agreed services are. Any misunderstanding could lead to a breakdown in the relationship and could result in legal action, loss of business and reputation ISA 210 terms of audit engagements establishes standards and provides guidance on: • Agreeing the terms of an engagement with the client and • The auditor’s response to a request by a client to change those terms to one that provides a lower level of assurance. It states that the auditor and the client should agree on the terms of the engagement. The agreed terms would need to be recorded in an audit engagement letter or other suitable form of contract. The terms should be recorded in writing. The objective and scope of an audit and the auditor’s obligations may be established by law, but the auditor may still find that an audit engagement letter will be informative for their clients. The main points to be clarified in the letter of engagement would include: • Confirmation of the auditor’s acceptance of the appointment. • The auditor is responsible for reporting on the accounts to the shareholders • The directors of the company have a statutory duty to maintain the books of the company and are responsible for the preparation of the financial statements. • The directors are responsible for the prevention and detection of fraud. • The fact that because of the test nature and other inherent limitations of an audit, there is the unavoidable risk that some material misstatements may remain undiscovered. • The scope of the audit including reference to appropriate legislation and standards. • There should be unrestricted access to whatever books and records the auditor needs in the performance of his duties. Page 63 UNIT 4 – AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES – Part 2 Other points to be included: • Arrangements regarding the planning and performance of the audit. • The expectation of receiving from management written confirmation regarding representations made in connection with the audit. • Request for the client to confirm in writing the terms of the letter. • The fee to be charged and the credit terms. • The form of any reports or other communication of results of the engagement. Other issues • On recurring audits, the auditor should consider whether circumstances require the terms of the engagement to be revised and whether there is a need to remind the client of the existing terms of the engagement. • An auditor who, before the completion of the engagement, is requested to change the engagement to one which provides a lower level of assurance, should consider the appropriateness of doing so. Where the terms are changed, both parties should agree on the new terms. Note, the auditor should not agree to a change of engagement where there is no reasonable justification for doing so. Page 64 UNIT 5 – AUDIT PLANNING AND SUPERVISION Study Unit 5 Audit Planning and Supervision Contents A. Materiality B. Audit Risk and its Components C. Audit Strategies D. Knowledge of the entity and its environment E. Response to assessed risks of material misstatement F. Documentation Page 65 UNIT 5 – AUDIT PLANNING AND SUPERVISION AUDIT PLANNING AND SUPERVISION AUDIT PLANNING ISA 300 planning an audit of financial statements establishes standards and guidance on the considerations and activities applicable to planning an audit. The auditor should: • Plan the audit so that the engagement will be performed in an effective and efficient manner. • Perform certain procedures at the beginning of the audit: - the continuance of the client relationship, - evaluation of compliance with ethical requirements including independence and - establish an understanding of the terms of the engagement. • Establish the overall audit strategy, setting out the scope, timing and direction of the audit. • Develop an audit plan in order to reduce audit risk to an acceptably low level. • Update and change the audit strategy and plan as necessary during the course of the audit. • Plan the nature, timing and extent of the direction and supervision of the audit team and a review of their work. • Document the overall audit strategy and the audit plan, including any significant changes made during the audit engagement. • Prior to starting an initial audit, perform procedures regarding the acceptance of the client relationship and the specific audit engagement, and communicate with the previous auditor in compliance with relevant ethical requirements. Adequate planning helps to ensure that: • • • • • • Appropriate attention is devoted to the most important areas, Potential problems are identified and resolved on a timely basis, The audit engagement is properly organised and managed, There is proper assignment of work to engagement members, There is direction and supervision of team members and review of their work, There is proper co-ordination of work done by experts. The nature and extent of planning activities will vary according to the size and complexity of the entity, the auditor’s previous experience with the entity and changes in circumstances that occur during the audit engagement. Page 66 UNIT 5 – AUDIT PLANNING AND SUPERVISION The establishing of the overall strategy involves considering the important factors that will determine the focus of the audit team’s effort, such as the: • The determination of appropriate materiality levels, • Preliminary identification of areas where there may be higher risks of material misstatement, • Preliminary identification of material components and account balances, • Evaluation of whether the auditor may plan to obtain evidence regarding the effectiveness of internal control, • The identification of recent significant entity-specific, industry, financial reporting or other relevant developments. The appendix of ISA 300 sets out examples of matters the auditor may consider in establishing the overall audit strategy. It is split between the scope of the audit engagement, the reporting objectives, timing of the audit and communications required and the direction of the audit. A. MATERIALITY (ISA 320) Materiality needs to be considered by an auditor in evaluating the effect of misstatements on the financial statements and when determining the nature, timing and extent of audit procedures. In designing the audit plan, the auditor should set an acceptable materiality level. He should consider this materiality at both the overall financial statement level and in relation to classes of transactions, account balances and disclosures. Information is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements. Factors to be considered are both quantitative and qualitative. An item might be material due to its nature, value or impact on users of accounts. • Nature Transactions involving directors generally affect users of accounts. • Value Inventory stocks in a manufacturing company may represent a high percentage of current assets. • Impact An end of year journal could convert a loss into a profit, thus affecting the users of accounts. Page 67 UNIT 5 – AUDIT PLANNING AND SUPERVISION The auditor’s assessment of materiality helps the auditor to decide: • What items and how many to examine • Whether to use sampling and/or analytical procedures • What audit procedures can be expected to reduce audit risk to an acceptably low level. An auditor should consider materiality and its relationship with audit risk when conducting an audit. The higher the material figure is set, the higher the audit risk. The auditor could compensate for this by either • Reducing the risk, where this is possible, and supporting this by carrying out extended or additional tests of control or • Reducing detection risk by modifying the nature, timing and extent of planned substantive tests. Problems with Materiality • Materiality is a matter of judgement. • Some matters could fall outside the criteria, although they could affect users of the accounts. • Percentage guidelines need to be used carefully. What figure do you select to base the percentage? Gross profit, profit before director’s salaries, assets, costs. Materiality and the audit process Materiality needs to be tailored to the business and the anticipated user. An auditor should plan materiality based on draft figures and any other recent available financial information. These should be applied to individual balances at the assertion level. All items greater than the set materiality figure should be tested, with a sample selected from the remaining items. The actual errors detected should be extrapolated out for the entire population of transactions. A final materiality should then be based on the results obtained and the actual financial statements produced. To set a materiality level, an auditor needs to decide what level of misstatement (error) would distort the view given by a set of financial statements. The materiality level must be reviewed constantly throughout the audit process as changes may be required due to changes in the draft accounts, any external factors that may alter the risk profile of the entity and any actual misstatements uncovered during the audit testing phase. Page 68 UNIT 5 – AUDIT PLANNING AND SUPERVISION The materiality level is often set a percentage of profits as it is generally the figure that most interested parties check out first. However, there are other figures that are also used. A range of those values is as follows: Value Profit before tax Gross profit Turnover Total assets Net assets Profit after tax B. % 5 ½-1 ½-1 1-2 2-5 5-10 AUDIT RISK AND ITS COMPONENTS Auditors should assess the risk of material misstatements arising in the financial statements and carry out procedures in response to assessed risks. Risk can be analysed as follows: Overall risk Audit risk Risk of material misstatement Business risk Detection risk Financial risk Inherent risk Control risk Page 69 Operational risk Compliance risk UNIT 5 – AUDIT PLANNING AND SUPERVISION Overall risk is split into audit risk and business risk. Audit risk is sometimes known as assignment or engagement risk. It is focused on the financial statements of the business. This is the auditor’s main focus. Inherent risk is the susceptibility of an account balance or class of transactions to material misstatement, irrespective of related internal controls. It may be due to the characteristics of those items such as the fact they are estimates, complex calculations or that they are important items in the accounts. Auditors use their professional judgment and their understanding of the client company to assess the inherent risk. Control risk is such that the client’s controls fail to prevent, detect and/or correct material misstatements. There will always be an element of control risk due to the inherent limitations of internal controls. Detection risk is such that the audit procedures applied by the auditor will fail to detect material misstatements. There are limitations to the audit process and detection risk relates to the inability of auditors to examine all evidence. As a result, some detection risk always exists. Auditors may fail to detect misstatements for a number of reasons including selecting inappropriate audit procedures, incorrectly applying an appropriate procedure or simply misinterpreting the results of testing. The auditor’s assessment of inherent and control risk will influence the nature, timing and extent of the substantive procedures which are required to reduce the detection risk and hence, audit risk. Examples of risk factors affecting client: • Integrity and attitude to risk of management - Problems can be caused where there is domination by a single individual. • A lack of management experience and knowledge can affect the quality of financial management. • Unusual pressures on management can lead to tight reporting deadlines or market or financing expectations. • The nature of the business can lead to potential problems such as technological obsolescence or over-dependence on single products. • Industry factors such as competitive conditions, regulatory requirements, technology developments. • IT problems include lack of supporting documentation, expertise heavily dependent on a few people and potential risk of unauthorised access to systems. Examples of risk factors affecting account balances or transactions: • Areas which require prior year adjustments or require high level of estimation, • Where expert valuations are required due to complex issues, • Account balances such as cash, stock, portable assets which are prone to fraud, Page 70 UNIT 5 – AUDIT PLANNING AND SUPERVISION • The existence of high volume transactions where systems may be unable to cope, • Unusual transactions, • Major changes in staff or low morale issues. Business risk arises in the operations of a business. It is split into three distinct types: • Financial risk - arising from financial activities or financial consequences such as cash flow issues, overtrading, going concern, breakdown of accounting systems, credit risk and currency risk. • Operational risks arise with regard to the operations of the business such as risk of losing a major supplier, physical disasters, loss of key personnel and poor brand management. • Compliance risks arise from non-compliance with laws and regulations within which the company operates or environmental issues. Relationship between risks Initially, it would appear that audit risk and business risk are unrelated, as audit risks are limited only to the financial statements. However, business risks include all risks facing the business and this includes inherent risks and control risks, which form part of the audit risk. Although audit risk is very financial statement focused, business risk does form part of the inherent risk associated with the financial statements, because if such risks materialise, then the whole going concern basis of the business could be affected and this has major implications for the financial statements. IMPACT OF RISK AR=IR*CR*DR C. AUDIT STRATEGIES The risk approach Risk is a key issue in any audit and the most common approach to carrying out an audit incorporates recognition of those risks. This is called the risk-based approach. There are other approaches and other techniques and the risk based approach is used in conjunction with these other approaches. Auditors apply judgment to determine what level of risk pertains to different areas of a client’s system and devise appropriate audit tests. Risk-based auditing ensures that the greatest effort is directed at those areas of the financial statements that are most likely to be Page 71 UNIT 5 – AUDIT PLANNING AND SUPERVISION misstated. The chance of detecting errors is therefore improved and time is not wasted on testing safe areas. For example, in a small manufacturing company, an auditor will need to do more work on inventory than say land & buildings. Inventory can be a complex area, with probably a significant number of line items and there is the risk of obsolete stock. Why is the risk-based auditing used more increasingly? • Growing complexity of the business environment, such as advanced computer systems and the globalisation of business, increases the risk of fraud or misstatement. • Pressure on auditors to keep fees down but improve the level of service. ISA 315 requires that auditors consider the entity’s process for assessing its own business risks. They must consider the factors that lead to the problems which may cause material misstatements and what can the audit contribute to the business pursuing its goals. The risk analysis stage is a very important part of the planning of an audit as it allows the auditor to: • • • • • • Identify the main areas where possible errors might occur, Plan the work to address any of these possible errors, Uncover errors as early as possible during the audit process, Carry out the audit as efficiently as possible, Reduce the risk of an incorrect audit opinion, Reduce the risk of litigation. The risk based approach will affect: • • • • How the audits are planned, The nature of the audit evidence to be gathered by the auditor, The nature of the procedures that need to be carried out by the auditor, The amount of evidence that needs to be gathered. The business risk approach was developed because it was believed that in some instances the risk of misstatement arises mainly from the business risks of the company. This business approach tries to mirror the risk management steps that have been taken by the directors. It is also known as the top down approach in that it starts at the objectives of the company and works down to the financial statements, rather than working up from the financial statements which has been the historical approach to auditing. Controls’ testing is aimed at high level controls and substantive testing is reduced. Page 72 UNIT 5 – AUDIT PLANNING AND SUPERVISION Principal risks include: • • • • • • Economic pressures causing reduced sales and eroding margins, Demands for extended credit, Product quality issues re inadequate control over supply chain etc., Customer dissatisfaction re order requirements and invoicing errors etc., Unacceptable service response calls, Out of date IT systems. These risks can impact on inventory values, receivables recoverable, provisions and contingencies and going concern. The effect of the top down approach is that the auditor pays more attention to high level controls such as the control environment and corporate governance than the traditional approaches. In addition, analytical review procedures are used more extensively as the auditor is keen to understand the business more clearly. The combination of the above two factors will result in reduced substantive detailed testing, although it is not eliminated completely. Business risk approach advantages: • There is added value given to clients as the approach focuses on the business as a whole rather than just the financial statements. • Where audit attention is focused on high levels of controls and use of analytical procedures, there is increased audit efficiency. • There is no need to focus on routine processes where technological developments have rendered them less prone to error than in previous times. • The approach responds to corporate governance issues in recent years. • There is a lower engagement risk through a better understanding of the clients business. Systems and controls This approach is always used in conjunction with other approaches as substantive testing can never be eliminated completely. Management is required to institute a system of controls which is capable of safeguarding the assets of the shareholders. Auditors assess the controls put in place by directors and ascertain whether they are effective and can be relied on for the purposes of the audit. They carry out tests to ensure that the systems operate as they are supposed to. If the controls are ineffective, the control risk is high and it is important to undertake higher levels of substantive testing. Page 73 UNIT 5 – AUDIT PLANNING AND SUPERVISION Cycles and transactions An auditor may choose to carry out substantive tests on the transactions of the business in the relevant period. Cycles’ testing is closely linked to systems testing, as it is based on the same systems. However, with the cycles approach, the auditors test the transactions which have occurred, resulting in the entries in the books, such as sales transactions, purchases, expenses etc. The auditor substantiates the transactions which appear in the financial statements. A sample of transactions is selected and each transaction is tested to ensure that the transaction is complete and is processed correctly through the complete cycle. Balance Sheet approach An auditor may choose to carry out substantive tests on the year end balances. This is the most common approach to substantive testing after controls have been tested. The balance sheet shows a snapshot of the financial position. If it is fairly stated and the previous years’ figures were also fairly stated, then it is reasonable to undertake lower level testing on the profit and loss transactions e.g. analytical review. There is a relationship with the business risk approach. The element of substantive testing which remains in a business risk approach can be undertaken in this approach. In some cases, most notably small companies, the business risks may be strongly linked to management concentration in one person, and/or balance sheets may be uncomplicated. In these cases, it is probable more cost effective to undertake a highly substantive balance sheet audit rather than to undertake a business risk assessment. It should be noted though, that when not undertaken in conjunction with a risk based approach or systems testing, the level of detailed testing required can be high in a balance sheet approach making it very costly. Directional testing Directional testing is a method of discovering errors and omissions in the financial statements through undertaking detailed substantive testing. It can be broken down into two categories, tests to discover errors and tests to discover omissions. Checking entries from the books back to supporting documentation should help to detect errors causing an overstatement or an understatement. For example, selecting sales transactions from the sales ledger and tracing them back to sales invoices and price lists to ensure that sales are priced correctly. To discover omissions the auditor must start from outside the accounting records and trace through to the records in the books. For example, to check the completeness of purchases, select a number of GRNs and check through to the stock records and the purchase ledger. Page 74 UNIT 5 – AUDIT PLANNING AND SUPERVISION Directional testing is appropriate when testing the financial statement assertions of existence, completeness, rights & obligations, and valuation. The concept of directional testing derives from the principle of double entry bookkeeping. Therefore any misstatement of a debit entry will result in either a corresponding misstatement of a credit entry or a misstatement in the opposite direction of another debit entry. A test for an overstatement of an asset also gives comfort on understatement of other assets, overstatement of liabilities, overstatement of income and understatement of expenses. In other words by performing tests, the auditor obtains audit assurance in other audit areas. A major advantage of this approach is its cost-effectiveness. Assets and expenses are tested for overstatement only, while liabilities and income for understatement only. Directional testing is particularly useful when there is a high level of detailed testing to be carried out, such as when the auditors have assessed the controls and accounting systems and have found them to be ineffective. Auditing around the computer The auditor is primarily interested in verifying that the data are being correctly input and processed by the computer. Audit activity is focused on ensuring that the source documentation is processed correctly and the auditor would verify this by checking the output documentation. What happens within the computer itself is ignored. However, there are issues with a lack of a paper trail and it is not practical for large company audits. Auditing through the computer system The auditor performs tests on the computer and its software to evaluate if they are both effective. If the auditor finds that the computerised controls and systems are effective, the auditor will perform reduced substantive testing. This is likely to involve the use of computer assisted auditing techniques (CAATs). The use of a computer as an audit tool or the use of CAATs may improve the efficiency and effectiveness of audit procedures. It is particularly of use in tests of numerous details of transactions and balances. Page 75 UNIT 5 – AUDIT PLANNING AND SUPERVISION General When seeking to identify an appropriate strategy for a particular audit, it is important to remember that the approaches are linked and in some cases it is wise to use two or more. • Directional testing with balance sheet approach as they are both substantive testing issues. • Risk and cycles based approach with low level of large transactions. • Risk and balance sheet approach where substantial numbers of sales transactions with substantial receivables. D. KNOWLEDGE OF THE ENTITY AND ITS ENVIRONMENT ISA 315 Understanding the entity and its environment and assessing the risks of material misstatement establishes standards and guidance on obtaining an understanding of the entity and its environment including its internal control, and on assessing the risks of material misstatement in a financial statement audit. Why do we need an understanding of an entity? • • • Helps identify risks of material misstatements. Helps auditor to design and perform relevant audit procedures. Helps auditor in the exercise of judgement where necessary. How do we obtain understanding? • • • Performing risk assessment procedures such as inquiries of management and others within the entity, analytical procedures, and observation and inspection. Determining whether changes have occurred that may affect the relevance of information, obtained in prior periods, in the current audit. Ensuring that members of the engagement team discuss the susceptibility of the entity’s financial statements to material misstatements. What do we need to understand? • Obtain an understanding of the entity and its environment, including its internal control. This understanding should be sufficient to identify and assess the risks of material misstatement of the financial statements whether due to fraud or error, and it should be sufficient to design and perform further audit procedures. • Obtain an understanding of relevant industry, regulatory and other external factors including the applicable financial reporting framework. • Obtain an understanding of the nature of the entity, such as its operations, ownership, governance, types of investments it is making, structure and financing. Page 76 UNIT 5 – AUDIT PLANNING AND SUPERVISION • Obtain an understanding of the entity’s selection and application of accounting policies and consider whether they are appropriate for its business and consistent with the applicable financial reporting framework and accounting policies used in the relevant industry. • Obtain an understanding of the entity’s objectives and strategies, and the related business risks that may result in material misstatements of the financial statements. • Obtain an understanding of the measurement and review of the entity’s financial performance such as internal management information (budgets, variance analysis, department reports) and external information (analyst’s reports and credit rating agency reports). When the auditor intends to make use of the performance measures, he should consider whether the information provides a reliable basis and is sufficiently precise for such a purpose. • Obtain an understanding of internal control relevant to the audit. This involves evaluating the design of a control and determining whether it has been implemented. Not all controls are relevant to the auditor’s risk assessment. • Obtain an understanding of the control environment. The control environment sets the tone of an organisation, influencing the control consciousness of its people. It is the foundation for effective internal control, providing discipline and structure. • Obtain an understanding of the entity’s process for identifying business risks relevant to financial reporting objectives and deciding about actions to address those risks, and the results thereof. • Obtain a sufficient understanding of control activities to assess the risks of material misstatements and to design further audit procedures responsive to assessed risks. Examples of specific control activities include authorisation, performance reviews, information processing, physical controls and segregation of duties. Risk assessment procedures The auditor may consider making inquiries of the entity’s legal counsel or of valuation experts. Reviewing information obtained from external sources such as reports by analysts, banks or other rating agencies, trade and economic journals may also be useful in obtaining information about the entity. Although much of the information can be obtained from management and those responsible for financial reporting, inquiries of others such as production and internal audit personnel may be useful in providing a different prospective in identifying risks of material misstatements. Observation and inspection may support inquiries of management. Such audit procedures include: • Observation of activities and operations, • Inspection of documents and records, Page 77 UNIT 5 – AUDIT PLANNING AND SUPERVISION • Reading reports prepared by management, • Visits to premises and plant facilities, • Carrying out walk-through tests. Controls relevant to the audit Ordinarily, controls that are relevant to an audit pertain to the objective of preparing financial statements. Controls over the completeness and accuracy of information may also be relevant if the auditor intends to make use of the information in designing and performing further procedures. Controls relating to operations and compliance objectives may be relevant if they pertain to data the auditor evaluates or uses in applying audit procedures. Information systems The auditor should obtain an understanding of the information systems, including the business processes relevant to financial reporting and in the following areas: • The classes of transactions in the entity’s operations that are significant to the financial statements; • The procedures, within both IT and manual systems, by which those transactions are initiated, recorded, processed and reported in the financial statements; • The related accounting records, whether electronic or manual, supporting information, and specific accounts in the financial statements, in respect of initiating, recording, processing and reporting transactions; • How the information systems capture events and conditions, other than classes of transactions, that are significant to the financial statements; • The financial reporting processes used to prepare the entity’s financial statements, including significant accounting estimates and disclosures. Assessing the risks of material misstatement The auditor should: • Identify risks throughout the process, • Relate the risk to what can go wrong at the assertion level, • Consider whether the risks are of a magnitude that could result in a material misstatement in the financial statements, • Consider the likelihood that the risks could result in a material misstatement of the financial statements. Appendix 1 of ISA 315 provides additional guidance on understanding the entity and its environment. Appendix 2 lays out conditions and events that may indicate risks of material misstatement. Page 78 UNIT 5 – AUDIT PLANNING AND SUPERVISION E. RESPONSE TO ASSESSED RISKS OF MATERIAL MISSTATEMENT ISA 330 The auditor’s procedures in response to assessed risks establishes standards and provides guidance on determining overall responses and designing and performing further audit procedures to respond to the assessed risks of material misstatements. The standard requires the auditor to determine overall responses to address risks of material misstatement at the financial statement level and provides guidance on the nature of those responses. The auditor is required to design and perform further audit procedures, including tests of the operating effectiveness of controls, when relevant or required, and substantive procedures, whose nature, timing, and extent are responsive to the assessed risks of material misstatement at the assertion level. In addition, this section includes matters the auditor considers in determining the nature, timing, and extent of such audit procedures. The auditor is required to evaluate whether the risk assessment remains appropriate and to conclude whether sufficient appropriate audit evidence has been obtained. The standard establishes related documentation requirements. In order to reduce the audit risk to an acceptably low level, the auditor should determine overall responses to assessed risks at the financial statement level. Overall responses may include: • • • • Emphasising to the audit team the need to maintain professional scepticism, Assigning more experienced staff or hiring expert help when needed, Providing more supervision, Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed, • Making changes to the nature, timing, or extent of audit procedures. The assessment of the risk of material misstatement is affected by the auditor’s understanding of the control environment. An effective control environment may allow an auditor to have more confidence in internal control and the reliability of audit evidence generated internally within the entity. If there are weaknesses in the control environment, the auditor: • • • • conducts more procedures as of the period end rather than an interim date , seeks more extensive audit evidence from substantive procedures, modifies the nature of procedures to obtain more persuasive audit evidence, Increases the number of locations to be included in the audit scope. Page 79 UNIT 5 – AUDIT PLANNING AND SUPERVISION The evaluation of the control environment will help the auditor determine whether there should be a substantive or a combined approach (tests of controls and substantive procedures). In designing further audit procedures, the auditor should consider: • • • • • the significance of the risk, the likelihood that a material misstatement will occur, the characteristics of the class of transactions or account balances, the nature of specific controls and whether they are manual or automated, Whether the auditor expects to obtain evidence to determine if controls are effective in preventing, or detecting and correcting material misstatements. The nature of further audit procedures refers to their: • Purpose Tests of controls or substantive procedures; • Type Inspection, observation, inquiry, confirmation, recalculation, re-performance, analytical procedures. Certain audit procedures may be more appropriate for some assertions. The selection of the procedure is based on the assessment of risk. The higher the risk, the more reliable and relevant must be the audit evidence from substantive tests. The auditor may perform audit procedures at an interim date or at period end (timing). The higher the risk, the more likely the auditor will perform substantive tests nearer to or at the period end. Certain audit procedures can only be performed at or after the period end, such as agreeing the financial statements to the accounting records and examining adjustments made during the course of preparing the financial statements. The extent (sample size or number of observations) is determined by the judgement of the auditor after considering: • Materiality, • Assessed risk, • Degree of assurance required. The auditor is required to perform tests of controls when the auditor relies on the effectiveness of controls or when substantive tests alone do not provide sufficient appropriate audit evidence. Irrespective of the assessed risk of material misstatements, the auditor should design and perform substantive tests for each material class of transaction, account balance and Page 80 UNIT 5 – AUDIT PLANNING AND SUPERVISION disclosure. Remember, an auditor’s assessment of risk is judgemental and there are inherent limitations to internal control. The auditor’s substantive procedures should include the following related to the financial statement closing process: • Agreeing the financial statements to the underlying accounting records and • Examining material journal entries and other adjustments made during the course of preparing the financial statements. Where an auditor determines that an assessed risk at the assertion level is a significant risk, he should perform substantive procedures that are specific to that risk. The auditor should perform audit procedures to evaluate whether the overall presentation of the financial statements, including the related disclosures, is in accordance with the applicable financial reporting framework. Based on the audit procedures performed and the audit evidence obtained, the auditor should evaluate whether the assessments of the risks at the assertion level remain appropriate. He should conclude whether sufficient appropriate audit evidence has been obtained to reduce to an acceptably low level the risk of material misstatement in the financial statements. Where it is not sufficient and the auditor is unable to obtain further evidence, he should express a qualified opinion or a disclaimer of opinion. Finally, the auditor should document the overall responses to address the risks and the nature, timing and extent of the further audit procedures and the results thereof. In addition, where there is reliance on controls, the auditor should document the conclusions reached with regard to relying on such controls that were tested. General planning matters When planning an audit you also need to consider some admin. matters: Staffing Have the staff got the correct level of qualifications and experience. Do they have specialist skills that may be required? What about the staff’s relationship amongst themselves and with client staff. Are staff available and what about travel arrangements. Client management Continuity of staff is often important to client companies. Also, consistency of staff may help audit efficiency. Page 81 UNIT 5 – AUDIT PLANNING AND SUPERVISION Location of audit Need to consider the distance for audit staff to travel, the staff’s mobility and the location of the review by the manager. Multiple locations often require a decision as to which locations should be visited, the allocation of your staff to these locations and managing the visits to each selected sites. Deadlines Key deadlines are stock-counts, date of draft accounts available, main audit visit, audit manager review, partner review, audit clearance meeting, audit report to be signed and date of the Annual Meeting. It is important to plan the work so that these deadlines can be achieved. Use of IT Need to consider whether the client has a computerised system and whether the auditor will use CAATs. Will the auditor use computers to complete the working papers and communicate with the partner? Time budgets These are an important part of planning. Times should be estimated accurately and communicated to the audit team. The audit team should record variances from the budget for planning purposes for the next audit. Audit Evidence The purpose of ISA 500 is to establish standards and provide guidance on what constitutes audit evidence in an audit of financial statements, the quantity and quality of audit evidence to be obtained, and the audit procedures that auditors use for obtaining that audit evidence. In order to form an opinion, an auditor must obtain evidence. This evidence should be sufficient, relevant and reliable. The auditor designs substantive procedures to obtain this evidence about the financial statement assertions. By approving the financial statements, the directors are making representations about the information therein. These assertions may fall into the following categories: (a) Assertions about classes of transactions and events for the period under audit: • Occurrence—transactions and events that have been recorded have occurred and pertain to the entity. • Completeness—all transactions and events that should have been recorded have been recorded. Page 82 UNIT 5 – AUDIT PLANNING AND SUPERVISION • Accuracy—amounts and other data relating to recorded transactions and events have been recorded appropriately. • Cut-off—transactions and events have been recorded in the correct accounting period. • Classification—transactions and events have been recorded in the proper accounts. (b) Assertions about account balances at the period end: • Existence—assets and liabilities exist. • Completeness—all assets and liabilities that should have been recorded have been recorded. • Rights and obligations—the entity holds or controls the rights to assets, and liabilities are the obligations of the entity. • Valuation and allocation —assets and liabilities are included in the financial statements at appropriate amounts. (c) Assertions about presentation and disclosure: • Occurrence and rights and obligations—disclosed events, transactions, and other matters have occurred and pertain to the entity. • Completeness—all disclosures that should have been included in the financial statements have been included. • Classification and understanding—financial information is appropriately presented and described, and disclosures are clearly expressed. • Accuracy and valuation—financial and other information are disclosed fairly and at appropriate amounts. Procedures used by auditors to obtain evidence • Inspection of tangible assets Inspection confirms existence and valuation and gives evidence of completion. It does not however confirm rights and obligations. • Inspection of documents and records Confirmation of documentation confirms existence of an asset or that a transaction has occurred. Confirmation that items are in the books shows completeness. Also helps testing cut-off. It provides evidence of valuation, measurement, rights and obligations and presentation and disclosure. • Observation This procedure is of limited use in that it only confirms that a procedure took place when it was observed. Page 83 UNIT 5 – AUDIT PLANNING AND SUPERVISION • Inquiry and confirmation Information sought from client or external sources. The strength of the evidence depends on knowledge and integrity of the source of the information. • Recalculation and Re-Performance Checking calculations of client records. • Audit automation tools Such as computer assisted auditing techniques. • Analytical procedures Sufficient and appropriate Sufficiency is the measure of the quantity of the evidence, while the appropriateness is the measure of the quality (reliability & relevance) of the evidence. This applies to both tests of controls and substantive procedures. An auditor’s judgment as to what is sufficient appropriate evidence is influenced by the following factors: • • • • • • • Risk assessment, is it low or high? The nature of the accounting and internal control systems, The materiality of the item being examined, The experience gained during previous audits, The auditors’ knowledge of the business and industry, The results of audit procedures, The source and reliability of the information available. Appropriate- relevance The relevance of audit evidence should be considered in relation to the overall objective of forming an audit opinion and reporting on the financial statements. The evidence should allow the auditor to conclude on the following: • Balance sheet items Are there suitable completeness, existence, ownership, valuation and disclosure issues? • Profit and loss items Are there suitable completeness, occurrence, valuation and disclosure issues? Page 84 UNIT 5 – AUDIT PLANNING AND SUPERVISION Appropriate – reliable Reliability of audit evidence depends on the particular circumstances of each case. However, the following should be considered: • Documentary evidence is more reliable that oral evidence, • Evidence from external independent sources is generally more reliable than that within an entity, • Evidence from the auditor by such means as analysis and physical inspection is more reliable than evidence obtained by others. Sufficiency The auditor needs to obtain sufficient, relevant and reliable evidence to form a reasonable basis for his opinion on the financial statements. His judgement of sufficiency will be influenced by such factors as: • His knowledge of the business and its environment, • The risk of misstatement, • The quality of the evidence. However, merely obtaining more audit evidence may not compensate for its poor quality. F. DOCUMENTATION Audit planning memo An audit plan is the formulation of the general strategy for the audit, which sets out the direction for the audit, describes the expected scope and conduct of the audit and provides guidance for the development of the audit programme. This plan is in the form of a written document. Included will be: • • • • • • • The discussion among the audit team concerning the susceptibility of the financial statements to material misstatements including any key decisions reached; Key elements of the understanding gained of the entity; The identified and assessed risks of material misstatement; Significant risks identified and related controls evaluated; The overall responses to address the risks of material misstatements; The nature, extent and timing of further audit procedures linked to the assessed risks at the assertion level; If the auditors have relied on evidence about the effectiveness of controls from previous audits, conclusions about how this is appropriate. Page 85 UNIT 5 – AUDIT PLANNING AND SUPERVISION Example of an outline audit plan Initial visit This visit is essential in building up a background about the client company in order to assist in the detailed planning of the audit. The auditor will use techniques such as inquiry, observation and review of documentation in order to understand details about the company such as: • • • • • • The development and past history, The nature of the environment in which it operates, Products and processes, Organisational plans, Accounting and internal controls in operation, The maintenance of accounting records. In respect of the internal controls, it would be expected to carry out walkthrough tests to confirm the operation of the controls as described. If this is an existing client, the visit may simply take the form of a phone call or brief meeting to establish any changes since the previous audit in respect of the company’s operations or environment. Interim Visit Ideally this visit should take place close to the year end. The purpose of this visit is to carry out detailed tests on the client’s accounting and internal controls with a view to establishing those controls on which you can rely. Where controls are operating effectively, restricted substantive procedures need only be carried out. Where controls are ineffective in practice, more extensive substantive tests will need to be carried out. At this stage, if any weaknesses in controls have been noted, it may be appropriate to draft a letter to the client management. Final Visit This visit will take place after the accounting year end. On this visit, the detailed substantive procedures will be carried out in order to substantiate the figures in the accounting records and subsequently, the financial statements. After an overall review of the financial statements, the auditor will be able to assess whether sufficient and appropriate evidence has been obtained in order to draw reasonable conclusions so that an opinion can be expressed on the financial statements. Examples of the work to be carried out would include: • Discussion with management of known risk areas, • Attendance at stock count, • Verification of assets/liabilities and income/expenditure, Page 86 UNIT 5 – AUDIT PLANNING AND SUPERVISION • • • • • Follow up on outstanding interim audit issues, Review of post balance sheet events, Seek and obtain representations from management, Review financial statements, Draft an audit report. Audit programme An audit programme is a set of written instructions to the audit team that sets out the audit procedures the auditor intends to adopt and may include references to other matters such as the audit objectives, timing, sample size and basis of selection for each area. It also serves as a means to control and record the proper execution of the work. Working Papers All evidence obtained during an audit should be documented. Working papers are the property of the auditor. The auditor’s working papers are the evidence of all the work done which supports his audit opinion. In addition, it provides evidence that the audit was carried out in accordance with the standards and other regulatory requirements. Furthermore, it helps in the planning, performance, supervision and subsequent review of the audit. Working papers should be reviewed by more senior members of staff before an audit conclusion is reached. The review should consider whether: • • • • • The work has been performed in line with the detailed audit programmes, The work performed and the results thereof have been adequately documented, Any significant matters have been resolved or are reflected in the audit opinion, The objectives of the audit procedures have been achieved, The conclusions expressed are consistent with the results of the work performed and support the opinion of the auditor. For recurring audits, working papers may be split into a permanent audit file and a current audit file. Audit working papers should be retained for a period of at least 7 years. Page 87 UNIT 5 – AUDIT PLANNING AND SUPERVISION G. AUDIT SUPERVISION AND REVIEW Auditing standards stress the importance of quality control, both at the audit firm level and the audit engagement level. ISQC1 ISA220 QUALITY CONTROL FIRM Leadership Ethics Client relationships Human resources Engagement performance Monitoring ENGAGEMENTS Planning Supervision Page 88 Review UNIT 5 – AUDIT PLANNING AND SUPERVISION ISQC1 Quality Control for firms that perform audits and reviews of historical financial information, and other assurance and related services engagements helps audit firms establish quality standards for their own business, while ISA 220 Quality Control for audits of historical financial information requires firms to implement quality control procedures over individual audit assignments. Quality control at audit engagement level Engagement performance ISA 220.21 states that the engagement partner should take responsibility for the direction, supervision and performance of the audit engagement in compliance with professional standards and regulatory and legal requirement, and for the auditor’s report that is issued to be appropriate in the circumstances. The audit engagement can be directed by informing members of the team of: • Their responsibilities such as maintaining an objective state of mind, an appropriate level of professional scepticism and performing the work in accordance with due care;, • The nature of the entity’s business, • Risk related issues, • Problems that may arise, • The detailed approach to the performance of the engagement. Supervision includes: • Tracking the progress of the engagement, • Considering the capabilities and competence of members of the team, whether they have sufficient time, that they understand their instructions, and whether the work is been carried in accordance with the planned approach; • Addressing significant issues as they arise, considering their significance and modifying the planned approach appropriately; • Identifying matters for consultation by more experienced engagement team members during the engagement. Not just partner doing this, but all members of staff at different levels. Review responsibilities are determined on the basis that the more experienced members of the audit engagement, review work performed by less experienced persons. The reviewers consider whether: • The work has been performed in accordance with professional standards, • Significant matters have been raised for further consultation, • Appropriate consultations have taken place and the consultations have been documented and implemented, • There is a need to revise the nature, timing and extent of the work performed, Page 89 UNIT 5 – AUDIT PLANNING AND SUPERVISION • The work performed supports the conclusions reached and is appropriately documented, • The evidence obtained is sufficient and appropriate to support the auditor’s report, • The objectives of the audit engagement procedures have been achieved. Before the auditor’s report is issued, the engagement partner, through review of the audit documentation and discussion with the engagement team, should be satisfied that sufficient appropriate audit evidence has been obtained to support the conclusions reached and for the audit report to be issued. Quality control review For audits of financial statements of listed companies, the engagement partner should: • Appoint a quality control reviewer, • Discuss significant matters with the reviewer which have arisen, • Not issue the audit report until completion of the review. Page 90 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL Study Unit 6 Internal Control – Assessing Control Risk & Tests of Control Contents A. Internal Control B. Information Systems. Including the Related Business Process relevant to Financial reporting and communication C. Control Activities D. Assessing the Risk of material Misstatement E. Tests of Control F. Assessment of impact on audit strategy G. The recording of control systems H. Audit Programmes Page 91 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL INTERNAL CONTROL - ASSESSING CONTROL RISK AND TESTS OF CONTROLS A. INTERNAL CONTROL Definition and components ISA 315 defines internal control as the process designed and implemented by those charged with governance to provide reasonable assurance about the achievement of the entity’s objectives. Internal control consists of the following components: 1. 2. 3. 4. 5. The control environment, The entity’s risk assessment process, The information system, Control activities, Monitoring of controls. Responsibilities-Management The management team of a company is responsible for achieving an entity’s objectives such as: • • • The reliability of financial reporting, The effectiveness and efficiency of operations and Compliance with applicable laws and regulation. Good corporate governance dictates the existence of a sound system of internal control. It follows therefore that internal controls should be designed and implemented to address business risks that threaten the achievement of an entity’s objectives. An entity’s systems collect and summarise data that are used to produce financial information. An effective system of internal control will help management manage the business effectively, produce timely and accurate information, safeguard the assets of a company and prevent and detect fraud. Responsibilities - Auditors Control risk is an element of audit risk. Control risk exists where the client’s controls fail to prevent, detect and/or correct material misstatements. Therefore, auditors need to assess the controls put in place by management and ascertain whether they are effective and can be relied upon for the purposes of the audit. The auditor’s primary consideration is whether a specific control prevents detects or corrects material misstatements. The auditor carries out tests to ensure that the systems operate as they are Page 92 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL supposed to. If the controls are ineffective, the control risk is high and it is likely that it will be necessary to undertake higher levels of substantive testing. Gaining an understanding of internal control ISA 315 states that the auditor should obtain an understanding of internal controls relevant to the audit. The auditor uses this understanding to identify types of potential misstatements and to help design the nature, timing and extent of further audit procedures. The way in which internal control is designed and implemented will vary with an entity’s size and complexity. Smaller entities may use less formal means and simpler processes and procedures to achieve their objectives. In obtaining an understanding of internal control, the auditor must gain an understanding of the: • • Design of the internal control: It should be capable of preventing, detecting or correcting material misstatements,; Implementation of that control: It should be operating correctly throughout the period in question. Risk assessment procedures to obtain audit evidence about the design and implementation of relevant controls may include • • • • Inquiring of personnel, Observing the application of specific controls, Inspecting documents and reports, Tracing transactions through the information system. Control environment The control environment includes the governance and management functions and the attitudes, awareness and actions of those charged with governance and management concerning the entity’s internal control. The control environment sets the tone of an organisation, influencing the control consciousness of its people. It is the foundation for effective internal control, providing discipline and structure. The control environment is heavily influenced by management. In evaluating the design of the control environment the auditor considers the following elements: (a) Communication and enforcement of integrity and ethical values — essential elements which influence the effectiveness of the design, administration and monitoring of controls. (b) Commitment to competence — management's consideration of the competence levels Page 93 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL for particular jobs and how those levels translate into requisite skills and knowledge. (c) Participation by those charged with governance — independence from management, their experience and stature, the extent of their involvement and scrutiny of activities, the information they receive the degree to which difficult questions are raised and pursued with management and their interaction with internal and external auditors. (d) Management's philosophy and operating style — management's approach to taking and managing business risks, and management's attitudes and actions toward financial reporting, information processing and accounting functions and personnel. (e) Organisational structure — the framework within which an entity's activities for achieving its objectives are planned, executed, controlled and reviewed. (f) Assignment of authority and responsibility — how authority and responsibility for operating activities are assigned and how reporting relationships and authorisation hierarchies are established. (g) Human resource policies and practices — recruitment, orientation, training, evaluating, counselling, promoting, compensating and remedial actions. The existence of a satisfactory control environment can be a positive factor when the auditor assesses the risks of material misstatement and influences the nature, timing, and extent of the auditor's further procedures. Conversely, weaknesses in the control environment may undermine the effectiveness of controls and, therefore, becomenegative factors in the auditor's assessment of the risks of material misstatement, in particular in relation to fraud The Entity's Risk Assessment Process The auditor should obtain an understanding of the entity's process for identifying business risks relevant to financial reporting objectives and deciding about actions to address those risks, and the results thereof. The process forms the basis for how management determines the risks to be managed. In evaluating the design and implementation of the entity's risk assessment process, the auditor determines how management: • • • • Identifies business risks relevant to financial reporting, Estimates the significance of the risks, Assesses the likelihood of their occurrence and Decides upon actions to manage them. Page 94 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL If the entity's risk assessment process is appropriate to the circumstances, it assists the auditor in identifying risks of material misstatement. B. Information Systems, Including the Related Business Processes, Relevant to Financial Reporting and Communication The information system relevant to financial reporting objectives, which includes the accounting system, consists of the procedures and records established to initiate, record, process, and report entity transactions (as well as events and conditions) and to maintain accountability for the related assets, liabilities, and equity. The auditor should obtain an understanding of the information system, including the following areas: The classes of transactions in the entity's operations that are significant to the financial statements. The procedures, within both IT and manual systems, by which those transactions are initiated, recorded, processed and reported in the financial statements. The related accounting records, whether electronic or manual, supporting information, and specific accounts in the financial statements, in respect of initiating, recording, processing and reporting transactions. How the information system captures events and conditions, other than classes of transactions that are significant to the financial statements. The financial reporting process used to prepare the entity's financial statements, including significant accounting estimates and disclosures. C. Control Activities The auditor should obtain a sufficient understanding of control activities to assess the risks of material misstatement at the assertion level and to design further audit procedures responsive to assessed risks. Control activities are the policies and procedures that help ensure that management directives are carried out. Examples of specific control activities include those relating to the following: Authorisation. Performance reviews, supervision. Information processing. Physical controls. Segregation of duties. Page 95 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL Specific examples of controls would include: • • • • • • • • Approval and control of documents through signing off or pre-numbering, Checking the arithmetical accuracy of records, Reviewing control accounts for large or unusual items, Reconciling figures, Matching figures or documents, Limiting physical access to assets and records, Matching physical existence to book records and other external data, Segregating duties such as custody of assets from initiation of transactions to recording of transactions to review of transactions. Monitoring of Controls The auditor should obtain an understanding of the major types of activities that the entity uses to monitor internal control over financial reporting, including those related to those control activities relevant to the audit, and how the entity initiates corrective actions to its controls. Monitoring of controls is a process to assess the effectiveness of internal control performance over time. It involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions modified for changes in conditions. Management accomplishes monitoring of controls through ongoing activities, separate evaluations, or a combination of the two. Ongoing monitoring activities are often built into the normal recurring activities of an entity and include regular management and supervisory activities. In many entities monitoring generally falls on the internal audit department. The external auditor may make use of the work of internal audit when carrying out their own work. Limitations of Internal Control Internal control, no matter how well designed and operated, can provide an entity with only reasonable assurance about achieving the entity's financial reporting objectives. The likelihood of achievement is affected by limitations inherent to internal control. These include: • The realities that human judgment in decision-making can be faulty and that breakdown in internal control can occur because of human failures, such as simple errors or mistakes. Page 96 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL • Additionally, controls can be circumvented by the collusion of two or more people or inappropriate override by management of internal control. • Smaller entities often have fewer employees which may limit the extent to which segregation of duties is practicable. However, for key areas, even in a very small entity, it can be practicable to implement some degree of segregation of duties or other form of unsophisticated but effective controls. The potential for override of controls by the owner-manager depends to a great extent on the control environment and in particular, the owner-manager's attitudes about the importance of internal control. • • The costs of control may outweigh their benefits. • Many controls are designed to deal with routine transactions and as such may fail to detect non-routine transactions. The existence of these limitations is the reason why the auditor just doesn’t check the system of internal control. Irrespective of the assessed risk of material misstatements, the auditor should design and perform substantive tests for each material class of transaction, account balance and disclosure. An auditor’s assessment of risk is judgemental and there are inherent limitations to internal control. Small companies Due to the size of small companies, many of the controls that would be relevant may not exist or be even practical. In addition, their cost may severely outweigh their benefit. These means many small companies rely on the close involvement of the owner/managers. This can be a good thing. However, it also gives rise to the risk of override of existing controls and the omission of transactions. Lack of operating controls and insufficient records can cause the auditor great difficulty in carrying out an audit. Specific controls such as segregation of duties are likely to suffer in small companies. Auditors will be faced with additional difficulties in the event that a small company is managed by a person other than the owner. It would be important to assess the controls exercised by the owner over the management of the company. D. ASSESSING THE RISK OF MATERIAL MISSTATEMENT The auditor is required to assess the risk of material misstatements. Misstatements can arise through inherent risks and control risks. So the auditor is concerned with assessing policies and procedures of the entity which are relevant to the financial statements. The auditor should: Page 97 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL 1. Assess the accounting information system as to its adequacy in producing a set of accounts for the entity, 2. Seek to identify any potential misstatements that could occur, 3. Consider all factors that might affect the risk of misstatements, 4. Design appropriate audit procedures whose nature, timing and extent are responsive to the risks. The assessment of controls will have a big impact on risk assessment. Where good controls are identified, the auditors should perform work in that area to provide the necessary audit evidence. Where there are weak controls identified the auditor needs to consider: 1. What errors could be possible, 2. Could such errors be material to the accounts, 3. What substantive procedures will enable such errors to be detected and quantified? Outcomes The existence of a satisfactory control environment can be a positive factor when the auditor assesses the risks of material misstatement and influences the nature, timing, and extent of the auditor's further procedures. In particular, it may help reduce the risk of fraud, although a satisfactory control environment is not an absolute deterrent to fraud. Conversely, weaknesses in the control environment may undermine the effectiveness of controls and therefore become negative factors in the auditor's assessment of the risks of material misstatement, in particular in relation to fraud. In some extreme cases, the control environment may be so poor as to raise questions as to whether the accounts are capable of being audited. The control risk may be so high that audit risk cannot be reduced to an acceptable level. Where substantive procedures alone do not provide the auditor with sufficient evidence and risks remain, the auditor should evaluate the design and determine the operational effectiveness of controls. This is particularly important where systems are highly computerised with little or no manual intervention. E. TESTS OF CONTROLS When the auditor's assessment of risks of material misstatement includes an expectation that controls are operating effectively, the auditor should perform tests of controls to obtain sufficient appropriate audit evidence that the controls were operating effectively at relevant times during the period under audit. Page 98 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL Tests of controls may include the following: 1. Inspection of documents such as: have transactions been authorised, 2. Inquiries as to who carried out the controls rather than who is supposed to carry out the control, 3. Re-performance of controls such as reconciling a bank account as distinct from reviewing the bank reconciliation prepared by someone else, 4. Examination of evidence such as minutes of meetings of management team or board of directors, 5. Observation of controls in action. When assessing the evidence, the auditors need to consider: • • • How the controls were applied, The consistency with which they were applied throughout the period, By whom they were applied. The use of computer assisted auditing techniques (CAATs) may be appropriate particularly where there is a huge amount of data or complex computer systems in use by the entity. Assessment of Control Risk Poor controls or non-existent controls relevant to the financial statement assertions could lead to a higher degree of control risk. The auditor will need to consider how to respond to this. Furthermore, the auditors may find that the evidence they obtain suggests that controls did not operate as expected. If the evidence contradicts the original risk assessment the auditors will have to amend the further audit procedures they had planned to carry out. In particular, if control testing reveals that controls have not operated effectively throughout the period the auditor may have to extend his substantive testing. Management Letter Reporting At the “gaining an understanding” stage of the audit you could draw up a letter to management recommending any improvements you consider from your findings, even at this early stage. Perhaps you have noted weaknesses in the design of a control or the actual absent of a vital control. In addition, what you have learned here may influence the type of further audit testing you may carry out later on. Furthermore, during your test of the operating effectiveness of controls you may uncover significant weaknesses in internal controls and these should also be communicated in writing to those charged with governance. Page 99 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL F. ASSESSMENT OF IMPACT ON AUDIT STRATEGY An effective internal control system may allow an auditor to have more confidence in the reliability of audit evidence generated internally within the entity. If there are weaknesses in the control environment, the auditor needs to: • conduct more procedures as of the period end rather than an interim date, • seek more extensive audit evidence from substantive procedures, • modify the nature of procedures to obtain more persuasive audit evidence. The evaluation of the control environment will help the auditor determine whether there should be a substantive or a combined approach (tests of controls and substantive procedures). In designing further audit procedures, the auditor should consider: • • • • • the significance of the risk, the likelihood that a material misstatement will occur, the characteristics of the class of transactions or account balances, the nature of specific controls and whether they are manual or automated, the evidence gathered in determining if controls are effective in preventing, or detecting and correcting material misstatements. G. THE RECORDING OF CONTROL SYSTEMS There are several techniques for recording the assessment of control risk. One or more may be used depending on the complexity of the system. 1. Narrative notes These are written descriptions of the processes and procedures. They are easy to prepare but can become longwinded and timeconsuming. 2. Flowcharts Diagrams setting out the flow of the process procedures.Great visually but can be difficult to prepare. 3. Questionnaires ICQ or ICEQ Internal Control Questionnaire or Internal Control Evaluation Questionnaire 4. Checklists and the Whatever method is used the data should be retained on the permanent audit file and updated each year where relevant. Page 100 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL ICQs (Internal control questionnaires) They comprise a list of questions designed to determine whether desirable controls are present within an entity. They are designed to ensure that each of the major transaction cycles is covered. Their primary purpose is to evaluate the system rather than describe it. Therefore, a yes/no answer will suffice. Advantages They can ensure that all controls are considered Quick to prepare Easy to use and control Disadvantages Client may be able to overstate controls May be a large number of irrelevant controls May not include unusual controls Can give impression that all controls are of equal weight ICEQs (Internal control evaluation questionnaires) These are used to determine whether there are controls which prevent or detect specified errors or omissions. These are more concerned with assessing whether specific errors are possible rather than establishing whether certain desirable controls are present. These questions concentrate on significant errors or omissions that could occur at each phase of a cycle if controls were weak Advantages Disadvantages Queries objectives rather than specific Can be drafted vaguely, hence misunderstood controls Can identify key controls to be tested Important control may not be identified Can highlight areas of weakness ICQ example- Goods inwards YES 1. Are goods examined on arrival, checking quantity and quality? 2. Are these checks evidenced by appropriate person? 3. Is the receipt recorded on a goods received note/docket? 4. Are GRNs prepared by a person other than someone who ordered the goods and/or processes the invoice? Are the records controlled to ensure that all receipts are matched to invoices? 5. Page 101 NO UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL 6. Are records followed up for exceptions? 7. Are these records reviewed by a responsible person? ICEQ example-Purchases cycle 4. Is there reasonable assurance that: Answer Goods or services could not be received without a liability being recorded? Receipt of goods is required in order to establish a liability? A liability is recorded only for authorised items and the proper amount? All payments are properly authorised? 5. All credits due from suppliers are received? 6. All transactions are properly accounted for? 7. At the period end liabilities are neither overstated nor understated by the system? The balance at the bank is properly recorded at all times? Unauthorised cash payments could not be made and that the balance of petty cash is correctly recorded at all times? 1. 2. 3. 8. 9. Comment if yes H. AUDIT PROGRAMMES SALES Control Objectives 1. Ordering and granting of credit • • • • Goods and services should only be given to customers with good credit background. Customers should be encouraged to pay promptly. All orders are recorded correctly. All orders are filled. 2. Dispatch and invoicing of goods • • • • All despatches are recorded. All goods and services are invoiced correctly. All invoices raised relate to goods and services supplied. Credit notes are only raised for valid reasons. 3. Transactions processing and credit control • All invoices, credit notes and payments received are recorded in sales ledger and nominal ledger. Page 102 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL • • • All transactions are recorded in the correct sales ledger account. Cut-off is applied correctly. Potential bad debts are identified. Control Activities 1. Ordering and credit approval • • • • • • • Segregation of duties Authorisation of credit terms and other data Review of credit terms Document numbering Examination of correct pricing Matching of orders with despatches Dealing with customer queries 2. Dispatch and invoicing • • • • • • • • Authorisation of despatches Examination of despatches - quantity & condition Matching of despatches to orders and invoices and review of unmatched items Checking number sequence on documents Checking conditions of returns Signatures on delivery notes Checking pricing, quantity and details on invoices Checking update of stock records • • • • • • • • • • Segregation of duties Review sequence of invoices Match receipts to invoices Review customer remittance advices Cut-off procedures Regular customer statements sent out Review of customer statements Authorisation of any adjustments to accounts Reconcile sales ledger to debtors control account Review of margins 3. Transactions processing and credit control Page 103 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL Tests of controls Ordering and granting of credit 1. Check that for all new customers credit references are obtained. 2. Check that authorisation by senior staff has been obtained for all new accounts. 3. Check that all new orders are only accepted for those customers adhering to the credit terms and within agreed credit limits. 4. Check that orders match production and despatch notes. Despatches and invoicing 1. Match despatch notes with sales invoices. Check quantity, price, calculations, VAT, posting to sales ledger and if appropriate analysis details. 2. Match sales items with inventory movement records. 3. Check non-routine sales have appropriate authorisation, supporting evidence and entry to fixed asset registers in the case of plant disposals. 4. Verify credit notes for approval, backup documentation, and entry in stock, entry in goods returned records, calculations, entry in daybook and posting to sales ledger. 5. Review sequence of despatch notes and enquire about missing numbers. 6. Review sequence of invoices and credits and enquire about missing numbers. 7. Review sequence of orders and enquire about missing numbers. 8. Review any items free of charge and check for authorisation. Processing sales 1. Check entries in daybooks and match to invoices and credit notes. 2. Check down totals and cross totals of daybooks. 3. Check totals of daybooks match debtors control account. 4. Check individual transactions from daybooks to sales ledger accounts. 5. Check a sample of entries in sales ledger accounts back to daybooks. 6. Check calculations in sales ledger accounts. 7. Check that debtors control account is reconciled to a list of balances from the sales ledger. 8. Review and enquire about contra entries in sales ledger accounts. 9. Examine specific sales ledger accounts to see if credit terms and limits are been adhered to. 10. Enquire and examine evidence as the follow up on overdue accounts. 11. Check for authorisation re any write offs on an account. Page 104 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL PURCHASES Control Objectives 1. Ordering • • • 2. 3. Receipts and invoices Accounting • • • • • • • • • • • All orders are authorised, received and are actually for the entity. All orders are to authorised suppliers. Orders are at a fair price. All receipts are for the entity and not for personal use. Receipts are only accepted if proper authorised orders exist. All receipts are recorded accurately. Liabilities are recognised for all receipts. All credits due are claimed and received. All invoices are for orders received. All invoices are authorised. All invoices are recorded in appropriate ledgers and daybooks. All credits are recorded in appropriate ledgers and daybooks. All entries are in the correct purchase ledger account. Cut-off is applied correctly. Page 105 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL Control Activities 1. Ordering • • • • • • • 2. Receipts and invoices • • • • • • 3. Accounting • • • • • • Segregation of duties Evidence of re-order quantities and levels Orders prepared from pre-numbered requisitions Orders authorised Pre-numbered order books and safe custody of such books Review orders not received Regular monitoring of supplier terms and conditions Examine goods received. Checking quality and quantity Record receipt in goods inwards records Match receipts with order details Appropriate referencing of invoices Examine invoice and check price, quantity and calculations. Match to receipts and order documents Record all goods returned and ensure credit is claimed Segregation of duties Record all purchases and returns in daybooks and appropriate ledgers Review purchase ledger and reconcile accounts to supplier statements Payments should be authorised only after all checking procedures complete Reconcile creditors control account to a list of purchase ledger accounts Cut-off is appropriate Page 106 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL Tests of controls Ordering 1. Check that all new suppliers are authorised. 2. Check that authorisation by senior staff has been obtained for all new orders and is within limits set. 3. Review order books for orders not completed and enquire of same. Receipts and invoicing 1. Check invoices are supported by a goods received note and order, are entered in stock records, priced correctly, calculations are checked and are appropriately referenced. 2. Check all returns are matched to a received credit note and this credit note should be traced to the stock records. 3. Check all invoices and credit notes have been entered to the purchase ledger and the appropriate daybooks. 4. Check all credit notes received for relevant supporting documentation. 5. Review numerical sequence of order books, goods received notes and goods returned books and enquire of unmatched numbers or missing numbers. 6. Enquire of supplier invoices not matched with goods received notes or orders. Processing purchases 1. Check all invoices and credit notes in the daybooks are evidenced as having been checked re prices, calculations, matched to orders and goods received notes and authorised for payment. 2. Check down totals and cross totals in the daybooks. 3. Match totals in the daybooks to the control accounts. 4. Check postings from the daybook to the appropriate purchase ledger accounts. 5. Check a sample of purchase ledger accounts and agree transactions back to the appropriate daybooks. Check the totals of the balances. 6. Review purchase ledger accounts for contras and enquire of same. 7. Review supplier reconciliations and trace balances and reconciling items to the appropriate books. 8. Confirm creditors control account agrees to list of balances of purchase ledger accounts. 9. Review creditors control for unusual transactions. Page 107 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL PAYROLL Control Objectives 1. Setting of wages and • salaries • 2. Recording • Employees only paid for work they have done Gross pay calculated correctly and properly authorised • • Gross pay, net pay and all deductions are recorded correctly Payments are recorded correctly in the bank account Full cost is recorded in the nominal ledger 3. Payment • Employees are paid exactly what they are owed 4. Deductions • All deductions correctly calculated and appropriately authorised Revenue get paid what they are owed • Page 108 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL Control Activities 1. Setting of wages and • salaries • • • • 2. Recording • • • • Segregation of duties Personnel records should be maintained with proper employment letters etc. Authorisation of rates of pay, deductions Maintain details of holiday entitlement, advance of pay etc. Procedures for dealing with queries • • Records maintained of timesheets, clock cards etc. Review of hours worked Review of wages cost against budgets Review by senior staff of data input and calculation work by other staff including checking procedures Appropriate analysis codes Maintenance and reconciliation of wages bank account 3. Payment • • • • • • • Custody of cash procedures Segregation of duties Verification of identity Preparation of pay packets, cash, cheque, payslip etc. Records of amounts distributed Authorisation of cheques and bank transfers Dealing with queries 4. Deductions • • • Maintenance of separate records for each employee Review deductions as between differing periods Review control accounts for deductions Page 109 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL Tests of controls Setting of wages and salaries 1. Check that wages summary is approved for payment. 2. Review details for changes from previous period and check for authorisation for differences. 3. Check letters of employment exist for all new employees and relevant forms are prepared for all leavers. 4. Check calculation of gross pay and agree rate of pay to authorised pay, hours worked etc. 5. Check a sample of names on payroll lists to phone records, floor plans etc. Recording 1. Reconcile wages to previous weeks payroll, timesheets, changes in pay rates etc., looking for unusual or explained variances. 2. Re-perform key calculations and seek evidence of controls checking. 3. Check down totals and cross totals on payroll sheets and trace to the appropriate ledger accounts. 4. Review all payroll control accounts. 5. Enquire as to payroll queries from staff. Payment 1. If cash payments made, attend such an event and note procedures. 2. Compare pay packets with list of payments to be made. 3. Ensure signatures for all packets collected and enquire about uncollected packets. 4. Review list of cheques/ bank transfer list and agree back to payroll details. Deductions 1. Check calculations on payroll details and that authorisation does exist. 2. Check down totals on payroll summaries and match to entries in appropriate ledger accounts. 3. Examine third party documentation. 4. Review the deduction control accounts and compare against previous periods. CASH RECEIPTS AND DISBURSEMENTS Control Objectives 1. 2. 3. 4. All monies received are recorded, processed to the appropriate ledger accounts and banked where necessary Cash and cheques are safeguarded from loss through theft or otherwise All payments are authorised, properly recorded and made to the correct person Duplicate payments are avoided Page 110 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL Completeness of income (recording of all cash receipts) is extremely important. If there are inadequate controls, these may cause limitations in the scope of your audit. Segregation of duties is vital when dealing with cash. The receiving, recording, banking and reconciling functions should ideally be done by separate persons within an entity. Control Activities 1. Cash at bank and • in hand- receipts • • • • • • • • • • • • • 2. Payments - cash • and cheques • • • • • • • Segregation of duties Post opening procedures. Safeguards over security, supervision, listing of items when opened, cheques crossed, remittance stamped. Policy over who can receive cash, pre-numbered company receipts books. Ensure safe custody. Regular clearance of cash registers and matching to till rolls. Reconcile cash collection with sales records. Investigation of shortages/surpluses. Prompt recording of receipts in daybooks and ledger accounts. Daily bankings, matching cash records with bank lodgement receipt slip. Authorisation to open bank accounts. Set limits on cash floats. Regular review and authorisation. Restrictions on payment out of cash receipts. Access controls over cash. Surprise cash counts. Bank reconciliation process. Follow up of un-reconciled transactions. Custody over supply and issue of cheques, especially ones with printed signatures. Restrictions on issue of incomplete cheques or signing blank cheques. Cheque requisitions with appropriate supporting documentation and approval. Authority limits to sign cheques. Keep separate from approval process. No signatures without full documentation. Prompt despatch of signed cheques and recording in daybooks and ledgers. Authorisation and suitable backup documentation for cash payments. Separate cashier listing payments to person recording in daybooks and ledgers. Limits on cash disbursements. Page 111 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL Tests of controls Receipts received by post 1. Observe that post opening procedures are followed. 2. Observe that all cheques received are crossed for protection. 3. Trace items in the rough cash list to the cash book and appropriate ledgers. 4. Verify amounts received agree with remittances advices. Cash sales 1. Verify takings against till rolls. 2. Check takings to bank slip when lodged. Collections 1. Trace amounts to cash book from appropriate collection sheets. 2. Verify goods sent for collection have matching receipts. 3. Review numerical sequence of collection books. Cash receipts book 1. Check a sample of entries in the daybook back to till rolls, collection sheets or rough cash sheets. 2. Check entries in daybook to bank statement to ensure daily lodging. 3. Check down totals and cross totals of daybook and trace totals to the nominal ledger. 4. Check transactions in daybooks to appropriate sales ledger accounts. 5. Review the daybook and check for large or unusual items. Cash payments book 1. Check a sample of payments recorded to supporting documentation. Suppliers’ statements, copy paid cheques. 2. Ensure cheque amounts are within authority limits for signing. 3. Check that invoices to be paid have been verified and passed for payment and that a “paid” stamp is inserted on such invoices. 4. Check the numerical sequence of cheque numbers and enquire as to missing numbers. 5. Trace transfers to other bank accounts, cash records etc. 6. Check additions and trace totals to the nominal ledger. 7. Check transactions in daybooks to appropriate purchase ledger accounts. 8. Review the daybook and check for large or unusual items. 9. Review bank reconciliations. Check balances and un-reconciled items against daybooks and other supporting information. Check done on a regular basis and review for any unusual items. Petty Cash 1. Check a sample of payments to supporting documentation and appropriate approval. 2. Ensure vouchers have been marked and signed off to prevent re-use. 3. Trace a sample of amounts received to cash books and to relevant ledgers. 4. Check additions of petty cash book and trace summary totals to the nominal ledger. Page 112 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL INVENTORY Control Objectives 1. Recording of stock • • • • • All movements are recorded and authorised Record only items that belong to entity Records show all inventory that exists and is in stock All quantities are recorded correctly Proper cut-off procedures apply 2. Safeguarding of stock 3. Valuation of stock • • Loss, theft or damage is guarded against Stock is priced correctly 4. Holding of stock • Levels of stock are reasonable Control Activities 1. Recording of stock • • • • 2. Protection of stock • • • • • 3. Valuation of stock • • • • 4. Holding of stock • • Segregation of duties between custody and recording of stock Checking receipt and recording of goods received Checking appropriate documentation of movement Maintenance of stock records. Ledger cards, bin cards etc. Access rights to stock Controls over environment Security over third party stock on-site and stock on third party property Stock takes - Procedures, supervision, control, cut-off, recording. Reconciliation of book stock to physical. Checking calculations Compliance with accounting standards, company law etc. Examine condition of stock and provide for slow moving, obsolete or damaged stock Authorisation for any write offs and appropriate accounting for such Agreed levels, regular review Max/min levels and re-order levels Page 113 UNIT 6 – INTERNAL CONTROL – ASSESSING CONTROL RISK & TESTS OF CONTROL Tests of controls Recording movement of stock 1. Select a sample of stock movements and trace back to either goods received notes or despatch notes. 2. Confirm all movements were authorised. 3. Select a sample of items from the goods received notes and the despatches and agree to the stock movement records. 4. Check the sequence of records and enquire about potential missing items. Safeguarding of stock 1. Test check counts carried out and ascertain whether all discrepancies between book stock and actual physical stock levels have been investigated. 2. All variances should be signed off by a senior member of staff. 3. Slow moving, obsolete or damaged stock should be marked as such and should be written down in value. Trace a sample of these items through to the stock valuation reports. 4. Note the security arrangements. Valuation of stock 1. Tests are generally of a substantive nature rather than testing controls but you should review stock sheets prepared at stock take, taking note of slow moving, obsolete items etc. Holding of stock 1. Examine stock records to check whether max/min levels are observed and whether reorder levels are applied. Page 114 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES Study Unit 7 Financial Statement Items – Substantive Procedures Contents A. Assertions B. Specific Audit Procedures C. Balance Sheet items D. Profit & Loss items E. Assessment of Misstatements F. Impact on Audit Reporting Page 115 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES A. ASSERTIONS Auditors need evidence to support the financial statement assertions. By approving the financial statements, the directors are making representations about the information therein. In other words they are making certain assertions about the figures and disclosures contained within the accounts. These assertions may fall into the following categories: (a) Assertions about classes of transactions and events for the period under audit (Profit and loss): • Occurrence — recorded transactions and events have occurred and pertain to the entity. • Completeness — all transactions and events have been recorded. • Accuracy — amounts and other data recorded appropriately. • Cut-off — transactions and events recorded in the correct period. • Classification — transactions and events recorded in proper accounts. (b) Assertions about account balances at the period end (Balance sheet): • Existence — assets and liabilities exist. • Completeness — all assets and liabilities have been recorded. • Rights and obligations — the entity holds or controls the rights to assets (ownership) and liabilities are the obligations of the entity. • Valuation and allocation — assets and liabilities are included in the financial statements at appropriate amounts and in appropriate accounts. (c) Assertions about presentation and disclosure: • Occurrence and rights and obligations — disclosed events, transactions, and other matters have occurred and pertain to the entity. • Completeness — all disclosures that should have been included in the financial statements have been included. • Classification and understand ability — financial information is appropriately presented and described, and disclosures are clearly expressed. • Accuracy and valuation — financial and other information are disclosed fairly and at appropriate amounts. B. SPECIFIC AUDIT PROCEDURES ISA 500 provides guidance on the audit procedures used for obtaining audit evidence to support the financial statement assertions. Page 116 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES Substantive procedures are tests to obtain the audit evidence to detect material misstatements in the financial statements. They can be tests on transactions and balances and can be used to discover errors or omissions. • Inspection of tangible assets Inspection confirms existence and valuation and gives evidence of completion. It does not however confirm rights and obligations. • Inspection of documents and records Confirmation to documentation confirms existence of an asset or that a transaction has occurred. Confirmation that items are in the books shows completeness. Also helps testing cut-off. It provides evidence of valuation, measurement, rights and obligations and presentation and disclosure. • Observation This procedure is of limited use in that it only confirms that a procedure took place when it was observed. • Inquiry and confirmation Information sought from client or external sources. The strength of the evidence depends on knowledge and integrity of the source of the information. • Recalculation and Re-Performance Checking calculations of client records • Audit automation tools Such as computer assisted auditing techniques • Analytical procedures Analysis of significant ratios and trends including the resulting investigations of fluctuations and relationships that are inconsistent with other relevant information or which deviate from predictable amounts. Page 117 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES Typical tests associated with assertions Completeness 1. Review of post year end transactions 2. Cut-off tests 3. Analytical review 4. External confirmations 5. Reconciling to control accounts 6. Checking number sequences Valuation 1. Checking to invoices 2. Recalculation of amount by auditor 3. Review of post year end transactions 4. Reviewing accounting policies for consistency of application and for appropriateness for entity Existence 1. Physical verification 2. External confirmations Rights and obligations 1. Examination of invoices 2. External confirmations Occurrence 1. Inspection of documentation 2. Physical verification 3. Review of minutes of directors meetings 4. Enquire from management Measurement 1. Re-calculation by auditor 2. External confirmations 3. Review by external expert valuation 4. Analytical review Disclosure 1. True and fair view given 2. Compliance with accounting standards and appropriate legislation Page 118 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES Overall Approach When auditing a particular area it is useful to bear the following process in mind: 1. Carry out analytical review procedures. 2. Always agree back the opening balances with last year’s working papers and the final trial balance and last year’s signed audited accounts. 3. Examine the schedules given to you by the client and check a sample of the items to the accounting records while selecting a sample from the accounting records and matching back to the schedule. 4. Test the transactions and balances in detail. 5. Review the nominal ledger account for any unusual items. 6. Agree the balance into the final trial balance and a draft set of accounts if available and review the presentation and disclosure in those accounts. Remember, the audit tests carried out should be tailored to the specific entity taking into account factors such as: • • • • C. The significance of any risk of misstatement and the likelihood that it will occur The characteristics of the class of transactions or account balances The level of materiality set The nature of any specific controls and whether the auditor obtained evidence that controls are effective and operating effectively in preventing, or detecting and correcting material misstatements. BALANCE SHEET ITEMS a) Non-current assets We will look at two types, tangible fixed assets and intangible assets. Tangible fixed assets The key audit objectives are existence, completeness, valuation and rights and obligations. Before designing tests the auditor should take into account any relevant internal control considerations such as: 1. 2. 3. 4. The existence and operation of a fixed asset register. Procedures for authorisation and accounting for additions and disposals. Physical security procedures. The adequate maintenance of assets and the provision of depreciation. Page 119 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES Audit programme -Tangible fixed assets Assertion - Completeness 1. Obtain a summary of the assets showing the gross book value, the accumulated depreciation and the net book value and reconcile this with the opening position. 2. Reconcile the summary with the nominal ledger and the asset register and follow up on any discrepancies. 3. Physically inspect whether items on the summary actually exist. Assertion - Existence 1. Confirm that entity physically inspects all assets each year. 2. Inspect a sample of items on asset register paying attention to high value, portable and any material additions during the year and check that they are in use and in good order. Assertion - Valuation 1. Verify valuation of buildings to a valuation certificate, having regard to the experience of the valuer, his scope of work, the methods and assumptions he uses and whether the valuation bases are in line with accounting standards. 2. Check whether any surplus/deficit has been calculated correctly and is recognised in the profit and loss account or statement of total recognised gains and losses whichever is appropriate. 3. Check whether regular valuations are being carried out. 4. For other asset types examine the purchase invoice or other supporting documentation. 5. Review depreciation rates and policies and assess their appropriateness having regard to the entity itself, asset lives, residual value, replacement policy, past history profits/losses on disposal and possible obsolescence. 6. Check that depreciation is charged on all assets in use and that none is charged on fully depreciated or disposed assets. 7. Check the calculation of a sample of depreciation charges. 8. Carry out analytical review procedures such as comparing depreciation to previous years. 9. Review accounts for policy and rates disclosures. 10. Review the current insurance policies in place and consider the adequacy of the insured amounts. Assertion - Rights and obligations 1. Inspect title deeds, leases and land registry certificates. 2. Confirm through lawyers that deeds are free from charge. 3. Inspect car registration documents. 4. Examine documents of title for other assets including invoices, lease agreements, contracts or architects certificates. 5. Review statutory books and leases and agreements to ensure all charges and commitments are noted. 6. Examine post year end transactions and minutes of management meetings for any evidence of capital commitments. Page 120 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES Additional testing is carried out on additions, disposals and where an entity constructs its own assets. Additions- rights and obligations, valuation, completeness 1. Inspect architects’ certificates and suppliers’ invoices. 2. Check whether the capitalising of the asset is correct and whether there is consistency with previous years. 3. Check whether amounts are posted to correct accounts in nominal ledger. 4. Check whether the additions have been authorised. 5. Where assistance or grants are available, check that such are claimed and have been received and correctly accounted for. 6. Check additions are recorded on the asset register. Disposals- rights and obligations, completeness, occurrence and measurement 1. Verify disposals with supporting documentation, checking transfer of title, sales price and dates of completion and payment. 2. Check calculation of profit and loss and has it been recorded properly. 3. Check that disposals are authorised. 4. If the asset is used as security, ensure that a release has been correctly made. In-house construction of assets-valuation and completeness 1. Verify material and labour costs to suppliers’ invoices and payroll records. 2. Ensure expenditure is capital. It should enhance the economic benefits, replace or restore a component or relate to a major inspection or overhaul. 3. Check whether finance costs are capitalised. Page 121 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES Intangible fixed assets The key assertions relating to intangibles are existence and valuation. Audit programme Goodwill 1. Examine the sales agreement for the amount of the consideration and check that the asset valuation is reasonable. 2. Check that the calculations are correct. 3. Examine the impairment review for reasonableness. Intangibles- e.g. trademarks 1. Inspect the purchase documentation. 2. Review valuation prepared by specialists to ensure reasonableness. 3. Review the amortisation calculations. Research and development costs 1. Ensure amounts capitalised agree with IAS38. 2. Confirm feasibility and viability by reference to budgets and other documentation. 3. Check the amortisation calculations. Inventory The key assertions are existence, valuation, completeness and ownership. IAS 2 states that stock should be measured at the lower of cost and net realisable value. Costs would include cost of purchase and any other costs incurred in bringing the stock to its present condition and location. That could include production overheads. Net realisable value is likely to be less than cost where costs are increasing at a faster rate than sales prices, or costs falling slower than sales prices, products becoming obsolete or deterioration in quality and possible strategic decisions to sell products at a loss. The first key assertion is existence. ISA 501 additional considerations refers to attendance at a physical stock count. It states that an auditor should attend such a count to vouch the existence and condition of such stock. Non-attendance coupled with an inability to obtain alternative sufficient and appropriate evidence could lead the auditor to conclude that there has been a limitation in the scope of the audit. Types of stock counts 1. Physical count at year-end 2. Physical count before year-end 3. Perpetual counts (throughout year) Page 122 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES Counting at the year-end is better but some companies will count before year-end or have a system of counting throughout the year. In the latter two, the auditor will need to consider the systems of internal control over the stock process. The auditor will need to ensure that adequate inventory records are kept, satisfactory procedures for counting and test checking exist and all material variances are investigated, corrected and authorised. Attendance at a count gives the auditor evidence over the existence of stock, its ownership and also completeness. It is vital therefore that a stock count is well managed to ensure that all stock which is owned by a company is counted accurately. The auditor needs to pay special attention to the organisation of the count, the actual counting and the recording of those results. What levels of supervision will management employ, controls over movement of stock during counting, identification of slow moving stock, controls to ensure all stock is counted, who will carry out test checks, control of stock sheets, data to be recorded, recording of cut-off details, reconciliation of records and follow up corrections etc. As for the auditor himself, he needs to consider the nature and volume of the stock, any documented risks, identification of high value items and locations among other things before deciding on what test counts to perform. It will be important to ensure a representative sample of locations and stock. Audit programme-Stock Attendance at stock count 1. Check that all audit staff on the count are aware and understand the count instructions and ideally should have a written copy. 2. Perform test counts to ensure procedures are working properly. Test counts are performed by selecting items from count sheet and re-performing count or identifying physical stock, counting it and tracing to the stock sheets. Ensure all results are documented. 3. Ensure procedures over damaged and slow moving stock are operating and note instances where these stocks are identified for further follow up at year-end. 4. Confirm third party stock is separately identified and accounted for. 5. Conclude as to whether count has operated in line with plan and is reliable for determining the year-end stock figure. 6. Document all cut-off numbers and details of count sheets. On final audit visit 1. Trace all items that were test counted to the final stock sheet. 2. Check all count sheets have been included on final stock sheet. 3. Trace some items from final stock sheet back to the count sheets. 4. Confirm cut-off is ok by tracing relevant numbers through each of the processes namely, sales and purchases. 5. Check replies from third parties for stock held by them or for them. 6. Check the prices applied for valuation purposes and check calculations. Page 123 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES Cut-off is vital to the accurate recording of transactions. It is important that the physical receipt of goods and the supporting documentation are recorded in the correct period. The auditor needs to assess the controls which management have in place to ensure cut-off is applied properly. Purchase invoices should be recorded as a liability only if goods are received prior to the year-end count. While invoices for sales despatched after the stock count should not appear as sales for the period up to the year-end. Cut-off testing- at count 1. Record all movement of stock if these have not been stopped during the count. 2. Note last goods received note in and last goods despatch note out. 3. Observe cut-off procedures applied by staff at point of entry/exit. Final audit visit testing 1. Match goods inwards notes with purchase invoices to ensure liability is recorded in correct period. 2. Match goods despatch notes with sales invoices to ensure income is recorded in the correct period. Valuation - Lower of cost and net realisable value The auditor must ensure that the company is applying an allowable costing method consistently. He should review prices changes, old or obsolete stock and review the profit margins data. Stock can include raw materials, work-in-progress and completed stock. At the outset the auditor should apply analytical review procedures. It may assist in comparing the current year’s analysis of figures with previous year’s, highlighting areas for further review. Page 124 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES Audit programme Production costs 1. For all materials: check the price used to purchase invoices or price lists, confirm the valuation basis is being used and check the quantity and the calculations. 2. For labour costs: check the payroll records for hours and rates of pay. 3. If standard labour costs are used, check the actual costs and production and review the variances to assess whether standard rate is reasonable. Allocation of overheads 1. Check that all abnormal conversion costs (idle capacity, inefficient production, reduced levels of activity) are excluded from the allocation. 2. Check overheads are classified by function. 3. Check general management costs are excluded. 4. Ensure only costs that can be reasonably allocated to the production function are included. Cost versus NRV 1. Review and test the company’s controls for identifying slow moving, obsolete or damaged stock. 2. Trace all items from test counts to the final stock valuation report ensuring adequate provision was made. 3. Examine stock records to identify slow moving stock and check whether a write down exists. Enquire of same where no write down exist. 4. Examine prices after the year-end and assess whether valuations need adjusting. 5. Review stocks sold post year-end to assess whether year-end stock has been realised and consider whether appropriate provisions are needed. B) Accounts receivable & sundry debtors Key assertions are completeness, accuracy, existence, rights and obligations and valuation. In the first instance the auditor should obtain a list of outstanding debtor balances from the sales ledger, ideally each balance should be aged. To obtain evidence in relation to completeness and accuracy the auditor should: 1. Check the balances from the list and match to the sales ledger. 2. Check balances within the sales ledger and match to the list. 3. Reconcile the total of the list to the total of the sales ledger balances and the debtors control account in the nominal ledger. ISA 501 additional considerations and ISA 505 external confirmations refer to the confirmation of accounts receivable. Verification from external sources is strong evidence for existence of rights and obligations. A sample of balances on the listing should be circularised. Ideally, it should be the year-end balance tested and authorisation must be received from the client. The client can authorise third parties to divulge information to the auditors. Page 125 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES Where management refuse the request for all or individual balances selected, the auditor needs to consider whether there are valid grounds for such action and obtain evidence to support the validity of that claim. If the auditor accepts this, alternative audit procedures will need to be carried out for those items refused the request. In the event that the auditor does not accept management’s decision, there is a limitation on the scope of the audit and this could have an impact on the audit report. The letter is drawn up by the client (standard form) asking the customer to confirm details with the auditor directly. The form of the letter can be a positive or negative confirmation. The former asks a customer to confirm a figure, the latter asks for a reply if the amount is disputed. A positive confirmation is more generally preferable. It is important for the auditor to control the despatch of and the return of these letters directly to himself (inclusion of addressed & pre-paid envelope), even though they are prepared and signed by the client. When selecting the sample the auditor needs to pay special attention to large balances, old unpaid accounts, accounts written off, credit balances, accounts with part payments only and nil balances. Many customers do not respond or disagree with the quoted balance. In these cases, follow up procedures are required. The extent of these tests will depend on each case and its specific circumstances. Disagreements can arise for a number of reasons: • • • • • • On-going dispute between client and customer Cut-off problems exist Time lag of monies in post or processing to an account Items posted to wrong accounts Netting off balances where you have sales and purchases with a customer Incorrect postings to accounts for whatever reason There should be some follow up for customers who do not respond such as additional phone queries or assistance from client. Failing that, alternative testing needs to be done: Accounts receivable - alternative procedures 1. Review post year-end receipts. 2. Verify that valid sales orders exist and goods were despatched. 3. Examine invoices specifically making up the account balance. 4. Enquire from management as to why debt remains unpaid. Disputed amounts and errors by client may need further audit procedures to be carried out to determine whether these amounts are material and require adjustment in the accounts. Page 126 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES Valuation of year-end balances depends on the evidence of collectability of debts. Auditor needs to be aware of bad and doubtful debts. Bad debts 1. Confirm adequacy of provision. Inspect correspondence, lawyers’ letters, debt collection reports etc. 2. Examine customer accounts, particularly age of debts against credit policy to ascertain whether a provision is required. Look out for round sum payments, earlier invoices left unpaid, correspondence on file. 3. Review general provisions for reasonableness. 4. Examine credit notes processed after year-end to assess whether year-end balances remain valid. 5. Test accuracy of aging of accounts. 6. Scrutinise unapplied credits or unallocated cash receipts. 7. Review accounts and debtors control account for unusual items such as journals transferring balances, clearing balances and enquire of same. Cut-off testing-evidence for accuracy 1. Obtain details of last despatch note out and last goods returns note in. 2. Select a sequence of movement notes before and after the cut-off point and match to invoices and credit notes in the correct accounting period. 3. Select a number of invoices and credit notes and match back to the appropriate despatch notes and goods returns notes. 4. Follow up and assess any exceptions. Prepayments 1. 2. 3. 4. Compare prepaids with previous years using analytical procedures. Verify prepaids to payments book and supporting documentation. Check calculation for reasonableness. Review nominal ledger accounts for journal adjustments for prepaids. Sundry debtors Balances such as employee loans can be confirmed directly with employees or through the payroll system. Investments The auditor needs to consider the income and the asset. Investments can fall under the following headings: • Investments in companies whether listed or unlisted • Investment in subsidiary and associated companies • Investment properties Page 127 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES The auditor needs to consider a couple of key internal controls such as authorisation over investment dealings and the segregation of duties re the recording and custody roles which should be kept separate. Audit programme - Investments 1. Examine certificates of title and confirm that they are bona fide complete title documents in the clients name and free from any charge or lien. 2. Examine confirmation from a third party investment custodian and check investments are in the clients name and are free from charge or lien. 3. Inspect certificates of title held by third parties who are not bona fide custodians. 4. Inspect letters of trust to confirm client owns nominee shares. 5. Review minutes and other statutory books for evidence of charging. 6. Verify purchases to agreements, contract notes and correspondence. 7. Confirm purchases were authorised. 8. Check with appropriate financial data suppliers that all reported capital changes bonus or rights issues have been correctly accounted for. 9. Verify disposal with contract notes and sales agreements. 10. Check whether investments disposals have been authorised. 11. Confirm that profit or loss on sale of investments have been correctly calculated taking into account bonus issue of shares, consistent basis of identifying cost of investment, rights issues, accrued interest and taxation. 12. The auditor should establish that the company’s policy on valuing investments has been correctly and consistently applied. 13. Confirm the value of listed investments by reference to stock exchange. 14. Review accounts of unlisted companies and assess the net asset value of the shares and the value of the investment and ensure that it is reasonable. 15. Check that there is no substantial fall in the value of the investments. 16. Check whether the current asset investments are included at the lower of cost or net realisable value. 17. Ensure that the investments are properly categorised in the financial statements into listed and unlisted. Investment properties IAS 40 sets out the criteria for the validity of an investment property. It is property whether land or buildings held rather than for use in the ordinary course of business. There are different standards applicable depending on the type of the property: • • • • Property held for sale in ordinary course of business – IAS 2 inventories Property being constructed on behalf of third parties - IAS 11 construction contracts Owner occupied property - IAS 16 property plant and equipment Property being constructed for future use as investment property - IAS 16 –“…until construction or development is completed then treat as an investment property”. Page 128 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES Audit programme-Investment properties 1. Verify rental agreements, ensuring that occupier is not a connected company and that the rent has been negotiated at arm’s length. 2. If the building has recently being built, check the architect’s certificate to ensure that the construction work has been completed. 3. IAS requires that investment properties either be held at cost or at fair value. The auditor should verify this to a valuer’s cert., as professional valuation is encouraged under the IAS. 4. The auditor should seek to verify the cost to appropriate evidence such as purchase invoice, or if self-constructed, costing records, payroll etc. 5. The auditor should review the disclosures made in the financial statements in relation to investment properties to ensure that they have been made appropriately, in accordance with IAS 40. Bank and cash balances Audit work will focus on the completeness and accuracy of balances. The key assertions are completeness, existence, rights and obligations and valuation. The main audit procedures will concentrate on external confirmation of balances and reviewing the bank reconciliation process. The bank confirmation letter is sent to the banks to complete and return to the auditor direct. The client will authorise this process. As well as the balance on any accounts held, the details should include any other relevant information such as guarantees, lines of credit, comfort letters, securities, interest terms and interest payable or receivable. The letter is in a standard form which is agreed by the banks and the various accountancy bodies. The auditor should send letters to all banks that the client deals with ( current account, deposits, loans etc.) and should control the despatch of and the return of completed letters directly to himself (include pre-addressed & pre-paid envelope). Cut-off or more commonly known as window dressing can occur. Companies attempt to overstate or understate balances for varying reasons. Examples include, keeping books open to record receipts actually received in the New Year thereby pushing up bank balance and reducing debtors. Recording cheques in the current year, but not actually releasing them until the New Year, will decrease the bank balance and reduce trade creditors. These examples present an artificial scenario. Bearing this in mind the auditor should examine bank paying-in slips for evidence of lodgement and examine supplier statements and bank statements to ascertain the length of time paid cheques are taking to clear. Page 129 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES Audit programme- Bank balances 1. Obtain standard bank confirmations from all relevant banks. Agree each balance to the accounting records and note all other relevant comments for disclosure in accounting notes. 2. Obtain bank reconciliations for each bank account operated. 3. Check the arithmetic calculations of these reconciliations. 4. Trace outstanding cheques to the payments book prior to the year-end and to the post year-end bank statements. Enquire as to any large or unusual items not cleared at the time of the audit. 5. Compare cash books and bank statements in detail for the final month and check that un-reconciled items are appearing on the bank reconciliation. 6. Review the reconciliations for older items and enquire as to their validity. 7. Trace outstanding lodgements back to cash book before year-end and bank statement post year-end. Review bank paying-in slips. 8. Match balances per the cashbooks to the ledger and the reconciliations. 9. Scrutinise the cashbooks and the bank statements for any large or unusual items and follow up on same. 10. Identify whether any of the accounts are used as security on the assets of the company. 11. Consider whether there is a legal right of set-off of accounts. Cash balances, whether petty cash or floats for staff, are often immaterial, but may require some audit work because of the risk of fraud particularly where internal controls are weak. Also, the auditor needs to consider that some entities, such as retail organisations and hotels/bars, will hold large cash sums. Where cash balances are potentially material, the auditor should conduct or be in attendance at a cash count. Similar to a stock count, the auditor needs to pay attention to the planning, the count and follow up procedures. Audit programme - Cash count 1. 2. 3. 4. 5. Count all cash balances and agree to petty cash book or other record kept. Count all cash at same time and ensure all work is done in presence of staff. Obtain a certificate of cash in hand from staff member. Enquire about IOUs or cheques cashed. Confirm balances are in agreement with the accounts. Verify that IOUs and un-cashed cheques have subsequently been dealt within a reasonable period of time. c) Accounts payable, accruals, provisions for liabilities Testing for understatement and completeness is very important for all liabilities. Page 130 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES Trade creditors The primary objective will be to ensure that all trade creditor liabilities existing at the yearend are completely and accurately recorded. To ensure this the auditor needs to pay special attention to cut-off testing and reconciling purchase ledger accounts to supplier statements. The purchase cycle test of controls will hopefully have provided the auditor with some degree of comfort over the completeness of liabilities. In the first instance the auditor should obtain a list of outstanding trade creditor balances extracted from the purchases ledger. The following substantive procedures should be carried out: 1. Check the balances from the list and match to the purchases ledger. 2. Check balances within the purchases ledger and match to the list. 3. Reconcile the total of the list to the total of the purchases ledger balances and the creditors control account in the nominal ledger. 4. Check all arithmetical calculations. 5. Obtain a sample of suppliers’ statements, reconcile and trace back each of the reconciling items to source documentation. Agree the ledger balance and the statement balance to the reconciliation. 6. Ensure that all trade accruals are correctly accounted for. 7. Follow up on un-cleared year-end items at the time of the audit. The sample should not be just kept to large balances. Understatement of balances is where the risk is. Look at nil balances, low balances for major suppliers and debit balances. The auditor doesn’t generally seek external confirmation as the quality of evidence that a supplier’s statement provides is good. However, in rare circumstances he might just do that, such as, if statements are missing, deliberate attempts to falsify documents or if the balance is unusual compared to the norm. Cut-off testing-evidence for completeness 1. Obtain details of last good received note in and last goods returns note out. 2. Select a sequence of movement notes before and after the cut-off point and match to invoices and credit notes in the correct accounting period or a list of trade accruals where necessary. 3. Select a number of invoices, credit notes and items per the list of trade accruals and match back to the appropriate goods received notes and goods returns notes. 4. Follow up and assess any exceptions. 5. Review outstanding purchase orders for any evidence of any purchases completed but not invoiced. 6. Review the creditors control account for any unusual transactions around the yearend. Page 131 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES Reservation of title This is where a seller may retain legal ownership of goods until fully paid for. The auditor needs to ascertain how the client identifies these and should review and test the procedures for estimating liabilities. He should also review the terms of major suppliers to confirm that all liabilities have been accounted for. He should consider whether disclosures are sufficient. Accruals Analytical procedures should be applied to accruals in seeking to gather evidence over their valuation and completeness. The auditor needs to consider last year’s accruals and known expense items where you may expect an accrual. Audit programme- accruals 1. Check calculations are reasonable, based on supporting documentation and subsequent year-end payments. 2. Scrutinise the payments after the year-end for large or unusual items that should be treated as an accrual. 3. Review the profit and loss account for those headings which may indicate an accrual exists. 4. Check accruals exist for payroll and vat liabilities. Provisions for liabilities and contingencies A provision should be accounted for as a liability. Contingencies in general should be disclosed. The auditor needs to ensure there has been correct classification according to IAS 37, provisions, contingent liabilities and contingent gains. IAS 37 defines a provision as a liability of uncertain timing or amount. A liability is a present obligation of an enterprise arising from past events, the settlement of which is expected to result in an outflow from the enterprise. An obligation is an event that creates a legal or constructive obligation that results in an enterprise having no realistic alternative to settling that obligation. A legal obligation derives from a contract through its explicit or implicit terms, legislation or some other operation of law. A constructive obligation derives from established patterns of past practice or published policies through which a valid expectation is created on the part of another party. A contingent liability is a: • possible obligation that arises from past events and whose existence will be confirmed only by the occurrence or non-occurrence of one or more uncertain future events not wholly within the control of the enterprise or a Page 132 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES • present obligation that arises from past events but is not recognised because it is improbable that an outflow of resources will be required to settle the obligation or the amount of the obligation cannot be measured with sufficient reliability. A contingent asset is a possible asset that arises from past events and whose existence will be confirmed only by the occurrence or non-occurrence of one or more uncertain future events not wholly within the control of the entity. Under IAS 37, an entity should not recognise a contingent asset or a contingent liability. However, if it becomes probable that an outflow of future economic benefits will be required, then a provision should be recognised. A contingent asset should not be accounted for unless its realisation is virtually certain. If an inflow of economic benefits has become probable, the asset should be disclosed. • Where there is a present obligation that probably requires an outflow of resources, then a provision should be recognised and disclosed. • Where there is a possible or present obligation that may, but probably will not, require an outflow of resources then no provision should be recognised but disclosures are required for the contingent liability. • Where there is a possible or present obligation where the likelihood of an outflow of resources is remote, then no provision is recognised and no disclosure is required. A contingent liability also arises in the rare case where there is a liability that cannot be recognised because it cannot be measured reliably. Disclosures are required in this instance. Contingent assets • Where the inflow of economic benefits is virtually certain, the asset is not contingent. • Where the inflow of benefits is probable but not virtually certain, then no asset is recognised but disclosures are required. • Where the inflow is improbable, then no asset or disclosures are recognised. Examples of contingencies disclosed by companies are guarantees for other group companies, staff pension schemes, completion of contracts, discounted bills of exchange, law-suits or claims pending and options to purchase assets. Obtaining audit evidence of contingencies The auditor should carry out audit procedures in order to become aware of any litigation and claims involving the entity, which may result in a material misstatement of the financial statements. Such procedures would include the following: • Make appropriate inquiries of management including obtaining representations • Review minutes of management meetings and correspondence with the lawyers. • Examine legal expense accounts Page 133 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES • Use any information obtained regarding the entity's business including information obtained from discussions with any in-house legal department. When the auditor assesses a risk of material misstatement regarding litigation or claims that have been identified or when the auditor believes they may exist, the auditor should seek direct communication with the entity's legal counsel. This will help to obtain sufficient appropriate audit evidence as to whether potential material litigation and claims are known and management’s estimates of the financial implications, including costs are reliable. The letter, which should be prepared by management and sent by the auditor, should request the entity's legal counsel to communicate directly with the auditor. When it is considered unlikely that the entity's legal counsel will respond to a general inquiry, the letter would ordinarily specify the following: • A list of litigation and claims • Management's assessment of the outcome of the litigation or claim and its estimate of the financial implications, including costs involved. • A request that the entity's legal counsel confirm the reasonableness of management's assessments and provide the auditor with further information if the list is considered by the entity's legal counsel to be incomplete or incorrect. The auditors must consider all matters up to the date of their audit report so further contact may be necessary with the lawyer. This can only take place with the permission of management and may be required where a disagreement/complex matter arises. If management refuses to give the auditor permission to communicate with the entity's legal counsel, this would be a scope limitation and could lead to a qualified/disclaimer of opinion. Where the entity's legal counsel refuses to respond in an appropriate manner and the auditor is unable to obtain sufficient appropriate audit evidence by applying alternative audit procedures, the auditor would consider whether there is a scope limitation that may lead to a qualified opinion or a disclaimer of opinion Audit programme 1. Obtain details of all provisions that have been included in the accounts and all contingencies that have been disclosed. 2. Obtain a detailed analysis of all provisions showing the yearly movements. 3. Determine for each material provision whether the company has a present obligation as a result of past events by review of correspondence and discussion with directors. 4. Determine for each material provision whether it is probable that a transfer of benefits will be required to settle the obligation by checking whether any payments have been made in the post balance sheet period in respect of the item and review of correspondence with lawyers, banks, customers insurance company and suppliers. Page 134 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES 5. Recalculate all provisions made and assess their reasonableness. 6. Compare the amount provided with post year-end payments and with any amount paid in the past for similar items. 7. In the event that it is not possible to estimate the amount of the provision, check that there is disclosure in the accounts. 8. Consider the nature of the client’s business for example would you expect to see any other provisions such as warranties. 9. Consider the adequacy of disclosure of provisions and contingencies. d) Long term borrowings These are loan stock, debentures and any other loans repayable after more than one year from the year-end date. The auditor will be concerned with completeness, measurement and disclosure. He needs to pay attention to agreements as compliance with them is a must. Audit programme- long term loans 1. Obtain a schedule of all outstanding loans. Details should include balance, maturity date, interest rates and security details. 2. Agree opening figures to the closing figures from last year. 3. Check the arithmetic calculations. 4. Confirm the balances per the list agree to the nominal ledger. 5. Check the names on the list to the register of debenture holders. 6. Trace all additions and repayments to the cashbooks. 7. Confirm that all repayments are in agreement with the loan agreements. 8. Confirm that borrowing limits have not been exceeded. 9. Examine evidence from board minutes relating to new borrowings. 10. Obtain external confirmation from borrowers as to the closing balance, accrued interest and any security noted. Also note any indications of non-compliance. 11. Verify the interest charged is correct by recalculating. 12. Confirm that any assets charged have been entered in the registrar of charges. 13. Review restrictive covenants relating to default conditions. 14. Review board minutes and cashbooks to ensure that all loans have been recorded. e) Capital The auditor will be concerned with ensuring that: 1. Share capital has been properly classified and disclosed in the financial statements and charges properly authorised. 2. Movements on reserves have been properly authorised and in the case of statutory reserves only used for permitted purposes. 3. Statutory records have been properly maintained and returns dealt with. Page 135 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES Audit programmeShare capital 1. Agree the authorised share capital with the statutory documents. 2. Agree any changes to properly authorised resolutions. Reserves 1. Check all movement on reserves to supporting authority. 2. Ensure no movement on reserves contravenes company law or the company’s own rules. 3. Confirm that distributable and non-distributable reserves are distinguished. 4. Ensure there is adequate disclosure in the accounts of any movement. Issue of shares 1. Verify with board minutes and resolutions and general meeting. 2. Ensure issue or change of shares is in line with company’s constitution and that the directors have the authority to issue such shares. 3. Confirm that cash or other consideration has been received in respect of the issue of shares. Transfer of shares 1. Verify by reference to complete stamped transfer forms, cancelled share certificates, correspondence and minutes of directors’ meetings. 2. Agree balances on shareholders’ accounts in the register of members to the issued share capital figure in the nominal ledger. Dividends 1. Agree dividends paid to the authority within the minutes of the board of directors’ meetings and check the calculation. 2. Check dividends do not contravene the distribution provisions. 3. Check that any withholding tax has been calculated correctly and appropriately accounted for. Minute books 1. Review minutes of all meetings and make note of significant items for cross referencing in the audit file. 2. Note the date of the last minute reviewed. 3. Check that meetings have been properly convened. Register of interests in shares 1. Scrutinise register and verify that it is in order. 2. Ensure that significant interests are noted. Register of charges 1. Update any changes to the permanent audit file. 2. Ensure that any asset which is charged as security for a loan is disclosed in the accounts. 3. Do a company search with the Office of Registrar General to verify the accuracy of the register. Register of directors’ interests in shares 1. Ensure that such interests are noted for disclosure in the accounts. 2. Ensure that the shareholdings comply with the company’s constitution. Register of directors 1. Update the permanent audit file for any changes in details. 2. Verify all changes with minutes and ensure proper statutory returns have been made Page 136 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES to the applicable authorities for example: to the Office of Registrar General. 3. Verify that the number of directors complies with the company’s constitution. Directors service contracts 1. Inspect copies of the contracts. 2. Verify that long term contracts have been approved in General meeting. Statutory returns 1. Check that all returns are filed promptly. Accounting records 1. Consider whether the accounting records are adequate to show and explain the company’s transactions, disclose with reasonable accuracy the financial position of the company and comply with company law. 2. Check that the figures contained in the accounts can be traced back to the trial balance, and back to the nominal ledger. D. PROFIT AND LOSS ITEMS f) Sales and purchases Sales A lot of work on sales is done in conjunction with the audit tests on debtors. The auditor will seek to ensure that all sales are completely and accurately (cut-off) recorded. Analytical review is important when testing completeness. The auditor needs to consider the level of sales over the year compared to the previous year, any major changes in quantities sold, price movements, level of returned goods, allowances and discounts. He should also look at the gross margins, ideally broken down by product and time periods. Further procedures could be carried out depending on the outcome of the analytical review. The auditor may also do some directional testing to ensure completeness of transactions. Tracing goods despatch note records to sales ledger accounts. He should also review the sequence of despatch notes. To ensure accurate recording he should trace items from the sales ledger back to the despatch notes. This may highlight sales which have been invalidly recorded or which might not have occurred. Cut-off tests similar to those done for stock or debtors can be carried out to ensure that sales are recorded in the correct period. Goods on sale or return should be included in inventory at cost and should be reversed out of sales. Purchases The auditor is concerned with the accurate recording of purchases, their completeness and occurrence. Cut-off would need to be looked at as well, but this work will have been done at the stock and creditor phases of the audit. Page 137 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES As with sales, the use of analytical review procedures is very important. The auditor should compare the levels of purchases month on month and with corresponding figures from the previous year. He will also need to consider what effect changes in volumes will cause and the effect of new products, altered products and any price variations. He should also look at ratios such as the rate of trade creditors balances to purchases or to inventory and compare with previous years. The auditor should check purchases from the daybooks to relevant supporting documentation to assess whether the purchase is valid and if it has been allocated to the correct account in the general ledger and posted correctly also. g) Wages and salaries Many expenses are audited solely by analytical review procedures. However, more detailed testing is usually carried on the payroll due to the consequences of a failure to deduct and/or account for payroll taxes correctly. In applying the analytical review procedures, the auditor will consider the payroll levels over each month and compare with the previous year’s figures. He will also consider wage rate changes during the year and the movement of staff in and out of the organisation. Some ratios that may be useful are average wage per month to sales and/or net profit per employee. Audit tests - Payroll Tests - Occurrence 1. Check pay rates to personnel records and salary agreements. 2. Check hours paid to timesheets, clock cards. 3. Confirm existence of staff through face to face meetings, check phone book, discuss with managers etc. Tests – Measurement 1. Check accuracy of calculations of pay, and statutory deductions are correct. 2. Check for supporting documentation in respect of other deductions to establish their validity and check the accuracy of the calculation. Tests – Completeness 1. Check the arithmetic calculations on the payroll records. 2. Confirm net payment to bank statement and payments book. 3. Scrutinise the payroll for any unusual items. 4. Review wages control account for any discrepancies. Directors’ remuneration is disclosed in the accounting notes and as such could be considered to be material. Directors’ salaries will be audited as part of the payroll but a few additional checks should be carried out. The auditor should check whether there have been any benefits-in-kind and review the director’s service contracts. In addition, he should ensure that all payments made to former directors are properly identified and disclosed. Page 138 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES h) Other income and expenditure Investment income The basis of recognising investment income may vary from company to company particularly for dividends. Credit may be taken only when received, when declared or taken only after ratification of the dividend by the shareholders in general meeting. Whichever is the basis, a consistent one must be applied from year to year. The auditor will be concerned with completeness, occurrence and measurement. To address these issues he should: • Check that all income due has been received by reference to financial statements for unlisted companies and other available financial data. • Review investment income account for irregular or unusual entries. • Ensure that the basis of recognising income is consistent with previous years. • Compare investment income with prior years and explain any significant fluctuations. • Obtain a statement reconciling the book value of the listed and unlisted investments at the last balance sheet date and the current balance sheet date. Income from intangibles Review sales returns and statistics to verify the reasonableness of income derived from patents, trademarks licences etc. and examine audited accounts of third party sales covered by patent, licence or trademark owned by the company. Expenses The auditor is concerned with the accurate recording of expenses, their completeness and occurrence. In general, analytical review procedures are applied. The auditor would compare this year with last and assess likely outcomes based on relationships of figures between the balance sheet and the profit and loss account. Typically, depreciation and interest paid could be reviewed in this way. Based on the result of the analytical review procedures, further work may need to be carried out. This would entail reviewing the individual transactions within the nominal ledger account and tracing back to supporting documentation. A lot of work on expense headings may already have been carried out while auditing the prepayments and the accruals. E. ASSESSMENT OF MISSTATEMENTS Summarise errors During the course of the audit of financial statements, there will be material or immaterial errors uncovered. The client will normally adjust the financial statements to take account of Page 139 UNIT 7 – FINANCIAL STATEMENT ITEMS – SUBSTANTIVE PROCEDURES these errors. At the end of the audit however, there may be some outstanding errors and the auditors will summarise these unadjusted errors. Evaluating the effect of misstatements The auditor should assess whether the aggregate of uncorrected misstatements that have been identified during the audit is material. The aggregate of uncorrected misstatements are: • Specific misstatements identified by the auditor, including ones identified during the audit of the previous period if they affect the current period, and • The auditor’s best estimate of other misstatements which cannot be quantified specifically. If the aggregate of misstatements is material, the auditor must consider reducing audit risk by carrying out additional testing. Otherwise, he may request management to adjust the financial statements for the identified misstatements which the latter may wish to do anyway. If the aggregate of the misstatements approaches the level of materiality, the auditor should consider whether it is likely that undetected misstatements, when taken with the aggregated uncorrected misstatements, could exceed the materiality level. If so, he should consider reducing the risk by performing additional testing or as before requesting management to adjust the financial statements for the identified misstatements. F. IMPACT ON AUDIT REPORTING If there are no issues or any uncorrected material misstatements, the auditor will probably issue a clean audit report (unmodified). If there are uncorrected material misstatements and management agree to adjust the financial statements, the auditor will probably issue a clean audit report. If management refuses to adjust the financial statements and the results of any extended audit procedures do not enable the auditor to conclude that the aggregate of the uncorrected misstatements is not material, then the auditor needs to consider a qualification in his audit report (modified). If management refuses to adjust the financial statements but the results of any extended audit procedures enable the auditor to conclude that the aggregate of the uncorrected misstatements is not material, then the auditor may issue a clean audit report. However, the auditor would need to consider the actions of management in this case. Page 140 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS Study Unit 8 Audit Execution – Other Considerations Contents A. Sampling B. Analytical Review C. Going Concern D. Subsequent Events E. Accounting Estimates F. Commitments & Contingencies G. Management Representations H. Use of Experts I. Opening Balances J. Comparatives Page 141 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS A. SAMPLING ISA 530 states that when designing audit procedures, the auditor should determine appropriate means for selecting items for testing so as to gather sufficient appropriate audit evidence to meet the objectives of the audit procedures. Auditors do not examine all information that is available to them as it is impractical to do so and as a result audit sampling is used to produce valid conclusions. Audit sampling involves the application of audit procedures to less than 100% of items within a class of transactions or account balance such that all sampling units have a chance of selection. Audit sampling can use either a statistical or a non-statistical approach. Types of risk 1. Sampling risk arises from the possibility that the auditor's conclusion, based on a sample may be different from the conclusion reached if the entire population were subjected to the same audit procedure. There are two types of sampling risk: a) The risk the auditor will conclude that controls are more effective than they actually are, or that a material error does not exist when in fact it does. This type of risk affects audit effectiveness and is more likely to lead to an inappropriate audit opinion; and b) The risk the auditor will conclude that controls are less effective than they actually are, or that a material error exists when in fact it does not. This type of risk affects audit efficiency as it leads to additional work to establish that initial conclusions were incorrect. 2. Non-sampling risk arises from factors that cause the auditor to reach an erroneous conclusion for any reason not related to the size of the sample. For example, the auditor might use inappropriate audit procedures, or the auditor might misinterpret audit evidence and fail to recognise an error. Types of selection Selecting All Items (100% examination) The auditor may decide that it will be most appropriate to examine the entire population. 100% examination is unlikely in the case of tests of controls. It is more common for tests of details where for example, there are a small number of large value items, when there is a significant risk, or when the repetitive nature of a calculation or other process performed automatically by an information system makes it cost effective through the use of computerassisted audit techniques (CAATs). This process does not involve sampling. Selecting Specific Items The auditor may decide to select specific items from a population based on such factors as the auditor's understanding of the entity, the assessed risk of material misstatement, and the characteristics of the population being tested. The judgmental selection of specific items is Page 142 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS subject to non-sampling risk. Specific items selected may include high value or key items, all items over a certain amount, items to obtain information or items to test procedures. While selective examination will often be an efficient means of gathering audit evidence, it does not constitute audit or statistical sampling. The results cannot be projected to the entire population. The auditor considers the need to obtain sufficient appropriate evidence regarding the rest of the population when that remainder is material. Audit Sampling The auditor may decide to apply audit sampling to a class of transactions or account balance. Audit sampling can be applied using either non-statistical or statistical sampling methods. Sample Size In determining the sample size, the auditor should consider whether sampling risk is reduced to an acceptably low level that the auditor is willing to accept. The lower the risk the auditor is willing to accept, the greater the sample size will need to be. The sample size can be determined by the application of a statistically-based formula or through the exercise of professional judgment objectively applied to the circumstances. Approaches Statistical sampling means any approach to sampling that has the characteristics of random selection and the use of probability theory to evaluate sample results. Sampling that does not have these characteristics is considered to be non-statistical sampling. Selecting Items for Testing to Gather Audit Evidence The decision whether to use a statistical or non-statistical sampling approach is a matter for the auditor's judgment regarding the most efficient manner to obtain sufficient appropriate audit evidence and having regard to the risk of material misstatement related to the assertion. For example, in the case of tests of controls the auditor's analysis of the nature and cause of errors will often be more important than the statistical analysis of the count of errors. In such a situation, non-statistical sampling may be most appropriate. Selecting the audit sample The auditor should select items for the sample with the expectation that all sampling units in the population have a chance of selection. Statistical sampling requires that sample items are selected at random so that each sampling unit has a known chance of being selected. With non-statistical sampling, an auditor uses professional judgment to select the items for a sample. Because the purpose of sampling is to draw conclusions about the entire population, the auditor should endeavour to select a representative sample by choosing sample items which have characteristics typical of the population, and the sample needs to be selected so that bias is avoided. Page 143 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS The auditor needs to consider the nature of the evidence, possible error conditions and the rate of error he expects to be present in the population. Methods of selection include random, systematic, haphazard and sequence or block selection. Tolerable error is the maximum error that the auditor would be willing to accept. Larger sample sizes will be required when errors are expected, in order to conclude that the actual error is less than the tolerable error. Evaluation of sample results The auditor will need to analyse the errors to establish whether: • • • They are true errors or just miss-postings between accounts, Alternative procedures need to be applied, There are any qualitative aspects of the errors including cause and nature. The auditor will then project the errors to derive the probable estimate of errors in the population. He then needs to reassess the sampling risk if the error exceeds the tolerable error. If risk is still present he needs to extend the auditing procedures or perform alternative testing. If the actual error still exceeds the tolerable error at this stage, then there is a need to re-assess control risk or in the case of substantive testing, consider an adjustment to the accounts. ANALYTICAL REVIEW B. ISA 520 states the auditor should apply analytical procedures: • • As risk assessment procedures to obtain an understanding of the entity and its environment. At or near the end of the audit when forming an overall conclusion as to whether the financial statements as a whole are consistent with the auditors understanding of the entity. In addition, the procedures can also be used as substantive procedures to obtain evidence directly. When analytical procedures identify significant fluctuations or relationships: a) that are inconsistent with other relevant information or b) that deviate from predicted amounts, The auditor should investigate and obtain adequate explanations and appropriate audit evidence by way of enquiries with management and then corroboration of management’s responses by comparing them with the auditor’s own knowledge of the entity’s business and with any other evidence obtained during the course of the audit. If the procedures are carried Page 144 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS out as substantive procedures, the auditor should undertake additional audit procedures where appropriate to confirm the explanations received. Timing Analytical procedures are important at all stages of the audit, such as planning, substantive procedures and the overall review. Nature It consists of comparing items like current financial information with prior year financial and non-financial information and analysing predictable relationships such as the relationship between debtors and sales, or payroll costs and number of employees and considering anticipated results and predictions. Sources of information include interim financial information, budgets, management accounts, non-financial information, bank and cash records, VAT returns, board minutes and discussion with the client at the year-end. When deciding to use analytical procedures, the auditor must consider: • The plausibility and predictability of the relationships, such as the strong relationship between turnover and sales commission. • The objectives of the procedures and the extent to which their results are reliable. • The detail to which information can be analysed, such as info at dept. level. • The availability of information both financial and non-financial. • The comparability of the information. Ratios, on their own, are of little use. They should be comparable to previous years and other similar companies. • The knowledge gained during previous audits such as effectiveness of controls. Practical techniques Important accounting ratios • • • • • • • Gross profit margins Average collection period Stock turnover Current ratio Acid test ratio Debt to equity capital Return on capital employed Related items • Payables and purchases • Inventories and cost of sales Page 145 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS • • • • Non-current assets and depreciation, repairs and maintenance Loans and interest Receivables and bad debts Receivables and sales When placing reliance on the results of analytical procedure the auditor should consider: • • • • • Materiality of the items involved, Other audit procedures directed toward the same assertions, The accuracy with which the expected results can be predicted, The fluency with which a relationship is observed, An assessment of inherent and control risks. Auditors will need to consider testing controls, if any, over the preparation of information used in applying analytical procedures. When such controls are effective, the auditors will have greater confidence in the reliability of the information. Other analytical techniques include: • • • Examining related accounts Trend analysis Reasonableness tests such as that on depreciation. Working papers will need to include: • • • • • • • The programme of work carried out, The summary of significant figures and their relationships, A summary of comparisons made with budgets and previous years, Details of all significant fluctuations or unexpected relationships, Details of further investigations, The audit conclusions reached, Any information considered necessary for assisting in the planning of subsequent audits. • C. GOING CONCERN ISA 570, when planning and performing audit procedures and in evaluating the results, the auditor should consider the appropriateness of management's use of the going concern assumption in the preparation of the financial statements. Going concern is viewed as continuing in business for the foreseeable future with neither the intention nor need to cease trading. Assets and liabilities are recorded on the basis that one can realise assets and discharge liabilities in the normal course of business. Page 146 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS Management’s responsibilities When preparing the financial statements, management should make an assessment of the company’s ability to continue as a going concern. This assessment involves making a judgment, at a particular point in time, about the future outcome of events or conditions that are inherently uncertain. The following factors are relevant: • The degree of uncertainty increases significantly the further into the future a judgment is being made about the outcome of an event or condition. • Any judgment about the future is based on information available at the time at which the judgment is made. Subsequent events can contradict this. • The size and complexity of the entity, the nature and condition of its business and the degree to which it is affected by external factors all affect the judgment regarding the outcome of events or conditions. Possible indicators of ‘going concern’ problems: Financial • Net liability or net current liability position • Necessary borrowing facilities have not been agreed • Loans nearing maturity without realistic prospects of renewal or repayment • Excessive reliance on short-term borrowings to finance long-term assets • Major debt repayment falling due where refinancing is necessary. • Major restructuring of debt. • Indications of withdrawal of financial support by debtors and other creditors • Negative operating cash flows and adverse key financial ratios • Substantial operating losses or significant deterioration in the value of assets. • Major losses or cash flow problems since the balance sheet date. • Arrears or discontinuance of dividends • Inability to pay creditors on due dates • Inability to comply with the terms of loan agreements • Reduction in normal terms of trade credit by suppliers • Change from credit to cash-on-delivery transactions with suppliers • Inability to obtain financing for essential new product development. • Substantial sales of fixed assets not intended to be replaced Operating • Loss of key management and staff without replacement • Loss of a major market, franchise, licence, or principal supplier • Labour difficulties or shortages of important supplies • Unable to adapt to fundamental changes in the market or technology. • Excessive dependence on a few product lines where the market is depressed. • Technical developments that render a key product obsolete. Other • Non-compliance with capital or other statutory requirements Page 147 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS • Pending legal proceedings that are unlikely to be satisfied • Changes in legislation expected to adversely affect the entity The significance of such events can often be mitigated by other factors. • The effect of an entity being unable to make its normal debt repayments may be counter-balanced by management's plans such as by disposal of assets or rescheduling of loan repayments. • Similarly, the loss of a principal supplier may be mitigated by the availability of a suitable alternative source of supply. Auditor’s responsibilities The auditor's responsibility is to consider: • The appropriateness of management's use of the ‘going concern’ assumption in the preparation of the financial statements and • Are there any material uncertainties about the entity's ability to continue as a going concern that need to be disclosed in the financial statements. In obtaining an understanding of the entity and in performing audit procedures throughout the audit, the auditor should consider whether there are events or conditions and related business risks that may cast significant doubt on the entity's ability to continue as a going concern. The auditor should review management’s assessment to determine whether they have identified events or conditions and what plans they have to address them. If management has not yet made an assessment, the auditor should discuss with them their basis for the intended use of the ‘going concern’ assumption. The auditor should evaluate management's assessment of the entity's ability to continue as a going concern. If management's assessment covers a period of less than twelve months from the balance sheet date, the auditor should ask them to extend its assessment period to twelve months from the balance sheet date. The auditor does not have a responsibility to design audit procedures other than inquiry of management. However, he may become aware of such known events or conditions during the planning and performance of the audit, including subsequent events procedures. He should therefore inquire of management as to its knowledge of events or conditions beyond the period of assessment that may cast significant doubt on the entity's ability to continue as a going concern. Since the degree of uncertainty associated with the outcome of an event or condition increases further into the future the indications of going concern issues will need to be significant before the auditor considers taking further action. The auditor may need to ask management to determine the potential significance on their going concern assessment. In evaluating management's assessment, the auditor should consider: Page 148 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS • The process management followed to make its assessment, • The assumptions on which the assessment is based and • Management's plans for future action. Generally, there is no need for a detailed assessment by management and extensive review by the auditor if the company has a good history of profitable operations and access to sufficient financial resources. Additional audit procedures When events or conditions have been identified, the auditor should: • Review management's plans for future actions based on its assessment, • Confirm or dispel whether or not a material uncertainty exists through carrying out audit procedures considered necessary and • Seek written management representations regarding its future action plans. Such procedures may include: • Analysing and discussing cash flows and other forecasts with management. • Analysing and discussing the latest available interim financial statements. • Reviewing terms of loan agreements for any breaches. • Reading minutes of the meetings for reference to financing difficulties. • Inquiring of the entity's lawyer regarding the existence of litigation and claims and the reasonableness of management's assessments of their outcome and the estimate of their financial implications. • Confirming the existence, legality and enforceability of arrangements to provide or maintain financial support with related and third parties and assessing the financial ability of such parties to provide additional funds. • Considering the entity's plans to deal with unfilled customer orders. • Reviewing after period end to identify mitigating events or otherwise. When analysis of cash flow is a significant factor in considering the future outcome of events or conditions the auditor should consider the reliability of the entity's information system for generating such information. He should also consider whether there is adequate support for the assumptions underlying the forecast and whether the comparability of prospective financial information with historical results and results to date is reasonably accurate. Audit Conclusions and Reporting Based on the audit evidence obtained, the auditor should determine if, in his judgment, a material uncertainty exists related to events or conditions that alone or in aggregate, may cast significant doubt on the entity's ability to continue as a going concern. Page 149 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS If the use of the going concern assumption is appropriate but a material uncertainty exists, the auditor considers whether the financial statements: • Adequately describe the principal events or conditions that give rise to the significant doubt on the entity's ability to continue in operation and management's plans to deal with these events or conditions; and • State clearly that there is a material uncertainty therefore it may be unable to realise its assets and discharge its liabilities in the normal course of business. If adequate disclosure is made in the financial statements, the auditor should express an unqualified opinion but modify the auditor's report by adding an emphasis of matter paragraph that highlights the existence of a material uncertainty and draws attention to the note in the financial statements. If adequate disclosure is not made in the financial statements, the auditor should express a qualified or adverse opinion. The report should include specific reference to the fact that there is a material uncertainty that may cast significant doubt about the entity's ability to continue as a going concern. If, in the auditor's judgment, the entity will not be able to continue as a going concern, the auditor should express an adverse opinion if the financial statements have been prepared on a going concern basis regardless of whether or not disclosure has been made. If management is unwilling to make or extend its assessment when requested to do so by the auditor, the auditor should consider the need to qualify the auditor's report as a result of the limitation on the scope of the auditor's work. D. SUBSEQUENT EVENTS ISA 560, the auditor should consider the effect of subsequent events (events after the balance sheet date) on the financial statements and on the auditor's report. Events after the balance sheet date deals with the treatment in financial statements of events, both favourable and unfavourable, that occur between the balance sheet date and the date when the financial statements are authorised for issue and identifies two types: • Those that provide evidence of conditions that existed at the balance sheet -adjusting events and • Those which are indicative of conditions that arose after the balance sheet date, i.e. non-adjusting events. Events occurring up to the date of the auditor’s report The auditor should perform audit procedures designed to obtain sufficient appropriate audit evidence that all events up to the date of the auditor's report that may require adjustment of, or disclosure in, the financial statements have been identified. When the auditor becomes Page 150 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS aware of events that materially affect the financial statements, it is his responsibility to consider whether such events are properly accounted for and adequately disclosed. These procedures are in addition to procedures that may be applied to specific transactions occurring after period end (normal year-end work) to obtain audit evidence as to account balances as at period end, for example, the testing of stock cut-off, receipts from debtors and payments to creditors. The audit procedures should be performed as near as possible to the date of the auditor's report and should take into account the auditor's risk assessment and include the following: • Reviewing management procedures ensuring such events are identified. • Reading minutes of meetings of shareholders and directors held after period end and inquiring about matters for which minutes are not yet available. • Reading the entity's latest available interim financial statements • Inquiring of the entity's legal counsel concerning litigation and claims. • Inquiring of management as to whether any subsequent events have occurred which might affect the financial statements such as: ♦ The current status of items based on preliminary or inconclusive data. ♦ New commitments, borrowings or guarantees ♦ Major sales or acquisition of assets occurred or planned ♦ Issue of new shares or debentures or agreement/plans to merge or liquidate ♦ Assets appropriated by government or destroyed by fire or flood. ♦ Developments regarding risk areas and contingencies ♦ Unusual accounting adjustments made or contemplated ♦ Any events which will bring into question the appropriateness of accounting policies used in the financial statements. Facts discovered after the date of the auditor’s report but before the financial statements are issued The auditor does not have any responsibility to perform audit procedures or make any inquiry regarding the financial statements after the date of the auditor's report. During the period from the date of the auditor's report to the date the financial statements are issued, the responsibility to inform the auditor of facts that may affect the financial statements rests with management. Where the auditor becomes aware of a fact that may materially affect the financial statements, he should consider whether the financial statements need amendment. He should discuss the matter with management and should take the action appropriate in the circumstances. When management amends the financial statements, the auditor would carry out additional audit procedures as necessary and would issue a new report on the amended financial Page 151 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS statements. The new report would be dated not earlier than the amended financial statements signed or approved by management. When management does not amend the financial statements in circumstances where the auditor believes they need to be amended and the auditor's report has not been released to the entity, the auditor should express a qualified opinion or an adverse opinion. When the auditor's report has been released to the entity, the auditor would notify management not to issue the financial statements and the auditor's report thereon to third parties. If they are subsequently released, the auditor needs to take action to prevent reliance on the audit report. The action taken will depend on the auditor's legal rights and obligations and the recommendations of the auditor's lawyer. Facts discovered after the financial statements have been issued After the financial statements are issued, the auditor has no obligation to make any further inquiry. When, after the financial statements have been issued, the auditor becomes aware of a fact which existed at the date of the auditor's report and which, if known at that date, may have caused the auditor to qualify his report, the auditor should consider whether the financial statements need revision, should discuss the matter with management, and should take the action appropriate in the circumstances. Where the auditor becomes aware of a fact relevant to the audited financial statements that did not exist at the date of the auditor's report there are no statutory provisions for revising financial statements. The auditor should discuss with management whether they should withdraw the financial statements and where management decide not to do so the auditor may wish to take advice on whether it might be possible to withdraw their report. A possible course of action may include making a statement by management or the auditor at the annual general meeting. In any event legal advice may be helpful. When management revises the financial statements, the auditor should carry out the audit procedures necessary in the circumstances and should review the steps taken by management to ensure that anyone in receipt of the previously issued financial statements together with the auditor's report thereon is informed of the situation. The auditor would issue a new report on the revised financial statements. The new auditor's report should include an emphasis of a matter paragraph referring to a note to the financial statements that more extensively discusses the reason for the revision of the previously issued financial statements and to the earlier report issued by the auditor. The new auditor's report would be dated not earlier than the date the revised financial statements are approved. Page 152 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS When management do not take the necessary steps to ensure that anyone in receipt of the previously issued financial statements together with the auditor's report thereon is informed of the situation and does not revise the financial statements in circumstances where the auditor believes they need to be revised, the auditor would notify management that action will be taken by the auditor to prevent future reliance on the auditor's report. The action taken will depend on the auditor's legal rights and obligations and the recommendations of the auditor's lawyers. E. ACCOUNTING ESTIMATES ISA 540, the auditor should obtain sufficient appropriate evidence regarding accounting estimates. Estimates mean an approximation of the amount of an item in the absence of a precise means of measurement. For example, provisions to reduce stock and debtors to their estimated realisable values, accrued revenue, deferred tax, provisions for warranty claims. Management is responsible for making estimates included in the financial statements. These estimates are often made in conditions of uncertainty regarding the outcome of events and involve the use of judgement. The risk of material misstatement therefore increases when accounting estimates are involved. Audit evidence supporting estimates is generally less than conclusive and so auditors need to exercise greater judgement than in other areas of the audit. Audit procedures The auditor should design and perform further audit procedures to obtain sufficient appropriate evidence as to whether the accounting estimates are reasonable in the circumstances and when required, appropriately disclosed. He needs to gain an understanding of the procedures and methods used by management to make accounting estimates. The auditor should adopt one or a combination of the following approaches in the audit of an accounting estimate: • Review and test the process used by management to develop the estimate, • Use an independent estimate for comparison with that prepared by management or • Review subsequent events which provide audit evidence of the reasonableness of the estimate made. Evaluation of results of audit procedures Page 153 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS The auditor should make a final assessment of the reasonableness of the entity’s accounting estimates based on the auditor’s understanding of the entity and its environment and whether estimates are consistent with other audit evidence obtained during the audit. Auditors must assess the differences between the amount of an estimate supported by evidence and the estimate calculated by management. If the auditor believes that the difference is unreasonable then an adjustment should be made. If the management refuses to revise the estimate, then the difference is considered a misstatement and will be treated as such. F. COMMITMENTS AND CONTINGENCIES The auditor needs to ensure there has been correct classification according to IAS 37, provisions and contingent liabilities. Definitions: 1. A provision is a liability of uncertain timing or amount. 2. A liability is a present obligation of an enterprise arising from past events, the settlement of which is expected to result in an outflow. 3. A contingent liability is a: • possible obligation that arises from past events and whose existence will be confirmed only by the occurrence or non-occurrence of one or more uncertain future events not wholly within the control of the enterprise • present obligation that arises from past events but is not recognised because it is not probable that an outflow of resources will be required to settle the obligation or the amount of the obligation cannot be measured with sufficient reliability. IAS 37 lays out the following conditions: • A contingent asset should not be accounted for unless its realisation is virtually certain. If an inflow of economic benefits has become probable, the asset should be disclosed. • Where there is a present obligation that probably requires an outflow of resources, then a provision should be recognised and disclosed. • Where there is a possible or present obligation that may, but probably will not, require an outflow of resources then no provision should be recognised but disclosures are required for the contingent liability. • Where there is a possible or present obligation where the likelihood of an outflow of resources is remote, then no provision is recognised and no disclosure is required. • A contingent liability also arises in the rare case where there is a liability that cannot be recognised because it cannot be measured reliably. Disclosures are required in this instance. Examples of contingencies disclosed by companies are guarantees for other group companies, staff pension schemes, completion of contracts, discounted bills of exchange, law-suits or claims pending and options to purchase assets. Page 154 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS Obtaining audit evidence of contingencies The auditor should carry out audit procedures in order to become aware of any litigation and claims involving the entity, which may result in a material misstatement of the financial statements. Such procedures could include: • Making inquiries of management including obtaining representations, • Reviewing minutes of management meetings and legal correspondence, • Examining legal expense accounts. When the auditor assesses a risk of material misstatement regarding litigation or claims that have been identified or when the auditor believes they may exist, the auditor should seek direct communication with the entity's legal counsel. This will help to obtain evidence as to whether potential material litigation and claims are known and management’s estimates of the financial implications, including costs are reliable. The letter, prepared by management and sent by the auditor, should request the entity's legal counsel to communicate directly with the auditor. When it is considered unlikely that the entity's legal counsel will respond to a general inquiry, the letter would ordinarily specify the following: • A list of litigation and claims, • Management's assessment of the outcome of the litigation or claim and its estimate of the financial implications, including costs involved, • A request that the entity's legal counsel confirm the reasonableness of management's assessments and provide the auditor with further information if the list is considered to be incomplete or incorrect. If management refuses to give the auditor permission to communicate with the entity's legal counsel, this would be a scope limitation and could lead to a qualified/disclaimer of opinion. Where the entity's legal counsel refuses to respond in an appropriate manner and the auditor is unable to obtain sufficient appropriate audit evidence by applying alternative audit procedures, the auditor should consider whether there is a scope limitation that may lead to a qualified opinion or a disclaimer of opinion. Page 155 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS G. MANAGEMENT REPRESENTATIONS ISA 580 states that the auditor should obtain appropriate representations from management. These are an important source of evidence. Indeed these may be the only suitable evidence available where knowledge of such facts are confined to management or may even be one of judgement and opinion. They may be oral or written and may be obtained either on a formal or informal basis. The auditors will include this information in their audit working papers where it forms part of their total audit evidence. Written confirmation should be obtained before the audit report is issued. Acknowledgment by Management of its Responsibility for the Financial Statements The auditor should obtain audit evidence that management acknowledges its responsibility for the fair presentation of the financial statements in accordance with the applicable financial reporting framework, and has approved the financial statements. This normally occurs when the auditor gets a signed copy of the financial statements which usually includes a statement of management responsibilities. On the other hand the auditor can obtain audit evidence from minutes of meetings by obtaining a written representation from management. Representations by Management as Audit Evidence The auditor should obtain written representations from management on matters material to the financial statements when other audit evidence cannot reasonably be expected to exist. It may be necessary to inform management of the auditor's understanding of materiality. The possibility of misunderstandings between the auditor and management is reduced when oral representations are confirmed by management in writing. The auditor should obtain written representations from management that: • • It acknowledges its responsibility for the design and implementation of internal control to prevent and detect error and It believes the effects of those uncorrected misstatements aggregated by the auditor during the audit are immaterial to the financial statements when taken as a whole. During the course of an audit, management makes many representations to the auditor, either unsolicited or in response to specific inquiries. When such representations relate to matters which are material to the financial statements, the auditor will need to: 1. Seek corroborative evidence from sources inside or outside the entity, 2. Evaluate whether the representations made by management appear reasonable and consistent with other audit evidence obtained and 3. Consider whether the individuals making the representations can be expected to be well informed on the particular matters. Page 156 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS Representations by management cannot be a substitute for other audit evidence that the auditor could reasonably expect to be available. If the auditor is unable to obtain sufficient appropriate audit evidence and such audit evidence is expected to be available, this will constitute a limitation in the scope of the audit, even if a representation has been received on the matter. If a representation by management is contradicted by other audit evidence, the auditor should investigate the circumstances and, when necessary, reconsider the reliability of other representations made by management. Documentation of Representations by Management The auditor would ordinarily include in audit working papers evidence of management's representations in the form of a summary of oral discussions with management or written representations from management. A written representation is ordinarily more reliable audit evidence than an oral representation and can take the form of: • A representation letter from management, • A letter from the auditor outlining his understanding of management's representations, duly acknowledged and confirmed by management, • Relevant minutes of meetings of the board of directors or similar body or a signed copy of the financial statements Basic Elements of a Management Representation Letter When requesting a management representation letter, the auditor would request that it be addressed to the auditor, contain specified information and be appropriately dated and signed. It would ordinarily be dated the same date as the auditor's report. A management representation letter would ordinarily be signed by the members of management who have primary responsibility for the entity and its financial aspects (ordinarily the senior executive officer and the senior financial officer) based on the best of their knowledge and belief. Action if Management Refuses to Provide Representations If management refuses to provide a representation that the auditor considers necessary, this constitutes a scope limitation and the auditor should express a qualified opinion or a disclaimer of opinion. In such circumstances, the auditor would evaluate any reliance placed on other representations made by management during the course of the audit and consider if the other implications of the refusal may have any additional effect on the auditor's report. Page 157 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS H. USE OF EXPERTS ISA 620 Using the work of others states that the auditor is not expected to have the expertise of a person trained for or qualified to engage in the practice of another profession or occupation, such as an actuary or engineer. For this reason an auditor may need to use the work of an expert to obtain sufficient, appropriate audit evidence. "Expert" means a person or firm possessing special skill, knowledge and experience in a particular field other than accounting and auditing. When using the work performed by an expert, the auditor should obtain sufficient appropriate audit evidence that such work is adequate for the purposes of the audit. If unable to obtain such evidence, the auditor should consider the need to modify the auditor's report. Although the auditor may use the work of an expert, the auditor has sole responsibility for the audit opinion. The expert can be engaged by the client or the auditor. When the expert is employed by the auditor, he will be able to rely on his own systems for recruitment and training to determine that expert's capabilities and competence. If neither the auditor nor the entity employs an expert, the auditor may ask management to engage one subject to the auditor being satisfied as to the expert's competence and objectivity. If management is unable or unwilling, the auditor may consider engaging an expert or whether sufficient appropriate audit evidence can be obtained from other sources. Otherwise, the auditor might need to consider modifying the audit report. Determining the Need to Use the Work of an Expert The auditor may need to obtain audit evidence in the form of reports, opinions, valuations and statements of an expert. Examples are: • Valuations of land and buildings, plant and machinery and works of art, • Determination of quantities of minerals stored in stockpiles, underground petroleum reserves, and the remaining useful life of plant and machinery, • An actuarial valuation, The measurement of work completed and to be completed on contracts, • Legal opinions re interpretations of agreements, statutes and regulations. When determining the need to use an expert, the auditor should consider: 1. The engagement team's knowledge and previous experience of the matter, 2. The risk of material misstatement based on the nature, complexity and materiality of the matter being considered, and 3. The quantity and quality of other audit evidence expected to be obtained. Page 158 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS Competence and Objectivity of the Expert When planning to use the work of an expert, the auditor should evaluate the professional competence of the expert. He needs to consider the expert's professional certification or membership in an appropriate professional body and his experience and reputation in the field. The auditor should also evaluate the objectivity of the expert. The risk that an expert's objectivity will be impaired increases when the expert is employed by the entity or related in some other manner to the entity, for example, by being financially dependent upon or having an investment in the entity. If the auditor is concerned he needs to discuss any reservations with management and consider whether sufficient appropriate audit evidence can be obtained concerning the work of an expert. He may need to undertake additional audit procedures or seek audit evidence from another expert. If the auditor is unable to obtain sufficient appropriate audit evidence concerning the work of an expert, the auditor needs to consider modifying the auditor's report. Scope of the Expert's Work The scope of the expert's work needs to be adequate for the purposes of the audit. Audit evidence may be obtained through a review of the terms of reference. Such terms may cover matters such as: • The objectives and scope of the expert's work, • A general outline of the specific matters the auditor expects, • The intended use by the auditor of the expert's work, including the possible communication to third parties of the expert's identity, • The extent of the expert's access to appropriate records and files, • Clarification of the expert's relationship with the entity, if any, • Confidentiality of the entity's information, • Information regarding the assumptions and methods intended to be used by the expert and their consistency with those used in prior periods. Evaluating the Work of the Expert The auditor should evaluate the appropriateness of the expert's work as audit evidence regarding the assertion being considered. This will involve evaluation of whether the substance of the expert's findings is properly reflected in the financial statements or supports the assertions, and consideration of: • Source data used, • Assumptions and methods used and their consistency with prior periods, • When the expert carried out the work, Page 159 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS • Results of the expert's work in the light of the auditor's overall knowledge of the business and of the results of other audit procedures. When considering whether the expert has used source data which is appropriate in the circumstances, the auditor would consider the following procedures: • Making inquiries regarding any procedures undertaken by the expert to establish whether the source data is relevant and reliable and • Reviewing or testing the data used by the expert. The appropriateness and reasonableness of assumptions and methods used and their application are the responsibility of the expert. The auditor does not have the same expertise and, therefore, cannot always challenge the expert's assumptions and methods. However, the auditor will need to obtain an understanding of the assumptions and methods used and to consider whether they are appropriate and reasonable, based on the auditor's knowledge of the business and the results of other audit procedures. Results of the expert If the results of the expert's work do not provide sufficient appropriate audit evidence or if the results are not consistent with other audit evidence, the auditor should resolve the matter. This may involve discussions with the entity and the expert, applying additional audit procedures, including possibly engaging another expert, or modifying the auditor's report. Reference to an Expert in the Auditor's Report When issuing an unmodified auditor's report, the auditor should not refer to the work of an expert. Such a reference might be misunderstood to be a qualification of the auditor's opinion or a division of responsibility, neither of which is intended. Sole responsibility lies with the auditor. If, as a result of the work of an expert, the auditor decides to issue a modified auditor's report, in some circumstances it may be appropriate, in explaining the nature of the modification, to refer to or describe the work of the expert (including the identity of the expert and the extent of the expert's involvement). In these circumstances, the auditor would obtain the permission of the expert before making such a reference. If permission is refused and the auditor believes a reference is necessary, the auditor may need to seek legal advice. Internal audit If the client has an internal audit department, it may sometimes be possible for the external auditor to make use of their work in arriving at an audit opinion (ISA610). The external auditor should consider the activities of internal auditing and their effect, if any, on external audit procedures. Page 160 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS The external auditor should obtain an understanding of internal audit activities and assess the risks of material misstatement of the financial statements and to design and perform further audit procedures. The external auditor should perform an assessment of the internal audit function when internal audit is relevant to the external auditors’ risk assessment. When the external auditor intends to use specific work of internal auditing, the external auditor should evaluate and perform audit procedures on that work to confirm its adequacy for the external auditor’s purposes. I. OPENING BALANCES Opening balances are based on the closing balances of the prior period and reflect transactions of and accounting policies applied to the prior period. ISA 510 provides guidance on when the financial statements are audited for the first time and when the prior period was audited by another auditor. Initial audit engagements For initial audit engagements, the auditor should obtain sufficient appropriate audit evidence that: • The opening balances do not contain misstatements that materially affect the current period's financial statements; • The prior period's closing balances have been correctly brought forward to the current period or, when appropriate, have been restated; • Appropriate accounting policies are consistently applied or changes in accounting policies have been properly accounted for and adequately presented and disclosed. Audit procedures Appropriate and sufficient evidence is required and will depend on: • The accounting policies followed, • Whether the prior periods were audited and the audit report was modified, • The nature of the accounts and the risk of misstatement, • The materiality of the opening balances, Prior periods audited by another auditor Where the prior periods financial statements were audited by other auditors, the current auditor may be able to obtain sufficient appropriate audit evidence regarding opening balance by reviewing the other auditor’s working papers. The current auditor should consider the professional competence and independence of the other auditor. If the previous audit report Page 161 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS was qualified, the auditor should pay particular attention in the current period to those matters that resulted in the qualification. Lack of sufficient appropriate evidence Where the prior period accounts were not audited or where the auditor has not obtained sufficient appropriate evidence, he must perform other procedures. Examples would include: • In respect of current assets and liabilities, some audit evidence can usually be obtained as part of the current periods audit procedures such as the collection of opening debtors during the current period. This will provide some evidence of their existence, rights and obligations, completeness and valuation at the beginning of the period. • The opening stock position may require the observing of a current physical count and then reconciling it back to the opening position, testing the valuation of the opening stock items and carrying out testing on gross margins and cut off procedures. • For non-current assets and liabilities, the auditor may be able to obtain external confirmation of opening balances with third parties e.g. long term debt and investments. Audit conclusion and reporting If, after performing additional audit procedures, the auditor is unable to obtain sufficient appropriate audit evidence concerning opening balances, the auditor's report should include: • A qualified opinion, • A disclaimer of opinion or • In those jurisdictions where it is permitted, an opinion which is qualified or disclaimed regarding the results of operations and unqualified regarding financial position. If the opening balances contain misstatements which could materially affect the current financial statements, the auditor should inform management and (after having obtained management's authorisation) the previous auditor, if any. If the effect of the misstatement is not properly accounted for and adequately presented and disclosed, the auditor should express a qualified opinion or an adverse opinion, as appropriate. If the current period's accounting policies have not been consistently applied in relation to opening balances and if the change has not been properly accounted for and adequately presented and disclosed, the auditor should express a qualified opinion or an adverse opinion as appropriate. If the entity's prior period auditor's report was qualified, the auditor should consider the effect on the current period's financial statements. For example, if there was a scope limitation, such as one due to the inability to determine opening inventory in the prior period, the auditor may not need to qualify or disclaim the current period's audit opinion. However, if a modification regarding the prior period's financial statements remains relevant and material Page 162 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS to the current period's financial statements, the auditor should modify the current auditor's report accordingly. J. COMPARATIVES ISA 710 establishes the standards and provides guidance in this area. The auditor should determine whether the comparatives comply in all material respects with the financial reporting framework applicable to the financial statements being audited. Different countries have different reporting frameworks. The auditor should obtain sufficient appropriate audit evidence that amounts derived from the preceding period's financial statements are free from material misstatement and are appropriately incorporated in the financial statements for the current period. Corresponding figures are amounts and other disclosures for the preceding period that are included as part of the current period financial statements and are intended to be read in relation to the amounts and other disclosures relating to the current period. They are not presented as complete financial statements capable of standing alone, but are an integral part of the current period financial statements intended to be read only in relation to the current period figures. Comparative financial statements are amounts and other disclosures for the preceding period that are included for comparison with the financial statements of the current period, but do not form part of the current period financial statements. Comparatives are presented in compliance with the applicable financial reporting framework. The essential audit reporting differences are that: • For corresponding figures, the auditor's report only refers to the financial statements of the current period; whereas, • For comparative financial statements, the auditor's report refers to each period for which financial statements are presented. This could be part of a document for preparation for a stock exchange listing. Corresponding figures The extent of audit procedures performed on the corresponding figures is significantly less than for the audit of the current period figures. Auditor’s responsibilities The auditor should obtain sufficient appropriate audit evidence that: • The accounting policies used for the corresponding amounts are consistent with the current period and appropriate adjustments and disclosures have been made, • The corresponding amounts agree with the amounts and other disclosures presented in the preceding period and are free from errors and Page 163 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS • Where corresponding amounts have been adjusted as required by relevant legislation and accounting standards, appropriate disclosures have been made. Reporting When the comparatives are presented as corresponding figures, the auditor should issue an audit report in which the comparatives are not specifically identified because the auditor's opinion is on the current period financial statements as a whole, including the corresponding figures. Where the auditor's report on the prior period, as previously issued, included a qualified opinion, disclaimer of opinion, or adverse opinion and the matter that gave rise to the modification is: • Unresolved, and results in a modification of the auditor's report regarding the current period figures, the auditor's report should also be modified regarding the corresponding figures. • Unresolved, but does not result in a modification of the auditor's report regarding the current period figures, the auditor's report should be modified regarding the corresponding figures only. • Resolved and properly dealt with in the financial statements, the current report does not need a reference to the previous modification. However, if the matter is material to the current period, the auditor may include an emphasis of matter paragraph dealing with the situation. During the course of the current audit the auditor may become aware of a previously undetected material misstatement that affects the prior period financial statements on which an unqualified report had been previously issued. • If the prior period financial statements have been revised and reissued with a new auditor's report, the auditor should obtain audit evidence that the corresponding figures agree with the revised financial statements • If the prior period financial statements have not been revised and reissued, and the corresponding figures have not been properly restated and/or appropriate disclosures have not been made, the auditor should issue a modified report on the current period financial statements modified with respect to the corresponding figures included therein. • If prior period financial statements have not been revised and an auditor's report has not been reissued, but the corresponding figures have been properly restated and/or appropriate disclosures have been made in the current period financial statements, the auditor may include an emphasis of matter paragraph describing the circumstances and referencing to the appropriate disclosures. When the prior period financial statements are not audited, the incoming auditor should state in the auditor's report that the corresponding figures are unaudited. This does not relieve the Page 164 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS auditor, though, of his responsibilities to perform appropriate audit procedures regarding opening balances. If the auditor is not able to obtain sufficient appropriate audit evidence regarding the corresponding figures, or if there is not adequate disclosure, the auditor should consider the implications for his report. In situations where the incoming auditor identifies that the corresponding figures are materially misstated, the auditor should request management to revise the corresponding figures or if management refuses to do so, appropriately modify the report. Comparative financial statements The auditor should obtain sufficient appropriate audit evidence that the comparative financial statements meet the requirements of the applicable financial reporting framework. This involves evaluating whether: • Accounting policies of the prior period are consistent with the current period, • Prior period figures agree with the amounts and other disclosures presented in the prior period and • Appropriate adjustments and disclosures have been made. Reporting When the comparatives are presented as comparative financial statements, the auditor should issue a report in which the comparatives are specifically identified because the auditor's opinion is expressed individually on the financial statements of each period presented. Since the auditor's report on comparative financial statements applies to the individual financial statements presented, the auditor may express a qualified or adverse opinion, disclaim an opinion, or include an emphasis of matter paragraph with respect to one or more financial statements for one or more periods, while issuing a different report on the other financial statements. When reporting on the prior period financial statements in connection with the current year's audit, if the opinion on such prior period financial statements is different from the opinion previously expressed, the auditor should disclose the substantive reasons for the different opinion in an emphasis of matter paragraph. This may arise when he becomes aware of circumstances or events that materially affect the financial statements of a prior period during the course of the audit of the current period. Where the financial statements of the prior period were audited by another auditor: • The previous auditor may reissue the audit report on the prior period with the incoming auditor only reporting on the current period or Page 165 UNIT 8 – AUDIT EXECUTION – OTHER CONSIDERATIONS • The incoming auditor’s report should state the prior period was audited by another auditor, the type of report issued by the other auditor (if qualified - the reasons) and the date of that report. In the course of the current audit the incoming auditor may become aware of a previously undetected material misstatement that affects the prior period accounts on which the previous auditor had previously unqualified. In these circumstances, the incoming auditor should discuss the matter with management and, after having obtained management's authorisation, contact the previous auditor and propose that the prior period financial statements be restated. If the previous auditor agrees to reissue the audit report on the restated financial statements of the prior period, the auditor should only report on the current period. If the previous auditor does not agree with the proposed restatement or refuses to reissue the audit report on the prior period financial statements, the introductory paragraph of the current auditor's report should indicate that the previous auditor reported on the financial statements of the prior period before restatement. In addition, if the incoming auditor applies sufficient audit procedures to be satisfied as to the appropriateness of the restatement adjustment, he may include a paragraph in his report. When the prior period financial statements are not audited, the incoming auditor should state in the auditor's report that the comparative financial statements are unaudited. This statement does not relieve the auditor of the requirement to carry out appropriate audit procedures regarding opening balances. In situations where the incoming auditor identifies that the prior year unaudited figures are materially misstated, the auditor should request management to revise the prior year's figures or if management refuses to do so, appropriately qualify the report. Page 166 UNIT 9 – COMPUTER INFORMATION SYSTEMS Study Unit 9 Computer Information Systems Contents A. Entity computer systems and controls B. Computer Assisted Audit Techniques (CAAT’s) Page 167 UNIT 9 – COMPUTER INFORMATION SYSTEMS A. ENTITY’S COMPUTER SYSTEMS AND CONTROLS Computer systems In the modern age many businesses use computer systems to help them run their business and produce financial information. Directors are still required to put into place safeguards to protect the assets of a company but many are now generally incorporated into the computer systems. A balance must be struck between the degree of control and the requirement for a user friendly computer system. Controls overview Controls can be classified into the following areas: • Security • Integrity • Contingencies Integrity controls can be further subdivided into Data integrity and Systems integrity. With data integrity, the data is the same in the computer system as it is in the source documents and has not been accidentally or intentionally altered, destroyed or disclosed. Whereas systems integrity refers to systems operations conforming to the design specification set out despite deliberate or accidental attempts to cause it to do otherwise. Auditor focus The auditor’s focus on the general and application controls of the systems when carrying out control assessment, as it is important that the system used operates reliably and that risks are mitigated against. Risks Key risks include the system being put at risk by a virus or some other fault which spreads across the system and the system being accessed by an unauthorised user who could affect the smooth operation of the system or obtain commercially sensitive information. The client should have contingency plans in the event of a system difficulty. Need for assurance It is important to know that the original system is as reliable as could be expected and whether it is the best system that the company could be using at the given cost. The company might seek such assurance from its service provider. However, the service provider may not Page 168 UNIT 9 – COMPUTER INFORMATION SYSTEMS be objective as they have a vested interest. They are paid to provide a solid system, they will hardly find fault with it. This means that the directors might seek an assurance from its auditors to undertake work to ascertain if the assertions of the service provider are accurate. In considering taking on such an assurance engagement, one should ensure that sufficient skills are available to undertake such procedures. Systems audit Internal control effectiveness is generally assessed by undertaking a systems audit. The key areas to establish the reliability of systems are: Management policy • Is there a written policy for computer systems? • Is it compatible with policies in other areas? • Is it adhered to? • Is it sufficient and effective? • Is it updated when the systems are updated? • Does it relate to the current system? Segregation of duties • Is there adequate segregation of duties for data input? • Are there adequate system controls e.g. passwords to enforce segregation ? Security • Is there a physical security policy such as a locked room and password access? • Is there data security software such as virus shields? Reporting Management should receive information on the effectiveness of their controls systems and systems reliability. The operations are likely to rely heavily if not completely on computer systems and if problems arise, operations could be severely affected. Such problems could include no production, no invoicing or duplicate or omitted invoicing. Other stakeholders, customers and suppliers will be interested in the reliability of the company’s systems as they would not want to deal with ineffective operations. Internal control systems in a computer information system environment Internal control systems include both manual procedures and procedures designed into computer programmes. Page 169 UNIT 9 – COMPUTER INFORMATION SYSTEMS There are two types of controls: General CIS (computer information system) controls whose aim is to establish a framework of overall controls over the computer systems to provide reasonable assurance that the overall objectives are achieved. Application CIS controls whose purpose is to establish specific control procedures over the applications in order to provide reasonable assurance that all transactions are authorised, recorded and processed in a timely, complete and accurate manner. General CIS controls 1. Development of computer applications • Standards over systems design, programming and documentation • Full testing procedures fully documented • Approval of computer users • Segregation of duties so that those responsible for design are not responsible for testing • Installation procedures so that data are not corrupted in transition • Training of staff in the new procedures 2. Prevention or detection of unauthorised changes to programmes • Segregation of duties • Full records of programme changes through detailed maintenance of programme logs • Password protection of programmes so that access is limited • Restricted access to central computers - locked doors & keypads • Virus checks of software and use of anti-virus software & firewalls • Back-up copies of programmes secured off site 3. Testing and documentation of programme changes • Comprehensive testing procedures • Documentation standards applied • Approval of changes by management 4. Controls to prevent wrong programmes or files being used • Adequate training of staff • Operation controls over programmes and their use/access • Controlled libraries of programmes • Proper automated job scheduling Page 170 UNIT 9 – COMPUTER INFORMATION SYSTEMS 5. Controls to prevent unauthorised amendments to data files • Password protection • Use of security levels 6. Controls to ensure continuity of operations • Storing copies of programmes off site • Back-up procedures for data files to be stored off-site • Disaster recovery procedures • Maintenance agreements and insurance The auditors will test some or all of the above controls depending on their impact on the audit. It is more efficient to review the design of general controls before reviewing the application controls. If there are weaknesses in the general controls, these may have a negative impact on the application controls. The former may have a pervasive effect on the processing of transactions in application systems. If these general controls are not effective there may be a risk of misstatement that could go undetected in the application systems. Although weaknesses in general controls may preclude testing certain application systems, it is possible that manual procedures exercised may provide effective control at the application level. Application CIS controls 1. Controls over input • Completeness Document counts One for one checking, source to output Control totals • Accuracy Digit verification - reference numbers are as expected Existence checks - customer names & details Reasonableness test Review of data for gaps Permitted ranges acceptable Scrutiny of output • Authorisation Manual checks to ensure data entered was authorised Input by authorised personnel - user entry codes 2. Controls over processing Batch reconciliations Page 171 UNIT 9 – COMPUTER INFORMATION SYSTEMS Screen warnings to prevent logging off before processing is complete Exception reports output Required code such as PIN Required date fields for cut-off purposes - period closing 3. Controls over master files and standing data One to one checking Controls over deletion of accounts/data Record counts Authentication codes to update Logs of changes Testing of application controls If manual controls exercised by the user of the systems are capable of providing reasonable assurance that the systems output is complete, accurate and authorised, the auditor may decide to limit tests of controls to these manual controls. In addition, computer controls may be tested examining the systems output using either manual procedures or CAATs. Such output may be in the form of magnetic media, microfilm or printouts. Alternatively, the auditor may test the controls by performing them with the use of CAATs. In some instances it may not be possible or in some cases impractical to test controls by examining user controls or system output. The auditor may need to perform tests using CAATs such as test data, re-processing transaction data or in some unusual circumstance, examining the code of the programmes. On-Line systems On-line systems enable users to access data and programmes directly through a networked environment. They allow users to initiate functions directly such as: 1. 2. 3. 4. 5. Entering transactions Making data enquiries Requesting reports Updating master files Electronic commercial activities such as internet banking On-line systems allow on-line data entry so data validation is vital from the outset. In addition, there is the risk of unlimited access and this is undesirable from a risk and control point of view. Being on-line often results in a lack of a transaction trail which is the opposite Page 172 UNIT 9 – COMPUTER INFORMATION SYSTEMS of what an auditor seeks. Finally, there is normally programmer access and this needs strict controls in place. Internal control in an on-line environment In an on-line environment it would be important to have general controls such as access controls, control over passwords, systems development and maintenance of controls procedures, programming controls, transaction logs and firewalls. Application controls should also be in place and these should include authorisation checks such as a need for a PIN, reasonableness and other validation data tests, cut off procedures especially where continuous flow of data, file controls and master file controls. Internal control in micro computer environment In larger companies controls over systems development and operations are required for effective control to be in operation. In a micro environment such controls may not be seen to be important or cost effective. The accuracy and dependability of financial information produced by the computer information system will depend upon the internal controls required by management and adopted by the user. In any event it may be difficult to distinguish between general controls and application controls. Specific controls are important namely: 1. Physical security over equipment and removable and non-removable media 2. Program and data security, using hidden files and passwords 3. Security and data integrity 4. Hardware, software and data back- up, copies of hard disks or tapes kept off site and within fireproof containers. Electronic data interchange systems (EDI) These are systems allowing the electronic transmission of business documents. Information via EDI is automatically transferred to another entity for processing such as orders, invoices, statements or payroll information. Potential issues: • Lack of a paper/audit trail • Greater impact on the normal operations and records if there is a failure in an entity’s computer systems • Risk of loss, corruption and/or theft of data in the transmission process Page 173 UNIT 9 – COMPUTER INFORMATION SYSTEMS The auditor will need to review the controls that management have in place to address these risks. Controls could include acknowledgements, agreements by both parties of amount transmitted, authentication codes and encryption techniques. In addition, there is a need for virus protection, insurance, contingency plans and back-up arrangements. E-Business Part of the auditor’s responsibilities’ is to assess the risks for the audit process from the company using electronic business. This will impact on the skills and knowledge required by the auditor to understand the complexities of the entity’s business and operational transactions. B. COMPUTER ASSISTED AUDIT TECHNIQUES (CAATS) The scope and objectives of an audit do not change even in a situation where a client is heavily computerised. However, the application of auditing procedures does require the auditor to consider procedures that use the computer as an audit tool. These are known as computer assisted (or aided) audit techniques (CAATs). In the absence of input documents or where there is a lack of an audit trail, the auditor may need to use CAATs in testing controls and substantive testing. CAATs can improve the effectiveness and efficiency of auditing procedures. CAATs can be used in the performance of auditing procedures such as: • Tests of details of transactions and balances • Analytical review procedures • Tests of computer information system controls Types of CAATs There are two types of CAATs. Audit software and Test data. Audit software This is used to process data from a client’s accounting system. It is used to check that the figures within the accounting system are correct. Examples of substantive procedures using audit software include: • • • • • Extracting samples to specified criteria Calculating ratios and totals Select items outside a specific criteria range - exception reporting Check arithmetic calculations Compare budget vs. actual Page 174 UNIT 9 – COMPUTER INFORMATION SYSTEMS Take the example of amounts receivable. CAATs could be used to extract the following information from within a computerised system: • • • • • Whether the total in the sales ledger agrees to the total of debtors control account in the nominal ledger Are all balances within agreed credit limits Calculation of debtor days Sample selection of debtor balances for testing Identification of potential bad debts through production of an aged listing. Types of audit software: 1. Package programmes: Designed to read files, select data, perform and print reports. 2. Purpose written programmes: Generally prepared by the auditor, entity or external programmer for specific purposes. 3. Utility programmes: Programmes designed to sort files, create files or print files. They are usually not designed for audit purposes and therefore may not contain control features such as automatic record counts or control totals which auditors’ will find very useful. Test data This is where sample data is entered into an entity’s computer system and the results are compared with predetermined results to determine whether controls are operating effectively. The data can be processed during normal time or during a separate run at a time outside the normal time. Real data or dummy data can be used. Examples of applying test data include: • Testing specific controls such as data access controls by checking passwords and usernames • Testing specific processing characteristics such as invalid stock codes or customer codes • Testing transactions in an integrated test facility such as setting up dummy account to process dummy data. In this case, the test data could be processed during normal business hours in order to test the accuracy of the cycle. Page 175 UNIT 9 – COMPUTER INFORMATION SYSTEMS Difficulties using test data • When using dummy transactions there may be a need to reverse the transactions. • Test data only tests the system at a particular point in time. • Corruption of data files has to be corrected. This may be difficult with modern systems which often have built-in security with controls to ensure that data entered cannot be easily removed. Specific examples of CAATs applied using test data Sales • • • • Input an order that exceeds set credit limits Input a negative number on an order Input incomplete or inaccurate customer details Input an excessive amount Purchases • Raise an order from a supplier not on the preferred list • Process an order with an unauthorised staff number • Make changes to standing data with unauthorised access Payroll • Set up new employee without using authorised staff number • Make authorised changes to staff details • Input excessive payroll details Using CAATs Before using CAATs an auditor should consider the following: 1. Set the audit objectives 2. Determine the content and access to clients’ files 3. Determine the transaction types to be tested 4. Define the procedures to be applied 5. Define the desired output from the system 6. Identify the staff to be used in the design and application of the CAATS 7. Assess the costs and benefits of using CAATs 8. Ensure that the use of CAATs is controlled and documented 9. Carry out the application 10. Evaluate the results Page 176 UNIT 9 – COMPUTER INFORMATION SYSTEMS Using CAATs in a small business computer environment The level of computer information within a small business environment may result in the auditor placing less reliance on the system of internal control and instead placing greater emphasis on tests of details of transactions and balances and analytical review procedures. This could increase the effectiveness of certain CAATs particularly audit software. Is use of CAATs appropriate? Where smaller volumes of data are processed, manual audit procedures may be cost effective. It could be also the case that adequate technical assistance may not be available to the auditors thus making the use of CAATs impracticable. In addition, certain audit packages may not operate on small computers although the entity’s data files could be copied and processed on another computer. Within a small business computer environment, detailed knowledge of computer operations programmes and files may be confined to a small number of persons. This could increase the risk of fraud changing programmes or data. Advantages of using CAATs • • • • They assist the auditor in obtaining more audit evidence Large samples can be tested quickly and accurately CAATs test the original data and not just the printout so the validity of the test is more defined In many instances they are cost effective. Issues relating to CAATs Limitations CAATs are limited and are very dependent on the level of integration within clients’ computer systems. In addition, the current system may actually already perform the functions which the CAAT is meant to perform. Reliability The CAAT is only of use if the reliability of the system has been assessed. Cost The cost may outweigh the benefit. In particular, there may be an initial outlay with regard to time and money required. Page 177 UNIT 9 – COMPUTER INFORMATION SYSTEMS Lack of software documentation Many clients’ system documentation is very poor and this results in the auditor been unable to gain a proper understanding of the system. Without this system it may not be beneficial to make use of CAATs. Changes in clients’ systems Any changes in the clients’ systems will require changes in the design of the CAAT which the auditor will need to fully understand before making the appropriate changes to the CAAT. Lack of direction and useless results There is a danger that the auditor will use CAATs due to its availability rather than its appropriateness in the individual circumstances. Use of copy files Where clients give the auditor copies of files, the auditor should ensure that these are the actual files which are been tested Page 178 Study Unit 10 Audit Reporting Contents A. Review considerations B. Reporting on audited financial statements C. Key concepts D. Basic elements of report E. Modified reports F. Circumstances giving rise to modified reports G. Auditor’s responsibilities before and after date of audit report H. Auditor’s responsibilities for other documents Page 179 A. REVIEW CONSIDERATIONS Conflicting evidence Material YES NO Resolve issue or modify audit report Indicative of possible material misstatement YES NO Require further testing No issue NO YES Resolved Review Procedures An auditor must perform and document an overall review of the financial statements before making an audit opinion. This review, along with the conclusions drawn from other audit evidence obtained, gives the auditor a reasonable basis for his opinion on the financial statements. It needs to be carried out by a senior member of the audit team, who has the appropriate skills and experience. Page 180 What specific tasks should be carried out? a. Compliance with accounting regulations The auditor should consider whether the financial statements are in accordance with statutory requirements and whether the accounting policies are in accordance with accounting standards. In addition, the policies should be appropriate to the entity, properly disclosed and consistently applied. When assessing the accounting policies used by the entity, the auditor should consider policies adopted in specific industries, standards and guidelines, the need for a true and fair view and the need to reflect substance over form. b. Review for consistency and reasonableness The auditor needs to consider whether the financial statements are consistent with his knowledge of the entity’s business and with the evidence accumulated from other audit procedures, and that the manner of disclosure is fair. The auditor will consider: • Information and explanations received during the audit • New factors which may affect presentation and/or disclosure requirements. • Results of analytical procedures applied • Undue influence by directors • Potential impact of the aggregate of uncorrected misstatements identified. c. Analytical procedures Analytical review procedures are used as part of the overall review procedure. This review should cover accounting ratios, changes in products/customers, price and product mix changes, wages changes, variances, trends in production and sales, changes in material/labour content of production and variations caused by industry or economy factors. Significant fluctuations and unexpected relationships must be investigated. d. Summarise errors During the course of the audit of financial statements, there will be material or immaterial errors uncovered. The client will normally adjust the financial statements to take account of these errors. At the end of the audit however, there may be some outstanding errors and the auditors will summarise these unadjusted errors. The auditor should show both the balance sheet and the profit and loss effect of these errors. Page 181 e. Evaluating the effect of misstatements As part of the standard on materiality (ISA 320) in evaluating whether the financial statements are prepared in accordance with an applicable financial reporting framework, the auditor should assess whether the aggregate of uncorrected misstatements that have been identified during the audit is material. The aggregate of uncorrected misstatements is: • Specific misstatements identified by the auditor, including ones identified during the audit of the previous period if they affect the current period (e.g. opening stock) and • The auditor’s best estimate of other misstatements which cannot be quantified specifically (e.g. projected errors or system errors). If the aggregate of misstatements is material, the auditor must consider reducing audit risk by carrying out additional testing. Otherwise, he may request management to adjust the financial statements for the identified misstatements which the latter may wish to do anyway. If the aggregate of the misstatements approaches the level of materiality, the auditor should consider whether it is likely that undetected misstatements, when taken with the aggregated uncorrected misstatements, could exceed the materiality level. If so, he should consider reducing the risk by performing additional testing or, as before, requesting management to adjust the financial statements for the identified misstatements. Completion checklists Auditors frequently use checklists as control documents and evidence, that all final procedures have been carried out and that all material amounts are supported by sufficient appropriate audit evidence. The checklists should be signed off. Page 182 B. REPORTING ON AUDITED FINANCIAL STATEMENTS (ISA 700) AUDIT OPINION Overall review performed and documented Audit evidence gathered and conclusions drawn Senior member of audit team with the appropriate skills and experience Financial statements review Opening balances Comparatives Other information Subsequent events Going Concern Page 183 Audit Opinion The objective of an audit is for an independent auditor to express an opinion on a set of financial statements. The auditor is that independent person who gives his opinion on a set of financial statements. His opinion is contained in a clear written expression called the audit report. He does not provide absolute assurance. In other words he does not say the “accounts are correct”. Audits have their limitations. Considerations in reporting The auditor needs to consider a number of key matters: • Has he received all the information and explanations necessary • Has he carried out all the procedures needed to meet applicable auditing standards. • Have applicable accounting requirements been used in the preparation of the financial statements. • Do the financial statements give a true and fair view. The Process of forming an audit opinion • Ascertain whether all the evidence reasonably expected to be available has been obtained and has been evaluated. • Assess whether the effect of not gaining sufficient and relevant evidence is such that the financial statements could be misleading as a whole or in material part. • Ascertain whether the financial statements are prepared in accordance with International Financial Reporting Standards (IFRS).. • Assess whether a departure from the accepted accounting principles is required to give a true and fair view and has there been adequate disclosure. • Assess whether any unnecessary departure from accounting principles is material or pervasive to the financial statements. A material departure will give an “except for” opinion while a pervasive departure will result in an adverse opinion. • Conclude as a whole whether the financial statements give a true and fair view. Page 184 C. KEY CONCEPTS If the auditor feels that the financial statements give a true and fair view he should express an unqualified opinion stating that they present fairly in all material respects in accordance with the applicable financial reporting framework. True and fair view The key opinion is whether the accounts give a true and fair view. Unfortunately, there is no formal definition as it is not laid out in Company law. However, it is generally accepted that a set of accounts can only give a true and fair view if they are not factually incorrect and present information in an impartial way that is clearly understood by the reader. It could also be argued that in order to ensure that a set of accounts gives a true and fair view, an auditor should have regard for Company Law and Accounting Standards pertaining to those financial statements and that he himself has carried out the audit in accordance with the relevant regulatory pronouncements, codes of ethics and Auditing Standards. Materiality Materiality needs to be considered by an auditor in evaluating the effect of misstatements on the financial statements and when determining the nature, timing and extent of audit procedures. Information is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements. An item might be material due to its nature, value or impact on users of accounts. Only issues that are material will have an impact on the auditor’s opinion. Statutory requirements Aside from the key opinion, there are a number of other issues that the auditor should consider. Matters of opinion: 1. Have proper accounting records been kept Page 185 2. Is the information in the directors’ report consistent with that given in the financial statements 3. Does a financial situation exist which may require an Special Meeting 4. Have the accounts been prepared in accordance with the provisions of the companies’ acts. Matters of fact: 1. Has the auditor received all the information and explanations he deems necessary for the purposes of his audit 2. Do the financial statements agree with the books of account. D. BASIC ELEMENTS OF THE AUDITOR’S REPORT Title It should clearly indicate that the report is prepared by an independent auditor. independence confirms that all the relevant ethical standards have been met. This Addressee The auditor needs to consider the circumstances of the engagement and the local regulations. Under company law the audit report should be addressed to the shareholders. Introductory paragraph This paragraph will: • Identify the entity been audited • State that the financial statements have been audited • Identify each of the financial statements being audited • Refer to the significant accounting policies and other notes contained within the financial statements • Specify the date and period covered by the financial statements. Statement of management responsibility It must contain a statement that the management is responsible for the presentation of the financial statements. That responsibility includes: • Designing, implementing and maintaining internal controls • Selecting appropriate accounting policies and • Making reasonable accounting estimates. Auditor’s responsibility Page 186 The audit report should state that the auditor is responsible for expressing an audit opinion. It should inform the reader that the auditor adhered to international standards on auditing and ethical requirements and performed the audit so as to obtain reasonable assurance that the financial statements were free from material misstatements. It should also be noted that this responsibility includes: • Examining on a test basis, evidence to support the amounts and disclosures in the financial statements • Assessing the accounting principles used in the preparation of the financial statements • Considering whether the accounting policies are appropriate to the entity’s circumstances, consistently applied and adequately disclosed • Assessing the significant estimates made by management in the preparation of the financial statements • Evaluating the overall financial statement presentation. Auditor’s opinion If the auditor feels that the financial statements give a true and fair view he should express an unqualified opinion stating that they present fairly in all material respects in accordance with the applicable financial reporting framework. Other reporting requirements if any Any other matters required by law should be reported here such as the keeping of proper books of account. Auditor’s signature Should be either the engagement auditor’s signature or the audit firm’s name. Date The report should be dated as of the completion date of the audit. It should not be signed earlier than the date the financial statements are approved by management. Page 187 E. MODIFIED REPORTS • • Matters that do not affect auditor’s opinion Matters that do affect auditor’s opinion Description Audit opinion Accounts show a true and fair view Unqualified audit opinion “Accounts show a true and fair view” Accounts show a true and fair view but you Modified audit report with ‘emphasis of need to draw attention to a significant matter’ paragraph matter “Without qualifying my opinion, I wish to draw your attention…” Material items do not show a true and fair Modified audit report view “Accounts show a true and fair view except for……….” A true and fair view is not shown because Adverse audit opinion disagreements are pervasive to the “Accounts do not show a true and fair accounts; Accounts are meaningless. view” Perhaps there are significant numbers of material disagreements that do not show a true and fair view. The auditor cannot tell whether a true and Modified audit report fair view is given in respect of material items due to limitation in scope of the “Accounts show a true and fair view except for……….” audit. Auditor cannot tell whether a true and fair Disclaimer of opinion view is given at all due to a limitation in “I am unable to form an opinion” scope of the audit. Page 188 AUDIT REPORT DECISION MAKING Are there any issues? No Yes Unmodified audit report Material? No Yes Adequately disclosed No Yes but Consider need for emphasis of matter Limitation of scope Disagreement Serious? Yes Disclaimer of opinion No Serious? No Except for opinion Page 189 Yes Yes Adverse opinion F. CIRCUMSTANCES GIVING RISE TO MODIFIED REPORTS Matters that do not affect auditor’s opinion – ‘Emphasis of matter’ paragraph In certain circumstances, an auditor’s report may be modified by adding an emphasis of matter paragraph to highlight a matter affecting the financial statements which is included in a note in the financial statements that more extensively discusses the matter. The paragraph should be included after the opinion and should refer to the fact that the opinion is not qualified in that respect. Examples could include questions over the recoverability of a debtor balance or a potential liability such as a fine. The auditor may feel that there is sufficient disclosure in the accounts and as such there is no need to issue a qualified audit report. He may however, wish to draw the reader’s attention to this matter and hence the emphasis of matter paragraph. Matters that do affect auditor’s opinion-Limitations on scope of the audit Has the auditor received all the information and explanations he deems necessary for the purposes of his audit. If not, then he needs to consider has there been a limitation imposed on the scope of his audit. This consideration will affect his opinion. Matters that do affect auditor’s opinion-Disagreement with management The auditor may disagree with management about matters such as the acceptability of accounting policies selected, the method of their application or their adequacy of disclosures in the financial statements. It may even be a disagreement over an actual amount in the accounts or inadequate disclosure of an event or circumstance. Page 190 G. AUDITOR’S RESPONSIBILITIES BEFORE AND AFTER DATE OF AUDIT REPORT Events occurring up to the date of the auditor’s report The auditor should perform audit procedures designed to obtain sufficient appropriate audit evidence such that all events up to the date of the auditor's report that may require adjustment, or disclosure, in the financial statements have been identified. When the auditor becomes aware of events that materially affect the financial statements, it is his responsibility to consider whether such events are properly accounted for and adequately disclosed. These procedures are in addition to procedures that may be applied to specific transactions occurring after period end (normal year-end work) to obtain audit evidence as to account balances as at period end, for example, the testing of stock cut-off, receipts from debtors and payments to creditors. Facts discovered after date of the auditor’s report The auditor does not have any responsibility to perform audit procedures or make any inquiry regarding the financial statements after the date of the auditor's report. During the period from the date of the auditor's report to the date the financial statements are issued, the responsibility to inform the auditor of facts that may affect the financial statements rests with management. Where the auditor becomes aware of a fact that may materially affect the financial statements, he should consider whether the financial statements need amendment. He should discuss the matter with management and should take the action appropriate in the circumstances. H. AUDITOR’S RESPONSIBILITIES FOR OTHER DOCUMENTS Other information Other information is financial and non-financial other than that included in the audited financial statements. An entity issues on an annual basis its audited financial statements together with the auditor's report thereon. This document is frequently referred to as the ''annual report.'' In issuing such a document, an entity may also include other financial and non-financial information. Examples of other information include a report by management on operations, financial summaries or highlights, employment data, planned capital expenditures, financial ratios, names of officers and directors and selected quarterly data. Page 191 ISA 720 states that an auditor should read the other information to identify material inconsistencies with the audited financial statements. A ''material inconsistency'' exists when other information contradicts information contained in the audited financial statements. A material inconsistency may raise doubts about the audit conclusions drawn from audit evidence previously obtained and, possibly, about the basis for the auditor's opinion on the financial statements. If, as a result of reading the other information, the auditor becomes aware of any apparent misstatements therein, or identifies any material inconsistencies with the audited financial statements, the auditor should seek to resolve them. In certain circumstances, the auditor has a statutory or contractual obligation to report specifically on other information e.g. the director’s report. In other circumstances, the auditor has no such obligation. However, the auditor needs to give consideration to such other information when issuing a report on the financial statements, as the credibility of the audited financial statements may be undermined by inconsistencies which may exist between the audited financial statements and other information. The credibility of the audited financial statements may also be undermined by misstatements within the other information. When there is an obligation to report specifically on other information, the auditor's responsibilities are determined by the nature of the engagement and by local legislation and professional standards. Access to other information In order that an auditor can consider other information included in the annual report, timely access to such information will be required. The auditor therefore needs to make appropriate arrangements with the entity to obtain such information prior to the date of the auditor's report. In certain circumstances, all the other information may not be available prior to such date. In these circumstances, the auditor would need to consider his options. Is there a limitation in the scope of the audit! Material inconsistencies If, on reading the other information, the auditor identifies a material inconsistency, he should determine whether the audited financial statements or the other information needs to be amended. If the auditor identifies a material inconsistency he should seek to resolve the matter through discussion with management. If the auditor concludes that the other information contains inconsistencies with the financial statements, and the auditor is unable to resolve them through discussion with management, he Page 192 should consider requesting management to consult with a qualified third party, such as the entity's legal counsel and consider the advice received. If an amendment is necessary: • • In the audited financial statements and the entity refuses to make the amendment, the auditor should express a qualified or adverse opinion. In the other information and the entity refuses to make the amendment, the auditor should consider including in the auditor's report an emphasis of matter paragraph describing the material inconsistency or taking other actions. The actions taken, such as not issuing the auditor's report or withdrawing from the engagement, will depend upon the particular circumstances and the nature and significance of the inconsistency. The auditor would also consider obtaining legal advice as to further action. Material misstatements of fact While reading the other information for the purpose of identifying material inconsistencies, the auditor may become aware of a material misstatement of fact. A ''material misstatement of fact'' in other information exists when such information, not related to matters appearing in the audited financial statements, is incorrectly stated e.g. production figures. If the auditor becomes aware that the other information appears to include a material misstatement of fact, the auditor should discuss the matter with the entity's management. When discussing the matter with the entity's management, the auditor may not be able to evaluate the validity of the other information and management's responses to the auditor's inquiries, and would need to consider whether valid differences of judgment or opinion exist. The auditor should consider whether the other information requires to be amended. When the auditor still considers that there is an apparent misstatement of fact, the auditor should request management to consult with a qualified third party, such as the entity's legal counsel and should consider the advice received. If the auditor concludes that there is a material misstatement of fact in the other information which management refuses to correct, the auditor should consider taking further appropriate action. The actions taken could include such steps as notifying management in writing of the auditor's concern regarding the other information and obtaining legal advice. There is always the danger that these misstatements could undermine the credibility of the financial statements. Page 193 Availability of other information after the date of the auditor’s report Where all the other information is not available to the auditor prior to the date of the auditor's report, the auditor should read the other information at the earliest possible opportunity thereafter to identify material inconsistencies. If, on reading the other information, the auditor identifies a material inconsistency or becomes aware of an apparent material misstatement of fact, the auditor should determine whether the audited financial statements or the other information need revision. When revision of the other information is necessary and the entity agrees to make the revision, the auditors carry out the audit procedures necessary under the circumstances. The audit procedures may include reviewing the steps taken by management to ensure that individuals in receipt of the previously issued financial statements, the auditor's report thereon and the other information are informed of the revision. When revision of the other information is necessary but management refuses to make the revision, the auditor should consider taking further appropriate action. The actions taken could include such steps as notifying management in writing of the auditor's concern regarding the other information and obtaining legal advice. Page 194 Study Unit 11 Public Sector Auditing Contents A. The role of the Office of the Auditor General (OAG) B. The Legal Environment in which the OAG and auditees function C. Specific considerations for public sector auditing D. The role of INTOSAI Page 195 A. THE ROLE OF THE OFFICE OF THE AUDITOR GENERAL (OAG) The office of Auditor General of Rwanda (OAG) was established in 1998 and began its operations in 2000. The 2003 Constitution of the Republic of Rwanda recognised OAG as the Supreme Audit Institution and defined it as an independent office vested with legal personality, financial and administrative autonomy. The OAG published the results of their strategic plan for 2011/12 – 2015/16 which sets out its approach in addressing areas such as:• • • • Staff retention Capacity in performance auditing Outreach to stakeholders Increasing financial audit coverage The OAG has involved the services of a public financial management expert (OAG Strategic Advisor/Programme Coordinator) to support the implementation of the strategic plan. The OAG organisational structure comprises of:• Auditor General • Deputy Auditor General • Audit, administrative and support staff The following directorates are found within the OAG:• Directorate of Central Administration • Directorate of Autonomous Public Enterprises • Directorate of Local Administration • Directorate of Projects and Programmes • Directorate of Quality Assurance • Directorate of Administration and Finance B. THE LEGAL ENVIRONMENT IN WHICH THE OAG AND AUDITEES FUNCTION The Supreme Audit Institution (SAI) of Rwanda is the Office of the Auditor General of State Finances. The Auditor General of State Finances is vested with legal personality and has financial and administrative autonomy. It is further provided in the Constitution that no person shall Page 196 be permitted to interfere in the functioning of the Office or to give instructions to its personnel or to cause them to change their methods of work. Responsibilities of the Auditor General include the following: • Auditing objectively whether revenues and expenditures of the State as well as local government organs, public enterprises, privatised state enterprises, joint enterprises in which the State is participating and government projects were in accordance with the laws and regulations in force and in conformity with the prescribed justifications; • Auditing the finances of the institutions referred to above and particularly verifying whether the expenditures were in conformity with the law and sound management and whether they were necessary; • Carrying out all audits of accounts, management, portfolio and strategies which were applied in institutions mentioned above. Reporting by the Auditor General The Constitution requires the Office of the Auditor General to:• • • Report to the Chamber of Deputies on the implementation of the state budget of the previous year. This report must indicate the manner in which the budget was utilised, unnecessary expenses which were incurred or expenses which were incurred contrary to the law and whether there was misappropriation or general squandering of public funds- an audit of budget execution reports. Submit a copy of the report to the :♦ President of the Republic ♦ Cabinet ♦ President of the Supreme Court ♦ Prosecutor General of the Republic Carry out a financial audit of any institution of the State or with regard to the use of funds provided by the State as may be required by Chamber of Deputies from time to time. An important recent step has been the establishment of a Public Accounts Committee (PAC). This published its first report into transactions from the 2009-10 financial year. The relationship between the OAG and the PAC will be an important part of strengthening the accountability of audited entities in the future. Page 197 C. SPECIFIC CONSIDERATIONS FOR PUBLIC SECTOR AUDITING Public sector audit has a key role to play in safeguarding public money, ensuring proper accountability, upholding appropriate standards of conduct in public services and helping public services achieve value for money. Public sector auditors are accountable for their performance and are duty bound to undertake their work in a professional, objective and cost-effective manner and with due regard to the needs of the organisations they audit. Public Sector Auditors should:• • • • • • Plan each audit with a thorough understanding of the audited business and its environment Consult with the public sector bodies regarding their overall audit approach Consider timing of the audit and agree the audit timetable for submission of good quality accounts and completion of the audit Focus on risk areas of error, fraud, or other irregularities Be accessible throughout the year to the public sector bodies that they audit Work closely with internal auditors The ability of the auditor to perform his/her duties effectively and in a timely fashion depends heavily on the co-operation of those they are auditing. Public sector auditors around the world undertake several different types of audit: financial audit, which aims to ensure that the financial statements of audited entities present a fair view of their financial activities during the reporting period and their Statement of Financial Position (or balance sheet) at its close; compliance audit, which attempts to validate that transactions have been undertaken in compliance with appropriate legislation and regulation, and performance audit, which looks at Value for Money or the effective, efficient and economical usage of public resources (this is sometimes called the “3Es” audit. ISA 300 – Planning an audit of financial statements can be applied in relation to public sector auditing. D. THE ROLE OF INTOSAI INTOSAI was founded in 1963 at the initiative of Emilio Fernandez Camus, then President of the SAI of Cuba. The OAG of Rwanda is a member of INTOSAI. The International Organisation of Supreme Audit Institutions (INTOSAI) operates as a support organisation for the external government audit community. For over 50 years it has provided an institutionalised framework for supreme audit institutions to promote development and transfer of knowledge, improve government auditing worldwide and enhance professional capacities. Page 198 A crucial moment in the history of INTOSAI, and of public sector auditing generally, was the Lima Declaration of October 1977 at the IX INCOSAI held in Lima, Peru (INCOSAI stands for the International Congress of Supreme Audit Institutions, held every three years). This made crucial statements about matters such as the independence of public sector auditors. Such independence must not only exist in practice but must also be anchored in the law. The Declaration made important statements on such matters as the budget of the SAI and its relationship with Parliament. More detail was added by the Mexico Declaration of 2007. Regional Working Groups promote INTOSAI’s goals regionally, providing members with opportunities of professional and technical cooperation on a regional basis. The INTOSAI Governing Board has 7 regional Working Groups. Working groups are formed as a result of INTOSAI themes and recommendations to address SAI’s interests in specific technical issues (e.g. privatisation, environmental audit) Working groups publish specific guidance and best practices as a result of their work. Members of INTOSAI are free to join working groups according to their interests. Example: The African Working Group – AFROSAI – African Organization of Supreme Audit Institutions INTOSAI currently has 4 main objectives:1. Professional Standards – to establish effective frameworks for the adoption of professional standards that correspond to the demands and expectations of member institutions 2. Capacity Building – to focus on institutional capacity-building activities of direct relevance to the majority of INTOSAI’s members 3. Knowledge Sharing & Knowledge Services – to build on the essential features of openness, sharing and cooperation. 4. Model International Organisation – to promote the organization and governance of INTOSAI. On the subject of professional standards, it is notable that in 2007 that INTOSAI established the International Standards of Supreme Audit Institutions (ISSAIs). This is backed up by the INTOSAI Guidance for Good Governance (INTOSAI GOV). INTOSAI is committed to the raising of awareness of the ISSAIs in the future. Page 199
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.6 Linearized : Yes Encryption : Standard V4.4 (128-bit) User Access : Print, Print high-res Author : ann Create Date : 2012:09:19 09:20:57+01:00 Modify Date : 2012:09:19 09:21:44+01:00 Title : Tagged PDF : Yes XMP Toolkit : Adobe XMP Core 5.2-c001 63.139439, 2010/09/27-13:37:26 Metadata Date : 2012:09:19 09:21:44+01:00 Creator Tool : Acrobat PDFMaker 10.1 for Word Format : application/pdf Creator : ann Document ID : uuid:928ed91b-1bc2-4559-acc0-668c9f03e1b5 Instance ID : uuid:621f1113-0f23-4b78-912d-6c8866492f31 Producer : Adobe PDF Library 10.0 Page Count : 201EXIF Metadata provided by EXIF.tools