CPA I1.4 AUDITING Study Manual

User Manual:

Open the PDF directly: View PDF PDF.
Page Count: 201 [warning: Documents this large are best viewed by clicking the View PDF Link!]

CPA
Certified Public Accountant Examination
Stage: Intermediate Level I1.4
Subject Title: Auditing
Study Manual
INSIDE COVER - BLANK
Page 1
INTRODUCTION
© CPA Ireland
All rights reserved.
The text of this publication, or any part thereof, may not be reproduced or transmitted in any
form or by any means, electronic or mechanical, including photocopying, recording, storage
in an information retrieval system, or otherwise, without prior permission of the publisher.
Whilst every effort has been made to ensure that the contents of this book are accurate, no
responsibility for loss occasioned to any person acting or refraining from action as a result of
any material in this publication can be accepted by the publisher or authors. In addition to
this, the authors and publishers accept no legal responsibility or liability for any errors or
omissions in relation to the contents of this book.
INSTITUTE OF
CERTIFIED PUBLIC ACCOUNTANTS
OF
RWANDA
INTERMEDIATE I1
I1.4 AUDITING
First Edition 2012
This study manual has been fully revised and updated
in accordance with the current syllabus.
It has been developed in consultation with experienced lecturers.
Page 2
INTRODUCTION
BLANK
Page 3
CONTENTS
CONTENTS
Study
Unit
Title
Page
Introduction to Your Course
7
1
Introduction
13
Assurance
14
Levels of Assurance
14
The Audit Function
15
Types of Audits
15
The Limitations of an Audit
16
The need for Regulation
17
Methodology of an Audit
18
ISA 200
19
2
The Auditor and the Audit Environment
21
Audit Opinion
22
Role of the Auditor
23
Relationships & Responsibilities
23
The Audit Profession
24
International Standards on Auditing
25
Corporate Governance
28
Codes of Best Practice
29
3
Auditors Legal, Ethical & Professional Responsibilities Part 1
35
Professional & Ethical Responsibilities
36
Statutory Responsibilities & Rights
43
Appointment of Auditors
44
Resignation & Removal of Auditors
44
Auditor Duties & Rights
46
4
Auditors Legal, Ethical & Professional Responsibilities Part 2
49
Auditor’s responsibilities in relation to fraud and for the entities
compliance with Laws & Regulations
50
Auditor’s responsibilities defined by case law arising from negligence
and Related exposure and consequences
55
Pre-Appointment Procedures
58
5
Audit Planning and Supervision
65
Materiality
67
Audit Risk and its Components
69
Audit Strategies
71
Knowledge of the entity and its environment
76
Response to assessed risks of material misstatement
79
Documentation
85
Audit Supervision and Review
88
Page 4
CONTENTS
Study
Unit
Title
Page
6
Internal Control Assessing Control Risk & Tests of Control
91
Internal Control
92
Information Systems, including the Related Business Process relevant
to Financial reporting and communication
95
Control Activities
95
Assessing the Risk of Material Misstatement
97
Tests of Control
98
Assessment of impact on audit strategy
100
The recording of control systems
100
Audit Programmes
102
7
Financial Statement items Substantive Procedures
115
Assertions
116
Specific Audit Procedures
116
Balance Sheet items
119
Profit & Loss items
137
Assessment of Misstatements
139
Impact on Audit Reporting
140
8
Audit Execution Other Considerations
141
Sampling
142
Analytical Review
144
Going Concern
146
Subsequent Events
150
Accounting Estimates
153
Commitments & Contingencies
154
Management Representations
156
Use of Experts
158
Opening Balances
161
Comparatives
163
9
Computer Information Systems
167
Entity computer systems and controls
168
Computer Assisted Audit Techniques (CAAT’s)
175
10
Audit Reporting
179
Review Considerations
180
Reporting on audited financial statements
183
Key concepts
185
Basic element of report
186
Modified Reports
188
Circumstances giving rise to modified reports
190
Auditors’ responsibilities before and after date of audit report
191
Auditors’ responsibilities for other documents
191
Page 5
CONTENTS
Study
Unit
Title
Page
11
Public Sector Auditing
195
The role of the Office of the Auditor General (OAG)
196
The Legal Environment in which the OAG and auditees function
196
Specific considerations for public sector auditing
198
The role of INTOSAI
198
Page 6
INTRODUCTION
BLANK
Page 7
INTRODUCTION
INTRODUCTION TO THE COURSE
Stage: Intermediate 1
Subject Title: I1.4 Auditing
Aim
The aim of this subject is to introduce students to the concepts and principles of the audit
process and to develop their understanding of its application in the context of the legal,
regulatory and ethical framework of the profession.
Auditing as an Integral Part of the Syllabus
Auditing is an essential foundation subject for the subsequent study of Audit Practice and
Assurance Services at Advanced 2 Stage. It is also an essential component for the study of
Advanced Financial reporting at Advanced 2 Stage. In carrying out the audit of an entity’s
financial statements there is a critical need to identify the source, and test the treatment of
financial statement items (period transactions and year-end balances) and disclosures, to
ensure compliance with generally accepted accounting practice. The subjects: Financial
Accounting and Financial Reporting will provide students with this necessary knowledge.
Introduction to Law, Company Law, Taxation and Information Systems will increase
students’ awareness of other matters that an auditor must consider in the audit process.
Learning Outcomes
On successful completion of this subject students should be able to:
Interpret and discuss the legal, regulatory and ethical framework within which the
auditor operates.
Differentiate and explain the respective responsibilities of directors and auditors.
Explain the nature, purpose and scope of an audit and discuss and defend the role of
the auditor.
Apply and explain the process relating to the acceptance and retention of professional
appointments, to include the purpose and content of engagement letters.
Devise an overall audit strategy and develop an audit plan.
Supervise and review the various stages of the audit process.
Outline the nature of internal controls and the procedures required to evaluate control
risk relating to specific accounting systems, in order to identify internal controls and
weakness within the systems.
Distinguish between Tests of Control and Substantive Procedures.
Design and apply the appropriate audit tests to include in the audit programme.
Carry out analytical procedures and assess the implications of the outcome.
Page 8
INTRODUCTION
Explain the significance, purpose and content of management letters and management
representations.
Explain the distinction between an internal and external audit.
Apply and discuss audit sampling.
Demonstrate the outcome and implications of subsequent event reviews.
Plan and describe the audit of computer information systems.
Draw appropriate conclusions leading to the formulation of the auditor’s opinion.
Apply and explain the basic component elements of the Auditor’s Report.
Identify and analyse matters that impact on the wording of Modified
Reports differentiating between matters that do not affect the auditor’s opinion and
matters that do affect the auditor’s opinion.
Recognise ethical issues, discuss, escalate or resolve these as appropriate within the
Institute’s ethical framework, demonstrating integrity, objectivity, independence and
professional scepticism.
Page 9
INTRODUCTION
Syllabus:
1. The Auditor and the Audit Environment
The Statutory Audit: need, objective, focus, nature and structure. Public interest,
expectations, interrelationships between auditor, directors (management) and
shareholders and other users of financial statements, including their respective
roles and the auditor’s duties to these parties.
The Rwandan audit profession and ICPAR: organisation and regulation.
International Standards on Auditing (ISAs) and other technical pronouncements
issued by APB: nature, formulation, issuance and compliance enforcement.
The audit implications of International Accounting Standards (IFRS/IAS):
understanding and basis for application.
Directors’ responsibilities versus auditor’s responsibilities for financial statements
and internal controls; distinction between external and internal audit.
Corporate governance.
2. Auditor’s Legal, Ethical and Professional Responsibilities
Professional ethical responsibilities:
- IFAC Code of Ethics.
Statutory responsibilities and rights:
- Key responsibilities derived from International Standards on Auditing (ISAs).
- Auditor’s responsibility in relation to fraud and for the entity’s compliance
with laws and regulations.
- Auditor’s responsibilities defined by case law arising from alleged negligence
(financial statements misstated) and related exposure and consequences
- Pre-appointment procedures: client assessment (including management
integrity) and completion of engagement letter.
3. Audit Planning and Supervision
Materiality: nature (quantitative and qualitative), determination, impact and use
throughout different phases of the audit.
Audit risk and its components (inherent, control and detection risks):
interrelationships, evolution as audit progresses and impact on nature, timing and
extent of audit work.
Audit strategies (risk based auditing, tests of control, substantive procedures,
combined procedures, audit around and through computerised systems) and their
impact on the conduct of the audit.
Knowledge of the entity and its environment: business, risks, management, and
accounting systems.
Nature, extent and timing of audit procedures in response to assessed risks of
material misstatement, sufficient and appropriate audit evidence, types of audit
evidence, general audit techniques (enquiry, observation, inspection, analysis,
computation, confirmation).
Audit planning memo, audit programmes and working papers.
Audit supervision and review.
Page 10
INTRODUCTION
4. Audit Execution: Internal Control, Assessing Control Risk and Tests
of Control
Entity’s control environment and control procedures, objectives, limitations,
attributes.
Auditor’s and management’s respective responsibilities.
Internal control descriptions (flowcharts, narrative descriptions, walkthroughs)
and internal control assessments (ICEs/ICEQs).
Broad approach to internal controls, components of internal controls, limitations
of internal control.
Assessing the Risk of Material Misstatement, Internal Controls assessment and
Tests of Control for the following major systems: sales, purchases, payroll, cash
receipts and disbursements, inventory.
Audit Programmes for Tests of Control.
Final Assessment of Control Risk.
Management letter reporting and assessment of impact on audit strategy.
5. Audit Execution: Financial Statement Items Substantive Procedures.
Application of specific substantive procedures to test the following categories of
assertions:
- Assertions relating to classes of transactions and events;
- Assertions relating to account balances;
- Assertions relating to presentation and disclosure.
Audit of statements of financial position, validation procedures, applied in audit
of: - Tangible fixed assets.
- Inventory.
- Accounts receivable, prepayments & sundry debtors.
- Investments and market securities.
- Bank and cash balances.
- Accounts Payable, accruals & sundry creditors, provisions for
liabilities.
- Debenture loans and bank borrowings.
- Capital and Reserves, Equity.
Audit of statements of comprehensive Income account, validation procedures,
applied in audit of:
- Revenues and expenses.
- Sales/purchases.
- Wages and salaries.
- Other statement of comprehensive income account items.
Understanding of IFRS/IAS concerning above items.
Misstatements / aggregation / assessment / impact on audit reporting.
Page 11
INTRODUCTION
6. Audit Execution: Other Considerations
Sampling methods: decision to use, judgemental versus statistical (MUS)
sampling methods for controls and financial statement items, sample selection and
assessment.
Analytical review: nature and use (financial statements/data) throughout audit.
Going concern and its impact throughout the different phases of the audit.
Subsequent events.
Accounting estimates.
Commitments and contingencies.
Management representation letters.
Use of experts.
7. Audit Execution: Computer Information Systems (Cis) Auditing
Entity’s computer systems and controls:
- Computer systems: general applications of e-commerce and impact on control
and audit work, key computer processes including data organisation and
access, network and electronic transfers and transaction processing
modes, key computer system hardware and software, including XBRL
(eXtensible Business Reporting Language.
- Key computer system general controls: design and implementation, data
integrity, privacy and security, system program changes, system access and
disaster recovery plans.
- Key computer system application controls: transactions input, processing and
output, master-file changes.
Computer Assisted Audit Techniques (CAATs):
- Nature (computer software including expert systems and test data),
- Purpose (testing, administration),
- Application and related audit concerns (integrity and security of CAATs, audit
planning considerations).
8. Audit Reporting
Reporting on Audited Financial Statements.
Key concepts: opinion, true and fair view, materiality, statutory requirements.
Basic elements of the Auditor’s Report.
Modified Reports, differentiating between
- Matters that do not affect the auditor’s opinion, and
- Matters that do affect the auditor’s opinion.
Circumstances giving rise to Modified Reports:
- Limitations on Scope.
- Disagreements with management.
Auditor’s responsibility before and after the date of the Auditor’s Report.
Auditor’s responsibility for other information in documents (e.g. Annual Report)
containing audited financial statements.
Page 12
INTRODUCTION
9. Public sector auditing
The role of the OAG
The legal environment in which the OAG and auditees function
Specific considerations for public sector auditing
The role of INTOSAI
Page 13
UNIT 1 - INTRODUCTION
Study Unit 1
Introduction to Auditing
Contents
A. Assurance
B. Levels of Assurance
C. The Audit Function
D. Types of Audits
E. The Limitations of an Audit
F. The need for Regulation
G. Methodology of an Audit
H. ISA 200
Page 14
UNIT 1 - INTRODUCTION
INTRODUCTION
There has been a huge growth in information that is available today in all aspects of business.
The use of the internet has made access to information relatively easy and more and more
information is been required in all areas, not just financial. For example, take a look at the
Bank of Kigali annual report.
This growth in information has led to a need for assurance as to the quality and reliability of
that information so that users can make informed decisions based on the information that is
available to them.
A. ASSURANCE
The International Standards on Auditing (ISA) glossary of terms gives a definition of an
assurance engagement as “one in which a practitioner expresses a conclusion designed to
enhance the degree of confidence of the intended users other than the responsible party about
the outcome of the evaluation or measurement of a subject matter against criteria.”
In practice, this could be an auditor expressing an opinion to the shareholders of a company
on a set of financial statements prepared by management as to whether they have been
prepared in a true and fair manner in accordance with accounting standards and relevant
company law.
An audit is a type of assurance engagement.
B. LEVELS OF ASSURANCE
Various levels of assurance may be given but this depends very much on (1) the individual
engagement, (2) the criteria applied and (3) the subject matter. The glossary of terms refers
to two types but I will refer to three:
Reasonable level of assurance subject matter materially conforms to criteria; i.e.
accounts give a true and fair view having regard to the accounting standards and law,
such as carried out in an audit. This can also be known as a positive expression.
Limited level of assurance – no reason to believe that subject matter does not
conform to criteria. Essentially, a negative form of expression. Expect to see this in a
review engagement. A review engagement is another type of assurance engagement.
Absolute assurance - Can never be given. There are inherent limitations of an audit
that affect the auditor’s ability to detect material misstatements in a set of financial
statements.
Page 15
UNIT 1 - INTRODUCTION
C. THE AUDIT FUNCTION
What is an audit?
An audit is an exercise, of which the objective is to enable an independent auditor to express
an opinion on whether a set of financial statements has been prepared in a true and fair
manner and in accordance with an identified financial reporting framework.
An audit is an exercise the objective of which is:
to enable an independent auditor to express an opinion,
on whether a set of financial statements,
are prepared, in a true and fair manner,
in accordance with an identified financial reporting framework.
Overview of Syllabus and audit
D. TYPES OF AUDITS
Statutory audits as required by companies’ legislation.
Non-statutory audits preferred by interested parties rather than being required by law.
For example, charities, societies, public interest companies
Small entity audits.
A statutory audit is an independent examination of a company’s financial statements in order
to verify that the accounts have been prepared in accordance with company law and
International Financial Reporting standards (IFRS) .
Not all companies however, are required to have an audit. Audit exemption guidelines exist
within certain jurisdictions.
Legal &
Regulatory
environment
Internal controls &
financial
statements
Ethics
AUDIT
Corporate
Governance &
current issues
Risk Assessment
& Audit process
Reporting
Page 16
UNIT 1 - INTRODUCTION
Small companies depending on the jurisdiction could possibly avail of the audit exemption
because:
The cost may outweigh the benefit.
Small companies are generally owner managers, so no distinction between
shareholders and managers.
Many small companies lack a system of internal controls.
Their use of basic books of record.
However, small companies can opt to have an audit carried out specifically where the
potential users of financial statements may expect it.
There are arguments for and against small company audits.
For
Against
Reassurance given by audited accounts for
shareholders not involved in management.
Where shareholders are part of management,
the whole audit exercise may not appear to
be value for money.
Audited accounts provide a good indication
of a fair valuation for shares particularly
unquoted shares.
An audit provides management with an
independent check on the accuracy of their
financial statements. Also, some auditors do
provide decent management letters.
In reality, a more focused systems review or
similar consultancy report would be of more
benefit to management.
Employees can gain comfort from audited
accounts as to their job security and for
wage negotiations.
In reality, I don’t think this actually
happens.
Bank managers often rely on audited
accounts when reviewing security in the
event of granting a loan.
More importantly though, a bank manager
may want to see a good credit history in a
company’s transactions with the bank.
Suppliers can gain assurance from audited
accounts when giving credit to customers.
On the contrary, the accounts might be out
of date and the customer could be
experiencing difficulties. Might be more
appropriate to get relevant credit references.
Revenue can rely on audited accounts to
back up tax returns.
In reality, revenue accepts sets of accounts
prepared by independent accountants.
E. THE LIMITATIONS OF AN AUDIT
Not every item is checked. In fact, only test checks are carried out by auditors. It
would be impractical to examine all items within a class of transactions or account
balance. Hence, it is not really possible to give absolute assurance.
Auditors depend on representations from management and staff. Collusion can
mitigate some good controls such as division of duties. There is always the
possibility of collusion or misrepresentation for fraudulent purposes.
Page 17
UNIT 1 - INTRODUCTION
Evidence gathered is persuasive rather than conclusive. It often indicates what is
probable rather than what is certain. Take for example vouching a bank statement. It
only shows you that one account. Are there others?
Auditing is not purely an objective exercise. Judgements have to be made in a
number of areas. The view in financial statements is itself based on a combination of
fact and judgement. For example, valuing stock in a grain silo or valuing jewellery.
The timing of an audit. Significant credit notes after the year-end can alter a true and
fair view. Problems arise whether you audit too early or too late.
An unqualified audit opinion is not a guarantee of a company’s future viability, the
effectiveness and efficiency of management, nor that fraud has not occurred in the
company. Profit margins can differ from firm to firm yet both could have a clean
audit report.
So are there any benefits of an audit? Yes, there are.
The shareholders of a company are given an independent opinion as to the true and
fair view of the accounts that have been prepared by management.
The use made by third parties such as suppliers and banks of the accounts as
confidence in the performance of a company.
Auditors themselves can use the knowledge accumulated during the course of the
audit to provide additional services to the company such as the provision of
consultancy services or a management letter showing weaknesses in the business and
recommendations to alleviate such weaknesses in the future.
While not responsible for detecting fraud, the very fact that an audit is carried out and
may uncover evidence of fraud, can help to mitigate against such risks.
Managers in some firms may be removed from day to day transactions especially
regarding remote locations and an audit can allay fears of fraud or simple bad book-
keeping
F. THE NEED FOR REGULATION
Where there is reduced confidence in the markets and this leads to business failure, this in
turn leads to instability. As a result there is increased demand for regulation.
There has been regulation in the markets since the introduction of the concept of limited
liability. The requirement for audited financial statements is a way to protect the owners of a
business from unscrupulous management and also prevent the abuse of the limited liability
status. Standards used are a form of self-regulation. Company law is regulation, where self-
regulation doesn’t appear to be working.
Enron raised serious questions about self- regulation. In response the Sarbanes-Oxley Act
of 2002 was passed in the USA. This set up improved corporate governance including
Page 18
UNIT 1 - INTRODUCTION
enhanced internal controls and improved levels of auditor independence. This has led to
attempts to strengthen regulation in a number of other countries too.
The conduct of audits is covered by:
1. A code of ethics
2. International Standards on Auditing
3. Company Law.
In addition, Auditors are regulated by a number of different bodies, for example:
The International Auditing and assurance standards board (IAASB)
The Government
Professional Accountancy bodies such as ICPAR
G. METHODOLOGY OF AN AUDIT
1. Determine the scope and the audit approach.
Legislation and the auditing standards lay down the scope for statutory audits. An auditor
should prepare a plan for his audit.
2. Ascertain the system and controls.
Discuss the accounting system and the flow of documents with all the relevant personnel
in the company. Document all your notes. Some auditors do flow charts, narrative notes
and/or internal control questionnaires. Get to know the client’s business. Confirm that
you have recorded the system accurately by carrying out walkthrough tests.
3. Assess the system and internal controls.
Evaluate the system as it is, to weigh up its reliability and draw up a plan to test its
effectiveness. At this stage you could draw up a letter to management recommending any
improvements you consider from your findings. In addition, what you have learned here
may influence the type of further audit testing you may carry out later on.
4. Test the system and internal controls.
Above, you evaluated the controls that are in place. Now you need to test that they were
effective, Compliance tests will cover many more transactions than the walkthrough tests.
You need to carry out a representative sample through the accounting period.
If you can establish that the controls are indeed effective, you can reduce the amount of
detailed testing later on. However, if the controls turn out to be ineffective, then more
substantive tests will need to be carried out.
5. Test the financial statements.
This section covers the substantive testing which has been described earlier. You are
effectively trying to stand over the figures in the financial statements. Substantive tests
are audit procedures performed to detect material misstatements. Remember, if you think
Page 19
UNIT 1 - INTRODUCTION
that any error you might find in a class of transactions will not be significant, then there is
little point carrying out the substantive test.
6. Review the financial statements.
After all the testing has been done and the evidence gathered, you should review the
accounts as to their overall reliability making a critical analysis of the content and
presentation.
7. Express an opinion.
You need to evaluate all the evidence you have gathered and express an opinion on a set
of accounts by way of a written audit report.
You may, in addition, write a management letter which can set out improvements you
recommend or to place on record specific points in connection with the audit.
H. ISA 200
ISA 200 International standards on auditing) 200: objective and general principles
governing an audit of financial statements sets out what audits are all about.
The auditor should comply with the code of ethics for professional accountants issued
by the International Federation of Accountants (IFAC) and the ethical pronouncements
issued by the auditor’s relevant professional body.
The auditor should conduct an audit in accordance with International Standards of
Auditing and should plan and perform an audit with an attitude of professional
scepticism.
ISA 200 also makes a very important point in that while the auditor is responsible for
forming and expressing an opinion on the financial statements, the responsibility for
preparing and presenting those financial statements lies with the management.
Furthermore, the auditor does not have any responsibility with regard to the prevention
and detection of fraud. Again, that lies with the management.
Page 20
UNIT 2 THE AUDITOR AND THE AUDIT
ENVIRONMENT
BLANK
Page 21
UNIT 2 THE AUDITOR AND THE AUDIT
ENVIRONMENT
Study Unit 2
The Auditor and the Audit Environment
Contents
A. Audit Opinion
B. Role of the Auditor
C. Relationships & Responsibilities
D. The Audit Profession
E. International Standards on Auditing
F. Corporate Governance
G. Codes of Best Practice
Page 22
UNIT 2 THE AUDITOR AND THE AUDIT
ENVIRONMENT
THE AUDITOR AND THE AUDIT ENVIRONMENT
The Statutory Audit
The Companies Acts depending on the applicable jurisdiction shall require that the majority
of all companies must have an audit carried out. An exemption exists for small companies
depending on the applicable jurisdiction.
In addition to qualifying as a small company the following would need consideration
depending on the applicable jurisdiction:
Company must be a private company
Company must not be a bank or insurance entity
Company must not be part of a group
All filing requirements within the applicable jurisdiction are kept up to date.
A. AUDIT OPINION
The objective of an audit is for an independent auditor to express an opinion on a set of
financial statements.
The key opinion is whether the accounts give a true and fair view. Unfortunately, there is
no formal definition as it is not laid out in Company law. However, it is generally accepted
that a set of accounts can only give a true and fair view if they are not factually incorrect and
present information in an impartial way that is clearly understood by the reader.
It could also be argued that in order to ensure that a set of accounts gives a true and fair view,
an auditor should have regard for Company Law and Accounting Standards pertaining to
those financial statements and that he himself has carried out the audit in accordance with the
relevant regulatory pronouncements, codes of ethics and Auditing Standards.
Aside from the key opinion, there are a number of other issues that the auditor needs to report
on and these should be laid out by the companies’ acts.
These are matters of opinion and matters of fact.
Matters of opinion:
1. Have proper accounting records been kept?
2. Is the information in the directors’ report consistent with that given in the financial
statements?
3. Does a financial situation exist which may require an Special Meeting?
4. Have the accounts been prepared in accordance with the provisions of the companies’
acts?
Page 23
UNIT 2 THE AUDITOR AND THE AUDIT
ENVIRONMENT
Matters of fact:
1. Has the auditor received all the information and explanations he deems necessary for
the purposes of his audit?
2. Do the financial statements agree with the books of account?
The statutory audit opinion is given by way of a written standard audit report addressed to the
shareholders of a company. The report should be signed and dated by the auditor.
B. THE ROLE OF THE AUDITOR
The auditor is the independent person that gives his opinion on a set of financial statements.
He does not provide absolute assurance. In other words he does not say the “accounts are
correct”. Audits have their limitations.
However, this is often misunderstood by users of accounts who seem to wrongly accuse the
auditor of shortcomings especially where there are infamous business failures or perceived
wrong doing. This is known as the “expectation gap”.
The expectation gap exists because the role and duties of the auditor which are recommended
to be laid out by the companies acts, codes of ethics and auditing standard could be different
from the perceived role of the auditor by the general public and even company directors
themselves. For example, it is believed that the auditor should find all errors whether
unintentional or intentional such as fraud.
C. RELATIONSHIPS AND RESPONSIBILITIES
There are a number of stakeholders interested in financial statements from the shareholders to
management, customers to suppliers, revenue authorities to bank managers, and even future
investors.
The audit report is prepared by the auditor for the shareholders on the actions of the
management (directors).
The auditor has no legal duty to report to management or anyone else in respect of the
financial statements. However, in practice other parties do read the audit report and often
rely on the assurance given by the auditors.
Key issues:
Management are responsible for the preparation and presentation of the accounts
Management are responsible for the prevention and detection of fraud within a
company
Page 24
UNIT 2 THE AUDITOR AND THE AUDIT
ENVIRONMENT
Management are responsible for safeguarding the assets of a company
The auditor is responsible for expressing an opinion on a set of accounts prepared by
management.
D. THE AUDIT PROFESSION
Depending on the jurisdiction it would be recommended to set up an Accounting
Supervisory Authority together with an Auditing Authority. Its role would be to supervise the
practice of auditing and accounting in the relevant country.
Previously, each professional accounting body supervised their own members, however more
recently Independent Supervisory Authorities are being established in countries e.g. in
Ireland (IAASA)
The main functions of an Auditing and Accounting Supervisory Authority would be:
To supervise how each body regulates its own members
To promote adherence to the highest possible professional standards
To monitor the accounts of companies to ensure compliance with companies
legislation.
Each professional body will regulate and monitor its own members. Each body will issue its
own code of ethics. By and large the codes of ethics are very similar.
Persons carrying out audits must have the permission of the relevant authorities. It is strongly
recommended that all auditors have to be registered. Members of recognised bodies such as
CPA, ACCA and Chartered Accountants are registered auditors if they have practising and
auditing certificates from their respective bodies.
The Institute of Certified Public Accountants of Rwanda (ICPAR) is the Professional
Accountancy Organization (PAO) mandated by law number 11/2008 to regulate the
Accounting profession in the Republic of Rwanda. ICPAR is the only authorized by law to
register and grant practising certificates to Certified Public Accountants (CPAs) in Rwanda.
Certified Public Accountant Certificate holders that are registered as members of ICPAR are
entitled to the CPA( R ) designation.
The Institute operates in the public interest including promotion of financial reporting,
auditing and ethical standards.
The practising audit firms in Rwanda are very small in size and need capacity building with
respect to quality of audit.
Page 25
UNIT 2 THE AUDITOR AND THE AUDIT
ENVIRONMENT
E. INTERNATIONAL STANDARDS ON AUDITING
Readers of information need assurance as to the reliability of that information. In addition,
they will want to know that this reliability will not vary from one set of company accounts to
another. In order to ensure this, an auditor audits a set of accounts in accordance with
common standards.
There is a need then for auditors to be regulated so that all auditors follow the same
standards. One of the main points of IAS200 (objective and general principles governing an
audit of financial statements) is that auditors must follow the international standards of
auditing in the exercise of an audit.
The International standards of auditing (ISAs) are produced by the International Auditing and
Assurance Standards Board (IAASB), which is part of the International Federation of
Accountants (IFAC). The IFAC is a global organisation for the accounting profession.
The intention is that the standards issued will improve the degree of uniformity of auditing
practices, both in a standardised approach to the audit and a standard reporting format.
Only in exceptional circumstances, can an auditor judge if it is necessary to depart from an
auditing standard in order to achieve the objective of an audit. The auditor would need to be
able to justify his actions.
ISAs need only be applied to material matters. What is material is not defined in law but it is
generally accepted that something is material if its omission or misstatement could influence
the economic decisions of users of financial statements. Materiality can be based on value,
e.g. large amounts are more likely to be material than small ones, though sometimes they may
also be material by nature, for example if it exposes inappropriate decision-making within an
organisation possibly based on favouritism or personal bias.
ISAs are mandatory in some jurisdictions for the audit of companys accounts.
Setting Standards - The Process:
The IAASB identifies new developments,
The IAASB appoints a task force to draft a standard,
Consultation takes place,
An “exposure draft” is produced, essentially a draft standard issued welcoming
comments from the profession and any other interested party,
The taskforce considers comments and may make amendments,
The Standard is finalised and formally approved by the IAASB.
Page 26
UNIT 2 THE AUDITOR AND THE AUDIT
ENVIRONMENT
International standards of Auditing
Glossary of terms
ISQC 1
ISA 200
Objective and general principles governing an audit of financial statements
ISA 210
Terms of audit engagements
ISA 220
Quality control for audits of historical financial information
ISA 230
(Revised) Audit Documentation
ISA 240
The auditor's responsibility to consider fraud in an audit of financial statements
ISA 250
Consideration of laws and regulations in an audit of financial statements
ISA 260
Communication of audit matters with those charged with governance
ISA 265
Communicating deficiencies in internal control to those charged with
governance
ISA 300
Planning an audit of financial statements
ISA 315
Obtaining an understanding of the entity and its environment and assessing the
risks of material misstatement
ISA 320
Audit materiality
ISA 330
The auditor's procedures in response to assessed risks
ISA 402
Audit considerations relating to entities using service organisations
ISA 450
Evaluation of misstatements identified during the audit
ISA 500
Audit evidence
ISA 501
Audit evidence - additional considerations for specific items
ISA 505
External confirmations
ISA 510
Initial engagements - opening balances and continuing engagements - opening
balances
ISA 520
Analytical procedures
ISA 530
Audit sampling and other means of testing
ISA 540
Audit of accounting estimates
ISA 545
Auditing fair value measurements and disclosures
ISA 550
Related parties
ISA 560
Subsequent events
ISA 570
Going concern
ISA 580
Management Representations
ISA 600
Using the work of another auditor
ISA 610
Considering the work of internal audit
ISA 620
Using the work of an expert
ISA 700
The auditor's report on financial statements
ISA 705
Modifications to opinions in the Independent Auditor’s Report
ISA 706
Emphasis of matter paragraphs and other matter paragraphs in the Independent
Auditor’s Report
ISA 710
Comparatives
ISA 720
(Revised) Section A - Other Information in Documents Containing Audited
Financial Statements; Section B -
The Auditor's Statutory Reporting
Responsibility in Relation to Directors’ reports
Page 27
UNIT 2 THE AUDITOR AND THE AUDIT
ENVIRONMENT
International Accounting Standards, International Financial Reporting Standards and
International Public Sector Accounting Standards)
The auditor needs to express an opinion on a set of accounts as to whether they give a true
and fair view. In order to give a true and fair view, a set of accounts should have regard for
the provisions of company law and international accounting standards. Private sector
standards are known as International Financial Reporting Standards (IFRSs). There are public
sector equivalents, largely based on the IFRSs, known as International Public Sector
Accounting Standards (IPSASs).
The IFRSs are shown below (older Standards which have not been replaced by a more recent
IFRS are still called International Accounting Standards (IASs).
The private sector Standards in issue are shown below:
IAS 1
Presentation of Financial Statements
IAS 2
Inventories
IAS 7
Statement of Cash Flows
IAS 8
Accounting Policies, changes in Accounting Estimates and Errors
IAS 10
Events After the Reporting Period
IAS 11
Construction contracts
IAS 12
Income Taxes
IAS 16
Property, Plant and Equipment
IAS 17
Leases
IAS 18
Revenue
IAS 19
Employee Benefits
IAS 20
Accounting of Government Grants and Disclosure of Assistance
IAS 21
The Effects of Changes in Foreign Exchange Rates
IAS 23
Borrowing Costs
IAS 24
Related Party Disclosures
IAS 26
Accounting and Reporting by Retirement Benefit Plans
IAS 27
Consolidated and Separate Financial Statements
IAS 28
Investments in Associates
IAS 31
Interests in Joint Ventures
IAS 32
Financial Instruments: Presentation
IAS 33
Earnings per Share
IAS 34
Interim Financial Reporting
IAS 36
Impairment of Assets
IAS 37
Provisions, Contingent Liabilities and Contingent Assets
IAS 38
Intangible Assets
IAS 39
Financial Instruments: Recognition and Measurement
IAS 40
Investment Property
IAS 41
Agriculture
IFRS 1
First Time Adoption of International Financial Reporting Standards
IFRS 2
Share - Based Payment
IFRS 3
Business Combinations
Page 28
UNIT 2 THE AUDITOR AND THE AUDIT
ENVIRONMENT
IFRS 5
Non-current Assets Held for Sale and Discontinued Operations
IFRS 7
Financial Instruments: Disclosures
IFRS 8
Operating Segments
F. CORPORATE GOVERNANCE
A string of high profile scandals and frauds in the 1980’s and the 1990’s forced the adoption
of voluntary codes of best practice in many countries (for example the UK) to enforce good
practice by directors and to communicate the adherence to good practice by management to
the shareholders. These Codes could be applied globally.
It was vital that companies were managed well i.e. there was good corporate governance.
It would be recommended to bring in many aspects of good corporate governance into
company law.
For example: The Cadbury report defines Corporate Governance as:
The system by which companies are directed and controlled”.
Why is good corporate governance important?
Shareholders and managers are usually separate in a company and it is important that the
management of a company deals fairly with the investment made by the owners.
Corporate governance is about ensuring that public companies are managed effectively for
the benefit of the company and its shareholders.
In smaller companies, generally, shareholders are fully informed about the management of
the business as they are the directors themselves. However, in large companies the day to
day running of a company is the responsibility of the directors. Shareholders only get a look-
in at the Annual Meeting.
In addition, auditors only report on the truth and fairness of financial statements. They do not
report on how the shareholders’ investment is being managed and whether their investment is
subject to fraud.
Why does the need for good corporate governance come about?
Unscrupulous management ignoring distinction between company’s money and their
own,
Management manipulating share price for personal gain,
Page 29
UNIT 2 THE AUDITOR AND THE AUDIT
ENVIRONMENT
Management disguising poor results and mismanagement,
Management extracting funds from company and raising finance fraudulently.
Management inefficiencies in decision-making and internal control systems (these
might not be deliberate but are still problematic for shareholders)
Authority
Good corporate governance can be enforced by law (Sarbanes Oxley in the US) and/or by
agreement through codes of best practice.
So what does good corporate governance entail?
Effective management
Support /oversight of management by non-exec directors with sufficient experience
Fair appraisal of performance
Fair remuneration and benefits
Fair financial reporting
Sound systems of internal control
Constructive relationship with directors
G. CODES OF BEST PRACTICE
Two prominent codes have been formed in the UK and are considered best practice in
modern times and could be applied internationally.
For example: The Rwandan Stock Exchange commenced operations in January 2008 and has
presently four listed companies, namely:-
1. Balirwa
2. KCB
3. NMG
4. BOK
In Rwanda these codes could be applied as “Codes of Best Practice”
The Cadbury report
The Combined code
The Cadbury Report
The Cadbury report was issued in 1992. Its terms of reference considered:
The responsibilities of executive and non-executive directors and the frequency, clarity
and form in which information should be provided to shareholders.
Page 30
UNIT 2 THE AUDITOR AND THE AUDIT
ENVIRONMENT
The case for audit committees, their composition and role.
The responsibilities of auditors and the extent and value of the audit.
The links between auditors, shareholders and the directors.
The Cadbury report was aimed at directors of all UK PLCs, however directors of all
companies are encouraged to apply the code. Directors should state in the financial
statements, normally through the director’s report, whether they comply with the code and
must give any reasons for non-compliance.
The Cadbury report covered a number of areas including the board of directors, non-
executive directors, executive directors and the audit function. Some of the provisions
include:
Board of Directors
They should meet on a regular basis.
They should have clearly accepted divisions of responsibilities, so no one person has
complete power.
The posts of chairman and CEO should be separate.
Decisions which require a single signature or several signatures need to be laid out in a
formal schedule and procedures must be put in place to ensure that the schedule is
followed.
Non-executive directors
They are not involved in the day to day running of the company and should bring their
independent judgment to bear in the affairs of the company. Such affairs may include
key appointments and standards of conduct.
There should be no business or financial connection between the company and the non-
executive directors other than fees and a shareholding.
Their fees should reflect the time they spend on the business.
They should not participate in share option schemes or pension schemes.
Appointments of non-executive directors should be for a specific term and automatic
re-appointment is discouraged.
Procedures should exist whereby they may take independent advice.
A remuneration committee consisting of non-executive directors should decide on the
level of pay for executive directors.
Executive directors
They run the company on a day to day basis and should have service contracts in place
of not more than three years in length, unless approved by the shareholders.
Directors’ emoluments should be fully disclosed in the accounts and should be analysed
between salary and performance based pay.
Page 31
UNIT 2 THE AUDITOR AND THE AUDIT
ENVIRONMENT
Audit
The code states that the audit is the cornerstone of corporate governance. It is an
objective and external check on the stewardship of management.
Some flaws exist in the framework for auditing, such as choices in accounting
treatments, poor links between shareholders and auditors, price competition between
audit firms and the “expectations gap” between auditors and the public.
Disclosing fees for audit in the financial statements should safeguard against the threat
of objectivity where auditors offer other services to their audit clients.
Formal guidelines concerning audit rotation should be drawn up by the accounting
profession.
The accountancy profession should be involved in setting criteria for the evaluation of
internal control.
There is a need for auditors to report on going concern. This is now reflected in
auditing standards.
The Combined Code
For example the UK stock exchange issues guidance on a regular basis. In 1998 it issued the
combined code. This combined key guidance from various reports including the Cadbury
report into the one code.
Some of its principles included which can be adopted globally are:
Every company should have an effective board.
There should be clear divisions of responsibilities at board level.
There should be an appropriate balance of executive and non-executive directors.
A formal procedure for appointments to the board should exist.
The board should receive timely information in order to discharge its duties.
All directors should maintain and upgrade their skills and knowledge.
There should be an annual evaluation of its own performance.
All directors should be submitted to re-election at appropriate time intervals.
There should be appropriate levels of remuneration that are sufficient to attract, retain
and motivate individuals of the necessary quality required.
A significant portion of pay should be performance related.
A formal procedure for the fixing of pay levels should exist and no director should have
a hand in fixing his/her own pay.
The board should present a balanced assessment of the company’s performance.
The board should implement a good system of internal control.
The board should have meaningful communication with the shareholders and should
use the Annual Meeting to communicate with investors.
For example, the UK Stock exchange rules require that the annual report includes a statement
of how a company has applied the principles of the combined code and must disclose whether
there has been compliance with those principles. Auditors should review this statement.
Page 32
UNIT 2 THE AUDITOR AND THE AUDIT
ENVIRONMENT
Although the UK stock exchange rules require the code to be complied with, there is no
statutory duty for companies to do so. It is in fact a voluntary code.
This allows for flexibility in its application although shareholders will be aware of the
position due to the disclosure requirements.
In addition, being a voluntary code allows companies to opt out to the detriment of their
shareholders and there are companies while unlisted companies should be encouraged to
apply the codes.
Making the code obligatory may create an excessive burden of requirement especially for
smaller companies.
Audit Committees
Audit committees are generally made up of non-executive directors. They are perceived to
increase confidence in financial reports.
A number of recommendations contained in the combined code are:
Audit committee should comprise at least three non-executive directors (two for smaller
companies).
Its main role and responsibilities should be clearly set out in written terms of reference.
The committee should be provided with sufficient resources to undertake its duties.
Role and responsibilities
To monitor the integrity of the financial statements and other formal announcements.
To review the internal financial controls and the company’s control and risk
management systems.
To monitor and review the effectiveness of the internal audit function.
To make recommendations regarding the appointment of external auditors and their
remuneration.
To monitor and review the external auditor’s independence and objectivity.
To develop and implement policy on the engagement of the external auditor in other
non-assurance services.
Advantages of an audit committee
Provides an independent point of contact for the external auditor, particularly in the
event of disagreements.
Can create a climate of discipline and control.
Page 33
UNIT 2 THE AUDITOR AND THE AUDIT
ENVIRONMENT
Increased confidence in the credibility and objectivity of financial reports, by
increasing the quality of the financial reporting and enabling the non-executive
directors to contribute an independent judgment.
Internal auditors can report directly to the committee thereby providing a greater degree
of independence from management.
The existence of such a committee should make the executive directors more aware of
their duties and responsibilities.
Can act as a deterrent to fraud or illegal acts by executive directors.
Disadvantages of an audit committee
Can be difficult to source sufficient non-executive directors with the necessary
competence to be effective.
Auditors may not raise issues of judgment where there are formalised reporting
procedures.
Costs may increase.
Findings are generally not made public, so it is not always clear what they actually do.
Internal control effectiveness
Internal control is an essential tool in having good corporate governance and impacts
significantly on the audit approach that might be taken.
The directors of a company are responsible for putting in place an effective system of
internal control. An effective system of internal control will help management safeguard the
assets of a company, prevent and detect fraud and therefore, safeguard the shareholders’
investment.
In addition, it helps ensure reliability of reporting and compliance with laws. The use of the
word helpdenotes the fact that there are inherent limitations in any system of internal
controls and as such there can be no such thing as absolute assurance.
The directors need to set up internal control procedures and need to monitor these to ensure
that they are operating effectively.
The system of internal control will reflect the control environment which depends a lot on the
attitude of the directors towards risk.
The combined code recommends that the board of directors report on their review of internal
controls. This assessment should cover the changes in risks which the company faces and its
ability to respond to these changes, the scope and quality of management’s monitoring of risk
and internal control and the extent and frequency of reports to the board. It should also assess
the significant controls, failings and weaknesses that might have a material impact on the
accounts.
Page 34
UNIT 2 THE AUDITOR AND THE AUDIT
ENVIRONMENT
Auditors should assess the review carried out by the directors. They should assess whether
the company’s summary of the process of review is supported by documentation prepared by
the directors and that it reflects that process.
This review is not as defined as an audit. Therefore, it is only possible to give limited
assurance. For this reason, the auditors are not expected to assess whether the director’s
review covers all risks and controls and whether the risks are satisfactorily addressed by the
internal controls.
In order to avoid any misunderstandings, a paragraph is inserted into the audit report setting
out the scope of the auditor’s role.
Auditors should bring to the attention of directors any material weaknesses they find in the
system of internal control.
In order to monitor and assess the system of internal controls as to their reliability and
effective operation, a company may set up an internal audit department to carry out the
internal audit function.
There are significant differences between the external audit and internal audit functions.
1. An internal auditor is an employee of the company. Therefore, under applicable
company law, the internal auditor is precluded from acting as the external auditor of a
company.
2. External auditors are required by appropriate laws to belong to a recognised body,
which guarantees their appropriate qualification, adherence to technical standards and
overall competence. The internal auditor on the other hand requires no formal
training.
3. Unlike the external auditors, who are appointed at the Annual Meeting by the
shareholders of a company, the internal auditor is hired by the management of the
company. In turn this means he can be dismissed by the directors or other senior
managers, subject only to normal employment rights.
4. The primary objective of the external auditor is laid down by the applicable
companies’ acts, whereas the internal auditor’s objectives are dictated by the
management of the company. As a result, management can place limitations on the
scope of the internal auditor’s work. While some of his work may be similar to that
of the external auditor, more of it could relate to areas such as value for money.
Page 35
UNIT 3 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 1
I1.4 Auditing
Study Unit 3
Auditors Legal, Ethical & Professional Responsibilities
Part 1
Contents
A. Professional & Ethical Responsibilities
B. Statutory Responsibilities & Rights
C. Appointment of Auditors
D. Resignation & Removal of Auditors
E. Auditors Duties & Rights
Page 36
UNIT 3 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 1
I1.4 Auditing
AUDITOR’S LEGAL, ETHICAL & PROFESSIONAL
RESPONSIBILITIES PART 1
A. PROFESSIONAL AND ETHICAL RESPONSIBILTIES
ISA 200 sets out the general principles of an audit. The auditor should comply with the code
of ethics for professional accountants issued by the International Federation of Accountants.
Accountants require ethics because people rely on them for their expertise in specific areas.
Both the International Federation of Accountants (IFAC) and the Institute of Certified
Public Accountants of Rwanda (ICPAR) have issued a code of ethics of which the
fundamental principles of both associations are very similar.
Both identify-
Fundamental principles of ethical behaviour
Potential threats to those principles
Possible safeguards to counter those threats.
If the code of ethics is contravened, members may face disciplinary proceedings which could
result in a fine, censorship, suspension or withdrawal of membership and with it possibly the
right to practice.
The fundamental principles are as follows:
Integrity. A member should be straightforward and honest in all professional and
business relationships.
Objectivity. A member should not allow bias, conflict of interest or undue influence
of others to override professional or business judgements.
Professional competence and due care. A member has a continuing duty to
maintain professional knowledge and skill at the level required to ensure that a client
or employer receives competent professional service. If you are not up to the task,
you shouldn’t take it on.
Confidentiality. A member should respect the confidentiality of information
acquired as a result of professional and business relationships and should not disclose
any such information to third parties without proper and specific authority unless
there is a legal or professional right or duty to disclose. Any information acquired
should not be used for the personal advantage of the member or third parties.
Professional behaviour. A member should comply with relevant laws and
regulations and should avoid any action that discredits the profession.
Page 37
UNIT 3 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 1
I1.4 Auditing
The circumstances in which members operate may give rise to specific threats to compliance
with the fundamental principles. However, it is impossible to define every situation that
creates such threats and to specify the appropriate mitigating action.
The Institute of Certified Public Accountants of Rwanda ( ICPAR) conceptual framework
requires each member to identify, evaluate and address threats to compliance. ICPAR – Code
of Ethics – Part A 100.2
If the threats are significant, then you need to identify and apply safeguards to eliminate the
risk or to reduce it to an acceptable manner.
If no appropriate safeguards are available, then you need to eliminate the activities causing
the threat or decline the engagement or discontinue it as the case may be.
It would be recommended to follow the relevant ethical pronouncements which the
International Federation of Accountants (IFAC) outlines together with the auditor’s relevant
professional body.
ETHICAL STANDARDS
1. Integrity, Objectivity and Independence
2. Financial, business, employment and personal relationships
3. Long association with the audit engagement
4. Fees, remuneration and evaluation policies, litigation, gifts and hospitality
5. Non-Assurance Services provided to an Assurance Client
Integrity, Objectivity and Independence
An auditor should establish documented policies and procedures designed to ensure that in
relation to each audit engagement, the audit firm and anyone in a position to influence the
conduct and outcome of the audit should act with integrity, objectivity and independence.
The leadership of the audit firm should take responsibility for establishing a good control
environment within the firm.
Independence needs to be considered at all stages of the audit process.
The audit partner should ensure that the directors of an entity are informed of all matters that
affect an auditor’s objectivity and independence.
An auditor needs to be, and seen to be, independent. They must have independence of mind
and independence in appearance. It is a fundamental principle.
Independence is a state of mind that permits the provision of an opinion without being
affected by influences that compromise professional judgement, allows an individual to act
with integrity and exercises objectivity and professional judgement.
Page 38
UNIT 3 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 1
I1.4 Auditing
An auditor needs to avoid facts and circumstance that are so significant that a reasonable and
informed third party would reasonably conclude an auditor’s integrity, objectivity or
professional scepticism had been compromised.
Public confidence in the operation of capital markets and in the conduct of public interest
entities depends upon the credibility of the opinions and reports issued by auditors.
What are the possible threats to independence?
Integrity, objectivity and independence are the principal types of threats.
Self- interest.
A financial interest in a client, undue dependence on fees, close business relationship,
concern over losing a client, potential employment with client or loans from client;
anything which may cause the auditor to be reluctant to make decisions during an
audit.
Self -review.
Reporting on the operation of financial systems after you were involved in their
design and implementation. Preparation of the accounts which are now being audited.
Management threat.
Making judgements and taking decisions which are the responsibility of management,
such as changing journal entries, approving transactions or preparing source
documents. This can be linked to self- review.
Advocacy.
Acting as a legal advocate for a client in litigation or promoting shares in the
company.
Familiarity.
Allowing close personal relationships to develop with client personnel through long
association or a family relationship. The auditor may not be sufficiently questioning
of the client point of view. Accepting gifts of significant value is also a sign of
excessive familiarity.
Intimidation.
Threat of replacement due to disagreement, perhaps you want to qualify the accounts.
Possible Safeguards to independence
Safeguards that may eliminate or reduce threats to an acceptable level fall into two general
categories:
1. Safeguards created by the profession, legislation or regulation and
2. Safeguards in the work environment whether within the auditor’s own systems and
procedures or within the client company.
Page 39
UNIT 3 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 1
I1.4 Auditing
The first category includes:
Educational, training and experience requirements for entry into the profession.
The existence of a clear and robust Code of Ethics
Continuing professional development requirements.
Corporate governance regulations and Professional standards.
Professional or regulatory monitoring and disciplinary procedures.
The second category would include for example:
Firm wide safeguards
Documented policies and procedures to implement and monitor quality control of
engagements.
Documented policies regarding identification of threats, their evaluation and
application of safeguards.
Policies and procedures to enable identification of interests and relationships between
auditor and client.
Monitoring the fee income received.
Timely communication of a firm’s policies and procedures to all staff and appropriate
training thereof.
A suitable disciplinary mechanism to promote compliance with policies.
Possible Engagement specific safeguards
Involving an additional professional accountant to review the work done.
Consulting independent third parties.
Disclosing the nature of services provided and extent of fees charged to those charged
with client governance.
Rotating senior audit team personnel.
Possible Safeguards within client systems and procedures
Persons other than management ratify auditor appointment.
Client has competent employees with experience to make decisions.
The client has a corporate governance structure that provides appropriate oversight
and communications regarding the firm’s service.
International standard on quality control (ISQC 1) sets out the standards and provides
guidance regarding a firm’s responsibilities for its system of quality control for audits.
The firm should establish a system of quality control designed to provide it with
reasonable assurance that the firm and its personnel comply with professional
standards and regulatory and legal requirements.
Page 40
UNIT 3 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 1
I1.4 Auditing
The firm’s system of quality control should include policies and procedures
addressing elements such as leadership responsibilities, ethical requirements,
acceptance and continuance of client engagements, human resources, engagement
performance and monitoring.
The quality control policies and procedures should be documented and communicated
to the firm’s personnel.
Confidentiality
There is a duty of confidence to the client. Confidentiality ensures that all information
necessary for the audit is given to the auditor. However, there are several exceptions noted.
The principle is twofold. One, you should refrain from disclosing any information acquired
without proper authority to do so unless there exists a legal or professional right or duty to
disclose.
Secondly, you should refrain from using any information acquired for your own personal
advantage or that of a third party.
A member should maintain confidentiality even in a social environment and even needs to
comply with the principle even after the end of the professional relationship.
Exceptions when members may be required to disclose:
Disclosure permitted by law and authorised by client.
Disclosure by applicable law e.g. production of documents during course of legal
proceedings or disclosure to appropriate public authorities of infringements of law
that have come to light - EG: money laundering, Theft and Fraud Offences and a Duty
to report where books of account have not been kept.
Professional duty or right to disclose when not prohibited by law, such as to comply
with quality assurance reviews, to respond to an inquiry by an institute, to protect the
professional interests of a member in legal proceedings or to comply with technical
standards and ethics.
Under ISA 250 consideration of laws and regulations in an audit of financial statements, if
auditors become aware of a suspected or actual occurrence of non-compliance with law and
regulation which give rise to a statutory right or duty to report, they should report it to the
proper authority immediately.
Page 41
UNIT 3 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 1
I1.4 Auditing
Areas of controversy
Independence
Multiple services
Many audit firms are moving away from their traditional roles and are offering a
wider variety of work to their clients. Audit is sometimes even seen as a loss leader in
gaining other lucrative work.
Having more legislation in this area could restrict clients and limit opportunities for
further business and any synergies found in the auditor also providing additional
services would be lost.
Note, in the USA, SEC guidance suggests that an auditor is not independent in
relation to a listed company if they provide certain non-assurance services, such as
bookkeeping, internal audit, management or human resources functions.
Specialist services
Services such as valuation of intangible assets, property or unquoted investments were
carried out by a firm who are also a company’s auditors can lead to a self- review
threat. A firm should not therefore audit a client’s accounts which include specialist
work carried out by them.
Second opinions
Second opinions are acceptable but not if the current auditors are pressurised to accept
the second opinion. In order to avoid this, there should be constant communication
between the two auditors.
The second firm has a duty to seek permission to approach the current auditors from
the client. Without such communication, the second opinion may be formed
negligently, as the second opinion may not be based on the same set of facts or is
based on inadequate evidence.
Confidentiality
Conflicts of interest
Conflicts of interest can arise when a firm has two or more audit clients, and the
clients are in direct competition with each other e.g. major banks.
An audit firm can argue that different audit teams are involved and this can maintain
independence and confidentiality. However, clients may not perceive it this way and
could well move the audit to another firm.
Takeovers also need special consideration. You could be the auditor to both
companies in a takeover. In these cases, the auditor should not be the principal
Page 42
UNIT 3 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 1
I1.4 Auditing
advisors to either and should not issue any assessment reports on either party other
than the actual audit reports.
The public interest
There is no legal definition and therefore ‘public interest’ is difficult to prove.
Therefore, the auditor should be very careful here as any disclosure causing loss could
result in litigation. Seek legal advice at all times.
Insider dealing
Auditors can be seen as insiders as they often have access to very sensitive
information. Auditors should see the duty not to deal as an insider as an extension of
their duty of confidentiality to their clients. Again, it is not just in relation to third
parties but also to their own personal gain.
Financial, business, employment and personal relationships
Any partner in a position to influence a client audit should not have a financial interest in that
client and should not generally have any financial dealings other than those considered to be
at arm’s length and such dealings should not be material in value to either party involved.
As long as family members are not in a position of influence in relation to the accounting
records or the financial statements, the threat to independence and objectivity would not be
considered significant where a family member was employed in an audit client.
An audit firm must resign for at least 2 years where a former audit partner takes up a senior
position within an audit client.
Long association with the audit engagement
Long association can lead to a self- interest threat, self- review threat and a familiarity threat.
These may give rise to threats against independence and objectivity.
Firms need to monitor the length of time a specific senior person is engaged on a specific
assignment and should take appropriate steps if there is a perceived threat to the firm’s
objectivity.
For listed companies, it is recommended that the audit partner should rotate after 7 years,
other senior staff after 7 years also.
For other companies, there is no compulsory rotation, but good advice is that partners should
rotate off after 10 years.
Fees, remuneration and evaluation policies, litigation, gifts and hospitality
An audit should not be undertaken on a contingent fee basis. The fee charged should not
impact on the performance of an audit.
Page 43
UNIT 3 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 1
I1.4 Auditing
If the total fees generated by a client or client group represents a large proportion of a firms
total fee income then this could create a self- interest threat. The significance of the threat
should be evaluated and possible safeguards that could be applied are:-
Discussing the extent and nature of fees charged with those charged with
governance
Taking steps to reduce dependency on the client
External Quality Control Review
Consult a third party e.g. Professional Regulatory Body
Gifts should not be accepted from clients, unless the value is insignificant.
Care needs to be taken with outstanding fees as they may be construed as loans. Remember;
only transactions in the normal course of business are allowed; otherwise there is a risk that
there is a perceived threat to independence.
Where there is threatened or actual litigation, the audit firm should not continue to act as
auditor.
Non-Assurance services provided to audit client
Firms need to have procedures in place to consider the impact of non-assurance services on
the firm’s independence and objectivity.
Internal Audit - audit firm should not provide such services where they intend to place
significant reliance on such work as part of external audit.
IT Services - audit firm should not undertake design or implement systems that are a
significant part of the accounting systems.
Valuation - auditors should not provide a valuation where it involves a significant degree of
subjective judgement.
Tax services - auditors should provide routine compliance work only.
Corporate finance services - auditors should not accept any role on a contingent fee basis.
Accounting services - auditors should not undertake such services for a listed company.
B. STATUTORY RESPONSIBILITIES AND RIGHTS
Statutory responsibilities and rights are laid out under companies and other related legislation
such as
Companies Acts
Page 44
UNIT 3 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 1
I1.4 Auditing
We have already seen that company law - depending on the applicable jurisdiction - produces
a requirement that companies’ financial statements are audited.
Company Law should recommend dealing with a number of other auditor related issues
depending on the applicable jurisdiction, such as:
Appointment of auditors
Auditors’ remuneration
Resignation or removal of auditors
Auditors’ duties
Auditors’ rights
The Companies Acts of Rwanda – No 07/2009 of 27/4/09 – Law relating to Companies
C. APPOINTMENT OF AUDITORS
Auditors are appointed by members of a company at the Annual Meeting. The term lasts
from the end of one Annual Meeting until the next Annual Meeting unless of course the
auditor has resigned or has been removed during the year.
Where at the annual meeting, the company fails to appoint an auditor during that annual
meeting or the post continues to fall vacant for a one month period, the Registrar General
shall have the powers to have the company appoint its auditor within thirty (30) days.
Companies Acts – Article 238
Auditor’s remuneration
The auditor’s remuneration should be fixed at the Annual Meeting and should be disclosed in
the financial statements. It should be disclosed separately from those fees earned from non-
assurance services.
Companies Acts – Article 239
D. RESIGNATION & REMOVAL OF AUDITORS
An auditor who does not wish to be reappointed or wishes to resign
Where an auditor gives the Board of Directors of a company written notice that he/she does
not wish to be reappointed, the Board shall, if requested to do so by that auditor:
distribute to all shareholders and to the Registrar General, at the expense of the company,
a written statement of the auditor’s reasons for his/her wish not to be reappointed;
permit the auditor or his/her representative to explain at a shareholder’ meeting the
reasons for his/her wish not to be reappointed.
Page 45
UNIT 3 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 1
I1.4 Auditing
An auditor may resign prior to the Annual Meeting of the company.
This shall, after receiving the notification thereof, call on the Board of Directors to a special
meeting to receive the auditor’s notice of resignation. The auditor shall provide a written
report which gives to him/her representative the opportunity to give an explanation why
he/she does not wish to be re- appointed as auditor. Also during that meeting, the Board of
Directors or the meeting of shareholders shall appoint a new auditor.
The auditor has the right to require that the directors call a Special Meeting to discuss his
resignation and the auditor can attend and speak at this meeting on any matter that concerns
him as the retiring auditor. Directors should send out notice of this meeting within a 30 day
period.
The auditor also has the right to receive all notices that relate to a general meeting at which
their term of office would have expired.
Companies Acts Articles 244 and 245
Removal
An auditor of a company shall be automatically reappointed at an annual meeting of the
company unless the company passes a resolution at the annual meeting appointing another
person to replace the auditor; Companies Acts Article 243.
The directors of a company should give at least 30 days’ notice to all those entitled to receive
a set of accounts if a motion to remove the auditors is to be put to the members at an Annual
Meeting. The auditors also have the right to receive a copy of such notice.
The motion to remove the auditor can be passed by a simple majority.
The auditor should have a right to make representations as to why they should retain their
office and they can require that a copy of these representations be sent to all the members.
The company should notify the registrar on the removal of the auditors and the auditor should
forward the statement of circumstances to the company within a period of at least 14 days of
ceasing to hold that office. A copy of this statement should be forwarded by the company to
the Registrar General.
The auditor has a right to receive notice of and speak at such an Annual Meeting where their
term of office would have expired.
Page 46
UNIT 3 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 1
I1.4 Auditing
Communication between auditors
The new auditor is likely to request authorisation from the company to contact the previous
auditor in order to ascertain if there are any circumstances which should be brought to their
attention before accepting the appointment as auditors.
The previous auditor will forward copies of previous audited accounts together with
sufficient information relating to lead schedules of all the major areas of the audit. The
previous audit files remain in the ownership of the previous auditor.
E. AUDITORS DUTIES & RIGHTS
Auditors’ duties
We have already covered the fundamental duties as to issuing an auditor’s report on forming
an opinion on the financial statements as well as looking at a number of other areas which
were matters of opinion and matters of fact.
Auditors’ rights
Auditors should have the following rights:
Access to all relevant documents and books and any information and explanations that
they require from the directors of a company which they deem necessary in the
conduct of the audit.
Attendance at any general meeting and to receive all notices and written resolutions
which any member of the company is entitled to receive.
To be heard at any general meeting on any matters that concern them as auditors
To give written notice requiring that an Annual Meeting be held for the reason of
laying the accounts and reports before the members of a company.
Companies Acts Articles 248 and 249
Possible Company Law offences could include:
Non-filing of annual returns
Directors’ loan infringements
Non-holding of Special Meetings
Failure to keep proper books of accounts
No director resident in state
Page 47
UNIT 3 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 1
I1.4 Auditing
Acting as an auditor while not qualified to do so
It would be considered the auditor’s duty to report any offences outlined above to the Police
or the Revenue Authorities.
The main offence an auditor should be aware of is money laundering activities. Money
laundering is the process by which criminals attempt to conceal the true origin and ownership
of the proceeds of their criminal activity, allowing them to maintain control over the proceeds
and ultimately, providing a legitimate cover for the source of their income.
Audit firms are required to report suspicions that a criminal offence has been committed,
regardless of whether the offence has been committed by a client or by a third party. In
addition, they need to be alert to the danger of making disclosures that are likely to tip off a
money launderer, as this is a criminal offence
There is no legal right not to make a report and the auditor is not constrained by his
professional duty of confidence, although in all cases any such reporting must be made in
good faith. In this case, he is protected by law from having the client take a civil case against
him. However, if he did not have reasonable grounds on which to make a report to a third
party, he may be sued by his client for breach of confidentiality.
Page 48
UNIT 4 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 2
BLANK
Page 49
UNIT 4 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 2
Study Unit 4
Auditors Legal, Ethical & Professional Responsibilities
Part 2
Contents
A. Auditor’s responsibilities in relation to fraud and for the entities
compliance with Laws & Regulations
B. Auditor’s responsibilities defined by case law arising from negligence
and related exposure and consequences
C. Re-appointment Procedures
Page 50
UNIT 4 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 2
AUDITORS LEGAL, ETHICAL & PROFESSIONAL
RESPONSIBILITIES PART 2
A. AUDITOR’S RESPONSIBILITY IN RELATION TO FRAUD AND FOR THE
ENTITIES COMPLIANCE WITH LAWS AND REGULATIONS
Fraud
An auditor’s main concern in an audit is the risk of a material misstatement in the financial
statements. These material misstatements can arise from fraud or error.
An error is an unintentional misstatement in the financial statements, whether an omission
of an amount or a disclosure. It can be a mistake in gathering or processing data for the
accounts, an incorrect accounting estimate or a mistake in the application of accounting
principles.
Fraud is an intentional act by one or more individuals among management, employees or
third parties, involving the use of deception to obtain an unjust or illegal advantage.
Auditors do not make legal determination of whether fraud has actually occurred; the
auditor is concerned to the extent that fraud has caused a material misstatement in the
financial statements.
Responsibility
ISA 240 the auditor’s responsibility to consider fraud in an audit of financial
statements, states quite clearly in paragraph 240.13 that the primary responsibility for the
prevention and detection of fraud rests with the management and those charged with
governance of the entity. It is their responsibility to establish a control environment to assist
in achieving the orderly and efficient conduct of the entity’s operations. It is up to them to
put a strong emphasis on fraud prevention.
The auditor does not have a specific responsibility to prevent or detect fraud, but he must
consider whether it has caused a material misstatement in the financial statements.
Types of fraud
There are two types of intentional misstatement:
1. Fraudulent financial reporting
2. Misappropriation of assets
Page 51
UNIT 4 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 2
Fraudulent financial reporting
This may be accomplished by the following:
Manipulation, falsification, or alteration of accounting records or supporting
documentation from which the accounts are prepared
Misrepresentation in, or intentional omission from, the accounts of events, transactions
or other significant information
Intentional misapplication of accounting principles relating to amounts, classification,
manner of presentation or disclosure.
Misappropriation of assets
This involves the theft of a company’s assets. While management are in a position to be able
to disguise or conceal misappropriations in ways that are difficult to detect, small and
immaterial amounts misappropriated are often perpetrated by employees.
Misappropriations can be accomplished in a number of ways:
Embezzling receipts
Stealing physical assets or intellectual property
Causing an entity to pay for something they never received
Using an entity’s assets for own personal use.
The misappropriation of assets is often accompanied by false or misleading records or
documents in order to conceal the fact that the assets are missing.
Why is there fraud
Fraud occurs because:
There is an incentive or pressure to commit fraud
A perceived opportunity to do so
Rationalisation of the act.
Individuals may be living beyond their means
Management is under pressure to reach targets
An individual may believe internal controls can be over-ridden.
The auditor identifies the risks of fraud, relates the identified risks to what can go wrong at
the assertion level and considers the likely magnitude of a potential misstatement. Finally, he
should respond to those risks.
Page 52
UNIT 4 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 2
Reporting
The auditor should communicate to the appropriate level of management any identified fraud.
Where the fraud involves management or key employees in internal control operations, the
auditor should communicate as soon as possible any such fraud to those charged with
governance.
The auditor may have a statutory duty to report fraudulent behaviour to a regulator outside
the entity for example the police authorities.
Law and Regulation
Companies are statutorily bound to comply with laws and regulations. Some of the laws and
regulations affecting companies are:
Company law
Health and safety regulations
Employment law
Civil law, both tort and contract
Environmental law and regulation
The auditor should identify the laws and regulations that an entity operates within.
ISA 250 consideration of laws and regulations in an audit of financial statements
establishes standards and guidance on the auditor’s responsibilities to consider laws and
regulations in an audit of financial statements.
ISA 250.2 states that when designing and performing audit procedures and in evaluating
and reporting the results thereof, the auditor should recognise that non-compliance by the
entity with laws and regulations may materially affect the financial statements.
So the auditor’s responsibility is to plan and perform the audit to obtain reasonable assurance
that the company has in fact complied with relevant laws and regulations.
An audit cannot be expected to detect non-compliance with all the laws and regulations
applicable to a company. Detection, regardless of materiality, requires consideration of the
implications for the integrity of management or employees and the possible effect on other
aspects of the audit.
Non-compliance is a legal determination and is beyond the auditor’s professional competence
and while an auditor’s experience and training may well provide a basis for recognition,
ultimately, it can only be determined by a court of law.
Page 53
UNIT 4 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 2
The further removed the non-compliance is from the events and transactions normally
reflected in the financial statements, the less likely the auditor is to become aware of it or
recognize non-compliance.
Responsibility of Management
It is management’s responsibility to ensure that the entity’s operations are conducted in
accordance with laws and regulations. The responsibility for the prevention and detection of
non-compliance rests with management.
In larger companies, policies and procedures may be supplemented by an internal audit
function and an audit committee possibly split between a legal department and a compliance
function.
Directors of the company have responsibility to provide information required by the auditor,
to which he/she has a legal right of access. Such legislation also provides that it is a criminal
offence to give the auditor information or explanations which are misleading, false or
deceptive.
The auditor’s consideration
The auditor cannot be held responsible for preventing non-compliance, although an annual
audit may act as a deterrent.
Even though an audit is properly planned and performed in accordance with standards, there
is the unavoidable risk that some material misstatements will not be detected in the financial
statements.
ISA250.13 states that auditors should plan and perform the audit with an attitude of
professional scepticism recognising that the audit may reveal conditions or events that would
lead to questioning whether an entity is complying with laws and regulations.
The auditor would test for compliance with specific laws and regulations only if engaged to
do so as otherwise outside the scope of his audit.
ISA250.18 lays out that the auditor should design procedures to help identify possible or
actual instances of non-compliance with the laws and regulations, which are central to the
entity’s ability to conduct its business and hence to its financial statements.
Further, the auditor should obtain sufficient, appropriate audit evidence about compliance
with those laws and regulations, which the auditor recognises as having an effect on the
determination of material amounts and disclosures in the financial statements.
Some of the laws and regulation include ones which prohibit a company from making
distributions except out of distributable profits and laws which require the auditor to
Page 54
UNIT 4 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 2
expressly report on non-compliance such as maintenance of proper books of account or
disclosures of directors’ remuneration.
The auditor should obtain written representations from management that they have
disclosed to the auditor all known actual or possible non-compliance with laws and
regulations whose effects should be considered when preparing the financial statements. In
addition, where applicable, the written representations should include the actual or contingent
consequences which may arise from the non-compliance.
In the absence of audit evidence to the contrary, the auditor is entitled to assume the entity is
in compliance with these laws and regulations.
The auditor’s responsibility in expressing an opinion on financial statements does not extend
to determining whether the entity has complied in every respect with tax legislation. The
auditor only needs sufficient audit evidence to give a reasonable assurance that the tax
amounts in the financial statements are not materially misstated.
What to do when non-compliance is discovered
When the auditor becomes aware of non-compliance, the auditor should obtain an
understanding of the nature of the act and the circumstances in which it has occurred, and
sufficient other information to evaluate the possible effect on the financial statements.
The auditor must consider:
The potential financial consequences such as fines, penalties and/or litigation.
Whether the potential financial consequences require disclosure.
Whether these consequences are so serious they call into question the truth and fairness
of the accounts.
Reporting of non-compliance
As soon as possible, the auditor should communicate with management, or obtain audit
evidence that management are appropriately informed, regarding non-compliance that comes
to the auditor’s attention. If in the auditor’s judgment, the non-compliance is intentional
and/or material, the auditor should communicate without delay.
If the auditor suspects senior management, then he should communicate to the next higher
level, such as the audit committee. Failing that, he should seek legal advice.
In the case of money laundering it may be appropriate to report the matter directly to the
appropriate authority.
Page 55
UNIT 4 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 2
Audit report implications
If the auditor concludes that the non-compliance has a material effect on the accounts
and has not been properly reflected, he should express a qualified or adverse opinion.
If the auditor has not been able to obtain sufficient evidence to evaluate whether a
material non-compliance has occurred, he should qualify his report or issue a disclaimer
of opinion on the basis of a scope limitation.
Third part reporting
Although the auditor has a duty of confidentiality, where non-compliance gives rise to a
statutory duty to report, the auditor should do so without undue delay.
B. AUDITOR’S RESPONSIBILITIES DEFINED BY CASE LAW
ARISING FROM NEGLIENCE AND RELATED EXPOSURE AND
CONSEQUENCES
Professional Liability
Auditors may have professional liability under statute law and in the tort of negligence.
Statute law
There are occasions when auditors have professional liability under statute law:
In insolvency legislation, the auditor could be found to be an officer of the company
and thus could be charged with a criminal offence in connection with the winding up of
the company.
An auditor could be found to be guilty of insider dealing, which is a criminal offence.
Auditors could be found guilty of a criminal offence in respect of money laundering
issues as to their failure to report any known suspicions to the proper authority.
Failure to report issues that are required under company law such as those mentioned
on the audit report.
Tort of negligence
Negligence is based on common/customary law. It seeks to provide compensation to loss
suffered by one due to another’s wrongful neglect.
To succeed, an injured party must prove:
A duty of care existed
The duty of care was breached
The actual breach caused the loss.
Page 56
UNIT 4 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 2
Who would take an action against an Auditor
If an auditor gave an incorrect audit opinion the following parties might take an action:
The company
The shareholders
The bank
Other lenders
Other interested third parties
The key difference between all the above mentioned parties is the nature and duty of care
owed to them by the auditor.
Audit client
An auditor owes a duty of care to the company as it is the audit client. The company has a
contract with the audit firm. Therefore, the duty of care is automatic under law.
The company is all the shareholders acting as a body; it cannot be represented by one
shareholder alone.
The standard of work of the auditor is generally defined by legislation. A number of
judgements exist which have gauged the level of care as specific legislation does not exist
which states clearly how an auditor should discharge his duty of care.
For Example: Re Kingston cotton mills 1896 Court of Appeal, England
“.it is the duty of the auditor to bring to bear on the work he has performed that skill, care and
caution which a reasonably competent, careful and cautious auditor would use. What is
reasonable skill, care and caution, must depend on the particular circumstances of the case.”
For Example: Re Thomas Gerrard & son Ltd 1967 Chancery Division, England
“…the real ground on which re Kingston cotton mills….is, I think, capable of being
distinguished is that the standards of reasonable care and skill are, upon the expert evidence,
more exacting today than those which prevailed in 1896.”
For Example: Re Fomento(sterling area) Ltd v Selsdon fountain pen co ltd 1958
“…they must come to it with an inquiring mind, not suspicious of dishonesty…..but
suspecting that someone may have made a mistake somewhere and that a check must be
made to ensure that there has been none.”
Auditors have to be careful in forming an opinion and they must give consideration to all
relevant matters.
Page 57
UNIT 4 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 2
If an opinion reached by an auditor is one that no reasonably competent auditor would be
likely to reach, then the auditor would possibly be held for negligence.
Third parties
The auditor can only owe a duty of care to parties other than the audit client, if one can be
established.
Third parties will include any individual shareholders, potential investors and the bank. In
these cases, there is no contract with the audit firm. Therefore, there is no implied duty of
care.
Case law seems to suggest that the courts have been reluctant to attribute a duty of care for
third parties to the auditor.
Caparo industries plc v Dickman and others 1990 England House of Lords - Tort
Caparo relied on a set of accounts to purchase shares in a company. Subsequently, they
alleged that the accounts were misleading. They argued the auditors owed a duty of care.
The House of Lords found that there was no duty of care. The audit complied with the
company’s legislation and there was no mention in that legislation to suggest that auditors
should protect the interests of investors.
James McNaughton paper group ltd v Hicks Anderson 1990
The position held that a restrictive approach was now adopted to any extension of the scope
of the duty of care beyond the person directly intended by the auditor. In addition, all
circumstances should now be taken into account in deciding on a duty of care.
However, in 1995, a high court judge made an award against BDO as their joint audit of a
company in which ADT were investing was held to be a contractual relationship with ADT.
Problems however still arise after this case law. The reality is that third parties do rely on
audited accounts. The perception is, if you are required to file your accounts with the Office
of the Registrar General, then this information must be credible and independent.
It seems unfair that auditors should bear full responsibility for something for which they do
not have the primary responsibility.
In recent times, directors of companies are required by company law not to make misleading
statements to auditors.
Banks and other major lenders appear to have a more special relationship than other third
parties.
Page 58
UNIT 4 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 2
Loan facilities will often contain clauses requiring audited accounts and up to date financial
information on a regular basis. This may be seen to document a relationship with the auditor
that establishes a duty of care.
For Example: Royal bank of Scotland v Bannerman, Johnstone Maclay and other 2002
The bank provided an overdraft facility to the company, who it is claimed misstated its
position due to a fraud. It was argued that the auditors neglected to find the fraud.
The judge found that the auditors had a duty of care. They knew that the bank need audited
accounts as part of the overdraft arrangement and could have issued a disclaimer to the bank.
But they didn’t and this was an important factor in deciding that they did owe a duty of care.
Litigation avoidance
One way of dealing with litigation is to try and avoid it.
How?
Have clear client acceptance procedures, screen new clients, use an engagement letter.
Perform all audit work in accordance with standards and best practice.
Have sensible and effective quality control procedures in place.
Issue appropriate disclaimers. Auditors may attempt to limit their liability by issuing
disclaimers, although this may not always be effective in law.
C. PRE-APPOINTMENT PROCEDURES
Advertising
ISA 200 sets out the ethical principles governing the auditor’s professional responsibilities.
One of them is professional behaviour. A member is expected to comply with relevant laws
and regulations and should avoid any action that discredits the profession.
Now, auditors are like anyone else in business and in business it is necessary to advertise.
But this advertising should be aimed at informing the public in an objective manner and
should be in good taste.
The code of ethics goes on to say that in promoting themselves and their work, members
should be honest and truthful and should not make any exaggerated claims for the
services they are able to offer, the qualifications they possess or the experience they have
gained. In addition, they should not make any disparaging references or unsubstantiated
comparisons to the work of others.
If reference is made in promotional material to fees, the basis on which the fees are
calculated should be stated. The greatest care should be taken to ensure that any reference
does not mislead as to the precise range of services and time commitment that the reference is
Page 59
UNIT 4 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 2
intended to cover. The danger of giving a misleading impression is great when there are
constraints in respect of space limits for advertisements. It is for this reason that it is
generally inappropriate to advertise fees. It is probably better to advertise free
consultations to discuss fee issues.
Use of logos
Persons can only use the designated letters of a profession after their name such as in
advertisements when they are members of the said profession. A firm should hold a
practicing/auditing certificate to describe themselves as registered auditors.
Tendering
Client companies can change auditors. In this regard a firm may be approached to submit a
tender for an audit. When approached to tender, an audit firm must consider whether they
want to do the work and they must have regard for the ethical considerations, such as
independence and professional competence. In addition, they need to consider fees and other
practical issues.
Fees
A member may quote whatever fee is deemed to be appropriate. The fact that one may
quote a lower fee than another auditor is not in itself unethical. However, it does raise the
risk of a threat to the principles of professional competence and due care in that the fee
quoted may be so low as to make it appear to be difficult to perform the audit to the expected
standards.
Therefore, it is wise to set out the basis of the calculation of the fee. The following factors
should be considered when setting out a fee:
What does the job involve. Is it audit and/or tax or is there some other complicated
work involved.
Which staff will need to be involved, numbers and quality. How long will they be
required. Is the nature of the business complex.
What charge out rates are to be applied.
The practice of undercutting fees has been called lowballing and can be seen in action
generally where large audits are concerned. We have seen that having a lower fee may
seem to have a negative impact on an auditor’s perceived independence but there are other
factors to be considered:
Auditors operate in a market like any other business where supply and demand very
often dictate the price.
Page 60
UNIT 4 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 2
Fees may be lower due to reasons such as better internal audit functions and
simplified group structures within client companies.
Auditing firms have increased productivity, whether through the use of more
sophisticated IT or experience gained through understanding the clients business.
Practical issues
It is important that the auditor also considers a number of other issues:
Can the audit assignment be fitted in to the audit firms current work plan?
Is suitable audit staff available?
Will any specialist skills be required?
What are the future plans for the company?
Is there any training required for current staff and what will be the cost of that
training?
What work does the client actually want - Audit and/or tax?
Is this the first time the company has been audited?
Whether the client is seeking to change its auditors and if so what is the reason behind
it?
Submitting an audit proposal
There is no set format. In fact, the client may dictate the format whether it be a written
submission or a presentation to the board of directors.
Whatever the form of the tender submission, the following matters should be included in the
proposal:
The audit fee and the basis for its calculation
An assessment of the needs of the client
How the firm means to meet the needs of the client
Any assumptions made to support the proposal
The audit approach to be adopted by the firm
A brief outline of the firm as seen by the proposer
Details and background of the key audit staff on the proposed engagement.
Evaluating the tender
Different clients will have different ways of evaluating a tender. Some of the more general
points are listed below. It is important to bear these in mind when preparing a proposal:
Fee. This can be the most vital point. Some clients go straight to this figure and don’t
even bother with the rest of the document.
Page 61
UNIT 4 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 2
Professionalism. Auditors are expected to be professional. Remember, first
impressions count and the audit team and the tender documents are often the first
factors.
Proposed audit approach. Clients are always looking for the least amount of
disruption to their already busy schedules, so the shortest number of days on-site may
be the key to winning a tender.
Personal service. Fostering relationships is vital. Client should always feel he is
getting value for money.
Acceptance
You have submitted a tender. You have been successful and the client has offered you the
audit. Before you accept and commence the audit you should carry out a number of
procedures in order to comply with the provisions in ISQC 1 quality control (section 26 to
28).
Before accepting the assignment
Make sure there are no ethical issues which would prevent you from accepting this
assignment.
Make sure that you are professionally qualified to carry out the work requested and
that your firm has the resources available in terms of staff, expertise and time.
Check out references for the directors of the client firm especially if they are unknown
to the audit firm.
Consult previous auditors as a matter of professional courtesy and establish from them
whether there is anything that you ought to know about this vacancy.
After accepting the assignment
Make sure the resignation of the previous auditors has been properly carried out and
that the new appointment is valid. A board resolution of the company is required.
Submit a letter of engagement to the directors of the client company and ensure it is
signed before any audit work is carried out.
ISQC 1 states that a firm should establish policies and procedures for the acceptance and
continuance of client relationships and specific engagements, designed to provide it with
reasonable assurance that it will only undertake or continue relationships and engagements
where it:
Has considered the integrity of the client and does not have any information that would
lead it to conclude that the client lacks integrity,
Page 62
UNIT 4 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 2
Is competent to perform the engagement and has the capabilities, time and resources to
do so and
Can comply with the ethical requirements.
The firm should obtain such information as it considers necessary in the circumstances before
accepting an engagement with a new client, when deciding whether to continue an existing
engagement, and when considering acceptance of a new engagement with an existing
client.
Where issues have been identified and the firm decides to accept or continue the relationship
or a specific engagement, it should document how the issues were resolved.
Integrity of client
Matters to be considered:
Identity and business reputation of owners, key management and those charged with
governance.
Nature of the clients operations and its business practices.
Attitude of the owners, key management and those charged with governance towards
matters such as aggressive interpretation of accounting standards and the internal
control environment.
Client’s attitude to fees.
Indications of inappropriate limitation in the scope of work.
Indications that client may be involved in money laundering or other criminal
activities.
Reasons given for non-reappointment of previous auditors.
Information can be gathered through communications with previous auditors or other
professionals who may have provided services and through other third parties such as
bankers, legal counsel and industry peers.
Competence of the firm
Matters to be considered:
Has the firm got sufficient knowledge of the relevant industry and the relevant
regulatory environment?
Are there sufficient personnel within the firm having the necessary capabilities and
competence and are experts/specialists available when needed?
Are competent individuals available to perform quality control reviews?
Will the firm be able to complete the engagement within the reporting deadline?
Page 63
UNIT 4 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 2
Other issues
Where a potential conflict of interest is identified, the firm should consider whether it
is appropriate to accept the engagement.
Need to consider any significant matters that may have arisen during the current or
previous engagements of whatever description.
Agreeing the terms
Once an engagement has been accepted it is important to agree the terms. It is essential that
both parties fully understand what the agreed services are. Any misunderstanding could lead
to a breakdown in the relationship and could result in legal action, loss of business and
reputation
ISA 210 terms of audit engagements establishes standards and provides guidance on:
Agreeing the terms of an engagement with the client and
The auditor’s response to a request by a client to change those terms to one that
provides a lower level of assurance.
It states that the auditor and the client should agree on the terms of the engagement. The
agreed terms would need to be recorded in an audit engagement letter or other suitable form
of contract. The terms should be recorded in writing.
The objective and scope of an audit and the auditor’s obligations may be established by law,
but the auditor may still find that an audit engagement letter will be informative for their
clients.
The main points to be clarified in the letter of engagement would include:
Confirmation of the auditor’s acceptance of the appointment.
The auditor is responsible for reporting on the accounts to the shareholders
The directors of the company have a statutory duty to maintain the books of the
company and are responsible for the preparation of the financial statements.
The directors are responsible for the prevention and detection of fraud.
The fact that because of the test nature and other inherent limitations of an audit, there
is the unavoidable risk that some material misstatements may remain undiscovered.
The scope of the audit including reference to appropriate legislation and standards.
There should be unrestricted access to whatever books and records the auditor needs
in the performance of his duties.
Page 64
UNIT 4 AUDITORS LEGAL, ETHICAL & PROFESSIONAL RESPONSIBILITIES Part 2
Other points to be included:
Arrangements regarding the planning and performance of the audit.
The expectation of receiving from management written confirmation regarding
representations made in connection with the audit.
Request for the client to confirm in writing the terms of the letter.
The fee to be charged and the credit terms.
The form of any reports or other communication of results of the engagement.
Other issues
On recurring audits, the auditor should consider whether circumstances require the
terms of the engagement to be revised and whether there is a need to remind the client
of the existing terms of the engagement.
An auditor who, before the completion of the engagement, is requested to change the
engagement to one which provides a lower level of assurance, should consider the
appropriateness of doing so. Where the terms are changed, both parties should agree on
the new terms. Note, the auditor should not agree to a change of engagement where
there is no reasonable justification for doing so.
Page 65
UNIT 5 AUDIT PLANNING AND SUPERVISION
Study Unit 5
Audit Planning and Supervision
Contents
A. Materiality
B. Audit Risk and its Components
C. Audit Strategies
D. Knowledge of the entity and its environment
E. Response to assessed risks of material misstatement
F. Documentation
Page 66
UNIT 5 AUDIT PLANNING AND SUPERVISION
AUDIT PLANNING AND SUPERVISION
AUDIT PLANNING
ISA 300 planning an audit of financial statements establishes standards and guidance on the
considerations and activities applicable to planning an audit.
The auditor should:
Plan the audit so that the engagement will be performed in an effective and efficient
manner.
Perform certain procedures at the beginning of the audit:
- the continuance of the client relationship,
- evaluation of compliance with ethical requirements including independence
and
- establish an understanding of the terms of the engagement.
Establish the overall audit strategy, setting out the scope, timing and direction of the
audit.
Develop an audit plan in order to reduce audit risk to an acceptably low level.
Update and change the audit strategy and plan as necessary during the course of the
audit.
Plan the nature, timing and extent of the direction and supervision of the audit team and
a review of their work.
Document the overall audit strategy and the audit plan, including any significant
changes made during the audit engagement.
Prior to starting an initial audit, perform procedures regarding the acceptance of the
client relationship and the specific audit engagement, and communicate with the
previous auditor in compliance with relevant ethical requirements.
Adequate planning helps to ensure that:
Appropriate attention is devoted to the most important areas,
Potential problems are identified and resolved on a timely basis,
The audit engagement is properly organised and managed,
There is proper assignment of work to engagement members,
There is direction and supervision of team members and review of their work,
There is proper co-ordination of work done by experts.
The nature and extent of planning activities will vary according to the size and complexity of
the entity, the auditor’s previous experience with the entity and changes in circumstances that
occur during the audit engagement.
Page 67
UNIT 5 AUDIT PLANNING AND SUPERVISION
The establishing of the overall strategy involves considering the important factors that will
determine the focus of the audit team’s effort, such as the:
The determination of appropriate materiality levels,
Preliminary identification of areas where there may be higher risks of material
misstatement,
Preliminary identification of material components and account balances,
Evaluation of whether the auditor may plan to obtain evidence regarding the
effectiveness of internal control,
The identification of recent significant entity-specific, industry, financial reporting or
other relevant developments.
The appendix of ISA 300 sets out examples of matters the auditor may consider in
establishing the overall audit strategy. It is split between the scope of the audit engagement,
the reporting objectives, timing of the audit and communications required and the direction of
the audit.
A. MATERIALITY (ISA 320)
Materiality needs to be considered by an auditor in evaluating the effect of misstatements on
the financial statements and when determining the nature, timing and extent of audit
procedures.
In designing the audit plan, the auditor should set an acceptable materiality level. He should
consider this materiality at both the overall financial statement level and in relation to classes
of transactions, account balances and disclosures.
Information is material if its omission or misstatement could influence the economic
decisions of users taken on the basis of the financial statements.
Factors to be considered are both quantitative and qualitative. An item might be material
due to its nature, value or impact on users of accounts.
Nature
Transactions involving directors generally affect users of accounts.
Value
Inventory stocks in a manufacturing company may represent a high percentage of
current assets.
Impact
An end of year journal could convert a loss into a profit, thus affecting the users of
accounts.
Page 68
UNIT 5 AUDIT PLANNING AND SUPERVISION
The auditor’s assessment of materiality helps the auditor to decide:
What items and how many to examine
Whether to use sampling and/or analytical procedures
What audit procedures can be expected to reduce audit risk to an acceptably low level.
An auditor should consider materiality and its relationship with audit risk when conducting
an audit. The higher the material figure is set, the higher the audit risk. The auditor could
compensate for this by either
Reducing the risk, where this is possible, and supporting this by carrying out extended
or additional tests of control or
Reducing detection risk by modifying the nature, timing and extent of planned
substantive tests.
Problems with Materiality
Materiality is a matter of judgement.
Some matters could fall outside the criteria, although they could affect users of the
accounts.
Percentage guidelines need to be used carefully. What figure do you select to base the
percentage? Gross profit, profit before director’s salaries, assets, costs.
Materiality and the audit process
Materiality needs to be tailored to the business and the anticipated user. An auditor should
plan materiality based on draft figures and any other recent available financial information.
These should be applied to individual balances at the assertion level. All items greater than
the set materiality figure should be tested, with a sample selected from the remaining items.
The actual errors detected should be extrapolated out for the entire population of transactions.
A final materiality should then be based on the results obtained and the actual financial
statements produced.
To set a materiality level, an auditor needs to decide what level of misstatement (error) would
distort the view given by a set of financial statements.
The materiality level must be reviewed constantly throughout the audit process as changes
may be required due to changes in the draft accounts, any external factors that may alter the
risk profile of the entity and any actual misstatements uncovered during the audit testing
phase.
Page 69
UNIT 5 AUDIT PLANNING AND SUPERVISION
The materiality level is often set a percentage of profits as it is generally the figure that most
interested parties check out first. However, there are other figures that are also used. A range
of those values is as follows:
Value
%
Profit before tax
5
Gross profit
½-1
Turnover
½-1
Total assets
1-2
Net assets
2-5
Profit after tax
5-10
B. AUDIT RISK AND ITS COMPONENTS
Auditors should assess the risk of material misstatements arising in the financial statements
and carry out procedures in response to assessed risks.
Risk can be analysed as follows:
Audit
risk
Detection
risk
Control
risk
Risk of
material
misstatement
Business
risk
Financial
risk
Compliance
risk
Overall
risk
Operational
risk
Inherent
risk
Page 70
UNIT 5 AUDIT PLANNING AND SUPERVISION
Overall risk is split into audit risk and business risk. Audit risk is sometimes known as
assignment or engagement risk. It is focused on the financial statements of the business.
This is the auditor’s main focus.
Inherent risk is the susceptibility of an account balance or class of transactions to material
misstatement, irrespective of related internal controls. It may be due to the characteristics of
those items such as the fact they are estimates, complex calculations or that they are
important items in the accounts. Auditors use their professional judgment and their
understanding of the client company to assess the inherent risk.
Control risk is such that the clients controls fail to prevent, detect and/or correct material
misstatements. There will always be an element of control risk due to the inherent limitations
of internal controls.
Detection risk is such that the audit procedures applied by the auditor will fail to detect
material misstatements. There are limitations to the audit process and detection risk relates to
the inability of auditors to examine all evidence. As a result, some detection risk always
exists. Auditors may fail to detect misstatements for a number of reasons including selecting
inappropriate audit procedures, incorrectly applying an appropriate procedure or simply
misinterpreting the results of testing.
The auditor’s assessment of inherent and control risk will influence the nature, timing and
extent of the substantive procedures which are required to reduce the detection risk and
hence, audit risk.
Examples of risk factors affecting client:
Integrity and attitude to risk of management - Problems can be caused where there is
domination by a single individual.
A lack of management experience and knowledge can affect the quality of financial
management.
Unusual pressures on management can lead to tight reporting deadlines or market or
financing expectations.
The nature of the business can lead to potential problems such as technological
obsolescence or over-dependence on single products.
Industry factors such as competitive conditions, regulatory requirements, technology
developments.
IT problems include lack of supporting documentation, expertise heavily dependent on
a few people and potential risk of unauthorised access to systems.
Examples of risk factors affecting account balances or transactions:
Areas which require prior year adjustments or require high level of estimation,
Where expert valuations are required due to complex issues,
Account balances such as cash, stock, portable assets which are prone to fraud,
Page 71
UNIT 5 AUDIT PLANNING AND SUPERVISION
The existence of high volume transactions where systems may be unable to cope,
Unusual transactions,
Major changes in staff or low morale issues.
Business risk arises in the operations of a business. It is split into three distinct types:
Financial risk - arising from financial activities or financial consequences such as cash
flow issues, overtrading, going concern, breakdown of accounting systems, credit risk and
currency risk.
Operational risks arise with regard to the operations of the business such as risk of losing
a major supplier, physical disasters, loss of key personnel and poor brand management.
Compliance risks arise from non-compliance with laws and regulations within which the
company operates or environmental issues.
Relationship between risks
Initially, it would appear that audit risk and business risk are unrelated, as audit risks are
limited only to the financial statements. However, business risks include all risks facing the
business and this includes inherent risks and control risks, which form part of the audit risk.
Although audit risk is very financial statement focused, business risk does form part of the
inherent risk associated with the financial statements, because if such risks materialise, then
the whole going concern basis of the business could be affected and this has major
implications for the financial statements.
IMPACT OF RISK
AR=IR*CR*DR
C. AUDIT STRATEGIES
The risk approach
Risk is a key issue in any audit and the most common approach to carrying out an audit
incorporates recognition of those risks. This is called the risk-based approach.
There are other approaches and other techniques and the risk based approach is used in
conjunction with these other approaches.
Auditors apply judgment to determine what level of risk pertains to different areas of a
client’s system and devise appropriate audit tests. Risk-based auditing ensures that the
greatest effort is directed at those areas of the financial statements that are most likely to be
Page 72
UNIT 5 AUDIT PLANNING AND SUPERVISION
misstated. The chance of detecting errors is therefore improved and time is not wasted on
testing safe areas.
For example, in a small manufacturing company, an auditor will need to do more work on
inventory than say land & buildings. Inventory can be a complex area, with probably a
significant number of line items and there is the risk of obsolete stock.
Why is the risk-based auditing used more increasingly?
Growing complexity of the business environment, such as advanced computer systems
and the globalisation of business, increases the risk of fraud or misstatement.
Pressure on auditors to keep fees down but improve the level of service.
ISA 315 requires that auditors consider the entity’s process for assessing its own business
risks. They must consider the factors that lead to the problems which may cause material
misstatements and what can the audit contribute to the business pursuing its goals.
The risk analysis stage is a very important part of the planning of an audit as it allows the
auditor to:
Identify the main areas where possible errors might occur,
Plan the work to address any of these possible errors,
Uncover errors as early as possible during the audit process,
Carry out the audit as efficiently as possible,
Reduce the risk of an incorrect audit opinion,
Reduce the risk of litigation.
The risk based approach will affect:
How the audits are planned,
The nature of the audit evidence to be gathered by the auditor,
The nature of the procedures that need to be carried out by the auditor,
The amount of evidence that needs to be gathered.
The business risk approach was developed because it was believed that in some instances
the risk of misstatement arises mainly from the business risks of the company.
This business approach tries to mirror the risk management steps that have been taken by the
directors. It is also known as the top down approach in that it starts at the objectives of the
company and works down to the financial statements, rather than working up from the
financial statements which has been the historical approach to auditing.
Controls’ testing is aimed at high level controls and substantive testing is reduced.
Page 73
UNIT 5 AUDIT PLANNING AND SUPERVISION
Principal risks include:
Economic pressures causing reduced sales and eroding margins,
Demands for extended credit,
Product quality issues re inadequate control over supply chain etc.,
Customer dissatisfaction re order requirements and invoicing errors etc.,
Unacceptable service response calls,
Out of date IT systems.
These risks can impact on inventory values, receivables recoverable, provisions and
contingencies and going concern.
The effect of the top down approach is that the auditor pays more attention to high level
controls such as the control environment and corporate governance than the traditional
approaches. In addition, analytical review procedures are used more extensively as the
auditor is keen to understand the business more clearly. The combination of the above two
factors will result in reduced substantive detailed testing, although it is not eliminated
completely.
Business risk approach advantages:
There is added value given to clients as the approach focuses on the business as a
whole rather than just the financial statements.
Where audit attention is focused on high levels of controls and use of analytical
procedures, there is increased audit efficiency.
There is no need to focus on routine processes where technological developments
have rendered them less prone to error than in previous times.
The approach responds to corporate governance issues in recent years.
There is a lower engagement risk through a better understanding of the clients
business.
Systems and controls
This approach is always used in conjunction with other approaches as substantive testing can
never be eliminated completely.
Management is required to institute a system of controls which is capable of safeguarding the
assets of the shareholders. Auditors assess the controls put in place by directors and ascertain
whether they are effective and can be relied on for the purposes of the audit. They carry out
tests to ensure that the systems operate as they are supposed to. If the controls are
ineffective, the control risk is high and it is important to undertake higher levels of
substantive testing.
Page 74
UNIT 5 AUDIT PLANNING AND SUPERVISION
Cycles and transactions
An auditor may choose to carry out substantive tests on the transactions of the business in the
relevant period. Cycles’ testing is closely linked to systems testing, as it is based on the same
systems. However, with the cycles approach, the auditors test the transactions which have
occurred, resulting in the entries in the books, such as sales transactions, purchases, expenses
etc. The auditor substantiates the transactions which appear in the financial statements.
A sample of transactions is selected and each transaction is tested to ensure that the
transaction is complete and is processed correctly through the complete cycle.
Balance Sheet approach
An auditor may choose to carry out substantive tests on the year end balances. This is the
most common approach to substantive testing after controls have been tested.
The balance sheet shows a snapshot of the financial position. If it is fairly stated and the
previous yearsfigures were also fairly stated, then it is reasonable to undertake lower level
testing on the profit and loss transactions e.g. analytical review.
There is a relationship with the business risk approach. The element of substantive testing
which remains in a business risk approach can be undertaken in this approach.
In some cases, most notably small companies, the business risks may be strongly linked to
management concentration in one person, and/or balance sheets may be uncomplicated. In
these cases, it is probable more cost effective to undertake a highly substantive balance sheet
audit rather than to undertake a business risk assessment.
It should be noted though, that when not undertaken in conjunction with a risk based
approach or systems testing, the level of detailed testing required can be high in a balance
sheet approach making it very costly.
Directional testing
Directional testing is a method of discovering errors and omissions in the financial statements
through undertaking detailed substantive testing. It can be broken down into two categories,
tests to discover errors and tests to discover omissions.
Checking entries from the books back to supporting documentation should help to detect
errors causing an overstatement or an understatement. For example, selecting sales
transactions from the sales ledger and tracing them back to sales invoices and price lists to
ensure that sales are priced correctly.
To discover omissions the auditor must start from outside the accounting records and trace
through to the records in the books. For example, to check the completeness of purchases,
select a number of GRNs and check through to the stock records and the purchase ledger.
Page 75
UNIT 5 AUDIT PLANNING AND SUPERVISION
Directional testing is appropriate when testing the financial statement assertions of existence,
completeness, rights & obligations, and valuation.
The concept of directional testing derives from the principle of double entry bookkeeping.
Therefore any misstatement of a debit entry will result in either a corresponding misstatement
of a credit entry or a misstatement in the opposite direction of another debit entry.
A test for an overstatement of an asset also gives comfort on understatement of other assets,
overstatement of liabilities, overstatement of income and understatement of expenses. In
other words by performing tests, the auditor obtains audit assurance in other audit areas.
A major advantage of this approach is its cost-effectiveness. Assets and expenses are tested
for overstatement only, while liabilities and income for understatement only. Directional
testing is particularly useful when there is a high level of detailed testing to be carried out,
such as when the auditors have assessed the controls and accounting systems and have found
them to be ineffective.
Auditing around the computer
The auditor is primarily interested in verifying that the data are being correctly input and
processed by the computer.
Audit activity is focused on ensuring that the source documentation is processed correctly
and the auditor would verify this by checking the output documentation.
What happens within the computer itself is ignored.
However, there are issues with a lack of a paper trail and it is not practical for large company
audits.
Auditing through the computer system
The auditor performs tests on the computer and its software to evaluate if they are both
effective.
If the auditor finds that the computerised controls and systems are effective, the auditor will
perform reduced substantive testing.
This is likely to involve the use of computer assisted auditing techniques (CAATs).
The use of a computer as an audit tool or the use of CAATs may improve the efficiency and
effectiveness of audit procedures.
It is particularly of use in tests of numerous details of transactions and balances.
Page 76
UNIT 5 AUDIT PLANNING AND SUPERVISION
General
When seeking to identify an appropriate strategy for a particular audit, it is important to
remember that the approaches are linked and in some cases it is wise to use two or more.
Directional testing with balance sheet approach as they are both substantive testing
issues.
Risk and cycles based approach with low level of large transactions.
Risk and balance sheet approach where substantial numbers of sales transactions with
substantial receivables.
D. KNOWLEDGE OF THE ENTITY AND ITS ENVIRONMENT
ISA 315 Understanding the entity and its environment and assessing the risks of material
misstatement establishes standards and guidance on obtaining an understanding of the entity
and its environment including its internal control, and on assessing the risks of material
misstatement in a financial statement audit.
Why do we need an understanding of an entity?
Helps identify risks of material misstatements.
Helps auditor to design and perform relevant audit procedures.
Helps auditor in the exercise of judgement where necessary.
How do we obtain understanding?
Performing risk assessment procedures such as inquiries of management and others
within the entity, analytical procedures, and observation and inspection.
Determining whether changes have occurred that may affect the relevance of
information, obtained in prior periods, in the current audit.
Ensuring that members of the engagement team discuss the susceptibility of the
entity’s financial statements to material misstatements.
What do we need to understand?
Obtain an understanding of the entity and its environment, including its internal
control. This understanding should be sufficient to identify and assess the risks of
material misstatement of the financial statements whether due to fraud or error, and it
should be sufficient to design and perform further audit procedures.
Obtain an understanding of relevant industry, regulatory and other external factors
including the applicable financial reporting framework.
Obtain an understanding of the nature of the entity, such as its operations, ownership,
governance, types of investments it is making, structure and financing.
Page 77
UNIT 5 AUDIT PLANNING AND SUPERVISION
Obtain an understanding of the entity’s selection and application of accounting policies
and consider whether they are appropriate for its business and consistent with the
applicable financial reporting framework and accounting policies used in the relevant
industry.
Obtain an understanding of the entity’s objectives and strategies, and the related
business risks that may result in material misstatements of the financial statements.
Obtain an understanding of the measurement and review of the entity’s financial
performance such as internal management information (budgets, variance analysis,
department reports) and external information (analyst’s reports and credit rating agency
reports). When the auditor intends to make use of the performance measures, he should
consider whether the information provides a reliable basis and is sufficiently precise for
such a purpose.
Obtain an understanding of internal control relevant to the audit. This involves
evaluating the design of a control and determining whether it has been implemented.
Not all controls are relevant to the auditor’s risk assessment.
Obtain an understanding of the control environment. The control environment sets
the tone of an organisation, influencing the control consciousness of its people. It is the
foundation for effective internal control, providing discipline and structure.
Obtain an understanding of the entity’s process for identifying business risks relevant to
financial reporting objectives and deciding about actions to address those risks, and the
results thereof.
Obtain a sufficient understanding of control activities to assess the risks of material
misstatements and to design further audit procedures responsive to assessed risks.
Examples of specific control activities include authorisation, performance reviews,
information processing, physical controls and segregation of duties.
Risk assessment procedures
The auditor may consider making inquiries of the entity’s legal counsel or of valuation
experts. Reviewing information obtained from external sources such as reports by analysts,
banks or other rating agencies, trade and economic journals may also be useful in obtaining
information about the entity.
Although much of the information can be obtained from management and those responsible
for financial reporting, inquiries of others such as production and internal audit personnel
may be useful in providing a different prospective in identifying risks of material
misstatements.
Observation and inspection may support inquiries of management. Such audit procedures
include:
Observation of activities and operations,
Inspection of documents and records,
Page 78
UNIT 5 AUDIT PLANNING AND SUPERVISION
Reading reports prepared by management,
Visits to premises and plant facilities,
Carrying out walk-through tests.
Controls relevant to the audit
Ordinarily, controls that are relevant to an audit pertain to the objective of preparing financial
statements. Controls over the completeness and accuracy of information may also be relevant
if the auditor intends to make use of the information in designing and performing further
procedures. Controls relating to operations and compliance objectives may be relevant if
they pertain to data the auditor evaluates or uses in applying audit procedures.
Information systems
The auditor should obtain an understanding of the information systems, including the
business processes relevant to financial reporting and in the following areas:
The classes of transactions in the entity’s operations that are significant to the financial
statements;
The procedures, within both IT and manual systems, by which those transactions are
initiated, recorded, processed and reported in the financial statements;
The related accounting records, whether electronic or manual, supporting information,
and specific accounts in the financial statements, in respect of initiating, recording,
processing and reporting transactions;
How the information systems capture events and conditions, other than classes of
transactions, that are significant to the financial statements;
The financial reporting processes used to prepare the entity’s financial statements,
including significant accounting estimates and disclosures.
Assessing the risks of material misstatement
The auditor should:
Identify risks throughout the process,
Relate the risk to what can go wrong at the assertion level,
Consider whether the risks are of a magnitude that could result in a material
misstatement in the financial statements,
Consider the likelihood that the risks could result in a material misstatement of the
financial statements.
Appendix 1 of ISA 315 provides additional guidance on understanding the entity and its
environment.
Appendix 2 lays out conditions and events that may indicate risks of material misstatement.
Page 79
UNIT 5 AUDIT PLANNING AND SUPERVISION
E. RESPONSE TO ASSESSED RISKS OF MATERIAL
MISSTATEMENT
ISA 330 The auditor’s procedures in response to assessed risks establishes standards and
provides guidance on determining overall responses and designing and performing further
audit procedures to respond to the assessed risks of material misstatements.
The standard requires the auditor to determine overall responses to address risks of material
misstatement at the financial statement level and provides guidance on the nature of those
responses.
The auditor is required to design and perform further audit procedures, including tests of
the operating effectiveness of controls, when relevant or required, and substantive
procedures, whose nature, timing, and extent are responsive to the assessed risks of material
misstatement at the assertion level. In addition, this section includes matters the auditor
considers in determining the nature, timing, and extent of such audit procedures.
The auditor is required to evaluate whether the risk assessment remains appropriate and to
conclude whether sufficient appropriate audit evidence has been obtained.
The standard establishes related documentation requirements.
In order to reduce the audit risk to an acceptably low level, the auditor should determine
overall responses to assessed risks at the financial statement level.
Overall responses may include:
Emphasising to the audit team the need to maintain professional scepticism,
Assigning more experienced staff or hiring expert help when needed,
Providing more supervision,
Incorporating additional elements of unpredictability in the selection of further audit
procedures to be performed,
Making changes to the nature, timing, or extent of audit procedures.
The assessment of the risk of material misstatement is affected by the auditor’s understanding
of the control environment. An effective control environment may allow an auditor to have
more confidence in internal control and the reliability of audit evidence generated internally
within the entity.
If there are weaknesses in the control environment, the auditor:
conducts more procedures as of the period end rather than an interim date ,
seeks more extensive audit evidence from substantive procedures,
modifies the nature of procedures to obtain more persuasive audit evidence,
Increases the number of locations to be included in the audit scope.
Page 80
UNIT 5 AUDIT PLANNING AND SUPERVISION
The evaluation of the control environment will help the auditor determine whether there
should be a substantive or a combined approach (tests of controls and substantive
procedures).
In designing further audit procedures, the auditor should consider:
the significance of the risk,
the likelihood that a material misstatement will occur,
the characteristics of the class of transactions or account balances,
the nature of specific controls and whether they are manual or automated,
Whether the auditor expects to obtain evidence to determine if controls are effective in
preventing, or detecting and correcting material misstatements.
The nature of further audit procedures refers to their:
Purpose -
Tests of controls or substantive procedures;
Type -
Inspection, observation, inquiry, confirmation, recalculation, re-performance, analytical
procedures.
Certain audit procedures may be more appropriate for some assertions. The selection of the
procedure is based on the assessment of risk. The higher the risk, the more reliable and
relevant must be the audit evidence from substantive tests.
The auditor may perform audit procedures at an interim date or at period end (timing). The
higher the risk, the more likely the auditor will perform substantive tests nearer to or at the
period end. Certain audit procedures can only be performed at or after the period end, such
as agreeing the financial statements to the accounting records and examining adjustments
made during the course of preparing the financial statements.
The extent (sample size or number of observations) is determined by the judgement of the
auditor after considering:
Materiality,
Assessed risk,
Degree of assurance required.
The auditor is required to perform tests of controls when the auditor relies on the
effectiveness of controls or when substantive tests alone do not provide sufficient appropriate
audit evidence.
Irrespective of the assessed risk of material misstatements, the auditor should design and
perform substantive tests for each material class of transaction, account balance and
Page 81
UNIT 5 AUDIT PLANNING AND SUPERVISION
disclosure. Remember, an auditor’s assessment of risk is judgemental and there are inherent
limitations to internal control.
The auditor’s substantive procedures should include the following related to the financial
statement closing process:
Agreeing the financial statements to the underlying accounting records and
Examining material journal entries and other adjustments made during the course of
preparing the financial statements.
Where an auditor determines that an assessed risk at the assertion level is a significant risk,
he should perform substantive procedures that are specific to that risk.
The auditor should perform audit procedures to evaluate whether the overall presentation of
the financial statements, including the related disclosures, is in accordance with the
applicable financial reporting framework.
Based on the audit procedures performed and the audit evidence obtained, the auditor should
evaluate whether the assessments of the risks at the assertion level remain appropriate.
He should conclude whether sufficient appropriate audit evidence has been obtained to
reduce to an acceptably low level the risk of material misstatement in the financial
statements.
Where it is not sufficient and the auditor is unable to obtain further evidence, he should
express a qualified opinion or a disclaimer of opinion.
Finally, the auditor should document the overall responses to address the risks and the
nature, timing and extent of the further audit procedures and the results thereof. In addition,
where there is reliance on controls, the auditor should document the conclusions reached with
regard to relying on such controls that were tested.
General planning matters
When planning an audit you also need to consider some admin. matters:
Staffing
Have the staff got the correct level of qualifications and experience. Do they have specialist
skills that may be required? What about the staff’s relationship amongst themselves and with
client staff. Are staff available and what about travel arrangements.
Client management
Continuity of staff is often important to client companies. Also, consistency of staff may
help audit efficiency.
Page 82
UNIT 5 AUDIT PLANNING AND SUPERVISION
Location of audit
Need to consider the distance for audit staff to travel, the staff’s mobility and the location of
the review by the manager. Multiple locations often require a decision as to which locations
should be visited, the allocation of your staff to these locations and managing the visits to
each selected sites.
Deadlines
Key deadlines are stock-counts, date of draft accounts available, main audit visit, audit
manager review, partner review, audit clearance meeting, audit report to be signed and date
of the Annual Meeting. It is important to plan the work so that these deadlines can be
achieved.
Use of IT
Need to consider whether the client has a computerised system and whether the auditor will
use CAATs. Will the auditor use computers to complete the working papers and
communicate with the partner?
Time budgets
These are an important part of planning. Times should be estimated accurately and
communicated to the audit team. The audit team should record variances from the budget for
planning purposes for the next audit.
Audit Evidence
The purpose of ISA 500 is to establish standards and provide guidance on what constitutes
audit evidence in an audit of financial statements, the quantity and quality of audit evidence
to be obtained, and the audit procedures that auditors use for obtaining that audit evidence.
In order to form an opinion, an auditor must obtain evidence. This evidence should be
sufficient, relevant and reliable. The auditor designs substantive procedures to obtain this
evidence about the financial statement assertions.
By approving the financial statements, the directors are making representations about the
information therein. These assertions may fall into the following categories:
(a) Assertions about classes of transactions and events for the period under audit:
Occurrencetransactions and events that have been recorded have occurred and
pertain to the entity.
Completenessall transactions and events that should have been recorded have
been recorded.
Page 83
UNIT 5 AUDIT PLANNING AND SUPERVISION
Accuracyamounts and other data relating to recorded transactions and events
have been recorded appropriately.
Cut-offtransactions and events have been recorded in the correct accounting
period.
Classification—transactions and events have been recorded in the proper accounts.
(b) Assertions about account balances at the period end:
Existenceassets and liabilities exist.
Completenessall assets and liabilities that should have been recorded have been
recorded.
Rights and obligations—the entity holds or controls the rights to assets, and
liabilities are the obligations of the entity.
Valuation and allocation assets and liabilities are included in the financial
statements at appropriate amounts.
(c) Assertions about presentation and disclosure:
Occurrence and rights and obligations—disclosed events, transactions, and other
matters have occurred and pertain to the entity.
Completenessall disclosures that should have been included in the financial
statements have been included.
Classification and understanding—financial information is appropriately presented
and described, and disclosures are clearly expressed.
Accuracy and valuationfinancial and other information are disclosed fairly and
at appropriate amounts.
Procedures used by auditors to obtain evidence
Inspection of tangible assets
Inspection confirms existence and valuation and gives evidence of completion. It does
not however confirm rights and obligations.
Inspection of documents and records
Confirmation of documentation confirms existence of an asset or that a transaction has
occurred. Confirmation that items are in the books shows completeness. Also helps
testing cut-off. It provides evidence of valuation, measurement, rights and obligations
and presentation and disclosure.
Observation
This procedure is of limited use in that it only confirms that a procedure took place
when it was observed.
Page 84
UNIT 5 AUDIT PLANNING AND SUPERVISION
Inquiry and confirmation
Information sought from client or external sources. The strength of the evidence
depends on knowledge and integrity of the source of the information.
Recalculation and Re-Performance
Checking calculations of client records.
Audit automation tools
Such as computer assisted auditing techniques.
Analytical procedures
Sufficient and appropriate
Sufficiency is the measure of the quantity of the evidence, while the appropriateness is the
measure of the quality (reliability & relevance) of the evidence. This applies to both tests of
controls and substantive procedures.
An auditor’s judgment as to what is sufficient appropriate evidence is influenced by the
following factors:
Risk assessment, is it low or high?
The nature of the accounting and internal control systems,
The materiality of the item being examined,
The experience gained during previous audits,
The auditors’ knowledge of the business and industry,
The results of audit procedures,
The source and reliability of the information available.
Appropriate- relevance
The relevance of audit evidence should be considered in relation to the overall objective of
forming an audit opinion and reporting on the financial statements. The evidence should
allow the auditor to conclude on the following:
Balance sheet items
Are there suitable completeness, existence, ownership, valuation and disclosure issues?
Profit and loss items
Are there suitable completeness, occurrence, valuation and disclosure issues?
Page 85
UNIT 5 AUDIT PLANNING AND SUPERVISION
Appropriate reliable
Reliability of audit evidence depends on the particular circumstances of each case. However,
the following should be considered:
Documentary evidence is more reliable that oral evidence,
Evidence from external independent sources is generally more reliable than that within an
entity,
Evidence from the auditor by such means as analysis and physical inspection is more
reliable than evidence obtained by others.
Sufficiency
The auditor needs to obtain sufficient, relevant and reliable evidence to form a reasonable
basis for his opinion on the financial statements. His judgement of sufficiency will be
influenced by such factors as:
His knowledge of the business and its environment,
The risk of misstatement,
The quality of the evidence.
However, merely obtaining more audit evidence may not compensate for its poor quality.
F. DOCUMENTATION
Audit planning memo
An audit plan is the formulation of the general strategy for the audit, which sets out the
direction for the audit, describes the expected scope and conduct of the audit and provides
guidance for the development of the audit programme. This plan is in the form of a written
document. Included will be:
The discussion among the audit team concerning the susceptibility of the financial
statements to material misstatements including any key decisions reached;
Key elements of the understanding gained of the entity;
The identified and assessed risks of material misstatement;
Significant risks identified and related controls evaluated;
The overall responses to address the risks of material misstatements;
The nature, extent and timing of further audit procedures linked to the assessed risks
at the assertion level;
If the auditors have relied on evidence about the effectiveness of controls from
previous audits, conclusions about how this is appropriate.
Page 86
UNIT 5 AUDIT PLANNING AND SUPERVISION
Example of an outline audit plan
Initial visit
This visit is essential in building up a background about the client company in order to assist
in the detailed planning of the audit.
The auditor will use techniques such as inquiry, observation and review of documentation in
order to understand details about the company such as:
The development and past history,
The nature of the environment in which it operates,
Products and processes,
Organisational plans,
Accounting and internal controls in operation,
The maintenance of accounting records.
In respect of the internal controls, it would be expected to carry out walkthrough tests to
confirm the operation of the controls as described. If this is an existing client, the visit may
simply take the form of a phone call or brief meeting to establish any changes since the
previous audit in respect of the company’s operations or environment.
Interim Visit
Ideally this visit should take place close to the year end. The purpose of this visit is to carry
out detailed tests on the client’s accounting and internal controls with a view to establishing
those controls on which you can rely. Where controls are operating effectively, restricted
substantive procedures need only be carried out. Where controls are ineffective in practice,
more extensive substantive tests will need to be carried out. At this stage, if any weaknesses
in controls have been noted, it may be appropriate to draft a letter to the client management.
Final Visit
This visit will take place after the accounting year end. On this visit, the detailed substantive
procedures will be carried out in order to substantiate the figures in the accounting records
and subsequently, the financial statements. After an overall review of the financial
statements, the auditor will be able to assess whether sufficient and appropriate evidence has
been obtained in order to draw reasonable conclusions so that an opinion can be expressed on
the financial statements.
Examples of the work to be carried out would include:
Discussion with management of known risk areas,
Attendance at stock count,
Verification of assets/liabilities and income/expenditure,
Page 87
UNIT 5 AUDIT PLANNING AND SUPERVISION
Follow up on outstanding interim audit issues,
Review of post balance sheet events,
Seek and obtain representations from management,
Review financial statements,
Draft an audit report.
Audit programme
An audit programme is a set of written instructions to the audit team that sets out the audit
procedures the auditor intends to adopt and may include references to other matters such as
the audit objectives, timing, sample size and basis of selection for each area. It also serves as
a means to control and record the proper execution of the work.
Working Papers
All evidence obtained during an audit should be documented. Working papers are the
property of the auditor. The auditor’s working papers are the evidence of all the work done
which supports his audit opinion. In addition, it provides evidence that the audit was carried
out in accordance with the standards and other regulatory requirements. Furthermore, it helps
in the planning, performance, supervision and subsequent review of the audit.
Working papers should be reviewed by more senior members of staff before an audit
conclusion is reached. The review should consider whether:
The work has been performed in line with the detailed audit programmes,
The work performed and the results thereof have been adequately documented,
Any significant matters have been resolved or are reflected in the audit opinion,
The objectives of the audit procedures have been achieved,
The conclusions expressed are consistent with the results of the work performed and
support the opinion of the auditor.
For recurring audits, working papers may be split into a permanent audit file and a current
audit file.
Audit working papers should be retained for a period of at least 7 years.
Page 88
UNIT 5 AUDIT PLANNING AND SUPERVISION
G. AUDIT SUPERVISION AND REVIEW
Auditing standards stress the importance of quality control, both at the audit firm level and
the audit engagement level.
ISA220
ISQC1
QUALITY CONTROL
Human resources
Leadership
ENGAGEMENTS
Ethics
Engagement performance
Client relationships
FIRM
Monitoring
Planning
Supervision
Review
Page 89
UNIT 5 AUDIT PLANNING AND SUPERVISION
ISQC1 Quality Control for firms that perform audits and reviews of historical financial
information, and other assurance and related services engagements helps audit firms
establish quality standards for their own business, while ISA 220 Quality Control for audits
of historical financial information requires firms to implement quality control procedures
over individual audit assignments.
Quality control at audit engagement level
Engagement performance
ISA 220.21 states that the engagement partner should take responsibility for the direction,
supervision and performance of the audit engagement in compliance with professional
standards and regulatory and legal requirement, and for the auditor’s report that is issued to
be appropriate in the circumstances.
The audit engagement can be directed by informing members of the team of:
Their responsibilities such as maintaining an objective state of mind, an appropriate
level of professional scepticism and performing the work in accordance with due care;,
The nature of the entity’s business,
Risk related issues,
Problems that may arise,
The detailed approach to the performance of the engagement.
Supervision includes:
Tracking the progress of the engagement,
Considering the capabilities and competence of members of the team, whether they
have sufficient time, that they understand their instructions, and whether the work is
been carried in accordance with the planned approach;
Addressing significant issues as they arise, considering their significance and
modifying the planned approach appropriately;
Identifying matters for consultation by more experienced engagement team members
during the engagement. Not just partner doing this, but all members of staff at different
levels.
Review responsibilities are determined on the basis that the more experienced members of
the audit engagement, review work performed by less experienced persons. The reviewers
consider whether:
The work has been performed in accordance with professional standards,
Significant matters have been raised for further consultation,
Appropriate consultations have taken place and the consultations have been
documented and implemented,
There is a need to revise the nature, timing and extent of the work performed,
Page 90
UNIT 5 AUDIT PLANNING AND SUPERVISION
The work performed supports the conclusions reached and is appropriately
documented,
The evidence obtained is sufficient and appropriate to support the auditor’s report,
The objectives of the audit engagement procedures have been achieved.
Before the auditor’s report is issued, the engagement partner, through review of the audit
documentation and discussion with the engagement team, should be satisfied that sufficient
appropriate audit evidence has been obtained to support the conclusions reached and for the
audit report to be issued.
Quality control review
For audits of financial statements of listed companies, the engagement partner should:
Appoint a quality control reviewer,
Discuss significant matters with the reviewer which have arisen,
Not issue the audit report until completion of the review.
Page 91
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
Study Unit 6
Internal Control Assessing Control Risk & Tests of
Control
Contents
A. Internal Control
B. Information Systems. Including the Related Business Process
relevant to Financial reporting and communication
C. Control Activities
D. Assessing the Risk of material Misstatement
E. Tests of Control
F. Assessment of impact on audit strategy
G. The recording of control systems
H. Audit Programmes
Page 92
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
INTERNAL CONTROL - ASSESSING CONTROL RISK AND TESTS
OF CONTROLS
A. INTERNAL CONTROL
Definition and components
ISA 315 defines internal control as the process designed and implemented by those charged
with governance to provide reasonable assurance about the achievement of the entity’s
objectives.
Internal control consists of the following components:
1. The control environment,
2. The entity’s risk assessment process,
3. The information system,
4. Control activities,
5. Monitoring of controls.
Responsibilities-Management
The management team of a company is responsible for achieving an entity’s objectives such
as:
The reliability of financial reporting,
The effectiveness and efficiency of operations and
Compliance with applicable laws and regulation.
Good corporate governance dictates the existence of a sound system of internal control. It
follows therefore that internal controls should be designed and implemented to address
business risks that threaten the achievement of an entity’s objectives.
An entity’s systems collect and summarise data that are used to produce financial
information. An effective system of internal control will help management manage the
business effectively, produce timely and accurate information, safeguard the assets of a
company and prevent and detect fraud.
Responsibilities - Auditors
Control risk is an element of audit risk. Control risk exists where the clients controls fail to
prevent, detect and/or correct material misstatements.
Therefore, auditors need to assess the controls put in place by management and ascertain
whether they are effective and can be relied upon for the purposes of the audit. The auditor’s
primary consideration is whether a specific control prevents detects or corrects material
misstatements. The auditor carries out tests to ensure that the systems operate as they are
Page 93
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
supposed to. If the controls are ineffective, the control risk is high and it is likely that it will
be necessary to undertake higher levels of substantive testing.
Gaining an understanding of internal control
ISA 315 states that the auditor should obtain an understanding of internal controls relevant to
the audit. The auditor uses this understanding to identify types of potential misstatements
and to help design the nature, timing and extent of further audit procedures.
The way in which internal control is designed and implemented will vary with an entity’s size
and complexity. Smaller entities may use less formal means and simpler processes and
procedures to achieve their objectives.
In obtaining an understanding of internal control, the auditor must gain an understanding of
the:
Design of the internal control:
It should be capable of preventing, detecting or correcting material misstatements,;
Implementation of that control:
It should be operating correctly throughout the period in question.
Risk assessment procedures to obtain audit evidence about the design and implementation of
relevant controls may include
Inquiring of personnel,
Observing the application of specific controls,
Inspecting documents and reports,
Tracing transactions through the information system.
Control environment
The control environment includes the governance and management functions and the
attitudes, awareness and actions of those charged with governance and management
concerning the entity’s internal control. The control environment sets the tone of an
organisation, influencing the control consciousness of its people. It is the foundation for
effective internal control, providing discipline and structure. The control environment is
heavily influenced by management.
In evaluating the design of the control environment the auditor considers the following
elements:
(a)
Communication and enforcement of integrity and ethical values essential elements
which influence the effectiveness of the design, administration and monitoring of
controls.
(b)
Commitment to competence management's consideration of the competence levels
Page 94
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
for particular jobs and how those levels translate into requisite skills and knowledge.
(c)
Participation by those charged with governance independence from management,
their
experience and stature, the extent of their involvement and scrutiny of activities, the
information they receive the degree to which difficult questions are raised and pursued
with management and their interaction with internal and external auditors.
(d)
Management's philosophy and operating style management's approach to taking and
managing business risks, and management's attitudes and actions toward financial
reporting, information processing and accounting functions and personnel.
(e)
Organisational structure the framework within which an entity's activities for
achieving its objectives are planned, executed, controlled and reviewed.
(f)
Assignment of authority and responsibility how authority and responsibility for
operating activities are assigned and how reporting relationships and authoris
ation
hierarchies are established.
(g)
Human resource policies and practices recruitment, orientation, training, evaluating,
counselling, promoting, compensating and remedial actions.
The existence of a satisfactory control environment can be a positive factor when the auditor
assesses the risks of material misstatement and influences the nature, timing, and extent of the
auditor's further procedures. Conversely, weaknesses in the control environment may
undermine the effectiveness of controls and, therefore, becomenegative factors in the
auditor's assessment of the risks of material misstatement, in particular in relation to fraud
The Entity's Risk Assessment Process
The auditor should
obtain an understanding of the entity's process for identifying business
risks relevant to financial reporting objectives and deciding about actions to address those
risks, and the results thereof.
The process forms the basis for how management determines
the risks to be managed.
In evaluating the design and implementation of the entity's risk assessment process, the
auditor determines how management:
Identifies business risks relevant to financial reporting,
Estimates the significance of the risks,
Assesses the likelihood of their occurrence and
Decides upon actions to manage them.
Page 95
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
If the entity's risk assessment process is appropriate to the circumstances, it assists the
auditor in identifying risks of material misstatement.
B. Information Systems, Including the Related Business Processes,
Relevant to Financial Reporting and Communication
The information system relevant to financial reporting objectives, which includes the
accounting system, consists of the procedures and records established to in
itiate, record,
process, and report entity transactions (as well as events and conditions) and to maintain
accountability for the related assets, liabilities, and equity.
The auditor should obtain an understanding of the information system, including the
following areas:
The classes of transactions in the entity's operations that are significant to the financial
statements.
The procedures, within both IT and manual systems, by which those transactions are
initiated, recorded, processed and reported in the financial statements.
The related accounting records, whether electronic or manual, supporting information,
and specific accounts in the financial statements, in respect of initiating, recording,
processing and reporting transactions.
How the information system captures events and conditions, other than classes of
transactions that are significant to the financial statements.
The financial reporting process used to prepare the entity's financial statements,
including significant accounting estimates and disclosures.
C. Control Activities
The auditor should obtain a sufficient understanding of control activities to assess the risks
of material misstatement at the assertion level and to design further audit procedures
responsive to assessed risks.
Control activities are the policies and procedures that help
ensure that management directives are carried out.
Examples of specific control activities include those relating to the following:
Authorisation.
Performance reviews, supervision.
Information processing.
Physical controls.
Segregation of duties.
Page 96
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
Specific examples of controls would include:
Approval and control of documents through signing off or pre-numbering,
Checking the arithmetical accuracy of records,
Reviewing control accounts for large or unusual items,
Reconciling figures,
Matching figures or documents,
Limiting physical access to assets and records,
Matching physical existence to book records and other external data,
Segregating duties such as custody of assets from initiation of transactions to recording
of transactions to review of transactions.
Monitoring of Controls
The auditor should obtain an understanding of the major types of activities that the entity
uses to monitor internal control over financial reporting, including those related to those
control activities relevant to the audit, and how the entity initiates corrective actions to its
controls.
Monitoring of controls is a process to assess the effectiveness of internal control
performance over time. It involves assessing the design and operation of controls on a timely
basis and taking necessary corrective actions modified for changes in conditions.
Management accomplishes monitoring of controls thr
ough ongoing activities, separate
evaluations, or a combination of the two. Ongoing monitoring activities are often built into
the normal recurring activities of an entity and include regular management and supervisory
activities.
In many entities monitoring generally falls o
n the internal audit department. The external
auditor may make use of the work of internal audit when carrying out their own work.
Limitations of Internal Control
Internal control, no matter how well designed and operated, can provide an entity with only
reasonable assurance about achieving the entity's financial reporting objectives. The
likelihood of achievement is affected by limitations inherent to internal control.
These
include:
The realities that human judgment in decision-
making can be faulty and that
breakdown in internal control can occur because of human failures, such as simple
errors or mistakes.
Page 97
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
Additionally, controls can be circumvented by the collusion of two or more people or
inappropriate override by management of internal control.
Smaller entities often have fewer employees which may limit the extent to which
segregation of duties is practicable. However, for key areas, even in a very small
entity, it can be pra
cticable to implement some degree of segregation of duties or
other form of unsophisticated but effective controls.
The potential for override of controls by the owner-
manager depends to a great extent
on the control environment and in particular, the owner-
manager's attitudes about the
importance of internal control.
The costs of control may outweigh their benefits.
Many controls are designed to deal with routine transactions and as such may fail to
detect non-routine transactions.
The existence of these limitations is the reason why the auditor just doesn’t check the system
of internal control. Irrespective of the assessed risk of material misstatements, the auditor
should design and perform substantive tests for each material class of transaction, account
balance and disclosure. An auditor’s assessment of risk is judgemental and there are
inherent limitations to internal control.
Small companies
Due to the size of small companies, many of the controls that would be relevant may not exist
or be even practical. In addition, their cost may severely outweigh their benefit. These
means many small companies rely on the close involvement of the owner/managers. This
can be a good thing. However, it also gives rise to the risk of override of existing controls
and the omission of transactions.
Lack of operating controls and insufficient records can cause the auditor great difficulty in
carrying out an audit.
Specific controls such as segregation of duties are likely to suffer in small companies.
Auditors will be faced with additional difficulties in the event that a small company is
managed by a person other than the owner. It would be important to assess the controls
exercised by the owner over the management of the company.
D. ASSESSING THE RISK OF MATERIAL MISSTATEMENT
The auditor is required to assess the risk of material misstatements. Misstatements can arise
through inherent risks and control risks.
So the auditor is concerned with assessing policies and procedures of the entity which are
relevant to the financial statements. The auditor should:
Page 98
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
1. Assess the accounting information system as to its adequacy in producing a set of
accounts for the entity,
2. Seek to identify any potential misstatements that could occur,
3. Consider all factors that might affect the risk of misstatements,
4. Design appropriate audit procedures whose nature, timing and extent are responsive to
the risks.
The assessment of controls will have a big impact on risk assessment.
Where good controls are identified, the auditors should perform work in that area to provide
the necessary audit evidence.
Where there are weak controls identified the auditor needs to consider:
1. What errors could be possible,
2. Could such errors be material to the accounts,
3. What substantive procedures will enable such errors to be detected and quantified?
Outcomes
The existence of a satisfactory control environment can be a positive factor when the auditor
assesses the risks of material misstatement and influences the nature, timing, and extent of the
auditor's further procedures. In particular, it may help reduce the risk of fraud, although a
satisfactory control environment is not an absolute deterrent to fraud.
Conversely, weaknesses in the control environment may undermine the effectiveness of
controls and therefore become negative factors in the auditor's assessment of the risks of
material misstatement, in particular in relation to fraud.
In some extreme cases, the control environment may be so poor as to raise questions as to
whether the accounts are capable of being audited. The control risk may be so high that audit
risk cannot be reduced to an acceptable level.
Where substantive procedures alone do not provide the auditor with sufficient evidence and
risks remain, the auditor should evaluate the design and determine the operational
effectiveness of controls. This is particularly important where systems are highly
computerised with little or no manual intervention.
E. TESTS OF CONTROLS
When the auditor's assessment of risks of material misstatement includes an expectation that
controls are operating effectively, the auditor should perform tests of controls to obtain
sufficient appropriate audit evidence that the controls were operating effectively at relevant
times during the period under audit.
Page 99
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
Tests of controls may include the following:
1. Inspection of documents such as: have transactions been authorised,
2. Inquiries as to who carried out the controls rather than who is supposed to carry out
the control,
3. Re-performance of controls such as reconciling a bank account as distinct from
reviewing the bank reconciliation prepared by someone else,
4. Examination of evidence such as minutes of meetings of management team or board
of directors,
5. Observation of controls in action.
When assessing the evidence, the auditors need to consider:
How the controls were applied,
The consistency with which they were applied throughout the period,
By whom they were applied.
The use of computer assisted auditing techniques (CAATs) may be appropriate particularly
where there is a huge amount of data or complex computer systems in use by the entity.
Assessment of Control Risk
Poor controls or non-existent controls relevant to the financial statement assertions could lead
to a higher degree of control risk. The auditor will need to consider how to respond to this.
Furthermore, the auditors may find that the evidence they obtain suggests that controls did
not operate as expected. If the evidence contradicts the original risk assessment the auditors
will have to amend the further audit procedures they had planned to carry out. In particular,
if control testing reveals that controls have not operated effectively throughout the period the
auditor may have to extend his substantive testing.
Management Letter Reporting
At the “gaining an understanding” stage of the audit you could draw up a letter to
management recommending any improvements you consider from your findings, even at this
early stage. Perhaps you have noted weaknesses in the design of a control or the actual
absent of a vital control. In addition, what you have learned here may influence the type of
further audit testing you may carry out later on.
Furthermore, during your test of the operating effectiveness of controls you may uncover
significant weaknesses in internal controls and these should also be communicated in writing
to those charged with governance.
Page 100
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
F. ASSESSMENT OF IMPACT ON AUDIT STRATEGY
An effective internal control system may allow an auditor to have more confidence in the
reliability of audit evidence generated internally within the entity.
If there are weaknesses in the control environment, the auditor needs to:
conduct more procedures as of the period end rather than an interim date,
seek more extensive audit evidence from substantive procedures,
modify the nature of procedures to obtain more persuasive audit evidence.
The evaluation of the control environment will help the auditor determine whether there
should be a substantive or a combined approach (tests of controls and substantive
procedures).
In designing further audit procedures, the auditor should consider:
the significance of the risk,
the likelihood that a material misstatement will occur,
the characteristics of the class of transactions or account balances,
the nature of specific controls and whether they are manual or automated,
the evidence gathered in determining if controls are effective in preventing, or detecting
and correcting material misstatements.
G. THE RECORDING OF CONTROL SYSTEMS
There are several techniques for recording the assessment of control risk. One or more may
be used depending on the complexity of the system.
1.
Narrative notes
These are written descriptions of the processes and procedures.
They are easy to prepare but can become longwinded and time-
consuming.
2.
Flowcharts
Diagrams setting out the flow of the process and the
procedures.Great visually but can be difficult to prepare.
3.
Questionnaires
ICQ or ICEQ
Internal Control Questionnaire or
Internal Control Evaluation Questionnaire
4.
Checklists
Whatever method is used the data should be retained on the permanent audit file and updated
each year where relevant.
Page 101
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
ICQs (Internal control questionnaires)
They comprise a list of questions designed to determine whether desirable controls are
present within an entity. They are designed to ensure that each of the major transaction
cycles is covered. Their primary purpose is to evaluate the system rather than describe it.
Therefore, a yes/no answer will suffice.
Advantages
Disadvantages
They can ensure that all controls are
considered
Client may be able to overstate controls
Quick to prepare
May be a large number of irrelevant controls
Easy to use and control
May not include unusual controls
Can give impression that all controls are of
equal weight
ICEQs (Internal control evaluation questionnaires)
These are used to determine whether there are controls which prevent or detect specified
errors or omissions. These are more concerned with assessing whether specific errors are
possible rather than establishing whether certain desirable controls are present. These
questions concentrate on significant errors or omissions that could occur at each phase of a
cycle if controls were weak
Advantages
Disadvantages
Queries objectives rather than specific
controls
Can be drafted vaguely, hence misunderstood
Can identify key controls to be tested
Important control may not be identified
Can highlight areas of weakness
ICQ example- Goods inwards
YES
NO
1.
Are goods examined on arrival, checking quantity and quality?
2.
Are these checks evidenced by appropriate person?
3.
Is the receipt recorded on a goods received note/docket?
4.
Are GRNs prepared by a person other than someone who ordered the
goods and/or processes the invoice?
5.
Are the records controlled to ensure that all receipts are matched to
invoices?
Page 102
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
6.
Are records followed up for exceptions?
7.
Are these records reviewed by a responsible person?
ICEQ example-Purchases cycle
Is there reasonable assurance that:
Answer
Comment if yes
1.
Goods or services could not be received
without a liability being recorded?
2.
Receipt of goods is required in order to
establish a liability?
3.
A liability is recorded only for authorised
items and the proper amount?
4.
All payments are properly authorised?
5.
All credits due from suppliers are received?
6.
All transactions are properly accounted for?
7.
At the period end liabilities are neither
overstated nor understated by the system?
8.
The balance at the bank is properly recorded
at all times?
9.
Unauthorised cash payments could not be
made and that the balance of petty cash is
correctly recorded at all times?
H. AUDIT PROGRAMMES
SALES
Control Objectives
1. Ordering and granting of
credit
Goods and services should only be given to customers
with good credit background.
Customers should be encouraged to pay promptly.
All orders are recorded correctly.
All orders are filled.
2. Dispatch and invoicing
of goods
All despatches are recorded.
All goods and services are invoiced correctly.
All invoices raised relate to goods and services supplied.
Credit notes are only raised for valid reasons.
3. Transactions processing
and credit control
All invoices, credit notes and payments received are
recorded in sales ledger and nominal ledger.
Page 103
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
All transactions are recorded in the correct sales ledger
account.
Cut-off is applied correctly.
Potential bad debts are identified.
Control Activities
1. Ordering and credit
approval
Segregation of duties
Authorisation of credit terms and other data
Review of credit terms
Document numbering
Examination of correct pricing
Matching of orders with despatches
Dealing with customer queries
2. Dispatch and invoicing
Authorisation of despatches
Examination of despatches - quantity & condition
Matching of despatches to orders and invoices and review
of unmatched items
Checking number sequence on documents
Checking conditions of returns
Signatures on delivery notes
Checking pricing, quantity and details on invoices
Checking update of stock records
3. Transactions processing
and credit control
Segregation of duties
Review sequence of invoices
Match receipts to invoices
Review customer remittance advices
Cut-off procedures
Regular customer statements sent out
Review of customer statements
Authorisation of any adjustments to accounts
Reconcile sales ledger to debtors control account
Review of margins
Page 104
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
Tests of controls
Ordering and granting of credit
1. Check that for all new customers credit references are obtained.
2. Check that authorisation by senior staff has been obtained for all new accounts.
3. Check that all new orders are only accepted for those customers adhering to the credit
terms and within agreed credit limits.
4. Check that orders match production and despatch notes.
Despatches and invoicing
1. Match despatch notes with sales invoices. Check quantity, price, calculations, VAT,
posting to sales ledger and if appropriate analysis details.
2. Match sales items with inventory movement records.
3. Check non-routine sales have appropriate authorisation, supporting evidence and entry to
fixed asset registers in the case of plant disposals.
4. Verify credit notes for approval, backup documentation, and
entry in stock, entry in
goods returned records, calculations, entry in daybook and posting to sales ledger.
5. Review sequence of despatch notes and enquire about missing numbers.
6. Review sequence of invoices and credits and enquire about missing numbers.
7. Review sequence of orders and enquire about missing numbers.
8. Review any items free of charge and check for authorisation.
Processing sales
1. Check entries in daybooks and match to invoices and credit notes.
2. Check down totals and cross totals of daybooks.
3. Check totals of daybooks match debtors control account.
4. Check individual transactions from daybooks to sales ledger accounts.
5. Check a sample of entries in sales ledger accounts back to daybooks.
6. Check calculations in sales ledger accounts.
7. Check that debtors control account is reconciled to a list of b
alances from the sales
ledger.
8. Review and enquire about contra entries in sales ledger accounts.
9. Examine specific sales ledger accounts to see if credit terms and limits are been adhered
to.
10. Enquire and examine evidence as the follow up on overdue accounts.
11. Check for authorisation re any write offs on an account.
Page 105
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
PURCHASES
Control Objectives
1. Ordering
All orders are authorised, received and are actually for the
entity.
All orders are to authorised suppliers.
Orders are at a fair price.
2. Receipts and invoices
All receipts are for the entity and not for personal use.
Receipts are only accepted if proper authorised orders
exist.
All receipts are recorded accurately.
Liabilities are recognised for all receipts.
All credits due are claimed and received.
3. Accounting
All invoices are for orders received.
All invoices are authorised.
All invoices are recorded in appropriate ledgers and
daybooks.
All credits are recorded in appropriate ledgers and
daybooks.
All entries are in the correct purchase ledger account.
Cut-off is applied correctly.
Page 106
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
Control Activities
1. Ordering
Segregation of duties
Evidence of re-order quantities and levels
Orders prepared from pre-numbered requisitions
Orders authorised
Pre-
numbered order books and safe custody of such
books
Review orders not received
Regular monitoring of supplier terms and conditions
2. Receipts and invoices
Examine goods received. Checking quality and quantity
Record receipt in goods inwards records
Match receipts with order details
Appropriate referencing of invoices
Examine invoice and check price, quantity and
calculations. Match to receipts and order documents
Record all goods returned and ensure credit is claimed
3. Accounting
Segregation of duties
Record all purchases and returns in daybooks and
appropriate ledgers
Review purchase ledger and reconcile accounts to
supplier statements
Payments should be authorised only after all checking
procedures complete
Reconcile creditors control account to a list of purchase
ledger accounts
Cut-off is appropriate
Page 107
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
Tests of controls
Ordering
1. Check that all new suppliers are authorised.
2.
Check that authorisation by senior staff has been obtained for all new orders and is
within limits set.
3. Review order books for orders not completed and enquire of same.
Receipts and invoicing
1. Check invoices are supported by a goods received note and order, are entered in stock
records, priced correctly, calculations are checked and are appropriately referenced.
2. Check all returns are matched to a received credit note and this credit note should be
traced to the stock records.
3. Check all invoices and credit notes have been entered to the purchase ledger and the
appropriate daybooks.
4. Check all credit notes received for relevant supporting documentation.
5. Review numerical sequence of order books, goods received notes and goods returned
books and enquire of unmatched numbers or missing numbers.
6. Enquire of supplier invoices not matched with goods received notes or orders.
Processing purchases
1. Check all invoices and credit notes in the daybooks are evidenced as having been
checked re prices, calculations, matched to orders and goods received notes and
authorised for payment.
2. Check down totals and cross totals in the daybooks.
3. Match totals in the daybooks to the control accounts.
4. Check postings from the daybook to the appropriate purchase ledger accounts.
5. Check a sample of purchase ledger accounts and agree transactions back
to the
appropriate daybooks. Check the totals of the balances.
6. Review purchase ledger accounts for contras and enquire of same.
7. Review supplier reconciliations and trace
balances and reconciling items to the
appropriate books.
8.
Confirm creditors control account agrees to list of balances of purchase ledger
accounts.
9. Review creditors control for unusual transactions.
Page 108
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
PAYROLL
Control Objectives
1. Setting of wages and
salaries
Employees only paid for work they have done
Gross pay calculated correctly and properly authorised
2. Recording
Gross pay, net pay and all deductions are recorded
correctly
Payments are recorded correctly in the bank account
Full cost is recorded in the nominal ledger
3. Payment
Employees are paid exactly what they are owed
4. Deductions
All deductions correctly calculated and appropriately
authorised
Revenue get paid what they are owed
Page 109
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
Control Activities
1. Setting of wages and
salaries
Segregation of duties
Personnel records should be maintained with proper
employment letters etc.
Authorisation of rates of pay, deductions
Maintain details of holiday entitlement, advance of pay
etc.
Procedures for dealing with queries
2. Recording
Records maintained of timesheets, clock cards etc.
Review of hours worked
Review of wages cost against budgets
Review by senior staff of data input and calculation work
by other staff including checking procedures
Appropriate analysis codes
Maintenance and reconciliation of wages bank account
3. Payment
Custody of cash procedures
Segregation of duties
Verification of identity
Preparation of pay packets, cash, cheque, payslip etc.
Records of amounts distributed
Authorisation of cheques and bank transfers
Dealing with queries
4. Deductions
Maintenance of separate records for each employee
Review deductions as between differing periods
Review control accounts for deductions
Page 110
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
Tests of controls
Setting of wages and salaries
1. Check that wages summary is approved for payment.
2.
Review details for changes from previous period and check for authorisation for
differences.
3. Check letters of employment exist for all new employees and relevant forms are
prepared for all leavers.
4. Check calculation of gross pay and agree rate of pay to authorised pay, hours worked
etc.
5. Check a sample of names on payroll lists to phone records, floor plans etc.
Recording
1. Reconcile wages to previous weeks payroll, timesheets, changes in pay rates etc.,
looking for unusual or explained variances.
2. Re-perform key calculations and seek evidence of controls checking.
3. Check down totals and cross totals on payroll sheets and trace to the appropriate
ledger accounts.
4. Review all payroll control accounts.
5. Enquire as to payroll queries from staff.
Payment
1. If cash payments made, attend such an event and note procedures.
2. Compare pay packets with list of payments to be made.
3. Ensure signatures for all packets collected and enquire about uncollected packets.
4. Review list of cheques/ bank transfer list and agree back to payroll details.
Deductions
1. Check calculations on payroll details and that authorisation does exist.
2. Check down totals on payroll summaries and match to entries in appropriate ledger
accounts.
3. Examine third party documentation.
4. Review the deduction control accounts and compare against previous periods.
CASH RECEIPTS AND DISBURSEMENTS
Control Objectives
1. All monies received are recorded, processed to the appropriate ledger accounts and
banked where necessary
2. Cash and cheques are safeguarded from loss through theft or otherwise
3. All payments are authorised, properly recorded and made to the correct person
4. Duplicate payments are avoided
Page 111
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
Completeness of income (recording of all cash receipts) is extremely important. If there are
inadequate controls, these may cause limitations in the scope of your audit.
Segregation of duties is vital when dealing with cash. The receiving, recording, banking and
reconciling functions should ideally be done by separate persons within an entity.
Control Activities
1. Cash at bank and
in hand- receipts
Segregation of duties
Post opening procedures. Safeguards over security, supervision,
listing of items when opened, cheques crossed, remittance
stamped.
Policy over who can receive cash, pre-
numbered company
receipts books. Ensure safe custody.
Regular clearance of cash registers and matching to till rolls.
Reconcile cash collection with sales records.
Investigation of shortages/surpluses.
Prompt recording of receipts in daybooks and ledger accounts.
Daily bankings, matching
cash records with bank lodgement
receipt slip.
Authorisation to open bank accounts.
Set limits on cash floats. Regular review and authorisation.
Restrictions on payment out of cash receipts.
Access controls over cash.
Surprise cash counts.
Bank reconciliation process. Follow up of un-reconciled
transactions.
2. Payments - cash
and cheques
Custody over supply and issue of cheques, especially ones with
printed signatures.
Restrictions on issue of incomplete cheques
or signing blank
cheques.
Cheque requisitions with appropriate supporting documentation
and approval.
Authority limits to sign cheques. Keep separate from approval
process. No signatures without full documentation.
Prompt despatch of signed cheques and recording in daybooks
and ledgers.
Authorisation and suitable backup documentation for cash
payments.
Separate cashier listing payments to person recording in
daybooks and ledgers.
Limits on cash disbursements.
Page 112
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
Tests of controls
Receipts received by post
1. Observe that post opening procedures are followed.
2. Observe that all cheques received are crossed for protection.
3. Trace items in the rough cash list to the cash book and appropriate ledgers.
4. Verify amounts received agree with remittances advices.
Cash sales
1. Verify takings against till rolls.
2. Check takings to bank slip when lodged.
Collections
1. Trace amounts to cash book from appropriate collection sheets.
2. Verify goods sent for collection have matching receipts.
3. Review numerical sequence of collection books.
Cash receipts book
1. Check a sample of entries in the daybook back to till rolls, collection sheets or rough
cash sheets.
2. Check entries in daybook to bank statement to ensure daily lodging.
3. Check down totals and cross totals of daybook and trace totals to the nominal ledger.
4. Check transactions in daybooks to appropriate sales ledger accounts.
5. Review the daybook and check for large or unusual items.
Cash payments book
1. Check a sample of payments recorded to supporting documentation. Suppliers
statements, copy paid cheques.
2. Ensure cheque amounts are within authority limits for signing.
3. Check that invoices to be paid have been verified and passed for payment and that a
“paid” stamp is inserted on such invoices.
4. Check the numerical sequence of cheque numbers and enquire as to missing numbers.
5. Trace transfers to other bank accounts, cash records etc.
6. Check additions and trace totals to the nominal ledger.
7. Check transactions in daybooks to appropriate purchase ledger accounts.
8. Review the daybook and check for large or unusual items.
9. Review bank reconciliations. Check balances and un-
reconciled items against
daybooks and other supporting information. Check done on a regular basis and review
for any unusual items.
Petty Cash
1. Check a sample of payments to supporting documentation and appropriate approval.
2. Ensure vouchers have been marked and signed off to prevent re-use.
3. Trace a sample of amounts received to cash books and to relevant ledgers.
4. Check additions of petty cash book and trace summary totals to the nominal ledger.
Page 113
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
INVENTORY
Control Objectives
1. Recording of stock
All movements are recorded and authorised
Record only items that belong to entity
Records show all inventory that exists and is in stock
All quantities are recorded correctly
Proper cut-off procedures apply
2. Safeguarding of stock
Loss, theft or damage is guarded against
3. Valuation of stock
Stock is priced correctly
4. Holding of stock
Levels of stock are reasonable
Control Activities
1. Recording of stock
Segregation of duties between custody and recording of
stock
Checking receipt and recording of goods received
Checking appropriate documentation of movement
Maintenance of stock records. Ledger cards, bin cards etc.
2. Protection of stock
Access rights to stock
Controls over environment
Security over third party stock on-
site and stock on third
party property
Stock takes - Procedures, supervision, control, cut-off,
recording.
Reconciliation of book stock to physical.
3. Valuation of stock
Checking calculations
Compliance with accounting standards, company law etc.
Examine condition of stock and provide for slow moving,
obsolete or damaged stock
Authorisation for any write offs and appropriate accounting
for such
4. Holding of stock
Agreed levels, regular review
Max/min levels and re-order levels
Page 114
UNIT 6 INTERNAL CONTROL ASSESSING CONTROL RISK & TESTS OF CONTROL
Tests of controls
Recording movement of stock
1. Select a sample of stock movements and trace back to either goods received notes or
despatch notes.
2. Confirm all movements were authorised.
3. Select a sample of items from the goods received notes and the despatches and agree to
the stock movement records.
4. Check the sequence of records and enquire about potential missing items.
Safeguarding of stock
1. Test check counts carried out and ascertain whether all discrepancies between book stock
and actual physical stock levels have been investigated.
2. All variances should be signed off by a senior member of staff.
3. Slow moving, obsolete or damaged stock should be marked as such and should be written
down in value. Trace a sample of these items through to the stock valuation reports.
4. Note the security arrangements.
Valuation of stock
1. Tests are generally of a substantive nature rather than testing controls but you should
review stock sheets prepared at stock take, taking note of slow moving, obsolete items
etc.
Holding of stock
1. Examine stock records to check whether max/min levels are observed and whether re-
order levels are applied.
Page 115
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Study Unit 7
Financial Statement Items Substantive Procedures
Contents
A. Assertions
B. Specific Audit Procedures
C. Balance Sheet items
D. Profit & Loss items
E. Assessment of Misstatements
F. Impact on Audit Reporting
Page 116
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
A. ASSERTIONS
Auditors need evidence to support the financial statement assertions. By approving the
financial statements, the directors are making representations about the information therein.
In other words they are making certain assertions about the figures and disclosures contained
within the accounts.
These assertions may fall into the following categories:
(a) Assertions about classes of transactions and events for the period under audit
(Profit and loss):
Occurrence recorded transactions and events have occurred and pertain to the
entity.
Completeness all transactions and events have been recorded.
Accuracy — amounts and other data recorded appropriately.
Cut-off — transactions and events recorded in the correct period.
Classification — transactions and events recorded in proper accounts.
(b) Assertions about account balances at the period end (Balance sheet):
Existence assets and liabilities exist.
Completeness all assets and liabilities have been recorded.
Rights and obligations the entity holds or controls the rights to assets
(ownership) and liabilities are the obligations of the entity.
Valuation and allocation assets and liabilities are included in the financial
statements at appropriate amounts and in appropriate accounts.
(c) Assertions about presentation and disclosure:
Occurrence and rights and obligations disclosed events, transactions, and other
matters have occurred and pertain to the entity.
Completeness all disclosures that should have been included in the financial
statements have been included.
Classification and understand ability financial information is appropriately
presented and described, and disclosures are clearly expressed.
Accuracy and valuation financial and other information are disclosed fairly and
at appropriate amounts.
B. SPECIFIC AUDIT PROCEDURES
ISA 500 provides guidance on the audit procedures used for obtaining audit evidence to
support the financial statement assertions.
Page 117
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Substantive procedures are tests to obtain the audit evidence to detect material misstatements
in the financial statements. They can be tests on transactions and balances and can be used to
discover errors or omissions.
Inspection of tangible assets
Inspection confirms existence and valuation and gives evidence of completion. It does not
however confirm rights and obligations.
Inspection of documents and records
Confirmation to documentation confirms existence of an asset or that a transaction has
occurred. Confirmation that items are in the books shows completeness. Also helps
testing cut-off. It provides evidence of valuation, measurement, rights and obligations and
presentation and disclosure.
Observation
This procedure is of limited use in that it only confirms that a procedure took place when it
was observed.
Inquiry and confirmation
Information sought from client or external sources. The strength of the evidence depends
on knowledge and integrity of the source of the information.
Recalculation and Re-Performance
Checking calculations of client records
Audit automation tools
Such as computer assisted auditing techniques
Analytical procedures
Analysis of significant ratios and trends including the resulting investigations of
fluctuations and relationships that are inconsistent with other relevant information or
which deviate from predictable amounts.
Page 118
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Typical tests associated with assertions
Completeness
1. Review of post year end transactions
2. Cut-off tests
3. Analytical review
4. External confirmations
5. Reconciling to control accounts
6. Checking number sequences
Valuation
1. Checking to invoices
2. Recalculation of amount by auditor
3. Review of post year end transactions
4. Reviewing accounting policies for consistency of application and for appropriateness
for entity
Existence
1. Physical verification
2. External confirmations
Rights and obligations
1. Examination of invoices
2. External confirmations
Occurrence
1. Inspection of documentation
2. Physical verification
3. Review of minutes of directors meetings
4. Enquire from management
Measurement
1. Re-calculation by auditor
2. External confirmations
3. Review by external expert valuation
4. Analytical review
Disclosure
1. True and fair view given
2. Compliance with accounting standards and appropriate legislation
Page 119
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Overall Approach
When auditing a particular area it is useful to bear the following process in mind:
1. Carry out analytical review procedures.
2. Always agree back the opening balances with last year’s working papers and the final
trial balance and last year’s signed audited accounts.
3. Examine the schedules given to you by the client and check a sample of the items to
the accounting records while selecting a sample from the accounting records and
matching back to the schedule.
4. Test the transactions and balances in detail.
5. Review the nominal ledger account for any unusual items.
6. Agree the balance into the final trial balance and a draft set of accounts if available
and review the presentation and disclosure in those accounts.
Remember, the audit tests carried out should be tailored to the specific entity taking into
account factors such as:
The significance of any risk of misstatement and the likelihood that it will occur
The characteristics of the class of transactions or account balances
The level of materiality set
The nature of any specific controls and whether the auditor obtained evidence that
controls are effective and operating effectively in preventing, or detecting and
correcting material misstatements.
C. BALANCE SHEET ITEMS
a) Non-current assets
We will look at two types, tangible fixed assets and intangible assets.
Tangible fixed assets
The key audit objectives are existence, completeness, valuation and rights and obligations.
Before designing tests the auditor should take into account any relevant internal control
considerations such as:
1. The existence and operation of a fixed asset register.
2. Procedures for authorisation and accounting for additions and disposals.
3. Physical security procedures.
4. The adequate maintenance of assets and the provision of depreciation.
Page 120
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Audit programme -Tangible fixed assets
Assertion - Completeness
1. Obtain a summary of the assets showing the gross book value, the accumulated
depreciation and the net book value and reconcile this with the opening position.
2. Reconcile the summary with the nominal ledger and the ass
et register and follow up
on any discrepancies.
3. Physically inspect whether items on the summary actually exist.
Assertion - Existence
1. Confirm that entity physically inspects all assets each year.
2. Inspect a sample of items on asset register paying attention to high value, portable and
any material additions during the year and check that they are in use and in good
order.
Assertion - Valuation
1. Verify valuation of buildings to a valuation certificate, having regard to the
experience of the valuer, his scope of work, the methods and assumptions he uses and
whether the valuation bases are in line with accounting standards.
2. Check whether any surplus/deficit has been calculated correctly and is recognised in
the profit and loss account or statement of total recognised gains and losses whichever
is appropriate.
3. Check whether regular valuations are being carried out.
4.
For other asset types examine the purchase invoice or other supporting
documentation.
5. Review depreciation rates and policies and assess their appropriateness having regard
to the entity itself, asset lives, residual value, replacement policy, past history
profits/losses on disposal and possible obsolescence.
6. Check that depreciation is charged on all assets in use and that none is charged on
fully depreciated or disposed assets.
7. Check the calculation of a sample of depreciation charges.
8.
Carry out analytical review procedures such as comparing depreciation to previous
years.
9. Review accounts for policy and rates disclosures.
10. Review the current ins
urance policies in place and consider the adequacy of the
insured amounts.
Assertion - Rights and obligations
1. Inspect title deeds, leases and land registry certificates.
2. Confirm through lawyers that deeds are free from charge.
3. Inspect car registration documents.
4.
Examine documents of title for other assets including invoices, lease agreements,
contracts or architects certificates.
5.
Review statutory books and leases and agreements to ensure all charges and
commitments are noted.
6. Examine post year end
transactions and minutes of management meetings for any
evidence of capital commitments.
Page 121
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Additional testing is carried out on additions, disposals and where an entity constructs its own
assets.
Additions- rights and obligations, valuation, completeness
1. Inspect architects’ certificates and suppliers’ invoices.
2. Check whether the capitalising of the asset is correct and whether there is consistency
with previous years.
3. Check whether amounts are posted to correct accounts in nominal ledger.
4. Check whether the additions have been authorised.
5. Where assistance or grants are available, check that such are claimed and have been
received and correctly accounted for.
6. Check additions are recorded on the asset register.
Disposals- rights and obligations, completeness, occurrence and measurement
1. Verify disposals with supporting documentation, checking transfer of title, sales price
and dates of completion and payment.
2. Check calculation of profit and loss and has it been recorded properly.
3. Check that disposals are authorised.
4. If the asset is used as security, ensure that a release has been correctly made.
In-house construction of assets-valuation and completeness
1. Verify material and labour costs to suppliers’ invoices and payroll records.
2. Ensure expenditure is ca
pital. It should enhance the economic benefits, replace or
restore a component or relate to a major inspection or overhaul.
3. Check whether finance costs are capitalised.
Page 122
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Intangible fixed assets
The key assertions relating to intangibles are existence and valuation.
Audit programme
Goodwill
1. Examine the sales agreement for the amount of the consideration and check that the
asset valuation is reasonable.
2. Check that the calculations are correct.
3. Examine the impairment review for reasonableness.
Intangibles- e.g. trademarks
1. Inspect the purchase documentation.
2. Review valuation prepared by specialists to ensure reasonableness.
3. Review the amortisation calculations.
Research and development costs
1. Ensure amounts capitalised agree with IAS38.
2. Confirm feasibility and viability by reference to budgets and other documentation.
3. Check the amortisation calculations.
Inventory
The key assertions are existence, valuation, completeness and ownership.
IAS 2 states that stock should be measured at the lower of cost and net realisable value.
Costs would include cost of purchase and any other costs incurred in bringing the stock to its
present condition and location. That could include production overheads.
Net realisable value is likely to be less than cost where costs are increasing at a faster rate
than sales prices, or costs falling slower than sales prices, products becoming obsolete or
deterioration in quality and possible strategic decisions to sell products at a loss.
The first key assertion is existence. ISA 501 additional considerations refers to attendance
at a physical stock count. It states that an auditor should attend such a count to vouch the
existence and condition of such stock. Non-attendance coupled with an inability to obtain
alternative sufficient and appropriate evidence could lead the auditor to conclude that there
has been a limitation in the scope of the audit.
Types of stock counts
1. Physical count at year-end
2. Physical count before year-end
3. Perpetual counts (throughout year)
Page 123
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Counting at the year-end is better but some companies will count before year-end or have a
system of counting throughout the year. In the latter two, the auditor will need to consider the
systems of internal control over the stock process. The auditor will need to ensure that
adequate inventory records are kept, satisfactory procedures for counting and test checking
exist and all material variances are investigated, corrected and authorised.
Attendance at a count gives the auditor evidence over the existence of stock, its ownership
and also completeness. It is vital therefore that a stock count is well managed to ensure that
all stock which is owned by a company is counted accurately.
The auditor needs to pay special attention to the organisation of the count, the actual
counting and the recording of those results. What levels of supervision will management
employ, controls over movement of stock during counting, identification of slow moving
stock, controls to ensure all stock is counted, who will carry out test checks, control of stock
sheets, data to be recorded, recording of cut-off details, reconciliation of records and follow
up corrections etc.
As for the auditor himself, he needs to consider the nature and volume of the stock, any
documented risks, identification of high value items and locations among other things before
deciding on what test counts to perform. It will be important to ensure a representative
sample of locations and stock.
Audit programme-Stock
Attendance at stock count
1. Check that all audit staff on the count are aware and understand the count instructions
and ideally should have a written copy.
2. Perform test counts to ensure
procedures are working properly. Test counts are
performed by selecting items from count sheet and re-performing count or identifying
physical stock, counting it and tracing to the stock sheets. Ensure all results are
documented.
3. Ensure procedures over dam
aged and slow moving stock are operating and note
instances where these stocks are identified for further follow up at year-end.
4. Confirm third party stock is separately identified and accounted for.
5. Conclude as to whether count has operated in line with pl
an and is reliable for
determining the year-end stock figure.
6. Document all cut-off numbers and details of count sheets.
On final audit visit
1. Trace all items that were test counted to the final stock sheet.
2. Check all count sheets have been included on final stock sheet.
3. Trace some items from final stock sheet back to the count sheets.
4. Confirm cut-
off is ok by tracing relevant numbers through each of the processes
namely, sales and purchases.
5. Check replies from third parties for stock held by them or for them.
6. Check the prices applied for valuation purposes and check calculations.
Page 124
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Cut-off is vital to the accurate recording of transactions. It is important that the physical
receipt of goods and the supporting documentation are recorded in the correct period.
The auditor needs to assess the controls which management have in place to ensure cut-off is
applied properly.
Purchase invoices should be recorded as a liability only if goods are received prior to the
year-end count. While invoices for sales despatched after the stock count should not appear
as sales for the period up to the year-end.
Cut-off testing- at count
1. Record all movement of stock if these have not been stopped during the count.
2. Note last goods received note in and last goods despatch note out.
3. Observe cut-off procedures applied by staff at point of entry/exit.
Final audit visit testing
1. Match goods inwards notes with purchase invoices to ensure liability is recorded in
correct period.
2.
Match goods despatch notes with sales invoices to ensure income is recorded in the
correct period.
Valuation - Lower of cost and net realisable value
The auditor must ensure that the company is applying an allowable costing method
consistently. He should review prices changes, old or obsolete stock and review the profit
margins data.
Stock can include raw materials, work-in-progress and completed stock.
At the outset the auditor should apply analytical review procedures. It may assist in
comparing the current year’s analysis of figures with previous year’s, highlighting areas for
further review.
Page 125
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Audit programme
Production costs
1. For all materials: check the price used to purchase invoices or price lists, confirm the
valuation basis is being used and check the quantity and the calculations.
2. For labour costs: check the payroll records for hours and rates of pay.
3. If standard labour costs are used, check the actual costs and production and review the
variances to assess whether standard rate is reasonable.
Allocation of overheads
1. Check that all abnormal conversion costs (idle capacity, inefficient production,
reduced levels of activity) are excluded from the allocation.
2. Check overheads are classified by function.
3. Check general management costs are excluded.
4.
Ensure only costs that can be reasonably allocated to the production function are
included.
Cost versus NRV
1. Review and test the company’s controls for identifying slow moving, obsolete or
damaged stock.
2. Trace all items from test counts to the final stock valuation report ensuring adequate
provision was made.
3. Examine stock records to identify slow moving stock and check whether a write down
exists. Enquire of same where no write down exist.
4. Examine prices after the year-end and assess whether valuations need adjusting.
5. Review stocks sold post year-end to assess whether year-end stock has been realised
and consider whether appropriate provisions are needed.
B) Accounts receivable & sundry debtors
Key assertions are completeness, accuracy, existence, rights and obligations and valuation.
In the first instance the auditor should obtain a list of outstanding debtor balances from the
sales ledger, ideally each balance should be aged. To obtain evidence in relation to
completeness and accuracy the auditor should:
1. Check the balances from the list and match to the sales ledger.
2. Check balances within the sales ledger and match to the list.
3.
Reconcile the total of the list to the total of the sales ledger balances and the debtors
control account in the nominal ledger.
ISA 501 additional considerations and ISA 505 external confirmations refer to the
confirmation of accounts receivable. Verification from external sources is strong evidence
for existence of rights and obligations.
A sample of balances on the listing should be circularised. Ideally, it should be the year-end
balance tested and authorisation must be received from the client. The client can authorise
third parties to divulge information to the auditors.
Page 126
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Where management refuse the request for all or individual balances selected, the auditor
needs to consider whether there are valid grounds for such action and obtain evidence to
support the validity of that claim. If the auditor accepts this, alternative audit procedures will
need to be carried out for those items refused the request. In the event that the auditor does
not accept management’s decision, there is a limitation on the scope of the audit and this
could have an impact on the audit report.
The letter is drawn up by the client (standard form) asking the customer to confirm details
with the auditor directly. The form of the letter can be a positive or negative confirmation.
The former asks a customer to confirm a figure, the latter asks for a reply if the amount is
disputed. A positive confirmation is more generally preferable.
It is important for the auditor to control the despatch of and the return of these letters directly
to himself (inclusion of addressed & pre-paid envelope), even though they are prepared and
signed by the client.
When selecting the sample the auditor needs to pay special attention to large balances, old
unpaid accounts, accounts written off, credit balances, accounts with part payments only and
nil balances.
Many customers do not respond or disagree with the quoted balance. In these cases,
follow up procedures are required. The extent of these tests will depend on each case and its
specific circumstances.
Disagreements can arise for a number of reasons:
On-going dispute between client and customer
Cut-off problems exist
Time lag of monies in post or processing to an account
Items posted to wrong accounts
Netting off balances where you have sales and purchases with a customer
Incorrect postings to accounts for whatever reason
There should be some follow up for customers who do not respond such as additional phone
queries or assistance from client. Failing that, alternative testing needs to be done:
Accounts receivable - alternative procedures
1. Review post year-end receipts.
2. Verify that valid sales orders exist and goods were despatched.
3. Examine invoices specifically making up the account balance.
4. Enquire from management as to why debt remains unpaid.
Disputed amounts and errors by client may need further audit procedures to be carried out to
determine whether these amounts are material and require adjustment in the accounts.
Page 127
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Valuation of year-end balances depends on the evidence of collectability of debts. Auditor
needs to be aware of bad and doubtful debts.
Bad debts
1. Confirm adequacy of provision. Inspect correspondence, lawyers’ letters, debt
collection reports etc.
2. Examine customer accounts, particularly age of debts against credit policy to ascertain
whether a provision is required. Look out for round sum payments, earlier invoices
left unpaid, correspondence on file.
3. Review general provisions for reasonableness.
4. Examine credit notes processed after year-end to assess whether year-
end balances
remain valid.
5. Test accuracy of aging of accounts.
6. Scrutinise unapplied credits or unallocated cash receipts.
7.
Review accounts and debtors control account for unusual items such as journals
transferring balances, clearing balances and enquire of same.
Cut-off testing-evidence for accuracy
1. Obtain details of last despatch note out and last goods returns note in.
2. Select a sequence of movement notes before and after the cut-off point and match to
invoices and credit notes in the correct accounting period.
3.
Select a number of invoices and credit notes and match back to the appropriate
despatch notes and goods returns notes.
4. Follow up and assess any exceptions.
Prepayments
1. Compare prepaids with previous years using analytical procedures.
2. Verify prepaids to payments book and supporting documentation.
3. Check calculation for reasonableness.
4. Review nominal ledger accounts for journal adjustments for prepaids.
Sundry debtors
Balances such as employee loans can be confirmed directly with employees or through the
payroll system.
Investments
The auditor needs to consider the income and the asset. Investments can fall under the
following headings:
Investments in companies whether listed or unlisted
Investment in subsidiary and associated companies
Investment properties
Page 128
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
The auditor needs to consider a couple of key internal controls such as authorisation over
investment dealings and the segregation of duties re the recording and custody roles which
should be kept separate.
Audit programme - Investments
1. Examine certificates of title and confirm that they are bona fide complete title
documents in the clients name and free from any charge or lien.
2. Examine confirmation from a third party investment custodian and check investments
are in the clients name and are free from charge or lien.
3. Inspect certificates of title held by third parties who are not bona fide custodians.
4. Inspect letters of trust to confirm client owns nominee shares.
5. Review minutes and other statutory books for evidence of charging.
6. Verify purchases to agreements, contract notes and correspondence.
7. Confirm purchases were authorised.
8. Check with appropriate financial data suppliers that all reported capital changes bonus
or rights issues have been correctly accounted for.
9. Verify disposal with contract notes and sales agreements.
10. Check whether investments disposals have been authorised.
11. Confirm that profit or loss on sale of investments have been correctly calculated
taking into account bonus issue of shares, consistent basis of identifying cost of
investment, rights issues, accrued interest and taxation.
12. The auditor should establish that the company’s policy on valuing investments has
been correctly and consistently applied.
13. Confirm the value of listed investments by reference to stock exchange.
14. Review accounts of unlisted companies and assess the net asset value of the shares
and the value of the investment and ensure that it is reasonable.
15. Check that there is no substantial fall in the value of the investments.
16. Check whether the current asset investments are included at the lower of cost or net
realisable value.
17. Ensure that the investments are properly categorised in the financial statements into
listed and unlisted.
Investment properties
IAS 40 sets out the criteria for the validity of an investment property. It is property whether
land or buildings held rather than for use in the ordinary course of business.
There are different standards applicable depending on the type of the property:
Property held for sale in ordinary course of business – IAS 2 inventories
Property being constructed on behalf of third parties - IAS 11 construction contracts
Owner occupied property - IAS 16 property plant and equipment
Property being constructed for future use as investment property - IAS 16 –“…until
construction or development is completed then treat as an investment property”.
Page 129
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Audit programme-Investment properties
1. Verify rental agreements, ensuring that occupier is not a connected company and that
the rent has been negotiated at arm’s length.
2. If the building has recently being built, check the architect’s certificate to ensure that
the construction work has been completed.
3. IAS requires that investment properties either be held at cost or at fair value. The
auditor should verify this to a valuer’s cert., as professional valuation is encouraged
under the IAS.
4. The auditor should seek to verify the cost to appropriate evidence such as purchase
invoice, or if self-constructed, costing records, payroll etc.
5. The auditor should review the disclosures made in the financial statements in relation
to investment properties to ensure that they have been made appropriately, in
accordance with IAS 40.
Bank and cash balances
Audit work will focus on the completeness and accuracy of balances. The key assertions are
completeness, existence, rights and obligations and valuation.
The main audit procedures will concentrate on external confirmation of balances and
reviewing the bank reconciliation process.
The bank confirmation letter is sent to the banks to complete and return to the auditor
direct. The client will authorise this process. As well as the balance on any accounts held,
the details should include any other relevant information such as guarantees, lines of credit,
comfort letters, securities, interest terms and interest payable or receivable. The letter is in a
standard form which is agreed by the banks and the various accountancy bodies.
The auditor should send letters to all banks that the client deals with ( current account,
deposits, loans etc.) and should control the despatch of and the return of completed letters
directly to himself (include pre-addressed & pre-paid envelope).
Cut-off or more commonly known as window dressing can occur. Companies attempt to
overstate or understate balances for varying reasons. Examples include, keeping books open
to record receipts actually received in the New Year thereby pushing up bank balance and
reducing debtors. Recording cheques in the current year, but not actually releasing them until
the New Year, will decrease the bank balance and reduce trade creditors. These examples
present an artificial scenario.
Bearing this in mind the auditor should examine bank paying-in slips for evidence of
lodgement and examine supplier statements and bank statements to ascertain the length of
time paid cheques are taking to clear.
Page 130
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Audit programme- Bank balances
1. Obtain standard bank confirmations from all relevant banks. Agree each balance to
the accounting records and note all other relevant comments for disclosure in
accounting notes.
2. Obtain bank reconciliations for each bank account operated.
3. Check the arithmetic calculations of these reconciliations.
4. Trace outstanding cheques to the payments book prior to the year-end and to the post
year-end bank statements. Enquire as to any large or unusual items not cleared at the
time of the audit.
5. Compare cash books and bank statements in detail for the final month and check that
un-reconciled items are appearing on the bank reconciliation.
6. Review the reconciliations for older items and enquire as to their validity.
7. Trace outstanding lodgements back to cash book before year-end and bank statement
post year-end. Review bank paying-in slips.
8. Match balances per the cashbooks to the ledger and the reconciliations.
9.
Scrutinise the cashbooks and the bank statements for any large or unusual items and
follow up on same.
10. Identify whether any of
the accounts are used as security on the assets of the
company.
11. Consider whether there is a legal right of set-off of accounts.
Cash balances, whether petty cash or floats for staff, are often immaterial, but may require
some audit work because of the risk of fraud particularly where internal controls are weak.
Also, the auditor needs to consider that some entities, such as retail organisations and
hotels/bars, will hold large cash sums.
Where cash balances are potentially material, the auditor should conduct or be in attendance
at a cash count. Similar to a stock count, the auditor needs to pay attention to the planning,
the count and follow up procedures.
Audit programme - Cash count
1. Count all cash balances and agree to petty cash book or other record kept.
2. Count all cash at same time and ensure all work is done in presence of staff.
3. Obtain a certificate of cash in hand from staff member.
4. Enquire about IOUs or cheques cashed.
5. Confirm balances are in agreement with the accounts.
Verify that IOUs and un-
cashed cheques have subsequently been dealt within a
reasonable period of time.
c) Accounts payable, accruals, provisions for liabilities
Testing for understatement and completeness is very important for all liabilities.
Page 131
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Trade creditors
The primary objective will be to ensure that all trade creditor liabilities existing at the year-
end are completely and accurately recorded. To ensure this the auditor needs to pay special
attention to cut-off testing and reconciling purchase ledger accounts to supplier statements.
The purchase cycle test of controls will hopefully have provided the auditor with some degree
of comfort over the completeness of liabilities.
In the first instance the auditor should obtain a list of outstanding trade creditor balances
extracted from the purchases ledger. The following substantive procedures should be carried
out:
1. Check the balances from the list and match to the purchases ledger.
2. Check balances within the purchases ledger and match to the list.
3. Reconcile the total of the list to the total of the purchases ledger balances and the
creditors control account in the nominal ledger.
4. Check all arithmetical calculations.
5. Obtain a sample of suppliers’ statements, reconcile and trace back each of the
reconciling items to source documentation. Agree the ledger balance and the
statement balance to the reconciliation.
6. Ensure that all trade accruals are correctly accounted for.
7. Follow up on un-cleared year-end items at the time of the audit.
The sample should not be just kept to large balances. Understatement of balances is where the
risk is. Look at nil balances, low balances for major suppliers and debit balances.
The auditor doesn’t generally seek external confirmation as the quality of evidence that a
supplier’s statement provides is good. However, in rare circumstances he might just do that,
such as, if statements are missing, deliberate attempts to falsify documents or if the balance is
unusual compared to the norm.
Cut-off testing-evidence for completeness
1. Obtain details of last good received note in and last goods returns note out.
2. Select a sequence of movement notes before and after the cut-off point and match
to invoices and credit notes in the correct accounting period or a list of trade
accruals where necessary.
3. Select a number of invoices, credit notes and items per the list of trade accruals
and match back to the appropriate goods received notes and goods returns notes.
4. Follow up and assess any exceptions.
5. Review outstanding purchase orders for any evidence of any purchases completed
but not invoiced.
6. Review the creditors control account for any unusual transactions around the year-
end.
Page 132
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Reservation of title
This is where a seller may retain legal ownership of goods until fully paid for. The auditor
needs to ascertain how the client identifies these and should review and test the procedures
for estimating liabilities. He should also review the terms of major suppliers to confirm that
all liabilities have been accounted for. He should consider whether disclosures are sufficient.
Accruals
Analytical procedures should be applied to accruals in seeking to gather evidence over their
valuation and completeness. The auditor needs to consider last year’s accruals and known
expense items where you may expect an accrual.
Audit programme- accruals
1. Check calculations are reasonable, based on supporting documentation and subsequent
year-end payments.
2. Scrutinise the payments after the year-end for large or unusual items that should be
treated as an accrual.
3. Review the profit and loss account for those headings which may indicate an accrual
exists.
4. Check accruals exist for payroll and vat liabilities.
Provisions for liabilities and contingencies
A provision should be accounted for as a liability. Contingencies in general should be
disclosed. The auditor needs to ensure there has been correct classification according to IAS
37, provisions, contingent liabilities and contingent gains.
IAS 37 defines a provision as a liability of uncertain timing or amount.
A liability is a present obligation of an enterprise arising from past events, the settlement of
which is expected to result in an outflow from the enterprise.
An obligation is an event that creates a legal or constructive obligation that results in an
enterprise having no realistic alternative to settling that obligation.
A legal obligation derives from a contract through its explicit or implicit terms, legislation or
some other operation of law.
A constructive obligation derives from established patterns of past practice or published
policies through which a valid expectation is created on the part of another party.
A contingent liability is a:
possible obligation that arises from past events and whose existence will be confirmed
only by the occurrence or non-occurrence of one or more uncertain future events not
wholly within the control of the enterprise or a
Page 133
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
present obligation that arises from past events but is not recognised because it is
improbable that an outflow of resources will be required to settle the obligation or the
amount of the obligation cannot be measured with sufficient reliability.
A contingent asset is a possible asset that arises from past events and whose existence will
be confirmed only by the occurrence or non-occurrence of one or more uncertain future
events not wholly within the control of the entity.
Under IAS 37, an entity should not recognise a contingent asset or a contingent liability.
However, if it becomes probable that an outflow of future economic benefits will be required,
then a provision should be recognised. A contingent asset should not be accounted for unless
its realisation is virtually certain. If an inflow of economic benefits has become probable, the
asset should be disclosed.
Where there is a present obligation that probably requires an outflow of resources, then
a provision should be recognised and disclosed.
Where there is a possible or present obligation that may, but probably will not, require
an outflow of resources then no provision should be recognised but disclosures are
required for the contingent liability.
Where there is a possible or present obligation where the likelihood of an outflow of
resources is remote, then no provision is recognised and no disclosure is required.
A contingent liability also arises in the rare case where there is a liability that cannot be
recognised because it cannot be measured reliably. Disclosures are required in this instance.
Contingent assets
Where the inflow of economic benefits is virtually certain, the asset is not contingent.
Where the inflow of benefits is probable but not virtually certain, then no asset is
recognised but disclosures are required.
Where the inflow is improbable, then no asset or disclosures are recognised.
Examples of contingencies disclosed by companies are guarantees for other group companies,
staff pension schemes, completion of contracts, discounted bills of exchange, law-suits or
claims pending and options to purchase assets.
Obtaining audit evidence of contingencies
The auditor should carry out audit procedures in order to become aware of any litigation and
claims involving the entity, which may result in a material misstatement of the financial
statements. Such procedures would include the following:
Make appropriate inquiries of management including obtaining representations
Review minutes of management meetings and correspondence with the lawyers.
Examine legal expense accounts
Page 134
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Use any information obtained regarding the entity's business including information
obtained from discussions with any in-house legal department.
When the auditor assesses a risk of material misstatement regarding litigation or claims that
have been identified or when the auditor believes they may exist, the auditor should seek
direct communication with the entity's legal counsel.
This will help to obtain sufficient appropriate audit evidence as to whether potential material
litigation and claims are known and management’s estimates of the financial implications,
including costs are reliable.
The letter, which should be prepared by management and sent by the auditor, should request
the entity's legal counsel to communicate directly with the auditor. When it is considered
unlikely that the entity's legal counsel will respond to a general inquiry, the letter would
ordinarily specify the following:
A list of litigation and claims
Management's assessment of the outcome of the litigation or claim and its estimate of
the financial implications, including costs involved.
A request that the entity's legal counsel confirm the reasonableness of management's
assessments and provide the auditor with further information if the list is considered by
the entity's legal counsel to be incomplete or incorrect.
The auditors must consider all matters up to the date of their audit report so further contact
may be necessary with the lawyer. This can only take place with the permission of
management and may be required where a disagreement/complex matter arises.
If management refuses to give the auditor permission to communicate with the entity's legal
counsel, this would be a scope limitation and could lead to a qualified/disclaimer of opinion.
Where the entity's legal counsel refuses to respond in an appropriate manner and the auditor
is unable to obtain sufficient appropriate audit evidence by applying alternative audit
procedures, the auditor would consider whether there is a scope limitation that may lead to a
qualified opinion or a disclaimer of opinion
Audit programme
1. Obtain details of all provisions that have been included in the accounts and all
contingencies that have been disclosed.
2. Obtain a detailed analysis of all provisions showing the yearly movements.
3. Determine for each material provision whether the company has a present obligation
as a result of past events by review of correspondence and discussion with directors.
4. Determine for each material provision whether it is probable that a transfer of benefits
will be required to settle the obligation by checking whether any payments have been
made in the post balance sheet period in respect of the item and review of
correspondence with lawyers, banks, customers insurance company and suppliers.
Page 135
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
5. Recalculate all provisions made and assess their reasonableness.
6. Compare the amount provided with post year-end payments and with any amount paid
in the past for similar items.
7. In the event that it is not possible to estimate the amount of the provision, check that
there is disclosure in the accounts.
8. Consider the nature of the client’s business for example would you expect to see any
other provisions such as warranties.
9. Consider the adequacy of disclosure of provisions and contingencies.
d) Long term borrowings
These are loan stock, debentures and any other loans repayable after more than one year from
the year-end date. The auditor will be concerned with completeness, measurement and
disclosure. He needs to pay attention to agreements as compliance with them is a must.
Audit programme- long term loans
1. Obtain a schedule of all outstanding loans. Details should include balance, maturity
date, interest rates and security details.
2. Agree opening figures to the closing figures from last year.
3. Check the arithmetic calculations.
4. Confirm the balances per the list agree to the nominal ledger.
5. Check the names on the list to the register of debenture holders.
6. Trace all additions and repayments to the cashbooks.
7. Confirm that all repayments are in agreement with the loan agreements.
8. Confirm that borrowing limits have not been exceeded.
9. Examine evidence from board minutes relating to new borrowings.
10.
Obtain external confirmation from borrowers as to the closing balance, accrued
interest and any security noted. Also note any indications of non-compliance.
11. Verify the interest charged is correct by recalculating.
12. Confirm that any assets charged have been entered in the registrar of charges.
13. Review restrictive covenants relating to default conditions.
14. Review board minutes and cashbooks to ensure that all loans have been recorded.
e) Capital
The auditor will be concerned with ensuring that:
1. Share capital has been properly classified and disclosed in the financial statements
and charges properly authorised.
2. Movements on reserves have been properly authorised and in the case of statutory
reserves only used for permitted purposes.
3. Statutory records have been properly maintained and returns dealt with.
Page 136
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
Audit programme-
Share capital
1. Agree the authorised share capital with the statutory documents.
2. Agree any changes to properly authorised resolutions.
Reserves
1. Check all movement on reserves to supporting authority.
2.
Ensure no movement on reserves contravenes company law or the company’s own
rules.
3. Confirm that distributable and non-distributable reserves are distinguished.
4. Ensure there is adequate disclosure in the accounts of any movement.
Issue of shares
1. Verify with board minutes and resolutions and general meeting.
2. Ensure issue or change of shares is in line with company’s constitution and that the
directors have the authority to issue such shares.
3. Confirm that cash or other consideration has been received in respect of the issue of
shares.
Transfer of shares
1. Verify by reference to complete stamped transfer forms, cancelled share certificates,
correspondence and minutes of directors’ meetings.
2. Agree balances on shareholders’ accounts in the register of members to the issued
share capital figure in the nominal ledger.
Dividends
1. Agree dividends paid to the authority within the minutes of the board of directors’
meetings and check the calculation.
2. Check dividends do not contravene the distribution provisions.
3. Check that any withholding tax has been calculated correctly and appropriately
accounted for.
Minute books
1. Review minutes of all meetings and make note of significant items for cross
referencing in the audit file.
2. Note the date of the last minute reviewed.
3. Check that meetings have been properly convened.
Register of interests in shares
1. Scrutinise register and verify that it is in order.
2. Ensure that significant interests are noted.
Register of charges
1. Update any changes to the permanent audit file.
2. Ensure that any asset which is charged as security for a loan is disclosed in the
accounts.
3. Do a company search with the Office of Registrar General to verify the accuracy of
the register.
Register of directors’ interests in shares
1. Ensure that such interests are noted for disclosure in the accounts.
2. Ensure that the shareholdings comply with the company’s constitution.
Register of directors
1. Update the permanent audit file for any changes in details.
2. Verify all changes with minutes and ensure proper statutory returns have been made
Page 137
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
to the applicable authorities for example: to the Office of Registrar General.
3. Verify that the number of directors complies with the company’s constitution.
Directors service contracts
1. Inspect copies of the contracts.
2. Verify that long term contracts have been approved in General meeting.
Statutory returns
1. Check that all returns are filed promptly.
Accounting records
1. Consider whether the accounting records are adequate to show and explain the
company’s transactions, disclose with reasonable accuracy the financial position of
the company and comply with company law.
2. Check that the figures
contained in the accounts can be traced back to the trial
balance, and back to the nominal ledger.
D. PROFIT AND LOSS ITEMS
f) Sales and purchases
Sales
A lot of work on sales is done in conjunction with the audit tests on debtors. The auditor will
seek to ensure that all sales are completely and accurately (cut-off) recorded.
Analytical review is important when testing completeness. The auditor needs to consider the
level of sales over the year compared to the previous year, any major changes in quantities
sold, price movements, level of returned goods, allowances and discounts. He should also
look at the gross margins, ideally broken down by product and time periods. Further
procedures could be carried out depending on the outcome of the analytical review.
The auditor may also do some directional testing to ensure completeness of transactions.
Tracing goods despatch note records to sales ledger accounts. He should also review the
sequence of despatch notes. To ensure accurate recording he should trace items from the
sales ledger back to the despatch notes. This may highlight sales which have been invalidly
recorded or which might not have occurred.
Cut-off tests similar to those done for stock or debtors can be carried out to ensure that sales
are recorded in the correct period.
Goods on sale or return should be included in inventory at cost and should be reversed out
of sales.
Purchases
The auditor is concerned with the accurate recording of purchases, their completeness and
occurrence. Cut-off would need to be looked at as well, but this work will have been done at
the stock and creditor phases of the audit.
Page 138
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
As with sales, the use of analytical review procedures is very important. The auditor should
compare the levels of purchases month on month and with corresponding figures from the
previous year. He will also need to consider what effect changes in volumes will cause and
the effect of new products, altered products and any price variations. He should also look at
ratios such as the rate of trade creditors balances to purchases or to inventory and compare
with previous years.
The auditor should check purchases from the daybooks to relevant supporting documentation
to assess whether the purchase is valid and if it has been allocated to the correct account in
the general ledger and posted correctly also.
g) Wages and salaries
Many expenses are audited solely by analytical review procedures. However, more detailed
testing is usually carried on the payroll due to the consequences of a failure to deduct and/or
account for payroll taxes correctly.
In applying the analytical review procedures, the auditor will consider the payroll levels over
each month and compare with the previous year’s figures. He will also consider wage rate
changes during the year and the movement of staff in and out of the organisation. Some
ratios that may be useful are average wage per month to sales and/or net profit per employee.
Audit tests - Payroll
Tests - Occurrence
1. Check pay rates to personnel records and salary agreements.
2. Check hours paid to timesheets, clock cards.
3. Confirm existence of staff through face to face meetings, check phone book, discuss
with managers etc.
Tests Measurement
1. Check accuracy of calculations of pay, and statutory deductions are correct.
2. Check for supporting documentation in respect of other deductions to establish their
validity and check the accuracy of the calculation.
Tests Completeness
1. Check the arithmetic calculations on the payroll records.
2. Confirm net payment to bank statement and payments book.
3. Scrutinise the payroll for any unusual items.
4. Review wages control account for any discrepancies.
Directors’ remuneration is disclosed in the accounting notes and as such could be
considered to be material. Directors’ salaries will be audited as part of the payroll but a few
additional checks should be carried out.
The auditor should check whether there have been any benefits-in-kind and review the
director’s service contracts. In addition, he should ensure that all payments made to former
directors are properly identified and disclosed.
Page 139
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
h) Other income and expenditure
Investment income
The basis of recognising investment income may vary from company to company particularly
for dividends. Credit may be taken only when received, when declared or taken only after
ratification of the dividend by the shareholders in general meeting. Whichever is the basis, a
consistent one must be applied from year to year.
The auditor will be concerned with completeness, occurrence and measurement. To address
these issues he should:
Check that all income due has been received by reference to financial statements for
unlisted companies and other available financial data.
Review investment income account for irregular or unusual entries.
Ensure that the basis of recognising income is consistent with previous years.
Compare investment income with prior years and explain any significant fluctuations.
Obtain a statement reconciling the book value of the listed and unlisted investments at
the last balance sheet date and the current balance sheet date.
Income from intangibles
Review sales returns and statistics to verify the reasonableness of income derived from
patents, trademarks licences etc. and examine audited accounts of third party sales covered by
patent, licence or trademark owned by the company.
Expenses
The auditor is concerned with the accurate recording of expenses, their completeness and
occurrence. In general, analytical review procedures are applied.
The auditor would compare this year with last and assess likely outcomes based on
relationships of figures between the balance sheet and the profit and loss account. Typically,
depreciation and interest paid could be reviewed in this way.
Based on the result of the analytical review procedures, further work may need to be carried
out. This would entail reviewing the individual transactions within the nominal ledger
account and tracing back to supporting documentation. A lot of work on expense headings
may already have been carried out while auditing the prepayments and the accruals.
E. ASSESSMENT OF MISSTATEMENTS
Summarise errors
During the course of the audit of financial statements, there will be material or immaterial
errors uncovered. The client will normally adjust the financial statements to take account of
Page 140
UNIT 7 FINANCIAL STATEMENT ITEMS SUBSTANTIVE PROCEDURES
these errors. At the end of the audit however, there may be some outstanding errors and the
auditors will summarise these unadjusted errors.
Evaluating the effect of misstatements
The auditor should assess whether the aggregate of uncorrected misstatements that have been
identified during the audit is material.
The aggregate of uncorrected misstatements are:
Specific misstatements identified by the auditor, including ones identified during the
audit of the previous period if they affect the current period, and
The auditor’s best estimate of other misstatements which cannot be quantified
specifically.
If the aggregate of misstatements is material, the auditor must consider reducing audit risk by
carrying out additional testing. Otherwise, he may request management to adjust the
financial statements for the identified misstatements which the latter may wish to do anyway.
If the aggregate of the misstatements approaches the level of materiality, the auditor should
consider whether it is likely that undetected misstatements, when taken with the aggregated
uncorrected misstatements, could exceed the materiality level. If so, he should consider
reducing the risk by performing additional testing or as before requesting management to
adjust the financial statements for the identified misstatements.
F. IMPACT ON AUDIT REPORTING
If there are no issues or any uncorrected material misstatements, the auditor will probably
issue a clean audit report (unmodified).
If there are uncorrected material misstatements and management agree to adjust the financial
statements, the auditor will probably issue a clean audit report.
If management refuses to adjust the financial statements and the results of any extended audit
procedures do not enable the auditor to conclude that the aggregate of the uncorrected
misstatements is not material, then the auditor needs to consider a qualification in his audit
report (modified).
If management refuses to adjust the financial statements but the results of any extended audit
procedures enable the auditor to conclude that the aggregate of the uncorrected misstatements
is not material, then the auditor may issue a clean audit report. However, the auditor would
need to consider the actions of management in this case.
Page 141
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
Study Unit 8
Audit Execution Other Considerations
Contents
A. Sampling
B. Analytical Review
C. Going Concern
D. Subsequent Events
E. Accounting Estimates
F. Commitments & Contingencies
G. Management Representations
H. Use of Experts
I. Opening Balances
J. Comparatives
Page 142
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
A. SAMPLING
ISA 530 states that when designing audit procedures, the auditor should determine
appropriate means for selecting items for testing so as to gather sufficient appropriate audit
evidence to meet the objectives of the audit procedures. Auditors do not examine all
information that is available to them as it is impractical to do so and as a result audit sampling
is used to produce valid conclusions.
Audit sampling involves the application of audit procedures to less than 100% of items
within a class of transactions or account balance such that all sampling units have a chance of
selection. Audit sampling can use either a statistical or a non-statistical approach.
Types of risk
1. Sampling risk arises from the possibility that the auditor's conclusion, based on a sample
may be different from the conclusion reached if the entire population were subjected to the
same audit procedure. There are two types of sampling risk:
a) The risk the auditor will conclude that controls are more effective than they actually
are, or that a material error does not exist when in fact it does. This type of risk affects
audit effectiveness and is more likely to lead to an inappropriate audit opinion; and
b) The risk the auditor will conclude that controls are less effective than they actually are,
or that a material error exists when in fact it does not. This type of risk affects audit
efficiency as it leads to additional work to establish that initial conclusions were
incorrect.
2. Non-sampling risk arises from factors that cause the auditor to reach an erroneous
conclusion for any reason not related to the size of the sample. For example, the auditor
might use inappropriate audit procedures, or the auditor might misinterpret audit
evidence and fail to recognise an error.
Types of selection
Selecting All Items (100% examination)
The auditor may decide that it will be most appropriate to examine the entire population.
100% examination is unlikely in the case of tests of controls. It is more common for tests of
details where for example, there are a small number of large value items, when there is a
significant risk, or when the repetitive nature of a calculation or other process performed
automatically by an information system makes it cost effective through the use of computer-
assisted audit techniques (CAATs). This process does not involve sampling.
Selecting Specific Items
The auditor may decide to select specific items from a population based on such factors as the
auditor's understanding of the entity, the assessed risk of material misstatement, and the
characteristics of the population being tested. The judgmental selection of specific items is
Page 143
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
subject to non-sampling risk. Specific items selected may include high value or key items, all
items over a certain amount, items to obtain information or items to test procedures.
While selective examination will often be an efficient means of gathering audit evidence, it
does not constitute audit or statistical sampling. The results cannot be projected to the entire
population. The auditor considers the need to obtain sufficient appropriate evidence regarding
the rest of the population when that remainder is material.
Audit Sampling
The auditor may decide to apply audit sampling to a class of transactions or account balance.
Audit sampling can be applied using either non-statistical or statistical sampling methods.
Sample Size
In determining the sample size, the auditor should consider whether sampling risk is reduced
to an acceptably low level that the auditor is willing to accept. The lower the risk the auditor
is willing to accept, the greater the sample size will need to be. The sample size can be
determined by the application of a statistically-based formula or through the exercise of
professional judgment objectively applied to the circumstances.
Approaches
Statistical sampling means any approach to sampling that has the characteristics of random
selection and the use of probability theory to evaluate sample results. Sampling that does not
have these characteristics is considered to be non-statistical sampling.
Selecting Items for Testing to Gather Audit Evidence
The decision whether to use a statistical or non-statistical sampling approach is a matter for
the auditor's judgment regarding the most efficient manner to obtain sufficient appropriate
audit evidence and having regard to the risk of material misstatement related to the assertion.
For example, in the case of tests of controls the auditor's analysis of the nature and cause of
errors will often be more important than the statistical analysis of the count of errors. In such
a situation, non-statistical sampling may be most appropriate.
Selecting the audit sample
The auditor should select items for the sample with the expectation that all sampling units in
the population have a chance of selection.
Statistical sampling requires that sample items are selected at random so that each sampling
unit has a known chance of being selected.
With non-statistical sampling, an auditor uses professional judgment to select the items for a
sample. Because the purpose of sampling is to draw conclusions about the entire population,
the auditor should endeavour to select a representative sample by choosing sample items
which have characteristics typical of the population, and the sample needs to be selected so
that bias is avoided.
Page 144
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
The auditor needs to consider the nature of the evidence, possible error conditions and the
rate of error he expects to be present in the population.
Methods of selection include random, systematic, haphazard and sequence or block
selection.
Tolerable error is the maximum error that the auditor would be willing to accept. Larger
sample sizes will be required when errors are expected, in order to conclude that the actual
error is less than the tolerable error.
Evaluation of sample results
The auditor will need to analyse the errors to establish whether:
They are true errors or just miss-postings between accounts,
Alternative procedures need to be applied,
There are any qualitative aspects of the errors including cause and nature.
The auditor will then project the errors to derive the probable estimate of errors in the
population. He then needs to reassess the sampling risk if the error exceeds the tolerable
error. If risk is still present he needs to extend the auditing procedures or perform alternative
testing. If the actual error still exceeds the tolerable error at this stage, then there is a need to
re-assess control risk or in the case of substantive testing, consider an adjustment to the
accounts.
B. ANALYTICAL REVIEW
ISA 520 states the auditor should apply analytical procedures:
As risk assessment procedures to obtain an understanding of the entity and its
environment.
At or near the end of the audit when forming an overall conclusion as to whether the
financial statements as a whole are consistent with the auditors understanding of the
entity.
In addition, the procedures can also be used as substantive procedures to obtain evidence
directly.
When analytical procedures identify significant fluctuations or relationships:
a) that are inconsistent with other relevant information or
b) that deviate from predicted amounts,
The auditor should investigate and obtain adequate explanations and appropriate audit
evidence by way of enquiries with management and then corroboration of management’s
responses by comparing them with the auditors own knowledge of the entity’s business and
with any other evidence obtained during the course of the audit. If the procedures are carried
Page 145
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
out as substantive procedures, the auditor should undertake additional audit procedures where
appropriate to confirm the explanations received.
Timing
Analytical procedures are important at all stages of the audit, such as planning, substantive
procedures and the overall review.
Nature
It consists of comparing items like current financial information with prior year financial and
non-financial information and analysing predictable relationships such as the relationship
between debtors and sales, or payroll costs and number of employees and considering
anticipated results and predictions.
Sources of information include interim financial information, budgets, management accounts,
non-financial information, bank and cash records, VAT returns, board minutes and discussion
with the client at the year-end.
When deciding to use analytical procedures, the auditor must consider:
The plausibility and predictability of the relationships, such as the strong relationship
between turnover and sales commission.
The objectives of the procedures and the extent to which their results are reliable.
The detail to which information can be analysed, such as info at dept. level.
The availability of information both financial and non-financial.
The comparability of the information. Ratios, on their own, are of little use. They
should be comparable to previous years and other similar companies.
The knowledge gained during previous audits such as effectiveness of controls.
Practical techniques
Important accounting ratios
Gross profit margins
Average collection period
Stock turnover
Current ratio
Acid test ratio
Debt to equity capital
Return on capital employed
Related items
Payables and purchases
Inventories and cost of sales
Page 146
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
Non-current assets and depreciation, repairs and maintenance
Loans and interest
Receivables and bad debts
Receivables and sales
When placing reliance on the results of analytical procedure the auditor should consider:
Materiality of the items involved,
Other audit procedures directed toward the same assertions,
The accuracy with which the expected results can be predicted,
The fluency with which a relationship is observed,
An assessment of inherent and control risks.
Auditors will need to consider testing controls, if any, over the preparation of information
used in applying analytical procedures. When such controls are effective, the auditors will
have greater confidence in the reliability of the information.
Other analytical techniques include:
Examining related accounts
Trend analysis
Reasonableness tests such as that on depreciation.
Working papers will need to include:
The programme of work carried out,
The summary of significant figures and their relationships,
A summary of comparisons made with budgets and previous years,
Details of all significant fluctuations or unexpected relationships,
Details of further investigations,
The audit conclusions reached,
Any information considered necessary for assisting in the planning of subsequent
audits.
C. GOING CONCERN
ISA 570, when planning and performing audit procedures and in evaluating the results, the
auditor should consider the appropriateness of management's use of the going concern
assumption in the preparation of the financial statements.
Going concern is viewed as continuing in business for the foreseeable future with neither the
intention nor need to cease trading. Assets and liabilities are recorded on the basis that one
can realise assets and discharge liabilities in the normal course of business.
Page 147
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
Management’s responsibilities
When preparing the financial statements, management should make an assessment of the
company’s ability to continue as a going concern. This assessment involves making a
judgment, at a particular point in time, about the future outcome of events or conditions that
are inherently uncertain. The following factors are relevant:
The degree of uncertainty increases significantly the further into the future a judgment is
being made about the outcome of an event or condition.
Any judgment about the future is based on information available at the time at which the
judgment is made. Subsequent events can contradict this.
The size and complexity of the entity, the nature and condition of its business and the
degree to which it is affected by external factors all affect the judgment regarding the
outcome of events or conditions.
Possible indicators of going concernproblems:
Financial
Net liability or net current liability position
Necessary borrowing facilities have not been agreed
Loans nearing maturity without realistic prospects of renewal or repayment
Excessive reliance on short-term borrowings to finance long-term assets
Major debt repayment falling due where refinancing is necessary.
Major restructuring of debt.
Indications of withdrawal of financial support by debtors and other creditors
Negative operating cash flows and adverse key financial ratios
Substantial operating losses or significant deterioration in the value of assets.
Major losses or cash flow problems since the balance sheet date.
Arrears or discontinuance of dividends
Inability to pay creditors on due dates
Inability to comply with the terms of loan agreements
Reduction in normal terms of trade credit by suppliers
Change from credit to cash-on-delivery transactions with suppliers
Inability to obtain financing for essential new product development.
Substantial sales of fixed assets not intended to be replaced
Operating
Loss of key management and staff without replacement
Loss of a major market, franchise, licence, or principal supplier
Labour difficulties or shortages of important supplies
Unable to adapt to fundamental changes in the market or technology.
Excessive dependence on a few product lines where the market is depressed.
Technical developments that render a key product obsolete.
Other
Non-compliance with capital or other statutory requirements
Page 148
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
Pending legal proceedings that are unlikely to be satisfied
Changes in legislation expected to adversely affect the entity
The significance of such events can often be mitigated by other factors.
The effect of an entity being unable to make its normal debt repayments may be
counter-balanced by management's plans such as by disposal of assets or rescheduling
of loan repayments.
Similarly, the loss of a principal supplier may be mitigated by the availability of a
suitable alternative source of supply.
Auditor’s responsibilities
The auditor's responsibility is to consider:
The appropriateness of management's use of the going concernassumption in the
preparation of the financial statements and
Are there any material uncertainties about the entity's ability to continue as a going
concern that need to be disclosed in the financial statements.
In obtaining an understanding of the entity and in performing audit procedures throughout the
audit, the auditor should consider whether there are events or conditions and related business
risks that may cast significant doubt on the entity's ability to continue as a going concern.
The auditor should review management’s assessment to determine whether they have
identified events or conditions and what plans they have to address them. If management has
not yet made an assessment, the auditor should discuss with them their basis for the intended
use of the ‘going concern’ assumption.
The auditor should evaluate management's assessment of the entity's ability to continue as a
going concern. If management's assessment covers a period of less than twelve months from
the balance sheet date, the auditor should ask them to extend its assessment period to twelve
months from the balance sheet date.
The auditor does not have a responsibility to design audit procedures other than inquiry of
management. However, he may become aware of such known events or conditions during
the planning and performance of the audit, including subsequent events procedures. He
should therefore inquire of management as to its knowledge of events or conditions beyond
the period of assessment that may cast significant doubt on the entity's ability to continue as a
going concern.
Since the degree of uncertainty associated with the outcome of an event or condition
increases further into the future the indications of going concern issues will need to be
significant before the auditor considers taking further action. The auditor may need to ask
management to determine the potential significance on their going concern assessment.
In evaluating management's assessment, the auditor should consider:
Page 149
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
The process management followed to make its assessment,
The assumptions on which the assessment is based and
Management's plans for future action.
Generally, there is no need for a detailed assessment by management and extensive review by
the auditor if the company has a good history of profitable operations and access to sufficient
financial resources.
Additional audit procedures
When events or conditions have been identified, the auditor should:
Review management's plans for future actions based on its assessment,
Confirm or dispel whether or not a material uncertainty exists through carrying out
audit procedures considered necessary and
Seek written management representations regarding its future action plans.
Such procedures may include:
Analysing and discussing cash flows and other forecasts with management.
Analysing and discussing the latest available interim financial statements.
Reviewing terms of loan agreements for any breaches.
Reading minutes of the meetings for reference to financing difficulties.
Inquiring of the entity's lawyer regarding the existence of litigation and claims and the
reasonableness of management's assessments of their outcome and the estimate of their
financial implications.
Confirming the existence, legality and enforceability of arrangements to provide or
maintain financial support with related and third parties and assessing the financial
ability of such parties to provide additional funds.
Considering the entity's plans to deal with unfilled customer orders.
Reviewing after period end to identify mitigating events or otherwise.
When analysis of cash flow is a significant factor in considering the future outcome of events
or conditions the auditor should consider the reliability of the entity's information system for
generating such information. He should also consider whether there is adequate support for
the assumptions underlying the forecast and whether the comparability of prospective
financial information with historical results and results to date is reasonably accurate.
Audit Conclusions and Reporting
Based on the audit evidence obtained, the auditor should determine if, in his judgment, a
material uncertainty exists related to events or conditions that alone or in aggregate, may
cast significant doubt on the entity's ability to continue as a going concern.
Page 150
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
If the use of the going concern assumption is appropriate but a material uncertainty
exists, the auditor considers whether the financial statements:
Adequately describe the principal events or conditions that give rise to the significant
doubt on the entity's ability to continue in operation and management's plans to deal
with these events or conditions; and
State clearly that there is a material uncertainty therefore it may be unable to realise its
assets and discharge its liabilities in the normal course of business.
If adequate disclosure is made in the financial statements, the auditor should express an
unqualified opinion but modify the auditor's report by adding an emphasis of matter
paragraph that highlights the existence of a material uncertainty and draws attention to the
note in the financial statements.
If adequate disclosure is not made in the financial statements, the auditor should express a
qualified or adverse opinion. The report should include specific reference to the fact that
there is a material uncertainty that may cast significant doubt about the entity's ability to
continue as a going concern.
If, in the auditor's judgment, the entity will not be able to continue as a going concern, the
auditor should express an adverse opinion if the financial statements have been prepared on
a going concern basis regardless of whether or not disclosure has been made.
If management is unwilling to make or extend its assessment when requested to do so by the
auditor, the auditor should consider the need to qualify the auditor's report as a result of the
limitation on the scope of the auditor's work.
D. SUBSEQUENT EVENTS
ISA 560, the auditor should consider the effect of subsequent events (events after the balance
sheet date) on the financial statements and on the auditor's report.
Events after the balance sheet date deals with the treatment in financial statements of events,
both favourable and unfavourable, that occur between the balance sheet date and the date
when the financial statements are authorised for issue and identifies two types:
Those that provide evidence of conditions that existed at the balance sheet -adjusting
events and
Those which are indicative of conditions that arose after the balance sheet date, i.e.
non-adjusting events.
Events occurring up to the date of the auditor’s report
The auditor should perform audit procedures designed to obtain sufficient appropriate audit
evidence that all events up to the date of the auditor's report that may require adjustment of,
or disclosure in, the financial statements have been identified. When the auditor becomes
Page 151
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
aware of events that materially affect the financial statements, it is his responsibility to
consider whether such events are properly accounted for and adequately disclosed.
These procedures are in addition to procedures that may be applied to specific transactions
occurring after period end (normal year-end work) to obtain audit evidence as to account
balances as at period end, for example, the testing of stock cut-off, receipts from debtors and
payments to creditors.
The audit procedures should be performed as near as possible to the date of the auditor's
report and should take into account the auditor's risk assessment and include the following:
Reviewing management procedures ensuring such events are identified.
Reading minutes of meetings of shareholders and directors held after period end and
inquiring about matters for which minutes are not yet available.
Reading the entity's latest available interim financial statements
Inquiring of the entity's legal counsel concerning litigation and claims.
Inquiring of management as to whether any subsequent events have occurred which
might affect the financial statements such as:
The current status of items based on preliminary or inconclusive data.
New commitments, borrowings or guarantees
Major sales or acquisition of assets occurred or planned
Issue of new shares or debentures or agreement/plans to merge or liquidate
Assets appropriated by government or destroyed by fire or flood.
Developments regarding risk areas and contingencies
Unusual accounting adjustments made or contemplated
Any events which will bring into question the appropriateness of accounting
policies used in the financial statements.
Facts discovered after the date of the auditor’s report but before the
financial statements are issued
The auditor does not have any responsibility to perform audit procedures or make any inquiry
regarding the financial statements after the date of the auditor's report. During the period
from the date of the auditor's report to the date the financial statements are issued, the
responsibility to inform the auditor of facts that may affect the financial statements rests
with management.
Where the auditor becomes aware of a fact that may materially affect the financial
statements, he should consider whether the financial statements need amendment. He should
discuss the matter with management and should take the action appropriate in the
circumstances.
When management amends the financial statements, the auditor would carry out additional
audit procedures as necessary and would issue a new report on the amended financial
Page 152
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
statements. The new report would be dated not earlier than the amended financial statements
signed or approved by management.
When management does not amend the financial statements in circumstances where the
auditor believes they need to be amended and the auditor's report has not been released to the
entity, the auditor should express a qualified opinion or an adverse opinion.
When the auditor's report has been released to the entity, the auditor would notify
management not to issue the financial statements and the auditor's report thereon to third
parties.
If they are subsequently released, the auditor needs to take action to prevent reliance on the
audit report. The action taken will depend on the auditor's legal rights and obligations and the
recommendations of the auditor's lawyer.
Facts discovered after the financial statements have been issued
After the financial statements are issued, the auditor has no obligation to make any further
inquiry.
When, after the financial statements have been issued, the auditor becomes aware of a fact
which existed at the date of the auditor's report and which, if known at that date, may have
caused the auditor to qualify his report, the auditor should consider whether the financial
statements need revision, should discuss the matter with management, and should take the
action appropriate in the circumstances.
Where the auditor becomes aware of a fact relevant to the audited financial statements that
did not exist at the date of the auditor's report there are no statutory provisions for revising
financial statements. The auditor should discuss with management whether they should
withdraw the financial statements and where management decide not to do so the auditor may
wish to take advice on whether it might be possible to withdraw their report. A possible
course of action may include making a statement by management or the auditor at the annual
general meeting. In any event legal advice may be helpful.
When management revises the financial statements, the auditor should carry out the audit
procedures necessary in the circumstances and should review the steps taken by management
to ensure that anyone in receipt of the previously issued financial statements together with the
auditor's report thereon is informed of the situation. The auditor would issue a new report on
the revised financial statements. The new auditor's report should include an emphasis of a
matter paragraph referring to a note to the financial statements that more extensively
discusses the reason for the revision of the previously issued financial statements and to the
earlier report issued by the auditor. The new auditor's report would be dated not earlier than
the date the revised financial statements are approved.
Page 153
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
When management do not take the necessary steps to ensure that anyone in receipt of the
previously issued financial statements together with the auditor's report thereon is informed
of the situation and does not revise the financial statements in circumstances where the
auditor believes they need to be revised, the auditor would notify management that action
will be taken by the auditor to prevent future reliance on the auditor's report. The action taken
will depend on the auditor's legal rights and obligations and the recommendations of the
auditor's lawyers.
E. ACCOUNTING ESTIMATES
ISA 540, the auditor should obtain sufficient appropriate evidence regarding accounting
estimates.
Estimates mean an approximation of the amount of an item in the absence of a precise means
of measurement. For example, provisions to reduce stock and debtors to their estimated
realisable values, accrued revenue, deferred tax, provisions for warranty claims.
Management is responsible for making estimates included in the financial statements.
These estimates are often made in conditions of uncertainty regarding the outcome of events
and involve the use of judgement. The risk of material misstatement therefore increases
when accounting estimates are involved. Audit evidence supporting estimates is generally
less than conclusive and so auditors need to exercise greater judgement than in other areas of
the audit.
Audit procedures
The auditor should design and perform further audit procedures to obtain sufficient
appropriate evidence as to whether the accounting estimates are reasonable in the
circumstances and when required, appropriately disclosed. He needs to gain an
understanding of the procedures and methods used by management to make accounting
estimates. The auditor should adopt one or a combination of the following approaches in the
audit of an accounting estimate:
Review and test the process used by management to develop the estimate,
Use an independent estimate for comparison with that prepared by management or
Review subsequent events which provide audit evidence of the reasonableness of the
estimate made.
Evaluation of results of audit procedures
Page 154
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
The auditor should make a final assessment of the reasonableness of the entity’s accounting
estimates based on the auditors understanding of the entity and its environment and whether
estimates are consistent with other audit evidence obtained during the audit.
Auditors must assess the differences between the amount of an estimate supported by
evidence and the estimate calculated by management. If the auditor believes that the
difference is unreasonable then an adjustment should be made. If the management refuses to
revise the estimate, then the difference is considered a misstatement and will be treated as
such.
F. COMMITMENTS AND CONTINGENCIES
The auditor needs to ensure there has been correct classification according to IAS 37,
provisions and contingent liabilities.
Definitions:
1. A provision is a liability of uncertain timing or amount.
2. A liability is a present obligation of an enterprise arising from past events, the
settlement of which is expected to result in an outflow.
3. A contingent liability is a:
possible obligation that arises from past events and whose existence will be
confirmed only by the occurrence or non-occurrence of one or more uncertain
future events not wholly within the control of the enterprise
present obligation that arises from past events but is not recognised because it is
not probable that an outflow of resources will be required to settle the obligation or
the amount of the obligation cannot be measured with sufficient reliability.
IAS 37 lays out the following conditions:
A contingent asset should not be accounted for unless its realisation is virtually
certain. If an inflow of economic benefits has become probable, the asset should be
disclosed.
Where there is a present obligation that probably requires an outflow of resources, then
a provision should be recognised and disclosed.
Where there is a possible or present obligation that may, but probably will not, require
an outflow of resources then no provision should be recognised but disclosures are
required for the contingent liability.
Where there is a possible or present obligation where the likelihood of an outflow of
resources is remote, then no provision is recognised and no disclosure is required.
A contingent liability also arises in the rare case where there is a liability that cannot be
recognised because it cannot be measured reliably. Disclosures are required in this
instance.
Examples of contingencies disclosed by companies are guarantees for other group companies,
staff pension schemes, completion of contracts, discounted bills of exchange, law-suits or
claims pending and options to purchase assets.
Page 155
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
Obtaining audit evidence of contingencies
The auditor should carry out audit procedures in order to become aware of any litigation and
claims involving the entity, which may result in a material misstatement of the financial
statements. Such procedures could include:
Making inquiries of management including obtaining representations,
Reviewing minutes of management meetings and legal correspondence,
Examining legal expense accounts.
When the auditor assesses a risk of material misstatement regarding litigation or claims that
have been identified or when the auditor believes they may exist, the auditor should seek
direct communication with the entity's legal counsel. This will help to obtain evidence as to
whether potential material litigation and claims are known and management’s estimates of
the financial implications, including costs are reliable.
The letter, prepared by management and sent by the auditor, should request the entity's legal
counsel to communicate directly with the auditor. When it is considered unlikely that the
entity's legal counsel will respond to a general inquiry, the letter would ordinarily specify the
following:
A list of litigation and claims,
Management's assessment of the outcome of the litigation or claim and its estimate of
the financial implications, including costs involved,
A request that the entity's legal counsel confirm the reasonableness of management's
assessments and provide the auditor with further information if the list is considered to
be incomplete or incorrect.
If management refuses to give the auditor permission to communicate with the entity's legal
counsel, this would be a scope limitation and could lead to a qualified/disclaimer of opinion.
Where the entity's legal counsel refuses to respond in an appropriate manner and the auditor
is unable to obtain sufficient appropriate audit evidence by applying alternative audit
procedures, the auditor should consider whether there is a scope limitation that may lead to a
qualified opinion or a disclaimer of opinion.
Page 156
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
G. MANAGEMENT REPRESENTATIONS
ISA 580 states that the auditor should obtain appropriate representations from management.
These are an important source of evidence. Indeed these may be the only suitable evidence
available where knowledge of such facts are confined to management or may even be one of
judgement and opinion. They may be oral or written and may be obtained either on a formal
or informal basis. The auditors will include this information in their audit working papers
where it forms part of their total audit evidence. Written confirmation should be obtained
before the audit report is issued.
Acknowledgment by Management of its Responsibility for the Financial
Statements
The auditor should obtain audit evidence that management acknowledges its responsibility
for the fair presentation of the financial statements in accordance with the applicable financial
reporting framework, and has approved the financial statements. This normally occurs when
the auditor gets a signed copy of the financial statements which usually includes a statement
of management responsibilities. On the other hand the auditor can obtain audit evidence
from minutes of meetings by obtaining a written representation from management.
Representations by Management as Audit Evidence
The auditor should obtain written representations from management on matters material to
the financial statements when other audit evidence cannot reasonably be expected to exist. It
may be necessary to inform management of the auditor's understanding of materiality. The
possibility of misunderstandings between the auditor and management is reduced when oral
representations are confirmed by management in writing.
The auditor should obtain written representations from management that:
It acknowledges its responsibility for the design and implementation of internal
control to prevent and detect error and
It believes the effects of those uncorrected misstatements aggregated by the auditor
during the audit are immaterial to the financial statements when taken as a whole.
During the course of an audit, management makes many representations to the auditor, either
unsolicited or in response to specific inquiries. When such representations relate to matters
which are material to the financial statements, the auditor will need to:
1. Seek corroborative evidence from sources inside or outside the entity,
2. Evaluate whether the representations made by management appear reasonable and
consistent with other audit evidence obtained and
3. Consider whether the individuals making the representations can be expected to be
well informed on the particular matters.
Page 157
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
Representations by management cannot be a substitute for other audit evidence that the
auditor could reasonably expect to be available. If the auditor is unable to obtain
sufficient appropriate audit evidence and such audit evidence is expected to be available, this
will constitute a limitation in the scope of the audit, even if a representation has been
received on the matter.
If a representation by management is contradicted by other audit evidence, the auditor should
investigate the circumstances and, when necessary, reconsider the reliability of other
representations made by management.
Documentation of Representations by Management
The auditor would ordinarily include in audit working papers evidence of management's
representations in the form of a summary of oral discussions with management or written
representations from management.
A written representation is ordinarily more reliable audit evidence than an oral representation
and can take the form of:
A representation letter from management,
A letter from the auditor outlining his understanding of management's
representations, duly acknowledged and confirmed by management,
Relevant minutes of meetings of the board of directors or similar body or a
signed copy of the financial statements
Basic Elements of a Management Representation Letter
When requesting a management representation letter, the auditor would request that it be
addressed to the auditor, contain specified information and be appropriately dated and signed.
It would ordinarily be dated the same date as the auditor's report. A management
representation letter would ordinarily be signed by the members of management who have
primary responsibility for the entity and its financial aspects (ordinarily the senior executive
officer and the senior financial officer) based on the best of their knowledge and belief.
Action if Management Refuses to Provide Representations
If management refuses to provide a representation that the auditor considers necessary, this
constitutes a scope limitation and the auditor should express a qualified opinion or a
disclaimer of opinion. In such circumstances, the auditor would evaluate any reliance placed
on other representations made by management during the course of the audit and consider if
the other implications of the refusal may have any additional effect on the auditor's report.
Page 158
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
H. USE OF EXPERTS
ISA 620 Using the work of others states that the auditor is not expected to have the expertise
of a person trained for or qualified to engage in the practice of another profession or
occupation, such as an actuary or engineer. For this reason an auditor may need to use the
work of an expert to obtain sufficient, appropriate audit evidence. "Expert" means a person
or firm possessing special skill, knowledge and experience in a particular field other than
accounting and auditing.
When using the work performed by an expert, the auditor should obtain sufficient appropriate
audit evidence that such work is adequate for the purposes of the audit. If unable to obtain
such evidence, the auditor should consider the need to modify the auditor's report. Although
the auditor may use the work of an expert, the auditor has sole responsibility for the audit
opinion.
The expert can be engaged by the client or the auditor. When the expert is employed by the
auditor, he will be able to rely on his own systems for recruitment and training to determine
that expert's capabilities and competence.
If neither the auditor nor the entity employs an expert, the auditor may ask management to
engage one subject to the auditor being satisfied as to the expert's competence and
objectivity. If management is unable or unwilling, the auditor may consider engaging an
expert or whether sufficient appropriate audit evidence can be obtained from other sources.
Otherwise, the auditor might need to consider modifying the audit report.
Determining the Need to Use the Work of an Expert
The auditor may need to obtain audit evidence in the form of reports, opinions, valuations
and statements of an expert. Examples are:
Valuations of land and buildings, plant and machinery and works of art,
Determination of quantities of minerals stored in stockpiles, underground
petroleum reserves, and the remaining useful life of plant and machinery,
An actuarial valuation, The measurement of work completed and to be
completed on contracts,
Legal opinions re interpretations of agreements, statutes and regulations.
When determining the need to use an expert, the auditor should consider:
1. The engagement team's knowledge and previous experience of the matter,
2. The risk of material misstatement based on the nature, complexity and
materiality of the matter being considered, and
3. The quantity and quality of other audit evidence expected to be obtained.
Page 159
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
Competence and Objectivity of the Expert
When planning to use the work of an expert, the auditor should evaluate the professional
competence of the expert. He needs to consider the expert's professional certification or
membership in an appropriate professional body and his experience and reputation in the
field.
The auditor should also evaluate the objectivity of the expert. The risk that an expert's
objectivity will be impaired increases when the expert is employed by the entity or related in
some other manner to the entity, for example, by being financially dependent upon or having
an investment in the entity.
If the auditor is concerned he needs to discuss any reservations with management and
consider whether sufficient appropriate audit evidence can be obtained concerning the work
of an expert. He may need to undertake additional audit procedures or seek audit evidence
from another expert. If the auditor is unable to obtain sufficient appropriate audit evidence
concerning the work of an expert, the auditor needs to consider modifying the auditor's
report.
Scope of the Expert's Work
The scope of the expert's work needs to be adequate for the purposes of the audit. Audit
evidence may be obtained through a review of the terms of reference. Such terms may cover
matters such as:
The objectives and scope of the expert's work,
A general outline of the specific matters the auditor expects,
The intended use by the auditor of the expert's work, including the possible
communication to third parties of the expert's identity,
The extent of the expert's access to appropriate records and files,
Clarification of the expert's relationship with the entity, if any,
Confidentiality of the entity's information,
Information regarding the assumptions and methods intended to be used by the
expert and their consistency with those used in prior periods.
Evaluating the Work of the Expert
The auditor should evaluate the appropriateness of the expert's work as audit evidence
regarding the assertion being considered. This will involve evaluation of whether the
substance of the expert's findings is properly reflected in the financial statements or
supports the assertions, and consideration of:
Source data used,
Assumptions and methods used and their consistency with prior periods,
When the expert carried out the work,
Page 160
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
Results of the expert's work in the light of the auditor's overall knowledge of the
business and of the results of other audit procedures.
When considering whether the expert has used source data which is appropriate in the
circumstances, the auditor would consider the following procedures:
Making inquiries regarding any procedures undertaken by the expert to establish whether
the source data is relevant and reliable and
Reviewing or testing the data used by the expert.
The appropriateness and reasonableness of assumptions and methods used and their
application are the responsibility of the expert. The auditor does not have the same expertise
and, therefore, cannot always challenge the expert's assumptions and methods. However, the
auditor will need to obtain an understanding of the assumptions and methods used and to
consider whether they are appropriate and reasonable, based on the auditor's knowledge of
the business and the results of other audit procedures.
Results of the expert
If the results of the expert's work do not provide sufficient appropriate audit evidence or if the
results are not consistent with other audit evidence, the auditor should resolve the matter.
This may involve discussions with the entity and the expert, applying additional audit
procedures, including possibly engaging another expert, or modifying the auditor's report.
Reference to an Expert in the Auditor's Report
When issuing an unmodified auditor's report, the auditor should not refer to the work of an
expert. Such a reference might be misunderstood to be a qualification of the auditor's opinion
or a division of responsibility, neither of which is intended. Sole responsibility lies with the
auditor.
If, as a result of the work of an expert, the auditor decides to issue a modified auditor's
report, in some circumstances it may be appropriate, in explaining the nature of the
modification, to refer to or describe the work of the expert (including the identity of the
expert and the extent of the expert's involvement). In these circumstances, the auditor would
obtain the permission of the expert before making such a reference. If permission is refused
and the auditor believes a reference is necessary, the auditor may need to seek legal advice.
Internal audit
If the client has an internal audit department, it may sometimes be possible for the external
auditor to make use of their work in arriving at an audit opinion (ISA610).
The external auditor should consider the activities of internal auditing and their effect, if any,
on external audit procedures.
Page 161
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
The external auditor should obtain an understanding of internal audit activities and assess the
risks of material misstatement of the financial statements and to design and perform further
audit procedures.
The external auditor should perform an assessment of the internal audit function when
internal audit is relevant to the external auditors’ risk assessment.
When the external auditor intends to use specific work of internal auditing, the external
auditor should evaluate and perform audit procedures on that work to confirm its adequacy
for the external auditor’s purposes.
I. OPENING BALANCES
Opening balances are based on the closing balances of the prior period and reflect
transactions of and accounting policies applied to the prior period.
ISA 510 provides guidance on when the financial statements are audited for the first time
and when the prior period was audited by another auditor.
Initial audit engagements
For initial audit engagements, the auditor should obtain sufficient appropriate audit evidence
that:
The opening balances do not contain misstatements that materially affect the current
period's financial statements;
The prior period's closing balances have been correctly brought forward to the current
period or, when appropriate, have been restated;
Appropriate accounting policies are consistently applied or changes in accounting
policies have been properly accounted for and adequately presented and disclosed.
Audit procedures
Appropriate and sufficient evidence is required and will depend on:
The accounting policies followed,
Whether the prior periods were audited and the audit report was modified,
The nature of the accounts and the risk of misstatement,
The materiality of the opening balances,
Prior periods audited by another auditor
Where the prior periods financial statements were audited by other auditors, the current
auditor may be able to obtain sufficient appropriate audit evidence regarding opening balance
by reviewing the other auditor’s working papers. The current auditor should consider the
professional competence and independence of the other auditor. If the previous audit report
Page 162
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
was qualified, the auditor should pay particular attention in the current period to those matters
that resulted in the qualification.
Lack of sufficient appropriate evidence
Where the prior period accounts were not audited or where the auditor has not obtained
sufficient appropriate evidence, he must perform other procedures. Examples would
include:
In respect of current assets and liabilities, some audit evidence can usually be obtained
as part of the current periods audit procedures such as the collection of opening debtors
during the current period. This will provide some evidence of their existence, rights
and obligations, completeness and valuation at the beginning of the period.
The opening stock position may require the observing of a current physical count and
then reconciling it back to the opening position, testing the valuation of the opening
stock items and carrying out testing on gross margins and cut off procedures.
For non-current assets and liabilities, the auditor may be able to obtain external
confirmation of opening balances with third parties e.g. long term debt and investments.
Audit conclusion and reporting
If, after performing additional audit procedures, the auditor is unable to obtain sufficient
appropriate audit evidence concerning opening balances, the auditor's report should include:
A qualified opinion,
A disclaimer of opinion or
In those jurisdictions where it is permitted, an opinion which is qualified or disclaimed
regarding the results of operations and unqualified regarding financial position.
If the opening balances contain misstatements which could materially affect the current
financial statements, the auditor should inform management and (after having obtained
management's authorisation) the previous auditor, if any. If the effect of the misstatement is
not properly accounted for and adequately presented and disclosed, the auditor should
express a qualified opinion or an adverse opinion, as appropriate.
If the current period's accounting policies have not been consistently applied in relation to
opening balances and if the change has not been properly accounted for and adequately
presented and disclosed, the auditor should express a qualified opinion or an adverse opinion
as appropriate.
If the entity's prior period auditor's report was qualified, the auditor should consider the
effect on the current period's financial statements. For example, if there was a scope
limitation, such as one due to the inability to determine opening inventory in the prior period,
the auditor may not need to qualify or disclaim the current period's audit opinion. However, if
a modification regarding the prior period's financial statements remains relevant and material
Page 163
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
to the current period's financial statements, the auditor should modify the current auditor's
report accordingly.
J. COMPARATIVES
ISA 710 establishes the standards and provides guidance in this area. The auditor should
determine whether the comparatives comply in all material respects with the financial
reporting framework applicable to the financial statements being audited. Different countries
have different reporting frameworks.
The auditor should obtain sufficient appropriate audit evidence that amounts derived from the
preceding period's financial statements are free from material misstatement and are
appropriately incorporated in the financial statements for the current period.
Corresponding figures are amounts and other disclosures for the preceding period that are
included as part of the current period financial statements and are intended to be read in
relation to the amounts and other disclosures relating to the current period. They are not
presented as complete financial statements capable of standing alone, but are an integral part
of the current period financial statements intended to be read only in relation to the current
period figures.
Comparative financial statements are amounts and other disclosures for the preceding
period that are included for comparison with the financial statements of the current period,
but do not form part of the current period financial statements. Comparatives are presented in
compliance with the applicable financial reporting framework.
The essential audit reporting differences are that:
For corresponding figures, the auditor's report only refers to the financial statements of
the current period; whereas,
For comparative financial statements, the auditor's report refers to each period for
which financial statements are presented. This could be part of a document for
preparation for a stock exchange listing.
Corresponding figures
The extent of audit procedures performed on the corresponding figures is significantly less
than for the audit of the current period figures.
Auditor’s responsibilities
The auditor should obtain sufficient appropriate audit evidence that:
The accounting policies used for the corresponding amounts are consistent with the
current period and appropriate adjustments and disclosures have been made,
The corresponding amounts agree with the amounts and other disclosures presented in
the preceding period and are free from errors and
Page 164
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
Where corresponding amounts have been adjusted as required by relevant legislation
and accounting standards, appropriate disclosures have been made.
Reporting
When the comparatives are presented as corresponding figures, the auditor should issue an
audit report in which the comparatives are not specifically identified because the auditor's
opinion is on the current period financial statements as a whole, including the corresponding
figures.
Where the auditor's report on the prior period, as previously issued, included a qualified
opinion, disclaimer of opinion, or adverse opinion and the matter that gave rise to the
modification is:
Unresolved, and results in a modification of the auditor's report regarding the current
period figures, the auditor's report should also be modified regarding the corresponding
figures.
Unresolved, but does not result in a modification of the auditor's report regarding the
current period figures, the auditor's report should be modified regarding the
corresponding figures only.
Resolved and properly dealt with in the financial statements, the current report does
not need a reference to the previous modification. However, if the matter is material to
the current period, the auditor may include an emphasis of matter paragraph dealing
with the situation.
During the course of the current audit the auditor may become aware of a previously
undetected material misstatement that affects the prior period financial statements on
which an unqualified report had been previously issued.
If the prior period financial statements have been revised and reissued with a new
auditor's report, the auditor should obtain audit evidence that the corresponding figures
agree with the revised financial statements
If the prior period financial statements have not been revised and reissued, and the
corresponding figures have not been properly restated and/or appropriate disclosures
have not been made, the auditor should issue a modified report on the current period
financial statements modified with respect to the corresponding figures included
therein.
If prior period financial statements have not been revised and an auditor's report has not
been reissued, but the corresponding figures have been properly restated and/or
appropriate disclosures have been made in the current period financial statements, the
auditor may include an emphasis of matter paragraph describing the circumstances and
referencing to the appropriate disclosures.
When the prior period financial statements are not audited, the incoming auditor should state
in the auditor's report that the corresponding figures are unaudited. This does not relieve the
Page 165
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
auditor, though, of his responsibilities to perform appropriate audit procedures regarding
opening balances.
If the auditor is not able to obtain sufficient appropriate audit evidence regarding the
corresponding figures, or if there is not adequate disclosure, the auditor should consider the
implications for his report.
In situations where the incoming auditor identifies that the corresponding figures are
materially misstated, the auditor should request management to revise the corresponding
figures or if management refuses to do so, appropriately modify the report.
Comparative financial statements
The auditor should obtain sufficient appropriate audit evidence that the comparative financial
statements meet the requirements of the applicable financial reporting framework. This
involves evaluating whether:
Accounting policies of the prior period are consistent with the current period,
Prior period figures agree with the amounts and other disclosures presented in the prior
period and
Appropriate adjustments and disclosures have been made.
Reporting
When the comparatives are presented as comparative financial statements, the auditor should
issue a report in which the comparatives are specifically identified because the auditor's
opinion is expressed individually on the financial statements of each period presented.
Since the auditor's report on comparative financial statements applies to the individual
financial statements presented, the auditor may express a qualified or adverse opinion,
disclaim an opinion, or include an emphasis of matter paragraph with respect to one or more
financial statements for one or more periods, while issuing a different report on the other
financial statements.
When reporting on the prior period financial statements in connection with the current year's
audit, if the opinion on such prior period financial statements is different from the opinion
previously expressed, the auditor should disclose the substantive reasons for the different
opinion in an emphasis of matter paragraph. This may arise when he becomes aware of
circumstances or events that materially affect the financial statements of a prior period during
the course of the audit of the current period.
Where the financial statements of the prior period were audited by another auditor:
The previous auditor may reissue the audit report on the prior period with the incoming
auditor only reporting on the current period or
Page 166
UNIT 8 – AUDIT EXECUTION OTHER CONSIDERATIONS
The incoming auditor’s report should state the prior period was audited by another
auditor, the type of report issued by the other auditor (if qualified - the reasons) and the
date of that report.
In the course of the current audit the incoming auditor may become aware of a previously
undetected material misstatement that affects the prior period accounts on which the
previous auditor had previously unqualified.
In these circumstances, the incoming auditor should discuss the matter with management and,
after having obtained management's authorisation, contact the previous auditor and propose
that the prior period financial statements be restated. If the previous auditor agrees to reissue
the audit report on the restated financial statements of the prior period, the auditor should
only report on the current period.
If the previous auditor does not agree with the proposed restatement or refuses to reissue the
audit report on the prior period financial statements, the introductory paragraph of the current
auditor's report should indicate that the previous auditor reported on the financial statements
of the prior period before restatement. In addition, if the incoming auditor applies sufficient
audit procedures to be satisfied as to the appropriateness of the restatement adjustment, he
may include a paragraph in his report.
When the prior period financial statements are not audited, the incoming auditor should state
in the auditor's report that the comparative financial statements are unaudited. This statement
does not relieve the auditor of the requirement to carry out appropriate audit procedures
regarding opening balances.
In situations where the incoming auditor identifies that the prior year unaudited figures are
materially misstated, the auditor should request management to revise the prior year's figures
or if management refuses to do so, appropriately qualify the report.
Page 167
UNIT 9 COMPUTER INFORMATION SYSTEMS
Study Unit 9
Computer Information Systems
Contents
A. Entity computer systems and controls
B. Computer Assisted Audit Techniques (CAAT’s)
Page 168
UNIT 9 COMPUTER INFORMATION SYSTEMS
A. ENTITY’S COMPUTER SYSTEMS AND CONTROLS
Computer systems
In the modern age many businesses use computer systems to help them run their business and
produce financial information. Directors are still required to put into place safeguards to
protect the assets of a company but many are now generally incorporated into the computer
systems. A balance must be struck between the degree of control and the requirement for a
user friendly computer system.
Controls overview
Controls can be classified into the following areas:
Security
Integrity
Contingencies
Integrity controls can be further subdivided into Data integrity and Systems integrity. With
data integrity, the data is the same in the computer system as it is in the source documents
and has not been accidentally or intentionally altered, destroyed or disclosed. Whereas
systems integrity refers to systems operations conforming to the design specification set out
despite deliberate or accidental attempts to cause it to do otherwise.
Auditor focus
The auditor’s focus on the general and application controls of the systems when carrying
out control assessment, as it is important that the system used operates reliably and that risks
are mitigated against.
Risks
Key risks include the system being put at risk by a virus or some other fault which spreads
across the system and the system being accessed by an unauthorised user who could affect
the smooth operation of the system or obtain commercially sensitive information. The client
should have contingency plans in the event of a system difficulty.
Need for assurance
It is important to know that the original system is as reliable as could be expected and
whether it is the best system that the company could be using at the given cost. The company
might seek such assurance from its service provider. However, the service provider may not
Page 169
UNIT 9 COMPUTER INFORMATION SYSTEMS
be objective as they have a vested interest. They are paid to provide a solid system, they will
hardly find fault with it. This means that the directors might seek an assurance from its
auditors to undertake work to ascertain if the assertions of the service provider are accurate.
In considering taking on such an assurance engagement, one should ensure that sufficient
skills are available to undertake such procedures.
Systems audit
Internal control effectiveness is generally assessed by undertaking a systems audit. The key
areas to establish the reliability of systems are:
Management policy
Is there a written policy for computer systems?
Is it compatible with policies in other areas?
Is it adhered to?
Is it sufficient and effective?
Is it updated when the systems are updated?
Does it relate to the current system?
Segregation of duties
Is there adequate segregation of duties for data input?
Are there adequate system controls e.g. passwords to enforce segregation ?
Security
Is there a physical security policy such as a locked room and password access?
Is there data security software such as virus shields?
Reporting
Management should receive information on the effectiveness of their controls systems and
systems reliability. The operations are likely to rely heavily if not completely on computer
systems and if problems arise, operations could be severely affected. Such problems could
include no production, no invoicing or duplicate or omitted invoicing.
Other stakeholders, customers and suppliers will be interested in the reliability of the
company’s systems as they would not want to deal with ineffective operations.
Internal control systems in a computer information system environment
Internal control systems include both manual procedures and procedures designed into
computer programmes.
Page 170
UNIT 9 COMPUTER INFORMATION SYSTEMS
There are two types of controls:
General CIS (computer information system) controls whose aim is to establish a
framework of overall controls over the computer systems to provide reasonable assurance
that the overall objectives are achieved.
Application CIS controls whose purpose is to establish specific control procedures over the
applications in order to provide reasonable assurance that all transactions are authorised,
recorded and processed in a timely, complete and accurate manner.
General CIS controls
1. Development of computer applications
Standards over systems design, programming and documentation
Full testing procedures fully documented
Approval of computer users
Segregation of duties so that those responsible for design are not responsible for
testing
Installation procedures so that data are not corrupted in transition
Training of staff in the new procedures
2. Prevention or detection of unauthorised changes to programmes
Segregation of duties
Full records of programme changes through detailed maintenance of programme
logs
Password protection of programmes so that access is limited
Restricted access to central computers - locked doors & keypads
Virus checks of software and use of anti-virus software & firewalls
Back-up copies of programmes secured off site
3. Testing and documentation of programme changes
Comprehensive testing procedures
Documentation standards applied
Approval of changes by management
4. Controls to prevent wrong programmes or files being used
Adequate training of staff
Operation controls over programmes and their use/access
Controlled libraries of programmes
Proper automated job scheduling
Page 171
UNIT 9 COMPUTER INFORMATION SYSTEMS
5. Controls to prevent unauthorised amendments to data files
Password protection
Use of security levels
6. Controls to ensure continuity of operations
Storing copies of programmes off site
Back-up procedures for data files to be stored off-site
Disaster recovery procedures
Maintenance agreements and insurance
The auditors will test some or all of the above controls depending on their impact on the
audit. It is more efficient to review the design of general controls before reviewing the
application controls. If there are weaknesses in the general controls, these may have a
negative impact on the application controls. The former may have a pervasive effect on the
processing of transactions in application systems. If these general controls are not effective
there may be a risk of misstatement that could go undetected in the application systems.
Although weaknesses in general controls may preclude testing certain application systems, it
is possible that manual procedures exercised may provide effective control at the application
level.
Application CIS controls
1. Controls over input
Completeness
Document counts
One for one checking, source to output
Control totals
Accuracy
Digit verification - reference numbers are as expected
Existence checks - customer names & details
Reasonableness test
Review of data for gaps
Permitted ranges acceptable
Scrutiny of output
Authorisation
Manual checks to ensure data entered was authorised
Input by authorised personnel - user entry codes
2. Controls over processing
Batch reconciliations
Page 172
UNIT 9 COMPUTER INFORMATION SYSTEMS
Screen warnings to prevent logging off before processing is complete
Exception reports output
Required code such as PIN
Required date fields for cut-off purposes - period closing
3. Controls over master files and standing data
One to one checking
Controls over deletion of accounts/data
Record counts
Authentication codes to update
Logs of changes
Testing of application controls
If manual controls exercised by the user of the systems are capable of providing reasonable
assurance that the systems output is complete, accurate and authorised, the auditor may
decide to limit tests of controls to these manual controls.
In addition, computer controls may be tested examining the systems output using either
manual procedures or CAATs. Such output may be in the form of magnetic media, microfilm
or printouts. Alternatively, the auditor may test the controls by performing them with the use
of CAATs.
In some instances it may not be possible or in some cases impractical to test controls by
examining user controls or system output. The auditor may need to perform tests using
CAATs such as test data, re-processing transaction data or in some unusual circumstance,
examining the code of the programmes.
On-Line systems
On-line systems enable users to access data and programmes directly through a networked
environment. They allow users to initiate functions directly such as:
1. Entering transactions
2. Making data enquiries
3. Requesting reports
4. Updating master files
5. Electronic commercial activities such as internet banking
On-line systems allow on-line data entry so data validation is vital from the outset. In
addition, there is the risk of unlimited access and this is undesirable from a risk and control
point of view. Being on-line often results in a lack of a transaction trail which is the opposite
Page 173
UNIT 9 COMPUTER INFORMATION SYSTEMS
of what an auditor seeks. Finally, there is normally programmer access and this needs strict
controls in place.
Internal control in an on-line environment
In an on-line environment it would be important to have general controls such as access
controls, control over passwords, systems development and maintenance of controls
procedures, programming controls, transaction logs and firewalls.
Application controls should also be in place and these should include authorisation checks
such as a need for a PIN, reasonableness and other validation data tests, cut off procedures
especially where continuous flow of data, file controls and master file controls.
Internal control in micro computer environment
In larger companies controls over systems development and operations are required for
effective control to be in operation. In a micro environment such controls may not be seen to
be important or cost effective.
The accuracy and dependability of financial information produced by the computer
information system will depend upon the internal controls required by management and
adopted by the user. In any event it may be difficult to distinguish between general controls
and application controls.
Specific controls are important namely:
1. Physical security over equipment and removable and non-removable media
2. Program and data security, using hidden files and passwords
3. Security and data integrity
4. Hardware, software and data back- up, copies of hard disks or tapes kept off site and
within fireproof containers.
Electronic data interchange systems (EDI)
These are systems allowing the electronic transmission of business documents. Information
via EDI is automatically transferred to another entity for processing such as orders, invoices,
statements or payroll information.
Potential issues:
Lack of a paper/audit trail
Greater impact on the normal operations and records if there is a failure in an entitys
computer systems
Risk of loss, corruption and/or theft of data in the transmission process
Page 174
UNIT 9 COMPUTER INFORMATION SYSTEMS
The auditor will need to review the controls that management have in place to address these
risks. Controls could include acknowledgements, agreements by both parties of amount
transmitted, authentication codes and encryption techniques. In addition, there is a need for
virus protection, insurance, contingency plans and back-up arrangements.
E-Business
Part of the auditor’s responsibilities’ is to assess the risks for the audit process from the
company using electronic business. This will impact on the skills and knowledge required by
the auditor to understand the complexities of the entity’s business and operational
transactions.
B. COMPUTER ASSISTED AUDIT TECHNIQUES (CAATS)
The scope and objectives of an audit do not change even in a situation where a client is
heavily computerised. However, the application of auditing procedures does require the
auditor to consider procedures that use the computer as an audit tool. These are known as
computer assisted (or aided) audit techniques (CAATs).
In the absence of input documents or where there is a lack of an audit trail, the auditor may
need to use CAATs in testing controls and substantive testing. CAATs can improve the
effectiveness and efficiency of auditing procedures.
CAATs can be used in the performance of auditing procedures such as:
Tests of details of transactions and balances
Analytical review procedures
Tests of computer information system controls
Types of CAATs
There are two types of CAATs. Audit software and Test data.
Audit software
This is used to process data from a client’s accounting system. It is used to check that the
figures within the accounting system are correct. Examples of substantive procedures using
audit software include:
Extracting samples to specified criteria
Calculating ratios and totals
Select items outside a specific criteria range - exception reporting
Check arithmetic calculations
Compare budget vs. actual
Page 175
UNIT 9 COMPUTER INFORMATION SYSTEMS
Take the example of amounts receivable. CAATs could be used to extract the following
information from within a computerised system:
Whether the total in the sales ledger agrees to the total of debtors control account in
the nominal ledger
Are all balances within agreed credit limits
Calculation of debtor days
Sample selection of debtor balances for testing
Identification of potential bad debts through production of an aged listing.
Types of audit software:
1. Package programmes:
Designed to read files, select data, perform and print reports.
2. Purpose written programmes:
Generally prepared by the auditor, entity or external programmer for specific
purposes.
3. Utility programmes:
Programmes designed to sort files, create files or print files. They are usually not
designed for audit purposes and therefore may not contain control features such as
automatic record counts or control totals which auditors’ will find very useful.
Test data
This is where sample data is entered into an entity’s computer system and the results are
compared with predetermined results to determine whether controls are operating effectively.
The data can be processed during normal time or during a separate run at a time outside the
normal time. Real data or dummy data can be used.
Examples of applying test data include:
Testing specific controls such as data access controls by checking passwords and
usernames
Testing specific processing characteristics such as invalid stock codes or customer
codes
Testing transactions in an integrated test facility such as setting up dummy account to
process dummy data. In this case, the test data could be processed during normal
business hours in order to test the accuracy of the cycle.
Page 176
UNIT 9 COMPUTER INFORMATION SYSTEMS
Difficulties using test data
When using dummy transactions there may be a need to reverse the transactions.
Test data only tests the system at a particular point in time.
Corruption of data files has to be corrected. This may be difficult with modern
systems which often have built-in security with controls to ensure that data entered
cannot be easily removed.
Specific examples of CAATs applied using test data
Sales
Input an order that exceeds set credit limits
Input a negative number on an order
Input incomplete or inaccurate customer details
Input an excessive amount
Purchases
Raise an order from a supplier not on the preferred list
Process an order with an unauthorised staff number
Make changes to standing data with unauthorised access
Payroll
Set up new employee without using authorised staff number
Make authorised changes to staff details
Input excessive payroll details
Using CAATs
Before using CAATs an auditor should consider the following:
1. Set the audit objectives
2. Determine the content and access to clients’ files
3. Determine the transaction types to be tested
4. Define the procedures to be applied
5. Define the desired output from the system
6. Identify the staff to be used in the design and application of the CAATS
7. Assess the costs and benefits of using CAATs
8. Ensure that the use of CAATs is controlled and documented
9. Carry out the application
10. Evaluate the results
Page 177
UNIT 9 COMPUTER INFORMATION SYSTEMS
Using CAATs in a small business computer environment
The level of computer information within a small business environment may result in the
auditor placing less reliance on the system of internal control and instead placing greater
emphasis on tests of details of transactions and balances and analytical review procedures.
This could increase the effectiveness of certain CAATs particularly audit software.
Is use of CAATs appropriate?
Where smaller volumes of data are processed, manual audit procedures may be cost effective.
It could be also the case that adequate technical assistance may not be available to the
auditors thus making the use of CAATs impracticable. In addition, certain audit packages
may not operate on small computers although the entitys data files could be copied and
processed on another computer.
Within a small business computer environment, detailed knowledge of computer operations
programmes and files may be confined to a small number of persons. This could increase the
risk of fraud changing programmes or data.
Advantages of using CAATs
They assist the auditor in obtaining more audit evidence
Large samples can be tested quickly and accurately
CAATs test the original data and not just the printout so the validity of the test is
more defined
In many instances they are cost effective.
Issues relating to CAATs
Limitations
CAATs are limited and are very dependent on the level of integration within clients
computer systems. In addition, the current system may actually already perform the
functions which the CAAT is meant to perform.
Reliability
The CAAT is only of use if the reliability of the system has been assessed.
Cost
The cost may outweigh the benefit. In particular, there may be an initial outlay with regard to
time and money required.
Page 178
UNIT 9 COMPUTER INFORMATION SYSTEMS
Lack of software documentation
Many clients’ system documentation is very poor and this results in the auditor been unable
to gain a proper understanding of the system. Without this system it may not be beneficial to
make use of CAATs.
Changes in clientssystems
Any changes in the clientssystems will require changes in the design of the CAAT which
the auditor will need to fully understand before making the appropriate changes to the CAAT.
Lack of direction and useless results
There is a danger that the auditor will use CAATs due to its availability rather than its
appropriateness in the individual circumstances.
Use of copy files
Where clients give the auditor copies of files, the auditor should ensure that these are the
actual files which are been tested
Page 179
Study Unit 10
Audit Reporting
Contents
A. Review considerations
B. Reporting on audited financial statements
C. Key concepts
D. Basic elements of report
E. Modified reports
F. Circumstances giving rise to modified reports
G. Auditor’s responsibilities before and after date of audit report
H. Auditor’s responsibilities for other documents
Page 180
A. REVIEW CONSIDERATIONS
YES NO
YES NO
NO
YES
Review Procedures
An auditor must perform and document an overall review of the financial statements before
making an audit opinion. This review, along with the conclusions drawn from other audit
evidence obtained, gives the auditor a reasonable basis for his opinion on the financial
statements. It needs to be carried out by a senior member of the audit team, who has the
appropriate skills and experience.
Indicative of possible
material misstatement
Resolve issue or modify
audit report
No issue
Require further
testing
Material
Conflicting evidence
Resolved
Page 181
What specific tasks should be carried out?
a. Compliance with accounting regulations
The auditor should consider whether the financial statements are in accordance with statutory
requirements and whether the accounting policies are in accordance with accounting
standards. In addition, the policies should be appropriate to the entity, properly disclosed and
consistently applied.
When assessing the accounting policies used by the entity, the auditor should consider
policies adopted in specific industries, standards and guidelines, the need for a true and fair
view and the need to reflect substance over form.
b. Review for consistency and reasonableness
The auditor needs to consider whether the financial statements are consistent with his
knowledge of the entity’s business and with the evidence accumulated from other audit
procedures, and that the manner of disclosure is fair.
The auditor will consider:
Information and explanations received during the audit
New factors which may affect presentation and/or disclosure requirements.
Results of analytical procedures applied
Undue influence by directors
Potential impact of the aggregate of uncorrected misstatements identified.
c. Analytical procedures
Analytical review procedures are used as part of the overall review procedure. This review
should cover accounting ratios, changes in products/customers, price and product mix
changes, wages changes, variances, trends in production and sales, changes in material/labour
content of production and variations caused by industry or economy factors. Significant
fluctuations and unexpected relationships must be investigated.
d. Summarise errors
During the course of the audit of financial statements, there will be material or immaterial
errors uncovered. The client will normally adjust the financial statements to take account of
these errors. At the end of the audit however, there may be some outstanding errors and the
auditors will summarise these unadjusted errors. The auditor should show both the balance
sheet and the profit and loss effect of these errors.
Page 182
e. Evaluating the effect of misstatements
As part of the standard on materiality (ISA 320) in evaluating whether the financial
statements are prepared in accordance with an applicable financial reporting framework, the
auditor should assess whether the aggregate of uncorrected misstatements that have been
identified during the audit is material.
The aggregate of uncorrected misstatements is:
Specific misstatements identified by the auditor, including ones identified during the
audit of the previous period if they affect the current period (e.g. opening stock) and
The auditor’s best estimate of other misstatements which cannot be quantified
specifically (e.g. projected errors or system errors).
If the aggregate of misstatements is material, the auditor must consider reducing audit risk by
carrying out additional testing. Otherwise, he may request management to adjust the
financial statements for the identified misstatements which the latter may wish to do anyway.
If the aggregate of the misstatements approaches the level of materiality, the auditor should
consider whether it is likely that undetected misstatements, when taken with the aggregated
uncorrected misstatements, could exceed the materiality level. If so, he should consider
reducing the risk by performing additional testing or, as before, requesting management to
adjust the financial statements for the identified misstatements.
Completion checklists
Auditors frequently use checklists as control documents and evidence, that all final
procedures have been carried out and that all material amounts are supported by sufficient
appropriate audit evidence. The checklists should be signed off.
Page 183
B. REPORTING ON AUDITED FINANCIAL STATEMENTS (ISA 700)
AUDIT OPINION
Overall review performed and documented
Audit evidence gathered and
conclusions drawn
Senior member of audit team with the appropriate
skills and experience
Financial statements review
Opening balances
Comparatives
Other information
Subsequent events
Going Concern
Page 184
Audit Opinion
The objective of an audit is for an independent auditor to express an opinion on a set of
financial statements. The auditor is that independent person who gives his opinion on a set of
financial statements. His opinion is contained in a clear written expression called the audit
report.
He does not provide absolute assurance. In other words he does not say the “accounts are
correct”. Audits have their limitations.
Considerations in reporting
The auditor needs to consider a number of key matters:
Has he received all the information and explanations necessary
Has he carried out all the procedures needed to meet applicable auditing standards.
Have applicable accounting requirements been used in the preparation of the financial
statements.
Do the financial statements give a true and fair view.
The Process of forming an audit opinion
Ascertain whether all the evidence reasonably expected to be available has been
obtained and has been evaluated.
Assess whether the effect of not gaining sufficient and relevant evidence is such that
the financial statements could be misleading as a whole or in material part.
Ascertain whether the financial statements are prepared in accordance with
International Financial Reporting Standards (IFRS)..
Assess whether a departure from the accepted accounting principles is required to give
a true and fair view and has there been adequate disclosure.
Assess whether any unnecessary departure from accounting principles is material or
pervasive to the financial statements. A material departure will give an “except for”
opinion while a pervasive departure will result in an adverse opinion.
Conclude as a whole whether the financial statements give a true and fair view.
Page 185
C. KEY CONCEPTS
If the auditor feels that the financial statements give a true and fair view he should express an
unqualified opinion stating that they present fairly in all material respects in accordance with
the applicable financial reporting framework.
True and fair view
The key opinion is whether the accounts give a true and fair view. Unfortunately, there is no
formal definition as it is not laid out in Company law.
However, it is generally accepted that a set of accounts can only give a true and fair view if
they are not factually incorrect and present information in an impartial way that is clearly
understood by the reader.
It could also be argued that in order to ensure that a set of accounts gives a true and fair view,
an auditor should have regard for Company Law and Accounting Standards pertaining to
those financial statements and that he himself has carried out the audit in accordance with the
relevant regulatory pronouncements, codes of ethics and Auditing Standards.
Materiality
Materiality needs to be considered by an auditor in evaluating the effect of misstatements on
the financial statements and when determining the nature, timing and extent of audit
procedures.
Information is material if its omission or misstatement could influence the economic
decisions of users taken on the basis of the financial statements.
An item might be material due to its nature, value or impact on users of accounts.
Only issues that are material will have an impact on the auditor’s opinion.
Statutory requirements
Aside from the key opinion, there are a number of other issues that the auditor should
consider.
Matters of opinion:
1. Have proper accounting records been kept
Page 186
2. Is the information in the directors’ report consistent with that given in the financial
statements
3. Does a financial situation exist which may require an Special Meeting
4. Have the accounts been prepared in accordance with the provisions of the companies’
acts.
Matters of fact:
1. Has the auditor received all the information and explanations he deems necessary for
the purposes of his audit
2. Do the financial statements agree with the books of account.
D. BASIC ELEMENTS OF THE AUDITOR’S REPORT
Title
It should clearly indicate that the report is prepared by an independent auditor. This
independence confirms that all the relevant ethical standards have been met.
Addressee
The auditor needs to consider the circumstances of the engagement and the local regulations.
Under company law the audit report should be addressed to the shareholders.
Introductory paragraph
This paragraph will:
Identify the entity been audited
State that the financial statements have been audited
Identify each of the financial statements being audited
Refer to the significant accounting policies and other notes contained within the
financial statements
Specify the date and period covered by the financial statements.
Statement of management responsibility
It must contain a statement that the management is responsible for the presentation of the
financial statements. That responsibility includes:
Designing, implementing and maintaining internal controls
Selecting appropriate accounting policies and
Making reasonable accounting estimates.
Auditor’s responsibility
Page 187
The audit report should state that the auditor is responsible for expressing an audit opinion. It
should inform the reader that the auditor adhered to international standards on auditing and
ethical requirements and performed the audit so as to obtain reasonable assurance that the
financial statements were free from material misstatements.
It should also be noted that this responsibility includes:
Examining on a test basis, evidence to support the amounts and disclosures in the
financial statements
Assessing the accounting principles used in the preparation of the financial statements
Considering whether the accounting policies are appropriate to the entity’s
circumstances, consistently applied and adequately disclosed
Assessing the significant estimates made by management in the preparation of the
financial statements
Evaluating the overall financial statement presentation.
Auditor’s opinion
If the auditor feels that the financial statements give a true and fair view he should express an
unqualified opinion stating that they present fairly in all material respects in accordance with
the applicable financial reporting framework.
Other reporting requirements if any
Any other matters required by law should be reported here such as the keeping of proper
books of account.
Auditor’s signature
Should be either the engagement auditor’s signature or the audit firms name.
Date
The report should be dated as of the completion date of the audit. It should not be signed
earlier than the date the financial statements are approved by management.
Page 188
E. MODIFIED REPORTS
Matters that do not affect auditor’s opinion
Matters that do affect auditor’s opinion
Description
Audit opinion
Accounts show a true and fair view
Unqualified audit opinion
“Accounts show a true and fair view”
Accounts show a true and fair view but you
need to draw attention to a significant
matter
Modified audit report with emphasis of
matterparagraph
“Without qualifying my opinion, I wish to
draw your attention…”
Material items do not show a true and fair
view
Modified audit report
Accounts show a true and fair view except
for……….”
A true and fair view is not shown because
disagreements are pervasive to the
accounts; Accounts are meaningless.
Perhaps there are significant numbers of
material disagreements that do not show a
true and fair view.
Adverse audit opinion
Accounts do not show a true and fair
view
The auditor cannot tell whether a true and
fair view is given in respect of material
items due to limitation in scope
of the
audit.
Modified audit report
Accounts show a true and fair view except
for……….”
Auditor cannot tell whether a true and fair
view is given at all due to a limitation in
scope of the audit.
Disclaimer of opinion
“I am unable to form an opinion”
Page 189
AUDIT REPORT DECISION MAKING
No
Yes
No
Yes
No
Yes
Yes No No Yes
Yes but Consider
need for emphasis of
matter
Adverse opinion
Except for opinion
Disclaimer of
opinion
Disagreement
Limitation of
scope
Adequately
disclosed
Unmodified audit
report
Material?
Are there any
issues?
Serious?
Serious?
Page 190
F. CIRCUMSTANCES GIVING RISE TO MODIFIED REPORTS
Matters that do not affect auditor’s opinion Emphasis of matter
paragraph
In certain circumstances, an auditor’s report may be modified by adding an emphasis of
matter paragraph to highlight a matter affecting the financial statements which is included in
a note in the financial statements that more extensively discusses the matter. The paragraph
should be included after the opinion and should refer to the fact that the opinion is not
qualified in that respect.
Examples could include questions over the recoverability of a debtor balance or a potential
liability such as a fine.
The auditor may feel that there is sufficient disclosure in the accounts and as such there is no
need to issue a qualified audit report. He may however, wish to draw the reader’s attention to
this matter and hence the emphasis of matter paragraph.
Matters that do affect auditor’s opinion-Limitations on scope of the audit
Has the auditor received all the information and explanations he deems necessary for the
purposes of his audit. If not, then he needs to consider has there been a limitation imposed on
the scope of his audit. This consideration will affect his opinion.
Matters that do affect auditor’s opinion-Disagreement with management
The auditor may disagree with management about matters such as the acceptability of
accounting policies selected, the method of their application or their adequacy of disclosures
in the financial statements.
It may even be a disagreement over an actual amount in the accounts or inadequate disclosure
of an event or circumstance.
Page 191
G. AUDITOR’S RESPONSIBILITIES BEFORE AND AFTER DATE OF AUDIT
REPORT
Events occurring up to the date of the auditor’s report
The auditor should perform audit procedures designed to obtain sufficient appropriate audit
evidence such that all events up to the date of the auditor's report that may require
adjustment, or disclosure, in the financial statements have been identified. When the auditor
becomes aware of events that materially affect the financial statements, it is his responsibility
to consider whether such events are properly accounted for and adequately disclosed.
These procedures are in addition to procedures that may be applied to specific transactions
occurring after period end (normal year-end work) to obtain audit evidence as to account
balances as at period end, for example, the testing of stock cut-off, receipts from debtors and
payments to creditors.
Facts discovered after date of the auditor’s report
The auditor does not have any responsibility to perform audit procedures or make any inquiry
regarding the financial statements after the date of the auditor's report. During the period
from the date of the auditor's report to the date the financial statements are issued, the
responsibility to inform the auditor of facts that may affect the financial statements rests
with management.
Where the auditor becomes aware of a fact that may materially affect the financial
statements, he should consider whether the financial statements need amendment. He should
discuss the matter with management and should take the action appropriate in the
circumstances.
H. AUDITOR’S RESPONSIBILITIES FOR OTHER DOCUMENTS
Other information
Other information is financial and non-financial other than that included in the audited
financial statements. An entity issues on an annual basis its audited financial statements
together with the auditor's report thereon. This document is frequently referred to as the
''annual report.'' In issuing such a document, an entity may also include other financial and
non-financial information.
Examples of other information include a report by management on operations, financial
summaries or highlights, employment data, planned capital expenditures, financial ratios,
names of officers and directors and selected quarterly data.
Page 192
ISA 720 states that an auditor should read the other information to identify material
inconsistencies with the audited financial statements.
A ''material inconsistency'' exists when other information contradicts information contained
in the audited financial statements. A material inconsistency may raise doubts about the audit
conclusions drawn from audit evidence previously obtained and, possibly, about the basis for
the auditor's opinion on the financial statements.
If, as a result of reading the other information, the auditor becomes aware of any apparent
misstatements therein, or identifies any material inconsistencies with the audited financial
statements, the auditor should seek to resolve them.
In certain circumstances, the auditor has a statutory or contractual obligation to report
specifically on other information e.g. the director’s report. In other circumstances, the
auditor has no such obligation.
However, the auditor needs to give consideration to such other information when issuing a
report on the financial statements, as the credibility of the audited financial statements may
be undermined by inconsistencies which may exist between the audited financial statements
and other information. The credibility of the audited financial statements may also be
undermined by misstatements within the other information.
When there is an obligation to report specifically on other information, the auditor's
responsibilities are determined by the nature of the engagement and by local legislation and
professional standards.
Access to other information
In order that an auditor can consider other information included in the annual report, timely
access to such information will be required. The auditor therefore needs to make appropriate
arrangements with the entity to obtain such information prior to the date of the auditor's
report. In certain circumstances, all the other information may not be available prior to such
date. In these circumstances, the auditor would need to consider his options. Is there a
limitation in the scope of the audit!
Material inconsistencies
If, on reading the other information, the auditor identifies a material inconsistency, he should
determine whether the audited financial statements or the other information needs to be
amended.
If the auditor identifies a material inconsistency he should seek to resolve the matter through
discussion with management.
If the auditor concludes that the other information contains inconsistencies with the financial
statements, and the auditor is unable to resolve them through discussion with management, he
Page 193
should consider requesting management to consult with a qualified third party, such as the
entity's legal counsel and consider the advice received.
If an amendment is necessary:
In the audited financial statements and the entity refuses to make the amendment, the
auditor should express a qualified or adverse opinion.
In the other information and the entity refuses to make the amendment, the auditor
should consider including in the auditor's report an emphasis of matter paragraph
describing the material inconsistency or taking other actions.
The actions taken, such as not issuing the auditor's report or withdrawing from the
engagement, will depend upon the particular circumstances and the nature and significance of
the inconsistency. The auditor would also consider obtaining legal advice as to further action.
Material misstatements of fact
While reading the other information for the purpose of identifying material inconsistencies,
the auditor may become aware of a material misstatement of fact.
A ''material misstatement of fact'' in other information exists when such information, not
related to matters appearing in the audited financial statements, is incorrectly stated e.g.
production figures.
If the auditor becomes aware that the other information appears to include a material
misstatement of fact, the auditor should discuss the matter with the entity's management.
When discussing the matter with the entity's management, the auditor may not be able to
evaluate the validity of the other information and management's responses to the auditor's
inquiries, and would need to consider whether valid differences of judgment or opinion exist.
The auditor should consider whether the other information requires to be amended. When the
auditor still considers that there is an apparent misstatement of fact, the auditor should
request management to consult with a qualified third party, such as the entity's legal counsel
and should consider the advice received.
If the auditor concludes that there is a material misstatement of fact in the other information
which management refuses to correct, the auditor should consider taking further
appropriate action. The actions taken could include such steps as notifying management in
writing of the auditor's concern regarding the other information and obtaining legal advice.
There is always the danger that these misstatements could undermine the credibility of the
financial statements.
Page 194
Availability of other information after the date of the auditor’s report
Where all the other information is not available to the auditor prior to the date of the auditor's
report, the auditor should read the other information at the earliest possible opportunity
thereafter to identify material inconsistencies.
If, on reading the other information, the auditor identifies a material inconsistency or
becomes aware of an apparent material misstatement of fact, the auditor should determine
whether the audited financial statements or the other information need revision.
When revision of the other information is necessary and the entity agrees to make the
revision, the auditors carry out the audit procedures necessary under the circumstances. The
audit procedures may include reviewing the steps taken by management to ensure that
individuals in receipt of the previously issued financial statements, the auditor's report
thereon and the other information are informed of the revision.
When revision of the other information is necessary but management refuses to make the
revision, the auditor should consider taking further appropriate action. The actions taken
could include such steps as notifying management in writing of the auditor's concern
regarding the other information and obtaining legal advice.
Page 195
Study Unit 11
Public Sector Auditing
Contents
A. The role of the Office of the Auditor General (OAG)
B. The Legal Environment in which the OAG and auditees function
C. Specific considerations for public sector auditing
D. The role of INTOSAI
Page 196
A. THE ROLE OF THE OFFICE OF THE AUDITOR GENERAL
(OAG)
The office of Auditor General of Rwanda (OAG) was established in 1998 and began its
operations in 2000. The 2003 Constitution of the Republic of Rwanda recognised OAG as
the Supreme Audit Institution and defined it as an independent office vested with legal
personality, financial and administrative autonomy.
The OAG published the results of their strategic plan for 2011/12 – 2015/16 which sets out its
approach in addressing areas such as:-
Staff retention
Capacity in performance auditing
Outreach to stakeholders
Increasing financial audit coverage
The OAG has involved the services of a public financial management expert (OAG Strategic
Advisor/Programme Coordinator) to support the implementation of the strategic plan.
The OAG organisational structure comprises of:-
Auditor General
Deputy Auditor General
Audit, administrative and support staff
The following directorates are found within the OAG:-
Directorate of Central Administration
Directorate of Autonomous Public Enterprises
Directorate of Local Administration
Directorate of Projects and Programmes
Directorate of Quality Assurance
Directorate of Administration and Finance
B. THE LEGAL ENVIRONMENT IN WHICH THE OAG AND
AUDITEES FUNCTION
The Supreme Audit Institution (SAI) of Rwanda is the Office of the Auditor General of State
Finances.
The Auditor General of State Finances is vested with legal personality and has financial
and administrative autonomy. It is further provided in the Constitution that no person shall
Page 197
be permitted to interfere in the functioning of the Office or to give instructions to its
personnel or to cause them to change their methods of work.
Responsibilities of the Auditor General include the following:
Auditing objectively whether revenues and expenditures of the State as well as local
government organs, public enterprises, privatised state enterprises, joint enterprises in
which the State is participating and government projects were in accordance with the
laws and regulations in force and in conformity with the prescribed justifications;
Auditing the finances of the institutions referred to above and particularly verifying
whether the expenditures were in conformity with the law and sound management and
whether they were necessary;
Carrying out all audits of accounts, management, portfolio and strategies which were
applied in institutions mentioned above.
Reporting by the Auditor General
The Constitution requires the Office of the Auditor General to:-
Report to the Chamber of Deputies on the implementation of the state budget of the
previous year. This report must indicate the manner in which the budget was utilised,
unnecessary expenses which were incurred or expenses which were incurred contrary
to the law and whether there was misappropriation or general squandering of public
funds- an audit of budget execution reports.
Submit a copy of the report to the :-
President of the Republic
Cabinet
President of the Supreme Court
Prosecutor General of the Republic
Carry out a financial audit of any institution of the State or with regard to the use of
funds provided by the State as may be required by Chamber of Deputies from time to
time.
An important recent step has been the establishment of a Public Accounts Committee (PAC).
This published its first report into transactions from the 2009-10 financial year. The
relationship between the OAG and the PAC will be an important part of strengthening the
accountability of audited entities in the future.
Page 198
C. SPECIFIC CONSIDERATIONS FOR PUBLIC SECTOR AUDITING
Public sector audit has a key role to play in safeguarding public money, ensuring proper
accountability, upholding appropriate standards of conduct in public services and helping
public services achieve value for money.
Public sector auditors are accountable for their performance and are duty bound to undertake
their work in a professional, objective and cost-effective manner and with due regard to the
needs of the organisations they audit.
Public Sector Auditors should:-
Plan each audit with a thorough understanding of the audited business and its
environment
Consult with the public sector bodies regarding their overall audit approach
Consider timing of the audit and agree the audit timetable for submission of good
quality accounts and completion of the audit
Focus on risk areas of error, fraud, or other irregularities
Be accessible throughout the year to the public sector bodies that they audit
Work closely with internal auditors
The ability of the auditor to perform his/her duties effectively and in a timely fashion depends
heavily on the co-operation of those they are auditing.
Public sector auditors around the world undertake several different types of audit: financial
audit, which aims to ensure that the financial statements of audited entities present a fair view
of their financial activities during the reporting period and their Statement of Financial
Position (or balance sheet) at its close; compliance audit, which attempts to validate that
transactions have been undertaken in compliance with appropriate legislation and regulation,
and performance audit, which looks at Value for Money or the effective, efficient and
economical usage of public resources (this is sometimes called the “3Es” audit.
ISA 300Planning an audit of financial statements can be applied in relation to public sector
auditing.
D. THE ROLE OF INTOSAI
INTOSAI was founded in 1963 at the initiative of Emilio Fernandez Camus, then President
of the SAI of Cuba. The OAG of Rwanda is a member of INTOSAI.
The International Organisation of Supreme Audit Institutions (INTOSAI) operates as a
support organisation for the external government audit community. For over 50 years it has
provided an institutionalised framework for supreme audit institutions to promote
development and transfer of knowledge, improve government auditing worldwide and
enhance professional capacities.
Page 199
A crucial moment in the history of INTOSAI, and of public sector auditing generally, was the
Lima Declaration of October 1977 at the IX INCOSAI held in Lima, Peru (INCOSAI stands
for the International Congress of Supreme Audit Institutions, held every three years). This
made crucial statements about matters such as the independence of public sector auditors.
Such independence must not only exist in practice but must also be anchored in the law. The
Declaration made important statements on such matters as the budget of the SAI and its
relationship with Parliament. More detail was added by the Mexico Declaration of 2007.
Regional Working Groups promote INTOSAI’s goals regionally, providing members with
opportunities of professional and technical cooperation on a regional basis.
The INTOSAI Governing Board has 7 regional Working Groups. Working groups are
formed as a result of INTOSAI themes and recommendations to address SAI’s interests in
specific technical issues (e.g. privatisation, environmental audit)
Working groups publish specific guidance and best practices as a result of their work.
Members of INTOSAI are free to join working groups according to their interests.
Example:
The African Working Group AFROSAI African Organization of Supreme Audit
Institutions
INTOSAI currently has 4 main objectives:-
1. Professional Standards to establish effective frameworks for the adoption of
professional standards that correspond to the demands and expectations of member
institutions
2. Capacity Building to focus on institutional capacity-building activities of direct
relevance to the majority of INTOSAI’s members
3. Knowledge Sharing & Knowledge Services to build on the essential features of
openness, sharing and cooperation.
4. Model International Organisation to promote the organization and governance of
INTOSAI.
On the subject of professional standards, it is notable that in 2007 that INTOSAI established
the International Standards of Supreme Audit Institutions (ISSAIs). This is backed up by the
INTOSAI Guidance for Good Governance (INTOSAI GOV). INTOSAI is committed to the
raising of awareness of the ISSAIs in the future.

Navigation menu