CIS INTRODUCTION When the retail world was still non- existent, owners of wealth entrusted their possessions to stewards. Stewards would from time to time account to their masters, reciting from memory the goods acquired, those disposed of and those still in their possession. The master would listen to this recital of the stewards’ transactions and question him thereon. The master was the listener or auditor. As a result the word auditor (derived from the latin word audire – to hear) acquired a secondary meaning – one who satisfies himself as to the truth of the accounting of another. In ancient Egypt and Babylon, the practice of checking records was well established. The Greeks and Romans also had very complete systems of auditing public accounts. The Greeks for instance considered the accountability of officials as being of such importance that everyone connected with Government or public administration had to render his accounts. The Evolution of Auditing The historical development of auditing has evolved the audit function through a number of stages. Auditing first emerged in the form of ancient checking activities in the ancient civilizations of China, Egypt and Greece. However, the practice of modern auditing did not become firmly established until the advent of the industrial revolution in the mid nineteenth century in the UK. The audit practice in the mid 1800s to early 1900s can be regarded as “traditional conformance role of auditing” as auditing was mainly concerned with ensuring the correctness of accounts and detecting frauds and errors. Over the past 30 years or so, the auditor played an “enhancing role” by enhancing the integrity and credibility of financial information. Today, auditors are expected not only to enhance the credibility of 1
Transcript
CIS
INTRODUCTION
When the retail world was still non- existent, owners of wealth entrusted their possessions to stewards.Stewards would from time to time account to their masters, reciting from memory the goods acquired, those disposed of and those still in their possession.The master would listen to this recital of the stewards’ transactions and question him thereon.The master was the listener or auditor. As a result the word auditor (derived from the latin word audire – to hear) acquired a secondary meaning – one who satisfies himself as to the truth of the accounting of another.In ancient Egypt and Babylon, the practice of checking records was well established. The Greeks and Romans also had very complete systems of auditing public accounts. The Greeks for instance considered the accountability of officials as being of such importance that everyone connected with Government or public administration had to render his accounts.
The Evolution of Auditing
The historical development of auditing has evolved the audit function through a number of stages. Auditing first emerged in the form of ancient checking activities in the ancient civilizations of China, Egypt and Greece. However, the practice of modern auditing did not become firmly established until the advent of the industrial revolution in the mid nineteenth century in the UK. The audit practice in the mid 1800s to early 1900s can be regarded as “traditional conformance role of auditing” as auditing was mainly concerned with ensuring the correctness of accounts and detecting frauds and errors. Over the past 30 years or so, the auditor played an “enhancing role” by enhancing the integrity and credibility of financial information. Today, auditors are expected not only to enhance the credibility of the financial statement, but also to provide value-added services, such as reporting on irregularities, identifying business risks and advising management on the internal control environment. However, extensive reforms were implemented in various countries as a result of the collapse of big corporations; it is expected that the role of auditors will converge. The role of auditors has moved from “mere conformance through an enhancing role to a convergence role”. It is evident that the paradigm of independent auditing has shifted over the years. It is believed that it may continue to shift in the future. A review of the historical development of auditing has shown that the objective of auditing and the role of auditors are constantly changing as they are highly influenced by contextual factors such as the critical historical events (e.g. the collapse of big corporations), the verdict of the courts, and technological developments (e.g. advancement of computing systems and CAATs). It can be observed that any major changes in these contextual factors are likely to cause a change in the audit function and the role of auditors. As a result, auditing is seen to be evolving at all times.
1
The audit function in a market economy ultimately evolves by social consent because: Society either accepts or rejects the role of a professional group assumes for itself, in time the group either finds a role acceptable to society or the group disappears. As conditions and apparent needs change, society may reject roles formerly considered accepted so professional groups must continually be alert to the desirability of role modification and revision.
However, it is important to note that the change in society’s expectation and the response of the auditing profession towards these changes are not always at the same pace. Hence there is a natural time gap between the changing expectation of the users and the response by the profession and due to this time gap there arises what has been stated as the expectation gap or audit expectation gap. Even though the existence of such a natural time gap is inevitable, auditors should be sensitive to the changing expectation of the relevant groups while at the same time containing these expectations within the constraints of what is possible. There are inevitably economic and practical limitations on what an audit can do, and this is something which those who wish the benefit must understand.
The Agency Theory/ProblemThe objectives of management may differ from those of the firm’s Stockholders.Ownership and control are separate, a situation that allows management to act in its own best interests rather than those of the Stockholders.Management is an agent of the Stockholders and decision making is delegated.Due to the differences in objectives, Stockholders then have to motivate management to think along the lines of the owners (stockholders) by way of incentives, such as stock options, bonuses and perquisites for management to make optimal decisions.Stockholders apart, from giving incentives, can monitor management through bonding, systematically reviewing management perks, auditing financial statements and explicitly limiting management decisions.
Definition of Auditing
An independent examination by a qualified appointed person (auditor) of a company’s financial statements and books of accounts so as to express or formulate an opinion as to whether the financial statements show a true and fair view of the financial position of that company and its results, and whether the financial statements have been prepared in accordance with International accounting standards, International Financial reporting Standards or Generally Accepted Accounting Principles.
True and Fair View explained
There are three possible auditing approaches which might be used and these are:
2
1. Prescriptive approach – The auditor would list requirements with minimum individual interpretation.
2. Laissez faire – The auditor would leave it up to the directors to decide how much information is required.
3. True and Fair ViewThis literally means that financial statements represent what they are supposed to represent.Financial statements are prepared annually so that shareholders and other users can make appropriate judgments.True and fair view prescribes general principles and establishes information which is considered necessary and also laying down particular requirements only in so far as they are necessary to support general principle. The overriding requirements of an account are to give a fair view and this overrules all other prescription requirements.The main consideration for those who prepare financial statements is what is most appropriate.Skills of directors and auditors must be sound for a true and fair view approach to work.There should be a tendency to disclose more rather than less and we should prevent the embarrassment incidences of hidden facts and figures.The substance of a transaction or an event takes precedence over its legal form. It must be an opinion arrived at rationally and on a supportable basis both theoretically and pragmatically.It requires to be capable of being substantiated by the directors to the auditors who have the responsibility to consider independently on the evidence whether the accounts prepared by the directors do indeed give reference to a true and fair view.
RESPONSIBILITIES
Directors’ responsibilities
Manage the businessAssess business risksSafeguard assetsImplement a system of internal controls to prevent and detect fraud and errorMaintain books and recordsPreparation and delivery of financial statements –suitable policies, judgements and estimatesCompliance with laws and regulations – relevant disclosures in accountsStewardship of the business – fiduciary relationship - AgentAccountabilityEnsure the business is a going concern and can continue to be.
Auditors’ responsibilities
Statutory audit Other assurance engagements
Form an opinion (T&F, and disclosure notes, Determined by laws and regs where applicable
3
Directors’ report) (e.g. environmental audit)
Plan the audit As defined in the Terms of Engagement for that assignment
Gather sufficient, appropriate audit evidence Ethical and professional standards
Review the work Quality control standards
Draw valid conclusions, supported by the evidence gathered
Law and regulations / fraud and error
Law and regs (ISA 240) Fraud and error (ISA 250)
Directors’ responsibilities
Compliance with laws and regs Prevent and detect fraud and error
Auditors’ responsibilities
Plan and perform the audit so as to have reasonable assurance of detecting material misstatements, however caused
Plan and perform the audit so as to have reasonable assurance of detecting material misstatements, however caused
Report to Members if impact on audit report
Management (unless involved)
Consider duty or right to report to third parties
Members if impact on audit report
Management or audit committee. (unless involved)
Consider duty or right to report to third parties
RESPONSIBILITIES CONTINUED
Money laundering
Auditor has duty to report where actual knowledge or reasonable grounds for suspicion.Wide definition of money laundering – any money from “criminal conduct”.Concept of materiality is not applicable – all amounts are relevant.Report to firm’s MLRO.MLRO decides whether to report to SOCA.Avoid warning client – offence of tipping off.
AUDIT COMMITTEE
4
Is a committee of the board primarily established to provide additional assurance regarding the quality and reliability of both the financial information used by the board and financial statements issued by the Company.
Background
The concept of audit committees has its foundations in the USA and Canada from Cadbury Report on corporate governance in 1978. All companies as from 1978 listed on the London, New York and Canadian Business Corporations have been obliged to have an audit committee. In South Africa, the King Report on corporate governance published in 1994 included a code of corporate practice and conduct which makes it a Johannesburg Stock Exchange Listing requirement. It required that listed companies include in their annual financial statements a statement by the directors of their compliance with the code.
In September 1995, the Institute of Chartered Accountants of Zimbabwe was impressed by the findings of Cadbury and King Reports. They later approached the Minister of Justice, legal and Parliamentary Affairs to suggest that certain recommendations be adopted by law in Zimbabwe. The Law Commissioner recommended all law published entities to establish an audit committee.
Audit Committee Charter
The role of the audit committee should be documented in a charter approved by the board. The charter should be reviewed on an annual basis by the audit committee and include the following:-
(i) A general outline of members of the audit committee chaired by a non- executive director and has a minimum of three members.
(ii) The Financial Director, external auditor and the head of internal auditing be invited to all meetings.
(iii) Proposed functions and roles of Audit Committee.
Responsibilities and functions of Audit Committee
1. To review financial statements prior to submission to the board for approval.2. To review periodically the effectiveness of the system of accounting and controls.3. To act as an advisor to the main board and liaising with internal audit.4. To discuss the scope and timing of audit work with external auditors.5. To discuss with the board and the auditors’ significance of matters brought to
light by auditors and make appropriate recommendations.
5
Advantages of Audit Committees
1. Improves the image of the company in the financial community and lend credibility to the financial statements. 2. Increased objectivity at board level as a result of the input from non-executive directors.3. Increased independence of both internal and external auditors thus enhancing the perceived effectiveness of auditing.
Disadvantages of Audit Committees
1. Increased costs as a result of increased directors fees particularly in small firms.2. Problems of confidentiality of information to persons who are not members is
compromised3. Increased bureaucracy as a result of another tier to the corporate structure.
Audit Standards Board
In the old days, it was due to the individual members of the auditing profession and their firm to determine how best to carry out their duties. Unfortunately this led to wide variations in the quality of the audit work. The profession’s response was the formation of the International Auditing Practice Board Committee, a committee within the council of the International Federation of Accountants (IFAC). Members are those nominated by the member bodies in the countries selected by the council to serve the committee. Its mandate was to develop and deliver on behalf of the council, standards and statements of auditing and related services.
Why have accounts audited
Due to the directors most likely differing to the shareholders, the shareholders will need some protection, and therefore the auditors will independently review that the directors have acted in the best interests of the shareholders.It is legal requirement especially in public companiesFor accountability purposes- info gap – assurance
Benefits of assurance work
Enhances credibility of financial information (less so for limited assurance but still some)Reduces risk of management bias.Relevance of information enhanced by assurance firm’s experience and expertise.Qualified opinion and additional information can draw attention to risks. Credibility is given to fin stats by:
1. Auditor’s training2. Auditor’s experience3. Auditor’s professional judgement4. Auditor’s independence
6
Influences on an audit
a). The International Standards of Auditing / Auditing Guidelinesb). Professional Board rulesc). Legislationd). Terms of engagemente). Codes of practice e.g. local authoritiesf) Audit riskg). Fear of litigationh). Ethics – i.e. integrity, objectivity, independence, professional competency, due care, professional behaviour and confidentiality.i) The individual audit manual of the firm of auditors.
Advantages of an audit
1. Audited financial statements are accepted as reliable by interested parties.2. The income Tax department accepts with less questioning audited financial
statements as a basis for the calculation of income tax.3. The audited financial statements provide a sound basis for the settlement of
claims e.g. claims by a retiring partner.4. Audited fin stats also provide a reliable basis for the valuation of a business, for
estate duty and other purposes. 5. The auditing process has a moral effect on employs as it tends to make employees
more careful and accurate in their work.6. The auditor is in a position to advise his client of improvements which may be
made in the accounting system.7. The auditor’s accumulated knowledge e.g. in finance may be invaluable to a
client. Suggestions made by the auditor may point the way to increased efficiency and larger profits.
Objectives of an Audit
Primary/ Main/ Principal
The main objective of an audit is to enable the auditor to express an opinion – whether the fin stats are prepared in all material respects in accordance with the generally accepted accounting principles.The auditor may use phrases such as “the financial statements give a true and fair view” or “present fairly in all material respects” to express his opinion.
NB: The auditor’s opinion may be positive or negative.
7
Secondary/ Subsidiary/ Consequential
a). To detect errors and fraudsb). To prevent errors and frauds in future by the deterrent and moral effect of the audit.c). To provide spin off effects – assisting clients to put in place accounting systems and taxation.d). Assisting in the establishment and maintenance of adequate internal control systems by reporting deficiencies discovered during audit and making recommendations.
AUDITING STANDARDS
8
Consider ethical issues
Legally allowed to audit?
Issue engagement letter
Audit planning
Risk assessment
Decide audit approach
Carry out audit testing
Draw conclusions on testing
Determine opinion & produce audit report
ISA 200 General principles
ISA 240 Fraud
ISA 300 Planning
ISA 320 Audit materiality
ISA 500 Audit evidence
ISA 530 Audit sampling
ISA 250 Laws & regulations
ISA 210 Engagement terms
ISA 230 Documentation
ISA 315 Understanding & risk assessment
ISA 330 Auditor’s procedures
ISA 505 Confirmations
ISA 520 Analytical procedures
ISA 550 Related parties
ISA 560 Subsequent events
ISA 570 Going concern
ISA 580 Management representationsISA 700 Audit reports
ISA 540 A/c estimates
• ISA 220 Quality control• ISA 260 communication of audit matters
INTERNAL AUDIT
It is an element of internal control Set up by management to examine, evaluate and report on accounting and other controls
of the business. An appraisal activity established within an entity May exist voluntarily or because of statutory requirements
Scope and objectives of internal auditThese vary widely and are dependent upon the responsibilities assigned to internal audit by management, the size and structure of the enterprise and the skills and expertise of the internal auditors.
Scope of the internal auditors’ work may conveniently be classified into four main interlocking capacities:
It is important that the external auditor be aware the effectiveness of the internal audit functions in each of these capacities before relying on it to the extent of materially reducing the volume of his own normal procedural tests in important areas.
To work, the internal audit department must be:
Sufficiently resourced Well organised Independent and objective
Other duties of internal audit are:
Seeing to it that social responsibility policies adopted by top management have been implemented.
Acting as training officer in internal control matters Taking a share of the external auditor’s responsibilities in relation to the figures in the
annual accounts.
Limitations of the internal audit function
The main limitations of internal audit are:
Independence (or lack of)Variation of standards – relatively new profession
Consideration of outsourcing the internal audit function
Possible advantages:
Focus on cost and efficiency of the internal audit functionStaff have broader range of expertiseRisk of staff turnover passed to the outsourcing firmSpecialist skills readily availableAvoids costs of employing permanent staffImproves independenceAccess to new market place technologiesReduced management time in administering an in-house department
9
Possible disadvantages:
Pressure on independence of outsourced functionLack of knowledge and understanding of the organisation’s objectives, culture or businessDecisions may be based on cost not effectivenessFlexibility and availability lower than in-house functionLack of control over standard of serviceRisk of blurring of roles of internal and external audit
Internal audit assignment
The general approach
Identify key risk areas (transfer risk, reduce and accept)Are there any procedures to mitigate the risk?Are the procedures being followed?Are the procedures effective?Report and recommend
Compare and contrast Internal and External AuditorsCommon Interests Differences
1. An effective system of internal control Scope – extent of work undertaken- internal auditor’s work is determined by management whereas that of internal auditor is determined by statute
2. Continuous effective operation of such system
Approach – internal audit is concerned with internal systems – external audit is concerned with truth and fairness of accounts
3. Adequate management information flow
Responsibility – Internal auditor is answerable to management – external auditor is answerable to Shareholders
4. Asset safeguarding5. Adequate accounting systems6. Ensuring compliance with statutory and
regulatory requirements
Areas of work overlap
Examination of system of internal control Examination of the accounting records and supporting documents Verification of assets and liabilities Observation, enquiry and the making of statistical and accounting ratio measurements
Why Internal and External auditors need to co-operate
To avoid duplication of work To share experiences and expertise For audit planning purposes To aid the external auditor in developing an effective audit approach.
What the external auditor need to consider before relying on internal audit
10
1. Organisational status – independence, how is it viewed in the organisation, to who does it report to, is it free to communicate with external auditors
2. Scope and objectives - what are the internal auditors’ terms of reference and the scope and objectives of their assignments
3. Due Professional care – Is the work of internal audit generally well planned, controlled, recorded and reviewed. Are there adequate audit manuals, work programs and working papers, what are the procedures for controlling individual assignments, are there satisfactory arrangements for reporting and follow up.
4. Technical competence – Are the people performing internal audit work adequately trained, do they have proficiency as auditors. Indicators may be membership of an appropriate professional body.
5. Internal audit reports – Are\the reports of the required quality and does management consider, respond and act upon those reports.
The general assessment of the likely effectiveness and relevance of the external auditor’s judgement as to whether he wishes to place reliance on internal audit.The external auditor should document his assessment and conclusions in this respect and should update his assessment on a yearly basis.Any significant weaknesses in the internal audit function should be pointed out to management in a management letter.
In determining the extent of the reliance, the auditor should consider:
The materiality of the areas or the items to be tested or of the information to be obtained The level of audit risk inherent in the areas or items to be tested or in the information to
be obtained. The level of judgement required The sufficiency of complimentary audit evidence Specialist skills possessed by internal audit staff
Although the extent of the work of the external auditor may be reduced by placing reliance on the work of internal audit, the responsibility to report is that of the external auditor alone and thus is indivisible and is not reduced by this reliance.
Who can act as an external auditor?
Has to be a member of a Recognised Supervisory Board (RSB)
Allowed by the rules to be an auditor
Or someone authorised by the state
Excluded even if three conditions met above (law):-
An officer (director or secretary) of the company
An employee of the company
A business partner or employee of the above
Ethically – we need to review independence, if this is lacking then we should not accept.
Audit exemption
11
Small companies do not need an audit (basic rules – revenue up to £5.6m, gross assets up to £2.8m).The following must be audited regardless of size:Banks or other FSA regulated companies.Insurance companies.PLCs.Subsidiaries of groups containing the above.Charities.
Rights of the auditor
Access to books and records.Information and explanations.Receive notice of and attend general meetings.Speak at general meetings on relevant matters.Special rights attaching to resignation.
Duties of the auditor
Report on T&F, properly prepared, directors’ report consistent with FS.In UK also report by exception on RAPID (ISA 210 appendix)
Appointment
By ordinary resolution of members at the AGM and will hold office until the next AGM.Directors may also appoint if no auditor is appointed at the AGM or if there is a casual vacancy, or in some cases the Secretary of State or the Registrar of Companies.
How can an auditor be removed or resign
Method Removal Resignation
Process Arrange for a meeting of the shareholders regarding an ordinary resolution with special notice. Write to shareholders and auditors. Shareholders can attend the AGM and vote.
When removed shareholders and directors will need to appoint new auditors.
Submit written notice.
Company must tell Companies House.
Rights The auditors have the right to receive notice of, attend and speak at AGM.
Shareholders simple majority vote required
Have representations circulated to members.
Request EGM.
12
Duties Deposit statement of circumstances at company’s registered office.*
Deposit statement of circumstances at company’s registered office.*
Give written notice.
*statement of matters to be brought to attention of members / creditors, or statement that there are no such matters
ETHICS FRAMEWORK
Sources of ethical guidance
IFAC Code of Ethics – governs audits carried out under ISAs.ACCA Code of Ethics – to be followed by ACCAs, but is practically identical to the IFAC code.
Fundamental principles
IFAC Code of Ethics
IntegrityObjectivityProfessional competence and due careConfidentialityProfessional behaviour
D TOPIC
General threats to objectivity
Self-interestSelf-reviewManagement - doing the management roleAdvocacy - seems to represent the client’s views / position on a matterFamiliarity or trustIntimidation
Integrity, Objectivity and Independence
Sets out requirement for firms to have policies and procedures relating to ethics.The firm should appoint an ethics partner.For listed clients, compliance with ethical standards should be reviewed by an independent partner.Matters that bear on the auditors’ objectivity and independence should be communicated to client management.
Detailed guidance
13
Specific threats
Why Safeguards
Beneficial interest in shares
Will want the highest value for shares therefore will not disclose anything that will devalue shares
Audit partner and staff cannot hold shares in audit client so resign or not accept.
Mutual business interest
Should not go into business with audit client
Staff moving from audit firm to client
May lose professional scepticism as you know the people involved, familiarity threat.
They know the systems and may work around the auditor’s weaknesses.
Partner becomes client management within 2 years of being involved in the audit – firm should resign as auditors
Other staff – firm must consider implications for independence
All – partners and staff should disclose intention to move to client and be removed from the audit team
Client staff joining audit firm
as above Should not be allowed to work on the audit for 2 years
Acting for a prolonged period for listed clients
Lose professional scepticism.
May not want to upset a friend and lose the relationship
Rotate staff as follows:
Engagement partner – 5 years
Key audit partners and senior staff – 7 years
Acting for a prolonged period for non-listed clients
Rotate staff as follows:
Engagement partner – 10 years
Rules more relaxed – might be able to make a case that partner should remain for longer
Dependence on client
Will have the fear of losing the money and therefore will not want to upset the client.
Self interest threat
Fees for services to clients should not exceed following % of firm’s fee income:
Listed: 10% (review at 5%)
Non-listed: 15% (review at 10%)
Loans, etc. Fear of not getting paid if we upset the client
Not allowed loans or guarantees
Overdue fees akin to a loan
Hospitality or other benefits
Bribe
Lose professional scepticism
Firm should have a policy
Basic idea is that they should be modest
Should not accept
Litigation Intimidation treat Firm should resign as auditor if there is actual or potential litigation between audit
14
firm and client
Other services Self review threat as if we as the auditors review our work and we find an error we may hide those errors to save face
Consider the impact of non-audit services
Establish safeguards to counter any threats – different teams
Communicate with those charged with governance
Document rationale for decisions taken
Do not help PLCs prepare accounts except in an emergency
Do not carry out IA / IT / Valuation work where the external audit opinion will place heavy reliance upon this other work
Confidentiality
Auditors should keep client information confidential unless there is a right or duty to disclose.
Right to disclose Duty to discloseClient permission obtained Money laundering or suspicions of terrorism or
treasonPublic interest Ordered to by a courtTo defend the audit firm Required by a regulator
Duty to disclose
Disclose information to certain regulatory bodies:Police – of breaking the lawFinancial servicesBanksInsurance companiesMoney laundering – drug trafficking
If the courts demand information and you refuse to disclose/provide the information it is likely to be considered contempt of court which is illegal
Right to disclose
If the actual auditors are subject to disciplinary then they can disclose information
Right to disclose
Auditors are allowed to disclose information if they consider it too be in the public interest. Need to take care here as it maybe difficult to prove.
If the client gives authorisation we have the right to disclose.
15
Conflicts of interest
Definition: Difficult situations to manage, with no obvious “correct” solution.
– Avoid conflicts of interest wherever possible
Risks: - confidential information moving between parties - reduced objectivity
Safeguards
Firm vs. client E.g. where the auditor recommends another service to a client and receives a
commission for doing so. Disclose to client. Obtain client consent.
Client vs. clientE.g. the firm audits clients who are competitors.Main issue is confidentiality.Disclose to client and then the client can decide to continue or notSeparate teams with separate reporting lines.Maintain confidentiality (“Chinese walls”).Independent partner review.If sufficient safeguards cannot be implemented, consider resigning / refusing to act.
ACCEPTING ENGAGEMENTS
Accepting engagements
Usually by tendering for the engagement, considerations including:FeesExperienceReputation
16
Potential NEW client or current client with issues
RTQA company has approached your audit firm asking nomination for appointment, what needs to be done before you except?
PurposeConfirms acceptance of appointment.Sets out the scope of work and responsibilities.Lays out the form of any reportsNarrows the expectation gap and minimises the possibilities of misunderstanding.Main contents of the letter :-
Objective of the auditManagement responsibilitiesScope of audit workDeadlinesFeesComplaints procedureAccess of informationHolding clients’ moneyData protection
Consider the need to update the letter when there are changes in the engagement / management – but do not have to reissue every year.
Outgoing auditor
Reply to requests for information from incoming auditor – assuming client gives permission.
Incoming auditor
Write to client asking for permission to contact the previous auditors. If client declines, do not accept engagement. If client allows, write to previous auditor asking them about matters that may be relevant
to acceptance. Follow up if no reply. Consider reply e.g. unpaid fees, disagreements about accounting treatment. If no reply, can accept the engagement but be sceptical.
PLANNING THE AUDIT
Why plan ISA 300
Enables the audit to be carried out in an effective and timely manner.To reduce audit risk.To determine the audit approach.To decide how much audit work.To facilitate review.
17
Matters to consider when planning an audit
ISA 300 suggestsKnowledge of the business. Understanding accounting and internal control systems.Risk and materiality.Nature, extent and timing of procedures.Coordination, direction, supervision and review.Other matters.
You might use the mnemonic MAREMateriality Accounting treatment – problems more likely where there isComplexityEstimationJudgementRisk Evidence – practical problems
Contents of the audit strategy memorandum Q29 – Tempest 20 marks
Characteristics of the business – what does the business doNature of assignment - what work is to be done is it and Audit??Key dates – interim and final audit dates, deadlines for the AGMBudget Overall audit approach – test of control and substantive assess the systems to decide reliance Overall materialityRisk areas and important figuresSpecific areas of audit work (because of issues)Client assistance – IA, documentation etc…
Interim and Final audit
Interim audit Final auditMeaning It is voluntary
Conducted in between two final audits (during an accounting period)
Done after the end of the accounting period
Advantages Errors and Fraud are discovered at an early stageBooks and records of client are always up to dateReduces workload for final audit
Allocation of work to staff becomes easierCosts are lowerNo duplication of work
Disadvantages Audited figures may be alteredNot relevant for small entitiesHigh cost
Delay in presentation of final accounts and completion workMay overlook some detailed aspects
Differences
Interim Audit Final Audit
18
Carried out during the accounting period Carried out at the end of the accounting periodVoluntary Compulsory
Suitable for large organisations Suitable for small organisations
Contents of the audit planning memorandum
Risk assessment. Audit approach. Sampling. Planned audit procedures. Key audit risks. The staff who will do the work The location of the audit The timing of the work to be done A budget of time and costs
The Audit Programme
Develops and documents the nature, timing and extent of planned audit procedure required to implement the overall audit plan.Will consist of a very detailed list of things to be done and will show all assets, liabilities, revenues and expenses and such things as sample sizes, bases of selection of samples and when and where the programme is to carried out.It is a set of instructions to staffIt needs to take into account ; risk of error, amount of audit evidence required in each area, co-ordination of auditing with accounts preparation, the co-ordination of any assistance from client staff e.g. on schedules preparation, availability of records, internal audit.Involvement of other auditors and experts if required.
Knowledge of the client’s industry, business and organisation
It is essential that all members of the audit team fully understand the client’s industry, business and organisation. There are multiple ways of gaining this knowledge which can be done through:
The client’s annual report and accounts Analytical review of the client’s interim accounts, financial reports, variance analysis etc Interim audit reports Visits to the client’s premises and discussions with management and staff Perusal of minutes of shareholders, directors, audit committee, budget committee etc Previous year’s audit files including the permanent file Consideration of the state of the economy Reports from within the audit firm which may be relevant to the client e.g. tax department
and management consultancy Perusal of relevant literature from credit rating agencies, stockbrokers, investment
analysts Perusal of relevant trade magazines and journals
19
MATERIALITY AND RISK ASSESSMENT
Materiality ISA 320
Information is material if its misstatement or omission would influence the decision of users of the financial statements.This can result from size or nature.
Qualitative considerationsEffect on use e.g. descriptions of accounting policies should not be misleading.Some items are capable of precise determination e.g. cash, share capital.Directors’ transactions must be accurate.
Quantitative considerationsAuditor must use their judgementSome rules of thumb:½ - 1% revenue1 – 2% gross assets5 – 10% profit before tax
Business risk
Risk inherent to the business.Of interest to the auditor as business risks may cause material misstatement in the FS.Broken down intoFinancial riskOperational riskCompliance riskWhen considering business, it is the threat that an event or action will adversely affect the business’ ability to achieve its own objectives.Business risk can be internal or external e.g. changing legislation.Changes in interest and exchange rates, bad debts, inflation, litigation and political factors all forms of external risk, whereas employees and board of directors’ inefficiency, overtrading, fraud and internal control weaknesses are forms of internal risk.
Auditors should consider business risk in three ways: By enquiring into and assessing business risk thereby gaining an excellent knowledge of
the business. By helping clients to recognise, assess, respond, ignore, welcome, or manage risk. In this
respect therefore they can help to manage or eliminate it. Observing the connection between audit and business risk.
Audit risk
May be defined in two stages:
a) The possibility that the financial statements contain material misstatements which have escaped detection by both, any internal controls on which the auditor has relied and on the auditor’s own substantive tests and other works OR
b) The possibility that the auditor may be required to pay damages to the client or other persons as a consequence of: The financial statements containing a misstatement; and The complaining party suffering loss as a direct consequence of relying on the fin
stats; and
20
Negligence by the auditor in not detecting and reporting on the mis statement can be demonstrated.
Audit risk can be classified as normal as or higher than normalNormal audit risk is the possibility of an error or fraud going undetected and exists in all auditing situationsHigher than normal audit risk can be associated with particular clients or with particular areas of a client’s affairs.Audit risk can arise from a client which is high risk as a whole, for particular areas of a client’s affairs, or from inadequacies in audit work.Audit risk can be minimised by appropriate audit firm organisation and appropriate audit work on a particular client.Risk based auditing takes account of substantive risk, internal control risk, sampling risk and inherent risks.Spotting high risk areas is the important skill, ideas which assist in this, include:
a) Identifying large or high value (material) items.b) Recognising error prone conditions, e.g. capital/revenue coding, stock and work in
progress.c) Briefing staff on the importance of put upon enquiry situations, the investigation of
related parties, and the interpretation of new legislation and accounting standards.
One way to reduce audit risk is to acquire the quality standard ISO 9000 either on its own or as part of total Quality Management
AR = IR x CR x DR
Audit risk is made up of these three components Inherent risk Control risk Detection risk
Inherent Risk (IR)
This is the possibility of material error or it is the susceptibility of an account balance or class of transactions to misstatements that could be material itself or when included in other balance of transactions assuming that they are not related to internal control systems or the in born chance of errors or misstatements accruing in the collection because of the nature of the transaction.Management need to identify risk areas and improvise suiting internal controls. Areas of high risk such as cash collection systems, use of sensitive assets, compliance with IAS, sales where significant amounts may not have been invoiced consequently understating sales and receivables or at times capital expenditure may be included in repairs.Such types of risks are reduced but never eliminated by internal controls.Inherent risk stands independent from the auditor and relate to the client’s circumstances such as management integrity, management experience, nature of business, factors affecting industry, changes in consumer demand and nature of assets and liabilities.
Inherent risk assessment
Normally assessed at two levels i.e. the financial statements level and at the account balance and class of transactions level e.g. degree of judgement involved in determining account balances susceptibility of asset to loss or misappropriation such as cash transaction not subjected to ordinary processing.It is after assessing the above factors that the auditor will assess whether the inherent risk is high, medium or low.The auditor must understand the accounting system and the internal control system so as to identify major classes of transactions, important accounting records, document and accounts,
21
Identify from the above scenario the main audit risks that the auditor should address, and explain how these can be mitigated.
accounting and financial reporting and the collective control environment to assess the awareness and action of directors and management with regards to internal control.
Control risk
This is the risk that the internal control system may fail to prevent or detect material errors or irregularities. It is a chance that the controls set up by the management with the auditor assessing them would have failed somehow to prevent material errors or misstatements from occurring.This depends on the effectiveness of the client’s systems.If the internal control system is weak, control risk is high. The auditor assesses the control risk by performing tests of control to obtain audit evidence about the effectiveness of the internal control system and the accounting system and how it is operating during the period under scrutiny.
Control risk assessment
Basically there is need to understand the accounting and internal control systems and this enables the auditor to identify the major classes of transactions and how they are initiated and supporting documents. Detection Risk
This is the chance that the auditor’s procedures would fail to detect material misstatements or the failure on the auditor’s part i.e. he will not detect misstatements in the accounts or class of transactions that could be material individually or when aggregated with other misstatements.The audit procedures may include tests of control and substantive tests.The risk is dependent on the effectiveness of the audit procedures, their extent, timing and adequacy.It may also depend on judgemental interpretation of audit findings.High detection risk means work failure and this is shown by:
I. Failure to carry out necessary testsII. Failure to gather enough audit evidenceIII. Acceptance of inadequate explanationsIV. Failure to conclude appropriately because of inference from evidenceV. Use of wrong procedures due to incompetence and negligence
Detection risk assessment
The level of detection risk relate directly to substantive procedures, control risk assessment, inherent risk assessment which influence the nature and timing.There is an inverse relationship between detection and combined level of inherent and control risk
Risk is determined at the planning stage as it affects the nature, extent and timing of work to be done.
Controlling
AUDIT APPROACH
The audit approach must be designed to respond to the risk assessment and meet the audit objective.
Detailed audit procedures
22
Need to determine mix of test control and substantive testing.
Gain an understanding of the accounting and internal control systems and document them
Perform walkthrough tests
Make a preliminary assessment of internal controls
Expect controls to be effective Expect controls to be ineffective
Perform tests of controls Perform substantive procedures
Are controls effective throughout the year?
Yes No Analytical procedure
Test of detail
Perform limited substantive procedures To ensure there are no material errorsAgree /recalculate
Audit working papers
Auditors should document in their working papers, matters which are important in supporting their report.Working papers should record the auditor’s planning, the nature, timing and extent of the audit procedures performed and the conclusions drawn from the audit evidence obtained.
23
Test of controlsAimObtain audit evidence about the effective operation of accounting and internal control systems, i.e. that properly designed controls identified in the preliminary assessment of control risk:exist in fact; andhave operated effectively throughout the relevant period
DescriptionThe control is tested, not the transaction. Examples include the following:enquiries and observations corroborating IC functionsinspection of documents evidencing operation of IC, e.g. that a transaction has been authorised
A ‘deviation’ is where a control has not been operated effectively whether or not a quantitative error has occurred.
Auditors should record in their working papers, their reasoning on all significant matters which require the exercise of judgement and their conclusions thereon.
Working papers (ISA 230)
Why have working papers? Assist in audit planning.Assist with supervision and review.Record the evidence to support the audit opinion.To control the current year’s workEvidence of work carried out
Nature and content of working papers
Clear, easy to follow for any experienced auditor who was not part of the proceedings to be able to deduce work performed.
FormWorking papers can be in any form desired by the auditor, but a usual division is between
the permanent file and the current file.
Permanent file
Usually maintains documents and matters of continuing importance that will be required for more than one audit.It will usually be indexed.Following are some of the contents of a permanent file:
Statutory material governing the conduct, accounts and audit of the enterprise The rules and regulations of the enterprise Copies of documents of continuing importance to the auditor. Addresses of the registered office and all other premises with a short description of the
work carried on at each. An organisation chart List of books and other records and where they are kept. An outline history of the organisation List of accounting matters of importance Notes of interviews and correspondences relating to internal control matters A note of the position of the company in the group and of all subsidiaries and associated
companies Client’s internal audit and accounting instructions A list of directors, their shareholdings and service contracts A list of the company’s properties and investments with notes on verification. A list of the company’s advisors – bankers, merchant bankers etc. A list of the company’s insurances
Current file
Usually contains matters pertinent to the current year’s audit such as : A copy of the accounts being audited, authenticated by the directors’ signatures An index to the file A description of Internal Control system in the form of an ICQ, flowchart etc. An audit programme A schedule for each item in the balance sheet A schedule for each item in the P&L showing its make up. Checklists for compliance with statutory disclosure requirements, accounting standards,
auditing standards.
24
A record showing queries raised during the audit and coming forward from previous years
A schedule of important statistics A record or abstract from the minutes of the company, directors, etc Copies of letters to the client setting out internal control weaknesses Letters of representation
Internal control Questionnaires
It is a comprehensive, all in, inclusive method of ascertaining, recording, and evaluating a system of internal control.Use of a standardised ICQ ensures that all the important questions are asked and the important characteristics of a system are brought out.
Flowcharting
It is a method of recording internal control systems from the auditor’s standpoint.
Advantages of flowcharting
To enable the system to be recorded in such a way that it can be understood by all stakeholders
Overall picture of a firm is exposed. Consistent system of recording Disciplined method of recording Highlights the relationships between different parts of a system Weaknesses are easier to spot Superfluous forms and bottlenecks are easily spotted. This is really of use to O&M study
practitioners but auditors often help their clients in this area. Flowcharts are a permanent record but are easily updated In complex cases, flowcharting is the only way to gain an understanding of a system
Disadvantages of flowcharting
Creating them is time consuming They can become a fetish. i.e. start and ends in themselves. They are of little use in systems where internal control is ineffective or very simple. There are numerous symbol systems which can cause confusion
Audit Programme
A table of the work an auditor does on the occasion of an auditThe results of tests, particularly if based on statistical sampling would need some evaluation and the audit programme would provide space for this.
Advantages of using audit programmes
o They provide a clear set of instructions on the work to be carried outo They provide a clear record of the work carried out and by whomo Work can be reviewed by supervisors, mangers etco Work will not be duplicatedo No important work be overlooked
25
o Evidence of work done is available for use in defending actions for negligence
Disadvantages of audit programmes
o Work may be mechanicalo Parts may be executed without regard to the whole schemeo Programmes are rigidly adhered to although client personnel and systems may have
changedo Initiative may be stifledo When auditor’s suspicions are aroused or put upon enquiry, he should probe the matter
to the bottom. A fixed audit programme and limited time tend to inhibit such probings.o If work is performed to a predetermined plan, client staff may become aware of the fact
and fraud is facilitated.
Other working papers
1. Manuals – contain general instructions on the firm’s procedures2. Audit note books – They are incorporated in current or permanent files3. Time sheets – Not strictly a part of the audit working papers, but are of great importance
in controlling the work of audit staff and making a proper charge to the client4. Audit control and review sheets – usually incorporated in the working files
Standardisation of working papers
Advantages
a) Efficiencyb) Staff become familiar with themc) Matters are not overlookedd) They help to instruct staffe) Work can more easily be controlled and reviewedf) Work can be delegated to lower level staff
Disadvantages
a) work becomes mechanicalb) work also becomes standardc) client staff may become familiar with the methodd) initiative may be stiflede) the exercise of necessary professional judgement is reduced
Ownership of the books and papers
Ownership of the working papers of an audit hinges on whether the accountant is acting as an agent for the client or not. The leading case is Chantrey Martin & Co vs Martin 1953. The ownership of working papers may not seem important but relevant in situations such as changes in professional appointments, legal proceedings for the recovery of documents, negligence actions etc.
Auditor’s lien
They have a particular lien over any books of accounts, files and papers which their clients have delivered to them and also over any documents which have come into their possession in the course of their ordinary professional work.
26
A particular lien gives the possessor the right to retain goods until a debt arising in connection with those goods is paidCase study – Woodworth vs Conroy 1976
What would you see on a working paper?
Client namePeriod endPrepared by and datedReviewed by and datedSubjectCross referenceKey
Safe custody of working papers
What procedures would you do to ensure safe custody of working papers
Locked away PasswordsRestricted accessFilled away if not requiredNot to take homeBack up
Retention of working papers
They should be retained for as long as possible depending on:
a. Prospectus requirements are for accounts to be retained for six preceding yearsb. Tax assessments can be made up to six years after the end of the chargeable period but
in fraud cases, can be made at any timec. Actions based on contract or tort ( e.g. professional negligence) must be brought within
six years.
INTERNAL CONTROLS
Internal controls systems
Directors are responsible for designing, implementing and monitoring the system of internal controls.This helps them achieve their legal responsibilitiesObjectives of internal control are safeguarding assets, preparing financial statements accurately, efficiently and timely, and helps prevent and detect fraud and errorAuditors are responsible for assessing control risk as a component of audit risk, so they need to consider the internal control system as part of the audit. They may choose to test internal controls as a source of audit evidence.The auditor also reports on significant control weaknesses in the Report to Management.
Control procedures
27
The auditor should obtain an understanding of the control procedures sufficient to develop the audit plan.He must be able to identify activities such as:
I. AuthorisationII. InitiationIII. ExecutionIV. Recording
These are policies and procedures designed to prevent or detect and correct errors.
Control objectives
To ensure:a) That only valid transactions are recordedb) Transactions are recorded accuratelyc) All transactions that occur are completely recorded.d) That all transactions are authorizede) That all transactions are classified and there is proper cutoff
Components of an Internal Control System [ISA 315]
Control
Recommending controls – ideas generator
P Physical ControlsA Approval (signing of documents)C Computer ControlsA Account Reconciliations (bank, receivables,payables)M Maintain and review control a/cA Arithmetic Controls (sequence checks)C Comparison (Actual vs Budget)
28
Control Environment
3 As
AttitudeAwareness
Actions
Risk Assessment Procedures
How mgmt identify risk
Indicators that risks might be
present
Information System
What an Information
system should do
Control Activities
PACAMACSIdeas
Monitoring of Controls
Should be on an
ongoing basis
Still working and
appropriate?
Identify control procedures
Identify weaknesses – what can go wrong, consequences and state recommendations
Management letterproduced
S Segregation of Duties
Internal control principles
Segregation of duties- processing of a transaction to be spread over a number of peoplePhysical controls – custody controls to adequately safeguard company assetsAuthorisation & Approval – Authority is delegated to specific individuals held accountableManagement controls – There should be adequate management supervisory checksSupervision controls – All actions by all levels of staff should be supervisedOrganisation controls – Information has got to be processed following organisational structuresArithmetic & accounting – control over accounting records and accuracy of recordingPersonnel controls – competencies, motivation, integrity, remuneration, promotion, training &
Assignment
The control environment
Looks at :
a) Role of the Boardb) Effectiveness of managementc) Reasonableness of management estimatesd) Budgetary control
Limitations of effectiveness of Internal control system
The effectiveness of an internal control system is limited by:I. Human error because of negligence, ignorance, destruction and misjudgement
II. Management can ignore controls because of the cost factorIII. Inherent risk associated factorsIV. Staff shortageV. Fraudlent collusionVI. Abuse of responsibility and authority
Steps taken to evaluate internal controls
a) Systems Review – Auditor should do a review to determine the sufficiency of existing controls. This is done through discussions and enquiries to management and personnel or by reviewing the client’s system, flow charts and observations of entity’s activities.
b) Preliminary Assessment – After reviewing the system, the auditor needs to document the findings where review indicates reliance on the system is not justified. Circumstances that may lead to such a finding should be justifiable and if it is found that in a computerised environment, reliance can not be placed on general controls, then the auditor may use other means. It can also be used if it is found that there is a low volume of transactions.
c) Identify the controls of audit importance on which you intend to relyd) Design and perform test of controls – This involves the design and performance of
tests of controls on which the auditor intends to rely on to determine material misstatements through fraud and error or whether the system is functioning properly.
e) Evaluate the findings – After performing test of controls, the auditor needs to find out the effect of control risk. In respect of deviations of the internal control, the auditor should evaluate the nature of deviation so as to determine the extent, i.e. are they recurrent or isolated. Where reliance on internal control is justified, then the auditor should rely on them and limit the substantive procedures. Where reliance on internal control is not justified, adjust the substantive procedures in respect of the nature and timing by adding more substantive procedures and more tests.
29
f) Reporting weaknesses in the internal control system – Where material weaknesses were reported in the past, it is the duty of the auditor to investigate whether they have been corrected and if not, report it back to management. If such weaknesses have no influence on the current audit, the auditor should inform management that they have not been investigated.
AUDIT TEST
a) Walk through checks – The auditor needs to understand the client’s accounting system and control environment, so as to be able to plan the audit and determine the audit approach. Walk through tests can be defined as tracing one or more transactions through the accounting system and observing the application of relevant aspects of the internal control system.
b) Tests of control / Compliance tests
These are tests to obtain audit evidence about the effective operation of the accounting and control systems.They seek to establish if properly designed controls identified in the preliminary assessment of control risk exist in fact and have operated throughout the relevant period.
c) Substantive Tests
These are tests to obtain audit evidence to detect material misstatements in financial statementsThere two types of substantive tests which are: Analytical procedures and other substantive procedures i.e. tests of details of transactions and balances, reviews of minutes of directors’ meetings and enquiry.
d) Rotational Tests
These are tests carried out on the assumption that the auditor will be in office for several years and can be in any individual year bring to bear special emphasis on a particular area of the affairs of his client or visit particular branches.There are two kinds of rotational tests:
I. Rotation Audit: Emphasises the auditor performing a systems audit on all areas of the client’s business every year, but each year he selects one area e.g. wages, sales, stock control, purchases for special in depth testing.
II. Visit Rotation: Where the client has numerous branches, factories, locations, etc, it may be impractical to visit them all each year. In such cases the auditor visits them in rotation so that while each will not be visited every year, all will be visited over a period of years.
Techniques of audit testing
They include:
I. Inspection – Looking at records, documents and tangible assets.II. Observation – Looking at procedures actually taking place III. Enquiry – Seeking relevant information by asking questions, orally or in writing, to
persons or institutions inside or outside the client.IV. Computation – Checking or performing calculations.
Analytical Review Techniques
30
These are procedures for obtaining audit evidence.They should be carried out at all stages of the audit from planning to final review
Procedures
Meaning
Using relationships between financial information and other information (financial / non-financial) (ISA 520).
They include disaggregation – breaking down of data into sub divisions for analysis.Concentration on segments or single areasIdentifying influences, assessing mathematical relationships predicting values, comparing predictions with actual.Examining unexpected values and seeking explanations which must be fully verified.
Analytical review is useful in obtaining evidence of completeness of accounting magnitudes.If anomalies are found and inadequate explanations are received, then further audit work will be necessary. If doubts remain and can not be resolved, then the auditor may consider qualifying his report for uncertainty.
APs are used throughout the audit:
Stage of audit Requirement to use How used
Planning Must use To identify risk and determine audit approach
Evidence gathering May use As a substantive test
Completion Must use To identify errors in the financial statements
Practical use of analytical procedures
Understand the client’s business – read the narrative first so the numbers can be placed in context.
Develop expectations
Last year?Budget?Auditor’s own – proof in total?
Compare expected amount to actual
Start with simple numbers e.g. trends, new balances, missing balances, profit last year vs loss this year etc.May calculate ratios
Investigate significant differences
31
Identify as risk areas at the planning stageSeek corroborative evidence at the evidence stageCheck whether sufficient evidence obtained at the completion stage – if not require further work to be done
32
Sampling
Involves the application of audit procedures to less the 100% of the items within a class of transactions or account balances.Not all transactions are checked because of time, economics, practicality, psychological, fruitfulness. 100% check is necessary in areas like the verification of land and buildings, unusual or one off transactions, when the auditor is put to enquiry and high risk areas.
Definition of audit sampling
It is the drawing of conclusions about an entire set of data by testing a representative sample of items.The set of data which may be a set of account balances or transactions is called the population while the individual items making up the population are called sampling units.
AdvantagesReduced workOnly looking for reasonable assurance
DisadvantagesSampling risk
Stages of Audit Sampling
a) Planning – Entails audit objective, the population, the sampling unit, the definition of error in substantive tests
b) Selection of the items to be testedc) Testing the itemsd) Evaluating the results
There are two approaches to sampling which are judgement and statistical sampling
Judgement sampling – ( Seat of Pants approach)It entails the selection of appropriate sample size on the basis of the auditor’s judgement of what is desirable.
Advantages of judgement sampling
a) Well understood and refined by experienceb) User friendly – Auditor can bring his judgement and expertise into playc) No special knowledge of statistics is required.d) No mathematical considerations so all the time is spent on auditing.
Disadvantages of judgement sampling
a) Unscientificb) Wastefulc) No quantitative results are obtainedd) Personal bias in the selection of sample is unavoidablee) There is no real logic to the selection of the sample or its sizef) The sample selection can be slanted to the auditor’s needs.g) The conclusion reached on the evidence from samples is usually vague.
Judgement sampling is the preferred method by most auditors.
33
Statistical Sampling
It entails the use of mathematical tables, graphs or computer methods in selecting the appropriate sample size.
Advantages of Statistical sampling
a) It is scientificb) It is defensiblec) It provides precise mathematical statements about probabilities of being correct.d) It is efficiente) It tends to cause uniform standards among different audit firmsf) It can be used by lower grade staff who would be unable to apply the judgement needed
in judgement sampling
Disadvantages of Statistical Sampling
a) As a technique, it is not always fully understood so that false conclusions may be drawn from the results.
b) Time is spent playing with mathematics which might better be spent on actual auditingc) Audit judgement takes second place to precise mathsd) It is inflexiblee) Often several attributes of transactions or documents are tested at the same time,
statistics does not easily incorporate this.
A sample should be random, representative, protective or unpredictable.
Methods of selecting a sample
I. HaphazardII. Simple randomIII. StratifiedIV. Cluster samplingV. Random systematicVI. Multi stage sampling
VII. Block samplingVIII. Value weighted selection
Sample sizes
Several factors come into consideration when deciding upon the sample size and these include:
1) Population size2) Level of confidence3) Precision4) Risk5) Materiality6) Subjective factors7) Expected error/ deviation rate
Sample Methods
They include:
a) Estimation sampling for variables b) Estimation sampling for attributes
34
c) Acceptance samplingd) Discovery sampling.
Design of sample
Statistical – random or using a probability theory
Non statistical - judgment
EVIDENCE
Basic principles of audit evidence
Auditor must gather sufficient appropriate audit evidence on which to base their opinion.
Sufficient Is there enough evidence. Consider risk and materiality.
AppropriateRelevant to financial statement assertion(s).Reliable – depends on nature and source.
Financial statement assertions ISA 500
Income statement Balance sheet
Should it be in the accounts? Occurrence
Cut-off
Existence
Rights & obligations
Is it included at the right amount?
Accuracy Valuation
Are there any more? Completeness Completeness
Is it properly disclosed and presented?
Classification Allocation
The auditor conducts an audit by –
1) Identifying the assertions made2) Considering the information and evidence he needs3) Collecting the evidence and information4) Evaluating the evidence5) Formulating a judgement
35
Limitations to the ideal Approach to the collection of evidence
a) Absolute proof is impossibleb) Some assertions are not material c) Time is limited – accounts must be produced within a time scale and the auditor may
have to make do with less than perfection to comply with the time scaled) Money is limitede) Sensitivity
The evidence collected by the auditor can be divided into categories as below:
I. Observation – Examination of physical assets etcII. Testimony from independent third parties – e.g. debtors circularisationIII. Authoritative documents prepared from outside the firm – such as title deeds, share
and loan certificatesIV. Authoritative documents prepared from inside the firm - such as minutesV. Testimony from directors and officers of the companyVI. Satisfactory internal control
VII. Calculations performed by the auditorVIII. Subsequent events
IX. Relationship evidenceX. Agreement with expectationsXI. External events
Nine basic techniques of collecting evidence
a) Physical examination and countb) Confirmationc) Examination of organisation’s documentsd) Recomputatione) Retracing bookkeeping proceduresf) Scanningg) Inquiryh) Correlationi) Observation
An established method of collecting evidence is the sampling method.The auditor is also guided by some legal decisions in what evidence he needs
Designing substantive audit tests
Audit tests need to be clear and specific.Each test has 3 components:
ACTION SOURCE OBJECTIVE
Analyse
Enquire
Inspect
Observe
People
Assets
Documents
To confirm FS assertions
CODRACE
36
RecompUte
EVIDENCE CONTINUED
Audit procedures - purchases
Audit Test Reasons
Obtain a sample of list of PO documents from the computer. Trace individual PO to the goods received note (GRN)
Checks the completeness of recording of liabilities
Obtain a sample of the GRNs. Agree details to the PO document on the computer
Ensures that the parts received had been ordered by the business, giving evidence for the occurrence assertion
Review file of unmatched GRNs, investigate reasons for any old (more than one week) items
Ensures the completeness of recording of liabilities. Unmatched items prior to the year end should be included in the payables accrual
Obtain the unmatched invoices file. Investigate old items obtaining reason for GRN not being received/invoice not being processed
Unmatched items at the year end could indicate unrecorded liabilities. Ensure included in the payables accrual if the goods had been received pre-year end
For the sample of entries on the payables ledger, agree to the electronic payments list confirming that the supplier name and amount is correct
Ensures that the liability has been properly discharged by the business and that the payments list is therefore complete
Obtain the bank statements. Trace a sample of payments to the electronic payments list
Confirms that the payment made does relate to the business, confirming the occurrence assertion
For a sample of GRNs in the week pre- and post-year-end, trace to the supporting invoice and entry in the payables ledger, ensuring recorded in the correct accounting year
Confirms the accuracy of cut-off in the financial statements
Audit procedures -payables
Audit Test Reasons
Obtain a list of payables balances from the computerised payables ledger as at the business’ year end. Cast the list
To ensure that the list is accurate and that the total is represented by the individual balances (completeness assertion)
Agree the total of payables to the general ledger and financial statements
To confirm that the total has been accurately recorded and that the balance in the financial statements is represented by valid payables
37
(occurrence assertion)
Perform analytical procedures on the list of payables. Determine reasons for any unusual changes in the total balance or individual payables in the list
Provides initial indication of the accuracy and completeness of the list of payables
MANAGEMENT LETTER
Also known as:
a) Letter of weaknessb) Post audit letterc) Letter of commentd) Letter of recommendatione) Internal control letterf) Follow up letter
Purposes of Management Letters
Constructive advice to client on economies or more efficient use of resourcesFormal request to client to rectify weaknesses which if not rectified may require the auditor to qualify his auditorTo enable the auditor to comment on accounting records, systems and controls with weaknesses and recommendations for improvementTo communicate matters that have come to the auditor’s attention that might have an impact on future auditsFormal information to directors to make clear that they know their legal responsibilities and the consequences of weaknesses in internal control.
Procedures
Can be verbal discussion with client then a formal letter is written to client and client should also write back stating what they propose to do about the weaknesses.There should be a follow up of the same in the next auditLetters of weakness can be sent after interim or final audit or both
Contents
Note of purpose of letter Note of purpose of internal control investigation Disclaimer Weaknesses – Primary and secondary Recommendations for improvement Request for information on remedial action
Reports to management ISA 260
Report controls weaknesses to management.
Covering letter (not usually asked for in exam)To managementDated asap after completion of the audit
38
Includes a disclaimerOnly includes items that happen to have been discovered during the course of the audit, not a comprehensive list of weaknessesFor management use onlyNot for disclosure to third parties without the prior written consent of the auditorThanks staff for their cooperation
Appendix detailing the controls weaknessesUsually in tabular format
Weakness Consequences / impact Recommendation
Fact
May be given in the question – in which case only need the other 2 columns
e.g. lose money, increase costs, lose customer or staff goodwill
Specific
Feasible
Other matters
ISA 260 also requires the UK auditor of listed and other public interest entities to report to those charged with governanceMatters which have a bearing on objectivityRelated safeguardsTotal fees charged for other servicesWritten confirmation of independence
REPORTING
Key elements of audit reports ISA 700
TitleAddresseeIntroductory paragraphDisclaimerStatement of responsibilitiesBasis of opinionOpinionSignatureDate
Note that non-audit assurance reports will have similar contents.
Opinion
Truth and fairness.Properly prepared in accordance with IASProperly prepared in accordance with national rules
39
Directors’ report consistent with the financial statements.In UK also report on RAPI
Key elements of audit reports ISA 700
TitleAddresseeIntroductory paragraphDisclaimerStatement of responsibilitiesBasis of opinionOpinionSignatureDate
Note that non-audit assurance reports will have similar contents.
Opinion
Truth and fairness.Properly prepared in accordance with IASProperly prepared in accordance with national rulesDirectors’ report consistent with the financial statements.In UK also report on RAPID.
Summary Financial Statements
The companies’ Act provides that listed companies can send shareholders a summary financial statement instead of the full annual report.The summary financial statements must be derived from the annual financial statements and directors’ report. It is required to contain a statement by the company’s auditors expressing their opinion as to whether these requirements have been met.The summary statements must also state whether the auditor’s report on the full financial statements included a qualified opinion and if so must give the auditor’s report in full.
Qualified Audit Reports
Some auditors’ reports are qualified for one or more of several reasons.The principal source of material on qualified reports is the company’s ActQualified reports are relatively rare. Small companies with little control especially over cash transactions will often have qualified reports.The main reasons given for qualified reports are limitation in the scope of the work of the auditor and disagreement.The effects of some limitations of scope are so material and pervasive that a disclaimer of opinion is required.The effects of some disagreements can be so material and pervasive that the financial statements are seriously misleading. An adverse opinion is then required.With other less material limitations of scope, a qualified opinion should be given with the wording that the opinion is qualified as to the possible adjustments that might have been determined if the limitation had not existed.
Deciding on the audit opinion
40
The decision tree.
Bank and External Confirmation
Verification of bank balances is affected by:
a) Appraisal of the internal control system.b) Examination and investigation of bank reconciliations
Bank letter
Bank reports help auditors in that:
a) The bank letter is independent audit evidence of high quality.b) They provide evidence on existence, amount, ownership and proper custody.
- Authority has to be obtained from the client before the auditors sent a standard letter to the bank.
- The letter must be duplicated, one for the auditor and the other one for retention by the bank.
- If the auditor receives an unsolicited letter from the bank, he should confirm its authenticity.
Debtors
The general method of verifying debtors is:a) Determine the system of internal control over sales and debtors,b) Obtain a schedule of debtorsc) Examine make up balancesd) Examine and check control accountse) Enquire about credit balances f) Consider the valuation of debtors
Debtors Circularisation
It is a direct confirmation from debtorsThere are two methods of circularisation:
I. Negative circularisation – When a customer is asked to communicate only if he/she does not agree the balance this is normally used where internal control is very strong.
II. Positive circularisation – This is when a customer is asked to reply whether he agrees with the balance or not or is asked to supply the balance himself.
Verification of Assets
Use acronym
CostAuthorisationValueExistenceBO- Beneficial OwnershipPresentation in accounts
41
The auditor has a duty to verify all the assets appearing on the balance sheet and also to verify that there are no other assets which ought to appear on the balance sheet.Existence of an asset does not mean or imply ownership.
Verification procedures
I. Physical inspection II. Inspect title deeds and certificate of ownershipIII. External verification – e.g. bank balancesIV. Anciliary evidence – ownership and existence can be confirmed by receipt of dividends.
Presentation and value
a) Appropriate accounting policies must be adopted, consistently applied and adequately disclosed
b) Accounting standards must be followedc) Materiality must be considered
Inventory
Procedures
Before = Planning
INVENTORY COUNT
During = Attendance
AUDIT VISIT
After = Follow-up
a) Review prior year working papers
a) Observe compliance with instructions
a) Follow-up cut-off tests
b) Discuss instructions b) Make test counts (from physical to recorded and vice versa)
b) Ensure all copies of inventory take sheets from inventory day agree to client inventory sheet and check sequencing is complete
c) Familiarisation, nature, value, location etc
c) Take copies of inventory take sheets
c) Ensure continuous inventory records adjusted
d) Arrange third party certificates
d) Obtain more details of damaged inventory
d) Follow-up third party certificates
e) Consider need for expert (s)
e) Note cut-off details
Obtain the last GRN and GDN on the day
e) Conclude on reliability of quantities used as a basis for computing inventory
f) Role of internal audit f) Valuation review lower
42
of cost and NRV
g) Extract representative sample
Organisation of Inventory Taking
Goods should be kept in bins, racks with descriptions of the item; Goods protected against deterioration and misappropriation; Goods held for third parties and slow-moving, obsolete inventory, are identified and
separated; There is an adequate plan of the area to be covered which should be tidy; Each area marked as counted; and Movement of inventory during the count should be kept to a minimum
Substantive Testing
Valuation
Lower cost and net realisable value for separate items of inventory (IAS2).
Tests
Agree cost to purchase invoiceAgree costs incurred to making the product
Work-in-Progress (WIP) / Specialist Area
Need to use an expert
Net Realisable Value (NRV)
a) NRV is affected by:(i) obsolescence(ii) condition / damage etc(iii) market price fluctuations
b) In computerised inventory recording systems an exception report may identify items which have not moved in a specific period
c) A review of post year-end selling prices may confirm
Examples of substantive procedures in inventories
On the dayAttendance at the inventory takeTesting balances floor sheet and vice versa – take sample from the sheet and count the inventory or vice versaTake copies of inventory sheets for check back at financial statementObserve procedures for inventory movement during the countObserve at the count to ensure all stock lines actually exist
43
On the audit
Examination of inventory sheets and check on arithmetical accuracyVouching inventory pricing by selecting a sample of items from the inventory sheet and tallying them up to purchasing invoice or sales proceedsExamining slow moving and obsolete itemsObtaining certificates for items held at third parties confirming amount and volumeAgree that the treatment of inventory is complying with standardsUse of an expert re: valuationCut-off tests reviewing the GRN and GDN and ensuring the invoices have been raised in the appropriate financial yearAgree breakdown of inventory to last year’s closing inventory figureFor a sample of items inspect purchase invoices to ensure company’s name is present
Non- attendance at stock take by the auditor
The auditor may not be present at stock take due to many reasons, however he must still satisfy himself on the stock take by:
a) Arranging for the stock take to be at an earlier date.b) Appointing agents e.g. for overseas locationsc) Examining continuous stock take records more thoroughly.d) Intensifying other stock taking verification methods e) Using rational methods
- Attendance at stock taking to observe the incidence of internal control is normal audit practice.
COMPUTER AUDITING
Audit procedures of computer applications
Application controls are controls instituted over input, processing and output.
a) Input Controls
They are supervisory or dedicated terminals or terminal security such as passwords, physical access restrictions, segregation of duties and written procedures regarding input and written procedures over input of data.Screen formats should be user friendly to minimise errors and there should be computer dialogues, batch controls and input validation controls such as check for alphanumeric fields, field size check, code tests, value tests and limit and range tests.System generated transactions must be used as far as possible.
Input controls must include pre – numbered input documents
b) Output Controls
The following output handling procedures should be in place: Distribution check lists Report release form which should be accompanied by the following output
controls:I. Visual review by user departments
44
II. Check file controls brought forward and carried forward. In order to achieve completeness of output, the following should be in place:
Reconciliation of output to inputPage numbersSequence checks so as to ensure that information which is output is in conformity to the input.
- Error reports and action on exceptional reports should be generated.
c) Processing controls
The following processing controls should be in place: Sequence checks Run to run controls which use control totals Physical file identification – external file labels and internal file labels Programmed controls
Controls over master files
Under normal circumstances, passwords will restrict the ability to change master files to certain individuals hence the need to have important controls over such files.Change should only be done after authority in writing prior to data capture.A sequentially notable audit trail of master file changes should be produced and the audit trail should be compared to the authorised changed documentation.It is therefore essential to have a regular review of the master file by management.In order to protect the master file, reconciliation and record counts must be made.
