This action might not be possible to undo. Are you sure you want to continue?
to stewards. Stewards would from time to time account to their masters, reciting from memory the goods acquired, those disposed of and those still in their possession. The master would listen to this recital of the stewards’ transactions and question him thereon. The master was the listener or auditor. As a result the word auditor (derived from the latin word audire – to hear) acquired a secondary meaning – one who satisfies himself as to the truth of the accounting of another. In ancient Egypt and Babylon, the practice of checking records was well established. The Greeks and Romans also had very complete systems of auditing public accounts. The Greeks for instance considered the accountability of officials as being of such importance that everyone connected with Government or public administration had to render his accounts. The Evolution of Auditing The historical development of auditing has evolved the audit function through a number of stages. Auditing first emerged in the form of ancient checking activities in the ancient civilizations of China, Egypt and Greece. However, the practice of modern auditing did not become firmly established until the advent of the industrial revolution in the mid nineteenth century in the UK. The audit practice in the mid 1800s to early 1900s can be regarded as “traditional conformance role of auditing” as auditing was mainly concerned with ensuring the correctness of accounts and detecting frauds and errors. Over the past 30 years or so, the auditor played an “enhancing role” by enhancing the integrity and credibility of financial information. Today, auditors are expected not only to enhance the credibility of the financial statement, but also to provide value-added services, such as reporting on irregularities, identifying business risks and advising management on the internal control environment. However, extensive reforms were implemented in various countries as a result of the collapse of big corporations; it is expected that the role of auditors will converge. The role of auditors has moved from “mere conformance through an enhancing role to a convergence role”. It is evident that the paradigm of independent auditing has shifted over the years. It is believed that it may continue to shift in the future. A review of the historical development of auditing has shown that the objective of auditing and the role of auditors are constantly changing as they are highly influenced by contextual factors such as the critical historical events (e.g. the collapse of big corporations), the verdict of the courts, and technological developments (e.g. advancement of computing systems and CAATs). It can be observed that any major changes in these contextual factors are likely to cause a change in the audit function and the role of auditors. As a result, auditing is seen to be evolving at all times.
The audit function in a market economy ultimately evolves by social consent because: Society either accepts or rejects the role of a professional group assumes for itself, in time the group either finds a role acceptable to society or the group disappears. As conditions and apparent needs change, society may reject roles formerly considered accepted so professional groups must continually be alert to the desirability of role modification and revision. However, it is important to note that the change in society’s expectation and the response of the auditing profession towards these changes are not always at the same pace. Hence there is a natural time gap between the changing expectation of the users and the response by the profession and due to this time gap there arises what has been stated as the expectation gap or audit expectation gap. Even though the existence of such a natural time gap is inevitable, auditors should be sensitive to the changing expectation of the relevant groups while at the same time containing these expectations within the constraints of what is possible. There are inevitably economic and practical limitations on what an audit can do, and this is something which those who wish the benefit must understand. The Agency Theory/Problem The objectives of management may differ from those of the firm’s Stockholders. Ownership and control are separate, a situation that allows management to act in its own best interests rather than those of the Stockholders. Management is an agent of the Stockholders and decision making is delegated. Due to the differences in objectives, Stockholders then have to motivate management to think along the lines of the owners (stockholders) by way of incentives, such as stock options, bonuses and perquisites for management to make optimal decisions. Stockholders apart, from giving incentives, can monitor management through bonding, systematically reviewing management perks, auditing financial statements and explicitly limiting management decisions. Definition of Auditing An independent examination by a qualified appointed person (auditor) of a company’s financial statements and books of accounts so as to express or formulate an opinion as to whether the financial statements show a true and fair view of the financial position of that company and its results, and whether the financial statements have been prepared in accordance with International accounting standards, International Financial reporting Standards or Generally Accepted Accounting Principles.
True and Fair View explained There are three possible auditing approaches which might be used and these are:
1. Prescriptive approach – The auditor would list requirements with minimum individual interpretation. 2. Laissez faire – The auditor would leave it up to the directors to decide how much information is required. 3. True and Fair View This literally means that financial statements represent what they are supposed to represent. Financial statements are prepared annually so that shareholders and other users can make appropriate judgments. True and fair view prescribes general principles and establishes information which is considered necessary and also laying down particular requirements only in so far as they are necessary to support general principle. The overriding requirements of an account are to give a fair view and this overrules all other prescription requirements. The main consideration for those who prepare financial statements is what is most appropriate. Skills of directors and auditors must be sound for a true and fair view approach to work. There should be a tendency to disclose more rather than less and we should prevent the embarrassment incidences of hidden facts and figures. The substance of a transaction or an event takes precedence over its legal form. It must be an opinion arrived at rationally and on a supportable basis both theoretically and pragmatically. It requires to be capable of being substantiated by the directors to the auditors who have the responsibility to consider independently on the evidence whether the accounts prepared by the directors do indeed give reference to a true and fair view.
RESPONSIBILITIES Directors’ responsibilities 0 Manage the business 1 Assess business risks 2 Safeguard assets 3 Implement a system of internal controls to prevent and detect fraud and error 4 Maintain books and records 5 Preparation and delivery of financial statements –suitable policies, judgements and estimates 6 Compliance with laws and regulations – relevant disclosures in accounts 7 Stewardship of the business – fiduciary relationship - Agent 8 Accountability 9 Ensure the business is a going concern and can continue to be. Auditors’ responsibilities Statutory audit Other assurance engagements
Form an opinion (T&F, and disclosure notes, Directors’ report) Plan the audit Gather sufficient, appropriate audit evidence Review the work Draw valid conclusions, supported by the evidence gathered Law and regulations / fraud and error Law and regs (ISA 240) Directors’ responsibilities Auditors’ responsibilities
Determined by laws and regs where applicable (e.g. environmental audit) As defined in the Terms of Engagement for that assignment Ethical and professional standards Quality control standards
Fraud and error (ISA 250) Prevent and detect fraud and error Plan and perform the audit so as to have reasonable assurance of detecting material misstatements, however caused Members if impact on audit report Management or audit committee. (unless involved) Consider duty or right to report to third parties
Compliance with laws and regs Plan and perform the audit so as to have reasonable assurance of detecting material misstatements, however caused Members if impact on audit report Management (unless involved) Consider duty or right to report to third parties
RESPONSIBILITIES CONTINUED Money laundering 0 1 2 3 4 5 Auditor has duty to report where actual knowledge or reasonable grounds for suspicion. Wide definition of money laundering – any money from “criminal conduct”. Concept of materiality is not applicable – all amounts are relevant. Report to firm’s MLRO. MLRO decides whether to report to SOCA. Avoid warning client – offence of tipping off.
Is a committee of the board primarily established to provide additional assurance regarding the quality and reliability of both the financial information used by the board and financial statements issued by the Company. Background The concept of audit committees has its foundations in the USA and Canada from Cadbury Report on corporate governance in 1978. All companies as from 1978 listed on the London, New York and Canadian Business Corporations have been obliged to have an audit committee. In South Africa, the King Report on corporate governance published in 1994 included a code of corporate practice and conduct which makes it a Johannesburg Stock Exchange Listing requirement. It required that listed companies include in their annual financial statements a statement by the directors of their compliance with the code. In September 1995, the Institute of Chartered Accountants of Zimbabwe was impressed by the findings of Cadbury and King Reports. They later approached the Minister of Justice, legal and Parliamentary Affairs to suggest that certain recommendations be adopted by law in Zimbabwe. The Law Commissioner recommended all law published entities to establish an audit committee. Audit Committee Charter The role of the audit committee should be documented in a charter approved by the board. The charter should be reviewed on an annual basis by the audit committee and include the following:(i) A general outline of members of the audit committee chaired by a nonexecutive director and has a minimum of three members. (ii) The Financial Director, external auditor and the head of internal auditing be invited to all meetings. (iii) Proposed functions and roles of Audit Committee. Responsibilities and functions of Audit Committee 1. 2. 3. 4. 5. To review financial statements prior to submission to the board for approval. To review periodically the effectiveness of the system of accounting and controls. To act as an advisor to the main board and liaising with internal audit. To discuss the scope and timing of audit work with external auditors. To discuss with the board and the auditors’ significance of matters brought to light by auditors and make appropriate recommendations.
Advantages of Audit Committees 1. Improves the image of the company in the financial community and lend credibility to the financial statements. 2. Increased objectivity at board level as a result of the input from non-executive directors. 3. Increased independence of both internal and external auditors thus enhancing the perceived effectiveness of auditing. Disadvantages of Audit Committees 1. Increased costs as a result of increased directors fees particularly in small firms. 2. Problems of confidentiality of information to persons who are not members is compromised 3. Increased bureaucracy as a result of another tier to the corporate structure. Audit Standards Board In the old days, it was due to the individual members of the auditing profession and their firm to determine how best to carry out their duties. Unfortunately this led to wide variations in the quality of the audit work. The profession’s response was the formation of the International Auditing Practice Board Committee, a committee within the council of the International Federation of Accountants (IFAC). Members are those nominated by the member bodies in the countries selected by the council to serve the committee. Its mandate was to develop and deliver on behalf of the council, standards and statements of auditing and related services.
Why have accounts audited Due to the directors most likely differing to the shareholders, the shareholders will need some protection, and therefore the auditors will independently review that the directors have acted in the best interests of the shareholders.
It is legal requirement especially in public companies For accountability purposes- info gap – assurance
Benefits of assurance work 0 1 2 3 Enhances credibility of financial information (less so for limited assurance but still some) Reduces risk of management bias. Relevance of information enhanced by assurance firm’s experience and expertise. Qualified opinion and additional information can draw attention to risks.
Credibility is given to fin stats by: 1. 2. 3. 4. Auditor’s training Auditor’s experience Auditor’s professional judgement Auditor’s independence
Influences on an audit a). The International Standards of Auditing / Auditing Guidelines b). Professional Board rules c). Legislation d). Terms of engagement e). Codes of practice e.g. local authorities f) Audit risk g). Fear of litigation h). Ethics – i.e. integrity, objectivity, independence, professional competency, due care, professional behaviour and confidentiality. i) The individual audit manual of the firm of auditors. Advantages of an audit 1. Audited financial statements are accepted as reliable by interested parties. 2. The income Tax department accepts with less questioning audited financial statements as a basis for the calculation of income tax. 3. The audited financial statements provide a sound basis for the settlement of claims e.g. claims by a retiring partner. 4. Audited fin stats also provide a reliable basis for the valuation of a business, for estate duty and other purposes. 5. The auditing process has a moral effect on employs as it tends to make employees more careful and accurate in their work. 6. The auditor is in a position to advise his client of improvements which may be made in the accounting system. 7. The auditor’s accumulated knowledge e.g. in finance may be invaluable to a client. Suggestions made by the auditor may point the way to increased efficiency and larger profits. Objectives of an Audit Primary/ Main/ Principal The main objective of an audit is to enable the auditor to express an opinion – whether the fin stats are prepared in all material respects in accordance with the generally accepted accounting principles. The auditor may use phrases such as “the financial statements give a true and fair view” or “present fairly in all material respects” to express his opinion. NB: The auditor’s opinion may be positive or negative.
Secondary/ Subsidiary/ Consequential a). To detect errors and frauds b). To prevent errors and frauds in future by the deterrent and moral effect of the audit. c). To provide spin off effects – assisting clients to put in place accounting systems and taxation. d). Assisting in the establishment and maintenance of adequate internal control systems by reporting deficiencies discovered during audit and making recommendations.
ISA 200 General principles
Legally allowed to audit?
Consider ethical issues
Issue engagement letter
ISA 240 Fraud
ISA 210 Engagement terms ISA 250 Laws & regulations ISA 230 Documentation ISA 315 Understanding & risk assessment
ISA 300 Planning
ISA 320 Audit materiality
Decide audit approach
ISA 330 Auditor’s procedures
ISA 500 Audit evidence ISA 530 Audit sampling ISA 540 A/c estimates
Carry out audit testing
ISA 505 Confirmations ISA 520 Analytical procedures ISA 550 Related parties
Draw conclusions on testing
ISA 570 Going concern
ISA 560 Subsequent events
ISA 700 Audit reports
Determine opinion & produce audit report
ISA 580 Management representations
• ISA 220 Quality control • ISA 260 communication of audit matters
INTERNAL AUDIT It is an element of internal control • Set up by management to examine, evaluate and report on accounting and other controls of the business. • An appraisal activity established within an entity • May exist voluntarily or because of statutory requirements Scope and objectives of internal audit These vary widely and are dependent upon the responsibilities assigned to internal audit by management, the size and structure of the enterprise and the skills and expertise of the internal auditors. Scope of the internal auditors’ work may conveniently be classified into four main interlocking capacities: • Advisory • Executive (implementive) • Reporting • Routine testing It is important that the external auditor be aware the effectiveness of the internal audit functions in each of these capacities before relying on it to the extent of materially reducing the volume of his own normal procedural tests in important areas. To work, the internal audit department must be: • • • Sufficiently resourced Well organised Independent and objective
Other duties of internal audit are: • • Seeing to it that social responsibility policies adopted by top management have been implemented. Acting as training officer in internal control matters Taking a share of the external auditor’s responsibilities in relation to the figures in the annual accounts.
Limitations of the internal audit function The main limitations of internal audit are: 0 1 Independence (or lack of) Variation of standards – relatively new profession
Consideration of outsourcing the internal audit function Possible advantages: 0 1 2 3 4 5 6 Focus on cost and efficiency of the internal audit function Staff have broader range of expertise Risk of staff turnover passed to the outsourcing firm Specialist skills readily available Avoids costs of employing permanent staff Improves independence Access to new market place technologies
Reduced management time in administering an in-house department
Possible disadvantages: 0 Pressure on independence of outsourced function 1 Lack of knowledge and understanding of the organisation’s objectives, culture or business 2 Decisions may be based on cost not effectiveness 3 Flexibility and availability lower than in-house function 4 Lack of control over standard of service 5 Risk of blurring of roles of internal and external audit Internal audit assignment The general approach Identify key risk areas (transfer risk, reduce and accept) Are there any procedures to mitigate the risk? Are the procedures being followed? Are the procedures effective? Report and recommend Compare and contrast Internal and External Auditors Common Interests Differences 1. An effective system of internal control • Scope – extent of work undertakeninternal auditor’s work is determined by management whereas that of internal auditor is determined by statute 2. Continuous effective operation of such • Approach – internal audit is concerned system with internal systems – external audit is concerned with truth and fairness of accounts 3. Adequate management information • Responsibility – Internal auditor is flow answerable to management – external auditor is answerable to Shareholders 4. Asset safeguarding 5. Adequate accounting systems 6. Ensuring compliance with statutory and regulatory requirements Areas of work overlap • • • • Examination of system of internal control Examination of the accounting records and supporting documents Verification of assets and liabilities Observation, enquiry and the making of statistical and accounting ratio measurements
Why Internal and External auditors need to co-operate • • • • To avoid duplication of work To share experiences and expertise For audit planning purposes To aid the external auditor in developing an effective audit approach.
What the external auditor need to consider before relying on internal audit
1. Organisational status – independence, how is it viewed in the organisation, to who does
it report to, is it free to communicate with external auditors
2. Scope and objectives - what are the internal auditors’ terms of reference and the scope 3.
and objectives of their assignments Due Professional care – Is the work of internal audit generally well planned, controlled, recorded and reviewed. Are there adequate audit manuals, work programs and working papers, what are the procedures for controlling individual assignments, are there satisfactory arrangements for reporting and follow up. Technical competence – Are the people performing internal audit work adequately trained, do they have proficiency as auditors. Indicators may be membership of an appropriate professional body. Internal audit reports – Are\the reports of the required quality and does management consider, respond and act upon those reports.
The general assessment of the likely effectiveness and relevance of the external auditor’s judgement as to whether he wishes to place reliance on internal audit. The external auditor should document his assessment and conclusions in this respect and should update his assessment on a yearly basis. Any significant weaknesses in the internal audit function should be pointed out to management in a management letter. In determining the extent of the reliance, the auditor should consider: • • • • • The materiality of the areas or the items to be tested or of the information to be obtained The level of audit risk inherent in the areas or items to be tested or in the information to be obtained. The level of judgement required The sufficiency of complimentary audit evidence Specialist skills possessed by internal audit staff
Although the extent of the work of the external auditor may be reduced by placing reliance on the work of internal audit, the responsibility to report is that of the external auditor alone and thus is indivisible and is not reduced by this reliance. Who can act as an external auditor?
Has to be a member of a Recognised Supervisory Board (RSB) Allowed by the rules to be an auditor Or someone authorised by the state
Excluded even if three conditions met above (law):-
An officer (director or secretary) of the company An employee of the company A business partner or employee of the above
Ethically – we need to review independence, if this is lacking then we should not accept.
Audit exemption 0 Small companies do not need an audit (basic rules – revenue up to £5.6m, gross assets up to £2.8m). 1 The following must be audited regardless of size: 0 Banks or other FSA regulated companies. 1 Insurance companies. 2 PLCs. 3 Subsidiaries of groups containing the above. 4 Charities. Rights of the auditor 0 1 2 3 4 Access to books and records. Information and explanations. Receive notice of and attend general meetings. Speak at general meetings on relevant matters. Special rights attaching to resignation.
Duties of the auditor 0 1 Report on T&F, properly prepared, directors’ report consistent with FS. In UK also report by exception on RAPID (ISA 210 appendix)
0 0 1
By ordinary resolution of members at the AGM and will hold office until the next AGM. Directors may also appoint if no auditor is appointed at the AGM or if there is a casual vacancy, or in some cases the Secretary of State or the Registrar of Companies.
How can an auditor be removed or resign Method Process Removal Arrange for a meeting of the shareholders regarding an ordinary resolution with special notice. Write to shareholders and auditors. Shareholders can attend the AGM and vote. When removed shareholders and directors will need to appoint new auditors. Rights The auditors have the right to receive notice of, attend and speak at AGM. Shareholders simple majority vote Request EGM. Resignation Submit written notice. Company must tell Companies House.
required Have representations circulated to members. Duties Deposit statement of circumstances at company’s registered office.* Deposit statement of circumstances at company’s registered office.* Give written notice.
*statement of matters to be brought to attention of members / creditors, or statement that there are no such matters
ETHICS FRAMEWORK Sources of ethical guidance 0 1 code. IFAC Code of Ethics – governs audits carried out under ISAs. ACCA Code of Ethics – to be followed by ACCAs, but is practically identical to the IFAC
Fundamental principles IFAC Code of Ethics 0 1 2 3 4 Integrity Objectivity Professional competence and due care Confidentiality Professional behaviour
D TOPIC General threats to objectivity 0 1 2 3 4 5 Self-interest Self-review Management - doing the management role Advocacy - seems to represent the client’s views / position on a matter Familiarity or trust Intimidation
Integrity, Objectivity and Independence 0 Sets out requirement for firms to have policies and procedures relating to ethics. 1 The firm should appoint an ethics partner. 2 For listed clients, compliance with ethical standards should be reviewed by an independent partner. 3 Matters that bear on the auditors’ objectivity and independence should be communicated to client management.
Detailed guidance Specific threats Beneficial interest shares Mutual business interest Staff moving from audit firm to client in Why 0 Will want the highest value for shares therefore will not disclose anything that will devalue shares 2 Safeguards 1 Audit partner and staff cannot hold shares in audit client so resign or not accept. 3 Should not go into business with audit client 6 Partner becomes client management within 2 years of being involved in the audit – firm should resign as auditors 7 Other staff – firm must consider implications for independence 8 All – partners and staff should disclose intention to move to client and be removed from the audit team Client joining firm staff audit 9 as above 10 Should not be allowed to work on the audit for 2 years professional Rotate staff as follows: 11 Engagement partner – 5 years 12 Key audit partners and senior staff – 7 years Rotate staff as follows: • • Engagement partner – 10 years Rules more relaxed – might be able to make a case that partner should remain for longer
4 May lose professional scepticism as you know the people involved, familiarity threat.
They know the systems and may work around the auditor’s weaknesses.
Acting for a prolonged period for listed clients
0 Lose scepticism.
1 May not want to upset a friend and lose the relationship
Acting for a prolonged period for nonlisted clients
Dependence on client
0 Will have the fear of losing the money and therefore will not want to upset the client. 1 Self interest threat
2 Fees for services to clients should not exceed following % of firm’s fee income: 0 1 Listed: 10% (review at 5%) Non-listed: 15% (review at 10%) Not allowed loans or guarantees
Fear of not getting paid if
we upset the client Hospitality or other benefits 6 Bribe professional
Overdue fees akin to a loan Firm should have a policy
7 Lose scepticism
9 Basic idea is that they should be modest 10 Should not accept
12 Firm should resign as auditor if there is actual or potential litigation between audit firm and client 14 Consider the impact of non-audit services 15 Establish safeguards to counter any threats – different teams 16 Communicate with those charged with governance 17 taken Document rationale for decisions
13 Self review threat as if we as the auditors review our work and we find an error we may hide those errors to save face
18 Do not help PLCs prepare accounts except in an emergency 19 Do not carry out IA / IT / Valuation work where the external audit opinion will place heavy reliance upon this other work
Confidentiality Auditors should keep client information confidential unless there is a right or duty to disclose. Right to disclose Client permission obtained Public interest To defend the audit firm Duty to disclose 0 Disclose information to certain regulatory bodies: Police – of breaking the law Financial services Banks Insurance companies Money laundering – drug trafficking Duty to disclose Money laundering or suspicions of terrorism or treason Ordered to by a court Required by a regulator
1 If the courts demand information and you refuse to disclose/provide the information it is likely to be considered contempt of court which is illegal
Right to disclose 2 If the actual auditors are subject to disciplinary then they can disclose information
Right to disclose 3 Auditors are allowed to disclose information if they consider it too be in the public interest. Need to take care here as it maybe difficult to prove. 4 If the client gives authorisation we have the right to disclose.
Conflicts of interest Definition: Difficult situations to manage, with no obvious “correct” solution. – Avoid conflicts of interest wherever possible Risks: - confidential information moving between parties - reduced objectivity Safeguards Firm vs. client • E.g. where the auditor recommends another service to a client and receives a commission for doing so. • Disclose to client. • Obtain client consent. Client vs. client 0 E.g. the firm audits clients who are competitors. 1 Main issue is confidentiality. 2 Disclose to client and then the client can decide to continue or not 3 Separate teams with separate reporting lines. 4 Maintain confidentiality (“Chinese walls”). 5 Independent partner review. 6 If sufficient safeguards cannot be implemented, consider resigning / refusing to act.
ACCEPTING ENGAGEMENTS Accepting engagements Usually by tendering for the engagement, considerations including: 0 Fees A company has approached your audit firm 1 Experience asking nomination for appointment, what needs 2 Reputation to be done before you except? 3 Resources 4 Ethical issues 5 Legal considerations re. remove / resignation of previous auditor 6 Risk analysis Potential NEW client or current client with issues RTQ
The engagement letter (ISA 210) 0 0 1 2 3 1 Purpose Confirms acceptance of appointment. Sets out the scope of work and responsibilities. Lays out the form of any reports Narrows the expectation gap and minimises the possibilities of misunderstanding. Main contents of the letter :Objective of the audit Management responsibilities Scope of audit work Deadlines Fees Complaints procedure Access of information Holding clients’ money Data protection 2 Consider the need to update the letter when there are changes in the engagement / management – but do not have to reissue every year. Outgoing auditor • Reply to requests for information from incoming auditor – assuming client gives permission.
Incoming auditor • • • • • • Write to client asking for permission to contact the previous auditors. If client declines, do not accept engagement. If client allows, write to previous auditor asking them about matters that may be relevant to acceptance. Follow up if no reply. Consider reply e.g. unpaid fees, disagreements about accounting treatment. If no reply, can accept the engagement but be sceptical.
PLANNING THE AUDIT Why plan ISA 300 0 1 2 3 4 Enables the audit to be carried out in an effective and timely manner. To reduce audit risk. To determine the audit approach. To decide how much audit work. To facilitate review.
Matters to consider when planning an audit ISA 300 suggests 0 Knowledge of the business. 1 Understanding accounting and internal control systems. 2 Risk and materiality. 3 Nature, extent and timing of procedures. 4 Coordination, direction, supervision and review. 5 Other matters. You might use the mnemonic MARE 0 Materiality 1 Accounting treatment – problems more likely where there is 0 Complexity 1 Estimation 2 Judgement 2 Risk 3 Evidence – practical problems Contents of the audit strategy memorandum Q29 – Tempest 20 marks 0 Characteristics of the business – what does the business do 1 Nature of assignment - what work is to be done is it and Audit?? 2 Key dates – interim and final audit dates, deadlines for the AGM 3 Budget 4 Overall audit approach – test of control and substantive assess the systems to decide reliance 5 Overall materiality 6 Risk areas and important figures 7 Specific areas of audit work (because of issues) 8 Client assistance – IA, documentation etc… Interim and Final audit Interim audit It is voluntary Conducted in between two final audits (during an accounting period) Errors and Fraud are Final audit Done after the end of the accounting period Allocation of work to staff
discovered at an early stage Books and records of client are always up to date Reduces workload for final audit Audited figures may be altered Not relevant for small entities High cost
becomes easier Costs are lower No duplication of work Delay in presentation of final accounts and completion work May overlook some detailed aspects
Differences Interim Audit Carried out during the accounting period Voluntary Suitable for large organisations Final Audit Carried out at the end of the accounting period Compulsory Suitable for small organisations
Contents of the audit planning memorandum • • • • • • • •
Risk assessment. Audit approach. Sampling. Planned audit procedures. Key audit risks. The staff who will do the work The location of the audit The timing of the work to be done A budget of time and costs
The Audit Programme Develops and documents the nature, timing and extent of planned audit procedure required to implement the overall audit plan. Will consist of a very detailed list of things to be done and will show all assets, liabilities, revenues and expenses and such things as sample sizes, bases of selection of samples and when and where the programme is to carried out. It is a set of instructions to staff It needs to take into account ; risk of error, amount of audit evidence required in each area, coordination of auditing with accounts preparation, the co-ordination of any assistance from client staff e.g. on schedules preparation, availability of records, internal audit. Involvement of other auditors and experts if required. Knowledge of the client’s industry, business and organisation It is essential that all members of the audit team fully understand the client’s industry, business and organisation.
There are multiple ways of gaining this knowledge which can be done through: • The client’s annual report and accounts • Analytical review of the client’s interim accounts, financial reports, variance analysis etc • Interim audit reports • Visits to the client’s premises and discussions with management and staff • Perusal of minutes of shareholders, directors, audit committee, budget committee etc • Previous year’s audit files including the permanent file • Consideration of the state of the economy • Reports from within the audit firm which may be relevant to the client e.g. tax department and management consultancy • Perusal of relevant literature from credit rating agencies, stockbrokers, investment analysts • Perusal of relevant trade magazines and journals MATERIALITY AND RISK ASSESSMENT
Materiality ISA 320 0 Information is material if its misstatement or omission would influence the decision of users of the financial statements. 1 This can result from size or nature. Qualitative considerations 0 Effect on use e.g. descriptions of accounting policies should not be misleading. 1 Some items are capable of precise determination e.g. cash, share capital. 2 Directors’ transactions must be accurate. Quantitative considerations 0 Auditor must use their judgement 1 Some rules of thumb: 0 ½ - 1% revenue 1 1 – 2% gross assets 5 – 10% profit before tax Business risk 0 Risk inherent to the business. 1 Of interest to the auditor as business risks may cause material misstatement in the FS. 2 Broken down into 0 Financial risk 1 Operational risk 2 Compliance risk When considering business, it is the threat that an event or action will adversely affect the business’ ability to achieve its own objectives. Business risk can be internal or external e.g. changing legislation. Changes in interest and exchange rates, bad debts, inflation, litigation and political factors all forms of external risk, whereas employees and board of directors’ inefficiency, overtrading, fraud and internal control weaknesses are forms of internal risk. Auditors should consider business risk in three ways: • By enquiring into and assessing business risk thereby gaining an excellent knowledge of the business.
By helping clients to recognise, assess, respond, ignore, welcome, or manage risk. In this respect therefore they can help to manage or eliminate it. Observing the connection between audit and business risk.
Audit risk May be defined in two stages: The possibility that the financial statements contain material misstatements which have escaped detection by both, any internal controls on which the auditor has relied and on the auditor’s own substantive tests and other works OR b) The possibility that the auditor may be required to pay damages to the client or other persons as a consequence of: • The financial statements containing a misstatement; and • The complaining party suffering loss as a direct consequence of relying on the fin stats; and • Negligence by the auditor in not detecting and reporting on the mis statement can be demonstrated. Audit risk can be classified as normal as or higher than normal Normal audit risk is the possibility of an error or fraud going undetected and exists in all auditing situations Higher than normal audit risk can be associated with particular clients or with particular areas of a client’s affairs. Audit risk can arise from a client which is high risk as a whole, for particular areas of a client’s affairs, or from inadequacies in audit work. Audit risk can be minimised by appropriate audit firm organisation and appropriate audit work on a particular client. Risk based auditing takes account of substantive risk, internal control risk, sampling risk and inherent risks. Spotting high risk areas is the important skill, ideas which assist in this, include: a) Identifying large or high value (material) items. b) Recognising error prone conditions, e.g. capital/revenue coding, stock and work in progress. c) Briefing staff on the importance of put upon enquiry situations, the investigation of related parties, and the interpretation of new legislation and accounting standards. One way to reduce audit risk is to acquire the quality standard ISO 9000 either on its own or as part of total Quality Management AR = IR x CR x DR Audit risk is made up of these three components • Inherent risk • Control risk • Detection risk Inherent Risk (IR) This is the possibility of material error or it is the susceptibility of an account balance or class of transactions to misstatements that could be material itself or when included in other balance of transactions assuming that they are not related to internal control systems or the in born chance of errors or misstatements accruing in the collection because of the nature of the transaction. Management need to identify risk areas and improvise suiting internal controls. Areas of high risk such as cash collection systems, use of sensitive assets, compliance with IAS, sales where Identify from the above scenario the main audit risks that the auditor should address, and explain how these can be mitigated. a)
significant amounts may not have been invoiced consequently understating sales and receivables or at times capital expenditure may be included in repairs. Such types of risks are reduced but never eliminated by internal controls. Inherent risk stands independent from the auditor and relate to the client’s circumstances such as management integrity, management experience, nature of business, factors affecting industry, changes in consumer demand and nature of assets and liabilities. Inherent risk assessment Normally assessed at two levels i.e. the financial statements level and at the account balance and class of transactions level e.g. degree of judgement involved in determining account balances susceptibility of asset to loss or misappropriation such as cash transaction not subjected to ordinary processing. It is after assessing the above factors that the auditor will assess whether the inherent risk is high, medium or low. The auditor must understand the accounting system and the internal control system so as to identify major classes of transactions, important accounting records, document and accounts, accounting and financial reporting and the collective control environment to assess the awareness and action of directors and management with regards to internal control. Control risk This is the risk that the internal control system may fail to prevent or detect material errors or irregularities. It is a chance that the controls set up by the management with the auditor assessing them would have failed somehow to prevent material errors or misstatements from occurring. This depends on the effectiveness of the client’s systems. If the internal control system is weak, control risk is high. The auditor assesses the control risk by performing tests of control to obtain audit evidence about the effectiveness of the internal control system and the accounting system and how it is operating during the period under scrutiny. Control risk assessment Basically there is need to understand the accounting and internal control systems and this enables the auditor to identify the major classes of transactions and how they are initiated and supporting documents. Detection Risk This is the chance that the auditor’s procedures would fail to detect material misstatements or the failure on the auditor’s part i.e. he will not detect misstatements in the accounts or class of transactions that could be material individually or when aggregated with other misstatements. The audit procedures may include tests of control and substantive tests. The risk is dependent on the effectiveness of the audit procedures, their extent, timing and adequacy. It may also depend on judgemental interpretation of audit findings. High detection risk means work failure and this is shown by: I. Failure to carry out necessary tests II. Failure to gather enough audit evidence III. Acceptance of inadequate explanations IV. Failure to conclude appropriately because of inference from evidence V. Use of wrong procedures due to incompetence and negligence Detection risk assessment
The level of detection risk relate directly to substantive procedures, control risk assessment, inherent risk assessment which influence the nature and timing. There is an inverse relationship between detection and combined level of inherent and control risk Risk is determined at the planning stage as it affects the nature, extent and timing of work to be done. Controlling
AUDIT APPROACH The audit approach must be designed to respond to the risk assessment and meet the audit objective. Detailed audit procedures Need to determine mix of test control and substantive testing. Gain an understanding of the accounting and internal control systems and document them Perform walkthrough tests Make a preliminary assessment of internal controls Expect controls to be effective Perform tests of controls Are controls effective throughout the year? Expect controls to be ineffective Perform substantive procedures
Analytical Test of detail procedure Test of controls Perform limited substantive procedures To ensure there are no material errors Aim Agree /recalculate Obtain audit evidence about the effective operation of accounting and internal control systems, i.e. that properly designed controls identified in the preliminary assessment of control risk: 0 exist in fact; and 1 have operated effectively throughout the relevant period Description The control is tested, not the transaction. Examples include the following: 0 enquiries and observations corroborating IC functions 1 inspection of documents evidencing operation of IC, e.g. that a transaction has been authorised A ‘deviation’ is where a control has not been operated effectively whether or not a quantitative error has 23 occurred.
Audit working papers Auditors should document in their working papers, matters which are important in supporting their report. Working papers should record the auditor’s planning, the nature, timing and extent of the audit procedures performed and the conclusions drawn from the audit evidence obtained. Auditors should record in their working papers, their reasoning on all significant matters which require the exercise of judgement and their conclusions thereon. Working papers (ISA 230) 0 0 1 2 3 4 Why have working papers? Assist in audit planning. Assist with supervision and review. Record the evidence to support the audit opinion. To control the current year’s work Evidence of work carried out Nature and content of working papers Clear, easy to follow for any experienced auditor who was not part of the proceedings to be able to deduce work performed. Form Working papers can be in any form desired by the auditor, but a usual division is between the permanent file and the current file. Permanent file Usually maintains documents and matters of continuing importance that will be required for more than one audit. It will usually be indexed. Following are some of the contents of a permanent file: Statutory material governing the conduct, accounts and audit of the enterprise The rules and regulations of the enterprise Copies of documents of continuing importance to the auditor. Addresses of the registered office and all other premises with a short description of the work carried on at each. An organisation chart List of books and other records and where they are kept. An outline history of the organisation List of accounting matters of importance
Notes of interviews and correspondences relating to internal control matters A note of the position of the company in the group and of all subsidiaries and associated companies Client’s internal audit and accounting instructions A list of directors, their shareholdings and service contracts A list of the company’s properties and investments with notes on verification. A list of the company’s advisors – bankers, merchant bankers etc. A list of the company’s insurances
Current file Usually contains matters pertinent to the current year’s audit such as : A copy of the accounts being audited, authenticated by the directors’ signatures An index to the file A description of Internal Control system in the form of an ICQ, flowchart etc. An audit programme A schedule for each item in the balance sheet A schedule for each item in the P&L showing its make up. Checklists for compliance with statutory disclosure requirements, accounting standards, auditing standards. A record showing queries raised during the audit and coming forward from previous years A schedule of important statistics A record or abstract from the minutes of the company, directors, etc Copies of letters to the client setting out internal control weaknesses Letters of representation
Internal control Questionnaires It is a comprehensive, all in, inclusive method of ascertaining, recording, and evaluating a system of internal control. Use of a standardised ICQ ensures that all the important questions are asked and the important characteristics of a system are brought out. Flowcharting It is a method of recording internal control systems from the auditor’s standpoint. Advantages of flowcharting To enable the system to be recorded in such a way that it can be understood by all stakeholders Overall picture of a firm is exposed. Consistent system of recording Disciplined method of recording Highlights the relationships between different parts of a system Weaknesses are easier to spot Superfluous forms and bottlenecks are easily spotted. This is really of use to O&M study practitioners but auditors often help their clients in this area. Flowcharts are a permanent record but are easily updated
In complex cases, flowcharting is the only way to gain an understanding of a system Disadvantages of flowcharting Creating them is time consuming They can become a fetish. i.e. start and ends in themselves. They are of little use in systems where internal control is ineffective or very simple. There are numerous symbol systems which can cause confusion Audit Programme A table of the work an auditor does on the occasion of an audit The results of tests, particularly if based on statistical sampling would need some evaluation and the audit programme would provide space for this. Advantages of using audit programmes o
o o o o
They provide a clear set of instructions on the work to be carried out They provide a clear record of the work carried out and by whom Work can be reviewed by supervisors, mangers etc Work will not be duplicated No important work be overlooked Evidence of work done is available for use in defending actions for negligence
Disadvantages of audit programmes o o o o Work may be mechanical Parts may be executed without regard to the whole scheme Programmes are rigidly adhered to although client personnel and systems may have changed Initiative may be stifled When auditor’s suspicions are aroused or put upon enquiry, he should probe the matter to the bottom. A fixed audit programme and limited time tend to inhibit such probings. If work is performed to a predetermined plan, client staff may become aware of the fact and fraud is facilitated.
Other working papers 1. Manuals – contain general instructions on the firm’s procedures 2. Audit note books – They are incorporated in current or permanent files 3. Time sheets – Not strictly a part of the audit working papers, but are of great importance in controlling the work of audit staff and making a proper charge to the client 4. Audit control and review sheets – usually incorporated in the working files Standardisation of working papers Advantages a) b) c) d) e) f) Efficiency Staff become familiar with them Matters are not overlooked They help to instruct staff Work can more easily be controlled and reviewed Work can be delegated to lower level staff
Disadvantages a) b) c) d) e) work becomes mechanical work also becomes standard client staff may become familiar with the method initiative may be stifled the exercise of necessary professional judgement is reduced
Ownership of the books and papers Ownership of the working papers of an audit hinges on whether the accountant is acting as an agent for the client or not. The leading case is Chantrey Martin & Co vs Martin 1953. The ownership of working papers may not seem important but relevant in situations such as changes in professional appointments, legal proceedings for the recovery of documents, negligence actions etc. Auditor’s lien They have a particular lien over any books of accounts, files and papers which their clients have delivered to them and also over any documents which have come into their possession in the course of their ordinary professional work. A particular lien gives the possessor the right to retain goods until a debt arising in connection with those goods is paid Case study – Woodworth vs Conroy 1976 • 5 6 7 8 9 10 11 What would you see on a working paper? Client name Period end Prepared by and dated Reviewed by and dated Subject Cross reference Key
Safe custody of working papers 0 12 13 14 15 16 17 What procedures would you do to ensure safe custody of working papers Locked away Passwords Restricted access Filled away if not required Not to take home Back up
Retention of working papers They should be retained for as long as possible depending on: a. Prospectus requirements are for accounts to be retained for six preceding years b. Tax assessments can be made up to six years after the end of the chargeable period but in fraud cases, can be made at any time
Actions based on contract or tort ( e.g. professional negligence) must be brought within six years.
INTERNAL CONTROLS Internal controls systems 0 Directors are responsible for designing, implementing and monitoring the system of internal controls. 1 This helps them achieve their legal responsibilities 2 Objectives of internal control are safeguarding assets, preparing financial statements accurately, efficiently and timely, and helps prevent and detect fraud and error 3 Auditors are responsible for assessing control risk as a component of audit risk, so they need to consider the internal control system as part of the audit. They may choose to test internal controls as a source of audit evidence. 4 The auditor also reports on significant control weaknesses in the Report to Management. Control procedures The auditor should obtain an understanding of the control procedures sufficient to develop the audit plan. He must be able to identify activities such as: I. Authorisation II. Initiation III. Execution IV. Recording These are policies and procedures designed to prevent or detect and correct errors.
Control objectives To ensure: a) That only valid transactions are recorded b) Transactions are recorded accurately c) All transactions that occur are completely recorded. d) That all transactions are authorized e) That all transactions are classified and there is proper cutoff Identify control procedures Components of an Internal Control System [ISA 315]
Control Control Environment 3 As Attitude Awareness Actions
Risk Assessment Procedures How mgmt identify risk Indicators that risks might be present
Information System What an Information system should do
Control Activities PACAMACS Ideas
Monitoring of Controls Should be on an ongoing basis Still working and appropriate?
Recommending controls – ideas generator P A C A M A C S Physical Controls Approval (signing of documents) Computer Controls Account Reconciliations (bank, receivables,payables) Maintain and review control a/c Arithmetic Controls (sequence checks) Comparison (Actual vs Budget) Segregation of Duties Identify weaknesses – what can go wrong, consequences and state recommendations
Management letter produced
Internal control principles Segregation of duties- processing of a transaction to be spread over a number of people Physical controls – custody controls to adequately safeguard company assets Authorisation & Approval – Authority is delegated to specific individuals held accountable Management controls – There should be adequate management supervisory checks Supervision controls – All actions by all levels of staff should be supervised Organisation controls – Information has got to be processed following organisational structures Arithmetic & accounting – control over accounting records and accuracy of recording Personnel controls – competencies, motivation, integrity, remuneration, promotion, training & Assignment The control environment Looks at : a) b) c) d) Role of the Board Effectiveness of management Reasonableness of management estimates Budgetary control
Limitations of effectiveness of Internal control system The effectiveness of an internal control system is limited by: I. Human error because of negligence, ignorance, destruction and misjudgement II. Management can ignore controls because of the cost factor III. Inherent risk associated factors IV. Staff shortage V. Fraudlent collusion
VI. Abuse of responsibility and authority Steps taken to evaluate internal controls
a) Systems Review – Auditor should do a review to determine the sufficiency of existing b)
controls. This is done through discussions and enquiries to management and personnel or by reviewing the client’s system, flow charts and observations of entity’s activities. Preliminary Assessment – After reviewing the system, the auditor needs to document the findings where review indicates reliance on the system is not justified. Circumstances that may lead to such a finding should be justifiable and if it is found that in a computerised environment, reliance can not be placed on general controls, then the auditor may use other means. It can also be used if it is found that there is a low volume of transactions. Identify the controls of audit importance on which you intend to rely Design and perform test of controls – This involves the design and performance of tests of controls on which the auditor intends to rely on to determine material misstatements through fraud and error or whether the system is functioning properly. Evaluate the findings – After performing test of controls, the auditor needs to find out the effect of control risk. In respect of deviations of the internal control, the auditor should evaluate the nature of deviation so as to determine the extent, i.e. are they recurrent or isolated. Where reliance on internal control is justified, then the auditor should rely on them and limit the substantive procedures. Where reliance on internal control is not justified, adjust the substantive procedures in respect of the nature and timing by adding more substantive procedures and more tests. Reporting weaknesses in the internal control system – Where material weaknesses were reported in the past, it is the duty of the auditor to investigate whether they have been corrected and if not, report it back to management. If such weaknesses have no influence on the current audit, the auditor should inform management that they have not been investigated. AUDIT TEST
c) d) e)
a) Walk through checks – The auditor needs to understand the client’s accounting
system and control environment, so as to be able to plan the audit and determine the audit approach. Walk through tests can be defined as tracing one or more transactions through the accounting system and observing the application of relevant aspects of the internal control system. Tests of control / Compliance tests These are tests to obtain audit evidence about the effective operation of the accounting and control systems. They seek to establish if properly designed controls identified in the preliminary assessment of control risk exist in fact and have operated throughout the relevant period. c) Substantive Tests These are tests to obtain audit evidence to detect material misstatements in financial statements There two types of substantive tests which are: Analytical procedures and other substantive procedures i.e. tests of details of transactions and balances, reviews of minutes of directors’ meetings and enquiry.
d) Rotational Tests 30
These are tests carried out on the assumption that the auditor will be in office for several years and can be in any individual year bring to bear special emphasis on a particular area of the affairs of his client or visit particular branches. There are two kinds of rotational tests:
I. Rotation Audit: Emphasises the auditor performing a systems audit on all areas
of the client’s business every year, but each year he selects one area e.g. wages, sales, stock control, purchases for special in depth testing.
II. Visit Rotation: Where the client has numerous branches, factories, locations,
etc, it may be impractical to visit them all each year. In such cases the auditor visits them in rotation so that while each will not be visited every year, all will be visited over a period of years. Techniques of audit testing They include:
I. Inspection – Looking at records, documents and tangible assets. II. Observation – Looking at procedures actually taking place III. Enquiry – Seeking relevant information by asking questions, orally or in writing, to
persons or institutions inside or outside the client.
IV. Computation – Checking or performing calculations.
Analytical Review Techniques These are procedures for obtaining audit evidence. They should be carried out at all stages of the audit from planning to final review Procedures Meaning Using relationships between financial information and other information (financial / non-financial) (ISA 520). They include disaggregation – breaking down of data into sub divisions for analysis. Concentration on segments or single areas Identifying influences, assessing mathematical relationships predicting values, comparing predictions with actual. Examining unexpected values and seeking explanations which must be fully verified. Analytical review is useful in obtaining evidence of completeness of accounting magnitudes. If anomalies are found and inadequate explanations are received, then further audit work will be necessary. If doubts remain and can not be resolved, then the auditor may consider qualifying his report for uncertainty.
APs are used throughout the audit: Stage of audit Planning Requirement to use Must use How used To identify risk and determine
audit approach Evidence gathering Completion May use Must use As a substantive test To identify errors financial statements in the
Practical use of analytical procedures 0 Understand the client’s business – read the narrative first so the numbers can be placed in context. 1 0 1 2 2 Develop expectations Last year? Budget? Auditor’s own – proof in total? Compare expected amount to actual
0 Start with simple numbers e.g. trends, new balances, missing balances, profit last year vs loss this year etc. 1 May calculate ratios 3 Investigate significant differences
0 Identify as risk areas at the planning stage 1 Seek corroborative evidence at the evidence stage 2 Check whether sufficient evidence obtained at the completion stage – if not require further work to be done
Sampling Involves the application of audit procedures to less the 100% of the items within a class of transactions or account balances. Not all transactions are checked because of time, economics, practicality, psychological, fruitfulness. 100% check is necessary in areas like the verification of land and buildings, unusual or one off transactions, when the auditor is put to enquiry and high risk areas. Definition of audit sampling It is the drawing of conclusions about an entire set of data by testing a representative sample of items. The set of data which may be a set of account balances or transactions is called the population while the individual items making up the population are called sampling units. Advantages 0 Reduced work 1 Only looking for reasonable assurance Disadvantages 0 Sampling risk Stages of Audit Sampling
a) Planning – Entails audit objective, the population, the sampling unit, the definition of b) c) d)
error in substantive tests Selection of the items to be tested Testing the items Evaluating the results
There are two approaches to sampling which are judgement and statistical sampling Judgement sampling – ( Seat of Pants approach) It entails the selection of appropriate sample size on the basis of the auditor’s judgement of what is desirable. Advantages of judgement sampling a) Well understood and refined by experience b) User friendly – Auditor can bring his judgement and expertise into play c) No special knowledge of statistics is required. d) No mathematical considerations so all the time is spent on auditing. Disadvantages of judgement sampling a) b) c) d) e) f) g) Unscientific Wasteful No quantitative results are obtained Personal bias in the selection of sample is unavoidable There is no real logic to the selection of the sample or its size The sample selection can be slanted to the auditor’s needs. The conclusion reached on the evidence from samples is usually vague.
Judgement sampling is the preferred method by most auditors.
Statistical Sampling It entails the use of mathematical tables, graphs or computer methods in selecting the appropriate sample size. Advantages of Statistical sampling a) b) c) d) e) f) It is scientific It is defensible It provides precise mathematical statements about probabilities of being correct. It is efficient It tends to cause uniform standards among different audit firms It can be used by lower grade staff who would be unable to apply the judgement needed in judgement sampling
Disadvantages of Statistical Sampling a) As a technique, it is not always fully understood so that false conclusions may be drawn from the results. b) Time is spent playing with mathematics which might better be spent on actual auditing c) Audit judgement takes second place to precise maths d) It is inflexible e) Often several attributes of transactions or documents are tested at the same time, statistics does not easily incorporate this. A sample should be random, representative, protective or unpredictable. Methods of selecting a sample I. II. III. IV. V. VI. VII. Haphazard Simple random Stratified Cluster sampling Random systematic Multi stage sampling Block sampling Value weighted selection
Sample sizes Several factors come into consideration when deciding upon the sample size and these include: 1) 2) 3) 4) 5) 6) 7) Population size Level of confidence Precision Risk Materiality Subjective factors Expected error/ deviation rate
Sample Methods They include: a) Estimation sampling for variables
b) Estimation sampling for attributes c) Acceptance sampling d) Discovery sampling. Design of sample Statistical – random or using a probability theory Non statistical - judgment
Basic principles of audit evidence Auditor must gather sufficient appropriate audit evidence on which to base their opinion. Sufficient • Is there enough evidence. • Consider risk and materiality. Appropriate 0 Relevant to financial statement assertion(s). 1 Reliable – depends on nature and source. Financial statement assertions ISA 500 Income statement Should it be in the accounts? Occurrence Cut-off Is it included at the right amount? Are there any more? Is it properly disclosed and presented? Accuracy Completeness Classification Balance sheet Existence Rights & obligations Valuation Completeness Allocation
The auditor conducts an audit by – 1) 2) 3) 4) 5) Identifying the assertions made Considering the information and evidence he needs Collecting the evidence and information Evaluating the evidence Formulating a judgement
Limitations to the ideal Approach to the collection of evidence a) Absolute proof is impossible b) Some assertions are not material c) Time is limited – accounts must be produced within a time scale and the auditor may have to make do with less than perfection to comply with the time scale d) Money is limited e) Sensitivity The evidence collected by the auditor can be divided into categories as below:
I. Observation – Examination of physical assets etc II. Testimony from independent third parties – e.g. debtors circularisation III. Authoritative documents prepared from outside the firm – such as title deeds, share
and loan certificates
IV. Authoritative documents prepared from inside the firm - such as minutes
V. VI. VII. VIII. IX. X. XI. Testimony from directors and officers of the company Satisfactory internal control Calculations performed by the auditor Subsequent events Relationship evidence Agreement with expectations External events
Nine basic techniques of collecting evidence a) b) c) d) e) f) g) h) i) Physical examination and count Confirmation Examination of organisation’s documents Recomputation Retracing bookkeeping procedures Scanning Inquiry Correlation Observation
An established method of collecting evidence is the sampling method. The auditor is also guided by some legal decisions in what evidence he needs Designing substantive audit tests 0 1 Audit tests need to be clear and specific. Each test has 3 components:
Analyse Enquire Inspect
People Assets Documents
To confirm FS assertions CODRACE
EVIDENCE CONTINUED Audit procedures - purchases Audit Test Obtain a sample of list of PO documents from the computer. Trace individual PO to the goods received note (GRN) Obtain a sample of the GRNs. Agree details to the PO document on the computer Review file of unmatched GRNs, investigate reasons for any old (more than one week) items Obtain the unmatched invoices file. Investigate old items obtaining reason for GRN not being received/invoice not being processed For the sample of entries on the payables ledger, agree to the electronic payments list confirming that the supplier name and amount is correct Obtain the bank statements. Trace a sample of payments to the electronic payments list For a sample of GRNs in the week pre- and post-year-end, trace to the supporting invoice and entry in the payables ledger, ensuring recorded in the correct accounting year Reasons Checks the completeness of recording of liabilities Ensures that the parts received had been ordered by the business, giving evidence for the occurrence assertion Ensures the completeness of recording of liabilities. Unmatched items prior to the year end should be included in the payables accrual Unmatched items at the year end could indicate unrecorded liabilities. Ensure included in the payables accrual if the goods had been received pre-year end Ensures that the liability has been properly discharged by the business and that the payments list is therefore complete Confirms that the payment made does relate to the business, confirming the occurrence assertion Confirms the accuracy of cut-off in the financial statements
Audit procedures -payables Audit Test Obtain a list of payables balances from the computerised payables ledger as at the business’ year end. Cast the list Agree the total of payables to the general Reasons To ensure that the list is accurate and that the total is represented by the individual balances (completeness assertion) To confirm that the total has been accurately
ledger and financial statements
recorded and that the balance in the financial statements is represented by valid payables (occurrence assertion) Provides initial indication of the accuracy and completeness of the list of payables
Perform analytical procedures on the list of payables. Determine reasons for any unusual changes in the total balance or individual payables in the list
MANAGEMENT LETTER Also known as: a) b) c) d) e) f) Letter of weakness Post audit letter Letter of comment Letter of recommendation Internal control letter Follow up letter
Purposes of Management Letters •
• • •
Constructive advice to client on economies or more efficient use of resources Formal request to client to rectify weaknesses which if not rectified may require the auditor to qualify his auditor To enable the auditor to comment on accounting records, systems and controls with weaknesses and recommendations for improvement To communicate matters that have come to the auditor’s attention that might have an impact on future audits Formal information to directors to make clear that they know their legal responsibilities and the consequences of weaknesses in internal control.
Procedures Can be verbal discussion with client then a formal letter is written to client and client should also write back stating what they propose to do about the weaknesses. There should be a follow up of the same in the next audit Letters of weakness can be sent after interim or final audit or both Contents • • • • • • Note of purpose of letter Note of purpose of internal control investigation Disclaimer Weaknesses – Primary and secondary Recommendations for improvement Request for information on remedial action
Reports to management ISA 260 0 Report controls weaknesses to management.
1 Covering letter (not usually asked for in exam) 0 To management 1 Dated asap after completion of the audit 2 Includes a disclaimer 0 Only includes items that happen to have been discovered during the course of the audit, not a comprehensive list of weaknesses 1 For management use only 2 Not for disclosure to third parties without the prior written consent of the auditor 3 Thanks staff for their cooperation 0 1 2 0
Appendix detailing the controls weaknesses Usually in tabular format Consequences / impact e.g. lose money, increase costs, lose customer or staff goodwill Recommendation Specific Feasible
Weakness Fact May be given in the question – in which case only need the other 2 columns
Other matters ISA 260 also requires the UK auditor of listed and other public interest entities to report to those charged with governance 3 Matters which have a bearing on objectivity 4 Related safeguards 5 Total fees charged for other services 6 Written confirmation of independence
REPORTING Key elements of audit reports ISA 700 0 1 2 3 4 5 6 7 8 Title Addressee Introductory paragraph Disclaimer Statement of responsibilities Basis of opinion Opinion Signature Date
Note that non-audit assurance reports will have similar contents. Opinion
0 1 2 3 4
Truth and fairness. Properly prepared in accordance with IAS Properly prepared in accordance with national rules Directors’ report consistent with the financial statements. In UK also report on RAPI
Key elements of audit reports ISA 700 9 10 11 12 13 14 15 16 17 Title Addressee Introductory paragraph Disclaimer Statement of responsibilities Basis of opinion Opinion Signature Date
Note that non-audit assurance reports will have similar contents. Opinion 5 6 7 8 9 Truth and fairness. Properly prepared in accordance with IAS Properly prepared in accordance with national rules Directors’ report consistent with the financial statements. In UK also report on RAPID.
Summary Financial Statements The companies’ Act provides that listed companies can send shareholders a summary financial statement instead of the full annual report. The summary financial statements must be derived from the annual financial statements and directors’ report. It is required to contain a statement by the company’s auditors expressing their opinion as to whether these requirements have been met. The summary statements must also state whether the auditor’s report on the full financial statements included a qualified opinion and if so must give the auditor’s report in full. Qualified Audit Reports Some auditors’ reports are qualified for one or more of several reasons. The principal source of material on qualified reports is the company’s Act Qualified reports are relatively rare. Small companies with little control especially over cash transactions will often have qualified reports. The main reasons given for qualified reports are limitation in the scope of the work of the auditor and disagreement. The effects of some limitations of scope are so material and pervasive that a disclaimer of opinion is required. The effects of some disagreements can be so material and pervasive that the financial statements are seriously misleading. An adverse opinion is then required.
With other less material limitations of scope, a qualified opinion should be given with the wording that the opinion is qualified as to the possible adjustments that might have been determined if the limitation had not existed. Deciding on the audit opinion The decision tree. Bank and External Confirmation Verification of bank balances is affected by: a) Appraisal of the internal control system. b) Examination and investigation of bank reconciliations Bank letter Bank reports help auditors in that: a) The bank letter is independent audit evidence of high quality. b) They provide evidence on existence, amount, ownership and proper custody. Authority has to be obtained from the client before the auditors sent a standard letter to the bank. The letter must be duplicated, one for the auditor and the other one for retention by the bank. If the auditor receives an unsolicited letter from the bank, he should confirm its authenticity.
Debtors The general method of verifying debtors is: a) Determine the system of internal control over sales and debtors, b) Obtain a schedule of debtors c) Examine make up balances d) Examine and check control accounts e) Enquire about credit balances f) Consider the valuation of debtors Debtors Circularisation It is a direct confirmation from debtors There are two methods of circularisation: I. Negative circularisation – When a customer is asked to communicate only if he/she does not agree the balance this is normally used where internal control is very strong. II. Positive circularisation – This is when a customer is asked to reply whether he agrees with the balance or not or is asked to supply the balance himself. Verification of Assets Use acronym Cost
Authorisation Value Existence BO- Beneficial Ownership Presentation in accounts The auditor has a duty to verify all the assets appearing on the balance sheet and also to verify that there are no other assets which ought to appear on the balance sheet. Existence of an asset does not mean or imply ownership. Verification procedures I. Physical inspection II. Inspect title deeds and certificate of ownership III. External verification – e.g. bank balances IV. Anciliary evidence – ownership and existence can be confirmed by receipt of dividends. Presentation and value a) Appropriate accounting policies must be adopted, consistently applied and adequately disclosed b) Accounting standards must be followed c) Materiality must be considered Inventory Procedures
INVENTORY COUNT Before = Planning a) b) Review prior year working papers Discuss instructions a) b) During = Attendance Observe compliance with instructions Make test counts (from physical to recorded and vice versa) a) b)
AUDIT VISIT After = Follow-up Follow-up cut-off tests Ensure all copies of inventory take sheets from inventory day agree to client inventory sheet and check sequencing is complete Ensure continuous inventory records adjusted Follow-up third party certificates
Familiarisation, nature, value, location etc Arrange third party certificates
Take copies of inventory take sheets Obtain more details of damaged inventory
Consider need for expert (s)
Note cut-off details Obtain the last GRN and GDN on the day
Conclude on reliability of quantities used as a basis for computing inventory Valuation review lower of cost and NRV
Role of internal audit Extract representative sample
Organisation of Inventory Taking • • • • • • Goods should be kept in bins, racks with descriptions of the item; Goods protected against deterioration and misappropriation; Goods held for third parties and slow-moving, obsolete inventory, are identified and separated; There is an adequate plan of the area to be covered which should be tidy; Each area marked as counted; and Movement of inventory during the count should be kept to a minimum
Substantive Testing Valuation Lower cost and net realisable value for separate items of inventory (IAS2). Tests 0 1 Agree cost to purchase invoice Agree costs incurred to making the product
Work-in-Progress (WIP) / Specialist Area Need to use an expert Net Realisable Value (NRV) a) NRV is affected by: (i) obsolescence (ii) condition / damage etc (iii) market price fluctuations b) In computerised inventory recording systems an exception report may identify items which have not moved in a specific period c) A review of post year-end selling prices may confirm Examples of substantive procedures in inventories On the day 0 Attendance at the inventory take
1 Testing balances floor sheet and vice versa – take sample from the sheet and count the inventory or vice versa 2 Take copies of inventory sheets for check back at financial statement 3 Observe procedures for inventory movement during the count 4 Observe at the count to ensure all stock lines actually exist
On the audit 5 Examination of inventory sheets and check on arithmetical accuracy 6 Vouching inventory pricing by selecting a sample of items from the inventory sheet and tallying them up to purchasing invoice or sales proceeds 7 Examining slow moving and obsolete items 8 Obtaining certificates for items held at third parties confirming amount and volume 9 Agree that the treatment of inventory is complying with standards 10 Use of an expert re: valuation 11 Cut-off tests reviewing the GRN and GDN and ensuring the invoices have been raised in the appropriate financial year 12 Agree breakdown of inventory to last year’s closing inventory figure 13 For a sample of items inspect purchase invoices to ensure company’s name is present Non- attendance at stock take by the auditor The auditor may not be present at stock take due to many reasons, however he must still satisfy himself on the stock take by: a) Arranging for the stock take to be at an earlier date. b) Appointing agents e.g. for overseas locations c) Examining continuous stock take records more thoroughly. d) Intensifying other stock taking verification methods e) Using rational methods Attendance at stock taking to observe the incidence of internal control is normal audit practice.
COMPUTER AUDITING Audit procedures of computer applications Application controls are controls instituted over input, processing and output. a) Input Controls They are supervisory or dedicated terminals or terminal security such as passwords, physical access restrictions, segregation of duties and written procedures regarding input and written procedures over input of data. Screen formats should be user friendly to minimise errors and there should be computer dialogues, batch controls and input validation controls such as check for alphanumeric fields, field size check, code tests, value tests and limit and range tests. System generated transactions must be used as far as possible. Input controls must include pre – numbered input documents
b) Output Controls The following output handling procedures should be in place: • Distribution check lists • Report release form which should be accompanied by the following output controls: I. Visual review by user departments II. Check file controls brought forward and carried forward. In order to achieve completeness of output, the following should be in place: • Reconciliation of output to input • Page numbers • Sequence checks so as to ensure that information which is output is in conformity to the input. Error reports and action on exceptional reports should be generated.
c) Processing controls The following processing controls should be in place: Sequence checks Run to run controls which use control totals Physical file identification – external file labels and internal file labels Programmed controls
Controls over master files Under normal circumstances, passwords will restrict the ability to change master files to certain individuals hence the need to have important controls over such files. Change should only be done after authority in writing prior to data capture. A sequentially notable audit trail of master file changes should be produced and the audit trail should be compared to the authorised changed documentation. It is therefore essential to have a regular review of the master file by management. In order to protect the master file, reconciliation and record counts must be made.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.