Professional Documents
Culture Documents
F8 Small Notes
F8 Small Notes
3. A member should not personally take part in the audit where he or she has been an
officer or employee of a company within the two years prior to the commencement of the
first day of the period reported on.
(iv) Other services
1. A firm should not participate in the preparation of the accounting records of a company
listed on a stock exchange or a public interest company except in relation to the finalisation
of the statutory accounts (assistance of a mechanical nature) or in an emergency situation.
2. Where a firm does provide such assistance to a smaller firm, care should be taken not to
take on management functions, to ensure that the client accepts responsibility for the
accounting records, and to ensure that adequate audit tests are performed and properly
recorded.
3. A firm may advertise for and interview prospective staff for a client and produce a short
list and recommendations, but the client must make the final decision.
4. A firm should not audit a clients financial statements which include the product of
specialist valuations performed by the firm (such as the valuation of intangible assets or
pension funds).
5. Where a firm provides other services to audit clients, it is important that the audit team
should be entirely independent of the team providing the other service. One method of
achieving this is by setting up internal structures whereby the two teams do not
communicate with one another.
However, these rules are general principles only; more detailed guidance is also available
to accountants, as explained below.
ACCAs Code of ethics obligatory disclosure
As noted above, ACCAs Code of ethics confirms that when a member agrees to work for a
client in a professional capacity, it is an implied term of that agreement that the member
will not disclose a clients affairs to any other person.
The recognised exceptions to this rule are where a member knows or suspects that his client
has committed treason, or is involved in drug trafficking or terrorist offences. In this
situation, information must be disclosed to a competent authority. The actual disclosure will
depend on the laws of the jurisdiction where the auditor is located.
The auditor may also be obliged to provide information where a court demands disclosure.
Refusal to provide information is likely to be considered contempt of court with the auditor
being liable for this offence.
ACCA Code of ethics voluntary disclosure
A member may also disclose client confidential information voluntarily, that is without
client permission, in a limited number of situations.
To protect a members interest e.g. to allow a member to sue a client for unpaid fees or
defend an action for negligence.
Where there is a public duty to disclose e.g. the client has committed an action against the
public interest such as unauthorised release of toxic chemicals.
(c) Circumstances in which it would not be possible to rely on the work of internal audit
(i) It may not be possible to rely on the work of internal auditors if they:
are not competent (this relates to experience as well as qualifications);
lack integrity;
do not properly plan or document their work, or if management does not act on (or
at least respond to) recommendations made;
do not perform work relevant to the external auditor.
(ii) It will also not be possible to rely on internal audit if internal audit is insufficiently
independent within the organization, i.e. where internal auditors have insufficient
operational freedom, where they are reporting to those who control the functions that they
work on, or where they are reporting on their own work.
Special projects
Special investigations rely on situations arising within the business, but could encompass
issues such as fraud detection.
6
The internal controls to manage the risks associated with the receivables ledger
under the headings: all customers, slow paying customers, larger accounts, and
overseas customers.
Internal controls
(i) All customers
I would recommend that:
credit checks be performed when new customers seek credit, and that cash in advance or
on delivery is required where large orders are placed by new customers;
credit limits be set for all customers based on the length of the relationship with the
customer, the volume of sales and their payment history;
payment terms be set (say, 30 days for local customers, 45 days for overseas customers);
insurance be taken out against the risk of bad debts.
These controls will help ensure that accounts do not become overdue, damaging the
companys cash flow and increasing the risk of bad debts.
(ii) Slow paying customers
I would recommend that:
dedicated staff are assigned to chase slow payers regularly for outstanding amounts and
to ensure that a stop is put on accounts that are significantly overdue;
legal action is taken against those customers owing large amounts for long periods for
which there are no good reasons.
(iii) Larger accounts large shops, chains of shops and mail order companies
I would recommend that dedicated staff are assigned to manage the relationship with
larger customers, particularly the mail order companies.
(iv) Overseas customers
I would recommend that:
overseas customers be allowed a credit period of say, 45 days in order to permit the
required bank transfers to take place;
overseas customers be required to pay in the currency used by the company (except
perhaps for large orders which may be backed by government guarantees) or in a stable
currency which does not fluctuate significantly against the currency used by company.
The documentation that is needed for the familiarizing of the auditor with an
audit client.
Documentation
Information obtain
audit risk
Audit risk
Audit risk is the risk of giving an inappropriate opinion on the financial statements; for
example failing to qualify when the financial statements contain a material error. Audit risk
has three individual components in the formula:
Audit Risk = Inherent Risk x Control Risk x Detection Risk
10
The enquiries you will make, and the audit procedures you will perform to assist
you in making a decision regarding the going concern status of a client in
reaching your audit opinion on the financial statements.
Going concern work
Review the financial position of the company in detail. Budgets and cash flow forecasts
showing income and expenditure for at least the next 12 months must be reviewed. The
accuracy of these forecasts can be determined in part by checking how accurate past
forecasts were. If the directors have not produced this information, then the auditor will ask
them to produce it.
If not already done so, obtain a standard audit bank confirmation letter. Check the letter
for overdraft and loan facilities to ensure that they have not been exceeded. Also check
review dates (although it appears this will be three months after the end of the year) and
confirm with directors what accounting information will be expected at these dates.
Review correspondence with the bank for signs of strain with the bank. A poor relationship
implies that further loans may not be granted and alternative finance will be required.
However, it is unlikely that any details of the relationship with their client will be provided
by the bank.
Make enquiries with the directors regarding the availability of other finance which will
be necessary for the planned expansion. Obtain supporting evidence for this finance, such
as letters confirming amounts available and interest rates payable.
As close as possible to the date of the auditors report, review the most recent management
accounts to help determine the extent of any additional finance required.
Obtain a letter of representation from the directors confirming their responsibility for
preparing cash flow forecasts and for the overall going concern status of Parker.
Use all the evidence obtained to take a view on the going concern status of Parker and
review the adequacy of disclosure (if any) in the accounting policy note to the financial
statements.
11
12
The responsibilities of external auditors in respect of the risk of fraud and error
in an audit of financial statements.
(i) External auditors are required by ISA 240 The Auditors Responsibility to Consider
Fraud in an Audit of Financial Statements to consider the risks of material misstatements
in the financial statements due to fraud.
Their audit procedures will then be based on a risk assessment ( ).
Regardless of the risk assessment, auditors are required to be alert to the possibility of
fraud throughout the audit and maintain an attitude of professional skepticism,
notwithstanding the auditors past experience of the honesty and integrity of
management and those charged with governance. Members of the engagement team
should discuss the susceptibility of the entitys financial statements to material
misstatements due to fraud.
(ii) Auditors should make enquiries of management regarding managements assessment of
fraud risk, its process for dealing with risk, and its communications with those charged with
governance and employees. They should enquire of those charged with governance about
the oversight process.
(iii) Auditors should also enquire of management and those charged with governance about
any suspected or actual instance ( ) of fraud.
(iv) Auditors should consider fraud risk factors, unusual or unexpected relationships,
and assess the risk of misstatements due to fraud, identifying any significant risks. Auditors
should evaluate the design of relevant internal controls, and determine whether they have
been implemented.
(v) Auditors should determine an overall response to the assessed risk of material
misstatements due to fraud and develop appropriate audit procedures, including testing
certain journal entries, reviewing estimates for bias, and obtaining an understanding of
the business rationale of significant transactions outside the normal course of business.
Appropriate management representations should be obtained.
(vi) Auditors are only concerned with risks that might cause material error in the
financial statements. External auditors might therefore pay less attention than internal
auditors to small frauds (and errors), although they must always consider whether
evidence of single instances of fraud (or error) are indicative of more systematic
problems.
(vii) Where auditors encounter suspicions or actual instances of fraud (or error), they must
consider the effect on the financial statements, which will usually involve further
investigations. They should also consider the need to report to management and those
charged with governance.
13
(viii) Where serious frauds (or errors) are encountered, auditors need also to consider
the effect on the going concern status of the entity, and the possible need to report
externally to third parties, either in the public interest, for national security reasons, or
for regulatory reasons.
14
Checking the clients files in a live situation. There is the danger that the clients
systems are disrupted by the audit program. The data files can be used offline, but
this will mean ensuring that the files are true copies of the live files.
When reporting on a cash flow forecast, explain the term negative assurance
and why this is used.
The term negative assurance means that the auditor has carried out work on the cash
flow but that the accuracy of the forecast cannot be confirmed. The auditor will report
that the cash flow appears to be reasonable, but not that it shows a true and fair view. The
auditor is therefore not confirming that the cash flow is correct, rather that there is
nothing to indicate it is incorrect.
This type of report is appropriate for a forecast because it relates to the future. It is
therefore not possible to state that the forecast is materially correct in terms of truth and
fairness because the forecast has not been tested against the future. The actual results are
therefore uncertain. It may not be correct simply because future conditions do not agree
with those under which the forecast was prepared.
15
Explain how sampling and non-sampling risk can be controlled by the audit firm.
(a) Sampling risk
Sampling risk is the possibility that the auditors conclusion, based on a sample, may be
different from the conclusion reached if the entire population were subjected to the audit
procedure.
The auditor may conclude from the results of testing that either material misstatements
exist, when they do not, or that material misstatements do not exist when in fact they do.
Sampling risk is controlled by the audit firm ensuring that it is using a valid method of
selecting items from a population and/or increasing the sample size.
Non-sampling risk
Non-sampling risk arises from any factor that causes an auditor to reach an incorrect
conclusion that is not related to the size of the sample.
Examples of non-sampling risk include the use of inappropriate procedures,
misinterpretation of evidence or the auditor simply missing an error.
Non-sampling risk is controlled by providing appropriate training for staff so they know
which audit techniques to use and will recognise an error when one occurs.
Define materiality and explain why the auditors must form an opinion on
whether the financial statements are free from material misstatement.
Information is material if its omission or misstatement could influence the economic
decisions of users taken on the basis of the financial statements.
Materiality depends on the size of the item or error judged in the particular circumstances
of its omission or misstatement.
It is important that the auditors of Tam ensure that the financial statements are free from
material error for the following reasons:
There are only two owner/directors who will be the initial users of the financial
statements. While the owners/directors maintain the accounting records, the
directors will want to know if there are material errors resulting from any mistakes
they may have made; the auditor has a responsibility to the members to ensure
that the financial statements are materially correct
16
There are also other users of the financial statements who will include the
taxation authorities and the bank who have made a loan to the company. They will
want to see true and fair accounts. The auditors must therefore ensure that the
financial statements are free from material misstatement to avoid any legal
liability to third parties if they audit the financial statements negligently.
Audit risk
(vi) Audit risk is the product of inherent risk, control risk and detection risk and is the
risk that the auditors will issue an inappropriate audit opinion.
This risk can be managed by decreasing detection risk by altering the nature, timing and
extent of audit procedures applied. Where inherent risk is high and controls are weak (as
may be the case here) more audit work will be performed in appropriate areas in order to
reduce audit risk to an acceptable level.
17
ISA 400 Risk Assessments and Internal Control identifies a number of key
procedures which auditors should perform if they wish to rely on internal
controls and reduce the level of substantive testing they perform. These include:
Documentation of accounting and internal control systems;
Walk-through tests;
Audit sampling;
Testing internal controls;
Dealing with deviations from the application of control procedures.
Internal controls
Key procedures
(i) Documentation of accounting and internal control systems
Auditors document accounting and internal control systems in order to evaluate them for
their adequacy as a basis for the preparation of the financial statements and to make a
preliminary risk assessment of internal controls.
In very simple systems with few internal controls where auditors do not intend to perform
tests of internal controls, it is not necessary to document the internal control system in
detail. It is always necessary, however, to have sufficient knowledge of the business to
perform an effective audit.
For large entities, where the client has already documented the system, it is not necessary
for the auditors to repeat the process if they can satisfy themselves that the clients
documentation is adequate.
(ii) Walk through tests
The purpose of walk-through tests is for the auditors to establish that their recording of
the accounting and internal control system is adequate.
Auditors trace a number of transactions from source to destination in the system, and
vice versa.
For example, customer orders can be traced from the initial documentation recording the
order, through to the related entries in the daybooks and ledgers.
It is common for walk-through tests to be performed at the same time as tests of controls,
where auditors are reasonably confident that systems are recorded adequately.
18
The control objectives for the ordering, despatch and invoicing of goods.
Control objectives
Ordering of goods
Goods are only supplied to authorised customers
Orders are recorded correctly regarding price, quantity, item and customer details
Despatch and invoicing of goods
Orders are despatched to the correct customer
All despatches are correctly recorded
Despatches only relate to goods ordered and paid for by customers
Invoices raised relate to goods supplied by the company
20
Compare the responsibilities of the external and internal auditors to detect fraud.
(b) Fraud and External/Internal audit
Guidance on the auditors responsibility with respect to fraud can be found in ISA 240 The
Auditors Responsibility to Consider Fraud in an Audit of Financial Statements.
Main reason for audit work
The external auditor is primarily responsible for the audit opinion on the financial
statements. The main focus of audit work is therefore to ensure that the financial
statements show a true and fair view. The detection of fraud is therefore not the main
focus of the external auditors work.
The main focus of the work of the internal auditor is checking that the internal control
systems in a company are working correctly. Part of that work may be to conduct
detailed review of systems to ensure that fraud is not taking place.
Materiality
In reaching the audit opinion and performing audit work, the external auditor takes into
account the concept of materiality.
In other words, the external auditor is not responsible for checking all transactions. Audit
procedures are planned to have a reasonable likelihood of identifying material fraud.
However, internal auditors may carry out a detailed review of transactions, effectively
using a much lower materiality limit. It is more likely that internal auditors will detect
fraud from their audit testing.
Identification of fraud
In situations where the external auditor does detect fraud, then the auditor will need to
consider the implications for the entire audit. In other words, the external auditor has a
responsibility to extend testing into other areas because the risk of providing an incorrect
audit opinion will have increased.
Where internal auditors detect fraud, they may extend testing into other areas. However,
audit work is more likely to focus on determining the extent of fraud and ensuring similar
fraud has not occurred in other locations.
The factors that should be taken into consideration when appointing an external
consultant.
Use of expert
Qualification
The consultant should have a relevant qualification to show ability to undertake the work.
In this case being a member of a relevant computer society or the Institute of Internal
Auditors would be appropriate.
Experience
The consultant should be able to show relevant experience from previous projects for
example, upgrading or amending wages systems for other clients.
References
Hopefully the consultant will be able to provide references from previous employers
showing capability to undertake the work.
21
Access to information
The consultant will need access to important and sensitive information in SouthLea. The
chief accountant must ensure that this information will be made available to third parties.
The consultant will have to sign a confidentiality agreement.
22