Developed by Fahim Muhammad Nael ACCA, CPFA Sheet 1 F8 – Audit & Assurance (INT)

Audit Framework & Regulation

Section 1

A) Reporting as a means of communication to different stakeholders

Reporting adds to the credibility of the figures and performance of the company for stakeholders.

Who are the stakeholders/users of financial statements? Who is interested?

These include the following:

1. Directors
Financial statements allow directors to summarise the performance of the company &
communicate to shareholders how the company is performing, year on year, compared to
competitors & to the relevant industry.

2. Creditors
Can assess how risky the company is by analysing the financial statements, perform ratio
analysis of gearing, profitability etc. & therefore conclude if the company would be able to
repay any loans or credit.

3. Shareholders
Can feel confident that the company will remain a going concern after all the appropriate
accounting standards, audit standards & legal requirements are being adhered to.
4. The public

5. Taxation authorities
Can rely on financial statements and the amount of profit to which tax will be applied.

6. Employees
Assures employees the company will remain a going concern and thus their future is safe.
They will also be able to assess if their wages & salaries are within the industry norm.

B) What is Stewardship / Accountability/ Agency/ Independent audit/

Professional Skepticism?

Stewardship - It’s the responsibility to take good care of resources. A steward is a person entrusted with
management of another person’s property.

Accountability - It means people in power can be held accountable for their action for e.g. director’s

1
Developed by Fahim Muhammad Nael ACCA, CPFA Sheet 1 F8 – Audit & Assurance (INT)

accountability to shareholders.

Agency - It exists when principle employs another party to perform a task on their behalf. Employees are
agent of directors and directors in turn are agent of shareholders.

Independent Audit - An independent audit is now require to be conducted to find how directors have
executed the agency relationship or retained the position of a wise steward. Well if the directors and
auditors have previous relationship or if the auditors can be influenced by directors then the objective of
audit would be hampered. Since the auditor may give a biased opinion.

Professional Skepticism - As the auditor conducts his work he must have a questioning attitude i.e.
should be well aware of the fact that F/S may be misstated and the evidence given to him may be
forged. Simply nothing should be accepted without proper scrutiny. He should actively search for
different kind of supportive evidence.

C) Quality Assurance

This is where a firm is engaged by one party to give an opinion on a piece of information prepared by
another party. The opinion is an expression of assurance or comfort about the information which has
been reviewed. For example, Limited and Reasonable assurance. Hence a quality assurance
engagement is provided by the practitioner who examines the subject matter, prepared by the
responsible party, against the criteria to provide assurance to intended users.

The Purpose
- To increase the confidence of the user in using the information
- To reduce the risk of using that information

What are the elements of assurance engagement?

Five elements

- Three party relationships:

- Practitioner (Professional accountant, Auditor, MBBS Doctor, Certified lawyer etc )
Responsible party( Whoever prepares the information e.g. Board of directors)
Intended users( Whoever commissions the work e.g. The reader of Financial
Statements i.e. Shareholders)

- The subject matter (The financial Statements prepared by Management)

- Suitable criteria (The relevant framework based on which we should check e.g. IAS and ISA)

2
Developed by Fahim Muhammad Nael ACCA, CPFA Sheet 1 F8 – Audit & Assurance (INT)

- Sufficient appropriate evidence (Result of the test conducted, should support the opinion in
report)

- A written report (Audit report as per ISA 700 that is contained with the published F/S)

NB: The bracket shows the element of assurance engagement if it was for “AUDIT” of listed entities

Examples of Engagements
- Audit of Financial Statements
- Review of the Financial Statements
- Risk Assessment
- Systems Report
- Social & Environmental Report

Types of Engagement

Reasonable or Positive assurance Limited/ Moderate or Negative assurance

It’s where intensive procedures are
undertaken to find high quality evidence,
this in turn increase the credibility of the
assurance given by practitioner. E.g.
Annual Audit; an auditor while conducting
statutory audit need to collect evidence
regarding all elements of statement of profit
or loss (Sales/Purchase/Expense etc.) or
Statement of Financial Position
(Asset/Liability/Capital etc.) by substantive
(detailed) audit procedures.
It’s also called moderate assurance, usually given in a
review engagement. Practitioner agrees terms of engage
(It could be any work) and conducts analytical
procedures, enquiries to produce a negative assurance
report. i.e. ‚Nothing has come to our attention that causes
us to believe that the business have going concern
threats‛ E.G. HSBC would like to grant a loan to Domino
an asset management company on the basis of mortgage.
Hence the finance director of HSBC asked a professional
practitioner to give an assurance report on the liquidity
position of Domino. Here the practitioner is not
conducting an audit, it is a simple review engagement, he
will try to collect evidence relevant to liquidity position
and give a negative assurance report

Note: Auditors do not give ‘Absolute Assurance’.

Reasons
- Lack of precision
- Don’t test 100% transactions
- Undertake audit on a test basis

3
Developed by Fahim Muhammad Nael ACCA, CPFA Sheet 1 F8 – Audit & Assurance (INT)

D) IAASB (International Auditing and Assurance Standards Board), Standards

and Quality Control

The International Auditing and Assurance Standards Board (IAASB) functions as an independent
standard setting body under the auspices of the International Federation of Accountants (IFAC).

The IAASB works to establish high quality auditing, assurance, quality control and related services
standards and to improve the uniformity of practice by professional accountants throughout the world,
thereby strengthening public confidence in the global auditing profession and serving the public
interest.

Just as there are accounting standards, there are also audit standards to give auditors guidance (and
in some cases rules) as to how they should perform their audit work.

Many countries have their own national audit standards – e.g. In the UK, the Auditing Practices
Board set them.

There are also International Standards on Auditing (ISAs), which are set by the IAASB.

For countries without their own audit standards, the ISAs provide a set of standards that can be
adopted, or altered based on national requirements.

Quality control is partly achieved by having audit standards to follow; however it is also achieved by
the RSBs (Recognised Supervisory Bodies) e.g. ACCA; checking the audit work of their members,
and handling complaints.

The RSBs also have rules to ensure their members are keeping up to date with technical changes.

The final set of clarified standards comprise 36 International Standards on Auditing (ISAs) and
International Standard on Quality Control (ISQC) 1, including:

 One new standard, addressing communication of deficiencies in internal control;

 16 ISAs containing new and revised requirements (these have been referred to as "revised and
redrafted ISAs"); and
 20 ISAs that have been redrafted to apply the new conventions and reflect matters of general
clarity only (these have been referred to as "redrafted ISAs and redrafted ISQC 1").

4
Developed by Fahim Muhammad Nael ACCA, CPFA Sheet 1 F8 – Audit & Assurance (INT)

E) General principles of external audit engagements

The external auditor needs to give opinion on whether financial statements prepared by the directors
represent a true and fair view and are prepared in all material aspects accordance with an applicable
reporting framework. The following should also be in consideration:
 Compliance with IFAC Code of Ethics for Professional Accountants
 Compliance with IAASB and ISA
 Plan and perform the audit with professional skepticism i.e. questioning attitude; always
seeking for evidence

Materiality: Information is material if its omission or misstatement could influence the economic
decision of users taken on the basis of Financial Statements. Auditors have disagreement with directors
when they reveal material misstatements in financial statements. Materiality can take both quantitative
and qualitative form i.e. quantitative means in ‚figures‛ it would be material to the reported profit. On
the other hand qualitative means nature of the information leaving future impact for example the
business will not receive insurance money for a fire incident that damaged inventory.

True and fair: True means free from material error i.e. all information presented in financial statement
can be evidenced by proper documents confirming that they are true. In order to ensure the true status
the auditor should maintain professional skepticism during the audit. Fair implies free from bias, the
information’s should not be presented in a way that implies or bring favor to client business in an
unfair manner. In order to ensure the fair status the auditor should maintain professional skepticism as
well most importantly be independent from client during the audit.

There is an auditing standard outlining these details: ISA 200 (International Standard on Auditing 200):
Objective and General Principles Governing an Audit of Financial Statements

External auditor: This is a qualified registered auditor that does not work for the company for which the
audit opinion is being issued. The external auditor can either be an individual practitioner or public
accounting firm.

Independent opinion: this implies that the opinion is free from internal bias. The opinion is issued by
an external, independent third party.

Opinion: an auditor cannot produce a definite opinion. They cannot definitely state that a company has
conducted its business correctly or incorrectly or guaranteeing the future viability of the
business/company.

The importance in independence in Assurance: Assurance reports are written for the benefit of the
people reading them. The readers need to be able to trust that the reports are reliable and correct. If they
sense any links between the auditors and the things being audited, they may not trust the opinions given.

5
Developed by Fahim Muhammad Nael ACCA, CPFA Sheet 1 F8 – Audit & Assurance (INT)

If there are any links between the auditors and the things being audited, the report loses credibility and
the assurance is undermined. It is therefore a requirement if the auditors are independent of those they
are auditing

F) Does all company require statutory audit? What are the benefits and inherent
limitations?

For financial years beginning on or after 6 April 2008 a company may be classified as small (for audit
purposes) and apply for an exemption from audit if its turnover is not more than £6.5 million & its
statement of financial position total is not more than £3.26 million (or/and the number of employees must
not exceed 50) in its first financial year, or in the case of a subsequent year, in that year and the preceding
year.

No audit is needed for owner managed e.g. Sole trader, partnership; because there is no separation of
ownership and control, the owners being involved in everyday business may feel that it is not
important to spend money on having assurance.

Benefits
Increased credibility of F/S since an
independent professional based on
detailed review, providing opinion.
Feedback on Internal control and
possible improvements may be
experienced based on suggestions.
Confirms management has performed
its four duties : Preparing F/S,
Implementing internal control,
compliance with laws and regulation
and preventing fraud and error
Limitations
Massive fraud not detected, high cost
Client staff may deceive the audit staff
and may not co-operate fully
Auditor not able to give objective
opinion because of lacking
independence
Expectation gap i.e. Objective of audit and
expectation of S/H that all fraud would be
discovered.

6
Developed by Fahim Muhammad Nael ACCA, CPFA Sheet 1 F8 – Audit & Assurance (INT)

G) Comparison of External and Internal Auditing

External Audit Internal Audit

Appointed By Shareholders Directors
Reporting To Shareholders Directors
Risk Management Systems
Annual Financial
What they Check (anything management
Statements
ask them to check!)
Legally Requirement Usually Yes Typically No
Ideally, but hard to
Independence They Must Be
achieve

H) Auditor Consideration, Rights and Duties

Who is eligible to be an auditor?

Eligibility Ineligible

-Professional qualification (authorized by RSB) an officer/employee of the company

-Professional competence a partner or an employee/servant

 professional integrity
 appropriate technical standards a partner in partnership with the above
 monitoring by regulatory body

Duties of the auditors

Primary duty is to form opinion on whether financial statements prepared by the directors represent a
true and fair view and are prepared in all material aspects accordance with an applicable reporting
framework.

Check

 Proper returns are being made by the business

 Financial Statements agree to records
 Proper accounting records are being kept
 Information/explanations obtained

7
Developed by Fahim Muhammad Nael ACCA, CPFA Sheet 1 F8 – Audit & Assurance (INT)

 Other reports consistent with the financial statements e.g. directors report

If the five above points are not met, auditors will have to issue ‘report by exception’.

Appointment of the auditors

 Who? Shareholders at the AGM

 How? AGM to AGM or if no AGM then reappointed annually
 Removal by majority of votes at AGM

Resignation

 Must be in writing
 Reason filed in registry office
 May ask directors to call EGM (Extraordinary General Meeting) and explain circumstances

Rights of the auditors

Auditors are usually given rights within national law, to help ensure they can do their job
properly.

Rights will vary between countries, as they are set by government. Typical

rights include:

● access to all books and records

● access to all information and explanations

● the right to:

o be given notice of a general meeting

o attend the general meeting
o speak at the general meeting
● the right to resign without finishing the audit

● the right to have information sent to shareholders, should the auditors wish to.

Removal of auditors

 Simply by majority of votes, statement filed with regulatory body

 If there is any doubt about the abilities of the auditor

8
Developed by Fahim Muhammad Nael ACCA, CPFA Sheet 1 F8 – Audit & Assurance (INT)

I) The External Audit Process

APPOINTMENT

AUDIT STRATEGY

DETAILED AUDIT PLAN

INTERNAL CONTROLS

ASSESSMENT AND TESTING

REDUCED / DETAILED

SUBSTANTIVE TESTING

COMPLETION

AUDIT REPORT

9
Developed by Fahim Muhammad Nael ACCA, CPFA Sheet 1 F8 – Audit & Assurance (INT)

Section 2: CORPORATE GOVERNANCE

A) Explain Corporate Governance (CG) and why CG is of particular interest to

auditors?

CG is the mean by which companies are directed and controlled. It concerns with the composition and
responsibility of directors, quality of internal control and the relationship with external auditors. A key
to good CG is to ensure that only those people are rewarded who are working hard to serve the interest
of the company and its stakeholders.

As an auditor one of our primary concern is audit evidence, which even if we manage to find but don’t
rely instantly. Since we are not confident about the control environment, we have to conduct lots of
substantive or detailed testing to reach a conclusion. As a result where we get assurance that relevant
CG code is complied such as TURNBULL, we as an auditor are able to save much time and cost since
the evidence could be relied with less scrutiny.

B) Principles of Corporate Governance

The OECD Principles

The OECD Principles are published by the Organization for Economic Co-operation and Development.
Members of the OECD are governments of 30 economically-developed countries

Objectives:

To develop the world economy

To assist government of countries to improve the legal and regulatory and

institutional framework for corporate governance

To provides guidance to stock exchanges, investors and companies on how to implement

best practices

Contents:

1) Rights of the shareholders

2) Equitable treatment of shareholders
3) Rights of stakeholders
4) Disclosure and transparency
5) Responsibilities of the board

10
Developed by Fahim Muhammad Nael ACCA, CPFA Sheet 1 F8 – Audit & Assurance (INT)

The ICGN Principles

It is the voluntary association of major institutional investors, companies,

financial intermediaries and other organizations

Its aim is to improve corporate governance practices around the world.

It is consistent with the OECD but it is more specific about the issues that investors will
take into account in deciding how (and where) to invest

It gives more emphasis than the OECD to the right of investor to participate actively
in corporate governance in the companies they invest.

Contents:

1) Role of the board

2) Shareholders
3) Audit and accounts
4) Ethics and stakeholders

The UK Corporate Governance Code

The OECD principles are put into effect in a variety of ways in different countries. Corporate
Governance in the UK is covered by the Combined Code, a document that developed over a
number of years. The Code is kept up to date by the UK Financial Reporting Council
(FRC).The code states that the purpose of corporate governance is to facilitate effective
entrepreneurial and prudent management that can deliver long-term success of the
company. The main principles of the code are –

Principles

- Leadership
Every company should be headed by an effective board which is collectively responsible for the
long term success of the company. There should be a clear division between the running of
the board and the executive responsibility for the running of the company’s business. No one
individual should have unfettered powers of decision. This means that the roles of CEO and
Chairman should not be performed by one person as that concentrates too much power in
that person. Non-executive directors (NEDs) must be appointed to the board

11
Developed by Fahim Muhammad Nael ACCA, CPFA Sheet 1 F8 – Audit & Assurance (INT)

- Effectiveness
The board should have an appropriate balance of skills, experience, independence and
knowledge. In large companies NEDS should be at least 50% of the board; in small companies
there should be at least 2 NEDS. The board should undertake a formal and rigorous annual
evaluation of its own performance and that of its committees and individual directors.

- Accountability
The board should present a balanced and understandable assessment of the company’s
position and prospects. The board should establish formal and transparent arrangements for
applying the corporate reporting, risk management and internal control principles, and for
maintaining an appropriate relationship with the company’s auditor.

- Remuneration
Levels of remuneration should be sufficient to attract, retain and motivate directors of
sufficient quality… but avoid paying more than is necessary

- Relations with shareholders

There should be a dialogue with shareholders based on the mutual understanding of
objectives. The board as a whole has responsibility for ensuring that a satisfactory dialogue
with shareholders takes place. The board should use the AGM to communicate with investors
and to encourage their participation.

Comply or Explain

The code has no force in law and is enforced on listed companies through the stock exchange. Listed
companies are expected to ‘comply or explain’, and this approach is the trademark of corporate
governance in the UK. Listed companies have to state that they have complied with the code or else
explain to shareholder why they have not. This allows some flexibility and non-compliance might be
acceptable in some circumstances.

Advantages

 The ability of companies not to comply with the standard provisions recognises that not all
company situations are the same, and that some flexibility is therefore welcome
 It is hoped that by avoiding laws, businesses will be more willing to contribute to the ongoing
corporate governance debate

Disadvantages

 Some companies may use the ability not to comply in order to avoid some provisions of the
Code, and then present weak (or untrue) explanations justifying their actions
 Without the law to back it up, corporate governance becomes harder to enforce

12
Developed by Fahim Muhammad Nael ACCA, CPFA Sheet 1 F8 – Audit & Assurance (INT)

SARBANES-OXLEY ACT (SOX)

After the collapse of Enron, WorldCom, and a series of other American corporate frauds and failures, the
US Government was keen to act quickly and firmly.

On 30 July 2002, the Sarbanes-Oxley Act was passed.

There are many differences between SOX and the UK Combined Code:

 SOX is law, with strict penalties for non-compliance. The Combined Code is Best Practice, not law
 SOX makes audit partner rotation the law, whereas in the UK such matters are covered by the
profession’s Codes of Ethics
 SOX has a ban on auditors providing a range of ‚other services‛ to their audit clients. In the UK,
very few ‚other services‛ are banned, but are instead considered within the objectivity area of
Ethics.
 SOX requires the CEO and CFO to personally attest to the accuracy of the Annual Report,
Quarterly Reports, and to the effectiveness of Internal Control Systems. In the UK, there are
general assurances in the Directors’ Report and Annual Report, but no personal certification is
required
 Under SOX, the auditors must attest the Internal Controls statement. Auditors do not make any
such statement in the UK
 Under SOX, if laws have been broken (e.g. accounting standards), the CEO and CFO forfeit some
of their remuneration (e.g. their bonuses). There are no such rules in the UK
 Under SOX, no loans can be made by a public company to its directors or other senior executives.
Whilst the same rules apply in UK law, there is a de minimis limit and there are some exemptions

C) History of the Combined Code – Read for knowledge

Following a series of high profile corporate collapses in the late 1980s and early 1990s, Sir Adrian
Cadbury was asked to look into UK corporate governance. In 1992, the Cadbury Code was created.

In 1995, following a series of concerns about excessive director pay, the Greenbury Report was issued,
giving recommendations on how to better align director rewards with those of shareholders.

In 1998, soon after the Cadbury Code had been in use for 5 years, the Hampel Report reviewed how well
the Cadbury Code was working, and made recommendations for change.

There was a concern that the Cadbury Code was too close to a box-ticking approach, and was not making
companies think enough about the principles involved. As such, Hampel advocated a more principles-
based code.

The London Stock Exchange operates a Comply or Explain approach. All listed companies are expected
to follow all provisions of the Combined Code or explain in their Annual Reports which provisions they

13
Developed by Fahim Muhammad Nael ACCA, CPFA Sheet 1 F8 – Audit & Assurance (INT)

have not followed, and why.

In 1999, the Turnbull Report was issued. Turnbull gives detail on how to create an effective Internal
Control System, which is an essential part of good risk management.

In late 2001, Enron collapsed. Whilst Enron was primarily a US company, its operations were
international and it was felt that UK corporate governance may be able to learn some lessons as well.

In 2002/2003, two reports were issued as a result of post-Enron analysis, and both of these reports now
form part of the Combined Code in the UK. The Higgs Report looked into improving the effectiveness of
directors, especially NEDs. The Smith Report focused on the role of Audit Committees.
The Combined Code was updated again in 2006, but has not changed much in the last 4 years.

D) Unitary and two-tier boards

In countries where there is greater inclusivity in decision-making, or where there is a strong family
dominance, it is possible that a 2-tier board will exist.

A Management Board will run the day to day operations of the company, but will be monitored by a
higher level Supervisory Board. In UK terms, this is similar to having the NEDs on a top board, with the
Executive Directors on a separate lower Board.

The 2-tier system may also operate with family dominated companies, with family members having their
own top-level private Board which has controlling voting rights (and therefore where the true decision-
making power rests).

To an extent, schools in the UK may be seen to have a 2-tier system, with the Head / Principal and a small
number of senior teachers on a management board, with the School Governors in a more supervisory
role.

Advantages of 2-tier boards

 Where there is a large Board, splitting into 2 may make discussion and decision making easier.
 The existence of 2 Boards allows for more stakeholders to be involved.
 By separating NEDs from the Executive Directors, the independence of the NEDs is likely to be
improved.

Disadvantages of 2-tier boards

 If one board is clearly senior to the other, it may lead to conflict.

 It may be better for NEDs to be present during Executive Director discussions, rather than
receiving a report of what was said.
 It is likely to lead to slower decision making.

14
Developed by Fahim Muhammad Nael ACCA, CPFA Sheet 1 F8 – Audit & Assurance (INT)

 In many countries (e.g. UK) all directors have equal legal status, whether Executive or NED. This
may make it necessary for all to sit on a single Board.

Advantages of Unitary boards

 Participants have equal legal responsibility for management of the company and strategic
performance
 Independent directors are less likely to be excluded from decision making and given restricted
access to information
 Single board promotes easier cooperation

Disadvantages of Unitary board

 Places to high demand on non-executive to be both manager and to monitor

 Makes no specific provision for employees to be represented on the management board

E) Role of audit/remuneration/nomination/risk committees

All this committees need to be objective enough to ensure the effectiveness of their role. Hence, these
committees are leaded by non-executive directors for the most part. Non-executive directors are those
who serve in the company’s board meeting, they must be independent of the board members. They
mainly exist to serve shareholders interest in the board and participate in different board committee.

- Audit Committee (All NEDs)

There should at least be three NEDS. Two is acceptable for smaller companies. One NED must have
recent relevant financial experience.

Functions of Audit Committee

- Monitoring the integrity of the F/S

- Reviewing internal control
- Review effectiveness of the internal audit function
- Recommendation on appointment/removal/remuneration level of external auditors
- Reviewing and monitoring auditors independence and audit process
- Developing policy on engagement of the external auditor to supply non-audit services
- Reviewing arrangements for ‚whistle blowing‛

15
Developed by Fahim Muhammad Nael ACCA, CPFA Sheet 1 F8 – Audit & Assurance (INT)

Advantages

 Increased credibility of Financial Statements hence increasing public confidence

 Assist directors with their responsibilities
 Strengthens independence of external auditors
 Promotes better communication between director and external auditor
 Promotes best practice and compliance with corporate governance framework
 Independent report of internal audit through ensuring independence of internal audit function
 Check recommendations made by internal and external auditors

Disadvantages

 Directors will not be ‘happy’ if they are being monitored

 Additional cost and time
 Creation of two tiered board
 Excessive burden for NED
 They might get involved with management as a result loosing independence

- Remuneration committee (All NEDs)

They need to determine fair rates of pay and other compensation- pension rights, share options etc for
management and other senior employees. Their task would be to ensure that basic pay is not overstated
and performance related pay present.

- Nomination committee (Mixed)

Task is to ensure right person is chosen for job i.e. suggesting suitable candidates for appointment in
senior posts. Any candidate recruited should be appropriately assessed by nomination committee for
their competency and suitability for the vacant position. This should also be dominated by independent
directors.

- Risk committee (Mixed)

The Risk Committee assists and advises the Supervisory Board in monitoring the risk profile of the
company as well as the structure and operation of the internal risk management and control systems.

16