ISA 510 Initial Audit Engagements – Opening Balances

Auditors must make special considerations at the planning stage when they are
auditing an entity for the first time, whether because the entity has never
required an audit before, or because the entity has simply changed auditor.
New audits generally require a little more work than recurring engagements.
But it is important to note that this is not because the auditor needs to do a first-
time audit more thoroughly than other audits. Rather, it is because there are
specific risks in relation to an auditor's relative lack of knowledge of new audit
clients.

The auditor shall obtain sufficient appropriate audit evidence about whether
the opening balances contain misstatements that materially affect the current
period's financial statements by:

(a) Determining whether the prior period's closing balances have been correctly
brought forward to the current period or, when appropriate, have been
restated;
(b) Determining whether the opening balances reflect the application of
appropriate accounting policies; and

(c) Performing one or more of the following:

(i) Where the prior year financial statements were audited, reviewing the
predecessor auditor's working papers to obtain evidence regarding the opening
balances;
(ii) Evaluating whether audit procedures performed in the current period
provide evidence relevant to the opening balances; or
(iii) Performing specific audit procedures to obtain evidence regarding the
opening
Balances

Prior period audited by another auditor

Audit Procedures
Review predecessor's working papers, considering the professional
competence and independence of the predecessor auditor

Read the most recent set of financial statements and predecessor's auditor's
report for information relevant to opening balances

If the prior period auditor's report was modified, pay particular attention in the
current period to the matter which resulted in the modification
Prior period not audited (ie first time being audited
Collection or payment of opening accounts receivable or payable
Observation of current physical inventory count and reconciliation back to
opening quantities ('roll back')

Examination of records underlying opening non-current assets and liabilities,

including confirmation from third parties where possible
Auditor's report
In all cases where there is a new auditor, the auditor's report must contain an
Other Matter paragraph. This applies whether or not the audit opinion being
expressed is modified. ISA 510 gives the following example of an Other Matter
paragraph in this case (the example is also found in
ISA 710):

Other Matter
The financial statements of the Company for the year ended December 31, 20X0
were audited by another auditor who expressed an unmodified opinion on those
statements on March 31, 20X1.
(ISA 510
If there was a modification to the opinion and this is still relevant in the current
period, the auditor expresses a modified opinion in this year's auditor's report
in line with ISA 705 and ISA 710
(ISA 510: para. 13). Otherwise, the opinion would be modified under the
following circumstances:
If there was a modification to the opinion and this is still relevant in the
current period, the auditor expresses a modified opinion in this year's auditor's
report in line with ISA 705 and ISA 710
(ISA 510: para. 13). Otherwise, the opinion would be modified under the
following circumstances:
Unable to obtain sufficient Qualified 'except for' or
appropriate evidence about the disclaimer of opinion
opening balances
Opening balances contain material Qualified 'except for' or
misstatements affecting current adverse opinion
period (either not corrected or not
adequately disclosed)
This includes the possibility that
accounting policies may not be
consistently applied or accounted
for/disclosed properly in the new
year.

Opening balances: procedures

Specific audit procedures
For current assets and liabilities, some audit evidence may be obtained as part
of the current period's audit procedures. For example, the collection (or
payment) of opening accounts receivable (or accounts payable) during the
current period will provide some audit evidence of their existence, rights and
obligations, completeness and valuation at the beginning of the period
(ISA 510: para. A6).
In the case of inventories, however, the current period's audit procedures on the
closing inventory balance provide little audit evidence regarding inventory on
hand at the beginning of the period.
Therefore, additional procedures may be necessary, such as:
 Observing a current physical inventory count and reconciling it back to
the opening inventory quantities
 Performing audit procedures on the valuation of the opening inventory
items
 Performing audit procedures on gross profit and cut-off
(ISA 510: para. A6)
A combination of these procedures may provide sufficient appropriate audit
evidence.
For non-current assets and liabilities, some audit evidence may be obtained
by examining the accounting records and other information underlying the
opening balances. In certain cases, the auditor may be able to obtain some audit
evidence regarding opening balances through confirmation with third parties,
for example for long-term debt and investments. In other cases, the auditor may
need to carry out additional audit procedures (ISA 510: para. A7).

Consistency of accounting policies

The auditor shall obtain sufficient appropriate audit evidence about:
 Whether the accounting policies reflected in the opening balances have been
applied consistently in the current period's financial statements
 Whether changes in the accounting policies have been accounted for
properly and adequately presented and disclosed in accordance with the
applicable financial reporting framework
(ISA 510: para. 12)
ISA 402
Outsourcing and ISA 402 Audit Considerations Relating to an Entity Using
a Service Organisation
Outsourcing is the use of external suppliers as a source of finished products,
components or services.
It is also known as 'sub-contracting'.
An audit client using an external supplier in this way does not diminish the
ultimate responsibility of the directors for conducting the business of the
company.
Business functions that are commonly outsourced include, but are not limited
to: payroll, information technology, accounting, recruitment and internal audit.

Service organisation: A third-party organisation (or segment of a third-party

organisation) that provides services to user entities that are part of those entities'
information systems relevant to financial reporting.

User entity: An entity that uses a service organisation and whose financial
statements are being audited.

User auditor: An auditor who audits and reports on the financial statements of
a user entity.
Service auditor: An auditor who, at the request of the service organisation,
provides an assurance report on the controls of a service organisation.

Type 1 report: A report on the description and design of controls at a service

organisation. It comprises:
(i) A description, prepared by management of the service organisation, of the
service organisation's system, control objectives and related controls that have
been designed and implemented as at a specified date; and

(ii) A report by the service auditor with the objective of conveying reasonable
assurance that includes the service auditor's opinion on the description of the
service organisation's system, control objectives and related controls and the
suitability of the design of the controls to achieve the specified control
objectives.
Type 2 report: A report on the description, design and operating effectiveness
of controls at a service organisation. It comprises:
(i) A description, prepared by management of the service organisation, of the
service organisation's system, control objectives and related controls, their
design and implementation as at a specified date or throughout a specified
period and, in some cases, their operating effectiveness throughout a specified
period; and
(ii) A report by the service auditor with the objective of conveying reasonable
assurance that includes:

(a) The service auditor's opinion on the description of the service organisation's
system, control objectives and related controls, the suitability of the design of
the controls to achieve the
specified control objectives, and the operating effectiveness of the controls; and
(b) A description of the service auditor's tests of the controls and the results
thereof.

A user entity may use a service organisation that executes transactions and
maintains related accountability for them or records transactions and
processes related data
(eg a computer systems service organisation). Such an organisation may also
carry out facilities management work or even asset management on behalf of
a user.

Service organisations may undertake activities on a dedicated basis for one

company, or on a shared basis, either for members of a single group of entities
or for unrelated customers.

User auditors need to obtain sufficient, appropriate audit evidence to express

an opinion on financial statements. They therefore need to consider an approach
towards the parts of the audit affected by the service organisation

Impact on audit planning

One factor that has an impact on the audit of a user entity is that the user
auditor has no direct contractual relationship with the service organisation
(or indeed the service auditor) and this may cause problems with access and
confidentiality. In practical terms, however, it is in the interest of the user
entity for its service organisation to co-operate with the user auditor, but this
must still be taken into consideration when planning the audit.

ISA 402 requires the user auditor to obtain an understanding of the nature
and significance of the services provided by the service organisation, starting
with the extent of the relationship between user entity and service organisation:

(a) When the services provided by the service organisation are limited to
recording and processing user entity transactions and the user entity
retains authorisation and maintenance of accountability, the user entity may
be able to implement effective policies and procedures within its organisation.

(b) When the service organisation executes the user entity's transactions and
maintains accountability, the user entity may deem it necessary to rely on
policies and procedures at the service organisation. In such cases, the auditor
needs to design procedures that allow it to manage audit risk effectively.
The auditor needs to understand how a user entity uses the services of the
service organisation, including:
 The nature and significance of the service provided, including the effect on
the controls at the user entity
 The nature and materiality of the transactions processed or accounts/financial
reporting processes affected
 The degree of interaction between the user entity and the service
organisation
 The nature of the relationship between the two, including the contractual
terms
 If the service organisation maintains accounting records for the user entity,
whether the
arrangements affect the auditors' responsibility to report concerning accounting
records
Sources of information include:
 User manuals
 System overviews
 Technical manuals
 The contract/service level agreement
 Reports by the service organisations, internal auditors or regulatory
authorities
 Reports by the service organisation auditor
(ISA 402: paras. 9 and A1)
Obtaining evidence on the quality of a service organisations' controls
The user auditor must evaluate the controls at the user entity that relate to the
service organisation and determine whether this gives the auditor sufficient
understanding to provide a basis for assessing risks of material misstatement in
the user entity financial statements.
If the auditor concludes that this is insufficient, they must carry out one of the
following four activities.
 Obtain Type 1 or Type 2 report from the service organisation, if available
 Contact the service organisation to get specific information (with
permission)
 Visit the service organisation and perform procedures to obtain the
information (with permission)
 Use another auditor to perform procedures at the service organisation (with
permission)
It is likely that the auditor will be able to obtain a Type 1 or 2 report, and this
will be the most straightforward option. If this action is taken, the auditor needs
to be sure that:
 The service organisation's auditor is competent and objective
 The standards under which the report was issued are adequate for the user
entity's auditor's purposes
 The report is for an appropriate date (that is, it covers the period the user
entity is reporting on)
 The evidence it is based on is sufficient and appropriate for the user entity's
auditor's understanding of the internal controls
 If complementary user entity controls are relevant to the user entity, the
auditor has obtained an understanding of these

Responding to assessed risks

The auditor needs to assess whether sufficient appropriate audit evidence is
available from records at the user entity. If so, they should carry out
appropriate procedures at the user entity. If not, they should carry out further
audit procedures.
When the user auditor expects controls at the service organisation to be
operating effectively, they must obtain evidence that this is the case, by one of
the following three methods.
 Obtaining a Type 2 report, if available
 Performing test of controls at the service organisation
 Using another auditor to perform tests of controls at the service organisation

Again. Obtaining type 2 report is more likely the option, in which entity auditor
has to
Check that the report is made up to an appropriate date
 Ensure that they have tested complimentary controls at the user entity if
necessary
 Check the adequacy of the time period covered by the tests of controls and
the time elapsed since those tests of controls were performed
 Ensure the tests of controls performed for the purposes of the report are
relevant and provide sufficient appropriate audit evidence for the user entity
auditors' purposes
The auditor must also make enquiries of management if they are aware or
suspect any fraud, non-compliance with law and regulations or uncorrected
misstatements at the service organisation that could affect the financial
statements of the user entity and evaluate the impact of any matters on their
procedures and report.

Reporting

The key issue to remember is that if the user auditor cannot obtain sufficient
appropriate evidence about the impact of the service organisation on the user
entity, the auditor must modify the auditor's report, as the scope of the audit has
been limited.