F8 Theory Notes

Knowledge Based Topics
AUDIT & ASSURANCE – F8
Compiled by: Rashid Hussain

MARFAT ACCA ONLINE
Email: marfatonline@yahoo.com | Whatsapp: +923009433841 | Skype: MARFAT Online
Introduction to the Audit

Elements of an assurance engagement
(i) the three parties involved:
✓ the practitioner (i.e. the reviewer of the subject matter who provides the assurance)
✓ the intended users (of the information)
✓ the responsible party (i.e. those responsible for preparing the subject matter)
(ii) an appropriate subject matter
(iii) suitable criteria, against which the subject matter is evaluated/measured
(iv) sufficient appropriate evidence
(v) a written assurance report in an appropriate form.
Types of assurance engagement

Reasonable assurance engagements
❑ In a reasonable assurance engagement, the practitioner:
✓ Gathers sufficient appropriate evidence to be able to draw reasonable conclusions.
✓ Concludes that the subject matter conforms in all material respects with identified suitable
criteria.
✓ Gives a positively worded assurance opinion.
✓ Gives a high level of assurance (confidence).
✓ Performs very thorough procedures to obtain sufficient appropriate evidence tests of controls
and substantive procedures.
Limited assurance engagement

❑ In a limited assurance assignment, the practitioner:
✓ Gathers sufficient appropriate evidence to be able to draw limited conclusions.
✓ Concludes that the subject matter, with respect to identified suitable criteria, is plausible in the
circumstances.
✓ Gives a negatively worded assurance opinion.
✓ Gives a moderate or lower level of assurance than that of an audit.
COMPILED BY: RASHID HUSSAIN 1

✓ Performs significantly fewer procedures mainly enquiries and analytical procedures.
True and fair

❑ True: Information is factual and conforms with reality. In addition, the information conforms
with required standards and law. The financial statements have been correctly extracted from
the books and records.
❑ Fair: Information is free from discrimination and bias and in compliance with expected standards
and rules. The accounts should reflect the commercial substance of the company's underlying
transactions.
Auditor Duties
Duty Description
Compliance with legislation Whether the financial statements have been prepared in accordance
with the relevant legislation
Truth and fairness of accounts Whether the statement of financial position shows a true and fair
view of the company's affairs at the end of the period and the
statement of profit or loss and other comprehensive income (and
statement of cash flows) show a true and fair view of the results for
that period
Adequate accounting records Whether adequate accounting records have been kept and returns
and returns adequate for the audit received from branches not visited by the
auditor
Agreement of accounts to Whether the accounts are in agreement with the accounting records
records and returns
Consistency of other Whether the information in the directors' report is consistent with the
information financial statements
Directors' benefits Whether disclosure of directors' benefits has been made in

accordance with the Companies Act 2006

Auditor Rights
Rights Description
Access to records A right of access at all times to the books, accounts and vouchers of
the company (in whatever form they are held)
Information and explanations A right to require from the company's officers such information and
explanations as they think necessary for the performance of their
duties as auditors
Attendance at / notices of A right to attend any general meetings of the company and to
general meetings receive all notices of and other communications relating to such
meetings which any member of the company is entitled to receive
Right to be heard at general right to be heard at general meetings which they attend on any part
meetings of the business that concerns them as auditors
Rights in relation to written A right to receive a copy of any written resolution proposed
resolutions
International Standards on Auditing (ISAs)

❑ The role of auditing standards
❑ The role of the audit is to provide a high level of assurance to the users of the financial
statements. This assurance will be of greater value to users if they know that the audit has been
carried out in accordance with established standards of practice.
❑ In addition, if users compare the financial statements of a number of companies, it is important

that the user has confidence that consistent auditing standards have been applied to the audits
of all of the companies.
❑ International Standards on Auditing (known as ISAs) apply primarily to the external audit
process. However, their provisions can also often be seen as good practice for relevant areas of
the work of the internal auditor.

Ethics
Five Fundamental Principles of Ethics (PICCO)
❑ Professional Behavior – to comply with relevant laws and regulations and avoid any action that
discredits the profession.
❑ Integrity – to be straightforward and honest in all professional and business relationships.
❑ Confidentiality – to respect the confidentiality of information acquired as a result of

professional and business relationships and, therefore, not to disclose any such information to
third parties without proper authority, nor use the information for personal advantage.
❑ Competence and Due Care – to maintain professional knowledge and skill at the level required
to ensure that a client receives competent professional services, and to act diligently and in
accordance with applicable technical and professional standards.
❑ Objectivity – to not allow bias, conflict of interest or undue influence of others to override
professional or business judgments.
Five Ethical Threats (SSAFI)

❑ Self-interest - The threat that auditors act in their own personal interests (or are believed to be
doing so).
❑ Self-review - The threat that if auditors do certain tasks for clients, their audit work may result
in checking their own work.
❑ Advocacy - The threat caused when auditors are asked to do other work that means they are
taking their client's position on something. By taking this position, they may be seen to be “on
the client's side”, rather than being independent.
❑ Familiarity - The threat that if auditors are too familiar / friendly with a client, they might
deliberately or accidentally put too much trust in their client and not be skeptical enough,
leading to under-auditing.
❑ Intimidation - The threat caused by a client being in a position to put pressure on an auditor.
Pre-Conditions
Must obtain the agreement of management that management acknowledges and understands its
responsibility for the following:
❑ Preparation of the financial statements in accordance with the applicable financial reporting
framework, including where relevant their fair presentation;

❑ For such internal control as management determines is necessary to enable the preparation of
financial statements that are free from material misstatement, whether due to fraud or error;
and
❑ To provide the auditor with access to all relevant information for the preparation of the financial
statements, any additional information that the auditor may request from management and
unrestricted access to persons within the entity from whom the auditor determines it necessary
to obtain audit evidence.
Other Pre-Acceptance Considerations

Apart from Ethical issues as above, firms should also consider:
❑ resources (time and staff) available to do the work
❑ the fee
❑ client deadlines
❑ the integrity of the client and its directors
❑ the level of audit risk
❑ Money Laundering Procedures must be followed (eg to verify the identity of the client and the
source of their funds)
❑ whether firm has the competence to do the work
❑ Whether the client has good credit (or the fee will never be received!!)
❑ The incoming firm should also go through a process of Professional Clearance
Engagement letter
Matters to be included in an audit engagement letter:
❑ The objective and scope of the audit;
❑ The responsibilities of the auditor;
❑ The responsibilities of management;
❑ Identification of the financial reporting framework for the preparation of the financial
statements;
❑ Expected form and content of any reports to be issued;
❑ Elaboration of the scope of the audit with reference to legislation;

Planning
Benefits of Audit Planning
❑ Helping the auditor to devote appropriate attention to important areas of the audit.
❑ Helping the auditor identify and resolve potential problems on a timely basis.
❑ Helping the auditor properly organise and manage the audit engagement so that it is
performed in an effective and efficient manner.
❑ Assisting in the selection of engagement team members with appropriate levels of
capabilities and competence to respond to anticipated risks and the proper assignment
of work to them.
❑ Facilitating the direction and supervision of engagement team members and the review
of their work.
❑ Assisting, where applicable, in coordination of work done by experts.
Audit Strategy Document

Section of document Purpose
Understanding the entity’s Provides details of the industry area that the company
environment is in along with specific information about the
activities and strategies of the individual client.
Understand the accounting and Details of accounting policies of the client and
internal control systems previous assessments of internal control systems
indicating the expected extent of reliance on those
systems.
Risk and materiality The assessment of risk for the client and risk of fraud
and error and the identification of significant audit
areas. The materiality level for audit planning
purposes.
Consequent nature, timing and Details of the focus on audit work on specific areas.
extent of audit procedures Detail on the extent of use of audit software and
possible reliance on internal audit.
Co-ordination, supervision and Details the extent of involvement of experts, client

review of audit work locations and staffing requirements for the audit.

Difference between the audit strategy and the audit plan

❑ The difference between the audit strategy and the audit plan is therefore that the strategy is the
initial planning to ensure there will be adequate resources allocated to the audit assignment in
response to an initial evaluation of the entity’s characteristics, whereas the audit plan is a
detailed programme of audit procedures.
❑ The strategy will therefore usually be developed before the plan; however, the two activities
should be seen as inter-related, as changes in one may result in changes to the other. Both the
strategy and the plan should be fully documented as this represents the record of proper
planning of the audit assignment.
Audit Risk & Components of audit risk

Audit risk is the risk that an auditor gives an inappropriate opinion on the financial statements being
audited.
❑ Inherent Risk
The susceptibility of an assertion about a class of transaction, account balance or disclosures to
a misstatement that could be material, either individually or when aggregated with other
misstatements, before consideration of any related controls.
❑ Control Risk
The risk that a misstatement that could occur in an assertion about a class of transaction,
account balance or disclosure and that could be material, either individually or when aggregated
with other misstatements, will not be prevented, or detected and corrected, on a timely basis by
the entity’s internal control.
❑ Detection Risk
The risk that the procedures performed by the auditor to reduce audit risk to an acceptably low
level will not detect a misstatement that exists and that could be material, either individually or
when aggregated with other misstatement.
Materiality and Performance materiality (ISA 320)

❑ ‘Misstatements, including omissions, are considered to be material if they, individually or in the
aggregate, could reasonably be expected to influence the economic decisions of users taken on
the basis of the financial statements.’
❑ In assessing the level of materiality, there are a number of areas that should be considered. First
the auditor must consider both the amount (quantity) and the nature (quality) of any
misstatements, or a combination of both. The quantity of the misstatement refers to the
relative size of it and the quality refers to an amount that might be low in value but due to its
prominence could influence the user’s decision, for example, directors’ transactions.

❑ As per ISA 320, materiality is often calculated using benchmarks such as 5% of profit before tax
or 1% of total revenue or total expenses. These values are useful as a starting point for assessing
materiality.
❑ The assessment of what is material is ultimately a matter of the auditor’s professional

judgement, and it is affected by the auditor’s perception of the financial information needs of
users of the financial statements and the perceived level of risk; the higher the risk, the lower
the level of overall materiality.
Performance materiality
❑ In assessing materiality, the auditor must consider that a number of errors each with a low value
may, when aggregated, amount to a material misstatement.
❑ In calculating materiality, the auditor should also set the performance materiality level.
Performance materiality is normally set at a level lower than overall materiality. It is used for
testing individual transactions, account balances and disclosures.
❑ The aim of performance materiality is to reduce the risk that the total of errors in balances,
transactions and disclosures does not in total exceed overall materiality.
Fraud
Overall responsibility of auditor
❑ The external auditor is primarily responsible for the audit opinion on the financial statements
following the international auditing standards (ISAs).
❑ The main focus of audit work is therefore to ensure that the financial statements show a true
and fair view. The detection of fraud is therefore not the main focus of the external auditor’s
work. An auditor is responsible for obtaining reasonable assurance that the financial statements
as a whole are free from material misstatement, whether caused by fraud or error.
❑ The auditor is responsible for maintaining an attitude of professional scepticism throughout the
audit, considering the potential for management override of controls and recognising the fact
that audit procedures that are effective for detecting error may not be effective for detecting
fraud.
Materiality
❑ ISA 240 states that the auditor should reduce audit risk to an acceptably low level. Therefore, in
reaching the audit opinion and performing audit work, the external auditor takes into account
the concept of materiality. In other words, the external auditor is not responsible for checking
all the transactions. Audit procedures are planned to have a reasonable likelihood of identifying
material fraud.

Discussion among the audit team
❑ A discussion is required among the engagement team placing particular emphasis on how and
where the entity’s financial statements may be susceptible to material misstatement due to
fraud, including how fraud might occur.
Identification of fraud
❑ In situations where the external auditor does detect fraud, then the auditor will need to
consider the implications for the entire audit. In other words, the external auditor has a
responsibility to extend testing into other areas because the risk of providing an incorrect audit
opinion will have increased.
Laws & Regulation

❑ Under ISA 250 Consideration of Laws and Regulations in an Audit of Financial Statements,
management have a responsibility to ensure that the operations are conducted in accordance
with the provisions of laws and regulations. This includes compliance with laws and regulations
that determine amounts and disclosures in financial statements, including tax liabilities and
charges.
❑ Auditors are not responsible for preventing non-compliance with laws and regulations, and
cannot be expected to detect non-compliance with all laws and regulations. They have a
responsibility to obtain reasonable assurance that the financial statements are free from
material misstatement, whether caused by fraud or error.
Auditor’s responsibility differs in relation to the two different categories of laws and regulations
identified below:
❑ Laws and regulations which have a DIRECT effect on the determination of material amounts and
disclosures in financial statements. Here the auditor is responsible for obtaining sufficient
appropriate audit evidence regarding compliance.
❑ Laws and regulations which DO NOT HAVE A DIRECT EFFECT on the determination of material
amounts and disclosures in financial statements, but may impact the entity’s ability to continue
to trade. Here the auditor’s responsibility is limited to specified audit procedures to help identify
non-compliance with those laws and regulations that may have a material effect on the financial
statements. This includes inquiring with management whether the entity is in compliance with
such laws and regulations, and inspecting correspondence with relevant licensing or regulatory
authorities.
❑ Auditor also has a responsibility to remain alert, by maintaining professional scepticism, to the
possibility that other audit procedures may bring instances of identified or suspected non-
compliance with laws and regulations.

Analytical Procedures
❑ ‘Analytical procedures’ actually means the evaluation of financial and other information, and the
review of plausible relationships in that information. The review also includes identifying
fluctuations and relationships that do not appear consistent with other relevant information or
results.
Use of analytical procedures
❑ Risk assessment procedures - Analytical procedures are used at the beginning of the audit to
help the auditor obtain an understanding of the entity and assess the risk of material
misstatement. Audit procedures can then be directed to these ‘risky’ areas.
❑ Analytical procedures as substantive procedures - Analytical procedures can be used as

substantive procedures in determining the risk of material misstatement at the assertion level
during work on the income statement and statement of financial position (balance sheet).
❑ Analytical procedures in the overall review at the end of the audit - Analytical procedures help
the auditor at the end of the audit in forming an overall conclusion as to whether the financial
statements as a whole are consistent with the auditor’s understanding of the entity.
Interim & Final Audit

❑ The interim audit, as its name suggests, is that part of the whole audit that takes place before
the year end. The auditor uses the interim audit to carry out procedures that would be difficult
to perform at the year-end because of time pressure.
❑ The final audit, on the other hand, will take place after the year-end and concludes with the
auditor forming and expressing an opinion on the financial statements for the whole year
subject to audit. It is important to note that the fi nal opinion takes account of conclusions
formed at both the interim and final audit.
Typical work carried out at the interim audit includes
❑ consideration of inherent risks facing the company. (Tutorial note: risk would be initially
considered at the planning stage, but is, in fact, reassessed at all audit stages.)
❑ recording the system of internal control.
❑ carrying out tests of control on the company’s internal control system and evaluating its
effectiveness to determine the level of control risk.
❑ performing sufficient substantive testing of transactions and balances to be satisfied that the
books and records are a reliable basis for the preparation of financial statements.
❑ identification of potential problems that may affect the final audit work. A basic aim is to ensure
as far as possible that there are no undetected problems at the year-end.

Typical work carried out at the final examination includes
❑ Follow up of items noted at the inventory count.
❑ Obtaining confirmations from third parties, such as bankers and lawyers.
❑ Analytical reviews of figures in the financial statements.
❑ Reviews of events after the reporting period.
❑ Consideration of the going concern status of the organisation.
Audit Documentation
It is essential that the entire audit process is documented, because:
❑ Provides evidence of the auditor’s basis for a conclusion about the achievement of the overall
objective of the audit.
❑ Provides evidence that the audit was planned and performed in accordance with ISAs and
applicable legal and regulatory requirements.
❑ Assists the engagement team to plan and perform the audit.
❑ Assists members of the engagement team responsible for supervision to direct, supervise and
review the audit work.
❑ Enables the engagement team to be accountable for its work.
❑ Retains a record of matters of continuing significance to future audits.
Working papers
Working papers will be retained for some years (usually at least 5) for safety.
Essential content that all working papers should have:
❑ Name of client – identifies the client being audited.
❑ Year-end date – identifies the year end to which the audit working papers relate.
❑ Subject – identifies the area of the financial statements that is being audited, the topic area of
the working paper, such as receivables circularisation.
❑ Working paper reference – provides a clear reference to identify the number of the working
paper, for example, R12 being the 12th working paper in the audit of receivables.
❑ Preparer – identifies the name of the audit team member who prepared the working paper, so
any queries can be directed to the relevant person.

❑ Date prepared – the date that the audit work was performed by the team member; this helps to
identify what was known at the time and what issues may have occurred subsequently.
❑ Reviewer – the name of the audit team member who reviewed the working paper; this provides
evidence that the audit work was reviewed by an appropriate member of the team.
❑ Date of review – the date the audit work was reviewed by the senior member of the team; this
should be prior to the date that the audit report was signed.
❑ Objective of work/test – the aim of the work being performed, could be the related financial
statement assertion; this provides the context for why the audit procedure is being performed.
❑ Details of work performed – the audit tests performed along with sufficient detail of items
selected for testing.
❑ Conclusion – the overall conclusion on the audit work performed, whether the area is true and
fair.
Internal Controls
Components of an internal control system
Control environment
❑ The control environment includes the governance and management functions and the attitudes,
awareness, and actions of those charged with governance and management concerning the
entity’s internal control and its importance in the entity. The control environment sets the tone
of an organisation, influencing the control consciousness of its people.
❑ The control environment has many elements such as communication and enforcement of
integrity and ethical values, commitment to competence, participation of those charged with
governance, management’s philosophy and operating style, organisational structure,
assignment of authority and responsibility and human resource policies and practices.
Entity’s risk assessment process
❑ For financial reporting purposes, the entity’s risk assessment process includes how management
identifies business risks relevant to the preparation of financial statements in accordance with
the entity’s applicable financial reporting framework. It estimates their significance, assesses the
likelihood of their occurrence, and decides upon actions to respond to and manage them and
the results thereof.
Information system
❑ Including the related business processes, relevant to financial reporting, and communication
The information system relevant to financial reporting objectives, which includes the accounting
system, consists of the procedures and records designed and established to initiate, record,

process, and report entity transactions (as well as events and conditions) and to maintain
accountability for the related assets, liabilities, and equity.
Control activities relevant to the audit
❑ Control activities are the policies and procedures that help ensure that management directives
are carried out. Control activities, whether within information technology or manual systems,
have various objectives and are applied at various organisational and functional levels.
Monitoring of controls
❑ Monitoring of controls is a process to assess the effectiveness of internal control performance

over time. It involves assessing the effectiveness of controls on a timely basis and taking
necessary remedial actions. Management accomplishes the monitoring of controls through
ongoing activities, separate evaluations, or a combination of the two.
Documenting client systems

Narrative notes
❑ Narrative notes are a written description of the control system and the controls that are in
place. They are used mainly to make a record of the control activities involved in processing
transactions.
❑ Narrative notes are simple to prepare, but can become lengthy. They may be timeconsuming to
prepare initially. When narrative notes are long, it may also be timeconsuming to update them
when the system or the controls change.
❑ Ideally, narrative notes should be written clearly, but should not be longer than necessary to
provide a full description.
Systems flowcharts
❑ Systems flowcharts provide a representation of accounting systems in the form of a diagram.

For each type of transaction, they show the documents generated, the processes applied to the
documents and the flow of the documents between the various departments involved.
Flowcharts therefore show the flow of work by showing how documents are transferred within
a system (and filed) and how they are used.
❑ As they are in the form of a diagram, flowcharts present an immediate visual impact of the
system. This can sometimes help the auditor to identify weaknesses in controls more easily than
by reading narrative notes.
❑ However, some expertise is needed to draw a good flowchart and to use it to assess the
effectiveness of controls. In addition, althoug flowcharts work well with standard accounting
systems and transactions, they may not be appropriate for documenting specialised areas o
accounting.

Questionnaires
Internal control questionnaire (ICQ)
❑ An internal control questionnaire (ICQ) is designed to establish whether appropriate controls

exist, that meet specific control objectives. Each question requires a ‘Yes’ or a ‘No’ answer, and
deals with a particular type of control. The auditor has to establish the answer to each of the
questions, and fill in the questionnaire.
Internal control evaluation questionnaire (ICEQ)
The idea behind the ICEQ is to draw up a small number of key control questions designed to establish
whether major weaknesses may exist in a control system.
✓ Like an ICQ, an ICEQ contains a (shorter) list of questions, for which the answer is Yes or No. A
questionnaire is normally designed so that a Yes answer indicates good controls and a No
answer indicates weak controls.
Documentation Advantages Disadvantages
Method
Narrative notes ❑ Simple to record ❑ May be time consuming and

cumbersome if the system is complex
❑ Facilitate understanding by all
audit staff ❑ May be more difficult to identify missing
controls
Flow charts ❑ Easy to view the whole system in ❑ May be difficult to amend as the whole
one diagram diagram may need to be redrawn
❑ Easy to spot missing controls due ❑ There is still a need for narrative notes to
to the use of standard symbols accompany the flow chart increasing the
time involved to document the system
fully

Documentation Advantages Disadvantages
Method
Internal control ❑ Quick to prepare ❑ Controls may be overstated as the client

knows the answer the auditor is looking
questionnaires ❑ Can ensure all controls are
for is 'yes'
present
(ICQ's)
❑ Unusual controls are unlikely to be
included on a standard questionnaire
and may not be identified
❑ May contain a number of irrelevant

controls
Internal control ❑ The client has to respond with ❑ Client may still overstate controls as they
the control they have in place may say a control is in place for the
evaluations
rather than a yes/no answer control objectives even if it is not.
(ICE's) which should mean controls are
❑ The checklist may contain control
less likely to be overstated
objectives not relevant to the client.
❑ Quick to prepare as a list of
❑ Unusual risks and therefore objectives
control objectives can be
may not be identified.
compiled and the client is asked
what controls they have in place
to address them
Review
Going Concern
❑ An entity prepares financial statements on a going concern basis when, under the going concern
assumption, the entity is viewed as continuing in business for the foreseeable future. The term
‘foreseeable future’ is not defined within ISA 570, but IAS 1, Presentation of Financial
Statements deems the foreseeable future to be a period of 12 months from the entity’s
reporting date.
Management’s responsibility in respect of going concern

❑ It is the directors’ responsibility to assess the company’s ability to continue as a going concern
when they are preparing the financial statements.

❑ In order to do this the directors should prepare forecasts to help assess whether they are likely
to be able to continue trading for the next 12 months as a minimum.
❑ If they are aware of any material uncertainties which may affect this assessment, then IAS 1
requires them to disclose such uncertainties in the financial statements.
❑ When the directors are performing their assessment they should take into account a number of
relevant factors such as:
▪ current and expected profitability
▪ debt repayment
▪ sources (and potential sources) of financing.
Auditor's responsibilities in respect of going concern

❑ ISA 570 Going Concern states that the auditor needs to ensure the financial statements are
prepared on the appropriate basis.
❑ If the going concern basis has been used they should obtain sufficient appropriate evidence that
this is appropriate.
❑ Where there are material uncertainties, the auditor must ensure that the directors have made
sufficient disclosure of such matters in the notes to the financial statements.
❑ The auditor must consider the implications for their audit report.
Written representation letter

❑ A written representation is: a written statement by management provided to the auditor to
confirm certain matters or to support other audit evidence. They do not include the financial
statements, assertions or supporting books and records. (ISA 580 Written Representations).
Examples of matters where written representation is required
❑ plans or intentions that may affect the carrying value of assets or liabilities.
❑ confirmation of values where there is a significant degree of estimation or judgement involved,

e.g. provisions and contingent liabilities.
❑ formal confirmation of the directors’ judgement on contentious issues, e.g. the value of assets
where there is a risk of impairment.
❑ aspects of laws and regulations that may affect the financial statements, including compliance.
Quality and reliability of written representations as audit evidence
❑ Written representations are more reliable than oral representations, since oral representations
can be retracted.

❑ However, although written representations are a form of audit evidence, they are from an
internal source and on their own they do not provide sufficient appropriate audit evidence
about the issues they relate to.
❑ Objective of the auditor regarding written representations is 'To support other audit evidence
...' This is because although written representations are necessary, they cannot provide
sufficient appropriate audit evidence when they stand alone.
❑ The auditor must consider the reliability of written representations in terms of:
✓ inconsistencies with other forms of evidence.
✓ concerns about the competence, integrity, ethical values or diligence of management.
Treatment of misstatements
❑ A misstatement is a difference between the amount, classification, presentation, or disclosure of
a reported financial statement item and the amount, classification, presentation, or disclosure
that is required for the item to be in accordance with the applicable financial reporting
framework. Misstatements can arise from error or fraud.
❑ An uncorrected misstatement is a misstatement that the auditor has accumulated during the
audit and that have not been corrected.
Evaluation of uncorrected misstatements
❑ If management have failed to correct all of the misstatements reported to them, the auditor
should:
✓ Revisit their assessment of materiality to determine whether it is still appropriate in the

circumstances.
✓ Determine whether the uncorrected misstatements, either individually or in aggregate,

are material to the financial statements as a whole. In so doing the auditor must
consider both the size and nature of the misstatements.
✓ Report the uncorrected misstatements to those charged with
✓ governance and explain the effect this will have upon the audit opinion.
✓ Request a written representation from those charged with governance that they believe
the effects of uncorrected misstatements are immaterial.

Report
Basic elements of the auditor's report
❑ Title
❑ Addressee
❑ Opinion Paragraph
❑ Basis for opinion
❑ Going Concern
❑ Key Audit Matters
❑ Other information
❑ Responsibilities for the financial statements
❑ Auditor's responsibilities for the audit of the financial statements
❑ Other reporting responsibilities
❑ Name of the engagement partner
❑ Auditor’s Signature
❑ Auditor’s Address
❑ Date of the report
Key audit matters

❑ Key audit matters. Those matters that, in the auditor’s professional judgment, were of most
significance in the audit of the financial statements of the current period. Key audit matters are
selected from matters communicated with those charged with governance.
❑ Reporting on KAMs aims to improve transparency by helping users to understand the most
significant issues the auditor faced. This should enhance the communicative value of the
auditor’s report.
❑ KAMs are part of every listed company auditor’s report, and can be included by other auditors if
needed. KAMs do not constitute a modification of the report or of the opinion. They are a part
of the standard report which must be tailored to each company’s circumstances. KAMs are not a
substitute for disclosures, for EoM/OM paragraphs, nor for modified opinions. KAMs must
always relate to matters already included within the financial statements.
Matters which the auditor may determine to be KAMs include:
❑ Areas of higher risk of material misstatement, or ‘significant risks’ identified in line with ISA 315
(eg at the planning stage)
❑ Significant judgements in relation to areas where management made judgements
❑ The effect of significant events or transactions
❑ The key part of the definition of KAMs above is that these are the most significant matters.
Identifying the most significant matters involves using the auditor’s professional judgement.

Emphasis of matter paragraphs

❑ An emphasis of matter paragraph is a paragraph included in the auditor's report that refers to a
matter appropriately presented or disclosed in the financial statements that, in the auditor's
judgement, is of such importance that it is fundamental to users' understanding of the financial
statements.
❑ Emphasis of matter paragraphs are used to draw readers' attention to a matter already
presented or disclosed in the financial statements that the auditor feels is fundamental to their
understanding, provided that the auditor has obtained sufficient appropriate audit evidence
that the matter is not materially misstated.
❑ Note that an emphasis of matter paragraph is not used when the issue has been covered as a
key audit matter. The auditor must choose whether a matter is simply a key audit matter, or
whether it needs an emphasis of matter paragraph.
❑ Examples include:
✓ An uncertainty relating to the future outcome of exceptional litigation or regulatory

action
✓ Early application of a new accounting standard that has a pervasive effect on the
financial Statements
✓ A major catastrophe that has had, or continues to have, a significant effect on the
entity's financial position
Other matter paragraphs

❑ An other matter paragraph is a paragraph included in the auditor's report that refers to a matter
other than those presented or disclosed in the financial statements that, in the auditor's
judgement, is relevant to users' understanding of the audit, the auditor's responsibilities or the
auditor's report.
❑ Other matter paragraphs are used where the auditor considers it necessary to draw readers'
attention to a matter that is relevant to their understanding of the audit, the auditor's
responsibilities or the auditor's report.
❑ Examples include:
✓ The auditor is unable to withdraw from the engagement and yet is unable to obtain
sufficient appropriate audit evidence;
✓ The auditor has been requested to report on other matters or to provide more
clarifications in line with the legal jurisdiction of the country.

Modified opinions
❑ Modified opinions are covered by ISA 705 Modifications to the opinion in the independent
auditor's report, which identifies the following three types of possible modification.
✓ A qualified opinion (material misstatement or an inability to obtain sufficient

appropriate audit evidence)
✓ An adverse opinion
✓ A disclaimer of opinion
Reporting deficiencies in internal control

❑ The objective of the auditor is to communicate appropriately to those charged with governance
and management deficiencies in internal control that the auditor has identified during the audit
and that, in the auditor's professional judgement, are of sufficient importance to merit their
respective attentions.
❑ Recap of key qualities of a report to those charged with governance
✓ It should not include language that conflicts with the opinion expressed in the auditor's
report.
✓ It should state that the accounting and internal control systems were considered only to
the extent necessary to determine the auditing procedures to report on the financial
statements and not to determine the adequacy of internal control for management
purposes or to provide assurances on the accounting and internal control systems.
✓ It will state that it discusses only deficiencies in internal control which have come to the
auditors' attention as a result of the audit and that other deficiencies in internal control
may exist.
✓ It should also include a statement that the communication is provided for use only by
management (or another specific named party).
✓ The auditors will usually ascertain the actions taken, including the reasons for those
suggestions rejected.
✓ The auditors may encourage management to respond to the auditors' comments, in

which case any response can be included in the report.

Corporate Governance & Internal Audit

The function of the audit committee
❑ Monitoring the integrity of the financial statements.
❑ Reviewing the company’s internal financial controls.
❑ Monitoring and reviewing the effectiveness of the internal audit function.
❑ If no internal audit function is in place, they should consider annually whether there is a need
for one and make a recommendation to the board. The reasons for there being no IA function
should be explained in the annual report.
❑ Making recommendations in relation to the appointment and removal of the external auditor
and their remuneration.
❑ Reviewing and monitoring the external auditor’s independence and objectivity and the
effectiveness of the audit process.
❑ Developing and implementing policy on the engagement of the external auditor to supply non-
audit services.
❑ Reviewing arrangements for confidential reporting by employees and investigation of possible

improprieties (‘whistleblowing’).
Benefits
❑ Improved credibility of the financial statements, through an impartial review of the financial
statements, and discussion of significant issues with the external auditors.
❑ Increased public confidence in the audit opinion, as the audit committee will monitor the
independence of the external auditors.
❑ Stronger control environment, as the audit committee help to create a culture of compliance
and control.
❑ The internal audit function will report to the audit committee increasing their independence and
adding weight to their recommendations.
❑ The skills, knowledge and experience (and independence) of the audit committee members can
be an invaluable resource for a business.
❑ It may be easier and cheaper to arrange finance, as the presence of an audit committee can give
a perception of good corporate governance.
❑ It would be less burdensome to meet listing requirements if an audit committee (which is

usually a listing requirement) is already established.

Value for money audits

❑ Value for money, as the term suggests, means getting good value from the money that an entity
spends. Value for money is obtained from a combination of the ‘3 Es’:
✓ economy
✓ efficiency
✓ effectiveness.
❑ Economy means not spending more than is necessary to obtain the required resources. At a very
basic level, it means buying supplies from the cheapest suppliers of materials of the desired
quality, avoiding excessive salary payments to employees and avoiding unnecessary spending on
other items of cost.
❑ Efficiency means getting a high volume of output from the resources that are used. The
efficiency of employees is often referred to as ‘productivity’. Efficiency can be achieved by
making better use of equipment and machines (reducing non-use time), improving employee
productivity, making better use of available accommodation or getting better use out of
marketing spending, and so on.
❑ Effectiveness means achieving the objectives of the entity with the resources that it uses. Using
resources efficiently has no value if the resources are not used in a way that achieves objectives.
For example, a manufacturing company may improve efficiency and produce a larger quantity of
output with its available machines.
❑ However, if the extra output cannot be sold, the organisation will not achieve its objective of
increasing profit.
Comparison of external and internal audit
External audit Internal audit
Objective Express an opinion on the truth Improve the company's operations by

and fairness of the financial reviewing the efficiency and effectiveness of
statements in a written report. internal controls.
Reporting Reports to shareholders Reports to management or those charged

with governance.
Availability of Publicly available Not publicly available.

report

Usually only seen by management or those

charged with governance.
Scope of work Verifying the truth and fairness of Wide in scope and dependent on
the financial statements. management's requirements.
Appointment and By the shareholders of the By the audit committee or board of

removal company directors
Relationship with Must be independent of the May be employees (which limits

company company independence) or an outsourced function
(which enhances independence).
Outsourcing the internal audit function

Advantages
❑ Greater focus on cost and efficiency of the internal audit function.
❑ Staff may be drawn from a broader range of expertise.
❑ Risk of staff turnover is passed to the outsourcing firm.
❑ Specialist skills may be more readily available.
❑ Costs of employing permanent staff are avoided.
❑ May improve independence.
❑ Access to new market place technologies, e.g. audit methodology software without associated
costs.
❑ Reduced management time in administering an in-house department.
Disadvantages
❑ Possible conflict of interest if provided by the external auditors (In some jurisdictions – e.g. the
UK, ethics rules specifically prohibit the external auditors from providing internal audit services
where significant reliance will be placed on the work of the internal auditor).
❑ Pressure on the independence of the outsourced function due to, e.g. threat by management
not to renew contract.
❑ Risk of lack of knowledge and understanding of the organisation’s objectives, culture or

business.

❑ The decision may be based on cost with the effectiveness of the function being reduced.
❑ Flexibility and availability may not be as high as with an inhouse function.
❑ Lack of control over standard of service.
❑ Risk of blurring of roles between internal and external audit, losing credibility for both.
CAAT’s & Sampling

Sampling and non-sampling risk
❑ Sampling risk is the risk that the auditor's conclusion based on a sample may be different from
the conclusion that would be reached if the entire population were subjected to the same audit
procedure. In order to reduce sampling risk the auditor needs to increase the size of the sample
selected.
❑ Non-sampling risk is the risk that the auditor reaches an erroneous conclusion for any reason
not related to sampling risk; for example, the use of inappropriate audit procedures, or
misinterpretation of audit evidence and failure to recognise a misstatement or deviation.
Principal methods
❑ The principal methods of sample selection are:
a) Random selection ensures that all items in the population have an equal chance of selection, eg
by use of random number tables or random number generators.
b) Systematic selection involves selecting items using a constant interval between selections, the
first interval having a random start. When using systematic selection auditors must ensure that
the population is not structured in such a manner that the sampling interval corresponds with a
particular pattern in the population.
c) Haphazard selection may be an alternative to random selection provided auditors are satisfied
that the sample is representative of the entire population. This method requires care to guard
against making a selection which is biased, for example towards items which are easily located,
as they may not be representative. It should not be used if auditors are carrying out statistical
sampling.
d) Block selection may be used to check whether certain items have particular characteristics. For
example, an auditor may use a sample of 50 consecutive cheques to test whether cheques are
signed by authorised signatories rather than picking 50 single cheques throughout the year.
However, block sampling may produce samples that are not representative of the population as
a whole, particularly if errors only occurred during a certain part of the period, and therefore
the errors found cannot be projected onto the rest of the population.

e) Monetary unit sampling is a type of value-weighted selection in which sample size, selection and
evaluation results in a conclusion in monetary amounts.
Advantages of using CAATs

a) Auditors can test program controls as well as general internal controls associated with
computers.
b) Auditors can test a greater number of items more quickly and accurately than would be the case
otherwise.
c) Auditors can test transactions rather than paper records of transactions that could be incorrect.
d) CAATs are cost effective in the long term if the client does not change its systems.
e) Results from CAATs can be compared with results from traditional testing – if the results
correlate, overall confidence is increased.
Disadvantages
❑ Setting up the software needed for CAATs can be time consuming and expensive.
❑ Audit staff will need to be trained so they have a sufficient level of IT knowledge to apply CAATs.
❑ Not all client systems will be compatible with the software used with CAATs.
❑ There is a risk that live client data is corrupted and lost during the use of CAATs.
Benefits of using audit software

a) Audit software can perform calculations and comparisons more quickly than those done
manually.
b) Audit software makes it possible to test more transactions than when simply manually scanning
printouts. For example, audit software may facilitate searches for exceptions, such as negative
or very high quantities when auditing inventory listings. The additional information will give the
auditor increased comfort that the figure being audited is reasonably stated.
c) Audit software may allow the actual computer files (the source files) to be tested from the
originating program, rather than printouts from spool or previewed files which are dependent
on other software (and therefore could contain errors or could have been tampered with
following export).
d) Using audit software is likely to be cost-effective in the long term if the client does not change
its systems.

Using the work of an expert

❑ An auditor's expert is an individual or organisation possessing expertise in a field other than
auditing or accounting, whose work in that field is used by the auditor to assist the auditor in
obtaining sufficient appropriate audit evidence. An auditor's expert may be either an auditor's
internal expert (who is a partner or staff, including temporary staff, of the auditor's firm or a
network firm) or an auditor's external expert.
❑ Management's expert is an individual or organisation possessing expertise in a field other than

accounting or auditing, whose work in that field is used by the entity to assist the entity in
preparing the financial statements. Examples:
✓ property valuations
✓ construction work in progress
✓ legal provisions
✓ assessment of oil reserves
✓ specialist inventory – livestock, jewellery
✓ actuarial valuations for pension schemes.
Competence, capability and objectivity

❑ The external auditor must assess the expert’s competence, capability and objectivity before
asking the expert to perform work.
❑ Competence and capability can be achieved by enquiring of the expert's qualifications,

experience, membership of a professional body, published work.
❑ Objectivity can be assessed enquiring whether there are any business or personal relationships
between the expert and the client.

Quality Control
Audit supervisor’s responsibilities in relation to supervising and reviewing the
audit assistants’ work during the audit
❑ During the audit, the supervisor should keep track of the progress of the audit engagement to
ensure that the audit timetable is met and should ensure that the audit manager and partner
are kept updated of progress.
❑ The competence and capabilities of individual members of the engagement team should be
considered, including whether they have sufficient time to carry out their work, whether they
understand their instructions and whether the work is being carried out in accordance with the
planned approach to the audit.
❑ In addition, part of the supervision process should involve addressing any significant matters
arising during the audit considering their significance and modifying the planned approach
appropriately.
❑ The supervisor would also be responsible for identifying matters for consultation or
consideration by the audit manager or engagement partner.
Quality control procedures

❑ Briefing/direction of the team
The audit team should be informed of their responsibilities, the objectives of their work, the
nature of the client’s business and any other relevant information to enable them to perform
their work efficiently and effectively. This will enable them to identify material misstatements
and know which areas require greater attention.
❑ Supervision – tracking the progress of the audit
The audit supervisor should keep track of the progress of the audit in order to ensure the work
is being completed on time or whether action needs to be taken such as bringing in additional
staff to help complete the work or whether to agree an extended deadline with the client.
❑ Supervision – addressing significant matters
The audit supervisor will also ensure that significant matters are being dealt with promptly. If
issues are resolved as soon as they are identified the audit is more likely to be completed within
the agreed timeframe.
❑ Supervision – considering competence of team
The audit supervisor will consider the competence of the audit team and will provide additional
coaching if required. The supervisor should be available for the team members to refer to in
case of any queries.
❑ Consultation
Consultation will be required where the team does not have the necessary expertise. The audit
supervisor should identify any areas where consultation with an expert is required and make

arrangements for such consultation whether this is referring the matter to another person
within the audit firm or using an external expert.
❑ Review of work
Each team member’s work should be reviewed by someone more senior. This is to ensure the
work has been to the required standard. The reviewer may identify additional work that needs
to be performed before a conclusion can be drawn reducing the risk that material
misstatements go undetected.
❑ EQCR
An engagement quality control review will be necessary for listed clients and other high risk
clients, for example to provide an additional safeguard for clients where independence issues
have been identified. The engagement quality control reviewer should be someone independent
of the audit team who has no prior knowledge of the client and is able to assess the judgmental
areas of the audit with an objective mind. The EQCR will review the proposed audit opinion and
assess whether there is sufficient = appropriate evidence to support that opinion before it is
issued.
❑ Documentation
Audit work must be documented to provide evidence that the work was performed in
accordance with professional standards and provides a basis for the audit opinion issued.
Documentation should enable an experienced auditor to understand the nature, timing and
extent of the procedures performed, the results of those procedures and any significant
judgments formed. If the auditor’s report is called into question at a later date, the audit
documentation should be able to prove that the auditor had performed the audit to the
required level of quality. Documentation therefore provides protection in the event of a
negligence claim.

F8 Theory Notes

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

F8 Theory Notes

Uploaded by

Copyright:

Available Formats

Knowledge Based Topics

AUDIT & ASSURANCE – F8

Compiled by: Rashid Hussain

Introduction to the Audit

✓ the intended users (of the information)

(ii) an appropriate subject matter

(iii) suitable criteria, against which the subject matter is evaluated/measured

(iv) sufficient appropriate evidence

(v) a written assurance report in an appropriate form.

Types of assurance engagement

✓ Gathers sufficient appropriate evidence to be able to draw reasonable conclusions.

✓ Gives a positively worded assurance opinion.

✓ Gives a high level of assurance (confidence).

Limited assurance engagement

✓ Gathers sufficient appropriate evidence to be able to draw limited conclusions.

✓ Gives a negatively worded assurance opinion.

✓ Gives a moderate or lower level of assurance than that of an audit.

COMPILED BY: RASHID HUSSAIN 1

✓ Performs significantly fewer procedures mainly enquiries and analytical procedures.

True and fair

Directors' benefits Whether disclosure of directors' benefits has been made in

COMPILED BY: RASHID HUSSAIN 2

International Standards on Auditing (ISAs)

❑ In addition, if users compare the financial statements of a number of companies, it is important

COMPILED BY: RASHID HUSSAIN 3

❑ Integrity – to be straightforward and honest in all professional and business relationships.

❑ Confidentiality – to respect the confidentiality of information acquired as a result of

Five Ethical Threats (SSAFI)

COMPILED BY: RASHID HUSSAIN 4

Other Pre-Acceptance Considerations

❑ resources (time and staff) available to do the work

❑ the integrity of the client and its directors

❑ the level of audit risk

❑ whether firm has the competence to do the work

❑ The incoming firm should also go through a process of Professional Clearance

❑ The objective and scope of the audit;

❑ The responsibilities of the auditor;

❑ The responsibilities of management;

❑ Expected form and content of any reports to be issued;

❑ Elaboration of the scope of the audit with reference to legislation;

COMPILED BY: RASHID HUSSAIN 5

Audit Strategy Document

Co-ordination, supervision and Details the extent of involvement of experts, client

COMPILED BY: RASHID HUSSAIN 6

Difference between the audit strategy and the audit plan

Audit Risk & Components of audit risk

Materiality and Performance materiality (ISA 320)

COMPILED BY: RASHID HUSSAIN 7

❑ The assessment of what is material is ultimately a matter of the auditor’s professional

COMPILED BY: RASHID HUSSAIN 8

Discussion among the audit team

Laws & Regulation

COMPILED BY: RASHID HUSSAIN 9

Use of analytical procedures

❑ Analytical procedures as substantive procedures - Analytical procedures can be used as

Interim & Final Audit

Typical work carried out at the interim audit includes

❑ recording the system of internal control.

COMPILED BY: RASHID HUSSAIN 10

Typical work carried out at the final examination includes

❑ Follow up of items noted at the inventory count.

❑ Obtaining confirmations from third parties, such as bankers and lawyers.

❑ Analytical reviews of figures in the financial statements.