Professional Documents
Culture Documents
Movable property
No nominal/par value
Co. can’t issue shares to itself
No rights until issued
Co. subsequently acquires its own shares/surrendere to co. = “authorized not issued” status
s36: Authorisation:
1
s39: Subscription of shares
s42: Options
BOD can issue secured/unsecured debt instruments + det. if secured/unsecured (doc must
indicate)
2
Can grant special privileges – attending + voting @ general meetings; appointment
directors; allotment, redemption, substitution of instrument for shares
Trustee – not director, PO or related; no conflicting interest in co.; knowledge +
experience; 75% instrument holders approval
BOD can auth. co. to provide fin assist. (loan etc.) to any person to subscribe
for/purch. securities/options issued by co.
Can’t auth. UNLESS pursuant to:
o ‘ee share scheme; or
o special resolution adopted within prev 2 yrs approving
assistance AND
o BOD satisfied that after fin assist, S&L test satisfied + terms fair & reasonable to co.
If void, director liable ito s77
BOD can auth. co. to provide direct/indirect fin assistance to director/PO/person related
Provide written notice to s/hs + TUs of ‘ees :
o Value > 1/10 of 1% of co.’s net worth: within 10 bus days after resolution
o Any other: within 30 bus days after end of fin yr
Can’t auth. UNLESS – same s44
If void, director liable ito s77
BOD (by resolution) approve issue of caps shares + can also permit s/h entitled to caps
to elect to receive cash
Can’t offer cash UNLESS
o S&L ito s46
3
o BOD satisfied that comply
Certificate
o State on face: co. name; person to whom issued; no. + class; transfer restriction;
o Signed by 2 auth persons
o = Proof of ownership
Transfers entered in securities register (for certificated)
4
Governance of Companies
15 bus. days before for Public co. ; 10 days before for any other case
Can call meeting with less if: all present + waive notice
Immaterial defect in form + manner/failure to deliver = doesn’t invalidate action taken
In writing:
o Date, time, place
o Purpose
o Copy of proposed resolution
o Statement of entitlement to proxy
o AGM – must present FS
Before meeting:
o present ID
o satisfied of right to participate + vote at meeting
Can be conducted electronically (as long as all can communicate concurrently)
o @ expense of s/h or proxy
Vote:
o by show of hands (1 vote each)
o polling (in acc. with voting rights)
5
s64: Meeting quorum & adjournment
Can’t begin meeting/decide on matter until sufficient persons present (25% of voting rights)
If >2 s/hs, meeting no begin unless:
o at least 3 s/hs present
o minimum of 25% voting rights satisfied
If in 1 hr, not met – postpone meeting 1 week / matter to later time in meeting (otherwise
adjourn 1 week)
No further notice of postponed/adjourned meeting unless location different
Ord. or Special
Any 2 s/hs:
o propose resolution (must be clear + specific + supported sufficient info)
o request to be submitted to s/hs @ meeting demanded/nxt s/h meeting/ written vote
S/h or director believe from not satisfy req., apply to court to
o restrain resolution being put to vote
o require approp. steps to alter resolution
Ord = 50%+ of voting rights
Special = 75% + of voting rights
MOI can alter % to higher % but at least 10% bet. ord + special
Bus./affairs of co. managed by BOD – authority to exercise all powers + perform functions of
co.
BOD comprise:
o for Prvt/Pers. Liab. = at least 1 director
o for Public/Non-profit = at least 3 directors
Profit co. (other than SOC) – s/hs elect at least 50% of directors
Election/appointment = nullity if @ time, ineligible/disqualify. ito s69
Entitled to serve when – appointed + deliver written consent to co.
Remunerated ito special resolution adopted within prev. 2 yrs
6
o vacancy filled only if majority support
BOD can appoint on temp. basis until election
Vacancy arises:
o term expires
o resign/die
o incapacitated + unlikely to regain capacity
o declared delinquent
o become ineligible/disqualified
o removed by resolution of s/hs / directors or order of court
Filled by:
o New appointment
o Election at next AGM, or within 6 months at s/h meeting or by poll
File notice in 10 days if person becomes/ceases to be director
7
Before consider resolution:
o Give director notice of meeting + proposed resolution
o Afford opp. to make presentation to meeting before resolution put to vote
If >2 directors + s/h or director alleges that a director:
o become ineligible/disqualified
o incapacitated
o neglected/been derelict in performance of
functions BOD must det. matter by resolution & may
remove director
o Give director notice of meeting + proposed resolution
o Afford director opp. to make presentation to meeting before resolution voted
Director concerned (or person who appointed) can apply to court in 20 days to
review determination
Board can appoint any no. of committees + delegate any of auth. of BOD to com
Com can incl. persons who are not directors but:
o may not be ineligible/disqual. from being director
o no vote on matter to be decided by com
Com has full auth. of BOD iro matter referred to it
Minister can prescribe categ. of co.s must have SEC (look @ ann. turnover, workforce
size, nature + extent of activities)
o Co. can apply to Tribunal for exemption if prove some formal mechanism
performs same function or not necessary in public interest (exemption valid for 5
yrs)
Decision that could be voted on at meeting may instead be adopted by written consent of
majority of BOD provided each received notice = same effect as voting
s75: Director’s personal financial interests (not apply if decision affects all directors or class
of persons of which director is member UNLESS only members are the director + related; 1
person holds all ben interests and is only director)
8
If person only director but doesn’t hold all ben interests – may not
o approve/enter agreement in which person/related has personal fin interest
o det. any matter in which person/related has pers fin
director disclosed
Director/related has pers fin interest iro matter to be considered @ BOD meeting, director
o disclose interest + nature before matter considered
o disclose material info
o observations relating if requested to do so
o if present @ meeting, leave immediately after disclosure
o not take part in consideration
o while absent:
regarded as being present (sufficient dir present to constitute meeting)
not regarded present for det. resolution has sufficient support
o not execute any doc on behalf of co. relating to matter unless board requests
If director/related acquires pers fin interest in which co. has material interest, disclose
nature + extent of interest to BOD/s/hs
Decision, tx or agreement by BOD = valid in spite of pers fin interest, only if:
o approved following disclosure OR
o if approved w/o disclosure, was ratified by ORD RESOLUTION or declared valid by
court
Director must:
o not use position/info obtained in capacity as director:
to gain advantage for himself/another person other than co.
knowingly cause harm to co.
o communicated all info comes to att. to BOD unless
believes info is immaterial or generally avail.
bound not to disclose
Director must perform functions:
o in good faith + for proper purpose
o in best interests of co. AND
o with degree of care, skill, diligence reasonably expected of person carrying
out same function
[Best interests + degree of..] satisfied if:
o D took steps to become informed about matter
o Either no mat. pers fin interest or disclosed pers fin interest (s75)
o made decision + believes in best interest of co.
9
Director held liable:
o common law iro breach of fid. duty or for loss, damage, costs sustained by co. due to:
not disclosing pers fin interest
using position/not commun. info to BOD
not acting in good faith or in best interests of co.
o common law for delict due to:
no degree of care, skill…
breach Co. Act
breach MOI
Director liable for costs, loss, damages sustained by co. due to:
o acting in name of co. etc. despite knowing lacked authority
o reckless trading (s22)
o party to act/omission despite knowing was to defraud creditor, ‘ee, s/h
o signed, consented to, authorized FS (false/misleading); prospectus with an untrue
statement
o present at meeting + failed to vote against… [OTHER SECTIONS]
director can apply to court to set aside decision of BOD
Joint + several liability
Proceedings to recover costs, loss, damage from person held liable can’t commence more
than 3 yrs after act/omission
Any proceedings against director (other than willful misconduct/breach of trust), court can
relieve director if it appears to court that:
o acted honestly + reasonably
o fair to excuse director
Any provision of agreement, MOI, rules of co. or resolution = void to extent that:
o relieves director of:
duty to disclose pers fin interest or directors conduct
liability ito s77
o negates, limits or restricts legal consequences iro willful breach of trust/misconduct
Co. can’t pay fine imposed on director if convicted of offence (unless based on strict
liability)
Co. can advance expenses to director to defend litigation due to services to co. &
directly/indirectly indemnify director for expenses if proceedings abandoned or exculpate
director
Can’t indemnify director:
o liability for
acted in name, reckless trading, defraud
willful misconduct/breach of trust
o fine
Co. can purchase insurance to protect director against liab/exp for which they can
indemnify dir. OR co. against contingency
10
Co. can claim restitution from director for money paid directly/indirectly in any manner
inconsistent with s78
Company Secretary
s88: Duties of CS
Accountable to BOD
Duties incl.:
o guidance to BOD ito duties, responsibilities & powers
o making aware of laws relevant to co.
o reporting to BOD any failure of co. to comply with MOI or Act
o ensuring minutes properly recorded ito Act
o ensuring copy of AFS sent to every person entitled to it
s89: Resignation/removal of CS
Auditors
11
s90: Appointment of Auditor
Same individual cannot serve as Auditor for >5 consec. fin yrs
If served for 2+ consec. fin yrs and then cease, cannot be reappointed until further 2 yrs
12
o attend any gen s/h meeting
o receive notice of/any other comm. relating to gen s/h meeting
o be heard at s/h meeting on any part concerning auditor’s duties + functions
Can apply to court for order to enforce above rights
May not perform services for co. that would place auditor in conflict of interest
Audit Committees
Public co., SOC or any other req. to ito MOI must elect audit committee with at least 3
members
First members appointed by:
o incorporators
o BOD within 40 days of incorporation
Each member must:
o be director of co.
o not be:
involved in day to day management currently or in prev. fin yr
PO/full time ‘ee of co. or related co. currently or in prev. 3 fin yrs
material supplier/customer of co.
any person related to above
Vacancy filled within 40 bus. days
Duties:
o Nominate auditor
o Det. fees to be paid to auditor
o Ensure appointment complies with Act
o Det. nature + extent of non-audit services
o Pre-approve agreement for non-audit services
o Prep report on:
How carried out duties
Satisfaction with indep. of auditor
Comment on FS, acc policies + int. fin control
o Receive + deal with complaints ito acc practices, content/auditing of FS, int controls
Considering whether indep.:
o Ascertain that doesn’t receive remun. except as auditor + for agreed non-audit
services
o Consider whether indep. prejudiced by prev. appointment or extent of
consultancy/advisory work undertaken for co.
Appointed only if Audit Com satisfied with independence
Co. must pay all expenses reasonably incurred by Audit Com
13
Fundamental Txs, Takeovers & Offers
Board can propose + implement arrangement between co. & s/hs for:
o share consolidation, division, expropriation, exchange, re-acquisition or
combination of methods
Need indep expert to compile a report
o Qualified, competent & experienced
o Impartial
o Not related to co. or person related to co.
14
o ADR
o apply to Co. Tribunal for adjudication
o apply for relief with High Court
o filing a complaint with Panel or Commission
Co.,s/h, director etc. (not ‘ee) apply to court for order to declare person delinquent or
under probation if:
o person is director or within 24 mths preceding was a director
Court declare delinquent if:
o Served as a director while ineligible or disqualified ito s69 (lifetime)
o While under order of probation, contravened order (lifetime)
o While director:
abused position
took personal advantage of info
intentionally/gross negligence inflicted harm on co./subsid.
acted with gross negligence, willful misconduct or breach of trust
o At least twice convicted of offence, admin fine or penalty
o 5 yrs was director/managing member of 1+ co.s convicted of offence/admin fine or
penalty
15
Person placed under probation if: (no longer than 5 yrs)
o While director:
present at meeting + failed to vote against resolution (co. no meet S&L test)
acted inconsistent with duties of director
o Period of 10 yrs, director of 1+ co. & during time, 2+ co.s failed to pay creditors/oblig.
Before resolution, s/h can give co. written notice of objection and:
o Demand (within 20 days of notice) co. pay s/h fair value of shares held in the co. if:
S/h sent notice of objection and
holds shares of class materially and adversely affected;
Co. adopted resolution
S/h voted against & complied with procedural req.
o Co. must pay agreed amt in 10 bus days after s/h accepted offer
S/h can apply to court to det fair value and make order requiring co. to pay
Fair value det. at date & time immed. before adopted resolution
If co. unable to pay debts in 12 mths:
o apply to court to vary obligation :. make order just & equitable + ensure person
paid at earliest possible date
Disclose confidential info obtained ito carrying out a function of Act or from
initiating a complaint/proceedings of Act = OFFENCE
Not apply to:
o required by court or law
o for justice
16
o at request of Commission, Tribunal, Panel etc.
o for enforcement of Act
s216: Penalties
Any person who contravenes any provision of this Act is liable to any other person
for any loss or damage suffered by person as result of contravention
17
GENERAL COMPUTER
CONTROLS
General computer controls are controls which establish an overall framework of control
for computer activities. They should be in place before any processing of transactions gets
underway and they span across all applications.
Categories
1. Control environment
2. System development &
implementation
3. Access controls
4. Continuity of operations
5. System software & operating
controls
6. Documentation
1. Control environment
- King III : IT governance must be cultivated and promoted and should align with the
ethical culture of the organisation.
- Strong ethical culture is NB because IT personnel have access to confidential and sensitive info.
- IT management should communicate a code of ethical behaviour, comply with it
themselves & take strong remedial action against those who fail to comply.
- demands are high i.t.o. skills, knowledge and ability to handle pressure, for IT jobs
- IT management should be committed to matching the above to an individual’s job
description. Performance reviews & regular discussions w/employees encourage this
3
1.3 Participation by those charged with governance
- King III: governance is the overall responsibility of the board & it should provide
leadership & direction to ensure that IT achieves, sustains & enhances the
company’s strategic objectivity
- Board should appoint an IT steering committee to assist with governance of IT
- IT dept. Should not be seen as a “separate” entity only answerable to itself
- King III: CEO should appoint CIO who is suitably qualified and experienced.
He should interact on a regular basis with
o The board
o Steering comm. and audit comm.
o Executive management
- Overall functions of supervision, execution and review w/in the dept. should be
segregated as far as possible
42
- Same as for other skilled personnel
- Characteristics of honesty, competency and trustworthiness of personnel are
paramount in the comp environment
- Proper recruiting policies, careful checks
- Immediate exclusion from computer facilities if ee’ is dismissed
- Compulsory leave ee’s involved in unauthorised tx’s will be uncovered
- Training and development to keep staff up to date and fulfil their functions effectively
- Written formalisation of HR policies
- Rotation of duties
- Strict policies pertaining to private use of computer facilities by IT personnel (and
other ee’s should be in place) eg. Internet use and running private jobs
Systems development = significant changes relating to computerized systems :. following aspects can
either be new or significantly changed: hardware, software, communication devices, personnel
procedures, docs, control procedures.
1. Standards:
2. Project Approval
5
Carry out feasibility study which results in:
o in-house development proposal
o proposal to purchase software
o rejection of project
Cost-benefit anaylsis performed which gives money value to requirements for project + benefits
Steering Committee approval
3. Project Management
Project team (IT, user, accounting + internal audit personnel) formed by Steering Committee
Planned in stages
Responsibility allocated to approp. staff
Deadlines set
Progress monitored to ID problems
Regular progress reports
4. User Requirements
Specifications documented
Programming should be ito std programming conventions
Carried out in development environment + no access to live environment
6. Testing
7. Final Approval
8. Training
Formal training programme set up (personnel trained, dates, times, who is training them)
User manuals + new job descriptions compiled
9. Conversion: ensure programs + info taken to new system are complete, accurate & valid
6
Conversion considered a project in itself
Data cleanup (checked + discrepancies resolved)
Conversion Method selected:
o Parallel processing
o Immediate shut-down of old when new is implemented
o Conversion of entire system at once
o Phasing in different aspects over a period
Controls over Preparation & Entry of data onto new system
o old + new file comparisons
o reconcile original to new files using record counts & control totals
o follow up exception reports
Users, IT personnel & auditors review system several months after implementation
11. Documentation
Project, all activities took place + system itself documented and docs backed up + stored offsite
1. Advantages
Lower cost
Project is far quicker (development + testing done by developers)
Can be demonstrated upfront
Technical support available (from skilled + knowledgeable individuals)
Can usually upgrade on ongoing basis
2. Disadvantages
3. Controls
7
Purchase authorization from CIO + BOD
Train affected IT personnel + users
Conversion – same as in-house development
Post Implementation Review - same as in-house development
Documentation – planning + execution of project documented
Ongoing need to modify applications to meet changes in user req., improve ways of
presenting info etc. This requires changes to application programme – control to prevent
unauthorised changes!
3. Access Controls
- prevent unauthorised access to a system (data & programmes) & to the hardware
- allow authorised employees to access hardware, programs & data they require to do
their jobs effectively & efficiently
- Access to following must be controlled:
o Hardware
o Computer functions – system level
o Computer functions – application level
o Data files/ databases
o Utilities
o Documentation (electronic or hard copy)
o Communication channels
-
8
3.1 Security Policy
- Equipment (e.g. CPU, servers, secondary storage devices, etc.) housed in data centre
- Physical controls prevent unauthorised entry to IT data centre
o IT department could be contained in separate building/ wing
- Dedicated room for equipment to be housed (data centre)
- Access to IT building (or wing) controlled & further access to data centre far more strictly
controlled (people may have access to IT department but then access to data centre is
denied)
- Physical Controls:
o Visitors to IT building should:
Have official appointment to visit IT personnel
On arrival cleared at entrance (e.g. by phone call to IT department)
Be given ID tag & escorted to department
Not be able to gain access through the locked door (i.e. must “buzz”)
Wait in reception to be met by whoever they have come to see
Be escorted out the department at conclusion of meeting
o Company Personnel (other than IT personnel)
No need for other personnel to enter data centre
Access to IT department controlled practical manner other personnel
will need to be in contact with IT department staff regularly
o Physical entry to data centre
Only individuals who NEED access to data centre should be able to gain entry
Access points limited to 1
Access through a door which is locked
Locking device pin code/ swipe card
Entry/ exit point may be under CCTV
o Remote workstations/ terminals (distributed around the offices)
9
Locked & secured to desk
Placed where they are visible
Not near a window
Offices should be locked at night & on weekends
11
4. Continuity of Operations
Controls aimed at protecting computer facilities from natural disasters as well as acts of
destruction, attack or abuse by unauthorized people.
Location:
o away from obvious hazards (river banks, main traffic areas, factory, hazardous materials)
o within secure area within a building (no outside walls + windows)
o secure door + access control devices
Fire & Flood:
o Automatic gas release, smoke detectors, fire extinguishers, no smoking allowed
o Situated above ground level + away from water mains
o Raised flooring in computer room
Power surges:
o “uninterrupted power supply” equip. + back-up generators
Heat & Humidity:
o Air conditioning (on own electrical circuit)
Physical Access Controls: see 5.3
12
4.3 Disaster Recovery
Disaster recovery plan:
o written doc of procedures + ‘ees to carry out
o widely available
o addresses priorities
o plan is tested
Backup strategies: copies of all/parts of files, databases, programmes
o frequently back up significant accounting + operational data + programme files
o 3 generations of backups maintained (grandfather, father, son)
o most recently backed up info stored off-site
o backups in fireproof safes + on-site backups stored away from computer facilities
o critical data + programs copied in real time to “mirror site”
o copies of user + operations docs kept off-site
13
o System support programmes such as anti-virus software, data compression
software, etc.
- Controls should be in place to make sure computer system (hardware & software)
is running smoothly & effectively:
o Operating policies & procedures which are fully documented, regularly
reviewed & updated
o Log of activity (e.g. hardware malfunction, intervention by personnel during process)
o Skilled technicians to resolved operating problems for users
o Adherence to international system software control protocols
o Follow up on access violations
o Follow up on potential virus infection
o Adherence to manufacturers’ equipment, maintenance & usage guidelines
o Strict supervision & review of IT employees
6. Documentation
- Sound documentation policies are essential documentation critically important:
o Improving overall operating efficiency
o Providing audit evidence (i.r.o. computer related controls)
o Improving communication at all levels
o Avoiding undue reliance on key personnel
o Training of users when systems are initially implemented
- 2 major objectives:
o All aspects of computer system should be clearly documented
o Access to documentation should be restricted to authorised personnel
- Documentation standards pre-determined standards should exist &
adherence to documentation enforced, these standards should require at
least:
o General systems descriptions
o Detailed descriptions of program logic
o Operator & user instructions (incl. error recovery procedures)
o Back-up & disaster recovery procedures
o Security procedures/ policy
o User training
o Implementation & conversion of new systems
- This document should be promptly updated for any changes & responsibility for this
task should be allocated to specific individuals (isolation of responsibility)
- Back-up copies of all documentation should be stored off-site
- Access to documentation should be restricted to authorised personnel
14
APPLICATION COMPUTER
CONTROLS
Application Control is any control within an application which contributes to the accurate &
complete recording & processing of transactions which have actually occurred, and have been
authorized.
Includes control over masterfiles which are used to store standing info & balances.
1.1 Introduction
Achieved by controlling access which ‘ees have to the system itself, applications on it
& modules within the application
Achieved by setting up user profiles that detail exactly what ‘ee must be given access to
& what he can do when he has access
Computer produces a log of who did what & when they did it
If log is properly followed up, becomes an effective way of isolating responsibility
Unique user IDS & Passwords to record identity of ‘ee performing the duty/tx
System programmed not to proceed if certain conditions/controls have not been satisfied
1
Can’t place order with supplier who isn’t on Approved Supplier Masterfile
Limits placed on discounts that can be granted
Can’t proceed with EFT unless 2 passwords entered to authorize
Preset parameters that need to be satisfied
On-screen authorization by authorizing person e.g. “Approve” option
1.5 Custody
Cash in the bank – control unauthorized removals from bank acc. by:
o Controlling co. cheque book
o Limiting signing powers to snr officials
o Reconciling cash book with bank statement
o EFTs: 2 snrs authorizing & releasing the funds
Debtors – matter of protecting information about debtor in Masterfile, tx files & supp. docs
2
Computerised system automatically compares data on the system and produces reports
More accurate and effective than manually
Reviews & analysis of actual performance vs budgets, forecasts & prior period performance
Computerised system can produce a number of useful reports, comparisons, recons &
reasons for differences.
Txs can be tracked on screen as they are carried out.
2.1 Batching
~ Source documents collected into batches, usually after manual checks have
been performed & entered via the keyboard with control totals in these
batches (relevant programme checks take place as info is keyed in)
~ Transaction info converted into machine readable form & held on a transaction
file on the computer system
~ Transactions are then processed as a batch when it is convenient to do so &
relevant masterfiles are updated
~ Control totals before & after processing are compared
~ Not common, slow & info is not up to date
On-line entry; batch processing/ update
~ Transaction data entered via a keyboard immediately as each transaction
occurs (relevant programme checks take place as info is keyed in)
~ Transaction info is converted into machine readable form as each transaction
occurs & is held on a transactions file on the computer system
~ Control totals are created by the computer on the batch for the transactions file
~ Transactions are processed as a batch & relevant masterfiles are updated
~ Entry of transaction is efficient, but info is not immediately up to date
On-line entry; real-time processing/ update
~ Transaction data entered via a keyboard immediately as each transaction
occurs (relevant programme checks take place as info is keyed in)
~ Relevant masterfiles are updated immediately
~ Entry of transaction is efficient & info is right up to date
- All the features, procedures or controls built in application software & reflected on screen
to
assist user to capture info accurately & completely
- And to link the user’s access privileges to screen in front of them
* Minimum keying in of info: less info that has to be entered, the less errors are
likely to occur & less time it takes (i.e. drop down menus)
* Screen formatted: in terms of what hardcopy would look like; & to receive
essential data in order it is required
* Screen dialogue & prompts: messages sent to user to guide them
* Mandatory fields: keying in will not continue until a particular field has been
entered (highlighted / indicated with a star)
* Shading of fields: will not react if “clicked-on” - can’t be changed
- Controls built into application software intention of validating/ editing info/ data
- Errors are reduced & info is provided timeously
- An error in programming can undo benefits of input controls & error will be processed
4
over & over again
- Input controls:
* Existence/ validity checks:
~ Validation checks: validate data keyed in against masterfile
~ Matching checks: input matched against data that is already in database
~ Data approval/ authorisation checks: test input against a preset
condition
* Reasonableness & limit checks
~ Limit checks: detect when field entered does not satisfy a limit which
has been set (hrs worked; credit limit etc.)
~ Reasonableness checks: data must fall within reasonable limits when
compared to other data (usually for orders place)
* Dependency checks: entry will only be accepted depending on what has been
entered in another field
* Format checks
~ Alpha-numeric checks: data can only be numeric or alphabetics
~ Size checks: pre-set size limit
~ Mandatory field/ missing data checks: detect blanks where none should
exist
~ Valid character & sign check: letters, digits or signs entered in a field
are checked against valid characters/ signs in that field (minus sign can’t
be entered in a quantity field)
* Check digits: a redundant (extra) character added to an account number (for
incorrect codes/account no.s etc.)
* Sequence checks: detect gaps/ duplications in sequence of numbers
- Processing controls: assist in ensuring data is processed accurately & completely
* Programme edit checks
~ Sequence test: detect gaps
~ Arithmetic accuracy check: reverse multiplication
~ Reasonableness/ consistency/ range test: result compared to
other info for reasonableness
~ Limit test: predetermined limit
~ Accuracy test: totals of all columns added across & compared to total
amount
~ Matching: comparing data which has been processed against data
which is already in database
* Programme reconciliation checks: recons of control & other totals (pre-
processing totals reconciled to post-processing totals)
~ Control totals: record counts, hash totals from input compared to record
count & hash totals after processing
~ Run-to-run totals: final balance after processing compared to opening
balance & individual totals of transactions
~ Parity checks: redundant bit is added to data to make the sum of
bits in the data even or odd (change in parity indicates an error has
5
occurred)
~ Valid operation code: processor checks if instruction it is executing is
one of a valid set of instructions
~ Echo check: processor sends activation signal to input/ output device
– that device returns a signal showing it was activated (used to detect
corruption of messages in transit)
~ Equipment check: input/ output devices are activated prior to a
read/ write operation to ensure they work correctly
- To ensure output is accurate & complete & that its distribution is strictly controlled
* Controls over distribution will include preventive controls such as:
~ Clear report identification: name of report, time & production no. of
report, processing period covered, sequenced pages & “end of
report” messages
~ Distribution matrix of who is to receive which output & when
~ Movement of hardcopy should be controlled by distribution list &
entered in a register
~ Confidential info designed to promote confidentiality (i.e. sealed
envelopes)
~ Output not required should be shredded
* User controls will include (all detective controls)
~ Review of output for completeness
~ Recon of input to output
~ Review of output for reasonableness
~ Review & follow up of any exception reports produced during processing
4. Masterfile Amendments
- Masterfile contains NB data which if not protected from unauthorised change can have
negative results for company
- Objective of application controls over masterfile amendments :
o Only valid (authorised) amendments are made to masterfiles
o Details of amendment are captured & processed accurately & completely
o All masterfile amendments are captured & processed
* Record all masterfile amendments on a source document (Masterfile
Amendment Forms – pre-printed, sequenced)
* Authorise MAF – signed by 2 reasonably senior personnel, cros referenced to
supporting doc.
* Review masterfile amendments to ensure they occurred, were authorised
& were accurately & completely processed
7
AUDIT PLAN
3.1 UNDERSTANDING THE ENTITY & ITS ENVIRONMENT, INCLUDING ITS INTERNAL
CONTROL
Term “Internal Control” (IC) , areas of business it relates to & interest of management (M) +
auditors in ICs
Five components of IC
Purpose of IC
Limitations of IC
Different techniques to document info on accounting + IC systems of a business
Assertions
Computerised environment’s impact on IC
Business cycles
o Revenue & Receipt
o Acquisition & Payments
o Payroll & Personnel
o Production & Inventory
o Cash & Bank
1
3.1.2 Aspects of Entity, its Environment incl Internal Control that Auditor should
obtain an understanding of (incl. fraud, relevant laws + regulations & corporate gov
(ODT 200))
When obtaining understanding of controls relevant to audit, Auditor must evaluate design of
controls to determine if they’ve been implemented by performing procedures in addition to
inquiry.
1. Control Environment:
2
3. The Information System → communication of roles & responsibilities ito fin
areas:
5. Monitoring of Controls
a. Scope
b. Characteristics of Fraud
Misstatements in FS arise from either fraud or error – distinguishing factor is whether action is
intentional or unintentional.
2 Types of Fraud:
o Fraudulent Financial Reporting (manipulation, falsification, misrepresentation or
intentional omission)
o Misappropriation of Assets (theft; usually by employees; personal use of assets etc.)
Auditor may suspect/ID fraud but doesn’t make legal determinations of whether it has
occurred
3
c. Responsibility for Prevention & Detection of Fraud
Primary responsibility = those charged with governance + management of entity
Must create a culture of honesty & ethical behavior
Oversight by those charged with governance includes considering potential for override of
controls
o Obtain reasonable assurance that FS as a whole are free from material misstatement
o Due to inherent limitations, there’s unavoidable risk that some mat. misstatement
may not be detected
o Risk not detecting mat. misstatement resulting from fraud is higher than from error –
fraud may involve sophisticated schemes designed to conceal:
Forgery
Deliberate failure to record txs
Intentional misrepresentations to auditor
o Risk of not detecting misstatement due to management fraud greater than for employee
fraud
Management in position to manipulate accounting records, present fraudulent fin
info or override controls
o Auditor responsible to maintain professional skepticism
d. Objectives
Objectives of Auditor:
e. Definitions
Fraud: intentional act involving the use of deception to obtain an unjust or illegal advantage
Fraud Risk Factors: events/conditions that indicate an incentive or pressure to commit
fraud or provide opportunity to commit fraud
f. Requirements
1. Professional Skepticism
4
2. Discussion among Engagement Team
Auditor make inquiries of M & others within entity to determine if they have
knowledge of actual/suspected fraud in entity
Auditor make inquiries of internal audit function to det. if have knowledge of
actual/suspected fraud
Obtain understanding of how those charged with gov. exercise oversight of M’s
processes for ID + responding to risks of fraud
Make inquiries to det. if have knowledge of actual/suspected fraud
a. Scope
5
Auditor’s responsibility to consider laws & regulations in an audit.
Responsibility of Auditor
ISA distinguishes Auditors responsibilities iro compliance with 2 categories of Laws &
Regulations(L & R):
o Provisions of L & R with a direct effect on material amts + disclosures in FS e.g. tax
Auditor’s Responsibility: obtain sufficient approp. audit evidence
regarding compliance with provisions of these L&R
o Other L & R do not have direct effect on amts + disclosures in FS but are
fundamental to operating aspects + entity’s ability to continue business/avoid
penalties
Auditor’s Responsibility: limited to undertaking specified audit procedures to
help ID non-compliance with those that may have material effect on FS
d. Objectives of Auditor
Obtain sufficient approp. audit evidence iro compliance with L&R recognised to have direct
effect on determination of material amts + disclosures
Perform specified audit procedures to help ID non-complaince with other L&R that may
have mat. effect on FS
Respond approp. to non-compliance
6
e. Definition
f. Requirements
Auditor shall perform following audit procedures to ID non-compliance with other laws +
regulations:
Auditor remain alert to possibility that other audit procedures may bring instances of non-
compliance to auditor’s attention.
Auditor request management to provide written representation that all known instances
of non- compliance (or suspected non-compl.) have been disclosed to auditor.
7
AUDIT STRATEGY
1. ISA 300 Planning an Audit
- In establishing {est.} overall audit strategy, auditor shall:
o Identify characteristics of engage. define its SCOPE
o Ascertain reporting objectives of engage. plan TIMING of audit & NATURE
of communications required
o Consider factors significant in directing engage. team’s efforts DIRECTION
o Consider results of prelim. engage. activities
o Ascertain NATURE, TIMING & EXTENT of resources nec. to perform engage.
Est. overall audit strategy assists auditor to determine:
* Resources to deploy for specific audit areas (i.e. high risk areas
require appropriately experienced team members)
* Amount of resources to allocate to specific audit areas (i.e. number of
team members; or hours allocated to high risk areas)
* When resources are to be deployed (i.e. at interim; or at cutoff dates)
* How such resources are managed, directed & supervised (i.e. briefing
& debriefing meetings & reviews)
Once overall audit strategy has been est., audit plan can be developed to
address matters identified in overall audit strategy need to achieve audit
objectives through efficient use of auditor’s resources
Overall audit strategy & detailed audit plan are inter-related changes in one may
result in changes to the other
Unexpected events, changes in conditions or audit evidence obtained from audit
procedures may call for modification to overall audit strategy & audit plan
[Read Appendix of ISA 300 for considerations in establishing overall audit strategy]
- Auditor update & change overall audit strategy & audit plan as nec. during course
of audit
1
* Understanding of prof. standards & applicable legal & regulatory
requirements
* Technical expertise
* Knowledge of relevant industries
* Ability to apply prof. judgement
* Understanding of firm’s quality control policies & procedures
* Requirement to report to governing body
* Preventing & detecting fraud & corruption
2
APPLICATION:
When putting together an audit strategy – 4 elements need to be considered:
1. Scope
2. Timing
3. Direction
4. Resources
2. TIMING
Audit deadline
Management may require discussions i.e. meeting updates
3. DIRECTION
Materiality
Significant line items
High risk areas/factors
Please refer to Appendix of ISA 300 for considerations in establishing overall audit
strategy!
3
BACKGROUND TO AUDIT &
PRE- ENGAGEMENT
S/O 1 – The audit process:
PHASE 1: Pre-engagement
PHASE 2: Planning
S/O 2 – Assertions:
classes of txs
account balances
disclosures
2.3 Assertions that relate to Txs & Events for the period under review
1
2.4 Assertions that relate to Account Balances
Completeness – assets (A), liabilities (L) & equity that should’ve been recorded have been
recorded
Rights & Obligations – entity holds rights to A & L are obligations of the entity
Existence - A, L & equity interests exist
Valuation & Allocation – A, L & equity interests are included in FS @ appropriate amounts +
resulting
valuation adjustments are approp. recorded
Occurence & Rights & Obligations – disclosed events, txs + other matters have occurred +
pertain to entity
Completeness – all disclosures that should’ve been included in FS have been included
Classification & Understandability – fin info is approp. presented + described &
disclosures clearly expressed
Accuracy & Valuation – fin + other info disclosed fairly & @ approp. amounts
2
S/O 3 – Audit Documentation:
Terminology:
o Audit doc (working papers): record of audit procedures performed, audit evidence
obtained & conclusions reached
o Audit file: 1+ folders/other storage media (physical/electronic form) containing audit
doc for a specific engagement
o Experienced auditor: individual who has practical audit experience &
reasonable understanding of audit processes, ISAs, legal + regul. req,
business environment etc.
ISQC 1
3
Integrity, accessibility or retrievability of data may not be compromised by alteration,
additions or deletions without firm’s knowledge – Controls to avoid unauthorized alteration
or loss:
o Enable determination of when + by whom doc created, changed or reviewed
o Protect integrity at all stages
o Prevent unauth. changes + allow access to docs by ET & other auth. parties only
Need for/period of retention varies with nature of engagement & also depends
on local law/regulation or generally accepted retention periods in jurisdiction
o Retention period for audit engagements ordinarily not shorter than 5 years from
date of Auditor’s report
o Still able to retrieve + access docs during retention period; provide record of
changes made after files completed; enable auth. parties to access + review
ISA 220
1. Timely Preparation
Prep audit doc that is sufficient to enable an experienced auditor (no prev connection with
audit) to understand:
4
o Nature, timing + extent of audit procedures comply with ISAs & applic. legal/reg. req.
o Results of procedures & audit evidence obtained
o Significant matters, conclusions reached + professional judgments made
Auditor shall document discussions of significant matters (nature, when, with whom)
If auditor deems necessary to depart from req in ISA, auditor shall document how
alternative procedure achieves aim of req + reasons for departure
Auditor shall assemble audit doc in an audit file on a timely basis after auditor’s report
After assembly of final audit file complete, auditor shall NOT delete/discard any audit doc
before end of retention period
If finds it necessary to modify existing docs/add new docs after assembly of final audit file,
auditor shall document:
o Reasons for making them
o When + by whom made & reviewed
5
Procedures to carry these out:
o Inspection: examining records/docs or physical examination of assets
o Observation: looking at a process/procedure/control activities being performed by others
o External confirmation: obtaining direct written response from 3 rd party
o Recalculation: checking manually/electronically mathematical accuracy
o Reperformance: auditor’s independent execution of procedures/controls
originally performed by entity
o Analytical procedures: evaluating fin info by analyzing relationships bet. fin + non-fin info
o Inquiry: seeking info from knowledgeable persons within/outside entity
ISA 210
6
5.1 Legal Requirements for Acceptance/Retention of Engagements
Companies Act
Upon incorporation & each year at AGM, a public co. or state-owned co. must appoint an auditor
If doesn’t appoint when registers incorporation, directors appoint first auditor within 40
business days after incorporation
1st auditor holds office until conclusion of 1st AGM of co.
To be appointed as auditor, person/firm
o must be a registered auditor
o must not be:
director/PO of co.
‘ee or consultant of co. engaged in maintenance of co.’s fin records/FS for > 1 yr
director, officer or ‘ee of person appointed as co. secretary
person who regularly performs duties of accountant/bookkeeper or
performs related secretarial work for co.
person who at any time in preceding 5 yrs was any of above
person related to above
o must be acceptable to co.’s audit committee as independent
Retiring auditor may be automatically reappointed at an AGM without passing resolution unless:
o retiring auditor
no longer qualified for appointment
not willing to accept appointment
required to cease due to rotation (s92)
o audit committee objects reappointment
o co. has notice of intended resolution to appoint some other person
Same person can’t serve as auditor for >5 consecutive fin yrs
If individual served as auditor for 2+ consec. yrs then ceases to be auditor, individual
may not be appointed again until expiry of at least another 2 fin yrs
7
s93: Rights & restricted functions of auditors
Auditor
o has right of access at all times to accounting records, books + docs of co.& can
require from directors/POs info/explanations to perform their duties
o of holding co., has right of access to current + former FS of any subsid. & can
require from directors/POs (of holding or subsid.) info/explanations to perform
duties
o entitled to attend any s/h meeting, receive notices/communications iro s/h meeting
& be heard at s/h meeting wrt any part that concerns auditor’s duties/functions
Auditor can apply to court for order to enforce above rights & court can
o make any order that is just + reasonable
o make order of costs personally against directors/POs
Appointed auditor may not perform any services for co. that would place in conflict of interest
At AGM, public co., state-owned co. or other that is req by MOI to have audit com must
elect one comprising at least 3 members (unless co. is a subsid. & audit com of holding
co. will perform fuctions)
First members appointed by incorporators of co. OR board within 40 bus. days after incorp.
8
Considering whether RA is independent, audit com must:
o ascertain that auditor doesn’t receive any direct/indirect remuneration or other
benefit from co. except as auditor or for other services rendered (permitted)
o consider if indep. prejudiced by previous appointment as auditor or
advisory work undertaken by auditor for co.
rules
Framework
ISQC 1
Policies & procedures (P&P) designed to provide reasonable assurance that firm will only
undertake/ continue relationships where the firm:
o Is competent to perform engagement & has capabilities (incl. time + resources)
o Can comply with ethical requirements
o Has considered the integrity of client
Ethical Requirements
Integrity of Client
10
Sources of info: communication with existing/previous providers of
professional accountancy services; inquiry of other firm personnel/3 rd
parties e.g. bankers, legal counsel; background searches of relevant
databases
o If potential conflict of interest identified, firm must determine if appropriate to accept
o If issues identified + firm decides to accept, firm must document how issues resolved
Firm must establish P&P (on continuing client relationship) addressing circumstances
where firm obtains info that would have caused to decline engagement had info been
available earlier (P&P incl. professional + legal responsibilities & possibility of
withdrawing)
Withdrawal
Discuss with appropriate level of client’s management the appropriate action the firm should take
If firm determines that withdrawal is appropriate, discuss with appropriate level of
client’s management the decision + reasons
Determine if there is a professional, legal or regulatory req for firm to remain in place or to
report withdrawal
Documenting significant matters, consultations, conclusions (and basis for conclusions)
ISA 220
Assignment of Engagement
Teams
E-partner must be satisfied that engagement team + any experts (not part of team),
collectively have appropriate competence & capabilities to perform engagement + enable
appropriate auditor’s report
11
E-team includes a person using expertise in specialized area of accounting/auditing –
however, not a member of E-team if involvement is only consultations.
When considering competence + capabilities of E-team, E-partner considers team’s:
o Understanding of/practical experience with engagements similar in nature & complexity
o Understanding of professional standards + legal & regulatory req
o Technical expertise
o Knowledge of relevant industries in which client operates
o Ability to apply professional judgment
o Understanding of firm’s quality control P&P
ISA 300
ISA 220
E-partner remain alert (throughout audit) for evidence of non-compliance by E-team members
Members no comply – E-partner in consultation with firm determine appropriate action
Independence: E-partner form conclusion on compliance with indep req
o Obtain info to ID + evaluate circumstance & relationships that create threats
o Evaluate info on identified breaches
o Take action to eliminate threats/reduce them to acceptable level (using
safeguards) OR withdraw from engagement
ISA 210
Before acceptance/continuance – basis upon which audit to be performed must be agreed through:
management Preconditions
13
If management imposes a limitation on scope of work such that auditor believes it will
result in auditor disclaiming an opinion on FS, auditor shall not accept such
engagement
Other factors
If preconditions not present – auditor shall discuss with management & unless required
by law or regulation, shall not accept engagement:
o If fin rep framework is unacceptable
o If agreement not obtained ito
Terms
Agreed terms of engagement recorded in audit engagement letter & shall include:
o Objective & scope of audit
o Responsibilities of auditor
o Responsibilities of management
o Identification of fin rep framework
o Reference to expected form & content of any reports to be issued by
If fin rep framework supplemented by law or regulation, auditor determine if any conflicts
between fin rep stds & additional req. If so – discuss with management and agree whether:
o Additional req can be met through additional disclosures
o Fin rep framework can be amended
14
ENGAGEMENT LETTER (acknowledged
Responsibilities of Auditor:
Responsibilities of Management:
Fees (billing)
Reporting
15
OVERALL PERFORMANCE &
MATERIALITY
Auditor’s responsibility to apply concept of materiality in planning and performing an audit.
What is materiality?
Auditor obtains reasonable assurance by gathering audit evidence to reduce audit risk
(function of risks of material misstatement & detection risk) which is risk that auditor expresses
inappropriate opinion when FS materially misstated, THUS, to assist in preventing this:
Read & Understand
1
Auditor’s perception of what is important to users – auditor can assume that users:
o Have reasonable knowledge of business, economic activities & accounting
o Understand that FS prepared, presented + audited to levels of materiality
o Recognise uncertainties inherent in measurement of amts based on estimates,
judgment + future events
o Make reasonable economic decisions
Determine the nature, timing & extent of RAPS (risk assessment procedures)
ID & assessing risks of material misstatement
Determine nature, timing & extent of further audit procedures
Amt(s) set by auditor at less than materiality for FS as a whole, to reduce to appropriately
low level probability that aggregate of uncorrected & undetected misstatements exceeds
materiality for FS as a whole.
Amt(s) set by auditor at less than materiality level(s) for particular classes of txs, account
balances or disclosures
Ensures that the aggregate of individually immaterial misstatements don’t cause FS to be
materially misstated.
Requirements
2
Prior year’s fin results & fin position (If entity prepared these, then use this!
UNLESS something significant changed in operations.)
Period-to-date/current year’s fin results & fin position
Budgets & forecasts for current period (adjusted for relevant changes of
conditions in industry/economic environment)
Income or Asset figures used?
Revision
Overall materiality & performance materiality should be revised in event auditor becomes
aware of info that would’ve caused him to determine a different amt initially.
RESPONSE TO ASSESSED
RISKS
THEORY
Auditor design & implement overall responses to address assessed RoMM @ FS level
2. Nature, Timing & Extent Of Planned Further Audit Procedures @ Assertion Level
Definitions:
- Substantive procedures: audit procedure designed to detect material
misstatements @ assertion level, comprises of:
o Tests of details (of classes of transactions, account balances &
disclosures)
o Substantive analytical procedures
- Tests of controls: audit procedure designed to evaluate operating effectiveness
of controls in preventing/ detecting & correcting material misstatements @
assertion level
1
- Nature: purpose (tests of controls/ substantive procedure) & type
(inspection, observation, inquiry, confirmation, recalculation, re-
performance, or analytical procedure)
- Timing: when it is performed or period/ date to which audit evidence applies (if
high risk
perform nearer to end)
- Extent: quantity to be performed (e.g.: sample size or no. of observations) (
o determined after considering materiality, assessed risk, degree of
assurance auditor wants
o increases as RoMM increases
Auditor design & perform further audit procedures – nature, timing & extent based on
& are responsive to assessed RoMM @ assertion level
Test of controls
2
o How controls were applied
o Consistency with which they were applied
o By whom/ by what means they were applied
o to be tested depend upon other controls
- Purpose of test influences type of procedure required to obtain audit
evidence about operating effectiveness of control
- Inherent consistency of IT processing not necessary to increase extent of
testing automated control (automated control can be expected to function
consistently unless the program is changed)
3
Controls over significant risks
- If going to rely on controls over risk that is significant risk test those
controls in current period
Substantive Procedures
- Auditor design & perform substantive procedures for each material class of
transactions, account balance & disclosure (based on auditor’s judgement
subjective)
- Auditor consider whether external confirmation procedures are to be
performed
o Bank balances
o Accounts receivable balances & terms
o Inventories held by 3rd parties @ bonded warehouses for
processing or on consignment
o Property title deeds held by lawyers/ financiers for safe custody or as
security
o Amounts due to lender (incl. relevant terms of repayment)
o Accounts payable balances & terms
4
Substantive procedures responsive to significant risks
That provide reasonable basis for extending audit conclusion from interim
date to period end
- If misstatements that auditor did not expect are detected @ interim date
evaluate whether related assessment of risk & planned nature, timing & extent
of substantive procedures covering remaining period need to be modified
Documentation
5
- If auditor plans to use audit evidence about operating effectiveness of controls
obtained in previous audits incl. in doc. the conclusions reached about relying
on such controls
- Doc. shall demonstrate that FS agree/ reconcile with underlying accounting
records
Auditor discuss matter with management, if management does not provide sufficient
info that supports entity’s compliance auditor must consider need to obtain legal advice
Overall Responses
- Assign & supervise personnel taking account of knowledge, skill & ability of
individuals
given significant engagement responsibilities
- Evaluate selection & application of accounting policies by entity
- Incorporate element of unpredictability in selection of nature, timing & extent
of audit procedures
Auditor design & perform further audit procedures responsive to assessed RoMM due to
fraud @ assertion level
6
- Test appropriateness of journal entries recorded in GL & other adjustments
made in preparation of FS
- Review accounting estimates for biases evaluate judgements & decisions
made by management in making accounting estimates
- Significant transactions that are outside normal course of business
evaluate whether business rationale of the transaction suggests that they may
have been entered into to engage in fraudulent fin. reporting/ conceal
misappropriation of assets
PRACTICAL
- Inherent risk: start @ low there is a low risk that FS are materially misstated
due to fraud/ error/ going concern principle/ non-compliance to laws &
regulations as you identify risk, you increase the risk
- Control risk: start @ high there is a high risk that the entity does not have
controls/ controls did not operate effectively as you identify controls, you
decrease the risk
- If inherent risk is high & control risk is high then detection risk must be low to =
acceptable audit risk to get this @ FS level:
o Emphasise – maintain professional scepticism
o Assign more experienced staff/ with special skills/ experts
o Provide more supervision
o Incorporate elements of unpredictability in selection of procedures
o Make general changes to nature, timing & extent of audit procedures
Increase sample sizes
Decrease materiality levels
Perform more procedures @ year end & thereafter as opposed to
during the year @ interim date
o More corroborating evidence on explanations & less reliance on
management representation
o Evaluate selection & application of accounting policies
o When control environment not effective:
7
More procedures @ year end
More extensive evidence from substantive procedures
Increase number of locations to visit
- Response @ assertion level:
o Risk assessment per assertion per line item (NB must make a direct
link btwn assessed risk for line item & response)
Inherent risk recording & accounting standards
Control risk internal control & control activities
o NATURE: explain why you chose specific approach → combined
approach or substantive approach
Refer to PURPOSE (TOC/ SP) & TYPE (Inspection,
observation, enquiry, confirmation, recalculation, re-
performance, analytical procedure)
o EXTENT
Refer to QUANTITY (sample sizes & no. of tests)
More reliance = more controls present = more testing for
effectiveness
o TIMING
Refer to WHEN to perform procedures & PERIOD/ DATE
under audit review
Interim/ just before year end/ @ year end/ after year end/ entire
period/ specific date
8
RISK ASSESSMENT
THEORY
1. TERMINOLOGY
Assurance Engagement:
Audit Risk:
Risk that auditor expresses inappropriate audit opinion when FS are mat. misstated
Function of risks of mat. misstatement (ROMM) & detection risk
Assessment of risk is based on audit procedures & evidence obtained
Detection Risk:
Risk that procedures performed to reduce audit risk to acceptably low level won’t
detect a misstatement that exists that could be material (individually or when
aggregated with others)
Level of detection risk bears inverse relationship to ROMM i.e. the greater ROMM,
the less detection risk that can be accepted :. more persuasive audit evidence is
required
Can only be reduced, not eliminated
Relates to effectiveness of audit procedures – the following enhance effectiveness:
o adequate planning
o proper assignment of personnel to engagement team
o application of professional skepticism
o supervision + review of audit work performed
1
o Overall FS level: ROMM that relates pervasively to FS as a whole + potentially
affects many assertions
o Assertion level: assessed to det. nature, timing & extent of further audit
procedures necessary to obtain sufficient appropriate audit evidence
Assertions:
Business Risk:
Auditor cannot reduce audit risk to zero :. can’t obtain absolute assurance that FS free
from mat. misstatement due to fraud/error
Unavoidable risk that some mat. misstatements won’t be detected, even though audit is
properly planned & performed in accordance with ISAs
Inherent limitations arise from:
o Nature of fin rep.
o Nature of audit procedures
o Need for audit to be conducted within reasonable period of time at reasonable cost
2. SIGNIFICANT RISK
An identified & assessed ROMM that, in auditor’s judgment, requires special audit consideration
Would require more persuasive audit evidence :. more work
3. MATERIAL
Definition:
A factor is considered material if it might influence the decisions of intended users of FS.
2
Materiality is relevant when determining nature, timing & extent of evidence-gathering proced.
Quantitative & qualitative factors influence materiality e.g. interests of intended users
Auditor wants
this as low as
possible!
Reduce DR by:
o Increase quantity of procedures & no. of items that should be tested
3
6. REQUIREMENTS FOR Risk Assessment Procedurces (RAPS) & RELATED ACTIVITIES
Auditor performs RAPs (General Analytical Proced.) to ID + assess ROMM at FS & Assertion Level:
o Info obtained from RAPs may be used by auditor as audit evidence to support
assessments of ROMM
RAPs include:
1. Inquiries of:
Management
Individuals within Internal Audit Function (with appropriate knowledge, experience + authority)
o Internal Audit (IA) may have findings based on their work e.g. control deficiencies or
risks in entity
o Matters that IA raised with those charged with gov. + outcomes of function’s
own risk assessment process = relevant
Others who may have info likely to assist ID ROMM e.g.
o Those charged with gov. – assist to understand environment in which FS prepared
o Employees who initiate, process/record complex or unusual txs – assist evaluation of acc.
policies
o In-house legal counsel – provide info such as compliance with laws + reg.
o Marketing/sales personnel – info about sales trends, changes to marketing strategies
o Risk management function – info about risks that affect fin reporting
2. Analytical procedures
4
o Prior engagements performed for client
by determining whether or not info is still relevant (have significant changes occurred?)
Engagement partner + engagement team members shall discuss susceptibility of FS to mat. misst.:
o Provides opp. for more experienced team members to share insights
o Allows for exchange of info about bus. risks + where FS might be susceptible to mat. misst.
o Assist team members to gain better understanding of potential for mat. misst.
FS Level:
Assertion Level:
Directly assists in det. nature, timing + extent of further audit procedures necessary
3 Categories of Assertions: Tx (OCACC); Account Bal (CREV); Disclosure (OCCA)
Relate (directly or indirectly) controls to specific assertions
5
Whether risk involves sig. txs outside normal course of business
o If so, auditor obtain understanding of controls related to that risk:
Review of assumptions by snr management
Documented processes for estimations
Approval by those charged with gov.
Risks for which Substantive Procedures alone Don’t provide Sufficient Appropriate Audit Evidence:
o Sometimes not possible to obtain sufficient appropriate evidence from
substantive procedures (fieldwork – more detailed) only :. obtain understanding
of entity’s controls
o May relate to inaccurate/incomplete recording of routine + significant classes of txs
(highly automated) e.g. revenue, purchases, cash receipts, cash pmts
6
APPLICATION
Respond
1. Financial Statement Level
2. Effect:
3. Explanation
2. Assertion Level
2. Effect: assertion
Tx: OCACC
Account Balance: CREV
3. Explanatio
n
Note:
7
Possible Questions:
o RoMM (no detection risk) at either FS level or Assertion level or both
o Audit Risk :. determine risk state @ end of answer
Remember positives & negatives! :. Increase & Decrease Risk!
Detection Risk:
Exam Technique
PAGE 1 – Fraud
PAGE 2 – Error
8
2. Assertion Level → just mention disclosure being incomplete or not in accordance with std
1. Line Item Being Assessed e.g. Inventory
Note:
Revenue
9
ANALYTICAL PROCEDURES
4.1 Background to use of Analytical Procedures as Substantive Procedures &
Auditor’s Objectives
a. SCOPE
b. OBJECTIVES
c. DEFINITION
Relationships:
o Among elements of fin info expected to conform to predictable pattern
o Between fin info & relevant non-fin info
1
4.2 Requirements for Auditor’s use of APs as SPs
a. SUBSTANTIVE ANALYTICAL PROCEDURES
1. Det. suitability of APs for given assertions (taking account of assessed RoMM & TODs)
2. Evaluate reliability of data from which auditor’s expectation of recorded amts/ratios are
developed (taking account of source, comparability and nature & relevance of info +
controls over prep)
3. Develop expectation of recorded amts/ratios + evaluate whether expectation is sufficiently
precise to ID misstatement
4. Det. amt of any diff. of recorded amts from expected values that is acceptable w/o
further investigation
Auditor can enquire of management ito avail. + reliability of info needed to apply SAPs →
may be effective to use analytical data prepared by Management, provided properly
prepared
SAPs generally more applicable to large volumes of txs that tend to be predictable over
time
Based on expectation that relationships among data exist
Suitability depends on auditor’s assessment of how effective will be in detecting
misstatement
Widely recognised trade ratios can often be used effectively
Different types of APs provide different levels of assurance
Determination of suitability influenced by nature of assertion & auditor’s assessment of
RoMM
2. Reliability of Data
If APs ID:
o fluctuations
o relationships inconsistent with other info
o relationships that differ from expected values by a
3
AUDIT FIELDWORK
S/O 2: TESTS OF CONTROLS & SUBSTANTIVE PROCEDURES IN THE
BUSINESS CYCLES
Substantive Procedure:
Test of Controls:
Auditor shall design & perform TOCs to obtain sufficient & appropriate audit evidence ito
operating effectiveness of relevant controls if:
o Perform other audit procedures in combination with inquiry to obtain audit evidence
about operating effectiveness, incl.:
How controls applied
Consistency of application
1
By whom/by what means applied
o Determine whether controls depend upon other controls
o Obtain audit evidence about significant changes to controls subseq. to interim period
o Det. additional audit evidence to be obtained for remaining period
In determining whether appropriate to use audit evidence obtained in prev. audits, auditor
considers:
If auditor plans to use audit evidence from previous audit, must obtain audit evidence about
whether signific. changes in controls have occurred subseq. to previous audit :. inquiry +
observation/inspection to confirm understanding of controls AND:
o If changes occurred, auditor must test the controls in the current audit
o If no changes, auditor must test the controls at least once in every third audit
If plans to rely on controls over a risk considered significant → test controls in current audit
2
6. Evaluating the Operating Effectiveness of Controls
If deviations from controls (on which auditor plans to rely) are detected, auditor shall make
inquiries & determine whether:
Irrespective of assessed RoMM, auditor shall design & perform substantive procedures for
each
material class of txs, account balance & disclosure.
If risk considered significant, auditor perform SPs specifically responsive to that risk.
3. Timing of SPs
3
d. REVENUE & RECEIPTS CYCLE
Acquisitions = co. only acquires goods which it needs & goods are of necessary
quality & price; Payments = only goods validly ordered & received are paid for
Expenditure must:
o Relate to the business
4
o Be authorized before incurred
o Paid for at the correct amt (pmt authorized)
Risks:
o Understating trade payables
o Understating creditors balance
o Purchase Orders can be made out & placed without authority
o No indep. recon of EFT pmts
Fraud:
o Fraudulent Financial Reporting
Understatement of trade creditors (test for completeness)
Manipulation of “cut-off” (account for purch. after YE incl. inventory in current yr)
Fraudulently increase purchases
o Misappropriation of Assets
Order good for personal use & have co. pay
Make fictitious pmts to creditors
Claim VAT to which not entitled
Accepting bribes from suppliers as inducement to purch. goods from that
supplier
Theft of goods @ receiving stage
5
Fraud:
o Fraudulent Financial Reporting
Inclusion of fictitious inventory (existence)
Understatement of write-downs of inventory (valuation)
Exclude inventory which should be incl. / overstate inventory write-
downs (existence & valuation) – directors want co. to look less
valuable
o Misappropriation of Assets
Theft of goods – depends on
Nature of goods (easier to steal small items)
Physical control over inventory
Division of duties (record keeping & custody)
Frequency of inventory counts
Controls in other cycles affecting inventory cycle
RoMM in salaries & wages accounts not normally regarded as high because:
o Management strongly control conscious
o External parties directly “interested” in cycle are present – SARS
o Payroll software processes accurately & contains programme controls
Material misstatement could arise due to:
o Including fictitious employees (occurrence) – usually perpetrated by employees
themselves
o Illegal employment practices – employing illegal aliens, paying wages below minimum
wage
Disclosure of directors & prescribed officers’ remuneration = incomplete or inaccurate
Assertions:
o Occurrence: salary & wage totals only include non-fictitious employees
o Completeness: all salaries & wages paid included in account balance
o Accuracy, Cut-off & Classification: recorded appropriately in correct period & correct
a/cs
Objective → example: ensure credit sale only made to customer who will pay
o Investigate creditworthiness
o Sales orders approved by credit controller
o Approval could be automated
o If controls are effective – reduces risk that trade receivables overstated :.
reduce risk of fictitious sales
6
Timing → gain evidence that controls operating effectively throughout the fin yr under audit
o TOCs carried out @ diff stages during interim visits
o Auditor relies on audit trail for tx
o Enquiry:
Despatch clerk – what happens if goods tsfred from W/H to dispatch w/o picking
slip
Invoicing clerk – procedures followed to ensure all despatches/deliveries
result in invoices
Credit manager – what use he makes of daily reports
Financial accountant – whether/how sales to related parties identified
o Observation
Observe despatch clerk counting & checking goods against picking slip
Observe procedures undertaken at counter when cash sale made
Observe gate control personnel checking goods leaving the premises
7
b. ACQUISITIONS & PAYMENTS CYCLE
Objective → example: ensure purchases made only for company + all goods ordered
received/only goods ordered & received are paid for
o No goods purchased w/o official purch requisition – signed by W/H manager
o Official purch order prepared by order clerk & approved by snr buyer
o Checking of goods by receiving clerks
o Complete GRN
Timing→ gain evidence that controls operating effectively throughout the fin yr under audit
o TOCs carried out @ diff stages during interim visits
o Auditor relies on audit trail for tx
8
authorized docs to record inventory movement
stores layout
Of records controlling inventory movement e.g.
inspecting sample of requisitions & material issue notes for
authorizing signatures & cross referencing to job cards
inspecting sample of inventory movements per perpetual inv.
records to “tsfrs to FG notes”
o Enquiry: of production & warehousing as to procedures actually performed
o Recalculation: of calculations on production schedules, performance reports & other
costing records
APPLICATION
STEPS:
o Use CONTROL ACTIVITIES to determine controls – will this affect the FS? [KEY
CONTROLS]
o Formulate the TOCs (table below)
Recalculate
Re-perform → agree/
compare
docs
* Have a document –
inspect + re-perform
* No document – observe +
enquire
9
ACCESS: 3 available points if “only authorized personnel have access/access restricted”
o Observe whether authorized personnel have access
o Enquire who authorized personnel are
o Re-perform gaining access to test if unauthorized personnel don’t have access
“Formulate the TOCs you would perform to establish the operating effectiveness of controls
relevant to the audit, as set out in information contained under Annexure B PURCHASE
ORDER SYSTEM & SUPPLIER MASTERFILE AMENDMENTS”
Note: 1.5 marks for each TOC (MAX 2 TOCs per control)
If asked for “Strongest” TOCs → use “Green Level” of reliability :. Re-
perform/Recalculate/Inspect
EASY MARKS:
10
BACKGROUND TO AUDIT
FIELDWORK
1.1 Introduction
FRAMEWORK
- Practitioner plan & perform assurance engage. with attitude of professional skepticism to
obtain sufficient appropriate evidence about whether subject matter info is free of
material misstatement
- Practitioner considers materiality, assurance engage. risk, & quantity & quality of
available evidence when planning & performing the engage. & determining nature,
timing & extent of evidence-gathering procedures
ISA 200
- Auditor has to obtain reasonable assurance to obtain this he must obtain sufficient
appropriate audit evidence to reduce audit risk to an acceptably low level & enable
auditor to draw reasonable conclusions on which to base his opinion
- Audit evidence
o Cumulative in nature & primarily obtained from audit procedures performed
during course of audit
o May incl. info obtained from prev. audits or from firm’s quality control procedures
o Entity’s accounting records are NB source of audit evidence
o Incl. info prepared by an expert
o Comprises of info that supports & corroborates management’s assertions, &
info that contradicts such assertions
o Absence of info constitutes audit evidence
- Sufficiency: quantity of audit evidence
o Affected by auditor’s assessment of risks of misstatement & by quality thereof
- Appropriateness: quality of audit evidence
o Affected by relevance & reliability
o Reliability is influenced by its source & nature
- Whether sufficient appropriate audit evidence has been obtained is matter of prof.
judgment
1
ISA 500
- Objective of auditor design & perform audit procedures in such a way to enable
auditor to obtain sufficient appropriate audit evidence to be able to draw reasonable
conclusions on which to base auditor’s opinion
- Audit procedures: Inquiry, Inspection, observation, confirmation, recalculation, re-
performance & analytical procedures (often performed in combination)
- Definitions:
o Accounting records: records of initial accounting entries & supporting records;
general & subsidiary ledgers; worksheets & spreadsheets, etc.
o Appropriateness: (defined above)
o Audit evidence: info used in arriving at conclusions on which auditor’s opinion is
based
o Management’s expert: individual/ organisation possessing expertise in field
other than accounting/ auditing, whose work in that field is used by the entity to
assist the entity in preparing the financial statements
o Sufficiency: (defined above)
- Auditor is required to design & perform audit procedures that are appropriate
in the circumstances for the purpose of obtaining sufficient appropriate audit
evidence
1.2 Sources
- Audit evidence is obtained by performing audit procedures to test accounting records
- More assurance is obtained from consistent audit evidence obtained from different
sources/ of a different nature (corroborating evidence from different sources will
increase the assurance, whereas inconsistent evidence will result in additional evidence-
gathering procedures to resolve inconsistency)
- Info from sources independent of entity – confirmations from 3rd parties, analysts’
reports, etc.
2
- When designing & performing audit procedures, auditor must consider the
relevance & reliability of info to be used as audit evidence
- Practitioner must consider reliability of evidence used e.g.: photocopies, facsimiles,
filmed, digitised or other electronic documents (incl. consideration of controls over their
preparation & maintenance)
- Reliability is influenced by its:
o Source
o Nature
o And is dependent on the individual circumstances under which it is
obtained. I.e. evidence is more reliable when:
It is obtained from independent sources outside entity
The controls surrounding internally generated evidence are effective
It is obtained directly by practitioner
It exists in documentary form (paper, electronic, or other media)
It is provided by original documents (instead of photocopies/ facsimiles)
- When using info produced by entity auditor evaluate whether info sufficiently
reliable for auditor’s purposes, incl.:
o Obtaining audit evidence about accuracy & completeness of such info and
o Evaluating whether info is sufficiently precise & detailed for auditor’s purposes
- Relevance
o Is the logical connection with the purpose of the audit procedure &
assertion under consideration
o Affected by direction of testing (i.e. if testing for overstatement in valuation of
accounts payable testing from unpaid invoices & supplier’s statements is
relevant)
o Tests of controls: evaluate operating effectiveness of controls in preventing, or
detecting & correcting, material misstatements @ assertion level identify
conditions that indicate performance of a control – the presence or absence of
those conditions can be tested
o Substantive procedures: to detect material misstatements @ assertion level,
comprise of tests of details & substantive analytical procedures
3
o Evaluate the appropriateness of the expert’s work as audit evidence for
the relevant assertion (relevance & reasonability of expert’s findings,
consistency with other audit evidence)
Obtained by performing:
5
b. SELECTING ITEMS FOR TESTING TO OBTAIN AUDIT EVIDENCE
An effective test provides appropriate audit evidence, sufficient for auditor’s purposes. In
selecting items for testing, auditor is required to det. relevance & reliability of info to be
used. The means available for selecting items are:
100% examination unlikely in case of TOCs (more common for tests of details)
100% examination appropriate when:
o population constitutes small no. of large value items
o there is a significant risk
o repetitive nature of calculation or other process performed automatically makes
100% exam cost effective
Audit Sampling
6
Objectives to evaluate whether sufficient & appropriate audit evidence has been obtained
Auditor needs to use objectives to evaluate whether sufficient & appropriate audit
evidence obtained
If concludes that it’s not sufficient & appropriate, follow 1+ of the following approaches:
o Evaluate whether further relevant audit evidence has been / will be obtained
o Extend work performed
o Perform other procedures auditor deems necessary
Work of less experienced team members must be reviewed by more experienced team
members
Review consists of consideration whether:
o Work in accordance with professional stds & applicable legal + regulatory req
o Significant matters raised for further consideration
o Appropriate consultations taken place
o Need to revise nature, timing & extent of work
o Work performed supports conclusions
o Evidence obtained is sufficient & appropriate
o Objectives achieved
If:
e.g. when responses to enquiries of management, internal auditors & others are inconsistent
Such risks may relate to inaccurate/incomplete recording of routine & significant classes of
txs or acc balances (highly automated) → entity’s controls over such risks are relevant :.
auditor obtain understanding of these controls
7
GOING CONCERN
1.3: Going Concern
ISA 570 (revised)
1. G.C. ASSUMPTION
- Entity is G.C. & will continue to operate for foreseeable future
- Management does not intend to liquidate/ cease operations/ have no alternative
but to liquidate (i.e. insolvent)
o Factual (technical) insolvency (net loss = total liabilities> total assets)
o Commercial insolvency (net current liability = CL > CA)
o Consider reportable irregularity (Sec 45 of APA)
o Consider reckless trading (Sec 22 Co. Act)
- Assets & liabilities are recorded on basis that entity will be able to realise its
assets & discharge its liabilities in normal course of business
2. RESPONSIBILITIES OF MANAGEMENT
- IAS 1 has explicit requirement for management to make a specific assessment
of entity’s ability to continue as G.C.
- Matters to be considered & disclosures to be made
- Judgement (at particular point in time) about inherent uncertainty of future
outcomes of events/ condition
o Degree of uncertainty further into future an event/ condition/ outcome
occurs
o Size & complexity of entity, nature of it business & degree to which it is
influenced by external factors
o Judgement is based on info available at that point in time
subsequent events may result in outcomes that are inconsistent with
judgment made
3. RESPONSIBILITIES OF AUDITOR
- Obtain sufficient approp. audit evidence regarding, & to conclude on,
appropriateness of management’s use of G.C. basis
- Conclude whether material uncertainty exists i.r.o entity’s ability to continue as G.C.
- ISA 200 – inherent limitations in auditors ability to detect material misstatements
auditor’s conclusion is not a guarantee as to entity’s ability to continue as G.C.
4. AUDITOR’S OBJECTIVES
- Obtain sufficient approp. audit evidence regarding, & to conclude on,
appropriateness of management’s use of G.C. basis
- Conclude whether material misstatement exists that may cast significant doubt
on entity’s ability to continue as a G.C.
1
- To report in accordance with this ISA
2
Evaluate reliability of underlying data to prepare forecast
Is there adequate support for assumptions underlying forecast?
o Consider additional facts / info that have become available since date
of man. assessment
o Request written representations from man. regarding plans for future
actions & feasibility of these plans
9. AUDIT CONCLUSIONS
- Evaluate whether sufficient approp. audit evidence has been obtained & conclude
on
appropriateness of management’s use of G.C. basis
- Conclude whether material uncertainty exists related to events/ conditions that may
cast
doubt on entity’s ability to continue as G.C.
o Material uncertainty exists when magnitude of it potential impact &
likelihood of occurrence approp. disclosure of nature & implications of
uncertainty is necessary to achieve fair presentation/ for F.S. to not be
misleading
3
o Adequacy of related disclosures in F.S.
o Implications for auditor’s report
4
SUBSEQUENT EVENTS
1.2 Subsequent Events → ISA 560
M = Management
TCWG = Those
Charged with
Governance
a. Introduction FS = Financial
Statements ir/to = in
FS may be affected by events that occur after date of FS – 2
types: respect/terms of Tx =
transaction
b. Objectives
To obtain sufficient appropriate audit evidence about whether events occurring between
date of FS & auditor’s report require adjustment/disclosure in FS
Respond appropriately to facts that become known to auditor after date of auditor’s report
c. Definitions
1
d. Requirements
Auditor perform audit procedures to obtain sufficient & appropriate audit evidence that all
subsequent events that require adjustment/disclosure identified
o Review/test accounting records/txs
o If acc records not up to date/no interim FS or minutes → audit procedures to be
undertaken
= inspection of books/records/bank statements
Perform procedures so that they cover period from date of FS to date of auditor’s report
→ take into account risk assessment when det. nature & extent of procedures incl.:
o Obtain understanding of procedures management has to ID subsequent events
o Inquire from M & TCWG whether subsequent events have occurred e.g. new
commitments, borrowings, sales or acquisitions, increases in capital or issue of debt
instruments, assets destroyed, events that will affect going concern, events relevant
to measurement of estimates/provisions etc.
o Read minutes of meetings held after date of FS
o Read latest subseq. interim FS
o Read latest budgets, CF forecasts & other management reports for periods after FS
o Inquire of entity’s legal counsel about litigations
If auditor ID events that require adjustment/disclosure – determine whether
appropriately reflected in FS
Auditor request M provide written representation that all events subsequent to date of FS
requiring FS to be adjusted or disclosed have been adjusted/disclosed
2. Facts which become known to Auditor after date of Auditor’s Report but before date FS
are issued
After FS issued, auditor has no obligation to perform any audit procedures iro FS
If after FS issued, fact becomes known that would’ve caused auditor to amend auditor’s
report, auditor shall:
o Discuss matter with M
o Det. whether FS need amendment
o Inquire how M intends to address matter in FS
3
If M does not amend and does not take necessary steps to ensure anyone in receipt
of previously issued FS is informed of situation, auditor shall:
o Notify M that auditor will seek to prevent future reliance on auditor’s report
e. Practical Application
1. When on timeline did the event occur? e.g. before/after issue of audit opinion
2. Will the auditor still be able to modify the audit report if necessary? Only if not yet issued
5. Is there an obligation to perform procedures? If after audit report or FS issued then no obligation
Material:
o In quality or in quantity?
o Factual, judgmental or projected?
7. Non Adjusting: What do I have to disclose? :. unmodified but “emphasis of matter” paragraph
4
SUBSTANTIVE
PROCEDURES BALANCES
3.2 Substantive Tests of Detail & Analytical Procedures on Balances
C R E V
1. Inventory
1. Inventory Count → Existence, Completeness & Valuation + Allocation
Perform analytical procedures on the inventory balance (maximum 2), for example:
o Compare this year’s inventory balance with last year’s inventory balance;
o Compare the % increase/decrease in the inventory balance for the current year to
the % increase/decrease in the inventory balance for the previous year;
o And obtain corroborating evidence for any differences.
Agree the opening balance of inventory in the inventory account in the general ledger to
the closing balance of inventory on last year’s audited financial statements.
Inspect the statement of financial position and confirm that inventory is a separate line item
and a separate note to the financial statements in accordance with IAS 2.
1
Resolve discrepancies in test counts before conclusion of the count by recounting with the
client’s staff and confirming that amendments are made to the inventory sheets if
necessary.
Inspect the list of GRNs to ensure that all have been matched to suppliers invoices for
completeness.
Recalculate the balance of the inventory account in the general ledger to address
the valuation and allocation of inventory at .
Recalculate the total of the inventory masterfile to address the valuation and allocation of
inventory.
Compare the balance of the inventory account in the general ledger to the balance of the
inventory masterfile to address the valuation and allocation of inventory at .
Compare balance of the inventory account in the general ledger to the balance on the
trial balance and to the balance in the statement of financial position to address the
valuation and allocation of inventory.
Select a sample of inventory items per the inventory masterfile and recalculate the values of
the inventory items (quantity x price) to address the valuation and allocation of inventory at
.
Select a sample of inventory items per the inventory masterfile and trace to the inventory
cost schedules that contains the calculations done to calculate the weighted average cost of
inventory items.
Inspect the corresponding supplier invoices for the transactions’ prices and quantities to
determine whether the correct purchase prices and quantities have been used in
calculating the cost in terms of the weighted average costing used to address the valuation
and allocation of inventory.
To ensure the valuation of imported inventory purchases select a sample of imported items
from the inventory masterfile and:
o Obtain the correct exchange rate from the bank or another financial institution and
compare it to the exchange rate used to convert the foreign currency;
o Obtain the relevant supplier invoices/shipping contracts and costing schedules and
recalculate the unit cost calculation;
2
o Inspect the costing schedule to ensure that the appropriate costs e.g. import duties,
et cetera, were included.
Recalculate the inventory weighted average cost on the selected inventory cost schedules
to address the valuation and allocation of inventory.
Compare the recalculated weighted average cost per the inventory cost schedule to the
weighted average cost for the specific inventory item on the inventory masterfile to address
the valuation and allocation of inventory.
Compare the quantities of the items verified during the inventory count to the quantities on
the masterfile to address the valuation and allocation of inventory.
Walk through the warehouse and identify inventory that is obsolete or damaged or appears
to be slow moving and record it in a working paper to ensure the correct valuation and
allocation of inventory.
Walk through the warehouse and observe that stock items are not double counted to
ensure that the stock is counted correctly (valuation and allocation).
Write Downs: Verify the cost of inventory against relevant supplier invoice & the NRV
against the selling price of inventory to confirm that inventory is carried at the lower of cost &
NRV.
Inspect loan agreements and bank confirmations to determine whether inventory has
been ceded or encumbered in any way to ensure the client has the right to the inventory.
3
Completeness
Select a sample of inventory items in the warehouse, count these and agree the counts to
the inventory sheets to ensure the completeness of the inventory.
Through enquiry from management and inspection of the inventory sheets determine
whether there is any inventory that is not on the client’s premises (consignment stock), but
that should be included in the client’s inventory balance to ensure the completeness of
inventory.
Obtain the last invoice number for the year for cut-off purposes (existence/completeness).
Walk through the warehouse and observe that the counters are allocated throughout the
warehouse to ensure that all the stock in the warehouse is counted (completeness).
Existence
Select a sample of inventory items listed on the inventory sheets and follow these through
to the physical inventory in the warehouse to ensure the existence of inventory.
Through enquiry from the inventory counters and inspection of the inventory sheets,
determine which inventory should not be included in the client’s inventory balance
(consignment stock) to ensure the existence of (or right to) inventory.
2. Trade Debtors/Receivables
General
Scrutinise the debtors’ general ledger accounts for any unusual entries and follow up by
enquiring with management about unusual entries.
Perform analytical procedures on the debtors balance (maximum 2), for example:
o Compare this year’s debtors balance with last year’s debtors balance;
4
o Compare the % increase in the debtors balance to the % increase in the sales
total for the year;
o Compare the debtors’ age analysis of the current period to that of the previous
period;
o Compare the debtors payment days of the current period to that of the previous
period; and
o Follow up on any discrepancies through enquiry with management and by
obtaining corroborative evidence.
Agree the opening balance of debtors to the debtor’s closing balance on last year’s audited
financial statements.
Review the financial statements to ensure that accounts receivable and revenue is properly
disclosed in terms of IFRS.
Recalculate the balances of the debtors’ general ledger accounts to address the
valuation and allocation of debtors.
Add the debtors’ balances as per the general ledger and compare this balance to the
debtors balance on the trial balance and on the statement of financial position to address
the valuation and allocation of debtors.
Obtain a list from management comprising of the outstanding debtors amounts as well as
an age analysis.
Select a sample of debtors on the debtors’ age analysis and trace it to the applicable
invoices. Inspect the dates on the invoices to ensure it is recorded in the correct time period
in the age analysis.
Compare the total of the list of outstanding debtors to the amount in the debtors control
account in the general ledger and the trail balance.
Select a sample of individual debtors on the list of the outstanding debtors’ amounts and
trace it to the individual debtors’ amount in the debtors’ ledger.
Obtain the reconciliation of the accounts receivable sub-ledger and accounts receivable
control account. Review the reconciliation of the accounts receivable control account to the
debtor sub ledger and follow up unusual reconciling items.
5
Rights and Obligations
Inspect loan agreements and bank confirmations to determine whether debtors have been
factored, ceded or encumbered in any way to ensure the client has the right to the debtors.
Existence
Perform tests of detail on all differences identified by the positive confirmation letters by
inspecting the relevant source documents.
Select a sample of individual debtors and perform the following subsequent receipts
testing:
o Select samples of payments received after year-end from the selected debtors in the
cash receipt journal and trace the payments to the debtor’s remittance advices to
identify which invoices the payments is in respect of.
o Inspect these invoices and confirm that they are dated prior to the year-end and
that they were included at year-end in the debtor’s ledger.
o Trace these payments to the debtors’ invoice and matching delivery note to identify
which invoices the payments relate to (prior to year-end) to ensure the debtors did
exist.
Completeness
Completeness will be addressed with the positive external confirmation letters and the
subsequent receipt testing.
Review receipts on a sample basis before and after year-end and ensure that receipts
are properly allocated against specific accounts receivable.
6
Presentation and Disclosure
Inspect the statement of financial position and confirm that the trade receivables are a
separate line item as part of the current assets.
Inspect the statement of financial position and confirm that any encumbrances on debtors
have been disclosed.
Assumptions
Inspect the minutes of directors meetings for the authorisation from the board of directors
for the provision for doubtful debts.
Compare the assumption to provide for all outstanding debts above days with others in
the industry.
Compare the provision for the current period with the actual bad debts that occurred in the
previous period and assess the reasonability of the provision.
Data
Compare the amount of the outstanding debtors, those above days, to the amount on
the debtors’ age analysis.
Trace a sample of debtors included in the above days debtors balance to the original
invoices and inspect the date on these invoices to ensure they are correctly classified as
days debtors.
Inspect any other sufficient and appropriate audit evidence to support the estimate for
example debtors’ correspondence files and legal files to identify disputed debtors who have
been handed over and inspect the schedule for inclusion of these specific debtors.
7
3. Bank & Cash
Road Map
GL Account
not reliable
TB
not reliable
Bank Statement
→ addressed to client
moderate
Bank Confirmation
→ addressed to auditor
reliable
Bank Recon
→ client performs
moderate
General
Analytical procedures:
o Current to prior year
o Current to budgeted
o Follow up on differences
Inspect disclosure:
o Cash and cash equivalents note in Financial statements
8
Compare opening balance of this year to closing balance of prior year.
9
AUDIT FIELDWORK
S/O 3: SUBSTANTIVE PROCEDURES IN
THE BUSINESS CYCLE
NATURE
TIMING
Performed @ or after YE
Due to audit deadline, auditor forced to carry out substantive testing at interim date :. “update”
work for YE by conducting tests on remaining period
EXTENT
Determined by:
o Assessed RoMM
o Results of Tests of Controls
The greater the RoMM & the less effective controls are → the greater the amt of substantive testing
Extent of testing reflected in sample sizes used
1
a. REVENUE & RECEIPTS → SALES
Note:
Sale shouldn’t be recognised until buyer has “approved the goods” (can no longer return)
Consignment stock not recognised as sale until agent has sold
Customer requests that client delay delivery, sale not recognised
Test transfers of amts from mthly sales jnls to Sales & VAT a/cs in GL
2
Completeness: all sales should’ve been recorded, have been recorded
Select random sample of dispatch notes (or ISOs) & follow them through to confirm that
give rise to an invoice
Analyse GP fluctuations
Compare current sales/debtors to prior periods
→ PURCHASES
Confirm mathematical accuracy of invoice by recalculating all extensions (Q x P), casts &
discounts
Agree Q of items on invoice against Q on GRN
Confirm prices & trade discounts on invoice using order/purchase contract
Recalculate VAT + confirm discounts taken into account prior to VAT calc.
Inspect dates on supplier DN, GRN & Invoice to confirm goods received during acc
period under audit
Test from document recording receipt of purchase to recording of purchase in books i.e.
select a random sample of GRNs & trace them to the corresp. invoices
3
→ PAYMENTS
Inspect dates on pmt, invoice & supporting docs to confirm fall within period under audit
4
c. PAYROLL & PERSONNEL
Analytical Procedures:
Comparisons:
o salaries: mth to mth by division, department or section
o wages: period to period by cost centre
o salaries & wages: to prior period
o deductions: mth to mth
Investigation of fluctuations
Inspect docs in personnel file (signed ‘ee contract, ID details etc.) & agree to payroll
Perform physical identification of ‘ee by visiting @ place of work during work hrs +
inspecting personal ID/staff ID tag
Enquire of snr personnel to confirm individuals are employed in their section
Inspect returns to outside entities for inclusion of ‘ees e.g. SARS
Use audit software to scan ‘ee Masterfile for “error conditions” e.g. duplicated/missing ID
no.s/tax reference no.s, duplicated bank a/cs or duplicated staff ‘ee no.s
5
Confirm that non-std deductions supported by approved docs
Test casts of payroll
Trace amts posted from payroll to GL
APPLICATION
STEPS:
1. Road Map → document flow from case study (once you’ve done this, you don’t need
to go back to the case study)
NB! Look out for documents that have been changed/merged e.g. using an ISO as a picking
slip etc.
Accounting entry
Documents
Journals, GL, TB, FS
Transaction → OCACC
2. Formulation
6
PROCEDURES
GENERAL
SALES
1. Accuracy
Obtain a sample of monthly sales journals and recast the journals to ensure
the revenue total is calculated accurately.
Agree the totals of the selected sample of sales journals to the totals recorded in the
sales account in the general ledger to ensure accuracy.
Recalculate the sales account in the general ledger to ensure accuracy.
Agree the of the sales account in the general ledger to the total in the trial balance
to the total in the financial statements to ensure that the revenue total is presented
accurately in the financial statements.
To ensure accuracy of revenue, select a sample of invoices from the sales
journals and perform the following:
o inspect the sales invoice for the quantity and compare the quantity to the
quantity on the corresponding ISO) to ensure the sale transaction is recorded
at the correct quantity
o inspect the sales invoice for the selling price and compare it to the price on
the printout of the online catalogue to ensure the sale transaction is recorded
at the correct price
o recalculate VAT on the sales invoice
o recalculate the castings on the sales invoice; and
o compare the total of the sales invoice to the entry in the sales journal.
7
2. Completeness
Select a sample of signed invoices and follow the sample through to the related
entry in the sales journal to ensure all revenue transactions that occurred have been
recorded.
Inspect the sales invoices recorded in the sales journal for any missing numbers
to ensure revenue transactions are complete.
3. Occurrence
Inspect the sales invoices recorded in the sales journal for any duplicate numbers
to ensure all revenue transactions occurred.
Select a sample of sales invoices that appear in the sales journal and inspect the
corresponding invoices for the client’s signature to ensure the recorded revenue are
for sales that actually occurred.
4. Cut-off
Select the last 20 invoices entered in the sales journal in the last month and
inspect the supporting signed invoice for the date to confirm that the goods were
actually delivered prior to year-end to ensure that it is recorded in the correct
accounting period.
Select the next 20 invoices entered in the sales journal in next month and inspect
the supporting signed invoice for the date to confirm that the goods were actually
delivered after year end to ensure that it is recorded in the correct accounting period.
PURCHASES
1. Completeness
Follow a sample of signed invoices through to the entry in the creditors journal to
ensure all purchase transactions were recorded.
Inspect the invoices that were recorded in the creditors journal for any missing
numbers to ensure that all purchases that occurred were recorded.
2. Occurrence
8
Inspect the invoices that were recorded in the creditors journal for any duplicate
numbers to ensure that all purchases recorded really occurred.
3. Cut-off
Select the last 20 transactions entered into the creditors journal of the company for
the year and inspect the dates on the invoices to ensure the goods were actually
received before year-end to ensure that purchases are recorded in the correct
accounting period.
Select the next 20 transactions recorded into the creditors journal of the company
and inspect the dates on the invoices to ensure the goods were actually received
after year-end to ensure that purchases are recorded in the correct accounting
period.
4. Classification
9
OPENING BALANCES
S/O 6: OPENING BALANCES
1. Auditor’s Objective
Obtain sufficient & appropriate audit evidence about whether opening balances:
o Free from material misstatements (affecting the current period); and
o Accounting policies are consistently applied + changes disclosed ito IAS 8
1. If 1st time performing this audit (previously by someone else) – review predecessor’s working
papers
2. If another auditor was previously used & they don’t have working papers – evaluate if
the audit procedures in the CY provide evidence relevant to the OB
3. If:
a. You have access to working papers & not happy with what was done ; or
b. Don’t have access to working papers;
1
4. Prior Period not Audited
Assess the risk of each Opening Balance
Consider the materiality of the Opening Balances
Obtain an understanding of the accounting policies & test for the correct application thereof
Agree the previous year’s Closing Balance to the current year’s opening balance
2
AUDIT FIELDWORK
MANAGEMENT
REPRESENTATION
1. Written representations as Audit Evidence
(a) Obtain written reps. from management that they believe they have fulfilled their
responsibility for preparation of F.S & for completeness of info given to auditor
(b) Support other audit evidence relevant to F.S. / specific assertions by means
of written rep.
(c) Respond appropriately to written reps. provided by management/ if
management does not provide the written reps. requested by auditor
3. Terminology
Written representation:
records Management:
1
4. Management from whom written representations requested
- Management with appropriate responsibilities for F.S. & knowledge of
matter concerned
- Those responsible for preparation of F.S.
- Management should have sufficient knowledge of process followed by entity
in preparing F.S. & assertions therein
- E.g.: CEO, CFO
- If qualifying language is used by management “to the best of its knowledge and
belief” it is reasonable for auditor to accept such wording
5. Matters
- Written rep. that management has fulfilled its responsibility for preparation of
F.S. in accordance with applicable fin. rep. framework & their fair presentation
- Date of written rep. as near as practicable to, but not after, the date of the auditor’s
report on F.S.
2
- If auditor has concerns about competence, integrity, ethical values or diligence
of management or about its commitment to these determine effect such
concerns may have on reliability of representations & audit evidence
- If written representations are inconsistent with other audit evidence perform
audit procedures to attempt to resolve the matter
- If written representations are not reliable take appropriate actions (revise risk
assessment & determine nature, timing & extent of further audit procedures)
3
MODIFICATIONS TO AUDIT
OPINION AND REPORT
1. BACKGROUND
a. ISA 705
b. ISA 706
a. 3 types
- Qualified opinion
- Adverse opinion
- Disclaimer of opinion
b. Depends on
- Nature of matter
- Auditor’s judgement about pervasiveness of effects of matter on F.S.
1
3. OBJECTIVES OF AUDITOR
a. ISA 705
b. ISA 706
- Draw users’ attention by way of clear additional comm. in auditor’s report, to:
o Matter presented/ disclosed in F.S. NB & fundamental to users’
understanding of
F.S (emphasis of matter paragraph)
o Other matter relevant to users’ understanding of audit/ auditor’s
responsibilities/ auditor’s report (other matter paragraph)
- Unmodified opinion, but modification to report
4. DEFINITIONS
a. ISA 705
b. ISA 706
2
o Unable to obtain sufficient approp. audit evidence to conclude that F.S. as a
whole are free from material misstatement
b. ISA 706
- When nec. to draw users’ attention to matter presented/ disclosed in F.S. incl.
Emphasis of Matter paragraph in auditor’s report
o Incl. with approp. heading “Emphasis of Matter”
o Incl. clear reference to matter & where relevant disclosures can be found in F.S.
o Indicate that auditor’s opinion in not modified i.r.o. matter emphasised
o Examples:
Uncertainty relating to future outcome of litigation/ regulatory action
Significant subsequent event occurs between date of F.S. & date of
auditor’s report;
Early application of new accounting standard
Major catastrophe that has had a significant effect on financial position
- When nec. to draw users’ attention to matter other than those presented/ disclosed
in F.S.
incl. Other Matter paragraph in auditor’s report
o Incl. with approp. heading “Other Matter”
o Examples:
Planning & scoping matters of audit
Explanation if unable to withdraw from audit
If another set of F.S has been prepared by the same entity in
accordance with another general purpose framework
If auditor’s report is intended solely for intended users & should
not be distributed or used by other parties
6. TYPE OF MODIFICATION
a. ISA 705
3
a. Qualified opinion
- Obtained sufficient approp. audit evidence misstatements are material
but NOT pervasive
- Unable to obtain sufficient approp. audit evidence undetected
misstatements could be material but not pervasive
b. Adverse opinion
- Obtained sufficient approp. audit evidence misstatements are
material & pervasive
c. Disclaimer of opinion
- Unable to obtain sufficient approp. audit evidence possible effects of
undetected misstatements could be both material & pervasive
d. Inability to obtain sufficient approp. audit evidence due to limitation
imposed by management
- Request management to remove limitation
- If man. refuses comm. With TCWG & determine whether it is possible to
perform alternative procedures to obtain sufficient approp. audit evidence
- If unable to obtain sufficient approp. audit evidence
o If effects of undetected misstatements material but not pervasive
qualify opinion
o If effects of undetected misstatements material & pervasive
withdraw from audit/ disclaim an opinion
a. Auditor’s opinion – use either of the following headings for opinion section
“Qualified opinion”: state “except for the effects of matter(s) described in
-
Basis for Qualified Opinion, the accompanying F.S. present fairly, in all
material respects […] in accordance with [IFRS]”
o If inability to obtain sufficient approp. audit evidence “except for
possible effects of the matter(s)…”
- “Adverse opinion”: state “because of significance of matter(s) described in
Basis for Adverse Opinion, the accompanying F.S. do not present fairly […]
in accordance with [IFRS]”
- “Disclaimer of opinion”: state
o Auditor does not express opinion on accompanying F.S.
o Because of significance of matter(s) described in Basis for
Disclaimer of Opinion, auditor has not been able to obtain
sufficient approp. audit evidence to provide a basis for an audit
opinion on the F.S.
o Amend paragraph which indicates that F.S. have been audited, to
state that the audit was engaged to audit the F.S.
b. Basis for opinion
- Amend the heading “Basis for Opinion” to “Basis for Qualified Opinion”/
“Basis for Adverse Opinion”/ “Basis for Disclaimer of Opinion” and
4
- Incl. description of matter giving rise to modification
- If material misstatement of specific amount incl. description &
quantification of financial effects of misstatement (unless impracticable)
- If material misstatement of narrative disclosures explanation of how
disclosures are misstated
- If material misstatement of non-disclosure discuss non-disclosure with
TCWG, describe in Basis for Opinion the nature of omitted info, and incl.
omitted disclosures
- If modification is due to inability to obtain sufficient approp. audit evidence
incl. reasons for that inability
- If disclaims an opinion do not incl. reference to auditor’s responsibilities,
& do not incl. statement about whether audit evidence obtained is sufficient
& approp.
c. Description of Auditor’s responsibilities
- If auditor disclaims an opinion due to inability to obtain sufficient
approp. audit evidence amend description of auditor’s responsibilities
to incl. only
o Statement that auditor’s responsibility is to conduct an audit of F.S. &
issue an auditor’s report
o Statement that because of matter(s) described in Basis for
Disclaimer of Opinion, auditor was not able to obtain sufficient
approp. audit evidence
o Statement about auditor independence & other ethical responsibilities
- If auditor disclaims an opinion report must not incl Key Audit Matters section
5
YES
6
b. Background (Read)
1. Framework
1
o After engagement accepted, criteria are unsuitable or subject matter not appropriate:
Qualified/adverse conclusion if matter likely to mislead intended users
Qualified conclusion/disclaimer of conclusion in other cases
2. ISA 200
Obtain reasonable assurance about whether FS as a whole free from Mat. Misstatement :.
enabling auditor to express an opinion on whether FS prepared in accordance with
applicable fin rep framework
When reasonable assurance can’t be obtained & qualified opinion is insufficient to report to
users – auditor must disclaim an opinion or withdraw.
3. ISA 700
Objectives of auditor:
o Form an opinion on FS based on evaluation of conclusions drawn from audit evidence
o Express clearly that opinion through a written report
Unmodified Opinion→ opinion expressed by the auditor when auditor concludes that
FS are prepared in accordance with applicable fin rep framework
To obtain reasonable assurance, auditor shall obtain sufficient & appropriate audit
evidence to reduce audit risk to acceptably low level
o Sufficiency – quantity of audit evidence (affected by auditor’s assessment of
RoMM & quality of evidence
o Appropriateness – measure of quality of evidence (relevance and reliability)
Reliability influenced by source & nature
In order to form opinion, auditor conclude whether obtained reasonable assurance that FS
free from material misstatement :. take into account:
o Conclusion whether sufficient & appropriate audit evidence obtained
o Conclusion whether uncorrected misstatements are material – indiv. or in aggregate
2
o FS prepared in accordance with fin rep framework:
Adequate disclosure of sig acc policies
Acc policies are consistent
Estimates are reasonable
Info is relevant, reliable, comparable & understandable
FS provide adequate disclosure
Terminology is appropriate
d. Forming an Opinion on FS
2. APA Section 44
UNLESS
3
o Satisfied as to the fairness of the FS
o Complied with auditing pronouncements
e. Contents of the Audit Report (14 elements) → see study guide Appendix for example
2. Addressee → shareholders
6. Key Audit Matters → most significant matters in audit (only for listed co.s)
7. Other information → auditor has obligation to consider but not express an opinion on
o List other info on which opinion not expressed (Director’s report etc.)
o List auditor’s responsibility to review the info
4
9. Responsibility of Auditor
14. Audit report date – no earlier than date when sufficient & appropriate audit evidence obtained
Key audit matters → Those matters that, in the auditor’s professional judgment, were of
most significance in the audit of the financial statements of the current period. Key audit
matters are selected from matters communicated with those charged with governance.
Provides greater transparency about audit and additional info to intended users
Enhance understanding of matters considered to be of most significance during the audit
Not a separate opinion on individual matters or substitute for modified opinion
Key Audit Matters apply to listed entities or when auditor required by law to provide KAMs
Objective: det. KAMs and communicate those matters by describing them in the report
When det., take into account the following:
o Areas of higher assessed RoMM
o Significant auditor judgments & significant M judgment
o Significant events/txs
State in Report why significant & how addressed