Odt 300 Updated

COMPANIES ACT
Shares & Securities in a Profit Company
s35: Legal nature of shares:
Movable property
No nominal/par value
Co. can’t issue shares to itself
No rights until issued
Co. subsequently acquires its own shares/surrendere to co. = “authorized not issued” status
s36: Authorisation:
MOI set out

o classes + no. authorized to issue
o designation for class
o preferences, rights + limitations (also w/o then board classify later BUT can’t
issue until then)
MOI can authorize unclassified shares (classified by board later)
Changed only by
o Amendment of MOI by special resolution (require notice of amendment)
o BOD (increase/decrease no.; reclassify; classify; determine pref, rights, limitations)
s37: Prefs, rights, limitations
Each issued share = 1 general voting right

Every share has irrevocable right of s/h to vote on any proposal to amend P,R,L + other
terms associated with that share (seek relief ito s164 if notified co. + present at meeting +
voted against)
If co. has only 1 class of shares – vote on every matter + holders receive net assets on
liquidation
MOI can establish special/conditional voting rights, preferences, distributions, redemptions
etc.
s38: Issuing shares
BOD can issue shares within authorized SC or s36

If issue shares not authorized or >authorized shares, retroactively authorized in 60 bus
days
o If not, issue is nullity + co. return to person FV of consid. received
o Director liable ito s77 (present + failed to vote against)
1
s39: Subscription of shares
Prvt + personal liab. co. only

Prvt co. wants to issue shares, existing s/hs have right before other persons to be offered
+ subscribe for % of shares = to own holding (can subscribe for fewer; shares not
subscribed for offered to other persons)
s40: Consideration for shares
Issued only for:

o adequate consid. (det. by BOD before issue – can’t be challenged)
o ito conversion rights
o as caps share (s47)
If future services/pmt – considered received only when physical pmt/oblig. fulfilled :.shares
issued held in trust + tsfred later
o no voting rights
o pre-emptive rights exercised to extent pmt received
o distribution paid to extent pmt received OR credited to amt owing
o can’t be transferred w/o consent; tsfred to party to extent paid;
o if dishonoured/no pmt/fulfilment of oblig. (40 bus. days) – return to co. + cancelled by
DEMAND
s41: S/h approval to issue shares in CERTAIN CASES
Issue approved by special resolution if issued to:

o director, future director, PO, future PO of co.
o person related/inter-related to co./director/PO
o nominee of above
Above is NA if issue is:
o under agreement underwriting shares
o in exercising pre-emptive rights (s39)
o in prop. to existing holding + same terms & conditions offered to all s/hs
o ‘ee share scheme
o offer to public
If voting power of class of shares issued >=30% of ALL shares of that class – special
resolution
Director liable ito s77 (present + failed to vote against)
s42: Options
BOD det. consid. for which options + related shares issued

= decision to issue auth. shares
Director liable ito s77 if shares for which options issued not authorized
s43: Securities other than shares
BOD can issue secured/unsecured debt instruments + det. if secured/unsecured (doc must
indicate)
2
Can grant special privileges – attending + voting @ general meetings; appointment
directors; allotment, redemption, substitution of instrument for shares
Trustee – not director, PO or related; no conflicting interest in co.; knowledge +
experience; 75% instrument holders approval
s44: Financial assistance for subscription of securities
BOD can auth. co. to provide fin assist. (loan etc.) to any person to subscribe
for/purch. securities/options issued by co.
Can’t auth. UNLESS pursuant to:
o ‘ee share scheme; or
o special resolution adopted within prev 2 yrs approving
assistance AND
o BOD satisfied that after fin assist, S&L test satisfied + terms fair & reasonable to co.
If void, director liable ito s77
s45: Loans/Other fin assistance to Directors
BOD can auth. co. to provide direct/indirect fin assistance to director/PO/person related
Provide written notice to s/hs + TUs of ‘ees :
o Value > 1/10 of 1% of co.’s net worth: within 10 bus days after resolution
o Any other: within 30 bus days after end of fin yr
Can’t auth. UNLESS – same s44
If void, director liable ito s77
s46: Distributions must be auth. by BOD
Co. can only make distribution if:

o existing legal obligation/court order
o BOD has authorized
o S&L satisfied after
o BOD acknowledged application of S&L + concluded
If not completed in 120 bus days: reconsider S&L + adopt further resolution
s77 Director liable
s47: Caps Shares
BOD (by resolution) approve issue of caps shares + can also permit s/h entitled to caps
to elect to receive cash
Can’t offer cash UNLESS
o S&L ito s46
3
o BOD satisfied that comply
s48: Co./Subsid. acquiring Co. Shares
BOD can det. co. will acquire no. of own shares

BOD of subsid. det. if can acquire shares in holding co BUT
o not > 10% of issued shares in class can be held by all subsid. of co. together AND
o no voting rights exercised
No acquire if after acquisition, no shares in issue other than shares held by
subsid. or convertible/redeemable shares
Agreement by co. to re-acquire shares issued by it = enforceable (if unable due to above,
apply to court for order + prove breach then court make just order + ensure person paid
at earliest date)
s77 Director Liable
Special Resolution if co. to acquire its own shares from a director/PO/related person
Securities Registration & Transfer
s49: Securities evidenced by certificates or uncertificated
Securities either evidenced by certificates or uncertificated

Rights + obligations not different due to above
Can transfer from one to the other
s50: Securities Register & Numbering
Co. must have + maintain certificated + uncertificated securities registers

After issuing, enter in register: no. issued, names + addresses of s/hs, no. of
securities in trust/restricted transfer
Unless all shares rank equally – class of shares distinguished by numbering system
s51: Registration & transfer of certificated securities
Certificate
o State on face: co. name; person to whom issued; no. + class; transfer restriction;
o Signed by 2 auth persons
o = Proof of ownership
Transfers entered in securities register (for certificated)
s52: Registration of uncertificated securities
Person can request to see uncertificated securities register

Co. can request (+ with pmt of prescribed fee) person to furnish details of uncertificated
securities
4
Governance of Companies
s57 – s60: READ specifically s56 – s60
s61: Shareholders meetings (BOD det. location; held anywhere)
BOD can call s/h meeting @ any time

MUST hold s/h meeting
o need to refer matter to s/hs for decision
o to fill vacancy on BOD
o 1+ written & signed demands for meeting (incl. purpose + demands for same
purpose at least 10% voting rights)
Can apply to set aside if “frivolous”
Public co. – AGM: initially no more than 18 mths after incorp.; subseq. once every yr (no
more than 15 mths after prev meeting)
s62: Notice of Meetings (prescribed form + manner)
15 bus. days before for Public co. ; 10 days before for any other case
Can call meeting with less if: all present + waive notice
Immaterial defect in form + manner/failure to deliver = doesn’t invalidate action taken
In writing:
o Date, time, place
o Purpose
o Copy of proposed resolution
o Statement of entitlement to proxy
o AGM – must present FS
s63: Conduct of Meetings
Before meeting:
o present ID
o satisfied of right to participate + vote at meeting
Can be conducted electronically (as long as all can communicate concurrently)
o @ expense of s/h or proxy
Vote:
o by show of hands (1 vote each)
o polling (in acc. with voting rights)
5
s64: Meeting quorum & adjournment
Can’t begin meeting/decide on matter until sufficient persons present (25% of voting rights)
If >2 s/hs, meeting no begin unless:
o at least 3 s/hs present
o minimum of 25% voting rights satisfied
If in 1 hr, not met – postpone meeting 1 week / matter to later time in meeting (otherwise
adjourn 1 week)
No further notice of postponed/adjourned meeting unless location different
s65: S/h Resolutions
Ord. or Special
Any 2 s/hs:
o propose resolution (must be clear + specific + supported sufficient info)
o request to be submitted to s/hs @ meeting demanded/nxt s/h meeting/ written vote
S/h or director believe from not satisfy req., apply to court to
o restrain resolution being put to vote
o require approp. steps to alter resolution
Ord = 50%+ of voting rights
Special = 75% + of voting rights
MOI can alter % to higher % but at least 10% bet. ord + special
s66: Board, Directors & POs
Bus./affairs of co. managed by BOD – authority to exercise all powers + perform functions of
co.
BOD comprise:
o for Prvt/Pers. Liab. = at least 1 director
o for Public/Non-profit = at least 3 directors
Profit co. (other than SOC) – s/hs elect at least 50% of directors
Election/appointment = nullity if @ time, ineligible/disqualify. ito s69
Entitled to serve when – appointed + deliver written consent to co.
Remunerated ito special resolution adopted within prev. 2 yrs
s67: 1st director(s)
Incorporator = 1st director

40 days after incorporation – elect sufficient directors
s68: Election of directors of Profit Co.
Elected by persons entitled to exercise voting rights in such election

o series of votes
o each voting right exercised once
6
o vacancy filled only if majority support
BOD can appoint on temp. basis until election
s69: Ineligibility & Disqualification of persons to be director/PO
May not be appointed/elected as director or act as director

Co. may not knowingly permit to serve/act as director
Person placed under probation must not serve as director
Person ineligible if:
o juristic person
o unemancipated minor
o not satisfy qualif. in MOI
Person disqualified if:
o court prohibited from being dir./declared delinquent
o unrehabilitated insolvent
o prohibited ito public regulation
o removed from office of trust (misconduct/dishonesty)
o convicted + imprisoned for theft, fraud, forgery, perjury or offence (fraud,
misrep., dishonesty)
Disq. ends later of:
o 5 years after date of removal/completion of sentence
o Extension
s70: Vacancies on Board
Vacancy arises:
o term expires
o resign/die
o incapacitated + unlikely to regain capacity
o declared delinquent
o become ineligible/disqualified
o removed by resolution of s/hs / directors or order of court
Filled by:
o New appointment
o Election at next AGM, or within 6 months at s/h meeting or by poll
File notice in 10 days if person becomes/ceases to be director
s71: Removal of directors
Director can be removed by ordinary resolution by persons entitled to exercise voting

rights in election
7
Before consider resolution:
o Give director notice of meeting + proposed resolution
o Afford opp. to make presentation to meeting before resolution put to vote
If >2 directors + s/h or director alleges that a director:
o become ineligible/disqualified
o incapacitated
o neglected/been derelict in performance of
functions BOD must det. matter by resolution & may
remove director
o Give director notice of meeting + proposed resolution
o Afford director opp. to make presentation to meeting before resolution voted
Director concerned (or person who appointed) can apply to court in 20 days to
review determination
s72: Board Committees
Board can appoint any no. of committees + delegate any of auth. of BOD to com
Com can incl. persons who are not directors but:
o may not be ineligible/disqual. from being director
o no vote on matter to be decided by com
Com has full auth. of BOD iro matter referred to it
Minister can prescribe categ. of co.s must have SEC (look @ ann. turnover, workforce
size, nature + extent of activities)
o Co. can apply to Tribunal for exemption if prove some formal mechanism
performs same function or not necessary in public interest (exemption valid for 5
yrs)
s73: Board Meetings
Director auth. by BOD

o can call meeting at any time
o must call meeting if required by 25% if 12 members or 2 directors in any other case
Can be conducted electronically if all can communicated concurrently
Majority present before vote
Tied vote – chair casts deciding vote
Co. keep minutes + incl. in minutes declaration by notice + resolutions adopted
s74: Directors other than at meeting
Decision that could be voted on at meeting may instead be adopted by written consent of
majority of BOD provided each received notice = same effect as voting
s75: Director’s personal financial interests (not apply if decision affects all directors or class
of persons of which director is member UNLESS only members are the director + related; 1
person holds all ben interests and is only director)
8
If person only director but doesn’t hold all ben interests – may not
o approve/enter agreement in which person/related has personal fin interest
o det. any matter in which person/related has pers fin
interest unless approved by ORDINARY RESOLUTION after
director disclosed
Director/related has pers fin interest iro matter to be considered @ BOD meeting, director
o disclose interest + nature before matter considered
o disclose material info
o observations relating if requested to do so
o if present @ meeting, leave immediately after disclosure
o not take part in consideration
o while absent:
 regarded as being present (sufficient dir present to constitute meeting)
 not regarded present for det. resolution has sufficient support
o not execute any doc on behalf of co. relating to matter unless board requests
If director/related acquires pers fin interest in which co. has material interest, disclose
nature + extent of interest to BOD/s/hs
Decision, tx or agreement by BOD = valid in spite of pers fin interest, only if:
o approved following disclosure OR
o if approved w/o disclosure, was ratified by ORD RESOLUTION or declared valid by
court
s76: Stds of Directors Conduct
Director must:
o not use position/info obtained in capacity as director:
 to gain advantage for himself/another person other than co.
 knowingly cause harm to co.
o communicated all info comes to att. to BOD unless
 believes info is immaterial or generally avail.
 bound not to disclose
Director must perform functions:
o in good faith + for proper purpose
o in best interests of co. AND
o with degree of care, skill, diligence reasonably expected of person carrying
out same function
[Best interests + degree of..] satisfied if:
o D took steps to become informed about matter
o Either no mat. pers fin interest or disclosed pers fin interest (s75)
o made decision + believes in best interest of co.
s77: Liability of directors
9
Director held liable:
o common law iro breach of fid. duty or for loss, damage, costs sustained by co. due to:
 not disclosing pers fin interest
 using position/not commun. info to BOD
 not acting in good faith or in best interests of co.
o common law for delict due to:
 no degree of care, skill…
 breach Co. Act
 breach MOI
Director liable for costs, loss, damages sustained by co. due to:
o acting in name of co. etc. despite knowing lacked authority
o reckless trading (s22)
o party to act/omission despite knowing was to defraud creditor, ‘ee, s/h
o signed, consented to, authorized FS (false/misleading); prospectus with an untrue
statement
o present at meeting + failed to vote against… [OTHER SECTIONS]
 director can apply to court to set aside decision of BOD
Joint + several liability
Proceedings to recover costs, loss, damage from person held liable can’t commence more
than 3 yrs after act/omission
Any proceedings against director (other than willful misconduct/breach of trust), court can
relieve director if it appears to court that:
o acted honestly + reasonably
o fair to excuse director
s78: Indemnification & directors’ insurance
Any provision of agreement, MOI, rules of co. or resolution = void to extent that:
o relieves director of:
 duty to disclose pers fin interest or directors conduct
 liability ito s77
o negates, limits or restricts legal consequences iro willful breach of trust/misconduct
Co. can’t pay fine imposed on director if convicted of offence (unless based on strict
liability)
Co. can advance expenses to director to defend litigation due to services to co. &
directly/indirectly indemnify director for expenses if proceedings abandoned or exculpate
director
Can’t indemnify director:
o liability for
 acted in name, reckless trading, defraud
 willful misconduct/breach of trust
o fine
Co. can purchase insurance to protect director against liab/exp for which they can
indemnify dir. OR co. against contingency
10
Co. can claim restitution from director for money paid directly/indirectly in any manner
inconsistent with s78
Company Secretary
s86: Mandatory appointment of Co. Secretary
Public Co. or SOC must appoint a Co. Secretary

Every CS must:
o have requisite knowledge of/experience in relevant laws; and
o be permanent resident of Republic
First CS appointed by:
o incorporators; or
o within 40 days of incorporation by directors or ord. resolution
If vacancy – filled within 60 bus. days
s87: Juristic person/partnership may be appointed CS
Juristic/partnership appointed CS provided:

o no employee providing CS services/partner is disqualified from being director
o at least one ‘ee/partner meets s86
s88: Duties of CS
Accountable to BOD
Duties incl.:
o guidance to BOD ito duties, responsibilities & powers
o making aware of laws relevant to co.
o reporting to BOD any failure of co. to comply with MOI or Act
o ensuring minutes properly recorded ito Act
o ensuring copy of AFS sent to every person entitled to it
s89: Resignation/removal of CS
CS can resign by:

o giving 1 month written notice
o giving <1 mth written notice with approval of BOD
Auditors
11
s90: Appointment of Auditor
Public co./SOC must appoint upon incorporation and each yr @ AGM

o If not, within 40 days from incorp.
To be appointed:
o Must be registered Auditor
o Audit Com satisfied with independence
o Must not be:
 Director/PO of co.
 Director/PO/’ee of Co. Secretary
 ‘ee/consultant of co. engaged in maint. of fin records/prep of FS for >1yr
 Person who regularly performs duties of accountant/bookkeeper or
related secretarial work
 Person who was any of above during preceding 5 fin yrs
 Person related to above
Can be automatically reappointed unless:
o No longer qualified
o No longer willing to accept
o Required to cease
o Audit Com objects
s91: Resignation of Auditors & Vacancies
Effective when notice filed

If vacancy, appoint within 40 bus. days (if only one incumbent)
Before appointing:
o BOD propose to Audit Com, within 15 days, name of at least one RA
o If Audit Com doesn’t give notice of rejection within 5 days, proceed to appoint
s92: Rotation of auditors
Same individual cannot serve as Auditor for >5 consec. fin yrs
If served for 2+ consec. fin yrs and then cease, cannot be reappointed until further 2 yrs
s93: Rights & restricted functions
Has right of access at all times to

o books, acc records, docs of co.
o require from directors/PO any info/explanations necessary to perform duties
o current/former FS of subsidiaries of co.
o require from directors/PO of holding or subsid. any info/explanations necess. to
perform
Entitled to:
12
o attend any gen s/h meeting
o receive notice of/any other comm. relating to gen s/h meeting
o be heard at s/h meeting on any part concerning auditor’s duties + functions
Can apply to court for order to enforce above rights
May not perform services for co. that would place auditor in conflict of interest
Audit Committees
s94: Audit Committees
Public co., SOC or any other req. to ito MOI must elect audit committee with at least 3
members
First members appointed by:
o incorporators
o BOD within 40 days of incorporation
Each member must:
o be director of co.
o not be:
 involved in day to day management currently or in prev. fin yr
 PO/full time ‘ee of co. or related co. currently or in prev. 3 fin yrs
 material supplier/customer of co.
 any person related to above
Vacancy filled within 40 bus. days
Duties:
o Nominate auditor
o Det. fees to be paid to auditor
o Ensure appointment complies with Act
o Det. nature + extent of non-audit services
o Pre-approve agreement for non-audit services
o Prep report on:
 How carried out duties
 Satisfaction with indep. of auditor
 Comment on FS, acc policies + int. fin control
o Receive + deal with complaints ito acc practices, content/auditing of FS, int controls
Considering whether indep.:
o Ascertain that doesn’t receive remun. except as auditor + for agreed non-audit
services
o Consider whether indep. prejudiced by prev. appointment or extent of
consultancy/advisory work undertaken for co.
Appointed only if Audit Com satisfied with independence
Co. must pay all expenses reasonably incurred by Audit Com
13
Fundamental Txs, Takeovers & Offers
s112: Proposals to dispose of all or greater part of Assets or Undertaking:
Co. may not dispose UNLESS

o Special Resolution of s/hs ito s115 and
o Satisfied s115 req.
Notice of s/hs meeting in prescribed time + manner + summary of terms of tx
Undertaking/assets must be fairly valued at date of proposal
s114: Proposals for scheme of Arrangement
Board can propose + implement arrangement between co. & s/hs for:
o share consolidation, division, expropriation, exchange, re-acquisition or
combination of methods
Need indep expert to compile a report
o Qualified, competent & experienced
o Impartial
o Not related to co. or person related to co.
s115: Required approval for Txs
Co. may not dispose of all/greater part of assets or undertaking OR implement

scheme of arrangement UNLESS:
o Approved by:
 Special resolution by persons entitled to exercise voting rights on matter @
meeting
+ sufficient persons (25% + voting rights) present; and
 Special resolution of s/hs of holding co. if holding co. is external co.,
disposal and subsid disposal = greater part
o Pursuant to business rescue plan
Despite resolution, can’t proceed w/o court approval if:
o resolution opposed by 15% + voring rights within 5 days of vote
Holder of voting rights can seek relief ito s164 (notified co. + present at meeting & voted
against)
Remedies & Enforcement
s156: Alt. Procedures for addressing complaints or securing rights
Person can address contravention of Act, enforce provision or right by:
14
o ADR
o apply to Co. Tribunal for adjudication
o apply for relief with High Court
o filing a complaint with Panel or Commission
s159: Protection for whistleblowers
Applies to disclosure of info by person if:

o made in good faith to Commission…etc. and
o person making disclosure reasonably believed that co., director or PO
 contravened Act
 failed to comply with statutory obligation
 engaged in conduct endanger health + safety of any persons/harm environ.
 unfairly discriminated or condoned it
 contravened any other legislation (exposing co. to liability)
S/h, director, co. secretary, PO, supplier or ‘ee making disclosure:
o qualified privilege
o immune from civil, criminal or admin liab.
o entitled to compensation from another for damages suffered if:
 conduct to cause detriment
 threat + intends person to fear or reckless to cause person to fear
Public co./SOC system to receive confidential disclosures + publicise availability of system
s162: Application to declare director delinquent or under probation
Co.,s/h, director etc. (not ‘ee) apply to court for order to declare person delinquent or
under probation if:
o person is director or within 24 mths preceding was a director
Court declare delinquent if:
o Served as a director while ineligible or disqualified ito s69 (lifetime)
o While under order of probation, contravened order (lifetime)
o While director:
 abused position
 took personal advantage of info
 intentionally/gross negligence inflicted harm on co./subsid.
 acted with gross negligence, willful misconduct or breach of trust
o At least twice convicted of offence, admin fine or penalty
o 5 yrs was director/managing member of 1+ co.s convicted of offence/admin fine or
penalty
*Rest subsist for 7 yrs or longer
15
Person placed under probation if: (no longer than 5 yrs)
o While director:
 present at meeting + failed to vote against resolution (co. no meet S&L test)
 acted inconsistent with duties of director
o Period of 10 yrs, director of 1+ co. & during time, 2+ co.s failed to pay creditors/oblig.
Court can order remedial education, community service or pmt of compensation

Person can apply to court to suspend or set aside order
s164: Dissenting s/hs appraisal rights
Co. give notice to s/hs of meeting to consider resolution:

o to amend MOI by altering pref, rights & limitations of class of shares in materially
adverse manner
o enter into s112 or s114 tx
- must inform s/hs of rights under s164
Before resolution, s/h can give co. written notice of objection and:
o Demand (within 20 days of notice) co. pay s/h fair value of shares held in the co. if:
 S/h sent notice of objection and
 holds shares of class materially and adversely affected;
 Co. adopted resolution
 S/h voted against & complied with procedural req.
o Co. must pay agreed amt in 10 bus days after s/h accepted offer
S/h can apply to court to det fair value and make order requiring co. to pay
Fair value det. at date & time immed. before adopted resolution
If co. unable to pay debts in 12 mths:
o apply to court to vary obligation :. make order just & equitable + ensure person
paid at earliest possible date
Offences, Miscellaneous Matters & General Provisions
s213: Breach of confidence
Disclose confidential info obtained ito carrying out a function of Act or from
initiating a complaint/proceedings of Act = OFFENCE
Not apply to:
o required by court or law
o for justice
16
o at request of Commission, Tribunal, Panel etc.
o for enforcement of Act
s214: False statements, reckless conduct & non-compliance
Person is guilty of offence if:

o party to falsification of acc records of co.
o with fraudulent purpose provide false/misleading info where info req. ito Act
o party to act/omission by co. to defraud a creditor, ‘ee or s/h
o party to prep, approval, publication of prospectus or written statement with
“untrue statement” therein
s215: Hindering administration of Act
Offence to hinder, obstruct or improperly attempt to influence Commission, Panel,

Tribunal, investigator or court when any of them is exercising a power or perf. duty
ito Act
s216: Penalties
Any person guilty of an offence is liable:

o in case of s213 (Breach of confidence) or s214 (false statements, reckless
conduct & non- compliance), fine or imprisonment not exceeding 10 yrs or both
o in any other case, a fine or imprisonment not exceeding 12 mths or both
s218: Civil Actions
Any person who contravenes any provision of this Act is liable to any other person
for any loss or damage suffered by person as result of contravention
17
GENERAL COMPUTER
CONTROLS
General computer controls are controls which establish an overall framework of control
for computer activities. They should be in place before any processing of transactions gets
underway and they span across all applications.
Categories
1. Control environment
2. System development &
implementation
3. Access controls
4. Continuity of operations
5. System software & operating
controls
6. Documentation
1. Control environment
1.1 Communication & enforcement of integrity and values
- King III : IT governance must be cultivated and promoted and should align with the
ethical culture of the organisation.
- Strong ethical culture is NB because IT personnel have access to confidential and sensitive info.
- IT management should communicate a code of ethical behaviour, comply with it
themselves & take strong remedial action against those who fail to comply.
1.2 Commitment to competence
- demands are high i.t.o. skills, knowledge and ability to handle pressure, for IT jobs
- IT management should be committed to matching the above to an individual’s job
description. Performance reviews & regular discussions w/employees encourage this
3
1.3 Participation by those charged with governance
- King III: governance is the overall responsibility of the board & it should provide
leadership & direction to ensure that IT achieves, sustains & enhances the
company’s strategic objectivity
- Board should appoint an IT steering committee to assist with governance of IT
- IT dept. Should not be seen as a “separate” entity only answerable to itself
1.4 IT managements philosophy & operating style
- This comes down to their attitudes, control, awareness and actions.

- Their actions set the tone of the dept.
- Their philosophy and management style must demonstrate, communicate and
enforce sound control.
1.5 Organisational structure & assignment of authority & responsibility
- Organisational structure should achieve 2 major objectives

1. Establish clear reporting lines/levels of authority
2. Lay foundation for segregation of duties (w/in IT dept.)
- King III: CEO should appoint CIO who is suitably qualified and experienced.
He should interact on a regular basis with
o The board
o Steering comm. and audit comm.
o Executive management
- Overall functions of supervision, execution and review w/in the dept. should be
segregated as far as possible
- Job descriptions, levels of authority and responsibilities assigned to IT personnel

should be documented
It dept should be entirely separate from user dept.
1.6 HR policies and practices
42
- Same as for other skilled personnel
- Characteristics of honesty, competency and trustworthiness of personnel are
paramount in the comp environment
- Proper recruiting policies, careful checks
- Immediate exclusion from computer facilities if ee’ is dismissed
- Compulsory leave ee’s involved in unauthorised tx’s will be uncovered
- Training and development to keep staff up to date and fulfil their functions effectively
- Written formalisation of HR policies
- Rotation of duties
- Strict policies pertaining to private use of computer facilities by IT personnel (and
other ee’s should be in place) eg. Internet use and running private jobs
2. Systems Development & Implementation Controls
Systems development = significant changes relating to computerized systems :. following aspects can
either be new or significantly changed: hardware, software, communication devices, personnel
procedures, docs, control procedures.
If not controlled, following risks:
 development costs too high

 system design doesn’t suit user req.
 programs with errors or bugs
 NB fin rep req not incorporated into system or incorrectly understood by programmer
 new system doesn’t incorporate enough controls
 users don’t know how to use system
 info transferred = erroneous, invalid or incomplete
2.1 In-house Development & Implementation of Systems: (11)
1. Standards:
Development should have pre-defined standards

Compliance with stds monitored + followed up
2. Project Approval
5
Carry out feasibility study which results in:
o in-house development proposal
o proposal to purchase software
o rejection of project
Cost-benefit anaylsis performed which gives money value to requirements for project + benefits
Steering Committee approval
3. Project Management
Project team (IT, user, accounting + internal audit personnel) formed by Steering Committee
Planned in stages
Responsibility allocated to approp. staff
Deadlines set
Progress monitored to ID problems
Regular progress reports
4. User Requirements
Business Analysts determine + document user requirements

Consult with internal + external auditors about req. + recommendations for internal controls
Management of user department must sign specifications to indicate satisfaction
5. Systems Specifications & Programming
Specifications documented
Programming should be ito std programming conventions
Carried out in development environment + no access to live environment
6. Testing
Coding tested by programmers (program tests + string tests)

System tested as whole (systems tests)
Output level tested by management, users + auditors (user acceptance tests)
7. Final Approval
Results of tests reviewed

Final approval from BOD, users, internal audit + IT personnel
8. Training
Formal training programme set up (personnel trained, dates, times, who is training them)
User manuals + new job descriptions compiled
9. Conversion: ensure programs + info taken to new system are complete, accurate & valid
6
Conversion considered a project in itself
Data cleanup (checked + discrepancies resolved)
Conversion Method selected:
o Parallel processing
o Immediate shut-down of old when new is implemented
o Conversion of entire system at once
o Phasing in different aspects over a period
Controls over Preparation & Entry of data onto new system
o old + new file comparisons
o reconcile original to new files using record counts & control totals
o follow up exception reports
10. Post-Implementation Review
Users, IT personnel & auditors review system several months after implementation
11. Documentation
Project, all activities took place + system itself documented and docs backed up + stored offsite
2.2 Packaged Software: (3)
Major difference = co. has no control over specifications + development

Designed to meet generic requirements for lots of users with similar needs
1. Advantages
Lower cost
Project is far quicker (development + testing done by developers)
Can be demonstrated upfront
Technical support available (from skilled + knowledgeable individuals)
Can usually upgrade on ongoing basis
2. Disadvantages
Doesn’t meet exact requirements

Overseas software may not satisfy SA req ito tax or fin rep
Purchaser can’t make changes to software
3. Controls
Run as a project (by a team)

Project approval: feasibility study to det. user needs, specifications of packages, costs
& benefits, technical support, reliability of supplier
Approval from users, internal audit + steering committee
7
Purchase authorization from CIO + BOD
Train affected IT personnel + users
Conversion – same as in-house development
Post Implementation Review - same as in-house development
Documentation – planning + execution of project documented
2.3 Programme Change Controls (Programme Maintenance)
Ongoing need to modify applications to meet changes in user req., improve ways of
presenting info etc. This requires changes to application programme – control to prevent
unauthorised changes!
Programme Change Stds adhered to

Requests for changes documented on pre-numbered, pre-printed change control
forms (CCF) + listed in register
Requests evaluated + approved by user department (application changes), IT manager
(application
+ systems changes) & steering committee (major changes)
Programme changes made only by programmers
Major change managed as a mini project
Changes made to development programme NOT production programme
Changes tested by programmer + indep. snr programmer
Changes discussed with users + internal audit & they should sign CCF if they approve
Change exercise itself documented
Amended programme copied to live environment by indep technical administrator
Changes should be automatically logged by computer
IT manager review log + reconcile it to CCFs & register
3. Access Controls
- prevent unauthorised access to a system (data & programmes) & to the hardware
- allow authorised employees to access hardware, programs & data they require to do
their jobs effectively & efficiently
- Access to following must be controlled:
o Hardware
o Computer functions – system level
o Computer functions – application level
o Data files/ databases
o Utilities
o Documentation (electronic or hard copy)
o Communication channels
-
8
3.1 Security Policy
- Addresses security standards which management need to achieve maintain integrity of

Co.’s
hardware & software
- Documented
- Based on principles rather than detailed procedures
o Least privilege: employees given access to only the aspects of system nec. for
proper performance of their duties
o Fail safe: if control fails whatever control was protecting should remain safe
(i.e. system should rather shutdown than allow uncontrolled access)
o Defence in depth: protection is from a number of controls rather than just one
o Logging: record activity not effective control unless logs are regularly &
frequently reviewed & follow up action taken where control violations are
identified
3.2 Physical Access Control
- Equipment (e.g. CPU, servers, secondary storage devices, etc.) housed in data centre
- Physical controls prevent unauthorised entry to IT data centre
o IT department could be contained in separate building/ wing
- Dedicated room for equipment to be housed (data centre)
- Access to IT building (or wing) controlled & further access to data centre far more strictly
controlled (people may have access to IT department but then access to data centre is
denied)
- Physical Controls:
o Visitors to IT building should:
 Have official appointment to visit IT personnel
 On arrival cleared at entrance (e.g. by phone call to IT department)
 Be given ID tag & escorted to department
 Not be able to gain access through the locked door (i.e. must “buzz”)
 Wait in reception to be met by whoever they have come to see
 Be escorted out the department at conclusion of meeting
o Company Personnel (other than IT personnel)
 No need for other personnel to enter data centre
 Access to IT department controlled practical manner other personnel
will need to be in contact with IT department staff regularly
o Physical entry to data centre
 Only individuals who NEED access to data centre should be able to gain entry
 Access points limited to 1
 Access through a door which is locked
 Locking device pin code/ swipe card
 Entry/ exit point may be under CCTV
o Remote workstations/ terminals (distributed around the offices)
9
 Locked & secured to desk
 Placed where they are visible
 Not near a window
 Offices should be locked at night & on weekends
3.3 Logical Access Control
- Preventive (prevent unauthorised access via terminals)

- But supported by logs which are detective
- Only authorised individuals gain access to facilities on a least privilege/ need to know basis
- Use of access control software & other programs
- Identification of users & computer resources
o Users User IDs; magnetic card/ tag; biometric data
o Terminals terminal ID number or name
- Authentication of users & computer resources (verify that user of ID is owner of ID)
o Users unique password, piece of information (i.e. great grandmother’s 1 st
name), connecting a device to the USB port (i.e. a “dongle”)
- Authorisation (define levels/ types of access
o Access to programmes & datafiles which user is authorised to have access to in
order to perform his job
o Read only or read-and-write
o Terminals can have restrictions to certain applications & can have restricted
hours of operation
- Logging recording access & access violations for later investigation (detective control)
- Access tables details defined in tables to which system can refer – tables identify
“objects” and “conditions” which computer has to “know” in order to be able to control
access:
o All authorised PCs
o All authorised users
o All passwords
o All programs
o All possible modes of access & time of day
o IT manager/ senior IT staff & senior user personnel create profiles for
employees which specifies combinations of objects & conditions to be authorised
o Details of user profiles stored in secure file on system
o Access profiles are usually set up for “group users” rather than for individuals
- Controls over passwords
o Unique
o >6 characters random; mix of letters, numbers, upper/lower case & symbols
o Passwords/ user IDs for terminated/ transferred personnel should be removed/ disabled
o Changed regularly
o New employees must change issued password on first use
o Not be displayed (i.e. on PCs, slips of paper)
o Password files subject to strict access controls encryption
10
o Personnel prohibited from disclosing password disciplinary measures should
they do so
o Changed if confidentiality has been violated
o Not be the same as user ID, not be obvious (e.g. birthdays, names, etc)
3.4 Other Access Control Considerations
- Data communication transmission of information from sender to receiver in electronic

form via a link (e.g. fixed line, fibre optic cable or wireless technology)
o Implementation of specialised software which is responsible for:
 Controlling access to network
 Network management (e.g. traffic flow)
 Data & file transmission (e.g. ensuring entire message is delivered)
 Error detection & control (data received is same as data sent)
 Data security (protection of data during transmission
o Encryption of data being transmitted
o Protection of physical cabling
- Firewalls access control gateway which restricts what traffic can flow in & out of
network when connected to an external network
o Includes anti-virus software & intrusion detection software
o Firewalls should be tested regularly, be up to date & warnings must be logged
and followed up on
- Libraries may be in electronic form or physical form (documentation, data stored on
discs & tapes)
o Physical access controlled
o Information on storage device password protected
o Issue of items from library should be authorised & recorded
o Externally labelled
- Root access/ system wide access/ super-user privileges virtually unlimited powers
to access & change all programs & data without a trace
- Utility programs/ database access Access to utility programmes & high level access
to database – can change/ delete data without leaving an audit trail
3.5 Supplementary Access Controls
- Automatic account lock-out (i.e. incorrect password entered 3 times)

- “time-out” facilities
- Automatic logging, review & follow up of access & access violations
- Encryption of confidential & critical information
- Sensitive functions & facilities afforded extra protection requiring 2 or more passwords
- Additional once-off passwords to protect sensitive transaction
11
4. Continuity of Operations
Controls aimed at protecting computer facilities from natural disasters as well as acts of
destruction, attack or abuse by unauthorized people.
4.1 Risk Assessment
Auditor will evaluate whether:
Assessing IT risk = integral part of co.’s risk assessment procedures (RAPS)

Approp. level of experience + knowledge ito IT risk on risk committee
Risk Com meets regularly + avail. to deal with threat on ongoing basis
Risk Com recognizes + assesses types of threats relating to IT (fraud, theft,
physical damage, hacking, viruses, non-compliance with IT laws etc.)
Risk assessment protocols followed
Assessments documented + reported to BOD
Responses to risks are recorded, implemented + monitored
4.2 Physical Security
Controls pertaining to data centre:
Location:
o away from obvious hazards (river banks, main traffic areas, factory, hazardous materials)
o within secure area within a building (no outside walls + windows)
o secure door + access control devices
Fire & Flood:
o Automatic gas release, smoke detectors, fire extinguishers, no smoking allowed
o Situated above ground level + away from water mains
o Raised flooring in computer room
Power surges:
o “uninterrupted power supply” equip. + back-up generators
Heat & Humidity:
o Air conditioning (on own electrical circuit)
Physical Access Controls: see 5.3
12
4.3 Disaster Recovery
Disaster recovery plan:
o written doc of procedures + ‘ees to carry out
o widely available
o addresses priorities
o plan is tested
Backup strategies: copies of all/parts of files, databases, programmes
o frequently back up significant accounting + operational data + programme files
o 3 generations of backups maintained (grandfather, father, son)
o most recently backed up info stored off-site
o backups in fireproof safes + on-site backups stored away from computer facilities
o critical data + programs copied in real time to “mirror site”
o copies of user + operations docs kept off-site
4.4 Other Measures
Regular maintenance + servicing of equip.

Insurance cover
Disaster recovery not dependent on one staff member
Support from suppliers
Fire walls + anti-virus software
5. System Software & Operating Controls

System software controls use of hardware & applications & end-user software
- Systems software is made up of various kinds of software:

o Operating system software which
 Controls use of hardware
 Tests critical components of hardware & software when computer is started
 Controls input & output of data
 Schedules use of resources & programmes (efficient & orderly manner)
 Monitors activities of computer & keeps track of each programme &
users of software
 Provides interface with user
o Network management software enables computer systems to communicate
with each other
o Database management software enables user to create, maintain & use
data files in efficient & effective manner
o System development software used to develop new software
13
o System support programmes such as anti-virus software, data compression
software, etc.
- Controls should be in place to make sure computer system (hardware & software)
is running smoothly & effectively:
o Operating policies & procedures which are fully documented, regularly
reviewed & updated
o Log of activity (e.g. hardware malfunction, intervention by personnel during process)
o Skilled technicians to resolved operating problems for users
o Adherence to international system software control protocols
o Follow up on access violations
o Follow up on potential virus infection
o Adherence to manufacturers’ equipment, maintenance & usage guidelines
o Strict supervision & review of IT employees
6. Documentation
- Sound documentation policies are essential documentation critically important:
o Improving overall operating efficiency
o Providing audit evidence (i.r.o. computer related controls)
o Improving communication at all levels
o Avoiding undue reliance on key personnel
o Training of users when systems are initially implemented
- 2 major objectives:
o All aspects of computer system should be clearly documented
o Access to documentation should be restricted to authorised personnel
- Documentation standards pre-determined standards should exist &
adherence to documentation enforced, these standards should require at
least:
o General systems descriptions
o Detailed descriptions of program logic
o Operator & user instructions (incl. error recovery procedures)
o Back-up & disaster recovery procedures
o Security procedures/ policy
o User training
o Implementation & conversion of new systems
- This document should be promptly updated for any changes & responsibility for this
task should be allocated to specific individuals (isolation of responsibility)
- Back-up copies of all documentation should be stored off-site
- Access to documentation should be restricted to authorised personnel
14
APPLICATION COMPUTER
CONTROLS
Application Control is any control within an application which contributes to the accurate &
complete recording & processing of transactions which have actually occurred, and have been
authorized.
Includes control over masterfiles which are used to store standing info & balances.
 Application Controls described ito stages through which tx flows:

o Input
o Processing
o Output
 Controls centred around:
o Occurrence & authorization: ensures txs & data
 are not fictitious or fraudulent
 are in accordance with activities of business
o Accuracy: concerned with minimizing errors
o Completeness: data & txs not omitted/incomplete
1. Control Activities in a Computerised Accounting System
1.1 Introduction
 Application ctrls = combination of manual & automated procedures

 Manual ctrls = user controls and include all ctrls which people carry out
1.2 Segregation of Duties
 Achieved by controlling access which ‘ees have to the system itself, applications on it
& modules within the application
 Achieved by setting up user profiles that detail exactly what ‘ee must be given access to
& what he can do when he has access
1.3 Isolation of Responsibilities
 Computer produces a log of who did what & when they did it
 If log is properly followed up, becomes an effective way of isolating responsibility
 Unique user IDS & Passwords to record identity of ‘ee performing the duty/tx
1.4 Approval & Authorisation: any overrides will be logged :. follow up
 System programmed not to proceed if certain conditions/controls have not been satisfied
1
 Can’t place order with supplier who isn’t on Approved Supplier Masterfile
 Limits placed on discounts that can be granted
 Can’t proceed with EFT unless 2 passwords entered to authorize
 Preset parameters that need to be satisfied
 On-screen authorization by authorizing person e.g. “Approve” option
1.5 Custody
 Cash in the bank – control unauthorized removals from bank acc. by:
o Controlling co. cheque book
o Limiting signing powers to snr officials
o Reconciling cash book with bank statement
o EFTs: 2 snrs authorizing & releasing the funds
 Debtors – matter of protecting information about debtor in Masterfile, tx files & supp. docs
 Electronic data protected by:

o Access controls
o Continuity of operations controls (physical controls & disaster recovery controls)
1.6 Access Controls
 Access violations have serious consequences:

o Destruction of data
o “Theft” of data
o Improper changes to data
o Recording of unauthorized or non-existent txs
 Access can be limited to certain terminals
 Access restricted ito user profiles/access tables at both systems level & applications level e.g.
o Systems level: access to application restricted to particular users
o Application level: access to program functions restricted to particular users on
“least privilege” basis e.g.
 restrictions on access to module
 restrictions ito mode of access e.g. read-only
 time of day restrictions e.g. working hrs only
 extent of access to data
 PC time out facilities & automatic shutdown in face of access violation
 Summary:
o Valid user ID: user identifies himself
o Valid Password: user authenticates himself
o Access only to those programmes + files to which he is authorized (only those
authorized to use will appear on screen or if selects programmes doesn’t have
access to, nothing will happen)
1.7 Comparisons & Reconciliations
2
 Computerised system automatically compares data on the system and produces reports
 More accurate and effective than manually
1.8 Performance Reviews
 Reviews & analysis of actual performance vs budgets, forecasts & prior period performance
 Computerised system can produce a number of useful reports, comparisons, recons &
reasons for differences.
 Txs can be tracked on screen as they are carried out.
2. Control Techniques & Application Controls
2.1 Batching
- Assists in controlling an activity which will be carried out on a batch of transactions

intention of making sure all transactions in batch were subjected to activity & activity
was carried out accurately & no invalid transactions were added to the batch
* Source documents are grouped into separate batches & control totals manually
computed
o Financial totals: totals of any fields holding monetary amounts
o Hash totals: totals of any numeric fields
o Record counts: totals of no. of records in batch
* Batch control sheet should be prepared & attached to each batch, batch
control sheet should contain:
o Unique batch number
o Control totals for batch
o Identification of transaction type
o Spaces for signatures of all people who deal with the batch
* Batch register used to record physical movement of batches, signed by recipient of
batch
* Batch control system works as follows
o Details of batch keyed into computer to create batch header label
o Info off each record in batch is keyed in & subjected to programmed
validation checks
o Computer calculates its own control totals & compares to totals manually
computed
o If totals agree & no other errors detected batch is accepted for
processing otherwise batch is rejected & sent for correction
o Control totals are “attached” to a batch & follow batch throughout process
- Batch assists with following:
* Identifying data transcription errors
* Detection of data captured into incorrect field locations
* Detection of invalid/ omitted transactions/ records for a batch
 Batch entry; batch processing/ update
3
~ Transaction data captured initially onto manually prepared source documents
~ Source documents collected into batches, usually after manual checks have
been performed & entered via the keyboard with control totals in these
batches (relevant programme checks take place as info is keyed in)
~ Transaction info converted into machine readable form & held on a transaction
file on the computer system
~ Transactions are then processed as a batch when it is convenient to do so &
relevant masterfiles are updated
~ Control totals before & after processing are compared
~ Not common, slow & info is not up to date
 On-line entry; batch processing/ update
~ Transaction data entered via a keyboard immediately as each transaction
occurs (relevant programme checks take place as info is keyed in)
~ Transaction info is converted into machine readable form as each transaction
occurs & is held on a transactions file on the computer system
~ Control totals are created by the computer on the batch for the transactions file
~ Transactions are processed as a batch & relevant masterfiles are updated
~ Entry of transaction is efficient, but info is not immediately up to date
 On-line entry; real-time processing/ update
~ Transaction data entered via a keyboard immediately as each transaction
occurs (relevant programme checks take place as info is keyed in)
~ Relevant masterfiles are updated immediately
~ Entry of transaction is efficient & info is right up to date
2.2 Screen Aids & related features
- All the features, procedures or controls built in application software & reflected on screen
to
assist user to capture info accurately & completely
- And to link the user’s access privileges to screen in front of them
* Minimum keying in of info: less info that has to be entered, the less errors are
likely to occur & less time it takes (i.e. drop down menus)
* Screen formatted: in terms of what hardcopy would look like; & to receive
essential data in order it is required
* Screen dialogue & prompts: messages sent to user to guide them
* Mandatory fields: keying in will not continue until a particular field has been
entered (highlighted / indicated with a star)
* Shading of fields: will not react if “clicked-on” - can’t be changed
2.3 Programme Controls – Input & Processing
- Controls built into application software intention of validating/ editing info/ data
- Errors are reduced & info is provided timeously
- An error in programming can undo benefits of input controls & error will be processed
4
over & over again
- Input controls:
* Existence/ validity checks:
~ Validation checks: validate data keyed in against masterfile
~ Matching checks: input matched against data that is already in database
~ Data approval/ authorisation checks: test input against a preset
condition
* Reasonableness & limit checks
~ Limit checks: detect when field entered does not satisfy a limit which
has been set (hrs worked; credit limit etc.)
~ Reasonableness checks: data must fall within reasonable limits when
compared to other data (usually for orders place)
* Dependency checks: entry will only be accepted depending on what has been
entered in another field
* Format checks
~ Alpha-numeric checks: data can only be numeric or alphabetics
~ Size checks: pre-set size limit
~ Mandatory field/ missing data checks: detect blanks where none should
exist
~ Valid character & sign check: letters, digits or signs entered in a field
are checked against valid characters/ signs in that field (minus sign can’t
be entered in a quantity field)
* Check digits: a redundant (extra) character added to an account number (for
incorrect codes/account no.s etc.)
* Sequence checks: detect gaps/ duplications in sequence of numbers
- Processing controls: assist in ensuring data is processed accurately & completely
* Programme edit checks
~ Sequence test: detect gaps
~ Arithmetic accuracy check: reverse multiplication
~ Reasonableness/ consistency/ range test: result compared to
other info for reasonableness
~ Limit test: predetermined limit
~ Accuracy test: totals of all columns added across & compared to total
amount
~ Matching: comparing data which has been processed against data
which is already in database
* Programme reconciliation checks: recons of control & other totals (pre-
processing totals reconciled to post-processing totals)
~ Control totals: record counts, hash totals from input compared to record
count & hash totals after processing
~ Run-to-run totals: final balance after processing compared to opening
balance & individual totals of transactions
~ Parity checks: redundant bit is added to data to make the sum of
bits in the data even or odd (change in parity indicates an error has
5
occurred)
~ Valid operation code: processor checks if instruction it is executing is
one of a valid set of instructions
~ Echo check: processor sends activation signal to input/ output device
– that device returns a signal showing it was activated (used to detect
corruption of messages in transit)
~ Equipment check: input/ output devices are activated prior to a
read/ write operation to ensure they work correctly
2.4 Output Controls
- To ensure output is accurate & complete & that its distribution is strictly controlled
* Controls over distribution will include preventive controls such as:
~ Clear report identification: name of report, time & production no. of
report, processing period covered, sequenced pages & “end of
report” messages
~ Distribution matrix of who is to receive which output & when
~ Movement of hardcopy should be controlled by distribution list &
entered in a register
~ Confidential info designed to promote confidentiality (i.e. sealed
envelopes)
~ Output not required should be shredded
* User controls will include (all detective controls)
~ Review of output for completeness
~ Recon of input to output
~ Review of output for reasonableness
~ Review & follow up of any exception reports produced during processing
2.5 Logs & reports
- Used as detective/ monitoring controls to provide additional assurance that

computer processing is valid, accurate & complete
- Computer usage is authorised & productive
- Need personnel to review & follow up
* Audit trails: provide listings of transactions & summaries & lists of tables/
factors used in processing
* Run-to-run balancing reports: provides evidence that opening balances
which have been updated by a series of transactions have resulted in
correctly calculated closing balances
* Override reports: provides a record of computer controls which have been
overridden by employees using supervisory/ management privileges
* Exception reports: provide a summary listing of any activities, conditions or
transactions which fall outside of parameters which have been set for control
purposes
* Activity reports: provide a record for particular resource, of all activity
6
concerning that resource
* Access/ access violation reports: important log for sensitive applications i.e.
banking & payroll
4. Masterfile Amendments
- Masterfile contains NB data which if not protected from unauthorised change can have
negative results for company
- Objective of application controls over masterfile amendments :
o Only valid (authorised) amendments are made to masterfiles
o Details of amendment are captured & processed accurately & completely
o All masterfile amendments are captured & processed
* Record all masterfile amendments on a source document (Masterfile
Amendment Forms – pre-printed, sequenced)
* Authorise MAF – signed by 2 reasonably senior personnel, cros referenced to
supporting doc.
* Review masterfile amendments to ensure they occurred, were authorised
& were accurately & completely processed
7
AUDIT PLAN
3.1 UNDERSTANDING THE ENTITY & ITS ENVIRONMENT, INCLUDING ITS INTERNAL
CONTROL
RECOGNITION OF PRIOR LEARNING: ODT 200 Work
 Term “Internal Control” (IC) , areas of business it relates to & interest of management (M) +
auditors in ICs
 Five components of IC
 Purpose of IC
 Limitations of IC
 Different techniques to document info on accounting + IC systems of a business
 Assertions
 Computerised environment’s impact on IC
 Business cycles
o Revenue & Receipt
o Acquisition & Payments
o Payroll & Personnel
o Production & Inventory
o Cash & Bank
3.1.1 The Auditor’s Objective when obtaining an understanding of the

entity, its environment, including Internal Controls
Objective of auditor is:
 to identify & assess the risks of material misstatement

 whether due to fraud or error
 at the assertion level
 through understanding the entity & its environment
 including entity’s internal control
 thus providing a basis for designing + implementing responses to assessed risks
1
3.1.2 Aspects of Entity, its Environment incl Internal Control that Auditor should
obtain an understanding of (incl. fraud, relevant laws + regulations & corporate gov
(ODT 200))
ISA 315: INTERNAL CONTROL
a. The Entity & Its Environment
Auditor obtain understanding of:
 Relevant industry, regulatory + other external factors

 Nature of entity:
o Operations
o Ownership + governance structures
o Types of investments
o Way entity is structured + financed
 Entity’s selection + application of accounting policies (incl. reasons for changes thereto)
 Entity’s objectives + strategies & related business risks
 Measurement + review of entity’s fin performance
b. Entity’s Internal Control
When obtaining understanding of controls relevant to audit, Auditor must evaluate design of
controls to determine if they’ve been implemented by performing procedures in addition to
inquiry.
COMPONENTS OF INTERNAL CONTROL
1. Control Environment:
Auditor evaluate whether:
 Management (M) created + maintained culture of honesty & ethical behavior

 Strengths in control environment provide approp. foundation for other components
2. Entity’s Risk Assessment Process:
Auditor obtain understanding of whether entity has process for:
 ID business risks relevant to fin rep objectives

 Estimating significance of risks
 Assessing likelihood of occurrence
 Deciding which actions to address risks
2
3. The Information System → communication of roles & responsibilities ito fin
reporting Auditor obtain understanding of information system, including following
areas:
 Classes of txs significant to FS

 Procedures by which txs are initiated, recorded, processed, corrected + transferred to GL +
reported in FS
 Related accounting records + supporting info
 How Info System captures events & conditions (other than txs) significant to FS
 Fin Rep Process used to prepare FS (incl. Accounting estimates + disclosures)
 Controls surrounding jnl entries
 Ensure info required to be disclosed ito fin reporting framework is accumulated,
recorded, processed & reported on
4. Control Activities relevant to the audit
5. Monitoring of Controls
Process to assess the effectiveness of internal controls performance over time.

Auditor obtain understanding of:
 Major activities used to monitor internal control relevant to fin reporting

 How entity initiates remedial actions to deficiencies in controls
 Internal audit function – communicate & share information
 Sources of info used in monitoring activities & basis on which management considers it
reliable
ISA 240: FRAUD Read A1 – A27
a. Scope
Auditor’s responsibilities relating to fraud in an audit.
b. Characteristics of Fraud
 Misstatements in FS arise from either fraud or error – distinguishing factor is whether action is
intentional or unintentional.
 2 Types of Fraud:
o Fraudulent Financial Reporting (manipulation, falsification, misrepresentation or
intentional omission)
o Misappropriation of Assets (theft; usually by employees; personal use of assets etc.)
 Auditor may suspect/ID fraud but doesn’t make legal determinations of whether it has
occurred
3
c. Responsibility for Prevention & Detection of Fraud
 Primary responsibility = those charged with governance + management of entity
 Must create a culture of honesty & ethical behavior
 Oversight by those charged with governance includes considering potential for override of
controls
Responsibilities of the Auditor
o Obtain reasonable assurance that FS as a whole are free from material misstatement
o Due to inherent limitations, there’s unavoidable risk that some mat. misstatement
may not be detected
o Risk not detecting mat. misstatement resulting from fraud is higher than from error –
fraud may involve sophisticated schemes designed to conceal:
 Forgery
 Deliberate failure to record txs
 Intentional misrepresentations to auditor
o Risk of not detecting misstatement due to management fraud greater than for employee
fraud
 Management in position to manipulate accounting records, present fraudulent fin
info or override controls
o Auditor responsible to maintain professional skepticism
d. Objectives
Objectives of Auditor:
 ID + assess risks of mat. misstatement due to fraud

 Obtain sufficient approp. evidence
 respond appropriately to fraud/suspected fraud
e. Definitions
 Fraud: intentional act involving the use of deception to obtain an unjust or illegal advantage
 Fraud Risk Factors: events/conditions that indicate an incentive or pressure to commit
fraud or provide opportunity to commit fraud
f. Requirements
1. Professional Skepticism
 Auditor shall maintain professional skepticism

 Recognise possibility that mat. misstatement due to fraud could exist in spite of
auditor’s past experience of the honesty + integrity of entity’s management
 Unless reason to believe contrary, Auditor can accept docs + records as genuine (if not,
investigate further)
 Where responses to inquiries = inconsistent – Auditor investigate inconsistencies
4
2. Discussion among Engagement Team
 Discussion places emphasis on how + where entity’s FS may be susceptible to mat.

misstatement due to fraud, incl. how fraud might occur
 Discussion occurs setting aside beliefs that management are honest + have integrity
 Audit procedures to respond to susceptibility due to fraud
 Risk of management override of internal controls
 Allegations of fraud
3. Risk Assessment Procedures & Related Activities
Management & Others within the Entity
 Auditor shall make inquiries of management (M) regarding:

 M’s assessment of risk that FS may be mat. misstated due to fraud
 M’s process for ID + responding to risks of fraud
 M’s communication to those charged with gov. iro process for ID + responding to risks of
fraud
 M’s communication to ‘ees iro views on business practices & ethical behavior
 Auditor make inquiries of M & others within entity to determine if they have
knowledge of actual/suspected fraud in entity
 Auditor make inquiries of internal audit function to det. if have knowledge of
actual/suspected fraud
Those charged with Governance
 Obtain understanding of how those charged with gov. exercise oversight of M’s
processes for ID + responding to risks of fraud
 Make inquiries to det. if have knowledge of actual/suspected fraud
Unusual or Unexpected Relationships Identified
 Evaluate whether indicates risks of mat. misstatement due to fraud
g. 3 Conditions present for Fraud
1. Opportunity to commit fraud

2. Motivation: incentive or pressure to commit fraud
3. Rationalization: attitude/rationalization to justify fraud
ISA 250: COMPLIANCE WITH LAWS & REGULATIONS Read A1 – A12
a. Scope
5
Auditor’s responsibility to consider laws & regulations in an audit.
b. Effect of Laws & Regulations
 Some laws or regulations (L or R) have direct effect on FS because they determine

the reported amounts + disclosures
 Other L or R are to be complied with by M or set provisions under which entity allowed to
conduct business but don’t have direct effect on FS
 Non-compliance result in fines, litigation or other conseq. for entity that have material effect
on FS
c. Responsibility for Compliance with Laws & Regulations
 It is responsibility of M with oversight of those charged with gov.to ensure operations

conducted ito laws + regulations
Responsibility of Auditor
 ISAs assist Auditor to ID material misstatement due to non-compliance

 Auditor not responsible for preventing non-compliance + cannot be expected to detect
 In conducting audit, takes into consid. applicable legal + regulatory framework
 Effects of limitations in detecting material misstatement in context of laws + regulations are
greater due to:
o Many laws + reg. relate to operating aspects + don’t affect FS
o Non-compliance may involve conduct designed to conceal it (collusion; forgery etc.)
o Whether act constitutes non-compliance is a matter for determination by a court of law
 ISA distinguishes Auditors responsibilities iro compliance with 2 categories of Laws &
Regulations(L & R):
o Provisions of L & R with a direct effect on material amts + disclosures in FS e.g. tax
 Auditor’s Responsibility: obtain sufficient approp. audit evidence
regarding compliance with provisions of these L&R
o Other L & R do not have direct effect on amts + disclosures in FS but are
fundamental to operating aspects + entity’s ability to continue business/avoid
penalties
 Auditor’s Responsibility: limited to undertaking specified audit procedures to
help ID non-compliance with those that may have material effect on FS
d. Objectives of Auditor
 Obtain sufficient approp. audit evidence iro compliance with L&R recognised to have direct
effect on determination of material amts + disclosures
 Perform specified audit procedures to help ID non-complaince with other L&R that may
have mat. effect on FS
 Respond approp. to non-compliance
6
e. Definition
 Non-Compliance: acts of omission or commission by entity, either intentional or

unintentional, contrary to prevailing L or R (does not include personal misconduct by M,
‘ees or those charged with gov.)
f. Requirements
Auditor’s Consideration of Compliance with Laws & Regulations
As part of obtaining an understanding of entity + environment, Auditor should obtain

general understanding of:
 Legal + regulatory framework applicable to entity

 How entity is complying with framework
Auditor shall perform following audit procedures to ID non-compliance with other laws +
regulations:
 Inquiring of management + those charged with gov.

 Inspecting correspondence with relevant licensing/regulatory authorities
Auditor remain alert to possibility that other audit procedures may bring instances of non-
compliance to auditor’s attention.
Auditor request management to provide written representation that all known instances
of non- compliance (or suspected non-compl.) have been disclosed to auditor.
7
AUDIT STRATEGY
1. ISA 300 Planning an Audit
- In establishing {est.} overall audit strategy, auditor shall:
o Identify characteristics of engage. define its SCOPE
o Ascertain reporting objectives of engage. plan TIMING of audit & NATURE
of communications required
o Consider factors significant in directing engage. team’s efforts DIRECTION
o Consider results of prelim. engage. activities
o Ascertain NATURE, TIMING & EXTENT of resources nec. to perform engage.
 Est. overall audit strategy assists auditor to determine:
* Resources to deploy for specific audit areas (i.e. high risk areas
require appropriately experienced team members)
* Amount of resources to allocate to specific audit areas (i.e. number of
team members; or hours allocated to high risk areas)
* When resources are to be deployed (i.e. at interim; or at cutoff dates)
* How such resources are managed, directed & supervised (i.e. briefing
& debriefing meetings & reviews)
 Once overall audit strategy has been est., audit plan can be developed to
address matters identified in overall audit strategy need to achieve audit
objectives through efficient use of auditor’s resources
 Overall audit strategy & detailed audit plan are inter-related changes in one may
result in changes to the other
 Unexpected events, changes in conditions or audit evidence obtained from audit
procedures may call for modification to overall audit strategy & audit plan
[Read Appendix of ISA 300 for considerations in establishing overall audit strategy]
- Auditor update & change overall audit strategy & audit plan as nec. during course
of audit
2. ISA 220 Quality Control for an Audit

- Assignment of Engagement Team engage. partner satisfied that engage. team &
any experts collectively have appropriate competence & capabilities to:
o Perform audit engage. in accordance with prof. standards & applicable legal
& regulatory requirements
o Enable an auditor’s report that is appropriate to be issued
 Team’s competencies & capabilities:
* Understanding & practical experience with audit engage. of similar nature &
complexity
1
* Understanding of prof. standards & applicable legal & regulatory
requirements
* Technical expertise
* Knowledge of relevant industries
* Ability to apply prof. judgement
* Understanding of firm’s quality control policies & procedures
* Requirement to report to governing body
* Preventing & detecting fraud & corruption
3. ISA 610 Using the work of Internal Auditors

- Many entities est. internal audit function effective communication between
internal & external auditors can create environment in which external auditor can be
informed of significant matters that may affect external auditor’s work
- This is dependent on:
o Whether the organisational status & relevant policies & procedures
adequately support objectivity of internal auditors;
o the level of competency of internal audit function; &
o Whether the function applies a systematic & disciplined approach
4. ISA 620 Using the Work of an Auditor’s Expert

- Auditor’s expert: individual/ organisation possessing expertise in field other than
accounting/ auditing; whose work in that field is used by auditor to assist auditor in
obtaining sufficient appropriate audit evidence
- Expertise: skills, knowledge & experience in a particular field
- Management’s expert: individual/ organisation possessing expertise in field other
than accounting/ auditing; whose work in that field is used by entity to assist entity
in preparing financial statements
- If expertise in field other than accounting auditing is nec. to obtain sufficient

appropriate audit evidence auditor determine whether to use work of auditor’s
expert
- Distinguishing between expertise in accounting/ auditing, and expertise in another
field requires prof. judgement
- Auditor’s expert may be needed to assist auditor in obtaining understanding of
entity & its environment, identifying & assessing risks of material misstatement,
determining responses to assessed risks, designing & performing further audit
procedures & evaluating sufficiency & appropriateness of audit evidence obtained
2
APPLICATION:
When putting together an audit strategy – 4 elements need to be considered:
1. Scope
2. Timing
3. Direction
4. Resources
1. SCOPE → What is it about?
Reporting framework – IFRS?

Industry
Group structure
Locations
Reporting currency
2. TIMING
Audit deadline
Management may require discussions i.e. meeting updates
3. DIRECTION
Materiality
Significant line items
High risk areas/factors
4. RESOURCES → link to first 3 elements
Staff (partners; managers; trainees)

Senior staff needed for experience?
How will work be reviewed?
Use of professional scepticism
Are experts needed?
Budget:
o Cash
o Time
Please refer to Appendix of ISA 300 for considerations in establishing overall audit
strategy!
3
BACKGROUND TO AUDIT &
PRE- ENGAGEMENT
S/O 1 – The audit process:
PHASE 1: Pre-engagement
PHASE 2: Planning
PHASE 3: Further Procedures (Fieldwork)
PHASE 4: Completion and Reporting
S/O 2 – Assertions:
2.1 What the term “Assertions” refers to
Risks of material misstatement at the assertion level for:
classes of txs
account balances
disclosures
must be considered because it directly assists in determining nature, timing + extent of

further audit procedures necessary to obtain sufficient appropriate audit evidence.
2.2 How auditor uses assertions in the audit process
Management makes assertions regarding recognition, measurement, presentation +

disclosure of various elements of financial statements (FS)
This is done to represent that FS are in accordance with applicable fin reporting framework
By ID & assessing risks at assertion level, auditor can conclude that risks relate more
pervasively to FS as a whole & potentially affect many assertions
2.3 Assertions that relate to Txs & Events for the period under review
Occurrence – txs recorded have occurred & pertain to entity

Completeness – all txs that should’ve been recorded have been recorded
Accuracy – amounts + other data relating to recorded txs recorded appropriately
Cutoff – txs recorded in correct accounting period
Classification – recorded in proper accounts
1
2.4 Assertions that relate to Account Balances
Completeness – assets (A), liabilities (L) & equity that should’ve been recorded have been
recorded
Rights & Obligations – entity holds rights to A & L are obligations of the entity
Existence - A, L & equity interests exist
Valuation & Allocation – A, L & equity interests are included in FS @ appropriate amounts +
resulting
valuation adjustments are approp. recorded
2.5 Assertions that relate to Presentation & Disclosure
Occurence & Rights & Obligations – disclosed events, txs + other matters have occurred +
pertain to entity
Completeness – all disclosures that should’ve been included in FS have been included
Classification & Understandability – fin info is approp. presented + described &
disclosures clearly expressed
Accuracy & Valuation – fin + other info disclosed fairly & @ approp. amounts
2.6 – 2.7 Assertions associated with Overstatement vs

Understatement & Direction of Testing
2
S/O 3 – Audit Documentation:
3.1 Nature & Purpose of Audit Documentation
Auditor’s responsibility to prepare audit documentation

Audit doc provides: (2)
o Evidence of auditor’s basis for conclusion
o Evidence that audit planned + performed in accordance with ISAs &
applicable legal + regulatory requirements
Additional purposes: (6)
o Assists engagement team (ET) to plan + perform audit
o Assists members of ET responsible for supervision to direct + supervise audit work
o Enables ET to be accountable for its work
o Retains record of matters of continuing significance to future audits
o Enables the conduct of quality control reviews
o Enables conduct of external inspections
3.2 Objective of preparing Audit Documentation & Terminology
Objective is to prep doc that provides:

o sufficient & approp. record of basis for auditor’s report
o evidence that audit planned + performed in accordance with ISAs & applic. legal +
regulatory req.
Terminology:
o Audit doc (working papers): record of audit procedures performed, audit evidence
obtained & conclusions reached
o Audit file: 1+ folders/other storage media (physical/electronic form) containing audit
doc for a specific engagement
o Experienced auditor: individual who has practical audit experience &
reasonable understanding of audit processes, ISAs, legal + regul. req,
business environment etc.
3.3 Requirements for Audit Documentation
ISQC 1
Law/regulation may prescribe time limit in which assembly of final engagement

files to be completed – if not prescribed, firm determines (not >60 days after
auditor’s report)
Ethical requirements establish obligation to maintain confidentiality of info unless

specific client authority given OR legal/professional duty to do so
3
Integrity, accessibility or retrievability of data may not be compromised by alteration,
additions or deletions without firm’s knowledge – Controls to avoid unauthorized alteration
or loss:
o Enable determination of when + by whom doc created, changed or reviewed
o Protect integrity at all stages
o Prevent unauth. changes + allow access to docs by ET & other auth. parties only
Controls to maintain confidentiality, safe custody, integrity, accessibility + retrievability:

o Password to restrict access to docs
o Back-up routines for electronic docs
o Procedures for distributing, processing + collating docs
o Procedures for restricting access to, confidential storage of hardcopies
Need for/period of retention varies with nature of engagement & also depends
on local law/regulation or generally accepted retention periods in jurisdiction
o Retention period for audit engagements ordinarily not shorter than 5 years from
date of Auditor’s report
o Still able to retrieve + access docs during retention period; provide record of
changes made after files completed; enable auth. parties to access + review
Engagement doc = property of the firm
ISA 220
Auditor shall include in audit doc:

o Issues i.r.o compliance with ethical requirements + how resolved
o Conclusions on compliance with independence req.
o Conclusions ito acceptance + continuance of client relationships
o Nature & scope of consultations undertaken (as well as conclusions resulting from)
Engagement Quality Control Reviewer shall document that:

o Procedures req for quality control review have been performed
o Review completed on/before date of Auditor’s Report
o Reviewer not aware of unresolved matters
ISA 230 Read A1 – A24
1. Timely Preparation
Auditor prepare audit doc on a timely basis
2. Documentation of Audit Procedures Performed & Audit Evidence Obtained
Prep audit doc that is sufficient to enable an experienced auditor (no prev connection with
audit) to understand:
4
o Nature, timing + extent of audit procedures comply with ISAs & applic. legal/reg. req.
o Results of procedures & audit evidence obtained
o Significant matters, conclusions reached + professional judgments made
In documenting nature, timing + extent of procedures, auditor shall record:

o Characteristics of items/matters tested
o Who performed audit work + date work completed
o Who reviewed + date of review
Auditor shall document discussions of significant matters (nature, when, with whom)
If auditor deems necessary to depart from req in ISA, auditor shall document how
alternative procedure achieves aim of req + reasons for departure
If new/additional procedures performed or draws new conclusions after auditor’s report,

auditor shall document:
o Circumstances
o New/additional procedures, audit evidence obtained, conclusions reached
o When + by whom changes made +
reviewed 3. Assembly of Final Audit File
Auditor shall assemble audit doc in an audit file on a timely basis after auditor’s report
After assembly of final audit file complete, auditor shall NOT delete/discard any audit doc
before end of retention period
If finds it necessary to modify existing docs/add new docs after assembly of final audit file,
auditor shall document:
o Reasons for making them
o When + by whom made & reviewed
S/O 4 – Substantive Procedures & Tests of Control:
4.1 Difference between Substantive Procedures & Tests of Control
Substantive Procedure: audit procedure designed to detect material misstatements at

assertion level + comprises
o Tests of details (of classes of txs, account balances & disclosures)
o Substantive Analytical Procedures
Tests of controls: audit procedure designed to evaluate the operating effectiveness of

controls in preventing, or detecting and correcting material misstatements at the
assertion level
5
Procedures to carry these out:
o Inspection: examining records/docs or physical examination of assets
o Observation: looking at a process/procedure/control activities being performed by others
o External confirmation: obtaining direct written response from 3 rd party
o Recalculation: checking manually/electronically mathematical accuracy
o Reperformance: auditor’s independent execution of procedures/controls
originally performed by entity
o Analytical procedures: evaluating fin info by analyzing relationships bet. fin + non-fin info
o Inquiry: seeking info from knowledgeable persons within/outside entity
Why are Substantive Procedures performed?

o Seek to provide evidence to support the FS assertions
Why are TOC performed?

o To obtain evidence of whether
 Controls are suitably designed to prevent or detect & correct
material misstatements AND
 These controls operated effectively throughout the period being audited
S/O 5 – Pre-engagement activities:
1.Client Considerations 4. DECISION! 2.Auditors Considerations

1. Legal Vacancy 1. Ethical Values
 Co. Act s90 – s94  CPC : 5 steps

 APA s45 (Reportable Irregularity) o Issue
o Fundamental Principle
2. Client Integrity o Threat
o Significance
 ISQC 1, par 26(c) o Safeguard
3. Financial Situation 2. Knowledge, resources & timing
 Audit fees  ISA 220: specific

 Can they afford?  ISQC 1: firm
 Industry performance  Industry usually operate in; size of
 Going Concern firm; year-ends (timing)
3. Terms of Engagement (Letter)
ISA 210
6
5.1 Legal Requirements for Acceptance/Retention of Engagements
Companies Act
s90: Appointment of Auditor
 Upon incorporation & each year at AGM, a public co. or state-owned co. must appoint an auditor
 If doesn’t appoint when registers incorporation, directors appoint first auditor within 40
business days after incorporation
 1st auditor holds office until conclusion of 1st AGM of co.
 To be appointed as auditor, person/firm
o must be a registered auditor
o must not be:
 director/PO of co.
 ‘ee or consultant of co. engaged in maintenance of co.’s fin records/FS for > 1 yr
 director, officer or ‘ee of person appointed as co. secretary
 person who regularly performs duties of accountant/bookkeeper or
performs related secretarial work for co.
 person who at any time in preceding 5 yrs was any of above
 person related to above
o must be acceptable to co.’s audit committee as independent
 Retiring auditor may be automatically reappointed at an AGM without passing resolution unless:
o retiring auditor
 no longer qualified for appointment
 not willing to accept appointment
 required to cease due to rotation (s92)
o audit committee objects reappointment
o co. has notice of intended resolution to appoint some other person
s91: Resignation of Auditors & Vacancies
 Resignation effective when noticed filed

 If vacancy arises, board must appoint new auditor within 40 business days
 Before making appointment
o board propose to audit com in 15 bus. days after vacancy, name of 1 reg.
auditor to be considered
o may proceed to make appointment of proposed person if, within 5 bus. days after
proposal, audit com doesn’t reject proposal in writing
s92: Rotation of auditors
 Same person can’t serve as auditor for >5 consecutive fin yrs
 If individual served as auditor for 2+ consec. yrs then ceases to be auditor, individual
may not be appointed again until expiry of at least another 2 fin yrs
7
s93: Rights & restricted functions of auditors
 Auditor
o has right of access at all times to accounting records, books + docs of co.& can
require from directors/POs info/explanations to perform their duties
o of holding co., has right of access to current + former FS of any subsid. & can
require from directors/POs (of holding or subsid.) info/explanations to perform
duties
o entitled to attend any s/h meeting, receive notices/communications iro s/h meeting
& be heard at s/h meeting wrt any part that concerns auditor’s duties/functions
 Auditor can apply to court for order to enforce above rights & court can
o make any order that is just + reasonable
o make order of costs personally against directors/POs
 Appointed auditor may not perform any services for co. that would place in conflict of interest
s94: Audit committees
 At AGM, public co., state-owned co. or other that is req by MOI to have audit com must
elect one comprising at least 3 members (unless co. is a subsid. & audit com of holding
co. will perform fuctions)
 First members appointed by incorporators of co. OR board within 40 bus. days after incorp.
 Each member must

o be a director of co.
o not be
 involved in day-to-day management
 a PO or full time ‘ee of co/related co. (even if during prior three yrs)
 a material supplier/customer of co.
o not be related to any of above
 Duties: see ss(7)

o nominate for appointment the auditor
o determine fees to be paid to auditor + terms of engagement
o ensure appointment complies with Act + other legis.
o determine nature + extent of non-audit services
o approve proposed agreement for non-audit services
o prep report iro functions, satisfaction at independence of auditors, comments on FS
8
 Considering whether RA is independent, audit com must:
o ascertain that auditor doesn’t receive any direct/indirect remuneration or other
benefit from co. except as auditor or for other services rendered (permitted)
o consider if indep. prejudiced by previous appointment as auditor or
advisory work undertaken by auditor for co.
Auditing Professions Act
s37: Registration of individuals as registered auditors
s38: Registration of firms as registered auditors
s39: Termination of registration
s40: Renewal of registration & re-
registration s41: Registered auditor in
public practice s42: Compliance with
rules
s43: Information to be furnished
s44: Duties in relation to audit
s45: Duty to report on irregularities
s46: Limitation of liability
5.2 Procedures/Requirements for Acceptance/Retention of Engagements
Framework
 Practitioner accepts assurance engagement only where:

o Relevant ethical requirements will be satisfied
o Engagement exhibits following characteristics:
 Subject matter is appropriate
 Criteria used are suitable
 Practitioner has access to sufficient & appropriate evidence
 Conclusion is contained within written report
 Practitioner satisfied that there is a rational purpose for the
engagement (if significantly limited scope – no rational purpose)
 If engagement cannot be accepted (because doesn’t exhibit characteristics mentioned),

engaging party may ID a different engagement that will meet needs of users
9
(consulting/agreed-upon procedures engagement; assurance engagement for only an
aspect of original subject matter)
 Once accepted, practitioner may not change engagement to a non-assurance
engagement, or from reasonable assurance engagement to limited assurance
engagement without reasonable justification.
ISQC 1
 Policies & procedures (P&P) designed to provide reasonable assurance that firm will only
undertake/ continue relationships where the firm:
o Is competent to perform engagement & has capabilities (incl. time + resources)
o Can comply with ethical requirements
o Has considered the integrity of client
Competence, Capabilities & Resources
 Firm personnel have knowledge of relevant industries/subject matters

 Firm personnel have experience with relevant regulatory or reporting req OR ability
to gain necessary skills
 Firm has sufficient personnel with necessary competency & capabilities
 Experts are available (if needed)
 Individuals who meet criteria + eligibility req to perform engagement quality control
review are avail.
 Firm able to complete engagement within the reporting deadline
Ethical Requirements
 SAICA Code of Professional Conduct (ODT 200)
Integrity of Client
 Identity + business reputation of client’s principal owners + management

 Nature of client’s operations
 Info iro attitude of client’s owners & management to matters like aggressive
interpretation of accounting standards + internal control environment
 Whether client aggressively concerned with maintaining firm’s fees as low as possible
 Indications of inappropriate limitation on scope of work
 Indications of client involvement in money laundering/other criminal activities
 Reasons for proposed appointment of firm + non-reappointment of previous firm
 ID + bus rep of related parties
 These P&P require:

o Firm to obtain info as it considers necessary before accepting/continuing
10
 Sources of info: communication with existing/previous providers of
professional accountancy services; inquiry of other firm personnel/3 rd
parties e.g. bankers, legal counsel; background searches of relevant
databases
o If potential conflict of interest identified, firm must determine if appropriate to accept
o If issues identified + firm decides to accept, firm must document how issues resolved
 Firm must establish P&P (on continuing client relationship) addressing circumstances
where firm obtains info that would have caused to decline engagement had info been
available earlier (P&P incl. professional + legal responsibilities & possibility of
withdrawing)
Withdrawal
 Discuss with appropriate level of client’s management the appropriate action the firm should take
 If firm determines that withdrawal is appropriate, discuss with appropriate level of
client’s management the decision + reasons
 Determine if there is a professional, legal or regulatory req for firm to remain in place or to
report withdrawal
 Documenting significant matters, consultations, conclusions (and basis for conclusions)
ISA 220
Acceptance & Continuance
 Engagement partner (E-partner) shall be satisfied that appropriate procedures iro

acceptance & continuance of client relationships + audit engagements have been
followed + conclusions are appropriate
 If E-partner obtains info that would have caused firm to decline acceptance of client had
obtained info earlier, must communicate info to firm so that can take necessary action
 Info that assists E-partner in determining whether conclusions reached iro
acceptance/continuance are appropriate:
o Integrity of owners, management, those charged with gov
o Engagement team (E-team)competent to perform audit + necessary
capabilities, time + resources
o Whether firm + E-team can comply with ethical req
o Significant matters
Assignment of Engagement
Teams
 E-partner must be satisfied that engagement team + any experts (not part of team),
collectively have appropriate competence & capabilities to perform engagement + enable
appropriate auditor’s report
11
 E-team includes a person using expertise in specialized area of accounting/auditing –
however, not a member of E-team if involvement is only consultations.
 When considering competence + capabilities of E-team, E-partner considers team’s:
o Understanding of/practical experience with engagements similar in nature & complexity
o Understanding of professional standards + legal & regulatory req
o Technical expertise
o Knowledge of relevant industries in which client operates
o Ability to apply professional judgment
o Understanding of firm’s quality control P&P
ISA 300
Preliminary Engagement Activities
 Perform procedures required by ISA 220: assists auditor to ID events/circumstances

that may adversely affect ability to plan + perform audit
 Evaluate compliance with ethical req ito ISA 220: enables to maintain necessary
independence; no issues with management integrity;
 Establish understanding of terms of engagement ito ISA 210: no misunderstanding as to
terms of engagement
SAICA Code of Professional Conduct
ODT 200 work
5.3 Auditor’s Knowledge, Competence, Time, Resources & Ethical Requirements
ISA 220
Leadership Responsibilities for Quality on Audits
 E-partner take responsibility for overall quality – his actions + messages to

members must emphasise:
o Importance to audit quality of
 performing work that complies with professional stds, legal + regulatory req
 complying with firm’s quality control P&P
 Issuing auditor’s reports that are appropriate
12
 E-team’s ability to raise concerns without fear of reprisals
o Fact that quality is NB in performing audit engagements
Relevant Ethical Requirements
 E-partner remain alert (throughout audit) for evidence of non-compliance by E-team members
 Members no comply – E-partner in consultation with firm determine appropriate action
 Independence: E-partner form conclusion on compliance with indep req
o Obtain info to ID + evaluate circumstance & relationships that create threats
o Evaluate info on identified breaches
o Take action to eliminate threats/reduce them to acceptable level (using
safeguards) OR withdraw from engagement
SAICA CPC & IRBA CPC
ODT 200 work
5.4 Auditor’s Responsibilities in agreeing Terms of Audit Engagement with Management
ISA 210
Before acceptance/continuance – basis upon which audit to be performed must be agreed through:
 Establishing whether preconditions for audit are present

 Confirming that there’s common understanding bet. auditor &
management Preconditions
Use by management of acceptable financial reporting framework in preparation of FS +

agreement by management to premise on which audit conducted.
 In order to establish if preconditions present, auditor shall:

o Determine if fin rep framework = acceptable
o Obtain management agreement that it acknowledges + understands its responsibility:
 For prep of FS ito applicable fin rep framework
 For internal control determined necessary to enable prep of FS free from
material misstatement
 To provide auditor with
 access to all info relevant to prep of FS
 additional info auditor may request
 unrestricted access to persons within entity from whom necessary to
obtain audit evidence
Limitation on Scope prior to Acceptance
13
 If management imposes a limitation on scope of work such that auditor believes it will
result in auditor disclaiming an opinion on FS, auditor shall not accept such
engagement
Other factors
 If preconditions not present – auditor shall discuss with management & unless required
by law or regulation, shall not accept engagement:
o If fin rep framework is unacceptable
o If agreement not obtained ito
preconditions Agreement on Audit Engagement
Terms
 Agreed terms of engagement recorded in audit engagement letter & shall include:
o Objective & scope of audit
o Responsibilities of auditor
o Responsibilities of management
o Identification of fin rep framework
o Reference to expected form & content of any reports to be issued by
auditor Recurring Audits
 On recurring audits, auditor assess whether circumstances require terms of

engagement to be revised or whether there’s a need to remind the entity of existing
terms
Acceptance of Change in Terms of Audit Engagement
 Auditor not agree to change in terms where there is no reasonable justification

 If request to change engagement to one that conveys lower level of assurance – Auditor
determine if reasonable justification
 If terms changed, auditor & management agree on + record new terms
 If auditor unable to agree to change + not permitted by management to continue
original audit, auditor shall:
o Withdraw from engagement where possible
o Determine if any obligation to report circumstances to other
parties Additional Considerations in Engagement Acceptance
 If fin rep framework supplemented by law or regulation, auditor determine if any conflicts
between fin rep stds & additional req. If so – discuss with management and agree whether:
o Additional req can be met through additional disclosures
o Fin rep framework can be amended
If neither possible, determine whether necessary to amend auditor’s opinion.
14
ENGAGEMENT LETTER (acknowledged
by client) Objective + Scope:
 Audit FS: Income Statement, Balance Sheet etc.

 Confirm Acceptance
 Objective: Opinion on AFS
Responsibilities of Auditor:
 Conduct audit ito ISA, ethical requirements

 Involves: procedures to obtain evidence
 Limitations
 Internal Controls
Responsibilities of Management:
 Applicable fin rep framework i.e. IFRS

 Internal Controls enabling prep of FS
 Access to: info, management, persons
Other relevant info
 Fees (billing)
Reporting
 Form & content
15
OVERALL PERFORMANCE &
MATERIALITY
Auditor’s responsibility to apply concept of materiality in planning and performing an audit.
Materiality in the Context of an Audit:
What is materiality?
Misstatements (incl. omissions) are considered material if individually/in aggregate influence

economic decisions of users taken on basis of FS.
Why do we use materiality?
Overall objective of auditor is to:
 Obtain reasonable assurance about whether FS free from material misstatement,

whether due to fraud or error
 Express opinion on whether FS prepared in accordance with applicable fin rep framework
Auditor obtains reasonable assurance by gathering audit evidence to reduce audit risk
(function of risks of material misstatement & detection risk) which is risk that auditor expresses
inappropriate opinion when FS materially misstated, THUS, to assist in preventing this:
Read & Understand
 Levels of materiality are set (:.benchmark for assessment)

 To indicate whether or not misstatements are material or immaterial
To determine the items that will be tested when performing substantive procedures
 And whether further audit procedures are required
What influences materiality?
 Materiality affected by size or nature of a misstatement (or both) [or circumstance]

 Judgements about matters that are material to users of FS based on common financial
info needs of users as a group
 Auditor’s determination of materiality is a matter of professional judgement
o Professional Judgement: Application of relevant training, knowledge & experience within

context provided by auditing, accounting & ethical stds, in making informed decisions about
courses of action that are appropriate in the circumstances of the audit engagement
1
 Auditor’s perception of what is important to users – auditor can assume that users:
o Have reasonable knowledge of business, economic activities & accounting
o Understand that FS prepared, presented + audited to levels of materiality
o Recognise uncertainties inherent in measurement of amts based on estimates,
judgment + future events
o Make reasonable economic decisions
Where do we use the materiality figure?
 Determine the nature, timing & extent of RAPS (risk assessment procedures)
 ID & assessing risks of material misstatement
 Determine nature, timing & extent of further audit procedures
What is performance materiality?
 Amt(s) set by auditor at less than materiality for FS as a whole, to reduce to appropriately
low level probability that aggregate of uncorrected & undetected misstatements exceeds
materiality for FS as a whole.
 Amt(s) set by auditor at less than materiality level(s) for particular classes of txs, account
balances or disclosures
 Ensures that the aggregate of individually immaterial misstatements don’t cause FS to be
materially misstated.
2. Determining Overall Materiality & Performance Materiality: ISA 320
Requirements
 Determine overall materiality for FS as a whole

 Determine performance materiality for:
o 1+ classes of txs, account balances or disclosures
o For which misstatements of lesser amts than overall materiality for FS as a whole
could be expected to influence economic decisions of users
 Indications of existence of above: law, regulation or fin rep framework
affect user expectations concerning measurement/disclosure of items; key
disclosures in industry; attention focused on particular aspect of entity’s
business
How do I determine the materiality figure?
1. Use Professional judgment

2. Select Relevant financial information/data
2
 Prior year’s fin results & fin position (If entity prepared these, then use this!
UNLESS something significant changed in operations.)
 Period-to-date/current year’s fin results & fin position
 Budgets & forecasts for current period (adjusted for relevant changes of
conditions in industry/economic environment)
Income or Asset figures used?
 Depends on what entity uses to

3. Calculate a % of a benchmark measure performance :.
 Factors that affect ID of benchmark: income-based or asset-based
i. Elements of FS (Assets, liabilities, equity) (major investment in assets?)
ii. Items in FS that users will focus on  Is focus on turnover?
iii. Nature of entity, where in life cycle, industry & economic environment in
which entity operates
 Owner-managed? Then focus
iv. Ownership structure & way entity is financed
more likely on profit.
 Examples of benchmarks:  Shareholders? Then focus more
i. Turnover likely on capital growth.
ii. Gross profit
iii. Profit before tax
iv. Total expenses
v. Total equity/Total assets
vi. Net Asset Value
 Stable benchmarks are preferred to fluctuating benchmarks
 % used:
i. Turnover: 0.5% - 1%
ii. Gross Profit: 1% - 2%
iii. Net income before tax: 5% - 10%
iv. Total Assets: 1% - 2%
v. Net Assets: 2% - 4%
vi. Equity: 2% - 5%
 Top or Bottom of Range?
i. HIGHER RISK of material misstatement: Bottom of range
- Increase extent of testing :. more work
- Decrease detection risk
ii. LOWER RISK of material misstatement: Top of range
- Decrease extent of testing :. less work
- Increase detection risk
Revision
 Overall materiality & performance materiality should be revised in event auditor becomes
aware of info that would’ve caused him to determine a different amt initially.
RESPONSE TO ASSESSED
RISKS
THEORY
1. Auditor’s Responses To Assessed RoMM @ FS Level
Auditor design & implement overall responses to address assessed RoMM @ FS level
- Emphasising to engage. team need to maintain professional scepticism

- Assign more experienced staff/ those with special skills/ use experts
- Provide more supervision
- Incorporate additional elements of unpredictability in selection of further
audit procedures
- Make general changes to nature, timing or extent of audit procedures
Assessment to RoMM & auditor’s overall responses affected by auditor’s

understanding of control environment
- Effective control environment more confidence in internal control & reliability of

audit evidence generated internally, can conduct some audit procedures @
interim date rather than @ period end
- Deficiencies in control environment need to conduct more audit procedures @
period end (rather than at interim date), obtain more extensive audit evidence
from substantive procedures, increase no. of locations to be incl. in audit scope
Consideration of above has significant effect on general approach (substantive approach/

combined approach)
2. Nature, Timing & Extent Of Planned Further Audit Procedures @ Assertion Level
Definitions:
- Substantive procedures: audit procedure designed to detect material
misstatements @ assertion level, comprises of:
o Tests of details (of classes of transactions, account balances &
disclosures)
o Substantive analytical procedures
- Tests of controls: audit procedure designed to evaluate operating effectiveness
of controls in preventing/ detecting & correcting material misstatements @
assertion level
1
- Nature: purpose (tests of controls/ substantive procedure) & type
(inspection, observation, inquiry, confirmation, recalculation, re-
performance, or analytical procedure)
- Timing: when it is performed or period/ date to which audit evidence applies (if
high risk
perform nearer to end)
- Extent: quantity to be performed (e.g.: sample size or no. of observations) (
o determined after considering materiality, assessed risk, degree of
assurance auditor wants
o increases as RoMM increases
Auditor design & perform further audit procedures – nature, timing & extent based on
& are responsive to assessed RoMM @ assertion level
Designing further audit procedures:
- Consider reason for assessment given to RoMM

o Likelihood of material misstatement particular characteristics of
relevant class of transactions/ account balance / disclosure
o Whether risk assessment takes account of relevant controls (are
controls operating effectively?)
- Obtain more persuasive audit evidence the higher the auditor’s assessment of
risk
Test of controls
- To obtain sufficient appropriate audit evidence as to operating effectiveness of

relevant controls if:
o Auditor intends to rely on operating effectiveness of controls in
determining nature, timing & extent of substantive procedures or
o Substantive procedures alone cannot provide sufficient appropriate
evidence
- Auditor shall obtain more persuasive audit evidence the greater the
reliance on effectiveness of control
- Tests of controls are performed only on those controls that are designed to
prevent/ detect & correct a material misstatement
Nature & Extent of Tests of Controls
- Inquire/ observe/ inspect to obtain audit evidence about operating

effectiveness of controls, incl.:
2
o How controls were applied
o Consistency with which they were applied
o By whom/ by what means they were applied
o to be tested depend upon other controls
- Purpose of test influences type of procedure required to obtain audit
evidence about operating effectiveness of control
- Inherent consistency of IT processing not necessary to increase extent of
testing automated control (automated control can be expected to function
consistently unless the program is changed)
Timing of Tests of Controls
- Test controls for particular time/ throughout period

- Audit evidence obtained during interim period:
o Obtain audit evidence about significant changes to controls
subsequent to interim period
o Determine additional audit evidence to be obtained for remaining period
- Audit evidence obtained in previous audits
o Is it appropriate to use?
o Determine length of time period that may elapse before retesting a
control
o In determining whether it is appropriate, auditor must consider:
 Effectiveness of other elements of internal control
 Risks arising from characteristics of control (manual/ automated)
 Effectiveness of general IT controls
 Effectiveness of control & its application (incl. nature &
extent of deviations; personnel changes)
 Whether lack of change in particular control poses a risk due to
changing circumstances
 RoMM & extent of reliance on control
o Inquire, observe or inspect to determine whether changes to
controls have occurred subsequent to previous audit
 Changes tests controls in current audit
 No changes test controls at least 1x in every 3rd audit & test
some controls each audit
3
Controls over significant risks
- If going to rely on controls over risk that is significant risk test those
controls in current period
Evaluating Operating Effectiveness of Controls
- Evaluate whether misstatements that have been detected by substantive

procedures indicate that controls are not operating effectively
- If deviations from controls are detected auditor make specific inquiries to
understand these matters & potential consequences, & determine whether:
o Tests of controls that have been performed provide appropriate
basis for reliance on controls
o Additional tests of controls are necessary or
o Potential risks of misstatement need to be addressed using
substantive procedures
Substantive Procedures
- Auditor design & perform substantive procedures for each material class of
transactions, account balance & disclosure (based on auditor’s judgement
subjective)
- Auditor consider whether external confirmation procedures are to be
performed
o Bank balances
o Accounts receivable balances & terms
o Inventories held by 3rd parties @ bonded warehouses for
processing or on consignment
o Property title deeds held by lawyers/ financiers for safe custody or as
security
o Amounts due to lender (incl. relevant terms of repayment)
o Accounts payable balances & terms
Substantive procedures related to FS closing process
- Agreeing & reconciling FS with underlying accounting records &

- Examining material journal entries & other adjustments
4
Substantive procedures responsive to significant risks
- If RoMM @ assertion level is significant perform substantive procedures

specifically responsive to that risk
Timing of Substantive Procedures
- If performed @ interim date, auditor cover remaining period by performing

o Substantive procedures, combined with tests of controls
o If determines that it is sufficient, further audit procedures only
That provide reasonable basis for extending audit conclusion from interim
date to period end
- If misstatements that auditor did not expect are detected @ interim date
evaluate whether related assessment of risk & planned nature, timing & extent
of substantive procedures covering remaining period need to be modified
Adequacy of Presentation & Disclosure
- Perform audit procedures to evaluate whether overall presentation of FS, incl.

related disclosures, is in accordance with applicable fin. reporting framework
Evaluating sufficiency & appropriateness of audit evidence
- Based on audit procedures performed & audit evidence obtained auditor

evaluate (before conclusion of audit) whether assessments of RoMM @
assertion level remain appropriate
- Conclude whether sufficient appropriate audit evidence has been obtained
- If not obtained sufficient appropriate audit evidence auditor obtain further
audit evidence
Documentation
- Include in audit documentation:

o Overall responses to address the assessed RoMM @ FS level incl.
nature, timing & extent of further audit procedures performed
o Linkage of those procedures with the assessed risks @ assertion level
o Results of audit procedures incl. the conclusions
5
- If auditor plans to use audit evidence about operating effectiveness of controls
obtained in previous audits incl. in doc. the conclusions reached about relying
on such controls
- Doc. shall demonstrate that FS agree/ reconcile with underlying accounting
records
3. Audit Procedures – Non-Compliance With Laws & Regulations
Auditor becomes aware of info concerning instance/ suspected instance of non-

compliance with laws & regulations (fines, penalties, unusual transactions, unauthorised
transactions, etc.), auditor must obtain:
- Understanding of nature of act & circumstances in which it has occurred &

- Further info to evaluate possible effect on FS
Auditor discuss matter with management, if management does not provide sufficient
info that supports entity’s compliance auditor must consider need to obtain legal advice
- If sufficient info cannot be obtained auditor must evaluate effect of lack of

sufficient appropriate audit evidence on auditor’s opinion
- Withdrawal from engagement may be considered
4. Responses To Assessed RoMM Due To Fraud
Overall Responses
- Assign & supervise personnel taking account of knowledge, skill & ability of
individuals
given significant engagement responsibilities
- Evaluate selection & application of accounting policies by entity
- Incorporate element of unpredictability in selection of nature, timing & extent
of audit procedures
Auditor design & perform further audit procedures responsive to assessed RoMM due to
fraud @ assertion level
Audit Procedures Responsive to Risks Related to Management Override of Controls
- Management in unique position to perpetuate fraud able to manipulate

records & prepare fraudulent FS by overriding controls
Auditor design & perform audit procedures to:
6
- Test appropriateness of journal entries recorded in GL & other adjustments
made in preparation of FS
- Review accounting estimates for biases evaluate judgements & decisions
made by management in making accounting estimates
- Significant transactions that are outside normal course of business
evaluate whether business rationale of the transaction suggests that they may
have been entered into to engage in fraudulent fin. reporting/ conceal
misappropriation of assets
PRACTICAL
Start with the risk assessment:
- Inherent risk: start @ low there is a low risk that FS are materially misstated
due to fraud/ error/ going concern principle/ non-compliance to laws &
regulations as you identify risk, you increase the risk
- Control risk: start @ high there is a high risk that the entity does not have
controls/ controls did not operate effectively as you identify controls, you
decrease the risk
- If inherent risk is high & control risk is high then detection risk must be low to =
acceptable audit risk to get this @ FS level:
o Emphasise – maintain professional scepticism
o Assign more experienced staff/ with special skills/ experts
o Provide more supervision
o Incorporate elements of unpredictability in selection of procedures
o Make general changes to nature, timing & extent of audit procedures
 Increase sample sizes
 Decrease materiality levels
 Perform more procedures @ year end & thereafter as opposed to
during the year @ interim date
o More corroborating evidence on explanations & less reliance on
management representation
o Evaluate selection & application of accounting policies
o When control environment not effective:
7
 More procedures @ year end
 More extensive evidence from substantive procedures
 Increase number of locations to visit
- Response @ assertion level:
o Risk assessment per assertion per line item (NB must make a direct
link btwn assessed risk for line item & response)
 Inherent risk recording & accounting standards
 Control risk internal control & control activities
o NATURE: explain why you chose specific approach → combined
approach or substantive approach
 Refer to PURPOSE (TOC/ SP) & TYPE (Inspection,
observation, enquiry, confirmation, recalculation, re-
performance, analytical procedure)
o EXTENT
 Refer to QUANTITY (sample sizes & no. of tests)
 More reliance = more controls present = more testing for
effectiveness
o TIMING
 Refer to WHEN to perform procedures & PERIOD/ DATE
under audit review
 Interim/ just before year end/ @ year end/ after year end/ entire
period/ specific date
8
RISK ASSESSMENT
THEORY
1. TERMINOLOGY
Assurance Engagement:
Engagement in which practitioner expresses conclusion to enhance degree of confidence of

intended users about outcome of evaluation/measurement of subject matter against criteria.
Audit Risk:
Risk that auditor expresses inappropriate audit opinion when FS are mat. misstated
Function of risks of mat. misstatement (ROMM) & detection risk
Assessment of risk is based on audit procedures & evidence obtained
Detection Risk:
Risk that procedures performed to reduce audit risk to acceptably low level won’t
detect a misstatement that exists that could be material (individually or when
aggregated with others)
Level of detection risk bears inverse relationship to ROMM i.e. the greater ROMM,
the less detection risk that can be accepted :. more persuasive audit evidence is
required
Can only be reduced, not eliminated
Relates to effectiveness of audit procedures – the following enhance effectiveness:
o adequate planning
o proper assignment of personnel to engagement team
o application of professional skepticism
o supervision + review of audit work performed
Risk of Material Misstatement (ROMM):
Risk that FS materially misstated prior to audit

Two components:
o Inherent Risk: susceptibility of assertion (about class of tx, acc balance or disclosure) to a
misstatement (that could be material), before consideration of related controls
exist indep. of audit!
Entity’s risks that
 Higher for complex calculations or amts where significant estimation used

o Control Risk: risk that a misstatement that could occur in an assertion (tx, acc
bal or disclosure) will not be prevented, or detected and corrected, on timely
basis by entity’s internal control
 Function of effectiveness of design, implementation & maintenance of int.
ctrl by management
 Int. ctrl can only reduce not eliminate ROMM due to inherent limitations
Exists at two levels:
1
o Overall FS level: ROMM that relates pervasively to FS as a whole + potentially
affects many assertions
o Assertion level: assessed to det. nature, timing & extent of further audit
procedures necessary to obtain sufficient appropriate audit evidence
Assertions:
Representations by management, explicit or otherwise, that are embodied in FS, as used

by auditor to consider diff. types of potential misstatements that may occur.
Business Risk:
Risk resulting from significant conditions, events, circumstances, actions or inactions

that could adversely affect entity’s ability to achieve its objectives and execute its
strategies
Risk Assessment Procedures:
Audit procedures performed to obtain an understanding of the entity & it’s

environment incl. entity’s internal control, to ID + assess ROMM due to fraud or error
Inherent Limitations of an Audit:
Auditor cannot reduce audit risk to zero :. can’t obtain absolute assurance that FS free
from mat. misstatement due to fraud/error
Unavoidable risk that some mat. misstatements won’t be detected, even though audit is
properly planned & performed in accordance with ISAs
Inherent limitations arise from:
o Nature of fin rep.
o Nature of audit procedures
o Need for audit to be conducted within reasonable period of time at reasonable cost
2. SIGNIFICANT RISK
An identified & assessed ROMM that, in auditor’s judgment, requires special audit consideration
Would require more persuasive audit evidence :. more work
3. MATERIAL
Definition:
A factor is considered material if it might influence the decisions of intended users of FS.
2
Materiality is relevant when determining nature, timing & extent of evidence-gathering proced.
Quantitative & qualitative factors influence materiality e.g. interests of intended users
Risk that auditor

4. AUDIT RISK MODEL
can manage by
det. quantity of
Client related evidence +
risk – auditor procedures.
must ID &
respond by way
of procedures.
Auditor wants
this as low as
possible!
Acceptable Audit Risk (as low as possible) = ROMM x DR

o If ROMM is high then DR must be low (inverse relationship)
o Thus materiality must also be low (lower range)
o Direct relationship between DR and materiality
Reduce DR by:
o Increase quantity of procedures & no. of items that should be tested
5. AUDITOR’S OBJECTIVE WHEN DOING A RISK ASSESSMENT
Identify & assess ROMM

Whether due to fraud or error
At FS & Assertion levels
Through understanding entity & its environment (incl. internal control)
Thereby providing basis for designing + implementing responses to assessed ROMM
3
6. REQUIREMENTS FOR Risk Assessment Procedurces (RAPS) & RELATED ACTIVITIES
a. RAPS & Related Activities
Auditor performs RAPs (General Analytical Proced.) to ID + assess ROMM at FS & Assertion Level:
o Info obtained from RAPs may be used by auditor as audit evidence to support
assessments of ROMM
RAPs include:
1. Inquiries of:
Management
Individuals within Internal Audit Function (with appropriate knowledge, experience + authority)
o Internal Audit (IA) may have findings based on their work e.g. control deficiencies or
risks in entity
o Matters that IA raised with those charged with gov. + outcomes of function’s
own risk assessment process = relevant
Others who may have info likely to assist ID ROMM e.g.
o Those charged with gov. – assist to understand environment in which FS prepared
o Employees who initiate, process/record complex or unusual txs – assist evaluation of acc.
policies
o In-house legal counsel – provide info such as compliance with laws + reg.
o Marketing/sales personnel – info about sales trends, changes to marketing strategies
o Risk management function – info about risks that affect fin reporting
2. Analytical procedures
Ratio analysis and trends

May incl. financial & non-financial info
Assist to ID unusual txs, events, amts, ratios and trends that may indicate matters
with audit implications
If uses data aggregated at a high level, results may only provide broad initial
indication about existence of mat. misstatement
3. Observation & Inspection
May support inquiries

Include observation + inspection of the following:
o Entity’s operations
o Docs, records, internal control manuals
o Reports prepared by management + those charged with gov. (minutes of meetings etc.)
o Entity’s premises & plant facilities
Consider whether able to use info obtained from:

o Client Acceptance/Continuance process
4
o Prior engagements performed for client
by determining whether or not info is still relevant (have significant changes occurred?)
Engagement partner + engagement team members shall discuss susceptibility of FS to mat. misst.:
o Provides opp. for more experienced team members to share insights
o Allows for exchange of info about bus. risks + where FS might be susceptible to mat. misst.
o Assist team members to gain better understanding of potential for mat. misst.
b. ID & Assessing the ROMM
Risks at FS level and Assertion Level:

o ID risks throughout process of obtaining understanding of entity + its environment
o Assess risks + evaluate whether relate more pervasively to FS as a whole
 If so, ROMM at FS level
 If not, ROMM at Assertion level (relate to what can go wrong at an
assertion level taking account of relevant controls that auditor must test)
o Consider likelihood of misstatement + whether material
FS Level:
 Risks not necessarily identifiable with specific assertions

 Risks relevant to ROMM due to fraud (management integrity), error (condition &
reliability of entity’s records) & going concern basis of entity
 Risks of Fraud in Revenue Recognition:
o Overstatement of revenue due to:
 Premature revenue recognition
 Recording fictitious revenues
o May relate to pressure/incentives on management for listed entities
Assertion Level:
 Directly assists in det. nature, timing + extent of further audit procedures necessary
 3 Categories of Assertions: Tx (OCACC); Account Bal (CREV); Disclosure (OCCA)
 Relate (directly or indirectly) controls to specific assertions
Risks that Require Special Audit Consideration:

o Det. whether any of risks identified are a significant risk (usually relate to sig. non-
routine txs :. unusual due to size or nature OR use of estimates + judgment)
o In determining this, consider the following:
 Whether risk is risk of fraud
 Whether risk related to recent sig. economic, accounting or other developments
 Complexity of txs
 Whether risk involves sig. txs with related parties
 Degree of subjectivity in measurement of fin info related to risk
5
 Whether risk involves sig. txs outside normal course of business
o If so, auditor obtain understanding of controls related to that risk:
 Review of assumptions by snr management
 Documented processes for estimations
 Approval by those charged with gov.
Risks for which Substantive Procedures alone Don’t provide Sufficient Appropriate Audit Evidence:
o Sometimes not possible to obtain sufficient appropriate evidence from
substantive procedures (fieldwork – more detailed) only :. obtain understanding
of entity’s controls
o May relate to inaccurate/incomplete recording of routine + significant classes of txs
(highly automated) e.g. revenue, purchases, cash receipts, cash pmts
Revision of Risk Assessment:

o Assessment of ROMM at Assertion Level may change during course of audit if:
 Further audit procedures provide other audit evidence or new info obtained
which is inconsistent with original audit evidence
7. CONDITIONS & EVENTS THAT MAY INDICATE ROMM
Going concern & liquidity issues

Changes in industry
Offering new products/services
Expanding into new locations
Large acquisitions/reorganizations
Lack of personnel with approp. accounting + fin rep skills
Changes in key personnel
Deficiencies in internal control
Read ISA 315, Appendix 2
8. FRAUD RISK FACTORS & EXAMPLES
a. Fraud Risk Factors (Fraudulent Financial Reporting & Misappropriation of Assets)
Incentives/Pressures e.g. performance based remuneration

Opportunities e.g. weak control environment
Attitudes/Rationalizations
b. Examples of Circumstances that Indicate Possibility of Fraud
Discrepancies in accounting records

Conflicting or missing evidence
Problematic or unusual relationships bet. auditor & management
6
APPLICATION
AUDIT RISK = CONTROL RISK x INHERENT RISK x DETECTION RISK
Risk inappropr. Risk misstatements Risk misstatements Risk audit proced.

opinion bypass controls occur won’t detect MM
Respond
1. Financial Statement Level
1. Indicator: from case study
2. Effect:
Fraud (listing requirements; bonus based on profit; adjustments to obtain financing or a

tender; lack of integrity; related parties etc.)
Error (overworked; comply with disclosure requirements ito King III which may not be met;
complex accounting e.g. IAS 21 etc.; recently incorporated :. ctrl environ.; new
software/system – unfamiliar :. may make errors etc.)
Going concern? (risk that FS prepared on going concern basis but entity is not a going concern)
(penalties; loan payable; new company etc.)
3. Explanation
2. Assertion Level
1. Indicator: from case study
2. Effect: assertion
Tx: OCACC
Account Balance: CREV
3. Explanatio
n
Note:
Usually like to ask Inventories, Revenue, Trade Debtors
7
Possible Questions:
o RoMM (no detection risk) at either FS level or Assertion level or both
o Audit Risk :. determine risk state @ end of answer
Remember positives & negatives! :. Increase & Decrease Risk!
Detection Risk:
Audit procedures might not detect material misstatement because:

o 1st time performing audit for the entity :. lack of knowledge of entity
o 1st time performing audit for entity :. extra work on opening balances
o Tight deadline :. not sufficient time for proper audit
Exam Technique
1. Financial Statement Level
There may be a risk of material misstatement at overall FS level due to:
PAGE 1 – Fraud
Indicator & explanation

There may be a weak control environment by indication of:
o multiple locations
o group etc.
Non-compliance with laws & regulations such as: affects management integrity due to
weak ctrl environment
o Co. Act
o King Code
PAGE 2 – Error

Non-compliance with laws & regulations
PAGE 3 – Inappropriate Basis of Preparation (Going Concern)
8
2. Assertion Level → just mention disclosure being incomplete or not in accordance with std
1. Line Item Being Assessed e.g. Inventory
2. List Assertions relating to that line item e.g. CREV
3. Under each assertion:
 Indicator & explanation
Note:
Valuation and Allocation: relates to
 Cost (Raw Materials; WIP – O/H; FG)

 NRV: demand; damage; new technology leads to impairment of current technology
 Imports + exports (costs associated not included in inventory; incorrect spot rate)
Rights & Obligations: relates to
 Imports & exports (recorded prematurely)

 Goods in transit
Completeness & Existence:
 Different branches etc. (geographically widespread :. not all inventory included or in

existence
Revenue
Different income streams – recorded / classified incorrectly (classification)

Selling prices differ – could use incorrect prices (accuracy)
Free items on a promotion – incorrectly accounted for (accuracy; occurrence; completeness)
Disclosures incomplete / not in accordance with IFRS 15
9
ANALYTICAL PROCEDURES
4.1 Background to use of Analytical Procedures as Substantive Procedures &
Auditor’s Objectives
a. SCOPE
 Auditor’s use of analytical procedures [AP] as substantive procedures [SP]

 Auditor’s responsibility to perform APs near end of audit that assist when forming overall
conclusion on FS
b. OBJECTIVES
 To obtain relevant & reliable audit evidence when using APs

 To design & perform APs near end of audit that assist auditor when forming overall
conclusion on FS
c. DEFINITION
Analytical Procedures: evaluations of financial info through analysis of plausible

relationships among both financial & non-financial data.
 Comparisons of fin info with:

o Comparable info in prior periods
o Anticipated results e.g. budgets/forecasts
o Similar industry info e.g. industry averages
 Relationships:
o Among elements of fin info expected to conform to predictable pattern
o Between fin info & relevant non-fin info
 Can be applied to consolidated FS, components & individual elements of info
1
4.2 Requirements for Auditor’s use of APs as SPs
a. SUBSTANTIVE ANALYTICAL PROCEDURES
When designing & performing APs, auditor shall:
1. Det. suitability of APs for given assertions (taking account of assessed RoMM & TODs)
2. Evaluate reliability of data from which auditor’s expectation of recorded amts/ratios are
developed (taking account of source, comparability and nature & relevance of info +
controls over prep)
3. Develop expectation of recorded amts/ratios + evaluate whether expectation is sufficiently
precise to ID misstatement
4. Det. amt of any diff. of recorded amts from expected values that is acceptable w/o
further investigation
SPs may be:
 TODs Based on Auditor’s judgment about expected

 SAPs effectiveness + efficiency of avail. audit proced.
 Combination of both
Auditor can enquire of management ito avail. + reliability of info needed to apply SAPs →
may be effective to use analytical data prepared by Management, provided properly
prepared
1. Suitability of APs for Given Assertions
 SAPs generally more applicable to large volumes of txs that tend to be predictable over
time
 Based on expectation that relationships among data exist
 Suitability depends on auditor’s assessment of how effective will be in detecting
misstatement
 Widely recognised trade ratios can often be used effectively
 Different types of APs provide different levels of assurance
 Determination of suitability influenced by nature of assertion & auditor’s assessment of
RoMM
2. Reliability of Data
 Influenced by source & nature

 Following are relevant when det. whether data is reliable:
o Source of info e.g. more reliable when obtained from indep. sources outside entity
o Comparability of info
o Nature & relevance of info
o Controls over prep of info (designed to ensure completeness, accuracy & validity)
2
 When controls are effective, auditor has greater confidence in reliability of info and :.
results of APs
3. Evaluation whether Expectation is Sufficiently Precise
 Matters relevant to evaluation of whether expectation is sufficiently precise to ID

misstatement incl.:
o Accuracy with which expected results of SAPs can be predicted
o Degree to which info can be disaggregated e.g. APs may be more effective
when applied to individual sections vs FS as a whole
o Availability of info (both fin & non-fin)
4. Amt of Difference of Recorded Amts from Expected Values that is Acceptable
 Influenced by materiality & consistency with desired level of assurance
b. INVESTIGATING RESULTS OF ANALYTICAL PROCEDURES
If APs ID:
o fluctuations
o relationships inconsistent with other info
o relationships that differ from expected values by a
significant amt the auditor shall investigate by:
 Inquiring of management + obtaining appropriate audit evidence relevant to

management’s response
 Performing other audit procedures when:
o Management unable to provide an explanation
o Management’s explanation together with audit evidence relevant to their response
is not adequate
If need be, the auditor shall adjust the audit plan:
 Nature: Substantive Approach (type)

 Timing: Now
 Extent: Increase sample sizes (more data, procedures etc.)
3
AUDIT FIELDWORK
S/O 2: TESTS OF CONTROLS & SUBSTANTIVE PROCEDURES IN THE
BUSINESS CYCLES
2.1 Background to Tests Of Controls & Substantive Procedures

a. TERMINOLOGY
Substantive Procedure:
 Audit procedure designed to detect material misstatements at assertion level. Comprises:

o Tests of details (classes of txs, account balances & disclosures)
o Substantive analytical procedures
Test of Controls:
 Audit procedure designed to evaluate operating effectiveness of controls in preventing, or

detecting & correcting, material misstatements at assertion level.
b. TESTS OF CONTROLS (TOCs)
Auditor shall design & perform TOCs to obtain sufficient & appropriate audit evidence ito
operating effectiveness of relevant controls if:
 Assessment of RoMM at assertion level incl. expectation that controls operating

effectively → auditor intends to rely on controls :. auditor shall obtain more
persuasive audit evidence the greater the reliance placed on effectiveness of control
 Substantive procedures alone can’t provide sufficient appropriate audit evidence
1. Nature & Extent
In designing + performing TOCs, auditor shall:
o Perform other audit procedures in combination with inquiry to obtain audit evidence
about operating effectiveness, incl.:
 How controls applied
 Consistency of application
1
 By whom/by what means applied
o Determine whether controls depend upon other controls
2. Timing of Tests of Controls
Test controls for:
o Particular time or throughout the period

o For which auditor intends to rely on those controls
3. Audit Evidence obtained during Interim Period
If evidence obtained during interim period, auditor shall:
o Obtain audit evidence about significant changes to controls subseq. to interim period
o Det. additional audit evidence to be obtained for remaining period
4. Audit Evidence obtained in Previous Audits
In determining whether appropriate to use audit evidence obtained in prev. audits, auditor
considers:
o Effectiveness of other elements of internal control (incl. control environment,

monitoring of controls, entity’s risk assessment process)
o Risks from characteristics of the control (incl. whether manual or automated)
o Effectiveness of control & its application by the entity
o Whether lack of change in control poses a risk
o RoMM
If auditor plans to use audit evidence from previous audit, must obtain audit evidence about
whether signific. changes in controls have occurred subseq. to previous audit :. inquiry +
observation/inspection to confirm understanding of controls AND:
o If changes occurred, auditor must test the controls in the current audit
o If no changes, auditor must test the controls at least once in every third audit
5. Controls over Significant Risks
If plans to rely on controls over a risk considered significant → test controls in current audit
2
6. Evaluating the Operating Effectiveness of Controls
Auditor must evaluate whether misstatements detected by substantive procedures

indicate that controls not operating effectively.
If deviations from controls (on which auditor plans to rely) are detected, auditor shall make
inquiries & determine whether:
o TOCs performed provide appropriate basis for reliance on controls

o Additional TOCs are necessary
o Potential risks of misstatement need to be addressed using substantive procedures
c. SUBSTANTIVE PROCEDURES (SPs)
Irrespective of assessed RoMM, auditor shall design & perform substantive procedures for
each
material class of txs, account balance & disclosure.
Determine whether external confirmation procedures to be performed.
1. SPs related to FS Closing Process
SPs shall incl.:
o Reconciling FS with Acc. Records

o Examining material jnl entries
2. SPs Responsive to Significant Risks
If risk considered significant, auditor perform SPs specifically responsive to that risk.
3. Timing of SPs
If SPs performed @ interim date, auditor cover remaining period by performing:
o SPs combined with TOCs

o if sufficient, further SPs only
3
d. REVENUE & RECEIPTS CYCLE
 Revenue = making sales; Receipts = ensuring co. is paid

 Risks:
o Creating fictitious sales
o Manipulating cut-off (pre-invoicing)
o Not recording all cash sales (reduce tax)
o Overstate accounts receivable
o Invoices raised before goods ordered have been picked
 Sale only recognised if:
o Risks & rewards of ownership transferred
o Seller doesn’t retain managerial involvement over goods
o Revenue measured reliably
o Costs iro sale measure reliably
o Probable economic benefits flow to entity
 Fraud:
o Fraudulent Financial Reporting:
 Fictitious sales & debtor
 Understatement of sales & corres. debtor
 Understatement of bad debt allow.
 Manipulate recognition of revenue (pre-invoicing)
o Misappropriation of Assets:
 Theft of cash
 Theft of pmts received from debtors
 Sales at unauthorized prices
 Theft of goods @ picking/dispatch
 Not paying over VAT
 Invalid adjustments to debtors accounts
 Despatching goods but never raising an invoice
 TOCs & Substantive Tests:
o Mix of TOCs & Substantive Tests
o Intends to rely on controls → design & perform TOCs
 If operating effectively = less substantive tests
 If less effective controls = more substantive tests
e. ACQUISITION & PAYMENTS CYCLE
 Acquisitions = co. only acquires goods which it needs & goods are of necessary
quality & price; Payments = only goods validly ordered & received are paid for
 Expenditure must:
o Relate to the business
4
o Be authorized before incurred
o Paid for at the correct amt (pmt authorized)
 Risks:
o Understating trade payables
o Understating creditors balance
o Purchase Orders can be made out & placed without authority
o No indep. recon of EFT pmts
 Fraud:
o Fraudulent Financial Reporting
 Understatement of trade creditors (test for completeness)
 Manipulation of “cut-off” (account for purch. after YE incl. inventory in current yr)
 Fraudulently increase purchases
o Misappropriation of Assets
 Order good for personal use & have co. pay
 Make fictitious pmts to creditors
 Claim VAT to which not entitled
 Accepting bribes from suppliers as inducement to purch. goods from that
supplier
 Theft of goods @ receiving stage
f. PRODUCTION & INVENTORY CYCLE
 Assets fairly presented in FS

 Assertions:
o Completeness: inventory should’ve been recorded, has been recorded
o Rights: co. holds/controls rights to all inventory in FS
o Existence: inventory actually existed at rep date
o Valuation & Allocation: lower of cost & NRV
 See IAS 2 – Inventories (definition; measurement; cost; formulae)
 Risks:
o Including empty containers
o Hollow stacking
o Attaching empty containers to shelves
o Packaging bricks
o Re-packing defective/2nd hand goods
o Altering inventory count sheets after count
o Borrowing inventory for the inventory count
o Double counting
o False 3rd party confirmations
o Including consignment inventory
o Manipulating “cut-off”
5
 Fraud:
o Fraudulent Financial Reporting
 Inclusion of fictitious inventory (existence)
 Understatement of write-downs of inventory (valuation)
 Exclude inventory which should be incl. / overstate inventory write-
downs (existence & valuation) – directors want co. to look less
valuable
o Misappropriation of Assets
 Theft of goods – depends on
 Nature of goods (easier to steal small items)
 Physical control over inventory
 Division of duties (record keeping & custody)
 Frequency of inventory counts
 Controls in other cycles affecting inventory cycle
g. PAYROLL & PERSONNEL CYCLE
 RoMM in salaries & wages accounts not normally regarded as high because:
o Management strongly control conscious
o External parties directly “interested” in cycle are present – SARS
o Payroll software processes accurately & contains programme controls
 Material misstatement could arise due to:
o Including fictitious employees (occurrence) – usually perpetrated by employees
themselves
o Illegal employment practices – employing illegal aliens, paying wages below minimum
wage
 Disclosure of directors & prescribed officers’ remuneration = incomplete or inaccurate
 Assertions:
o Occurrence: salary & wage totals only include non-fictitious employees
o Completeness: all salaries & wages paid included in account balance
o Accuracy, Cut-off & Classification: recorded appropriately in correct period & correct
a/cs
2.2 Tests of Controls in the Business Cycles

a. REVENUE & RECEIPTS CYCLE
 Objective → example: ensure credit sale only made to customer who will pay
o Investigate creditworthiness
o Sales orders approved by credit controller
o Approval could be automated
o If controls are effective – reduces risk that trade receivables overstated :.
reduce risk of fictitious sales
6
 Timing → gain evidence that controls operating effectively throughout the fin yr under audit
o TOCs carried out @ diff stages during interim visits
o Auditor relies on audit trail for tx
 Nature of TOCs → examples of TOCs carried out:

o Inspection:
 Sample of recorded sales selected & supporting ISO inspected for valid
authorizing signature
 Inspection of picking slip & dispatch note signed by customer = sale
actually occurred
 Inspect CRJ/bank statement & customer’s remittance advice & matching
recorded sale to receipt from customer
 Sample of credit notes inspected for authorizing signature & detail on
supporting docs
 Log of masterfile amendments & supporting docs inspected to confirm
appropriate procedures carried out iro creditworthiness evaluation + limits &
terms granted/approved
 Daily till sales recon schedules inspected & compared to bank
deposit slips (timeously banked & in tact)
 Testing automated controls: attempt to process an order
 using an invalid customer no.
 leaving out order ref no.
 with an invalid product code
 which exceeds credit limit
o Enquiry:
 Despatch clerk – what happens if goods tsfred from W/H to dispatch w/o picking
slip
 Invoicing clerk – procedures followed to ensure all despatches/deliveries
result in invoices
 Credit manager – what use he makes of daily reports
 Financial accountant – whether/how sales to related parties identified
o Observation
 Observe despatch clerk counting & checking goods against picking slip
 Observe procedures undertaken at counter when cash sale made
 Observe gate control personnel checking goods leaving the premises
7
b. ACQUISITIONS & PAYMENTS CYCLE
 Objective → example: ensure purchases made only for company + all goods ordered
received/only goods ordered & received are paid for
o No goods purchased w/o official purch requisition – signed by W/H manager
o Official purch order prepared by order clerk & approved by snr buyer
o Checking of goods by receiving clerks
o Complete GRN
 Timing→ gain evidence that controls operating effectively throughout the fin yr under audit
o TOCs carried out @ diff stages during interim visits
o Auditor relies on audit trail for tx
 Nature of TOCs → examples of TOCs carried out:

o Inspection:
 Sample of recorded purchases selected & supporting requisition + PO
inspected for authorizing signature
 Sample of POs compared to list of approved suppliers + enquiry that
supplier only added to list after evaluation
 Inspect Masterfile amendment log & supporting docs for indication of
approval for addition of supplier
o Enquiry:
 Receiving clerk – procedures follows when goods received
- what happens to goods delivered but not listed as on PO
 Purchase order clerk – procedure followed for placing order if there’s no purch
req
 Financial accountant – what happens when pmt by EFT must be made
but 1 of individuals required to authorize is not available
o Observation:
 Observe procedures carried out by receiving clerk when delivery received
 Observe “authorize” & “release” procedures being undertaken for pmt of creditor
o Re-perform:
 Bank reconciliation
c. PRODUCTION & INVENTORY CYCLE
 Main focus = substantive testing of inventory balance.

 Some TOCs carried out:
o Observation: of inventory count
o Inspection:
 Of stores controls to det. effectiveness of:
 access control (custody & safekeeping)
8
 authorized docs to record inventory movement
 stores layout
 Of records controlling inventory movement e.g.
 inspecting sample of requisitions & material issue notes for
authorizing signatures & cross referencing to job cards
 inspecting sample of inventory movements per perpetual inv.
records to “tsfrs to FG notes”
o Enquiry: of production & warehousing as to procedures actually performed
o Recalculation: of calculations on production schedules, performance reports & other
costing records
APPLICATION
 STEPS:
o Use CONTROL ACTIVITIES to determine controls – will this affect the FS? [KEY
CONTROLS]
o Formulate the TOCs (table below)
HOW? WHAT? WHY?
Verbs Detail Purpose of Control

Name & Position
Inspect → docs + physical When Enquire – purpose is
assets Document → for what always “To evaluate the
appropriateness &
Observe → people Person → doing what effectiveness thereof”
Enquire → procedure, how

performed, who
performs
If don’t have enough info –
enquire.
Recalculate
Re-perform → agree/
compare
docs
* Have a document –
inspect + re-perform
* No document – observe +
enquire
9
 ACCESS: 3 available points if “only authorized personnel have access/access restricted”
o Observe whether authorized personnel have access
o Enquire who authorized personnel are
o Re-perform gaining access to test if unauthorized personnel don’t have access
 How will TOCs be asked?
“Formulate the TOCs you would perform to establish the operating effectiveness of controls
relevant to the audit, as set out in information contained under Annexure B PURCHASE
ORDER SYSTEM & SUPPLIER MASTERFILE AMENDMENTS”
 Note: 1.5 marks for each TOC (MAX 2 TOCs per control)
 If asked for “Strongest” TOCs → use “Green Level” of reliability :. Re-
perform/Recalculate/Inspect
EASY MARKS:
 Obtain + inspect authorized price list to ensure that it exists

 Automatic txs: generate test data txs
 Observe employees performing their duties to ensure proper segregation of duties
 Enquire ito authorized procedures:
o use of terminals
o updating and confirmation of supplier list
o price list etc.
 Follow through txs, amendments etc. to log report/jnl to ensure that it has all been done
 Inspect docs (credit policy etc.) to ensure that it exists
10
BACKGROUND TO AUDIT
FIELDWORK
1.1 Introduction
FRAMEWORK
- Practitioner plan & perform assurance engage. with attitude of professional skepticism to
obtain sufficient appropriate evidence about whether subject matter info is free of
- Practitioner considers materiality, assurance engage. risk, & quantity & quality of
available evidence when planning & performing the engage. & determining nature,
timing & extent of evidence-gathering procedures
ISA 200
- Auditor has to obtain reasonable assurance to obtain this he must obtain sufficient
appropriate audit evidence to reduce audit risk to an acceptably low level & enable
auditor to draw reasonable conclusions on which to base his opinion
- Audit evidence
o Cumulative in nature & primarily obtained from audit procedures performed
during course of audit
o May incl. info obtained from prev. audits or from firm’s quality control procedures
o Entity’s accounting records are NB source of audit evidence
o Incl. info prepared by an expert
o Comprises of info that supports & corroborates management’s assertions, &
info that contradicts such assertions
o Absence of info constitutes audit evidence
- Sufficiency: quantity of audit evidence
o Affected by auditor’s assessment of risks of misstatement & by quality thereof
- Appropriateness: quality of audit evidence
o Affected by relevance & reliability
o Reliability is influenced by its source & nature
- Whether sufficient appropriate audit evidence has been obtained is matter of prof.
judgment
1
ISA 500
- Objective of auditor design & perform audit procedures in such a way to enable
auditor to obtain sufficient appropriate audit evidence to be able to draw reasonable
conclusions on which to base auditor’s opinion
- Audit procedures: Inquiry, Inspection, observation, confirmation, recalculation, re-
performance & analytical procedures (often performed in combination)
- Definitions:
o Accounting records: records of initial accounting entries & supporting records;
general & subsidiary ledgers; worksheets & spreadsheets, etc.
o Appropriateness: (defined above)
o Audit evidence: info used in arriving at conclusions on which auditor’s opinion is
based
o Management’s expert: individual/ organisation possessing expertise in field
other than accounting/ auditing, whose work in that field is used by the entity to
assist the entity in preparing the financial statements
o Sufficiency: (defined above)
- Auditor is required to design & perform audit procedures that are appropriate
in the circumstances for the purpose of obtaining sufficient appropriate audit
evidence
1.2 Sources
- Audit evidence is obtained by performing audit procedures to test accounting records
- More assurance is obtained from consistent audit evidence obtained from different
sources/ of a different nature (corroborating evidence from different sources will
increase the assurance, whereas inconsistent evidence will result in additional evidence-
gathering procedures to resolve inconsistency)
- Info from sources independent of entity – confirmations from 3rd parties, analysts’
reports, etc.
1.3 “Sufficient” audit evidence

- Measure of quantity of evidence
- Affected by assessment of risk of subject matter info being materially misstated &
quality of such evidence
- Interrelated with appropriateness of audit evidence
1.4 “Appropriate” audit evidence

- Measure of quality of evidence
- Relevance & reliability in providing support for conclusions on which auditor’s opinion is
based
2
- When designing & performing audit procedures, auditor must consider the
relevance & reliability of info to be used as audit evidence
- Practitioner must consider reliability of evidence used e.g.: photocopies, facsimiles,
filmed, digitised or other electronic documents (incl. consideration of controls over their
preparation & maintenance)
- Reliability is influenced by its:
o Source
o Nature
o And is dependent on the individual circumstances under which it is
obtained. I.e. evidence is more reliable when:
 It is obtained from independent sources outside entity
 The controls surrounding internally generated evidence are effective
 It is obtained directly by practitioner
 It exists in documentary form (paper, electronic, or other media)
 It is provided by original documents (instead of photocopies/ facsimiles)
- When using info produced by entity auditor evaluate whether info sufficiently
reliable for auditor’s purposes, incl.:
o Obtaining audit evidence about accuracy & completeness of such info and
o Evaluating whether info is sufficiently precise & detailed for auditor’s purposes
- Relevance
o Is the logical connection with the purpose of the audit procedure &
assertion under consideration
o Affected by direction of testing (i.e. if testing for overstatement in valuation of
accounts payable testing from unpaid invoices & supplier’s statements is
relevant)
o Tests of controls: evaluate operating effectiveness of controls in preventing, or
detecting & correcting, material misstatements @ assertion level identify
conditions that indicate performance of a control – the presence or absence of
those conditions can be tested
o Substantive procedures: to detect material misstatements @ assertion level,
comprise of tests of details & substantive analytical procedures
1.5 Audit evidence from management expert

- If info to be used as audit evidence has been prepared using the work of a management’s
expert, auditor must, having regard to the significance of that expert’s work for the
auditor’s purposes:
o Evaluate competence (nature & level of expertise), capabilities (ability to
exercise competency) & objectivity (bias, conflicts of interest or influence)
of that expert
o Obtain an understanding of the work of that expert (areas of specialty, any
standards or regulatory requirements, assumptions & methods used) &
3
o Evaluate the appropriateness of the expert’s work as audit evidence for
the relevant assertion (relevance & reasonability of expert’s findings,
consistency with other audit evidence)
1.6 Nature, timing & extent of evidence gathering procedures

- Practitioner must plan & perform assurance engagement with attitude of
professional scepticism (circumstances may exist that cause subject matter info to
be materially misstated)
- Attitude of prof. scepticism practitioner makes critical assessment of validity of
evidence
obtained & is alert to evidence that contradicts reliability of documents/ representations
o Reduce risk of overlooking suspicious circumstances, of over generalising when
drawing conclusions & of using faulty assumptions in determining nature, timing
& extent of evidence gathering procedures
- More difficult to obtain assurance about subject matter info covering a period (i.e.
easier for a point in time) :. Conclusions provided on processes are limited to the
period covered by the engagement (i.e. cannot be certain that the process will
continue to function in specified manner in future)
- Practitioner must consider cost of obtaining evidence vs. usefulness of info obtained
(be careful: difficulty/ expense is not a valid reason for omitting an evidence-gathering
procedure for which there is no alternative)
- Reasonable assurance: accumulating evidence necessary for practitioner to be in a
position to express a conclusion need to obtain sufficient appropriate evidence as
part of an iterative, systematic engagement process:
o Obtain understanding of subject matter
o Assess risks that subject matter info may be materially misstated
o Respond to assessed risks develop overall responses & determine nature,
timing & extent of further procedures
o Perform further procedures using a combination of inspection,
observation, confirmation, recalculation, re-performance, analytical
procedures & inquiry
o Evaluate sufficiency & appropriateness of evidence
- There are practical & legal limitations on auditor’s ability to obtain audit evidence, e.g.:
o Management/ others may not provide (intentionally/ unintentionally) the complete
info requested by the auditor
o Fraud may involve sophisticated & carefully organised schemes designed to
conceal it :.
Audit procedures to gather evidence may be ineffective
o An audit is not an official investigation into alleged wrongdoing (auditor does
not have the power of search)
- It is necessary for auditor to:
o Plan audit performed effectively (use time efficiently)
o Direct audit effort to areas most expected to contain risks of material misstatement
o Use testing & other means of examining populations for misstatements
4
Audit procedures for obtaining audit evidence
- Audit evidence to draw reasonable conclusions on which to base auditor’s opinion is

obtained by performing:
o Risk assessment procedures &
o Further audit procedures, which comprise of:
 Tests of controls &
 Substantive procedures
- Nature & timing of audit procedures may be affected by the fact that some accounting
data & other info may be available only in electronic form at certain points or
periods in time
o Certain electronic info may not be retrievable after a specified period of time
- Inspection: examining records/ documents; evidence of existence of assets
- Observation: looking at a process/ procedure being performed (is limited to point in
time at which observation takes place & by the fact that the act of being observed may
affect how the process/ procedure is being performed)
- External confirmation: direct written response to auditor from 3rd party in paper
form/ by electronic or other medium (i.e. for account balances & their elements;
agreements)
- Recalculation: checking mathematical accuracy of documents/ records; may be
performed manually or electronically
- Re-performance: auditor’s independent execution of procedures or controls
- Analytical procedures: evaluation of fin. info. through analysis of plausible
relationships among both financial & non-fin. data
- Inquiry: seeking info of knowledgeable persons
- Definitions:
o Substantive procedures: designed to detect material misstatements @
assertion level, comprises of:
 Tests of details (of classes of txs, account balances & disclosures)
 Substantive analytical procedures
o Tests of controls: designed to evaluate operating effectiveness of controls in
preventing, or detecting & correcting, material misstatements @ assertion level
1.7 Selection of Items for Testing to Obtain Audit Evidence

a. AUDIT PROCEDURES FOR OBTAINING AUDIT EVIDENCE
Obtained by performing:
 Risk assessment procedures

 Further audit procedures, which comprise
o Tests of controls
o Substantive procedures, incl. tests of details & substantive analytical procedures
5
b. SELECTING ITEMS FOR TESTING TO OBTAIN AUDIT EVIDENCE
An effective test provides appropriate audit evidence, sufficient for auditor’s purposes. In
selecting items for testing, auditor is required to det. relevance & reliability of info to be
used. The means available for selecting items are:
 Selecting all items (100% examination)

 Selecting specific items
 Audit sampling
Selecting All Items
 100% examination unlikely in case of TOCs (more common for tests of details)
 100% examination appropriate when:
o population constitutes small no. of large value items
o there is a significant risk
o repetitive nature of calculation or other process performed automatically makes
100% exam cost effective
Selecting Specific Items
 Specific items selected depend on auditor’s understanding of entity, assessed

RoMM & characteristics of population being tested.
 Specific items incl.:
o High value/key items
o All items over a certain amount
o Items to obtain info (such as nature of entity or of txs)
 Doesn’t constitute audit sampling :.
o Can’t be projected to entire population
o Doesn’t provide audit evidence concerning remainder of population
Audit Sampling
 Enables conclusions to be drawn about an entire population
1.8 Evaluating whether Sufficient Appropriate Audit Evidence was Gathered

a. PROFESSIONAL JUDGMENT (ISA 200)
Auditor exercise professional judgment in planning & performing audit → to determine

whether sufficient & appropriate audit evidence obtained to reduce audit risk to an
acceptably low level
6
Objectives to evaluate whether sufficient & appropriate audit evidence has been obtained
 Auditor needs to use objectives to evaluate whether sufficient & appropriate audit
evidence obtained
 If concludes that it’s not sufficient & appropriate, follow 1+ of the following approaches:
o Evaluate whether further relevant audit evidence has been / will be obtained
o Extend work performed
o Perform other procedures auditor deems necessary
b. REVIEWS (ISA 220)
 Work of less experienced team members must be reviewed by more experienced team
members
 Review consists of consideration whether:
o Work in accordance with professional stds & applicable legal + regulatory req
o Significant matters raised for further consideration
o Appropriate consultations taken place
o Need to revise nature, timing & extent of work
o Work performed supports conclusions
o Evidence obtained is sufficient & appropriate
o Objectives achieved
c. INCONSISTENCY IN, OR DOUBTS OVER RELIABILITY OF AUDIT EVIDENCE (ISA 500)
If:
 audit evidence from one source is inconsistent with another OR

 auditor has doubts over reliability of info
the auditor shall det. modifications/additions to audit procedures necessary to resolve
e.g. when responses to enquiries of management, internal auditors & others are inconsistent
d. RISKS FOR WHICH SUBSTANTIVE PROCEDURES ALONE DON’T PROVIDE

SUFFICIENT & APPROPRIATE AUDIT EVIDENCE (ISA 315)
 Such risks may relate to inaccurate/incomplete recording of routine & significant classes of
txs or acc balances (highly automated) → entity’s controls over such risks are relevant :.
auditor obtain understanding of these controls
7
GOING CONCERN
1.3: Going Concern
ISA 570 (revised)
1. G.C. ASSUMPTION
- Entity is G.C. & will continue to operate for foreseeable future
- Management does not intend to liquidate/ cease operations/ have no alternative
but to liquidate (i.e. insolvent)
o Factual (technical) insolvency (net loss = total liabilities> total assets)
o Commercial insolvency (net current liability = CL > CA)
o Consider reportable irregularity (Sec 45 of APA)
o Consider reckless trading (Sec 22 Co. Act)
- Assets & liabilities are recorded on basis that entity will be able to realise its
assets & discharge its liabilities in normal course of business
2. RESPONSIBILITIES OF MANAGEMENT
- IAS 1 has explicit requirement for management to make a specific assessment
of entity’s ability to continue as G.C.
- Matters to be considered & disclosures to be made
- Judgement (at particular point in time) about inherent uncertainty of future
outcomes of events/ condition
o Degree of uncertainty further into future an event/ condition/ outcome
occurs
o Size & complexity of entity, nature of it business & degree to which it is
influenced by external factors
o Judgement is based on info available at that point in time
subsequent events may result in outcomes that are inconsistent with
judgment made
3. RESPONSIBILITIES OF AUDITOR
- Obtain sufficient approp. audit evidence regarding, & to conclude on,
appropriateness of management’s use of G.C. basis
- Conclude whether material uncertainty exists i.r.o entity’s ability to continue as G.C.
- ISA 200 – inherent limitations in auditors ability to detect material misstatements
auditor’s conclusion is not a guarantee as to entity’s ability to continue as G.C.
4. AUDITOR’S OBJECTIVES
- Obtain sufficient approp. audit evidence regarding, & to conclude on,
- Conclude whether material misstatement exists that may cast significant doubt
on entity’s ability to continue as a G.C.
1
- To report in accordance with this ISA
5. RAPS & RELATED ACTIVITIES

- Inherent risk @ F.S. level – going concern principle
- RAPS required by ISA 315 (rev), auditor must consider whether events/ conditions
exist
cast significant doubt on entity’s ability to continue as G.C.
o A3 lists a few indicators (financial, operational & other)
- Determine whether management has performed preliminary assessment
o Yes: discuss assessment & determine whether man. has ID events that may
cast
doubt on entity’s ability to continue as G.C., & plans to address them
o No: discuss with man. the basis for intended use of G.C. basis & inquire
of man. whether events/ conditions exist that may cast significant doubt
on entity’s ability to continue as G.C.
- Auditor remains alert for audit evidence of events/ conditions that may cast significant
doubt on entity’s ability to continue as G.C.
o May have to revise risk assessment & modify further planned audit procedures
6. EVALUATING MANAGEMENT’S G.C. ASSESSMENT

- Evaluate management’s assessment of entity’s ability to continue as a G.C.
o Evaluate process followed by man., assumptions used, management’s
plans for future action (incl. feasibility)
- Auditor cover same period as that used by man. (must be at least 12 months, if not
then ask man. to extend assessment to 12 months)
- Management’s assess. must incl. all relevant info
7. PERIOD BEYOND MANAGEMENT’S ASSESSMENT

- Auditor inquire of man. as to its knowledge of events/ conditions beyond period of
management’s assessment that may cast significant doubt on entity’s ability to
continue as a G.C.
8. ADDITIONAL AUDIT PROCEDURES

- When events/ conditions identified cast significant doubt on entity’s ability to
continue as G.C.
- Obtain sufficient approp. audit evidence to determine if material uncertainty exists
through performing additional audit procedures:
o Request man. to make its assessment (of entity’s ability to continue as G.C.)
o Evaluate management’s plans for future actions (will it improve the
situation & is it feasible)
o If entity has prepared cash flow forecast
2
 Evaluate reliability of underlying data to prepare forecast
 Is there adequate support for assumptions underlying forecast?
o Consider additional facts / info that have become available since date
of man. assessment
o Request written representations from man. regarding plans for future
actions & feasibility of these plans
9. AUDIT CONCLUSIONS
- Evaluate whether sufficient approp. audit evidence has been obtained & conclude
on
- Conclude whether material uncertainty exists related to events/ conditions that may
cast
doubt on entity’s ability to continue as G.C.
o Material uncertainty exists when magnitude of it potential impact &
likelihood of occurrence approp. disclosure of nature & implications of
uncertainty is necessary to achieve fair presentation/ for F.S. to not be
misleading
10. AUDITOR’S REACTION

- Use of G.C. assump. is approp. but material uncertainty exists
o F.S. adequately disclose principal events/ conditions
o F.S. disclose clearly that there is a material uncertainty
- Use of G.C. assump. is not approp.
- Management unwilling to make/ extend its assessment
- Events/ conditions have been ID that may cast doubt on entity’s ability to
continue as G.C. but no material uncertainty exists
o F.S. provide adequate disclosures about events/ conditions
11. IMPLICATIONS OF G.C. BASIS ON AUDIT REPORT
- If management’s use of G.C. is inappropriate adverse opinion

- Use of G.C. is approp. but material uncertainty exists
o If adequately disclosed unmodified opinion, draw attention to note in
F.S. that discloses the matters
o If not adequately disclosed qualified opinion/ adverse opinion
- If man. unwilling to make/ extend assessment when requested to do so qualified
opinion
/ disclaimer of opinion
12. COMMUNICATION WITH TCWG

- Communicate with TCWG events/ conditions ID that may cast significant doubt on
entity’s ability to continue as G.C.
o Events constitute material uncertainty
o Appropriateness of managements use of G.C. basis
3
o Adequacy of related disclosures in F.S.
o Implications for auditor’s report
13. SIGNIFICANT DELAY IN APPROVAL OF F.S.

- Inquire as to reasons for delay
- Could be related to events/ conditions relating to G.C. assessment perform
additional audit procedures as necessary & consider effect on auditor’s conclusion
regarding existence of material uncertainty
4
SUBSEQUENT EVENTS
1.2 Subsequent Events → ISA 560
M = Management
TCWG = Those
Charged with
Governance
a. Introduction FS = Financial
Statements ir/to = in
 FS may be affected by events that occur after date of FS – 2
types: respect/terms of Tx =
transaction
o Those that provide evidence of conditions existed at date of FS (adjusting events)

o Those that provide evidence of conditions arose after date of FS (non-adjusting events)
b. Objectives
 To obtain sufficient appropriate audit evidence about whether events occurring between
date of FS & auditor’s report require adjustment/disclosure in FS
 Respond appropriately to facts that become known to auditor after date of auditor’s report
c. Definitions
 Date of FS → date of end of latest period covered by FS (co. YE)

 Date of approval → date FS have been prepared & those with authority asserted that
they’ve taken responsibility fo FS (final approval by s/hs not necessary for auditor to
conclude that sufficient appropriate audit evidence obtained)
 Date of auditor’s report → date auditor dates report (cannot be earlier than date on which
auditor obtained sufficient & appropriate audit evidence nor date of approval)
 Date FS are issued → date auditor’s report & audited FS made available to 3 rd parties
(date FS issue not be at/later than date of auditor’s report)
 Subsequent events → events occurring between date of FS & date of auditor’s report &
facts that become known to auditor after date of auditor’s report
1
d. Requirements
1. Events occurring between date of FS & date of Auditor’s Report
 Auditor perform audit procedures to obtain sufficient & appropriate audit evidence that all
subsequent events that require adjustment/disclosure identified
o Review/test accounting records/txs
o If acc records not up to date/no interim FS or minutes → audit procedures to be
undertaken
= inspection of books/records/bank statements
 Perform procedures so that they cover period from date of FS to date of auditor’s report
→ take into account risk assessment when det. nature & extent of procedures incl.:
o Obtain understanding of procedures management has to ID subsequent events
o Inquire from M & TCWG whether subsequent events have occurred e.g. new
commitments, borrowings, sales or acquisitions, increases in capital or issue of debt
instruments, assets destroyed, events that will affect going concern, events relevant
to measurement of estimates/provisions etc.
o Read minutes of meetings held after date of FS
o Read latest subseq. interim FS
o Read latest budgets, CF forecasts & other management reports for periods after FS
o Inquire of entity’s legal counsel about litigations
 If auditor ID events that require adjustment/disclosure – determine whether
appropriately reflected in FS
 Auditor request M provide written representation that all events subsequent to date of FS
requiring FS to be adjusted or disclosed have been adjusted/disclosed
2. Facts which become known to Auditor after date of Auditor’s Report but before date FS
are issued
 Management agrees to inform auditor of facts that may affect FS

 Auditor has no obligation to perform audit procedures ito FS after date of Auditor’s Report
 If after auditor’s report but before FS issued, fact becomes known that would’ve caused
auditor to amend report, auditor shall:
o Discuss matter with management
o Det. whether FS need amendment
o Inquire how M intends to address matter
2
 When auditor amends audit report to include additional date that applies to the
amendment, the date of auditor’s report on FS prior to amendment by M remains
unchanged because it informs reader when the audit work was completed
 If M amends, auditor shall:

o Carry out audit procedures on amendment
o Extend audit procedures to date of new auditor’s report
o Provide new auditor’s report
o Where law, regulation or fin rep framework doesn’t prohibit M from restricting
amendment and those responsible for approving not prohibited from restricting
approval, auditor permitted to restrict audit procedures on subsequent events.
 If M doesn’t amend where auditor believes they need to amend them:

o If auditor’s report not yet been provided – auditor modify opinion
o If report already been provided – notify M not to issue FS before necessary
amendments have been made → if FS issued without amendments, auditor take
appropriate action to prevent reliance on auditor’s report - seek legal advice
3. Facts which become known to Auditor after FS have been issued
 After FS issued, auditor has no obligation to perform any audit procedures iro FS
 If after FS issued, fact becomes known that would’ve caused auditor to amend auditor’s
report, auditor shall:
o Discuss matter with M
o Det. whether FS need amendment
o Inquire how M intends to address matter in FS
 If M amends, auditor shall:

o Carry out audit procedures on amendment
o Review steps taken by M to ensure anyone in receipt of previous issued FS is
informed of situation
o Extend audit procedures to date of new auditor’s report (no earlier than
approval of amended FS)
o Provide a new auditor’s report
o Include in new/amended auditor’s report Emphasis of Matter or Other Matter
paragraph referring to note to FS that discusses reason for amendment
3
 If M does not amend and does not take necessary steps to ensure anyone in receipt
of previously issued FS is informed of situation, auditor shall:
o Notify M that auditor will seek to prevent future reliance on auditor’s report
e. Practical Application
Identifying a Subsequent Event → Information to be provided in answer
1. When on timeline did the event occur? e.g. before/after issue of audit opinion
2. Will the auditor still be able to modify the audit report if necessary? Only if not yet issued
3. What was the date on which it occurred?
4. Is this an adjusting or non-adjusting event?
5. Is there an obligation to perform procedures? If after audit report or FS issued then no obligation
6. Adjusting: Is it material and what is the effect on the FS?
 Material:
o In quality or in quantity?
o Factual, judgmental or projected?
7. Non Adjusting: What do I have to disclose? :. unmodified but “emphasis of matter” paragraph
8. Who needs to know about this?
9. Modification of report or disclosure?
→ hereafter, follow decision tree concerning audit opinion and report
4
SUBSTANTIVE
PROCEDURES BALANCES
3.2 Substantive Tests of Detail & Analytical Procedures on Balances
C R E V
1. Inventory
1. Inventory Count → Existence, Completeness & Valuation + Allocation
2. Carrying Amount of Inventory →Valuation + Allocation & Rights + Obligations
General Procedures (7)
 Obtain a management representation letter regarding the completeness, valuation and

allocation, rights and obligations and existence assertions of the inventory balance for the
financial year ended .
 Scrutinise the inventory account in the general ledger/inventory transaction file/inventory

masterfile for any unusual entries and follow up with enquiries from management about
unusual entries.
 Perform analytical procedures on the inventory balance (maximum 2), for example:
o Compare this year’s inventory balance with last year’s inventory balance;
o Compare the % increase/decrease in the inventory balance for the current year to
the % increase/decrease in the inventory balance for the previous year;
o And obtain corroborating evidence for any differences.
 Agree the opening balance of inventory in the inventory account in the general ledger to
the closing balance of inventory on last year’s audited financial statements.
 Inspect the statement of financial position and confirm that inventory is a separate line item
and a separate note to the financial statements in accordance with IAS 2.
1
 Resolve discrepancies in test counts before conclusion of the count by recounting with the
client’s staff and confirming that amendments are made to the inventory sheets if
necessary.
 Inspect the list of GRNs to ensure that all have been matched to suppliers invoices for
completeness.
Valuation and Allocation
 Recalculate the balance of the inventory account in the general ledger to address
the valuation and allocation of inventory at .
 Recalculate the total of the inventory masterfile to address the valuation and allocation of
inventory.
 Compare the balance of the inventory account in the general ledger to the balance of the
inventory masterfile to address the valuation and allocation of inventory at .
 Compare balance of the inventory account in the general ledger to the balance on the
trial balance and to the balance in the statement of financial position to address the
valuation and allocation of inventory.
 Select a sample of inventory items per the inventory masterfile and recalculate the values of
the inventory items (quantity x price) to address the valuation and allocation of inventory at
.
 Select a sample of inventory items per the inventory masterfile and trace to the inventory
cost schedules that contains the calculations done to calculate the weighted average cost of
inventory items.
 Inspect the corresponding supplier invoices for the transactions’ prices and quantities to
determine whether the correct purchase prices and quantities have been used in
calculating the cost in terms of the weighted average costing used to address the valuation
and allocation of inventory.
 To ensure the valuation of imported inventory purchases select a sample of imported items
from the inventory masterfile and:
o Obtain the correct exchange rate from the bank or another financial institution and
compare it to the exchange rate used to convert the foreign currency;
o Obtain the relevant supplier invoices/shipping contracts and costing schedules and
recalculate the unit cost calculation;
2
o Inspect the costing schedule to ensure that the appropriate costs e.g. import duties,
et cetera, were included.
 Recalculate the inventory weighted average cost on the selected inventory cost schedules
to address the valuation and allocation of inventory.
 Compare the recalculated weighted average cost per the inventory cost schedule to the
weighted average cost for the specific inventory item on the inventory masterfile to address
the valuation and allocation of inventory.
 Compare the quantities of the items verified during the inventory count to the quantities on
the masterfile to address the valuation and allocation of inventory.
 Walk through the warehouse and identify inventory that is obsolete or damaged or appears
to be slow moving and record it in a working paper to ensure the correct valuation and
allocation of inventory.
 Walk through the warehouse and observe that stock items are not double counted to
ensure that the stock is counted correctly (valuation and allocation).
 Write Downs: Verify the cost of inventory against relevant supplier invoice & the NRV
against the selling price of inventory to confirm that inventory is carried at the lower of cost &
NRV.
Rights and Obligations (4)
 Inspect the consignment agreements or enquire from management to determine whether

inventory is on consignment at any supplier to ensure the client has the right to the
inventory.
 Inspect the shipping documentation to determine whether there is inventory in transit at

year end to ensure the client has the right to the inventory.
 Inspect the minutes of directors meetings or enquire from management to determine

whether inventory have been ceded or encumbered in any way to ensure the client has the
right to the inventory.
 Inspect loan agreements and bank confirmations to determine whether inventory has
been ceded or encumbered in any way to ensure the client has the right to the inventory.
3
Completeness
 Select a sample of inventory items in the warehouse, count these and agree the counts to
the inventory sheets to ensure the completeness of the inventory.
 Through enquiry from management and inspection of the inventory sheets determine
whether there is any inventory that is not on the client’s premises (consignment stock), but
that should be included in the client’s inventory balance to ensure the completeness of
inventory.
 Obtain the last invoice number for the year for cut-off purposes (existence/completeness).
 Walk through the warehouse and observe that the counters are allocated throughout the
warehouse to ensure that all the stock in the warehouse is counted (completeness).
Existence
 Select a sample of inventory items listed on the inventory sheets and follow these through
to the physical inventory in the warehouse to ensure the existence of inventory.
 Through enquiry from the inventory counters and inspection of the inventory sheets,
determine which inventory should not be included in the client’s inventory balance
(consignment stock) to ensure the existence of (or right to) inventory.
2. Trade Debtors/Receivables
General
 Obtain a management representation letter regarding the completeness, valuation and

allocation, rights and obligations and existence assertions of the debtors balance for the
year ended .
 Scrutinise the debtors’ general ledger accounts for any unusual entries and follow up by
enquiring with management about unusual entries.
 Perform analytical procedures on the debtors balance (maximum 2), for example:
o Compare this year’s debtors balance with last year’s debtors balance;
4
o Compare the % increase in the debtors balance to the % increase in the sales
total for the year;
o Compare the debtors’ age analysis of the current period to that of the previous
period;
o Compare the debtors payment days of the current period to that of the previous
period; and
o Follow up on any discrepancies through enquiry with management and by
obtaining corroborative evidence.
 Agree the opening balance of debtors to the debtor’s closing balance on last year’s audited
financial statements.
 Review the financial statements to ensure that accounts receivable and revenue is properly
disclosed in terms of IFRS.
Valuation and Allocation
 Recalculate the balances of the debtors’ general ledger accounts to address the
valuation and allocation of debtors.
 Add the debtors’ balances as per the general ledger and compare this balance to the
debtors balance on the trial balance and on the statement of financial position to address
the valuation and allocation of debtors.
 Obtain a list from management comprising of the outstanding debtors amounts as well as
an age analysis.
 Select a sample of debtors on the debtors’ age analysis and trace it to the applicable
invoices. Inspect the dates on the invoices to ensure it is recorded in the correct time period
in the age analysis.
 Compare the total of the list of outstanding debtors to the amount in the debtors control
account in the general ledger and the trail balance.
 Select a sample of individual debtors on the list of the outstanding debtors’ amounts and
trace it to the individual debtors’ amount in the debtors’ ledger.
 Obtain the reconciliation of the accounts receivable sub-ledger and accounts receivable
control account. Review the reconciliation of the accounts receivable control account to the
debtor sub ledger and follow up unusual reconciling items.
 Cast the debtor’s list and control account.
5
Rights and Obligations
 Inspect loan agreements and bank confirmations to determine whether debtors have been
factored, ceded or encumbered in any way to ensure the client has the right to the debtors.
 Inspect minutes of directors’ meetings or enquire from management to determine whether

debtors have been factored, ceded or encumbered in any way to ensure the client has the
right to the debtors.
Existence
 Obtain external confirmation by sending positive circulation letters to debtors, which

requires the debtors to confirm the balance as shown on [last date of fin yr] by returning
the circulation letter directly to us to ensure that the debtors do exist.
 Perform tests of detail on all differences identified by the positive confirmation letters by
inspecting the relevant source documents.
 Select a sample of individual debtors and perform the following subsequent receipts
testing:
o Select samples of payments received after year-end from the selected debtors in the
cash receipt journal and trace the payments to the debtor’s remittance advices to
identify which invoices the payments is in respect of.
o Inspect these invoices and confirm that they are dated prior to the year-end and
that they were included at year-end in the debtor’s ledger.
o Trace these payments to the debtors’ invoice and matching delivery note to identify
which invoices the payments relate to (prior to year-end) to ensure the debtors did
exist.
Completeness
 Completeness will be addressed with the positive external confirmation letters and the
subsequent receipt testing.
 Review receipts on a sample basis before and after year-end and ensure that receipts
are properly allocated against specific accounts receivable.
6
Presentation and Disclosure
 Inspect the statement of financial position and confirm that the trade receivables are a
separate line item as part of the current assets.
 Inspect the statement of financial position and confirm that any encumbrances on debtors
have been disclosed.
Provision for doubtful debts
Assumptions
 Inspect the minutes of directors meetings for the authorisation from the board of directors
for the provision for doubtful debts.
 Compare the assumption to provide for all outstanding debts above days with others in
the industry.
 Compare the provision for the current period with the actual bad debts that occurred in the
previous period and assess the reasonability of the provision.
Data
 Compare the amount of the outstanding debtors, those above days, to the amount on
the debtors’ age analysis.
 Trace a sample of debtors included in the above days debtors balance to the original
invoices and inspect the date on these invoices to ensure they are correctly classified as
days debtors.
 Recalculate the provision.
 Inspect any other sufficient and appropriate audit evidence to support the estimate for
example debtors’ correspondence files and legal files to identify disputed debtors who have
been handed over and inspect the schedule for inclusion of these specific debtors.
7
3. Bank & Cash
Road Map
Schedule of Bank Accounts

not reliable
Cash Jnls (CRJ & CPJ)

not reliable
GL Account
not reliable
TB
not reliable
Bank Statement
→ addressed to client
moderate
Bank Confirmation
→ addressed to auditor
reliable
Bank Recon
→ client performs
moderate
General
 Obtain a management representation letter regarding the existence, completeness,

valuation and allocation and rights and obligations of bank as at .
 Analytical procedures:
o Current to prior year
o Current to budgeted
o Follow up on differences
 Unusual or abnormal entries in Journal or general ledger
 Inspect disclosure:
o Cash and cash equivalents note in Financial statements
8
 Compare opening balance of this year to closing balance of prior year.
Rights, Existence & Completeness
 Obtain a schedule of all bank accounts held at year end:

o Compare to prior year
 Obtain a bank confirmation for each bank account:

o Management / Auditors
o Confirm balance / supply balance
o Details? Such as? (signing power/ encumbrances)
 Auditor agree details and follow up on differences
 Enquire from management foreign bank accounts
Valuation & Allocation
 Agree balance on schedule to General ledger.
 Compare balance to cash book and compare to Bank Statement/Bank Confirmation.
 Re perform casts recon and tests of logic.
 Trace recon items to journal before YE (amounts and dates)
 Trace recon items after YE to bank statement (occurred/exist)
9
AUDIT FIELDWORK
S/O 3: SUBSTANTIVE PROCEDURES IN
THE BUSINESS CYCLE
3.1 Substantive Tests of Detail & Analytical Procedures on Transactions
NATURE
 Auditor required to conduct substantive tests which consist of:

o Tests of Details [TOD] (of classes of txs, acc balances & disclosures)
o Substantive Analytical Procedures [AP]
 Auditor MUST design & perform some Substantive Procedures [SP] for each material class of tx, acc
bal & disclosure, regardless of assessed RoMM – reasons for this:
o Risk assessment is judgmental
o Internal control has inherent limitations
 Auditor doesn’t necessarily have to carry out both TOD & Aps
TIMING
 Performed @ or after YE
 Due to audit deadline, auditor forced to carry out substantive testing at interim date :. “update”
work for YE by conducting tests on remaining period
EXTENT
 Determined by:
o Assessed RoMM
o Results of Tests of Controls
 The greater the RoMM & the less effective controls are → the greater the amt of substantive testing
 Extent of testing reflected in sample sizes used
1
a. REVENUE & RECEIPTS → SALES
Occurrence: txs have occurred & pertain to entity

Trace a sample of recorded sales back to source & inspect supporting docs for invoice, to
confirm:
o Order received from approved customer
o Picking slip + dispatch note are signed & exist
o Goods invoiced are of a type sold by the co.
Trace a sample of sales through to the CRJ/Bank Statement + det. if pmt of correct amt
received
Trace a small sample of recorded cash sales to relevant deposit slip/cash book/bank
statement & original invoice, till roll
Note:
 Sale shouldn’t be recognised until buyer has “approved the goods” (can no longer return)
 Consignment stock not recognised as sale until agent has sold
 Customer requests that client delay delivery, sale not recognised
Accuracy: amts of sales recorded appropriately
Select a random sample of invoices:

o Confirm mathematical accuracy by recalculating all extensions, casts, discounts & VAT
o Confirm prices & discounts to official price lists
o Confirm that invoice is valid tax invoice
o Agree quantity & description of goods to description on dispatch note
Cut-Off: sales txs accounted for in correct accounting period
Obtain doc no.s of last docs used in fin yr:

o agree this no. to the last entry in sales jnl
o sequence test last 2 weeks of invoices before YE for missing invoice no.s
Scrutinize subsequent month’s sales jnl for invoice no.s lower than cut-off no.
Select 1st 20 invoices in sales jnl for mth after YE & trace to supporting dispatch notes +
confirm that goods actually delivered prior to YE
Select last 20 dispatch notes prior to YE + confirm sale raised prior to YE by inspecting sales jnl
Classification: sales recorded in proper a/cs
Test transfers of amts from mthly sales jnls to Sales & VAT a/cs in GL
2
Completeness: all sales should’ve been recorded, have been recorded
Select random sample of dispatch notes (or ISOs) & follow them through to confirm that
give rise to an invoice
Analyse GP fluctuations
Compare current sales/debtors to prior periods
b. ACQUISITIONS & PAYMENTS
→ PURCHASES
Inspect supporting docs (PO, DN, GRN & Invoice) to confirm:

o Docs made out to client/co. (co. name appears on doc)
o Docs correctly cross-referenced
o Docs signed
o Goods purchase = types used by co.
Inspect CPJ/EFT schedules/Bank Statements to confirm goods appropriately paid for
Accuracy: amt of purchases recorded appropriately
Confirm mathematical accuracy of invoice by recalculating all extensions (Q x P), casts &
discounts
Agree Q of items on invoice against Q on GRN
Confirm prices & trade discounts on invoice using order/purchase contract
Recalculate VAT + confirm discounts taken into account prior to VAT calc.
Cut-Off: purchase recorded in correct acc period
Inspect dates on supplier DN, GRN & Invoice to confirm goods received during acc
period under audit
Classification: purchase recorded in proper a/cs
Trace posting from Purchase jnl to a/c in GL

Establish description of goods purchased to confirm that classification is appropriate
Inspect Purchase Jnl to confirm VAT correctly allocated & posted
Inspect supplier’s a/c in Creditors Ledger to confirm that purchase correctly posted from
Purchase Jnl
Completeness: all purchases should’ve been recorded have been recorded
Test from document recording receipt of purchase to recording of purchase in books i.e.
select a random sample of GRNs & trace them to the corresp. invoices
3
→ PAYMENTS
Select a sample of pmts from CPJ & test as follows:
Obtain invoice supporting pmt

Inspect invoice to confirm:
o made out to client/co. (co. name appears thereon)
o it is for goods/services/other exp. normally used/incurred by co.
Inspect authority for pmt
Accuracy: amt of pmt has been recorded appropriately
Re-perform casts & calcs on invoice

Agree amt of invoice to pmt in CPJ
Cut-Off: pmt recorded in proper acc period
Inspect dates on pmt, invoice & supporting docs to confirm fall within period under audit
Classification: pmt recorded in proper a/cs
Trace pmt to GL & Creditors Ledger
Completeness: all pmts should’ve been recorded, have been recorded
Inspect + re-perform the bank recon
→ SUBSTANTIVE ANALYTICAL REVIEW PROCEDURES
Comparisons of expenditure categories month to month or to prior periods

Calc. of each expense as a % of GP or total expenses + comparison of % from prior periods
Comparison of actual to budgeted expenses
4
c. PAYROLL & PERSONNEL
Analytical Procedures:
Comparisons:
o salaries: mth to mth by division, department or section
o wages: period to period by cost centre
o salaries & wages: to prior period
o deductions: mth to mth
Ratio & trend analysis:

o salaries/total expenses (%)
o wages/production costs (%)
o wages in relation to production (output)
Investigation of fluctuations
Procedures to confirm employees on payroll aren’t fictitious
Extract sample of employees from payroll:
Inspect docs in personnel file (signed ‘ee contract, ID details etc.) & agree to payroll
Perform physical identification of ‘ee by visiting @ place of work during work hrs +
inspecting personal ID/staff ID tag
Enquire of snr personnel to confirm individuals are employed in their section
Inspect returns to outside entities for inclusion of ‘ees e.g. SARS
Use audit software to scan ‘ee Masterfile for “error conditions” e.g. duplicated/missing ID
no.s/tax reference no.s, duplicated bank a/cs or duplicated staff ‘ee no.s
Detailed testing of payroll
Confirm gross salary used is authorized & ito remuneration policies

Trace additional amts paid to ‘ee to source docs
Inspect docs for valid authorizing signature
Re-perform calcs
Confirm by enquiry + inspection that pmt is valid
For hourly paid ‘ees:
o confirm hourly wage rate used is in accordance with wage rate for that level
of ‘ee + authorized
o inspect signed overtime reports + confirm rate used complies with co. policy/legisl.
Compare deductions to appropriate tables/rules (confirm correct amts deducted)
5
Confirm that non-std deductions supported by approved docs
Test casts of payroll
Trace amts posted from payroll to GL
APPLICATION
STEPS:
1. Road Map → document flow from case study (once you’ve done this, you don’t need
to go back to the case study)
NB! Look out for documents that have been changed/merged e.g. using an ISO as a picking
slip etc.
Accounting entry
Documents
Journals, GL, TB, FS
2. Assertions → direction of testing
Transaction → OCACC
NB! Don’t swap completeness & occurrence!
Completeness: from source docs → accounting records = understatement

Occurrence: from accounting records → source docs = overstatement
2. Formulation
a. How? Verbs → Inspect; Observe; Enquire; Recalculate; Re-Perform
b. What? Person for what/Document for what
c. Why? Reason → Assertion that procedure relates to
6
PROCEDURES
GENERAL
Scrutinise the Sales/Creditors journal or Sales Account in the General

Ledger/General Ledger for any unusual entries and follow up by discussions
with management and inspecting corresponding documentation.
Obtain a management representation letter regarding the completeness,
accuracy, occurrence, classification and cut-off assertions of revenue for the year
ended .
Inspect the disclosure of revenue/purchases (as part of COS) in the
financial statements to ensure it meets the IAS / IFRS requirements.
Perform analytical procedures on the revenue total, for example

o compare this year’s revenue/purchases amount to last year’s
revenue/purchases amount;
o compare current year revenue/purchases trends to those per the budget
o compare this year’s gross profit percentage to last year’s gross profit
percentage; and
o enquire from management, obtain corroborating evidence for any differences
identified.
SALES
1. Accuracy
Obtain a sample of monthly sales journals and recast the journals to ensure
the revenue total is calculated accurately.
Agree the totals of the selected sample of sales journals to the totals recorded in the
sales account in the general ledger to ensure accuracy.
Recalculate the sales account in the general ledger to ensure accuracy.
Agree the of the sales account in the general ledger to the total in the trial balance
to the total in the financial statements to ensure that the revenue total is presented
accurately in the financial statements.
To ensure accuracy of revenue, select a sample of invoices from the sales
journals and perform the following:
o inspect the sales invoice for the quantity and compare the quantity to the
quantity on the corresponding ISO) to ensure the sale transaction is recorded
at the correct quantity
o inspect the sales invoice for the selling price and compare it to the price on
the printout of the online catalogue to ensure the sale transaction is recorded
at the correct price
o recalculate VAT on the sales invoice
o recalculate the castings on the sales invoice; and
o compare the total of the sales invoice to the entry in the sales journal.
7
2. Completeness
Select a sample of signed invoices and follow the sample through to the related
entry in the sales journal to ensure all revenue transactions that occurred have been
recorded.
Inspect the sales invoices recorded in the sales journal for any missing numbers
to ensure revenue transactions are complete.
3. Occurrence
Inspect the sales invoices recorded in the sales journal for any duplicate numbers
to ensure all revenue transactions occurred.
Select a sample of sales invoices that appear in the sales journal and inspect the
corresponding invoices for the client’s signature to ensure the recorded revenue are
for sales that actually occurred.
4. Cut-off
Select the last 20 invoices entered in the sales journal in the last month and
inspect the supporting signed invoice for the date to confirm that the goods were
actually delivered prior to year-end to ensure that it is recorded in the correct
accounting period.
Select the next 20 invoices entered in the sales journal in next month and inspect
the supporting signed invoice for the date to confirm that the goods were actually
delivered after year end to ensure that it is recorded in the correct accounting period.
PURCHASES
1. Completeness
Follow a sample of signed invoices through to the entry in the creditors journal to
ensure all purchase transactions were recorded.
Inspect the invoices that were recorded in the creditors journal for any missing
numbers to ensure that all purchases that occurred were recorded.
2. Occurrence
To verify occurrence of purchases, select a sample of purchase transactions in the

creditors journal and:
o inspect the corresponding signed invoice for authorizing signature to ensure
the recorded purchases are for purchases that actually occurred;
o inspect the signed invoice to confirm the document is made out to the
company;
o inspect the supporting documentation for the description of the inventory to
confirm the goods purchased are the type of goods used by the company
8
Inspect the invoices that were recorded in the creditors journal for any duplicate
numbers to ensure that all purchases recorded really occurred.
3. Cut-off
Select the last 20 transactions entered into the creditors journal of the company for
the year and inspect the dates on the invoices to ensure the goods were actually
received before year-end to ensure that purchases are recorded in the correct
accounting period.
Select the next 20 transactions recorded into the creditors journal of the company
and inspect the dates on the invoices to ensure the goods were actually received
after year-end to ensure that purchases are recorded in the correct accounting
period.
4. Classification
Select a sample of invoices from the creditors journal and:

o inspect the invoices to determine the inventory account to which the
purchase should be allocated and posted, and trace the posting from the
creditors journal to the designated inventory account in the general ledger;
o inspect the creditors journal and purchase invoice to confirm that VAT has
been correctly allocated and posted.
9
OPENING BALANCES
S/O 6: OPENING BALANCES
1. Auditor’s Objective
 Obtain sufficient & appropriate audit evidence about whether opening balances:
o Free from material misstatements (affecting the current period); and
o Accounting policies are consistently applied + changes disclosed ito IAS 8
2. How to obtain Audit Evidence

 Use recent FS & audit report
 Compare with prior yr closing balance to see if it was brought forward correctly
 Determine if opening balance reflects the application of appropriate accounting policies
1. If 1st time performing this audit (previously by someone else) – review predecessor’s working
papers
2. If another auditor was previously used & they don’t have working papers – evaluate if
the audit procedures in the CY provide evidence relevant to the OB
3. If:
a. You have access to working papers & not happy with what was done ; or
b. Don’t have access to working papers;
you have to perform specific procedures
3. Previously Audited by another Auditor

 Review the auditor’s working papers
 Consider the competence & independence of the previous auditor
 If satisfied, express and opinion
 If not satisfied – treat it as if the prior period was not audited
1
4. Prior Period not Audited
 Assess the risk of each Opening Balance
 Consider the materiality of the Opening Balances
 Obtain an understanding of the accounting policies & test for the correct application thereof
 Agree the previous year’s Closing Balance to the current year’s opening balance
5. Material Misstatement affecting the Current Period Found

 Perform additional procedures
 Communicate with those charged with governance
 Modify the opinion if necessary
2
AUDIT FIELDWORK
MANAGEMENT
REPRESENTATION
1. Written representations as Audit Evidence
- Necessary information that is required as audit evidence (considered an important

source)
- Not considered “sufficient appropriate audit evidence” on their own
- Does not affect nature or extent of other audit evidence that auditor obtains about
fulfilment of management’s responsibilities/ about specific assertions
- Written rep. (rather than oral) may prompt management to consider such matters
more rigorously enhancing quality of reps.
2. Objectives relating to written representations
(a) Obtain written reps. from management that they believe they have fulfilled their
responsibility for preparation of F.S & for completeness of info given to auditor
(b) Support other audit evidence relevant to F.S. / specific assertions by means
of written rep.
(c) Respond appropriately to written reps. provided by management/ if
management does not provide the written reps. requested by auditor
3. Terminology
Written representation:
- Written statement by management provided to auditor to confirm certain matters/

support other audit evidence
- Not incl. F.S., assertions therein or supporting books &
records Management:
- “management and, where appropriate, those charged with governance”
Fair presentation framework:
- Management is responsible for preparation & fair presentation of F.S. in accordance

with applicable fin. rep. framework
- True & fair view
1
4. Management from whom written representations requested
- Management with appropriate responsibilities for F.S. & knowledge of
matter concerned
- Those responsible for preparation of F.S.
- Management should have sufficient knowledge of process followed by entity
in preparing F.S. & assertions therein
- E.g.: CEO, CFO
- If qualifying language is used by management “to the best of its knowledge and
belief” it is reasonable for auditor to accept such wording
5. Matters
Preparation of Financial Statements
- Written rep. that management has fulfilled its responsibility for preparation of
F.S. in accordance with applicable fin. rep. framework & their fair presentation
Information provided & completeness of transactions
- Auditor shall request management to provide written rep. that:

(a) It has provided auditor with all relevant info & access as agreed i.t.o. of
audit engagement; and
(b) All txs have been recorded & are reflected in the F.S.
Description of management’s responsibilities in the written representations
- Management’s responsibilities shall be described in the management reps.
Other written representations
- Auditor may determine it necessary to obtain one or more written representations

to support other audit evidence relevant to F.S.
6. Date & Period covered by written representations
- Date of written rep. as near as practicable to, but not after, the date of the auditor’s
report on F.S.
7. Form of written representations
- Form of a representation letter addressed to auditor

- Appendix 2 ISA 580 for illustrative example
8. Auditor’s response when doubt exists about reliability of written representations
Doubt as to reliability of written representations
2
- If auditor has concerns about competence, integrity, ethical values or diligence
of management or about its commitment to these determine effect such
concerns may have on reliability of representations & audit evidence
- If written representations are inconsistent with other audit evidence perform
audit procedures to attempt to resolve the matter
- If written representations are not reliable take appropriate actions (revise risk
assessment & determine nature, timing & extent of further audit procedures)
Requested written representations not provided, auditor shall:
- Discuss matter with management

- Re-evaluate integrity of management & evaluate effect on reliability
of representations & audit evidence in general; and
- Take appropriate actions
Written representations about management’s responsibilities
- Auditor shall disclaim an opinion on F.S. if:

(a) Auditor concludes there is sufficient doubt about the integrity of management
such that the written reps. are not reliable
(b) Management does not provide the written reps.
3
MODIFICATIONS TO AUDIT
OPINION AND REPORT
1. BACKGROUND
a. ISA 705
- Auditor has responsibility to issue approp. report when modification to auditor’s

opinion is nec.
b. ISA 706
- Additional communication in auditor’s report to:

o Draw attention to matter presented/ disclosed in F.S. NB & fundamental to
users’ understanding of F.S.
o Draw attention to matter not presented/ disclosed in F.S. relevant to
users’ understanding of audit/ auditor’s responsibilities/ auditor’s report
2. TYPES OF MODIFIED OPINIONS

a. ISA 705
a. 3 types
- Qualified opinion
- Adverse opinion
- Disclaimer of opinion
b. Depends on
- Nature of matter
- Auditor’s judgement about pervasiveness of effects of matter on F.S.
Nature of matter Auditor’s judgement about pervasiveness of effects of matter on F.S.

Material but not pervasive Material & pervasive
F.S. are Qualified opinion Adverse opinion
materially
misstated
Inability to obtain
sufficient approp. Qualified opinion Disclaimer of opinion
audit evidence
1
3. OBJECTIVES OF AUDITOR
a. ISA 705
- Express clearly approp. modified opinion on F.S. that is nec. when

o F.S. as a whole are NOT free from material misstatement; or
o Unable to obtain sufficient approp. audit evidence
b. ISA 706
- Draw users’ attention by way of clear additional comm. in auditor’s report, to:
o Matter presented/ disclosed in F.S. NB & fundamental to users’
understanding of
F.S (emphasis of matter paragraph)
o Other matter relevant to users’ understanding of audit/ auditor’s
responsibilities/ auditor’s report (other matter paragraph)
- Unmodified opinion, but modification to report
4. DEFINITIONS
a. ISA 705
- Pervasiveness: (i.t.o. misstatements) effects on F.S. of material misstatements/

possible effects on F.S. of misstatements that are undetected due to inability to
obtain sufficient approp. audit evidence
o Not confined to specific elements/ accounts/ items of F.S.; or
o If confined, represent substantial proportion of F.S.; or
o i.r.o. disclosures, are fundamental to users’ understanding of F.S.
- Modified opinion: qualified opinion/ adverse opinion/ disclaimer of opinion on F.S.
b. ISA 706
- Emphasis of matter paragraph: incl. in auditor’s report; refers to matter approp.

presented/ disclosed in F.S. NB & fundamental to users’ understanding of F.S.
- Other matter paragraph: incl. in auditor’s report; refers to matter other than
those presented/ disclosed in F.S. relevant to users’ understanding of
audit/ auditor’s responsibilities/ auditor’s report
5. MODIFICATION TO AUDIT OPINION & AUDIT REPORT

a. ISA 705
- Modify the opinion when:

o Based on audit evidence obtained, the F.S. as a whole are NOT free from
2
o Unable to obtain sufficient approp. audit evidence to conclude that F.S. as a
whole are free from material misstatement
- Material misstatement (ISA 450) may arise i.r.t.:

o Appropriateness of selected accounting policies (e.g. do not represent
underlying txs & events, changes in accounting policies need to be accounted
for & disclosed)
o Application of selected accounting policies (e.g. not applied consistently
between periods or to similar txs & events)
o Appropriateness/ adequacy of disclosures in F.S. (e.g. include all
disclosures required)
- Inability to obtain sufficient approp. audit evidence (limitation on scope of audit)
o Circumstances beyond entity’s control (e.g. accounting records
have been destroyed/ seized by govt. authorities)
o Nature / timing of auditor’s work (e.g. unable to observe counting of
physical inventories, entity’s controls are not effective)
o Limitations imposed by management (e.g. prevented from observing
counting of physical inventories, prevented from requesting external
confirmation of specific account balances)
b. ISA 706
- When nec. to draw users’ attention to matter presented/ disclosed in F.S. incl.
Emphasis of Matter paragraph in auditor’s report
o Incl. with approp. heading “Emphasis of Matter”
o Incl. clear reference to matter & where relevant disclosures can be found in F.S.
o Indicate that auditor’s opinion in not modified i.r.o. matter emphasised
o Examples:
Uncertainty relating to future outcome of litigation/ regulatory action
Significant subsequent event occurs between date of F.S. & date of
auditor’s report;
Early application of new accounting standard
Major catastrophe that has had a significant effect on financial position
- When nec. to draw users’ attention to matter other than those presented/ disclosed
in F.S.
incl. Other Matter paragraph in auditor’s report
o Incl. with approp. heading “Other Matter”
o Examples:
Planning & scoping matters of audit
Explanation if unable to withdraw from audit
If another set of F.S has been prepared by the same entity in
accordance with another general purpose framework
If auditor’s report is intended solely for intended users & should
not be distributed or used by other parties
6. TYPE OF MODIFICATION
a. ISA 705
3
a. Qualified opinion
- Obtained sufficient approp. audit evidence misstatements are material
but NOT pervasive
- Unable to obtain sufficient approp. audit evidence undetected
misstatements could be material but not pervasive
b. Adverse opinion
- Obtained sufficient approp. audit evidence misstatements are
material & pervasive
c. Disclaimer of opinion
- Unable to obtain sufficient approp. audit evidence possible effects of
undetected misstatements could be both material & pervasive
d. Inability to obtain sufficient approp. audit evidence due to limitation
imposed by management
- Request management to remove limitation
- If man. refuses comm. With TCWG & determine whether it is possible to
perform alternative procedures to obtain sufficient approp. audit evidence
- If unable to obtain sufficient approp. audit evidence
o If effects of undetected misstatements material but not pervasive
qualify opinion
o If effects of undetected misstatements material & pervasive
withdraw from audit/ disclaim an opinion
7. FORM & CONTENT OF AUDITOR’S REPORT WHEN OPINION IS MODIFIED

a. ISA 705
a. Auditor’s opinion – use either of the following headings for opinion section
“Qualified opinion”: state “except for the effects of matter(s) described in
-
Basis for Qualified Opinion, the accompanying F.S. present fairly, in all
material respects […] in accordance with [IFRS]”
o If inability to obtain sufficient approp. audit evidence “except for
possible effects of the matter(s)…”
- “Adverse opinion”: state “because of significance of matter(s) described in
Basis for Adverse Opinion, the accompanying F.S. do not present fairly […]
in accordance with [IFRS]”
- “Disclaimer of opinion”: state
o Auditor does not express opinion on accompanying F.S.
o Because of significance of matter(s) described in Basis for
Disclaimer of Opinion, auditor has not been able to obtain
sufficient approp. audit evidence to provide a basis for an audit
opinion on the F.S.
o Amend paragraph which indicates that F.S. have been audited, to
state that the audit was engaged to audit the F.S.
b. Basis for opinion
- Amend the heading “Basis for Opinion” to “Basis for Qualified Opinion”/
“Basis for Adverse Opinion”/ “Basis for Disclaimer of Opinion” and
4
- Incl. description of matter giving rise to modification
- If material misstatement of specific amount incl. description &
quantification of financial effects of misstatement (unless impracticable)
- If material misstatement of narrative disclosures explanation of how
disclosures are misstated
- If material misstatement of non-disclosure discuss non-disclosure with
TCWG, describe in Basis for Opinion the nature of omitted info, and incl.
omitted disclosures
- If modification is due to inability to obtain sufficient approp. audit evidence
incl. reasons for that inability
- If disclaims an opinion do not incl. reference to auditor’s responsibilities,
& do not incl. statement about whether audit evidence obtained is sufficient
& approp.
c. Description of Auditor’s responsibilities
- If auditor disclaims an opinion due to inability to obtain sufficient
approp. audit evidence amend description of auditor’s responsibilities
to incl. only
o Statement that auditor’s responsibility is to conduct an audit of F.S. &
issue an auditor’s report
o Statement that because of matter(s) described in Basis for
Disclaimer of Opinion, auditor was not able to obtain sufficient
approp. audit evidence
o Statement about auditor independence & other ethical responsibilities
- If auditor disclaims an opinion report must not incl Key Audit Matters section
5
YES
6
I don’t know Yes and No NO Incl in FS to provide No incl. in FS –

users with understanding of
understanding of FS audit
COMPLETION AND
REPORTING
CONTENTS OF THE AUDIT REPORT
b. Background (Read)
1. Framework
 Assurance Report → practitioner provides written report containing conclusion that

conveys assurance obtained
 Assertion-Based Engagement, conclusion is worded either:
o Ito responsible party’s assertion “In our opinion, the responsible party’s
assertion that internal control is effective is fairly stated”
o Directly ito subject matter & criteria “In our opinion, internal control is effective”
 Reasonable Assurance Engagement – conclusion is in positive form “In our opinion,
internal control is effective”
 Limited Assurance Engagement – conclusion is in negative form “Nothing has
come to our attention that causes us to believe that internal control is ineffective…”
 Practitioner does not express unqualified conclusion when following circumstances

exist & is/may be material:
o There is a limitation of the scope :. expresses a qualified conclusion or
disclaimer of conclusion
o Conclusion is ito responsible party’s assertion & assertion is not fairly stated
o Conclusion is worded directly ito subject matter & criteria and subject matter
info is materially misstated
Practitioner :. expresses qualified or adverse conclusion
1
o After engagement accepted, criteria are unsuitable or subject matter not appropriate:
 Qualified/adverse conclusion if matter likely to mislead intended users
 Qualified conclusion/disclaimer of conclusion in other cases
2. ISA 200
Overall objectives of auditor:
 Obtain reasonable assurance about whether FS as a whole free from Mat. Misstatement :.
enabling auditor to express an opinion on whether FS prepared in accordance with
applicable fin rep framework
When reasonable assurance can’t be obtained & qualified opinion is insufficient to report to
users – auditor must disclaim an opinion or withdraw.
3. ISA 700
 Objectives of auditor:
o Form an opinion on FS based on evaluation of conclusions drawn from audit evidence
o Express clearly that opinion through a written report
 Unmodified Opinion→ opinion expressed by the auditor when auditor concludes that
FS are prepared in accordance with applicable fin rep framework
c. Interaction between Audit Evidence & Audit Opinion Expressed
1. ISA 200 – Sufficient & Appropriate Audit Evidence
 To obtain reasonable assurance, auditor shall obtain sufficient & appropriate audit
evidence to reduce audit risk to acceptably low level
o Sufficiency – quantity of audit evidence (affected by auditor’s assessment of
RoMM & quality of evidence
o Appropriateness – measure of quality of evidence (relevance and reliability)
 Reliability influenced by source & nature
2. ISA 700 – Forming an Opinion
 In order to form opinion, auditor conclude whether obtained reasonable assurance that FS
free from material misstatement :. take into account:
o Conclusion whether sufficient & appropriate audit evidence obtained
o Conclusion whether uncorrected misstatements are material – indiv. or in aggregate
2
o FS prepared in accordance with fin rep framework:
 Adequate disclosure of sig acc policies
 Acc policies are consistent
 Estimates are reasonable
 Info is relevant, reliable, comparable & understandable
 FS provide adequate disclosure
 Terminology is appropriate
d. Forming an Opinion on FS
1. ISA 700 – Form of Opinion
 Express unmodified opinion when conclude that FS prepared in accordance with

applicable fin rep framework
 If auditor:
o concludes that FS not free from mat misstatement; or
o unable to obtain sufficient appropriate audit
evidence auditor shall modify the opinion.
 FS prepared in accordance with “fair presentation framework” don’t achieve fair

presentation – discuss with M and determine if necessary to modify opinion
o Fair presentation framework – allows for additional disclosure and/or
departure from requirements in order to achieve fair presentation
 FS prepared in accordance with “compliance framework” not required to be evaluated for
fair presentation but if misleading, discuss with M and determine whether to communicate
it in report
2. APA Section 44
Before expressing an opinion → compliance with section 44 of APA
 Registered auditor may not express an opinion that FS:

o fairly present the financial position and results of operations/cash flows of an entity;
and
o are properly prepared in all material aspects in accordance with the basis of the
fin rep framework
UNLESS
 The following criteria are met:

o Carried out audit, free from restrictions
o Satisfied as to the existence of all assets and liabilities
o Proper accounting records have been kept
o Obtained all info necessary for the proper performance of duties
o No reportable irregularity was reported
o Complied with all laws & regulations
3
o Satisfied as to the fairness of the FS
o Complied with auditing pronouncements
e. Contents of the Audit Report (14 elements) → see study guide Appendix for example
1. Title → report from indep. auditor
2. Addressee → shareholders
3. Auditor’s Opinion → 1st paragraph
o Identify the entity

o State that FS been audited
o ID title of each statement
o Specify date covered in FS
o State opinion that either:
 FS presented fairly in all material aspects
 FS give fair & true view…
4. Basis for Opinion
o Audit conducted ito ISA’s

o Make reference to auditor’s responsibilities under ISA’s (paragraph in audit report)
o Statement of Independence
o State that the auditor believes that evidence is sufficient & appropriate
5. Material uncertainty related to going concern
6. Key Audit Matters → most significant matters in audit (only for listed co.s)
o Explain what KAMs are

o State that no separate opinion provided on KAMs
o List the KAMs
7. Other information → auditor has obligation to consider but not express an opinion on
o List other info on which opinion not expressed (Director’s report etc.)
o List auditor’s responsibility to review the info
8. Responsibility of Management (TCWG)
o Prep FS & implement internal controls

o Assess entity’s ability to continue as a going concern
4
9. Responsibility of Auditor
o State objectives of audit – reasonable assurance + express opinion

o Reasonable assurance is assurance that is high but no guarantee that free from
misstat.
o Misstatements arise from fraud/errors – indicate that can be material indiv. or in
aggreg.
o Prof. judgment & prof. skepticism used – unable to audit everything in detail
o Describe an audit:
 ID & assess risks
 Obtain understanding of internal controls (not to express opinion on
effectiveness)
 Evaluate appropriateness of acc. policies
 Conclude appropriateness of M’s use of going concern
 Evaluate overall presentation & structure of FS
o Auditor communicate with TCWG iro planned scope & timing of audit
o Listed entities – whether complied with ethical requirements & only most sig. KAMs
incl.
10. Other legal & regulatory requirements – entity’s compliance
11. Engagement partner’s name & signature
12. Name of firm & auditor’s capacity
13. Auditor’s address
14. Audit report date – no earlier than date when sufficient & appropriate audit evidence obtained
f. Key Audit Matters (KAMs)
 Key audit matters → Those matters that, in the auditor’s professional judgment, were of
most significance in the audit of the financial statements of the current period. Key audit
matters are selected from matters communicated with those charged with governance.
 Provides greater transparency about audit and additional info to intended users
 Enhance understanding of matters considered to be of most significance during the audit
 Not a separate opinion on individual matters or substitute for modified opinion
 Key Audit Matters apply to listed entities or when auditor required by law to provide KAMs
 Objective: det. KAMs and communicate those matters by describing them in the report
 When det., take into account the following:
o Areas of higher assessed RoMM
o Significant auditor judgments & significant M judgment
o Significant events/txs
 State in Report why significant & how addressed

Odt 300 Updated

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Odt 300 Updated

Uploaded by

Copyright:

Available Formats

COMPANIES ACT

Shares & Securities in a Profit Company

s35: Legal nature of shares:

MOI set out

s37: Prefs, rights, limitations

Each issued share = 1 general voting right

s38: Issuing shares

BOD can issue shares within authorized SC or s36

Prvt + personal liab. co. only

s40: Consideration for shares

Issued only for:

s41: S/h approval to issue shares in CERTAIN CASES

Issue approved by special resolution if issued to:

BOD det. consid. for which options + related shares issued

s43: Securities other than shares

s44: Financial assistance for subscription of securities

s45: Loans/Other fin assistance to Directors

s46: Distributions must be auth. by BOD

Co. can only make distribution if:

s47: Caps Shares

s48: Co./Subsid. acquiring Co. Shares

BOD can det. co. will acquire no. of own shares

Securities Registration & Transfer

s49: Securities evidenced by certificates or uncertificated

Securities either evidenced by certificates or uncertificated

s50: Securities Register & Numbering

Co. must have + maintain certificated + uncertificated securities registers

s51: Registration & transfer of certificated securities

s52: Registration of uncertificated securities

Person can request to see uncertificated securities register

s57 – s60: READ specifically s56 – s60

s61: Shareholders meetings (BOD det. location; held anywhere)

BOD can call s/h meeting @ any time

s62: Notice of Meetings (prescribed form + manner)

s63: Conduct of Meetings

s65: S/h Resolutions

s66: Board, Directors & POs

s67: 1st director(s)

Incorporator = 1st director

s68: Election of directors of Profit Co.

Elected by persons entitled to exercise voting rights in such election

s69: Ineligibility & Disqualification of persons to be director/PO

May not be appointed/elected as director or act as director

s70: Vacancies on Board

s71: Removal of directors

Director can be removed by ordinary resolution by persons entitled to exercise voting

s72: Board Committees

s73: Board Meetings

Director auth. by BOD

s74: Directors other than at meeting

interest unless approved by ORDINARY RESOLUTION after

s76: Stds of Directors Conduct

s77: Liability of directors

s78: Indemnification & directors’ insurance

s86: Mandatory appointment of Co. Secretary

Public Co. or SOC must appoint a Co. Secretary

s87: Juristic person/partnership may be appointed CS

Juristic/partnership appointed CS provided:

CS can resign by:

Public co./SOC must appoint upon incorporation and each yr @ AGM

s91: Resignation of Auditors & Vacancies

Effective when notice filed