Chap 1: Concept of and need for assurance

Assurance engagement
- Key elements: practitioner, intended users, responsible party, subject matter, criteria, evidence,
written report
Level of assurance
Reasonable assurance Limited assurance
Risk Reduce to acceptably low level Reduce to acceptable level
Opinion Express positively (In our Express negatively (nothing has come
opinion, “subject matter” is to our attention that …)
fairly represented (is true and
fair))
Scope of work More evidence Less evidence
More procedures Less procedures
Examples Audit engagement Review engagement
Assurance of forecast (prospective
financial information)
Benefits of assurance
- Key benefit: Independent, professional verification (enhances creditability/ reliability and confidence
of intended users)
- Easier to raise finance (borrowings from bank)
- Identify frauds and errors
- Deficiencies are highlighted to intended users
- Help investors to make informed decisions
Limitation of assurance
- Testing is used
- Inherent limitations of accounting systems
- Evidence is persuasive rather than conclusive (ví dụ, kiểm toán viên muốn xác định quyền sử dụng
đất thì sẽ phải xem giấy chứng nhận quyền sử dụng đất, tuy nhiên họ không có trách nhiệm và khả
năng để xác định xem giấy chứng nhận đó là thật hay giả. Do đó, giấy chứng nhận đó chỉ thuyết phục
kiểm toán viên là doanh nghiệp có quyền sử dụng đất, chứ không đảm bảo 100% là doanh nghiệp có
quyền sử dụng đất đó)
- Not test all items
- Related to areas which are subjective and require professional judgement
- Rely on information provided by responsible party
- Accounting estimate
Expectation gap (please read study manual and also refer to chapter 4 for expectation gap)
Statutory audit
- Practitioner: auditor
- Intended users: mostly shareholders
- Responsible party: board of directors
- Subject matter: financial statements
- Criteria: law and accounting standards (UK: UK GAAP, IFRS, Vietnam: VAS)
- Evidence and writtent report
Audit exemption in UK
 - Two out of 3 criterias are met:
+ Revenue no more than 10.2m (no more means lesser or equal)
+ Total assets no more than 5.1m (no more means lesser or equal)
+ 50 or fewer employees on average (50 also counted as criteria is met)
Who can be assigned to an audit engagement:
- Individual holding an appropriate qualification (người hành nghề riêng lẻ, có bằng kiểm toán)
- Firms controlled by qualified persons (công ty kiểm toán (hiển nhiên là được điều hành bởi người có
bằng kiểm toán)
Who cannot be assigned to an audit engagement:
- Office or employee of company
- Partner or employee of such a person (những người ở dòng trên)
- Any partner in a partnership in which such a person is partner (những người đồng sở hữu công ty với
những người bên trên trong một công ty hợp danh)
- Ineligible by the above for appointment as auditor of any directly connected companies
Auditors in UK need to conduct in accordance with International Standards on Auditing (ISAs).
Stages of an audit
- Obtaining the engagement (Acceptance)
- Planning
- Performing procedures (Execute)
- Review and completion (Evaluate)
- Reporting
Objectives of auditor
- Obtain reasonable assurance and express opinion
- Report on the financial statements in accordance with findings
To do so, auditor must:
- Ethical requirement
- Professional skepticism (applying questioning mind): be alert to
+ Evidence that contradicts (không hợp lý khi đặt cạnh các bằng chứng khác)
+ Question the reliability of documents provided
+ Possible fraud
+ The need for addition audit procedures than requirement.
- Professional judgement (determine appropriate course of actions)
+ Materiality and risk
+ Nature, extent and timing
+ Evaluate evidence, whether sufficient and appropriate
+ Evaluate management’s judgements
+ Drawing conclusion
- Obtain appropriate and sufficient engagement
Chap 2: Process of assurance: obtaining an engagement
Obtaining an engagement
- Advertise for clients within professional guidelines
- Invited to tender
Accepting an engagement
- Ensure professionally qualified
- Ensure existing resource adequate
- Obtain references
- Communicate with present auditors
After accepting an engagement
- Ensure outgoing auditor’s removal of resignation has been properly conducted
- Ensure new auditor’s appointment is valid. Obtain copy of resolution passed at general meeting.
- Submit letter of engagement to directors
Money laundering regulations
- Checking identity of client:
+ Individuals: photograph, name, permanent address, passport, driving license
+ Companies: certificate of incorporation, registered address, list of shareholders and directors
Purpose of engagement letter:
- Define the extent of auditor’s responsibilities
- Written confirmation of acceptance
What must be included in engagement letter (compulsory)
- Objective of audit
- Scope of work
- Auditor’s responsibilities
- Reporting framework
- Management’s responsibilities
- Form of any reports
Other things may be included in engagement letter (optional, not compulsory)
- Form of any other communication
- Test nature and inherent limitations of an audit
- Planning
- Expecting of receiving written confirmation of representation (representation letter)
- Agreement of client to provide information on time
- Basis of calculating fees
- Request client to confirm the terms of engagement
- Arrangement with other auditors and experts
- Arrangement with internal auditors
- Arrangement with predecessor auditor
- Restriction on auditor’s liability
- Further agreement
- Obligations of auditors to other parties (bank, tax authority, )
Chap 3: Process of assurance: planning the assignment
Planning
- Audit strategy: scope, timing and direction of audit, guides to development of audit plan.
- Audit plan: nature, extent and timing to be performed.
Purpose of planning:
- Attention to important areas
- Identify problems and resolve them timely
- Ensure audit is properly organized and managed
- Assign work properly
- Facilitate direction and supervision of team members
- Facilitate review of work
Step of planning:
- Ethical requirement
- Terms of engagement are understood
- Establishing overall audit strategy
+ Relevant characteristics of engagement, eg. Reporting framework
+ Key dates
+ Materiality, preliminary risk assessment, whether test of controls is used
+ When work is to be carried out
+ Team member available
- Develop audit plan
+ Understanding the entity’s environment: economic factors, industry conditions, characteristics of
client, competence of management
+ Understanding the accounting and internal control systems: accounting policies, effect of new
auditing and accounting standards, auditor’s cumulative knowledge of client
+ Risk and materiality: assessments of risks, setting materiality, possibility of material
misstatements, complex accounting areas
+ Nature, extend and timing: Possible change of emphasis on specific audit areas, effect of IT on
audit.
+ Direction, supervision and review: Number of locations, staffing requirement, need to do inventory
count at client premises
+ Other matters: Going concern, conditions requiring special attention (eg covid-19), terms of
engagement, nature and timing of reports.
Understanding the entity and its environment
- Reason: identify and assess the RoMM (risk of material misstatements), to design and perform
further audit procedures, provide frame of reference for exercising audit judgement
- What to understand?
+ External factors: industry, regulatory, reporting framework, others
+ Internal factors: nature of entity, accounting policies, objectives, strategy of business, business
risks, entity’s financial performance, internal control
- How to understand? Inquiry management, analytical procedures, observation, inspective, prior period
knowledge, discussion of susceptibility of financial statements to material misstatements among the
team
Analytical procedures: analysis of relationships among data (both financial and non-financial)
- Comparison between: comparable information for periods (eg this year vs last year), anticipated
results (actual vs budget), similar industry information (information about other competitors within
same industry)
- Relationships between: financial information and relevant non-financial information (payroll cost vs
number of employees), elements of financial information with predictable pattern (eg rental
expenses)
Possible source of information for analytical procedures:
- Interim financial information, budgets, management accounts, non-financial information, bank and
cash records, VAT returns, board minutes, discussions or correspondence with client at year end.
Key accounting ratios: please remember all formulas in page 50-51 of study manual (especially for
performance, short-term liquidity and efficiency. The long-term solvency is less likely that will be met in
exam than other sections).
Materiality (overall materiality - OM): a matter is material if its omission or misstatement count
influence the decision of users.
Performance materiality (PM): amount set by auditor, less than materiality so aggregate of PM and
uncorrected and undetected misstatements would not exceeds materiality (OM).
Materiality are considered throughout the audit when:
- Identifying and assessing the risks of material misstatement (Planning stage)
- Determining the nature, extent and timing and extent of further audit procedures (Execute stage)
- Evaluating identified misstatements (Evaluate stage).
Materiality will help auditors to decide:
- How and what items to examine (items larger than materiality need to be tested)
- Use sampling techniques (if materiality is small, test all rather than sampling)
- Level of misstatement is likely to lead to an unmodified opinion (misstatements which is higher than
PM will lead to modified opinion)
Benchmark for overall materiality:
- Profit before tax (PBT) 5-10%
- Revenue 0.5-1%
- Total assets 1-2%
Benchmark for performance materiality:
- Calculate on a percentage of overall materiality. The percentage require professional judgement to
provide a margin of safety.
- Lower the PM, more work need to be done, lesser detection risk.
Audit risk: risk that auditor expresses inappropriate audit opinion
- Audit risk = RoMM + Detection risk
- RoMM = Inherent risk + Control risk
Inherent risk: risk which is inherent to a type of business
Control risk: risk of internal control is not properly designed or not effective
Detection risk: risk that auditor cannot detect material misstatements.
Audit risk is pre-determined, hence, must be fixed to an acceptable level. This means if the RoMM is
high, detection risk must be lower to compensate, which will result in lower PM and more work to do.
And vice versa.
Steps to identify and assessing risk:
- Identify risks
- Assess identified risk and what could go wrong?
 - Consider the impact
- Consider the likehood
Significant risk:
- Risk of fraud
- Significant economic, accounting and other development
- Complexity of transaction
- Related party transactions
- Degree of subjectivity
- Unusual transaction
Unusual transactions is higher risk because it have more:
- Management intervention
- Manual intervention
- Complex accounting principles and calculations
- Control procedures may not be followed
Related party transactions:
- Materiality in nature
- Need fully disclose in financial statements
- Inherently risky because auditor may not be aware that a party is related.
Fraud and error:
- Fraud: intentional
- Error: unintentional
Types of fraud:
- Misappropriate of assets
- Fraudulent financial reporting
Fraud is higher risk because:
- Fraud may involve complex transactions to conceal
- Fraud may relate to collusion
- Management fraud is harder to detect because they can manipulate accounting records and override
controls.
Responsibility of auditor relating to fraud:
- Identify and assess RoMM due to fraud
- Obtain evidence regarding these risks
- Respond appropriately to actual and suspected fraud identified
Expectation gap
- Statement of financial position provides a fair valuation of entity
- Amount in FS are stated previsely
- Audited FS guarantee then entity will continue to exist
- All items are tested
- Auditor will cover all errors
- Auditor will detect all fraud
- Auditor provide absolute assurance.
Other report (please read study manual as this part as this is quite similar to an audit report, only some
element is different as it is applicable to other types of assurance engagement).
Chap 4: Process of assurance: evidence and reporting
There are 2 types of test: tests of controls and substantive procedures
Tests of controls: procedures designed to evaluate effectiveness of internal control system.
Substantive procedures: procedures designed to detect material misstatements at assertion level.
There are two types of substantive procedures: tests of details and substantive analytical procedures (SAP).
Evidence obtained need to be sufficient (enough in quantity) and appriate (enough in quality).
Quantity of evidence to obtained depends on level of risk and also affected by quality of evidence.
Quality of evidence:
- External source is more reliablt than internal source
- Obtained directly by auditors is more reliable than obtained indirectly
- Evidence is more reliable when related control systems operate effectively
- Documents evidence is morereliable then oral evidence
- Original documents are more reliable than photocopy of fascimiles (fax)
Assertions:
- Account balances (balance sheet items) and related disclosure:
+ Existence (eg: tài sản ghi trên sổ có tồn tại ngoài thực tế không?)
+ Right and obligations (eg: tài sản do bên thứ 3 gửi nhờ tại kho của mình, tài sản có tồn tại tuy
nhiên mình không có quyền đối với tài sản đó).
+ Completeness (eg: tài sản thực tế có được ghi lên sổ đầy đủ không?)
+ Accuracy (valuation, allocation) (eg: khấu hao tài sản cố định, dự phòng giảm phải thu khó đòi,…
có được tính chính xác không?)
+ Classification
+ Presentation
- Class of transactions, events (income statement items) and related disclosure
+ Occurrence (tương tự existence của tài sản, nhưng cho transactions)
+ Completeness (tương tự completeness của tài sản, nhưng cho transactions)
+ Accuracy (tương tự accuracy của tài sản, nhưng cho transactions, ví dụ: chênh lêch tỷ giá có được
tính toán chính xác không, …)
+ Cut-off (ví dụ: doanh thu của kỳ sau bị cố tình chuyển sang kỳ này để tăng doanh thu nhằm đạt
mục tiêu doanh số, để giám đốc được hưởng bonus,…)
+ Classification
+ Presentation
Test of control only used when auditor determined that can rely on client’s internal controls
Substantive must always be carried out on material items
Auditor must also carry out following substantive procedures:
- Agreeing the FS to the underlying accounting records
- Examining material journal entries
- Examining other adjustment in preparing FS.
Data analytics may help auditors to test 100% but cannot fully replace auditor in some areas require
professional judgement.
Content of auditor’s report:
- Explicit opinions (ý kiến lúc nào cũng phải nói)
+ State of company’s affair
+ Company’s profit or los
+ Financial reporting framwork+
+ Requirement of Companies Act 2006
+ Information in strategic report and directors’ report is consistent with financial statements
- Implicit opinions (included only be exception – ý kiến chỉ nói ra khi có ngoại lệ không thỏa mãn)
+ Adequate accounting records
+ Returns adequate for the audit
+ Financial statements are in agreement with accounting records and return
+ All information and explanations have been received by auditors
+ Details of directors’ benefits is disclosed
+ Particulars of loans and other transactions with directors
- Basic element:
+ Title
+ Addressee
+ Basis for opinion
+ Going concern (nếu có vấn đề về khả năng hoạt động liên tục của doanh nghiệp)
+ Key audit matters (areas with high risk (always), areas of significant auditor and management
judgement (always), significant transactions or events (depends on circumstances))
+ Other information
+ Responsibilities of management
+ Responsibilities of auditors
+ Opinion on other matters
+ Matters to be reported by exception
+ Name of engagement partner
+ Signature of engagement partner
+ Adress of auditor
+ Date of report
Chap 5: Introduction to internal control
Internal control
- Process designed, implemented, maintained to mitigate risks to the business and ensure that the
business operates effectively efficiently
Reasons for internal controls:
- Minimizing business risks
- Ensure business run effectively and efficiently
- Compliance with law and regulations
Limitations of internal controls
- Human element
- Collusion
- Unusual transactions
Components of internal controls
- Control environment
- Control activities
 - Information system
- Risk assessment
- Monitoring of controls
Control environment:
- Definition: governance and management functions and awareness, attitude and actions of those
charged with governance, management to internal controls and its importance.
Audit committees is an important aspect of control environment:
- Comprise of non-executive directors
- Responsibility of audit committees:
+ Review integrity of FSs and formal announcements relating to company’s performance
+ Review internal financial controls and company’s risk management system
+ Monitor and review effectiveness of company’s internal audit
+ Make recommendations to the board in relation to the external auditor
+ Monitor the independence of the external auditor
+ Implement policy on provision of non-audit services by the external auditor
- Key issue for audit committees:
+ Financial statements, information system
+ Supervising the identification of risks and monitoring of controls
Risk assessment process
- Identify relevant business risks. Business risks are risks that could affect an entity’s ability to achieve
its objectives, strategies or wrong objectives, strategies (remember the primary objective of n profit-
oriented organization is maximizing profit and shareholders’ wealth)
- Estimate significance (impact)
- Assess the likelihood
- Decide actions
Information system
- Process of initiate, record, process and report entity transactions and maintain accountability of
assets, liabilities and equity
- Auditor will be interested in
+ Classes of transactions that are significant to financial statements
+ Procedures that transactions are initiated, recorded, processed, corrected and reported
+ Related accounting records and supporting information
+ How information system captures events other than transactions, but significant to the FSs
+ Process of preparing FSs
Types of control activities
- Authorisation
+ Approval of transactions/documents
- Performance review
+ Actual vs budget
+ Relating different sets of data
+ Internal data vs external data
+ Review of functional and activity performance
- Information processing
+ Controls to check accuracy, completeness and authorization of transactions. Include: general
controls, application controls
 - Physical controls
+ Physical security
+ Authorization for access
+ Periodic counting
- Segregation of duties
+ Assigning different individual the responsibilities of:
 Authorising transactions
 Recording transactions
 Custody of assets
Application controls: controls relate to business process level
- Control over input: completeness
+ Manual or programmed agreement of control totals
+ Document counts
+ One-for-one checking of processed output to source documents
+ Matching input to an expected input control file
+ Procedures over resubmission of rejected data
- Control over input: accuracy
+ Check data field
+ Scrutiny of output and reconcile to source
+ Agreement of control totals
- Control over input: authorization
+ Ensure information input was authorized and input by authorized personnel
- Control over processing
+ Similar controls to input must be completed when input is completed
+ Screen warning
- Controls over master files and standing data
+ Checking master files to source documents
+ Cyclical review all master files and standing data
+ Record counts
+ Controls over the deletion of accounts that have no current balance (closed items)
General controls: controls relate to many applications
- Development of computer applications:
+ Standards over system design, programming and documentation
+ Full testing procedures
+ Approval by computer users and management
+ Segregation of duties for design and testing
+ Installation procedures
+ Training staff
- Prevention or detection of unauthorized changes to programs
+ Segregation of duties: people who authorize access and who make changes to program
+ Full records of changes
+ Password protection
+ Restricted access to central computer
+ Maintenance of program logs
+ Virus checks
+ Back-up copies
+ Control copies of program
+ Stricter controls by use of read only memory
 - Testing and documentation of program changes
+ Complete testing procedures
+ Documentation standards
+ Approval of changes
+ Training staff
- Controls to prevent wrong programs or files being used
+ Operation controls
+ Libraries of programs
+ Proper job scheduling
- Controls to prevent unauthorized amendments to data files
+ Set password
- Controls to ensure continuity of operation
+ Storing extra copies of programs and data files
+ Protection of equipment
+ Back-up power sources
+ Emergency procedures
+ Disaster recovery procedures
+ Maintenance agreements, insurance
Cyber security risks:
- Human threats
- Fraud
- Deliberate sabotage
- Viruses and other corruptions
- Malware
- DoS attack
ICAEW’s suggestions for organizations to combat cyber risk
- Communication is a key barrier to common understanding and discussion
- Organisational structures need to define responsibility and accountability for cyber
- security.
- Board-level accountability for cyber risks needs to be determined
- Non-executive directors and audit committees also need to play a part
Monitoring of controls
- Often taken by internal audit
- For smaller entities which does not have internal audits, company may make use of external audit
Source of information about controls:
- Manual or SOP (standard operating procedures) of control activities
- Copies of internal control policies
- Enquiry company’s staff
- Last year audit working papers (do note that control system of client may change this year)
Recording of controls
- Narrative notes: good for things simple, background information
- Questionnaires and checklists: good for memories and to cover all bases
- Digrams: good when things is more complex.
+ Flowcharts: recording systems
 + Organisational charge, family tree: recording relationships, reporting lines
Walk through procedures
- Tracing a few transactions through the financial reporting system
- Confirm that auditor has correctly understanding on how the controls are supposed to operate.
- Not test of controls

Chap 6: Revenue system

Ordering
Risk Control objectives
Orders may be taken from customers who Goods and services are only supplied to
are not able to pay customers with good credit ratings
Orders maybe taken from customers who Customers are encouraged to pay promptly
are unlikely to pay for a long time
Orders may not be recorded properly and Orders are recorded correctly
therefore not fulfilled and customers might Orders are fulfilled
be lost
- Controls
+ Segregation of duties: credit control, invoicing, inventory despatch
+ Authorization of credit terms
+ Authorisation for changed in other customer data
+ Orders only accepted from customers with no credit problems
+ Sequential numbering of order documents
+ Correct prices quoted to customers
+ Matching customer orders with production orders and dispatch records. Investigate if orders not
matched
+ Dealing with customer queries
- Test of controls
+ Check that references are being obtained from all new customers
+ Check that all new accounts on the receivable ledger have been authorized
+ Check that orders are only accepted from customers who are within their credit terms and credit
limits
+ Check that customer orders are being matched with production orders and dispatch records.
Despatch and invoicing
Risk Control objectives
Goods may be despatched but not recorded All despatches of goods are recorded
so they are lost to the business.
Goods may be despatched but not invoiced All invoices raised relate to goods and
for. services supplied by the business
Invoices may be raised in error with All goods and services sold are correctly
resulting customer dissatisfaction invoices
Invoices may be wrongly cancelled by Credit notes are only given for valid reasons
credit notes resulting in loss to the business
- Controls
+ Authorisation of dispatch of goods
+ Examination of goods outwards: quantity, quality, condition
+ Recording all goods despatched
+ Agree dispatch records to customer orders and invoices
 + Pre-numbering of dispatch records and regular checks on sequence
+ Condition of returns checked
+ Recording of goods returned and goods returned notes (GRNs)
+ Signature of dispatch records by customers
+ Preparation of invoices and credit notes
+ Inventory records updated
+ Matching of sales invoices with dispatch records and sales orders
+ Regular review for dispatch records not matched by invoices
- Test of controls
+ Verify details of trade sales or goods dispatch records with sales invoices
+ Verify details of trade sales with entries in inventory records
+ Verify non-routine sales
+ Verify credit notes
+ Test numerical sequence of dispatch records. Investigate any missing number
+ Test numerical sequence of invoices and credit notes, enquire into missing numbers and
inspect copies of those cancelled
+ Test numerical sequence of order forms and enquire into missing numbers
+ Check that despatches of goods free of charge or on special terms have been authorised
by management
Recording
Risk Control objectives
Invoiced sales may not be properly recorded All sales that have been invoiced are
recorded in the nominal ledger
Cut-off is applied correctly
Credit notes might not be properly recorded All credit notes that have been issued are
recorded in the nominal ledger
Sales might be recorded in the wrong All entries in the receivable ledger are made
customer accounts to the correct receivable ledger accounts
Debts might be included in receivables that Potentially irrecoverable receivables are
are not collectable identified
- Controls
+ Segregation of duties: recording sales, maintaining customer accounts, preparing statements
+ Recording of sales invoices sequence and control over spoilt invoices
+ Matching cash receipts with invoices
+ Retention of customer remittance advices
+ Separate recording of sales returns, price adjustment, …
+ Cut-off procedures
+ Regular preparation of trade receivables statements
+ Checking of trade receivables statements
+ Safeguarding of trade receivables statements
+ Review and follow-up overdue accounts
+ Authorisation of writing off irrecoverable receivables
+ Analytical review receivables account and profit margin
- Test of controls
+ Check entries with invoices and credit notes respectively
+ Check additions and cross casts
+ Check additions and balances carried down
+ Note and enquiry into contra entries
+ Check accounts to see if credit limits have been observed
+ Check that trade receivables statements are prepared and sent out regularly
+ Check that overdue accounts have been followed up
 + Check that all irrecoverable receivables written off have been authorized by management.
Cash collection
- Risk: money received but not recorded or banked
- Objectives:
+ All monies received are recorded
+ All monies received are banked
- For controls and test of control related to cash, as there are various controls and test of controls over
cash (because this is a sensitive item), kindly refer to tables within pages 125-127. It is not necessary
to remember everything but remember as much keywords as possible. And through practicing QB,
you will remember those easier and even automatically remembered.
Chap 7: Purchases system
Ordering
Risk Control objectives
Unauthorised purchases may be made for All orders for goods and services are
personal use properly authorized and duly processed. All
orders are for goods and services actually
required by the company
Goods and services might not be obtained Orders are only made with authorized
on the most advantageous terms suppliers
Orders are made at competitive price
- Controls
+ Segregation of duties: requisition and ordering
+ Central policy for choice of suppliers
+ Evidence required of requirement for purchase
+ Orders forms prepared only when a pre-numbered purchase requisition has been received
+ Authorisation of order forms
+ Pre-numbered order forms
+ Safeguarding of blank order forms
+ Review of outstanding orders
+ Monitoring of supplier terms
- Test of controls
+ Review list of suppliers and check a sample of orders made
+ Check sequence of pre-numbered order forms
+ Check orders are supported by a purchase requisition
+ Review security arrangements over blank orders
Goods inward and recording of invoices
Risk Control objectives
Goods may be misappropriated for private All goods and services received are used for
use the company’s purposes, and not private
purposes
Goods may be accepted that have not been Goods and services are only accepted if they
ordered have been ordered, and the order has been
authorized
Invoices may not be recorded resulting in All goods and services are accurately
non-payment recorded
Liabilities are recognized for all goods and
services that have been received.
Receipt of goods and services is necessary
 in order for a liability to be recorded
Cut-off is applied correctly to the payables
account
The company may not take advantage of the All credits to which the company is entitled
full period of credit that is available are claimed and received.
The company may not record credit notes All credit notes that are received are
resulting in paying invoices unnecessarily recorded in the nominal ledger.
- Controls
+ Examination of good inwards: quantity, quality, condition
+ Recording arrival and acceptance of goods
+ Comparison of goods received records with purchase orders
+ Referencing of supplier invoices: numerical sequence and supplier reference
+ Checking suppliers’ invoices
+ Recording return of goods
+ Procedures for obtaining credit notes from suppliers
+ Segregation of duties: accounting and checking functions
+ Prompt recording of purchases and purchase returns ledger
+ Regular maintenance of payables ledger
+ Comparision of monthly statements of account balance from suppliers with payables balances
+ Review of classification of expenditure
+ Matching of goods received records and invoices and accrual for any goods received but not
invoiced.
- Test of controls:
+ Check invoices for goods are:
 Supported by goods and received records
 Entered in inventory records
 Priced correctly
 Referenced properly with number, supplier code
 Correctly coded by type of expenses
 Trace entry in record of goods returned and see credit note duly received from supplier, for
invoices not passed due to defects or discrepancy
+ Check calculations and additions
+ Check entries in payables
+ Credit note: verify the correctness, check entries in inventory records, record of returns, payables
ledgers and verify that they are correctly analysed
+ Check for returns that credit notes are duly received from the suppliers
+ Test numerical sequence and enquire into missing numbers of: purchase requisition, goods
received records, suppliers’ invoices, purchase orders, goods returned notes
+ Obtain explanation for items which have been outstanding for a long time: unmatched purchase
requisition, unmatched purchase orders, unmatched goods received records, unrecorded invoices
+ Verify that invoices and credit note recorded in the purchases account are: initialed for prices,
calculations and extensions, cross-ref to purchase orders, goods received records, authorized for
payment
+ Check additions
+ Check postings to nominal ledger accounts
+ Examine nominal ledger account for unusual entries
+ For a sample for supplier accounts: test check additions and carried forward balances, note and
enquire into all contra entries
Payment
- Risk
 + False invoices are paid in error
+ Invoices are paid too soon
+ Payments is not correctly recorded
+ Credits are not correctly recorded
+ Payments are not recorded in the correct period
- Objectives
+ All expenditure is for goods that are received
+ All expenditure is authorized
+ All expenditure that is made is recorded correctly in the nominal ledger
+ Payments are not made twice for the same liability
- For controls and test of control related to cash, as there are various controls and test of controls over
cash (because this is a sensitive item), kindly refer to tables within pages 141-143. It is not necessary
to remember everything but remember as much keywords as possible. And through practicing QB,
you will remember those easier and even automatically remembered.
Chap 8: Employee cost
Calculating wages and salaries
- Risk
+ The company may pay employees too much money
+ The company may pay employees who have left
- Control objectives
+ Employees are only paid for work that they have done
+ Gross pay has been calculated correctly and authorised
+ Net pay has been calculated correctly
- Controls
+ Staffing and seggregation of duties
+ Maintenance of personnel records and regular checking wages and salaries to personnel records
+ Authorisation of: engagement and discharge of employees, change pay rates, overtime, non-
statutory deductions, advances of pay
+ Recording of changes in personnel and pay rates
+ Recording of hourse worked by timesheets, clocking
+ Review of hours worked
+ Recording of advances of pay
+ Holiday pay
+ Answering queries
+ Review of wages against budget
- Test of controls
+ Check wages and salary summary is approved
+ Confirm procedures for authorising changes in rates of pay, overtime, holiday pay
+ Obtain evidence that staff only being paid when they join the company, and removed from payroll
when they leave the company
+ Check that engagement of new employees and discharge of former employees have been
confirmed in writing
+ Check that the calculations are being checked
+ For wages, check calculation of gross pay with: authorised rates of pay, production records, clock
cards, timesheets
+ For salaries, verify that gross salaries and bonuses are in accordance with personnel records,
contracts of employeement, increased in pay have been authorised
Recording of wages and salaries and deductions
Risk Control objectives
The various elements of pay might not be recorded Gross and net pay and deductions are accurately
correctly in the payroll recorded on the payroll
All deductions have been calculated correctly and
are authorised
Amounts paid to employees might not be reflected Wages and salaries paid are recorded correctly in
in the cash at bank account cash records
Pay might not be recorded correctly in the nominal Wages and salaries are correctly recorded in the
ledger nominal ledger
The correct amounts are paid to HMRC
- Controls
+ Suitable person for preparation of payroll
+ Extent of responsibility for preparing wages and salaries should be clearly defined
+ May use automatic wage accounting systems
+ Bases for compilation of payroll
+ Arrangements for preparation, checking and approval of payroll
+ Procedrues for eadling with non-routine matters
+ Maintenance of employees’ personnel records
+ Checking payroll details to personnel records
+ Reconciliation of total pay and deductions between one payday and the next
+ Comparision of actual pay totals with budget or standard costs. Investigate any differences.
+ Agreement of gross earnings and total tax deducted with tax returns.
- Test of controls
+ Checking reconciliation of wages and salaries
+ For wages, reconciliation with:
 Previous week’s payroll
 Clock cards/timesheets/job cards
 Costing analyses, production budget
+ For salaries, reconciliation with:
 Previous week/month payroll
 Standard payroll
+ Checking calculations for wages
 Additions of payroll
 Totals of payrol detail selected to summary of pauroll
 Additions and cross-casts of summary
 Postings of summary to nominal ledger
 Net cash column to the cash at bank account
+ Checking calculation for salaries
 Additions of payroll
 Totals of salaries details to summary
 Additions and cross-casts of summary
 Postings of summary to nominal ledger
 Net cash column to the cash at bank account
+ Checking calculations of taxation and non-statutory deductions
 Check nominal ledger accounts to see appropriate deductions have been made
 Check payments to HMRC are correct
Payment of wages and salaries
- Risk: people who are not employees are paid and those that are employees are not paid
- Control objective: correct employees are paid
- Controls
+ Payment of wages
 Segregation of duties: preparing payroll, filling of pay packets, ditribution of wages
 Authorisation of wage cheque cashed
 Custody of cash
 Verification of identity
 Recording of distributions
+ Payment of salaries
 Preparation and authorisation of cheques and bank transfer lists
 Comparison of cheques and bank transfer list with payroll
 Maintenance and reconciliation of wages and salaries nominal ledger account
- Test of controls
+ For wages pay in cash
 Arrange to attend the pay-out
 Compare payroll with wage packets
 Examine receipts given by employees, check unclaimed wages
 Check that no employees receives more than one wage packet
 Check entries in the unclaimed wages book with entries in payroll
 Check that unclaimed wages are banked regularly
 Check that unclaimed wages books show reasons
 Check pattern of unclimed wages
+ For salaries
 Check comparision between each month’s payroll net pay summary and examined paid cheques
or a certified copy of bank list

Chap 9: Internal audit

Internal audit
- Is a function which include examining, evaluating and monitoring the adequacy and effetiveness of
internal control
- Assist management in achieving corporate objectives
- Ensuring good corporate governance
- Help maintain good systems of internal control
- Play a key role in assessing and monitoring internal control
Other responsibility
- Acting as auditors for board reports not audited by the external auditors
- Assisting in implementation of new standards
- Liasing with external auditors to reduce time and cost of external audit
- Check that external auditors are reporting back to the board everything they are required to under
auditing standards.
Internal audit External audit
 Reason Add value and improve organisation’s Express opinion on FSs
operation
Reporting to Board of directors, audit commitee Shareholders
Relating to Operations of the organisation Financial statements
Relationship Often employees of organisation Independent with company, appointed by
with the the shareholders.
company
Activity of internal audit
- Monitoring internal controls
- Examining financial and operating information
- Reviewing economy, effectiveness and efficiency (3Es) of operation
- Reviewing compliance with law, regulations
- Conduct special investifation
- Identify and evaluate significant exposures to risks, improve risk management and control systems
- Assess the governance process among those charged with governance, external and internal auditors
and management
Role of internal audit relating to risk:
- Monitoring company’s overall risk management policy to ensure it operates effectively
- Monitoring the strategies implemented to ensure that they continue to operate effectively
Role of internal audit relating to internal controls:
- Monitoring overall process
- Providing assurance that systems designed meet objectives and operate effectively
- Also known as operational audits
- Review policies of particular department by reading and discussing with members of department
- Assess the adequacy of policy, advise
- Testing the internal controls to examine the effectiveness of controls
Operational audit:
- Ensure policies are adequate
- Ensure policies work effectively
With other functions, internal audit needs to maintain its objectivity and not become involve in operational
activities of the company.
Chap 10: Documentation
Purpose
- Assist the audit team to plan and perform the audit
- Assist direct and supervise work
- Enable team to be accountable for its work
- Record of matters of continuing significance to future audits
- Enable qualify control reviews
- Enable conduct external inspections in accorance with legal, regulatory
Form and content of working papers
- Documentation need to be sufficient to enable an experienced auditor, having no previous connection
with the audit to understand the nature, extent and timing of audit procedures performed, the results
 of audit procedures, the conclusions reached and significant professional judgements made (in short,
can be reperformed)
- Form and content of WPs is affected by:
+ Size and complexity of entity
+ Nature of audit procedures performed
+ Identified RoMM
+ Significance of the audit evidence obtained
+ Nature and extent of exception identified
+ The need to doument a conclusion or basis for a conclusion not readily determinable
+ Audit methodology and tools used
Working papers should shows:
- Client name
- Reporting date
- File reference
- Name of prepareer, date of preparation
- Subject of working papers
- Name of reviewer, date of review
- Objective of work done
- Source of information
- How samples was selected
- Sample size determined
- Work done
- Key to any audit ticks or symboles
- Appropriate cross-referencing
- Results obtained
- Analysis of errors
- Other significant observations
- The conclusion drawn
- Key point highlighted
Automated and electronic working papers
- Automated working paper is automatically cross referenced, adjusted and balanced by the computer
- Electronic working papers do not involve any automatic calculations
- Advantages of automated working papers
+ Risk of errors is reduced
+ Working papaers are neater and easier to review
+ Time saved as adjustments can be made easily to all working paper
Filling working papers
- Permanent audit files: contain information relevant to many years’ audit
+ Engagement letters
+ New client questionaire
+ Memorandum and articles of association
+ Other legal documents
+ Detail of history of client’s business
+ Board minutes of continuing relevance
+ Previous years’ signed accounts and analytic procedures
+ Accouting systems note, previous years’ control questionaires
- Current audit files: contain information relevant to current year’s audit
 + FSs
+ Accounts checklists
+ Management accounts details
+ Reconciliation of management accounts and FSs
+ Summary of unadjusted errors
+ Report to partner including details of significant events and errors
+ Review notes
+ Audit planning memorandum
+ Time budgets and summaries
+ Written representations from management
+ Notes of board minutes
+ Communication with 3rd parties
+ For each audit areas (sections)
 Lead schedule
 Problem encountered and conclusion drawn
 Audit plans
 Risk assessments
 Sampling plans
 Analytical procedures
 Details of TOD and TOC
Safe custody and retention of documentation
- ICAEW requirement: keep at least six years from the end of accounting period to which they relate
- Paper documents must be kept securely, in locked premises. Electronic documents should be
protected by electronic controls
Ownership and right of access to documentation
- Working papaers belong to the assurance providers
- The report, once issued, belongs to client
- Assurance providers must keep working papers confidential
- They may show working papers to the client at their discretion
- They should obtain client permission before showing working papers to 3rd parties.
Chap 11: Evidence and sampling
Procedures to obtain evidences
- Inspection of tangible assets
- Inspection of documentation
- Observation
- Inquiry
- External confirmation
- Recalculation
- Reperformance
- Analytical procedures
CAATs
- Test data (stages)
+ Note controls in client’s system
+ Decide upon test data, options include: dummy data, real data, dummy data against a verified copy
of client’s system
 + Run test data
+ Compare results with those expected
+ Conclude on whether controls are operating property
- Audit software
+ Extract a sample according to specified criteria
+ Calculate ratios and select those outside set criteria
+ Check calculations anc casts performed by the system
+ Prepare reports
+ Follow items through a system and flag where they are posted.
- Data analytics
+ Complex testing can be performed on data but crucially without the need to create tailor-made
software.
+ Generate intuitive visuallisations of very complex data
+ Areas ADA may be useful:
 Analyse all transactions in a population, stratify that population and identify outliers for further
examination
 Reperform calculations relevent to the financial statements
 Match transactios as they pass through a processing cycle
 Assist in segregation of duties testing
 Compare entity data to externally obtained data
 Manipulate data to assess the impact of different assumptions
 Analyses of revenue trends split by product or region
 Matches of orders to cash and purchase to payments
 Three-way matches between purchases/sale orders, goods received/ despatched documentation
and invoices
Analytical procedures
- Consideration
+ Objective of analytical procedures
+ Suitability of analytica procedures
+ Reliability of the data
- Should be used at risk assessment stage with possible source of information: interim financial
information, budgets, management accounts, non-financial information, bank and cash records, sales
tax returns, board minutes, discussion of correspondence with the client at year end.
Directional testing
- There are two possibilities for misstatement:
+ Understament
+ Overstatement
Audit of accounting estimates
- Test the process that management used to estimate the figure and the data on which it is based
- Use a point estimate
- Review events occuring up to the date of the auditor’s report
- Test the operating effectiveness of controls over how management made the accounting estimate,
with associated substantive procedures
Selecting items to test
- Statistical sampling (all items in population have chance to be chosen)
- Non-statistical sampling (items to be tested wholly depends on auditor’s judgement)
 - High value or key items
- All items over a certain amount
- Items to obtain information
Sampling risk: The risk that the auditor's conclusion based on a sample may be different from
the conclusion if the entire population were subjected to the same audit procedure.
Non-sampling risk: The risk that the auditor reaches an erroneous conclusion for any reason not
related to sampling risk.
Selecting the sample
- Random selection
- Systematic selection
- Haphazard selection (should not be used if assurance providers are carrying out statistical sampling)
- Sequence or block selection
- MUS
Draw conclusions from sampling
- Consider whether the items are true misstatements
- If expected audit evidence regarding a specific sample item cannot be found, perform procedures on
a replacement item
- Consider qualitative aspects of misstatements, include nature and cause of misstaements.
- Consider effects of misstatements on other parts of audit
- May decide to identify all items in the population that possess the common feature, thereby
producing a sub-population.
- Anomaly: a misstatement or deviation that is demonstrably not representative of misstatements or
deviations in a population. Extra work will be required to prove that a misstatement if an anomaly if
auditors meet an anomaly.
- Estimate the probable misstatement
- Estimate any further misstatements
- If projected population misstatement exceeds tolerable misstatement, auditor must re-assess
sampling risk. If unacceptable, consider extending auditing procedrues or perform alternatives
procedures.
Evaluation of misstatements
- Evaluate effect of identitifed misstatements
- Evaluate effect of any uncorrected misstatements on FSs
- Accumulate any non-trivial misstatements identified
- Communicate all misstatements on a timely basis to management. Request writtent representation
from management that they believe the effects of uncorrected misstatements to be immaterial.
- If management refuses to correct some or all of misstatements:
+ Obtain understanding of management’s reasons
+ Determined whether uncorrected misstatements are material individually or in aggregate
+ Communicate to TCWG
+ Request written representation from management
- In some circumstances, misstatements may be material even if those are below materiality threshold:
+ Affects compliance with regulatory requirements (going concern matter)
+ Affects compliance with debt covenants (going concern matter)
+ Masks a change in earnings or other trends (profit to loss matter)
+ Affect ratios used to evaluate entity’s financial position
+ Increases management’s compensation (bonus, etc…)
 Chap 12: Writtent representations
Written representations as assurance evidence
- General matters: management has:
+ Fulfilled its responsibility for preparation of FSs
+ Provided the auditor with all relevent information and access as agreed
+ Recorded and reflected all transactions in FSs
- Other writtent representations
+ As required by other ISAs
+ Where auditor determines they are necessary to support other audit evidences
+ Cannot be used instead of other evidence which the auditors expect to exist.
When other written representations are required
- Whether the selection and application of accounting policies are appropriate
- Whether matters such as the following, where relevant under the applicable financial reporting
framework, have been recognised, measured, presented or disclosed in accordance with that
framework:
+ Plans or intentions that may affect the carrying value of classification of assets and liabilities
+ Liabilities both actual or contingent
+ Title to assets, the liens on assets, and assets pledges as collateral
+ Aspects of laws, regulations and contractual agreements that may affect the financial statements,
including non-compliance
- Whether all deficiencies in internal control of which management is aware have been communicated
to auditor
- Specific written representations required by other ISAs
- Support for management’s judgement or intent in relation to a specific assertion
If the auditor has concerns over the competence, integrity, ethical values or diligence of management, the
auditor shall determine the effect that such concerns may have over the reliability of representations (oral
and written) and audit evidence in general.
If written representations are inconsistent with other audit evidence, the auditor shall perform audit
procedures to resolve the matter. If the matter remains unresolved, the auditor shall reconsider its assessment
of management and determine the effect that this may have on the reliability of representations in general.

Chap 13: Substantive procedures – key financial statement figures

Non-current assets
- Tangible assets
+ Risk:
 Company not actually owning the assets
 The assets not actually existing or having been sold
 Omission of assets owned by the company
 The assets being overvalued, either by inflating cost or valuation, or undercharging depreciation
 Assets being undervalued, by not including an appropriate revaluation or overcharging
depreciation
 Asset being incorrectly presented in the FSs
+ Source of information:
 NCA register
 Purchase invoices
 Sale invoices
  Registration documents
 Vaulations carried out by employees or third party valuers
 Lease or hire purchase documentation
 Physical inspection by the auditor
 Depreciation records or calculations
- Intangible NCA
+ Risk:
 Expenses being capitalised as NCA inappropriately
 Wrong cost or valuation due to inflating the cost or valuation
 Wrong cost or valuation due to charging inappropriate amortisation, wrong amortising or not
amortising
 Wrong cost or valuation due to impairment reviews not carried out
+ Source of information:
 Accounting standards/ Auditor’s knowledge of accounting standards
 Purchase inoices or documentation
 Client calculations and schedules
 Specialist valuations
 Auditor understanding of the entity for signs of impairment factors.
Inventory
- Risk:
 Inventory that does not exist being included in the FSs
 Not all inventory that exists being included in the FSs
 Inventory being included in the FSs at full value when it is obsolete or damaged
 Inventory being included in the FSs at the wrong value, whether due to miscalculation of cost or
the fact that cost has been used although NRV is lower than cost
 Inventory which has actually been sold is included in the FSs
- Source of information
 Company’s controls over inventory counting
 Auditor’s attendance at the annual inventory count
 Confirmations with third parties holding inventory or having inventory stored for them by the
company
 Purchase invoices for inventory
 Work-in-progress records for inventory
 Post year-end sale invoices
 Post year-end price lists
 Post year-end sales orders
- Inventory count
+ Review of inventory count instructions
- If perpetual inventory counting is used
 Ensure that all inventory lines are conted at least once a year
 Maintains adequate inventory recods that are kept up-to-date
 Has satiffactory procedures for inventory counts and test-counting
 Investigates and corrects all material differences. Corrections should be authorised by a manager
who has not been involved in the detailed work
- Cost vs net realisable value
+ Management should compare cost and NRV for each item of inventory. It may be done by group
or category also.
+ NRV is likely to be less than cost when
 Increase in costs or fall in selling price
 Physical deterioration
 Obsolescence of products
 A Marketing decision to manufacture and sell products at a loss
 Errors in production or purchasing
  For WIP, ultimate selling price should be compared with the carrying value at year-end plus to be
incurred after year-end to bring WIP to a finished state.
Receivables
- Risk
 Debts being uncollectable
 Debts being contested by customers
- Source of information
 Receivables ledger information
 Confirmation from customers
 Cash payments received after year end
- Confirmations from customer
+ Positive method
+ Negative method. Only used when:
 Assessed RoMM is low
 Relevant controls are operating effectively
 A large number of small balances is involved.
 A substantial number of errors is not expected
 The auditor has no reason to believe that customers will disregard the request
+ Samples should be chosen from a complete list of all customers. Following classes of account
should receive special attention:
 Old unpaid accounts
 Accounts written off
 Accounts with credit balances
 Accounts settled by round sum payments
 Accounts with nil balances
 Accounts have been paid by the date of examination
- If there are disagreements, customer response should have identified amounts that are disputed:
+ Dispute
+ Cut-off problem
+ Monies received posted to wrong account
+ Net off balance
+ Teeming and lading
- Alternative procedures when confirmations are not received
 Cash cash receipt after date
 Verify valid purchase orders
 Examine the account and confirm their validity to dispatch notes
 Obtain explanations for invoices remaining unpaid after subsequent ones have been paid
 Check if the balance on the account is growing
 Test company’s control over issue of credit notes and the write-off of irrecoverable receivables
- Irrecoverable receivables
+ Reviewing cash received after date
- Other receivables
+ Verify to third party evidence, or cash received after date.
Bank
- Risk:
 Not all bank balances owned by client being disclosed
 Reconciliation difference between bank balance and cash at bank nominal ledger
 Material cash floats being omitted or misstated
- Source of information
 Cash at bank nominal ledger account
 Confirmation from the bank
 Bank statements
 Bank reconciliation carried out by the client
 - Direct confirmation with bank
 Bank will require explicit written authority from their client to disclose information
 Assurance provider’ request must refer to the client’s letter of authority
 Letter of authority may give permission to the bank to disclose information
 The request should reach the branch manager at least two weeks in advance of year-end
 Assurance provider should check that the bank response covers all the information
- Bank reconciliation
+ Window dressing
 Keeping the cash at bank nominal ledger open to take credit for remittances actually received
after year end
 Recording cheques paid in period under review which are not actually dispatched until after year
end
+ Assurance providers should check whether outstanding cheques were cleared within a reasonable
time.
- Cash count
+ Assurance providers need to determine the locations where cash is helo and locations warrant a
cash count. Where location is not visited it may be expedient to obtain a letter from client confirming
the balance.
+ Following matters apply to the count:
 All petty cash books should be written up to date in ink
 All balances must be counted at the same time
 At no time should assurance providers be left alone with cash
 All cash counted must be recorded
Payables
- Risk:
 The entity understating its liabilities in the financial statements
 Cut-off between goods inward and liability recording being incorrect
 Non-existent liabilities being declared
- Source of information
 Payables ledger records
 Confirmations from suppliers
- Supplier statement
+ Comparing supplier statement with year end payables ledger balances
+ May send confirmations when:
 Supplier’s statements are unavailable or incomplete
 Weaknesses in internal control
 Client may deliberately try to understate payables
 Accounts appear to be irregular
- Other payables/ Accrued expenses
+ Depends on nature of account:
 Recalculation for accrued interest
 Check invoices received subsequent year-end for accruals made for goods received but not
invoiced.
 Etc…,
+ Audit of accruals focuses primarily on cut-off and completeness
Long-term liabilities
- Risks
 Not all long-term liabilities have been disclosed
 Interest payabl has not been calculated correctly and included in the correct accounting period
 Disclosure is incorrect
- Source of information
 Schedule of loans/ prior year audit file information
 Statutory books
  Loan agreements
 Bank letter and direct confirmations from other lenders
 Cash at bank nominal ledger
 Board minutes
 Client schedules and calculations
 Accounting policies
- Plan for testing of long-term liabilities
 Obtain/prepare schedule of loans
 Compare opening balances to previous year WPs
 Test the clerical accuracy
 Compare balances to the nominal ledger
 Check name of lender to register of debenture holders
 Trace additions and repayments to entries in cash at bank nominal ledger account
 Confirm repayments are in accordance with loan agreement
 Examine cancelled cheques and memorandum of satisfaction for loans repaid
 Verify that borrowing limits imposed are not exceeded
 Examine signed board minutes relating to new borrowings/repayments
 Obtain direct confirmation from lenders
 Verify interest charged
 Confirm assets charged have been entered in the register of charges and notified to Registrar
 Review restrictive covenants
 Review minutes and cash at bank nominal ledger account to check if all loans have been recorded
Statement of profit or loss items
- Revenue, purchase, payroll: refer to chap 6, 7, 8
- Interest paid/received
 Inspecting bank statements, confirmations from other lenders
- Expenses
 Analytical procedures, vouching specific transactions to purchase invoices
- Summary of matters which should be reported to more senior staff
 Conclusions of audit procedures performed
 Exceptional items discovered
 Any unusual accounting entries noticed
 Any indications of possible money laundering
 Issues which need to be discussed with the client
 Anything which junior member of staff is unsure about or does not understand.

Chap 14: Codes of professional ethics

Professional ethics
- Need for ethics. Because people rely on accountants and their expertise.
+ Accountants deal with a range of issues on behalf of clients
+ They often have access to confidential and sensitive information
+ Auditor claim to give an independent view
- Source of ethical guidance
+ IESBA
+ ICAEW
+ FRC
- Rules or principles-based guidance
+ Code of ethics is principles-based guidance with some rules but in the main it is flexible guidance
+ Advantages of framework of principles:
 Active consideration and demonstration of conclusions
  Broad interpretation of ethical situations
 Individual situations covered
 Flexible to changing situation
 Can incorporate prohibitions
- IESBA Code
+ Fundamental principles
 Integrity
 Objectivity
 Professional competence and due care
 Confidentiality
 Professional behavior
+ In marketing and promoting themselves and their work, shall not make
 Exaggerated claims for services they are able to offer, qualifications they possess, or experience
they have gained
 Disparaging references or unsubstantiated comparisons to the work of others
Independence
- Identify threats
- Evaluate threats identified
- Eliminating threats or reducing them to an acceptable level by applying safeguards
- There maybe occasions where no safeguard is available. If so, is is only appropriate to:
+ Eliminate the interest
+ Decline the engagement
- Independence of mind
- Independence in appearance
Threat and safeguards
- Threats
 Self-interest
 Self-review
 Advocacy
 Familiarity
 Intimidation
 Management (only identified by FRC)
- Safeguards
+ Created by the profession, legislation or regulation
 Educational training and experience requirements for entry into the profession
 Continuing professional development requirements
 Corporate governance regulations
 Professional standards
 Professional or regulatory monitoring and disciplinary procedures
 External review by a legally empowered third party of the reports, returns, communication or
information produced by a professional accountant
+ Within the work environment
 Involving an additional professional accountant to review the work done or otherwise advise as
necessary
 Consulting an independent third party
  Rotating senior personnel
 Discussing ethical issues with TCWG
 Disclosing to TCWG the nature of services provided and extent of fees charged
 Involving another firm to perform or re-perform part of the engagement
- The team and firm should be independent during the period of the engagement
- For recurring audit, independence may only cease on termination of the contract between parties.
ICAEW Code
- Apply not only to the job of the professional accountant but also to the life of the professional
accountant
FRC ethical standard
- UK auditors must comply when carrying out UK audits.

Chap 15: Integrity, objectivity and independence

Integrity, objectivity and independence
- Why?
 The expectation of those directly affected
 The public interest
- Why should not withdraw from any engagement?
 Clients may lose an auditor who knows their business
 It denies clients the freedom to be advised by the accountant of their choice
Self-interest
+ Safeguards
 Disposing of the interest
 Removing the individual from the team if required
 Keeping client’s audit committee informed of the situation
 Using an engagement quality control review to review work carried out if necessary
- Close business relationships
+ Safeguards
 Modifying the assurance strategy
 Ensuring the engagement is assigned to someone of sufficient experience as compared with the
individual who has left
 Involving an additional professional accountant not involved with the engagement to review the
work done
 Carrying out a qualify control review of the engagement
- Partner/employee on the client’s board
+ A partner or employee of an assurance firm should not serve on the board of an assurance client
- Family and personal relationships
+ When an immediate family member of a member of the assurance team is a director, an officer or
an employee of the assurance client in a position to exert significant influence over the subject matter
information of the assurance engagement, the individual should be removed from the assurance
team.
+ Safeguards
 Quality control policies
  Discussing matter with audit committee
- Gifts and hospitality
 Unless the value of gifts or hospitality are such that a reasonable and informed third party,
weighing all the specific facts and circumstances, would consider them trivial and
inconsequential, a firm or a member of an assurance team should not accept them
- Loans and guarantees
- Overdue fees
- Percentage or contingent fees
 A firm shall not enter into any fee arrangement for an assurance engagement under which the
amount of the fee is contingent on the result of the assurance work or on items that are subject
matter of the assurance engagement
- High percentage of fees
+ Safeguards
 Discussing the issues with audit committee
 Taking steps to reduce the dependency on the client
 Obtaining external/internal quality control review
 Consulting a third party such as ICAEW
+ Threshold
 If total fees regularly exceed 10% of annual fee income of audit firm (5% with listed company),
should disclose fact to ethic partner and TCWG
 If total fees regularly exceed 15% of gross practice income (10% with listed company), the firm
should not act as the auditors.
 Total fees from non-audit services must not exceed 70% of the audit fee
- Lowballing
+ Safeguards
 Maintaining records such that the firm is able to demonstrate that appropriate staff and time are
spent on the engagement
 Complying with all applicable assurance standards, guidelines and quality control procedures.
Self-review
- Service with an assurance client
+ Safeguards
 Obtaining a quality control review of the individual’s work on the assignment
+ The person should not be assigned to a position in which he or she is able to influence the conduct
and outcome of the audit for two years following the date of leaving the audit client.
- Preparing accounting records and financial statements
+ Safeguards
 Using staff members other than assurance team members to carry out work
 Implementing policies and procedures to prohibit the individual providing such services from
making any managerial decisions on behalf of the assurance client
 Requiring the source of data for the accounting entries to be originated by the assurance client
 Requiring the underlying assumptions to be originated and approved by the assurance client
+ Firms should not prepare accounts or FSs for listed clients.
- Valuation services
+ Audit firms shall not carry out valuations which either:
 Have a material effect on a listed company’s FSs
  Involve a significant degree of subjective judgement
+ Safeguards
 Second partner review
 Confirming that the client understands the valuation and the assumptions used
 Ensuring the client acknowledges responsibility for the valuation
 Using separate personnel for the valuation and the audit
+ Prohibited for public interest entities
- Taxation services
+ Please read the study manual as this related to various tax aspects
- Internal audit services
+ Safeguards
 Client designates an appropriate and competent resource to be responsible at all times for internal
audit activities
 The client’s management reviews, assesses and approves the scope, risk and frequency of the
internal audit services
 The client’s management determines which recommendations to implement and manages the
implementation process
+ Shall not undertake where it is reasonably foreseeable that
 For purpose of audit FSs, the auditors would place significant reliance on internal audit work
performed by the audit firm
 For the purposes of the internal audit services, the audit firm would undertake the role of
management
- Corporate finance services
+ Assurance firms are not allowed to promote, deal in or underwrite an assurance client's shares.
They are also not allowed to commit an assurance client to the terms of a transaction or consummate
a transaction on the client's behalf.
+ Prohibited for auditors of public interest entities
- Information technology services
+ For public interest entities, shall not design or implement IT services that
 Form a significant part of internal control over financial reporting
 Generate information that is significant to the FSs on which the firm will express an opinion
+ For non-public interest entities, must ensuring that
 The client acknowledges its responsibility for establishing and monitoring a system of internal
controls
 The client assigns the responsibility to make all management decisions with respect to the design
and implementation of the hardware or software system to a competent employee, pregerably
within senior management
 The client makes all management decisions with respect to the design and implementation
process
 The client evaluates the adequacy and results of the design and implementation of the system.
- Litigation support services
+ Prohibited for listed audited entities
+ For non-listed entities, it should not involve any subjective estimations.
Advocacy
Familiarity
 - Long association of senior personnel with assurance clients
+ Safeguards
 Rotating senior staff
 Quality control reviews
+ For public interest entities
Rotated after (years) Should not return for (years)
Audit engagement partner 5 5
Engagement quality control 7 5
reviewer
Key partner (tax partner, other 7 2
audit partner)
 Where the engagement quality control reviewer becomes the audit engagement partner the
combined service in these two positions should not be more than five years.
 When an audit client becomes a listed company, the engagement partner should only continue in
the position for another two years where four or more years have already been served by that
individual.
- Recruitment
+ Assurance provider must not make management decisions for client
+ Should not undertake an engagement to provide recruitment services in relation to a key
management position of the audited entity for a listed entity
Intimidation threat
- Actual and threatened litigation
+ Safeguards
 Disclosing to the audit committee the nature and extent of the litigation
 Removing specific affected individuals from the engagement team
 Involving an additional professional accountant on the team to review work
+ Legal services are prohibited in the case of audits of public interest entities
Management threat
Accepting new clients
- Factors that could be a threat to firm’s integrity or professional behavior
 Illegal activities of the client
 Apparent dishonesty of the client
 Questionable account practices of the client
Resolving ethical conflicts
- Matter to consider
 Relevant facts
 Relevant parties
 Ethical issues involved
 Fundamental principles related to the matter in question
 Established internal procedures
 Alternative courses of action
+ Determine course of actions
+ Refer to relevant department within firm
 + Obtain advice from ICAEW
Conflicts of interest for the accountant
- Course of actions
 Resolve internally using a formal dispute resolution
 Obtain advice from ICAEW
 Seek legal advice
 Resign as last resort

Chap 16: Confidentiality

Importance of confidentiality
- Accountants ar required to keep client information confidential
- Should not discuss client matters with anyone outside the firm
- The greatest risk of breach of confidentiality is likely to be accidental disclosure rather than
deliberate disclosure
Data protection
- GDPR and Data protection act state that:
 Anyone who processes personal information must ensure that it is protected
 Individuals have the right to access both their personal data and information about how it is being
processed
 Personal data can only be held if there is a specific lawful reason to do so
- Every organization that processes personal information must notify the ICO. Notification is effective
for one year and ICO must be informed of any breaches of GDPR.
- Data controller has responsibility of informing ICA of ongoing processing or any changes. Failure to
notify the ICO is a criminal offence
Safeguards to confidentiality
- Do not discuss client matters with any party outside of the accountancy firm
- Do not discuss client matters with colleagues in a public place
- Do not leave audit files unattended
- Do not leave audit files in cars or in unsecured private residences
- Do not remove working papers from the office unless strictly necessary
- Do not work on electronic working papers on systems that do not have the requisite protection
- Raise concerns with more senior staff in the firm
- Seek legal advice before making any disclosures of potentially confidential information
Disclosure of confidential information
- Only disclose when:
 Consent has been obtained
 Public duty
 Legal or professional right or duty
Money laundering
- Firm must have a nominated officer and a MLCP
- Nominated officer is responsible for receiving internal reports and making disclosures to NCA
- If there is a suspicion of money laundering activities, make a report to nominated officer
 - Money laundering may include
 Keeping customer overpayment
 Offences under Companies Act that are criminal
 Offences that involve a saved cost
- Following issues may give rise to suspicions of money laundering
 Credits on the receivable ledger
 Unusual related party transactions
 Lack of expected costs in income statement
 The existence of a complicated group structure with no obvious business reason for the
complexity
 High number of cash transactions without genuine business reason
Conflicts of interest
- Exist when:
 When a professional accountant competes directly with a client, or has a joint venture or similar
arrangement with a major competitor of a client, then this is a threat to the accountant’s
objectivity
 When a professional accountant performs services for clients whose interests are in conflict or
who are in dispute with each other
- Safeguards
 Disclosure of the circumstances of the conflict
 Obtaining the informed consent
 The use of confidentiality agreements signed by employees
 Establishing information barriers
 Regular review of the application of safeguards by a senior individual not involved with the
relevant client engagement
 Cease to act
+ Information barriers include:
 Ensuring that there is no overlap between different team
 Physical separation of teams
 Careful procedures for where information has to be disseminated beyond a barrier and for
maintaining proper records where this occurs