AA - Audit framework & regulation

Contents
The Acceptance Stage ............................................................................................................ 2
The Engagement Letter .......................................................................................................... 3
TERMINOLOGY USED .......................................................................................................... 3
PURPOSE AND CONTENTS OF THE ENGAGEMENT LETTER ................................................ 3
Audit Risk ................................................................................................................................ 6
TERMINOLOGY USED: ......................................................................................................... 6
AUDIT RISK MODEL: ............................................................................................................ 6
Identifying Audit Risks ............................................................................................................ 8
TERMINOLOGY USED: ......................................................................................................... 8
USING ANALYTICAL PROCEDURES: ..................................................................................... 9

1
The Acceptance Stage
At the acceptance stage the auditor will consider:

– Whether to continue to act for an existing client;

– Whether to accept a new engagement.

New audit clients are generally gained by three methods:

1) Client request;

2) Advertising;

3) Tendering.

Considerations as to why auditors may not accept new client:

1) At pre-conditions stage (ISA 210):

– Is the client following an acceptable financial reporting framework (is it

consistent and relevant)?
– Does the client management accept their responsibilities (ensures that controls
are sufficient and provides all relevant information)?

Note: if preconditions are not met, the auditor should not accept the audit assignment.

2) Other considerations:

– Professional clearance. Writing a letter to previous auditor asking about any

professional reasons why auditors should not accept the client (breach of law,
disagreements with management, lack of integrity from management, overdue
fees). Note: permission is required from the client to write such letter;
– -Audit risk considerations - identify any issues that may indicate that audit risk is
high;
- Time needed;
- Skills required;
- The fee.
– Ethical considerations - identify any conflicts of interest with the existing clients
or threats to objectivity; Then a decision is made:

Reject if the risks being associated with the client are too high.

Accept and move to the next stage of audit process, the engagement letter.

2
The Engagement Letter
TERMINOLOGY USED

Engagement letter: An agreement that is put in place at the start of the audit process. The
engagement letter is prepared once the acceptance stage is concluded.

PURPOSE AND CONTENTS OF THE ENGAGEMENT LETTER

Purpose of the engagement letter:

1. To minimize the risk of misunderstandings;

2. To explain the audit process and the terms and conditions; and

3. For accepting the audit process in writing.

ISA 210 requirements:

Contents of the engagement letter (ISA 210):

1. Objective of the audit: Sufficient appropriate evidence to form an independent opinion;

2. Scope of the audit:

a. Plan and perform audit procedures to audit;

b. Statement of financial position;

c. Statement of profit or loss;

d. Statement of changes in equity; and

e. Statement of cash flows.

3
3. Auditor’s responsibilities:

4. Client management responsibilities:

5. Financial reporting framework (for example IFRS);

6. Form and contents of any reports used:

a. The formal written audit report will show the audit opinion; and

b. Any control deficiencies will also be reported in writing in the form of the
management letter or report to management.

7. Other matters that may be included:

a. Confirming the use of experts during the audit engagement;

b. The basis of fees;

c. The reliance of some of the internal auditor's work if appropriate;

d. Acknowledgement of any specific regulations relating to the audit;

e. Provision of additional services;

4
f. The limitations of the audit; and

g. Timings of any communications during the audit.

The importance of the engagement letter being reviewed every year:

1. Information may be out of date;

2. Auditors may provide services not included in the engagement letter;

3. Fee basis may have changed;

4. Not received confirmation that the management accept their responsibilities; and

5. ISA 210 is not being followed.

5
Audit Risk
TERMINOLOGY USED:

Audit risk is the risk of the auditor giving an inappropriate opinion on the financial
statements, i.e. there are material misstatements present in the financial statements.

Misstatement is:

1) a difference between the amount, classification, presentation or disclosure of a

reported financial statement item; and the amount, classification, presentation
or disclosure that is required for the item to be in accordance with the
applicable financial reporting framework (ISA 450);

2) the difference between what is in the financial statements and what should be
in the financial statements in accordance with the applicable financial reporting
framework.

Note: Material misstatement not identified by the auditor leads to incorrect decisions made
by users and affects the auditor’s reputation.

AUDIT RISK MODEL:

In order to calculate audit risk, the auditors use the audit risk model: AR=IR*CR*DR, where:

AR - Audit risk;

IR - Inherent risk - is the risk of a material misstatement in the financial statements due to
the nature of the

client, whether it be the business itself or the industry which they operate within;

CR - Control risk - is the risk of a material misstatement in the financial statements due to
poor client controls;

DR - Detection risk - is the risk of a material misstatement in the financial statements due to
the auditor not

spotting the error.

Note: Inherent risk and Control risk cannot be changed, but must be identified to decide
what should be the level of Detection risk.

If Inherent risk and Control risk are high, then Detection risk must be low, meaning that:

– More audit procedures would be needed;

– More time should be spent on the audit;

6
– Sample sizes should be increased;
– More experienced audit staff should be used.

If Inherent risk and Control risk are low, then Detection risk can be high, meaning that:

– Smaller samples of transactions can be tested;

– Less time will be spent on the audit.

If audit risk is assessed correctly, the audit opinion will be appropriate at the end of the
process.

7
Identifying Audit Risks
TERMINOLOGY USED:

Audit risk is the risk of the auditor giving an inappropriate opinion on the financial statements.
For example, stating the financial statements are true and fair when there is a material
misstatement uncorrected.

Audit risk = Inherent risk * Control risk * Detection risk

ISA 315: Auditors required to perform risk assessment procedures.

ISA 200: Auditors must apply ‘professional scepticism’ during the audit

Professional scepticism is an attitude that includes a questioning mind, being alert to

conditions which may indicate possible misstatement due to error or fraud, and a critical
assessment of audit evidence.

Risk assessment includes two main pieces of work:

1) Understanding the entity and its environment

2) Using analytical procedures.

UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT:

The process of understanding includes the following:

– Understanding the industry and other external factors;

– Laws and regulations affecting the entity;
– Organisational structure;
– Accounting policies that company follows;
– Client business plan and risks;
– Financial performance;
– Internal controls.

Three main methods of gathering information about the client are:

1) Enquiry;

2) Observation;

3) Inspection.

8
The four main sources of information are:

a) Within the audit firm (previous years workings, discussions with audit partner and
manager);

b) From external sources (companies house, internet and trade press, industry surveys, credit
reference agencies);

c) From the client (discussions with management, observation of procedures, website,

brochures);

d) From the individual auditor.

USING ANALYTICAL PROCEDURES:

Analytical procedures are defined as:

1) Evaluations of financial information through analysis of plausible relationships among both

financial and non-financial data (ISA 520).

2) Comparing financial and non-financial data to understand changes.

Note: Analytical procedures are used on planning stage, substantive testing stage and
completion and review stage of the audit.

The purpose of analytical procedures at the planning stage is to understand the business the
client operates, identify unusual balances, transactions and events, and identify potential
material misstatements.

9
Ratios can be categorised to review the following:

1) Profitability ratios:
Gross profit PBT
Gross profit margin = * 100% Net margin = * 100%
Revenue Revenue

2) Efficiency ratios:
Receivables Payables
Receivable days = * 365 days Payable days = * 365 days
Revenue Purchases

Inventory
Inventory days = * 365 days
Cost of sales

3) Liquidity ratios:
Current assets Current assets - Inventory
Current ratio = Quick ratio =
Current liabilities Current liabilities

4) Return ratios:

Debt Borrowings
Gearing ratio = =
Equity Share capital and reserves

Equity Share capital and reserves

Note: Comparison of current year ratios to previous year, budgets and averages helps to
identify unusual differences which could be the result of a material misstatement.

10