Professional Documents
Culture Documents
Leadership
Effectiveness
The board and its committees should have the appropriate balance of
skills, experience, independence and knowledge of the company to
enable them to discharge their respective duties and responsibilities
effectively.
Accountability
The board should maintain sound risk management and internal control
systems. The board should establish formal and transparent
arrangements for considering how they should apply the corporate
reporting and risk management and internal control principles and for
maintaining an appropriate relationship with the company’s auditor.
Remuneration
Most large companies have an internal audit function, in which case the
audit committee should extend its monitoring role to include that
function, including the evaluation of the effectiveness of that function.
One of the key issues is that the audit committee should annually
assess the independence, objectivity and effectiveness of the external
audit process, considering of the ethical framework applicable in the
jurisdiction in which the organisation is operating. The audit committee
should report annually to the board on their assessment with a
recommendation on whether to propose to the shareholders that the
external auditor be reappointed. The audit committee section of the
annual report should also discuss the annual assessment of the external
audit process by the audit committee and also include information on
the length of tenure of the current audit firm, when a tender was last
conducted, and any contractual obligations that acted to restrict the
audit committee’s choice of external auditors.
In relation to potential threats to objectivity, the audit committee
should seek reassurance that the auditors and their staff have no
financial, business, employment or family and other personal
relationship with the company which could adversely affect the
auditor’s independence and objectivity. The audit committee should
seek from the audit firm, on an annual basis, information about policies
and processes for maintaining independence and monitoring
compliance with relevant requirements, including current requirements
regarding the rotation of audit partners and staff.
At the start of each annual audit cycle, the audit committee should
ensure that appropriate plans are in place for the audit. This includes
consideration of planned levels of materiality, and the proposed
resources to execute the plan, having regard also to the seniority,
expertise and experience of the audit team. In practice this means that
before any audit fieldwork takes place, the audit firm should meet with
the audit committee to discuss the audit strategy and audit plan,
demonstrating that auditing standards and quality control principles
have been adhered to in their development.
The audit committee should review, with the external auditors, the
findings of their work. In the course of its review, the audit committee
should discuss with the external auditor major issues that arose during
the course of the audit and have subsequently been resolved and those
issues that have been left unresolved; review key accounting and audit
judgements; and review levels of errors identified during the audit,
obtaining explanations from management and, where necessary, the
external auditors as to why certain errors might remain unadjusted.
The audit committee should review and monitor management’s
responsiveness to the external auditor’s findings and
recommendations. Thus, all key audit findings should be shared with
the audit committee and discussed with them as the audit progresses.
At the end of the annual audit cycle, the audit committee should assess
the effectiveness of the audit process, by:
reviewing whether the auditor has met the agreed audit plan and
understand the reasons for any changes, including changes in
perceived audit risks and the work undertaken by the external
auditors to address those risks
considering the robustness and perceptiveness of the auditors in
their handling of the key accounting and audit judgements
identified and in responding to questions from the audit
committee
obtaining feedback about the conduct of the audit from key
people involved, for example the finance director and the head of
internal audit
reviewing and monitoring the content of the external auditor’s
management letter (report to those charged with governance), in
order to assess whether it is based on a good understanding of
the company’s business and establish whether recommendations
have been acted upon and, if not, the reasons why they have not
been acted upon, and
reporting to the board on the effectiveness of the external audit
process.
In summary, the audit committee carefully monitors the conduct of the
audit, and plays an important part in ensuring the quality and rigour of
the external audit of the financial statements.
whether the skills and experience of the audit firm make it the
most suitable supplier of the non-audit service
whether there are safeguards in place to eliminate or reduce to
an acceptable level any threat to objectivity and independence in
the conduct of the audit resulting from the provision of such
services by the external auditor
the nature of the non-audit services
the fees incurred, or to be incurred, for non-audit services both
for individual services and in aggregate, relative to the audit fee,
and
the criteria which govern the compensation of the individuals
performing the audit.
The audit committee should set and apply a formal policy specifying the
types of non-audit service:
for which the use of the external auditor is pre-approved (i.e.
approval has been given in advance as a matter of policy, rather
than the specific approval of an engagement being sought before
it is contracted)
from which specific approval from the audit committee is required
before they are contracted, and
from which the external auditor is excluded.
Three stages :
PROCEDURES- acceptance;
After acceptance
It is not considered unethical for one firm to offer a lower fee than
another-however doing so may create self interest threat as the
auditor may try and keep their client happy simply in order to win other
contracts with them.
TENDERING is the process of quoting fee for work before the work
is carried out. Most tenders include a formal written representation
supported by an oral presentation. All presentations should be
dynamic, professional and within the limits of ethical framework.
Professional Appointment
1. Size
2. Overseas subsidiaries
3. Relevant expertise
4. Time pressure
5. Planned listing
6. Previous auditor
Confidentiality
Required by law
• Production of documents or other provision of evidence in
the course of legal proceedings
• To the appropriate public authorities of infringements of
the law identified
• E.g. tax evasion, money
Laundering
Conflicts of interest
Arise where an auditor acts for both a client company and
for a competitor company of the client. This situation is
acceptable where appropriate safeguards are implemented.
The firm must notify all affected clients of the conflict and
obtain their consent to act.
The proposed revisions to the Code explain that compliance with the
Code enables accountants to meet their responsibilities to act in the
public interest. In its explanatory memorandum, however, the IESBA
concedes that compliance with the Code, in itself, does not necessarily
mean that professional accountants discharge this responsibility in full.
The revisions also highlight the fact that professional accountants are
involved in a wide range of roles and acknowledge that organisations
involve professional accountants in these activities because they
recognise the skills and values that they bring to the activities they
undertake.
ISA 210 Agreeing the terms of Audit Engagement
ISA 220 Quality management for an audit of FS
The audit engagement team is required to plan and perform the audit
with professional scepticism, whilst exercising professional judgment in
order to ensure a quality audit is performed supporting the correct
audit opinion. An audit should be performed in such a way to mitigate
where there may be problems exercising appropriate professional
scepticism – eg those arising through unconscious bias (for example,
assuming the client is correct) or resource constraints. The audit
partner is ultimately responsible for the quality of the specific audit
which gives reasonable assurance that:
Two key areas where ISA220 (Revised) provides specific guidance over
and above that in ISQM 1 are those relating to engagement
resources and engagement performance. These topics are regularly
examined in the context of scenarios in a quality management
question. Whilst the full standard is examinable, candidates’ responses
in these two specific areas are often poorly constructed or vague and
hence a more detailed understanding of the requirements in this area
will be valuable.
Engagement resources
ISA220 (Revised) states that the audit engagement partner is
responsible for ensuring sufficient and appropriate resources are
available to the engagement team in a timely manner and in line with
the firms policies and procedures. This includes changes to resources
required as circumstances change during the audit. The partner is also
responsible for ensuring the engagement team and any external expert
and internal auditors providing direct assistance to the team have
appropriate competence to perform their assigned roles.
Exam focus
Candidates may be required to evaluate quality management issues in a
scenario and, are expected to be specific in their descriptions. See the
example described below:
Consider a situation where the audit supervisor was off work for health
reasons and the audit engagement manager was too busy to help out the
team performing the audit fieldwork. As a result, the audit juniors have been
left to perform all the audit procedures on their own including the
impairment of properties which were identified as high-risk during planning.
‘An audit junior has performed the audit of property impairments which
contain a high level of judgement when assessing managements
estimates. As this is an area identified as high risk at planning, and is
subjective, the junior may not have the technical knowledge to audit this
area and may have felt unable to challenge management sufficiently when
auditing this area. In the absence of the audit supervisor or more senior staff,
the junior will not have been able to consult on difficulties face whilst
following the audit programme and there has been a lack of supervision
which could mean any problems have not been picked up in a timely
manner. Overall, these factors will increase the risk that insufficient or
inappropriate evidence has been obtained in this area and a material
misstatement may not be identified’
The first answer has specific points of development, the latter has simply
identified the issue with no evaluation. This means the latter response
achieves fewer technical marks for demonstrating an understanding of the
issue and that it is not possible to assign analysis and evaluation marks.
The first answer will be more likely to obtain professional skill marks for
scepticism and judgement as they have demonstrated challenged the ability
of the junior to perform the task sufficiently to provide audit evidence. Note
that the first answer doesn’t just state that quality is poor, they
explain why this is audit area may not be performed with sufficient quality.
Engagement performance
Exam focus
Candidates are often required to evaluate quality deficiencies in an
audit, sometimes pre-issuance of the audit report, sometimes post-
issuance. The evaluation should refer to specific deficiencies and their
implications rather than make broad comments that the audit was not
properly supervised or reviewed. It would be expected that candidates
identify the specific instance where review was omitted or when more
supervision should have occurred and how that would have altered the
outcome of events.
Candidates should also note that without the analysis documented, it is not
possible to credit a reasoned conclusion so simply stating ‘a quality audit
was not performed’.
However, where an audit report has already been issued, the option to
qualify the audit report is not available, and other actions are required.
ISQM 1, Quality Management for Firms that Perform
Audits or Reviews of Financial Statements, or Other
Assurance or Related Services Engagements
ISQM 1 embeds this approach through a principle driven requirement
for firms to create a system of quality management (SoQM) which is
tailored to the firm and its client base. This scalability enables firms to
design a system which addresses their specific circumstances and risks .
By maintaining this tailored focus on risks and their mitigation, the firm
should be able to focus on ensuring the right engagement or audit
report is issued for each assignment. This may be due to more
competent and well-trained individuals performing complex or risky
audits, audit partners feeling more empowered to issue modified audit
reports, by ensuring acceptance procedures fully identify threats to
independence and ensure safeguards are enacted and many other
factors. The most crucial point is that this approach is tailored to
address the specific risks arising in specific firms and not expected to be
the same for every audit firm regardless of size or client portfolio.
Exam focus
In the AAA exam, candidates may be required to explain and/or evaluate a
firm’s risk assessment process and make recommendations for
improvement.
Exam focus
Candidates may be required to explain the importance of governance and
leadership in maintaining the SoQM or may be required to evaluate a
scenario’s weaknesses in this area, alongside recommendations for
improvement.
Not only must a firm ensure its own personnel understanding of and
compliance with relevant ethical requirements, for example, through
training and ethical declarations such as independence forms, firms
must also ensure that any component auditors in a group understand
and apply the ethical regulations applicable to the group auditor.
Relevant ethical requirements for a firm depend on the jurisdiction it
operates in; these may go beyond those set out in the
IESBA International Code of Ethics for Professional
Accountants (the Code). It is also the case that many firms will have in
place policies to mitigate ethical threats which go beyond the minimum
required by the Code and regulatory requirements of the jurisdiction in
which the firm operates: ISQM 1 requires firms to ensure these
requirements are also captured by the SoQM. For example, many firms
or jurisdictions prohibit the acceptance of gifts, even of trivial value.
Failure to adhere to the firm’s policies would be seen as a failure of its
SoQM despite not giving rise to a breach of the Code.
Exam focus
Candidates may be asked to appraise ethical threats arising in the
scenario, whilst also considering whether the firm is compliant with the
firm’s SoQM. The issues of quality management and ethical issues are
inherently interlinked and as such, they may need to consider the
significance of such threats and the availability of suitable safeguards within
the context of the engagement, the firm and the SoQM as well as other
available information. This enables candidates to obtain professional skills
marks in addition to the technical marks as they are recognising the inherent
ethical requirements regarding quality management on a firm wide basis.
Candidates may be asked to identify breaches of the SoQM which may not
breach the Code but are relevant to the given scenario addressing any
resulting implications for the engagement, the firm or making
recommendations to prevent future breaches.
Exam focus
Candidates may have to discuss the importance of acceptance and
continuation assessments or to apply the requirements of ISQM 1 in this
regard when evaluating whether to accept a new client, undertake
additional work for existing clients or accept reappointment for the audit of
a continuing client. The ISQM 1 framework provides a starting point for
evaluating the scenario and this may be extended into other professional
and commercial considerations. Candidates should consider legal,
regulatory, and ethical considerations as well as professional and availability
of resources when considering a new client engagement.
5. Engagement performance
Engagement teams must understand their responsibilities for ensuring
a quality audit. Less experienced engagement team members should be
appropriately supervised and reviewed. ISQM 1 specifically references
the need for the audit engagement partner to be sufficiently and
appropriately involved throughout the engagement.
Audit teams should ensure professional scepticism and judgement are
exercised. Processes should ensure professional scepticism and
judgement are exercised by engagement teams. If an audit team has
insufficient time to perform necessary procedures, or team members
are not experienced enough to challenge management or identify
misstatements, then detection risk increases and audit quality will be
compromised. For audits to be effective, and to maintain public trust,
they must be performed in such a way as to ensure the audit reports
issued are appropriate in the circumstances and that firms and their
personnel fulfil their responsibilities in accordance with applicable legal
and professional standards.
6. Resources
A firm must ensure that appropriate resources are available in a timely
manner. This includes employees with the required competence,
training, and capabilities to perform the engagements to which they are
assigned. Firms should ensure more experienced individuals to work on
areas of a complex nature requiring additional judgement and ensuring
sufficient review by senior team members or allowing adequate time to
do sufficient testing and analysis of the issues.
Exam focus
Candidates may have to evaluate scenarios where inappropriate resources
have been employed within an audit and make recommendations for
improvements to the firm’s SoQM.
Engagement performance
Exam focus
Candidates may have to evaluate scenarios with respect to these issues and
make recommendations for improvements to the firm’s SoQM in this area.
Candidates should remember that I&C is embedded within all aspects of a
SoQM and may not be isolated as a topic.
Exam focus
Candidates may have to explain how this contributes to continuous
improvement of a firm’s SoQM. Candidates may also take the role of a
reviewer performing this element of the process: identifying deficiencies and
making recommendations to remediate them.
Exam focus
Candidates may be required to identify situations where an EQR should be
performed either because it is required by legal or professional
requirements or because it is an appropriate response to a situation or
quality management risk arising in a scenario.
Exam focus
Understanding the full responsibilities of the reviewer will enable candidates
to evaluate a scenario to determine whether an EQR has been performed
as required and to identify where deficiencies in the process have occurred.
Documentation
Exam focus
Candidates may be required to evaluate whether sufficient appropriate
documentation exists within a scenario or recommend improvements to
the firm’s SoQM to mitigate any weaknesses.
The responsibility of the EQR process remains at the firm level and is
part of the wider SoQM as stipulated by ISQM 1. This ensures the
robustness of the EQR process leading to an improvement of audit
quality by assessing audit team’s professional scepticism when making
judgements and whether the audit evidence supports the final
conclusions
After the assembly of the final audit file has been completed, the
auditor should not delete or discard audit documentation before the
end of its retention period.
Professional scepticism
ISA 240 (Redrafted) stresses the importance of approaching the audit
with a degree of professional scepticism, an attitude which should be
heightened if there is a suspicion of fraudulent financial reporting.
Completeness of disclosures
In difficult economic times, management may be tempted to hide
information which may raise concerns about the company’s
performance. The auditor must therefore consider whether all relevant
information has been disclosed in the financial statements in
compliance with accounting standards.
Audit report
In cases where financial statements appear to have been misstated due
to earnings management or fraudulent financial reporting, the auditor
should carefully consider the implications for the audit report. The
problem for the auditor will be to decide whether any earnings
management is within generally accepted accounting principles (and so,
therefore, the financial statements are fairly presented), or whether it
is so aggressive that it is in breach of accepted accounting practice and
therefore fraudulent. A breach of financial reporting principles resulting
from the misapplication of accounting standards will result in a
disagreement and thus a potential qualification of the audit opinion.
The auditor is not, and cannot be, held responsible for preventing
NOCLAR. The fact that an audit is carried out may, however, act as a
deterrent. The auditor needs to consider the impact of any non-
compliance on the financial statements, and assess the risk of
material misstatement by considering the various laws and
regulations and gain an understanding of the legal and regulatory
framework in which entity operates comply with and what effect it
has on financial statements and how audit should respond:
The auditor has no formal responsibility for NOCLAR that has neither
a direct nor material effect on the financial statements, but should
respond appropriately should such cases be detected.
However, ISA 250 (revised) and the IESBA Code also emphasise that
withdrawal should not be used by firms as a substitute for
responding appropriately to any NOCLAR at a client (in other
words, the auditor cannot just keep quiet about any NOCLAR they
discover, regardless of how difficult it may be for them to do so).
The auditor’s report
Material misstatement
Where the auditor concludes that the non-compliance (such as
failing to disclose certain items within the financial statements) has a
material effect on the financial statements which have not been
amended, they should express a qualified or adverse opinion.
Relevant persons
The first step is to consider to whom the communication should be directed. ISA
260 does not specify this exactly, but states that ‘governance is the term used to
describe the role of persons entrusted with the supervision, control and direction
of an entity’. This implies that the communication should be with the highest level
of management, including the executive and non-executive directors, and the
audit committee, where relevant.
Matters to be communicated
In the second step, the auditor should consider the type of issues that should be
communicated. ISA 260 provides some guidance as to the matters which
ordinarily could be incorporated in the communication, including:
the overall approach and scope of the audit, including any limitations on
the scope of the audit
the accounting policies, and any changes to them, that could materially
affect the financial statements
adjustments arising as a result of audit procedures which could materially
impact the financial statements
material events or uncertainties which could jeopardise the going concern
status, and which require disclosure within the financial statements
disagreements with management over accounting treatments or
disclosures
any expected modifications to the audit report
material weaknesses discovered in the internal systems and controls.
Conclusion