Part A, B AND C

Part A &B :- Regulatory environment and professional

and ethical considerations
Part C :- Quality Management
Corporate governance
Corporate governance is the system by which organisations are
directed and controlled. It encompasses the relationship between the
board of directors, shareholders and other stakeholders, and the
effects on corporate strategy and performance. Corporate governance
is important because it looks at how these decision makers act, how
they can or should be monitored, and how they can be held to account
for their decisions and actions.

The published audited financial statements and related information are

therefore of key importance. They will usually be the main information
set to which shareholders and other stakeholders have access and this
is why having credible financial statements supported by the auditor’s
opinion is crucial.

Leadership

Every company should be headed by an effective board which is

collectively responsible for the long-term success of the company, and
should lead and control the company’s operations.

There should be a clear division of responsibilities at the head of the

company, which will ensure a balance of power and authority, such that
no one individual has unfettered powers of decision.
Non-executive directors should constructively challenge and help
develop proposals on strategy. The board should include a balance of
executive and non-executive directors such that no individual or small
group of individuals can dominate the board’s decision taking.
 

Effectiveness

The board and its committees should have the appropriate balance of
skills, experience, independence and knowledge of the company to
enable them to discharge their respective duties and responsibilities
effectively.

There should be a formal, rigorous and transparent procedure for the

appointment of new directors to the board. All directors should receive
induction on joining the board and should regularly update and refresh
their skills and knowledge.

All directors should be submitted for re-election at regular intervals,

subject to continued satisfactory performance.
 

Accountability

The board should present a balanced and understandable assessment

of the company’s position and prospects. For UK companies, this is also
required by the Companies Act 2006, which requires that the directors
disclose a business review as part of the directors’ report to be included
in the financial statements.

The board should maintain sound risk management and internal control
systems. The board should establish formal and transparent
arrangements for considering how they should apply the corporate
reporting and risk management and internal control principles and for
maintaining an appropriate relationship with the company’s auditor.
 

Remuneration

Levels of remuneration should be sufficient to attract, retain and

motivate directors of the quality required to run the company
successfully, but a company should avoid paying more than is necessary
for this purpose. A significant proportion of executive directors’
remuneration should be structured so as to link rewards to corporate
and individual performance.
 

Relations with shareholders

There should be a dialogue with shareholders based on the mutual

understanding of objectives. The board as a whole has responsibility for
ensuring that a satisfactory dialogue with shareholders takes place. The
board should use the Annual General Meeting to communicate with
investors and to encourage their participation.

The role of audit committees

The audit committee is such an important part of corporate governance

that it is the subject of its own guidance document in the UK, the
Financial Reporting Council’s Guidance on Audit Committees. The audit
committee should be made up of at least three independent non-
executive directors, one of whom should have recent and relevant
financial experience. The committee has many roles, including several
that are specifically related to the external auditor, which are discussed
below.
 

Review of published financial information

The audit committee should monitor the integrity of the company’s

financial statements and any formal announcements relating to the
company’s performance. Significant financial reporting judgements
should be specifically reviewed. This means that committee members
should scrutinise all published financial information, and question and
be ready to challenge the finance director and external auditors on any
contentious matters arising.
 

Systems and controls

The audit committee members have responsibility to review the

company’s internal financial controls and systems, and the risk
management systems, unless there is a separate risk committee.

Most large companies have an internal audit function, in which case the
audit committee should extend its monitoring role to include that
function, including the evaluation of the effectiveness of that function.

Where there is no internal audit function, the audit committee should

consider annually whether there is a need for internal audit and make a
recommendation to the board, and the reasons for the absence of such
a function should be explained in the relevant section of the annual
report.
 
Fraud prevention and detection

Finally, the audit committee plays a part in fraud prevention and

detection in that whistleblowing arrangements should be made so that
staff of the company may raise concerns about possible improprieties
in respect of financial reporting matters.
 

External auditors – general principles

The audit committee has specific responsibilities in respect of the

external auditors, including recommending the appointment,
reappointment and removal of the external auditor, approving fees
paid for audit and non-audit services, and agreeing on the terms of
engagement with the external auditor. A point specific to the UK
adapted paper is that following a revision to the UK Corporate
Governance Code in 2012, there is now a requirement for FTSE 350
companies to put the external audit out to tender every 10 years.

One of the key issues is that the audit committee should annually
assess the independence, objectivity and effectiveness of the external
audit process, considering of the ethical framework applicable in the
jurisdiction in which the organisation is operating. The audit committee
should report annually to the board on their assessment with a
recommendation on whether to propose to the shareholders that the
external auditor be reappointed. The audit committee section of the
annual report should also discuss the annual assessment of the external
audit process by the audit committee and also include information on
the length of tenure of the current audit firm, when a tender was last
conducted, and any contractual obligations that acted to restrict the
audit committee’s choice of external auditors.
In relation to potential threats to objectivity, the audit committee
should seek reassurance that the auditors and their staff have no
financial, business, employment or family and other personal
relationship with the company which could adversely affect the
auditor’s independence and objectivity. The audit committee should
seek from the audit firm, on an annual basis, information about policies
and processes for maintaining independence and monitoring
compliance with relevant requirements, including current requirements
regarding the rotation of audit partners and staff.
 

External auditors – the annual audit cycle

The audit committee should be involved at all stages of the audit, to

obtain comfort that a quality audit will be performed. The Guidance on
Audit Committee specifically requires the following to take place:

At the start of each annual audit cycle, the audit committee should
ensure that appropriate plans are in place for the audit. This includes
consideration of planned levels of materiality, and the proposed
resources to execute the plan, having regard also to the seniority,
expertise and experience of the audit team. In practice this means that
before any audit fieldwork takes place, the audit firm should meet with
the audit committee to discuss the audit strategy and audit plan,
demonstrating that auditing standards and quality control principles
have been adhered to in their development.

The audit committee should review, with the external auditors, the
findings of their work. In the course of its review, the audit committee
should discuss with the external auditor major issues that arose during
the course of the audit and have subsequently been resolved and those
issues that have been left unresolved; review key accounting and audit
judgements; and review levels of errors identified during the audit,
obtaining explanations from management and, where necessary, the
external auditors as to why certain errors might remain unadjusted.
The audit committee should review and monitor management’s
responsiveness to the external auditor’s findings and
recommendations. Thus, all key audit findings should be shared with
the audit committee and discussed with them as the audit progresses.

At the end of the annual audit cycle, the audit committee should assess
the effectiveness of the audit process, by:

 reviewing whether the auditor has met the agreed audit plan and
understand the reasons for any changes, including changes in
perceived audit risks and the work undertaken by the external
auditors to address those risks
 considering the robustness and perceptiveness of the auditors in
their handling of the key accounting and audit judgements
identified and in responding to questions from the audit
committee
 obtaining feedback about the conduct of the audit from key
people involved, for example the finance director and the head of
internal audit
 reviewing and monitoring the content of the external auditor’s
management letter (report to those charged with governance), in
order to assess whether it is based on a good understanding of
the company’s business and establish whether recommendations
have been acted upon and, if not, the reasons why they have not
been acted upon, and
 reporting to the board on the effectiveness of the external audit
process.
In summary, the audit committee carefully monitors the conduct of the
audit, and plays an important part in ensuring the quality and rigour of
the external audit of the financial statements.
 

External auditors – provision of non-audit services

Specifically, the audit committee should develop and implement a

policy on the engagement of the external auditor to supply non-audit
services, taking into account the relevant ethical principles and
requirements. The audit committee’s objective should be to ensure that
the provision of such services does not impair the external auditor’s
independence or objectivity. The audit committee should consider:

 whether the skills and experience of the audit firm make it the
most suitable supplier of the non-audit service
 whether there are safeguards in place to eliminate or reduce to
an acceptable level any threat to objectivity and independence in
the conduct of the audit resulting from the provision of such
services by the external auditor
 the nature of the non-audit services
 the fees incurred, or to be incurred, for non-audit services both
for individual services and in aggregate, relative to the audit fee,
and
 the criteria which govern the compensation of the individuals
performing the audit.

The audit committee should set and apply a formal policy specifying the
types of non-audit service:
  for which the use of the external auditor is pre-approved (i.e.
approval has been given in advance as a matter of policy, rather
than the specific approval of an engagement being sought before
it is contracted)
 from which specific approval from the audit committee is required
before they are contracted, and
 from which the external auditor is excluded.

One of the non-audit services specifically referred to in the Guidance on

Audit Committees is the provision of internal audit by the external
auditor. If the external auditor is being considered to undertake aspects
of the internal audit function, the audit committee should consider the
effect this may have on the effectiveness of the company’s overall
arrangements for internal control and investor perceptions in this
regard.
Money laundering:
It is a process by which criminals may attempt to conceal the origins
of the proceeds of criminal activity .The aim is to transform ‘dirty
money’ ,which can be tied to its criminal origin into ’clean’ money
which can be spent.

Three stages :

PLACEMENT: This is initial placing of ill-gotten cash into the financial

system.

LAYERING: This is the creation of layers of transactions which seek to

disguise the original origin of the placed cash.
INTEGRATION: This is the integration of money back into the legitimate
economy, so that the criminals can use it to make purchases or
investments.

PROCEDURES- acceptance;

 Obtaining evidence that the client exists , such as looking at the

certificate of incorporation and establishing the identities of all
directors
 Obtaining evidence of client business activity.
 Confirming the registered address (by obtaining headed paper)
 Obtaining a list of shareholders and directors

After acceptance

 The expected patterns of firms business.

 The business model of client.
 The source of the client’s funds

ANTI -MONEY LAUNDERING PROGRAMME

MLRO should be appointed who should occupy senior position in the
firm . Suspicions of money laundering are reported to the MLRO,
who then considers whether to pass them on the National Crime
Agency.

 INTERNAL CONTROL AND POLICIES : Members should ensure

their staff receive a regular training ,so that they are aware of
relevant legislation and what they must do if they suspect or
encounter money laundering.
 CUSTOMER DUE DILIGENCE(know your clients):it involves an
audit firm establishing the identity of clients, e.g. through
passports, and understanding the sources of clients income and
the rationale for business transactions.
  RECORDS: Maintain records of client identification procedures
and of any transactions, e.g. the recipient of payment of the
audit fee. This helps ensure that the auditor does not
inadvertently become involved in laundering money for its
clients.
 Reporting suspicious transactions : Where members know or
suspect that funds are the proceeds of crime or relate to
terrorist financing, they should request that their MLRO
promptly report their suspicions to the relevant authority (such
as the NCA in the UK).
 Tipping off: Members should not ‘tipp off’ a client that a report
has been made. If a suspicion has arisen during the course of
client identification procedures, members should take extra
care that carrying out those procedures will not tip off the
client. However, attempts to discourage a client from breaking
the law will not be seen as tipping off.

MONEY LAUNDERING REPORTING OFFICER(MLRO):

The MLRO is the internal person responsible for receiving and

evaluating reports of suspected money laundering , and for making
any reports to external bodies.

Report should include:

 Name of suspect, the amounts involved, the reasons for

suspicion and the whereabouts of any laundered cash.
 The report must be made as soon as possible ,as it is an offence
to not report suspicions as soon as practicable.
 The senior would also be allowed to discuss his suspicions with
the audit manager-in order to assure himself that his suspicions
were reasonable-but should alert the MLRO himself.
 LOW BALLING

It is practice of a firm quoting a significantly lower fee level for an

assurance service in order to secure the business with the intention of
later raising it or recovering the losses made on that engagement
with other ,more lucrative ,services.

Current guidance in the form of IESBA;s Code of Ethics states that

member can quote whatever fee is deemed appropriate.

It is not considered unethical for one firm to offer a lower fee than
another-however doing so may create self interest threat as the
auditor may try and keep their client happy simply in order to win other
contracts with them.

Professional competence and due care may be affected if the low

fee leads the firm to cut corners on the audit to cut corners on the
audit to try and minimise losses.

Safeguards to mitigate such threats could include making the client

aware of the terms of the engagement and basis on which fees are
charged and what services are covered by quoted fees, and also
assigning appropriate time and staff to the engagements.

TENDERING is the process of quoting fee for work before the work
is carried out. Most tenders include a formal written representation
supported by an oral presentation. All presentations should be
dynamic, professional and within the limits of ethical framework.

SPECIFIC RISKS OF BEING INVOLVED WITH THE TENDER INCLUDE:

 Wasted time if the audit tender is not accepted. the firm will
not be paid for the time spent putting the tender proposal
 together.
 Setting an uncommercial fee in order to win the contract
 Making unrealistic claims or promises in order to win the
contract.

MATTERS TO BE IN INCLUDED IN THE AUDIT PROPOSAL

1. Outline of audit firm: firm should be including a brief history

and a summary key information about the firm(e.g. the number
of partners and offices).
2. Client requirements: statutory audit requirements should be
stated ,to confirm that audit is needed it should be stated that
the audit must conform to ISAs. Any additional reporting
requirements should also be stated.
3. Audit Approach: The tender should outline the stages of an
audit. It should describe the proposed audit approach including
the firm’s audit methodology and should explain the audit is
risk-based ,involving an assessment of the company’s
accounting systems and internal controls.
4. Communications: The tender should outline the various
communications which will be made to management and
TCWG.
5. Deadlines: The tender should seek to clarify the timeframe for
the audit. The proposed deadline is 4 months may be
reasonable ,although if listed company it may be large and
potentially time consuming. if there are problems with the
audit e.g. Internal controls are less reliable than expected, the
audit may take longer.
6. Quality Control and ethics: It should state its adherence to
IESBA’s Code of Ethics for Professional Accountants, and to
International Standards on Quality Control .This will give
capitalist investor confidence in the auditor’s report that would
be issued.
7. Additional services: The tender should make mention of any
other non-audit services which audit firm is in position to
provide. It should be stated that these services can only be
provided subject to meeting the ethical requirements.

MATTERS TO BE CONSIDERED IN DETERMINING AUDIT FEE:

1. Commercial factors: The audit firm has commercial desire to

make a profit ,which it does by offering a fee which is high
enough to be profitable but low enough to attract business.it
must do this without compromising its professional
independence or its standards of quality.
2. Costs: The fee should be linked to costs incurred. The main cost
is the time spent by the audit team, so this component of the
fee is calculated using a charge -out rate which is multiplied by
the time spent. Basing the fee on the costs incurred is both
commercially sound and ethically relevant because it ensures
that the fee is sufficient to pay for the work that needs to be
done. Additional costs included in the audit fee are the fees of
any auditor’s expert.
3. Low fees :lowballing
4. Contingent fee: To link the audit fee to the success of the
company is to charge a contingent fee. This creates a self
interest threat. The threat is so significant that no safeguards
could reduce it to an acceptable level, so such an arrangement
should be entered into. The Acca’s position is that fess should
not be charged on a percentage ,contingency or similar basis.

Advertising and publicity

The Acca Rulebook states that it is acceptable in principle for
ACCA members to advertise their services, but there is
requirement that the advertising must not reflect adversely on:
  Member
 The ACCA, or
 The accountancy profession as a whole.

The rule state that advertisements and material should not:

 Bring the Acca into disrepute or bring discredit to the

member, firm or accountancy profession.
 Discredit the services offered by others whether by claiming
superiority for the member’s own services or otherwise.
 Be misleading, either directly or by implication.
 Fall short of the requirements of any relevant national
advertising standards Authority’s Code of Advertising
Practice ,notably as to legality ,decency, clarity, honesty, and
truthfulness.

Professional Appointment

Matters to consider before accepting engagement

1. Size
2. Overseas subsidiaries
3. Relevant expertise
4. Time pressure
5. Planned listing
6. Previous auditor

REASONS FOR NOT SEEKING RE-ELECTION

1. Disagreement with client

The auditor may have disagreed with the client in past,for
instance over accounting treatments. There is a possibility
that the relationship between auditor and the client could
break down, which would make it very difficulty to carry out
the audit effectively.
2. Resources
An auditor may find that it lacks the resources to carry out
an audit, perhaps because the client has grown rapidly so
that the firm lacks the staff to provide a big enough audit
team.
3. Competence
An auditor might believe itself not to be competent enough
to carry out the audit, perhaps because the client operates
in a industry with highly specialized accounting
requirements, in respect of which the firm lacks the
necessary expertise.
4. Ethics-management’s integrity
The auditor might feel that it has reason to doubt the
integrity of management, for instance because of a
breakdown in relationship, or an unproven suspected fraud.
This would lead to breakdown in the relationship between
auditor and management.
5. Ethics-Fee Level
The fees charged should include the recovery of an expenses
properly incurred by the audit staff in the course of the
engagement.

Threats & safeguards

Members are required to apply the conceptual framework
to identify threats to compliance with the fundamental
principles, to evaluate their significance and, if such threats
are other than clearly insignificant, to apply safeguards to
eliminate them or reduce them to an acceptable level such
that compliance with the fundamental principles is not
compromised
To evaluate the significance, consider materiality of the
matter, the seniority of the people involved, etc.

Confidentiality

Before disclosing, consider:

• Whether harm could be caused by the disclosure
• Whether all relevant information is known and
substantiated
• Whether the information is to be communicated to
appropriate recipients

Required by law
• Production of documents or other provision of evidence in
the course of legal proceedings
• To the appropriate public authorities of infringements of
the law identified
• E.g. tax evasion, money
Laundering

‘Disclosure permitted by law and authorized by the client or

employer’

Professional duty or right to disclose, when not prohibited

by law
• To comply with the quality review of ACCA or another
professional body
• To respond to an inquiry or investigation by ACCA or a
regulatory body
• To protect the professional interests of a professional
accountant in legal proceedings
• To comply with technical standards and ethics
requirements

Conflicts of interest
Arise where an auditor acts for both a client company and
for a competitor company of the client. This situation is
acceptable where appropriate safeguards are implemented.

The firm must notify all affected clients of the conflict and
obtain their consent to act.

Additional safeguards must be implemented.

Where the acceptance/continuance of an engagement

would, despite safeguards, materially prejudice the interests
of any clients, the appointment should not be
accepted/continued, or one of the appointments should be
discontinued

Safeguards against conflicts of interest

 Regular review of safeguards by an independent senior

partner/ compliance officer
 Use of different partners and teams of staff for
different engagements
 Information barriers
– to prevent leakage of confidential information
between different years and sections within the
firm
 Advising at least one or all clients to seek additional
advice last resort
Standards related :-
ISA 200 overall objectives of an independent auditor
and conduct of an audit in accordance with
international standards.
ISA 200 Overall Objective of the Independent Auditor, and the Conduct
of an Audit in Accordance with International Standards on
Auditing defines professional scepticism as ‘an attitude that includes a
questioning mind, being alert to conditions which may indicate possible
misstatement due to error or fraud, and a critical assessment of audit
evidence.’ In recent years there have been a number of calls for the
professional accountancy Standard-setting Boards to review the way in
which their existing guidance addresses ‘professional scepticism’ with a
view to strengthening the concept and requiring all professional
accountants to exercise it, rather than solely audit and assurance
practitioners.

As a result, the IESBA issued an exposure draft entitled Proposed

Revisions to the Code to Promote the Role and Mindset Expected of
Professional Accountants (the Exposure Draft). The Exposure Draft
proposes revisions to the International Code of Ethics for Professional
Accountants (the Code) which promote the role and mindset expected
of professional accountants. These proposals include the following:

 Highlighting the wide-ranging role in society of professional

accountants and the relationship which exists between
compliance with the Code and a professional accountant’s
responsibility to act in the public interest.
  Changes to the definitions of the fundamental principles of
objectivity and professional behaviour.

 The addition of new application material in respect of the

fundamental principle of integrity to include a determination to
act appropriately.

 Strengthening the Code through requiring professional

accountants to have an inquiring mind when applying the
conceptual framework and exercising professional judgement.

 Emphasising the importance of being aware of the dangers of bias

when carrying out professional work and of professional firms
having a positive, internal organisational culture.

The purpose of this article is to review and provide a summary of the

key proposals contained within the Exposure Draft.

Role and responsibility

The proposed revisions to the Code explain that compliance with the
Code enables accountants to meet their responsibilities to act in the
public interest. In its explanatory memorandum, however, the IESBA
concedes that compliance with the Code, in itself, does not necessarily
mean that professional accountants discharge this responsibility in full.
The revisions also highlight the fact that professional accountants are
involved in a wide range of roles and acknowledge that organisations
involve professional accountants in these activities because they
recognise the skills and values that they bring to the activities they
undertake.
ISA 210 Agreeing the terms of Audit Engagement
ISA 220 Quality management for an audit of FS

ISA220 (Revised) concerns the specific quality considerations for an

audit of financial statements and, hence, has a more limited scope that
ISQM 1 and ISQM 2 which are firm wide. Here the engagement team,
lead by the audit engagement partner is responsible for the compliance
with the standard as part of the firms SoQM. Specifically, they are
responsible for:

 implementing the firm’s policies and procedures in response to

quality risks applicable to the audit
 determining whether to devise and implement additional policies
and procedures beyond those of the firm
 communicating to the firm any information from the audit that is
required to be communicated by firm policies – eg independence
confirmations from the team, timesheets for the audit team,
raising of contentious issues with an EQR in a timely manner etc.

The audit engagement team is required to plan and perform the audit
with professional scepticism, whilst exercising professional judgment in
order to ensure a quality audit is performed supporting the correct
audit opinion. An audit should be performed in such a way to mitigate
where there may be problems exercising appropriate professional
scepticism – eg those arising through unconscious bias (for example,
assuming the client is correct) or resource constraints. The audit
partner is ultimately responsible for the quality of the specific audit
which gives reasonable assurance that:

 the audit has been conducted in accordance with professional

standards and applicable legal and regulatory requirements, and
  the auditor’s report issued is appropriate in the circumstances.

Two key areas where ISA220 (Revised) provides specific guidance over
and above that in ISQM 1 are those relating to engagement
resources and engagement performance. These topics are regularly
examined in the context of scenarios in a quality management
question. Whilst the full standard is examinable, candidates’ responses
in these two specific areas are often poorly constructed or vague and
hence a more detailed understanding of the requirements in this area
will be valuable.

Engagement resources
ISA220 (Revised) states that the audit engagement partner is
responsible for ensuring sufficient and appropriate resources are
available to the engagement team in a timely manner and in line with
the firms policies and procedures. This includes changes to resources
required as circumstances change during the audit. The partner is also
responsible for ensuring the engagement team and any external expert
and internal auditors providing direct assistance to the team have
appropriate competence to perform their assigned roles.
 

Exam focus
Candidates may be required to evaluate quality management issues in a
scenario and, are expected to be specific in their descriptions. See the
example described below:

Consider a situation where the audit supervisor was off work for health
reasons and the audit engagement manager was too busy to help out the
team performing the audit fieldwork. As a result, the audit juniors have been
left to perform all the audit procedures on their own including the
impairment of properties which were identified as high-risk during planning.

A well explained evaluation might be as follows:

‘An audit junior has performed the audit of property impairments which
contain a high level of judgement when assessing managements
estimates. As this is an area identified as high risk at planning, and is
subjective, the junior may not have the technical knowledge to audit this
area and may have felt unable to challenge management sufficiently when
auditing this area. In the absence of the audit supervisor or more senior staff,
the junior will not have been able to consult on difficulties face whilst
following the audit programme and there has been a lack of supervision
which could mean any problems have not been picked up in a timely
manner. Overall, these factors will increase the risk that insufficient or
inappropriate evidence has been obtained in this area and a material
misstatement may not be identified’

A weaker response might simply say:

‘Not enough resources were available. This is not a quality audit’

The first answer has specific points of development, the latter has simply
identified the issue with no evaluation. This means the latter response
achieves fewer technical marks for demonstrating an understanding of the
issue and that it is not possible to assign analysis and evaluation marks.

The first answer will be more likely to obtain professional skill marks for
scepticism and judgement as they have demonstrated challenged the ability
 of the junior to perform the task sufficiently to provide audit evidence. Note
that the first answer doesn’t just state that quality is poor, they
explain why this is audit area may not be performed with sufficient quality.

Engagement performance

Direction Supervision Review

Informing team • Tracking the progress Checking the audit
members of of work to
their responsibility to: the audit to ensure the ensure:
• Contribute to quality timetable can be met • The work has been
• Exercise • Considering the performed in
professional competence of the team accordance
scepticism • Addressing significant with professional
• Fulfil ethical matters arising and standards
requirements modifying the planned • Appropriate
• Perform procedures approach accordingly consultations
• Don’t allow budget or • Identifying matters for have taken place
resource constraints to consultation. • The work performed
reduce quality. supports the
conclusions
reached
• The evidence obtained
is
sufficient and
appropriate
to support the auditor’s
report.

ISA220 (Revised) provides specific guidance on the performance of

individual audits. The audit engagement partner is responsible for the
direction and supervision of the engagement team’s work and the
review of their work. In order to do this, the engagement partner must
determine that the audit is planned and performed in accordance with
the firm’s policies and procedures, professional standards and
applicable legal and regulatory requirements, and also that changes can
be made to the resources available to the team where circumstances
change.

The audit partner is expected to review the audit documentation

relating to significant matters and judgements, contentious issues and
the conclusions reached. This is performed at appropriate stages during
the audit. For example, the audit partner would be expected to review
the determination of materiality for the audit which would likely be
most appropriately reviewed at the planning stage of the audit. If
circumstances change and materiality is reassessed, then the audit
partner may be expected to review this during the audit itself. The
audit partner must also ensure that sufficient appropriate evidence has
been obtained to support the opinion in the auditor’s report before the
audit report is issued.

In addition to these responsibilities on each and every audit, it is also

required the partner takes responsibility for the audit team undertaking
consultation on difficult and contentious matters. This consultation may
be within the audit team, where a more junior member may seek
guidance from more senior team members or it may be external to the
team, either within the firm, for example with the firm’s own experts
and specialists or external to the firm.

The audit engagement partner is also required to ensure an

engagement quality reviewer is appointed where necessary and that
the engagement team cooperate with the reviewer, including ensuring
all significant matters and judgements arising with respect to the audit
are discussed with the reviewer. The audit partner should not date the
audit report until the EQR is complete and any differences of opinion
are resolved.
 

Exam focus
Candidates are often required to evaluate quality deficiencies in an
audit, sometimes pre-issuance of the audit report, sometimes post-
issuance. The evaluation should refer to specific deficiencies and their
implications rather than make broad comments that the audit was not
properly supervised or reviewed. It would be expected that candidates
identify the specific instance where review was omitted or when more
supervision should have occurred and how that would have altered the
outcome of events.

Candidates should also note that without the analysis documented, it is not
possible to credit a reasoned conclusion so simply stating ‘a quality audit
was not performed’.

Actions proposed by candidates in response to the quality management

issues identified must be appropriate for the stage in the audit. A review
identifying a lack of evidence prior to the issuance of the audit report can be
mitigated by obtaining that evidence before signing the audit report,
identifying a material misstatement at this stage can lead to a qualification
of the audit report.

However, where an audit report has already been issued, the option to
qualify the audit report is not available, and other actions are required.
ISQM 1, Quality Management for Firms that Perform
Audits or Reviews of Financial Statements, or Other
Assurance or Related Services Engagements
ISQM 1 embeds this approach through a principle driven requirement
for firms to create a system of quality management (SoQM) which is
tailored to the firm and its client base. This scalability enables firms to
design a system which addresses their specific circumstances and risks . 

The SoQM must address eight components

Elements of a quality management system
Elements Key features
Leadership responsibilities • Engagement partner responsible for
managing and achieving quality
• All team members responsible for
quality
• Open and robust communication
• Professional scepticism
Ethical requirements Identify, evaluate, and address threats
• Remain alert for ethical breaches
throughout engagement
Acceptance &continuance Integrity and ethics of client
• Sufficient and appropriate resources
available
• Competence and capabilities of team
Engagement resources Human – experience & expertise,
professional scepticism & judgment
• Technological – communication,
automated tools & techniques
• Intellectual – consistent application of
professional standards
Engagement performance • Direction
• Supervision
• Review
• Engagement quality review – pre-
issuance review of significant judgments
and conclusions
Monitoring & remediation • Monitor the firm’s quality system
• Evaluate severity of deficiencies,
investigate root cause
• Remediate deficiencies responsive to
root cause
• Perform annual evaluation
Overall Prior to dating auditor’s report, partner
responsibility ensures their involvement has been
sufficient and appropriate
• Timely review of work, evidence of
partner’s direction and supervision
Documentation • Conclusions reached in respect of
fulfilment of quality responsibilities
• Conclusions resulting from
consultations
• Confirmation that an EQR has been
completed on or before the date of
the auditor’s report (if applicable)

1. Firm’s risk assessment process 

Firms must design and implement a risk assessment process that sets
quality objectives and identifies risks. The firm’s specific situation and
environment is considered and will include the technologies employed
by the firm, their networks, and any external service providers. This is
an ongoing monitoring process rather than one-off, enabling the SoQM
to adapt with any changes.
This approach will allow the firm to tailor to address the specific risks
within their firm, and it will vary according to the size of the audit firm
and their client portfolio.

By maintaining this tailored focus on risks and their mitigation, the firm
should be able to focus on ensuring the right engagement or audit
report is issued for each assignment. This may be due to more
competent and well-trained individuals performing complex or risky
audits, audit partners feeling more empowered to issue modified audit
reports, by ensuring acceptance procedures fully identify threats to
independence and ensure safeguards are enacted and many other
factors. The most crucial point is that this approach is tailored to
address the specific risks arising in specific firms and not expected to be
the same for every audit firm regardless of size or client portfolio.
 

Exam focus
In the AAA exam, candidates may be required to explain and/or evaluate a
firm’s risk assessment process and make recommendations for
improvement.

2. Governance and leadership

Firms should create an environment which demonstrates a
commitment to quality through its culture and recognises its role in
serving the public interest. This responsibility is firm wide rather than at
the individual audit level, with the chief executive or managing partner
assigned the responsibility and accountability for the SoQM. This
should ensure the ‘tone at the top’ enforces a commitment to quality
and ethics across the whole firm. 
Systems and policies should be in place to reward commitment to
quality rather than focusing on client retention and engagement profit.
This should allow audit engagement partners to challenge client
judgements without fear of the negative consequences of losing the
revenue arising from the loss of the client. In this way, all employees of
the firm are supported to fulfil their legal and regulatory requirements
without undue commercial pressures or self-interest resulting in
inappropriate decision making.
 

Exam focus
Candidates may be required to explain the importance of governance and
leadership in maintaining the SoQM or may be required to evaluate a
scenario’s weaknesses in this area, alongside recommendations for
improvement.

3. Relevant ethical requirements

The SoQM should include objectives and policies for ensuring the
fulfilment of ethical requirements. These processes will again differ
depending on firm size and client portfolio; the scalability of the
standard requires firms to have in place mitigations for ethical risks
arising which are appropriate to the firm rather than a fixed response
to a given risk. 

Not only must a firm ensure its own personnel understanding of and
compliance with relevant ethical requirements, for example, through
training and ethical declarations such as independence forms, firms
must also ensure that any component auditors in a group understand
and apply the ethical regulations applicable to the group auditor. 
Relevant ethical requirements for a firm depend on the jurisdiction it
operates in; these may go beyond those set out in the
IESBA International Code of Ethics for Professional
Accountants (the Code). It is also the case that many firms will have in
place policies to mitigate ethical threats which go beyond the minimum
required by the Code and regulatory requirements of the jurisdiction in
which the firm operates: ISQM 1 requires firms to ensure these
requirements are also captured by the SoQM. For example, many firms
or jurisdictions prohibit the acceptance of gifts, even of trivial value.
Failure to adhere to the firm’s policies would be seen as a failure of its
SoQM despite not giving rise to a breach of the Code. 

Scalability of the standard enables firms to mitigate for ethical risks

arising which are appropriate to the firm, for example, a firm which is
part of a large network will require more detailed processes to identify
possible conflicts of interest between clients than those in a smaller
firm.
 

Exam focus
Candidates may be asked to appraise ethical threats arising in the
scenario, whilst also considering whether the firm is compliant with the
firm’s SoQM. The issues of quality management and ethical issues are
inherently interlinked and as such, they may need to consider the
significance of such threats and the availability of suitable safeguards within
the context of the engagement, the firm and the SoQM as well as other
available information. This enables candidates to obtain professional skills
marks in addition to the technical marks as they are recognising the inherent
ethical requirements regarding quality management on a firm wide basis. 

Candidates may be asked to identify breaches of the SoQM which may not
 breach the Code but are relevant to the given scenario addressing any
resulting implications for the engagement, the firm or making
recommendations to prevent future breaches.

4. Acceptance and continuance of client relationships

ISQM 1 places additional emphasis on the procedures addressing client
acceptance and continuance of existing business relationships. Firms
must assess the integrity and ethical values of the client and its
management, as well as the firm’s ability to perform the engagement
within legal and professional requirements. The SoQM should ensure
that the firm’s financial and operational priorities do not lead to
inappropriate judgements when deciding whether to accept or
continue with a client engagement. The decision to continue with or
accept a new client should focus on the firm’s ability to provide a
quality engagement.

Existing business relationships should be reassessed at the start of each

new year prior to reappointment as auditor. This may mean performing
fresh identity checks, reperformance of independence declarations of
employees, and re-evaluating conflicts of interest and/or competence
to perform the audit. It will also involve assessing whether new
information, had it been known at point of acceptance, would have
prevented the firm from accepting the client. For example, a client
involved in breaches of regulations may not be a client with values
compatible with the audit firm.
 

Exam focus
Candidates may have to discuss the importance of acceptance and
continuation assessments or to apply the requirements of ISQM 1 in this
regard when evaluating whether to accept a new client, undertake
additional work for existing clients or accept reappointment for the audit of
a continuing client. The ISQM 1 framework provides a starting point for
evaluating the scenario and this may be extended into other professional
and commercial considerations. Candidates should consider legal,
regulatory, and ethical considerations as well as professional and availability
of resources when considering a new client engagement.

Candidates should be aware that the ability to perform the engagement

within legal and professional requirements will incorporate legal, regulatory,
and ethical considerations, including the availability of resources when
considering a new client engagement. and requirements covering
acceptance may be extended into other professional and commercial
considerations.

The cyclical nature of continuation considerations means that this aspect of

quality management may impact questions at all stages of the audit process
and the considerations regarding client acceptance are likely to apply to
audit and non-audit assignments.

5. Engagement performance
Engagement teams must understand their responsibilities for ensuring
a quality audit. Less experienced engagement team members should be
appropriately supervised and reviewed. ISQM 1 specifically references
the need for the audit engagement partner to be sufficiently and
appropriately involved throughout the engagement.
Audit teams should ensure professional scepticism and judgement are
exercised. Processes should ensure professional scepticism and
judgement are exercised by engagement teams. If an audit team has
insufficient time to perform necessary procedures, or team members
are not experienced enough to challenge management or identify
misstatements, then detection risk increases and audit quality will be
compromised. For audits to be effective, and to maintain public trust,
they must be performed in such a way as to ensure the audit reports
issued are appropriate in the circumstances and that firms and their
personnel fulfil their responsibilities in accordance with applicable legal
and professional standards. 

The SoQM should ensure that teams can consult on contentious

matters; differences of opinion within the engagement team are
addressed and any issues raised by the engagement quality reviewer
are brought to the attention of the firm and resolved.

Further detail on these aspects will be addressed in the second article

where ISA 220 (Revised) will be examined, including examples of how
these may be examined.

6. Resources
A firm must ensure that appropriate resources are available in a timely
manner. This includes employees with the required competence,
training, and capabilities to perform the engagements to which they are
assigned. Firms should ensure more experienced individuals to work on
areas of a complex nature requiring additional judgement and ensuring
sufficient review by senior team members or allowing adequate time to
do sufficient testing and analysis of the issues.

Consideration should be made to use independent experts where the

firm does not have appropriate personnel, or if the firm requires
additional specialist technological resources.
 

Exam focus
Candidates may have to evaluate scenarios where inappropriate resources
have been employed within an audit and make recommendations for
improvements to the firm’s SoQM.

7. Information and communication  

Information and communication are required to enable other
components of the SoQM to operate. This includes obtaining,
generating and using information and communicating the information
within the firm, for example, communicating policies to personnel,
communication of information obtained during an audit with an
engagement quality reviewer, or communication between group and
component auditors. It also includes external communications such as
to TCWG or a regulator. 

ISQM 1 considers information and communication to be pervasive to all

components of the SoQM as without it, the system cannot operate. The
full range of information and communications within the SoQM is
extensive; the boxed text below considers just a few examples in some
of the elements of ISQM 1 for context.

Ethical and professional requirements

 The firm’s policies on ethics

 Training material
 Registers of training undertaken
 Completed independence declarations
Client acceptance and continuation

 Risk assessments documented

 Client identity documents obtained and stored
 Engagement letters issued

Engagement performance

 Audit programmes devised/produced

 Role assignments delegated and recorded
 Client information obtained and input into automated audit tools
 Conclusions documented in audit file
 Reports to management and TCWG

Communications should be made in a timely manner supporting the

firm’s culture to exchange information where appropriate, for example
where an ethical threat precludes the assignment of a team member to
a specific client, the team member would be expected to inform the
firm.

ISQM 1 also makes specific reference to external communications

required to maintain audit quality. This includes communication within
the firm’s network and with service providers, communications
required by law or professional standards, such as when there is a
specific requirement to report a client’s non-compliance with certain
laws and regulations to TCWG.
 

Exam focus
Candidates may have to evaluate scenarios with respect to these issues and
make recommendations for improvements to the firm’s SoQM in this area.
Candidates should remember that I&C is embedded within all aspects of a
SoQM and may not be isolated as a topic.

8. Monitoring and remediation process

Firms must put in place a process for monitoring the SoQM’s
effectiveness and ensure deficiencies are identified in a timely manner,
allowing corrective actions to be implemented. This process is a
continuous cycle which firms are specifically required to undertake. 
 

Exam focus
Candidates may have to explain how this contributes to continuous
improvement of a firm’s SoQM. Candidates may also take the role of a
reviewer performing this element of the process: identifying deficiencies and
making recommendations to remediate them.

ISQM2 Engagement of quality reviews

ISQM 2, Engagement Quality Reviews

An engagement quality review (EQR) is an integral part of the audit

process for many audits. An EQR is defined by the IAASB as an
‘objective evaluation of significant judgements made by the
engagement team and the conclusions reached thereon, performed by
the engagement quality reviewer (the reviewer) and completed on or
before the date of the engagement report'.1
Candidates should note this is a very specific term and should avoid the
use of ‘second partner review’, ‘concurring review’, ‘independent
partner review’ or ‘hot review’ in the exam as these terms are subject
to different interpretations and may not mean the same thing.
Candidates should also be aware, when proposing an EQR, that they
specify which engagement would be subject to such a review if the
firm is providing more than one service.

ISQM 2 aims to ensure the right person is appointed to perform the

review and clarifies the responsibilities associated with the role. It seeks
to emphasise the importance of, and to improve the effectiveness of,
EQRs.

ISQM 1 details the requirements when an engagement is subject to an

EQR.

Scope of engagement quality reviews

ISQM 1 requires firms conduct an EQR on audits of listed companies,

audits and other engagements where an EQR is required by law or
regulations and audits or other engagements for which the firm
determines that an EQR is an appropriate response to address one or
more quality risks. Examples of this include:

 Audits which involve a high level of complexity or judgement due

to significant accounting judgements with high degrees of
uncertainty, such as banks or oil exploration companies or where
specialised skills and knowledge is required to evaluate underlying
subject matter such as greenhouse gas emissions.

 Audits where significant issues have been encountered, such as a

material restatement of comparatives.
  Audits or engagement for which unusual circumstances have
been identified during acceptance and continuance procedures,
such as a disagreement with the previous auditor.

 Engagements involving reporting to be included in regulatory

findings which may contain a high degree of judgement, such as a
listing prospectus.

 Audits and engagements for which the firm has no prior

experience.

 The use of an EQR to mitigate ethical threats identified.

 

Exam focus
Candidates may be required to identify situations where an EQR should be
performed either because it is required by legal or professional
requirements or because it is an appropriate response to a situation or
quality management risk arising in a scenario.

Appointment and eligibility of engagement quality reviewers

To ensure the effectiveness of an EQR, it is important that the person

performing the review is appropriate. ISQM 2 provides guidance on
who is eligible to be appointed to this role:

 An engagement quality reviewer (‘reviewer’) cannot be a member

of the audit engagement team so that they remain objective and
independent of the audit. The reviewer needs to consider
whether the audit team has applied appropriate professional
 scepticism. A two-year cooling off period is required before an
audit engagement partner can act as a reviewer for their former
client.

 The reviewer must be competent and capable of performing the

role including understanding the legal and professional
framework, firm policies relevant to the engagement and have an
appropriate knowledge of the client industry. They should have an
understanding and experience of similar engagements and
understand the responsibilities in performing and documenting an
EQR.

 Reviewers must have appropriate authority within the firm to

allow them to challenge the audit engagement partner. The
culture of the firm should be one where the views of the
engagement quality reviewer are treated with respect and not
subject to influence or pressure from the audit engagement
partner.

 The reviewer must comply with relevant ethical requirements and

the provisions of laws and regulations relevant to the jurisdiction
in which they are operating. In the same way that an audit partner
may be impacted by intimidation by a client, and reviewer may be
impacted by intimidation, for example if the audit partner for the
client is aggressive or dominant individual or the reviewer has a
reporting line to the engagement partner.

 The reviewer may be a member of the audit firm or external to

the firm.
 
Exam focus
Candidates may be required to demonstrate an understanding of why these
criteria are in place either through discussion, or through application to a
scenario, for example, recognising and explaining where an ineligible person
has assigned the role of the reviewer or has been prevented from
performing their role effectively.

Responsibilities of the engagement quality reviewer

In order to enhance the robustness of the EQR process, ISQM 2 clarifies

the responsibility of the reviewer. There is a requirement to perform
procedures at different points in time during the engagement, so the
reviewer may be involved during the planning stage as well as during
the audit, rather than just at the completion stage.

The reviewer is required to review and understand the significant

judgements made by the engagement team. They will assess whether
the audit engagement documentation supports those judgements and
whether the conclusions reached are appropriate. In doing so, the
review will specifically evaluate whether the engagement team has
exercised professional scepticism in reaching those conclusions.

The reviewer is also required to evaluate:

 the engagement partner’s determination that independence

requirements have been fulfilled, and
 whether appropriate consultation has taken place on difficult or
contentious matters.
  Whether the engagement partner has sufficient and appropriate
involvement on the audit engagement to be able to assess the
judgements and conclusions reached by the engagement team.

ISQM 2 also includes a ‘stand back’ requirement for the reviewer to

determine whether all the requirements for the EQR have been met
and whether the review is complete. An audit report cannot be dated
before the reviewer determines the process is complete.
 

Exam focus
Understanding the full responsibilities of the reviewer will enable candidates
to evaluate a scenario to determine whether an EQR has been performed
as required and to identify where deficiencies in the process have occurred.

Documentation

ISQM 2 specifically requires the reviewer to be responsible for the

documentation of the EQR which must be filed with the audit
documentation. This must be sufficient to allow an experienced
practitioner, having no previous connection to the engagement to
understand the nature, timing and extent of the EQR procedures
performed. Individual firms may have policies and procedures that go
further than this as part of the System of Quality Management (SoQM)
of the firm.
 

Exam focus
Candidates may be required to evaluate whether sufficient appropriate
documentation exists within a scenario or recommend improvements to
 the firm’s SoQM to mitigate any weaknesses.

Importance of the EQR

The responsibility of the EQR process remains at the firm level and is
part of the wider SoQM as stipulated by ISQM 1. This ensures the
robustness of the EQR process leading to an improvement of audit
quality by assessing audit team’s professional scepticism when making
judgements and whether the audit evidence supports the final
conclusions

ISA 230 Audit Documentation

ISA 230, Audit Documentation states that the objective (1) of the
auditor is to prepare documentation that provides:
A sufficient and appropriate record of the basis for the auditor’s report,
and
Evidence that the audit was planned and performed in accordance with
ISAs and applicable legal and regulatory requirements.
The auditor should prepare the audit documentation on a timely basis
and in such a way so as to enable an experienced auditor, having no
previous connection with the audit, to understand:
The nature, timing, and extent of the audit procedures performed to
comply with ISAs and applicable legal and regulatory requirements
The results of the audit procedures and the audit evidence obtained,
and
Significant matters arising during the audit, the conclusions reached
and significant judgments made in reaching those conclusions.
In documenting the nature, timing, and extent of audit procedures
performed, the auditor should record the identifying characteristics of
the specific items or matters being tested.

The auditor should document discussions of significant matters with

management and others on a timely basis.

If the auditor has identified information that contradicts or is

inconsistent with the auditor’s final conclusion regarding a significant
matter, the auditor should document how the auditor addressed the
contradictions or inconsistency in forming the final conclusion.

Where, in exceptional circumstances, the auditor judges it necessary to

depart from a basic principle or an essential procedure that is relevant
in the circumstances of the audit, the auditor should document how
the alternative audit procedures performed achieve the objective of the
audit, and, unless otherwise clear, the reasons for the departure.

In documenting the nature, timing, and extent of audit procedures

performed, the auditor must record:
The identifying characteristics of the specific items or matters tested
Who performed the audit work and the date such work was completed,
and
Who reviewed the audit work and the date and extent of such review
(2).
The auditor should complete the assembly of the final audit file on a
timely basis after the date of the auditor’s report.

After the assembly of the final audit file has been completed, the
auditor should not delete or discard audit documentation before the
end of its retention period.

When the auditor finds it necessary to modify existing audit

documentation or add new audit documentation after the assembly of
the final file has been completed, the auditor should, regardless of the
nature of the modifications or additions, document:
The specific reasons for making them, and
When and by whom they were made and reviewed.
When exceptional circumstances arise after the date of the auditor’s
report that require the auditor to perform new or additional audit
procedures, or that lead the auditor to reach new conclusions, the
auditor should document:
The circumstances encountered
The new or additional audit procedures performed, audit evidence
obtained, and conclusions reached, and their effect on the auditor’s
report
When and by whom the resulting changes to audit documentation
were made, and (where applicable) reviewed.
The requirements of the ISA guide the auditor to produce audit
documentation that is of an acceptable standard. Understanding and
applying the requirements will protect the auditor from unwelcome
and unnecessary litigation.

ISA 240 The Auditor’s Responsibilities Relating to Fraud

in an Audit of Financial Statements
 ISA 240 (Redrafted), The Auditor’s Responsibilities Relating to Fraud in
an Audit of Financial Statements, this is an example of fraudulent
financial reporting.

ISA 240 (Redrafted) states that ‘incentive or pressure to commit

fraudulent financial reporting may exist when management is under
pressure, from sources outside or inside the entity, to achieve an
expected (and perhaps unrealistic) earnings target or financial outcome
– particularly since the consequences to management for failing to
reach financial goals can be significant’. It can therefore be seen that in
times of financial difficulty, such as the current economic downturn,
management may feel pressurised into the non-disclosure of items that
may detract from the company’s performance during the year, or into
the use of accounting policies which produce deliberately misstated
results for the year.

Earnings management and fraudulent financial reporting are discussed

more fully in an article in Student Accountant(2), which can be found on
the ACCA website.

What are the implications to the auditor?

Professional scepticism
ISA 240 (Redrafted) stresses the importance of approaching the audit
with a degree of professional scepticism, an attitude which should be
heightened if there is a suspicion of fraudulent financial reporting.

Discussion among the audit team

In accordance with ISA 315, (Redrafted) Identifying and Assessing the
Risks of Material Misstatement Through Understanding the Entity and
its Environment, ISA 240 (Redrafted) re-emphasises the fact that the
audit team should have a discussion about those factors that indicate
that the financial statements may be susceptible to misstatement due
to fraud.

Evaluation of accounting policies

When assessing the risk of fraudulent financial reporting, particular
attention should be paid to the selection and application of accounting
policies. Particular attention should focus on those policies relating to
complex transactions, and to subjective matters. All accounting policies
and estimates should be carefully reviewed for potential bias. The
circumstances resulting in any bias may represent a risk of
misstatement due to a fraudulent financial reporting.

Completeness of disclosures
In difficult economic times, management may be tempted to hide
information which may raise concerns about the company’s
performance. The auditor must therefore consider whether all relevant
information has been disclosed in the financial statements in
compliance with accounting standards.

Audit report
In cases where financial statements appear to have been misstated due
to earnings management or fraudulent financial reporting, the auditor
should carefully consider the implications for the audit report. The
problem for the auditor will be to decide whether any earnings
management is within generally accepted accounting principles (and so,
therefore, the financial statements are fairly presented), or whether it
is so aggressive that it is in breach of accepted accounting practice and
therefore fraudulent. A breach of financial reporting principles resulting
from the misapplication of accounting standards will result in a
disagreement and thus a potential qualification of the audit opinion.

Reporting to those charged with governance

Instances of fraudulent financial reporting should be communicated to
those charged with governance on a timely basis. The relevant audit
procedures necessary to complete the audit should also be discussed.

Other reporting responsibilities

ISA 240 (Redrafted) indicates that where fraud has occurred, the
auditor should consider other reporting responsibilities, such as
communications with regulatory and enforcement authorities. In many
jurisdictions, it would also be appropriate to communicate with
shareholders, for example at a general meeting of members.

ISA 250 Laws and regulations

Companies are increasingly subject to laws and regulations with which
they must comply.
Here are some examples: Company Law, Employment Law, Health and
safety regulation, Environmental law and regulation Civil law .
MANAGEMENT’S RESPONSIBILITY
It is management’s responsibility to ensure that the entity’s
operations are conducted in accordance with laws and regulations.
The responsibility for the prevention and detection of non-
compliance also rests with management.

In larger entities, these policies and procedures may be supplemented

by assigning appropriate responsibilities to:
 An internal audit function
 An audit committee
 A compliance function
AUDITOR ‘S RESPONSIBILITY
When designing and performing audit procedures and in evaluating
and reporting the results thereof, the auditor should recognise that
non-compliance by the entity with law or regulations may materially
affect the financial statements.

The auditor is not, and cannot be, held responsible for preventing
NOCLAR. The fact that an audit is carried out may, however, act as a
deterrent. The auditor needs to consider the impact of any non-
compliance on the financial statements, and assess the risk of
material misstatement by considering the various laws and
regulations and gain an understanding of the legal and regulatory
framework in which entity operates comply with and what effect it
has on financial statements and how audit should respond:

 Those that have a direct effect on determining material amounts

in the financial statements (such as tax laws) require the auditor
to obtain evidence of compliance.
 Those that are fundamental to the operating aspects of the client
which have a material (but not direct) effect on the financial
statements (such as compliance with an operating licence) require
the auditor to undertake procedures to identify any non-
compliance.

The auditor has no formal responsibility for NOCLAR that has neither
a direct nor material effect on the financial statements, but should
respond appropriately should such cases be detected.

Withdrawal from the engagement

The auditor may conclude that withdrawal from the engagement is
necessary when the entity does not take the remedial action that
the auditor considers necessary in the circumstances, even when
NOCLAR is not material to the financial statements.

However, ISA 250 (revised) and the IESBA Code also emphasise that
withdrawal should not be used by firms as a substitute for
responding appropriately to any NOCLAR at a client (in other
words, the auditor cannot just keep quiet about any NOCLAR they
discover, regardless of how difficult it may be for them to do so).
The auditor’s report
Material misstatement
Where the auditor concludes that the non-compliance (such as
failing to disclose certain items within the financial statements) has a
material effect on the financial statements which have not been
amended, they should express a qualified or adverse opinion.

Insufficient or inappropriate audit evidence

Where adequate information about compliance or suspected non-

compliance cannot be obtained (either due to obstruction by the
client or any other circumstance), the auditor may need to express a
qualified opinion or disclaimer of opinion due to inability to obtain
sufficient, appropriate audit evidence

260, Communication of Audit Matters With Those

Charged With Governance

Relevant persons

The first step is to consider to whom the communication should be directed. ISA
260 does not specify this exactly, but states that ‘governance is the term used to
describe the role of persons entrusted with the supervision, control and direction
of an entity’. This implies that the communication should be with the highest level
of management, including the executive and non-executive directors, and the
audit committee, where relevant.

Matters to be communicated
In the second step, the auditor should consider the type of issues that should be
communicated. ISA 260 provides some guidance as to the matters which
ordinarily could be incorporated in the communication, including:
  the overall approach and scope of the audit, including any limitations on
the scope of the audit
 the accounting policies, and any changes to them, that could materially
affect the financial statements
 adjustments arising as a result of audit procedures which could materially
impact the financial statements
 material events or uncertainties which could jeopardise the going concern
status, and which require disclosure within the financial statements
 disagreements with management over accounting treatments or
disclosures
 any expected modifications to the audit report
 material weaknesses discovered in the internal systems and controls.

Other relevant matters to be communicated

 details of any threats to independence and objectivity, and of any

safeguards adopted
 explanations of the audit approach used (for example, the concept of
materiality and its application to the audit process)
 a summary of business risks identified, including an assessment of the
likelihood of the risks materialising
 a review of the contents of the management’s representation letter
 recommendations, where relevant, to help improve the entity’s internal
systems and controls.

Conclusion

The communication with those charged with governance should be viewed as a

crucial reporting ‘output’ of the audit. It allows management to be informed of
significant matters arising from the audit process, and allows management the
chance to respond to the auditor regarding these matters, and to take action to
improve the accounting and financial reporting function of the entity.
REPORT TO TCWG
ISA 265 Communicating deficiencies in IC to TCWG
requires:
1.Auditor to communicate significant deficiencies in IC to TCWG.
2.In deciding whether a control deficiency is significant, one of matters which
should be considered is the importance of the control to the financial reporting
process.
3.Controls over the period -end financial reporting process such as non-recurring
journal entries can be important as they often deal with one-off material matters
which are being accounted for outside the normal accounting system.

4.The written communication of a significant deficiency should include a

description of the deficiency ,details of its possible effects, and recommendations
of how management might seek to correct it.