Aa Acca Study Hub Resources

CHAPTER 1: Visual Overview
Visual Overview
Objective: To introduce the concepts of audit and assurance engagements.
1.1.1 External Audit

1.1 External Audit
During the middle of the 19th century, the development of joint-stock corporations
required directors to report to the shareholders whose capital they managed.
As ownership and management became significantly separated, shareholders (and in
today's corporate environment, other stakeholders) required independent verification
that what the directors (management) reported was true.
Key Point
The objective of an external audit is to express an opinion (in terms of truth and
fairness) on whether the financial statements are prepared, in all material
respects, in accordance with an identified reporting framework (e.g. International
Financial Reporting Standards) and the relevant law.
 Statutory audits (i.e. carried out according to statutory provisions) became mandatory for
companies in the UK in 1900. The auditor was required to be independent of the company,
hence an external auditor.
 Initially, the purpose of an audit was to detect fraud, technical errors and errors of principle.
However, as the size and complexity of companies grew, case law developed the principle
that it was unreasonable to expect auditors to detect all aspects of fraud, even though they
were expected to exercise reasonable skill and care.
 As companies grew, with many becoming international organisations, it became
impracticable for auditors to verify the 100% accuracy of financial records. So the audit of
financial statements became an attestation (substantiation, testimony) of their credibility (i.e.
believability).
Key Point
Company law requires statutory (external) audits in the jurisdiction in which a

corporation operates.
The general provisions for external audit typically contained in company law are
discussed in Chapter 2.
1.1.2 Internal Audit

1.2 Internal Audit
Definition
Internal auditing – an independent, objective assurance and consulting

activity designed to add value and improve an organisation’s operations.
Definition
It helps an organisation accomplish its objectives by bringing a systematic,

disciplined approach to evaluating and improving the effectiveness of risk
management, control, and governance processes.
– The Institute of Internal Auditors (IIA)
The modern form of internal audit was initially developed as the growth and increasing
complexity of entities in the early 1900s stretched the capabilities of managers to
manage effectively.
 Senior management appointed specialist employees to review and report on various
financial and other processes and to ensure that appropriate controls were
effectively applied.
 The role of the early internal auditors ranged from checking routine financial and
operational functions with a heavy emphasis on compliance, security and detection
of fraud to (in some cases) the analysis and appraisal of financial and operational
activities. The Institute of Internal Auditors (IIA) was founded in 1941.
 The expansion of the role of internal audit, whether required by legislation (e.g. in
public sectors), listing regulations, corporate governance codes (e.g. the UK
Corporate Governance Code) or as a voluntary activity, reflects organisations’
economic and international growth.
The role of internal audit in governance is discussed in Chapter 14.
1.3 Assurance Services
Definition
Assurance services – independent professional services that improve the

quality of information, or its context, for decision-makers.
Over the years, the auditing profession has broadened its role (and income streams) by
developing a wide range of assurance services (of which the financial statement audit
is just one part).
Factors contributing to the increasing demand for assurance services include:
 The rapid expansion of available information (e.g. systems capabilities of capturing,
processing and delivering relevant and reliable information).
 The changing information needs of businesses and consumers (e.g. minimising
information overload).
 The increase in demand for relevant information for decision-makers (e.g. budgets,
cash flow forecasts and due diligence).
 Emerging technologies (e.g. automation, the internet and data analytics) and
business processes (e.g. supply chain management, outsourcing).
 Changing expectations and demands of customers, suppliers and other
stakeholders (e.g. quality control, market trends).
 Globalisation of businesses creating worldwide needs (e.g. ethical supply-chain
codes).
 Increasing corporate accountability demanding more relevant and reliable
information (e.g. corporate governance, compliance with laws and regulations,
environmental performance, corporate social reporting and integrated reporting).
Typical assurance services include:
 Audits of financial statements and reviews of historical financial information.
 Prospective financial information (e.g. cash flows) reviews.
 Business ethics audits, social responsibility reporting, environmental reporting.
 Risk assessments (including e-commerce).
 Value for money audits.
 Performance measurement.
 Systems and control reliability.
Exam advice
Only audits and reviews of historical financial information are

examinable in detail.
1.2.0 Introduction
2.0 Introduction
An external audit provides confidence in the integrity of corporate reporting for the
benefit of stakeholders and society by providing an external and objective view of the
statutory financial statements. Specifically, the audit enhances the degree of confidence
of the shareholders in the financial statements.
1.2.1 As an Assurance Service

2.1 As an Assurance Service
As an assurance service, an external audit must include the five elements of an

assurance engagement:
1. The subject matter is the financial statements prepared under the applicable
financial reporting framework (e.g. IFRS Standards).
2. The three-party relationship includes:
o the directors, who are responsible for the financial statements;
o the practitioner (i.e. the external auditor); and
o the shareholders (and other intended users of the financial statements).
3. The criteria used to evaluate the financial statements include the financial reporting
framework.
4. The external auditor plans and performs the audit engagement to obtain sufficient
appropriate evidence to support the expression of an opinion on the financial
statements.
5. An opinion in an assurance report – the "independent auditor's report".
These elements are described in more detail in s.3.2.
Definition
Applicable financial reporting framework – the financial reporting

framework adopted by management in the preparation of the financial
statements that is acceptable in view of the nature of the entity and the
objective of the financial statements or that is required by law or regulation.
1.2.2 Stewardship, Agency and Accountability
2.2 Stewardship, Agency and Accountability
Exam advice
These concepts were introduced in earlier examinations (Business and

Technology and Corporate and Business Law).
Generally, companies are:
 Owned by shareholders; and
 Managed by directors who the shareholders appoint.
The shareholders appoint auditors to report to them (provide assurance) on the
information provided by the directors (the annual financial statements as required by
law).
The essential attributes of the relationship between the directors, shareholders and
auditors are stewardship, agency and accountability.
2.2.1 Stewardship
Stewardship is the practice of managing another person's property. Directors and other
managers of an entity have the responsibility of stewardship for the property of that
entity, which the shareholders own.
Activity 1 Stewardship
Suggest FIVE responsibilities of company directors.

*Please use the notes feature in the toolbar to help formulate your answer.
Responsibilities (e.g. duties embodied in statute and corporate governance
requirements) may include:
1. Keeping books of accounts and proper accounting records.
2. Safeguarding the entity's assets.
3. Implementing appropriate business, financial and risk management controls.
4. Producing financial statements (statement of financial position, statement of comprehensive
income, statement of cash flows, statement of changes in equity, disclosure notes) that give
a true and fair view and the results of their stewardship.
5. Producing a directors' report and other information (e.g. as required by listing rules) which is
consistent with the financial statements and contains certain specified information.
2.2.2 Agency
An agent is an individual (or another entity) employed or used to provide a particular
service. The individual using the agent is the principal.
Activity 2 Agency
Describe the possible agency relationships between shareholders, directors and

auditors.
 A director can be described as an agent having a fiduciary relationship (one of trust) with a
principal (i.e. the company that employs her).
 A director is similarly an agent of the shareholders.
 Auditors, as the shareholders appoint them in most jurisdictions, are also agents of the
shareholders.
2.2.3 Accountability
Accountability is where one party is held responsible (answerable) to another party; it
will be required to justify its actions and decisions to that party.
Activity 3 Accountability
Explain the accountability of auditors and directors to shareholders.

 Directors are accountable to the shareholders. Many jurisdictions place legal requirements
on directors regarding how they are accountable and communicate with stakeholders, for
example through directors' reports and financial statements prepared under an appropriate
framework (e.g. IFRS).
 Directors of listed companies will also be subject to listing rules and corporate governance
codes (e.g. publication of interim financial statements, regular meetings with financial
institutions, profit and going concern warnings, analysis and management of risk, audit
committees and annual general meetings).
 The auditors of a company's financial statements are accountable to shareholders. They act
in the interest of the shareholders (the primary stakeholders) while also having regard for
the broader public interest in that other stakeholders will read their report (but note that they
are not the agents of any other stakeholder, and their report is not addressed to such
stakeholders, only to the shareholders).
Exam advice
The role of the annual general meeting (AGM) in managing

companies is assumed knowledge from Corporate and Business
Law.
1.2.3 Auditor's Report

2.3 Auditor’s Report
Key Point
The objective of an audit of financial statements is:

 to enable an independent auditor to obtain reasonable assurance about
whether the financial statements are free from material misstatement, whether
due to fraud or error; and (thereby)
 to express an opinion on whether the financial statements are prepared, in all
material respects, in accordance with an identified financial reporting
framework.
The auditor's report, the product of the auditor's work, is a written communication to the
shareholders. It is introduced here to provide the context of what an audit entails; it is
explained in detail in Chapter 30.
An example of an auditor’s report, which expresses the audit opinion, follows.
INDEPENDENT AUDITOR’S REPORT
To the Shareholders of ABC Company [or Other Appropriate Addressee]
Report on the Audit of the Financial Statements
Opinion
We have audited the financial statements of ABC Company (the Company), which
comprise the statement of financial position as at December 31, 20X1, and the
statement of comprehensive income, statement of changes in equity and statement of
cash flows for the year then ended, and notes to the financial statements, including a
summary of significant accounting policies.
In our opinion, the accompanying financial statements present fairly, in all material
respects, (or give a true and fair view of) the financial position of the Company as at
December 31, 20X1, and (of) its financial performance and its cash flows for the year
then ended in accordance with International Financial Reporting Standards (IFRSs).
Basis for Opinion
We conducted our audit in accordance with International Standards on Auditing (ISAs).
Our responsibilities under those standards are further described in the Auditor’s
Responsibilities for the Audit of the Financial Statements section of our report. We are
independent of the Company in accordance with the International Ethics Standards
Board for Accountants’ Code of Ethics for Professional Accountants (IESBA Code)
together with the ethical requirements that are relevant to our audit of the financial
statements in [jurisdiction], and we have fulfilled our other ethical responsibilities in
accordance with these requirements and the IESBA Code.
We believe that the audit evidence we have obtained is sufficient and appropriate to
provide a basis for our opinion.
Key Audit Matters
Key audit matters are those matters that, in our professional judgment, were of most
significance in our audit of the financial statements of the current period. These matters
were addressed in the context of our audit of the financial statements as a whole, and in
forming our opinion thereon, and we do not provide a separate opinion on these
matters.
[Description of each key audit matter in accordance with ISA 701.]
Other Information
[Add detail in accordance with ISA 720]
Responsibilities of Management and Those Charged with Governance for the
Financial Statements
Responsibilities of Management and Those Charged With Governance for the Financial
Statements Management is responsible for the preparation and fair presentation of the
financial statements in accordance with IFRSs, and for such internal control as
management determines is necessary to enable the preparation of financial statements
that are free from material misstatement, whether due to fraud or error.
In preparing the financial statements, management is responsible for assessing the
Company’s ability to continue as a going concern, disclosing, as applicable, matters
related to going concern and using the going concern basis of accounting unless
management either intends to liquidate the Company or to cease operations, or has no
realistic alternative but to do so.
Those charged with governance are responsible for overseeing the Company’s financial
reporting process.
Auditor’s Responsibilities for the Audit of the Financial Statements
Our objectives are to obtain reasonable assurance about whether the financial
statements as a whole are free from material misstatement, whether due to fraud or
error, and to issue an auditor’s report that includes our opinion. Reasonable assurance
is a high level of assurance, but is not a guarantee that an audit conducted in
accordance with ISAs will always detect a material misstatement when it exists.
Misstatements can arise from fraud or error and are considered material if, individually
or in the aggregate, they could reasonably be expected to influence the economic
decisions of users taken on the basis of these financial statements.
*As part of an audit in accordance with ISAs, we exercise professional judgment and
maintain professional skepticism throughout the audit. We also:
 Identify and assess the risks of material misstatement of the financial statements, whether
due to fraud or error, design and perform audit procedures responsive to those risks, and
obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion.
The risk of not detecting a material misstatement resulting from fraud is higher than for one
resulting from error, as fraud may involve collusion, forgery, intentional omissions,
misrepresentations, or the override of internal control.
 Obtain an understanding of internal control relevant to the audit in order to design audit
procedures that are appropriate in the circumstances, but not for the purpose of expressing
an opinion on the effectiveness of the Company’s internal control.
 Evaluate the appropriateness of accounting policies used and the reasonableness of
accounting estimates and related disclosures made by management.
 Conclude on the appropriateness of management’s use of the going concern basis of
accounting and, based on the audit evidence obtained, whether a material uncertainty exists
related to events or conditions that may cast significant doubt on the Company’s ability to
continue as a going concern. If we conclude that a material uncertainty exists, we are
required to draw attention in our auditor’s report to the related disclosures in the financial
statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions
are based on the audit evidence obtained up to the date of our auditor’s report. However,
future events or conditions may cause the Company to cease to continue as a going
concern.
 Evaluate the overall presentation, structure and content of the financial statements,
including the disclosures, and whether the financial statements represent the underlying
transactions and events in a manner that achieves fair presentation.
We communicate with those charged with governance regarding, among other matters,
the planned scope and timing of the audit and significant audit findings, including any
significant deficiencies in internal control that we identify during our audit.
We also provide those charged with governance with a statement that we have
complied with relevant ethical requirements regarding independence, and to
communicate with them all relationships and other matters that may reasonably be
thought to bear on our independence, and where applicable, related safeguards.
From the matters communicated with those charged with governance, we determine
those matters that were of most significance in the audit of the financial statements of
the current period and are therefore the key audit matters. We describe these matters in
our auditor’s report unless law or regulation precludes public disclosure about the
matter or when, in extremely rare circumstances, we determine that a matter should not
be communicated in our report because the adverse consequences of doing so would
reasonably be expected to outweigh the public interest benefits of such communication.
The engagement partner on the audit resulting in this independent auditor’s report is
[name].
[Signature in the name of the audit firm, the personal name of the auditor, or both, as
appropriate for the particular jurisdiction]
[Auditor Address]
[Date]
*This description of the auditor’s responsibilities (as shaded above) may be included in
a referenced appendix to the auditor’s report or by a specific reference to a website of
an appropriate authority, where the auditor is permitted to do so.
2.3.1 Management and Auditor’s Responsibility

Management is responsible for preparing and presenting fairly the financial statements
(e.g. in accordance with the applicable financial reporting framework). This includes:
 designing, implementing and maintaining the necessary internal control;
 selecting and applying appropriate accounting policies; and
 making accounting estimates that are reasonable in the circumstances.
Management’s responsibility is stated in:
 the auditor’s report;
 the engagement letter between the auditors and directors (see Chapter 5); and
 the written representations from the directors to the auditors (see Chapter 20).
Oversight of management’s responsibilities (including those for the financial statements)
is provided by those charged with governance (TCWG). The governance structure will
vary depending on the jurisdiction that management operates within and the applicable
corporate governance code (see Chapter 3).
An audit of financial statements does not relieve management or TCWG of their
responsibilities.
The auditor is responsible for expressing an opinion on the financial statements based
on the audit. The scope of audit work is described in the report, in an appendix to the
auditor’s report, or by a specific reference to a website of an appropriate authority. The
auditor is not responsible for the financial statement’s form and content.
Although the audit opinion enhances the credibility of the financial statements, users
cannot assume that the opinion assures the future viability of the entity or the efficiency
or effectiveness of management’s stewardship.
2.3.2 International Standards on Auditing (ISA)

Each ISA provides:
 an introduction, objectives and definitions;
 requirements; and
 application and other explanatory material.
An audit conducted in accordance with ISAs must consider the requirements of:
 ISAs (i.e. to plan, evaluate controls, obtain evidence, form conclusions and report);
 relevant professional bodies (e.g. ACCA);
 legislation and regulations (e.g. Companies Acts);
 the terms of the audit engagement and reporting requirements.
The scope and authority of ISAs are discussed in Chapter 2.
2.3.3 Ethical Requirements

The auditor should comply with the International Ethics Board for Accountants
(IESBA) Code of Ethics for Professional Accountants (see Chapter 4).
2.3.4 Reasonable Assurance

Definition
Reasonable assurance – a high, but not absolute, level of assurance.

In an audit engagement,reasonable assurance is expressed “positively” in the auditor’s
report, that the information subject to audit (i.e. the financial statements) is free of
material misstatement.
 To provide reasonable assurance, the auditor carries out specific detailed routines, conducts
relevant testing and assesses the accumulated evidence obtained regarding the financial
statements. The auditor must believe that the evidence obtained is sufficient and
appropriate to provide a basis for his opinion. However, most evidence is persuasive rather
than conclusive and what is “sufficient appropriate” audit evidence (see Chapter 15) is a
matter of professional judgement.
 An auditor cannot obtain absolute (i.e.100%) assurance because of the inherent limitations
in an audit (see Chapter 2). Therefore, a audit cannot guarantee that the financial
statements are free of material misstatement.
2.3.5 Materiality
Definition
Material – Information is material if its omission or misstatement could

influence decisions that the primary users of general purpose financial
reports make based on those reports.
Materiality is an expression of relative significance or importance of a matter, whether
quantitative or qualitative (e.g. values and discursive disclosures), in the financial
statements (see Chapter 10).
 In planning their audit, the auditors must consider those areas that are material to the
financial statements and the possibility that material errors could be contained in the
(unaudited) financial statements ("material misstatement").
 Audit procedures must minimise the risk that material misstatements remain undetected by
the audit.
Key Point
The auditor is not responsible for detecting misstatements that are not
material to the financial statements.
2.3.6 Professional Judgment

Definition
Professional judgement – the application of relevant training, knowledge

and experience, within the context provided by auditing, accounting and
ethical standards, in making informed decisions about the courses of action
that are appropriate in the circumstances of the audit engagement.
Key Point
Professional judgment is essential to the proper conduct of an audit.
Professional judgment is necessary in particular:

 In interpreting relevant ethical requirements (see Chapter 4) and the application of ISAs.
 In identifying and assessing risks of material misstatement (see Chapter 8).
 In determining ( the nature, timing and extent of audit procedures) to meet the requirements
of ISAs and gather audit evidence.(see the audit plan in Chapter 7)
 In evaluating whether sufficient appropriate audit evidence has been obtained (see Chapter
15).
 In drawing conclusions based on evidence obtained (e.g. assessing the persuasiveness of
conflicting evidence from different sources and the reasonableness of estimates made by
management).
2.3.7 Professional Scepticism

Definition
Professional scepticism – an attitude that includes a questioning mind,

being alert to conditions which may indicate possible misstatement, and a
critical assessment of evidence.
Key Point
The auditor should plan and perform (i.e. conduct) the audit with an attitude
of professional scepticism, recognising that circumstances may exist that
will cause a material misstatement in the financial statements.
Professional scepticism includes being alert to, for example:

 conditions that may indicate risks of misstatement due to fraud or error;
 audit evidence that contradicts other audit evidence obtained;
 information that brings into question the reliability of documents or management
representations (see Chapter 18) used as audit evidence; and
 circumstances that suggest the need for audit procedures in addition to those required by
ISAs.
However, records and documents may be accepted as genuine unless the auditor has
reason to believe the contrary. Also, in planning and performing the audit, an auditor
should assume neither dishonesty nor unquestioned honesty of management.
Maintaining professional scepticism throughout the audit is necessary to reduce such
risks as:
 Overlooking unusual circumstances.
 Over generalising when drawing conclusions from audit observations.
 Using inappropriate assumptions in determining the nature, timing and extent of the audit
procedures and evaluating the results of procedures.
2.3.8 "True and Fair View"

The term "true and fair view" is not defined in ISAs; definitions should be regarded with
caution.
 True or truth relates to factual accuracy (bearing in mind materiality). The information
provided conforms to required standards, regulations and laws.
 Fairness relates to the presentation of information and the view conveyed to the reader.
Such information is free from bias. The financial statements reflect the commercial
substance and reality of the underlying balances and transactions.
 View indicates that a professional judgment has been reached. A degree of imprecision is
inevitable because of inherent limitations in an audit (e.g. the auditor does not inspect 100%
of all transactions).
A true and fair view means compliance with the applicable financial reporting
framework. Where there is a choice of accounting policy (e.g. the cost or revaluation
model under IAS 16 Property, Plant and Equipment), either alternative will give a true
and fair view if applied correctly. For example, the revaluation model must be applied to
an entire class of property, plant and equipment; to apply selectively would be biased.
Key Point
The phrases “present fairly, in all material respects” and “give a true and
fair view” are equivalent.
1.2.4 The Audit Process

2.4 The Audit Process
2.4.1 Audit Cycle

The audit process is often depicted as a continuous annual cycle of broad stages:
Stage Description
The auditor must send all clients an engagement

letter setting
Engagement letter out the auditor's duties and responsibilities and
management’s.
Chapter 5
Planning audit work is essential to performing it to the

required high standard of skill and care. It includes
Planning establishing the overall audit strategy and developing the
audit plan.
Chapter 7
To determine audit strategy and the nature, timing and

Assess risk extent of audit procedures (the audit plan), auditors must
design and perform risk assessment procedures.
Chapters 8
Internal controls Regardless of the audit approach, the auditor must

evaluate the design of the system of internal control.
Chapter 9
Stage Description
Control If the auditor decides to rely on the system of internal

effectiveness control, the operating effectiveness of internal controls
must be tested.
Chapter 12
All material assertions relating to balances transactions

Substantive and related disclosures must be verified. For example,
procedures that transactions occurred, that assets exist and that
disclosures are complete.
Chapter 15
Audit working papers must be reviewed to ensure that

Review and audit evidence supports the audit opinion. Procedures
finalisation typically include an analytical review of the financial
procedures statements, subsequent events and going concern
reviews.
Chapter 29
The auditor asks management to formally acknowledge its

Obtain responsibilities (e.g. for the financial statements and
management internal controls). Representations may also be required
representations to support audit evidence (e.g. all liabilities have been
recognised).
Chapter 20
Sign auditor's After the directors have approved the financial statements,
report the auditor signs the auditor's report. The audit opinion will
usually be unmodified but may need to be modified.
Chapter 30
2.4.2 Relational Diagram

This depiction of the process shows the two alternative audit approaches:
The auditor’s understanding of the entity must include the internal controls over financial
reporting. Depending on that understanding and the risk of material misstatement, the
auditor decides whether to perform tests of controls (i.e. take a compliance approach) or
adopt a wholly substantive approach. This general overview of the audit process is
developed in later Chapters.
1.3.1 International Framework for Assurance Engagements
3.1 International Framework for Assurance Engagements
Definition
Assurance engagement – an engagement in which a practitioner expresses a

conclusion designed to enhance the degree of confidence of the intended users,
other than the responsible party, about the outcome of the evaluation or
measurement of a subject matter against criteria.
The framework defines and describes the elements and objectives of assurance
engagements, including audits and reviews of historical financial information and other
assurance engagements.
1.3.2 Five Elements of an Assurance Engagement

3.2 Five Elements of an Assurance Engagement
Three-party relationship: an assurance engagement includes three separate parties:
 a practitioner;
 a party responsible for the subject matter or an assertion about the subject matter;
and
 the intended users of the assurance report.
Subject matter: data prepared or assertions made by the responsible party.
Criteria: benchmarks (relevant, complete, reliable, neutral, understandable) against
which the subject matter can be assessed and an opinion provided.
Evidence: the practitioner plans and performs an assurance engagement with an
attitude of professional scepticism to obtain sufficient appropriate evidence about
whether the subject matter is free of material misstatement.
Assurance Report: a written report given by the practitioner to the intended users that
provides either reasonable assurance or limited assurance about the subject matter.
1.3.3 Types of Assurance Engagement

3.3 Types of Assurance Engagement
There are two types of assurance engagements:

1. reasonable assurance engagements; and
2. limited assurance engagements.
For assurance engagements involving historical financial statements:
 reasonable assurance engagements are called "audits"; and
 limited assurance engagements are called "reviews".
3.3.1 Reasonable Assurance Engagement

A reasonable assurance engagement provides a high level of assurance by expressing
a conclusion in a positive form. For example:
"In our opinion, the financial statements present fairly, in all material respects (give a
true and fair view of) …"
 The practitioner should obtain sufficient appropriate evidence to express a conclusion in this
positive form.
 The assurance engagement risk (i.e. the risk that an inappropriate opinion will be given)
should be reduced to an acceptably low level.
 Reasonable assurance may be sought where:
o The subject matter and criteria are objective and formal; and
o Independent, reliable and persuasive evidence that can be obtained.
 In audit engagements the auditor provides reasonable assurance by obtaining sufficient
appropriate audit evidence to draw conclusions to base an opinion (see Chapter 15).
3.3.2 Limited Assurance Engagement

A limited assurance engagement provides a limited or a lower level of assurance
through expressing a conclusion in the negative form. For example:
"Nothing has come to our attention that causes us to believe that the financial
statements do not present fairly, in all material respects (give a true and fair view of …"
 The level of work carried out is limited and can only allow the practitioner to provide a
negative form of expression.
 The assurance engagement risk is more significant (but still acceptable) than that for a
reasonable assurance engagement.
 Limited assurance is generally appropriate where:
o Subject matter and criteria are more subjective and informal; and
o Evidence may not be sufficiently independent or reliable.
Key Point
Reasonable assurance cannot be given in these circumstances.
 In a review engagement, the evidence obtained is through enquiry and analytical review.
This is sufficient to enable only limited assurance to be given.
There is a wide range of limited assurance engagements:
 Reviews of historical financial information (e.g. providing assurance on the reported
receivables figure of an acquisition target);
 Providing assurance on non-financial matters (e.g. environmental performance indicators in
a company’s annual report).
Activity 4 Assurance
State and explain the form of assurance that could be given on a company's code of
business ethics.
This would be a limited assurance engagement. Although there is a Code of Business

Ethics, the subjectivity of applying any specific ethical criteria and the subjectivity of
measuring the application of such criteria (e.g. what is not ethical to one business may
be considered ethical by another) would not enable the practitioner to reduce assurance
risk to a sufficiently low level to allow reasonable assurance to be given.
1.3.4 Evidence Gathering Procedures and Reports

3.4 Evidence Gathering Procedures and Reports
The procedures used to gather evidence and the reports issued will vary depending on
the level of assurance required.
3.4.1 Reasonable Assurance Engagement

Evidence gathering for this type of engagement requires the practitioner to:
 Obtain an understanding of the engagement circumstances (Chapter 7).
 Assess risks and respond to those risks (Chapters 8 and 9).
 Perform further procedures using a combination of inspection, observation, confirmation,
recalculation, performance recalculation, analytical procedures and inquiry. This may involve
"tests of controls" and "substantive procedures" (Chapters 12 and 15).
 Evaluate the evidence obtained (Chapter 29).
When reporting, the practitioner expresses the conclusion in a positive form, such as:
"In our opinion, internal control is effective, in all material respects, based on XYZ
criteria."
3.4.2 Limited Assurance Engagement

As for reasonable assurance engagements, the practitioner understands, assesses
risks and responds to those risks (but in the context of limited assurance).
The evidence-gathering procedures are deliberately set to be more limited (e.g.
analytical review and inquiry).
When reporting, the practitioner expresses the conclusion in the negative form, such as:
"Based on our work described in this report, nothing has come to our attention that
causes us to believe that internal control is not effective, in all material respects, based
on XYZ criteria."
Key point
Confirmations, recalculations and tests of controls, for example, will not be

undertaken.
1.3.5 Review Engagements

3.5 Review Engagements
A review of historical financial information is a limited assurance engagement. The

objective of a review engagement is to enable a practitioner to state whether, based on
procedures (which do not provide all the evidence that would be required in an audit),
anything has come to light that causes the practitioner to believe that the financial
statements are not prepared, in all material respects, in accordance with an identified
financial reporting framework.
Key point
This is a negative form of a report that provides limited assurance.

Exam advice
Although the standards for review engagements are not examinable documents,
you should understand the concept of reviews within the general assurance
framework.
In a review engagement, the practitioner obtains sufficient appropriate evidence

primarily through inquiry and analytical procedures.
An example of a review report follows.
Exhibit 1 Standard Review Report
Review Report To . . .
We have reviewed the accompanying statement of financial position of
ABC Company at 31 December 20X1, and the related statements of
comprehensive income and cash flows for the year then ended.
These financial statements are the responsibility of the Company's
management. Our responsibility is to issue a report on these financial
statements based on our review.
We conducted our review in accordance with the International Standard on
Review Engagements 2400 Engagements to Review Financial
Statements. This standard requires that we plan and perform the review to
obtain moderate assurance as to whether the financial statements are free
of material misstatement. A review is limited primarily to inquiries of
company personnel and analytical procedures applied to financial data,
and thus provides less assurance than an audit.
We have not performed an audit and, accordingly, we do not express an
audit opinion.
Based on our review, nothing has come to our attention that causes us to
believe that the accompanying financial statements do not present fairly, in
all material respects (give a true and fair view of) in accordance with
International Financial Reporting Standards.
Signature Date Address
1 Syllabus Coverage
Syllabus Coverage
This chapter covers the following Learning Outcomes.

A. Audit Framework and Regulation
1. The concept of audit and other assurance engagements
1. Identify and describe the objective and general principles of external audit engagements.
2. Explain the nature and development of audit and other assurance engagements.
3. Discuss the concepts of accountability, stewardship and agency.
4. Define and provide the objectives of an assurance engagement.
5. Explain the five elements of an assurance engagement.
6. Describe the types of assurance engagement.
7. Explain the level of assurance provided by an external audit and other review engagements
and the concept of true and fair presentation.
1 Technical Articles
Technical Articles
ACCA provide technical articles and other resources to guide and help students.
There are no technical articles available at the time of writing (November 2022) related
to this chapter.
For more recent articles and other resources please visit the ACCA global website.

Visual Overview
Objective: To describe the regulatory framework in which external (statutory) audits

occur.
1.1 Sources
The regulatory environment of external audits is predominantly statutory, which means

audit of the financial statements of companies (and maybe other organisations) is
required by national law (statute). However, some jurisdictions allow for
audit exemption (see s.4.2).
2.1.2 Mechanisms
1.2 Mechanisms
Auditors need to be regulated to ensure that:

 they maintain high standards of audit work; and
 their reputation with the public is maintained.
Auditors are regulated by:
 statute (i.e. through legislation);
 licensing requirements (e.g. ACCA practicing certificate);
 competence requirements ( e.g. a professional qualification and continuing
professional development);
 professional conduct rules (see Chapter 4);
 auditing standards (see s.3); and
 disciplinary procedures of professional accountancy bodies.
2.2.1 Mission, Vision and Values

2.1 Mission, Vision and Values
IFAC is a non-profit, non-governmental, non-political international organisation with

more than 175 members and associates (representing almost 3 million professional
accountants) from more than 130 countries.
 Its mission is to serve the public interest by:
o contributing to the development, adoption and implementation of high-
quality international standards and guidance;
o contributing to the development of strong professional accountancy
organisations and accounting firms and high-quality practices by professional
accountants;
o promoting the value of professional accountants worldwide; and
o speaking out on public-interest issues where the profession's expertise is
most relevant.
 IFAC's vision is that the global accountancy profession is recognised as a valued
leader in developing strong and sustainable organisations, financial markets and
economies.
 The values of integrity, expertise, and transparency are the guiding principles that
IFAC seeks to exemplify as an organisation through its council, board, boards and
committees, volunteers and staff.
2.2.2 Standard-setting Board

2.2 Standard-setting Board
IFAC has four standard-setting boards:

 IAASB
 IESBA
 IAESB
 IPSASB
2.3.1 IAASB
The International Auditing and Assurance Standards Board (IAASB) is an independent
standard-setting body that serves the public interest by setting high-quality international
standards for auditing, assurance, and other related areas.
The objective of the IAASB is to improve the uniformity of auditing practices and related
services throughout the world by issuing pronouncements (e.g. ISAs) on audit and
assurance functions and promoting their acceptance worldwide.
2.3.2 IESBA
The International Ethics Standards Board for Accountants (IESBA) is an independent
standard-setting body that serves the public interest by setting robust ethics standards
for professional accountants worldwide, including auditor independence requirements.
The IESBA has two objectives:
 To develop guidance on professional ethics and promote its understanding and acceptance
by member bodies.
 To continually monitor and stimulate debate on a wide range of ethical issues to ensure that
IFAC's ethical guidance (issued by the IESBA) is responsive to the expectations and
challenges of individuals, businesses, financial institutions and others relying on
accountants' work.
2.3.3 IAESB
The objective of the International Accounting Education Standards Board (IAESB) is to
develop guidance, conduct research and facilitate the exchange of information to
ensure that accountants are adequately trained to meet their responsibilities.
2.3.4 IPSASB
The International Public Sector Accounting Standards Board (IPSASB) works to
improve public sector financial reporting worldwide by developing international accrual-
based accounting standards for use by governments and other public sector entities.
2.3.1 Structure
3.1 Structure
Exam advice
The Code of Ethics, most ISAs and ISAE 3000 Assurance Engagements Other
Than Audits or Reviews of Historical Financial Information are examinable
documents (see Chapter 00).
2.3.2 Scope and Authority of ISAs

3.2 Scope and Authority of ISAs
ISAs provide the necessary standards for audit work to enable the auditor to express an
independent opinion on the financial statements. All standards relevant to the audit
process for an assignment must be followed. All IAASB pronouncements, including the
ISAs, can be downloaded free from www.IFAC.org.
Suppose the auditor cannot obtain reasonable assurance as to whether the financial
statements are free from material misstatement. In that case, ISAs require that the
opinion be modified or that the auditor withdraws from the engagement.
Each standard contains an introduction, objectives, definitions, requirements and
application detail (see Exhibit 1 below). If any objective cannot be achieved, the auditor
must use his judgment to re-evaluate his ability to achieve the overall audit objective
and, therefore, the effect on the auditor's report.
By their nature, ISAs require auditors to use their professional judgment when applying
them.
If, in exceptional circumstances, the auditor judges that it is necessary to depart from a
fundamental principle or essential procedure to achieve the standard's objective more
effectively, the departure must be justified in the working papers.
The requirements of the standards do not override local laws or regulations governing
audit and assurance. However, if national regulations have been followed, but relevant
ISAs have not been applied in their entirety, the auditor's report cannot state, "we
conducted our audit in accordance with International Standards on Auditing".
Exhibit 1 ISA 200
The following is the contents page for ISA 200.

INTERNATIONAL STANDARD ON AUDITING 200
OVERALL OBJECTIVES OF THE INDEPENDENT AUDITOR AND
THE CONDUCT OF AN AUDIT IN ACCORDANCE WITH
INTERNATIONAL STANDARDS ON AUDITING
(Effective for audits of financial statements for periods beginning on or after December 15, 2009)
CONTENTS
Parag
Introduction
Scope of this ISA
................................................................................................................................................................
An Audit of Financial Statements
.................................................................................................................................................................
Effective Date
................................................................................................................................................................
Overall Objectives of the Auditor
.............................................................................................................................................................11
Definitions
................................................................................................................................................................
Exhibit 1 ISA 200
Requirements
Ethical Requirements Relating to an Audit of Financial Statements
.................................................................................................................................................................
Professional Skepticism
.................................................................................................................................................................
Professional Judgment
.................................................................................................................................................................
Sufficient Appropriate Audit Evidence and Audit Risk
.................................................................................................................................................................
Conduct of an Audit in Accordance with ISAs
............................................................................................................................................................18
Application and Other Explanatory Material
An Audit of Financial Statements
..........................................................................................................................................................A1–
Definitions
........................................................................................................................................................A14–
Ethical Requirements Relating to an Audit of Financial Statements
........................................................................................................................................................A16–
Professional Skepticism
........................................................................................................................................................A20–
Professional Judgment
........................................................................................................................................................A25–
Sufficient Appropriate Audit Evidence and Audit Risk
......................................................................................................................................................... A30
A54
Conduct of an Audit in Accordance with ISAs
........................................................................................................................................................ A55–
A78
2.3.3 Development
3.3 Development
Projects are identified by IAASB members, advisory groups (e.g. business

communities), the Forum of Firms (an independent association of international networks
of firms), national auditing standard-setting bodies and IFAC members.
A task force carries out research and development of an exposure draft (ED). This may
be a joint project with a national auditing standard-setting body.
The typical development process is as follows:
2.4.1 Statutory Regulation

4.1 Statutory Regulation
Because of the importance of the company's external auditor and his relationships with
directors and shareholders, the role of audit and duties of the auditor are often explicitly
laid down in statute. Hence, the external auditor is often referred to as a statutory
auditor.
Statutory regulations cover, for example:
 Requirement for audited accounts and audit exemption.
 Eligibility and requirements to become and remain statutory auditors.
 Appointment, removal or resignation of auditors.
 Auditors' reports, duties and rights.
 Monitoring of auditors.
 Rights of shareholders to raise audit concerns at the company's annual general
meeting of shareholders (AGM).
 Liability of auditors.
 Requirement of specific reports (e.g. for annual audits, interim financial statements
for listed companies and accounts of small companies).
In many jurisdictions the requirements for entities (listed, private, public, etc) to be
audited are set out in statute.
2.4.2 Audit Exemption

4.2 Audit Exemption
It is a statutory requirement in nearly all jurisdictions that companies be audited.

However, some jurisdictions recognise that for some "small" companies the benefit of
having an audit is relatively limited and may not justify the costs involved.
Specific requirements vary, but "small" usually means:
 Concentration of ownership and management in a small number of individuals (e.g. owner-
managers).
 Few sources of income.
 Simple management structures and accounting functions.
As control functions will typically be limited, management tends to have greater
involvement in supervising/applying controls (which increases the potential for
management override).
Activity 1 Audit Exemption
Suggest FOUR reasons why a small company may require an audit and provide
counter-arguments to those reasons.
Argument for audit Counter-argument
1. Shareholders not involved Statutes may provide reasonable

in management need the protection for minority shareholders (e.g.
assurance provided by an holders of at least 10% of shares may call
audit. for an audit).
A separate valuation exercise can be

2. Audited financial carried out at any time. There are also
statements are essential for other critical factors to valuing shares (e.g.
valuing shares in an unlisted a controlling holding) outside of the scope
company. of an audit.
Argument for audit Counter-argument
 The bank can require an audit to be

carried out as a condition of the loan.
 Valuation of a loan's security (i.e. land
and buildings) is relatively easy to
3. Banks rely on audited obtain.
financial statements when  Reviews can be carried out of
making loans and reviewing management accounts, budgets and
the value of the security. cash flows, and separate assurance
can be obtained on these.
 Depending on when the credit is taken,

the financial statements may be 6 to 18
months out of date.
4. Suppliers who offer credit  Trade and credit references will be
terms need audited financial taken before any substantial credit is
statements to assess the granted.
entity's ability to pay.  Management guarantees can also be
given/taken.
 An audit can still be carried out if

management decides to have one.
 Other assurance services and reviews
5. Management needs an can be provided to management to
audit as an independent cover the specific benefits
check. management believes are obtained
from an audit.
2.4.3 Eligibility to Become an Auditor

4.3 Eligibility to Become an Auditor
Most jurisdictions require a statutory auditor to be appropriately qualified. For example:

 a member of a recognised professional body; or
 holding an approved international qualification.
Being "appropriately qualified" means not only having passed examinations of a
recognised body (e.g. Advanced Auditing and Assurance (UK) to register as an auditor
and sign auditor's reports in the UK) but also:
 obtaining a minimum number of years of practical and post-qualified relevant audit
experience;
 continuous application of ethical criteria;
 continuous relevant practical experience; and
 continuous professional education.
Many countries have "mutual recognition" arrangements so that after passing country-
specific examinations (e.g. law and taxation), a statutory auditor of one country may
become a statutory auditor of another.
In most jurisdictions, officers (i.e. directors) and employees of a company are usually
ineligible to be statutory auditors. Although statute is often not prescriptive in barring
others (e.g. family and friends), this is addressed by the IESBA's Code of
Ethics (see Chapter 4).
2.4.4 Recognised Supervisory Bodies (RSBs)

4.4 Recognised Supervisory Bodies (RSBs)
Exam advice
The following detail on RSBs should be read in general; it is beyond the AA

syllabus.
An RSB is a professional body (e.g. ACCA) whose rules, regulations and procedures
have been approved by the government and whose members are recognised by statute
as eligible to sign auditor's reports.
ACCA is also a recognised qualifying body (RQB) in that it is allowed to examine and
award relevant professional qualifications.
RSBs must have rules to ensure, for example, that:
 A person is not eligible unless "appropriately qualified".
 Only "fit and proper" persons are appointed as company auditors.
 Company audit work is conducted "properly and with integrity".
 Technical standards are applied to company audit work.
 Competence of company auditors is maintained.
Key point
Although statutes lay down requirements for external auditors, the RSBs
implement them.
2.4.5 Rights and Duties of Auditors

4.5 Rights and Duties of Auditors
4.5.1 Duties
In most instances, the primary duty of a statutory auditor is to report to the company's
shareholders on the financial statements (statement of financial position, statement of
profit or loss and other comprehensive income, statement of cash flows, accompanying
notes, etc.) prepared to an accounting reference period (usually for a year).
Other duties relating to the statutory audit will vary between jurisdictions but may, for
example, include the requirement to report that:
 proper accounting records have been kept;
 the auditor has received all necessary information and explanations; and
 the directors' report is consistent with the information contained in financial statements.
Definition
Accounting records:
 the records of initial accounting entries and supporting records (e.g. records of
electronic fund transfers, invoices, contracts);
 the general and subsidiary ledgers, journal entries and other adjustments to
the financial statements that are not reflected in formal journal entries; and
 records such as work sheets and spreadsheets supporting cost allocations,
computations, reconciliations and disclosures.
4.5.2 Rights
An auditor cannot fulfil statutory duties without commensurate rights (which must also
be legislated). For example:
 To have access to the books, accounts, and vouchers at all times.
 To require from company officers any information and explanations considered necessary
for the audit.
 To have unrestricted access to persons within the entity from whom the auditor determines it
necessary to obtain audit evidence.
 To receive notice of, attend and be heard at the general meeting of the company on
business which concerns them as an auditor (e.g. a resolution to remove them from office).
Also, the auditor may have rights associated with his vacation of office (e.g. by
resignation or removal) to bring matters to the attention of shareholders and creditors
(e.g. if the auditor is removed because he gives a qualified audit opinion or if he resigns
because he is not given access to necessary information).
2.4.6 Appointment of Auditors

4.6 Appointment of Auditors
Key point
The shareholders are ultimately responsible for the appointment of the external
auditor.
In most jurisdictions, auditors are appointed by the shareholders to whom they report.
The process may be delegated to directors (or, under corporate governance, to a
supervisory or audit committee) and then approved by the shareholders.
Typically, the appointment is for one year. The auditors will then offer themselves for re-
appointment (e.g. at the AGM) to be voted on by the shareholders. Re-appointment is
not automatic.
The auditor's remuneration is generally fixed by whoever makes the appointment. In
practice, the shareholders usually delegate the negotiation of this to the directors or,
under corporate governance procedures, to be recommended by the audit committee
(see Chapter 3).
The audit appointment process is detailed later in Chapter 5.
2.4.7 Removal of Auditors

4.7 Removal of Auditors
4.7.1 Removal by Directors

It is generally more difficult to remove auditors than appoint them. This is because
auditors should not be removed just on the whim of directors (e.g. because the auditor
wants to qualify his opinion and the directors disagree).
As the shareholders are responsible for the appointment of the auditor, only the
shareholders have the power to remove the auditor from office (e.g. by ordinary
resolution in a general meeting of shareholders).
Exam advice
In addition to the statutory audit, many jurisdictions place statutory duties upon
auditors in other areas related to companies (e.g. reporting on internal controls,
reporting on directors' remuneration statements, reporting on the ability to
distribute reserves, reporting on the ability to buy back shares). Apart from the
statutory audit, all other statutory duties of the auditor are beyond the scope of the
syllabus.
4.7.2 At Point of Re-election
If for whatever reason, an auditor no longer wishes to act for a client after the end of a
current appointment, he simply does not stand for re-election after completing the
annual audit.
As a matter of professional courtesy, the auditor will usually have discussed with
management the decision not to seek re-appointment in good time to allow a
replacement to be proposed for appointment at the AGM.
Exam advice
In the examination, if a scenario indicates the possibility of auditor resignation,

avoid leaping to the immediate conclusion that the auditor should resign. Work
through all options first, and then consider the need for the auditor to seek
appropriate ethical and legal advice (e.g. from ACCA) and only then suggest that
the auditor assess the need to resign.
4.7.3 Resignation During Engagement

Although it is relatively rare, there are reasons why an auditor would resign from an
engagement. These include:
 significant limitations placed on the work of the auditor by management;
 loss of trust/working relationship with management (e.g. significant doubt over
management's integrity); and
 regulatory requirements (e.g. discovery of significant fraud).
Typically, the auditor must give written notice of his resignation to the client, which is
sent to the appropriate regulatory and audit authorities.
The auditor must consider his professional duty to complete the engagement (e.g. he
should not resign to avoid giving a qualified audit opinion) and the legal consequences
of resignation.
Where resignation may have implications for legal proceedings (see Chapter 11), the
auditor should seek ethical and legal advice before taking any action (e.g. from the
ACCA and solicitors).
4.7.4 Role of the Audit Committee

Where an entity has an audit committee, there is often a requirement under various
corporate governance codes for such committees to have specific responsibilities with
the external auditors (e.g. recommending appointment, remuneration, reviewing
circumstances of resignation).
See Chapter 3 for details of the audit committee.
2.4.8 Limitations of External Audits

4.8 Limitations of External Audits
The auditor cannot provide absolute assurance in an audit because of the inherent
limitations of external audits. These inherent limitations arise from:
 the nature of financial reporting;
 the nature of audit procedures; and
 the need for the audit to be conducted within a reasonable period and at a reasonable cost.
4.8.1 The Nature of Financial Reporting

Some financial statement items are subject to an inherent level of variability because
they involve judgment by management or subjective decisions or assessments, or a
degree of uncertainty (e.g. accounting estimates).
4.8.2 The Nature of Audit Procedures

There are practical and legal limitations on the auditor's ability to obtain audit evidence,
including the following:
 There is a possibility that management or others may not intentionally or unintentionally
provide all information that the auditor requires.
 An audit is not an investigation into alleged wrongdoing, so the auditor does not have any
specific legal powers necessary for such an investigation.
 Any system of internal control has inherent limitations (see Chapter 9).
 Fraud may be concealed so that it is difficult to detect with audit procedures (see Chapter
11).
 Most audit evidence is persuasive, rather than conclusive (see Chapter 15). For example,
physical possession of an asset does not necessarily prove legal ownership.
 Testing is on a sample basis (see Chapter 19).
4.8.3 Timeliness and Cost v Benefit

There is an expectation by users of financial statements that the auditor will form an
opinion on the financial statements within a reasonable period and will achieve a
balance between benefit and cost.
As it is impracticable for the auditor to address all information that may exist, it is
necessary for the auditor to:
 Plan the audit so that it is performed effectively.
 Direct audit efforts to the areas where the risk of material misstatement is most expected.
 Use testing and other means of examining populations for misstatement.
2 Syllabus Coverage
Syllabus Coverage

2. External audits
1. Describe the regulatory environment within which external audits take place.
2. Discuss the reasons and mechanisms for the regulation of auditors.
3. Explain the statutory regulations governing the appointment, rights, removal and resignation
of auditors.
4. Explain the regulations governing the rights and duties of auditors.
5. Describe the limitations of external audits.
6. Explain the development and status of International Standards on Auditing (ISAs).
7. Explain the relationship between International Standards on Auditing and national
standards.
Technical Articles
to this chapter.

Visual Overview
Objective: To explain the purpose, relevance and importance of corporate governance.

3.1.1 Terminology
1.1 Terminology
Definition
Corporate governance – the system by which business corporations are directed

and controlled. The corporate governance structure specifies the distribution of
rights and responsibilities among different participants in the corporation … and
spells out the rules and procedures for making decisions on corporate affairs. By
doing this, it also provides the structure through which the company objectives are
set, and the means of attaining those objectives and monitoring performance.
– OECD
Those charged with governance (TCWG) –individuals with responsibility

for overseeing the strategic direction of the entity and obligations related to
the accountability of the entity, including overseeing the financial reporting
process.
– ISA 260
Definition
Management – individuals with executive responsibility for the conduct of the

entity's operations.
– ISA 260
Exam advice
Aspects of corporate governance are examined regularly (especially audit

committees). Practical questions also have been asked, for example
candidates have been required to identify deficiencies in a given scenario
and make recommendations for compliance with international codes of
corporate governance.
Activity 1 Typical Stakeholders
Identify FOUR stakeholders (participants), their relationship and their needs for a
distinct business entity.
1. Shareholders make an equity investment in the company and expect share investment
growth and dividend distributions.
2. Banks provide loans and expect to be repaid.
3. Executive management and employees provide services to an entity and expect to be
paid for the services and to receive various employee benefits.
4. Suppliers provide goods and services and expect to be paid for them.
5. Other companies with cross-holding interests have a vested interest and can significantly
influence the corporate behaviour of the entity.
6. National and local governments provide services to the entity and society and need to
receive revenue through taxation.
3.1.2 Objective
1.2 Objective
The ultimate objective of a business is to increase long-term shareholder value by

enhancing economic performance. Corporate governance aims to achieve this through:
 the ethical and moral behaviour of corporate management;
 integrity, transparency and accountability in business activity;
 compliance with laws and regulations; and
 securing reputation and confidence in attracting inward investment.
Key Point
In general, governance responsibilities involve several oversight activities,

including matters relating to:
 strategy development and implementation;
 economic development, mergers and acquisitions;
 appointment of professional operating management executives;
 compensation of executives;
 risk and control systems and compliance with laws and regulations; and
 engaging internal auditors and independent external auditors.
3.1.3 Relevance
1.3 Relevance
Virtually all corporate governance regulations are aimed at listed companies, where the
separation of ownership and control/management have, in several notorious cases (e.g.
Enron, Royal Bank of Scotland, Lehman Brothers), caused severe losses to the
shareholders through mismanagement of company resources, missed opportunities and
poor decision-making or fraudulent activities (including misleading and dishonest
financial reporting).
3.1.4 Importance
1.4 Importance
Research has shown that entities that take good corporate governance practice
seriously are more prosperous over the long term than entities which do not.
 Analysts and policymakers agree that improving corporate governance is crucial to a
company's ability to generate sustainable growth in the future.
 There is a risk that weak corporate governance will lead to financial losses, both for
entities and shareholders. Strong corporate governance helps reduce this risk.
3.2.1 OECD Overview

2.1 OECD Overview
The mission of the Organisation for Economic Co-operation and Development (OECD)
is to promote policies designed to improve the economic and social well-being of people
around the world.
In 1999, the OECD released its Principles of Corporate Governance. The Principles are
an international corporate governance benchmark. They were last revised in 2015 to
account for recent developments in the corporate sector and capital markets.
The Principles focus on publicly-traded companies but can be used to improve
corporate governance in all companies.
These non-binding Principles provide a reference point for developing legal and
regulatory frameworks for corporate governance and corporate governance policies by
market participants.
3.2.2 OECD Principles

2.2 OECD Principles
2.2.1 The Basis for an Effective Framework

The corporate governance framework should:
 promote transparent and efficient markets;
 be consistent with the rule of law; and
 articulate the division of responsibilities between different supervisory, regulatory and
enforcement authorities.
2.2.2 Rights of Shareholders

The framework should protect and facilitate the exercise of shareholders' rights.
Fundamental shareholder rights include the right to:
 secure methods of ownership registration;
 convey or transfer shares;
 obtain relevant and material information from the entity;
 participate and vote in general shareholder meetings;
 elect and remove members of the board; and
 share in an incorporated entity's profits.
Shareholders should be informed about and have the right to participate in fundamental
changes affecting the entity.
2.2.3 Equitable Treatment of Shareholders

The framework should ensure the equitable treatment of all shareholders, including
minority and foreign shareholders.
 All shareholders should have the opportunity to obtain redress for violation of their rights.
 Insider trading and self-dealing should be prohibited.
2.2.4 The Role of Stakeholders
The framework should recognise the rights of stakeholders and encourage active
cooperation between the entities and shareholders in creating wealth, jobs and
financially-sound entities.
Shareholders should be able to freely communicate concerns about illegal or unethical
practices to the board. Their rights should not be compromised for doing this.
2.2.5 Disclosure and Transparency

The framework should ensure timely and accurate disclosure of all material matters
regarding the entity, including financial performance, ownership and governance.
 Information should be prepared and disclosed in accordance with high-quality financial
reporting standards.
 An independent, competent, qualified auditor should conduct an annual audit.
 External auditors should be accountable to the shareholders and owe a duty of professional
care in conducting an audit.
2.2.6 Board Responsibilities

The framework should ensure the strategic guidance of the company, effective
monitoring of management by the board, and the board's accountability to the company
and the shareholders.
3.2.3 UK Code Overview

2.3 UK Code Overview
Exam advice
The UK Corporate Governance Code is an examinable document as an

example of best practice and can be downloaded from www.frc.org.uk.
The UK Corporate Governance Code is a prime example of good corporate governance
practice.
 It applies only to listed companies, but it can be used by any entity (private or public)
as the basis for best practice.
 It explains the concept of "comply or explain" and contains 18 Principles covering
leadership, stakeholder relations, board effectiveness, accountability, audit, risk and
internal control and remuneration.
 It is supported by guidance, which boards and companies are encouraged to use in
applying the Code’s Principles on:
o Board effectiveness;
o Risk management and internal control (see s.2.5); and
o Audit committees (see s.3).
All companies have to report on how they apply the Principles and either confirm that
they have complied throughout the financial year with the Code's provisions or explain
why they have not (i.e. "comply or explain").
In addition, the board must:
 confirm that there is an ongoing process for the identification, evaluation and
monitoring of significant risks; and
 summarise the process by which it has reviewed the effectiveness of the system of
internal control).
Exhibit 1 “Comply or Explain”
The following are extracts from the “Review of Corporate Governance

Reporting” published by the Financial Reporting Council (FRC) in
November 2021:
In the Code, companies and directors have a solid governance foundation

on which to rise to the recent challenges. Its Principles and Provisions
provide clear direction, and the “comply or explain” principle offers flexibility
for directors to make decisions that reflect company circumstances.
Demonstrating effective corporate governance builds trust that is
necessary to attract investment and support capital formation.
The best governance reporting offers transparency that goes beyond
broad-brush declarations and sets out clearly and concisely how the
Principles of the Code were applied and the nature of compliance with the
Provisions of the Code. We continue to highlight such good practice.
3.2.4 UK Code Main Principles

2.4 UK Code Main Principles
2.4.1 Board Leadership and Company Purpose

A successful company is led by an effective and entrepreneurial board. Its role is to
promote the company’s long-term success, creating value for shareholders and
contributing to broader society.
 The board should ensure effective engagement with, and encourage participation from,
shareholders and stakeholders (e.g. through meetings).
 The board should:
o Establish the company’s purpose, values and strategy – aligned with the
company’s culture.
o Ensure that the necessary resources are available to meet the company’s
objectives and measure performance against them.
o Establish a framework of prudent and effective controls to assess and manage
risk.
o Ensure that workforce policies and practices are consistent with the company’s
values and support its long-term success. The workforce should be able to raise any
matters of concern.
 All directors must act with integrity, lead by example and promote the desired culture.
Exhibit 2 Board Composition
The following is an extract from Tesco PLC Annual Report and Financial
Statements 2022:
The Group is led by an effective and committed Board, with a culture of openness
and transparency at Board meetings. As at the date of this report, the Board
comprises 13 Directors with a wide range of knowledge and experience from a
variety of sectors. Our values and leadership behaviours are a vital part of our
culture, helping us ensure that through our conduct we do the right thing for the
business and our stakeholders.
2.4.2 Division of Responsibilities

The chair should be independent on appointment. For example:
 not an employee (during the last five years);
 no material business relationship (during the last three years);
 not a significant shareholder.
The chair:
 leads the board;
 is responsible for its overall effectiveness in directing the company;
 should demonstrate objective judgment;
 should promote a culture of openness and debate;
 facilitates constructive board relations and the effective contribution of all NEDs;
 ensures that directors receive accurate, timely and clear information.
The board should include an appropriate combination of executive directors and NEDs
so that no one individual or small group of individuals dominates the board’s decision-
making.
There should be a clear division of responsibilities between the chair and the executive
leadership of the company’s business.
Key Point
The chairman and CEO should not be the same individual.
NEDs should:
 have sufficient time to meet their board responsibilities;
 provide constructive challenge and strategic guidance, offer specialist advice, and hold
management to account.
The board, supported by the company secretary (the most senior compliance officer),
should ensure that it has the policies, processes, information, time, and resources to
function effectively and efficiently.
Exhibit 3 Division of Responsibilities
The following is an extract from AstraZeneca Annual Report 2020:
The Board comprises 12 Non-Executive Directors, including the Chairman, and

two Executive Directors – the CEO, Pascal Soriot, and the CFO, Marc Dunoyer.
The roles of the Board, Board Committees, Chairman and CEO are documented,
as are the Board’s reserved powers and delegated authorities
During 2020, the Board considered the independence of each Non-

Executive Director for the purposes of the UK Corporate Governance Code
and the Nasdaq Listing Rules. Except for Marcus Wallenberg (non-
executive director), the Board considers that all the Non-Executive
Directors are independent.
Marcus Wallenberg was appointed as a Director of Astra in May 1989 and
subsequently became a Director of the Company in 1999. He is a Non-
Executive Director of Investor AB, which has a 3.93% interest in the issued
share capital of the Company as at 11 February 2021.
For these reasons – his overall length of tenure and relationship with a
significant shareholder – the Board does not believe that he can be
determined independent under the UK Corporate Governance Code.
However, the Board believes that he has brought, and continues to bring,
considerable business experience and makes a valuable contribution to the
work of the Board.
2.4.3 Composition, Succession and Evaluations

There should be a formal, rigorous and transparent procedure for board appointments
and an effective succession plan for board and senior management.
 A majority of members of a nomination committee should be independent NEDs.
 All directors should be subject to annual re-election.
 The chair should not remain in the post for more than nine years.
Appointments and succession plans should be based on merit and objective criteria and
promote diversity of gender, social and ethnic backgrounds, etc.
The board and its committees should have a combination of skills, experience and
knowledge. The length of service of the board as a whole should be considered and
membership regularly refreshed.
An annual evaluation of the board should consider its composition, diversity and how
effectively members work together to achieve objectives. Individual evaluation should
demonstrate whether each director continues to contribute effectively.
Exhibit 4 Composition, Succession and Evaluation
The following is an extract from Barclays PLC Annual Report 2021:
All Board and senior management appointments are viewed through a diversity
lens and are based on merit and objective criteria, which focus on the skills and
experience required for the Board’s effectiveness and the delivery of the Group
strategy. Board appointments are made following a rigorous and transparent
process facilitated by the Nominations Committee, with the aid of an external
search consultancy firm.
The composition of the Board, Board Committees and the Group Executive
Committee (ExCo) is regularly reviewed by the Nominations Committee. It
frequently considers the skills required for the Board, its Board Committees
and the ExCo, identifying the core competencies, diversity and experience
required. This, along with the annual effectiveness evaluation, helps to
refresh the thinking on Board, Board Committee and ExCo composition
and to determine a timeline for proposed new appointments.
2.4.4 Audit, Risk and Internal Control

The board should:
 establish formal and transparent policies and procedures to ensure the independence and
effectiveness of internal and external audit functions;
 satisfy itself on the integrity of financial and narrative statements;
 present a fair, balanced and understandable assessment of the company’s position and
prospects;
 establish procedures to manage risk and oversee the internal control framework;
 determine the nature and extent of the principal risks the company is willing to take to
achieve its long-term strategic objectives.
These Principles should be met by establishing an audit committee of independent
NEDs.
Exhibit 5 Audit Committee Activities
The following is an extract from BP Annual Report 2021:
How the committee reviewed financial disclosure

The committee reviewed the quarterly, half-year and annual financial
statements with management, focusing on the:
Exhibit 5 Audit Committee Activities
 Integrity of the group’s financial reporting process.

 Clarity of disclosure.
 Compliance with relevant legal and financial reporting standards.
 Application of accounting policies and judgements.
As part of its review, the committee received regular updates from
management and the external auditor in relation to accounting judgements
and estimates, including those relating to recoverability of asset carrying
values including the impact of climate risk and opportunities.
In considering the bp Annual Report …, the committee assessed whether
the report was fair, balanced and understandable … In making this
assessment, the committee examined disclosures during the year,
discussed the requirement with senior management, confirmed that
representations to the external auditor had been evidenced and reviewed
reports relating to internal control over financial reporting…
2.4.5 Remuneration
Remuneration policies and practices should support strategy and promote long-term
success. Executive remuneration should be:
 aligned to company purpose and values; and
 linked to the successful delivery of the company’s long-term strategy.
A formal and transparent procedure for developing policy on directors’ remuneration
and senior management remuneration should be established through a remuneration
committee of independent NEDs. (Again, with a minimum membership of three, or only
two for smaller companies.)
No director should be involved in deciding their remuneration outcome.
Directors should exercise independent judgment and discretion when authorising
remuneration outcomes, considering company and individual performance and wider
circumstances.
Exhibit 6 Remuneration Policy
The following is an extract from the Remuneration Committee Report in Rolls-

Royce Holdings plc Annual Report 2021:
The Remuneration Committee, comprising only NEDs, is responsible for

developing the policy and determining executive and senior management
remuneration.
Exhibit 6 Remuneration Policy
At our AGM in May 2021, shareholders approved our new Remuneration

Policy …
No Director is involved when deciding their own remuneration outcome.
Implementation of the new policy
The new policy comprises a a single incentive plan designed to reward the
key drivers for success, with deferred share awards made at the end of the
performance period. In line with the 2021 policy, no LTIP (long-term
incentive plan) grants were made in 2021 and there will be no cash
bonuses for the Executive Directors at any time between 2021 and 2023.
As part of the policy review and recognising the wider stakeholder agenda,
the 2021 policy has a reduced maximum incentive plan opportunity.
Key elements of the policy were also cascaded to the wider workforce to
ensure alignment across the Group.
3.2.5 Corporate Governance Deficiencies

2.5 Corporate Governance Deficiencies
Even with the growing prevalence of corporate governance codes designed to reduce
the risk of corporate governance failure that leads to significant shareholder losses,
there are still incidences of failure to adequately control and manage a corporation.
The responsibility for good corporate governance lies with TCWG, usually the board of
directors.
High profile corporate governance failure should lead to lessons learnt in the continuing
development of corporate governance codes. There should be a reduction of the risk of
corporate failure with increased compliance with applicable governance codes.
Exhibit 7 Thomas Cook Collapse
The following is an extract from the article “Thomas Cook was brought down by
incompetence, not boardroom greed” published in The Guardian 29 September
2019:
Almost a week after the collapse of Thomas Cook, the cost of failure looks as
severe as feared. Repatriating 150,000 holidaymakers could mean a bill of
£100m. Hoteliers have to be compensated, probably to the tune of tens of millions
of pounds. And the biggest cost involves refunding customers for future bookings.
Exhibit 7 Thomas Cook Collapse
The whole bundle could run to £500m. The travel industry has an insurance
scheme, but taxpayers could still be on the hook for a shortfall.
Incompetence and hubris in the boardroom look to be the direct causes.

Fankhauser, in post for four years, and Frank Meysman, chairman since
2011, must explain why they didn’t fix a fragile balance sheet when it
seemed possible.
The stock market valued Thomas Cook’s equity at £2bn as late as May
2018. Shareholders would not have cheered a rights issue to raise, say,
£500m at that point, but the job of directors is to take the long view.
Fankhauser and Meysman could have pitched a reasonable argument
along these lines: repay some debt, lower the interest costs and allow more
investment in new, company-owned hotels, the focus of the turnaround
strategy.
In November 2017 in the annual report, Meysman wrote that “a highly
competitive environment ... has contributed to the collapse of a number of
competitors in the last 12 months”, so he was clearly aware of the external
risks. Given that Thomas Cook itself almost failed in 2011, reducing debt
should have been the absolute priority. The most astonishing statistic in the
whole saga is that the company paid £1.2bn in interest charges after 2010.
As for the accounting angle, Reeves’s committee must ask why Thomas
Cook recorded so many one-off charges and “separately disclosed items”
over the years. The company was in restructuring mode, so heavy use of
exceptional items is not unusual, but EY, after it took over from PwC as
auditor in 2017, challenged some of the treatments. Why hadn’t the
company’s own audit committee done so previously? There must also be
an explanation of why a £1.1bn goodwill writedown on the purchase of
MyTravel appeared in the interim results only this year – the acquisition
itself happened in 2007.
Fankhauser and Meysman, no doubt, will issue grovelling apologies to the
committee. That’s the usual form for directors who have failed. It’s an
explanation for their actions, though, that former employees deserve to
hear.
Auditors also need to be aware of their critical role in corporate governance and
maintain the necessary independence to carry out duties with sufficient levels of
scepticism and professional judgement.
Exhibit 8 Carillion Collapse
The following is an extract from the Financial Times article “KPMG sued for
£1.3bn over Carillion audit”, February 2022:
KPMG has been sued for £1.3bn by the liquidators of Carillion, who claim the
auditor missed “red flags” that the UK outsourcer’s accounts were misstated and
that the group was insolvent more than two years before it collapsed.
The liquidators allege that Carillion could have avoided a £1.1bn

deterioration in its cash position between December 2016 and its implosion
in January 2018 if KPMG had identified that the outsourcer was insolvent at
the start of the period, according to a copy of the claim seen by the
Financial Times.
The liquidators allege that KPMG failed to remain independent from
Carillion’s management and that audit partner Peter Meehan “repeatedly
accepted hospitality from and offered hospitality to Carillion and its senior
management” and “failed to respect the proper boundaries of the auditor
client relationship”. Meehan helped management to get figures “past” the
audit committee and backdated its audit opinion on Carillion Construction
Limited for 2016, according to the claim.
In a statement, KPMG said that “we believe this claim is without merit and
we will robustly defend the case. Responsibility for the failure of Carillion
lies solely with the company’s board and management, who set the
strategy and ran the business.”
KPMG boss Jon Holt apologised in January, saying the firm had misled the
UK accounting regulator during an inspection of the audit of Carillion’s
2016 accounts. Members of KPMG’s Carillion audit team, including
Meehan, have denied wrongdoing and blamed each other during a tribunal
that is set to resume next week. The Financial Reporting Council is
separately investigating possible failings in the Carillion audits.
Exam advice
An exam question might present a scenario on the state of a company’s

governance. Candidates should be able to identify corporate governance
deficiencies and make appropriate recommendations.
This would require knowledge of the principles of corporate governance

and an understanding of the reasoning behind them ( e.g. a board
composed of at least half independent NEDs brings balance to the board
Exam advice
and greater breadth of expertise, as well monitoring the actions of

executive directors in the interests of shareholders).
Exhibit 9 Failure to Disclose Non-compliance with the Code
The following is an extract from the Executive Summary of the FRC’s “Review of
Corporate Governance Reporting”, November 2021:
One of our major concerns last year was that companies were failing to disclose
non-compliance with the Code. As a result, we issued Improving the quality of
“comply or explain” reporting. This guidance confirmed that the comply or explain
approach supports non-compliance when accompanied with an effective
explanation.
This year we expected an increase in the number of disclosures of non-

compliance. However, there is still room for improvement in relation to the
quality of explanations. Unfortunately, as last year, we continue to see the
use of boilerplate or declaratory statements. These statements are seldom
substantiated by actions or examples, and therefore do not offer insight into
company governance.
Diversity and inclusion and succession planning at board-level and through
the pipeline continue to remain a concern. There is often a lack of cohesion
between policies and succession plans.
There continues to be minimal information on how diversity and inclusion
policies and objectives link to company strategy. This view is supported by
the generally poor reporting by nominations committees on succession
planning…
… All companies reported that they had reviewed their systems. However,
in a year where we expected to see changes made very few commented
on how they reviewed the effectiveness of their systems, this is an issue
that has been raised as part of the audit consultation.
While most companies confirmed that their remuneration arrangements
support company’s strategy, only some of them explained how. Very few
companies explained how remuneration aligns with company purpose and
values.
In challenging circumstances many remuneration committees used
discretion to change remuneration outcomes in line with company
performance and shareholder and stakeholder experience.
Activity 2 Corporate Governance Deficiencies
During the audit of a new client, you listed the following corporate governance practices
used by your client.
Deficiency
Yes/No Recommendation:
1. The entity has a six-member board of

directors, including executive and
non-executive directors. 2.
2. The CEO serves as the chairman

of the board of directors. 3.
3. The board includes two

independent NEDs. 4.
4. New board members are

selected by a nominations committee
headed by the chairman/CEO. 5.
5. The audit committee comprises

two executive directors and the two
NEDs. 6.
6. One of the independent non-

executive audit committee members
recently retired after serving for ten years
as the CFO of a major corporation. 7.
7. The remuneration committee

comprises one executive director and
one NED, and they decide the
remuneration of all board members. 8.
8. Management is required to
assess the effectiveness of internal
controls on an annual basis. 9.
Required:
Select yes or no to indicate whether each corporate governance practice is a

corporate governance deficiency. If the practice is a deficiency, recommend how
it should be corrected. If there is no deficiency, leave the recommendation box
blank.
1. No
(This is not a corporate governance deficiency. An entity with strong corporate
governance should have a board of directors that comprises both executive and
NED.)
2. Yes
Recommendation: The chairman of the board of directors should be an independent
non-executive director.
3. Yes
Recommendation: The board should have a combination of executive and non-
executive directors so that no group of individuals can dominate the board. Because
this is a six-member board, there should be three executive directors and three
NEDs.
4. Yes
Recommendation: The chairman/CEO is an executive director and should not chair
the nominations committee. An independent NED should head the nominations
committee.
5. Yes
Recommendation: The audit committee should include at least three independent
NEDs. Executive directors should not be part of the audit committee.
6. No
This is not a corporate governance deficiency. At least one audit committee member
should have recent, relevant financial experience, such as time spent as a CFO of a
major corporation.
7. Yes
Recommendation: A remuneration committee composed of independent NEDs
should decide the remuneration and compensation of the executive directors and the
chairman. The board should set the remuneration of the NEDs.
8. No
This is not a corporate governance deficiency. Management should be required to
assess the effectiveness of internal controls at least annually.
3.3.1 Introduction
3.1 Introduction
For a listed company, an audit committee is how the board establishes "formal and
transparent arrangements" to meet the corporate reporting and risk management and
internal control principles. It is also best practice for unlisted and other entities.
 An audit committee should comprise at least three independent NEDs (two for a
smaller company).
 At least one member must have recent and relevant financial experience.
 As a whole, the committee must have competence relevant to the sector in which
the company operates.
Key Point
 Through the audit committee, external auditors are responsible and

report to the shareholders, not the executive management.
 The audit committee enhances the external auditor's independence and
provides greater independence for the internal auditor.
The audit committee’s role considers the risks and controls over the financial reporting
process and the tax, environmental, legal and other regulatory matters that have a
material effect on the financial statements.
Exhibit 10 Audit and Risk Committee Report
The following is an extract from the Annual Report and Accounts 2021 of
The Sage Group plc:
Role of the Committee

The Committee is an essential part of Sage’s overall governance
framework. The Board has delegated to the Committee the responsibility to
oversee and assess the integrity of the Group’s financial reporting, risk
management and internal control procedures, and the work of both the
internal audit function and the external auditor, EY. These responsibilities
are defined in the Committee’s Terms of Reference, which were reviewed
and approved by the Committee and the Board in May 2021.
Composition
The Code requires that at least one member of the Committee has recent
and relevant financial experience. The Disclosure Guidance and
Transparency Rules (DTRs) require that at least one member has
competence in accounting and/or auditing. The Board is satisfied that this
requirement is met, with the Chair of the Committee being a qualified
chartered accountant and experienced Audit Committee Chair following 25
years in financial services as a corporate finance advisor in the investment
banking sector.
3.3.2 FRC Guidance on Audit Committees

3.2 FRC Guidance on Audit Committees
The Financial Reporting Council (FRC) Guidance on Audit Committees supports the
Code by providing examples of best practices concerning audit committees.
 Of the four committees mentioned explicitly by the Code – audit, nominations,
remuneration and risk – the audit committee is probably the most central to the
appropriate functioning of corporate governance.
 The audit committee should have competence relevant to the company’s sector.
3.3.3 Role and Responsibilities
3.3 Role and Responsibilities
The primary role and responsibilities of the audit committee, which must be set out in
published written terms of reference, are to:
 Monitor the integrity of the financial statements and review significant financial
reporting judgments contained in them.
 Advise the board on whether the annual report is fair, balanced and understandable
and provides the information necessary for users to assess the company's
performance, business model and strategy.
 Review the internal financial controls, internal control and risk management systems
unless expressly addressed by:
o a separate board risk committee composed of independent NEDs; or
o the board itself.
 Monitor and review the effectiveness of the internal audit function. If there is no
internal audit, consider annually if there is a need for internal audit and make that
recommendation to the board. The role of internal audit in corporate governance is
explored in Chapter 14.
 Make recommendations to the board to put to the shareholders for their approval in
general meeting regarding the appointment, re-appointment and removal of the
external auditor.
 Review and monitor the external auditor's independence and objectivity and the
effectiveness of the audit process.
 Develop and implement policy on the external auditor's engagement to supply non-
audit services, taking into account relevant ethical guidance (see Chapter 4).
Key Point
Pre-approval of non-audit services should only be in place for clearly trivial

matters.
 Review “whistle-blowing” arrangements:
o by which staff may, in confidence, raise concerns about possible
improprieties in matters of financial reporting or other issues;
o to ensure the proportionate and independent investigation of such matters;
and
o for appropriate follow-up action.
A whistle-blower, fearing repercussions, might otherwise go to an external agency
(e.g. the press) which could breach confidentiality. Therefore, discussing such
matters with an audit committee member provides confidentiality and confidence in
knowing that appropriate action will be taken.
 Report to the board on how it has discharged its responsibilities.
 Ensure that shareholder interests are adequately protected concerning financial
reporting and internal control.
 Consider the clarity of audit committee reporting and be prepared to meet investor.
3.3.4 Benefits and Limitations

3.4 Benefits and Limitations
3.4.1 Benefits
Audit committees:
 Provide effective and informed oversight in helping to ensure market, public and
stakeholder confidence in high-quality financial reporting. Effective audit committees:
o need to be able to investigate issues on their initiative, rather than as directed by
the CEO;
o must be clear about what they need to know and determined to receive the
information they require;
o should act as a significant deterrent and minimise the opportunities for fraud to
be carried out undetected.
 Enable the board to delegate a thorough and detailed review of audit matters, both internal
and external, to enhance external confidence in the entity.
 Enable NEDs to contribute independent judgment on issues of critical importance in running
the business (e.g. investment decisions, risk analysis) and play a positive role in areas for
which their skills are particularly fitted.
 Offer the external and internal auditors a direct, formal link with NEDs. It also results in
informal communications with the NEDs.
3.4.2 Limitations
 Audit committees may be seen as an unnecessary legal or regulatory burden placed upon
the board: "We know how to run the company without anybody else telling us what to do".
 The demands and expectations on the time and expertise of NEDs are such that suitable
candidates are harder to find. The audit committee is expected to meet regularly and
provide a high-level oversight function that may lead to detailed work (e.g. if there is unease
about management's accounting estimates, the committee may need to seek external
advice).
 The risks and burden of responsibility placed on audit committee members may result in a
sense that the "reward is not worth the effort" or rather that the risks are too high. The
overall ability of the audit committee may therefore be less than what is required.
 Audit committees come at a price. The advantages of having one must be effectively used
to ensure appropriate cost benefit (e.g. enhancing public credibility or providing an
experienced "sounding board" for the executive directors).
 Audit committees will only be effective where they can operate as intended by the various
governance codes. Anything less than respect and understanding of their role by the board
of directors, together with unfettered access to all information, will diminish that
effectiveness.
3.3.5 Risk Management and Internal Control

3.5 Risk Management and Internal Control
According to the UK Code:
 One of the primary roles of the audit committee is to review the company’s internal
financial controls and internal control and risk management systems unless
expressly addressed by a separate board risk committee (composed of independent
NEDs) or the board itself.
 The board should monitor the company’s risk management and internal control
(RMIC) systems and, at least annually, review their effectiveness and report on that
review in the annual report.
The Code is supported by the FRC’s Guidance on Risk Management, Internal Control
and Related Financial and Business Reporting, which states:
 The board has ultimate responsibility for RMIC, including
o determining the nature and extent of the principal risks it is willing to take
to achieve its strategic objectives (“risk appetite”);
o ensuring that an appropriate culture has been embedded throughout the
organisation;
o agreeing on how the principal risks should be managed or mitigated to
reduce the likelihood of their incidence or their impact.
Key Point
Culture and behaviour are crucial to high-quality risk management.

 Training and communication assist in embedding the desired culture and
behaviours.
 Effective controls are an essential element of RMIC systems and can cover many
aspects of a business, including strategic, financial, operational and compliance.
 The board should agree on how the principal risks will be managed or mitigated and
which controls will be implemented. In approving the controls the board should
determine what constitutes a significant control failure.
Key Point
Management has day-to-day responsibility for implementing the board’s

policies.
 A RMIC system will include:
o risk assessment;
o management or mitigation of risks, including the use of control processes;
o information and communication systems; and
o processes for monitoring and reviewing their continuing effectiveness.
 Risks will differ between companies but may include financial, operational,
reputational, behavioural, organisational, third party or external risks (e.g. market or
regulatory risk, over which the board may have little or no direct control).
3 Syllabus Coverage
Syllabus Coverage

3. Corporate governance
1. Discuss the objective, relevance and importance of corporate governance.
2. Discuss the provisions of international codes of corporate governance (such as OECD) that
are most relevant to auditors.
3. Describe good corporate governance requirements relating to directors' responsibilities (e.g.
for risk management and internal control) and the reporting responsibilities of auditors.
4. Evaluate corporate governance deficiencies and provide recommendations to allow
compliance with international codes of corporate governance.
5. Analyse the structure and roles of audit committees and discuss their benefits and
limitations.
6. Explain the importance of internal control and risk management.
Technical Articles
to this chapter.
For more recent articles and other resources please visit the ACCA global website

Visual Overview
Objective: To explain the ACCA Code of Ethics and Conduct, which students and
members of ACCA must comply with.
1.1 Complying with the Code
Key Point
The Code establishes five fundamental principles:

1. integrity;
2. objectivity;
3. professional competence and due care;
4. confidentiality; and
5. professional behaviour.
As a member of IFAC, ACCA's Code of Ethics and Conduct is based on
IESBA's International Code of Ethics for Professional Accountants.
All students and members of the Chartered Association (e.g. in practice, commerce,
internal audit, education) must observe proper standards of professional conduct and
refrain from misconduct. Failure to observe standards may result in disciplinary
proceedings. The ACCA Code of Ethics and Conduct can be downloaded from Code of
Ethics and Conduct | ACCA Global.
References to relevant paragraphs of the Code have been provided throughout this
chapter for information only; they are not to be learnt. “R” denotes requirements and “A”
application material.
4.1.2 Fundamental Principles

1.2 Fundamental Principles
1.2.1 Integrity (R111)

In all professional, business, personal and financial relationships, the professional
accountant should be straightforward and honest. This implies fair dealing, truthfulness
and having the strength of character to act appropriately, even when facing pressure
to do otherwise or when doing so creates potential adverse personal or organisational
consequences. This means, for example, standing one’s ground when confronted by
dilemmas or difficult situations or challenging others when circumstances warrant.
Professional accountants should not knowingly be associated with reports, returns,
communications or other information which they believe:
 contains materially false or misleading statements;
 contains statements or information provided recklessly; or
 omits or obscures required information where such omission or obscurity would be
misleading.
Note that issuing a modified opinion (e.g. in an auditor’s report on historical financial
statements) does not breach this principle.
Key Point
The critical test here is association. Integrity is a state of mind; however, it

can only be judged based on the information the professional accountant is
associated with (whether the accountant produced it or provided assurance
on it).
Activity 1 Integrity
Describe THREE situations in which the integrity of a professional accountant may be

threatened.
1. As an auditor, if a set of financial statements contain a material misstatement that the
directors refuse to change, an unmodified opinion would not be issued.
2. In the context of other work (e.g. preparing a cash flow forecast), if asked to verify
misleading data, the member would refuse to accept the engagement or withdraw as soon
as he becomes aware that the data is misleading and the client refuses to change.
3. For an accountant in business, being asked by the CFO to sign off on management
accounts for the bank that contain significant differences from the underlying records.
1.2.2 Objectivity (R112)
The professional accountant’s exercise of professional or business judgements must
not be compromised by:
 bias;
 conflict of interest; or
 undue influence of, or undue reliance on, individuals, organisations, technology and other
factors.
Key Point
A professional accountant should not undertake a professional activity if a

circumstance or relationship unduly influences the accountant’s professional
judgment regarding that activity.
1.2.3 Professional Competence and Due Care (R113)

A professional accountant must:
 Attain and maintain the level of professional knowledge and skill required to ensure
their competence based on current standards and relevant legislation; and
 Act diligently and in accordance with applicable technical and professional standards.
Maintaining professional competence requires a continuing awareness and
understanding of relevant technical, professional and business and technology-related
developments. This is achieved through continuing professional development (CPD).
Professional accountants must take reasonable steps to ensure that those who work in
a professional capacity under their authority have appropriate training and supervision.
Diligence encompasses the responsibility to act according to the assignment’s
requirements carefully, thoroughly and on a timely basis.
Where appropriate, clients or the employing organisation should be informed of the
limitations inherent in the services or activities.
Key Point
In providing assurance services, levels of assurance on information, may

range from “reasonable” assurance to “limited” assurance (see Chapter 1).
Professional judgement is required on the amount of sufficient appropriate
evidence to be obtained for the level of assurance to be provided by an
assurance report.
1.2.4 Confidentiality (R114)

The principle of confidentiality requires an accountant to respect the confidentiality
of information acquired as a result of professional and business relationships.
An accountant must be alert to the possibility of inadvertent disclosure (e.g. in a social
environment and to close business associates or family members).
Key Point
Confidential information should not be:

 disclosed to third parties without proper and specific authority or unless
there is a legal, professional right or duty to disclose;
 used for any personal advantage or the advantage of a third party.
Confidentiality is considered in more detail in s.4.
1.2.5 Professional Behaviour (R115)
An accountant must:
 comply with relevant laws and regulations; and
 avoid any conduct that might discredit the profession.
In marketing and promoting themselves and their work, professional accountants should
not bring the profession into disrepute. They should be honest and truthful
and not make:
 exaggerated claims for their services, qualifications or experience; or
 disparaging references or unsubstantiated comparisons to the work of others. A claim such
as "We are the best, better than all the rest" is not professional.
Professional accountants should behave with courtesy and consideration towards
everyone they encounter in a professional capacity.
4.1.3 Conceptual Framework (R120.3-R120.5)
1.3 Conceptual Framework (R120.3-R120.5)
Key Point
The Code provides a conceptual framework that professional accountants must

apply to identify, evaluate and address threats to compliance with the
fundamental principles.
The framework requires professional accountants to consider the threats they face and
to match those threats with the appropriate action. It is not a set of rigid rules in a fixed
framework.
If identified threats are not at an “acceptable level”, the professional accountant must
implement safeguards to eliminate the threats or reduce them to an acceptable level so
that compliance with the fundamental principles is not compromised.
Definition
Acceptable level – a level at which a reasonable and informed third

party would likely conclude that the professional accountant complies with
the fundamental principles.
The framework should be applied to the particular circumstances. If a situation does not
match any of the examples, as a general rule, "if in doubt, avoid; do not do." Just
because a situation or circumstance is not prohibited, does not mean it is permitted.
4.1.4 Threats (R120.6)

1.4 Threats (R120.6)
An accountant must identify threats to compliance with the fundamental principles.

Compliance with the fundamental principles may potentially be threatened by a broad
range of circumstances which generally fall into one or more of the following categories:
 Self-interest threat;
 Self-review threat;
 Advocacy threat;
 Familiarity threat; and
 Intimidation threat.
The term "management threat" is widely used to describe the threats that arise when an
audit firm undertakes an activity that is management's responsibility. However, it
is not a separate category of threat in the Code.
Exam advice
A scenario or situation in a question might pose multiple threats. This

means various actions might need to be taken to mitigate the threats.
For example, a close family member of the auditor who is an executive
director of an audit client gives rise to both self-interest and familiarity
threats (and perhaps intimidation).
1.4.1 Self-Interest Threat

A self-interest threat may occur due to the financial or other interests of the professional
accountant (including immediate or close family members). For example:
 undue dependence on total fees from a client;
 loans or guarantees made to or from a client;
 close personal or business relationships with a client;
 audit team member negotiating employment with a client;
 financial interest in a client;
 gifts and hospitality; and
 concern over losing a client or employment security.
Example 1 Self-interest Threats
1. Breuger Co has offered the auditor an additional fee for issuing an unmodified
audit opinion for the current reporting year.
Example 1 Self-interest Threats
2. Douglas Lu, the auditor of Ayeland Bank, is also a customer of the bank.
Ayeland Bank has offered Douglas Lu preferential rates on his loan and
overdraft facilities.
3. Tucker Chartered Accountants, a relatively new audit firm, is conducting the
audit for Tubbletown Co. During a recent conversation, Tubbletown’s CEO
wished Tucker success in its future ventures and promised to take up the offer
of non-audit services from Tucker if an unmodified audit opinion is issued on
completion of the audit.
1.4.2 Self-Review Threat

 A self-review threat may arise when a professional accountant does not appropriately
evaluate the results of a previous judgment made by either themselves or another individual
within their firm or employing organisation, which they will rely on when forming a judgment
in providing a current service.
 Examples include, but are not limited to:
o reporting on the operation of systems after being involved in their design or
implementation;
o a member of an engagement team having previously been employed by the
client in a position that directly influenced the subject matter (e.g. financial statements);
and
o business decisions or data being reviewed and justified by the person
responsible for making those decisions or preparing those data.
Example 2 Self-review Threats
1. Dregger & Co, currently appointed as the auditor of Turnbally Co, was
previously engaged by Turnbally Co to design and implement its digitalised
financial control system.
2. Mariana, the audit manager for the statutory audit of Ruger Co, was previously
engaged as a non-executive director of Ruger and the chair of Ruger’s audit
committee.
1.4.3 Advocacy Threat

An advocacy threat is created when the professional accountant promotes a client's or
employer's position or opinion to the point that subsequent objectivity may be
compromised. If the position has changed later, there may be pressure to ignore that
change.
Examples of advocacy threats include:
 promoting shares in an audit client;
 acting as an advocate on behalf of an audit client in litigation or disputes with third parties;
 commenting publicly on future events in particular circumstances, having made assertions
without detailing the assumptions; and
 where information is incomplete or advocating an argument which is unlawful.
Example 3 Advocacy Threats
1. Pally & Co has been asked to make representations supporting its audit client,
Baroo Co, in applying for loan facilities from a consortium of banks because
Pally & Co had issued unmodified opinions on Baroo’s financial statements for
a few years.
2. Balsyer Co, impressed with the quality of work performed by TT Chartered
Accountants on its statutory audit, has invited TT to be its reporting
accountants for its upcoming initial public offering (IPO) and accompanying
promotions to institutional investors.
1.4.4 Familiarity Threat

A familiarity threat can arise when a professional accountant, because of a long or close
relationship, becomes too sympathetic to the interests of a client or employer or too
willing to accept their work and explanations.
Key Point
There is a significant risk that professional scepticism will not be sufficiently

applied.
Examples of familiarity threats include:

 Over-familiarity (e.g. close or immediate family member) with management such that
professional judgement could be compromised;
 Long association with business contacts influencing business decisions;
 Acceptance of gifts or preferential treatment, unless the value is insignificant; and
 A former partner of the audit firm becoming a director, officer or employee of a client in a
position to exert direct influence over the financial statements (or other subject matter of the
engagement).
Example 4 Familiarity Threats
1. The CEO of Rublus Co is also the wife of the engagement partner for the
company’s statutory audit.
2. Patrick, a former partner in Delim & Co has joined Pack Co as finance
director. Patrick was the audit engagement partner of Pack Co in previous
years and Delim & Co is still Pack Co’s auditor this year.
1.4.5 Intimidation Threat

An intimidation threat arises where the professional accountant may be deterred from
acting objectively by actual or perceived pressures, including attempts to exercise
undue influence over the accountant.
Examples of intimidation include:
 the threat of dismissal (as an employee) or replacement (as an auditor), for example, over a
disagreement about the application of an accounting principle;
 a dominant personality attempting to influence the presentation of financial information or
controlling relations with auditors (e.g. their appointment);
 being threatened with litigation; and
 being pressurised to reduce necessary work to reduce costs or fees.
Example 5 Intimidation Threats
1. The finance director of Belmont Co has informed the auditor that the company
might start looking for a new auditor in the event of an unfavourable audit
opinion.
2. Balsi Co’s management has informed the auditor, Truf & Co, that it would hold
Truf & Co liable for any drop in share price if the audit opinion is unfavourable.
Key Point
A circumstance might create more than one threat, and a threat might affect
compliance with more than one fundamental principle.
4.1.5 Addressing Threats (R120.10)

1.5 Addressing Threats (R120.10)
There are three ways to address threats to the fundamental principles:

1. Eliminate the circumstances, including interests or relationships, that are creating
the threats;
For example, a member of the audit team may sell any direct holdings in a client’s
shares before the commencement of the audit.
2. Apply safeguards, where available and capable of being applied, to reduce the
threats to an acceptable level; or
3. Decline or end the specific professional activity. This may be the only course of
action (i.e. when a threat cannot be eliminated or reduced to an acceptable level
through safeguards).
For example, an auditor may decline to advise a client on a takeover bid where the
target company is another audit client.
Definition
Safeguards – actions, individually or in combination, taken by

the professional accountant that effectively eliminate threats to
compliance with the fundamental principles or reduce them to an
acceptable level.
This means that:
 A safeguard must be an action by the professional accountant (not just a
consideration).
 Some actions which may be necessary to evaluate an ethical threat (e.g. taking
advice from a third party) may not themselves be a safeguard. A safeguard would
still need to be actioned (e.g. in response to the advice received).
Key Point
The professional accountant’s action is not a safeguard unless it

is effective.
4.2.1 Independence, Objectivity and Integrity (400.5, R400.11)

2.1 Independence, Objectivity and Integrity (400.5, R400.11)
Independence is a requirement for all professional accountants and their firms when
performing audit engagements.
Key Point
An auditor's integrity and objectivity must be beyond question. Objectivity

can only be assured if the auditor is, and is seen to be, as independent as
possible.
Independence requires both independence of mind and independence in appearance.
Independence of mind means that the state of mind:
 permits the expression of a conclusion without being affected by influences that
compromise professional judgement; and
 allows an individual to act with integrity and exercise objectivity and professional
scepticism.
Independence in appearance means avoiding instances in which the facts and
circumstances are so significant that a reasonable and informed third party, knowing all
relevant information (including safeguards applied), would reasonably conclude that a
auditor's integrity, objectivity or professional scepticism had been compromised.
The following examples describe specific circumstances and relationships that may
cause threats to independence. Although they mainly relate to professional accountants
in practice (i.e. audit and assurance), they can equally apply to the provision of non-
assurance services and professional accountants in industry, commerce, etc.
2.2 Fees
2.2.1 General (410.3-410.4)

Fees for professional services are usually negotiated with and paid by an audit client.
This practice is generally recognised and accepted by intended users of financial
statements. However, it creates a self-interest threat and might create
an intimidation threat to independence.
The level of threats created will depend on many factors, for example:
 the level of the fees (having regard to the resources required);
 the extent of any dependency between the fee and the outcome of the service;
 the operating structure and compensation arrangements of the firm;
 the significance of the client to the firm, office or partner;
 the nature of the client (e.g. whether it is a public interest entity); and
 the involvement of those charged with governance (TCWG) in appointing the auditor and
agreeing fees.
The existence of a system of quality management implemented (see Chapter 5) may
also affect the evaluation of whether threats are at an acceptable level.
2.2.2 Level of Audit Fees (410.5)

Factors that are relevant in evaluating the level of self-interest and intimidation threats
created by the level of the audit fee paid by the audit client include:
 The firm’s commercial rationale for the audit fee; and
 Whether undue pressure has been, or is being, applied by the client to reduce the audit fee.
Actions that might be safeguards to address such threats include having an appropriate
reviewer who does not take part in the audit engagement:
 assess the reasonableness of the fee proposed, having regard to the scope and complexity
of the engagement;
 review the work performed.
2.2.3 Contingent Fees (410.8)

Definition
Contingent fees – fees calculated on a predetermined basis relating to the

outcome of a transaction or the result of the services performed.
Key Point
A firm must not charge directly or indirectly a contingent fee for an audit
engagement.
Contingent fees are also prohibited for non-assurance services (NAS) to audit clients if:
 the fee is material (or expected to be material) to the firm; of
 the outcome of the NAS, and therefore the amount of the fee, depends on a future or current
judgment related to the audit of a material amount in the financial statements.
2.2.4 Total Fees – Proportion of Fees for Other Services (410.11)
The level of the self-interest threat might be increased when a large proportion of fees is
generated from other services to an audit client, due to concerns about the potential
loss of either the audit engagement or other services. Such circumstances might also
create an intimidation threat.
Factors that are relevant in evaluating the level of such threats include:
 the ratio of fees for other services to the audit fee;
 the length of time during which a high ratio has existed;
 the nature, scope and purposes of the other services (e.g. whether they are recurring).
Examples of safeguards include:
 Having an appropriate reviewer who was not involved in the audit or the other services
review the relevant audit work;
 Reducing the extent of other services provided to the audit client.
2.2.5 Total Fees – Overdue Fees (410.12)

The level of the self-interest threat might be increased if fees payable by an audit client
are overdue during the period of the audit engagement.
It is generally expected that the firm will obtain payment of such fees before the audit
report is issued.
Factors that are relevant in evaluating the level of such a self-interest threat include:
 the significance of the overdue fees to the firm;
 the length of time the fees have been overdue; and
 the ability and willingness of the audit client to pay the overdue fees.
Examples of safeguards include:
 Obtaining partial payment of overdue fees;
 Having an appropriate reviewer who did not take part in the audit engagement review the
audit work.
Key Point
When a significant part of the fees due from an audit client remains unpaid for a
long time, the Firm must determine whether:
 the overdue fees might be equivalent to a loan to the client (see s.2.7); and
 it is appropriate for the firm to be re-appointed or continue the audit
engagement.
2.2.6 Total Fees – Fee Dependency – All Audit Clients (410.14)

When the total fees generated by an audit client represent a large proportion of a firm's
total fees, the dependence on, and concern about the potential loss of, fees increase
the self-interest threat and create an intimidation threat.
The level of the threats will depend on factors such as:
 the operating structure of the firm;
 whether the firm is expected to diversify (such that dependence is reduced).
A self-interest or intimidation threat is similarly created when the fees generated by a
firm from an audit client represent a large proportion of the revenue of one partner or
one office of the firm.
2.2.7 Public Interest Entities (R410.18)

Definition
Public interest entity (PIE) – a listed entity, or an entity required by a regulator to

be audited as if it were listed, or an entity of significant public interest due to size
or business (e.g. banks).
When for each of two consecutive years, the total fees from a PIE client represent more
than 15% of the firm’s total fees, the firm must:
 determine whether, prior to issuing the audit opinion on the second year’s financial
statements, a “pre-issuance review” (equivalent to an engagement quality review) might be
a safeguard to reduce the threats to an acceptable level; and
 if so, apply it.
(Engagement quality reviews are described in Chapter 5.)
Key Point
If these circumstances continue for five consecutive years, the firm must cease to
be the auditor after the audit opinion for the fifth year is issued.
The only exception to this requirement is if:

 a regulatory professional body in the relevant jurisdiction agrees that there is a compelling
reason to continue “having regard to the public interest”; and
 a pre-issuance review is performed before the audit opinion is issued on the sixth and any
subsequent year’s financial statements.
2.2.8 Fee Dependency – Not PIEs (410.15)

When for each of five consecutive years, the total fees from a not PIE client represent
more than 30% of the firm’s total fees, the firm must determine whether either of the
following actions might reduce the threats to an acceptable level, and if so, apply it:
 prior to issuing the audit opinion for the fifth year, a professional accountant who is not a
member of the firm, reviews that year’s audit work; or
 after the fifth year’s audit opinion has been issued (and before the sixth year’s), a
professional accountant reviews the fifth year’s audit work.
4.2.3 Inducements, including Gifts and Hospitality (R420.3)

2.3 Inducements, including Gifts and Hospitality (R420.3)
Offering or accepting inducements might create a self-interest, familiarity or intimidation
threat to compliance with the fundamental principles, particularly the principles of
integrity, objectivity and professional behaviour. An inducement can take many forms,
for example:
An inducement can take many forms, for example:
 Gifts
 Hospitality and entertainment
 Political or charitable donations
 Appeals to friendship and loyalty
 Employment or other commercial opportunities
 Preferential treatment, rights or privileges.
The professional accountant must comply with relevant laws and regulations that
prohibit the offer or acceptance of inducements in certain circumstances (e.g. those
related to bribery and corruption).
A firm or audit team member must not accept gifts and hospitality from an audit client
unless the value is trivial and inconsequential.
Any gift that is intended to influence behaviour improperly should not be accepted (even
if the value is trivial and inconsequential).
Key Point
Offering or accepting of inducements that are not prohibited might still

threaten compliance with the fundamental principles.
Safeguard include:
 Informing senior management of the firm or TCWG of the client regarding the offer;
 Amending or terminating the business relationship with the client.
4.2.4 Actual or Threatened Litigation (430.3 A)

2.4 Actual or Threatened Litigation (430.3 A)
Actual or threatened litigation typically involves the issue (or threat) of a writ against the
firm for negligence or failure to conduct activities professionally resulting in a breakdown
of trust.
When litigation with an audit client occurs or appears likely, self-interest and intimidation
threats are created.
The firm and client may be placed in adversarial positions, therefore:
 the auditor may be unable to report impartially; and/or
 the client may be unwilling to disclose relevant information.
The significance of the threat will depend on:
 the materiality of the litigation;
 whether the litigation relates to a prior audit engagement.
Safeguards that may be applied include:
 independent review of the work carried out and subject to the litigation; and
 if the litigation involves a member of the audit team, removing that individual from
the audit team.
4.2.5 Financial Interests

2.5 Financial Interests
Financial interests may be held and controlled directly (e.g. personal shareholdings) or
indirectly (e.g. through a pension fund).
Holders of a relevant interest (e.g. direct interest or material indirect interest) in an
assurance client are at risk, and the self-interest threat should be assessed.
The threat depends on whether the relevant interest is held by:
 a partner (regardless of any involvement in the audit);
 an employee; or
 an immediate or close family member.
2.5.1 Audit Team Members and Partners (R510.4)

A relevant interest in an audit client cannot be held by:
 An audit team member; or
 Any partner in the office of the engagement partner; or
 Their immediate family (i.e. spouse, partner or dependent).
If held, there are no safeguards that would reduce the threat to an acceptable level, so:
 the individual must dispose of the interest; or
 the firm disengage from the audit; or
 the audit team member/partner resigns from the firm.
If the individual receives the interest unintentionally (e.g. an inheritance or gift), it must
be disposed of immediately.
As an exception, an immediate family member may hold a relevant interest in an audit
client, provided that:
 It was received as an employment right (e.g. through a pension or share option plans) and,
when necessary, the firm addresses the threat created by the financial interest (e.g. by
removing the team member from the audit); and
 When he obtains the right to dispose of the interest, he does so as soon as (or otherwise
forfeits that right).
Key Point
Many firms require all professional employees not to hold any interest in any audit
client. Where an immediate family holds an interest, the employee should not be
assigned to that audit.
2.5.2 Close Family Member (R510.5)

A close family member is a parent, child or sibling (brother/sister) who is not an
immediate family member.
When a close family member holds a relevant interest in an assurance client, their
relationship with the audit team member (partner or employee) and the materiality of the
interest should be taken into account in assessing the significance of any threat.
Disposal of the interest or removing the individual from the audit team would eliminate
the threat.
An example of a safeguard is an independent review of the work carried out by the audit
team member.
4.2.6 Family and Other Personal Relationships (R521.5-R521.8)

2.6 Family and Other Personal Relationships (R521.5-
R521.8)
Personal relationships (e.g. through mutual business interests or close friendship) or

family relationships (e.g. by marriage or birth) between a member of the audit team and
a client's directors, officers and other employees create self-interest, familiarity or
intimidation threats.
The significance of the threats will depend on factors such as:
 the nature or closeness of the relationship;
 the position held by the family member/client's employee; and
 the role of the audit team member.
The more senior the individuals involved, the greater the threat. Therefore, an
individual cannot be a member of an audit team if an immediate family member:
 Is a director or officer of the audit client;
 Is an employee in a position to exert significant influence over the preparation of the client’s
accounting records or the financial statements on which the firm will express an opinion; or
 Was in such a position during any period covered by the engagement or the financial
statements.
In other situations, safeguards include restructuring the responsibilities of the audit
team, so the team member does not deal with the areas of responsibility of the family
member/client employee.
Activity 2 Family and Other Personal Relationships
Suggest how the threats arising in each of the following situations should be addressed:
1. A trainee's uncle is a director of an assurance client.
2. A trainee's friend from university is the credit controller of an audit client.
3. An audit manager's fiancée is the credit controller of an audit client.
4. A partner's sister is a director of a company.
1. The trainee should not be a member of the assurance team.
2. If the trainee remains on the team, he cannot be involved in auditing sales or receivables.
3. The manager should not be involved with the audit as he would be responsible for directing
and reviewing the audit work on receivables carried out by trainees.
4. The firm should not provide assurance services to the company. If requested to tender for
the audit, the firm should decline. If the sister is recruited as a director by the company,
which is already an audit client, the firm should resign from the audit.
4.2.7 Loans and Guarantees (R511.4-R511.7)

2.7 Loans and Guarantees (R511.4-R511.7)
Loans and guarantees to an audit client by a firm, audit team member or immediate
family are prohibited unless immaterial to both:
 the firm (or individual) making the loan or guarantee; and
 the client.
Loans and guarantees from an audit client that is not a bank (or similar institution) are
similarly prohibited.
Where the client is a bank (or similar institution), loans (including mortgages, bank
overdrafts and credit card balances) and guarantees cannot be accepted unless made
under routine lending procedures, terms and conditions. Even in this situation, a self-
interest threat may arise if the loan is material to the loan recipient.
Where such loans are material, safeguards are required to address the self-interest
threat (e.g. an independent review of audit work).
Many firms prohibit their partners (and the firm) from having any material loan from
financial institution clients. This is particularly the case for the engagement partners.
Where a loan is material to an employee (which is likely to be the case), that employee
would not be assigned to the audit of the financial institution concerned.
4.2.8 Provision of Non-assurance Services to Assurance Clients

2.8 Provision of Non-assurance Services to Assurance
Clients
2.8.1 General (R600.8)
There is no objection to providing non-assurance services (NAS) to audit clients. In
doing so, the firm better understands its clients' processes, controls, business and
financial risks. However, auditors are barred from providing additional NAS
to listed company clients in some jurisdictions.
Under corporate governance codes (e.g. the UK Corporate Governance Code), audit
committees must specifically approve non-audit services provided by auditors, ensuring
that independence has not been impaired and that there is no threat to any fundamental
principle.
Before accepting an engagement to provide a NAS to an audit client, the firm must
establish if providing the service would create a threat to independence.
Key Point
If a threat cannot be reduced to an acceptable level by applying safeguards, the

NAS cannot be provided.
2.8.2 Evaluating Threats (600.9 A1)

Factors to consider include:
 The nature, scope, intended use and purpose of the service.
 The degree of reliance that will be placed on the outcome of the service in the audit.
 The legal and regulatory environment in which the service is provided.
 Whether the client is a public interest entity.
o Whether it is material;
o The degree of subjectivity involved.
 The client’s level of expertise concerning the type of service provided.
 Whether the outcome will affect the accounting records or matters reflected in the financial
statements, and, if so:
o Whether it is material;
o The degree of subjectivity involved.
 The extent of the client’s involvement in determining significant matters of judgment.
 The degree of reliance that will be placed on the outcome of the service in the audit.
 Whether the client is a public interest entity.
 The fee for the NAS.
Key Point
Where the Code expressly prohibits the provision of a NAS to an audit client,
that is regardless of the materiality of the outcome or results of the NAS on the
financial statements.
2.8.3 Prohibition on Assuming Management Responsibilities
(R400.13 and R600.17)
Key Point
A firm must not assume management responsibility for an audit client.
Management responsibilities involve controlling and directing an entity, including making

decisions regarding acquiring, using and controlling human, financial, technological,
physical and intangible resources. Examples include:
 Setting policies and strategic direction.
 Hiring or dismissing employees.
 Directing and taking responsibility for employees’ actions concerning their work.
 Authorising transactions.
 Controlling or managing bank accounts or investments.
 Deciding which recommendations of the firm or other third parties to implement.
 Reporting to those charged with governance on behalf of management.
 Taking responsibility for designing, implementing, monitoring and maintaining internal
control.
Assuming management responsibility in providing a NAS creates self-review and self-
interest threats. It can also create familiarity threat and even advocacy threat
(because the firm becomes too closely aligned with the views and interests of
management).
Providing advice and recommendations to assist management in discharging its
responsibilities is not assuming management responsibility. (However, this might
create a self-review threat.)
Key Point
To avoid assuming management responsibility when providing any NAS to an

audit client, the firm must be satisfied that management makes all judgments and
decisions that are the proper responsibility of management.
This includes ensuring that a designated individual (preferable senior management) with
suitable skill, knowledge and experience is responsible for the client’s decisions and
overseeing the services.
Activity 3 Management Decisions
Identify three areas, when preparing financial statements, that the accountant could be
considered to have made a management decision.
Note: Only three were required.
1. Determining or changing journal entries (e.g. bad debt allowance) or the classifications for
accounts or transaction or other accounting records.
2. Determining accounting policies or estimates (e.g. useful lives of non-current assets).
3. Authorising or approving transactions.
4. Preparing source documents or making changes to such documents.
2.8.4 Accounting and Bookkeeping Services – Self-review Threat
(R601.5-R601.7)
Examples of accounting and bookkeeping services include:
 Preparing accounting records and financial statements;
 Recording transactions;
 Payroll services.
Key Point
Such services must not be provided to a PIE audit client.
Such services cannot be provided to an audit client that is not a PIE unless:
 The services are of a “routine or mechanical” nature (i.e. requiring little or no professional
judgment); and
 Any threats that are not at an acceptable level are addressed. For example:
o Using professionals who are not audit team members to perform the service.
o Independent review of the audit work or service performed.
2.8.5 Valuation Services – Self-review or Advocacy Threat

(R603.4-R603.5)
A valuation involves making assumptions about future developments and applying
specific methodologies and techniques to compute a particular value, or range of
values, for an asset, a liability or the whole or part of an entity.
A self-review threat may be created when a firm performs a valuation for an audit client
that will affect the accounting records or the financial statements on which the auditor
will express an opinion.
PIE Not-PIE
If valuation might create a If valuation involves a significant degree of

self-review threat, service subjectivity and will have a material effect,
cannot be provided. service cannot be provided.
Safeguards for a not-PIE client include:

 independent review of the audit or the valuation work; and
 excluding members of the valuation team from the audit.
2.8.6 Tax Services – Self-review or Advocacy Threat (R604.10–
R604.26)
Tax services include activities such as:
 Tax return preparation;
 Tax calculations to prepare the accounting entries;
 Tax advisory and tax planning services;
 Tax services involving valuations; and
 Assistance in the resolution of tax disputes.
Providing tax services to an audit client might create a self-review threat when there is a
risk that the results of the services will affect the accounting records or the financial
statements. Such services might also create an advocacy threat.
 Tax return preparation services do not usually create a threat because:
o they are based on historical information presented under existing tax law; and
o tax returns are subject to review or approval by the tax authority.
 Preparing tax calculations (current and deferred) for the accounting entries that will be
subsequently audited creates a self-review threat.
o This is prohibited for a PIE audit client, if material;
o Appropriate safeguards should be applied to a not-PIE audit client.
 Tax advisory and tax planning services comprise a broad range of services which might
create a self-review or advocacy threat.
o Such services that might create a self-review threat for a PIE are prohibited;
o Where permitted, as well as the usual safeguards, the firm may obtain
“preclearance” from the tax authorities.
 For tax services involving valuations, the provisions of the Code for valuation services
may apply (s.2.8.5)
 Providing assistance in the resolution of tax disputes to an audit client might create a self-
review or advocacy threat. For example, when the tax authorities have notified the client that
arguments on a particular issue have been rejected and either the tax authority or the client
refers the matter to a tribunal or court.
Key Point
A firm must not assist in the resolution of any tax dispute which involves:
 Acting as an advocate for the audit client before a tribunal or court;
 Amounts which are material to the financial statements.
2.8.7 Internal Audit – Self-review Threat (R605.6)

Many internal audit services will not be directly related to the financial systems and
preparation of the financial statements. They may be undertaken without threat to
independence by the external auditors.
For a PIE audit client, internal audit services that relate to the following are prohibited:
 internal controls over financial reporting;
 financial accounting systems that generate information for the client's accounting records or
financial statements; or
 amounts or disclosures that relate to the financial statements.
For not-PIE audit clients, professionals who are not audit team members may perform
the service as a safeguard.
2.8.8 IT Systems Services – Self-review Threat (R606.6)

Providing services to an audit client that involve the design and implementation of
financial information technology systems that generate information forming part of that
client's financial statements, may create a self-review threat.
For a PIE audit client, a firm cannot provide services that involve designing or
implementing IT systems that:
 form part of the internal controls over financial reporting; or
 generate information for the client's accounting records or financial statements.
2.8.9 Recruiting Services – Self-interest, Familiarity or

Intimidation Threats (R609.5-R609.6)
The recruitment of senior management for an audit client may create current or future
self-interest, familiarity and intimidation threats.
The significance of any threat will depend on:
 the role of the person to be recruited;
 the nature of the assistance requested; and
 any conflicts of interest or relationships between the candidates and the firm providing the
advice or service.
Key Point
An audit firm is prohibited from acting as a negotiator on an audit client’s behalf.
The following recruiting services are prohibited for any audit client for the positions of
director, officer or senior management in a position to exert significant influence over
the accounting records or financial statements:
 Searching for candidates;
 Undertaking reference checks;
 Recommending who to appoint;
 Advising on terms of employment, remuneration or benefits of a particular candidate.
2.8.10 Corporate Finance Services – Self-review or Advocacy

Threat (R610.5-R610.8)
Examples of corporate finance services include:
 assisting an audit client in developing corporate strategies;
 identifying possible targets for the audit client to acquire;
 advising on disposal transactions;
 assisting in finance raising transactions;
 providing restructuring advice; and
 providing advice on financing arrangements that will directly affect amounts reported in the
The significance of the threats created will depend on factors such as:
 the degree of subjectivity involved;
 the extent to which the outcome will directly affect amounts recorded in the financial
statements and their materiality; and
 whether the effectiveness of the advice depends on a particular accounting treatment or
presentation about which there are doubts.
Safeguards that may be applied include:
 Using professionals who are not members of the audit team to perform the service;
 Independent review of the audit work or service.
Key Point
The following corporate finance services are prohibited for any audit client:
 Those involving promoting, dealing in or underwriting an audit client's shares.
 Those whose effectiveness depends on a particular accounting treatment
which is in doubt and material.
4.2.9 Long Association of Senior Personnel (R540.4-R540.20)

2.9 Long Association of Senior Personnel (R540.4-R540.20)
A familiarity threat arises when senior staff have been involved with an audit
engagement for a significant time.
A self-interest threat might be created due to an individual’s concern about losing a
long-standing client or interest in maintaining a close personal relationship with a
member of senior management or TCWG. Such threats might influence the individual’s
judgment impairing objectivity and reducing professional scepticism.
Key Point
A long association can adversely affect objectivity and professional

scepticism, which are essential contributors to audit quality.
For a PIE, an individual cannot act in any of the following roles (or a combination
thereof) for more than seven cumulative years (the “time-on” period):
 The engagement partner;
 The individual responsible for the engagement quality review (see Chapter 5);
 Any other key audit partner role.
After the time-on period, the “cooling-off” period is:
 Five years – engagement partner;
 Three years – engagement quality reviewer;
 Two years – other key audit partners.
When an audit client becomes a PIE, a key audit partner with a time-on of five years or
more may remain with the client for two additional years before rotating off the
engagement.
For other entities, the factors to take into account when assessing the threat include:
 how long the individual has been a member of the audit team;
 the extent to which their work is directed, supervised and reviewed;
 the extent to which the individual, due to their seniority, can influence the outcome of
the audit;
 their closeness to senior management/TCWG;
 the nature, frequency and extent of interaction between the individual and the client;
 whether the client's management team has changed; and
 whether the nature or complexity of the client's accounting and reporting issues has
changed.
Safeguards that can be applied include:
 rotating senior personnel off the engagement;
 involving an experienced, independent professional to review the work of the senior
team members; or
 subjecting the whole assignment to internal or external quality control reviews.
2.10 Employment with an Audit Client
Employment relationships with an audit client might create a self-interest, familiarity

or intimidation threat.
A familiarity or intimidation threat might be created if a director or officer of an audit
client (or an employee in a position to exert significant influence over the financial
statements) was a partner of the audit firm or a member of the audit team.
2.10.1 Former Partner/Audit Team Member Restrictions (R524.4)

When a partner or audit team member joins an audit client as a director or in a position
of influence, the firm must ensure that no significant connection remains between the
firm and the individual who has left. However, even if there is no significant connection
(e.g. the individual does not receive any payments from the firm or participate in its
business), a familiarity or intimidation threat might still be created.
The significance of the threat will depend on the specific circumstances, for example:
 the position the individual has taken at the client;
 the amount of any involvement the individual will have with the audit team;
 the length of time since the individual was a member of the audit team or firm; and
 the individual's former position in the audit team or firm.
Safeguards to address familiarity or intimidation threats include:
 modifying the audit plan;
 assigning a sufficiently experienced audit team; and
 quality review.
2.10.2 Audit Team Member Entering Employment with a Client

(R524.5)
A firm must have policies and procedures that require audit team members to notify the
firm when entering employment negotiations with an audit client.
A self-interest threat is created when an audit team member participates in the audit
knowing that they will, or might, join the client in future.
The threat may be eliminated by removing the individual from the audit team.
A safeguard would be to review any significant judgments made by the individual while
on the team.
For a PIE, a key audit partner joining the client will compromise the audit firm’s
independence unless he was not concerned with the audit of financial statements for
not less than 12 months.
2.10.3 Temporary Personnel Assignments (R525.4)

The loan of personnel to an audit client might create a self-review, advocacy or
familiarity threat.
Safeguards include:
 Conducting an additional review of the work performed by the loaned personnel.
 Not including the loaned personnel in the audit team.
 Not giving the loaned personnel audit responsibility for any function or activity they
performed during the temporary assignment.
4.2.11 Close Business Relationships (R520.4)

2.11 Close Business Relationships (R520.4)
A close business relationship between a firm (or an audit team member or his
immediate family) and the audit client (or its management) will involve a commercial or
common financial interest and may create self-interest and intimidation threats.
Examples of close business relationships include:
 financial interests in joint ventures with a client, directors, officers or employees who
perform managerial functions;
 combining one or more products or services of the firm with one or more products or
services of the client; and
 distribution or marketing arrangements between the firm and a client for a joint
product or the other's products and services.
In such circumstances, unless the financial interest is immaterial and the relationship
insignificant, no safeguards would be able to reduce the risk to an acceptable level,
Therefore, the auditor must:
 terminate such business relationships already established;
 decline any such business relationships offered; or
 decline the audit assignment.
4.2.12 Recent Service (R.522.3)

2.12 Recent Service (R.522.3)
An audit team member who recently served as a director, officer or employee of the
audit client might create a self-interest, self-review or familiarity threat. Therefore, an
audit team should not include an individual who served with the audit client during the
period covered by the audit report.
4.2.13 Serving as a Director (R523.4)

2.13 Serving as a Director (R523.4)
Serving as a director or officer of an audit client creates self-review and self-interest

threats.
Key Point
A partner or employee of the firm must not serve as a director or officer of an

audit client of the firm.
Serving as Company Secretary for an audit client is similarly prohibited unless:

 Specifically permitted under local law, professional rules or practice;
 Management makes all relevant decisions; and
 Duties and activities performed are limited to routine and administrative (e.g. preparing
minutes and maintaining statutory returns).
Activity 4 Independence for Audit Engagements
Comment and conclude on the following THREE situations.

1. Trainees of Porterhouse, a firm of Certified Accountants, have been offered overdraft
facilities up to $3,000, on student terms, by a client bank.
2. Ambit Co is preparing to apply for listing (admission) to a recognised stock market while
offering a proportion of its shares to the public. The directors have asked Schilling & Co, as
their auditors, to set up and maintain the company's share register on a computer database.
3. Sean & Co is the auditor of Starck Co. During the current year, Starck has expanded
rapidly, taken over three other companies and is currently preparing to float a
proportion of its shares on a recognised stock exchange. As a result of several
special assignments connected with these events, total fees from Starck amount to
19% of the total fee income of Sean & Co for the year.
In addition, Sean & Co's senior tax manager owns a small number of shares in
Starck, acquired several years ago when the company issued shares under a
business expansion scheme.
1. Comments - Loans (including overdrafts) on normal commercial terms may be accepted by
staff members (including trainees).
"Student terms" may be standard commercial terms if the bank offers them to all
accountancy trainees, not just Porterhouse’s. If these terms are not normal
commercial terms, the next step is to determine if the benefit is more than "modest".
Conclusions - Porterhouse's engagement and compliance partners may decide that
acceptance of the offer will not appear to threaten objectivity even if the terms are
special. However, as a safeguard, it should be confirmed that the terms are no more
favourable (or no less unfavourable!) than those offered to other trainees. If more
favourable, the loans (overdrafts) should be declined.
2. Comments - Provided this is a simple matter of entering data into the database and the
directors of Ambit have approved the specific programme used by the auditor, the nature of
additional service is unlikely to threaten objectivity (i.e. no managerial involvement).
As a public interest company (intention to list), recurring fees (audit + maintenance)
should not exceed 15% of gross practice income. In addition, a pre-issuance review
of the audit file must occur.
Conclusions - The additional service is likely to be acceptable within ethical
constraints.
3. Comments - Starck Co will become a public interest entity when the shares are listed. The
19% of total fees may not affect independence if the recurring element is less than 15%.
However, 19% may be undesirably high in appearing to detract from objectivity.
Safeguard: Ensure that the recurring element of the fee will be less than 15% of the
firm’s total fee income. If not, determine whether a “pre-issuance review” of the audit
might be a safeguard to reduce the threats to an acceptable level.
The scenario implies that Sean & Co permits non-partner staff to hold shares in
clients. Accordingly, the senior tax manager should not be involved with Starck’s
audit (e.g. calculating tax liabilities, reviewing tax audit working papers) to avoid a
self-interest threat
Safeguard: Ensure that the senior tax manager does not have any involvement with
the audit of Starck. If he does, he must dispose of his shares immediately.
Staff involved in the special assignment should not have similar responsibilities on
the audit to avoid a self-review risk. The more senior the staff, the higher the
familiarity risk.
Conclusions - Provided that the recurring element of fees does not exceed 15% of
total fee income and appropriate safeguards (as above) are implemented, any
threats to the fundamental principles should have been reduced to an acceptable
level.
4.3.0 Introduction
3.0 Introduction
A second opinion is when a professional accountant is asked for an opinion on the

application of accounting, auditing, reporting or other standards or principles by an
entity that is not an existing client. This is also sometimes referred to as "opinion
shopping".
Key Point
Providing a second opinion to an entity that is not an existing client may threaten
compliance with the fundamental principles, unless the advice sought is
insignificant.
4.3.1 Threats to the Fundamental Principles (321.3 A)

3.1 Threats to the Fundamental Principles (321.3 A)
A self-interest threat to compliance with the principle of professional competence and

due care arises when the second opinion is not based on the same set of facts that
were made available to the existing accountant, or is based on inadequate evidence.
The second opinion may create undue pressure on the judgement and objectivity of the
entity’s appointed auditor (i.e. threatening another professional accountant’s
independence).
4.3.2 Actions to Address

3.2 Actions to Address
Examples of actions that might be safeguards to address such a self-interest threat

include:
 Obtaining information from the current auditor with the client's permission.
 Describing the limitations surrounding any opinion in communications with the client.
 Providing the current auditor with a copy of the opinion.
The client's current auditor should:
 Seek the client's permission to reply to the request for information.
 If given, provide all information, facts and assumptions relevant to its professional
opinion.
4.4.0 Introduction
4.0 Introduction
The Code highlights two aspects of confidentiality: improper disclosure and

improper use.
4.4.1 Disclosure of Confidential Information (R114.1)

4.1 Disclosure of Confidential Information (R114.1)
Key Point
Information acquired in the course of professional work should not be

disclosed to third parties (including other clients or another employer)
without first obtaining the permission of the client/employer.
Confidentiality is an implied term of a contract between an auditor and client, employee
and employer. Therefore it cannot be disclosed against a client's/employer's wishes. It
is in the public interest that this professional duty of confidence exists.
Definition
Public interest – the collective well-being of the community of people and

institutions the professional accountant serves.
However, there are circumstances in which disclosure may be required or appropriate.
There is a statutory (legal) duty to disclose without first obtaining permission to do so,
for example:
 under the obligation of a court order; or
 disclosure to the appropriate public authorities of law infringements (where required).
The firm has a professional duty or right to disclose (when not prohibited by law), for
example:
 to comply with quality-control reviews of regulatory bodies such as ACCA;
 to respond to an inquiry or investigation by ACCA or other regulatory body; or
 to comply with technical standards and ethics requirements.
Where there is a right (as opposed to a duty), disclosure should only be made to pursue
a public duty or professional obligation. (ISA 250 Consideration of Laws and
Regulations in an Audit of Financial Statements is covered in Chapter 11.)
Duty (obligatory
disclosure) Right (voluntary disclosure)
In certain circumstances, information may be
UK examples include disclosed, whatever its nature. Categories of
actual or suspected disclosure include:
offences of:
 In the "public interest" to a person having
 Money laundering proper interest to receive information (e.g.
 Proceeds of crime the police, the stock exchange for a listed
 Drug trafficking client).
 Terrorism  To protect the auditor's interests (e.g.
 Corruption defending against ACCA disciplinary
 Tax evasion proceedings).
 Insider dealing  If not prohibited by statute.
Example 6 Improper Disclosure
During the current year's interim audit, the auditor becomes aware that the
client has misrepresented its sales tax return to the tax authorities,
resulting in an underpayment of sales tax. The client refuses to accept the
auditor's advice to notify the tax authorities and negotiate and correct the
returns.
The auditor informs the client that he is no longer prepared to act for them
in any professional capacity. He also tells the client that he will be informing
the taxation authorities that he no longer acts for the client. Because of
client confidentiality, he should not disclose to the tax authorities why he
has resigned (unless the client gives permission for him to do so, which is
highly unlikely).
In addition, in certain jurisdictions (e.g. the UK), the deliberate
underpayment of taxation is classified as proceeds of crime and possibly
money laundering. Therefore, the auditor is under a legal duty to report his
suspicions to the appropriate authorities (dealing with proceeds of crime),
giving full details, even though he does not provide a complete report to the
taxation authorities.
It is essential for professional accountants to seek legal advice in such
circumstances.
4.4.2 Use of Confidential Information (R114.2)

4.2 Use of Confidential Information (R114.2)
Key Point
A professional accountant acquiring information in the course of their

professional work should neither use, nor appear to use, that information
for his or a third party's advantage.
When a professional accountant changes firm or employment, he should distinguish
between:
 experience gained in the previous firm or employment; and
 confidential information and documents acquired there.
A member should not deal in the shares of a company with which he has a professional
association, as it might appear that he was turning information obtained in his
professional capacity to his advantage.
4.5.1 Two Types (310.2)
5.1 Two Types (310.2)
A conflict of interest creates threats to compliance with the principle of objectivity (and
might threaten compliance with the other fundamental principles). Such threats might
arise when there is a conflict between:
1. the professional accountant's interests and the client's interests.
2. the interests of two or more clients
4.5.2 Professional Accountant v Client

5.2 Professional Accountant v Client
Key Points
 Professional accountants should place clients' interests before their

own.
 A firm should not accept or continue an engagement in which there is or
is likely to be a significant conflict of interest between the firm and the
client.
 Any financial gain that accrues or is likely to accrue to the firm as a
result of the engagement (other than properly earned fees, etc)
will always amount to a significant conflict of interest.
The professional accountant should apply the "reasonable and informed third party"
test.
Where any commission, referral fee or reward may be earned for the introduction of a
client or as a result of advice given to a client, a self-interest threat arises.
Safeguards include disclosing to the client, in writing:
 that such commission, etc will be received;
 as soon as practicable, of its amount and terms; and
 obtaining advance agreement from the client for the referral arrangement and fee.
5.3 Client v Client (R310.5, R310.9)
Key points
 The firm's work should be managed to avoid the interests of one client
adversely affecting those of another.
 Where the acceptance or continuance of an engagement would, even with
safeguards, materially prejudice the interests of any client, the appointment
should not be accepted or continued.
All reasonable steps should be taken to ascertain whether there are any conflicts of
interest between clients (both new and existing) or are likely to arise in the future.
 Relationships with existing clients must be considered before accepting a new appointment
and regularly after that.
 A relationship that ended more than two years ago is unlikely to lead to conflict.
 A material conflict of interest between existing or potential clients should be sufficiently
disclosed to all clients involved so that they may make an informed decision on whether to
engage or continue their relationship with the firm.
Safeguards include:
 Separate engagement teams are provided with clear policies and procedures for
maintaining confidentiality.
 Appropriate reviewer, who is not involved in providing the service or otherwise affected by
the conflict, reviews the work performed to assess whether the critical judgments and
conclusions are appropriate.
Where a conflict of interest poses a threat to one or more of the fundamental principles
that cannot be eliminated or reduced to an acceptable level, the professional accountant
should conclude that it is not appropriate to accept a specific engagement or resign
from one or more conflicting engagements. When disengagement is necessary, the
process should be done as speedily as is compatible with the interests of the clients
concerned.
Example 7 Conflicts of Interest
All of the current Big Four firms were formed through the mergers of major
firms (originally referred to in the 1980s as the "Top 10"). As the number of
audit and assurance firms reduced, it was not uncommon for two major
competitor companies to find that they became clients of the same firm.
Despite assurances given concerning the confidentiality of the information
and being able to minimise and control conflicts of interest, many
Example 7 Conflicts of Interest
competitor companies decided that one of them would need to change

advisers.
Activity 5 Ethical Issues
Comment and conclude on the following THREE situations:

1. The audit senior of Neutron Co has known the credit controller since they were at university.
During the week of the audit, the audit senior left the audit files in his car while they dined at
a restaurant. There are no other audit staff available that the client considers capable of
replacing him on the assignment.
2. A part-time partner in Spoils & Co is also a councillor in the local authority. She has been
acting for Radnor, a limited liability company whose business venture now requires planning
permission from the local authority. The partner sits on the planning committee and recently
vigorously opposed a similar application.
3. To reduce audit fees, one of your corporate clients, Finders, has employed an accountant
temporarily to assist you with your audit work. The client feels that it will be cheaper for the
temporary accountant to perform some of the audit testing, replacing one member of your
staff.
1. Comments – Objectivity appears to be threatened by the personal relationship.

Even if the credit controller is not regarded as a senior employee at Neutron, the
senior's objectivity may be impaired (e.g. when reporting weaknesses in credit
control).
Also, the audit senior is not keeping audit working papers in safe custody. This could
result in a breach of duty of confidentiality.
No audit senior is irreplaceable and it is not up to the client to determine who is
capable of undertaking the assignment. Letting the client decide would constitute
undue influence.
Conclusions – The audit senior should be replaced immediately. The audit's
timetable may have to be put back. The audit senior's work should be reviewed as
soon as possible and, if necessary, reperformed.
2. Comments – A conflict of interest has arisen between the part-time partner and her
client Radnor. She must declare her position with the local authority to the client.
She should also declare her Radnor interest to the local authority.
Depending on the law applied by the local authority, to abstain from debating or
voting on this issue in council may be a breach of her duty as councillor. Therefore,
another partner in the firm may have to assume responsibility to act for Radnor in
this matter.
Conclusions – The client may not accept that any safeguards will resolve the
conflict. Therefore, the partner should disengage if she is not otherwise removed
from acting for Radnor.
3. Comments – The temporary accountant’s qualifications held/previous experience
should be assessed to determine if he is competent. The degree of supervision and
review of his work required may stretch the resources of more senior audit staff.
Independence of the temp will be impaired (e.g. if he's an employee of the client
rather than a temping agency). Further, his objectivity may be impaired (e.g. if he will
be recording transactions to be audited).
Conclusions – If suitable (e.g. low-risk) work could be allocated on the basis that
the temp is preparing client schedules to be audited by the engagement team, the
conduct of the audit may not be impaired. He cannot be considered as being a
member of the audit team.
4 Syllabus Coverage
Syllabus Coverage

4. Professional ethics and ACCA's Code of Ethics and Conduct
1. Define and apply the fundamental principles of professional ethics of integrity, objectivity,
professional competence and due care, confidentiality and professional behaviour.
2. Define and apply the conceptual framework, including the threats to the fundamental
principles of self-interest, self-review, advocacy, familiarity and intimidation.
3. Discuss the safeguards to offset the threats to the fundamental principles.
4. Describe the auditor's responsibility with regard to auditor independence, conflicts of interest
and confidentiality.
Technical Articles
to this chapter.
Visual Overview
Objective: To describe the professional appointment process as it specifically applies

to the auditor.
5.1.1 New Professional Work
1.1 New Professional Work
Activity 1 Change of Auditors
Suggest FOUR reasons why an entity may wish to change its auditor.
1. The entity seeks to obtain better value for money for audit and other professional services
and/or a more comprehensive range of services (one-stop shopping).
2. On change of ownership of an entity (e.g. as a result of takeover, merger or management
buyout (MBO)).
3. When audit firms merge (e.g. a conflict of interests arises or the entity considers that the
new firm is too large to give a "personal service").
4. Where an audit firm ceases to operate.
5. Users of the financial statements and finance providers (e.g. banks) expect organisations of
significant size or status (e.g. being listed on a recognised stock exchange) to have
multinational accountancy firms as auditors.
6. The entity has an auditor rotation policy (e.g. every 10 years).
7. Current auditors do not seek reappointment.
8. If a vacancy arises through the death or incapacity of the auditor (where auditor is a sole
practitioner).
Note: Only four reasons were required.
The prospective auditor may have been:
 recommended directly to the potential client; or
 asked to compete against other firms as part of a tendering process (see s.3).
There are three main stages in the auditor appointment process:
1. Client screening and acceptance;
2. Engagement acceptance;
3. Professional appointment.
Key point
In all three stages, the prospective auditor should determine if there are any
threats to complying with relevant fundamental principles.
Although the syllabus refers specifically to the auditor, the procedures are equally
applicable to any assurance or other professional engagement (e.g. as an accountant).
1.1.1 Client Screening and Acceptance

Client screening is an essential part of an auditor's risk management process. There are
three main issues to consider when screening a potential client.
1. Is the audit firm able to audit the potential client?
Factors that the auditor must assess include:

Whether the firm has the expertise necessary to carry out the engagement.

Whether the firm has the staff and capacity required to complete the engagement and
meet reporting deadlines.
 Whether the auditor is independent of the potential client.
 Whether there are any conflicts of interest.
2. Does the audit firm want to be associated with the potential client?
Factors that must be assessed include:
The complexity of the client's operations and its overall audit risk.
The reputation of the potential client.
The apparent integrity of its management.
Its commitment to the application of appropriate accounting policies. (As evidenced, for
example, by audit opinions in prior years.)
 The potential client's commitment to internal controls.
 Evidence of fraud or non-compliance with laws and regulations (see Chapter 11).
3. Is the potential client financially viable?
The audit firm will wish to avoid fee collection problems and disputes.
Also, in some jurisdictions, it is a legal requirement to "verify the identity" of the
potential client (e.g. under money-laundering regulations). This will be
straightforward (although onerous) for major, international entities, but for small
entities (e.g. with two directors), extensive checks and references on the entity and
its directors may be necessary.
1.1.2 Engagement Acceptance

The auditor should only agree to provide services that he is competent to perform
(fundamental principle of professional competence and due care).
The prospective auditor should do the following to determine whether the client can be
properly served:
 Understand the entity's business.
 Assess the specific requirements of the engagement and the purpose, nature, and scope of
the work to be performed (e.g. laws and regulations, use of experts, assurance from
controls, reliance on internal audit).
 Assess the logistics (e.g. locations, competent audit staff, time frame).
1.1.3 Professional Appointment

The significance of any threat to the fundamental principles should be evaluated (e.g.
threats to professional competence if an engagement is accepted without understanding
all the relevant facts).
An essential safeguard is a communication with the current auditor to determine
whether there are any professional or other reasons not to accept the engagement.
Key point
This is not merely a matter of professional courtesy.

5.1.2 Communication with the Existing Auditor
1.2 Communication with the Existing Auditor
The procedure for communication with the existing/predecessor auditor is set out in
section R320 of the ACCA Code of Ethics and Conduct (2022)
The auditor should ask the prospective client:-
 to write to the existing auditor about the proposed change and to give them
permission to discuss the client's affairs with the proposed auditor.
 for permission, in writing, to communicate with the existing auditor.
If either of these permissions is refused, the appointment must be declined.
Once permission has been obtained, the auditor should write to the existing auditor
requesting information relevant to deciding whether to accept the appointment (e.g. if
there has been any action by the client which would, on ethical grounds, mean declining
to accept the appointment).
If the current auditor does not respond within a reasonable time, a final letter should be
sent by recorded delivery stating that "no matters" will be assumed unless advised
otherwise and, if there still is no reply, the auditor should:
 Seek to obtain information about potential threats from other sources (e.g. enquiries
to third parties and TCWG). This may also require the potential client's permission.
 Report the current auditor to the relevant professional body (e.g. ACCA) for
unprofessional behaviour.
5.1.3 Relevant Matters to Consider

1.3 Relevant Matters to Consider
Any information supplied by the existing auditors should be considered carefully before
deciding whether to accept or reject the appointment.
Prospective auditors should try to find out the reason for the change of auditors. They
should be careful that they are not assisting clients to act improperly or unlawfully by
accepting an appointment.
If there is a conflicting view between the client and the current auditor, which has led to
the potential replacement of the auditor, discuss this with the client to be satisfied that:
 the client's view can be accepted as reasonable; and
 the client will accept that the prospective auditor may express a similar opinion to the
current auditor.
If not satisfied on these points, the appointment must be declined.
If the client fails or refuses to supply the existing auditor with the necessary information,
the client will likely do the same to the new auditor.
Key point
This is effectively a limitation on the scope applied by the client, and the
prospective auditor should decline the appointment.
Unlawful acts or defaults by the client (e.g. defrauding taxation authorities) place the
prospective auditor on guard as to the integrity of the client. Such matters must be
discussed with the client to establish whether it is prepared to accept the advice offered.
If not, decline the appointment.
5.1.4 Unpaid/Overdue Fees to Existing Auditor

1.4 Unpaid/Overdue Fees to Existing Auditor
The existence of unpaid/overdue fees is not a reason for declining nomination (nor the
current auditor refusing to cooperate with the prospective auditor). However, as it may
signpost similar problems in the future for the prospective auditor, the reason for not
paying the fees needs to be established.
It is a matter of discussion between the auditors as to how much assistance the new
auditor will give to recover the fees of the old auditor.
Prospective auditors normally would be expected to draw the attention of their client to
the fact that fees are due and unpaid and to suggest that they should be paid.
5.1.5 Additional Professional Work

1.5 Additional Professional Work
A member may be invited to undertake work in addition to the continuing work being
carried out by the client's existing auditor, who is not being replaced. Before accepting
the work, the member should notify the existing auditor of the work he has been asked
to undertake. By doing so, the existing auditor will be able to provide relevant
information needed for the proper conduct of the work.
5.2.1 Response
2.1 Response
Obtain the client's permission to discuss all relevant matters with the prospective
auditor. (But, there may be a legal requirement to reply, even if the client withholds
permission.)
The existing auditor should answer without delay, stating, as relevant:
 that the client's permission has not been given for communication;
 that there are no matters of which the prospective auditor should be aware; or
 those factors of which the prospective auditor should be aware.
It is not sufficient to state that “[unspecified] factors exist”. However, legal advice may
need to be taken in some circumstances (e.g. suspicions of money laundering) before
providing details.
If the existing auditor is approached by a proposed auditor without prior notification from
the client, the client should be notified. The prospective auditor cannot be given any
information (other than stating that the client’s permission has not been given).
5.2.2 Transfer of Books and Papers

2.2 Transfer of Books and Papers
The former auditor should transfer the client's books and papers to the successor
auditor or to the client promptly.
If the auditor claims a right to possess the client's books and records to secure unpaid
fees for work done (a "lien"), care must be taken to comply with the law. For example,
no lien can be claimed over books and records which by law must be kept at a client's
registered office.
Any completed documents which are the subject of the engagement (e.g. financial
statements, tax returns, etc) must be transferred to the client.
Working papers and drafts prepared by the auditor belong to the auditor.
2.3 Transfer Information
The former auditor should provide the new auditor with all "reasonable transfer
information" (lack of which might prejudice the client's interest) promptly. No charge
should be made unless a significant amount of work is involved.
"Transfer information" is defined as:
 a copy of the last set of accounts formally approved by the client; and
 a detailed trial balance in agreement with the accounts.
5.2.4 Review of Working Papers

2.4 Review of Working Papers
In most jurisdictions, clients and the successor auditor have no right to demand access
to documents and working papers that belong to the previous auditor.
However, the previous auditor may allow a new auditor to review some or all of his
working papers, especially concerning opening balances.
Key point
In the UK, it is a legal requirement for the previous auditor to allow the incoming
auditor reasonable access to working papers. This does not mean access
to all working papers or budgets, fee calculations, time records, etc.
5.3.1 Preconditions for an Audit

3.1 Preconditions for an Audit
Key point
An auditor should accept or continue an audit engagement only when the

basis on which it is to be performed has been agreed, through:
 establishing whether the preconditions for an audit are present; and
 confirming that there is a common understanding between the auditor
and management and, where appropriate, TCWG, of the terms of the
audit engagement.
Definition
Preconditions for an audit – management and, where appropriate,

TCWG use an acceptable financial reporting framework to prepare the
financial statements and agree to the premise on which an audit is
conducted.
To establish whether the preconditions are present, the auditor must:
 Assess the appropriateness and acceptability of the applicable financial reporting
framework.
 Obtain management's agreement that it acknowledges and understands its
responsibilities for:
o the preparation and fair presentation of the financial statements in
accordance with the applicable financial reporting framework;
o internal controls to enable the preparation of financial statements which
are free from material misstatement, whether due to fraud or error;
o providing the auditor with unrestricted access to all known information that
is relevant to the preparation of the financial statements;
o unrestricted access to additional information that the auditor may request
from the management; and
o unrestricted access to persons in the entity from whom the auditor
determines it necessary to obtain audit evidence.
For new engagements, the auditor would discuss these matters with TCWG before
issuing the engagement letter (which is a formal acceptance).
If doubts remain (after discussions with management) that the preconditions cannot be
met, the auditor must not accept or continue the engagement.
If the client proposes to subject the auditor to any limitations on the scope of the audit or
restrict access to information which would result in qualifying the auditor's report, the
engagement should not be accepted.
5.3.2 Engagement Letter

3.2 Engagement Letter
Key point
The engagement letter aims to help avoid misunderstandings between client and
auditor. This is done by documenting and confirming:
 management's and auditor's acceptance of their respective responsibilities;
 auditor's acceptance of the appointment;
 identification of the applicable reporting framework;
 objective and scope of the work (audit); and
 form and content of any reports, circumstances in which the form and content
may differ (e.g. modifications), limitation of such reports and to whom reports
will be delivered.
3.2.1 Importance
There are many reasons why the engagement letter is essential.
 It is the contract that defines the scope of the auditor's responsibilities and obligations.
 It establishes communication that sets the tone for the engagement.
 It is often the first formal correspondence that the client receives, and the client should feel
that it is of value.
 It is a risk management tool that should protect the auditor against litigation that might
otherwise arise through misunderstandings.
3.2.2 Standard Form

A standard form of an engagement letter can be beneficial:
 It saves time.
 It helps ensure completeness.
 It can help ensure liability risks.
However, it should never be sent to a client as a standard form but always tailored to
accurately reflect the terms and issues specific to each client. If a standard letter is used
as a basis, it must be reviewed each year and updated for changes in legal and
professional requirements.
5.3.3 Principal Contents
3.3 Principal Contents
Refer to s.3.5 for an example letter and note the following required content:
 The objective and the scope of the audit, including reference to applicable
legislation, regulations, ISAs, and ethical and other pronouncements of the
professional bodies to which the auditor adheres.
 The responsibilities of the auditor.
 Management's responsibility for the financial statements and for establishing and
maintaining effective internal control.
 Identification of the applicable financial reporting framework adopted by
management in preparing the financial statements.
 The form of any reports or other communication of results of the engagement.
 A statement that there may be circumstances in which a report may differ from its
expected form and content.
 The requirement that the auditor will communicate key audit matters in the auditor's
report.
In addition to the above, the letter may make reference to the following:
 The fact that there is an unavoidable risk that some material misstatement may
remain undiscovered.
 Expectation of receiving from management written confirmation concerning
representations made in connection with the audit (see Chapter 20).
 Unrestricted access to whatever records, documentation and other information is
required in connection with the audit.
 Agreement that management will inform the auditors of any material subsequent
events affecting the financial statements between the date of the auditor's report and
the issue of the financial statements.
 The basis on which fees are computed and any billing arrangements (see s.3.6).
 A request that the client confirms, in writing, that the terms of the engagement are
understood by signing and returning a copy of it.
When relevant, the following arrangements may be included concerning:
 the work of others (e.g. internal auditors and experts);
 any restrictions on the auditor's liability (if allowed by law);
 any obligations (legal or regulatory) to report to other third parties;
 any obligations to provide audit working papers to other parties (e.g. external quality
management reviews, regulatory requirements).
Key point
The engagement letter is not a mere formality, and signing is not just a
matter of compliance.
5.3.4 Recurring Audits
3.4 Recurring Audits
3.4.1 Reappointment
The appointment of an entity's auditor is usually just for one year. After completing the
audit, the auditors will usually "offer themselves for reappointment" at the annual
general meeting (AGM).
Before doing so, the auditor must carry out similar procedures to those needed for an
initial appointment (see s.1.1):
 From the work carried out during the audit just completed and audit findings, reassess their
understanding of the business, etc (see s.1.1.1).
 Reassess the specific requirements for the continuing engagement and the purpose, nature
and scope of the work to be performed (these may well change compared to the prior audit).
The updated understanding of the business enables the auditor to assess whether he can
continue to service the client.
 Reassess the risks to compliance with the fundamental principles, fees, availability of audit
staff and timing of services.
 Assess the risk to the auditor of continuing to be associated with the client (e.g. recovery of
fees, the integrity of management, risk of business failure).
Based on their experience and findings and expected changes, the auditor determines
whether they are still fit and proper, willing and able to continue their relationship with
the client.

For recurring audits, the auditor may decide not to send a new audit engagement letter
each year. However, the auditor should review the engagement letter before
commencing each audit cycle to ensure that the terms are still appropriate.
It may be appropriate for the auditor to revise the terms of the audit engagement or
remind the client of existing terms when:
 There is an indication that management or TCWG does not understand the objective and
scope of the audit.
 There are revised or special engagement terms.
 There has been a recent change in senior management (e.g. new directors).
 There has been a significant change, for example, in:
o ownership of the business;
o the nature or size of the business;
o legal or regulatory requirements;
o the financial reporting framework; or
o other reporting requirements.
Where an engagement letter needs revising, the client should approve it. If the client
refuses, the auditor should consider the implications for continuing to act for the client.
Where the client insists on changes to the terms of engagement that are not acceptable
to the auditor, the auditor should consider the significance of the threats (if any) to the
fundamental principles and resign from the audit, if necessary.
Activity 2 Updating Engagement Letters
Suggest FIVE factors that may make it appropriate for the engagement letter to be revised.
1. Identification that the entity has misunderstood the objective and the scope of the audit.
2. Revised terms of the engagement.
3. Changes in senior management (e.g. new directors).
4. Significant change in the nature or size of the business.
5. Change in legal or regulatory requirements, including references to legislation in the letter
which are no longer appropriate (e.g. Companies Act 1985 superseded by Companies Act
2006).
6. Change in the financial reporting framework.
7. Change in other reporting requirements.
Note: Only five factors were asked for.
5.3.5 Sample Engagement Letter

3.5 Sample Engagement Letter
This will need to be varied according to individual requirements and circumstances.
To the appropriate representative of

management or those charged with
governance of __________ Addressed to
You have requested that we audit the financial

statements of __________, which comprise
the statement of financial position as at
__________, and the statement of
comprehensive income, statement of changes
in equity and statement of cash flows for the
year then ended, and note to the financial
statements, including a summary of significant
accounting policies. We are pleased to confirm
our acceptance and our understanding of this
engagement by means of this letter. ID of statements
The objectives of our audit are to obtain

reasonable assurance about whether the
financial statements as a whole are free from Objective
material misstatement, whether due to fraud or
error, and to issue an auditor's report that
includes our opinion. Reasonable assurance is
a high level of assurance, but is not a
guarantee that an audit conducted in
accordance with International Standards on
Auditing (ISAs) will always detect a material
misstatement when it exists. Misstatements
can arise from fraud or error and are
considered material if, individually, or in the
aggregate, they could reasonably be expected
to influence the economic decisions of users
taken on the basis of these financial
statements.
We will conduct our audit in accordance with
ISAs.
Those Standards require that we comply with

ethical requirements. As part of an audit in
accordance with ISAs, we exercise
professional judgment and maintain
professional scepticism throughout the audit.
We also: Standards followed
 Identify and assess the risks of material

misstatement of the financial statements,
whether due to fraud or error, design and
perform audit procedures responsive to
those risks, and obtain audit evidence that
is sufficient and appropriate to provide a
basis for our opinion. The risk of not
detecting a material misstatement resulting
from fraud is higher than for one resulting
from error, as fraud may involve collusion,
forgery, intentional omissions,
misrepresentations, or the override of Detail of what an audit
internal control. is about
 Obtain an understanding of internal control

relevant to the audit in order to design audit
procedures that are appropriate in the
circumstances, but not for the purpose of
expressing an opinion on the effectiveness
of internal control. However, we will
communicate to you in writing concerning 
any significant deficiencies in internal
control relevant to the audit of the financial
statements that we have identified during
the audit.
 Evaluate the appropriateness of accounting
policies used and the reasonableness of
accounting estimates and related
disclosures made by management.
 Conclude on the appropriateness of

management's use of the going concern
basis of accounting, and, based on the
evidence obtained, whether a material
uncertainty exists related to events or
conditions that may cast significant doubt
on the Company's ability to continue as a
going concern. If we conclude that a
material uncertainty exists, we are required
to draw attention in our auditor's report to
the related disclosures in the financial
statements, or, if such disclosures are
inadequate, to modify our opinion. Our
conclusions are based on the audit
evidence obtained up to the date of our
auditor's report. However, future events or
conditions may cause the Company to
cease to continue as a going concern. Report to management
 Evaluate the overall presentation, structure,

and content of the financial statements,
including the disclosures, and whether the
financial statements represent the
underlying transactions and events in a
manner that achieves fair presentation. 
Because of the inherent limitations of an audit,

together with the inherent limitations of internal
control, there is an unavoidable risk that some
material misstatements may not be detected,
even though the audit is properly planned and Limitation because of
performed in accordance with ISAs. nature of an audit
Our audit will be conducted on the basis that

management and, where appropriate, those
charged with governance, acknowledge and
understand that they have responsibility:
a. For the preparation and fair

presentation of the financial statements in
accordance with International Financial
Reporting Standards;
b. For such internal control as management
determines is necessary to enable the
preparation of financial statements that are
free from material misstatement, whether
due to fraud or error; and
c. To provide us with:
i. Access to all information of which
[management] is aware that is relevant to
the preparation of the financial statements
such as records, documentation and other
matters;
ii. Additional information that we may Management's
request from [management] for the responsibility (may be
purpose of the audit; and modified to include
iii. Unrestricted access to persons in the specific responsibilities
entity from whom we determine it as defined by local
necessary to obtain audit evidence. law)
As part of our audit process, we will request

from management and, where appropriate,
those charged with governance, written
confirmation concerning representations made
to us in connection with the audit. Written representations
We look forward to full cooperation from your

staff during our audit.
The form and content of our report may need

to be amended in light of our audit findings.
Please sign and return the attached copy of
this letter to indicate your acknowledgement of,
and agreement with, the arrangements for our
audit of the financial statements including our
respective responsibilities.
XYZ & Co Insert additional
information regarding
Acknowledged and agreed on behalf of ABC
fee arrangements and
Company by
billings, as appropriate
(signed) Sign and return
__________
Name and Title
Date
5.3.6 Basis of Fees

3.6 Basis of Fees
3.6.1 Audit Fees

The auditor is in business. As business people, auditors will expect to earn a
reasonable return for their work, effort and expertise and to make a profit.
The level of fees charged for each assignment is a commercial decision. A standard
approach is to base the fees quoted (and charged) to reflect the time spent and the
skills and experience of the staff involved. The more complex or higher the risk, the
greater the level of expertise required and the higher the fee.
The basis of the fee should be stated in the engagement letter, together with any
arrangements for the timing and delivery of documents, processes, information and
other audit requirements by the client (e.g. schedules to be audited).
If the expected fee is exceeded (e.g. because of spending more time on a particular
area), the recoverability of additional costs should be discussed with the client. Good
client management includes giving a warning of such a possibility due to factors:
 caused directly by the client (e.g. non-delivery of agreed schedules resulting in additional
audit work); or
 outside the control of the auditor and client (e.g. new legal or financial reporting
requirements).
For new clients, it is important that a sustainable fee is initially quoted. This will require a
reasonable understanding of the business and the level of work which will be required
(e.g. initial time and service-level budgets).
3.6.2 Contingent Fees

It is unacceptable to charge audit and assurance fees based on a percentage of profits
or a contingency basis (e.g. "if we qualify our report, then no fee"). Special offers (e.g.
"buy one, get one free") are strictly prohibited. Such tactics would cast doubt on the
auditor's integrity and independence and bring the profession into disrepute.
In areas other than audit and assurance, contingency or flat rate fees may be charged,
provided such action does not bring the profession into disrepute. Examples include:
 Fixed fees for standard preparation of accounts and completion of tax returns.
 Contingency fees for certain consultancy services (e.g. management buyouts or raising
venture capital) where the ability to pay depends on the success or failure of the project.
5.4.1 ISA 220 (Revised 2020)

4.1 ISA 220 (Revised 2020)
ISA 220 (Revised 2020) Quality Management for an Audit of Financial Statements deals
with quality management at the "engagement level" for an audit of financial statements
and the related responsibilities of the engagement partner.
Exam advice
International Statement on Quality Management (ISQM) 1, which deals

with quality management at the “firm level”, is not examinable in AA.
Key Point
Quality must be managed at the engagement level to have reasonable

assurance that:
 The audit has be been conducted in compliance with professional
standards and legal and regulatory requirements; and
 The auditor’s report issued is appropriate in the circumstances.
The engagement partner is responsible for the following components of quality

management:
 Leadership – takes overall responsibility for managing and achieving quality on the
audit.
 Relevant ethical requirements – determines whether members of the audit team
have complied with relevant ethical requirements.
 Acceptance and continuance –determines that appropriate procedures for the
acceptance or continuance of the audit engagement have been followed and that the
conclusion reached is appropriate and has been documented.
 Engagement resources – uses the resources assigned or made available to the
engagement team appropriately.
 Engagement performance – takes responsibility for:
o the direction and supervision of the audit team members and review of
their work (s.4.2);
o consultation on difficult or contentious matters;
o engagement quality review (s.4.2.5).
 Monitoring and remediation – remaining alert to information that may be relevant
to the firm’s system of quality management and responding appropriately to
identified deficiencies (s.4.3).
5.4.2 Engagement Performance
4.2 Engagement Performance
4.2.1 Assigned or Made Available to the Engagement Team

The appropriate capabilities and competence expected of the engagement team as a
whole include the following:
 An understanding of, and practical experience with, audit engagements of a similar nature
and complexity through appropriate training and participation.
 An understanding of professional standards and regulatory and legal requirements.
 Appropriate technical knowledge, including knowledge of relevant information technology.
 Knowledge of relevant industries in which the client operates.
 Ability to apply professional judgment.
 An understanding of the firm's system of quality management.
5.4.3 Engagement Performance

4.3 Engagement Performance
4.3.1 Direction
The engagement partner provides direction to the engagement team by informing
engagement team members of:
 their responsibilities including the need to comply with ethical requirements and to plan and
perform the audit with professional scepticism;
 the objectives of the work to be performed;
 nature of the business;
 risk-related issues;
 problems that may arise; and
 the detailed approach to the performance of the engagement.
Direction is provided using the following communication tools:
 Team briefing;
 Audit programme;
 Time budgets;
 Overall audit strategy and plan.
Discussion between members of the engagement team enhances communication
because it allows more experienced team members to provide direction to less
experienced team members.
4.3.2 Supervision
Key Point
Supervision is closely related to direction and review and may involve elements of
both.
Functions of personnel carrying out supervisory responsibilities include:

 To monitor progress to consider whether:
o assistants have the necessary skills and competence;
o assistants understand the audit directions;
o work is being carried out following the overall audit plan and the audit
programme;
 To become informed of and address significant accounting and auditing questions (e.g. by
modifying the audit programme);
 To resolve, if possible, any differences in professional judgment between personnel;
 To identify matters for consultation by more experienced engagement team members during
the audit engagement.
4.3.3 Review
More experienced team members review work performed by a team member.
Reviewers consider whether:
 work has been performed in accordance with professional standards, regulatory and legal
requirements;
 work has been performed following the audit programme;
 there is a need to revise the nature, timing and extent of work performed;
 work performed and results obtained are adequately documented;
 all significant audit matters have been resolved, raised for further consideration or are
reflected in audit conclusions;
 objectives of audit procedures have been achieved;
 audit evidence is sufficient and appropriate to support the audit opinion; and
 conclusions expressed are consistent with the results of the work performed and support the
audit opinion.
The following must be reviewed on a timely basis:
 overall audit plan and the audit programme;
 assessments of inherent risk and control risk (see Chapter 8);
 documentation of audit evidence obtained from substantive procedures; and
 financial statements, proposed audit adjustments and the proposed auditor's report.
It is, for example, too late for the audit partner to review the audit strategy after the audit
has been carried out.
Where the audit involves high risk and subjective matters, a second partner would
usually be involved at all key review stages.
4.3.4 Engagement Quality Review
Definitions
Engagement quality review – an objective evaluation of the significant

judgments made by the engagement team and the conclusions reached
thereon, performed by the engagement quality reviewer and completed on
or before the date of the engagement report.
Engagement quality reviewer – a partner, other individual in the firm, or
an external individual, appointed by the firm to perform the engagement
quality review.
Engagement quality (EQ) reviews are required for audits of the financial statements of
listed companies and unlisted companies when deemed necessary by the firm.
The engagement partner is required to
 determine that an EQ reviewer has been appointed;
 co-operate with the EQ reviewer;
 discuss significant matters arising during the audit (and the EQ control review) with the EQ
reviewer; and
 Not issue the auditor's report until completion of the EQ review.
5.4.4 Monitoring Quality

4.4 Monitoring Quality
An effective system of quality management will include a monitoring process that will
provide reasonable assurance that the quality management system is relevant,
adequate and effective.
A deficiency in quality management does not necessarily indicate that an audit was not
performed as required by professional standards and regulatory requirements or that
the auditor's report is inappropriate.
4.4.1 Pre-issuance ("Hot") Review

A “hot” review is conducted before the auditor's report is signed and issued. It aims to
ensure that the audit file supports the audit opinion in matters of high risk to the audit
firm. For example:
 Does the audit file support the determination and discussion of the key audit matters?
 If a modified opinion is to be issued, does the audit file adequately support the basis for the
modified opinion?
Such a review is usually applied:
 to high-risk audits such as listed companies, public interest entities, specialist audits (e.g.
banks, extraction industry);
 where the audit opinion is to be modified or where modification was considered but
subsequently not applied;
 to the largest clients of each partner.
It may be conducted by the audit review panel or an independent second partner and
typically concentrates on:
 conformity with firm's and professional standards (which ever are higher);
 compliance with ISAs;
 ensuring all significant points and issues are appropriately dealt with;
 compliance of financial statements with statutes and IFRS Standards;
 quality of discussions and reporting to TCWG;
 appropriate consultations and conclusions reached on contentious issues;
 quality of the report (and supporting arguments) to management;
 adherence to terms of engagement letter;
 content of written representations;
 all matters completely documented; and
 the audit file wholly supports the auditor's report.
4.4.2 Post-Issuance Review

"Cold" reviews are performed after the auditor's report is issued and conducted by
senior staff/partners from other offices. For international firms, the review team is
usually drawn from different countries. For smaller firms (e.g. national networks or
individual partnerships), the function of the "cold review" is often carried out by an
external independent reviewer as part of the training and technical services supplied by
a consortium.
The objectives of a cold review include the following:
 to evaluate the assessment of independence;
 to evaluate the process of planning;
 to confirm that significant risks were identified and responses adequately dealt with;
 to assess the engagement team's review and response to the risk of fraud;
 to review:
o the judgments made on materiality and significant risks;
o audit sections for completeness and application of work programme;
o the significance of corrected and uncorrected errors;
o matters communicated to management and governance;
 to confirm closedown procedures were completed (e.g. going concern review, subsequent
events, management letter, written representations, etc.);
 to confirm that the firm's standards were applied;
 to check the adequacy of audit documentation;
 to confirm the appropriateness of the auditor's report issued;
 to identify any deficiencies in procedures and recommend improvements;
 to assist staff in the performance of auditor's work; and
 to recommend a more efficient and cost-effective audit approach.
Recommendations must be followed up to ensure implementation.
As reviews (and their follow-up) are time-consuming, they are applied to selected audits
covering all partners and managers on a rotational basis
5.4.5 Compliance with Ethical Requirements

4.5 Compliance with Ethical Requirements
The engagement partner should remain alert for evidence of non-compliance with
ethical requirements through observation and inquiry throughout the audit.
The engagement partner should identify any threats to independence and take
appropriate action to eliminate such threats by:
 applying safeguards; or
 withdrawing from the engagement, if appropriate.
Example 1 Recommendations for Quality Management Deficiencies
Consider the following scenarios and the recommended quality

improvements:
1. Using a standard audit programme has led to insufficient
appropriate audit evidence being obtained as the basis for the
audit opinion.
 Adapt the audit programme to the specific audit needs of clients, for
which the standardised procedures may not be suitable.
 Implement training and personal development for audit staff on
adapted audit programmes and additional audit procedures.
 Train engagement partners and team members in identifying
significant areas of audit risk that might require additional audit
procedures and those prescribed by the standard audit programme.
2. Audit staff were assigned to perform audit procedures on material
items on which they have not been satisfactorily trained. This has
led to the procedures not being properly performed, increasing
audit risk.
 Ensure that staff have sufficient knowledge and competency in the
audit procedures. This may be determined by ensuring appropriate
professional development and training for staff and hiring staff of
sufficient competency.
 Stringent review of work performed and audit documentation by
engagement partner to ensure that sufficient appropriate audit
evidence is obtained.
3. Insufficient oversight from the engagement partner on the
procedures and working papers performed.
 The engagement partner must take responsibility for the audit
engagement's direction, supervision, and performance in
compliance with professional standards and applicable legal and
regulatory requirements.
 If the workload is too much for sufficient oversight to be exercised,
other engagements should be declined.
 Training for engagement partners on the effective oversight of audit
engagements.
Example 1 Recommendations for Quality Management Deficiencies
 Appointment of engagement quality reviewer to provide additional

oversight.
4. An audit team member is faced with new and innovative financial
assets and arrangements for which they have no prior audit
experience.
 Appointment and consultation with a member of the engagement
team with sufficient expertise in the subject matter to perform
necessary audit procedures.
 Training of staff on the subject matter and audit procedures.
 Acquisition of the necessary staff expertise and other assets to
support audit procedures (such as appropriate software).
5 Syllabus Coverage
Syllabus Coverage

B. Planning and Risk Assessment
1. Obtaining and accepting audit engagements
1. Discuss the requirements of professional ethics and ISAs in relation to the
acceptance/continuance of audit engagements.
2. Explain the preconditions for an audit.
3. Explain the process by which an auditor obtains an audit engagement.
4. Discuss the importance and purpose of engagement letters and their contents.
5. Explain the overall objectives and importance of quality management audit. procedures in
conducting an audit.
6. Explain the quality management procedures which should be in place over engagement
resources, engagement performance, monitoring and remediation and compliance with
ethical requirements.
7. Evaluate quality management deficiencies and provide recommendations to allow
compliance with quality management requirements.
Technical Articles
to this chapter.
For more recent articles and other resources please visit the ACCA global website
Visual Overview
Objective: To describe the procedures for documenting the audit process.
1.1 Definition and Scope
Definition
Audit documentation – the record of audit procedures performed,

relevant audit evidence obtained, and the auditor’s conclusions.
Audit documentation ("working papers") includes ethical considerations, planning, audit
programmes, analysis, briefing documents, work schedules, reliance on experts,
summaries of significant matters, confirmations, reports to management, reviews,
checklists, written representations and other correspondence (including e-mails, text
messages, notes of oral or electronic conversations) relating to all matters that may be
considered significant.
6.1.2 Purpose
1.2 Purpose
First and foremost, audit documentation provides evidence:

 Of the basis for the auditor’s conclusion; and
 That the audit was planned and performed in accordance with ISAs and legal and
regulators requirements.
Additional purposes of documenting the audit process include:
 Increasing the economy, efficiency and effectiveness of the audit.
 Assisting the audit engagement team in planning and performing the audit (e.g.
analysing information to assess risks).
 Facilitating the supervision and review of audit work (e.g., briefing and instructing
assistants; engagement partner can agree that the work has been completed
according to the audit plan).
 Retaining a record of matters of continuing significance to future audits.
 Enabling the engagement team to be accountable for its work.
 Enabling an experienced auditor, having no connection with the audit, to understand
the audit process and conclusions.
 Enabling the conduct of quality management reviews and external inspections in
accordance with applicable legal, regulatory or other requirements.
6.1.3 Importance
1.3 Importance
Both the definition and the purposes of working papers encompass their importance.
Initially, they provide a framework for planning the audit, then for conducting and
recording the audit and finally for showing the evidence that supports the conclusions
reached and the audit opinion. Without working papers, auditors would find it very
difficult to justify in a court of law their audit approach, the work carried out, and the
conclusions reached.
6.1.4 Objective of the Auditor

1.4 Objective of the Auditor
The auditor is to prepare documentation that provides:
Key point
The auditor must prepare documentation that provides:

 A sufficient and appropriate record of the basis for the auditor’s report;
and
 Evidence that the audit was planned and performed in accordance with
ISAs and applicable legal and regulatory requirements.
Example 1 Use of Working Papers
Clara is an audit senior engaged on the audit of RQB Co. She is currently
working on the audit of plant and equipment.
On a particular day:
1. She refers to the audit plan and audit programme to determine the
procedures she needs to perform and the applicable materiality levels.
She notes if there are any significant risks to be aware of.
2. She records her computation of the materiality or provision and any risk
analysis on a mandatory working paper. This ensures audit quality and
that risk and materiality levels are appropriately assessed.
3. In performing the procedures, she records the details of the procedure,
the outcomes of applying the procedure, and the conclusion reached on
a working paper. She also highlights any significant issues that she had
encountered during the procedure.
Included in the working paper are the detailed tests performed and
procedures used to select samples.
4. At the end of the day, she forwards the working papers to her
supervisor for review.
5. Her supervisor reviews her work and the conclusions reached. If there
is a need for further procedures, her supervisor will discuss them with
the team.
6. After the supervisor has signed off the working paper, the final copy is
filed in the current audit file for subsequent final review by the
engagement partner and assembly of the final audit file.
6.1.5 Timely Preparation
1.5 Timely Preparation
Preparing audit documentation on a timely basis:

 enhances the quality of the audit; and
 facilitates the effective review of the audit evidence obtained and conclusions
reached before the auditor’s report is finalised.
Documentation prepared after the audit work has been performed is likely to be less
accurate than documentation prepared at the time such work is performed.
6.2.1 Extent
2.1 Extent
Audit documentation should be prepared that is sufficient to enable an experienced

auditor, having no previous connection with the audit, to understand:
 the nature, timing and extent of the audit procedures carried out to achieve the audit
objectives;
 the results of those procedures and the evidence obtained to support the
conclusions reached; and
 significant matters arising and the conclusions reached thereon, and significant
professional judgments made in reaching those conclusions.
Example 2 Details of a Working Paper
Following on from Example 1:

Clara has performed an inspection of assets and computation of
depreciation and recorded her work on the appropriate working paper.
The completed working paper would include details such as:
1. Identifying information on the preparer, reviewer, working paper
number, and key dates.
2. Reference where necessary to applicable ISA and auditing framework.
3. Notes on the information sources (e.g. reference to the non-current
asset register).
4. Notes on any risks of material misstatement and materiality
computations (e.g. highlighting major items that are material in
themselves).
5. The methodology of the audit procedure performed (such as the
method used to calculate depreciation).
6. Cross-references to transaction records related to the assets (such as
bank statements and purchase invoices for additions during the year).
7. The conclusions reached from the performance of the audit procedure
as a basis for the opinion. (In this case, Clara was satisfied that assets
recorded in the company’s accounts exist. Based on her computation of
depreciation, the valuation of the assets had been accurately recorded
in the accounting system.)
6.2.2 Factors to Consider

2.2 Factors to Consider
In determining the form, content and extent of audit documentation, the following factors
(not inclusive) should be considered:
 The nature of the engagement (e.g. listed, private or public sector entity) and
procedures to be performed to support the report given (e.g. audit, review).
 The nature, size and complexity of the entity, its environment and controls.
 The identified risks of material misstatement in the financial statements.
 The reliance to be placed on control effectiveness.
 The extent of judgment required to carry out the work and evaluate the results.
 The audit methodology and tools used (e.g. computer-assisted audit techniques).
 The extent of schedules, analyses and other documentation prepared by the entity.
 The significance of the evidence obtained.
 The nature and extent of exceptions identified.
 The need to document a conclusion or the basis for a conclusion not readily
determinable from the documentation of work performed or audit evidence obtained.
 The need and extent for direction, supervision and review of tasks assigned to
assistants.
 The need to direct, supervise and review the audit team (see Chapter 7).
2.3 Standardisation
It is common for audit firms to use standard pre-printed audit documentation. For
example:
 Audit completion disclosure and other checklists.
 Internal Control Questionnaires/Evaluation Questionnaires.
 Audit programs.
 Specimen letters (e.g. written representations from management – see Chapter 20).
 Indices for the standard organisation of working papers.
Example 3 Audit Standardisation
Most audit firms employ audit software to help manage the audit, ensure
significant risk areas are appropriately covered, and save time and costs.
Most audit programmes include standardised audit working papers, with
templates and procedures built into the working papers. These audit
programmes may also include guidance that might be useful to
inexperienced auditors on how to conduct the audit procedures properly.
Audit programmes may also contain specialised modules with working
papers that cover audit areas that might require more scrutiny due to their
nature, complexity, or risk.
Activity 1 Standardisation
Suggest THREE advantages and THREE disadvantages of standardising audit working

papers.
Advantages:
 Preparation and review are more efficient when audit files, sections and documents are
presented systematically.
 It helps familiarise junior staff with standard procedures (e.g. attending physical inventory
counting and requesting direct confirmations from customers).
 Similarly, it facilitates direction (and delegation), supervision and review.
 It helps achieve quality by requiring a consistent approach to all audits and ensuring that
essential procedures are not overlooked.
 It offers a consistent approach for specific audit functions (e.g. IFRS checklist).
Disadvantages:
 A "mechanical" approach may lead to a lack of appreciation of test objectives and the
implications of errors and deviations found.
 Adopting a "standard approach" may stifle initiative and discourage the exercise of
professional judgment.
 Standard programs may result in a "bare minimum" attitude.
 It may be inappropriate to follow set procedures for a particular client.
 Audit risk increases when the audit approach is not tailored to the client's circumstances.
Note: Only three advantages and three disadvantages are required.
Wherever standard documentation is used, it must be:
 tailored for each client (e.g. work programmes to address assessed risks; written
representations to reflect different circumstances); and
 kept up-to-date for changes in ISAs, IFRS Standards, laws and regulations (e.g. GAAP
checklist, engagement letters).
6.2.4 Documentation Techniques

2.4 Documentation Techniques
By far the most common way of recording
Narrative notes information (e.g. business history, processes,
and detail controls, interviews, work done, results, reviews).
Covers a wide range of charting facilities to record

information (e.g. flowcharting of systems,
organisation charts, graphing trends, bar charts, pie
Graphics charts, etc.).
They are varied, with the most common being

internal control questionnaires (ICQs) and internal
control evaluation questionnaires (ICEQs) to assist
the auditor in understanding the design of
appropriate controls and how they have been
Questionnaires implemented.
Used extensively to record set procedures (e.g. pre-

printed work programmes, ratio analysis, going
concern, IFRS disclosure requirements) and to
demonstrate that crucial procedures have been
carried out (e.g. for client acceptance, independence
Checklists review, planning, completion and partner review).
Now used extensively as audit tools (procedural,

administration and technical) and to produce audit
documentation (see s.2.5).
Electronic
media
See Chapter 9 for further details of documentation technique used to understand,

record and evaluate accounting systems.
6.2.5 Use of IT
2.5 Use of IT
Electronic working papers (EWP) software refers to any program that auditors can use
to compile and store audit documentation. Its core functionality is the ability to upload
work directly into the program, where it can be organised, reviewed and approved with
electronic signatures and date stamps and backed up.
The audit work is created using familiar tools like word processing, spreadsheets and
scanned documents, which can be enhanced by digital cross-referencing tools and tick
marks.
Most EWP software has additional capabilities, such as:
 email alerts to clients and members of the audit team;
 importing and rolling forward general ledger account balances;
 audit budget creation and time tracking tools, etc.
6.3.1 Permanent v Current Audit Files

3.1 Permanent v Current Audit Files
For recurring audits, the working papers are usually split between two main files – the
permanent audit file (PAF) and the current audit file (CAF).
 The PAF contains documents of a permanent nature related to the audit and the client's
business, are of continuing importance to the audit process and provide a history of
significant audit-related matters.
 The CAF contains information directly relevant to the current audit (at whatever stage).
 There will be only one PAF and a CAF for each stage of the audit (interim, year end, final)
for each year.
Activity 2 Working Papers
Suggest the audit working papers you would expect to be filed as "permanent" and
"current".
Permanent Audit File
Permanent audit files are usually broken into sections, for example:
 General business information
 Systems and control documentation
 Accounts and financial statements information
 Statutory and legal documentation
 Job administration
 Planning documentation
The content includes:
 Information concerning the entity’s legal structure (e.g. Memorandum and Articles of
Association).
 Major shareholders, debentures, debt structure, investments.
 Details of the business environment, the operating industry, nature and history of the client's
business, locations, products, key suppliers, key customers, subcontractors, and
employees.
 Organisational and management structure. Governance structure including audit committee.
Primary contacts in management and other key staff related to the audit.
 Structure of critical departments (e.g. finance, treasury, internal audit).
 Major suppliers, customers – turnover, terms of trade, imports, exports.
 Detail, evaluation and analysis of:
o control environment;
o risk assessment procedures;
o information systems; and
o control activities and control monitoring.
 Rolling analysis of risks, key performance indicators and risk management.
 Main accounting and other vital records, showing where they are kept and of what type (e.g.
hand-written, computerised).
 Major assets and liabilities.
 Previous financial statements, auditor's reports and supporting details if opinion modified.
 Principal accounting policies and any IFRS Standards not applicable.
 New client checklist, other legal/regulatory documents for accepting a new client.
 Major laws and regulations under which the entity operates, including regulatory reporting
requirements (e.g. charities, banks, environmental, health and safety).
 Previous partner review notes and matters for the partner’s attention.
 Previous reports to management (of deficiencies found in the accounting system).
 Previous reports and minutes of discussions with TCWG.
 Management representations.
 Insurance cover details, including claims history.
 Significant ratios, trends and performance indicators over the last (say) 10 years.
 Rotational control schedule (e.g. location visits, inventory observation, document
examination, controls tested).
 Other documents of continuing importance:
o terms of o mortgages and
engagement charges
o letters of
authority (e.g. bank
mandate) o title deeds
o minutes of o trade agreements

important meetings and labour contracts
o key legal o profit share, bonus

resolutions and share option agreements
o annual filing
returns o royalty agreements
o debenture deeds
 Other professional advisers (bankers, lawyers, brokers).
 Past administration (e.g. budgets, costings).
Current Audit File
 Financial statements audited (evidenced as agreed to accounting records, cross-referenced
to supporting schedules with comparatives, accounting policies, notes and disclosures, all
evidenced as audited).
 Completion checklists:
o Compliance with statutory requirements and IFRS disclosures.
o Partner sign off completion, including confirmation of auditor's report.
o Second partner review (as necessary).
o Audit completion checklists (partner, manager, senior).
 Closedown:
o Written representations.
o Report to management (final and interim) plus responses from the client.
o Matters for the attention of the partner (final and interim).
o Minutes of meetings with directors and audit committee.
o Minutes of board meeting approving financial statements.
o Schedule of corrected and uncorrected misstatements.
o Queries raised during the audit and subsequent clearance.
o Review notes (partner, manager, senior) and how cleared.
o Analytical review and performance indicators.
o Going concern and subsequent events.
o Ethical matters (e.g. proposed acceptance to continue as auditor).
o Confirmation of continued independence.
o Audit team assessments and reviews.
o Initial planning for the next audit.
 Job administration:
o Engagement team and relevant experience.
o Budget and fee estimates.
o Actual time/cost summaries and variance analysis.
o Fee notes.
 Planning:
o Ethical matters (e.g. client acceptance, independence, competence).
o Minutes of meetings with client, audit committee and audit team.
o Initial audit strategy, audit plan and tailored work programmes.
o Updated plans with explanations.
o Understanding of entity and its environment.
o Design of internal control and its implementation.
o Risk assessments, analytical review, materiality, sampling approach.
o Direction, supervision and review of the audit team.
 Audit sections:
o Final audit lead schedule showing the makeup of key figures in the financial
statements (cross-referenced to financial statements and supporting schedules).
o Work programmes (interim and final).
o Supporting schedules detailing the objective of the test, testing approach,
sampling, work done, matters arising, action taken and conclusion.
o Supporting work schedules detailing the actual work carried out, including
balances, transactions and evaluation of control effectiveness.
o Supporting internal and external documentation (e.g. bank letters, receivable
confirmations, expert valuations).
o Evidence of review, review notes and clearance of review point.
Standard indices may be used for both permanent and current audit files. These are
usually tailored (e.g. by circling the references used).
Exhibit 1 Current Audit Index File
A Audit control papers

A1 Financial statements
A2 Audit completion checklist
A3 Review schedules
A4 Points forward to next year
A5 Time record and budget
B Overall audit plan
C Intangible assets
D Tangible non-current assets
E Investments
F Inventories
G Receivables
H Cash
J Payables
K Provisions and contingencies
L Taxation
M Capital and reserves
N Statement of profit or loss

P Revenue
Q Purchases
R Wages and salaries
S Extended trial balance and adjustments to profit
Alternative referencing systems might include separate sections for interim audit
working papers, systems work or analytical procedures.
6.3.2 Audit Section Structure

3.2 Audit Section Structure
On every individual working paper, it is standard procedure to record (usually as the

header to each paper or written as a header on documents provided by the client):
 Client name
 Reporting date (financial year end)
 Subject of working paper (e.g. "Existence of non-current assets")
 Schedule reference
 Date of preparation
 Preparer's identification (e.g. initials)
 Date of review
 Identification of reviewer (e.g. initials)
An audit section (e.g. receivables, revenue, non-current assets) may include:
 A "lead" schedule showing the makeup of the audited balance together with the
comparative amounts for the prior year. (See Chapter 22 for a typical lead schedule
for non-current assets.)
 A section summary and conclusion outlining the audit objectives for the section, any
significant matters arising during the audit and the conclusion on the section
(see Example 4).
 A schedule showing the basis of accounting and accounting policy used.
 A work programme listing the audit procedures to be performed. Usually, each test
or group of tests will be related to a particular assertion (see Chapter 15).
 A test lead schedule stating, for example, the objective of the test, the sampling
approach, the work done, matters arising during the test and their resolution, and the
conclusion.
 Supporting schedules showing the work done, how it was done and the matters
arising. Work carried out should be indicated using "audit ticks", a key to what such
ticks mean, and appropriated cross-references to other supporting schedules
(see Exhibit 2).
Example 4 Conclusions
The work performed has been carried out according to the audit strategy
and audit plan (as adjusted).
The work performed and the results obtained have been adequately
documented.
Any revision to the audit plan, risk assessments and materiality have been
detailed on Schedule XX and approved by the partner.
Matters outstanding have been detailed on Schedule XX for action by the
partner.
In my (audit assistant's) opinion, this audit section is fairly stated subject to
the matters noted on Schedule XX.
Exhibit 2 Sample Working Paper
The following is a supporting schedule showing the audit work completed

on the depreciation expense for non-current assets:
Client: Hawk Co Prepared by: MC Date: 17 Feb 20X5
Period: Y/e 31 Dec 20X4 Reviewed by: Date:
Subject: Non-current assets deprecation reconciliation
Y/e 31 Dec 20X3 Charge $ $

Plus: Effect of 20X4
Additions: 64,52 α
Warehouse equipment
$41,600 ✔ @ 20% α 8,320
Delivery vehicles
$31,950 ✔ @ 25% α 7,990
@
Motor cars
$19,709 ✔ 331⁄3% α 6,570
Fixtures and fittings
$17,202 ✔ @ 10% α 1,720
Less: Effect of 20X4
Disposals
Warehouse equipment
$18,250 d @ 20% α (3,650)
Delivery vehicles
$11,570 d @ 25% α (2,890)
Exhibit 2 Sample Working Paper
@
Motor cars
$10,800 d 331⁄3% α (3,600)
Fixtures and fittings
$2,124 d @ 10% α (210)
78,770
Difference (immaterial) 330
Y/e 31 Dec 20X4 Charge 79,100
Key
α Agreed to prior year
accounts
✔ Per schedule of additions
d Per schedule of disposals
6.3.3 Significant Matters

3.3 Significant Matters
All significant matters must be recorded, including the detail of discussions with
appropriate client personnel. Where such detail is to be relied upon in concluding a
significant matter, a written representation from the client must be obtained
(see Chapter 20).
Examples of significant matters include:
 matters that result in material risks (revenue is always considered a significant risk,
so detailed notes on the sales system and the risks involved must always be made);
 details indicating that the financial statements may be materially misstated;
 the need to revise previous assessments of risks and material misstatements;
 factors that cause difficulty in applying ISA;
 findings that could result in a modification to the audit opinion or the inclusion of an
Emphasis of Matter paragraph in the auditor’s report, and the reasons why or why
not the opinion was modified;
 audit matters communicated to TCWG from which key audit matters will be included
in the auditor's report (see Chapter 30); and
 concerns about the entity’s ability to continue as a going concern (see Chapter 31).
Where the auditor is aware of information that contradicts or is inconsistent with
conclusions reached on a significant matter, details of how that contradiction or
inconsistency was dealt with must be recorded.
Any necessary departure from applying ISAs must be recorded, including why and how
the audit objective was achieved under the circumstances.
It is usual for details of significant matters and how they were addressed to be recorded
in a summary document (e.g. completion memorandum, partner review notes –
see Chapter 29).
6.3.4 Assembly of Working Papers File

3.4 Assembly of Working Papers File
All matters that support the audit opinion must be on file, and the file reviewed and
signed off before the auditor signs the auditor's report. Any issues of an administrative
nature should typically be concluded within 60 days of the date of the auditor's report.
Such matters include:
 deleting or discarding superseded documentation;
 sorting, collating and cross-referencing working papers;
 signing off on completion of checklists relating to the file assembly process; and
 documenting audit evidence that the auditor has obtained, discussed and agreed
with the relevant members of the engagement team before the auditor’s report.
After the final assembly, the auditor should not delete audit documentation until the
completion of the retention period (see next section). If modification is required (after
final assembly), the following must be documented:
 the specific reasons for modification; and
 when and by whom they were made and reviewed.
If it is necessary after the date of the auditor's report for the auditor to perform further
procedures or revise the original conclusion (e.g. facts affecting the auditor's report
became known after the report was signed), the following must be recorded in the file:
 the circumstances encountered;
 the new or additional audit procedures performed, audit evidence obtained,
conclusions reached, and their effect on the auditor’s report; and
 when and by whom the resulting changes to audit documentation were made and
reviewed.
6.4.1 Confidentiality and Safe Custody

4.1 Confidentiality and Safe Custody
Practical procedures include:

 locked cabinets or rooms at the clients for hardcopy data (although the client may
hold second keys);
 physical keys and logical passwords to prevent access to computers for electronic
data (the risk then is that the laptop may be stolen); and
 secure backup and encryption of data.
Electronic documentation may be particularly susceptible to corruption or loss. It should
be backed up (e.g. to a CD/USB/HD drive) on a regular basis (e.g. at lunchtime and/or
the end of each working day). The backup medium must then be made secure.
Where secure access to a file server at the auditor's office is available, the backup could
be made directly to that office. If secure access cannot be guaranteed, the data should
be encrypted. Backing up to the office facilitates early/continuous review of the file by
the manager/partner.
IT systems at the auditor's office must also be secure. Therefore, general IT controls
should apply to access to data, security of data, etc (see Chapter 12).
The need for the confidentiality and security of working papers (and client data) should
be part of the terms and conditions of employment of audit staff and considered a
severe offence if breached.
Common sense must be applied when considering the security of data (electronic or
hard copy). For example:
 do not leave working papers unattended at the client;
 do not leave working papers in a car when it is unattended; and
 do not put working papers in luggage to be checked in at an airport.
Key point
Working papers should be retained for a period sufficient to meet the needs
of the audit practice and in accordance with legal and professional
requirements. The IAASB requires at least five years.
6.4.2 Retention
4.2 Retention
Key point
ISA 230 only sets out general principles. It does not suggest a minimum or
maximum period for retention nor how ownership is determined.
4.2.1 General Considerations

Matters to be considered in determining for how long documents should be retained
include:
 Legal requirements (e.g. accounting records must be maintained for three years for private
companies and six years for other companies in the UK).
 General position in the law governing the period in which actions may be brought in a court
of law (e.g. six years for actions based on contract in the UK).
 Requirements for compiling tax returns (e.g. assessments may be made six years after the
period to which they relate).
 Likelihood of seeking quotation on a recognised stock exchange – the previous six years
must be reported in UK.
4.2.2 ACCA Recommended Minimum Period

ACCA recommends the following minimum periods:
 Audit working papers – seven years.
 Tax files – seven years and then returned to the client (or former client).
4.3 Ownership
4.3.1 General Principles

The general principles of ownership of audit documentation include the following:
 Working papers are the auditor's property and clients have no right to demand access.
 Portions of or extracts from working papers may be made available to the client at the
auditor’s discretion. (They are not a substitute for the client's accounting records.)
 All documents relating to clients are confidential.
 A client may require the auditor to disclose documents which belong to the client (only) to a
third party.
4.3.2 Determining Ownership

The primary consideration in determining ownership is the contract with the client, which
is agreed upon and evidenced in the engagement letter. If there is no specific
agreement, consider:
 the capacity in which members act, for example, as principals (auditing services), or agents
(tax compliance); and
 the purpose for which documents and records exist or are created (e.g. to support the audit
opinion).
6 Syllabus Coverage
Syllabus Coverage

6. Audit planning and documentation
1. Explain the need for, and the importance of, audit documentation.
2. Describe the form and contents of working papers and supporting documentation.
3. Explain the procedures to ensure safe custody and retention of working papers.
Technical Articles
This chapter includes the relevant content of the following related technical articles
available at the time of writing (November 2022):
 Audit working papers

Visual Overview
Objective: To describe the process of establishing the audit strategy and plan – the
objectives, scope and critical aspects of an audit.
7.1.1 Overall Objectives of the Auditor
1.1 Overall Objectives of the Auditor
The overall objectives of the independent auditor are:

 To obtain reasonable assurance (see Chapter 1) about whether the financial
statements as a whole are free from material misstatement (whether due to fraud or
error), thereby enabling the auditor to express an opinion on whether the financial
statements are prepared, in all material respects, in accordance with an applicable
financial reporting framework; and
 To report on the financial statements and communicate as required by the ISAs, in
accordance with the auditor’s findings.
7.1.2 Audit Conducted in Accordance with ISAs

1.2 Audit Conducted in Accordance with ISAs
Key point
The auditor must conduct the audit in compliance with all relevant ISAs.
The auditor cannot report compliance with the ISAs in the auditor's report
unless all ISAs that are relevant to the audit have been complied with.
The auditor can only depart from a relevant requirement of an ISA
in exceptional circumstances (i.e. when the performance of the procedures would be
ineffective in achieving the purpose of the requirement). In this case, the auditor should
perform alternative procedures.
7.2.1 Objective
2.1 Objective
Key point
The objective of the auditor is to plan the audit (applying professional judgement
and scepticism) so that it will be performed effectively and efficiently.
Professional judgement and scepticism, which were discussed in Chapter 1, are applied
throughout the audit process, not only in planning.
The relevant standard for audit planning is ISA 300 Planning an Audit of Financial
Statements. The auditor requires a thorough understanding of the entity, its
environment and the risk of material misstatement in the financial statements
(see Chapter 8) to effectively plan. Planning sets the tone and direction of the audit. It
ensures that the right resources are allocated to the right areas (e.g. high risk, material)
at the right time.
7.2.2 Benefits of Adequate Planning

2.2 Benefits of Adequate Planning
Adequate planning is necessary to help the auditor to:

 devote appropriate attention to important areas;
 identify potential problems and resolve them on a timely basis;
 organise and manage the engagement effectively and efficiently; and
 assign appropriate staff to the audit, direct and supervise them and review their
work.
Where applicable, adequate planning also assists in coordination of work done by
others (see Chapter 18).
Example 1 Key Areas in Audit Planning
Glardie & Co is currently planning the audit of BRZ Co. Glardie & Co had
also audited the financial statements of BRZ Co for the prior year.
In discussions with management and their knowledge of the actions in the
current year of BRZ, the engagement partner has found the following to be
of significance to the audit of BRZ:
1. BRZ’s revenue has increased significantly compared to the previous
year, since it launched its purchase financing programme.
Glardie is facing a shortage of experienced audit staff in the industry
that BRZ is operating in.
2. There have been significant changes in the financial control system of
BRZ, addressing certain deficiencies found by Glardie and
communicated to BRZ in completing BRZ’s statutory audit last year.
To raise finance to fund its expansion plans, BRZ had initiated a rights
issue, a full subscription of which will raise its equity capital by 30%.
3. For the first time in Glardie’s knowledge of BRZ operations
7.2.3 Scope
2.3 Scope
Planning entails developing:

 an overall audit strategy (using professional judgement and scepticism) which sets
the scope, timing and direction of the audit;
 a detailed approach (developed from the strategy and again using professional
judgement and scepticism) for the nature, timing and extent of audit procedures to
reduce audit risk to an acceptably low level – the audit plan; and
 adequate two-way communication between the auditor and TCWG.
The engagement partner and other key engagement team members must be involved in
planning the audit, including any discussions between other engagement team
members concerning developing the strategy and plan. The engagement partner must
take full responsibility for the audit strategy and plan.
Example 2 Developing the Audit Strategy

The engagement partner is now in discussion with the engagement team
on the audit strategy to approach the audit:
1. BRZ’s revenue has increased significantly compared to the previous
year, since it launched its purchase financing programme.
Glardie will need to allocate additional resources to the audit of
revenue, and test for the recoverability of receivables, to ensure that
both items are not overstated.
2. Glardie is facing a shortage of experienced audit staff in the industry
that BRZ is operating in.
Glardie might need to explore hiring experienced staff, contracting out
certain portions of the audit work, and determining its possible reliance
on the work of BRZ’s internal audit function, if available.
3. There have been significant changes in the financial control system of
BRZ, addressing certain deficiencies found by Glardie and
communicated to BRZ in completing BRZ’s statutory audit last year.
Glardie would need to ascertain the functions and the updated financial
control system and its impact on audit risk. Planning should include
resources for testing the effect of the new controls.
4. To raise finance to fund its expansion plans, BRZ had initiated a rights
issue, a full subscription of which will raise its equity capital by 30%.
Glardie needs to test that the reported figures are accurate and whether
there are any regulatory issues that might impact the presentation of
and disclosures in the financial statements.
5. For the first time in Glardie’s knowledge of BRZ operations, a
manufacturing and storage facility is maintained offshore.
Glardie might need to determine if it is appropriate to send staff to
perform audit procedures on-site or to engage the services of another
auditor to perform the offshore audit work. It would need to determine
the suitability of reliance on the offshore auditor and establish audit
quality and confidentiality controls.
7.2.4 Planning Cycle

2.4 Planning Activities
Planning is not just the initial phase of an audit but a continuing process which begins
shortly after the completion of the previous audit and continues until the completion of
the current audit engagement, for example:
 When a final audit is completed, planning for the next audit cycle will commence
(e.g. the interim stage), taking into account relevant audit findings from the previous
audit cycle (e.g. results from testing controls, particular difficulties in carrying out any
tests, suggestions for improvement in testing effectiveness and efficiency).
 The effect of changes in the business, statutory and regulatory environment during
the audit cycle (and the client's reaction to such changes) on the timing, nature and
extent of audit procedures. As statutory and regulatory changes are often
announced well before implementation, there will be plenty of time to discuss the
audit's effect with directors and audit committees. A sound understanding of the
business should alert the auditor to strategic and tactical changes. Operational
changes (e.g. unexpected loss of a major customer or supplier) may cause the
auditor to revise the audit plan immediately.
 Interim audit results will affect year-end and final audit procedures (e.g. if direct
controls are not operating effectively – see Chapter 12).
 Identifying audit procedures that may be more efficient and effective to carry out at
or before the year end (e.g. non-current asset inspections, receivable confirmations).
 During each audit stage, reassessment of the audit strategy and plan to take into
account errors and other factors which arise during audit procedures (e.g. reassess
risk and materiality on discovering errors, conflicting test results, doubts about
management's integrity, identification of going concern or possible fraud indicators).
2.5 Planning Activities
Planning activities include:

 Initial evaluation of the ability to continue to carry out the audit of the client (also
discussed in Chapter 5).
 Considering the effect of a modified audit opinion, management (deficiency) letters
and points forward (for the attention of the following audit) from the prior audit,
including an assessment of uncorrected misstatements.
 Developing the overall audit strategy (scope, timing and direction of the audit).
 Establishing the resources required including, audit team members, their
experience, external experts and time budgets.
 Developing a detailed audit plan regarding the nature, timing and extent of audit
procedures.
 Establishing the necessary direction, supervision and review procedures (which will
depend on the nature of the audit, the assessed risk of material misstatement and
the experience of each audit team member).
 Changing, as necessary, the audit strategy and the audit plan as the audit
progresses.
 Establishing and maintaining communication with TCWG and management (see
s.7).
Planning considerations specific to computer information systems are dealt with
in Chapter 12.
7.3.1 Need For

3.1 Need For
Performing preliminary engagement activities helps to ensure that the auditor has
considered events or circumstances that may adversely affect his ability to perform the
audit engagement.
These activities help the auditor plan to ensure that:
 the necessary independence and ability to perform the engagement are maintained;
 there are no issues with management integrity which may affect the continuation of
the engagement; and
 there are no misunderstandings with the client regarding the terms of the
engagement.
7.3.2 Basic Approach

3.2 Basic Approach
As part of the audit completion procedures, the auditor confirms that no matters arose
during the audit to cast doubt over his ability to conclude the audit and sign the auditor's
report (e.g. independence, technical competence).
This approach is "rolled forward" to planning the following audit assignment. This
includes consideration of any factors arising during the last audit (and since the
completion of that audit), which would cast doubt on the ability to re-accept appointment
(e.g. loss of essential expertise specific for that client or in management integrity).
In many jurisdictions, the auditor decides whether to stand for reappointment at the
company's AGM. To do so, the auditor must demonstrate the ability to continue to act
as the auditor.
As previously discussed in Chapter 5 Auditor Appointment, preliminary activities
include:
 reassessing the client relationship and management's integrity (e.g. does the auditor
wish to continue to act for the client);
 evaluating compliance with ethical requirements, including independence, of the
firm, partners and proposed assignment staff;
 assessing threats to the fundamental principles; and
 reviewing the terms of the engagement to ensure that they are up to date and reflect
any changes in the entity's circumstances, business, legal or regulatory
environment.
7.4.1 Establishing the Overall Audit Strategy

4.1 Establishing the Overall Audit Strategy
Key Point
The overall audit strategy sets the scope, timing and direction of the audit, and
helps guide the development of the detailed audit plan.
An appendix to ISA 300 provides examples of a broad range of matters to be

considered in establishing the overall audit strategy. Although many of these
considerations apply to many audits, not all will be relevant to every audit and the lists
which follow are not exhaustive.
4.1.1 Characteristics of the Engagement

 The financial reporting framework used.
 Industry-specific law and regulation requirements.
 Governance requirements.
 Reliance on the work of internal audit.
 Entity's use of service organisations.
 Possible use of the computer as an audit tool.
 Availability of client staff and data.
4.1.2 Reporting Objectives, Timing of the Audit, Nature of

Communications
 The entity's timetable for reporting at interim and final stages.
 The organisation of meetings with management and TCWG to discuss the nature, extent
and timing of the audit work.
 Discussions with management identifying feedback required throughout the engagement
and the expected deliverables, for example:
o progress reports;
o the auditor's report;
o reports to management; and
o communications to TCWG.
 The expected nature and timing of communications between engagement team members,
including the nature and timing of team meetings and timing of the review of work
performed.
 Third parties, including any statutory or contractual reporting responsibilities arising from the
audit.
4.1.3 Significant Factors, Preliminary Activities and Knowledge
Gained
 Determination of appropriate materiality levels.
 Preliminary identification of material classes of transactions, account balances and
disclosures.
 Preliminary identification of areas where there may be high risks of material misstatement.
 The effect of the assessed risk of material misstatement at the financial statement
(see Chapter 8) level on direction, supervision and review.
 The need for, and level of, professional scepticism.
 Evidence of management's commitment to the design and operation of sound internal
control.
 Placing reliance on the effectiveness of internal control.
 Recent industry, business, legal, regulatory, financial reporting or other relevant
developments affecting the entity.
 The selection of the engagement team, the assignment of audit work to the team members
and the engagement budgeting.
4.2 Nature, Timing and Extent of Resources
Establishing the audit strategy helps the auditor to ascertain the nature, timing and
extent of resources necessary to perform the engagement. For example:
 The use of appropriately experienced team members for high-risk areas or the
involvement of experts on complex matters.
 The number of team members assigned to observe the inventory count at material
locations.
 The hours to allocate to high-risk areas, material areas, the planning process itself,
control testing, review and completion.
 When these resources are deployed at the interim audit (e.g. pre-year-end
circularisation), the year end (e.g. inventory observation) and final audit.
 How such resources are managed, directed and supervised. For example:
o timing of team briefing and debriefing meetings;
o timing and location of senior, manager and partner reviews of the audit
process; and
o the need for engagement quality reviews (e.g. second partner review
before audit completion).
7.4.3 Timetable
4.3 Timetable
A "traditional audit" generally has three discrete phases: interim, year-end and final.
4.3.1 Interim Audit
ISA 330 The Auditor’s Responses to Assessed Risks considers the timing of audit
procedures and using audit evidence obtained during an interim period.
Interim audit procedures are performed before the year end. An interim audit is not
required, but may be performed:
 to reduce the workload and time pressure of the final audit;
 to better understand if reliance can be placed on internal controls to help plan the year-end
audit.
Interim procedures are more effective when the risk of material misstatement is low and
less effective when the risk of material misstatement is high. This is due to the auditor's
understanding of the effectiveness of the control environment (more confidence in
internal control effectiveness would allow more interim procedures to be performed).
Interim audit procedures may include:
 Planning procedures (e.g. documenting systems and updating the understanding of the
client).
 Tests of controls (i.e. tests to assess their operating effectiveness), where this is more
efficient when the evidence is available, and the audit team is less busy.
 Substantive procedures (i.e. tests to detect material misstatement) on audit areas
assessed as low risk.
Key point
Substantive procedures must be performed at or near the year end when the risk
of material misstatement is high.
4.3.2 Effect of Interim Audit on Final Audit

The audit opinion cannot be based solely on evidence gathered during the interim audit.
 If the auditor performs tests of controls at an interim date, the auditor will need to obtain
evidence about significant changes to those controls after the interim period and determine
the additional evidence to be gathered during the final audit.
 If substantive procedures are performed at an interim date, the auditor will need to cover the
remaining period (i.e. between the date of the interim procedures and year end) by
performing further substantive procedures or a combination of additional substantive
procedures and tests of controls.
Evidence gathered during the interim audit is used to plan the final audit. For example:
 If tests of controls performed during the interim audit show that controls are operating
effectively, a lower level of substantive testing is required during the final audit.
 If misstatements are detected at an interim date that the auditor did not expect, the auditor
should reassess the risk that the financial statements may be materially misstated and
reassess the nature, timing and extent of substantive procedures covering the remaining
period.
4.3.3 Final Audit

Audit procedures carried out during the final audit are mainly substantive (analytical
procedures and tests of details), emphasising completeness, carrying amounts,
presentation, existence and cut-off. Tests on items selected at the year end are followed
up (e.g. inventory valuation, confirming recoverability of trade receivables).
Where there is a tight reporting deadline (e.g. one month after the year end), some final
audit procedures (e.g. trade receivables confirmations) may be carried out just before
the year end (e.g. one month before) and "rolled forward" to the year end.
Activity 1 Year-end Audit Visit
Suggest three audit procedures typically carried out at a year-end audit visit.
 For clients holding material amounts of inventories (e.g. retailers, manufacturers), there will
usually be a physical counting of inventory at the year end. The auditor must attend this.
Where a year-end count is not practicable, it may be conducted before the end of the
reporting period and supplemented with "roll forward" tests (see Chapter 23).
 While attending the year-end physical count, several other procedures also may be carried
out (e.g. tangible non-current asset inspection confirming existence at the end of the
reporting period and cash counts where material).
 Bank confirmation letters (see Chapter 26) will be organised shortly before or after the year
end to ensure that replies are received before the final audit.
 Other external confirmations also may be organised (e.g. receivable circularisation sent with
the client's month-end statements, see Chapter 24) to ensure replies are received before the
final audit.
4.3.4 Stages of an Audit Summary
Interim Audit Final Audit
Timing Before year end At or after year end
Required No Yes
Interim Audit Final Audit
Primarily tests of controls

with some substantive Primarily substantive procedures
procedures when risk is or, when appropriate or necessary,
low and evidence is a combination of substantive
Procedures available. procedures and tests of controls.
Evidence gathered during the final

audit can be used as the basis for
Only when combined with the audit opinion, even when no
Basis for evidence gathered during interim procedures have been
audit opinion the final audit. performed.
7.5.0 Introduction
5.0 Introduction
Key point
The auditor should develop an audit plan for the audit to reduce audit risk
to an acceptably low level. The plan will include a description of:
 The nature, timing and extent of risk assessment procedures, as
determined under ISA 315 (see Chapter 8).
 The nature, timing and extent of audit procedures at the assertion level
to address identified risks, as determined under ISA 330 (see Chapters
22-27).
 Other audit procedures that must be carried out so that the engagement
complies with ISAs.
7.5.1 Rationale
5.1 Rationale
The audit plan should be developed once the audit strategy has been established. It will
address the various matters identified in the audit strategy, considering the need to
achieve the audit objectives through the efficient use of the auditor's resources.
It is more detailed than the audit strategy. It includes the nature, timing and extent of
audit procedures to be performed by the engagement team members to obtain sufficient
appropriate audit evidence to reduce audit risk to an acceptably low level. Also called
audit work programme, separate audit plans cover all stages of the audit; interim, year
end and final.
7.5.2 Content
5.2 Content
The audit plan includes:

 A description of the nature, timing and extent of planned risk assessment
procedures. These procedures must be sufficient to assess the risks of material
misstatement under ISA 315 Identifying and Assessing the Risks of Material
Misstatement (see Chapter 8).
 A description of the nature, timing and extent of planned audit procedures at the
assertion level for each material class of transactions, account balance and
disclosure, as determined under ISA 330 The Auditor's Procedures in Response to
Assessed Risks, including:
o audit procedures, if required, to test the operating effectiveness of
controls; and
o the nature, timing and extent of planned substantive procedures
(see Chapters 22-28).
 Audit procedures must be carried out to comply with all relevant ISAs for the
assignment (e.g. external confirmations, accounting estimates, using the work of an
expert, subsequent events, going concern and management representations).
Key Point
Working papers must identify:

 The specific items tested;
 Who performed the work and when it was completed;
 Who reviewed the work, and on what date.
7.5.3 Changes to Planning Decisions

5.3 Changes to Planning Decisions
Planning is a continuous process. The results of the interim audit will affect the plan for
the year-end work, the results of which (together with the interim audit) will affect the
final audit strategy and plan.
The auditor also will need to change the audit strategy and plan to take events into
account as they unfold. For example:
 unexpected events (e.g. loss of a key member of the client's management team);
 changes in the entity's environment (e.g. a regulator's report requiring changes to be
made to the entity's procedures); and
 unexpected results from audit procedures (e.g. the results of substantive procedures
contradict the evidence obtained through testing the operating effectiveness of
controls).
As a result of such events, materiality and the risk of material misstatement may need to
be reassessed and the planned nature, timing and extent of audit procedures
reconsidered.
Example 3 Adjusting the Audit Plan

During the interim audit for the year, the engagement team identified
several events that would lead to a change in the final audit plan:
1. The growth in revenue for BRZ is significantly higher than expected,
and there is a corresponding deterioration in current and quick ratios.
Glardie has highlighted revenue as an area of increased audit risk in its
audit planning and that adjustment to materiality levels and extent of
audit procedures may be necessary.
2. A fire at the offshore manufacturing plant, which forms a significant part
of BRZ’s non-current assets. The financial effects of the fire are still
being ascertained.
Glardie has indicated additional procedures to ensure that the final
reported carrying amount of the plant is materially correct and that any
losses and provisions are appropriately accounted for and disclosed.
3. One of BRZ’s customers instigated legal action against BRZ for the
non-delivery of promised services during the year. Initial discussions
with management indicate that the non-delivery was due to non-
performance by one of BRZ’s subcontractors and has brought in the
subcontractor as a third-party defendant in the claim.
Glardie has indicated additional audit procedures to ascertain the
impact of this claim on BRZ’s financial statements and ensure the
appropriate disclosures and provisions have been made in case of any
developments in the case.
7.6.0 Introduction
6.0 Introduction
Key point
The nature, timing and extent of the direction and supervision of

engagement team members and the review of their work must be planned
based on:
 the assessed risk of material misstatement; and
 the level of experience of the audit team members.
7.6.1 Direction
6.1 Direction
Direction is the means through which the members of the engagement team are
informed of:
 their responsibilities;
 the nature of the business;
 risk-related issues;
 the detailed approach to the performance of the engagement;
 the objectives of the tasks they are to undertake;
 problems that may arise; and
 matters which may affect the nature, timing and extent of audit procedures.
Communication tools (which are integral to the working papers) include:
 engagement team briefing, which must be documented (e.g. in a planning memo);
 overall audit strategy and plan;
 audit programme; and
 staffing and time budgets.
Example 4 Direction

Before the commencement of the final audit, the engagement partner had a
meeting with the engagement team. They have gone through all the
significant matters that might affect the audit, identified throughout the year
and the preliminary audit.
The audit objectives were also discussed and mitigations for foreseen
problems implemented (e.g. what to do if documentation and assets were
missing due to the fire at the manufacturing plant).
The audit programme was distributed digitally to the team, and the
procedure time frame was also shared and commented on for efficiency
and audit quality.
The tasking of the engagement team for audit procedures is managed
through cloud-based audit software, which holds information on all the
audit work to be performed, retains all working papers, and updates time
and resource budgets as the audit progresses.
7.6.2 Supervision
6.2 Supervision
Supervision includes monitoring progress and recording such progress in the working
papers to ensure that:
 assistants have the skills and competence necessary;
 assistants understand and follow their instructions;
 work is being done following the overall audit plan, audit programme and time
budget;
 significant accounting and auditing issues are identified and acted on (e.g. by
modifying the audit programme; noting for partner attention and action); and
 differences of professional judgement between members of the audit team are
resolved, including the use of (internal and/or external) consultation procedures.
7.6.3 Review
6.3 Review
A person of greater experience (e.g. senior reviewing junior, partner reviewing

manager) should consider whether:
 work has been performed following standards and the audit plan;
 there is a need to revise the nature, timing and extent of work performed;
 the results of work performed are adequately documented;
 audit objectives have been achieved;
 the evidence obtained is sufficient and appropriate to support the auditor's report;
 significant audit matters have been raised and all resolved;
 relevant consultations have taken place and the resulting conclusions documented;
and
 conclusions are consistent with the results of the work performed.
The review process must be documented as part of the working papers. Review is a
continuous process; any changes necessary to the overall audit approach (as identified
during the audit) must be reviewed and approved by the audit partner.
Example 5 Supervising
Rachel is an audit senior in charge of supervising junior audit team

members in an engagement.
Her duties in reviewing the working papers of her juniors include:
1. Confirming that all identification information and key dates are correct.
2. Ensuring that the correct materiality levels have been applied.
3. Ensuring that the sources of information are correctly identified and the
audit procedure methodology has been properly applied.
4. Determining that the conclusions and basis on which they have been
reached are appropriate.
Example 5 Supervising
5. Evaluating the procedure's outcome in relation to the overall audit

objectives, any significant issues and prescribing additional audit
procedures where necessary.
7.7.0 Introduction
7.0 Introduction
Key point
The auditor should document the overall audit strategy and plan,
including any significant changes made during the audit engagement.
7.7.1 Audit Strategy

7.1 Audit Strategy
Documenting the overall audit strategy records the key decisions necessary to properly
plan the audit and to communicate significant matters to the engagement team. The
overall audit strategy may be summarised in a “planning memorandum”, which sets out
the overall scope, timing and conduct of the audit.
7.7.2 Audit Plan

7.2 Audit Plan
The documentation of the audit plan must be sufficient to demonstrate the planned
nature, timing and extent of:
 the risk assessment procedures (see Chapter 8);
 the audit procedures (e.g. tests of controls, substantive tests, analytical review
procedures, going concern, review and completion) to be carried out on each
material class of transaction, account balance and disclosures in response to the
assessed risks; and
 the planning procedures themselves.
Standard, pre-printed audit programmes and audit completion checklists are often used.
However, such programmes and checklists must be tailored to each client's
circumstances.
7.7.3 Changes to the Audit Strategy and Audit Plan

7.3 Changes to the Audit Strategy and Audit Plan
When the original audit strategy and audit plan are updated, the reasons for the
changes and the auditor's response to the events, conditions, or results of audit
procedures that resulted in such changes, must be documented to update the strategy
and plan.
For example, when the testing of control procedures is no longer considered necessary
or additional audit tests are added to the work programme because of the discovery of a
material misstatement, the reasons for these changes must be documented.
The audit file has to support the audit opinion.
7 Syllabus Coverage
Syllabus Coverage

2. Objective and general principles
1. Identify the overall objectives of the auditor and the need to conduct an audit in accordance
with ISAs.
2. Explain the need to plan and perform audits with an attitude of professional scepticism, and
to exercise professional judgement.
6. Audit planning and documentation
1. Identify and explain the need for, benefits of and importance of planning an audit.
2. Identify and describe the contents of the overall audit strategy and audit plan.
3. Explain and describe the relationship between the overall audit strategy and the audit plan.
4. Explain the difference between interim and final audit.
5. Describe the purpose of an interim audit, and the procedures likely to be adopted at this
stage in the audit.
6. Describe the impact of the work performed during the interim audit on the final audit.
Technical Articles
to this chapter.
Visual Overview
Objective: To describe how the auditor, through understanding the entity, aims to
minimise audit risk.
8.1.0 Introduction
1.0 Introduction
The relevant standard is ISA 315 (Revised 2019), Identifying and Assessing the Risks
of Material Misstatement.
Key point
The auditor must identify and assess the risks of material misstatement, whether
due to fraud or error, at the financial statement and assertion levels, thereby
providing a basis for designing and implementing responses to the assessed risks
of material misstatement.
8.1.1 Steps
1.1 Steps
The steps required in identifying and assessing the risks of material misstatements can
be summarised as follows:
1. Design and perform risk assessment procedures to obtain an understanding of:
 the entity and its environment;
 the applicable financial reporting framework and the entity’s accounting policies;
 inherent risk factors.
Definition
Inherent risk factors – characteristics of events or conditions that affect

susceptibility to misstatement, whether due to fraud or error, of an
assertion about a class of transactions, account balance or disclosure,
before consideration of controls.
2. Evaluate whether the entity’s accounting policies are appropriate and consistent
with the applicable financial reporting framework
3. Obtain an understanding of the components of the entity’s system of internal
control (Chapter 9).
4. Identify the risks of material misstatements and determine whether they exist at:
 the assertion level (i.e. affecting material classes of transactions, account
balances and their related disclosures); or
 the financial statement level (i.e. affecting the financial statements).
5. Assess the identified risks including whether any are significant risks.
5a. Optional. Assess control risk if the auditor plans to test the operating effectiveness
of controls (see s.3.5).
6. Plan, design and perform appropriate audit procedures in response to identified
risks as required by ISA 330 The Auditor’s Responses to Assessed Risks.
In summary, the auditor must:
 understand the entity and its environment to assess the risk of material
misstatement (RoMM) in the financial statements; then
 devise a work programme to test whether such misstatements have arisen (ISA 330
and ISA 500 Audit Evidence).
8.1.2 Obtaining an Initial Understanding

1.2 Obtaining an Initial Understanding
The auditor obtains an understanding of the entity and its environment and the
applicable financial reporting framework by performing risk assessment procedures.
Definition
Risk assessment procedures – audit procedures designed and

performed to identify and assess the risks of material misstatement,
whether due to fraud or error, at the financial statement and assertion
levels
Risk assessment procedures include inquiries, observation and inspection and
analytical procedures. Observation and inspection are required to support, corroborate
or contradict inquiries and provide information.
 Of TCWG, management and others (including

Inquire internal audit).
 Day-to-day activities and operations.

 Behaviours and actions of management or TCWG
Observe (e.g. observe an audit committee meeting).
 External sources of industrial, legal and economic

conditions and events (e.g. trade journals, credit
rating agencies, financial press).
 Internal documents (e.g. business plans), accounting
records and procedure manuals.
 The entity’s premises and plant facilities.
 Reports prepared by management (e.g. monthly
management accounts) and TCWG (e.g. board
Inspect minutes, audit committee reports).
 Internal and external information; current and prior

Analytical financial history; financial and non-financial
procedures information.
 Key performance indicators and activity against
similar companies.
 Identifying unusual transactions, amounts,
relationships, ratios and trends.
 See Chapter 16 for further details.
Example 1 Inquiries
Inquiry to: Reason:
To understand the extent of their oversight

over the preparation of the financial
TCWG statements by management.
Employees who initiate,

process or record To evaluate the appropriateness of the
complex/unusual selection and application of specific
transactions accounting policies.
To obtain information about litigation,

compliance with laws and regulations,
knowledge of fraud/suspected fraud,
warranties, after-sale obligations and the
In-house legal counsel meaning of contractual terms.
To obtain information about changes in

Marketing or sales marketing strategies, sales trends or
personnel contractual arrangements with customers.
To obtain information about operational and

Risk management regulatory risks that may affect financial
function reporting.
To obtain information about system

changes, system or control failures or other
IT personnel IT-related risks.
8.1.3 Audit Team Discussions

1.3 Audit Team Discussions
Discussions should be held between the senior and key members of the engagement
team (at least) about the susceptibility of the financial statements to material
misstatement, including fraud risk (see Chapter 11).
Key Point
Discussions must be documented along with the decisions made and the
implications for the audit approach.
By holding such discussions:

 the more experienced engagement team members brief other members and share
their insights based on their knowledge of the entity and audit experience;
 information can be exchanged about the entity's risks and how and where the
financial statements might be susceptible to material misstatement;
 the audit team obtains a better understanding of the potential for material
misstatements resulting from fraud or error in the specific areas assigned to them;
and
 the audit team understands how the results of the audit procedures that they perform
may affect other aspects of the audit, including the decisions about the nature,
timing and extent of further audit procedures.
Team members not involved in the discussions must be informed of the outcomes and
specific effects on areas relevant to their responsibilities. This is usually achieved
through a client planning memorandum.
Example 2 Team Discussion
Bladd & Co holds an initial risk assessment meeting for the audit of WWQ
Co, a client for which the firm has been the auditor for a few years.
There were certain factors identified during the year that have been
identified as accompanying risks of material misstatement to this year’s
audit, and the engagement partner wants senior members of the
engagement team to be fully aware of these risks.
There has been an observed worsening of WWQ’s current and quick ratios,
accompanied by rapid growth in revenues. The engagement team feels this
has significant risk, both for material misstatement and potential going
concern issues.
The engagement partner also shared with the team that he was informed
by the board of WWQ that they would be expanding and diversifying the
business to include real estate development and sale and had acquired
land and broken ground for the construction of a property. The engagement
partner informs his team that this is an area of significant risk due to the
issue of revenue recognition and capitalisation of assets since the project
has been financed by debt. It is also unclear what operational and financial
controls WWQ has over this division.
1.4 Sources of Information

Audit evidence is obtained through risk assessment procedures from multiple sources,
including the entity, the auditor’s acceptance or continuation procedures, previous
audits and third parties (e.g. regulators).
Activity 1 Sources of Information
Suggest examples of information that might be obtained from each of the following
sources:
a. Audit client;
b. Auditor;
c. Other sources.
(c) Other
(a) Client (b) Auditor sources
 Directors/senior
operating personnel
 Internal audit and  Predecessor
Governance auditor
 Website  Previous relevant  Legal
 Visit premises and plant experiences advisers
facilities  Specialist  Industry
 Specific employees publications (e.g. regulators
involved in the process on hotel audits)  Government
 Minutes of meeting  Technical experts data
 Documents sent to (e.g. IS, extractive  Customers
shareholders/filed with industries)  Suppliers
authorities  In-house  Competitors
 Financial budgets and knowledge base  Trade
management reports  Permanent audit journals
 Chart of accounts and file  Financial
job descriptions  Business process press
 Procedures manuals templates  Websites
8.1.5 Using the Information

1.5 Using the Information
Key Point
The auditor’s understanding of the entity and its environment and the
applicable financial reporting framework:
Key Point
 assists the auditor in understanding the events and conditions that are
relevant to the entity;
 assists the auditor in identifying how inherent risk factors affect the
susceptibility of assertions to misstatement in the preparation of the
financial statements; and
 informs how the auditor plans and performs further audit procedures.
Example 3 Why an Understanding is Required
The auditor uses an understanding of the entity and its environment to:
 Identify and assess risks of material misstatement;
 Determine materiality levels and judge whether they remain appropriate
as the audit progresses (see Chapter 10);
 Perform procedures to help identify non-compliance with laws and
regulations that may have a material effect on the financial statements
(see Chapter 11);
 Evaluate whether the financial statements provide adequate
disclosures;
 Consider the appropriateness of the selection and application of
accounting policies and the adequacy of financial statement
disclosures;
 Develop expectations for use in analytical procedures (see Chapter 16);
 Identify areas where special audit consideration may be necessary (e.g.
the appropriateness of the going concern assumption);
 Design and perform further audit procedures to reduce audit risk to an
acceptably low level;
 Evaluate the sufficiency and appropriateness of audit evidence (see
Chapter 15), including management representations (see Chapter 20);
 Recognise conflicting information and unusual circumstances and
effectively apply professional scepticism;
 Make informed enquiries and assess the reasonableness of responses;
 Provide better service to clients and be responsive to their needs.
8.2.1 Matters to Consider

2.1 Matters to Consider
2.1.1 Before Accepting Appointment

Before accepting an appointment, the auditor should obtain a general understanding
sufficient to make an appropriate proposal.
2.1.2 After Accepting Appointment
After accepting an appointment, the auditor should obtain a more detailed
understanding sufficient to plan an effective and efficient audit.
8.2.2 Information Needs

2.2 Information Needs
ISA 315 requires the auditor to obtain an understanding of the following:

 nature of the entity and its environment, including:
o organisational structure, ownership, governance, and business model, including
the extent to which the business model integrates the use of IT;
o industry, regulatory and other external factors
o the measures used, internally and externally, to assess financial performance;
 the applicable financial reporting framework, the entity’s accounting policies and the reasons
for any changes to it; and
 how inherent risk factors affect the susceptibility of assertions to misstatements and the
degree to which they do so.
Activity 2 Information Requirements
Suggest, under the following headings, the information you will require to enable you to
obtain a sufficient understanding of the entity and its environment:
 General economic factors
 Industry
 Management and ownership
 Business
 Financial performance
 Reporting environment
General Economic
Factors Industry
 Recession
 Growth  Market/competition
 Interest rates  Costs of entry
 Sources of finance  Cyclical/seasonal trade
 Inflation  Technology/fashion
 Government policy (e.g.  Key ratios and performance measures
monetary, fiscal, trade)  Specific accounting practices, GAAP
 Investment incentive  Regulatory/environmental requirements
(e.g. regional  Energy supply and costs
development grants)  Workforce skills
 Foreign exchange (rates
and controls)
 Availability and
education of the
workforce
Management and
Ownership Business
 Corporate structure
 Owners
 Local/foreign  Nature (manufacturer, exporter)
 Capital structure  Locations (office/production/storage)
 Organisational structure  Employment (union contracts)
 Philosophy and strategic  Products/services/markets
plans  Conduct of operations (e.g. service
 Acquisitions and logistics, production, segments)
disposals  Major/dependent suppliers/customers
 Sources of finance (delivery methods such as JIT)
 Board of directors and  Outsourced activities
governance  Inventors (type, location, quantities)
 Operating management  Research and development
 Internal audit  Information systems and use of
 Attitude to internal ecommerce (nature and dependency)
control environment  Debt structure (including covenants)
Financial Performance Reporting Environment
 Key ratios, trends

 Performance indicators
(e.g. share price, EPS)
 Employee measures
and compensation
 Period-on-period
financial performance  Legislation and regulations
 Accounting principles  Appropriate selection and application of
 Accounting policies accounting principles
 Earnings/cash flow  Auditor's reporting requirements
 Leasing commitments (shareholders, regulators and other
 Lines of credit third parties)
 Off-balance sheet  Taxation
finance  Revenue recognition
 Foreign currency and  Use of fair values
interest rates  Users of financial statements
8.2.3 Selection and Application of Accounting Policies

2.3 Selection and Application of Accounting Policies
The auditor needs to understand how the entity selects and applies accounting policies.
(Are they appropriate to the business and consistent with the financial reporting
framework and relevant industry?) An incorrect or aggressive application is a risk of
material misstatement.
The following may increase the risk related to the selection and application of
accounting policies:
 the methods used to account for unusual or complex transactions (including those in
controversial or emerging areas for which there is a lack of authoritative guidance);
 changes in the environment (e.g. the financial reporting framework or tax reforms)
that may necessitate a change in the entity’s accounting policies; and
 the effect of financial reporting standards and laws and regulations that are new to
the entity. For example, whether a new IFRS has been correctly applied.
8.2.4 Updating Existing Clients

2.4 Updating Existing Clients
For entities audited in prior years, historic key information required for planning will be
available in the working papers and other files (e.g. computer knowledge bases).
Key Point
To use information obtained from previous experience and audit

procedures performed in previous audits, the auditor must evaluate
whether such information remains relevant and reliable as audit evidence
for the current audit.
Previous experience and audit procedures may provide the auditor with information
about such matters as:
 Past misstatements and whether they were corrected on a timely basis;
 The nature of the entity and its environment and its system of internal control;
 Complex transactions and other events or account balances and related disclosures;
 Significant changes that the entity or its operations may have undergone since the prior
financial period.
Where changes are identified, their effects on the entity, its business and the financial
reporting environment must be understood. Changes that will affect the business in a
future financial period cannot be ignored. What risk arises from these changes? Does
that risk affect the current financial statements? For example, known future changes in
regulations may create a going concern risk.
Activity 3 Changes to be Documented
For an existing client, identify the internal and external changes (compared to the
previous year) that must be documented to understand the entity and its environment.
3.1 Concept
Definition
Audit risk – the risk that the auditor expresses an inappropriate audit
opinion when the financial statements are materially misstated. It is a
function of the risks of material misstatement and detection risk. (ISA 200)
An audit in accordance with ISAs is designed to provide reasonable assurance that the
financial statements as a whole are free from material misstatement. The concept of
"reasonable assurance" implies a risk that the audit opinion may be inappropriate.
This risk may be reduced to an acceptable level through the risk-based approach to
auditing:
 identifying and assessing risks of material misstatement at the financial statement
and assertion levels (ISA 315);
 designing and performing audit procedures to obtain sufficient appropriate audit
evidence to draw reasonable conclusions on which to base the audit opinion (ISA
330).
The assessment of audit risk is a matter of professional judgment (rather than a matter
capable of precise measurement) and encompasses two types of risk:
 the risk of material misstatement in the financial statements (i.e. before audit); and
 the risk that the auditor may not detect such material misstatement (i.e. detection
risk).
8.3.2 Risks of Material Misstatement

3.2 Risks of Material Misstatement
The auditor must consider whether the risks of material misstatement identified exist at:
 the financial statement level (i.e. affecting the financial statements overall or as a whole);
or
 the assertion level for classes of transactions, account balances and disclosures (i.e.
existence, completeness, occurrence, valuation, presentation, etc of line items in the
financial statements).
Risks at the financial statement level are pervasive and therefore affect many
assertions. For example, if there is a risk that the going concern basis of preparation is
inappropriate, this could result in overvalued assets, omitted liabilities and omitted
disclosures.
Risks at the assertion level are assessed to determine the nature, timing and extent of
further audit procedures necessary to obtain sufficient appropriate audit evidence.
Activity 4 Inherent Risk Factors
Should each of the following factors be evaluated at the financial statement level or at
the assertion level?
Financial
statement Assertion
1. Doubts about the integrity of management.
2. Management inexperience in the preparation of

the financial statements
3. Accounts which involve a high degree of

estimation.
4. Lack of sufficient capital to continue operations.
5. Potential for technological obsolescence of

products and services.
6. Complex underlying transactions that might

require an expert’s work.
7. Highly desirable and movable assets (e.g.

cash) susceptible to loss or misappropriation (e.g.
theft).
8. Unusual and complex transactions completed

at or near the reporting date.
9. Changes in consumer demand.
10. Transactions not subject to ordinary

processing.
Financial statement level
1 (see the following discussion), 2, 4, 5 and 9.
Per ISA 315 and 330, factors concerning the nature of an entity's business (5, 7 and 10)
are also relevant to the assertion level.
Assertion level
3, 5, 6, 7 (see discussion), 8 and 10.
Discussion
1. Consider doubts about the integrity of management: could that inherent risk affect the
financial statements as a whole or just a few individual account balances? Suppose
management wanted to overstate profit (to pay themselves bonuses, say). To increase
profit, management could:
o overstate revenue (e.g. through a deliberate cut-off error by bringing forward next
year's revenue from contracts with customers into the current year);
o understate costs (e.g. by suppressing purchase and expense invoices).
Because every DR has a CR, there are then implications for the statement of
financial position:
o overstatement of trade receivables (because they do not owe the money at the
year-end);
o understatement of trade payables (because liabilities are not recorded).
Profit could also be increased by understating allowances against assets:
o obsolescence allowances against inventory;
o depreciation allowances against tangible long-term assets;
o credit loss allowances against trade receivables.
In conclusion, doubt about management integrity has a pervasive effect on the
financial statements so this risk is assessed at the financial statement level.
7. Consider cash balances (i.e. physical money rather than bank balances). These
balances may be minimal in relation to the assets as a whole (e.g. cash floats in the
till/register of a shop). At the financial statement level, the auditor may take no
account of these and ignore them in the overall audit plan. However, cash is
inherently risky (because it can be stolen if safeguards are inadequate) and cannot
be overlooked at the account balance level.
However, in a cash-based business (i.e. with cash revenue; purchases and assets
paid for in cash), this would be considered at the financial statement level (i.e. in the
preparation of the overall audit plan) because it has a pervasive effect.
Key point
No one audit risk model is used by all auditors. The main features of a risk-
based model are:
 the auditor's concern for material misstatement in the financial statements;
 audit risk is reduced to an acceptably low level by the exercise of professional
judgment; and
 audit procedures are designed to ensure that audit risk is at an acceptable
level.
Example 4 Audit Response to Audit Risks
It is 1 July 20X5. An audit manager is planning the audit of the financial

statements of Basil Co for the year ending 31 July 20X5. During a planning
meeting with the finance director of Basil Co, the audit manager noted the
following:
 Basil Co replaced two major items of machinery on the production line in its
main factory. There were significant staff costs involved in preparing the site
for the new machinery and testing that it was operating correctly. These costs
have been included in wages and salaries expense for the period.
 During the year, Basil Co purchased land and a building adjacent to the main
factory and converted it to another production facility.
 The increased production capacity resulted in a significant increase in the
inventory quantities held. At the year end, inventory will be held in four
regional warehouses. The finance director plans to conduct full inventory
counts at the warehouses on 2, 3 and 4 August and make necessary
adjustments for post year-end movements.
 Basil Co obtained an interest-bearing bank loan of $5 million to finance the
new machinery and purchase of land and buildings. The loan must be paid in
equal instalments over the next five years.
 A portion of the new production facility was used for research and
development. During the year, Basil Co spent $2 million researching and
developing new products.
 To increase revenues and expand its customer base, Basil Co relaxed its
credit terms. Due to the past success of the credit controller in collecting past
due accounts, the finance director has decided not to increase the allowance
for irrecoverable receivables.
 Basil Co introduced a new bonus plan in which managers are paid bonuses
based on the increase in total revenue during the year.
Based on this information, the audit manager has identified the following
audit risks and outlined the audit responses that the engagement team will
need to address during the audit.
Audit Risks Audit Response
The audit team should discuss with

Basil Co has included in wages
management the accounting
and salaries, significant staff
treatment applied and request that
costs involved in installing and
the relevant staff costs are included in
testing new machinery.
the cost of property, plant and
However, such costs that are equipment (PPE). (See Chapter 22.)
directly attributable to bringing The audit team should undertake a
the asset to the location and review of the staff costs expensed
condition necessary for its and the process for allocating staff
intended use are an element of costs to work undertaken to confirm
the cost of the asset (IAS the amounts that should be
16 Property, Plant and capitalised as part of the cost of

Equipment). machinery. If an adjusting journal is
It appears that these staff costs made by management this should be
have been accounted for reviewed for accuracy.
incorrectly, resulting in
understated PPE and
overstated wages and salaries
expense.
The costs of the land and

building purchased should be
accounted for separately.
The audit team should confirm that
Only the cost of the building
the land was not depreciated and that
should be depreciated. If the
the building was depreciated correctly
cost of the land is depreciated,
according to Basil Co’s depreciation
PPE will be understated and
policy. The accuracy of the
depreciation expense
depreciation should be tested through
overstated.
recalculation. (See Chapter 22.)
There will be inventory counts at all The audit team should attend the
four regional warehouses shortly inventory counts at all four warehouses
after the year end. If inventory and document details of inventory
movements are not completely and movements (goods
accurately controlled, year-end received/despatched) to ensure recorded
inventory could be under or in the correct accounting period.
overstated. (See Chapter 23.)
Basil Co obtained a new interest-

bearing bank loan in the year
repayable over five years. There is The audit team should review the loan
a risk that the loan has not been agreement and confirm the amount
correctly allocated between current repayable with the bank. The team
and noncurrent liabilities which should verify that the loan is correctly
would give rise to a classification analysed between current and non-
error and misstated liabilities. current liabilities. (See Chapter 26.)
Basil Co has spent $2 million on

The audit team should examine the
research and development.
supporting documentation, such as
Expenditure related to research invoices and descriptions from the board
should be expensed. of director minutes, for significant
Expenditure related to research and development expenses

development should be and apply relevant tests to determine
capitalised if it is distinguishable whether it has been correctly classified
from research expense and as capital or revenue expenditure.
meets the asset recognition (See Chapter 22.)
criteria. If incorrectly classified,
profit and intangible assets
could be overstated or
understated.
The audit team should review the

receivables age analysis to assess the
need to increase the allowance for
Relaxing credit terms increases the receivables. The team should also
risk that customers do not pay. review irrecoverable debts and cash
There is a risk that receivables are collection patterns for the year to identify
overvalued because the allowance any changes that might indicate a need
for irrecoverable receivables has to increase the allowance. (See Chapter
not been increased. 24.)
Throughout the audit, the team should be

alert to this risk and any indications that
revenue has been overstated. The team
will need to maintain professional
There is a risk that management scepticism. Cut-off procedures should be
may have felt pressured to performed to verify that sales were
overstate revenue because of the recorded in the correct accounting
new bonus plan. period. (See Chapter 24.)
Exam advice
Always answer risk questions from the auditor’s perspective (as shown in
this example). Answers from the client’s perspective concerning business
risks (that are not examinable in AA) rather than audit risks earn no marks.
If asked to identify audit risks, you should identify the risk, refer to the
related account balance and describe the possible misstatement in the
If asked to describe the auditor's response to identified audit risks, you
should describe the auditor’s approach to assess whether the balance or
Exam advice
transaction is materially misstated. A two column method, as used above,

is recommended.
8.3.3 Audit Risk Model

3.3 Audit Risk Model
The "traditional" audit risk model considers the essential components of audit risk to be:
 inherent risk (IR);
 control risk (CR); and
 detection risk (DR).
Although IR and CR are separately assessed, their combined effect is the risk of
material misstatement (i.e. the risk that controls will not detect misstatements that arise
due to inherent risk). DR is then often referred to as the "residual risk".
An overall acceptable level of audit risk may be quantified as a matter of the audit firm’s
policy (e.g. 5% means that there is a 5% chance that a material misstatement goes
undetected or, conversely, that the auditor obtains 95% assurance that there are no
undetected material misstatements). This percentage may provide the basis for a
mathematical derivation of detection risk and sample sizes.
Alternatively, IR and CR may be expressed qualitatively as high, medium or low, with
DR being the inverse of this relationship. For example, where IR and CR are high, DR
must be minimised (rendered low) by the audit procedures performed.
3.4 Inherent Risk (ISA 315)

3.4.1 Assessing Inherent Risk
Definitions
Inherent risk – the susceptibility of an assertion about a class of

transaction, account balance or disclosure to a misstatement that could be
material (either individually or when aggregated with other misstatements)
before considering any related controls.
Key Point
Inherent risk is presumed to be high if not assessed as less than high.
3.4.2 Assertion Level

Definition
Relevant assertion– an assertion about a class of transactions, account

balance or disclosure that has an identified risk of material misstatement.
For identified risks at the assertion level, the auditor assesses inherent risk by
evaluating the likelihood and magnitude of misstatement by considering how and the
degree to which:
 Inherent risk factors affect the susceptibility of relevant assertions to misstatement; and
 The risks of material misstatement at the financial statement level affect assessing inherent
risk at the assertion level.
The auditor must also determine whether:
 Any of the assessed risks are significant risks; and
 Substantive procedures alone can provide sufficient appropriate audit evidence for
significant risks.
3.4.3 Inherent Risk Factors

Definition
Inherent risk factors – characteristics of events or conditions that affect the

susceptibility of an assertion to misstatement, before consideration of controls.
Such factors may be qualitative or quantitative.
Qualitative inherent risk factors include:

 Complexity – factors arising from the nature of the information or the process of preparing it
(e.g. when there are many potential data sources for calculating an accounting estimate or
alternative valuation models).
 Subjectivity – arises from inherent limitations in the knowledge or information that is
reasonably available (e.g. in estimating allowances for potential irrecoverability of trade
receivables or inventory obsolescence).
 Change – arises from events or conditions that, over time, affect the entity’s business or the
environment in which it operates. For example, developing new products, geographical
expansion, installing new IT systems, new IFRS Standards, etc.
 Uncertainty – arises when there is a lack of sufficiently precise and comprehensive data
verifiable through direct observation. Constraints on the availability of knowledge or data,
which are not within management’s control, are sources of uncertainty that cannot be
eliminated. For example, estimation uncertainty arises when a monetary amount cannot be
determined with precision (e.g. a warranty provision).
 Susceptibility to misstatement due to management bias or fraud – results from
conditions that create susceptibility to intentional or unintentional management bias (i.e. a
lack of neutrality). For example, pressure or incentive to achieve the desired result (e.g. a
target profit).
Definition
Management bias – a lack of neutrality by management in the preparation of

information.
3.4.4 Spectrum of Inherent Risk

The assessment of inherent risk depends on the likelihood and magnitude of
misstatement. The degree to which inherent risk varies is the “spectrum of inherent
risk”.
 The higher the likelihood and magnitude of a misstatement, the higher that risk on the
spectrum.
 Those risks assessed to be close to the upper end of the spectrum are significant risks.
3.4.5 Significant Risks

Definition
Significant risk – an identified risk of material misstatement:

 For which the assessment of inherent risk is close to the upper end of the
spectrum of inherent risk; or
 That is to be treated as a significant risk in accordance with the requirements
of other ISAs.
Determining which of the assessed risks are significant risks is a matter of professional
judgment unless specified to be treated as a significant risk under an ISA (e.g.
presumption of risk of fraud in revenue recognition).
Significant risks may arise from matters such as:
 Transactions for which there are multiple acceptable accounting treatments (i.e. involving
subjectivity);
 Accounting estimates that have high estimation uncertainty or use complex models;
 Complexity in data collection and processing to support account balances;
 Account balances or quantitative disclosures that involve complex calculations.
Key Point
The auditor determines significant risks to focus more attention on them through
the performance of required responses, including:
 The identification and evaluation of related controls (see s.3.5)
 Substantive procedures that are specifically responsive to the risk;
 Obtaining more persuasive audit evidence;
 Communication to TCWG (see Chapter 3);
 Determining key audit matters (see Chapter 30).
Example 5 Inherent risk Assessment
Dramatik Co manufactures fast-fashion apparel for distribution to

wholesalers and retailers.
You have uncovered the following information in an assessment of the
Dramatik Co’s business for this year’s audit:
The company has raw materials, consumables and work in progress at its
factory base. Finished goods are stored in a separate warehouse 10
kilometres away. The company does not hold inventories owned by third
parties.
Why would the inherent risk associated with inventory at Dramatik Co
be assessed as “high” in the financial statements of Dramatik Co for
this year’s audit?
The inherent risk associated with stocks would affect quantity and
valuation.
1. The company has significant amounts of inventory at its factory base and
goods held at a separate warehouse and possibly third-party retail outlets.
2. There would be difficulties quantifying inventories at different stages of work-
in-progress and accounting for transfers/movements between stock-holding
locations. There is also the risk of theft or loss due to fire, weather, or other
factors.
3. There might be issues in the valuation of the inventory, which should be
measured at lower of cost and net realisable value. As Dramatik Co operates
in the fast-fashion industry, selling prices will fall rapidly in a short time as
product lines go out of fashion. This would significantly affect the valuation of
slow-moving product lines.
4. Because of the reasons above, there is a significant risk that the inventory of
Dramatik Co might be overstated.
8.3.5 Control Risk (ISA 315)

3.5 Control Risk (ISA 315)
Definitions
Control risk – the risk that a misstatement that could occur in an assertion
and that could be material (either individually or in aggregate with other
misstatements) will not be:
 prevented; or
 detected and corrected, on a timely basis,
by the entity’s controls.
3.5.1 Assessing Control Risk

Key Point
ISA 315 requires control risk to be assessed separately from inherent risk.
Control risk is assessed if the auditor plans to test the operating
effectiveness of controls. If not, the assessment of the RoM is the
same as the assessment of inherent risk.
 The auditor will only plan to test the operating effectiveness of controls if they
are expected to operate effectively.
 The initial expectation is based on the auditor’s evaluation of the design and implementation
of identified control activities.
 If tests of controls do not then confirm the initial expectation, the control risk assessment
must be revised.
3.5.2 Risk Assessment Procedures

Risk assessment procedures to obtain audit evidence about the design and
implementation of identified control components may include:
 Inquiring of entity personnel;
 Observing the application of specific controls;
 Inspecting documents and reports.
Inquiry alone, however, is not sufficient for such purposes.
3.5.3 Testing Controls

The auditor may plan to test:
 direct controls (i.e. that are sufficiently precise to prevent, detect or correct misstatements);
 indirect controls (i.e. that support direct controls), including general IT controls.
Tests of controls are described in Chapter 12.
Key Point
No matter how well designed and operated, internal control can only reduce, but
not eliminate, the risk of material misstatement (RoMM) in the financial
statements because of the inherent limitations of controls.
8.3.6 Detection Risk (ISA 200)

3.6 Detection Risk (ISA 200)
Definitions
Detection risk – the risk that audit procedures performed to reduce audit risk to
an acceptably low level will not detect a misstatement that exists and that could
be material (either individually or in aggregate).
Key Point
To obtain reasonable assurance, the auditor must obtain sufficient appropriate

audit evidence to reduce audit risk to an acceptably low level (to enable the
auditor to draw reasonable conclusions on which to base the audit opinion).
Detection risk, which relates to the nature, timing and extent of audit procedures, has
two elements:
1. sampling risk; and
2. non-sampling risk.
3.6.1 Sampling Risk

This arises from the possibility that the auditor's conclusion, based on a sample, may be
different from the conclusion reached if the entire population was subjected to the same
audit procedure.
 If the auditor concludes that CR is lower than it is or that a material misstatement does not
exist when in fact, it does, there is a higher risk of an inappropriate audit opinion. This
affects audit effectiveness.
 If he concludes that CR is higher than it is or that a material misstatement exists when it
does not, this affects audit efficiency, as more work than necessary will be carried out (see
also Chapter 19).
3.6.2 Non-sampling Risk

Non-sampling risk arises from factors that cause the auditor to reach an erroneous
conclusion for any reason not related to sampling, for example:
 failure to adequately understand the entity or carry out the risk assessment; inadequate
audit strategy, planning and work programme;
 misapplication of an audit procedure by the audit team (e.g. through lack of training);
 misinterpretation of test results (e.g. not recognising the significance of an error or nor
recognising that there is an error); and
 poor quality management (e.g. lack of briefing, supervision and review).
Non-sampling risk can be minimised through, for example, adequate planning,
assigning appropriate staff (e.g. experienced, professional and technically competent),
the application of professional judgment, supervision and review of audit work.
As IR and CR assessments influence the nature, timing and extent of substantive
procedures, to reduce DR (and therefore audit risk) to an acceptably low level, any
inappropriate assessment will directly affect DR.
8.3.7 Application of Audit Risk Model

3.7 Application of Audit Risk Model
3.7.1 Calculating Detection Risk

Example 6 Mathematical Audit Risk Model
An audit firm uses a mathematical audit risk model to determine the levels
of detection risk.
 Audit risk: a 5% risk of drawing the wrong conclusion is acceptable. (Most
firms operate between 1% and 5%.)
 IR: assessed at a 75% (“high”) risk that material misstatements could arise.
 CR: assessed at a 20% (“low”) risk that controls may fail to prevent or detect
and correct material misstatements.
Using the model, 0.05 = 0.75 × 0.2 × DR
Therefore DR = 0.33 (e.g. medium).
This means that planned substantive procedures will be adequate even if
there is a 33% chance that they fail to detect material misstatements.
Because of the high IR, audit tests will be specifically targeted at the
factors giving concern. The low CR implies that the controls should prevent
or detect and correct material misstatements for routine transactions. In
addition, note that most audit work programmes require material items
(based on performance materiality) to be selected and substantively tested
anyway, regardless of the DR assessed and the sample size calculated.
3.7.2 Relationship between Components of Audit Risk
The mathematical model demonstrates the relationship between IR, CR and DR. The
nature, extent and timing of substantive procedures are inversely related to the
assessment of IR and CR.
For a given acceptable audit risk (determined by the audit firm's policy), when both IR
and CR are high (i.e. when there is a high risk that the financial statements may contain
a material misstatement), DR must be rendered low (i.e. a higher degree and level of
substantive work is required) and vice versa:
Audit Risk Inherent Risk Control Risk Detection Risk
Policy H H L
Policy L L H
3.7.3 Implications of Detection Risk for Substantive Procedures

Definition
Substantive procedure – an audit procedure designed to detect material

misstatements at the assertion level.
 The level and detail of substantive procedures (e.g. greater

Low detection use of external, direct and independent evidence and larger
risk sample sizes) must be at a sufficiently high level that the
risk that a material misstatement is not detected is low.
 In theory, it is more likely that the level of substantive

High detection procedures will be insufficient to detect a material error.
risk However, as IR and CR are low, the probability of material
error in the financial statements is also low.
When detection risk is high, because of the low(er) risks of a material error in the
financial statements, a lower quantity (e.g. sample size), lower quality (e.g. indirect
evidence rather than direct evidence) and form (e.g. analytical procedures) of
substantive procedures may be acceptable (together with the fact that all material items
will be tested).
Low detection risk means that higher levels of substantive tests are required as there is
a greater risk that a material error exists (i.e. increased testing is necessary to reduce
the risk that a material error is not discovered).
There are three ways in which detection risk can be varied:
 change the nature of audit procedures; and/or
 change the extent of audit procedures; and/or
 change the timing of audit procedures.
Methods of Varying
Detection Risk Examples where Inherent/Control Risk are High
 Direct tests towards independent parties rather than

documentation held by the entity.
 Use tests of details in addition to substantive
analytical procedures.
1. Change nature  Use computer-assisted audit techniques (CAATs).
 Use a larger sample size.

 Reduce tolerable error (e.g. 50% of materiality level).
This will mean testing more items.
 Extend the scope of CAATs for 100% testing,
comparison and analysis (e.g. re-perform 100%
calculation of inventory valuation rather than just
2. Change extent sample size).
 Perform a procedure at the reporting date rather than

at an earlier (interim) or later (final) date (e.g.
receivables circularisation at the year end or before
3. Change timing the year end and “roll forward” the movements).
8.3.8 Matters Requiring Documentation

3.8 Matters Requiring Documentation
The following matters must be documented:

 The discussion between the engagement team regarding the susceptibility of
financial statements to material misstatement due to error or fraud and the
significant decisions reached.
 Key elements of the understanding obtained regarding each aspect of the entity and
its environment, for example:
o industry, regulatory and other external factors;
o the applicable financial reporting framework;
o nature of the entity, including selection and application of accounting
policies;
o measurement and review of financial performance; and
o objectives and strategies and related risks that may result in a material
misstatement of the financial statements.
 Internal control components:
o the control environment;
o risk-assessment procedures;
o IS and related business processes relevant to financial reporting;
o the control activities; and
o the process of monitoring controls.
 The sources of information from which the understanding was obtained.
 The risk assessment procedures.
 The identified and assessed risks of material misstatement at the financial statement
level and at the assertion level.
Syllabus Coverage

3. Assessing audit risks
1. Explain the components of audit risk.
2. Describe the audit risks in the financial statements and explain the auditor's response to
each risk.
4. Understanding the entity, its environment and the applicable financial reporting
framework
1. Explain how auditors obtain an initial understanding of the entity, its environment and the
applicable financial reporting framework.
Technical Articles
 Audit risk (s.1 and s.3)
 ISA 330 and responses to assessed risks (s.3)

Visual Overview
Objective: To explain the concepts of a system of internal control, the role of internal
control within corporate governance and the use and evaluation of systems of internal
control by auditors.
9.1.1 Obtaining an Understanding
1.1 Obtaining an Understanding
Definition
System of internal control – the system designed, implemented and

maintained by TCWG, management and other personnel to provide
reasonable assurance about:
 the reliability of financial reporting;
 the effectiveness and efficiency of operations; and
 compliance with applicable laws and regulations.
Key Point
The auditor’s understanding of the entity’s system of internal control is obtained

through risk assessment procedures (see Chapter 8) to evaluate each of the
components of the system of internal control.
1.1.1 Components
The system of internal control consists of five inter-related components:
The auditor's primary consideration is whether and how a specific control prevents, or
detects and corrects, material misstatements in the financial statements, rather than its
classification into any particular component.
1.1.2 Audit Requirements

The auditor must understand the five components of internal control as an essential part
of risk assessment. In particular:
 the control environment (s.1.2);
 the entity’s risk assessment process (s.1.3);
 the information system and communication relevant to financial reporting (s.1.4);
 the control activities that determine the auditor’s assessment of control risk (s.1.5); and
 the entity’s process to monitor the system of internal control relevant to the preparation of
the financial statements (s1.6).
Example 1 Understanding the Information System
An understanding of the information system relevant to financial reporting

includes obtaining an understanding of the following:
 Classes of transactions which are significant to the financial statements.
Example 1 Understanding the Information System
 Procedures by which those transactions are initiated, recorded, processed,

corrected as necessary, incorporated in the general ledger and reported in the
 Related accounting records, supporting information and specific accounts in
the financial statements.
 How the information system captures events and conditions (other than
classes of transactions) significant to the financial statements.
 Financial reporting process used to prepare the financial statements, including
significant accounting estimates and disclosures.
In addition, auditors must also obtain an understanding of how the entity:
 has responded to risks arising from IT (see Chapter 12); and
 communicates financial reporting roles and responsibilities and significant matters relating to
financial reporting.
9.1.2 Control Environment

1.2 Control Environment
Definition
Control environment – includes:

 the governance and management functions; and
 the attitudes, awareness and actions of TCWG and management
concerning internal control.
The control environment provides the foundation for the operation of the system of
internal control because it:
 Sets the tone of an organisation, influencing the control consciousness of its
management and employees.
 Strongly relates to how management (and governance) has created a culture of
honesty and ethical behaviour, supported by appropriate controls to prevent and
detect fraud and error.
A robust control environment may be a positive influence when assessing, for example,
the risk of fraud. However, elements must be considered collectively (e.g. enforcing
ethical values and appropriate recruitment policies for financial reporting staff will not
mitigate aggressive earnings reporting by senior management).
The control environment relevant to the preparation of the financial statements
addresses:
1. How management’s oversight responsibilities are carried out (e.g. the entity’s culture
and management’s commitment to integrity and ethical values).
2. Where relevant (i.e. when TCWG are separate from management), the
independence of TCWG and their oversight of the system of internal controls.
3. The assignment of authority and responsibility.
4. How competent individuals are attracted, developed and retained.
5. How individuals are held accountable for their responsibilities relating to the system
of internal control.
The auditor must evaluate whether:
 Management (with oversight of TCWG, where relevant) has created and maintained
a culture of honesty and ethical behaviour;
 The control environment provides an appropriate foundation for the other
components of the system of internal control; and
 Any control deficiencies identified in the control environment undermine the other
components of the system of internal control.
A single individual who dominates an entity may exercise a great deal of discretion.
Their actions and attitudes may have a pervasive effect on the organisation’s culture,
which, in turn, may have a pervasive effect on the control environment. Such an effect
may be positive or negative.
Example 2 Control Environment
Targal & Co is assessing the system of internal control of its audit client,
Puddly Co. It has ascertained the following information on Puddly Co’s
control environment:
1. Puddly Co does not have a written code of conduct or ethics.
2. Any issues related to alleged misdemeanours or control failures are
dealt with informally through the CEO.
3. The executive team is experienced in financial systems and has
implemented automated financial controls for which senior management
personnel are responsible.
4. Puddly’s organisational structure is centralised with senior management
personnel responsible for decision making.
5. Any potential or suspected breaches of control, especially if flagged by
the automated financial system, are handled quickly by senior
management.
6. Senior management informally trains staff on the operations and
compliance of controls within the financial system.
7. There is no internal audit function.
8. There is little evidence that the board of directors has paid significant
attention to matters relating to internal control.
Example 3 Dominant Individual
The direct involvement of a single individual may be vital to an entity in

meeting its growth and other objectives. This involvement can also
contribute significantly to an effective system of internal control. On the
other hand, such concentration of knowledge and authority can also lead to
Example 3 Dominant Individual
an increased susceptibility to misstatement through management override

of controls.
9.1.3 Entity’s Risk Assessment Process

1.3 Entity’s Risk Assessment Process
The auditor must obtain an understanding of the entity’s risk assessment process
including how the entity:
 Identifies risks relevant to financial reporting objectives;
 Assesses the significance (including the likelihood of occurrence) of those risks; and
 Addresses those risks.
The auditor must evaluate whether the risk assessment process is appropriate to the
entity’s circumstances, considering the nature and complexity. This is a matter of
professional judgment.
If the auditor’s risk assessment procedures identify risks of material misstatement that
management failed to identify, the auditor should:
 determine whether such risks should have been identified by management;
 if so, obtain an understanding of why the entity’s risk assessment process failed; and
 consider whether the entity’s risk assessment process is appropriate.
Exhibit 1 Risk Assessment Process
The following are extracts are from the Annual Report 2020 of the Employees
Provident Fund (EPF) Board:
The EPF believes that a strong governance structure is important to ensure an

effective and consistent implementation of risk management throughout its entire
organisation. In achieving that, our risk governance places accountability and
ownership between three lines of defence where departments, branches, and the
Management are constantly engaging in healthy and productive discussions on key
risk matters and processes to create a robust risk-practicing culture. As such, the
Digital Risk Management Committee (DRMC) was established in 2020 to provide
guidance on the EPF’s technology plans and operations, and also be responsible for
overseeing the development and maintenance of the Information/ Cyber Security and
Technology Risk Management Programmes within the EPF. To further support its risk
governance structure, structured policies and procedures are also developed to
address all key risk areas in the EPF.
The main elements of the Operational Risk Management process are as follows:
a. Establishing the context: Articulates the organisation’s objectives and
defines the external and internal parameters to be taken into account when managing
risks.
b. Risk assessment: The overall process of risk identification, risk analysis, and risk
evaluation.
c. Risk treatment: Actions to be taken to prevent, detect, or manage the Net Risks
to an acceptable level.
d. Communication and consultation: The two-way communication between Risk
Management Department and stakeholders about the existence, nature, form,
severity, or acceptability of risks.
e. Monitoring and review: Both activities are planned and are an integral part of the
risk management process that involves regular checking or surveillance.
f. Recording and reporting: Risk management process where risks, its details, and
minutes of meetings are recorded and reported periodically.
The EPF managed more than RM1,000 billion (about USD 239 billion) in assets in
2020.
9.1.4 Information System and Communication

1.4 Information System and Communication

The auditor is required to obtain an understanding of the entity’s information system and
communication relevant to the preparation of the financial statements by:
 Understanding the information processing activities, including its data and information, the
resources used in such activities and the policies that define, for significant classes of
transactions, account balances and disclosures:
o How transactions are initiated, recorded, processed, corrected as necessary,
incorporated in the general ledger and reported in the financial statements;
o How information about events and conditions, other than transactions, is
captured, processed and disclosed in the financial statements;
o The accounting records, specific accounts in the financial statements and other
supporting records;
o The financial reporting process used to prepare the entity’s financial statements;
and
o The entity’s resources, including the IT environment.
 Understanding how significant matters that support the preparation of the financial
statements and related reporting responsibilities are communicated:
o Within the entity;
o Between management and TCWG; and
o With external parties (e.g. regulatory authorities).
 Evaluating whether the information system and communication appropriately support the
preparation of the financial statements in accordance with the applicable financial reporting
framework.
Definition
Accounting records – include:

 the records of initial accounting entries and supporting records (e.g. records of
electronic fund transfers, invoices, contracts);
 the general and subsidiary ledgers, journal entries and other adjustments to
the financial statements that are not reflected in formal journal entries; and
 records such as work sheets and spreadsheets supporting cost allocations,
computations, reconciliations and disclosures.
1.4.2 Information System

Key Point
The overall objective and scope of an audit do not differ whether an entity
operates in an environment that is mainly manual, completely automated or
some combination of manual and automated.
An information system therefore consists of:

 physical and hardware (if IT-based) infrastructure;
 software (if IT-based);
 people;
 procedures; and
 data.
It includes the accounting system and consists of the procedures and records
established to initiate, record, process, report and maintain accountability of the records
and information necessary to satisfy management and financial reporting objectives.
This encompasses recording the correct monetary amount of transactions and
recording the transactions in the correct accounting period (i.e. cut-off).
By manual or programmed procedures (e.g. manual sales
order, Internet order through a website, re-order level
Initiate trigger).
Identify, capture and record valid transactions and relevant

information on a timely basis, including information for
Record disclosure.
Edit, validate, calculate, measure, summarise, reconcile and
Process classify.
Preparation of management, financial and other statements

so that the transactions, disclosures and additional
Report information are correctly presented.
Maintain
accountability For the related assets, liabilities and equity.
Transactions may be standard (e.g. in the normal course of business – sales,

purchases, accruals, depreciation) or non-standard (e.g. asset impairment, bad debt
write-offs). How the information system deals with all types of transactions must be
understood (e.g. raising and authorising journal entries).
The information system must also be able to deal with errors and incorrect processing:
 Is a suspense account used and regularly checked and cleared?
 Is it possible to override the system or bypass controls?
 If so, how does the management deal with such matters?
1.4.3 Communication
Communication involves understanding the individual roles and responsibilities of those
in the information system. It may take various forms, for example, policy manuals,
accounting and financial reporting records and memoranda. Communication may also
include how individuals understand how their roles and responsibilities relate to others
in the system and the means of reporting exceptions to a higher authority (to
management, TCWG and, if necessary, regulators).
Communication can also be made electronically, orally, or through management’s
actions.
9.1.5 Control Activities

1.5 Control Activities
Definition
Control activities – the policies and procedures that help ensure that
management directives are carried out.
Types of controls in the control activities component are described in ISA 315 (Revised
2019) from s.A153 onwards. Control activities are performed by employees at all levels
and may be:
 preventive or detective; and
 manual or automated.
Controls in the control activities component include:
 An authorisation affirms that a transaction is valid.

 It may take the form of approval by a higher level of
management or an automated approval within a system.
 Examples of matters to be authorised:
o purchase or disposal of non-current assets;
o new suppliers, supplier payments;
Authorisation and o purchase and sales invoices;
approvals o new employees, wage rates, promotions;
o journal entries (e.g. bad debt write-offs).
 Reconciliations compare two or more data elements.

 Action must be taken to bring the data into agreement
when differences are identified.
Reconciliations generally address
Reconciliations the completeness and accuracy of processing
transactions.
 Compare two or more items with each other or compare

an item with a policy
 Follow-up action must be taken when items do not
match or are not consistent with the policy.
 Verifications generally address the completeness,
accuracy, or validity of processing transactions.
 Examples include:
o edit checks;
Verifications o validation checks; and
o automated calculations.
 Physical security of assets and records includes

safeguards such as secured facilities.
 Logical controls authorise access to computer programs
Physical or and data files.
logical controls  Periodic comparison of “book to physical” amounts (e.g.
inventory, petty cash, non-current assets).
 Separating the authorisation, recording and custody

Segregation of functions reduces the opportunities for a person to be
duties able to make and conceal errors or fraud.
 Actions of one employee are checked by another.
To obtain an understanding of the control activities component, the auditor should:
 Identify controls that address the risks of material misstatement at the assertion level,
including:
o controls that address a significant risk;
o controls over journal entries: and
o controls for which the audit plans to test operating effectiveness.
 Based on these identified controls, identify:
o the related risks arising from the use of IT; and
o the entity’s general IT controls that address such risks
Example 4 Wages System
Activities for the processing of payroll include the following:

 A centralised wages software programme is used for wages computation.
Separate wage clerks based at head office process wages for each region.
Each clerk operates a terminal and has access to all files in the wages
system.
 Every week, regional managers prepare, and upload wages claim for all
employers, including timesheets for hourly workers and starter and leaver
forms (regional managers have the authority to process recruitment for each
region).
 Weekly wages information and starters and leavers information are input into
a computerised system by wages clerks. The system will produce wage slips
that are automatically forwarded to the accounting function to issue wage
remittances directly into employee accounts.
 At the end of each weekly payroll process, a report by region is automatically
generated, showing the number of employees, employees paid, and gross and
net wages payments. The accountant verified this file for the accuracy of
payroll figures and regional managers for employee details.
Note that there is no indication whether the controls are effective.
Activity 1 Reconciliations
For each of the following accounting reconciliations, state the data elements that are being
compared and list the transactions or other events that could be reconciling items (i.e. contribute
to the difference):
a. Bank reconciliation;
b. Supplier’s statement reconciliation.
a. Bank reconciliation
Reconciles the bank balance per the bank statement (external) to the balance on the
bank account in the general ledger. Reconciling items might include:
 “Timing differences”:
o Unpresented cheques (i.e. payments drawn by the business not yet shown on
the bank statement);
o Outstanding lodgements (i.e. money deposited with the bank but not yet
appearing on the bank statement).
 Items on the bank statement still to be recorded in the cash book/bank ledger account:
o Bank interest/charges;
o Standing orders/direct debits;
o Credit transfers;
o Dishonoured ("bounced") cheques.
 Errors in the cash book/bank ledger account in the general ledger (will require correction).
 Bank errors (to be corrected by the bank in the bank’s records).
Exam advice
This assumed knowledge of Financial Accounting is relevant to the audit

of the bank balance and trade receivables (in respect of cash receipts)
and payables (in respect of cash payments).
b. Supplier’s statement reconciliation

Reconciles the amount owing to a supplier per the supplier’s statement (external) to the
balance on the supplier’s account in the trade payables account. Reconciling items
might include:
 “Timing differences”:
o Purchase invoices on the supplier's statement are not included in the supplier’s
account (either because the goods have not yet been received or the goods have been
received, but the corresponding purchase invoice has still to be posted).
o Credit notes are not yet shown on the supplier's statement for goods returned to
the supplier (e.g. because they were faulty/damaged).
o Cash payments in the supplier’s account are not yet shown on the supplier's
statement (i.e. payment is “in the post”).
 Errors, for example:
o The supplier has charged goods or services to the wrong customer;
o Either the customer or supplier has recorded the wrong amounts for purchases
or payments;
o The customer or supplier has omitted transactions from its accounting records.
Exam advice
This assumed knowledge of Financial Accounting is essential to the audit

of trade payables (covered in Chapter 27) and understanding the
assertion of cut-off concerning purchases of inventory (covered in Chapter
23).
9.1.6 Monitoring Process

1.6 Monitoring Process
Key Point
Monitoring is a process that evaluates the effectiveness of controls and identifies

and rectifies control deficiencies.
In the absence of monitoring and feedback on the performance of controls,

management will not know whether a control, although still operating, is effective.
Monitoring activities may be ongoing (i.e. “24/7”) or separate evaluations.
Activity 2 Monitoring Activities
Suggest FIVE activities that might be included in a process to monitor the system of
internal control.
 Confirming that activities (e.g. bank reconciliations) are carried out.
 Reports are produced when expected and actions carried out (e.g. follow up on exception
reports).
 Customers paying amounts as stated on their invoices (implicitly corroborates billing data) or
complaining that they have been overcharged.
 External regulators reporting on aspects of the internal controls relating to regulations (e.g.
financial services).
 Internal audit evaluations of internal control and risk procedures (e.g. whether sales
personnel comply with company policies on terms of sales contracts).
 A legal department’s oversight of compliance with the company’s policies on ethics or
business practices.
 External auditor's communications to management relating to the system of internal control.
 Business activity and management accounts discussed at monthly board meetings and
challenged by non-executive directors and TCWG.
To gain an understanding of the monitoring process relevant to the preparation of the
financial statements, the auditor considers:
 The design of monitoring entities (e.g. whether ongoing and separate, periodic evaluations);
 The performance and frequency of monitoring activities;
 The evaluation of results on a timely basis to determine whether controls have been
effective;
 How identified deficiencies have been addressed through remedial action, including timely
communication of deficiencies.
If there is an internal audit function, the auditor will need to understand its nature,
responsibilities and actions relevant to monitoring the system of internal control
(see Chapter 14).
9.1.7 Limitations of Internal Control

1.7 Limitations of Internal Control
1.7.1 Manual v Automated Controls

Information processing controls may be manual (e.g. input or output controls) or
automated (i.e. embedded in IT application). Even where IT is used extensively, there
will be some manual processes (e.g. authorisation of programme changes, monitoring
the effectiveness of IT).
In general, manual controls are considered to be less effective than IT controls
because:
 manual controls are performed by people who are less predictable than IT applications and
more error-prone (e.g. they are human, after all);
 manual controls are more easily bypassed, ignored or overridden than IT controls (as IT
controls are programmed – the applications run them automatically); and
 manual controls are subject to random, simple errors and mistakes.
However, an IT application cannot “know” if a control is inappropriate – it will run the
control as programmed. Appropriate controls over the analysis, design, programming
and testing of IT applications are therefore crucial.
Manual controls may be more suitable where judgment and discretion are required, for
example:
 for large, unusual or non-recurring transactions;
 where errors are non-routine and challenging to define, anticipate or predict;
 where a control response is required outside of the routine automated control; and
 in monitoring the effectiveness of information processing controls that use IT.
However, using judgment and discretion in internal control may mean high control risk
(e.g. where the control environment is weak).
1.7.2 Inherent Limitations

No system of internal control, no matter how effective, can provide management with
conclusive evidence that the financial reporting objectives are achieved. Only
reasonable assurance can be achieved.
No system of internal control can be 100% effective in preventing error, especially
deliberate error (i.e. fraud). ISA 240 The Auditor's Responsibilities Relating to Fraud in
an Audit of Financial Statements requires auditors to identify and assess the risks of
material misstatement due to fraud, including the effectiveness of fraud prevention
controls (see Chapter 11).
Activity 3 Inherent Limitations
Suggest SIX inherent limitations in a typical system of internal control, identifying those
which may directly lead to the potential for fraud.
 The cost of internal control should not exceed the benefits derived, especially in
smaller companies. For example, the cost of employing additional accounts staff in
order to segregate duties is likely to outweigh the maximum benefit that might be
derived from this control.
 Non-routine transactions are often less likely to be subject to routine controls and
systems may not be designed to cope with them. For example, the acquisition of
another business less usual and more complex than the purchase of non-current
asset. ⇒ Fraud risk
 Human judgement in decision-making can be faulty and/or human error may lead to
breakdowns in internal control. For example, an error in the design of an information
processing controls.
 Failure to understand the purpose of a control or take appropriate action may mean
a control does not operate effectively. For example, if an individual responsible for
reviewing a payroll exception report does not understand its purpose or fails to take
appropriate action on it.
 Collusion (between employees or between employees and customers or suppliers)
may lead to circumvention of controls. For example, a factory employee, factory
manager and a wages clerk might collude to claim, authorise and process overtime
that has not been earned. ⇒ Fraud risk
 Inappropriate management override of controls may render the system of internal
control to be ineffective. For example, a sales director may allow a long-standing
customer to exceed their specified credit limit in order to create customer goodwill,
but in contravention of credit control procedures. ⇒ Fraud risk
 Management also makes judgements on the nature and extent of risk the company
chooses to assume and the nature and extent of the controls it chooses to
implement. For example, if management judges the risk of losing non-current assets
to be low, it will implement of lower level of control than if the risk had been judged to
be high.
9.2.1 Control Environment, Risk Assessment and Monitoring Process

2.1 Control Environment, Risk Assessment and Monitoring
Process
The control environment provides an overall foundation for the operation of the other
components of the system of internal control:
 It does not directly prevent, or detect and correct, misstatements.
 It may, however, influence the effectiveness of other controls.
Similarly, the entity’s risk assessment process and monitoring process are designed to
support the entire system of internal control.
Because these components underpin the effectiveness of the system of internal control,
any deficiencies in their operation could have pervasive effects on the preparation of
the financial statements. Therefore, the auditor’s understanding and evaluation of these
components affect the auditor’s identification and assessment of risks of material
misstatement. In turn, the risks of material misstatement affect the nature, timing and
extent of the auditor’s further procedures.

2.2 Control Activities
Key Point
The auditor is required to identify and evaluate the design of control

activities:
Key Point
 to address the risk of material misstatement at the assertion level:

o controls that address a significant risk;
o controls over journal entries: and
o controls for which the auditor plans to test operating
effectiveness.
 to support the operation of other controls (i.e. general IT controls –
see Chapter 12).
The control activities component includes:
 controls that are designed to ensure the proper application of policies (which are
also controls) in all the other components of the system of internal control;
 both direct and indirect controls:
o direct controls are sufficiently precise to prevent, detect or correct
misstatements;
o indirect controls (i.e. that support direct controls) include general IT
controls.
If control activities are poorly designed (or well designed but not implemented), control
risk will be “high”, and the risk of material misstatement in the financial statements will
be the same as the assessment of inherent risk.
9.2.3 Evaluation Methods

2.3 Evaluation Methods
2.3.1 Design and Implementation

To evaluate the design of identified controls and determine whether they have
been implemented, the auditor should:
 Consider whether the control, individually or in combination with other controls,
is capable of effectively preventing, or detecting and correcting, material misstatements (i.e.
the control objective).
 Establish that the control exists and that the entity is using it.
Key Point
If a control is not designed effectively, there is no point in testing whether it

has been implemented.
An improperly designed control may represent a control deficiency
(see Chapter 12).
Risk assessment procedures to obtain sufficient evidence about the design of internal
control may include previous inquiry, observation, inspection; however, inquiry alone
is not sufficient.
Inquiry  Usually of entity personnel (e.g. management, internal audit,
TCWG, operational personnel).
 Reviewing the application of specific controls, especially in

Observation manual systems (e.g. inventory counts, inspection of goods
received, enforcement of ethical practices).
 Documents and reports, for example:

o the entity's risk-strategy assessment and response;
o internal control procedure manuals;
o management reports;
o system and control error reports;
Inspection o internal audit testing programmes (including reports
to management and management’s responses).
Where relevant, the auditor may draw on previous experience including walk-throughs
of relevant systems:
Previous  Past understanding and assessments (as recorded in the

experience PAF). This must be updated when changes have occurred in
the current year.
 Desktop walk-through, supported by design and procedural

manuals, to gain a theoretical understanding of the controls.
 Tracing a separate transaction through each relevant
element of the system of internal control (e.g. the sales
system) and reviewing the design of appropriate controls.
 This will often require computer-assisted audit techniques
Walk-through (see Chapter 21 for CAATs) to enable the transaction to be
traced through computer-based information systems.
Definition
Walk-through test – involves tracing a few transactions through the financial

reporting system.
2.3.3 Internal Control Documentation

Auditors use questionnaires, flowcharts and narrative notes to document their
understanding of the design of internal controls.
2.3.4 Internal Control Questionnaires (ICQs)
ICQs are composed of questions for each control objective for each transaction cycle
(e.g. sales, purchases, wages). They are designed to identify whether particular internal
controls exist to ensure than control objectives are met (and, if they do not, to identify a
possible area of deficiency). For example:
 Is the customer credit limit checked before an order is accepted?
 Are goods received agreed to an authorised purchase order?
 Does the price charged by the supplier on the purchase invoice agree to an authorised price
list?
 Is each amendment to the standing payroll database reviewed to original input and
authorisation and approved by an independent official?
Questions are framed such that a "No" answer indicates a possible deficiency and
would highlight potential problems in segregation of duties, safe custody of assets,
management supervision, etc.
ICQs must be:
 Comprehensive to ensure all controls are covered and highlight key and supporting controls.
 Easy to complete alongside flowcharts, narrative notes, walk-throughs and enquiries of
client staff.
 Completed by competent members of the audit team.
Limitations of ICQs include the following:
 Clients may be able to mislead the auditor, as they know a "Yes" answer is required (so
answers must be verified).
 ICQs may contain questions on controls that are not relevant.
 Actual controls operated by the client may not be included in the ICQ.
 ICQs may become a "tick box" exercise.
2.3.5 Internal Control Evaluation Questionnaires (ICEQs)

ICEQs go further than ICQs in that they are designed to assess whether errors or fraud
are possible. The questions asked are more open and principles-based than the closed
form (rules-based) questions of ICQs. They are also closely related to control
objectives. For example:
 How does the client ensure that goods are sent only to customers who can pay?
 How does the client ensure that goods are accepted only if the correct ordering procedures
have been followed?
 How does the client ensure that payments are made only for goods and services received
and required by the company?
 How does the client ensure that amendments to the standing payroll data are relevant and
accurate?
Advantages include the following:
 The questions in an ICEQ can be concentrated (targeted) on the possibility of error and
fraud in each cycle and therefore specifically designed to cover such possibilities, reducing
the number of questions and increasing their relevance.
 Each question can relate to more than one client, as questions are open, and each client
may have different control activities that meet the question requirement.
 At the same time, an ICEQ can be specifically tailored to each client.
 The answers will describe the nature and extent of the controls in operation. The auditor can
then assess the control design and decide whether or not to rely on them (i.e. they can then
form the basis of the control testing programme).
Completing the ICEQ requires a higher understanding to link the controls to each
question. An ICQ may be completed first to aid such understanding.
Many auditors combine the ICEQ with the audit program for testing controls: separate
columns are used for:
 the control question;
 the control(s);
 the tests of controls;
 the results of the test with the effect, if any, on substantive procedures.
Activity 4 Payroll Control Objectives and Key Control Questions
For each of the following control objectives for payroll processing, write a key control
question that focuses on the risk rather than the objective. The first objective has been
completed as an example:
Control objectives Key control questions
To ensure that employees are only paid for Can employees be paid for
work done. work not done?
To ensure that wages are only paid to valid

employees.
To ensure that all wages are authorised.
To ensure that wages are paid at the correct

rates of pay.
To ensure that wages are correctly calculated.
To ensure all wages transactions are correctly

recorded in the books of account.
Control objectives Key control questions
To ensure that employees are only Can employees be paid for work
paid for work done. not done?
To ensure that wages are only paid to Can wages be paid to fictitious
valid employees. employees?
To ensure that all wages are Can unauthorised wages be

authorised. paid?
To ensure that wages are paid at the Can employees be paid at

correct rates of pay. incorrect rates?
To ensure that wages are correctly Can errors occur in wage

calculated. calculations?
To ensure all wages transactions are Can incorrect wage transactions

correctly recorded in the books of be recorded in the general
account. ledger?
2.3.6 Flowcharts
A flowchart is a symbolic diagram representing the sequential flow of authority,
processes and documents.
An exemplary flowchart shows the origin of each document in the system, its
subsequent processing and its final disposal.
Flowcharts should:
 show the general flow of documents and data;
 start at the top of the page and move from top to bottom and from left to right; and
 use descriptive wording.
2.3.7 Narrative Notes

A narrative is essentially a written version of a flowchart. It describes the auditor's
understanding of the system of internal control. A narrative is prepared by following a
sequence of events for a transaction through the accounting process.
Narrative notes may be prepared for less complex systems of controls and may be used
with flowcharts to document more complex systems.
2.3.8 Comparison of Documentation Techniques
Advantages Disadvantages
 The client may overstate the

 Quick to complete level of controls when
 Missing controls and answering questions
ICQs/ICEQs deficiencies are  A standard list of questions
highlighted may overlook unusual controls
 Can present an entire

system of controls in a
single diagram  Difficult to change without
 Standard symbols make it redrawing the whole chart
Flowcharts easy to see missing  Narrative notes may also be
controls needed
 May be cumbersome when

documenting complex
systems
Narratives  Simple to record  May not clearly identify control
 Easy to understand exceptions
9.2.4 Impact on Audit Approach

2.4 Impact on Audit Approach
As already noted, understanding the design of internal controls and whether they have
been implemented provides the auditor with an understanding of the risks of material
misstatement due to poor design or non-operation.
If the auditor decides that reliance on the effectiveness of the controls is an efficient and
effective approach to lowering audit risk to an acceptable level (i.e. control risk is
assessed), audit evidence must be obtained to confirm the effectiveness of the control
operations throughout the financial year (see Chapter 12).
If the auditor discovers that controls that were thought to be operating are not, the risk
of material misstatement will be the same as inherent risk (i.e. control risk cannot be
assessed). The audit strategy must then be revised to reflect the effect (e.g. the
implications for the nature, timing and extent of substantive procedures).
9.2.5 Reporting Deficiencies

2.5 Reporting Deficiencies
The auditor must inform TCWG or management of significant deficiencies in the

design or implementation of internal control. For example, they must be informed of:
 risks of material misstatement which the entity has not controlled;
 risks of material misstatement for which the control activities are inadequate or have
not been implemented; and
 significant deficiencies in the entity's risk-assessment process (i.e. risk approach and
control procedures).
This will be done through the use of a report to management (see Chapter 13).
9 Syllabus Coverage
Syllabus Coverage

C. Internal Control
1. Systems of internal control
1. Explain why an auditor needs to obtain an understanding of the components of internal
control relevant to the preparation of the financial statements.
2. Describe and explain the five components of internal control
1. the control environment
2. the entity's risk assessment process
3. the entity’s process to monitor the system of internal control
4. the information system and communications
5. control activities.
2. The use and evaluation of systems of internal control by auditors
1. Explain how auditors record systems of internal control including the use of, narrative notes,
flowcharts and questionnaires.
1. Discuss the limitations of internal control components.
Technical Articles
to this chapter.
Visual Overview
Objective: To describe the concept of materiality and its relationship with audit risk and
planning.
10.1.1 Concept
1.1 Concept
1.1.1 Accounting
Definition
Materiality – information is material if its omission or misstatement could

influence the decisions of primary users taken on the basis of the financial
statements. … Materiality depends on the nature and/or size of the items to which
the information relates. It is entity specific. The IASB does not (cannot) specify a
uniform quantitative threshold.
1.1.2 Auditing
The relevant standard is ISA 320 Materiality in Planning and Performing an Audit.
Definition
Performance materiality – the amounts set by the auditor at less than materiality
for the financial statements as a whole to reduce to an appropriately low level the
probability that the aggregate of uncorrected and undetected misstatements
exceeds materiality for the financial statements as a whole.
Key Point
 The auditor must apply the concept of materiality appropriately in planning and
performing the audit.
 Materiality is an expression of the relative significance or importance of a
particular matter in the context of the financial statements as a whole.
10.1.2 Basic Principles

1.2 Basic Principles
The auditor must exercise professional judgment to determine what is material (and
what is immaterial) based on:
 understanding of the entity and its environment;
 the entity’s financial results (transactions and balances) and disclosures; and
 the requirements of the users of the financial statements.
A rigid materiality model would not be practical because of the many differences
between entities and the users of their financial statements.
Materiality may be quantitative (based on values) or qualitative (based on the nature of
the matter). Qualitative misstatements include failure to disclose information as required
by laws, regulations or GAAP (e.g. IFRS disclosure requirements – but remember that
IFRS Standards apply only to material items).
Although an individual amount or procedure may not be material, consideration must be
given to the cumulative impact, for example:
 A deviation in a procedure may not be material, but repeated deviations (e.g. each
month) would indicate the potential for material misstatement.
 Individual immaterial pricing errors in purchases may result in a material cumulative
total, especially when extrapolated through work-in-progress and finished goods.
 Failure to apply an accounting policy (e.g. depreciation of buildings) may not be
material to profit and loss in a given year. Still, cumulatively it may become so (e.g.
in accumulated depreciation on the statement of financial position).
10.1.3 Levels of Materiality

1.3 Levels of Materiality
Materiality at the financial statement level must be set, as must performance materiality.
Determining materiality for particular transactions, balances and disclosures is a matter
of professional judgment, not routine. Performance materiality will usually be less than
other materiality levels.
Key Point
Having determined a materiality level for the financial statements as a

whole, the auditor must consider if there are any particular classes of
transactions, balances and disclosures for which misstatements less than
Key Point
the overall materiality level could reasonably be expected to influence the

economic decisions of users. Examples include:
 The effect of laws or regulations (e.g. remuneration, fraud).
 Key disclosures relating to the industry (e.g. research and development
in a pharmaceutical company).
 Events that would cause particular focus on a specific aspect of a
company's activities (e.g. acquisitions and disposals).
10.1.4 Performance Materiality

1.4 Performance Materiality
Key Point
Performance materiality is used when performing audit tests (e.g.

receivables confirmation, purchase transaction testing, inspection of non-
current assets).
Planning the audit to consider only individually material misstatements overlooks the
cumulative impact of aggregated undetected immaterial misstatements exceeding the
overall financial statement materiality level.
The determination of performance materiality is not a simple mechanical calculation but
draws on:
 the nature of the entity;
 the auditor's experience (e.g. numerous immaterial misstatements found during audit
testing);
 the use of professional judgment; and
 the expectation of misstatements in the current period.
The aggregate of unadjusted immaterial misstatements must be compared with
performance materiality to ensure that the aggregate is not material.
Example 1 Applying Performance Materiality
GT & Co is conducting the audit of Werner Co. After planning

considerations, it has set an overall materiality level of 4% of profit before
tax.
Werner Co has a high volume of credit customers and GT & Co has some
concerns about the valuation of trade receivables, as the effectiveness of
Werner’s collection activities have deteriorated. Because of this, GT & Co
Example 1 Applying Performance Materiality
has set the performance materiality level for audit procedures performed on
receivables to be 3% of total receivables.
Applying this lower threshold during testing reduces the risk that the
aggregate of misstatements exceeds overall materiality.
10.1.5 Qualitative Materiality

1.5 Qualitative Materiality
Benchmarks for assessing materiality qualitatively include, for example, disclosure

requirements detailed by IFRS Standards and statutory disclosure requirements. These
may be subdivided into:
 objective disclosures that can be easily determined and verified (e.g. disclosures
concerning changes in accounting policies or prior period errors); and
 subjective disclosures (e.g. wholly narrative disclosures).
To judge whether or not disclosures concerning subjective (and estimated) matters are
materially misstated, the auditor needs a thorough understanding of the entity's
business and sound professional judgment. Such disclosure matters must be discussed
with TCWG (e.g. the audit committee).
Example 2 Qualitative Materiality
Boros & Co is conducting the audit of Juggler Co, a listed company with
extensive holdings of non-current assets.
Juggler Co is reluctant to disclose how it applies its accounting policies for
depreciation and revaluation in its financial statements, especially in light of
some significant changes in the utilisation and market value of some of its
non-current assets.
Considering Juggler Co’s operating environment and business model,
Boros & Co deems the nondisclosure of Juggler’s accounting policies to be
material and has requested Juggler & Co to disclose them. Failure to do so
might result in a modification of the audit opinion.
10.1.6 Relevance to the Audit
1.6 Relevance to the Audit
Materiality is relevant to all stages of the audit:

 planning an audit (through its relationship with audit risk);
 determining audit procedures (their nature, timing and extent);
 carrying out the audit (identified errors may affect materiality levels);
 evaluating errors identified during the audit process; and
 evaluating misstatements in the financial statements.
2.1 Professional Judgment
Understanding the entity and its environment establishes a framework within which the
auditor can apply professional judgment to determine what is material in the context of
the entity, its environment and control procedures.
Professional judgment is also used to determine the classes of transactions, balances
and disclosures that are material. A material class of transaction (or balance) for one
entity may be immaterial for another (e.g. rental income may not be material to revenue
in a retail company but material to a property management company).
Key Point
Understanding what is and is not material enables the auditor to consider the
nature, timing and extent of audit procedures (e.g. sampling, substantive
analytical procedures, stratification) to reduce audit risk to an acceptably low level.
10.2.2 Amount (Quantitative Materiality)

2.2 Amount (Quantitative Materiality)
In designing the audit plan, the auditor initially sets an appropriate materiality level to
detect quantitatively material misstatements at the financial statement level.
By understanding users' economic decisions, lower materiality levels may also be set
based on the classes of transactions, account balances or disclosures that such users
would consider material.
Financial Statement Level Assertion Level
Compare an item to the financial

Compare an item to a category (e.g.
statements as a whole. For
an inventory error of $50,000
example, compare to:
compared to a total inventory value
 revenue; of $650,000).
 profit before taxation;
It may be established as a set figure
 total assets;
or as a percentage of a total.
 capital and reserves.
Consider the elements of the The error of $50,000 may be
financial statements (e.g. a different considered material to inventory but
materiality level for the statement of may not be material to the statement
profit or loss and the statement of of financial position, if inventory as a
financial position). whole is not a material item.
As a "yardstick", materiality must be relevant to the user rather than the preparer of
financial statements and consider critical points. For example:
 Turning a reported profit into a loss (might be material to employees);
 Turning net current assets into net current liabilities (may be material to investors).
The auditor must also consider that some balances are capable of "precise
determination" and dictated by law and regulations, while others are not and are
determined by opinion and judgment rather than fact.
Precise Determination Use of Opinion/Judgment
For example, bad debt allowance,

contingent liabilities and asset useful lives.
For example, directors' The depreciation expense based on five
emoluments and share years may be material to profit and loss,
capital. but if based on six years it may not be: five
or six years is a matter of opinion and
Any error (however small)
judgment. Both could be equally
may be considered material
acceptable.
and adjusted, especially as
the precise amount must be Some reasonable degree of latitude is
disclosed by law. acceptable.
10.2.3 Nature (Qualitative Materiality)

2.3 Nature (Qualitative Materiality)
The nature of a misstatement (i.e. qualitative factors) must be considered when

determining whether the misstatement is material.
Misstatements are more likely to be considered material when they:
 Affect trends in profitability or mask a change in trend, or change a loss into profit;
 Affect compliance with loan covenants, contracts or regulatory provisions;
 Increase management compensation or indicate a pattern of management bias;
 Involve fraud;
 Affect significant financial statement elements.
Some transactions are material by nature, such as transactions with directors.
10.3.1 In Planning
3.1 In Planning
Key Point
In planning the audit, the auditor makes judgments about the size of
misstatements considered material. These judgments provide a basis for:
 determining the nature, timing and extent of risk assessment procedures;
 identifying and assessing the risks of material misstatement; and
 determining the nature, timing and extent of further audit procedures.
Determining materiality involves the exercise of professional judgment. A percentage is
often applied to a chosen benchmark as a starting point in determining the materiality
level for the financial statements as a whole. The ISA does not specify any particular
guidelines or values; to do so might imply that professional judgment need not be used.
Factors that may affect the identification of an appropriate benchmark include the
following:
 the elements of the financial statements (e.g. revenue, expenses, assets, liabilities);
 elements that are of particular importance to users (e.g. to evaluate financial performance,
users may tend to focus on profit, revenue or net assets);
 the nature of the entity, where the entity is in its life cycle, and the industry and economic
environment in which the entity operates;
 the entity's ownership structure and the way it is financed (e.g. if substantially debt-financed
rather than equity-financed, users may put more emphasis on assets, and claims on them,
than on earnings); and
 the relative volatility of the benchmark.
Past practice has, over time, established general percentage guidelines for the
calculation of an initial materiality level at the planning stage. For example:
5–10% net profit before taxation
1–2% net assets
½ –1% total assets
½ –1 % revenue
In general, less than the lower end of a range is immaterial and greater than the upper
end is material; the "grey area" in between is a matter for professional judgment. In this
approach, profit, net assets, total assets and revenue are considered the main
quantitative elements in the financial statements. The auditor then uses professional
judgment to determine:
 which element is the prime driver for materiality, or, more usually, which combination; and
 where, within the range, to set materiality.
Example 3 Benchmark
High-turnover, low-margin operations would probably use revenue as the

benchmark as this would be the key to their success.
Industrial entities would typically use assets and revenue as benchmarks,
with profits as an indicator within the range suggested by assets and
revenue.
Asset-based entities (e.g. property management and development) would
use assets as the benchmark.
Activity 1 Planning Materiality
The draft financial statements of an audit client show the following:
Revenue $5,000,000
Net assets $6,250,000
Profit before tax $417,000
Required:
a. Comment on the suitability of setting a materiality level for planning purposes at:
i. $20,000
ii. $40,000
iii. $100,000
b. Justify a materiality level that may be more suitable (if any).
a. Suitability of Levels
i. $20,000: This is likely too low as it falls below the lower limits for revenue, total assets and
profit before tax.
ii. $40,000: This is more suitable because it is within the percentage ranges for revenue
and profit before tax. However, it may still be regarded as too low for the statement of
financial position.
iii. $100,000: Although suitable for the audit of the statement of financial position, this is
likely to be considered too high for classes of transactions. Therefore, audit procedures
may not detect material misstatements in the statement of profit or loss.
b. Recommendation
This is a matter of judgment; however, as profit before tax is a function of the make-
up of balances and transactions (and at this stage in the audit only draft), it is more
likely that materiality will be determined based on revenue or total assets. As these
ranges have no overlap, no one range will satisfy both. Therefore, an amount could
be set to satisfy just one judged on users' needs (e.g. if users are more interested in
revenues than assets/liabilities, $50,000 may be appropriate). Alternatively, an
amount could be set between ranges as a compromise: $60,000.
WORKING
% $000
Revenue ½ –1 25–50
Net assets 1–2 62.5–125
Profit before tax 5–10 20.8–41.7
3.2 Effect on Audit Work
All matters that are identified as being material must be subject to detailed audit work
(e.g. tested in detail). The auditor must then use his judgment in dealing with the
remaining items (e.g. sampling or analytical procedures).
Example 4 Materiality Level
Having set a materiality level for the financial statements as a whole, the
auditor may (through judgment and expectations from experience of there
being various errors in the transactions and balances) set different
performance materiality levels for transactions, assets and liabilities (e.g.
50%, 75% and 50%) of the financial statement materiality level when
considering substantive testing.
Therefore, all balances greater than the performance materiality level will
be tested with the remaining items in the sample being selected using, for
example, random selection.
The performance materiality level would be used if sample sizes were
calculated using a materiality level.
Activity 2 Trade Receivables
Trade receivables total approximately $210,000, made up as follows:

Value range Total
Number of
$000 balances $000
10-15 2 22.3
5-10 6 41.5
1-5 40 87.0
0-1 89 59.6
137 210.4
Prepayments amount to $16,450.

No material misstatements were found in the previous year's audit.
Required:
Suggest how a financial statement materiality level of $25,000 may affect audit
procedures on trade receivables and prepayments.
Trade Receivables
 Although there is no individual trade receivable balance greater than $25,000, the eight
largest balances total $63,800 and have the greatest potential for containing cumulative
material misstatement (of an overstatement). These individual balances are likely to be
tested in detail (see Chapter 24) to account for performance materiality.
 The average balance in the range $1,000–$5,000 is $2,100 and the average balance less
than $1,000 is $670. If the profile of these balances is similar to the previous year's audit,
analytical procedures may be used (see Chapter 16).
Prepayments
 If $16,450 is in line with the prior period, it is unlikely to be materiality incorrectly stated and
audit tests may be limited to an analytical comparison with the prior year.
10.3.3 Relationship with Audit Risk

3.3 Relationship with Audit Risk
The relationship between materiality and the level of audit risk is described as inverse:
as the materiality level decreases, audit risk increases (and vice versa).
The auditor compensates for this increase in audit risk by reducing detection risk:
modifying the nature, timing and extent of planned substantive procedures (i.e.
increasing the level of audit work).
Example 5 Materiality Level and Audit Risk
If the materiality level is lowered for a given population, more items will be
greater than the materiality level.
Example 5 Materiality Level and Audit Risk
In this case, more items can be considered as potential material

misstatements, which, if left untested, increases audit risk.
So, by testing all items greater than performance materiality (in this
example there will be more of them, hence more work) the level of audit
risk can be reduced back to an acceptable level.
Key Point
A lower materiality level should be set if the risk of material misstatement is

assessed as high.
Setting the materiality level lower reduces detection risk because:
 more audit work will be performed;
 sample sizes will be larger.
10.3.4 Changing Materiality as the Audit Progresses

3.4 Changing Materiality as the Audit Progresses
Setting the materiality level for the financial statements at the planning stage of the audit
only considers the understanding, transactions, balances and disclosures known at that
stage. As the audit progresses, information obtained and evidence gathered, if known at
the planning stage, may have resulted in a different determination of materiality (and
audit approach).
As material matters are determined, the auditor must consider their effect on the
performance materiality (quantitative factors) and the nature, timing and extent of further
audit procedures (quantitative and qualitative aspects).
Example 6 Changing Materiality Level
During an audit, material overstatements in the quantity and valuation of

inventory are noted. An increase in audit risk may be identified, requiring
re-working the financial statement materiality calculations.
The materiality level will need to be lowered, and further testing carried out
(e.g. larger sample sizes or additional items now greater than the
materiality level will need to be tested).
The auditor will need to use professional judgment to determine if a higher
level of testing is required on other balances and the effect on performance
materiality.
10.3.5 Documentation
3.5 Documentation
As discussed in Chapter 6, the auditor must document all matters to support the audit
opinion, especially those involving the use of professional judgment.
Activity 3 Documentation
List the key matters that should be documented concerning materiality.

Concerning materiality, the auditor will be expected to document:
 The materiality level for the financial statements as a whole and the underlying factors
considered in its determination.
 Any materiality levels, if applicable, for particular classes of transactions, balances and
disclosures that are important to users of the financial statements (with underlying factors).
 Performance materiality with underlying factors.
 Any revision of any materiality level and why each revision was necessary.
 Reasons for any adjustments made that relate to material misstatements.
 All uncorrected misstatements and the aggregate of such errors for each class of
transaction, balance and disclosure, with reasons why each error (and aggregate total) is
not considered material.
10 Syllabus Coverage
Syllabus Coverage

3. Assessing audit risks
1. Define and explain the concepts of materiality and performance materiality.
2. Explain and calculate materiality levels from financial information.
Technical Articles
to this chapter.
Visual Overview
Objective: To describe the auditor's and management's responsibilities to consider

fraud and non-compliance with laws in an audit of financial statements.
11.1.0 Introduction
1.0 Introduction
Key Point
The auditor is required:

 To identify and assess the risks of material misstatement of the financial
statements due to fraud;
 To obtain sufficient appropriate audit evidence regarding the assessed
risks of material misstatement due to fraud; and
 To respond appropriately to fraud or suspected fraud identified during
the audit.
11.1.1 Definitions
Definitions
ISA 240 The Auditor's Responsibilities Relating to Fraud in an Audit of Financial
Statements distinguishes fraud from error.
Definitions
 Error – unintentional mistakes in financial statements, including the omission

of an amount or disclosure.
 Fraud – an intentional act by one or more individuals that uses deception to
obtain an unjust or illegal advantage.
 Fraud risk factors – events or conditions that indicate an incentive or
pressure to commit fraud or provide an opportunity to commit fraud.
Activity 1 Fraud or Error
Classify each of the following as either "fraud" or "error":
Fraud/Error
Alteration, falsification or manipulation of accounting

records/documents
Applying accounting policies inappropriately
Collusion
Arithmetic or clerical mistakes in collecting/processing

accounting data
Misapplication of accounting policies
Misappropriation of assets (i.e. theft)
Oversight or misinterpretation of facts
Recording transactions without economic substance
Suppression or omission of effects of transactions from

records/documents
Fraud/Error
Alteration, falsification or manipulation

of accounting records or documents Fraud
Fraud (if intended) / Error

Applying accounting policies (if mistake made in
inappropriately ignorance)
Collusion Fraud
Arithmetic or clerical mistakes in

collecting/processing accounting data Error
Misapplication of accounting policies Error
Misappropriation of assets (i.e. theft) Fraud
Oversight or misinterpretation of facts Error
Recording transactions without

economic substance Fraud
Suppression or omission of effects of

transactions from records/documents Fraud
11.1.2 Types of Fraud

1.2 Types of Fraud
Although there are many forms of fraud, only two basic types will result in a
misstatement of financial statements (and, therefore, will be of interest to auditors):
1. Fraudulent financial reporting; and
2. Misappropriation of assets.
1.2.1 Fraudulent Financial Reporting

Fraudulent financial reporting involves misstatements or omissions of amounts or
disclosures intended to deceive users of financial statements. It includes:
 Manipulation, falsification (including forgery) or alteration of accounting records or
supporting documentation from which the financial statements are prepared.
 Misrepresentation, or intentional omission, of disclosure of significant events, transactions,
balances or other information.
 Intentional misapplication of accounting principles relating to amounts, classification,
manner of presentation or disclosure.
Example 1 Fraudulent Financial Reporting
Trabel Co’s management wants to improve its financial statements for reporting.
To create fictitious sales transactions near the year-end reporting date,
management has colluded with certain customers. After the reporting date, the
sales transactions are reversed with credit notes.
1.2.2 Misappropriation of Assets

Misappropriation of assets includes the theft or misuse of company assets. Theft may
be concealed (but is not necessarily) by falsifying records or documents (e.g. bank
statements or confirmation letters).
 When perpetrated by employees, the amounts involved are often not material.
 However, when perpetrated by management, the amounts are often material and can be
difficult to detect.
Misappropriation of assets is often motivated by persons "living beyond their means".
Examples include:
 Embezzlement (of monies).
 Stealing physical assets or intellectual property (e.g. collusion with a competitor).
 Using an entity's tangible assets for personal benefit (e.g. as personal loan collateral).
 Causing the business to pay for goods and services not received.
Example 2 Misappropriation of Assets
Frod Co’s finance director is living a lifestyle beyond his means, financed by
misappropriating cash from Frod Co. He does this by embezzling payments made
to suppliers into his bank account and informing suppliers there might be a slight
delay in payment. He then uses payments authorised for subsequent invoices to
pay for earlier invoices.
1.3 Management and Auditor's Responsibilities
1.3.1 Management and External Auditor

Key Point
 Primary responsibility for prevention and detection of fraud and error lies with
management and TCWG.
 The external auditor's responsibility is to obtain reasonable assurance that the
financial statements are free from material misstatement, whether caused by
fraud or error.
Management External Auditors
 Management must set the tone

at the top, emphasising fraud  External auditors are not responsible
prevention/deterrence and for the prevention of fraud or error.
establishing a culture of honesty However, the external audit may act as
and ethical behaviour. a deterrent to fraud.
 The auditor should consider the risk of

material misstatement arising from
 The aim should be to persuade fraud
individuals at all levels in the firm and error when:
(including executive o planning and performing
management) not to commit audit procedures; and
fraud because of the likelihood of o evaluating and reporting on
detection and punishment. the results of procedures.
 The importance that

management attaches to internal  The auditor must be aware that the
audit indicates its commitment to risk of not detecting a material
effective internal control and misstatement arising from fraud is
fraud risk management. higher than that of error because of
Those charged with the nature of fraud (i.e. it is
governance concealed).
 There is an unavoidable risk that

material misstatements resulting from
 Must ensure that the fraud (and to a lesser extent, error)
appropriate culture, risk may not be detected due to the
management procedures and inherent limitations of an audit.
internal controls exist and However, this risk should be minimised
operate (including compliance (e.g. through the exercise of
with laws and regulations). professional scepticism).
 A key element is identifying the

potential for management
override of controls.
Activity 2 Management Override
Describe FIVE techniques that could be used by management to override internal

controls.
1. Recording fictitious journal entries, particularly close to the end of an accounting period, to
manipulate operating results or achieve other objectives – such entries may need to be
reversed in the following period.
2. Inappropriately adjusting assumptions and changing judgments used to estimate account
balances (e.g. aggressive application of accounting policies).
3. Omitting, advancing or delaying recognition in the financial statements of events and
transactions during the reporting period (e.g. recognising revenue not yet earned).
4. Concealing, or not disclosing, facts that could affect the amounts or disclosures shown in
the financial statements (e.g. product liability claims).
5. Engaging in complex transactions that are structured to misrepresent the entity's financial
position or financial performance (e.g. off-balance-sheet financing and the use of special-
purpose entities).
6. Altering records and terms related to significant and unusual transactions.
Activity 3 Ability to Detect Fraud
Give FIVE factors that could affect the auditor's ability to detect fraud.
1. Skill of the fraudster
2. Frequency and extent of the fraud
3. Degree of collusion
4. Relative size of individual amounts involved
5. Seniority of those involved
1.3.2 Internal Auditors
Internal audit is just one element of the system of internal control that is established and
maintained by management. Internal auditors are responsible to management for
evaluating risks based on audit plans and appropriate testing. They must be alert to the
signs and possibilities of fraud and error (and non-compliance with laws and
regulations).
Internal auditors' continual presence in an organisation gives them a better
understanding of the organisation and its system of control to detect the symptoms of
fraud. (Whereas the external auditor's focus is on material misstatements in the financial
statements.)
Specifically, internal auditors can help management:
 In deterring fraud by examining and evaluating the adequacy and the effectiveness of
internal controls;
 In assessing the design of internal controls to detect error and fraud and making
recommendations for improvements;
 In evaluating errors to determine whether they could be an indication of fraud;
 In investigating actual or suspected fraud where appropriate (see below).
Although internal audit's role includes promoting best practices, testing and monitoring
systems and recommending change where needed, the responsibility for the detection
and prevention of corrupt practices (including fraud and bribery) and error lies with
executive management.
Internal audit should only be given extra responsibilities for fraud:
 If this does not prejudice its primary role and responsibilities;
 If it has the resource capacity and the specific expertise needed in a particular case; and
 If approved by the board or audit committee.
Fraud investigation is considered in more detail in Chapter 14.
11.1.4 Professional Scepticism
1.4 Professional Scepticism
Due to the characteristics of fraud, the exercise of professional scepticism is essential

when considering the risks of material misstatement due to fraud. Professional
scepticism:
 does not accept audit evidence at face value (e.g. suspicion that a document may
not be authentic; that external confirmations and explanations from management
contradict;
 requires continuous questioning of whether information and audit evidence suggest
that a material misstatement due to fraud may exist.
11.1.5 Discussions Within the Engagement Team

1.5 Discussions Within the Engagement Team
As part of the planning procedures, critical members of the engagement team should
discuss the susceptibility of the financial statements to material misstatement due to
fraud.
Example 3 Areas for Discussion
An auditor's discussions on fraud, the conclusions drawn from those

discussions and the effect on the audit strategy and audit program must be
documented. For example:
 How and where the entity's financial statements may be susceptible to
material misstatement due to fraud.
 How management could perpetrate and conceal fraudulent financial
reporting and how assets could be misappropriated.
 Circumstances that might be indicative of aggressive earnings
management.
 Known external and internal factors affecting the entity that may create
pressure for fraud or provide the opportunity for fraud to be perpetrated.
 Management's involvement in overseeing employees with access to
cash or other assets susceptible to misappropriation.
 Any unusual or unexplained changes in behaviour or lifestyle of
management or employees.
 How unpredictability will be incorporated into the nature, timing and
extent of the audit procedures to be performed.
 Whether certain types of audit procedures are more effective than
others.
 Any allegations of fraud that have come to the auditor's attention.
Example 3 Areas for Discussion
 The risk of management override of controls.

1.6 Risk Assessment Procedures
Risk assessment procedures include:

 Understanding fraud-control design, implementation and effectiveness;
 Inquiries of management;
 Inquiries of TCWG;
 Inquiries of others;
 Consideration of fraud risk factors.
1.6.1 Fraud-Control Design, Implementation and Effectiveness

The auditor requires a thorough understanding of controls that management has
designed, implemented and maintained to prevent and detect fraud. This includes
understanding the roles of TCWG and internal audit.
1.6.2 Inquiries of Management

The auditor should inquire about:
 Management's assessment of the risk of fraud and the controls in place to prevent and
detect it;
 Management's approach to the prevention and detection of fraud and the actions taken
should fraud occur is indicative of management's attitude to internal control (control
environment); and
 Management's knowledge of actual, suspected or alleged frauds and the action taken.
1.6.3 Inquiries of TCWG

As managers may be able to override internal control, understanding the role of TCWG
enables the auditor to assess the strength of oversight procedures and the entity's
exposure to management fraud.
Because oversight procedures are part of internal control, the auditor should consider
observing the governance process by attending appropriate meetings, reviewing reports
and discussing matters directly with the audit committee.
Inquiries should be made about any knowledge of actual, suspected or alleged fraud.
The response should be compared with management's, and any inconsistencies should
be investigated.
1.6.4 Others of Whom the Auditor May Make Inquiries

The auditor’s inquiries are not limited to management and TCWG but may extend to:
 Internal audit – procedures carried out specifically to detect fraud, the level/type of fraud
detected and action taken by management and TCWG.
 Direct and indirect (of the finance function) operating personnel.
 Employees who deal with complex or unusual transactions.
 Internal and external legal services.
 Chief risk officer, chief ethics officer, money laundering officer, etc.
1.6.5 Consideration of Fraud-Risk Factors

Any unusual or unexpected relationships identified using analytical review may indicate
risks of material misstatement due to fraud (e.g. fictitious sales). All information received
about the entity should be considered for the risk of material misstatement due to fraud
(e.g. information obtained during client acceptance procedures or any interim
engagements).
Examples of potential fraud risk factors include:
 events or conditions that indicate an incentive or pressure to commit fraud (e.g. personal
financial problems)
 events or conditions that provide the opportunity to commit fraud (e.g. large amounts of
cash, poor control environment, inadequate physical safeguards); and
 an attitude that rationalises the fraud (e.g. tolerance of petty theft).
When potential fraud risk indicators have been identified, any risk of material
misstatements due to these factors must be identified and classified as significant risks.
For all significant risks, specific procedures (control and substantive) must be designed
to minimise the risk that the auditor does not detect fraud.
Key Point
 A risk of fraud in revenue recognition is presumed a significant risk due to

fraudulent financial reporting (e.g. overstatement due to premature recognition
or fictitious sales or understatement through shifting revenues to a later
period).
 If the auditor determines that revenue recognition is not a significant risk (e.g.
because there is a single type of simple revenue transaction), the reasons for
this decision must be documented.
11.1.7 Effect on Audit Strategy and Extent of Work

1.7 Effect on Audit Strategy and Extent of Work
Exam advice
The following examples of the effect of fraud and misstatements on the

audit strategy and extent of audit work are considered the most relevant to
the Audit and Assurance exam. This list is not exhaustive; more examples
are given in appendices to ISA 240.
 Increase level of professional scepticism.
 Reassess the overall audit approach.
 Consider the nature, timing and extent of substantive
procedures.
Audit  Design specific procedures to match the risk,
Strategy especially management override of controls.
 Assign individuals with specialised skills to match the

potential of fraud (e.g. forensic or IS).
 Strong briefing and closer supervision of team
members.
 Assign more experienced staff (e.g. managers and
Audit Team partners).
 Altering the nature, timing and extent of audit

procedures to incorporate an element of
unpredictability (from management's viewpoint) to
reflect the fact that management may be familiar with
prior audit approaches:
o different sample selection procedure;
o different locations visited;
o different timing of audit visits;
o full year-end inventory count for perpetual
inventory systems;
o some final audit work carried out at the
inventory count visit.
 Physical inspection of at-risk assets, rather than
acceptance of third-party confirmation.
 Greater use of CAATs, data-mining and
benchmarking to identify unusual transactions and
trends.
 Greater use of analytical procedures at a higher level
(e.g. linear regression analysis).
 Circularisation of agreement/contract terms and
conditions and the standard approach for balances.
 Reviewing journal adjustments after the last audit was
completed (to see what adjustments were made after
the auditors had left and would likely be repeated).
 Inquiry of non-financial personnel involved in the risk
area.
Extent of  Using external experts to re-assess management
Audit estimates and retrospective review of prior year
Procedures estimates.
 In addition to a thorough understanding of controls
and the potential for override by management, the
auditor should pay particular attention to:
o journal entries and other adjustments (e.g.
consider volumes, values, timing and supporting
evidence);
o accounting estimates (consider possible
bias to "profit smooth"); and
o business transaction rationale (e.g. if
Override of significant transactions appear overly complex or
Controls involve special-purpose entities).
11.1.8 Written Representations

1.8 Written Representations
Chapter 20 deals with written representations in greater detail and contains an example
of suitable representations.
Key Point
Written representations must be obtained from management concerning

its:
 responsibility for the design, implementation and maintenance of
internal control to prevent or detect fraud;
 disclosure to the auditor of the results of its assessment of the risk that
the financial statements may be materially misstated as a result of
fraud;
 disclosure to the auditor of knowledge of fraud or suspected fraud
involving management, employees who have significant roles in internal
control or other employees where fraud would have a material effect on
the financial statements; and
 disclosure to the auditor of knowledge of alleged or suspected fraud
communicated by employees, former employees, analysts, regulators
or others.
11.1.9 Communication with Management and TCWG

1.9 Communication with Management and TCWG
Although the auditor's report is not explained until later (Chapter 30), note that if a
matter is assessed as immaterial there will be no grounds for modifying the audit
opinion (i.e. the opinion will be “clean”). Therefore, any fraud or error that
is immaterial will not be drawn to the attention of the users of financial statements.
Regulatory and
Those Charged with Enforcement
Management Governance Authorities
 The auditor's
duty of
confidentiality
normally
 Communicate factual precludes any
findings if: reporting to a
o fraud may  Communicate if the fraud third party.
exist (even if involves:  If duty is
potentially o management; overridden
immaterial); or o employee with (e.g. by statute
o fraud does a significant role in or courts of
exist. controls; law), seek legal
 Report on a timely o others, advice.
basis for management resulting in a material  In some
to take action. It may misstatement. jurisdictions,
initially need to be oral  If management is there may be a
but must be followed up suspected, report and statutory duty
by written support. discuss the nature, timing to report fraud
 Level of management and extent of further audit and/or material
depends on: procedures needed to misstatement
o nature; complete the audit. to a
o magnitude;  If fraud is not material, supervisory
o frequency; discuss the approach to authority
and reporting at planning without first
o likelihood of stage. discussing it
recurrence.  Report significant with
 Report to a level above deficiencies in the management.
those believed to be design/implementation of  In most cases,
implicated – otherwise internal control to seek legal
seek legal advice. prevent/detect fraud. advice or
 Report significant  Report concerns about advice from
deficiencies in the management's attitude to ACCA on the
design/implementation fraud prevention, legal and
of internal control to detection and systems ethical matters
prevent/detect fraud. assessment. involved.
Activity 4 Matters to Be Reported to Those Charged with Governance
Suggest other matters related to fraud that the auditors should discuss with TCWG
(other than those identified above).
 Concerns about the nature, extent and frequency of management's assessments of
the controls in place to prevent and detect fraud and the risk that the financial
statements may be misstated.
 A failure by management to appropriately address identified significant deficiencies
in internal control.
 A failure by management to appropriately respond to an identified fraud.
 The auditor's evaluation of the control environment, including questions regarding
the competence and integrity of management.
 Actions by management that may indicate fraudulent financial reporting (e.g.
management's selection and application of accounting policies to manage earnings
and deceive users of the financial statement).
 Concerns about the adequacy and completeness of the authorisation of transactions
that appear outside the normal course of business.
11.1.10 Resignation from the Engagement

1.10 Resignation from the Engagement
Resignation ("Withdrawal") will be considered if the auditor encounters exceptional

circumstances that question his ability to continue the audit. For example:
 Management does not take the necessary remedial action for actual or suspected
fraud.
 Results of audit tests indicate a significant risk of material and pervasive fraud.
 Significant doubts exist about the competence or integrity of management or TCWG.
Factors to be considered include:
 Whether management or TCWG are implicated.
 The professional and legal responsibilities in such circumstances (e.g. need to report
directly to appropriate authorities without discussing with the client).
 Whether it is appropriate to withdraw (e.g. the auditor's professional responsibility to
complete the audit and issue an appropriate report).
 The effects on the auditor of continuing an association with the client (i.e.
engagement risk).
11.2.0 Introduction
2.0 Introduction
The relevant standard is ISA 250 Consideration of Laws and Regulations in an Audit of
Financial Statements.
Key Point
The auditor is required:

Key Point
 To obtain sufficient appropriate audit evidence regarding compliance

with provisions of laws and regulations that have a direct effect on
material amounts and disclosures in financial statements;
 To perform specified audit procedures to help identify instances of non-
compliance that may have a material effect on the financial
statements; and
 To respond appropriately to identified or suspected non-compliance
identified during the audit.
11.2.1 Definition
2.1 Definition
Definitions
Non-compliance – acts of omission or commission, intentional or

unintentional, committed by the entity, TCWG, management or other
individuals working under the direction of the entity, which are contrary to
the prevailing laws or regulations. Non-compliance includes personal
misconduct related to business activities (e.g. accepting a bribe from a
supplier) but does not include personal misconduct unrelated to business
activities.
Key Point
Non-compliance can arise through an act of omission (i.e. failure to act) or

commission (i.e. performance of an action).
11.2.2 Types of Laws and Regulations

2.2 Types of Laws and Regulations
There are two types of laws and regulations:

1. Those that relate directly to the financial aspects of the financial statements; and
2. Those that relate to the operational aspects and could indirectly affect the financial
statements.
Laws and regulations that are generally recognised as having a direct effect are:
 well-established;
 known to the entity;
 within the entity's industry sector; and relevant to the financial statements.
The indirect effect on financial statements can range from going concern and closure of
business to fines, litigation and provisions. Generally, the further removed non-
compliance is from the events and transactions ordinarily reflected in financial
statements, the less likely the auditor is to become aware of it or recognise its possible
non-compliance.
Examples include the following:
Direct Indirect
 Form and content of the financial statements  Operating licence

(e.g. company acts, listing requirements,  Environmental
IFRS Standards) regulations
 Industry-specific financial reporting issues  Health and safety
(e.g. charities, pension schemes) requirements
 Fraud, corruption and bribery  Regulatory solvency
 Money laundering requirements
 Tax liabilities  Data protection
Example 4 Effect of Non-compliance on Different Organisations
A minor breach of health and safety regulations in an office environment is

unlikely to have any material consequence on the financial statements or
the operating capability of the business (unless of a repeated nature due to
lack of remedial action or in breach of a court order, for example).
However, in industrial or hospitality sectors, the consequence concerning
the business could be more serious (e.g. closure or loss of reputation
leading to going concern).
11.2.3 Management and Auditor's Responsibilities

2.3 Management and Auditor's Responsibilities
Key Point
Management is responsible for ensuring that operations are conducted

within the laws and regulations applicable to the entity.
The auditor’s responsibility is to obtain reasonable assurance that the
financial statements are free from material misstatement, whether caused
by fraud or error.
An auditor's considerations of laws and regulations are very similar to
fraud.
Management Auditor
 Monitor legal requirements

and ensure operating  Plan, perform and evaluate the audit,
procedures are designed recognising that non-compliance with
to meet the requirements. laws and regulations may materially
 Design systems to meet affect the financial statements.
applicable legal  Apply professional scepticism.
requirements.  Obtain a general understanding of
 Institute and operate applicable laws and regulations to
appropriate systems of understand the business and its
internal control. environment.
 Develop, publicise and  Understand how the entity complies
follow a code of conduct. with those laws and regulations, the
 Ensure employees are risk procedures and controls applicable
adequately trained and to ensure laws and regulations are not
understand the code of breached.
conduct.  Identify critical laws and regulations
 Monitor compliance with (i.e. those that may cause the entity to
the code of conduct and cease operations).
discipline employees who  Identify non-compliance with laws and
fail to comply. regulations (e.g. by inquiry of
 Engage legal advisors to management, TCWG, company
assist in monitoring legal solicitors and inspection of
requirements. correspondence with relevant parties).
 Maintain a register of  Be aware when auditing assertions of
significant laws and the effect that breaches of laws and
regulations. regulations may have on them.
11.2.4 Indications of Non-compliance

2.4 Indications of Non-compliance
There are many different sources of indicators of non-compliance:

 Notification by a whistleblower.
 Investigation by government departments.
 Payment of fines or penalties.
 Payments for unspecified services or loans to consultants, employees or
government employees.
 Excessive commissions or agent's fees.
 Purchasing at prices significantly above or below market price.
 Unusual payments in cash or transfers to numbered bank accounts.
 Complex corporate structures, including offshore companies where ownership
cannot be identified.
 Unusual transactions with companies registered in tax havens.
 Tax evasion (e.g. under-declaring income).
 Payments for goods or services made other than the country of origin.
 Payments without proper exchange control documentation.
 An accounting system which fails to provide an adequate audit trail.
 Adverse Media comment.
11.2.5 Non-compliance Discovered

2.5 Non-compliance Discovered
2.5.1 Considerations
When non-compliance is discovered, the auditor needs to understand the nature of the
breach, the circumstances and the potential effect on the financial statements. Potential
consequences include:
 fines;
 penalties;
 damages;
 threat of expropriation of assets;
 enforced discontinuation of operations;
 litigation.
The auditor needs to understand whether potential consequences:
 require amendment or disclosure (e.g. if provisions need to be made for penalties);
 are so severe as to question whether the financial statements “present fairly, in all material
respects …”.
If the non-compliance may give rise to a money laundering offence, the audit firm's
Money Laundering Reporting Officer may be required to report this to the relevant
regulatory authority. Examples of such situations that may be encountered during an
audit include:
 Theft of assets;
 Dishonesty (e.g. failing to refund customers for goods they have returned);
 Facilitation payments (i.e. bribes).
Exam advice
How suspicions of money laundering should be reported is assumed

knowledge from Business and Technology.
2.5.2 Procedures
When non-compliance is discovered, the auditor should:
 Document findings – include copies of records/documents and minutes of conversations.
 Discuss with management and TCWG, where appropriate, to confirm facts and
circumstances. But not if prohibited (e.g. it might prejudice an investigation).
 Consult with the entity's lawyer.
 Consider the need for external legal advice.
 Consider how other audit areas might be affected (e.g. need to re-assess risk).
 Consider whether the size and nature of the breach call into doubt management's integrity
and, therefore, other representations made by management.
11.2.6 Reporting Non-compliance and Withdrawal from the Engagement

2.6 Reporting Non-compliance and Withdrawal from the
Engagement
It may be appropriate for the auditor to obtain legal advice before withdrawing from an
engagement. For example:
 If management or TCWG do not take necessary remedial action; or
 If identified or suspected, non-compliance raises questions regarding the integrity of
management or TCWG (even if the non-compliance is not material to the financial
statements).
Identified or suspected non-compliance with laws and regulations may be
communicated in the auditor's report (see Chapter 30 for details):
 If the auditor has a reporting responsibility to do so;
 If it is a "key audit matter",;
 In exceptional circumstances, if the auditor is not permitted to withdraw from the
engagement.
The auditor may report to an appropriate authority if:
 Required by law, regulation or relevant ethical requirements (e.g. under
ACCA’s Code of Ethics and Conduct, reporting to an appropriate authority
does not breach confidentiality);
 It is an appropriate response in accordance with relevant ethical requirements; or
 He has the right to do so.
Syllabus Coverage

5. Fraud, laws and regulations
1. Discuss the effect of fraud and misstatements on the audit strategy and extent of audit work.
2. Discuss the responsibilities of internal and external auditors for the prevention and detection
of fraud and error.
3. Explain the auditor's responsibility to consider laws and regulations.
Technical Articles
 Law and regulations (s.2.1-2.3)

Visual Overview
Objective: To describe computer systems controls and control objectives, procedures

and tests of control for the major transaction cycles.
12.1.1 General IT Controls
1.1 General IT Controls
Exam advice
In exam questions, assume that the system is computerised unless explicitly told
otherwise.
Definitions
IT environment – the IT applications and supporting IT infrastructure, and

the IT processes and personnel involved in those processes, that are used
to support business operations and achieve business strategies.
General IT controls – controls over the IT processes that support the
continued proper operation of the IT environment, including the continued
effective functioning of information processing controls and the integrity of
information (i.e. the completeness, accuracy and validity of information) in
the information system.
1.1.1 Purpose
General IT controls are implemented to address risks arising from the use of IT and
are typically implemented for each aspect of the IT environment:
 Applications – controls will be more relevant for highly-integrated IT applications with
complex security options than a “legacy application” (e.g. based on outdated technologies)
supporting a few account balances.
 Database – controls typically address risks related to unauthorised updates to financial
reporting information (e.g. through direct database access or execution of a program).
 Operating system – controls typically address risks related to administrative access, which
can facilitate the override of other controls (e.g. compromising other user’s credentials,
adding new/unauthorised users, loading malware or executing unauthorised programs).
 Network – controls typically address risks related to network segmentation (e.g. between
branches and a head office), remote access and authentication. Network controls may be
relevant when, for example:
o web–facing applications (i.e. visible/accessible from the internet) are used in
financial reporting;
o there are significant business partner relationships or third-party outsourcing,
which may increase data transmissions and the need for remote access.
Key Point
A general IT control alone is typically not sufficient to address a risk of material

misstatement at the assertion level.
If general IT controls are not designed effectively or appropriately implemented (e.g.
controls do not prevent or detect unauthorised program changes or unauthorised
access to IT applications), the auditor may decide to not rely on automated controls
within the affected IT applications.
1.1.2 Classifications
There is no single classification of general IT controls. One classification is by IT
process, for example:
 Process to manage access;
 Process to manage changes to the program or the IT environment;
 Process to manage IT operations
Examples of general IT controls by this classification include the following:
Access Program or other changes IT operations
 Authentication: To
ensure users use  Job
their assigned login scheduling: Controls
credentials. over access to
 Authorisation: To schedule and initiate
allow users to jobs/programs that
access only the  Change management may affect financial
information process: Controls over reporting.
necessary for their the process to design,  Job
job (facilitates program, test and migrate monitoring: Controls
segregation of changes to a production to monitor financial
duties). (i.e. end user) reporting jobs/
 Provisioning: To environment. programs for
authorise new users  Segregation of duties successful execution.
and modify existing over change  Backup and
users’ access migration: To segregate recovery: Controls
privileges. access to making to ensure:
 Deprovisioning: To changes to a production o data
remove user access environment. backups occur as
upon termination or  Systems development, planned; and
transfer. acquisition or o such data
 User access implementation: Controls is available and
reviews: To over initial IT application accessible for
recertify or evaluate development or timely recovery
user access for implementation. after an outage or
authorisation.  Data attack.
 Physical conversion: Controls  Intrusion
access: To the data over data conversion detection: Controls
centre and during development, to monitor for
hardware implementation or vulnerabilities and
(unauthorised upgrading of the IT intrusions in the IT
access may be environment. environment.
used to override
other controls).
Example 1 General IT Controls
As the financial controller at TRC Co, Lisa uses a computer to access and make
updates to the company’s financial system.
 To access her workstation, she needs to log in using an assigned username
and password. A two-step verification process requires her to key in a PIN
sent to an authenticator app on her phone.
 TRC Co has an automated policy that forces authorised users to change their
passwords every 60 days or in the event of a detected breach of the system.
 Her workstation has up-to-date anti-virus, operating system (OS) and firewall;
the policies and updates are controlled by TRC Co.
 Her workstation automatically sends back-end operation and memory data to
TRC Co’s IT department, comparing processes to a database of threats and
flagging anomalies.
 Her workstation has restrictions on the installation of software and scripts.
Software can only be installed through the approved software portal on the
company’s intranet or if an exception case is submitted and approved through
the IT department.
 Her workstation automatically backs up Lisa’s data and folders to the cloud
every day at a specific time.
 Changes to programmes and settings are logged by the OS and sent to the IT
department.
 Specific to Lisa’s workstation, key dates, changes to settings and processes
relating to the financial software are automatically logged and sent to the IT
department.
 TRC Co’s cloud verification restricts financial system login by Lisa to only one
session at a time. Logins from multiple terminals simultaneously are not
allowed; any attempt will be logged and shared with the IT department.
An alternative classification is as follows:
12.1.2 Information Processing Controls
1.2 Information Processing Controls
Definition
Information processing controls – controls relating to the processing of

information in IT applications or manual information processes
that directly address risks to the integrity of information (i.e. the completeness,
accuracy and validity of transactions and other information).
1.2.1 Purpose
Information processing controls provide reasonable assurance that all transactions are
authorised (valid), recorded and processed completely, accurately and on a timely
basis.
Exam advice
Appreciate that there can be overlap between the various classifications,

for example, passwords can be a general IT control (e.g. logical access to
the accounts department) and also an IT application (information
processing) control (e.g. permitting access to a specific program such as
the payroll).
Some classifications include processing controls (e.g. control totals, check
digits, range, comparability, existence, sequence and exception checks) as
input validation controls (as input can be considered an aspect of
processing).
In the exam, state the control and what it aims to achieve and give an
example of its use.
1.2.2 Classifications
Validation checks over input include:

 Limit tests to ensure that a numerical value does not exceed a predetermined value;
 Range or reasonableness tests to ensure that the value in a field falls within an allowable
range of values;
 Sequence checks to determine if data is input in proper numerical or alphabetical sequence;
 Field tests to ensure that a field includes only acceptable numeric or alphabetic characters;
and
 Sign tests to check that data in a field has the correct arithmetic sign.
Check digit verification is a check for arithmetic accuracy that computes a numeric
value to provide assurance that the original value was not changed.
A batch total is the sum of a particular numerical field in a collection (batch) of items. It
is used to ensure the completeness and accuracy of data input. For example, a batch of
sales invoices, invoice totals, sales tax totals and the number of invoices are manually
totalled before entry into the computer. These totals are then compared to the
computer's calculations. If the totals do not match, the source documents are compared
to the computer records to determine the source of error.
An alternative classification for information processing controls is as follows:
Transaction controls File controls

Aim to ensure:
Aim to ensure:
 file continuity;
 completeness;
 asset protection; such as:
 accuracy; and
o keys, security-coded
 validity
entry;
of transactions and hence the o approval and
existence of assets and liabilities. recording;
→Mnemonic "CAVe". o data security (e.g.
library) procedures.
12.2.1 Further Audit Procedures

2.1 Further Audit Procedures
Key Point
ISA 315 requires the auditor to:

 identify and assess risks of material misstatement at the financial
statement and assertion levels (see Chapter 9); and
 design further audit procedures (under ISA
330 The Auditor’s Procedures in Response to Assessed Risks),
including:
o audit procedures, if required, to test the operating
effectiveness controls (i.e. tests of controls);
o the nature, timing and extent of planned substantive
procedures (see Chapter 15).
Definitions
Test of controls – an audit procedure designed to evaluate the operating

effectiveness of controls in preventing, or detecting and correcting, material
misstatements at the assertion level (see Chapter 15).
The following diagram shows that the effectiveness of controls will only be tested when
there is potential for reliance on controls (*). If controls are effective, the level of
substantive procedures will be reduced, compared to the “full” substantive approach.
A "full” substantive approach (i.e. all assurance comes from substantive procedures) is
adopted where:
 following the risk assessment, controls do not appear to be satisfactory; or
 tests of controls show them to be not effective (see middle of diagram); or
 the auditor does not seek to place reliance on controls.
Such a wholly substantive approach requires a high level of testing of transactions,
balances and disclosures (see Chapter 15).
2.1 Further Audit Procedures
Key Point
ISA 315 requires the auditor to:

 identify and assess risks of material misstatement at the financial
statement and assertion levels (see Chapter 9); and
 design further audit procedures (under ISA
330 The Auditor’s Procedures in Response to Assessed Risks),
including:
o audit procedures, if required, to test the operating
effectiveness controls (i.e. tests of controls);
o the nature, timing and extent of planned substantive
procedures (see Chapter 15).
Definitions
Test of controls – an audit procedure designed to evaluate the operating

effectiveness of controls in preventing, or detecting and correcting, material
misstatements at the assertion level (see Chapter 15).
The following diagram shows that the effectiveness of controls will only be tested when
there is potential for reliance on controls (*). If controls are effective, the level of
substantive procedures will be reduced, compared to the “full” substantive approach.
A "full” substantive approach (i.e. all assurance comes from substantive procedures) is
adopted where:
 following the risk assessment, controls do not appear to be satisfactory; or
 tests of controls show them to be not effective (see middle of diagram); or
 the auditor does not seek to place reliance on controls.
Such a wholly substantive approach requires a high level of testing of transactions,
balances and disclosures (see Chapter 15).
Key Point
A control can potentially be relied upon (*) if it relates to an assertion and

appears suitably designed and implemented.
12.2.2 Operating Effectiveness

2.2 Operating Effectiveness
Testing the operating effectiveness of controls includes obtaining evidence regarding:

 whether controls were applied at relevant times;
 how controls were applied;
 the consistency with which controls were applied; and
 by whom the controls were applied.
Tests of control are performed when:
 the auditor's control risk assessment is based on an expectation that control
activities are operating effectively (i.e. the auditor intends to rely on their operating
effectiveness in determining the nature, timing and extent of substantive
procedures); or
 substantive procedures alone do not provide sufficient appropriate audit evidence
(e.g. in highly automated systems).
Key Point
Tests of control cannot be used to eliminate the need to perform

substantive procedures. Substantive procedures must be performed for all
material account balances, transactions and disclosures (Chapter 15).
12.2.3 Nature, Timing and Extent of Tests of Control

2.3 Nature, Timing and Extent of Tests of Control
The auditor uses professional judgment to determine:

 the control activities to test; and
 the design (i.e. nature, timing and extent) of tests of control.

Control activities (see Chapter 9) include:
 Authorisation and approvals;
 Reconciliations;
 Verifications;
 Physical or logical controls;
 Segregation of duties.
The auditor may plan to test:
 direct controls;
 indirect controls including general IT controls.
Definitions
Direct control – controls that are precise enough to address risks of

material misstatement at the assertion level.
Indirect control – controls that support direct controls.
Controls in the control environment, risk assessment process and monitoring process
are primarily indirect controls (but may also be direct). Controls in the information
system and communication and control activities are mostly direct controls (but may
also be indirect).
Key Point
If a control to be tested depends on other (indirect) controls, the auditor must

consider whether it is necessary to obtain audit evidence to confirm the effective
operation of those indirect controls (e.g. general IT controls).
2.3.2 Nature of Tests of Control

Key Points
 Observation, inspection and reperformance are used to test controls.

 Inquiry may be used in addition to these but is not sufficient alone.
Control
activity Examples Tests of controls
Authorisation/approval of:
 Purchase/disposal of
non-current assets
 Payments to suppliers  Inspection of documents
 Customer credit limits evidencing authorisation (e.g.
 Purchase and sales capital expenditure
transactions requisition).
Authorisation  New employees, wage  Inquiry regarding
and approvals rates, promotions authorisation procedures and
 Journal entries. authorising parties.
 Bank reconciliations.
 Supplier/customer  Inspect reconciliations and
statement evidence of independent
reconciliations. review.
Reconciliations (See Activity  Reperformance of
1 in Chapter 9.) reconciliations.
 Arithmetical accuracy
checks.
 Extracting trial
balances.
 Sequence checks of
pre-numbered
documents.
 Follow-up on  Recalculation of arithmetical
error/exception reports. checks.
(See also information  Reperformance of sequence
processing controls checks.
Verifications  Inspection of reports for
(s.1.2.2))
evidence of follow-up.
 Observation of secured/
password access.
 Observation of inspection of
physical assets.
 Secured access to  Inspection of evidence of
assets and records. comparison of book to
 Password access to physical assets (e.g. in a non-
computer systems. current asset register).
 Comparing book to  Reperformanceof physical to
Physical or physical assets (e.g. book comparisons (e.g. test
logical controls inventory, cash, non- counts when attending a
current assets). physical inventory count).
 Observation of segregation
 Separation of of duties
authorisation, recording  Inspection of documents that
and custody functions. evidence segregation of
Segregation of  Actions of one duties
duties employee checked by  Inquiry regarding
another. segregation
2.3.3 Timing of Tests of Control

Testing a control at a point in time only provides evidence of its effectiveness (and
implementation) at that point. Depending on the objective of the test, it is often
necessary to test the effectiveness of controls over some time. For example:
 Year-end inventory counts only require testing of control (and substantive procedures) at the
year-end since no reliance is placed on day-to-day controls.
 Controls over continuous inventory systems will need to be tested throughout the year (e.g.
regular test counting of significant inventory items, discrepancy reports followed up and
acted upon) if reliance is to be placed on inventory records.
An efficient approach to testing controls is to conduct, wherever possible, procedures
during the interim audit. The auditor can reassess the audit approach, if necessary,
before the year-end audit (rather than discovering at the last minute that the audit
approach needs to be changed).
When an interim audit is carried out, the approach to auditing the remaining period to
the year-end must be considered. Factors to take into account include:
 the significance of the assessed risks of material misstatement during the remaining period;
 the length of the remaining period (e.g. four months of transactions will be more material
than just one month);
 the control environment; and
 significant changes to the system of internal control since the interim audit.
Example 2 Interim Audit
 An interim audit is carried out two months before the year-end. The results
show that there is a high degree of operating effectiveness.
 During the remaining two months, a change is made to the procurement
procedures. This is considered to be significant.
 Understanding and risk assessment is based on this change in control. The
operational effectiveness of the change and its effect on the procurement
system will be tested from the date of its introduction.
 As the monitoring of controls was assessed as effective at the interim audit,
the auditor decides that a review of the control monitoring procedures during
the last two months, supported by analytical procedures, will be sufficient to
cover the remaining internal controls relevant to the audit and will not be
affected by the change.
2.3.4 Extent of Tests of Control

The extent of tests of control should consider:
 The frequency of the performance of the control by the entity during the period.
 The length of time during the audit period that the auditor is relying on the operating
effectiveness of the control. (This will generally be the whole period.)
 The relevance and reliability of the audit evidence to be obtained.
 The extent to which audit evidence is obtained from tests of other controls related to the
same assertion.
 The extent to which the auditor plans to rely on the operating effectiveness of the control in
the assessment of risk (and thereby reduce substantive procedures).
 The expected deviation (i.e. number of errors) from the control. If the expected deviation is
zero, any deviations may increase substantive procedures.
 To the extent not already addressed, whether the direct controls to be tested depend on
other (indirect) controls) and, if so, whether it is necessary to obtain audit evidence
supporting the effective operation of those indirect controls.
If the system is changed partway through a year (e.g. from a manual to a computer-
based system), effectively two systems will need to be assessed and tested, depending
on the length of time each has been in operation (e.g. if the change occurred during the
last month, detailed analytical procedures might provide sufficient audit evidence for the
previous month). Also, the auditor must ensure the integrity of data transfer and that this
did not result in any material misstatement in the new data set.
12.2.4 Results of Tests of Control

2.4 Results of Tests of Control
2.4.1 Deviations Identified in Tests of Control

The concept of monetary materiality does not apply when dealing with tests of controls.
If the expected deviation is zero, any error (regardless of its monetary value) means that
the control did not work. The auditor must determine the reason for the deviation(s).
If there was only one (or very few) deviations in a sample, this may indicate an isolated
incident (e.g. no purchasing authorisation for a day because the buying manager was
sick).
 A review should be undertaken to see if the deviation was repeated at any other time, (e.g.
at what other times was the manager ill and were alternative controls in place?) together
with analytical procedures on purchases made on those days.
 It may then be concluded that, if there is no material effect on the financial statements,
substantive procedures may not need to be increased.
 A report of the deficiency and potential effect must still be made to the client.
If several or numerous deviations are found, the conclusion will usually be that the
controls are not effective and substantive procedures must be extended accordingly.
Reason(s) for the failure in control must be established and reported to management
(see Chapter 13).
2.4.2 Conclusions from Tests of Control

Conclusion Implication
The remaining assurance must be obtained through

reduced substantive procedures. This could mean smaller
 Controls are sample sizes for testing transactions and balances and the
operating use of substantive analytical procedures.
effectively.
All audit assurance must be obtained through increased

 Controls are not substantive procedures (e.g. tests of details and larger
operating sample sizes) on transactions, balances and disclosures.
effectively.
If the risk assessment or results of testing indicate that controls are not satisfactory:
 significant deficiencies must be reported to management (see Chapter 13); and
 the audit strategy and plan must be updated (and approved by the partner) to include
increased substantive procedures.
2.5 Reliance on Past Results
2.5.1 General
Audit evidence on the operating effectiveness of controls obtained in previous audits
may be relied on as audit evidence for the current period, subject to the following
conditions:
 inquiries, observations and inspections confirm that no changes were made in the current
period;
 if an individual control, that control is tested at least once in every third audit;
 if several controls, a sufficient portion of them are tested each audit;
 the control does not relate to a significant risk.
2.5.2 Significant Risks

For significant risks, the operating effectiveness of controls must be tested annually.
Although prior-year audit evidence relating to the design of such controls may be relied
on (in the absence of changes), the evidence of its implementation and operating
effectiveness must be assessed each year.
The higher the risk of material misstatement, or the greater the reliance on the control,
the greater the need for that control to be tested annually. Factors to consider include:
 the effectiveness of other elements of internal control; the control environment, monitoring of
controls and the entity's risk assessment process;
 the risks arising from the characteristics of the control (e.g. if manual or automated);
 the effectiveness of general IT controls, in computer systems;
 the effectiveness of the control and its application, including the nature and extent of
deviations in its application (from tests of operating effectiveness in prior audits);
 whether the lack of a change in a control poses a risk due to changing circumstances;
 the risk of material misstatement and the extent of reliance on the control.
Activity 1 Prior Period Audit Evidence
Suggest FIVE reasons for the auditor NOT to rely on the audit evidence obtained in
prior periods.
 A weak control environment.
 Weak monitoring of controls.
 A significant manual component in control activities.
 Personnel changes that significantly affect the application of the control.
 Changing circumstances that indicate the need for changes in the control.
 Weak general IT controls.
12.3.1 Key Skills

3.1 Key Skills
The learning outcomes for this chapter cover the first three skills, the remaining two
skills are detailed in the next chapter.
3.1.1 Control Objectives

At the assertion level, control objectives aim to ensure that only:
 authorised (Valid – V) transactions are
 promptly recorded (Complete – C) in the
 correct (Accurate – A) amount in the
 appropriate (A) accounts in the
 proper (Correct Cut-off – C) accounting period and that
 recorded assets exist (Existence – E).
Exam advice
Remember the mnemonic CAVE.

For example, the overall control objective over purchases might be "to ensure that
payments are only made for goods and services received and required by the entity".
This may be broken down into sub-objectives (e.g. "to ensure that goods are only
received for orders placed").
This requires control activities over placing the order, receiving and accepting the
goods/services, recording and analysing the invoice and settling the liability to achieve
the overall control objective.
Example 3 Sales Cycle
Consider the sales cycle. Identify the overall control objective (that all goods
despatched are correctly recorded in the general ledger), break down the transaction
into components (i.e. the flow of documentation) and ask, "What could go wrong?" –
that is, what would be an appropriate control objective for that element (e.g. to
ensure that goods cannot be despatched without the correct authorisation)?
Effectively, devise control objectives at each stage.
Then ask what control activities need to be in place to achieve the control objective
(e.g. authorisation, completeness checks, reconciliations, pre-numbering of
documents, segregation of duties, etc).
It is important to understand the difference between:

 the control objective (i.e. what does the control aim to achieve?); and
 control activities (i.e. what actions are needed to ensure that the objective is achieved?).
Activity 2 Purchases Cycle
Use the components of the purchases cycle to generate FOUR control questions.
12.3.2 Transaction Cycles

3.2 Transaction Cycles
Audits are often performed by transaction cycle. This enables the auditor to gather
evidence for related account balances, transactions and disclosures simultaneously.
The transaction cycles relevant to the examination are:
 Revenue (i.e. sales and trade receivables) (s.4)
 Purchases (i.e. purchases and trade payables) (s.5)
 Payroll (i.e. wages and salaries) (s.6)
 Inventory (s.7)
 Bank and Cash (s.8)
 Non-current assets (s.9)
The sections that follow outline, for each transaction cycle:
 the control objectives;
 control activities; and
 tests of control.

4.1 Control Objectives
Exam advice
"Complete", "accurate," and "valid" are keywords in accounting control

objectives. "Prompt" is a more commercial objective.
4.2 Internal Control Examples and Sample Tests of

Controls
Key Point
IFRS 15 Revenue from Contracts with Customers outlines five steps in the
revenue recognition process:
Step 1 – Identify the contract(s) with the customer

Step 2 – Identify the separate performance obligations
Step 3 – Determine the transaction price
Step 4 – Allocate the transaction price to the performance obligations
Step 5 – Recognise revenue when or as the performance obligation is
satisfied
Internal controls need to ensure that each step is completed properly. For
example, an entity should have documentation showing that each contract
meets the revenue recognition criteria. Such documentation should be
reviewed and approved by a party not otherwise involved in the revenue
recognition process for material or unusual contacts. The auditor could test
this control by selecting a sample of material contracts entered into during
the period and verifying that the documentation related to the contract was
reviewed and approved. Similar internal controls and tests of controls could
exist for each step in the revenue recognition process.
Sample Tests of
Internal Control Examples Controls
Stage
 Segregation of duties between:

o Order recording
o Order authorisation
o Despatch of goods
o Invoice preparation
Overall o Handling of cash
receipts o
o Ledger posting
o Supervision
 Sales order should be authorised

and show evidence of
authorisation (e.g. sales  Test a sample of sales
manager's signature). orders for evidence of
 Sales orders are sequentially authorisation.
numbered and regularly sequence  Review and test (e.g.
checked to ensure completeness by re-performance) the
(i.e. pre-numbered or generated in client's procedures for
strict numerical sequence). accounting for the
 An "open sales order" file should numerical sequence of
be maintained and periodically sales orders.
reviewed to ensure all orders are  Observe periodic
ultimately fulfilled. review of open sales
 Sales orders should be validated order files.
Sales for price, quantity, goods  Test a sample of sales
orders availability and customer orders for evidence of
creditworthiness. credit approval.
 Test a sample of GDN

for evidence of
matching to sales
orders.
 Goods despatch notes (GDNs)  Review and test the
should be matched to authorised client's procedures for
sales orders. accounting for the
 GDNs are sequentially numbered numerical sequence of
and regularly sequence checked GDNs.
to confirm completeness.  Test a sample of sales
 Proof of delivery (e.g. customer invoices for evidence
signature) should be obtained of proof of delivery.
(e.g. on a copy of the GDN).  Review and test the
 Sequentially numbered goods client's procedures for
Goods returned notes should be used to accounting for the
despatches ensure completeness of recording numerical sequence of
of sales returns. goods returned notes.
 Sequentially numbered sales

invoices should be used. Regular  Review and test the
sequence checks should be client's procedures for
carried out to ensure accounting for the
completeness. numerical sequence of
 Sales invoices should be matched sales invoices.
to GDNs and sales orders to  Inspect a sample of
confirm the accuracy of product sales invoices for
Sales description and quantity. evidence of authorised
invoices  Arithmetic accuracy of sales sales orders and
invoices should be verified. GDNs.
 Prices on sales invoices should be  Review a sample of
agreed periodically against the sales invoices for
authorised price list. evidence of verification
 Trade discounts applied should be of arithmetic accuracy.
agreed (e.g. to contracts with
customers or authorised price list)
to ensure that the correct discount
has been applied to the quantity
sold.
 Monthly statements should be  Observe preparation

Recording sent to customers and disputes and sending of
handled independently. monthly statements.
 Where money is received by post,

"mail-opening procedures" should
include two staff members  Review and observe
(segregation of duties). the client's procedures
 Cheques should be restrictively for opening mail and
endorsed when received and a handling complaints
pre-listing of receipts prepared. and disputes about
 All monies received should be monthly statements.
banked intact on that business  Observe the
day. preparation of the pre-
 Entries in the cash receipts book listing of cheques.
should be proved by regular  Examine bank
(usually monthly) reconciliations of statements to verify
the bank account balance in the that cash is deposited
general ledger to the bank daily.
statement.  Review the monthly
 Bank reconciliations should be bank reconciliations for
Cash reviewed regularly by a evidence of review by
receipts responsible official independent of a responsible official
the recording function. (e.g. a signature).
Activity 3 Tests of Control
Using the schedule which follows:

A. For each sales-cycle control question, suggest a direct control.
B. For each direct control in (a), suggest an appropriate test of control.
(a) Direct (b) Test of
Control question control control
1. Can goods be despatched but not invoiced? 2.
2. Can invoices be raised but omitted from the

detailed sales listing? 3.
3. Can receivables be improperly credited by
fictitious or incorrect credit notes, journals, bad
debt write-offs, cash receipts, etc? 4.
(Only one direct control was asked for.)
Control question (a) Direct control (b) Test of control
Goods despatch
note and invoice Check cross-
are of the same set reference to invoice
(matched) and for a sample of
sequence despatch notes and
checked. check for evidence of
Regular sequence check.
reconciliation of Check for evidence of
inventory per regular reconciliations
physical count to and ensure that they
1. Can goods be records and appear reasonable
despatched but not investigation of (i.e. no unexplained
invoiced? differences. differences).
Recording on
listing evidenced
on the invoice (e.g.
by a digital
signature). Check digital
Entries on the signatures on a
listing are sample of invoices.
sequence checked Check for evidence of
2. Can invoices be to ensure all sequence check (e.g.
raised but omitted from invoices are proof of investigation
the detailed sales listing entered. of missing items).
3. Can receivables
be improperly credited Authority for credit
by fictitious or incorrect notes, journal Check for evidence of
credit notes, journals, entries and bad authority on a sample
bad debt write-offs, debt write-offs of credit entries in the
cash receipts, etc? evidenced. sales ledger.

12.5.2 Internal Control Examples and Tests of Controls
5.2 Internal Control Examples and Tests of Controls
Sample Tests of
Stage Internal Control Examples Controls
 Segregation of duties
between:
o Purchasing
department
o Order department
o Bookkeeping
functions
o Inventory handling
o Recording and
Overall payment o
 Verify authorisation
of a sample of
 Orders should be purchase
requisitioned by the user requisitions.
department and authorised by  Test the sequence of
the head of the department. purchase
 Sequential numbering should requisitions and
be checked for completeness. enquire into those
 A buyer should coordinate missing.
requisitions (to secure value  Scrutinise all tenders
for money). Selected tender received, where
should be authorised. applicable, in
 An economic order quantity respect of a sample
(EOQ) inventory system or of transactions and
checks on physical quantities verify the
held (to prevent authorisation of
Requisitions "overstocking"). selected tender.
 Purchase orders should be  Verify authorisation

raised in an order (buyer) of a sample of
department independent of all purchase orders.
other departments.  Agree a sample of
 Purchase orders must be and agree purchase
sequentially pre-numbered. orders to
Orders must be authorised requisitions.
and the sequence periodically  Scan the unfilled
checked for completeness. purchase order file
Purchase  Pending (unfilled) orders for evidence of
orders should be reviewed regularly review.
to ensure that purchasing
requirements are met.
 Goods should be inspected

on receipt (product
description, quantity and  Test a sample of
quality) before acceptance. GRNs for evidence
 Documentation that goods were
accompanying goods inspected when
received (e.g. the supplier's received.
despatch note) should be  Test a sample of
matched to a purchase order GRNs for evidence
to confirm the goods were that they were
ordered. (Note 1) matched to a
 Sequentially numbered goods purchase order
received notes (GRNs) should when received.
be raised for all goods  Test sequence of
Goods received and periodically GRNs and enquire
received reviewed for completeness. into those missing.
 Invoices should be recorded

promptly (e.g. in a detailed
purchases listing) and
sequentially numbered on
receipt.  Test a sample of
 Invoices should be checked invoices for evidence
and matched to the GRN and of recalculation and
purchase order. matching to
 Performance of these checks purchase orders and
should be evidenced on each GRNs (e.g. look for
Purchase invoice (e.g. by initials in a initials on "grid
invoices "grid stamp"). stamp").
 Batch control over input (i.e. a  Examine a sample of

control total of a batch of invoice batches for
invoices is predetermined and evidence of the use
agreed after processing) to of batch control
ensure accuracy and totals.
completeness. (Note 2)  Review the monthly
 Monthly reconciliation of reconciliations of
balances per the list of individual supplier’s
individual suppliers to balances to supplier
suppliers' statements (and statements for
independent review thereof) evidence of
Recording to ensure completeness and independent review.
accuracy of postings of
invoices.
 The person who signs

cheques or bank drafts should
not be involved in the
authorisation, recording or
custodial functions.
 Two signatures should be
required for larger payments.
 All cheques should be issued
in sequential order and their
sequence should be  Test sequence of
controlled. checks and enquire
 Unused cheque books should into those missing.
be kept under lock and key.  Test a sample of
 Spoiled or cancelled cheques cash payments to
should be retained. supporting
 No cheque or other payment documentation
order should be raised without (invoices, GRNs,
supporting documentation, purchase orders and
including the invoice, GRN purchase
and purchase order. requisitions). Look
 Invoices and requisitions for evidence of a
should be stamped "PAID". "PAID" stamp.
 The payments system should  Review bank
be supervised by a reconciliations for
responsible official who evidence of review
Cash oversees and reviews by a responsible
payments monthly bank reconciliations. official.
Note:
1. An incomplete order may be accepted rather than refused. However, any shortfall
must be documented.
A control total may be a monetary total (e.g. of the amounts of the purchase
invoices) or a meaningless "hash" total (e.g. the sum of supplier account
numbers). Either would confirm the completeness of processing but only a
monetary total can confirm accuracy. 12.6.1 Control Objectives

12.6.2 Internal Control Examples and Tests of Controls
6.2 Internal Control Examples and Tests of Controls
Sample Tests of
 A record should be kept for
each employee containing, in
writing, proof of engagement,
dismissal, changes in pay
rates, etc. Any changes in
detail should be evidenced in
writing by a responsible
official.
 The payroll should be
independently scrutinised
(e.g. month-on-month) to
identify any unexpected
deviations.
 A responsible official should
supervise the recording of  Review a sample of
payroll and the regular employee files and
discharge of payroll-related verify that all
liabilities. engagements,
 Segregation of duties dismissals or status
between: changes are in writing
o Personnel and authorised by a
management responsible official.
o Payroll recording  Review payroll
o Cash payment documentation for
o Overall supervision evidence of
Overall of payroll system independent scrutiny.
 Safe custody and the

restricted issue of clock cards
and security passes.
 Supervision of employees as  Observe the use of
they clock in and clock out. time clocks.
(Note 1)  Examine a sample of
 All time records should be time records for
Clock cards checked and approved. approval.
 Details of new employees to  For a sample of new

be put on the payroll should employees, verify the
be authorised (e.g. by the line authorisation of
manager or department details by the
head). responsible official.
 All overtime hours should be  For a sample of
authorised before inclusion in employees, examine
the payroll run. overtime payments
Payroll  Any sickness or holiday leave and sickness or
preparation should be authorised. holiday leave for
 The payroll should be evidence of
checked for accuracy of detail authorisation by the
of names, hours paid, rates responsible official.
of pay and calculations of  Review payroll for
gross pay by people evidence of accuracy
independent of payroll check by people
preparation. independent of payroll
 A responsible official preparation.
independent of the recording  Examine payroll for
and authorisation function evidence of approval
should formally approve the by signature of
payroll by signing it. responsible official.
 Documentation of starters  Verify that
and leavers should be documentation for
independently maintained starters and leavers is
(e.g. by the HR department) independently
and periodically compared maintained and
against the payroll. examine the
documentation for
evidence of periodic
comparison to payroll.
 Where employees are paid in

cash, only the exact net
payment amount should be
withdrawn from the bank.
 At least two people should
prepare wage packets before
pay-out. Wage packets must
be kept securely.
 Handing out of cash  Observe the
payments must be witnessed. preparation of wage
 Receipt of wage packet must packets.
be evidenced (e.g. by  Observe payroll
employee's signature). (Note distribution
2) unannounced.
 Uncollected wages should be  Examine a sample of
recorded, placed in safe wage packets for
custody by a responsible evidence of receipt
Cash official and re-banked after a (e.g. employee
payments reasonable period. signature).
 Payments of tax liabilities

(including social deductions)  Examine a sample of
should be agreed to the tax liability payments
Recording source payroll. for evidence of
agreement to source
payroll.
Note:
1. Supervision may be the physical observation of employees arriving at and leaving
the workplace or automated (e.g. swipe-card barriers).
2. Specific written authority should be required for a person to collect a wage packet on
behalf of an employee.

12.7.2 Internal Control Examples and Tests of Control

7.2 Internal Control Examples and Tests of Control
Sample Tests of
 Segregation of duties between:
o Purchasing
o Receiving
o Inventory management
Overall o Despatch o
 See tests of
control related to
goods received
Goods  See internal controls over goods in the purchases
received received in the purchases cycle. cycle.
 See internal
controls over
goods
despatched in
Goods  See internal controls over goods the revenue
despatched despatched in the revenue cycle. cycle.
 Appropriate physical safeguards.

For example:
o Gate controls over  Observe and
access to the warehouse inspect physical
o Environmental controls safeguards.
(e.g. controlled temperature,  Observe regular
fire alarms) physical
o Emergency equipment inventory counts
(e.g. sprinkler systems) and perform test
o Security guards and counts.
CCTV.  Observe
 Periodic (at least annual) physical
comparison of goods on hand (as inspection of
determined by physical count) inventory by
with quantities shown in inventory senior
records. personnel.
 Senior personnel should inspect  Test sequence
inventory for obsolete, slow- of materials
moving, damaged or excess requisitions and
inventories. enquire into
 Raw materials, components, etc those missing.
should be transferred to  Observe
production using pre-numbered segregation of
materials requisitions, and goods sold
Inventory sequence checks should be awaiting
(physical) performed periodically. collection.
 Goods sold awaiting collection or
delivery should be held securely
designated areas.
 Examine a
 GRNs and GDNs are used to sample of GRNs
update inventory records. and GDNs for
 GRNs and GDNs evidenced as evidence of
processed (e.g. stamped) and possession.
filed numerically.  Review the
 Regular physical inventory comparison and
counted, compared "book" v reconciliation of
Inventory actual quantities and investigated book v. actual
records for discrepancies. quantities.

12.8.2 Internal Control Examples and Tests of Control
8.2 Internal Control Examples and Tests of Control
Internal Control
Stage Examples Sample Tests of Controls
 Standardised cheque
requisition form  For a sample of cheques,
should be used. examine the supporting
 Cheques or bank documentation to verify the
drafts should be use of the standard cheque
prepared only after all requisition form and the
Request for source documents independent approval of all
payment have been source documents.
independently
approved.
 Suppliers' statements
should be reviewed
and reconciled to  Examine a sample of
accounts payable suppliers' statements for
records before evidence of review,
Payment payment is reconciliation and
authorisation authorised. authorisation.
 See internal controls

related to cash  See tests of control related
payments made in the to cash payments made in
Cash purchases and payroll the purchases and payroll
payments cycle. cycle.
 See internal controls

related to cash  See tests of control related
Cash receipts from the to cash receipts from the
receipts revenue cycle. revenue cycle.
 Bank reconciliations
should be prepared
regularly (at least
monthly).
 Bank reconciliations
should be
independently
Recording reviewed.

Control objectives for the non-current asset cycle include the control objectives for the
purchases cycle, plus the following:
 To ensure that all material capital acquisitions and disposals are approved by
management or the board.
 To ensure that only asset expenditure is recognised as an asset.
 To ensure that tangible and intangible non-current assets are appropriately
depreciated or amortised.
 To ensure that impairments are identified and accounted for.
12.9.2 Internal Control Examples and Sample Tests of Controls

9.2 Internal Control Examples and Sample Tests of
Controls
Internal controls and tests of controls include the internal controls and tests of controls
for the purchases cycle, plus the following:
Internal Control Examples Sample Tests of Control
 Confirm approval (e.g.

 Annual capital expenditure ("capex") signed capex request or
budgets and material non-current board minutes) for a sample
asset acquisitions approved by the of material non-current
board of directors. asset acquisitions.
 For a sample of material

tangible assets, review
 Detailed asset register including asset register to confirm
asset description, location, acquisition that it is up to date and
date, cost, depreciation/amortisation includes all required
method. information.
 Review asset register for

evidence of regular physical
inspection (e.g. date of
 Periodic inspection of assets and inspection and comment on
comparison with the asset register. physical condition).
 Approval of useful lives and

depreciation/ amortisation methods
used. 
 Regular maintenance and servicing

by suitably qualified engineers. 
 Adequate appropriate insurance (e.g.  Review documentation that

buildings against fire or flood, shows that adequate
equipment against breakdown and appropriate insurance has
vehicles against accidents). been maintained.
 Safekeeping of documents of title

(e.g. title deeds to property kept by
the bank, vehicle registration
documents kept in a locked safe). 
 Observe procedures for
 Procedures for recording physical recording physical assets
assets leaving or being removed from leaving or being removed
the client's premises. (Note 1) from premises.
Note:
1. For example, delivery vehicles leaving and returning to depots or laptop computers
taken from the office to work from home.
Syllabus Coverage
C. Internal Control
3. Tests of controls
1. Describe computer systems controls including general IT controls and information
processing controls.
2. Describe control objectives, control procedures, control activities, direct controls, indirect
controls and tests of control in relation to:
1. The sales system
2. The purchases system
3. The payroll system
4. The inventory system
5. The bank and cash system
6. Non-current assets
Technical Articles
 Auditing in a computer-based environment (s.1)
 Specific aspects of auditing in a computer-based environment (s.1.2)
 ISA 330 and responses to assessed risks (s.2)
 The audit of wages (s.6)

Visual Overview
Objective: To outline the matters to be communicated with those charged with
governance and how significant deficiencies in internal control and recommendations to
overcome those deficiencies are communicated.
13.1.0 ISA 260

1.0 ISA 260
Key Point
Under ISA 260 Communication with Those Charged with Governance, the
auditors should:
Key Point
 communicate clearly with TCWG the auditor's responsibilities for the

financial statement audit, and an overview of the planned scope and
timing of the audit;
 obtain from TCWG information relevant to the audit;
 provide TCWG with timely observations arising from the audit that are
significant and relevant to the auditor's responsibility to oversee the
financial reporting process; and
 promote effective two-way communication between themselves and
TCWG.
An overview of each key point is given below to place them into the context of
communications with TCWG. Full details are provided in the chapters referred to.
13.1.1 Responsibilities
1.1 Responsibilities
The auditor's responsibilities will usually be communicated through the engagement

letter (see Chapter 5). Clarification of management's responsibilities will also be made in
the engagement letter. The detail of the engagement letter should be discussed with
TCWG and signed by them as accepting and understanding its contents.
13.1.2 Form, Timing and General Content of the Audit

1.2 Form, Timing and General Content of the Audit
Although the auditor needs to have good communication with TCWG, it is the auditor's
sole responsibility to establish the scope and timing of the audit; others cannot dictate
this. Matters to be discussed include:
 the consequences of the auditor's work;.
 the entity's business, environment, objectives and strategies (and changes since the
last audit) (Chapters 8, 9);.
 materiality and significant risks of material misstatement (Chapters 8-10);
 approach to and reliance on internal control, including risk management;
 oversight and monitoring of internal control, including reports from management and
internal audit;
 working in a constructive and complementary way with internal audit (Chapter 18);
 detection or possibility of fraud (including whistle-blowing reports) and breaches of
laws and regulations (Chapter 11);
 changes in laws and regulations (e.g. IFRS, governance practice, listing rules) and
any effect;
 significant communications with regulators (if any);
 the specialised skill or knowledge needed to complete the audit, including the use of
an auditor's expert; and
 when ISA 701 applies, any key audit matters identified by the auditor. (ISA
701 Communicating Key Audit Matters in the Independent Auditor's Report is
covered in detail later in Chapter 30.)
13.1.3 Communication of Significant Findings from the Audit

1.3 Communication of Significant Findings from the Audit
The auditor should communicate any views about significant qualitative aspects of
accounting practices, including accounting policies, accounting estimates and
disclosures, for example:
 if any practice is considered inappropriate, the reasons why and any available
alternatives;
 changes made by management that the auditor considers to be inappropriate;
 the effect in controversial or emerging areas;
 indicators of possible management bias (e.g. aggressive application of accounting
policies or estimates that may be considered financial statement manipulation).
Key Point
"Significant" is not defined in ISA 260, and deciding whether a finding is

significant does not require an elaborate evaluation exercise. It is simply a
matter of determining whether, having considered the relevant facts and
circumstances, the issue (or a combination of cases) is sufficiently
important that it should be brought to the attention of TCWG. It is a matter
of professional judgment.
The auditor should also communicate significant difficulties, if any, that were
encountered during the audit, for example:
 delays by management, the unavailability of personnel or an unwillingness to
provide information;
 time and other pressure exerted by management;
 unavailability of expected information;
 restrictions placed on the auditors by management (limitation on scope/insufficient
evidence); and
 management's unwillingness to co-operate with the auditors (e.g. refusal to
communicate).
The auditor may also communicate significant matters arising from the audit that were
discussed or subject to correspondence with management, for example:
 significant matters where there was a disagreement with management;
 control deficiencies (see remainder of this chapter);
 subsequent events (Chapter 29);
 corrected and uncorrected misstatements (Chapter 29);
 doubts on management's integrity (Chapters 5 and 7);
 second opinions secured by management (Chapter 4);
 doubts on continuing appointment (Chapters 5 and 7); and
 written representations (Chapter 20).
Key Point
Any circumstances that affect the form and content of the auditor's report
MUST be communicated to TCWG (Chapter 30).
13.1.4 Auditor Independence

1.4 Auditor Independence
Where the entity is listed, TCWG must be satisfied that the auditors have complied with
relevant ethical requirements (Chapter 4).
This will generally take the form of a statement from the auditors that:
 the engagement team and the firm have complied with relevant ethical requirements;
 identifies all matters that, in the auditor's professional judgment, may reasonably be
thought to bear on independence; and
 the related safeguards that have been applied to eliminate identified threats to
independence or reduce them to an acceptable level.
13.1.5 Two-way Communication

1.5 Two-way Communication
ISA 260 places significant emphasis on the need for the auditor to promote effective
two-way communication with TCWG, as this:
 assists in developing a constructive working relationship between the auditor and
those charged with governance;
 sets clear expectations between the auditor and TCWG regarding communication of
matters of audit relevance;
 recognises that TCWG are an essential element in the control environment;
 assists TCWG in fulfilling their oversight responsibility for the risk management and
financial reporting process; and
 recognises that TCWG is an essential source of information for conducting an
effective audit.
As two-way communication cannot be required, the auditor evaluates whether it is
adequate. If not, this may affect the auditor's:
 risk assessment;
 ability to obtain sufficient appropriate audit evidence;
 consideration of the audit opinion.
Example 1 Communication to Those Charged with Governance
Pratty & Co Chartered Accountants is conducting the statutory audit of TG

Co, a sports facility service provider which manages sports facilities across
the country.
During the course of the audit, Pratty & Co has made the following
communications to those charged with governance of TG Co:
1. The recognition of a provision for damages for a sports injury incurred in
one of TG Co’s sports facilities. Pratty & Co highlights the need to
recognise the best estimate of the liability (in accordance with IFRS),
which might lead to a material change in the amount presented in the
2. There were some issues in the system of internal control regarding the
documentation for cash fees collected for the rental of sports facilities at
specific locations. Some missing documentation led to discrepancies in
reported cash figures and cash counts at some of the sites, and Pratty
& Co could not trace the missing funds. Cash sales are a material
aspect of TG Co’s revenue.
13.2.1 Deficiencies
2.1 Deficiencies
The relevant standard is ISA 265 Communicating Deficiencies in Internal Control to

Those Charged with Governance and Management.
Definition
Deficiency in internal control – exists when:

 A control is designed, implemented or operated in such a way that it is
unable to prevent, or detect and correct, misstatements in the financial
statements on a timely basis; or
 A control necessary to prevent or detect and correct misstatements in
the financial statements on a timely basis is missing.
13.2.2 Significant Deficiencies

2.2 Significant Deficiencies
Definition
Significant deficiency – a deficiency (or combination of deficiencies) that

is of sufficient importance to merit the attention of TCWG.
Examples of matters that the auditor may consider in determining whether a deficiency
or combination of deficiencies in internal control constitutes a significant deficiency
include:
 The likelihood of the deficiencies leading to material misstatements in the financial
statements in the future.
 The susceptibility to loss or fraud of the related asset or liability (Chapter 11).
 The subjectivity and complexity of determining accounting estimates (Chapter 17).
 The financial statement amounts exposed to the deficiencies.
 The volume of activity in the account balance or class of transactions exposed to the
deficiency or deficiencies.
 The importance of the controls to the financial reporting process, for example:
o General monitoring (such as oversight of management).
o Prevention and detection of fraud.
o Selection and application of significant accounting policies.
o Significant transactions outside the entity's normal course of business.
o Period-end financial reporting process (e.g. non-recurring journal entries).
 The cause and frequency of the exceptions detected due to the deficiencies.
 The interaction of the deficiency with other control deficiencies.
Example 2 Control Deficiency
Tralla & Co is performing the audit of Weebli Co. In tests of controls on the
wages system, the auditor found significant control deficiencies in the
wages system, including:
1. Lack of necessary authorisation or authentication to create employee files for
starters and leavers. Wages clerks had full access to all files in the wages
system.
2. A significant number of fictitious employees have been paid regularly.
3. Lack of documentary evidence, such as timesheets, for work done.
4. Wages paid to fictitious employees had been removed from the monthly
wages report sent to management, resulting in accounting entries that do not
reflect actual wages paid.
Tralla &mp; Co concludes that the risk of material misstatement in wages
expense is high and that the control deficiency is important enough to merit
the attention of those charged with governance.
Activity 1 Indicators of Significant Deficiencies
Suggest FOUR examples of indicators of significant deficiencies in internal controls.

 TCWG is not appropriately scrutinising significant transactions that management is
financially interested in.
 Management fraud, whether or not material, was not prevented by the entity's
internal control.
 Management failed to implement appropriate remedial action on significant
deficiencies previously communicated.
 Lack of, or ineffective, risk assessment processes.
 Ineffective response to identified significant risks (e.g. absence of controls over such
a risk).
 Misstatements detected by audit procedures that were not prevented or not detected
and corrected by the system of internal control.
 Restatement of previously issued financial statements to reflect the correction of a
material misstatement due to error or fraud.
 Evidence of management's inability to oversee the preparation of the financial
statements.
13.3.1 Requirement to Report

3.1 Requirement to Report
3.1.1 Significant Deficiencies

The auditor is required to communicate in writing significant deficiencies in internal
control identified during the audit to TCWG on a timely basis.
This communication should be with the level of management that has the authority to
evaluate and take action on the deficiency (usually the CEO or CFO).
Key Point
If significant deficiencies call into question the integrity or competence of

management, the auditor may decide to report such matters to
TCWG only.
TCWG must be made aware (by the auditor) of all matters discussed with management
relating to deficiencies.
Where the entity is subject to a specific regulatory regime, the auditor may be required
to report certain control deficiencies directly to the regulators. In some cases, this may
be without the awareness of TCWG. The auditor must take great care not to breach
legal requirements that restrict such communications (see s.1.9 in Chapter 11).
3.1.2 Other Deficiencies

Deficiencies identified that are not significant, but (using professional judgment) the
auditor considers should be drawn to the attention of management, may be:
 discussed with TCWG if they wish to be made aware of such matters (e.g. under corporate
governance regulations);
 included as a subsection in the written report on significant deficiencies if required by
TCWG; or
 reported (orally or in writing) only to management if considered useful to management.
Where the auditor notes that other deficiencies previously reported have not been acted
upon, there is no need to repeat them in the current year. However, if the non-action is
a significant deficiency in control, it should be reported to TCWG.
13.3.2 Report to Management

3.2 Report to Management
The most common way of communicating significant deficiencies to TCWG and

management is through a report to management (also called a management letter).
The requirement of ISA 265 to inform TCWG of significant deficiencies in writing is
explained in the engagement letter (see Chapter 5).
Key Point
As well as reporting control deficiencies, the report to management may be

used:
 to provide constructive advice on business systems, risk systems and
risk management (e.g. by benchmarking the client's systems against
expected norms as part of the auditor's understanding of the entity and
environment);
 to indicate areas in which audit efficiency could be improved and
thereby reduce audit costs (e.g. extended use of CAATs, preparation of
documents by the client);
 to protect the auditor against potential litigation by showing that
significant deficiencies had been identified and drawn to the attention of
TCWG and management.
3.3 Content
The report to management must be addressed to TCWG (e.g. the board) and not to an
individual director. The auditor should ensure that its contents have been discussed by
TCWG (e.g. as shown by minutes of a board meeting).
The report should be clear, concise, constructive and structured. It will usually consist of
two elements:
 a covering letter; and
 supporting detail and the possible effect of the deficiency, suggestions for corrective action
and management response.
The detail in the letter should not conflict with the opinion expressed in the auditor's
report (e.g. matters in the report indicate that proper books and records have not been
kept, yet the audit opinion is unmodified).
The covering letter should contain statements that:
 The purpose of the audit was for the auditor to express an opinion on the financial
statements;
 Internal controls were considered only to the extent necessary to determine the auditing
procedures and not to determine the adequacy of internal control for management purposes
or to provide assurance or express an opinion on the systems of internal control;
 Only deficiencies in internal control which have come to the auditor's attention as a result of
audit procedures and that are considered to be of sufficient (significant) importance to be
reported are included;
 If the auditor had performed more extensive procedures on internal control, more
deficiencies might have been identified to be reported; and
 The report is provided to TCWG and management in the context of the audit and may not be
suitable for other purposes.
Activity 2 Qualities
Suggest SIX qualities that an audit manager might look for when reviewing a report to
management regarding significant deficiencies in internal control drafted by an audit
senior.
 Timeliness: as soon as possible after the completion of audit procedures.
 Use specific examples to illustrate deficiencies.
 Clear explanations of implications/risks.
 Commercial awareness of the client's expectations.
 Practicable recommendations for improvements.
 Inclusion of prior year points not acted upon, suitably amended.
 Clear, constructive and concise.
 Careful presentation (e.g. "tiered" structure).
 Factual accuracy.
 Evidence of discussion (e.g. inclusion of client's comments).
 No remarks of a personal nature.
13.3.4 Form and Presentation of Supporting Detail

3.4 Form and Presentation of Supporting Detail
Matters may be included in the body of the covering letter, or as a separate appendix.
They will usually be prioritised (e.g. high risk first, lower risk following; in other words,
significant matters first, and then other matters). They may also be categorised into
audit sections (e.g. sales, inventory, receivables).
A common structure of the recommendations covers:
 The description of each deficiency is concise,

but specific, and the extent of the error is
Explanation/details quantified where appropriate.
 Expressed in terms of the financial statements
(e.g. they could contain errors in the future) or
the entity's assets (e.g. future financial loss
may result). It should not imply that such
errors have led to financial loss unless they
have been quantified or that any employee
has taken advantage of the deficiency unless
Consequence/impact such action has been quantified.
 How each deficiency could be eliminated.

Recommendations must be practical,
beneficial and cost-effective to encourage
Recommendation management to adopt them.
 If points have already been discussed with

TCWG/ management, include agreed-upon
Management actions. Otherwise, request a reply to the
response points raised.
All matters raised should normally be in writing. However, if a written report is
considered unnecessary, inappropriate or not cost-effective, the matter should be
discussed with the client and recorded as audit evidence in the working papers. Ideally,
a copy of the note should be sent to the client for confirmation and response.
3.5 Follow-up
Once issued, the response of TCWG/management should be obtained as quickly as

possible and assessed for its effect on the next stage of the audit (e.g. if
recommendations can be implemented before the year-end and final audits). All matters
that would affect TCWG/management carrying out their duties should be resolved
before the financial statements are approved by management. Similarly, any issues
affecting the audit opinion must be resolved before the opinion can be issued. All other
issues should be documented as part of the working papers within 60 days of the issue
of the auditor's report (ISA 230 Chapter 6).
Prior-year communications should be reviewed as part of the planning for the current
audit. If controls have been implemented, their design, implementation and potential for
testing must be assessed.
Activity 3 Deficiencies and Recommendations
You are the auditor of Homecontrols, a company which manufactures components for
domestic appliances. It operates a perpetual inventory system and performs quarterly
physical inventory counts, amending the perpetual inventory records to reflect actual
quantities counted.
During your interim visit, you review the results of the last physical count. Several high-
value items included in the records were not in inventory. Also, returns from customers
were added to physical inventory but are not recorded in the perpetual inventory
records.
Required:
Draft, for inclusion in a report to management, the identified deficiencies,

possible implications and recommendations to address them.
Deficiencies
 Authorised inventory movements (e.g. customer returns) may not be recorded.
 Possibility of unauthorised inventory movements/misappropriation/theft.
Implications
 Records are unreliable for year-end inventory figures.
 Management decisions (e.g. to place orders/make sales) are based on unreliable figures.
 Receivables will be overstated if returns are not accounted for.
 Unexplained inventory losses represent financial loss.
Recommendations
 Improve physical security (e.g. with gate controls).
 All movements to be accompanied by a sequentially numbered document.
 Prohibit unauthorised movements: need a responsible person in charge of stores.
 Monthly physical counts until the problem is resolved.
Activity 4 Internal Control Deficiencies
Miller Co is a pharmaceutical manufacturer. The purchasing department is managed by

Mr Wurm, the buyer, and his assistant Walter Green. The value of purchases annually
is about $3 million. When goods are required, the inventory records clerk, Frederica,
sends a purchase requisition to Mr Wurm, who requires Walter to type out a purchase
order. Walter manually enters a sequential number onto the purchase order and
photocopies the order. The original is sent to the supplier, and a copy is kept in a file.
When the goods arrive, they are stored in the warehouse, and the supplier's despatch
note is sent to Walter from the warehouse supervisor. Walter then marks off the items
received on the order and sends the despatch note to Frederica. She uses it to update
the inventory records before filing them in chronological sequence.
Required:
a. Identify FIVE deficiencies in the system and state their implications.

b. Suggest recommendations to improve the system, assuming that Miller Co has
sufficient resources to implement suitable recommendations.
Deficiency Implication Recommendation
 Use pre-numbered
purchase orders to
ensure that all
orders can be
sequentially
controlled (including
those that are
cancelled before the
order despatch).
Regular sequence
Purchase  Orders could be placed on checks should be
orders are duplicated purchase order carried out to
numbered numbers. These could be identify unfulfilled
manually. placed with a supplier orders to take
without authorisation. appropriate action.
 Multi-part, pre-
numbered order sets
should be used:
1. Retained in the
purchasing
department;
2. Sent to the
inventory clerk to
confirm the order
Only a has been placed;
photocopy of  If a copy is not made or is 3. Sent to the
the original subsequently altered, warehouse; and
purchase incorrect quantities of 4. Sent to the
order is made. goods or incorrect goods accounts
may be accepted. department
 The warehouse
should receive a
copy of the
purchase order.
 The warehouse
The manager should
warehouse  The warehouse may agree goods
has no accept goods that have received (description
notification of not been ordered. This and quantity) to an
what has been would incur additional authorised purchase
ordered. liabilities and costs in order before
returning goods. accepting them.
 Incorrect prices charged  The agreed price for

Orders do not by suppliers may go the goods ordered
show the unnoticed and result in (e.g. according to
agreed price overpayment for the the supplier's
of the goods goods received. catalogue) should
from the be recorded on the
supplier. purchase order. A
higher price on a
purchase invoice
can then be
disputed.
 Mr Wurm should
sign orders as
evidence of
authorisation. This
should mean that
the goods are
 Unauthorised or incorrect required (e.g. from
Purchase purchases could be made, requisitions,
orders are committing the company budgets, inventory
placed without to goods it does not records) and that the
authorisation. require or unfavourable price is agreed
payment terms. upon.
 Goods should be
physically inspected
by the warehouse
supervisor and
agreed to the
purchase order
before acceptance.
 The warehouse
supervisor should
complete a pre-
numbered, multi-part
Goods Received
Note (GRN):
1. to update order
files so that
outstanding
orders can be
 The company may incur identified;
Goods are liability for goods that 2. to be agreed to
stored on have not been ordered the purchase
receipt before (e.g. an over delivery) or invoice; and
any checks are damaged. Costs will 3. to update the
are made. be incurred unnecessarily inventory
to rectify such situations. records.
Inventory  Inventory records

records are  Inventory records will be should be updated
updated inaccurate if goods and/or based on actual
based on quantities according to the goods received as
suppliers' despatch notes do not confirmed by the
despatch agree to those physically GRN raised by the
notes. received. warehouse
o Understated supervisor.
inventory quantities
may result in goods
being ordered that are
not needed (incurring
costs of holding
unnecessary excess);
o Overstated
inventory quantities
may result in "stock-
outs" (incurring costs
of emergency
replenishment).
13.3.6 Interested Third Parties

3.6 Interested Third Parties
The auditor cannot disclose the detail of the report to management to any third party
without the client's consent, as it is confidential information. A disclaimer/caveat would
normally be included in the report, stating that:
 the report has been prepared for use by TCWG/management (or other specific
named party);
 the written consent of the auditor is required for the client to disclose the information
to another party;
 the auditor has no responsibility to third parties.
Example 2 Specimen Report to Management
The Board of Directors

Revup Automotives Per. Schorsa, 777
Rada Str, 56A Oceanana, 030598
Oceanana, 010145 21 May 20XY
To those charged with governance and management.

20XY Interim Audit
During our recent interim audit for the year ending 30 June 20XY, we
examined the controls and procedures that you have established to provide
reasonable assurance about the achievement of the company's objectives
with regard to the reliability of financial reporting, the effectiveness and
efficiency of its operations, and compliance with laws and regulations.
Example 2 Specimen Report to Management
As stated in our engagement letter of 1 August 20XX, and reaffirmed at our

meeting on 26 April 20XY, we are writing to you to draw your attention to
those matters that have come to our attention as a result of our audit
procedures and that we consider to be of sufficient importance to be
formally reported to you. These matters are set out in the attached
appendix together with our suggestions on how internal controls could be
improved.
It must be appreciated that the matters dealt with in this letter came to our
notice during the conduct of our normal audit procedures which are
designed primarily to enable us to express an independent opinion on the
financial statements of the company. Consequently, our work did not
encompass a detailed review of all aspects of the control systems and
cannot be relied upon necessarily to disclose all defalcations or other
irregularities or to include all possible improvements in internal control. In
particular, our work does not determine the adequacy of internal control for
management purposes or provide separate assurance, or enable us to
express an opinion, specifically on the system of internal control.
As confirmed by the finance director and chief accountant in our meeting
with them on 15 May 20XY, all of these matters have been discussed by us
with them, and they are in broad agreement with the recommendations
made.
This report has been prepared for the sole use of those charged with
governance and management (i.e. the board and audit committee) of
Revup Automotives in the context of our audit of the company's financial
statements. No responsibility is accepted to yourselves or other third
parties without prior knowledge and agreement with yourselves and those
parties in writing, for any alternative use of this report.
We look forward to formally hearing from you regarding the action that you
intend to take concerning the matters raised in this report.
Finally, we should like to take this opportunity to thank your staff for their
co-operation and assistance during the course of our audit.
Yours faithfully
A, B & C Chartered Certified Accountants & Registered Auditors
Deficiency Impact Recommendations
Hours worked by service employees
 The total hours  Employees may  The service manager

worked by service be paid for work should review and
employees that they have not authorise the computer
(including done (e.g. if other time schedules as an
overtime) are not employees input accurate record of time
independently their time card spent working by
verified and and code on service employees.
authorised. arriving and  He should also
leaving the regularly review the
premises on their security recordings
behalf). showing employees
inputting their time card
and code to check for
potential abuse (e.g.
more than one card
being used).
Goods received
 All goods received

should be checked for
quantity, quality and
agreement to the
purchase orders.
 Financial loss  Any goods received
would occur if, for note sent to accounts
example, the (to await the purchase
goods received invoice) should be
were not ordered returned to the goods
or were not of the received department if
right quality. not authorised or not in
Using poor quality agreement with the
 Goods received goods may result copy purchase order
notes are not in customer already held by
always authorised claims against the accounts. The financial
to show that firm. From our accountant should
details have been tests carried out, follow up any such
agreed to we estimate that instances to ensure
purchase orders 60% of goods appropriate action has
and that the received are not been taken (e.g.
quantity and being agreed to correctly authorised or
quality of the purchase orders poor quality goods
goods have been or physically returned to the
checked. checked. supplier).
Data security
 Although our tests did
not find any errors, the
password system
should be reactivated
immediately following
the recommended
approach of the system
designers (e.g. at least
 Because the 12 characters in length,
password facility a mix of upper and
has been lower case, alpha and
disabled, anybody numeric characters, not
can access the a dictionary word or
system without valid date).
authority and, for  Passwords should be
example, change remembered and users
 There is no or corrupt data should not write them
access security (e.g. add non- down where they can
for the computer existent easily be found (e.g.
terminals in the employees or under the keyboard or
wages increase wage on the side of the
department. rates). computer monitor).
Syllabus Coverage

C. Internal Control
2. The use and evaluation of systems of internal control by auditors
2. Evaluate internal control components, including deficiencies and significant deficiencies in
internal control.
4. Communication on internal control
1. Discuss the requirements and methods of how reporting significant deficiencies in internal
control are provided to management and those charged with governance.
2. Explain, in a format suitable for inclusion in a report to management significant deficiencies
within a system of internal control and provide control recommendations for overcoming
these deficiencies to management.
3. Discuss the need for auditors to communicate with those charged with governance.
Technical Articles
to this chapter.
Visual Overview
Objective: To describe the role, scope and functions of internal audit and the nature
and extent of internal review assignments.
1.1 Internal Audit
Definition
Internal audit – an independent, objective assurance and consulting

activity designed to add value and improve an organisation's operations. It
helps an organisation accomplish its objectives by bringing a systematic,
disciplined approach to evaluate and improve the effectiveness of risk
management, control and governance processes.
–Institute of Internal Auditors IIA
Key Point
One of the primary responsibilities of the audit committee is to monitor and review
the effectiveness of the internal audit function.
This definition usefully outlines the relationship between internal audit and the
management of an entity. Key elements that have not been covered already in this text
are:
 Organisations exist to create value or benefit their owners,
other stakeholders, customers and clients.
 When gathering data to understand and assess risk, internal
Add value auditors gain insight into operations and opportunities for
improvement that can benefit the organisation.
 Any action taken by management, the board, etc to

Control enhance risk management and increase the likelihood that
established objectives and goals will be achieved.
 Present if management provides reasonable assurance

that:
Adequate o risks have been managed effectively; and
control o goals and objectives will be achieved efficiently
and economically.
Governance  The procedures used by stakeholder representatives to

process provide oversight of risk and control processes administered
by management.
14.1.2 Assessing the Need for Internal Audit

1.2 Assessing the Need for Internal Audit
When the board and senior management are sufficiently close to the business and the
systems are not so complex, the following sources of assurance about the way the
business is operated may prove to be adequate:
 the views of, and representations from, executive directors and senior managers;
 the views of other employees through, for example, a self- assessment process;
 results of management's internal confirmation procedures;
 regular information on financial and operational matters;
 performance indicators;
 early warning mechanisms;
 external auditor's reports to management;
 reports of any relevant external regulators; and
 reports (if any) from relevant internal compliance functions.
Key Point
Where there is no internal audit function, the audit committee should

consider annually whether there is a need for an internal audit function.
However, management's time and attention can be significantly stretched as

organisations grow and:
 become more geographically diverse;
 business is undertaken in new environments (e.g. e-commerce);
 develop new products and competitive pressures increase;
 systems become more complex; and
 change is the norm.
In particular, when a company becomes listed, the demands placed on management for
transparency and effective running of the business by the stakeholders are significantly
increased.
Many stock exchanges require listed companies to have an internal audit function or
explain why they do not in their annual reports.
Key Point
The reasons for the absence of an internal audit function should be explained in
the relevant section of the annual report.
Activity 1 Assessing Need for Internal Audit Function
Suggest additional matters which directors might consider when assessing the need for
an internal audit function.
 Corporate structure and the degree of autonomy of each business unit.
 Overall corporate culture and management's philosophy.
 The company's appetite for risk or its ability to tolerate risk.
 Overall control environment.
 Changes in organisational structure (including delayering), reporting processes and/or
underlying information systems.
 Changes in key risks arising from:
o changes in internal processes (e.g. product or service lines or entry into new
markets);
o alterations in external factors (e.g. regulatory requirements).
 Complexity of the company's systems, especially IT systems.
 The number of moderate- to high-risk areas which are not appropriately controlled.
 Deteriorating trends in the system of internal controls evident from the existing monitoring
systems.
 Concerns about the level of "risk and control awareness" and the need to educate senior or
middle management or staff.
 An increased incidence of unexpected or unacceptable results or occurrences.
 The views of the company's external auditors
14.1.3 Relationship Between External and Internal Auditors

1.3 Relationship Between External and Internal Auditors
External Internal
 To provide an
independent
opinion (in a  To appraise, examine and
report) on financial evaluate organisational
statements activities and assist
(see Chapters management in discharging its
Role 1 and 30). responsibilities.
 Management, usually in larger

organisations, will be
urged/required by best
practices (e.g. governance
codes) to continually review
Required by  Statute (typically). the need for internal audit.
 Highest level of management

charged with responsibility for
 Shareholders internal audit (e.g. audit
Appointed (usually at an committee under corporate
by AGM) or directors. governance codes).
 Shareholders  For listed companies, usually

(primary statutory the audit committee under
duty) and corporate governance codes.
Reports to management For other companies, the
External Internal
(professional highest level of management

responsibility). charged with governance (e.g.
the board).
 Financial  Organisational risk

statements. management, internal control
Primary and quality of performance.
responsibility is of The focus is operational as
Reports on a financial focus. well as financial.
 Effectiveness of risk
management strategy and
operations, operation of
corporate governance,
adequacy and effectiveness of
internal control and other
 Financial business functions contribute
statements to the economical, efficient
Forms “present fairly” (or and effective use of resources
opinions on equivalent). (see s.3).
 Independent of the  Employee (therefore

Status client company. potentially less objective).
 Usually ACCA,  May also be members of other

ICAEW, ICAI or professional bodies (e.g. IIA)
Qualification ICAS. or unqualified.
 Unlimited, to fulfil
a statutory
obligation. Usually
defined by
Scope of legislation as well  Prescribed by management,
assignment as ISA. TCWG or audit committee.
 Similar, Standards for the

Professional Practice of
Conduct of  In accordance with Internal Auditing, including
audit ISAs, for example. ethics.
14.2.1 Role in Corporate Governance
2.1 Role in Corporate Governance

Internal audit provides the board with assurance that it is maintaining sound risk
management and a system of internal controls to ensure:
 appropriate risk management and mitigation;
 the effective operation of controls;
 assets are safeguarded; and
 the integrity of financial information.
2.2 Scope of Function
The objectives and scope of an internal audit function, the nature of its responsibilities
and its organisational status vary widely, but typically include the following:
 Understand the key risks (including fraud) and assess the adequacy of the
processes by which these risks are identified, evaluated and managed.
 Review the sufficiency of the information and the adequacy and operation of controls
used to manage those risks.
 Assess the reliability and integrity of key financial and operating information and the
means used to identify, measure, classify and report such information.
 Review the processes and systems to ensure adherence with those policies, plans,
procedures, laws and regulations which could affect the company and determine
whether it complies.
 Review the means of safeguarding assets and other essential resources, especially
information in hard copy or on computer systems, including business contingency
plans and the security of computer systems.
 Review operations or projects (including systems under development) to ascertain
whether results are consistent with established objectives and goals, and whether
the operation or projects are performing as planned.
 Monitor corrective action plans to ensure that management implements them
promptly and effectively.
 Advise management on cost-effective controls for new systems and activities.
 Liaise with TCWG (e.g. the audit committee) and the external auditors (as
necessary).
Key Point
In summary, internal audit encompasses:

 Risk assessment;
 Assurance on controls;
 Compliance;
 Integrity of financial information;
 Safeguarding assets.
14.2.3 Limitations
2.3 Limitations
 Without the full support of management and TCWG the authority of internal audit
and the scope of its work may be severely limited.
o Internal audit may not be allowed to operate as an independent function.
o Scope of work may be limited by executive management.
o Reporting lines do not ensure that appropriate action will be taken.
o Internal audit is denied access to key personnel and information.
 The effectiveness of the internal audit function can be limited if management is over-
reliant on internal audit to the extent that internal audit does not have the time and
resources to fulfil its proper purpose.
 The high cost of setting up and maintaining may not be justifiable.
 Management may ignore reports or recommendations.
14.2.4 Structure of Function

2.4 Structure of Function
As an internal audit department is not a legal requirement, there is flexibility in

establishing the function to best meet the needs of the organisation.
As previously noted, independence is a key issue. Internal auditors are often employed
by the organisation on which they report and managed as part of the finance
department. This creates a potential problem where they are expected to report on
systems they form a part of.
How the department is structured within the organisation is, therefore, an essential
safeguard in preserving the independence of the function. The structure is also vital in
ensuring that the department provides assurance effectively.
An appropriate structure should include the following features:
 A sufficiently qualified and experienced head of internal audit should report directly
to the audit committee (or to the board if there is no audit committee).
 Other departments should regard the internal audit department well. This will be
achieved through communication and education regarding its role. This should come
directly from the board through the organisational culture and “tone at the top” as
well as from the internal audit team:
o The internal audit team should be friendly and approachable;
o Organisational processes should ensure that the internal audit team is
given full access to records, systems and staff throughout the organisation;
o The board should encourage co-operation and communicate the benefits
of internal audit, creating a pro-audit culture.
 A whistle-blowing function to allow serious misconduct to be reported, in confidence,
to internal audit for investigation and, where appropriate, reporting to the appropriate
authorities.
 The scope of internal audit work should be set by the audit committee or the head of
internal audit.
 Controls should be established to prevent self-review by internal auditors. For
example, a team member who provides advice about the set-up of a new system
should not be involved in the subsequent audit of that system.
 The internal audit department should be sufficiently resourced, both financially and
in terms of qualified and experienced staff
 The department must be well organised with well-developed working practices
Example 1 Internal Audit
Verely Co operates an internal audit (IA) function; its scope covers both
financial and operational aspects of Verely’s business processes. Verely
Co’s IA reports directly to its audit committee.
Verely Co’s IA has recently completed its audit of Verely’s procurement
process. Of 329 significant procurements, 18 did not comply with Verely’s
risk processes (e.g. three independent quotations, declaration of no conflict
of interest, and a post-delivery review before payment). The IA’s report was
given to the audit committee for action and control.
Verely’s IA also completed an audit on inventory handling for high-value,
environment-sensitive inventory items. It found that there was not enough
documentation nor management oversight of handling processes to
complete the audit trail in 128 instances during the year, which resulted in
14 units found missing, with a further 20 units found to be in the wrong
storage facility, and 12 units damaged and unusable.
An alternative approach is to outsource the internal audit function.
14.3.1 Meaning
3.1 Meaning
Definition
Outsourcing – the process of contracting out one or more elements of

operations to a service provider outside of the organisation's management
structure.
A third-party service provider delivers services for and in the name of the organisation in
many cases.
Outsourcing may also be referred to as "contracting out", "third party provision" and
"service provision".

3.2 Internal Audit
The practice of outsourcing internal audit has increased as the need for internal audit
has increased (e.g. to better meet the requirements of corporate governance):
 Smaller companies may outsource because they do not have the resources to set
up their own department.
 Larger companies may decide that resources are best used elsewhere and not
invest in this non-core (though essential) area.
 Specialised internal audit providers and the "global" and other accounting firms offer
such services.

Factors to be considered in deciding whether to outsource internal audit include:

 Whether there is a need to outsource. For example:
o In a high-growth or highly regulated industry where the demands on
internal audit are increasing.
o If the company is struggling to recruit and retain sufficiently skilled
professionals to maintain an effective internal audit function in-house.
 What to outsource – the whole of internal audit services or specific functions (e.g.
environmental auditing)?
 What (and who) to retain – the head of internal audit may be retained as an
employee (to keep a high level of responsibility in the company)?
 Terms of reference:
o What services will be provided?
o Whom does the service provider report to?
o What form will reports take?
o What action will be taken if problems occur?
o How will fees be determined and charged?
Key Point
The audit committee must consider the effect of outsourcing internal audit
on the effectiveness of the company’s overall arrangements for internal
control and investor perceptions.
14.3.4 Benefits
3.4 Benefits
 Reduced costs – a company with an in-house internal audit service must pay
salaries, training and overheads. Although contractor's fees will be set to cover
these, there may be economies of scale. The company would only pay for resources
when required so the total cost may be cheaper.
 Consistency with external audit – if outsourced to the external auditors, there may
be greater consistency in approach. As external audit may be able to place more
reliance on internal audit (see Chapter 18) the company would benefit from a lower
fee.
 Skills – outsourcing provides access to new skills. External providers will have a
broader range of skills and experience from auditing other companies.
 New techniques – both the internal and external audit markets are very competitive.
This encourages firms to develop new techniques which are more efficient and
effective (e.g. data analytics). Contracting out gives the company access to these
techniques without a high level of investment.
 Management time – time and resources can be freed to concentrate on core areas
of the business.
 Liability – legal action may be brought against an external service provider if its
standards are not acceptable.
14.3.5 Disadvantages to the Company

3.5 Disadvantages to the Company
 Skills – an external contractor may lack the specialist skills relevant to a company
that an in-house service will possess. Once a contractor is brought in, these skills
may be lost forever.
 Service constraints – the service provider will need to act according to the terms of
reference. It may be unable to follow up suspicious circumstances beyond the duties
specified without renegotiating the terms of reference.
 Flexibility – an in-house department will provide a permanent presence, whereas
contracted-out services may only be at the company for discrete periods.
Outsourcing may result in reduced staff availability and flexibility.
 Conflicting reporting lines – internal audit should report to the company's audit
committee or board of directors. However, as an employee of the internal audit
provider, the employee may be expected to report to the management as a client.
 Standard of service – once an external provider has secured the contract, the level
of service provided may fall.
 Corporate culture – contracting out any service involves a change to corporate
culture.
14.3.6 Service Provider Issues

3.6 Service Provider Issues
 Skills – the service provider must have the appropriate skills and expertise to
undertake the internal audit role. Although there are overlaps between internal and
external audit, internal audit usually fulfils a broader role.
 Staff management – undertaking internal audit functions may improve staff
management where the service provider is an audit/accountancy practice. Internal
audit work may be conducted with fewer external audit engagements during slacker
times.
 Effect on external audit – although there are overlaps, internal and external audit
roles are different. If the same firm performs both roles, the distinction could become
blurred. This could lead to a reduced level of service overall and a lower level of
credibility attached to the external auditor's report.
 Independence issues – outsourcing increases independence, as an in-house
department can never be truly independent. The service provider’s staff are more
likely to rotate, so close relationships are less likely to form.
 Drawbacks – the external provider could become dependent on the client. The risk
is particularly significant where the internal auditor is the external auditor.
 Restrictions – although there are no legal restrictions on outsourcing internal audit
to a third-party service provider, legal or ethical standards may restrict this practice
to prevent external auditors from acting in client roles. For example, statutory
auditors are precluded from serving as the internal auditor to clients whose financial
statements they certify in many countries (e.g. United States, France, India, Italy,
New Zealand and Norway).
14.4.0 Introduction
4.0 Introduction
As already stated, the primary purpose of internal auditing is to evaluate and improve
the effectiveness of risk management, control and governance processes. However, the
broad focus of internal audit and the diverse skills of internal auditors mean that many
other assignments may be undertaken by internal audit. This section covers the
assignments that are specifically mentioned in the AA syllabus.
14.4.1 Value for Money(VFM)

4.1 Value for Money(VFM)
Definition
Value for money auditing – the evaluation of management's

achievements in terms of the economy, efficiency and effectiveness (the "3
Es") of operations.
 Concerned with obtaining specified resources (i.e.
inputs such as material, finance, human, time) at the
Economy lowest cost.
 The achievement of either:

o the maximum output (at a given quality) from
a given input; or
o a given output (at a given level of quality)
Efficiency from the minimum input.
 The achievement of outputs which meet

Effectiveness management's objectives.
Value for money (VFM) audits are carried out to ensure that corporate resources,
shareholders' funds or taxpayers' contributions are not wasted. Whether VFM has been
achieved can only be judged by comparison with an external or internal benchmark.
Internal audit can report on:
 unnecessary spending (e.g. overtime guaranteed when work is completed during
regular hours);
 misdirected spending (e.g. capital expenditure outlay on lower-quality assets
requiring a higher level of revenue expense quality);
 over-priced spending (e.g. discounts are unclaimed); and
 under-recovered revenue (e.g. failure to collect on disposals of assets).
 Economy and effectiveness are
 Management attention is focused often opposed (e.g. saving
on economy and efficiency but this money compromises quality).
is tempered by the need for  It is difficult to balance short-
effective performance. term and long-term benefits;
 It promotes the use of savings now may lead to
performance indicators. additional costs in the future.
 It should eventually lead to self-  Savings in one area may
measurement with audit only used create additional costs in
to compare performance between another area.
business units objectively.  Once performance indicators
 Although VFM audit is often used have been established, the
to promote cost savings, it may audit work is routine and not
identify revenue opportunities. challenging.
None of the disadvantages of a VFM audit are insurmountable, but overcoming them
requires active management.
14.4.2 Best Value

4.2 Best Value
Definition
Best value – a duty to deliver services to clear standards – covering both

cost and quality – by the most effective, economic and efficient means
available.
The best value audit has evolved from VFM auditing in the public sector and local and
central government. It seeks to secure continuous improvement in how its functions are
exercised regarding economy, efficiency and effectiveness. It incorporates the "4 Cs":
Challenge  Why and how a service is provided.
 Local taxpayers, service users, partners and the wider

Consult business community in setting new performance targets.
 Benchmark against the performance of others across a

Compare range of relevant indicators to aim to improve.
 Consider fair competition as a means of securing efficient

Compete and effective services.
14.4.3 IT Audit
4.3 IT Audit
Information systems are pervasive in most organisations and would, in most cases, be
considered a significant risk through, for example:
 no IS strategy or a strategy that does not fit the business strategy;
 poor project management;
 poor system design (including controls) development and implementation;
 acceptance of an inappropriate system;
 significant expenditure for a system that does not deliver;
 poor security, transaction integrity and process alignment;
 corruption of data used for decision-making;
 access to sensitive information by unauthorised personnel;
 unexpected (non-scheduled) downtime;
 breaches of laws and regulations; and
 no (or inappropriate) disaster recovery procedures.
4.3.1 Information Systems Auditing

The primary role of internal audit will be to review and report on all aspects of IS in the
organisation (e.g. ensure that the controls and systems operate as intended).
 Information processing controls (i.e. controls to ensure completeness, accuracy, security
and effectiveness of processing) exercised over input, output, processing, computer files
and master files; and
 General installation controls (i.e. controls over the acquisition, development, maintenance
and operation of computer-based systems).
4.3.2 System Development Project Audit

The deliverable of a systems development project is a new information system. The
primary purpose of auditing a system under development is to ensure that:
 adequate, effective controls are built into the system;
 complementary manual controls are designed to ensure adequate and effective internal
controls over the business system as a whole; and
 the most efficient combination of manual and automated, preventive and detective controls
are designed and implemented.
In addition, internal audit can:
 provide assurance that IS projects are being effectively and efficiently managed; and
 carry out appropriate testing to ensure that the deliverable from each stage meets the
specifications of that stage.
14.4.4 Financial Processes Audit

4.4 Financial Processes Audit
The financial process audit is the traditional role of internal audit. Accounting and
financial processes include:
 receiving value from sales transactions, disposals of assets, investments (interest
income);
 "bought ledger" processing (of invoices for goods/services before suppliers are
paid);
 treasury functions;
 supplying financial and management information;
 appraising new business; and
 developing and maintaining accounting systems and financial controls.
The purpose of the accounting and financial process audit is to review all available
evidence to substantiate the information in management and financial reporting by
ensuring:
 the completeness and accuracy of recorded transactions;
 assets are safeguarded;
 that complete, accurate and relevant information is provided on a timely basis; and
 that accounting and finance functions are managed efficiently.
14.4.5 Regulatory Compliance

4.5 Regulatory Compliance
Definition
Regulatory compliance – adhering to the rules and regulations applicable

to an activity prescribed by an external agency or authority.
Violations of regulations expose organisations to the risks of legal penalties, regulatory
sanctions and loss of reputation.
Where this risk is significant (e.g. in larger organisations generally and in regulated
industries in particular) management may implement a regulatory compliance
framework, through a compliance officer, that includes a compliance methodology,
policies and procedures.
The purpose of a regulatory compliance audit is to provide assurance to the board that
internal controls are in place to ensure adherence to regulations, reducing the risks
associated with non-compliance.
The specifics of the assignment will depend on the industry but will include, for example:
 Confirming that the chief compliance officer report to the executive team;
 Reviewing the most recent compliance standards, policies and procedures to
confirm the existence, level of detail, clarity, that they are up-to-date and have been
authorised by senior executives;
 Confirming that suitable training programmes are in place to ensure that employees
are aware of their compliance responsibilities;
 Interviewing employees to ensure that they are clear about their responsibilities; and
 Confirming enforcement of standards, policies and procedures (e.g. disciplinary
procedures).
Examples of regulated industries include oil and gas, pharmaceuticals, financial
services, car manufacturing, transportation and fishing.
14.4.6 Fraud Investigations

4.6 Fraud Investigations
4.6.1 Nature and Purpose

When there is an allegation or suspicion of fraud, management (or TCWG, if
management may be involved) will decide how to proceed and investigate it.
The main objectives of a fraud investigation are generally:
 To verify the facts;
 To determine responsibility and accountability;
 To make recommendations to prevent re-occurrence or detect fraud more quickly.
It may be conducted by:
 an internal investigative group (e.g. from internal audit) established on a needs basis;
 a permanent internal fraud investigation department (e.g. a credit card fraud department in a
bank); or
 outside counsel (i.e. outsourced).
4.6.2 Benefits of Internal Investigation

 It can help determine the extent of potential liabilities and losses by gathering relevant
information and facts. Internal audit must have access to all records and authority to
investigate throughout the company.
 It may result in partial or complete recovery of losses, prevent future losses and help
mitigate other potential consequences.
 It may reduce the likelihood or scope of a separate investigation by a regulatory authority.
 It may improve the public perception that management understands the potential
misconduct.
 It can assist in developing and implementing plans to address internal control deficiencies
and other issues identified during the investigation.
14.4.7 Customer Experience

4.7 Customer Experience
Customer service is just one of many examples of a business function that may be
reviewed by internal audit. Other examples include health and safety, human resources
and social media.
Definitions
Customer service – the sum total of what an organisation does to meet

customer expectations and produce customer satisfaction.
Customer experience – what a customer feels and remembers about the
customer service received.
– Institute of Customer Service
Many organisations seek to improve customer experience to retain existing customers
and acquire new ones. Poor customer experience may result in a loss of potential
revenue; for example, if the experience is not consistent and seamless (e.g. customers
should not notice handoffs between departments).
A customer experience review by internal audit generally focuses on the customer
support function and includes:
 An evaluation of policies and procedures to determine how well commitments to
customers are met.
 An assessment of the suitability of the metrics used to measure customer
experience and the accuracy of this reporting. For example:
o Shopping cart abandonment;
o Net Promoter Score (% of customers who would recommend);
o Frequency of visit (i.e. repeat visits by a single customer over time);
o Customer churn rate (% of customers who do not make a repeat purchase
or cancel a service).
4.8 Operational Audit ("Process-Based" Audit)
This is an audit of the operational processes (primary activities and support activities) to
ensure that management has:
 adequate controls and other risk management measures in place to achieve
business objectives (risk management) economically and efficiently; and
 adequate routine assurances which inform them that controls and risk management
measures are effective.
Operational audits may be wholly performance-based or compliance-based or include
elements of both approaches:
 Performance– based – processes or activities are evaluated to draw conclusions on
the adequacy of the products and effectiveness of the processes associated with
those products.
 Compliance– based – use investigation, discussion, observation, examination or
evaluation to determine the adequacy of and systems compliance with established
procedures and the effectiveness of systems implementation (similar to the systems-
based audit approach, but applied to all controls).
14.5.1 Primary Purposes

5.1 Primary Purposes
The purpose of internal audit reports will be driven by the terms of reference of the
assignment. Mostly, they:
 provide management with an opinion (e.g. on the adequacy of the system of internal
control); and
 inform management of significant findings, conclusions and recommendations arising from
the work carried out.
Depending on the type of report issued, the aim of the report would be:
 to provide appropriate assurance to management or recommendations to enhance business
performance;
 to prompt management action to implement recommendations for change leading to
improvement in performance and control; and
 to provide a formal record of points arising from the assignment and, where appropriate, of
agreements reached with management.
Activity 2 Business Performance Reports
Suggest differences between a review report of business performance and a report on a

systems compliance review.
 Are effectively consultancy in nature, style and approach.
 Have a greater focus on performance, objectives and processes rather than risks and
controls.
 Deal with improvements to be made rather than mistakes already made.
 Recommendations concentrate on improvements rather than on actions to address
mistakes found.
14.5.2 Reporting Arrangements

5.2 Reporting Arrangements
5.2.1 Format and Distribution

The format and distribution of internal audit reports should be agreed with management.
The head of internal audit should ensure that reports are sent to managers who have a
direct responsibility for the unit or function being audited and who have the authority to
take action on the recommendations.
Internal audit reports are confidential documents and their distribution should be
restricted to those managers who need the information, the audit committee and the
external auditor.
While the internal auditor may clear minor matters that do not indicate a consistent or
systematic weakness with staff members directly involved, matters of consequence
should be reported formally in writing to management.
5.2.2 Timing
An interim report, orally or in writing, should be made where:
 it is necessary to alert management to the need to take immediate action to correct a
significant deficiency in performance or control;
 there are reasonable grounds for suspicion of malpractice;
 there is a significant change in the scope of the assignment; or
 is desirable to inform management of progress.
Interim reporting does not diminish or eliminate the need for final reporting.
Before issuing the final report, the internal auditor should:
 discuss its contents with the appropriate levels of management;
 include management comment where necessary; and
 obtain management's confirmation of factual accuracy.
It is management's responsibility to ensure that proper consideration is given to internal
audit reports. The internal auditor should ensure that:
 appropriate arrangements are made to determine whether action has been taken on internal
audit recommendations; or
 management has understood and assumed the risk of not taking action.
14.5.3 Structure of the Report

5.3 Structure of the Report
Unlike the external auditor's report, there are no formal structures for an internal
auditor's report. As for any business report, the structure of the report suits its purpose
be it formal, informal, a discussion paper, a presentation (e.g. with PowerPoint notes for
participants) or a monthly summary.
A typical business report would have the following elements:
 Terms of reference
 Executive summary
 Body of report:
o key findings and recommendations; and
o detailed findings and agreed action
 Appendices.
The body of the report will depend on the terms of reference. For example, for a report
on controls, the structure may be very similar to management reports produced by the
external auditor (see Chapter 13). However, the content will be very different where the
internal auditor is concerned with operational matters of economy, efficiency and
effectiveness.
The reports should be clear, constructive and concise and based on sufficient, relevant
and reliable evidence, which should:
 state the scope, purpose, extent and conclusions of the assignment;
 make recommendations which are appropriate and relevant and which flow from the
conclusions; and
 acknowledge the action taken or proposed by management.
14.5.4 Sample Internal Audit Report

5.4 Sample Internal Audit Report
INTERNAL AUDIT REPORT

Private and confidential
The contents of this report are confidential and may include comments of a
sensitive nature. Care should be taken to ensure that unauthorised
personnel do not have access to the report and that if it is circulated
further, this is done with discretion.
23 November 20X6
SCOPE
The systems review at … took place from 17 September to 5 October
20X6. The objectives of the assignment were:
1. To assess the adequacy of internal controls.
2. To ensure adherence to statutory legislation and company policies.
3. To review the efficiency and effectiveness of operations.
4. To assess the quality of management reporting and information.
CONCLUSION
The branch has been operationally and financially poorly controlled. Branch
management have reacted positively to the draft report and are actively
addressing the issues raised. All the points raised in this report and
subsequent recommendations need to be implemented.
MAIN FINDINGS (References in brackets are to Appendix I)
Inventory
1. There is no investigation of "no stocks"1. No stocks have been very
high – up to 20%. This has led to considerable customer dissatisfaction.
Formal investigation of no stocks should be introduced to improve the
service level to clients. (1.1)
2. There is insufficient control over the warehouse systems. Before further
liability for inventory loss is assumed, staff access to the systems must
be restricted.
The inventory system cannot produce a report of adjustments to ensure
all adjustments are legitimate. The production of this report should be
prioritised to stop this aspect of the operation running blind.
Payroll
1. Not reproduced.
2. There has been an apparent lack of supervision and review of the work
of the payroll clerk who left the company at the end of August. There is
a risk that unauthorised amounts may have been paid. A complete
reconciliation to assess the situation will be performed at the beginning
of December. (2.2)
Etc …
Security
1. It remains possible to gain unauthorised access to the warehouse
because of the lack of security on the route between the car park and
the warehouse. This should be addressed immediately following the
audit. (3.1)
Etc …
Purchases
1. Purchases have been poorly controlled at the branch. Typically,
invoices have arrived in the accounts department and have been
authorised for payment by the former finance manager without
reference to the operational management to confirm the legitimacy of
the expense. The temporary finance staff have now addressed this
situation. (6.1)
APPENDIX I (EXTRACT)
There is currently no investigation or recording
of no stocks.
The inventory department is not aware of any
1.1 Observations "no stock" report available from the system. 1
Effect Stores orders are not fulfilled.
The level of no stocks should be traced using

either the "issues not confirmed report" or,
more crudely, the number of issues physically
Recommendation returned to the office.
Management's
comments Agreed
Target date Immediate
There appears to have been little or no

independent review of the payroll function by
2.2 Observations senior management. The former finance
manager may have performed some checks;
however, this has not been evidenced.
19 payslips on the payroll of 29/09/06 have
been checked in detail. Five employees'
overtime was overpaid because the total hours
had been incorrectly summed in input sheets.
The payroll clerk has left the company, despite
an enhanced offer to stay and with no new
employment to go to.
The payroll does not appear to have been

adequately supervised. There is a possibility
that irregularity has occurred in addition to
Effect processing errors.
Duties and controls should be segregated as

described in point 2.1 above (not reproduced).
There should be complete reconciliation
between the schedule of employees who have
worked at the branch prepared by the human
resources department and the payrolls
processed to date to ensure persons paid are
bona fide and that they have worked the weeks
paid.
The casting of basic and overtime hours by
authorising managers should be checked by
payroll staff.
Recommendation
The reconciliation will be performed in

November by Mrs Motley.
The accountant will review the standing data
expense report every month.
Payroll personnel will check the addition of
Management's
hours.
comments
Target date Immediate
Site security is currently being reviewed by

Shield Consultants who address fencing, CCTV
coverage and recording and the level of
searches (personnel and vehicle) conducted.
There is still a problem with the ease with
3.1 Observations which unauthorised persons may gain access
to the warehouse without being challenged.
Also, there is uncontrolled access from the
warehouse to the staff car park.
Inadequate security measures increase the risk

of damage to premises and inventory and
Effect inventory pilferage.
All IDs should be checked when staff enter the

warehouse.
Visitor access should not be permitted until
management authorisation is obtained or if
visitors have been pre-notified to the gatehouse
and the visitor's IDs have been checked.
Recommendation
Agreed. The warehouse access store will be

staffed full-time across all shifts and locked at
Management's night in the short term. There will be 100% ID
comments checks.
Invoices 1129 – 1746 were checked for

adequate authorisation and supporting
documentation. All invoices were authorised.
The majority, by the former finance manager.
Only six invoices were supported by POs.
POs in this sample were generally inadequately
completed, priced and dated.
GRNs were not received from the warehouse
to confirm receipts of goods.
6.1 Observations
The managers initiating purchases are often

not involved in checking or authorising
Effect invoices. Accruals are being understated.
Operational managers should check non-

administration invoices.
Authorised GRNs should be received from
managers who have raised requisitions.
All purchase requisitions should be costed.
POs may not be priced unless requisitions are
priced.
Recommendation
Agreed. The financial manager may authorise
Management's invoices if the requisitioning manager has
comments checked them.
Syllabus Coverage
C. Internal Control
5. Internal audit and governance, and the differences between external audit and
internal audit
1. Discuss the factors to be taken into account when assessing the need for internal audit.
2. Discuss the elements of best practice in the structure and operations of internal audit
3. Compare and contrast the role of external and internal audit.
6. The scope of the internal audit function, outsourcing and internal audit assignments
1. Discuss the scope of internal audit and the limitations of the internal audit function.
2. Explain outsourcing and the associated advantages and disadvantages of outsourcing the
internal audit function.
3. Discuss the nature and purpose of internal audit assignments including value for money, IT,
financial, regulatory compliance, fraud investigations and customer experience.
4. Discuss the nature and purpose of operational internal audit assignments.
5. Describe the format and content of internal audit review reports and make appropriate
recommendations to management and those charged with governance.
Technical Articles
to this chapter.

Visual Overview
Objective: To identify the assertions, sources of evidence and their relationship to

critical audit objectives.
The auditor must design and perform audit procedures to obtain sufficient
appropriate evidence to draw reasonable conclusions on which to base the audit
opinion.
Audit evidence is necessary to support the audit opinion and the auditor’s report. It is
cumulative and mostly obtained from audit procedures performed during the audit.
Key points
 Sufficiency relates to the quantity of evidence required.

 Appropriateness relates to the quality of that evidence (i.e. its
relevance and reliability in supporting the conclusions on which the
audit opinion is based).
Sufficiency and appropriateness are interrelated as explained in s.2.2.
15.1.2 Sources
1.2 Sources
Definitions
Audit evidence – is all the information used by the auditor in arriving at the
conclusions on which the audit opinion is based. It includes information
from contained in the accounting records underlying the financial
statements and information from other sources.
Accounting records – the records of initial accounting entries and
supporting records (such as checks and records of electronic fund
transfers, invoices, contracts, the general and subsidiary ledgers and
journal entries) and records such as work sheets and spreadsheets
supporting cost allocations, computations, reconciliations and disclosures.
Audit evidence is all the information used by the auditor in arriving at the conclusions on
which the audit opinion is based. It includes information from accounting records
underlying the financial statements and information from other sources.
Sources may be:
 internal or external to the entity (e.g. originated in the entity or externally);
 oral or written;
 direct or indirect (direct to the auditor from an external source or via the client);or
 generated by the auditor (e.g. analytical procedures).
For example, documentary evidence may be:
 Generated and provided to auditors by a third party (i.e. external and independent (direct)).
For example, bank confirmation letters sent directly to the auditor.
 Generated by a third party and held by the entity (i.e. external but not independent
(indirect)). For example, bank statements.
 Generated and held by the entity (i.e. internal and indirect). For example, bank
reconciliations carried out every month by the cashier.
Activity 1 Sources of Evidence for Tangible Non-current Assets
Use the following ideas list of sources of evidence to generate examples of sources of
evidence relevant to the audit of tangible non-current assets.
Sources of evidence Examples
Accounting systems
Documentation
Tangible assets
Management and employees
Customers and suppliers
Other third parties (e.g. banks, solicitors)
Analytical procedures
Examples
 Accounting The tangible asset register (which records

systems details of the tangible assets)
Documents such as: Capital expenditure

requisition (asserts authorisation), purchase
 Documentation invoices (evidence of cost)
The actual tangible assets themselves in

situ: land and buildings, plant and
equipment, motor vehicles (confirms
 Tangible assets existence)
Board minutes (authorisation/capital
commitments), Job description and
 Management and responsibilities (to identify persons-in-
employees charge)
Tenants (of premises rented from the

 Customers and client); users of client's assets (drivers,
suppliers lessees, etc.)
 Other third parties Bank (for mortgaged/securitised assets)
 Analytical
procedures Depreciation "proof in total"
Exam advice
This "ideas list" is a helpful memory jogger for planning an examination answer.

There are many factors to consider in assessing the sufficiency (i.e. quantity) of audit
evidence:
 Audit risk – derived from understanding the business, its environment and controls
(e.g. the higher the risk of a material misstatement, the more evidence required
(extent, nature and timing)).
 Nature of internal control – computerised or manual (e.g. if programmed, a control
will be consistently applied, but manual controls may be inconsistently applied and
more testing therefore required). Conversely, testing 100% in a computerised
system using CAATs (see Chapter 21) may be costly but time-effective.
 Reliance on effective controls – includes preliminary understanding and
evaluation (following tests). If controls cannot be relied on, a greater level of
substantive procedures will be required.
 Cumulative Audit Knowledge and Experience (CAKE) – first-year audit will always
have a high risk. As greater understanding and experience of the client is gained,
and a more effective and efficient audit approach is developed, the level and detail
of evidence required may reduce in subsequent years.
 Materiality – immaterial items require little evidence (e.g. "reasonableness test").
But remember, for example, that although IFRS Standards only applies to material
items, what is not material to one client may be very material to another. Materiality
is a relative term.
 Audit findings – errors may, for example, require further audit work to be carried
out. If audit evidence is found to be not as reliable as expected, additional evidence
will be required.
 Source and reliability of information – how persuasive is the evidence? Does all
the evidence point to the same conclusion?
Key point
As opposed to financial reporting, financial accounting should be accurate

regardless of materiality.
15.2.2 Interrelationship with Appropriateness

2.2 Interrelationship with Appropriateness
Sufficiency (i.e. the quantity of evidence required) relates to the risk of misstatement
and to the appropriateness (i.e. quality) of that evidence:
 the higher the risk, the more audit evidence required (which does not mean that
more is better – quality is essential as well);
 the higher the quality of the evidence, the less that may be required to confirm an
objective.
Key points
If evidence is not appropriate, sufficiency cannot be achieved.
15.3.1 Two Aspects

3.1 Two Aspects
Appropriateness has two aspects in the context of audit evidence:

3.2 Relevance
Evidence is required to support management’s assertions (explicit or otherwise)

regarding the recognition, measurement, presentation and disclosure of the various
elements of the financial statements. These assertions are split into two categories:
1. account balances and related disclosures at the period end (i.e. mainly statement of
financial position); and
2. classes of transactions and events and related disclosures for the period under audit (i.e.
mainly statement of comprehensive income).
All tests in an audit programme should aim to obtain evidence on one (or more)
assertion. The worth of tests that do not provide such evidence should be carefully
considered.
Exam advice
When answering an examination question on audit tests to be carried out, your

answer must include why that test is necessary (i.e. the assertion being tested).
For example, "inspect purchase invoice to agree correct classification of the non-
current asset and the accurate and correct treatment of cost and sales tax".
3.2.1 Assertions
Definition
Assertions –representations, explicit or otherwise, with respect to the recognition,

measurement, presentation and disclosure of information in the financial
statements which are inherent in management representing that the financial
Definition
statements are prepared in accordance with the applicable financial reporting

framework.
Assertions About Account Balances and Related Disclosure
 Assets, liabilities and equity interests included in the

financial statements existed at the reporting date (e.g. a
Existence tangible asset physically existed and had not been lost or
destroyed).
 The entity holds or controls the rights to assets

recognised in the financial statements (i.e. future
economic benefit will flow to the entity).
Rights and  Recognised liabilities are the obligations of the entity (e.g.
obligations there is a current obligation, because of a past event, to
future economic outflow).
 All assets, liabilities and equity interests that should have

been recognised have been included in the financial
statements (e.g. all liabilities have been recognised).
Completeness Similarly, all disclosures have been made (e.g.
reconciliation of carrying amounts of non-current assets).
 Assets, liabilities and equity interests are included in the

financial statements at appropriate amounts and any
Accuracy, resulting valuation or allocation adjustments are
valuation and appropriately recorded. Related disclosures have been
allocation appropriately measured and described (e.g. inventory at
lower of cost and net realisable value).
 Assets, liabilities and equity interests have been recorded

Classification in the proper accounts (e.g. capital expenditure as
noncurrent assets and not expenses in profit or loss).
 Assets, liabilities and equity interests are appropriately

aggregated or disaggregated and appropriately described
(e.g. current liabilities are reported separately from non-
Presentation current liabilities).
 Related disclosures are relevant and understandable.
Assertions About Classes of Transactions and Events and Related

Disclosures
 Transactions and events that have been recorded or
Occurrence disclosed took place and relate to the entity (e.g. recorded
sales were made by the entity and not a third party).
 All transactions and events that should have been

Completeness recognised have been included in the financial statements
(e.g. all sales made have been recognised inrevenue).
 Amounts and other data (e.g. values, costs, descriptions,

analysis) relating to recorded transactions and events have
Accuracy been appropriately recorded and related disclosures have
been appropriately measured and described.
 Transactions and events have been recorded in the correct

Cut-off accounting period to which they relate (e.g. post year-end
sales not recorded as pre year-end).
Classification  Transactions and events have been recorded in the proper

accounts (e.g. expenses as expenses and not assets).
 Transactions and events are appropriately aggregated or

disaggregated and clearly described (e.g. required
disclosures related to sales from contracts with customers
Presentation are included in the financial statements).
 Related disclosures are relevant and understandable.
3.2.2 Assertions Mnemonic

 To remember the list of all of the assertions, use the mnemonic ACCA COVER OP:
ACCA COVER OP
 Classification
 Accuracy  Occurrence
 Completeness  Valuation
 Cut-off  Existence  Obligations
 Allocation  Rights  Presentation
3.2.3 Assertions by Category

Account Balances ("CARE PC") Transactions and Events ("COCO AP")
Completeness Completeness
Accuracy, Valuation and Allocation Occurrence
Rights and Obligations Classification
Existence Cut-Off
Presentation Accuracy
Classification Presentation
Exam advice
Do not write out mnemonics in the exam; use only as a "memory jogger".
15.3.3 Reliability
3.3 Reliability
The critical assertions for any information used by the auditor when considering the
reliability of audit evidence are the accuracy and completeness of that information (e.g.
completeness of a population of documents to be sampled; the accuracy of the
inventory records when considering reliance on perpetual inventory systems).
Obtaining evidence about the completeness and accuracy of information may be
acquired concurrently when carrying out other audit procedures or, for example, by
using alternative techniques (e.g. CAATs).
3.3.1 General Presumptions ("Rules of Thumb")
Several general assumptions can be made about the reliability of audit evidence
depending on whether it is:
 external or internal;
 direct or indirect;
 written or oral; and
 consistent.
 External (independent) sources are more reliable than entity
External v (internal) sources.
internal  Information generated by the entity (e.g. accounting records)
is more reliable when related internal controls are effective.
 Auditor obtained information is more reliable than indirectly

Direct v obtained information (e.g. direct observation by the auditor of
indirect the operation of a control, rather than an inquiry about the
application of that control).
 Documentary/written information is more reliable than

verbal/oral.
 Any oral representation that is to be relied on must be
obtained in writing.
Written v oral  Original documents are more reliable than photocopies,
scans, faxes, etc.
 Consistency from different sources increases

Consistency persuasiveness (e.g. internal evidence corroborated by
external sources).
 Any inconsistency creates doubt (giving rise to further work)
until resolved.
Key Point
Information provided by a management’s expert (see Chapter 18) is assessed as

from an internal source even if the expert is an external individual or organisation.
3.3.2 Exceptions
There will always be exceptions to the generalisations above, and care must be taken
when considering the reliability of audit evidence. For example:
 evidence obtained from an independent external source may not be that reliable if the
source is not knowledgeable or has little experience of the specific matter being considered;
and
 original documents may not be available, only their electronic copies. But if the controls over
creation, maintenance and security of the copies are strong, the copies become more
reliable. (Otherwise, consider the implications for the audit opinion.)
Activity 2 Ranking Evidence
Rank the following items of audit evidence concerning land ownership using a scale of 1
(for worst) to 4 (for best).
Rank
1. Ask management if the client company owns the land. 2.
2. Phone the bank and ask if it holds title deeds on the

client's behalf. 3.
3. Visit the bank and examine title deeds. 4.
4. Ask the bank for written confirmation that it holds title

deeds. 5.
Rank
1. Internal oral 1
2. External oral 2
3. Auditor obtained (on originals) 4
4. External documentary 3
15.3.4 Direction of Testing
3.4 Audit Objectives
Auditors must design audit programmes (i.e. detailed specifications of audit work to be
carried out) to determine whether all relevant assertions are valid. If they are, classes of
transactions and balances will not be misstated; neither overstated nor understated.
The assertion(s) for which evidence is sought influences the source of evidence and the
"direction" of testing. It is essential to understand the source of evidence required and
the direction of the test to ensure the evidence obtained is relevant.
3.4.1 Overstatement
If the overstatement of a balance (e.g. an asset) or class of transactions (e.g. revenue
from contracts with customers) is an audit risk, the direction of testing needs to
be from the financial statements (where the overstated item is presented) to the
supporting evidence.
Tests for overstatement of amounts in the financial statements are effective in
addressing more than one assertion. For example:
 occurrence, cut-off, accuracy and classification of transactions; and
 existence, valuation and rights to assets.
Example 1 Existence of Plant and Equipment
An assertion is that plant and equipment exist as presented in the financial

statements. Therefore:
 Agree balance in financial statements to an independent analysis such as a
plant register(i.e. from the statement of financial position).
 Select material items (plus a selection of others) from the register (as if a
material item does not exist, or a material error has been found) and trace
them to the physical asset (i.e. to evidence that the asset exists). If the asset
cannot be found, there is an overstatement in the financial statements.
This means there is a corresponding error in another account. In this case,
there could be an understatement of cash (e.g. if the asset was sold
without authorisation and cash proceeds have been stolen), an
overstatement of accumulated depreciation (as the asset does not exist) or
a misstatement in profit or loss (on disposal of the asset).
3.4.2 Understatement
If the audit risk is an understatement of a balance or class of transactions, the direction
of testing needs to be from the source to the financial statements.
Although testing for understatement is generally more difficult (as an appropriate source
must be identified), understatement tests are effective in addressing the assertions of
completeness, accuracy and cut-off.
Key point
The source may not include monetary amount (e.g. goods despatch notes
typically show only quantities not prices).
Example 2 Disposal of Non-current Assets
The client may provide a list of non-current assets disposed of showing the
carrying amount and value received. As disposals are credit items,
disposals should not be selected from the list and traced to evidence of that
disposal (i.e. overstatement testing). By definition, any disposal that is not
recorded on the list (i.e. an understatement) cannot be selected, as it is not
recorded on the list. A reciprocal population has to be found from which to
start the test.
 Select a sample of assets (including all material items) included in the asset
register plus as the beginning of the year additions in the year. If no assets
were disposed of during the year, all of these assets should exist at the year
end.
 Inspect for existence. If the asset cannot be found, agree if recorded on the list
of disposals provided by the client. If not on the list, seek evidence of sale
after the year end.
 If there is no such evidence, disposals are understated and further
investigation will be necessary.
This test can be combined with the test for physical existence
(see Example1). It covers both elements (existence and completeness of
disposal recording) from one source (the asset register) by selecting items
and testing for existence (overstatement if not found) and if they cannot be
found, following through to disposals (understatement of disposals if not on
the list). This will not usually be the case for other audit areas, and care
must be taken in selecting the correct approach, direction and items.
3.4.3 Understanding the Test Objective

It is important to understand the objective of the test to be carried out (e.g.
overstatement or understatement):
 For example, when a client provides information, the test objective it is to see if anything is
missing (understatement) or if something is there that should not be (overstatement).
 If understatement exists, the auditor must determine the source of that information (or an
independent source) and test to see that everything from that source that should be included
in the financial statements has been. This is not the same as agreeing what is on the list
back to supporting evidence (i.e. overstatement testing).
Example 3 Sales Transaction Testing
 A typical sales system has controls to ensure that all goods and services
provided will be correctly invoiced and recorded. A test of transactions for
understatement of revenue from contracts with customers needs to start from
the source, in this case the sales order or despatch note. In other situations,
the inventory records may be a more effective place to identify goods
despatched, or, if the goods are unique and have to be purchased when a
sales order is received (e.g. motor vehicles), then tracing the sale from a
purchase invoice would be the most effective way to test sales.
 Where the risk assessment shows that overstatement of sales throughout the
year is a high risk, then the direction of the transaction test would be from the
financial statements (i.e. whether the sale occurred and is supported by an
invoice, despatch note and entry in the inventory records).
 If the risk of overstatement is primarily due to cut-off (e.g. January sales being
recorded as December year-end sales), the auditor would also derive audit
evidence from standard cut-off testing of year-end balances.
15.4.1 Where Evidence Is Obtained From

4.1 Where Evidence Is Obtained From
Tests may be "dual purpose" (i.e. tests of control carried out simultaneously with
substantive tests of details) as illustrated in s.5.3.

Risk assessment procedures alone do not provide sufficient appropriate audit evidence.
They must be supplemented with tests of control and/or substantive procedures.
4.1.2 Tests of Control

Tests of controls are necessary in two circumstances:
 when the auditor's risk assessment includes an expectation of the operating effectiveness of
controls; or
 when substantive procedures alone do not provide sufficient appropriate audit evidence
(e.g. highly automated systems).
4.1.3 Substantive Procedures

Sufficiency and appropriateness should be considered in relation to:
 evidence from risk assessment procedures;
 evidence from tests of control effectiveness (if any);and
 assertions.
As there are always inherent limitations in controls (e.g. human error), substantive
procedures for material classes of transactions, account balances and disclosures
are always required to ensure sufficient appropriate audit evidence will be obtained.
15.4.2 Procedures for Gathering Evidence

4.2 Procedures for Gathering Evidence
Procedures for gathering evidence are:

 inspection and observation;
 inquiry and confirmation;
 recalculation and reperformance; and
 analytical procedures.
Activity 3 Procedures
Distinguish between and give examples of the following procedures:

i.Inspection
ii. Observation
iii. Inquiry
iv. Confirmation
v. Recalculation
vi. Reperformance
vii. Analytical procedures
Description/Examples
The examination of:

1. Records and documents – manual and
electronic. Reliability depends on the source.
2. Employees – existence.
3. Tangible assets – non-current assets and
inventory existence (not necessarily ownership,
i.Inspection cost or value).
Watching a process or procedure being performed

(e.g. mail opening, physical inventory count).
Evidence is only reliable at that time.
ii. Observation
Of knowledgeable persons – written or oral/inside

or outside (e.g. bank request). Responses produce
new information or corroborative evidence.
iii. Inquiry
Response to inquiry to corroborate information

(e.g. confirmation of trade receivable by
communication with credit customers).
iv. Confirmation
Checking arithmetical accuracy (e.g. source

documents, accounting records, analysis
schedules); For example, using CAATs.
v. Recalculation
Independent execution of procedures and

controls that were originally performed as part
of internal control.
Use of CAATs to reperform receivables age
vi. Reperformance analysis.
Study of plausible relationships between both
financial and non-financial data.
Investigation of identified fluctuations and
vii. Analytical relationships that are inconsistent with
procedures predictions and expectations.
Exam advice
These procedures can be remembered with the vowels:

 Analytical procedures
 Enquiry (and confirmation)
 Inspection
 Observation
 RecalcUlation (also reperformance)
15.4.3 Examination Skills

4.3 Examination Skills
There are four techniques to help generate "client-specific" audit evidence – assertions,
the direction of testing, accounting entries and procedures.
4.3.1 Assertions
Use the assertions to help identify relevant audit evidence:
Activity 4 Additions to Plant and Equipment
Suggest substantive audit evidence for additions to plant and equipment for each of the
following assertions:
i.Completeness
ii. Occurrence
iii. Classification
iv. Cut-off
v. Accuracy
Assertion Substantive procedure
Review repairs and renewals accounts in the general

ledger (asset expenditure)
i.Completeness
Trace a sample of non-current asset purchases
to receiving reports and the non-current asset
register
Agree a sample of additions to a receipt notification

and purchase invoice
ii. Occurrence
Examine a sample of significant charges to repairs

and maintenance for items that should have been
capitalised (also a completeness test)
Review lease transactions for proper

iii. Classification classification as operating or finance
Review non-current asset purchases from shortly

before and after the year end for recording in the
proper period
iv. Cut-off
Recalculate depreciation expense, revaluation losses

and surplus, and impairment losses
v. Accuracy
4.3.2 Direction of Testing and Assertions

Think about how the flow of accounting information is recorded and the assertion
objectives.
Key point
When describing a test, always include the assertion(s) tested and why it should
be carried out; its objective. "Inspect invoice" is an insufficient answer. Specify the
detail on the invoice that is to be inspected and why – what does the test achieve
(in terms of the assertions)?
Activity 5 Factory Payroll
Suggest audit tests relevant to the assertion that a factory payroll expense is not
overstated (i.e. payment is only made for services received).
Prompt: Consider “in reverse” how information flows through the accounting system to
the financial statements:

Financial 
Statements 


↓ 

Ledger 
Account(s) 

↓ 

Payroll/payslips
↓
Clockards
4.3.3 Accounting Entries

Recollect the accounting entries (which are assumed knowledge of Financial
Accounting):
Example 4 Trade Receivables Account
Trade receivables account
$ $
Opening balance x Cash received x
Sales x Bad debts written off x
Closing balance x
x x
 One assertion for sales transactions is occurrence and for the trade
receivables balance is existence (i.e. they are not overstated).
 Sales and accounts receivable are tested for both overstatement and
understatement in testing for cut-off.
Example 5 Receivables Cut-off
From the trade receivables account, trace sales before the year end back
to despatch evidence (sales invoice, despatch note, inventory records) to
ensure goods were sold, despatched and correctly recorded before the
year end. If not, there will be overstatement of receivables and sales.
Example 5 Receivables Cut-off
From cash receipts records, agree that cash received before the year end
is recorded in the trade receivables account. If entered in the trade
receivables account after the year end, receivables are overstated.
A bad debt write-off may be used to conceal a misappropriation of cash
received from credit customers (i.e. cash is understated). Tracing all write-
offs to the trade receivable account (via correct supporting documentation
and authorisation) to ensure that they are recorded in the correct period is
a test for receivables overstatement (if the bad debt is notrecorded in the
correct period).
4.3.4 Procedures
Use the mnemonic AEIOU to generate ideas for a range of different actions/procedures:
Activity 6 Trade Receivables
Suggest audit procedures for trade receivables.

Analytical procedure
 Calculate and compare the average collection period (monthly).
Inquire
 Ask the credit controller "What problems are being experienced in collecting
amounts receivable?"
Inspect
 Sales orders/sales invoices/remittance advices/bank receipts – alternative
procedures.
Observe
 Goods despatch to customers/mail opening procedures.
Recalculation
 Individual customer balances – use of automated tools and techniques (see Chapter
21).
Confirmation
 External confirmation of a sample of account balances (see Chapter 24).
5.1 Aim
Key points
 Substantive procedures are performed to detect material misstatements

at the assertion level. They include:
o tests of details (of classes of transactions, account balances
and disclosures); and
o substantive analytical procedures.
 Full (100%) substantive procedures must be considered when:
o it will be more effective (e.g. low-volume, high-value, non-
homogenous items, such as non-current assets);
o the effectiveness of internal controls is not to be relied upon;
or
o tests of controls show controls to be ineffective.
Substantive procedures specific to classes of transactions and account balances are
detailed in Chapters 22 to 28.
5.2 Nature, Timing and Extent
The relevant standard is ISA 330 The Auditor’s Responses to Assessed Risks.
5.2.1 Nature
Key point
The auditor's response to an assessed risk may be to perform:

 Only substantive analytical procedures;
 Only tests of details; or
 A combination of both.
Substantive analytical procedures are generally more applicable to large volumes of
transactions that tend to be predictable over time and are often used in conjunction with
a robust control environment and where audit evidence has been obtained from testing
the effectiveness of controls (e.g. computer information systems). See Chapter 16 for
further detail on substantive analytical procedures.
Tests of details on transactions are used to obtain audit evidence regarding the
assertions related to transactions (i.e. “COCO AP”). Transactions are traced through a
system; for example to ensure that a despatch is correctly recorded as a sale or that a
purchase recorded in the detailed purchases listing is supported by a purchase invoice,
GRN and purchase order.
If controls are not tested, the extent (i.e. sample size) of tests of details will be high. If
controls are effective, the extent of tests of details will be lower (and may be performed
with tests of controls (see s.5.3)).
The auditor may assess that audit risk can be reduced to an acceptable level with
evidence obtained from tests of controls and substantive analytical procedures rather
than tests of details (as above).
Tests of details on balances are used to obtain evidence about the assertions related to
account balances (i.e. “CARE PC”).
Example 6 Substantive Test
After carrying out a risk assessment, an auditor decides that tests of details
on a manual sales system are required as part of his procedures to reduce
audit risk. Reliance cannot be placed on the effective operation of internal
controls. Transaction tests carried out include:
 Agreeing a despatch entry in the inventory records to a despatch note, the
related customer order (if any; it may be a Web-based order) and sales
invoice.
 Agreeing details on the sales invoice to supporting sources (e.g. customer
name, address, unit prices, sales tax) and checking the arithmetical accuracy
of the invoice.
 Agreeing that the invoice is correctly posted and analysed in the detailed sales
listing and agreeing the arithmetical accuracy of the listing.
 Agreeing the correct posting of the listing to the general ledger.
5.2.2 Timing
Substantive transaction procedures may be carried out earlier than the entity's year-end
and the final audit (i.e. at an interim audit). If carried out at an interim date, further tests
must be carried out to cover the remaining period. These tests (substantive and/or tests
of control) must be sufficient to ensure that the risk of misstatement does not increase
during this period.
Unlike tests of control, where prior-year audit evidence may be relied on under certain
circumstances, prior-year substantive evidence will be insufficient to address a risk of
material misstatement in the current period.
5.2.3 Extent
Generally, the greater the risk of material misstatement, the greater the extent of
substantive procedures.
For any substantive procedure, the extent of testing usually relates to sample sizes (e.g.
increasing the extent means increasing the sample size).
However, the extent of substantive procedures may also be considered in terms of:
 selecting large (e.g. material) or unusual items from a population; or
 stratifying the population into homogeneous subpopulations for sampling.
It is usual for tests of details to include all items greater than the materiality level (taking
into account performance materiality).Errors found in these items are more likely to be
material to the assertions.
15.5.3 Hybrid Approach

5.3 Hybrid Approach
In some cases, a single test approach can be used as a test of control and a
substantive procedure at the same time. This is called a dual-purpose or hybrid test.
Example 7 Hybrid Tests
The auditor decides to test the operating effectiveness of controls in a

sales system on a sample of 30 transactions and also test the details of 30
transactions. Without tests of controls, a sample of 50 transactions would
need to be tested..
 Rather than using two separate samples, one sample is used.
 The transaction is recognised on releasing goods from inventory,
resulting in a despatch document, sales invoice and entries in the
detailed sales listing and trade receivables account. 30 inventory issues
are selected (throughout the year) and traced through the system to the
general ledger.
 At the various stages of the sales system where controls have been
identified for testing, control testing is also carried out. For example, the
control of sales invoice authorisation requires that the sales manager
has:
o agreed the details to the authorised despatch note;
o agreed the sales price and discounts to the customer
database;
o checked the sales tax and cross-cast the invoice;
o signed all copies of the invoice as evidence of the checks.
 As part of the transaction test, each invoice in the sample would have
been substantiated (inventory issue to despatch note, despatch note to
sales invoice, other details on invoice to supporting evidence,
calculations and casting).
 The auditor, therefore, effectively re-performs the control action of the
manager. The control can be considered effective if the manager's
signature is on all invoices. If invoices were found without the
manager's signature and the auditor concludes (after further
investigation) that the control cannot be relied on (e.g. no alternative
control), an additional 20 inventory despatch items would be selected
for further transaction testing.
Syllabus Coverage

D. Audit Evidence
1. Assertions and audit evidence
1. Explain the assertions contained in the financial statements about:
i. Classes of transactions and events and related disclosures;
ii. Account balances and related disclosures at the period end.
2. Describe audit procedures to obtain audit evidence, including inspection, observation,
external confirmation, recalculation, reperformance, analytical procedures and enquiry.
3. Discuss the quality and quantity of audit evidence.
4. Discuss the relevance and reliability of audit evidence.
2. Audit procedures
1. Discuss substantive procedures for obtaining audit evidence.
1. Discuss the difference between tests of control and substantive procedures.
Technical Articles
 The audit of assertions (s.3)

Visual Overview
Objective: To describe the role of analytical procedures in the audit process and the
use of substantive analysis.
16.1.1 Meaning
1.1 Meaning
Definition
Analytical procedures – evaluations of financial information through analysis of

plausible relationships between both financial and non-financial data. Analytical
procedures also encompass such investigation as is necessary of identified
fluctuations or relationships that are inconsistent with other relevant information or
that differ from expected values by a significant amount.
Various methods may be used to perform analytical procedures. These range from
simplistic comparisons and ratio analysis to complex analysis using advanced statistical
techniques (e.g. linear regression analysis, fair value models).
16.1.2 Purposes
1.2 Purposes
Analytical procedures are used throughout the audit process and are conducted for
three primary purposes. The auditor's objectives are:
 To perform risk assessment procedures at the planning stage (Chapter 8) through
inquiry, analytical procedures, observation and inspection (ISA 300 and ISA 315);
 To obtain relevant and reliable audit evidence when using substantive analytical
procedures (ISA 520 Analytical Procedures); and
 To design and perform analytical procedures at the overall review stage
(see Chapter 29) to assist in forming an overall conclusion as to whether the
financial statements are consistent with the auditor's understanding of the entity (ISA
520).
Key point
Analytical procedures must be used at the planning and review stages of

the audit. Their use in obtaining substantive audit evidence depends on the
auditor's professional judgment regarding the sufficiency and reliability of
the evidence they can provide.
16.1.3 Consideration of Relationships

1.3 Consideration of Relationships
The uses of analytical procedures include consideration of the relationships between:
 elements of financial information expected to conform to a predicted pattern; and
 financial information and relevant non-financial information.
Relationships between Examples
Gross profit % to sales.

 Elements of financial information
Interest income/expense as a %
expected to conform to a predicted
of bank balance/overdraft.
pattern.
 Financial information and relevant Payroll costs to the number of

non-financial information. employees.
16.1.4 Comparisons of Financial Information

1.4 Comparisons of Financial Information
Analytical procedures also include comparisons of financial information with, for

example:
Illustration
 Prior periods (e.g.

days, months, years)
20X2 20X2 20X1
 Anticipated results
Actual Budget Actual
(from budgets and
11,900 12,000 10,000
forecasts)  Revenue ($)
 Predictive estimates   Depreciation for year ≈ 15% × year end cost
 Patent income for year ≈ patent rate per item ×

 number of items produced
 Similar industry
information   Receivables turnover vs industry average
  Gross profit vs market sector average
16.1.5 Expectations
1.5 Expectations
Before performing analytical procedures, the auditor should develop an expectation of
the results of the analytical procedures based on his understanding of the entity and its
environment and the accounts, balances and transactions reported in the financial
statements.
To form a conclusion based on analytical procedures, the auditor must compare the
expectation to the actual results of the analytical procedures and investigate any
differences or unexpected fluctuations.
Example 1 Using Expectations
Following discussions with management during the year, a review of the

management accounts and an understanding of the business environment
in which an audit client operates, the auditor expects the current year's
results to be lower than those of the previous year.
However, according to the draft financial statements, revenue has
increased and the gross profit percentage has also improved. The auditor
would need to gather additional audit evidence to determine why the
results of the analytical procedures are not consistent with expectations.
16.2.1 Need For

2.1 Need For
Analytical procedures performed during planning help the auditor to:

 understand the business;
 identify risks of material misstatement; and
 plan the nature, timing and extent of other audit procedures.
"Preliminary" analytical procedures are used to:
 assess financial condition and the associated risk (e.g. of deliberate misstatement);
 increase knowledge of the business through the accumulation of information about
trends in key relationships;
 identify the existence of unusual transactions, events, trends and relationships; and
 plan the nature, timing and extent of other audit procedures (by directing tests to
areas of potentially material misstatement).
Preliminary analytical procedures are based on, for example:
 interim financial and non-financial information;
 budgets/forecasts and management accounts;
 draft financial statements;
 discussions with the client; and
 internal and external benchmarks.
16.2.2 Typical Approach

2.2 Typical Approach
The auditor will perform analytical procedures based on key financial ratios as a risk
assessment procedure.
 Depending on the complexity of the client, this may be a simple spreadsheet
detailing the key ratios with a requirement for comment on ratios and trends for audit
action.
 Alternatively, it may be an integrated part of the auditor's client knowledge base with
links to internal/external benchmarks, the client's management and financial
accounting system and similar regulator's/industrial databases. As well as routine
ratio analysis, analytical procedures may use statistical and probability techniques
and data mining to identify unusual relationships and events.
 Comparison should be made with at least the prior year equivalent ratios, if not a
three- to five-year trend. Trend analysis will generally provide more enlightening
information than a simple comparison with the prior year.
Analytical procedures at the planning stage should be updated throughout the audit as
material adjustments are found. Ratios affected are then reconsidered and further work
is undertaken as necessary.
Example 2 Financial Ratios
 The deterioration of short-term and/or long-term financial ratios

potentially increases the risk that the entity is nota going concern.
 Key performance indicators such as gearing may indicate a potential
breach of loan agreements.
 An increase in receivable days may, for example, indicate credit risk
and a potential increase in irrecoverable debts.
 A decrease in gross profit percentage may indicate, for example,
inventory "shrinkage" (i.e. theft), poor cut-off procedures or an increase
in competition (such that prices were reduced) or increased costs not
passed on to the customer.
Exam advice
An examination question may require you to suggest why specific ratios

have changed and the implications of the changes for planning the audit.
16.2.3 Ratio Analysis

2.3 Ratio Analysis
Ratios used in analytical procedures include:

 Performance ratios (e.g. profit margins and return on capital employed);
 Liquidity ratios (e.g. current and quick ratios, gearingand interest cover);
 Efficiency ratios (e.g. receivables collection period and payables payment period).
When used in audit procedures it is important to remember that some differences may
arise due to cut-off errors or factors which affect the reliability of the figures used (e.g.
ineffective controls).
2.3.1 Performance Ratios

 Measures the margin earned on sales and is often
considered a measure of the quality of the profits. Like for
like, it should remain reasonably stable.
 Variations may be attributable to:
o change in sales prices;
o change in sales mix;
Gross profit % o change in purchase/production costs;
o inventory obsolescence; and
o errors in inventory counting and valuation.
 Measures the company’s overall efficiency in employing

available resources.
Return on  Care should be taken when comparing different companies
capital as carrying amounts of assets may be based on different
employed accounting policies (e.g. cost or revaluation models under
(ROCE) IAS 16).
 Rapidly declining ratio may indicate potential going
concern.
2.3.2 Liquidity
 Current ratio measures adequacy of current assets to meet and
settle current liabilities.
Current  The quick ratio removes the slowest moving item(inventory)
ratio from the calculation and measures short-term liquidity.
 Low ratio may indicate liquidity problems; high ratio may
indicate poor use of shareholders' funds.
 Link to constituent components of ratio – inventory

obsolescence (in case of current ratio),recoverability of
Quick receivables (in case of both ratios).
ratio  Be aware of manipulation, especially if a ratio is a condition of
("acid loan finance – if a company has positive cash balance sand a
test") ratio greater than 1:1, the payment of payables just prior to the
year end will improve the ratio ("window dressing").
As the quick ratio omits inventory, it is a better indicator of liquidity but is subject to
distortion. For example, retailers have few receivables and quickly use cash from sales,
but finance inventory from trade payables. So their quick ratios are usually low.
Gearing  Measures relationship between company's borrowings and its

share capital and reserves.
 A highly-geared company has a substantial proportion of capital in
the form of preference shares, debentures or loan notes.
 Interest on fixed return capital (and dividends on preference
shares) generally has to be paid irrespective of profits earned – this
may raise doubts about the company’s ability to continue as a
going concern if it is unable to meet its fixed return capital and
interest obligations. High gearing therefore needs to be
accompanied by stable profits.
 Asset backing – generally loan capital is secured on assets which
should be suitable for this purpose (not depreciating quickly or
subject to rapid changes in demand and price).
High gearing usually indicates increased risk for shareholders as, if profits fall, debts will
still need to be financed, leaving much smaller profits available to shareholders.
Highly geared businesses are also more exposed to insolvency in an economic
downturn. However, shareholders' returns will grow proportionately more where profits
are increasing.
Gearing is significant to lenders as they are likely to charge higher interest (and be less
willing to lend) to companies which are already highly geared (as they are more likely to
default on the interest or debt repayments).
 Indicates the ability of a company to pay interest obligations from

profits generated.
 Interest cover of less than two is usually considered
Interest unsatisfactory. This indicates that the company may have difficulty
cover financing its debts if its profits fall and also indicates to
shareholders that their dividends are at risk as interest must be
paid first, even if profits fall.
2.3.3 Efficiency
 Shows how many times a company's inventory is sold and
replaced over a period or the number of days it takes to turn
over an inventory level.
 The ratios should be compared against industry averages
(e.g. fresh vegetables have a far shorter shelf life than
Inventory jewellery). A low turnover/high number of days implies poor
turnover sales, inefficient use of resources and excess inventory
(obsolescence). A high ratio indicates strong sales but
increases the risk of stock-outs.
Inventory  The ratio may be further analysed as follows:
holding o raw materials to volume of purchases;
period o WIP to cost of production;
o finished goods to cost of sales.
 Measures the period of credit taken by customers (typically
30–40 days, depending on the industry).
Receivables  A change in the ratio may indicate:
collection o bad debt/collection problems;
period o change in nature of customer base;
o change in settlement terms.
 Need to ensure year-end receivables give a reasonable
indication of receivable profile for the year.
 Measures the number of days' credit taken by a business

from suppliers. It should be broadly consistent with
receivable days (e.g. cash needs to be received to pay
Payables suppliers).
payment  An increase may indicate liquidity problems, extended credit
period terms taken, the threat of payment before delivery from
suppliers or potential appointment of a receiver by
aggrieved suppliers.
Exam advice
In the calculation of these efficiency ratios, the account balance may be the
year-end balance or, if comparative information is available, a simple
average of the opening and closing balances.
Days should be rounded to whole numbers rather than show decimal points.
16.3.1 Approach
3.1 Approach
The relevant standard is ISA 520 Analytical Procedures.

Substantive analytical procedures are just ONE means of obtaining audit evidence. The
auditor should:
 Determine the suitability (and sufficiency) of particular substantive analytical
procedures for given assertions.
 Evaluate the reliability of the underlying data – source, comparability, nature,
relevance and controls over preparation.
 Develop an independent expectation of recorded amounts or ratios and evaluate
whether the expectation is sufficiently precise to identify a misstatement.
 Determine the amount of any difference that is acceptable without further
investigation.
16.3.2 Suitability
3.2 Suitability
Substantive analytical procedures can be used:
 by themselves, to provide suitable and sufficient audit evidence;
 to test all assertions related to transactions (completeness, occurrence, classification, cut-off
and accuracy);
 to test the completeness, allocation and valuation, and existence assertions for balances
(but do not provide evidence related to rights and obligations).
The procedures may also provide corroborative evidence (e.g. comparison of gross
margin or profit percentages alone is usually insufficient audit evidence for sales but, in
combination with other tests, can be useful corroborative evidence).
Analytical procedures may be particularly effective in testing for understatement (i.e.
completeness). For example, in predicting sales from purchases and known margins.
Where sufficient substantive evidence is not obtained by analytical procedures alone,
tests of details will also be required.
Key points
 Substantive analytical procedures are generally more applicable to large

volumes of transactions that tend to be predictable overtime where known
relationships are expected to continue.
 They are also suitable where strong controls over transactions are in place. If
controls are weak, more audit evidence should be obtained from tests of
details. There should not be tests of control at this stage of the audit.
Example 3 Substantive Procedures for Payroll
Payroll
assertions Analytical procedures Tests of details
(Ideas in outline)
 Compare the cost with the

budget/prior period(s) –  Postings from payroll
month-on-month and year. to general ledger.
 "Proof in total" (e.g. the  Agreeing the existence
number of employees on of employees (e.g. by
the payroll can be verified physical verification or
Completeness to independent control agreement to
totals –say in HR). personnel records).
 Compare the cost with the  Agreeing Cash /bank

budget/prior period(s). payments and
 Ratio analysis (e.g. transfers.
average cost per  Starters and leavers
Occurrence employee by (e.g. confirm all leavers
department)and in a period were
Example 3 Substantive Procedures for Payroll
comparison with prior excluded from that

periods and other period's payroll and all
departments. joiners included).
 Compare accruals (e.g.

statutory deductions,  Postings from payroll
holiday pay, etc) with prior to general ledger.
Accuracy, cut- period(s).  Sample payroll
off and  Labour turnover (should transactions (accuracy,
classification decrease with increasing etc) and cut-off testing
remuneration). at period end.
 Compare disclosure with

prior-year financial
statements.
 Ratios (e.g. payroll to cost
Presentation of sales, average pay per  Postings from general
employee). ledger to payroll.
Activity 1 Substantive Procedures for Revenue
Required:
Suggest a suitable analytical procedure for each of the following assertions relevant to
revenue from contracts with customers. Where analytical procedures may not be
applicable or insufficient, suggest a test of detail.
 Completeness
 Occurrence
 Accuracy, cut-off and classification.
Revenue
assertions Analytical procedures Tests of details
(ideas inoutline)
 Comparison with the

budget, prior
period(s),etc.  Cut-off tests
 Review of gross (goods despatch).
profit%(s).  Postings from
 Reasonableness detailed sales
test(where margins listing to general
 Completeness known). ledger.
 Sales orders to
despatch notes
and invoices.
 Sales invoices to
customer orders.
 Post year-end
 Ratio of sales returns credit notes.
to sales.  Sales returns and
 Average number or allowances.
value of credit notes  Direct
 Occurrence per month. confirmation.
 Postings from
detailed sales
listing to general
ledger
 Cut-off tests
(goods despatch).
 Sample of
invoices (prices,
 As for completeness. etc).
 Accuracy, cut-off  Ratio of discounts to  Direct
and classification credit sales. confirmation.
16.3.3 Reliability of Data

3.3 Reliability of Data
The reliability of data is influenced by its source and nature and the circumstances
under which it is obtained. Accordingly, the following are relevant when determining
whether data is reliable for purposes of designing substantive analytical procedures.
Factors to consider Impact on use
 Audit objectives (see

assertions above) and See the extent of reliance (below).
extent of reliance.
Procedures are more effective when applied to

 Degree of disaggregation of components rather than the whole.
available information.
Independently prepared non-financial data

 Availability of financial and should result in more effective procedures.
non-financial data.
Factors to consider Impact on use
Budgets prepared with sufficient care will

facilitate more effective procedures. They will
be more useful if based on expectation rather
 Nature and relevance of the than goals to be achieved.
information available.
Independent sources are more reliable.

 Sources of information.
Broad industry data may not be relevant to

specialised products.
 Comparability of information
 Knowledge gained Effective procedures are based on recognising

previously (“CAKE”– unusual/unexpected variations. If knowledge is
cumulative audit knowledge limited, it is difficult to know what to expect.
and experience)
Steady trends develop in some businesses;

therefore easier to know what to expect and
 Nature of business and its identify variations.
operations.
Consider the need to test the effectiveness of

controls over the production of the data.
 Controls in operation
Activity 2 Analysis of Payroll
Albatross Co had 100 employees last year with total wages of $840,000 and 100
employees this year with a wage bill of $950,000, an increase of 13%. The annual pay
rise was 6% and the level of business has remained approximately constant.
Required:
a. Suggest reasons other than error or fraud, which could account for the greater-
than-expected increase.
b. In the absence of a satisfactory reason for the increase, suggest how the payroll
could have been inflated by error or fraud.
As an additional exercise consider what the audit response would be.

a. Business reasons
 There may have been a change in sales mix with previously bought-in goods being
replaced by goods manufactured in-house, resulting in substantial authorised overtime.
 There could have been a switch to more skilled (therefore more expensive)
labour. Response: confirm via payroll and production records.
b. Possible error or fraud
 Misposting in the general (nominal) ledger (i.e. error). Response: direct substantive
procedures towards finding any errors of this nature.
 "Dummy" employees on the payroll (i.e.fraud).
 Unauthorised overtime being paid (this could be unintentional).
 Employees being paid at a higher rate than authorised (not necessarily on purpose).
3.4 Precision
Matters relevant to the auditor's evaluation of whether the expectation can be developed
with sufficient precision to identify a material misstatement include:
Relevant matter Example
Greater consistency in comparing gross

 The accuracy with which the profit margins from one period to
expected results of another can be expected than in
substantive analytical comparing discretionary expenses (e.g.
procedures can research and development or
be predicted. advertising).
Substantive analytical procedures may

be more effective when applied to
 The degree to which financial information on individual
information can sections of an operation rather than the
be disaggregated. financial statements
Is the information (e.g. budgets,

forecasts, number of units produced or
sold) available to design substantive
 The availability of the analytical procedures? If the information
information, both financial is available, its reliability also must be
and non-financial. considered (see above).
Key point
In summary, the expected use of analytical procedures will be for highest:

 for existing well-established clients;
 in well-known, stable industries;
 where predictive information is available (budgets, cash flow
forecasts);and
 where internal controls operate effectively.
16.3.5 Differences Identified

3.5 Differences Identified
The higher the risk assessment, the more persuasive audit evidence needs to be.
Accordingly, as the assessed risk increases, the amount of difference between the
expected and actual analytical result considered acceptable without further
investigation decreases to achieve the desired level of persuasive evidence.
The auditor must use professional judgment to determine when and what further
investigation is required.
Example 4 Testing Petrol Cost in a Taxi Firm
Steps Application
1. Identify factors likely to Petrol costs are determined by kilometres

influence the amount to be driven
tested
2. Clarify the relationship and Kilometres per litre range from 4.6 to 5.3
confirm it is credible and relevant
Kms Average Expected

driven price petrol
per cost
litre ($) ($)
4.
2,387 1.59 825 –

Jan
716
2,954 1.61
Feb
1034 –
3. Predict the likely range of etc 897
values
Actual
Prediction ($) ($)
5.
Jan 716 – 825 755

4. Compare predictions with Feb 897 – 1034 1200
actual
January is within range; February

5. Investigate variances and is not
corroborate explanations 6.
Activity 3 Proof in Total

Describe how proof in total may be used as a substantive analytical procedure for the
following financial statement elements:
a. Depreciation;
b. Payroll;
c. Investment income;
d. Hotel revenue.
a. Depreciation – for each category of asset:
 (Cost + Additions − Disposals) × straight-line % = Charge for year
 Alternatively, using the reducing balance method, adjust accumulated depreciation for
additions and disposals also, and calculate depreciation on the net amount.
b. Payroll
 Use information about the workforce (numbers of starters and leavers, wage rates, pay
rises, productivity bonuses, etc) to construct a model for the total payroll figure. For
example:
(Last year's audited expense (confirmed base data) ± starters/leavers) × (1+i),
where i is the average percentage pay rises.
It can be further adjusted to reflect when the pay raises took effect.
c. Investment income
 Apply known interest rates to the nominal value of investments (audited).
d. Hotel revenue – income for the year
 Occupancy Room rate; or
 Last year's income (audited) × (1+i), where i is the percentage increase in the room rate
16.4.1 Near the End of the Audit

4.1 Near the End of the Audit
Key Point
Towards the end of the audit, analytical procedures are performed to help
form an overall conclusion about whether the financial statements are
consistent with the auditor’s understanding of the entity.
The aim is to corroborate, or otherwise, conclusions formed during the
audit of the individual elements of the financial statements.
The analytical procedures at the review stage are usually similar to those carried out
when understanding the entity at the planning stage. In practice, the analytical
procedures including ratio analysis done during planning will be updated with the final
figures and the auditor's findings during the audit (e.g. changes to balances because of
discovered errors), reviewed, further work undertaken, and conclusions formed.
In addition, the analytical procedures would be summarised for the engagement
partner's attention as part of the closedown procedures.
16.5.1 Fluctuations or Inconsistent Relationships

5.1 Fluctuations or Inconsistent Relationships
Key Point
Any fluctuations or relationships which are inconsistent with other relevant

information or which differ from expected values by a significant amount
should be investigated through:
 Inquiring of management and obtaining appropriate audit evidence
relevant to management's responses.
 Performing other audit procedures as necessary in the circumstances.
Unexpected trends or deviations should be discussed with management in the first
instance (or other knowledgeable persons among the client's staff).
 Explanations must be substantiated (e.g. by reference to existing knowledge and
audit evidence already obtained).
 If management's explanation is inadequate, further audit procedures may be
necessary.
Syllabus Coverage

4. Understanding the entity, its environment and the applicable financial reporting
framework
1. Describe and explain the nature, and purpose of, analytical procedures in planning.
2. Compute and interpret key ratios used in analytical procedures.
D. Audit Evidence
2. Audit procedures
1. Discuss and provide examples of how analytical procedures are used as substantive
procedures.
Technical Articles
Visual Overview
Objective: To describe and consider the audit approach to accounting estimates.
17.1.1 Definitions
1.1 Definitions
The relevant standard is ISA 540 Auditing Accounting Estimates and Related
Disclosures.
Definitions
Accounting estimate – an approximation of a monetary amount in the

absence of a precise means of measurement.
Estimation uncertainty – the susceptibility of an accounting estimate and
related disclosures to an inherent lack of precision in its measurement.
Key Point
The auditor's objective is to obtain sufficient appropriate audit evidence about

whether accounting estimates and related disclosures in the financial
statements are reasonable in the context of the applicable financial reporting
framework.
17.1.2 Nature
1.2 Nature
Some financial statement items cannot be measured precisely but can only be
estimated.
Activity 1 Examples of Accounting Estimates
Give FIVE examples of items found in financial statements for which accounting
estimates may be required.
 Allowance for trade receivables (“credit losses”).
 Inventory obsolescence (allowance reduces cost to net realisable value).
 Provision for warranty obligations or product returns.
 Depreciation/amortisation expenses and accumulated depreciation/amortisation.
 Costs arising from legal claims.
The nature and reliability of information available to management to support the making
of an accounting estimate vary widely, thereby affecting the degree of estimation
uncertainty associated with accounting estimates.
The degree of estimation uncertainty affects, in turn, the risks of material misstatement
of accounting estimates, including their susceptibility to unintentional or intentional
management bias.
The basis for the estimation will mainly be determined by the requirements of the
relevant financial reporting standard.
17.1.3 Determination
1.3 Determination
Key Point
Management is responsible for establishing the need for and making

accounting estimates included in financial statements.
Any formulae used (e.g. standard depreciation rates) need to be reviewed regularly
(e.g. every year) by management to assess their appropriateness and continued use.
This will include the review of the outcome of the prior year's use of estimation formulae.
Estimates may be:
 simple (e.g. accrued expense for rent, depreciation expense, etc) and therefore
estimation uncertainty will be very low and point estimates easily made;
 relatively complicated (e.g. requiring analysis of current data and sales forecasts to
estimate slow-moving inventory or the unknown outcome of litigation);
 complex (e.g. involving modelling) and therefore high estimation uncertainty with a
range of estimation points that the auditor must carefully establish;
 routine (i.e. operating continuously);
 non-routine (e.g. operating only at the period end);
 one-off (i.e. not expected to occur again).
Audit evidence may be more difficult to obtain and less conclusive than that available to
support other items in the financial statements. It may rely on management's "best
guess" under the circumstances (e.g. the possible or probable outcome of litigation) or
management's development of a fair value model.
17.2.1 Planning
2.1 Planning
Key Point
When performing risk assessment procedures, the auditor must

understand how management determines accounting estimates to identify
and assess the risks of material misstatement in accounting estimates. The
more subjective the estimate, the greater the need for professional
judgment and scepticism.
2.1.1 Applicable Financial Reporting Framework

The auditor must understand the requirements of the applicable financial reporting
framework relevant to accounting estimates, including related disclosures.
 IFRS examples include IAS 2 (inventory net realisable value), IAS 16 (depreciation, fair
value for revaluation) and IAS 37 (future economic outflows for provisions).
 IFRS also requires disclosures concerning the material assumptions to which accounting
estimates are sensitive. This can be "simple" (e.g. about debt collection) or complex (e.g.
credit default swaps).
2.1.2 Identification by Management

The auditor must understand of how the management identifies transactions, events
and conditions that may give rise to the need for accounting estimates to be recognised.
 The auditor will make enquiries directly of management, gaining additional insight from his
understanding of the business and assessment of internal control.
 This is particularly important when an estimation process has changed or a new estimation
process is required.
2.1.3 Management Procedures
The auditor must understand how management makes accounting estimates and the
data on which accounting estimates are based (i.e. the method, including the model,
where applicable. Considerations include:
 control activities;
 whether management uses an expert (Chapter 18);
 the reasonableness of underlying assumptions;
 whether there has (or should have) been a change from the prior period methods and, if so,
why;
 whether and how management assesses the effect of estimation uncertainty (e.g. using
sensitivity analysis); and
 the outcome of estimations made in the prior period or their subsequent re-estimation for the
current period.
From these procedures, the auditor can establish the risk of material misstatements
relating to estimates and plan the work programme accordingly.
Activity 2 Controls Over Accounting Estimates
Describe the matters an auditor may consider when obtaining an understanding of

control activities over management's process of making accounting estimates.
 How management determines the completeness, relevance and accuracy of the data used
to develop accounting estimates.
 The review and approval of accounting estimates, including the assumptions or inputs used
in their development, by appropriate levels of management and, where applicable, TCWG.
 The segregation of duties between those committing the entity to the underlying transactions
and those responsible for making the accounting estimates, including whether the
assignment of responsibilities appropriately takes account of the nature of the entity and its
products or services.
 Where specific estimation models are used:
o The design and development or selection of a particular model for a specific
purpose.
o The use of the model.
o The maintenance and periodic validation of the integrity of the model.
17.2.2 Estimation Uncertainty

2.2 Estimation Uncertainty
The degree of estimation uncertainty must also be evaluated when identifying and
assessing the risk of material misstatement in estimates. Factors that may influence
estimation uncertainty include:
 the extent to which the accounting estimate depends on management judgment (e.g.
this may give rise to concern about management bias);
 the sensitivity of the accounting estimate to changes in assumptions;
 the existence of recognised measurement techniques that may reduce such
uncertainty;
 the length of any forecast period (i.e. the longer the period, the lower the reliability of
the data) and the relevance of data drawn from past events to forecast future events;
 the availability of appropriate data from external sources (if such sources are
reliable); and
 the extent to which the accounting estimate is based on observable (more precise)
or unobservable inputs (less precise).
17.2.3 Response to Assessed Risk

2.3 Response to Assessed Risk
The auditor should use one, or a combination, of the following three approaches:
1. Obtain audit evidence from subsequent events;
2. Test how management made the accounting estimate; and/or
3. Develop an auditor’s point estimate or range.
2.3.1 Obtain Audit Evidence from Subsequent Events

In some circumstances, obtaining audit evidence from events occurring up to the date of
the auditor’s report may provide sufficient appropriate audit evidence to address the
risks of material misstatement. For example, the sale of all inventory of a discontinued
product shortly after the reporting date may provide sufficient appropriate audit evidence
relating to the estimate of its net realisable value.
(Subsequent events are considered in detail in Chapter 31.)
2.3.2 Testing How Management Made the Accounting Estimate

The auditor should obtain sufficient appropriate audit evidence relating to:
 Management’s selection and application of methods, significant assumptions and data used;
 Management’s selection of the point estimate (i.e. the amount recognised) and disclosures
about estimation uncertainty (i.e. why measurement cannot be precise).
This may be an appropriate approach when, for example:
 The auditor’s review of similar accounting estimates made in the prior period suggests that
management’s current period process is appropriate;
 The accounting estimate is based on a large population of similar items that are not
significant individually;
 The applicable financial reporting framework specifies how management is expected to
make the accounting estimate (e.g. the loss allowance for trade receivables);
 The accounting estimate is derived from the routine processing of data.
2.3.3 Auditor’s Point Estimate or Range

Developing an auditor’s point estimate or range may be an appropriate approach when,
for example:
 The auditor’s review of similar accounting estimates made in the prior period suggests that
management’s current period process is not expected to be effective;
 Controls over management’s process for making accounting estimates are not well
designed or properly implemented;
 Subsequent events or transactions appear to contradict management’s estimate;
 There are appropriate alternative assumptions or sources of relevant data can be used in
developing an auditor’s point estimate or a range.
Ways in which the auditor’s estimate can be developed include using, for example:
 A different model to the one used by management;
 Management’s model but with alternative assumptions or data sources to those used by
management;
 An expert to develop or execute a model or to provide relevant assumptions (see Chapter
18).
Example 1 Warranty Provision
Draco & Co is auditing the financial statements of Pilga Co, a manufacturer

of consumer electronics for sale in regional markets.
A significant audit area involving accounting estimates is the warranty
provision to be recognised for products sold.
All sale contracts include a warranty for manufacturing defects; Pilga Co
guarantees to repair or exchange faulty products returned within the
warranty period.
Historically, Pilga Co’s provision for warranty claims has been relatively
stable, with little change in the percentage claim rate or costs of meeting
claims.
During the year, Pilga Co expanded into a new regional market, increasing
sales by about 18%, and invested in a new offshore factory to produce its
products. There have been some concerns about the quality of output from
this factory and this had been evidenced by higher claims for the period.
Draco & Co has identified the measurement of the provision as a significant
risk as the current year provision has not increased.
In response to the assessed risk of misstatement, Draco & Co:
 Performs analytical procedures to compare the level of warranty
provision year-on-year and actual to budgeted provisions. If possible
the data is disaggregated, for example, comparing provisions for
specific product ranges.
 Discusses with management the assumptions underlying the
percentage claim rate used in calculating the provision and considers
whether these are consistent with its understanding of the business.
 Compares last year’s provision with actual expenditure on warranty
claims in the current year to assess the reasonableness of
management’s estimate.
Example 1 Warranty Provision
 Recalculates the warranty provision.

If Draco & Co concludes that the provision is materially understated, it will
report its findings to TCWG and ask that the financial statements be
adjusted.
Syllabus Coverage
D. Audit Evidence
2. Audit procedures
1. Discuss the problems associated with the audit and review of accounting estimates.
Technical Articles
to this chapter.

Visual Overview
Objective: To describe the extent to which auditors can rely on the work of others.
18.1.0 Introduction
1.0 Introduction
The expert may be either internal or external (e.g. in interpreting contracts and law, he
may be a partner in the audit firm's legal department, an organisation's internal solicitor,
the client's external lawyer or another unconnected lawyer).
Definition
Management's expert – an individual or organisation possessing

expertise in a field other than accounting or auditing, whose work in that
field is used by the entity to assist the entity in preparing the financial
statements. (ISA 500)
Auditor's expert – an individual or organisation with expertise in a field
other than accounting or auditing, whose work is used by the auditor in
obtaining sufficient appropriate audit evidence. (ISA 620)
18.1.1 Management's Expert (ISA 500)

1.1 Management's Expert (ISA 500)
1.1.1 Audit Evidence
Typical examples of management's use of an expert include:
 Asset valuations (e.g. land and buildings, plant and equipment, works of art, precious
stones, intangible assets).
 Quantities/physical condition of assets (e.g. mineral reserves, stockpiles, work on contracts
in progress).
 Legal services (e.g. expectation of a claim against the entity being negligible, possible or
probable).
Therefore, management's expert prepares information that the auditor may seek to use
as audit evidence.
Activity 1 Considering the Work of an Expert
Describe the matters that would affect the nature, timing and extent of audit procedures
when considering the work of an expert.
 The risks of material misstatement in the matter.
 The availability (and cost-benefit) of alternative sources of audit evidence.
 The nature, scope and objectives of the management's expert's work.
 Whether the management's expert is employed by the entity or is a party engaged by it to
provide relevant services.
 The extent to which management can exercise control or influence over the work of the
management's expert.
 Whether the management's expert is subject to technical performance standards or
professional or industry requirements.
 The nature and extent of any controls in the entity over the management's expert's work.
 The auditor's knowledge and experience of the management's expert's field of expertise.
 The auditor's previous experience of the work of that expert.
The auditor must consider the following factors in determining the reliability of the
expert's work:
 competence, capabilities and objectivity of the expert (see s.1.1.2);
 understandability of the expert's work (see s.1.1.3); and
 the appropriateness of the expert's work as audit evidence for the relevant assertion (see
s.1.1.4).
1.1.2 Competence, Capabilities and Objectivity

Definition
Competence – possession of a level of expertise.

Capability – the ability to exercise competence.
Objectivity – the possible effects that bias, conflict of interest or the
influence of others may have on the expert's judgment.
When assessing the competence of management's expert, the auditor considers:
 Personal experience from previous work of the expert (e.g. through the same or another
client – professional scepticism must still be applied).
 Discussions with the expert (e.g. does he understand how his work relates to the audit?).
 Discussions with others who are familiar with the expert's work.
 Knowledge of that expert's qualifications, membership of a professional body or industry
association, licence to practice or other external recognition. A "recognised" expert will be
subject to professional standards.
 Published papers or books written by that expert.
An auditor's expert, if any, assists the auditor in obtaining sufficient appropriate audit
evidence on information produced by the management's expert.
When assessing the capability of the expert, the auditor should evaluate the effect of
any limitations placed on the expert's work by the client.
The auditor should:
 Discuss with management and the expert if any interests and relationships exist that may
threaten the expert's objectivity. Where the client directly employs the expert, this does not
automatically mean that his work cannot be relied on, but that the threat is increased (and
therefore the auditor's professional scepticism).
 Evaluate the adequacy of any applicable safeguards.
Activity 2 Threats to Objectivity
List and give examples of threats that may affect the objectivity of a management
expert.
Threats cover: Key examples are:
 financial interests (e.g. shares, loans, overdue

 self-interest; fees);
 business and personal relationships (e.g. fee

dependence, family in key management positions);
 self-review; and
 familiarity; 
 advocacy;  provision of other services (e.g. fear of losing

and client).
 intimidation. 
1.1.3 Understanding the Work of the Expert

An understanding of the field of expertise of management's expert should be obtained,
including:
 the relevance of the expert's work to the audit assertions;
 the auditor's ability to understand and evaluate the expert's work and findings;
 applicable professional standards or other requirements;
 assumptions and methods used by the expert and whether they are generally accepted in
the expert’s field and appropriate for financial reporting purposes;
 the nature of the internal and external data used by the expert; and
 the need for the auditor (i.e. the engagement partner) to use an auditor's expert.
The terms of reference between management and management's expert (e.g. letter of
engagement, written instructions and internal procedures manual) should be reviewed,
including:
 the nature, scope and objectives of the expert's work;
 the assumptions and methods to be used;
 access to appropriate records and personnel;
 respective roles and responsibilities;
 the nature, timing and extent of communications; and
 the form/content of the expert's report (in writing), including limitations of use.
1.1.4 Evaluation of Expert's Work

The appropriateness of the expert's work should be assessed in relation to the relevant
assertions. For example, attending a physical count (existence) or a valuation of work-
in-progress on a building site (existence, stage of completion for valuation). This may
include evaluating:
 the relevance and reasonableness of the expert's findings or conclusions their consistency
with other audit evidence, and whether they have been appropriately reflected in the
financial statements;
 the relevance and reasonableness of significant assumptions and methods used;
 the relevance, completeness and accuracy of sources of data; and
 the relevance and reasonableness of information from an external source.
Wherever possible, the expert's opinion should be corroborated and reviewed for
consistency with other sources of evidence. For example:
 Correspondence (e.g. regarding legal disputes).
 Client or auditor "reasonableness" calculations (e.g. for inventory valuations).
 Minutes of board meetings.
Example 1 Evaluation of an Expert’s Work
When evaluating a surveyor's report on the revaluation of an office

building, the following matters would be considered relevant to the auditor's
knowledge:
 report addressed to the client;
 building identified (e.g. address, photograph);
 terms of reference referred to;
 basis of valuation (freehold, leasehold, existing use);
 assumptions made;
 calculations re-performed; and
 valuation comparable to similar buildings in the local market.
1.1.5 Reservations
Any reservations about the work of management’s expert may be should be discussed
with management and documented.
Additional audit procedures may be undertaken (i.e. evidence is not sufficient) or the
evidence of another expert may be sought.
If the auditor is unable to obtain sufficient appropriate audit evidence, the implications
for the auditor's report of the limitation on scope should be considered under ISA 705
(see Chapter 30).
Example 2 Reservations about the Work of Management’s Expert
Farawat & Co is performing the audit of RBG Co, a firm specialising in

property development and management. The company’s main sources of
revenue are sale proceeds and rental income, as well as fees for property
management.
Farawat & Co is considering the valuations of the properties made by RBG
Co’s experts and has some concerns about management’s experts:
1. RBG Co experiences a high turnover of experts and the current expert has
only been employed for three months.
2. Each expert has a preferred methodology and some valuations on the same
property are materially different.
3. Experts do not appear to apply their valuation methodologies consistently to
similar properties.
18.1.2 Auditor's Expert (ISA 620)

1.2 Auditor's Expert (ISA620)
The main difference between the management's expert and the auditor's expert is who
employs/engages them. Many of the considerations are broadly the same. In many
complex cases, both the client and the auditors will use their own experts.
Key point
The auditor's objectives are:

 to determine whether to use the work of an auditor's expert; and
 if using the work of an auditor's expert, to determine whether that work is
adequate for the auditor's purposes.
1.2.1 Need for
If specific expertise, other than accounting or auditing, is required to obtain sufficient
appropriate audit evidence, the auditor will need to rely on the work of an appropriate
expert. The engagement partner will exercise professional judgment in deciding whether
sufficient appropriate audit evidence can be obtained from the work of the
management's expert, if any, or if an auditor's expert is needed.
Typically, an auditor's expert may be needed:
 Where the work of management's expert does not provide sufficient appropriate audit
evidence.
 In interpreting contracts or laws and regulations.
 If there are complex or unusual tax compliance issues.
The auditor's expert may be needed to assist the auditor in:
 Identifying and assessing the risks of material misstatement.
 Determining and implementing overall responses to assessed risks at the financial
statement level.
 Designing and performing further audit procedures to respond to assessed risks at the
assertion level, comprising tests of controls or substantive procedures.
 Evaluating the sufficiency and appropriateness of audit evidence obtained in forming an
opinion on the financial statements.
Many audit firms have separate departments and expert staff that are integrated with
audit teams or who carry out audits on specialised clients in their field of expertise (e.g.
hotels and leisure industry).
1.2.2 Competence, Capabilities and Objectivity

The expert is considered a member of the audit team and should show the same
competence, capability and objectivity (and independence) as the auditor. Even where
the expert is from the same firm but a different department, the audit partner must be
sure of his competence, capability and objectivity – just as for any member of the audit
team.
The approach is very similar to that of a management's expert. Where the auditor's
expert is an external agent, care must be taken to ensure that the expert is independent
of the client.
1.2.3 Understanding the Expertise of the Expert

Again, the approach will be similar to that of the management's expert. The difference is
in the use that is made of that understanding.
Understanding the auditor's expert allows the engagement partner to:
 determine the nature, scope and objectives of the expert's work for the engagement
partner's purposes; and
 evaluate the adequacy of the work carried out by the expert.
Where necessary, the engagement partner agrees in writing, with the auditor's expert,
the following:
 the nature, scope and objectives of the expert's work;
 the respective roles and responsibilities of the auditor and the expert;
 the nature, timing and extent of communication between the auditor and the expert,
including the form of any report to be provided; and
 the need for the auditor's expert to observe confidentiality requirements. An engagement
letter will not be issued where the expert is effectively "embedded" in the audit firm. The
detail will usually be included in the audit plan. An "embedded" expert will also be subject to
the firm's ethical and quality requirements.
1.2.4 Evaluation of Expert's Work

Broadly the same approach as for the management's expert. Just because an auditor's
expert may be part of the same firm does not mean that his work can be accepted
without review and understanding by the engagement partner.
The expert is treated as is any member of the audit team (i.e. his work is reviewed).
1.3 Reporting
1.3.1 Insufficient or Inconsistent Evidence

The reasons for the insufficiency or inconsistency must be ascertained (e.g. if the expert
did not adhere to the terms of reference). Was the scope insufficient?
 If insufficient, the auditor must consider other means of obtaining the audit evidence
needed. This includes the use of other experts.
 If inconsistent, which audit evidence is reliable? Is there doubt about the evidence obtained
from the entity or the expert's competence? Reasons for inconsistency must be established
and appropriate action taken (e.g. further work carried out).
In extreme cases, doubt may be cast on the integrity of management, which would have
implications for other audit areas where representations have been given.
1.3.2 Reference to Expert

If the audit opinion is unmodified, the auditor must not refer to an auditor’s expert
unless required by law or regulation. (Such a reference might suggest some division of
responsibility which would be inappropriate.)
The auditor's responsibility is to provide an opinion based on the work carried out,
including the expert's work. The auditor assumes responsibility for the expert's work and
his findings.
If reference to an expert is relevant to understanding a modification to the audit
opinion, the auditor:
 Must again state that it does not reduce the auditor’s responsibility for the opinion;
 May need to obtain the expert's permission before making such a reference.
1.3.3 Modified Opinions

Examples that may lead to modified opinions include:
 The auditor is unable to obtain all the evidence required to be able to form an opinion (e.g.
management is unable or unwilling to obtain expert evidence when required or refuses to
allow the auditor's expert access to confidential information).
 The auditor disagrees with an assertion made by management – material misstatement (e.g.
management refuses to accept the counter opinion of the auditor's expert).
18.2.0 Introduction
2.0 Introduction
Key point
When an audit client has an internal audit function, the external auditor
must determine whether, in which areas, and to what extent:
 the work of internal audit can be used, and
 internal auditors can provide direct assistance.
Definition
Direct assistance – the use of internal auditors to perform audit

procedures under the direction, supervision and review of the external
auditor.
The external auditor will seek to place reliance on the work of internal audit as audit
evidence. Using that work will modify the nature and timing and/or reduce the extent of
the external auditor's work; it should be an effective and efficient audit approach.
18.2.1 Activities
2.1 Activities
The relevant standard is ISA 610 Using the Work of Internal Auditors.
Key point
The external auditor has sole responsibility for the audit opinion expressed.
This responsibility cannot be reduced regardless of the scope and quality
of the internal audit function.
Although the objectives of internal audit and external audit differ, there often is overlap
in their work.
Neither internal auditors nor external auditors can dictate the other's work programme.
They can, however, assist each other by:
 sharing information obtained for planning purposes;
 discussing business developments with key personnel;
 discussing materiality, risk assessments and audit objectives;
 reviewing each other's work plans and programmes; and
 liaising on the timing of internal audit reviews to allow the external auditor to use
their findings.
18.2.3 Whether to Use

2.3 Whether to Use
2.3.1 Nature and Extent of Work to Be Used

Key point
The external auditor must make all significant judgments in the audit engagement.
Significant judgments include:
 Assessing the risks of material misstatement;
 Evaluating the sufficiency of tests performed;
 Evaluating the appropriateness of management's use of the going concern
basis;
 Evaluating significant estimates;
 Evaluating the adequacy of financial statement disclosures and other matters
affecting the auditor's report.
The external auditor should consider the nature and scope of internal audit work and its
relevance to the overall audit strategy and plan.
The external auditor should use less internal audit work and perform more of the audit
work directly when:
 more judgment is involved (e.g. in performing procedures and evaluating evidence);
 the assessed risk of material misstatement is higher at the assertion level; and
 the internal audit function is less objective or less competent.
The external auditor should communicate the planned use of the internal audit function
when communicating the planned scope and timing of the audit to TCWG.
2.3.2 Evaluating the Internal Audit Function
The external auditor should determine whether to use internal audit work by evaluating:
 Whether the objectivity of the internal auditors is supported by organisational status and
relevant policies and procedures.
 The level of competence of the internal auditors.
 Whether the internal audit function applies a systematic and disciplined approach, including
quality control.
Key point
The external auditor should not use the work if internal audit is not competent and
objective or does not apply a systematic and disciplined approach.
Factors that affect the assessment of the internal auditor's objectivity include:
 Whether internal audit reports to TCWG. If reporting to management, the internal auditor
should have direct access to TCWG.
 Whether it is free of conflicting responsibilities (e.g. management or operational duties
outside of internal audit).
 Whether TCWG oversee employment decisions related to internal audit.
 Whether management or TCWG have placed constraints or restrictions on internal audit.
 Whether internal auditors are members of a professional body.
Factors that affect the assessment of the internal auditor's competence include:
 Whether the internal audit function has enough resources given the size of the entity and the
nature of its operations.
 Whether there are established policies for hiring, training and assigning internal auditors.
 Whether the internal auditors have:
o adequate technical training and proficiency in auditing;
o the knowledge and skills necessary to perform work related to the financial
statements.
 Whether the internal auditors are members of relevant professional bodies.
Key point
The higher the combined levels of competence and objectivity, the greater the
potential use of internal audit work. However, a high level of objectivity cannot
compensate for lack of competence (or vis versa).
Internal audit should be distinguishable from other monitoring control activities by its
systematic and disciplined approach to planning, performing, supervising, reviewing and
documenting its activities. Evidence of this should include:
 documented internal audit procedures; and
 appropriate quality control policies and procedures.
18.2.4 Using the Work

2.4 Using the Work
2.4.1 Essential Procedures
Key point
If it is to be used, the work of internal audit should be evaluated and tested to

confirm its adequacy.
The external auditor should discuss plans to use the internal auditor's work with them, to
coordinate their respective activities.
The external auditor should perform sufficient audit procedures on internal audit work to
determine that it is adequate for the audit, including whether:
 the work was properly planned, performed, supervised, reviewed and documented;
 sufficient appropriate evidence was obtained to enable the internal auditors to form
reasonable conclusions; and
 conclusions reached were appropriate.
The nature and extent of the external auditor's procedures are based on:
 the amount of judgment involved;
 the assessed risk of material misstatement; and
 the objectivity and competence of the internal auditors.
2.4.2 Documentation
The following matters must be documented:
 Whether internal audit's organisational status and relevant policies and procedures
adequately supported their objectivity.
 The level of competence of internal audit.
 Whether a systematic and disciplined approach was used, including quality control.
 The nature and extent of the work used and the basis for that decision.
 The audit procedures performed by the external auditor to evaluate the adequacy of the
internal audit work used.
Example 3 Planned Uses
 Documentation of internal controls and procedures by internal audit. The

external auditor would carry out walk-though testing to assess the reliability of
the documentation.
 Effectiveness of controls requiring observation.
o The external auditor can only observe the operation of controls
while at the entity's premises. Internal audit may be able to monitor
continuously.
o Procedures, reports and actions would be reviewed by the external
auditor and reconciled to their on-site observations.
 Development of computer-based systems and controls.
o Internal audit would be able to conduct quality control testing of the
systems development life cycle from initial feasibility studies, design and
programming through implementation.
Example 3 Planned Uses
o It also would ensure that appropriate financial (and other) controls

were built into the system.
o External audit would review procedures and deliverables of internal
audit plus selective testing of new systems using CAATs.
 Continuous auditing of computer-based systems. Internal audit may use
CAATs to audit the operation and effectiveness of computer-based controls
continuously.
 External audit would assess the procedures used (including the CAAT
programs), the reports produced, and actions taken. It would use its CAAT
programmes to test the work of internal audit selectively.
 Inventory and other material assets are held at different locations.
o Internal audit may observe, for example, year-end inventory
procedures at some locations with the external auditor observing the rest.
o Visits would be rotated each year, but the external auditors would
ensure that they cover all high-risk locations each year.
o Similar procedures could be used to verify the existence of non-
current assets.
In all cases, the auditors must skill understand the business, its
environment and internal control. They cannot abdicate to the internal
auditors.
18.2.5 Direct Assistance

2.5 Direct Assistance
Internal auditors can provide direct assistance to external auditors unless

prohibited by law or regulation.
Key point
Direct assistance may be prohibited (e.g. in an audit conducted in

accordance with ISAs (UK and Ireland)).
If the external auditor plans to use the internal auditors to provide direct assistance, he
should evaluate the threats to the objectivity and the level of competence of the internal
auditors.
Key point
Internal auditors cannot provide direct assistance if there are significant

threats to their objectivity or the internal auditors lack sufficient
competence.
The nature and extent of the planned use of the internal auditors in providing direct
assistance should be communicated to TCWG and mutual agreement reached that
such use is not excessive.
The external auditor cannot use internal auditors to perform audit procedures that
relate to:
 Making judgments in the audit;
 Areas of higher assessed risks of material misstatements;
 Work performed by the internal auditors that will be reported to management and
TCWG;
 Decisions made by the external auditor regarding the internal audit function and the
use of its work or direct assistance.
Before using the internal auditors to provide direct assistance, written
agreements should be obtained from:
 An authorised representative of the client – that the internal auditors will be allowed
to follow the external auditor's instructions and the client will not intervene; and
 The internal auditors – that they will keep audit matters confidential and will inform
the external auditors regarding any threats to their objectivity.
The external auditors are responsible for directing, supervising and reviewing the work
of the internal auditors.
18.3.0 Introduction
3.0 Introduction
Definition
Service organisation – a third-party organisation that provides services to

user entities that are likely to be relevant to user entities' internal control
related to financial reporting.
ISA 402 Audit Considerations Relating to an Entity Using a Service Organization deals
with the user auditor’s responsibility to obtain sufficient appropriate audit evidence when
a client uses a service organisation.
A service organisation may provide its services to many (related or unrelated) entities or
be dedicated to one entity.
Key point
The objectives of the user audit are:

 To obtain an understanding of the services provided and their effect on
the audit client's system of internal control, sufficient to identify and
assess the risks of material misstatement; and
 To design and perform audit procedures responsive to those risks.
18.3.1 Use by Client
3.1 Use by Client
Examples of services relevant to the audit include:

 Maintaining accounting records;
 Initiating, recording or processing transactions (e.g. payroll);
 Asset management (e.g. leasing of vehicles); and
 Finance functions (e.g. credit control, debt factoring).
If the service provider initiates and executes transactions (e.g. credit or payment
authorisation), its policies and procedures will affect the client's accounting functions
and controls.

Key point
The auditor must identify and assess the risk of material misstatement in
the financial statements. Where control activities are at the service
organisation, the user auditor must still evaluate their design and determine
whether they have been implemented.
Example 4 Service Organisation
A service organisation will be part of a user entity's information system

(including related business processes) relevant to financial reporting if its
services affect any of the following:
 significant classes of transactions in the user's financial statements;
 the procedures (electronic and manual) by which the user's transactions
are captured, initiated, recorded, processed, corrected as necessary,
transferred to the general ledger and reported in the financial
statements;
 the related accounting records (electronic or manual), supporting
information and specific accounts in the user's financial statements;
 how the user's information system captures other events and conditions
that are significant to the financial statements;
 the financial reporting process used to prepare the user's financial
statements, including significant accounting estimates and disclosures;
 controls over journal entries, including non-standard entries that record
non-recurring, unusual transactions or adjustments.
If the service organisation's involvement is considered to be significant, the user auditor
must understand that organisation's business, its environment and controls and, where
appropriate, consider the approach to test the effectiveness of the controls.

3.3 Obtaining an Understanding
Many sources of information may be used to understand the effect of the service
organisation, its services and necessary controls.
3.3.1 From the Client

Information about the services provided may be obtained from a wide range of sources
available from the client, for example:
 Relationship between the audit client and service provider, the nature of the services
provided and contractual terms.
 The nature and materiality of the transactions processed, the financial reporting processes
and relevant assertions.
 The significance of the services to the client and effects on internal control.
 The controls exercised by the client over the service provider's processes and monitoring of
its activities (e.g. input/output controls to ensure completeness, accuracy, validity).
 User and/or technical manuals that the service organisation provides to the client.
 Third-party reports on the service organisation's controls (e.g. reports by internal or external
auditors or regulatory agencies).
 Experience of the service provider (if used by other audit clients).
Contractual terms will typically cover responsibilities, activities undertaken, maintenance
and ownership of data, rights to access data and communicate with auditors, access to
reports issued by the service provider's auditors and regulators (if any), data protection,
and non-performance criteria and dispute resolution.
3.3.2 Further Understanding

The auditor’s understanding must be sufficient to identify and assess the risks of
material misstatement. If understanding from the client alone is insufficient, the auditor
should obtain further understanding, for example, by:
 Obtaining a type 1 or type 2 report, if available (see s.3.6);
 Contacting the service organisation, through the client, to obtain specific information;
 Visiting the service organisation and performing procedures to provide the necessary
information about the relevant controls; or
 Using another auditor (with the client’s agreement) to perform procedures that provide the
necessary information.
18.3.4 Assessing Risk

3.4 Assessing Risk
Much of the detail noted above will provide the auditor with sufficient knowledge to
asess the client's (user) risks related to the service provider.
From this understanding of the controls over the service provider (and processes) in
operation at the client, the auditor may decide that appropriate (sufficient) audit
assurance can be obtained without further work on controls at the service provider. In
this case, the auditor would only need to assess the design and implementation of the
controls in operation at the client.
Example 5 Controls at the Client
Appropriate records of assets and transactions dealt with by the service

organisation are kept and regularly reconciled by the client.
Reconciliations (e.g. control totals) and reviews/re-computation of data sent
to and received from the service provider are regularly carried out, such as:
 comparison of payroll totals;
 analytical procedures on key indicators (e.g. tax deductions); and
 re-computation of a sample of individual employee payslips.
Only if the client's controls do not provide sufficient assurance, the auditor will need to
engage with the service organisation directly.
Activity 3 Risks of Outsourced Accounting Functions
Using the following guidelines, classify the following examples of outsourced accounting
functions as high, medium or low risk.
 High-risk functions are relatively costly to insource once outsourced, require effective
controls and business knowledge, and carry a high cost of performance failure. Sufficient
audit assurance cannot usually be obtained without considering controls in operation at the
service provider.
 Medium-risk functions include those which relate to discrete functions but require some
business knowledge.
 Low-risk functions require little judgment, are non-complex and relate to discrete functions;
outsourcing can be relatively easily rearranged. Sufficient audit assurance can usually be
obtained through controls in operation at the client.
Low/Medium/High

Processing salary payments
Credit control
Data entry
Low/Medium/High

Maintenance of accounting records
Preparation of budgets and control reports
Leasing arrangements (e.g. of vehicles)
Business records of a retail business
Invoice preparation
Low/Medium/High
Processing salary payments Low
Credit control Medium
Data entry Low
Maintenance of accounting records High
Preparation of budgets and control reports High
Leasing arrangements (e.g. of vehicles) Medium
Business records of a retail business High
Invoice preparation Low
18.3.5 Responding to Assessed Risks

3.5 Responding to Assessed Risks
For a "simple processing facility" (e.g. payroll processing), the user should have
sufficient batch or other controls to ensure that the data sent has been accurately
processed and returned. The user's auditor should then be able to obtain sufficient
assurance from the client's controls.
However, if sufficient appropriate audit evidence concerning relevant assertions is not
available from records held at the user entity, the user auditor (or another auditor on the
user auditor’s behalf) must perform further audit procedures.
Audit evidence about the operating effectiveness of controls at the service organisation
may be obtained from one or more of the following:
 Obtaining a type 2 report, if available (see s.4.6);
 Performing appropriate tests of controls at the service organisation (or using another
auditor to perform such tests).
18.3.6 Assurance Reports

3.6 Assurance Reports
3.6.1 Two Types

In obtaining an understanding of the service organisation's control system and its
implementation, and (if appropriate) in testing the effectiveness of the controls, the
auditor may conclude that sufficient appropriate audit evidence can be obtained through
reliance on an assurance report issued by the service organisation's auditor.
There are two types of assurance reports:
 A Type 1 report deals with the design and implementation of the control systems and
should always be obtained to understand the control system.
 A Type 2 report also covers the effectiveness of the control system and is obtained when
audit assurance is sought from reliance on control effectiveness.
In seeking to place reliance on the assurance report, the entity's auditor should
consider:
 the competence and independence of the service organisation's auditor; and
 the adequacy of the standards under which the report is issued.
The same principles apply as when an auditor uses the work of others.
3.6.2 Report Contents
A Type 1 report only provides the auditor with an understanding of the design of internal
controls and whether or not they have been implemented. It does not give any
assurance on the effectiveness of the operation of the controls.
For a Type 2 report, the auditor must consider that the controls tested by the service
provider's auditor are relevant and adequate concerning the audit client's transactions,
balances, disclosures and assertions. In particular, the controls tested must cover the
client's financial year, rather than the service provider's financial year.
Type 1 Type 2
As for Type 1 plus an opinion on the
operating effectiveness of the controls
based on tests of such controls. For
example:
 The description, as noted on page [xx],
fairly presents the [type or name of]
system as designed and implemented
throughout the period from [date] to
A description of the service
[date];
organisation's internal control
 The controls related to the control
systems (usually prepared by the objectives stated in the description were
organisation's management and suitably designed throughout the period
appended to the report). from [date] to [date]; and
 The controls tested, which were those
An opinion by the service necessary to provide reasonable
organisation's auditor (as shown assurance that the control objectives
by the first two Type 2 bullet stated in the description were achieved,
points) on: operated effectively throughout the
 the accuracy of the description; period from [date] to [date].
 the suitability of design to meet Details of the tests carried out and the
stated objectives; and nature, timing and results would be
 whether or not the controls appended to the report.
have been implemented.

If the entity's auditor requires substantive procedures to be carried out at the service
organisation (e.g. inspection of records or assets held), such procedures may:
 be treated as an "agreed-upon procedure" between the service organisation and its auditors,
with an appropriate report being provided by the service organisation auditors; or
 carried out during a visit to the service organisation by the client's auditor; or
 carried out as an agreed-upon procedure with an independent third party firm of auditors.
Exam advice
The specific detail of agreed-upon procedures is outside of the scope of the AA

syllabus.
18.3.7 Auditor's Report on the Financial Statements

3.7 Auditor's Report on the Financial Statements
In most jurisdictions, an entity's auditor is solely responsible for his audit opinion; there
should be no reference to third-party opinions or work (e.g. the service organisation's
Type 1 or 2 report) in the auditor's report.
A limitation on the scope of the audit exists if the auditor concludes that he has been
unable to obtain sufficient appropriate audit evidence regarding the services provided by
the service organisation.
Example 6 Matters Giving Rise to Limitation of Scope
 Insufficient understanding of the services provided.

 Inability to obtain appropriate Type 1 or 2 reports.
 Inability to verify operating effectiveness of controls.
 Lack of access to appropriate records held at the service organisation.
Syllabus Coverage
D. Audit Evidence
6. The work of others
1. Discuss why auditors rely on the work of others.
2. Discuss the extent to which external auditors are able to rely on the work of experts,
including the work of internal audit.
3. Explain the audit considerations relating to entities using service organisations.
4. Explain the extent to which reference to the work of others can be made in the independent
auditor's report.
Technical Articles
 Using the work of internal auditors (s.2.5)

Visual Overview
Objective: To identify and describe audit sampling and other selective testing
procedures.
ISA 500 Audit Evidence requires that sufficient appropriate audit evidence be obtained.
In designing tests, the auditor determines how to select items that will be effective in
meeting the purpose of the test. That will be any or a combination of:
 selecting all items (100% examination);
 selecting specific items; and
 audit sampling.
1.1.1 Selecting All Items

Selecting all items is most likely to be suitable:
 For a population of a small number of large value items (e.g. non-current asset additions).
 When a significant risk exists and other methods do not provide sufficient appropriate
evidence.
 When the repetitive nature and reliability of an operation (e.g. performed automatically by an
information system) makes a 100% examination cost-effective.
100% examination is unlikely to be suitable for tests of controls and is more common for
tests of details.
1.1.2 Selecting Specific Items
The judgmental selection of specific items may include:
 High-value or key items (e.g. suspicious, unusual, risk-prone, or with a history of
misstatement).
 All items above a certain amount (e.g. performance materiality level). It is likely to be
material if a misstatement is discovered in this population.
 Items to obtain information (e.g. about the nature of the entity or transactions).
Judgmental selection is subject to non-sampling risk (see definition in s.1.2).
1.1.3 Audit Sampling (ISA 530)

Definitions
Audit sampling – applying audit procedures to less than 100% of items in

a population, such that all sampling units have a chance of selection, in
order to draw a conclusion about the population.
Activity 1 Why Not 100%
Suggest reasons why it is unnecessary for an auditor to carry out tests on all the
transactions and balances of a business.
Cost/benefit – testing all transactions and balances would incur higher costs without
meaningfully reducing detection risk.
Time – the additional time it could take to test all transactions and balances might result
in undue delay in issuing the financial statements.
Reasonable assurance – the auditor’s responsibility is to obtain reasonable assurance;
this is not a guarantee.
Materiality – the auditor concludes on whether the financial statements are free from
material misstatement; this does not require 100% accuracy.
19.1.2 Terminology
1.2 Terminology
Definitions
Anomaly – a misstatement or deviation that is demonstrably not

representative of misstatements or deviations in a population (e.g. because
it arises from an isolated event that has not reoccurred other than on
specifically identifiable occasions).
Key Point
ISA 530 does not use the term “error” but distinguishes between:
 Misstatement (i.e. a monetary difference) identified by a test of details;
and
 Deviation (i.e. when an internal control procedure has not been applied
as prescribed) as identified by a test of controls.
Definitions
 Population – the entire set of data from which the auditor wishes to
sample (e.g. all items in an account balance or a class of transactions).
 Sampling risk – the risk that arises from the possibility that the
auditor's conclusion, based on a sample, may be different from the
conclusion that would be reached if the entire population were
subjected to the same audit procedure.
Sampling risk can lead to two types of incorrect conclusions that affect the effectiveness
or efficiency of the audit:
1. effectiveness – the risk the auditor will conclude that control risk is lower than it
actually is (conclude that controls are more effective than they actually are) or that
for a test of details, a material misstatement does not exist when in fact, it does.
These risks affect audit effectiveness and are more likely to lead to an inappropriate
audit opinion.
2. efficiency – the risk the auditor will conclude that control risk is higher than it
actually is (conclude that controls are less effective than they actually are) or for a
test of details that a material misstatement exists when in fact, it does not. These
risks affect audit efficiency, as they required additional work to show that the initial
conclusions were incorrect.
Key Point
The smaller the sample size, the greater the sampling risk.
Definitions
Confidence level – the mathematical complement of risk (e.g. 5% risk =

95% confidence).
Non-sampling risk – arises from factors that cause the auditor to reach an
erroneous conclusion for any reason not related to the size of the sample.
For example, the auditor might use inappropriate procedures or
misinterpret evidence and fail to recognise a deviation or misstatement.
(Judgmental selection is subject to non-sampling risk.)
Sampling unit – the individual items that constitute a population, for
example credit entries on bank statements, sales invoices, trade receivable
balances or a monetary unit ($1).
Definitions
Statistical sampling – any approach to sampling that has the following

characteristics:
a. random selection of a sample; and
b. use of probability theory to evaluate sample results, including
measurement of sampling risk.
Key Point
A sampling approach that does not have both characteristics is non-

statistical sampling.
Definitions
Stratification – the process of dividing a population into subpopulations,

each of which is a group of sampling units with similar characteristics
(usually monetary value).
Tolerable misstatement (in tests of details) – the highest misstatement
that could occur before the population would be considered materially
misstated.
Tolerable rate of deviation (in tests of controls) – the highest deviation
rate (i.e. the proportion of items with deviations from controls) the auditor
could accept and still conclude that the design and operation of an internal
control over the population is effective.
Tolerable misstatement reflects the application of performance materiality to a sampling
procedure; it cannot be greater than performance materiality.
The tolerable deviation rate may be zero (i.e. any deviation in a control must be
investigated)
19.2.1 Stages
2.1 Stages
For both statistical and non-statistical audit sampling, the stages in the sampling
process include:
 sample design;
 sample size;
 sample selection;
 performing audit procedures ("testing"); and
 evaluating results.
The distinction between statistical and non-statistical audit sampling is considered later
in s.3.
19.2.2 Design
2.2 Design
Matters to be considered when designing an audit sample include:

 Specific purpose to be achieved (the test objective);
 The nature of the audit evidence sought;
 Evidence that the population from which the sample is drawn is complete;
 Characteristics of the population;
 What will be regarded as a deviation or misstatement (e.g. when testing collectability
of receivables, reconciling items – cash or goods in transit – would not be
considered misstatements); and
 Whether the approach will be statistical or non-statistical.
19.2.3 Sample Size

2.3 Sample Size
Key Point
 The sample size should be sufficient to reduce sampling risk to an acceptably

low level.
 In general, the lower the sampling risk the auditor is prepared to accept, the
greater the sample size will need to be.
 The sample size can be determined statistically or using professional
judgment.
Different firms use different methodologies to determine sample sizes (e.g. based on
population value and performance materiality). For example, a minimum of 30 and a
maximum of 60 randomly selected items for a “robust” sample (i.e. representative of the
population as a whole).
Activity 2 Tests of Controls
For each of the following factors, decide whether the effect on sample size is an
increase, decrease or no effect.
1. Increase in intended reliance on operating effectiveness of internal controls.
2. Increase in the tolerable deviation rate.
3. Increase in the expected deviation rate.
4. Increase in confidence level (i.e. decrease in risk).
5. Increase in the number of sampling units in the population.
Sample
Factor size Explanation
To support a lower assessment of

CR will require larger sample
sizes for tests of control.
1. ↑Reliance on If zero assurance is placed on
internal controls ↑Increase controls, the sample size for
(i.e. ↓CR) testing controls would be zero
If the auditor is prepared to accept,

say, a 3% deviation rate rather than
1%, the amount of testing (and
2. ↑Tolerable ↓Decrease hence sample size) is reduced.
deviation rate
If a higher proportion of
deviations is expected (perhaps
because they are suggested by a
prior period or other findings)
more work (i.e. greater sample
size) is required.
Note: If deviation rates are
expected to be high, CR would be
3. ↑Expected ↑Increase the same as IR;
deviation rate therefore, no tests of control.
More confidence requires more

audit work (i.e. larger sample
sizes).
If the confidence (assurance) is to
4. ↑Confidence ↑Increase be 100%, the entire population
(i.e. ↓Risk) would need to be tested.
A large population has little, if any,

effect on the sample size (e.g. a
sample size may be 100 regardless
of whether the population contains
1,600 items, 16,000 items or
160,000 items). For small
populations, evidence is usually
gathered by selective testing
procedures other than audit
Negligible sampling.
5. ↑Population
Activity 3 Tests of Details
For each of the following factors, decide whether the effect on sample size is an
increase, decrease or no effect.
1. Increase in the auditor’s assessment of the risk or material misstatement.
2. Increase in the use of other substantive procedures aimed at the same assertion.
3. Increase in confidence level (i.e. decrease in risk).
4. Increase in tolerable misstatement.
5. Increase in expected misstatement.
6. Stratification of the population.
7. Increase in the number of sampling units in the population.
Sample
Factor size Explanation
Consider the audit risk model. If

RoMM is higher, DR must be
reduced – by doing more
↑Increase substantive work (i.e. greater
1. ↑RoMM sample sizes).
If assurance is (to be) obtained by

analytical procedures, less
2. ↑Other assurance is required from tests of
substantive ↓Decrease details.
procedures
↑Increase As for Solution 2

3. ↑Confidence
If the auditor is prepared to accept

a higher $ misstatement, the
amount of testing (and hence
4. ↑Tolerable Decrease↓ sample size) is reduced.
misstatement
More work (i.e. larger sample size)

is required if more misstatements
5. ↑Expected ↑Increase are expected.
misstatement
The aggregate of the sample sizes

from the strata will usually be less
than that of a single sample drawn
↓Decrease from the whole population.
6. Stratification
As for Solution 2. However, an
increase in the monetary value of a
population may increase sample
size unless materiality is increased
Negligible proportionately.
7. ↑Population
19.2.4 Selection
2.4 Selection
Key Point
 In audit sampling, all sampling units must have a chance of selection, by

definition. It is important to avoid bias when selecting a representative sample.
 For statistical sampling, sample items must be randomly selected.
The principal sample selections methods are:
 random selection;
 systematic (interval) selection;
 haphazard selection;
 block sampling; and
 monetary unit sampling.
2.4.1 Random Selection

A random sample may be selected using random number tables or a computerised
random number generator.
2.4.2 Systematic (Interval) Selection

Systematic selection uses a constant interval (number of population units divided by the
sample size) between items selected (with a random start). For example, every 20th
voucher number.
Care must be taken to ensure that the population is randomly distributed and that no
bias is introduced due to how the population is structured.
Example 1 Systematic Selection
The auditor of Jolly Co is to perform tests of details on the sales for the
year ended 31 December 20X1. The recording of a sales transaction is
initiated by a goods dispatch note. The first and last goods dispatched
notes raised in the year to 31 December 20X1 are numbered 10,500 to
15,496 respectively.
Example 1 Systematic Selection
The sample size is to be 50, so the sampling interval is 100 (15,496 −

10,500)/50 = 99.9). A random number generated between 1 and 100 is 42
The first goods dispatch note number to be selected is therefore 10,542
(10,500 + 42). Each 100th goods dispatch note will be selected thereafter
(i.e. 10, 642, 10742 …) until the sample size reaches 50.
Systematic selection may be “value-weighted” using monetary unit values rather than
the items as the sampling population (e.g. monetary unit sampling).
2.4.3 Monetary Unit Sampling (MUS)
In MUS, items are selected from the specific monetary units (e.g. dollars) that make up
the population. Each unit has the same (i.e. equal) chance of selection, but the
likelihood of each item in the population being selected is "value-weighted".
Having selected the monetary units from the population, the auditor will examine each
balance (e.g. amounts receivable from specific customers) that contains each unit
selected. (Or, if the population is made up of transactions, the auditor examines each
transaction that includes each selected unit.)
This sample selection method will test the higher-value items because they have a
greater chance for selection, resulting in a smaller sample size. Any amount in the
population that exceeds the sampling interval is guaranteed to be selected.
Example 2 Monetary Unit Sampling
A company’s trade receivables balance is $500,000 and includes 900

customer accounts. The auditor selects the sample for the external
confirmation (see Chapter 24) of trade receivables using monetary unit
sampling. He selected a random start of $300 and used a sampling interval
of $5,000. The auditor will therefore select the customer accounts that
include the $300, $5,300, $10,300, $15,300 etc. These are identified by
looking at the cumulative monetary amounts of the balances as follows:
Balance Cumulative total
Customer account $ $
1 150 150
2 800 950^
3 1,400 2,350
Example 2 Monetary Unit Sampling
4 4,350 6,700^
5 2,300 9,000
6 4,900 13,900^
7 8,500† 22,400^
8 990 23,390
9 6,000† 29,390^
10 1,500 30,890
… … …
900 1,000 500,000
^ Balances including the selected dollar(s) are included in the sample.

† All items in the population greater than the sampling interval must be
selected.
2.4.4 Haphazard Selection

Haphazard selection does not follow a structured technique. It may be an acceptable
alternative (to random methods), if conscious bias and predictability can be avoided.
2.4.5 Block Selection

In block sampling, all items selected are adjacent (e.g. all items on the same daybook
page, pre-numbered documents held in order and issued on the same day).
This approach is not generally appropriate because populations may be structured so
that items in a sequence have similar characteristics but different characteristics to
items elsewhere in the population. It does not allow the auditor to draw valid inferences
about the entire population based on the sample taken (e.g. characteristics on a
particular day may not be indicative of the whole year).
Block selection is mainly used for testing the completeness of populations (e.g.
sequence testing of pre-numbered goods despatch notes) before selecting a sample by
some other method.
19.2.5 Testing
2.5 Testing
Audit procedures appropriate to the test objective should be performed on each item
selected.
 If an inappropriate item is selected (e.g. a document made "void"), an appropriately
chosen replacement must be tested instead. There is no deviation or misstatement if
the item is properly voided.
 If the planned procedure cannot otherwise be performed (e.g. if a customer does not
reply to a direct confirmation request), a suitable alternative should be performed
(e.g. examination of after-date cash receipts).
 If no suitable alternative test can be performed, assume that item to be a deviation
or a misstatement.
19.2.6 Results
2.6 Results
Key Point
 The auditor must:

o consider the nature and cause of any deviations or
misstatements found during testing;
o consider their potential effect on test objectives and other
audit areas; and
o evaluate results to confirm or revise the preliminary
assessment of the relevant characteristic of the population.
 For statistical sampling, results must be evaluated using probability
theory.
All misstatements and deviations should be analysed to identify why they occurred and
whether they are isolated incidents or indicative of a common feature (e.g. type of
transaction, location, product line or period).
 If isolated, obtain corroborative evidence of the anomaly.
 If a common feature, identify the sub-population and extend audit procedures in the
sub-stratum.
For example, a deviation that is found to be isolated may not be indicative of the
population as a whole (e.g. a manual control was not operated on a particular day
because of specific circumstances that were found not to have been repeated).
Alternatively, such deviations and misstatements may indicate possible fraud (whether
isolated or sharing a common feature).
19.2.7 Projecting Misstatements

2.7 Projecting Misstatements
Key Point
 Monetary misstatements (i.e. derived from tests of details) in the

sample that indicate misstatements in the population should be
projected to the population to estimate the potential misstatement.
 Isolated misstatements (i.e. that are not indicative of the population)
should not be extrapolated.
 The effect of the projected misstatement (on the test objective and other
audit areas) should be considered to see if any additional work needs to
be undertaken.
Example 3 Recoverability of Receivable Balances Through

Confirmation
Population of trade receivables 800,000
Sample value 274,330
Known isolated misstatements 1,450
Reconciliation differences (cash/goods in transit) 4,678
Actual misstatements (e.g. overpricing of invoices) 4,311
Tolerable misstatement (1% of the population) 8,000

Projected misstatement (ratio method):
Reconciliation differences are not a misstatement as the receivable
balances are still collectable in full.
Known isolated misstatement = $1,450

Total potential misstatement = $13,999
Conclusion: Trade receivables may be materially overstated (as the
potential misstatement is greater than the tolerable misstatement of
$8,000).
Example 3 Recoverability of Receivable Balances Through
Confirmation
Further action: Include in material misstatements to be discussed with the

client.
Note: The client can only correct accounting records for actual
misstatements. Further investigation by management or the auditor may be
necessary to identify additional misstatements.
19.2.8 Evaluation of Results

2.8 Evaluation of Results
If projected and uncorrected anomalous misstatement exceed the tolerable

deviation/misstatement, the sampling risk should be reassessed.
2.8.1 Tests of Controls

If control risk is higher than initially assessed (i.e. controls doe not appear to be
operating effectively as expected), modify procedures. For example:
 extend sample size; or
 test alternative controls to achieve the objective; or
 extend substantive procedures.
2.8.2 Tests of Details

If maximum potential and/or most likely misstatement exceeds the tolerable
misstatement:
 request management to adjust for identified misstatements; and
 re-evaluate uncorrected misstatements.
Example 4 Evaluating the Results of a Test of Controls
Summary of deviations:
A sample size of 125 despatch notes was selected randomly based on a
pre-numbered note sequence. Block tests were carried out to confirm the
completeness of the population.
GDN ref.
No. of despatch notes not found 1 (13,685)
No. of despatch notes without invoices 4
Authorised cancellations in above (3) (17,345)

Example 4 Evaluating the Results of a Test of Controls
Actual deviations 2
Statistical sampling approach:

Deviation rate:
If the tolerable deviation rate is 1% (say), the sample size could be
extended (to at least 200).
If no further deviations were found, the deviation rate would be acceptable.
Non-statistical sampling approach (using judgment on results):
Two deviations have been discovered. Therefore the controls may not have
been effective (based on a tolerable deviation of zero). Further work should
be carried out to identify if deviations are isolated before deciding how this
affects the audit.
19.3.1 Statistical Sampling

3.1 Statistical Sampling
As defined earlier, statistical sampling involves:

 use of random sample selection; and
 probability theory to evaluate sample results and measure the sampling risk.
Statistical sampling therefore precludes the haphazard and block selection methods.
In practice, a high level of mathematical competence is required if valid conclusions are
drawn from sample evidence. When firms use statistical sampling, they draw up
complex plans that staff can operate without detailed statistical training (e.g. using
tables, graphs or computer methods).
Activity 4 Statistical Sampling
Suggest relative advantages and disadvantages of statistical sampling.

 The expense of implementation.

 Imposes more formal  Sample sizes may be "too large".
discipline to planning the  It may be time-consuming, as higher
audit of a population. levels of sample sizes are often
 Objectively determines required to evaluate misstatements.
sample sizes.  Requires extensive staff training.
 Evaluates test results  In tests of control, qualitative aspects

more precisely. of the evaluation of deviations cannot
 Quantifies sampling risk. be statistically analysed.
 Use of judgment is not
precluded but is limited to
setting objectives.
3.2 Non-statistical Sampling
Non-statistical sampling is any approach which does not fulfil all the conditions set out
in the definition of statistical sampling.
It includes non-random selection and evaluating results on a "judgment" basis.
Activity 5 Non-statistical Sampling
Suggest relative advantages and disadvantages of non-statistical sampling.

 Sample sizes may be too

 Approach (usually statistical sample small to satisfy stated
selection, but with judgmental analysis objectives.
of results) has been in use for many  Sampling risk cannot be
years and is well understood and quantified.
refined by experience.  Statistical sampling might
 It may use greater judgment and be cheaper if CAATs are
expertise. used.
 Non-random selection may be quicker  Sample sizes may be
or more cost-effective in certain unnecessarily large.
circumstances.  Personal bias in sample
 It requires no special knowledge of selection may be
statistics. unavoidable (e.g. if using
 Less expensive to apply (usually). haphazard selection)
Syllabus Coverage

D. Audit Evidence
3. Audit sampling and other means of testing
1. Define audit sampling and explain the need for sampling.
2. Identify and discuss the differences between statistical and non-statistical sampling.
3. Discuss and provide relevant examples of, the application of the basic principles of
statistical sampling and other selective testing procedures.
4. Discuss the results of statistical sampling, including consideration of whether additional
testing is required.
Technical Articles
 Audit sampling (s.2.4 and s.3)
Visual Overview
Objective: To describe the use of written representations as audit evidence.
20.1.1 Purpose
1.1 Purpose
The relevant standard is ISA 580 Written Representations.
Definitions
Written representations – a written statement by management provided

to the auditor to confirm certain matters or to support other audit evidence.
Written representations in this context do not include financial statements,
the assertions therein, or supporting books and records.
Written representations are necessary information that the auditor requires in

connection with the audit of the financial statements.
Many representations relate to areas of the audit which are subjective and depend on
management's responsibilities, judgement and actions (or lack thereof).
Although written representations provide necessary audit evidence, they do not provide
sufficient appropriate audit evidence for any of the matters they deal with, but assist in
reducing residual risk to an acceptable level.
The fact that management has provided reliable written representations does not affect
the nature or extent of other audit evidence that the auditor obtains about the fulfilment
of management's responsibilities or specific assertions.
Key Point

 To obtain written representations from management (and, where appropriate,
TCWG) that they believe they have fulfilled their responsibility for preparing
the financial statements and for the completeness of information provided to
the auditor.
 To support other audit evidence relevant to the financial statements (or
specific assertions therein) through written representations if determined
necessary by the auditor (or required by other ISAs).
 To respond appropriately if management or TCWG do not provide the written
representations requested by the auditor.
20.1.2 Procedure for Obtaining

1.2 Procedure for Obtaining
Written representations are provided to the auditor in a management representation

letter.
 The auditor prepares the written representations which are then printed on the
client's letterhead for signature by the client.
 The letter should be signed by the members of management responsible for the
financial statements and knowledgeable about the matters contained in the letter
(e.g. by the chief executive officer on behalf of the board of directors).
 Written representations should cover all the financial statements and period(s)
referred to in the auditor's report.
Key Point
The date of the written representations should be as near as practicable to,

but not later than, the date of the auditor's report. After the date of the
auditor's report would be too late to be audit evidence.
20.2.1 Circumstances Where Necessary

2.1 Circumstances Where Necessary
20.2.2 Essential Representations

2.2 Essential Representations
Evidence of the following should be obtained:

 Management's acknowledgement of its responsibility for the preparation of the
financial statements (including fair presentation) in accordance with the applicable
financial reporting framework.
 Management has provided the auditor with all relevant information (including
answers to auditor enquiries) and access (e.g. to books, records and personnel) as
agreed in the terms of the audit engagement.
 All transactions have been recorded and are reflected in the financial statements.
These representations should be framed the same way they are phrased in the
engagement letter (see Chapter 5).
20.2.3 Other Representations

2.3 Other Representations
Many ISAs require the auditor to obtain specific written representations. The auditor
may also consider it necessary to request written representations to support the audit
evidence already obtained and any oral representations made by management.
Where representations are made by management during the audit (which are material
to the financial statements), the auditor should:
 seek corroborative evidence (this implies an expectation that it should be available);
 evaluate reasonableness/consistency against other evidence available; and
 consider whether individuals making representations can be expected to be
adequately informed on the particular matters.
Where representations are material to the financial statements and other sufficient
appropriate audit evidence does not or cannot reasonably be expected to exist, such
representations should be obtained in writing from management. Confirming oral
representations in writing reduces the risk of misunderstanding.
20.2.4 Specific Instances

2.4 Specific Instances
In specific circumstances, written representations may be the only audit evidence which
can reasonably be expected to be available (e.g. management's intention to settle a
legal claim out of court).
In areas of the audit which are susceptible to understatement (e.g. liabilities, income,
disclosures), written representations state that management is not aware of any
understatement or non-disclosures. Although such matters will be audited, there always
will be a residual risk because of the nature of understatement.
If a management representation is contradicted by other audit evidence, the matter
should be investigated (and the reliability of other representations reconsidered if
necessary). Such inconsistency creates doubt and must be resolved.
Exam advice
In a question calling for audit work/procedures/tests, it may be appropriate

to refer to "obtain written representation" (especially if accounting estimates
are involved). But be specific, for example:
"Ask the directors to provide a written representation that they are not
aware of any legal claims against the company other than those disclosed
in the financial statements."
Do not throw in "obtain written/management representation" for good
measure. Suggesting it as either a substitute for "better" evidence or as an
unnecessary extra item of evidence will not earn any marks.
20.3.1 Reliability of Representations
3.1 Reliability of Representations
If there are inconsistencies between one or more representations and audit evidence
obtained from another source, the auditor should reconsider the initial risk assessment.
This may require further audit procedures to be carried out.
If there are concerns about management’s competence, integrity, ethical values or
diligence (or its commitment to or enforcement of these), the auditor must consider the
reliability of representations (oral or written) and audit evidence in general. This may
mean that the auditor decides to issue a modified opinion or, in extreme cases, resign (if
allowed to by law).
The nature of the modification will depend on the particular circumstances. However, if
the risk of management misrepresentation in the financial statements is considered
high, a disclaimer of opinion may be appropriate.
20.3.2 Management's Responsibilities

3.2 Management's Responsibilities
If there are significant doubts about the reliability of management's representations

about management's responsibilities, the auditor will be unable to obtain sufficient
appropriate audit evidence. This would lead to the auditor disclaiming an opinion in the
auditor's report as the doubts would be pervasive to the financial statements. Audit
opinions are explained in Chapter 30.
3.3 Refusal by Management to Provide Representations
Where management refuses to provide representations concerning its responsibilities,

the auditor will be unable to obtain sufficient appropriate audit evidence. As above, this
could lead to the auditor disclaiming an audit opinion.
If management refuses to provide any representations requested by the auditor or
wishes to modify a representation, the auditor should consider:
 Discussing the matter with management and TCWG;
 Re-evaluating management’s integrity and the effect this may have on the reliability
of representations (oral or written) and audit evidence in general; and
 If there is no satisfactory solution, consider the implications for the auditor's report.
Where management has not complied with a particular requirement of the applicable
reporting framework, the auditor may require this to be stated in the written
representations. In doing so, the representation states the facts and can therefore be
considered reliable. The auditor will, of course, need to consider the implications for the
auditor's report because of the non-compliance with that reporting requirement.
4.1 Illustrative Letter
The following Exhibit provides typical examples of representations. Note that the
references to ISAs would not be included in the letter; they are provided for reference.
Exhibit 1 Written Representations
(Entity Letterhead)
(To Auditor) (Date – must not be after the date of auditor's report)
This representation letter is provided in connection with your audit of the
financial statements of ABC Company for the year ended 31 December
20XX, for the purpose of expressing an opinion as to whether the financial
statements are presented fairly, in all material respects (or give a true and
fair view), in accordance with International Financial Reporting Standards.
We confirm that (to the best of our knowledge and belief, having made
such inquiries as we considered necessary for the purpose of appropriately
informing ourselves):
 We have fulfilled our responsibilities, as set out in the terms of the audit
engagement dated [insert date], for the preparation of the financial
statements in accordance with International Financial Reporting
Standards; in particular the financial statements are fairly presented (or
give a true and fair view) in accordance therewith.
 The methods, the data and the significant assumptions used by us in
making accounting estimates and their related disclosures are
appropriate to achieve recognition measurement or disclosure that is
reasonable in the context of the applicable financial reporting
framework. (ISA 540 Auditing Accounting Estimates and Related
Disclosures)
 All events subsequent to the date of the financial statements that
require adjustment or disclosure under IFRS have been adjusted or
disclosed. (ISA 560 Subsequent Events)
 The effects of uncorrected misstatements are immaterial, both
individually and in the aggregate, to the financial statements as a whole.
A list of the uncorrected misstatements is attached to the representation
letter. (ISA 450 Evaluation of Misstatements Identified During the Audit)
 [Any other matters which the auditor may consider appropriate. For
example:
 The selection and application of accounting policies are appropriate.
 Classification of assets and liabilities are appropriate.
 Plans or intentions which may affect the carrying amount or
classification of assets and liabilities.
Exhibit 1 Written Representations
 Recognition, measurement and disclosure of all liabilities, both actual

and contingent.
 Title to, or control over, assets, and assets pledged as security.
 Aspects of laws, regulations and contractual agreements which may
affect the financial statements, including non-compliance.]
Information Provided
 We have provided you with:
o Access to all information of which we are aware that is
relevant to the preparation of the financial statements, such as
records, documentation and other matters;
o Additional information that you have requested from us for the
purpose of the audit; and
o Unrestricted access to persons in the entity from whom you
determined it necessary to obtain audit evidence.
 All transactions have been recorded in the accounting records and are
reflected in the financial statements.
 We have disclosed to you the results of our assessment of the risk that
the financial statements may be materially misstated as a result of
fraud. (ISA 240 The Auditor’s Responsibilities Relating to Fraud in an
Audit of Financial Statements)
 We have disclosed to you all information in relation to fraud or
suspected fraud that we are aware of and that affects the entity and
involves:
o Management;
o Employees who have significant roles in internal control; or
o Others where the fraud could have a material effect on the
financial statements. (ISA 240)
 We have disclosed to you all information in relation to allegations of
fraud, or suspected fraud, affecting the entity's financial statements
communicated by employees, former employees, analysts, regulators
or others. (ISA 240)
 We have disclosed to you all known instances of non-compliance or
suspected non-compliance with laws and regulations whose effects
should be considered when preparing financial statements. (ISA 250
Consideration of Laws and Regulations in an Audit of Financial
Statements)
 [Any other matters that the auditor may consider necessary (e.g.
communication to the auditor of all deficiencies in internal control of
which management is aware).]
Management________(CEO and CFO on behalf of the board or the board
as a whole).
Management________
If the CEO and CFO sign the letter, the auditor should ensure that the board, as a
whole, is aware of the contents (e.g. minuted and discussed at a board meeting).
Syllabus Coverage
E. Review and Reporting

3. Written representations
1. Explain the purpose of and procedure for obtaining written representations.
2. Discuss the quality and reliability of written representations as audit evidence.
3. Discuss the circumstances where written representations are necessary and the matters on
which representations are commonly obtained.
Technical Articles
to this chapter.

Visual Overview
Objective: To explain the use of automated tools and techniques in the context of an
audit.
21.1.1 Auditing around v through the Computer
1.1 Auditing around v through the Computer
* Auditing around the computer (the "black box" approach) is not concerned with
programs and processes in the computer.
1.2 Small Computer Installations
Features Consequences
 Less reliance on the system of internal

control.
 Greater emphasis on tests of details of
 Lower level of transactions and balances and analytical
general (IT) procedures.
controls.  Increased effectiveness of audit software.
 Smaller volumes of
data.  Manual methods may be more cost-effective.
 Lack of technical
assistance in the
entity.  Use of CAATs may be impracticable.
 Certain package  Restricted choice of CAATs.

programs may not  Client data files may be copied and processed
operate. on another computer using appropriate
software (e.g. database management
system).
2.1 Use in an Audit
Definition
Computer-assisted audit techniques (CAATs) – computer applications

of audit procedures.
Traditional CAATs are the forerunner of big data analytics (see s.5).
2.1.1 Tests of Controls

By definition, CAATs used in tests of controls can only be applied to programmed
controls.

CAATs may enable more extensive testing of electronic transactions and account files.
For example:
 to select sample transactions from key electronic files;
 to sort transactions with specific characteristics; or
 to test an entire population instead of a sample.
21.2.2 Considerations Affecting Use

2.2 Considerations Affecting Use
Consequences
Matters
 IT skills, expertise and  Must be sufficient to plan, execute and use

experience of the auditor. results of CAAT adopted.
 Use of CAATs may be uneconomical or

impractical (e.g. if the auditor's package
program and client computer are
incompatible).
 Auditor may download data and use own
laptop.
 Availability of CAATs and  Client's staff may be required to cooperate
suitable computer and assist. Internal audit may use "24/7"
facilities. facilities.
 Impracticability of manual
tests if no visible
evidence is available.  See Activity 1.
 Execution (e.g. selecting a sample, analytical

procedure) is quicker than manual equivalent.
 Effectiveness and  Design and printing of forms (e.g. for
efficiency. confirmations), mail merge facilities, etc.
 Certain transaction data may need to be

retained for audit purposes or the CAAT used
in the short time when such data are
 Timing. available. 24/7 may be available.
Activity 1 No Visible Evidence
The following is a simplified representation of the main elements of a computerised

system:
Required:
Suggest an example of a lack of visible evidence relating to each of the following:

a. Input/initiation;
b. Processing;
c. Output.
a. Input/initiation;
There will be no visible evidence of authorisation of individual transactions where:
 Sales orders are entered online or by voice-activated input;
 Discounts and interest calculations are generated by computer program.
b. Processing;
Some aspects of processing may only be visible when reported on an “exception”
basis, for example, where the computer program:
 Matches delivery notes and suppliers' invoices;
 Checks customer credit limits.
c. Output.
 Output reports may not be produced.
 Printed report may contain only summary totals.
21.2.3 General Advantages

2.3 General Advantages
 Enable the auditor to test program/information processing controls. If CAATs were

not used, those (non-manual) controls could not be tested.
 Enable the auditor to test a greater number of items (e.g. 100%) quickly and
accurately. This will also increase the overall confidence in conclusions on which the
audit opinion is based.
 Allow effective and efficient in-depth data analysis for analytical procedures including
trend analysis. Dealing with such data would not be a practical option if approached
manually.
 Are an effective and efficient means of testing where the systems are fully integrated
(e.g. data files and processes can easily be compared).
 Allow the auditor to directly test the accounting system (program functions) and
records (raw data) rather than printouts, which are only a copy of those records and
could be incorrect.
 Are cost-effective after initial set up, as long as the company does not change its
systems.
 Allow the results from using CAATs to be compared with "traditional" testing; if the
two sources of evidence agree, this will increase overall audit confidence.
21.2.4 General Difficulties

2.4 General Difficulties
 Substantial setup costs are likely to be incurred in developing bespoke CAATs and
testing them. (However, once established, providing the client's system does not
change, they can be reused with only the parameters changed.)
 Standard audit software may not be available for the client’s specific systems,
especially if those systems are bespoke. The cost of writing audit software to test
those systems may be difficult to justify against the possible benefits to the audit. In
most cases specific customised interrogation programmes will have been written as
part of the system (e.g. for use by internal audit). The external auditor will need to
assess the usefulness of such systems for audit purposes. In addition, provided that
the data held in the system can be exported (e.g. into Excel or Access format), they
can be interrogated on the auditor's laptops.
 The software may produce too much output due to either poor design or using
inappropriate parameters on a test. The auditor may waste considerable time
checking what appear to be transactions with errors when the fault is actually in the
audit software.
 When checking the client's files in a live situation, there is a danger that the audit
program may disrupt the client's systems or data. Any changes made during testing
must be reversed and removed from history files (otherwise they will appear in data
printouts).
 Although program and data files can be used offline, it is essential to ensure that
they are true copies of the live files.
Example 1 CAAT Procedures
Theresa is using CAATs for the audit of Plagar Co. As Plagar Co’s financial
system is mainly software-based with integrated controls, CAATs have
been deemed necessary, more efficient, and more effective and obtaining
sufficient appropriate audit evidence.
Theresa’s audit software allows for integrated audit procedures with Plagar
Co’s financial software, which has audit plug-ins designed to enable audit
procedures to be done directly to held financial data.
Some of the CAAT procedures Theresa performs are:
1. Validate system logs and audit trails to expedite the tests of controls on
transactions and account balances.
2. Perform tests of details directly on the financial information and account
balances directly, on sample sizes close to 100%.
3. Expedite evaluation of the need for additional audit procedures through
the assessment reports produced by the audit software.
4. The integrated audit module allows for testing within the computer to
ensure the financial systems are executing transactions and tasks as
expected.
5. Automated performance of analytical procedures on account balances
and transactions.
6. Automatic flagging of any control/authorisation failures for transactions
that have been reviewed.
7. Compilation of potential adjustments and their effect on financial
statements into a report for discussion with management.
21.3.1 Description
3.1 Description
Definition
Test data – data (valid and invalid) generated by the auditor and
processed through the client's system to enable the auditor to assess the
effectiveness of programmed controls.
The objective of test data is to ensure that the controls in the system are operating as
intended. If this is the case, valid data should be correctly processed, and errors (invalid
data) should be captured and rejected. Consequently, test data should contain data of
both a valid and invalid nature.
The test data may be:
 selected from previously processed transactions; or
 created specifically by the auditor.
It may be processed during:
 a normal production run ("live" test data); or
 a special run at a point in time outside the normal cycle ("dead" test data).
It may use:
 live units (e.g. actual clients, suppliers, employees, etc); or
 "dummy" units against which the auditor's test data transactions are processed in a
routine in the client's accounting system.
21.3.2 Process
3.2 Process
The auditor must understand how the system operates and the application/programmed
control environment. Initially, the auditor must test that the system processes data as
intended. Valid data entered into the system should be correctly processed, updating
controls and balances.
Using a sales system as an illustration (see Example 2 below) the process will be to:
 establish a dummy customer profile;
 identify current control balances;
 prepare valid test data;
 enter valid test data;
 review reports; and
 reverse/remove test data.
Example 2 Sales System
Establish a dummy customer profile:

 Set up name, address, discounts, credit limit, current balance and transaction
history on the system (or select a live client for testing).
 Ensure that the system being used is the actual client system (or an exact
duplicate if the live system cannot be accessed).
Identify current control balances:
 To include trade receivables account, sales tax and list of individual customers
balances.
Prepare valid test data:
 This will include the details of items to be ordered (part number, quantity,
value, total net value, sales tax and total gross value).
 Identify the documentation and new balances expected to be produced by the
system (e.g. credit check, goods despatch note, sales invoice, changes in
trade receivables, sales, sales tax, list of balances).
Enter valid test data:
 Enter the data and compare the results with what was expected: this includes
inspecting documentation produced (despatch notes, sales invoices) and
verifying that balances have been correctly updated.
 If agreed, the system is operating as expected. If not agreed, the reason(s)
why must be established.
 With Web-based systems, the data entry will be via the client website. The
auditor should enter the data as a customer and agree that the appropriate
data are correctly processed and stored.
Review reports:
 Produce all reports (e.g. daily sales) that are necessarily produced by the
system to ensure the test data are reflected in them.
Reverse/remove test data:
 It is critical to ensure that all test data (dummy units, sales etc.) is completely
removed from the client systems.
If correct data is input and processed by the system, many of the information processing
controls designed to prevent errors will not have been tested.
Therefore, in understanding the system, the auditor must identify the information
processing controls in operation and what they are designed to do. Each control must
be tested or "error-trapped" (i.e. input false data for the control to identify as invalid and
reject). These tests could be incorporated in the auditor's walk-through procedures to
understand the system (and the design and implementation of controls).
Activity 2 Error-Trapping
Describe the forms of test data that could be entered into a system to error-trap
information processing controls.
 Invalid user names and passwords (e.g. for changing standing data).
 Data outside of a specified accepted range (e.g. age, units ordered, delivery date).
 Incorrect customer codes, product codes (incorrect format and non-existent).
 Incorrect dates (e.g. 31 February).
 Negative numbers.
 Quantity in excess of inventory held.
 Sales values in excess of credit limits.
 Incomplete data.
 Incorrect payment details (e.g. credit card code when payment is required online before
delivery).
The above examples should result in error messages and/or error reports. The system
should not be able to "go to the nearest" and complete the process (e.g. the nearest
product code or a default substitute).
21.3.3 Precautions
3.3 Precautions
Generally, when using test data:

 Test data should be run "live" if possible. If not possible, it is necessary to ensure
that the programs used are identical to or are the actual programs used by the client.
 Any fictitious items included as test data must be retrieved/eliminated from files
before the client uses those files in normal processing.
 If test data is run "dead", there must be adequate computer time available and the
special run required must not prove unduly expensive.
 Since controls are being tested, all discrepancies between predicted and actual
results must be resolved and documented, regardless of the monetary amounts
involved.
21.3.4 Advantages and Disadvantages

3.4 Advantages and Disadvantages
3.4.1 Advantages
 Provides direct evidence on the effectiveness of application program controls.
 Testing the correct functioning of programmed controls is essential for large volumes of
transactions.
3.4.2 Disadvantages
 Associated time and cost of ascertaining which controls to be tested, constructing test data
and predetermining the results manually. (However, once set up, the ongoing cost of use is
minimal – until controls change.)
 Live testing is risky, but the alternative involves more time and cost.
 Tests only controls (and it may be difficult to test all control activities).
21.4.1 Description
4.1 Description
Definition
Audit software – software ("computer audit programmes") specially

designed for audit purposes. It is used to process and analyse the client's
data independently of the client's program, to verify the system's accuracy.
Audit software is effectively a database management system (DBMS) used for
reperformance tests and analysis and reanalysis of information. It can be:
 Off-the-shelf;
 Bespoke; or
 Embedded.
4.2 Off-the-Shelf
Packaged programs are designed to:

 read and compare computer files;
 select and analyse data;
 perform calculations and analytical reviews;
 print reports in a format specified by the auditor; and
 create data files for export to other programs (e.g. mail merge).
4.2.1 Advantages 4.2.2 Disadvantages
 Relatively inexpensive and
generally easy to use.
 Independent of client's  Requires auditing after the client has
programmes and personnel. processed data rather than while the data
 It can run on a variety of is processed.
systems.  May not have all the capabilities the
 Limited IT experience and auditor needs for specific clients.
programming skills are  It cannot examine items that are not in
required. machine-readable form.
21.4.3 Bespoke
4.3 Bespoke
Bespoke audit software is purpose-written to perform general and specific tasks

required by the audit methodology and procedures.
Bespoke programs may be necessary when a client's computer system is not
compatible with an off-the-shelf program or when the auditor wants to perform tests that
are not possible with an off-the-shelf program.
Bespoke programs are proprietary to the audit firm and therefore good economies of
scale are required to make the development cost-effective.

 Expensive to develop (i.e. high set-up
cost). It may require a long development
time and may be difficult and costly to
 Provided data can be modify if client systems change.
imported, these programs can  Enquiry programmes may be too
be used across various elaborate, making a review of findings
system platforms. expensive.
 It can be tailored to the  Requires auditing after the client has
auditor's methodology and processed data rather than while the data
specific client requirements. is processed.
21.4.4 Embedded
4.4 Embedded
Audit routines are built into the client's application software also known as resident
audit software.
Embedded audit facilities (EAFs) can have similar functionality to bespoke systems (e.g.
designed to meet internal audit requirements) or have specialist functionality. For
example:
 Snapshots: routines are embedded at different points in the processing logic to
capture images of the transaction through the various stages of processing. The
technique allows the auditor to track data and evaluate the computer processes
applied to it.
 System Control Audit Review File (SCARF) provides continuous monitoring of
transactions. Information is saved to a computer file for the auditor to examine.
 Tagging: Transactions that meet parameters set by the auditor are recorded for
subsequent audit review.
EAFs can be used in historical or real-time (24/7) auditing. Real-time systems are
commonly used where an independent party requires 24/7 assurance.
 Provides continuous
monitoring in real time.
 Audit work is more timely as it
allows the auditor to perform
tests while the client is
processing the data.
 Surprise test capability as
client's users are unaware of
the evidence when it is  It may require the auditor to have
collected. had access to the clients' systems
 It can be used when the audit to develop the embedded audit
trail is less visible and the module.
costs of errors or fraud are  Requires clients to have relatively
high. stable application systems.
4.5 Uses
Whatever can be done with data in a DBMS (e.g. access) can also be done with audit
software. Audit software can also replace repetitive, manual audit tasks such as
selecting, analysing and sorting data.
Activity 3 Audit Software
Briefly describe EIGHT uses of audit software.

 Selecting a sample of records from a file for audit testing (e.g. random selection of goods
despatched notes or selection of all inventory items valued over a certain amount).
 Printing out transactions or balances over a specified amount (e.g. invoices, inventory items
or accounts receivable) for investigation.
 Checking computations and calculations by re-performance, for example:
o agreeing the accuracy of an aged-debtor listing or stratification of an inventory
file;
o recalculating depreciation expense;
o recalculating interest expense.
 Confirming information processing controls (e.g. when testing input controls over
completeness, a computer audit program can identify any missing items from a sequence).
 Reorganising data into a form for audit use (e.g. sorting a file of purchases grouped by
product into a file grouped by supplier and product for a year-end cut-off test).
 Comparing two or more different files (e.g. sales invoices with the list of individual customers
to ensure that all invoices have been posted, or comparing inventory held at two different
dates).
 Recalculating closing balances, extracting balances (e.g. receivables listing).
 Re-performing allocation of invoices, payments, journals etc.
 Identifying duplicate suppliers and/or employees (and/or duplicate addresses) which may be
a source of possible error or fraud.
 Selecting exceptions (e.g. invoices approved on a national holiday, credit limits exceeded,
excess overtime, payments above a set limit).
 Identifying missing data fields (e.g. references not obtained for new customers or
employees).
 Conducting analytical procedures, statistical data analysis and data-mining.
21.4.6 Precautions
4.6 Precautions
Generally, when using audit software:

 Client's data must not be corrupted or damaged.
 Data used for testing must be complete and accurate and identical to, if not the
same as, files currently used by the client.
 Audit software must be updated for developments in the client's applications.
Exam advice
Assume systems to be computer-based unless told otherwise.

For example, if required to explain the various tests to be carried out in
tracing a transaction through a system, explain each test accordingly (e.g.
select x items from File A and agree transfer of data to File B for
completeness and accuracy). THEN state that as the system is
computerised, audit software could be used to carry out completeness,
comparison and reconciliation tests to ensure all items in File A transferred
to File B (or to identify items in File A not correctly transferred to File B).
Avoid leaping straight in with "use CAATs" as an answer unless the
question specifically asks you to explain the use of CAATs.
This approach demonstrates that you know what the tests are about (and
answers the requirements). As it is computer-based, you understand how
CAATs could be used efficiently and effectively to achieve the objective.
21.5.1 Big Data

5.1 Big Data
Big data refers to the dynamic, large and disparate volumes of data created by people,
tools and machines. It is typically characterised by the “five Vs”:
 Volume: The amount of data created is vast; more than can easily be handled by a
single computer, spreadsheet or conventional database management system.
 Variety: Non-uniform data, from internal and external sources, much of which is
unstructured, is created by machines and people.
 Velocity: Data arrives continually and must be processed quickly to yield useful
results.
 Veracity: Given its numerous sources, its accuracy and quality must be validated
and verified.
 Value: The benefit obtained from capturing and processing big data must exceed the
cost of obtaining it.
21.5.2 Data Analytics (DA)

5.2 Data Analytics (DA)
Definition
Data analytics – the science of examining raw data to draw insights from
it.
When used to obtain audit evidence, DA is the science and art of:
 discovering and analysing patterns, deviations and inconsistencies;
 and extracting other useful information;
 through analysis, modelling and visualisation;
 to plan or perform the audit.
21.5.3 Audit Applications

5.3 Audit Applications
Examples of audit applications of data analytics include the following:

 Analytical procedures: Preliminary analysis of all transactions during a set period:
o Provides additional insight into the nature of business activities;
o Can identify trends and anomalies that may indicate potential risk areas
and concerns that require specific audit focus.
 Tests of controls: Examination of 100% of transactions to determine whether:
o Each transaction appears to comply with a specific control rule;
o There is an indication of activities occurring for which no control has been
implemented.
 Substantive procedures: Analysis of transactions (or a statistical sample) to
determine whether they are complete, valid and accurate.
 Fraud detection: Analysis of transactions to identify fraud indicators.
 General analysis and communication: The application of analytics to identify
anomalies in business processes or transactions and communicate
recommendations to management.
21.5.4 Benefits
5.4 Benefits
 Productivity and cost savings:

o Ability to deliver considerably more with current staff levels or reduce audit staff
requirements;
o Travel is limited to locations where needed (e.g. identification of apparent control
problems).
 Audit quality is enhanced as far more extensive audit procedures are performed.
 Professional scepticism and judgment are improved as the auditor has a more robust
understanding of the entity and its environment.
 Reduced audit risk, as entire populations can be subjected to broad ranges of test
procedures and 100% testing increases confidence in audit procedures.
 Capabilities for independent data access and analysis increase auditor independence.
 Continuous auditing and monitoring techniques provide ongoing automated analysis
highlighting the areas of greatest risk and audit concern. Results can be immediately
provided to management to identify areas requiring investigation and response.
Activity 4 Limitations of Data Analytics
Suggest FOUR limitations that auditors need to be aware of in using data analytics.
 Analysis of data that is not relevant to the audit, is not well controlled, is unreliable, or its
source is not well understood could have negative consequences for audit quality.
 Analysis of relevant and reliable data provides valuable insights but does not provide
everything the auditor needs to know.
 100% testing still only provides reasonable assurance.
 The need for professional judgment (e.g. in assessing accounting estimates and qualitative
disclosures) cannot be replaced.
 Risk of overconfidence in technology where results are not infallible.
Syllabus Coverage
D. Audit Evidence
5. Automated tools and techniques
1. Explain the use of automated tools and techniques in the context of an audit, including the
use of audit software, test data and other data analytics tools.
2. Discuss and provide relevant examples of automated tools and techniques including test
data, audit software and other data analytics tools.
Technical Articles
 Auditing in a computer-based environment (s.3 and s.4)
 Specific aspects of auditing in a computer-based environment (s.3 and s.4)

Visual Overview
Objective: To determine risk areas in tangible non-current assets and describe the
procedures necessary to obtain appropriate audit evidence that non-current assets are
not materially misstated.
22.1.0 Introduction
1.0 Introduction
Definition
Asset – a present economic resource controlled by the entity due to past

events.
Non-current means that the asset is not working capital and is not routinely traded but
used to generate revenues and is expected to remain in the business for at least 12
months after the reporting period.
22.1.1 General Risks

1.1 Audit Risks
Risks that should generally be considered in the audit of tangible non-current assets
(i.e. property, plant and equipment) include the following:
 Recorded non-current assets will be overstated if expenses that should be charged to profit
or loss are misclassified as asset expenditure. (Conversely, non-current assets will be
understated if asset expenditure is expensed to profit or loss.).
 Non-current assets will be overstated if they do not exist (e.g. have been sold), have been
impaired or are not generally in good condition.
 Non-current assets may be purchased, misappropriated, used for non-business purposes
(e.g. sole use in a director's private life), sold or scrapped without appropriate authorisation.
 Obsolete and idle assets may not be written down to a realistic valuation (i.e. recoverable
amount).
 Assets may not be depreciated (at all) or depreciated over unrealistic lives or continue to be
depreciated when already fully depreciated.
 Secured assets (e.g. those charged as security for bank loans) may not be disclosed in the
Activity 1 Classification of Expenditure
Explain under what circumstances expenditure on an item of property, plant and

equipment would be classified as asset expenditure and when it should be expensed to
profit or loss.
 Any expenditure on an item of property, plant and equipment that meets the definition of an
asset (i.e. can generate future economic benefit or reduce future costs related to that asset)
should be classified as asset expenditure and added to the carrying amount of the item.
 Examples would include expenditure that extends the useful life of the item and expenditure
that enables the item to be used more effectively and generate additional revenue or reduce
maintenance and production costs.
 When asset expenditure is added to the carrying amount of an item, the new carrying
amount cannot exceed the economic value/recoverable amount. Any excess must be
expensed to profit or loss.
 Other expenditure (e.g. maintenance and repairs) to ensure that the item can generate its
expected future economic benefit (e.g. to complete its expected useful life) must be
expensed to profit or loss as incurred.
22.1.2 Assertions
1.2 Assertions
Audit considerations for the main assertions that are specific to property, plant and
equipment include the following (”CARE”):
1.2.1 Completeness
Assets accounts may be incomplete (i.e. understated in the financial statements) if:
 Asset expenditure is posted to an expense account in error;
 Disposals are not recorded (i.e. the asset is not derecognised).
1.2.2 Accuracy, Valuation and Allocation

 The depreciable amount of all non-current assets must be depreciated each year and
expensed to profit or loss.
 If revalued, the revalued amount must be verifiable (e.g. a market value or expert valuation).
Any revaluation gain must be correctly accounted for and the surplus recognised in the
statement of changes in equity (IAS 16 Property, Plant and Equipment).
 If there are indicators of impairment (e.g. damaged assets, assets not in use, reduced
capacity of production, adverse change in market conditions), impaired assets must be
written down to recoverable amount.
 The cost of self-constructed assets should include relevant overheads as well as materials
and labour costs.
1.2.3 Rights (Control)

 Physical possession is evidence of control but is not conclusive evidence of ownership.
 Control without ownership may signify a liability (e.g. a lease liability for a leased asset).
 Assets may be owned but not possessed (e.g. if they are leased to another party).
1.2.4 Existence
 Recorded assets will be overstated if they do not exist (e.g. if stolen or scrapped without
authorisation).
 Overstatement will also arise if disposals of assets have not been recorded.
22.1.3 Sources of Evidence

1.3 Sources of Evidence
Sources of audit evidence were covered earlier, in Chapter 15 section 1.
Activity 2 Non-current Asset Register
List the information you would expect to find in a tangible non-current asset register.
 Identification number (e.g. registration/serial number).
 Description and manufacturer's name.
 Gross cost or valuation.
 Estimated useful life.
 Depreciation method/annual charge.
 Depreciation provision.
 Carrying amount.
 Location of the asset.
1.4 Substantive Procedures
1.4.1 Property, Plant and Equipment

The following is an example of a typical lead schedule, which would also include
accounting policies and depreciation rates:
Land and Plant and Motor Railway
buildings equipment vehicles trucks Total
Cost or
revaluation $ $ $ $ $
1 January
20X2 100,000 875,000 1,500,000 500,000 2,975,000
Revaluation 20,000 20,000
Additions 10,000 125,000 525,000 995,000 1,655,000
Disposals – (100,000) (325,000) – (425,000)
31 December
20X2 130,000 900,000 1,700,000 1,495,000 4,225,000
Depreciation
1 January
20X2 60,000 550,000 750,000 200,000 1,560,000
Revaluation (5,000) (5,000)
Charge 2,000 180,000 425,000 199,000 806,000

Disposals – (80,000) (325,000) – (405,000)
31 December
20X2 57,000 650,000 850,000 399,000 1,956,000
Carrying amount
31 December
20X2 73,000 250,000 850,000 1,096,000 2,269,000
Carrying amount
31 December
20X1 40,000 325,000 750,000 300,000 1,415,000
Key point
For all audit areas (not only non-current assets):

 Recast all clients’ schedules and agree (if appropriate) balances to the general
ledger, trial balance and financial statements, including necessary disclosure
analysis (use disclosure checklist).
 Agree opening balance/comparatives to prior year's financial statements,
general ledger and current year financial statements.
 Agree accounting policies with previous years and consider whether they are
still appropriate.
1.4.2 Additions
 Obtain the list of additions from the client (or extract it from the asset register).
 For appropriate sample (e.g. all material items):
o agree to delivery received confirmation and purchase invoice (completeness and
occurrence)
o agree value, treatment of sales tax, description and account allocation to
purchase invoice ensuring the invoice is addressed to the entity and arithmetically
correct (accuracy, classification);
o if self-constructed, obtain cost analysis for materials, labour and appropriate
overheads. Agree material to purchase invoices, agree labour to time records, agree
overheads as reasonable and to supporting documents (completeness, occurrence,
classification);
o agree correctly posted to asset register (completeness).
 Review expense accounts for possible mis-postings (e.g. repairs and maintenance) to
ensure that asset expenditure has not been expensed to profit or loss (completeness,
classification).
 Review non-current asset purchases shortly before and after the year end for recording in
the proper period (cut–off).
The cut-off assertion is explained in more detail in the next chapter in relation to
inventory.
1.4.3 Revaluations
For each class of property, plant and equipment, the revaluation model is an accounting
policy choice for measurement subsequent to initial recognition (IAS 16). It is most
commonly chosen for land and/or buildings.
 Assess whether assets should have been revalued during the year (e.g. if there is high
property inflation) (valuation and allocation).
 Recalculate revaluation gains (and losses) (accuracy).
 Where an asset has been revalued, confirm that requirements of IAS 16 have been applied
(e.g. all assets in the same class also revalued).
 Apply audit procedure relevant to reliance on management's expert (accuracy, valuation and
allocation).
1.4.4 Rights
 Inspect evidence of control or ownership for material assets, for example:
o property title deeds (may be held as security by the bank);
o vehicle registration documents;
o "put into use" certificates;
o lease agreements.
1.4.5 Existence
 For appropriate sample (e.g. material items), inspect each asset and note if damaged or
obsolete (existence, rights, valuation). The asset register is usually used to select the
sample, provided it is independently maintained from the general ledger.
 If the asset is not accessible (e.g. container on a boat, lorry travelling across Europe)
inspect other documentary evidence for proof of existence (e.g. GPS location if used by the
company, licence, insurance, fuel costs, maintenance, contracts of hire/use by customers).
 Consider conducting asset inspection at year-end during inventory observation to improve
audit efficiency.
1.4.6 Disposals
 Obtain the list of disposals or identify them from the general ledger and asset register.
Disposal testing relates to the existence of non–current assets and the completeness of the
recording of disposals.
 Incorporate testing of disposals into the existence test:
o Select items for inspection from opening balances and additions in the year.
o If an asset cannot be found, check that it is on the list of disposals or was
disposed of after the year–end (inspect evidence of such sales).
o If an asset is not on the list of disposals, make enquiries of management.
 For material disposals, verify:
o Extraction from records;
o Authorisation to dispose of;
o Proceeds received and banked;
o Write–off of accumulated depreciation;
o Recording of profit or loss on disposal.
 Profit or loss on disposal is tested through recalculation by comparing the proceeds received
(if any) to the asset’s carrying amount at the time of disposal.
1.4.7 Depreciation
Definitions
Depreciation – the systematic allocation of the depreciable amount of an

asset over its useful life.
Depreciable amount – the cost of an asset, or other amount substituted
for cost (i.e. revalued amount), less its residual value.
Depreciation is an example of an accounting estimate (see Chapter 17).
 Confirm that depreciation has been systematically applied to all depreciable assets including
additions to reflect consumption of economic benefits (completeness).
 Confirm that no assets have a negative carrying amount (accuracy, valuation) as the
depreciation of an asset ceases when it is "fully written down".
 Confirm that assets disposed of have been depreciated, or not, following the accounting
policy (e.g. no depreciation in the year of disposal or monthly until the date of disposal).
 For assets revalued, confirm the correct treatment of accumulated depreciation and that the
charge for the year reflects the revalued amount (accuracy, valuation, allocation).
 Recalculate depreciation on material assets and that entries have been made appropriately
in the records (accuracy, valuation).
 Review rates applied against asset lives, replacement policy and experience of gains/losses
on disposal (valuation).
Key Point
Analytical procedures which could be used to test depreciation (accuracy,

valuation, allocation) include:
 Reasonable tests (e.g. reconciling current year's charge to prior year's as
adjusted for additions, disposals and revaluations in the current year);
 Comparison of ratios of depreciation expense to the related depreciable asset
accounts with prior year ratios.
1.4.8 Impairment
 Obtain a schedule of impaired assets and confirm that potentially impaired assets identified
during a physical inspection are included (valuation).
 Agree management's estimate of recoverable amount (e.g. net disposal proceeds if
replaced after the reporting date).
1.4.9 Disclosure Requirements (IAS 16)

 Accounting policy, measurement basis used, useful lives or depreciation rates (for each
asset category).
 Gross carrying amount and accumulated depreciation at beginning and end of year and
reconciliation showing additions, revaluations, disposals, depreciation for the year (see lead
schedule above).
 The existence and amounts of any restrictions on assets pledged as security for liabilities
(e.g. a company may have no right to sell a property that is security for a bank loan until the
loan is repaid).
 The amounts for:
o expenditures recognised in assets in the course of construction;
o contractual commitments (to acquire assets);
o third-party compensation for assets impaired, lost or given up, included in profit
or loss.
22.2.0 Introduction
2.0 Introduction
Definition
Intangible asset – an identifiable non-monetary asset without physical

substance.
An intangible asset is a non-current asset without physical form. Examples include:
 Goodwill
 Development costs
 Patents and trademarks
 Brands
 Copyrights
 Know-how.
22.2.1 General Risks

2.1 Audit Risks
Most of the general risks for tangible non-current assets apply equally to intangible non-
current assets. For example:
 Recorded intangible assets may not represent deemed capital expenditure under
IAS 38 (e.g. research expenditure capitalised as development expenditure);
 Useful economic life may be overestimated;
 Carrying amount may exceed the expected discounted future benefits (i.e. the asset
is “impaired”);
 Completeness (e.g. of capitalised development expenses)
22.2.2 Assertions
2.2 Assertions
2.2.1 Completeness
 Development expenditure that meets the asset recognition criteria of IAS 38 must be
capitalised.
 Assets disposed of may not be recorded (as there is no physical asset to monitor).
2.2.2 Accuracy, Allocation and Valuation
 The accounting system must distinguish between research and development expenditure.
 Appropriate valuation model should be used (e.g. discounted future cash flows).
 Appropriate amortisation charges must be calculated, accumulated and expensed to profit
or loss.
 An intangible asset can only be revalued if fair value can be determined by reference to
an active market.
 Indication of non-use, such as licence rights, would suggest that the value of the intangible
asset should be written down.

 The right to use an intangible asset owned by another (e.g. software) is usually evidenced
by an end-user licence agreement.
 Related income (e.g. from copyright, patents) provides evidence of ownership.
2.2.4 Existence
 As physical inspection is not possible, existence needs to be tested through, for example, an
inspection of supporting documentation, legal licences and legal rights.
22.2.3 Audit Procedures

2.3 Substantive Procedures
See also Chapter 20 for written representations concerning non-current assets.
2.3.1 Additions
 Obtain a list of additions from the client (or extract a list from the asset register).
 For appropriate sample (e.g. all material items):
o Agree value, treatment of sales tax, description and account allocation to
purchase invoice, ensuring the invoice is addressed to the entity and that invoice
correctly casts (accuracy, classification).
o Agree supporting documentation (e.g. certificate of registration of
patent/trademark) (occurrence).
o If self-developed, obtain cost analysis for materials, labour and appropriate
overheads. Agree material to purchase invoices, agree labour to time records (ensure
labour is relevant and not capitalised production labour), evaluate overheads absorbed
as reasonable and agree to supporting documents (completeness, occurrence,
classification).
 Agree correctly posted to asset register (completeness).
2.3.2 Revaluations
 For most intangible assets, it is unlikely that a fair value could be determined (e.g. an
appropriate market does not exist).
 Agree that the carrying amount has not been impaired (valuation).
2.3.3 Rights
 Inspect evidence of control or ownership for material assets (e.g. registration certificate).
 Income streams from the use of rights provide corroborative evidence.
2.3.4 Existence
 For appropriate sample (e.g. material items), agree use of asset within the business or
relevant income stream from use of the asset by an external entity.
2.3.5 Disposals
 Disposal testing relates to the existence of intangible assets and the completeness of the
recording of disposals.
 Obtain a list of disposals or identify from the general ledger, asset register and discussions
with management.
 Agree proceeds to bank ledger account and bank statement.
 Confirm extraction from records of cost and accumulated amortisation and recalculate profit
or loss on disposal (existence, completeness, accuracy).
2.3.6 Amortisation
 Confirm that amortisation has been systematically applied to reflect the consumption of
economic benefits and that no assets have a negative carrying amount (completeness,
valuation). Amortisation should be on a straight-line basis if the pattern of consumption
cannot be determined reliably (IAS 38 Intangible Assets).
 For assets revalued, confirm the correct treatment of accumulated amortisation and that the
charge for the year reflects the revalued amount (accuracy, valuation, allocation).
 Test check calculations on material assets and that entries have been made appropriately in
the records (accuracy).
 Review rates applied against asset lives, replacement policy (if any) and experience of
gains/losses on disposal (valuation).
2.4 Research and Development Costs
2.4.1 Accounting Treatment

To comply with IAS 38 Intangible Assets:
 Research expenditures should be recognised in profit or loss in the period they were
incurred (not as an asset in a later period). If the research phase is indistinguishable from
the development phase, expenditure is accounted for as research.
 Development expenditures should be recognised as intangible assets if, and only if, the
asset recognition criteria are met and written off (i.e. derecognised) if recognition criteria
cease to be met.
 Amount recognised as an asset should not exceed the probable amount of recovery from
related future economic benefits after deducting further costs. Any excess must therefore be
expensed to profit of loss.
 Intangible assets are carried at cost less accumulated amortisation (unless revalued, which
is rare).
 Intangible assets should be amortised on a systematic basis over the best estimate of useful
life (to reflect the pattern of consumption of future economic benefits), generally over a
period not exceeding five years (rarely to exceed 20 years).
2.4.2 Key Disclosures

 Useful lives or amortisation rates used.
 Amortisation methods used.
 Gross carrying amount and accumulated amortisation at the beginning and end of the
period.
 Line item(s) of the statement of profit or loss in which amortisation is included.
 Aggregate amount of research and development recognised as an expense.
 A reconciliation of the balance of unamortised development costs at the beginning and end
of the period.
Activity 3 Development Expenditure
State the criteria which must be demonstrated for expenditure on development (e.g. of a
new product) to be recognised as an intangible asset (i.e. "capitalised"). Suggest the
evidence you would seek to verify that these criteria are met.
Criteria Evidence Sought
 "Blueprint"
 Discussion with client's
technicians (e.g. engineer)
 Working prototype
 Technical feasibility (of  Beta test feedback from
completion) users and action taken
 Planning permission sought

for new/expanding factory
 Authorisation of necessary
capital expenditure
 Intention to complete and use  Action on testing feedback
(e.g. in the manufacture of  Advertisements (e.g. to
new products or processes) recruit staff, promote the
or sell the intangible asset product)
 Applications made for

copyright, trademarks,
licences, etc
 Dedicated sales manager,
establishing of sales network
 Ability to use or sell the  Advanced orders
intangible asset  Auditor tests/uses item
 Results of market research
(by client or consultant)
 Expected selling price per
market research
 How probable future  Selling prices of comparable
economic benefits are to be products (if any)
generated (including the  Client's profit forecasts
existence of a market or  Analysis of potential
internal use) competitor products
 Adequate technical, financial  Business plan

and other resources exist/are  Cash flow forecasts
available to complete the  Negotiations with the bank
project and use or sell the for new/increased
intangible asset loan/overdraft facilities
 Clearly defined
product/process evidenced
by the documented project
specification
 Separate ledger accounts
(e.g. for materials, wages
and salaries, depreciation,
allocated overheads)
 Costs traced to/from
materials requirements,
 Attributable expenditure can purchase invoices,
be measured reliably timesheets, etc.
Syllabus Coverage

D. Audit Evidence
4. The audit of specific items
For each of the account balances stated in this sub-capability:
Explain the audit objectives and the audit procedures in relation to:
5. Tangible and intangible non-current assets:
1. evidence in relation to non-current assets
2. depreciation
3. profit/loss on disposal
Technical Articles
to this chapter.

Visual Overview
Objective: To identify and explain the risk areas in inventory and describe audit
procedures to obtain sufficient appropriate audit evidence.
23.1.1 Types of Inventory
1.1 Types of Inventory
Depending on the business, inventory may take one or more forms:

 Raw materials and consumables for the production or service process;
 Work-in-progress to produce goods for sale
 Goods held for sale in the ordinary course of business (finished and retail goods).
23.1.2 Materiality
1.2 Materiality
For most entities that produce or sell goods (consumer goods, beverages, industrial
machinery, transportation, shops, chemicals, pharmaceuticals, farms) inventory is
usually the second most material asset (after non-current assets) and may be very
complex to audit.
Because it affects both the statement of financial position (as an asset) and the
statement of profit or loss (opening and closing inventory in cost of sales determine
gross profit) and is relatively easy to manipulate (e.g. count quantities, valuation and
impairment), inventory is a high-risk audit area.
This is particularly the case in businesses where inventory is counted and valued for the
financial statements at the year end. However, by using integrated inventory control
systems with perpetual (continuous) counting and reconciliations, the risks of incorrect
valuation and non-existence can be managed and reduced.
Key point
Generally, the audit approach to inventory covers three specific areas:

1. Understanding the business and specific risks relating to inventory.
Key point
2. Quantities of inventory held.

3. Valuation of the quantities held.
23.2.1 Audit Risks

2.1 Audit Risks
Typical audit risks include:

 Susceptibility to "shrinkage" (e.g. theft by employees or customers).
 Management manipulation of quantities and value.
 Lack of control over quantities: poor recording on receipt, processing and storage.
 Valuation may not be consistent or comply with IAS 2 Inventories.
 Obsolescence (e.g. damage, shelf life, best-before date, change in customer
demand).
 Cut-off for inventory movements may be inaccurate.
 Third-party inventory may be included as the entity’s inventory
 Inventory under the custody and control of third parties (e.g. a third-party storage or
distribution facility) may be omitted or not exist.
2.2 Assertions
Audit considerations for the assertions that are specific to inventory include the following
(“CARE”):
2.2.1 Completeness
 Physical inventory count must be correctly analysed and quantities transferred to the final
valuation.
 All inventory movements must be accurately recorded in inventory control systems for
perpetual inventory.
 Completeness (and accuracy) of recorded inventory is affected by the cut-off of sales and
purchases transactions (see s.4).

 Cost method must comply with IAS 2 (e.g. inclusion of applicable overheads and only first-
in, first-out (FIFO) or weighted average cost (AVCO) formulae permitted).
 Determining the lower of cost and net realisable value (NRV) requires identifying inventory
that may be damaged or obsolete (e.g. inspection during physical count, review of expected
sales, understanding of the current business environment).

 Inventory owned by a third party but held by the client must be separately identified and not
included in the year-end valuation.
 Client inventory held by third parties (including that on a “sale or return” basis) must be
verified (e.g. by inspection of external confirmation) and included in the year-end valuation.
2.2.4 Existence
 The physical inventory count is the primary source of audit evidence to confirm the
existence of inventory (s.3). If material, inventory held by a third party may also be
inspected.
Key point
Where a third party holds a material volume of inventory on behalf of the entity
(e.g. provision of warehousing facilities), audit considerations relating to a service
organisation will apply (see s.3.5).

Activity 1 Sources "Ideas List"
Complete the following "ideas list" for inventory.

 Accounting systems
 Documentation
 Tangible assets
 Management and employees
 Customers and suppliers
 Other third parties
 Accounting
systems Perpetual inventory records
Inventory cards, purchase invoices (cost)

(also payroll for manufactured products),
 Documentation sales invoices (NRV)
 Tangible assets Raw materials, WIP, finished goods
 Management and
employees Buyer, storekeeper
 Customers and Major (raw material) suppliers, customer

suppliers complaints (NRV < cost?)
Bank (floating charge?), warehousing
 Other third parties agents
 Analytical Inventory turnover by product category, GP

procedures margin review
23.3.1 Existence and Condition

3.1 Existence and Condition
The relevant standard is ISA 501 Audit Evidence – Specific Considerations for Selected
Items.
Key Point
If inventory is material to the financial statements, the auditor must obtain

sufficient appropriate audit evidence regarding the existence and condition
of inventory by:
 Attendance at physical inventory counting, unless impracticable.
 Performing audit procedures over the entity's final inventory records to
determine whether they accurately reflect actual inventory count results.
“Impracticable” does not arise through lack of time, cost or general inconvenience. It
means "near impossible" (e.g. inventory is held in a location that may pose threats to
the auditor’s safety). Alternative procedures (e.g. inspection of purchase and sale
documentation and direct confirmation of suppliers and customers) may provide
sufficient appropriate audit evidence. In most cases, however, it is unlikely sufficient
evidence will be obtained, in which case the auditor must modify the audit opinion.
23.3.2 Objectives
3.2 Objectives
The objectives of attending a physical count are to:

 Observe and evaluate compliance with management's instructions in the
performance of the count;
 Inspect the inventory to ascertain its existence and evaluate its condition; and
 Obtain audit evidence (e.g. perform test counts) regarding the reliability of
management's count procedures.
23.3.3 Types of Inventory Counting

3.3 Types of Inventory Counting
Activity 2 Full Physical Count
Suggest advantages and disadvantages of a full physical count at the end of the
reporting period.
 Confirms 100% inventory  Potential disruption and cost

valuation for inclusion in the of full count (e.g. if production
statement of financial position. halted or outlets closed).
 "Cut-off" ascertained at just one

date (end of the reporting period).  The number of locations to be
Movements to be confirmed are attended at one time (by
minimised. client and audit staff).
 Heavy demand on the audit

staff at popular end-of-
 Complete inventory records for reporting periods (e.g. 31
the year are not required. December).
Activity 3 Interim Stocktaking
Suggest advantages and disadvantages of a full physical count shortly before the end of
the reporting period.
 Movements need to be
 Timing may be more substantiated. This requires
convenient (e.g. holiday records and good internal
closure). controls (to confirm roll forward).
 There will be time to do a full

count at the end of the
reporting period if significant  "Cut-off" needs to be examined
problems found at the interim both at the count date and the
date. end of the reporting period.
 Facilitates a tighter audit

reporting deadline (value can
be ascertained and rolled  Reliable inventory records are
forward). required.
23.3.4 Perpetual (Continuous Count) Inventory System

3.4 Perpetual (Continuous Count) Inventory System
In a perpetual inventory system, inventory is counted regularly and not just once (at the
end of the reporting period). This system checks the accuracy of the book records
(usually computerised including purchases, sales and movements from raw materials to
work-in-progress and finished goods). High-risk (e.g. valuable) items/product lines are
usually counted and reconciled to records more often (e.g. every month or in some
cases, for example, jewellery, every day).
 Counts should be programmed so that all inventory (e.g. each product line) is counted at
least once a year (i.e. "continuous stocktaking").
 All material differences between book inventory and physical counts must be investigated
and corrected at the time of each count.
Additional audit procedures should be performed where a perpetual inventory system is
used to derive inventory for the financial statements:
 Auditors should attend at least one of the physical counts (preferably more than one if
inventory is homogeneous and each product line is counted only once).
 Movements throughout the year into book records (e.g. from goods received records) and
out (e.g. transfers to the subsequent production stage/goods out as sales) must be audited
to establish occurrence and measurement assertions.
Key Point
When auditing a perpetual inventory system, the auditor must be satisfied that the
effectiveness of the design, implementation and maintenance of controls over
inventory enables the records to form a reliable basis (existence and
completeness) for quantifying year-end value (raw materials, work-in-progress,
Key Point
finished goods and net realisable value (NRV)) for inclusion in the financial
statements.
Activity 4 Perpetual Inventory System
Suggest advantages and disadvantages of a perpetual inventory system.

AdvantagesDisadvantages
 A method of internal control: operates throughout the year.
 Greater control over material and high-risk items as quantities can be confirmed at
any time.
 Auditor can attend when and as many counts as necessary.
 The end of the reporting period count of certain (e.g. high-value) items is not
precluded.
 Slow-moving and obsolete items can be easily identified and accounted for.
 Requires detailed inventory records to be kept up to date, therefore higher clerical
cost.
 As part of the internal control system, the auditor will need to test effectiveness
throughout the year (e.g. tracing inventory to and from records, reviewing all counts
and following through material differences).
 No full counts.
 Cut-off at the reporting date must be tested separately.
23.3.5 Procedures
3.5 Procedures
Procedures which apply equally to end of the reporting period counts and perpetual
inventory counts are:
3.5.1 Planning
Planning procedures aim to identify the risks of material misstatement and the nature of
internal control related to inventory. The auditor should:
 Review prior-year inventory count working papers to identify potential problems.
 Contact the client to receive a copy of the count instructions and agree the date, time and
location.
 Discuss any changes that could affect the audit approach (e.g. changes in controls,
expected volumes, changes in mix (more or less material items), locations, timing, systems).
 Review the adequacy of the client's instructions.
 Consider the role of and reliance on internal audit, if appropriate (see Chapter 14).
 Consider arrangements for the client's expert and/or auditor's expert if necessary
(see Chapter 18).
 Arrange appropriate staff and plan the sampling approach and work programme.
Activity 5 Inventory Count Instructions
Outline the expected content of the client's inventory count instructions.

 Date, time, locations.
 Preparation for the count:
o Tidying and grouping of inventory to facilitate count.
o Ensuring inventory can be easily identified.
o Identification of obsolete and damaged inventory.
o Segregation of third-party inventory (to be counted and reconciled separately).
o Minimising and segregation of receipts/despatches during the count.
o Calibration of weighing scales.
o Organising experts as necessary.
 Time and place of pre-count briefings.
 Control of count sheets:
o Pre-numbered.
o Allocation to count teams and inventory areas.
o Pre-printed showing inventory details (or blank) but not quantity.
o Issue and return procedures to ensure all are accounted for.
 Make-up of count teams:
o Minimum use of personnel who have inventory control responsibilities.
o Two personnel per team, at least one to be independent of inventory custody.
o Allocated specific area to count to avoid overlap.
 Counting procedures (“by hand” or using hand-held barcode readers and electronic
identification tags):
o Systematic to ensure no double counting or missed items.
o Tagging inventory when counted to ensure all items are counted.
o Random selection of boxed items to agree contents to box description.
o Use of scales, measuring equipment, volume gauges etc.
o Procedures to estimate physical quantities not easily counted/measured (e.g.
coal, gravel piles).
 Management control and check:
o Spot checks and test counts to ensure teams operate effectively.
o Any discrepancies to be checked and cleared.
o Obtain cut-off details (last goods received, last goods despatched, last WIP
transfers)
o Agree that all items have been counted.
3.5.2 Attendance
Attendance on the day of the count will generally involve the auditor in the following:
 Attend briefing meeting(s).
 "Walk-about" before the start of count to observe preparations for identifying material
inventory and minimising inventory movement.
 During the count, observe that instructions for count sheets, work-in-progress, counting and
completion are followed.
 Carry out test counts, for example:
o from counts already made to the inventory (existence);
o from inventory to a count sheet (completeness);
o from inventory ahead of count team for agreement to count sheet (accuracy)
towards the end of the count (to be effective, the count team should not be made aware
of the items that have been pre-counted by the auditor);
o inspect box/container contents, weigh and calculate volumes (existence).
Key point
The direction of testing ("sheet to floor" or "floor to sheet") tests different

assertions.
 Discuss with management any discrepancies found in the counts and the action to be taken
(e.g. correction by management).
 Collect cut-off information, including receipts and despatches (see s.4 for details of cut-off
testing) and stage of completion of work-in-progress.
 At the end of the count, agree all count sheets are accounted for and copy them for the final
audit visit to check that no alterations were made after count (accuracy, existence,
completeness).
 "Walkabout" to ensure that all items that should have been counted are tagged as having
been counted (completeness).
3.5.3 Follow-up (Final Audit)

The physical count procedures will be followed up during the final audit as follows:
 Obtain client's final valuation, summaries and sub-schedules from count sheets.
 Follow through any outstanding matters from physical count observation, including reviewing
photocopy of count sheets to client's final sheets to identify any changes made after the
count.
o If the client has made changes to the count sheets, their materiality should be
assessed and reasons for the changes ascertained from management and audited.
o If unsatisfactory (and material), the effect on the auditor's report must be
considered.
 Sample calculations (quantity x price) and the summation of count sheet quantities,
including carrying forward to summary schedules and the final summary (Checking to and
the final summary is a test for understatement; from the final summary back to the count
sheets tests for overstatement: completeness and accuracy.)
 Sample raw materials, work-in-progress and finished goods for valuation in accordance with
IAS 2 (see s.5.1).
 Check cut-off (see s.4).
 Carry out NRV review (see s.5.3).
 Obtain written representations (see Chapter 20) concerning the completeness and accuracy
of the physical count and valuation (e.g. NRV).
23.3.6 Inventory Held by Third Parties

3.6 Inventory Held by Third Parties
Where a third party holds inventory, apply ISA 402 procedures (see Chapter 14) to
confirm the inventory’s existence, including:
 assessment of controls;
 observation of physical counting by the third party (if material); and
 confirmation (if immaterial).
If inventory held by third parties is material and physical inspection is not possible,
alternative procedures must be applied to confirm existence, such as:
 independent third-party confirmation;
 inspection of insurance certificates;
 inspection after the year end;
 analytical procedures; and
 "roll-back" of production and sales transactions after the year end.
Physical inspection may not be possible when inventory is in sealed containers on
board a boat or held by customs.
23.4.1 Importance
4.1 Importance
Cut-off is the assertion that transactions and events have been recorded in the correct
accounting period:
 All transactions and events up to and including the reporting date should be included
in the current accounting period; and
 Those after the reporting date are included in the next accounting period.
Incorrect cut-off will result in the misstatement of profit or loss and asset or liability
positions. For example:
Cut-off error Misstatement
A sale is correctly recognised before the Understatement of cost of sales

year end but the goods are also (i.e. profit is overstated) and
included in the inventory valuation overstatement of inventory
A sale is made before the year end and
the goods are not included in the
inventory but the revenue and trade
receivable are recorded after the year Understatement of revenue and
end trade receivables
Goods are received before the year end

and included in the inventory count but
the purchase and trade payable are Understatement of purchases
recorded after the year end and payables
A purchase invoice and liability are

recorded before the year end but the Understatement of inventory
goods are not received until after the (asset) and overstatement of
year and so are not included in cost of sales (i.e. profit is
inventory understated)
Key Point
Cut-off tests ensure that all related elements of a transaction, such as a

purchase or a sale, are recorded in the accounting period to which the
transaction relates. Cut-off testing can also check the completeness and
existence of balances such as inventory, receivables, payables and cash.
Example 1 Effect of Inappropriate Cut-off
ABC made a sale of 5,000 tons of metal (cost $700,000 and selling price
$1,000,000) on 2 January 20X9, but recorded the revenue, trade
receivable and cost of sale as at 31 December 20X8. If the company's year
end is 31 December, profit for the year ended 31 December 20X8 will be
overstated by $300,000, trade receivables will be overstated by $1,000,000
and inventory will be understated by $700,000.
23.4.2 Relationships
4.2 Relationships
4.2.1 Purchases and Payables

 Goods received before year end must be recorded as purchases and payables before the
year end and recorded in the inventory count at the year end (unless sold before the year
end).
 Purchases recorded before the year end must relate to goods received and included in
closing inventory (unless already sold) before the year end with a corresponding recording
in payables.
 Payables recorded before the year end must relate to purchases and inventory recorded
before the year end.
 Cash paid to settle amounts due to suppliers before the year end must be recorded in the
bank ledger account and trade payables account before the year end.
 Payments recorded in trade payables before the year end must be recorded in the bank
ledger account before the year end.
4.2.2 Sales and Receivables

Post-year-end cut-off would be the opposite of the above description (e.g. post year-end
despatches should be recorded as sales and receivables after the year end and the
inventory included at the year end).
 Goods despatched before the year end must be recorded as sales and receivables before
the year end and excluded from the closing inventory.
 Sales recorded before the year end must relate to goods despatched and excluded from the
closing inventory before the year end with a corresponding recording in receivables.
 Receivables recorded before the year end must relate to a sale before the year end with a
corresponding reduction in inventory.
 Cash received from credit customers before the year end must be recorded in the bank
ledger account and trade receivables account before the year end.
 Receipts recorded in trade receivables before the year end must be recorded in the bank
ledger account before the year end.
Post-year-end cut-off would be the opposite of the above description (e.g. post year-end
despatches should be recorded as sales and receivables after the year end and the
inventory included at the year end).

4.3 Audit Procedures
To test that an accurate cut-off is established at the physical count date:

 Observe the control over the movement of goods between areas while counting is in
progress. For example, goods delivered by a supplier during the count should be
held in a separate area.
 Select goods received notes (GRNs) for a few days before the count date and
confirm recorded as "goods in" in inventory records before the count date. The
corresponding goods should be included in the physical count (and the purchase in
trade payables).
 Select GRNs for a few days after the count date and confirm recorded in inventory
records after the count date.
 Similarly select goods despatch notes (GDNs) for a few days on either side of the
count date and compare them with the relevant inventory records (and vice versa) to
ensure goods out have been recorded in the correct accounting period.
o Goods out before the count date should have been moved from the
premises and not included in the physical quantities counted (and the sale in
trade receivables).
o Goods out after the count date should be included in the count.
Key Point
All cut-off tests for inventory, sales, receivables, purchases, payables and
cash should be coordinated.
Example 2 Importance of Cut-off Tests
During the audit of a new client, after carrying out cut-off tests, pre-year-
end sales invoices to the value of $245,000 (material) were found to have
been recorded in the sales (Cr) and receivables (Dr) ledger for which
neither despatch notes nor entry of inventory movement could be found.
A review for large and unusual items over the reporting period also
revealed material credit notes issued after the previous audit had been
completed related to sales recorded before the previous year end. Again,
no evidence was available to support those sales.
On discussing the issue with management, the finance director admitted
that he had been producing sales invoices to inflate profits and issuing
credit notes after the auditors had finished their work.
This example of a common revenue fraud raises several interesting points:
 Audit tests need to be linked to reach an overall conclusion.
 The receivables confirmation may also have raised this issue if the
customer (to whom false invoices had been posted) had not agreed his
balances or had not replied and appropriate alternative procedures had
been followed (see Chapter 24).
 The reliability of the audit procedures performed by a previous
auditor (Chapter 5).
 The overall effect of the fraud on accumulated profits and the auditor's
report.
23.5.1 IAS 2
5.1 IAS 2 Inventories
Key Point
Inventory is valued at the lower of cost and net realisable value.
Definitions
Cost – includes:
Definitions
 Purchase price, non-recoverable taxes (e.g. import duties), transport,

handling and other costs directly attributable to the acquisition of
finished goods, materials and services.
 Direct production costs (including production overheads) for work-in-
progress.
 Other costs only to the extent incurred in bringing the inventories to
their present location and condition (e.g. maturing costs for brandy,
cheese, seasoned wood).
Net realisable value – the estimated selling price in the ordinary course of
business, less the estimated costs of completion and the estimated costs
necessary to make the sale.
Examples of costs excluded from the cost of inventories and recognised as expenses in
the period in which they are incurred are:
 abnormal amounts of wasted materials, labour or other production costs;
 storage costs (unless necessary to the production process);
 administrative overheads that do not contribute to bringing inventories to their
present location and condition; and
 selling and distribution costs.
Exam advice
You should be familiar with this and the concept of standard costing from
earlier management accounting studies.
23.5.2 Cost Measurement Methods and Formula

5.2 Cost Measurement Methods and Formula
Measurement methods include:

 standard cost;
 retail method; and
 actual cost.
5.2.1 Standard Cost

Standard cost is widely used in manufacturing for cost measurement, valuation and
control. It is an acceptable measurement basis for financial reporting purposes,
provided that it gives an approximation to actual cost.
Additional audit considerations include:
 Controls over establishing, maintaining and updating standards should be understood and
assessed.
 Postings to variance accounts should be included in the systems audit.
 Basis of the standard must be audited to supporting documents (e.g. raw materials invoices,
payroll, overhead purchase invoices, production records showing quantities and time).
 Analyse balance on variance accounts to establish ageing and need to adjust standard cost
to bring to actual cost.
5.2.2 Retail Method

The retail method is suitable for valuing a large number/wide range of high-turnover
items with similar margins. It is a practical expedient where other costing methods are
impractical.
 The inventory count valuation is based on displayed/recorded selling price. Cost is then
selling price less a standard gross profit percentage, which may be an entity-wide
percentage or by selling department.
 When the retail method is used the auditor should determine (estimate) the appropriate
percentage from client records and then compare it to the percentage used. This may also
involve checking values to cost invoices.
5.2.3 Actual Cost

When possible, the actual individual cost of inventories of items that are not ordinarily
interchangeable (i.e. unique) and goods or services produced and segregated for
specific projects should be used.
 Otherwise, the FIFO or AVCO formula will be used. (A cost calculated using a formula will
need to be verified against purchase invoices.)
 The same cost formula should be used for all inventories of a similar nature and use.
Different cost formulas may be justified for different inventories.
The auditor will need to confirm the following:
 material costs to suppliers' invoices;
 labour to payroll and time summaries;
 the basis of unit cost calculations for allocating overheads (which should be based on
normal capacity).
The auditor should also review the suitability of costing and stage of completion for
work-in-progress.
23.5.3 Net Realisable Value (NRV)

5.3 Net Realisable Value (NRV)
Net realisable value (NRV) is affected by:

 obsolescence (may be technical);
 condition/damage, etc (e.g. "shop soiled" or returned goods); or
 market price fluctuations (e.g. prices falling due to cheaper technology).
5.3.1 Indicators
Indicators of the potential need for an allowance to write down inventory include:
 Obsolescence, damage, slow-moving inventory, production errors (e.g. over-production),
goods being out of fashion (e.g. out of season).
 New competitor products and changes in market conditions resulting in a decrease in selling
price or demand.
 Decline in the economy.
 Rising costs that cannot be passed on to customers.
 Rising costs after the year end to complete work-in-progress (e.g. labour and materials).

The auditor should:
 Understand the nature of the business and activity during the year to assess any increase in
NRV risks. Seasonal fashion and electronic consumer goods are good examples of the
need for continuous NRV assessment.
 Review inventory observation working papers for NRV indicators (e.g. damaged inventory).
 Discuss with management procedures undertaken to assess NRV.
 Review management reports, sales reports and board minutes for evidence of NRV risks.
 Review after-date sales and current selling prices of at-risk items.
 Apply suitable analytical procedures (e.g. review inventory turnover to identify at-risk items).
 In computerised inventory systems, review aged-inventory reports or exception reports that
identify items that have not moved in a specified period.
 Review prior-year NRV inventory movements to compare with likely final selling prices.
Where the inventory system is computerised, automated tools and techniques will be an
effective and efficient tool for analysing inventory:
 agreeing inventory counts transfers;
 application of costs;
 calculation of values;
 ageing of inventory;
 analysing after-date sales;
 predicting NRV.
23.5.4 Allowances
5.4 Allowances
An allowance made to reduce the cost of inventory to net realisable value is an example
of an accounting estimate (see Chapter 17). It is not a provision (i.e. a liability) as
defined by IAS 37 Provisions, Contingent Liabilities and Contingent Assets (see Chapter
27).
Determination of an allowance may be:
 simple (e.g. a percentage of inventory value); or
 complex (e.g. by analysing current data and sales forecasts to estimate slow-moving
or surplus inventory).
Any formulae used (e.g. different percentages applied to inventory ageing) need to be
reviewed regularly by management to assess their appropriateness.
As an accounting estimate the auditor should use one or more of the following
approaches:
 Review and test management's process used to develop the estimate;
 Use an independent estimate for comparison with management's; and
 Review after-date sales to confirm the estimate made.
23.5.5 Related Disclosures

5.5 Related Disclosures
 Accounting policies adopted in measuring inventories, including the cost formula

used.
 Total carrying amount of inventories and the carrying amount in classifications
appropriate to the entity.
 Carrying amount of inventories carried at fair value less costs to sell.
 Amount of inventories recognised as cost of sales during the period.
 Amount of any write-down of inventories to NRV, the amount of any reversal of any
write-down that is recognised in the period and the circumstances of the reversal.
 Carrying amount of inventories pledged as security for liabilities.
Pledged inventory includes that which is subject to a “reservation of title” clause in the
purchase contract. This means that legally the goods belong to the supplier until paid
for. If enforced, the supplier could recover his debt from any part of the manufacturing
process that uses the goods (e.g. a claim on finished goods that contain the raw
material subject to reservation of title). In reality, this will never be a problem unless the
entity has going concern difficulties. Therefore, the purchase and inventory are treated
as any other purchase; recognised as an expense and asset.
Syllabus Coverage
D. Audit Evidence
1. Inventory:
1. inventory counting procedures in relation to year-end and continuous inventory systems
2. cut-off testing
3. auditor's attendance at inventory counting
4. direct confirmation of inventory held by third parties
5. valuation
6. other evidence in relation to inventory
Technical Articles
to this chapter.

Visual Overview
Objective: To describe the procedure of confirmation by direct communication and

determine areas of risk and procedures in the audit of trade receivables and sales
revenue.
24.1.1 Direct Written Response
1.1 Direct Written Response
The relevant standard is ISA 505 External Confirmations.

Key Point
The objective of the auditor, when using external confirmation procedures, is to

design and perform such procedures to obtain relevant and reliable audit
evidence.
Definitions
External confirmation – audit evidence obtained as a direct written

response to the auditor from a third party in paper form, or by electronic or
other medium.
Activity 1 Direct Confirmation
Suggest matters other than trade receivables balances on which it may be appropriate
to seek direct confirmation.
 Other account balances (receivable and payable) and their components.
 Terms and conditions of agreements.
 Existence of "aside-agreements".
 Transactions with third parties and terms thereof.
 Bank balances and other information from bankers.
 Inventories held by third parties (e.g. in bonded warehouses or on consignment).
 Loans from lenders.
 Investments purchased from stockbrokers but not delivered by the end of the reporting
period.
1.2 Considerations
1.2.1 Need For

Factors to be considered when deciding on the need for external confirmation include:
 Materiality of items to be confirmed;
 Assessed risk of material misstatement;
 Effectiveness of controls; and
 Availability of other evidence to reduce audit risk to an acceptable level.
ISA 330 The Auditor's Responses to Assessed Risks explicitly requires auditors to
consider the use of external confirmations as substantive evidence. The auditor is
expected to make extensive use of external confirmations even where reliance is placed
on the effectiveness of controls.
1.2.2 Reliability
External confirmations are considered one of the most reliable sources of evidence
because they are:
 Obtained from external sources;
 Initiated and obtained directly by the auditor; and
 In documentary form (written or electronic).
When received electronically, the auditor must be able to confirm the sender (e.g. with
an electronic signature) and that the content is secure (e.g. encrypted).
Key Point
A high level of reliability provides more persuasive evidence in response to

significant risks of material misstatement.
1.2.3 Confirming Party

The confirming party needs:
 to know the subject matter; and
 be able and willing to reply (e.g. if concerned about legal consequences).
24.1.3 Design of Request

1.3 Design of Request
The design of a confirmation request may directly affect the confirmation response rate
and the reliability and the nature of the audit evidence obtained from the responses.
Factors to be considered include:.
Factors to be considered include:
 The assertions to be addressed.
 Identified risks of misstatement, including fraud risks.
 Prior experience in the audit or similar engagements.
 Method of communication (paper, electronic).
 Management's authorisation for confirming parties to respond to the auditor.
 The information that respondents will readily confirm, such as single transactions (e.g.
invoices) rather than the overall account balance.
 Respondent's knowledge of the matter and their competence, independence, motivation,
authority or willingness to provide information.
Consider, for example, a company selling machinery for farming. Customers who are
individual rural farmers may be less likely to respond to a confirmation request than a
corporate customer.
The request may be “positive” or “negative”, “open” or “closed”.
1.3.1 Positive
A request to confirm agreement with a given balance or otherwise express
disagreement is described as a “positive” request. It is preferred when there is a high
assessed risk, for example, when:
 internal controls are weak;
 there is suspicion of fraud or amounts are in dispute; or
 there are numerous bookkeeping errors.
1.3.2 Negative
A request to reply only in the case of disagreement with a given balance is described
as a “negative” request. It is appropriate when:
 internal controls operate effectively (i.e. control risk assessed as low);
 the population is made up of a large number of small accounts;
 errors not expected; and
 it is expected that respondents will not ignore the request.
1.3.3 Open
 An “open” request requires the respondent to enter a balance (i.e. cannot simply "tick off"
agreement).
 It is used most widely when testing balances for understatement. For example, a request to
suppliers to show the amounts they believe they are owed.
1.3.4 Closed
 A request is described as closed when the balance is given.
 It is mainly used to confirm the possible overstatement of a balance.
24.1.4 Confirmation Procedures

1.4 Confirmation Procedures
The auditor must maintain complete control over:

 determining the information to be confirmed or requested;
 the selection process and who should confirm;
 designing the confirmation requests;
 sending confirmation requests (including second requests);
 receiving responses.
This control is essential to minimise the risks of sample bias, potential interception of
requests and alteration of responses.
Activity 2 Management's Refusal
Suggest procedures to be carried out by the auditor where management refuses to

allow a confirmation to be sent.
 Inquire into management's reasons for the refusal. Assess reasonableness and evidence of
request (e.g. customer already subject to legal action for non-payment) as management
may be attempting to deny access to information that may reveal fraud or error.
 Assess the effect on the risks of material misstatement and modify the audit plan as
necessary (increase professional scepticism, implications on management's integrity).
 Conduct alternative audit procedures if appropriate (e.g. for receivables, after-date cash,
invoices making up the balance, evidence of the existence of customer).
1.5 Responses
1.5.1 Information Given

When information is received, the auditor should:
 Consider if the response has been given by the expected individual and by expected means
(e.g. written and not oral). If not, determine why and the reliability of the response (e.g.
contact by phone the individual from whom a response was expected).
 Assess its consistency and reliability against other audit evidence. If in doubt, consider other
audit procedures including calling the respondent to confirm particular matters.
1.5.2 Agreement
When confirmations are in agreement, the auditor should consider the possibility of a
"tick box" approach having been taken by respondents.
1.5.3 Disagreement
When respondents express disagreement, the auditor should:
 Identify why and carry out further audit procedures as necessary (e.g. reconciling
goods/cash in transit).
 Consider if the risk of material misstatement has increased.
 Assess the need for further audit procedures to ensure sufficient reliable audit evidence
obtained.
1.5.4 No Response
When there is no response, action depends on how the nature and extent of alternative
audit procedures are affected by the assertion(s) assessed by the confirmation.
 Alternative procedures may provide sufficient evidence.
 If no alternative procedures would provide the assurance required, the effect on the auditor's
report must be assessed.
24.2.1 Audit Risks

2.1 Audit Risks
2.1.1 Trade Receivables
Trade receivables are amounts owed by customers for goods/services that have been
supplied to them on credit terms.
Trade receivable balances may not be recoverable (and therefore overstated) if:
 they are overdue;
 the customer is in liquidation/receivership or bankrupt;
 amounts are disputed (e.g. overpricing/goods supplied).
An analysis of trade receivables balances may not accurately reflect the age of debts
(e.g. if items are not matched in an "open-item" system).
Trade receivables will be overstated if:
 sales are inflated or otherwise overstated (e.g. due to cut–off errors);
 fictitious balances are reported;
 the estimate of the allowance for irrecoverable and doubtful debts is inadequate.
"Teeming and lading" (also called “lapping”) is a bookkeeping fraud that will also
overstate trade receivables balances. Receipts from customers are stolen and their
recording delayed until another receipt makes up the shortfall. The theft is disguised by
incorrectly allocating subsequent cash receipts (“Robbing Peter to pay Paul”) or posting
fictitious credit notes or journal entries to write off debts. Entries in the customers’
accounts to conceal the thefts must match amounts of receipts; otherwise, customers
that have made payments would be "put upon enquiry" that something was amiss.
2.1.2 Prepayments
A prepayment is a prepaid expense (i.e. an amount paid on or before the reporting date
for goods/services received/consumed after the reporting date).
The omission of prepayments results in:
 an overstatement of expenses recognised in profit and loss; and
 an understatement of prepayments (an asset) in the statement of financial position.
For most entities, individual prepayments will not be material, but the cumulative effect
of the inappropriate accounting treatment of all prepayments must be considered a risk.
2.1.3 Other Receivables

Other receivables are amount owed by parties other than customers at the reporting
date. For example:
 An insurance claim receivable;
 Dividend receivable;
 Tax receivable.
Particularly where these are of a “one-off” nature, there is a risk of omission (i.e.
understatement).
2.1.4 Revenue Recognition
The auditor should be aware of and respond to the risk of material misstatement due to
revenue recognition fraud.
Common revenue frauds include:
 early revenue recognition;
 holding the books open past the close of the accounting period;
 fictitious sales; and
 failure to record sales returns.
Revenue may be misstated if the five steps of the revenue recognition process have not
been appropriately applied.

2.2.1 Receivables
 Obtain the list of accounts receivable and agree the total to the general ledger
(completeness).
 Review bank confirmations (see Chapter 26) and loan agreements for evidence that
receivables have been used to secure indebtedness (rights).
 Directly confirm a sample of accounts receivable and perform any necessary alternative
procedures (existence). See s.3.
 Test the adequacy of the allowance for irrecoverable receivables (valuation).
2.2.2 Prepayments
As an asset balance, the most relevant assertions for prepayments are again
completeness, accuracy, valuation and allocation, and existence (“CAVE”). The auditor
should:
 Understand the nature of the business and expected prepayments.
 Obtain a list of prepayments from the client, cast and agree to the general ledger (accuracy,
valuation and allocation).
 Compare current prepayments with previous years and, for material items, inspect
supporting evidence such as paid invoices (completeness, existence).
 Identify any unrecorded prepayments by reviewing the bank ledger account before the
reporting date for large and unusual items and inspecting supporting documents such as
suppliers’ invoices (completeness, cut-off).
2.2.3 Other Receivables

 Obtain a list of other receivables as at the reporting date and cast it.
 Agree the amounts on the list to the relevant accounts in the general ledger (completeness).
 Select items from the list and agree to supporting documentation (e.g. correspondence from
an insurer agreeing an insurance claim) (existence, valuation).
 Confirm recoverability by agreeing to after-date cash receipts (valuation).
 Review receipts in the bank ledger account after the reporting date for amounts that were
receivable at the reporting date (e.g. dividend income) (completeness).
Key Point
A prepayment arises from the payment of cash before the year end for
next year’s expense.
Other receivables arise from items of this year’s income that should be
a receipt of cash after the year end.
2.2.4 Revenue
Substantive procedures for revenue will generally start with obtaining a schedule broken
down or analysed into the main product categories or sources of revenue, where
relevant. This should be compared with the prior year schedule and any unusual
movements discussed with management.
For the sale of goods, tests of details typically include the following:
 Match a sample of GDNs to the corresponding sales invoices and recording in the detailed
sales listing (completeness).
 Match a sample of sales transactions from the detailed sales listing to sales invoices,
customer orders and GDNs (occurrence).
 Examine a sample of sales invoices for proper classification into revenue accounts.
 Select a sample of sales invoices from shortly before and after the year end and compare
the shipment dates with the dates the sales were recorded (cut-off).
 For a sample of despatch notes shortly before and after the year end, trace to sales invoices
in the correct accounting period (cut-off).
 For a sample of sales invoices, compare prices and terms with the authorised price list and
terms of trade (accuracy).
 For a sample of invoices, recalculate amounts including discounts allowed and sales tax
(accuracy).
 Select a sample of credit notes raised, trace to the original invoice and ensure the invoice
has been correctly removed from sales (occurrence).
 For a sample of material contracts with customers, examine the supporting documentation
to determine whether the five steps of the revenue recognition process were applied
correctly (see s.4.2 in Chapter 12).
The auditor may also perform the following substantive analytical procedures:
 “Proof in total” (reasonableness test) calculation of expected revenue, compared with
recorded revenue, and investigation of any significant differences. For example:
o For rental income: Average monthly rent × 12 × number of properties;
o For ticket sales (e.g. for a festival): Average ticket price × number of tickets sold.
 Making comparisons and investigating differences between, for example:
o gross profit percentage by product line with prior years and industry data;
o reported monthly revenue to budgeted monthly revenue.
 Analyse the ratio of sales in the last month or week to total revenue for the year.
 Compare detail of units shipped with revenue and production records and consider whether
revenues are reasonable compared to production levels and average selling price.

Activity 3 Sources "Ideas List"
Complete an "ideas list" for sources of evidence in the audit of receivables and revenue
 Accounting Open-item or balance-forward ledger.
systems
Sales orders, GDNs, invoices, credit notes,

statements.
 Documentation
Cash receipts (confirm recoverability).

 Tangible assets
 Management and Sales director, credit controller, cashier.

employees
Customer remittance advices, correspondence,

 Customers and direct confirmation.
suppliers
Solicitor (significant claims), Liquidator/receiver

(irrecoverable debt).
Receivables collection period (by month),

percentage write-offs, percentage estimate for
 Analytical receivables allowance.
procedures
24.3.1 Introduction
3.1 Existence Assertion
Key points
 Direct confirmation of receivables provides evidence for

the existence of accounts receivable.
 Confirmation is generally done on a sample basis (see s.3.2).
 Confirmation requests are usually sent at the year end (rather than at
the start of the final audit) and include the client's statements of
customer balances.
Key points
 If there is a tight reporting deadline, requests may be sent at the month-

end before the reporting date and the last month's movements audited.
Therefore, cut–off procedures would need be carried out twice – at the
confirmation date and the year end (see s.4).
An old term for the external confirmation of accounts receivable is “debtors’
circularisation”.
3.2 Confirmation Sample Selection
 Obtain a list of balances from client as at the year end, check extraction, cast, agree
total to general ledger/trial balance/ financial statements.
 Identify all credit balances and, if material, ask management why; credit balances
may indicate a breakdown in controls.
 "Gross up" the total for credit balances (i.e. add back to show gross balance, not net
balance) and similarly for debit balances on payables, if material.
 Select a sample (e.g. using monetary unit sampling).
 In a computerised system, audit software is a very effective and efficient means of
selecting a sample for confirmation. CAATs may also be used to analyse inventory,
revenue, cash receipts and journals to recalculate receivable balances.
 Balances selected using professional judgement will, for example, include:
o balances greater than the performance materiality level;
o old outstanding balances;
o credit balances;
o nil balances; and
o accounts that show unusual activity (e.g. many credit notes or
irrecoverable debt write-offs).
 Confirm with the client the sample selected. Discuss with management if any
customers are requested to be removed from the sample. Ensure that all evidence is
recorded, including alternative procedures (as the client is effectively imposing a
limitation on scope). Such exclusions must be considered suspicious unless proved
otherwise.
24.3.3 Confirmation Requests

3.3 Confirmation Requests
Confirmation requests should be prepared on client-headed documentation and signed

by the client to authorise the disclosure of confidential information.
The auditor should independently post/send requests (not through the client’s office).
Example 1 Sample Confirmation Letter
XyZ Industrial Holdings

Address
To: {[mail merge]} Audit confirmation
XyZ Industrial Holdings Address
As part of their standard audit procedures, we have been requested by our
auditors, Brannigan & Co, to ask you to confirm the balance on your
account with us as at 30 June 20X1.
Will you please return the enclosed slip to our auditors, Brannigan & Co, of
131/133 Dutchman Avenue, indicating whether or not you agree the
enclosed account by deleting the line that does not apply. We are grateful
for you to do this, even if you have since settled the account. In the event
of disagreement, please give details on the reverse of the slip
A stamped addressed envelope is enclosed for your reply
Please note that this request is made for audit purposes only and has no
further significance. Remittances should be sent to us in the normal way.
Your kind co-operation in this matter is greatly appreciated.
Yours faithfully,
----------------------------------------------------------------------------------------------------
----------------------------------------
To: Brannigan & Co
131/133 Dutchman Avenue, Dukeland, DY9 6DA
Audit confirmation of balance due to:
XyZ Industrial Holdings at 30 June 20X1
Please delete as necessary:
We confirm that the balance According to our records the amount due
due from us to the above from us to the above company was $.... A
company at the above date reconciliation of these amounts is shown
was $.... below.
Yours faithfully,
Signature, name, position and company stamp/seal
24.3.4 Confirmation Returns

3.4 Confirmation Returns
On receipt of responses, the auditor should check that confirmations appear to have
come from those to whom the requests were sent (e.g. review postmarks).
Returns will be analysed as in complete agreement, partial agreement or disagreement.
Key Point
For disagreement, differences must be reconciled.
Differences due to posting errors, incorrect goods or quantities delivered (or similar
complaints), may indicate a breakdown in controls. Any interim control work carried out
should then be reviewed and the risk of material misstatement reassessed.
If no return is received, the auditor should consider sending a second request or
carrying out alternative procedures.
24.3.5 Reconciling Confirmation Differences

3.5 Reconciling Confirmation Differences
Accounts receivable confirmation differences occur when there is a disparity between

the amount of the receivable recorded in the client's accounting records and the amount
of the receivable confirmed by the client's customer.
The auditor should reconcile such differences to determine whether they are due to
timing differences or misstatements.
3.5.1 Timing Differences
Timing differences occur when there is a delay in recording a transaction by the client or
the customer. Timing differences should be documented, but they are not
misstatements.
The following timing differences can result in an accounts receivable balance exceeding
the amount confirmed by a customer:
 Goods in transit: The audit client correctly records the receivable when goods are shipped
to a customer before the year end (as evidenced by a sales invoice and GDN). However,
the customer does not record the payable until the goods are received after the year end.
Substantive procedure: Confirm that the sales invoice and GDN are dated before
the year end and that the goods are not included in year-end inventory.
 Cash in transit: A customer sends a payment before the year end but the audit client does
not record the receipt until it is received after the year end (as evidenced by cash received
and deposited after the year end).
Substantive procedure: Agree the after-date cash receipt to the bank ledger
account and bank statement.
3.5.2 Misstatements
A confirmation difference is indicative of misstatement if the difference is due to any of
the following errors or frauds:
 Fictitious sales;
 Theft of cash (see “teeming and lading” in s.2.1);
 Goods or invoices sent to the wrong customer;
 Payment applied to the wrong customer account (in error rather than deliberately);
 Incorrect price or quantity charged to the customer.
Differences may also be due to disputes with customers. In this case, the auditor should
review the correspondence and establish whether further audit work is required on:
 irrecoverable debts;
 provisions for claims (e.g. where sold items require repairs or caused damage or loss);
and/or
 the net realisable value of inventory (e.g. if disputes suggest that the client is holding
damaged goods).
24.3.6 Alternative Procedures

3.6 Alternative Procedures
When an auditor does not receive responses to positive confirmations, alternative

procedures must be performed to determine the existence of accounts receivable.
A second (or even third) confirmation request may be sent before alternative
procedures are performed.
Alternative procedures include:
 Examining subsequent cash receipts to verify settlement of specific invoices included in the
customers' accounts receivable balances that were outstanding at the year end. This test is
also relevant to the assertions of accuracy, valuation and cut-off (see s.4.2).
 Tracing such subsequent cash receipts through to the bank statement.
 If the customer has not paid, examining the supporting documentation for the transaction,
including the original customer order, duplicate sales invoice, GDN and shipping
documentation or other proof of delivery of goods to the customer before the year end.
 Reviewing other correspondence between the client and customer to provide evidence of
the existence of the receivable. For example, the audit implications of a letter to a customer
being returned "not known at this address" would be different from receiving a response
from an administrator or official receiver of the customer.
Activity 4 Confirmation Responses
Western Co is a manufacturing company. Positive confirmation requests were sent to a

sample of customers with balances as at 31 December 20X6. Customers did not agree
with the account balances that they were asked to confirm in the following responses:
Customer Amount Customer response
We ordered $25,000 worth of merchandise from

Western in November. However, we mailed a $25,000
Ames $25,000 cheque to Western on 22 December 20X6.
We received goods with a cost of $30,000 and a retail

value of $50,000 on consignment from Western on 15
December 20X6. These goods have not been sold
Brown $50,000 yet.
We ordered $35,000 of merchandise on 30 October

20X6 but Western was out of stock. They back-
ordered the goods and we received them on 4
Copper $35,000 January 20X7.
Our records show that a courier attempted to deliver

the goods from Western on 31 December 20X6 but
our premises were closed. We accepted the redelivery
Devon $60,000 on 3 January.
Western promised these goods in 15 days on 5

December 20X6. When we didn’t receive them, I
Epoch $15,000 cancelled the order on 20 December 20X6.
Western sent a duplicate shipment. We only ordered

$20,000 of goods. The duplicate shipment was
Fynes $40,000 returned to Western on 3 January 20X7.
Required:
For each confirmation response:

i.Explain the audit procedure to be performed to confirm the response;
ii. Conclude what amount should be included in year-end trade receivables if the audit
evidence obtained supports the customer’s response.
Ames
i.Audit procedure – Verify the date of recording the cash receipt (in the cash book) and date of
bank deposit (paying-in slip and bank statement).
ii. Conclusion – If the cash receipt and deposit occurred before 31 December, $25,000 is not a
receivable at the year end, it should be included in the bank and cash balance. If the cash
receipt and deposit occurred after 31 December, this is a valid receivable at year end.
Brown
i.Audit procedure – Review the terms of the consignment agreement between Brown and
Western and any correspondence between the entities that substantiates Brown’s claim that the
goods have not been sold.
ii. Conclusion – If there is a valid consignment arrangement and the goods have not been sold,
there is no trade receivable at the year end. The cost of the consigned goods ($35,000)
should be included in inventory.
Tutorial note: Under IFRS 15 revenue will not be recognised for the consigned goods
until they are sold by Brown (i.e. when control passes from Western to Brown).
Copper
i.Audit procedure – Examine the sales invoice, despatch note and other shipping documentation
to determine when the goods were shipped to the customer.
ii. Conclusion – If the goods received by the customer on 4 January 20X7 were despatched
before the year end, $35,000 is a receivable at the year end. If despatched after the year
end, there is no receivable; the cost of the goods should be included in inventory.
Devon
i.Audit procedure – Verify the date on which Devon signed for the receipt of the goods to delivery
confirmation notices (or similar) which the courier provides to Western (e.g. in support of
invoices).
ii. Conclusion – Since control of the goods did not pass to Devon until the goods were received
there is no trade receivable at the year end.
Epoch
i.Audit procedure – Inspect the cancelled sales order and examine any correspondence between
Brown and Western that confirms that the order was cancelled. Inspect any credit note raised
after the year end to cancel the sales invoice.
ii. Conclusion – This is not a trade receivable at the year end. If the goods were despatched
before the year end, they should not have been delivered but returned to inventory.
Fynes
i.Audit procedure – Inspect the goods return (inwards) note to confirm that Western received
back the duplicated shipment. Inspect the credit note raised after the year to cancel the second
invoice.
ii. Conclusion – $20,000 of the $40,000 is not a receivable at the year end even though Fynes
took control of the duplicate shipment and did not return the goods until after the year end.
Western cannot recognise revenue for goods sent in error.
24.4.1 Sales Cut-off Testing

4.1 Sales Cut-off Testing
Cut-off has already been discussed in Chapter 23 in the context of inventory. The
following is a summary of typical procedures for sales and receivables.
 Sales cut-off testing is used to confirm:
o proper cut-off of sales transactions; and
o the completeness and existence of accounts receivable and inventory.
 Select GDNs raised just before the year end and trace them to a sales invoice
ensuring they are included in trade receivables before the year end. Confirm that the
inventory sold is not included in the inventory balance at the year end.
 Alternatively, if the system is appropriate, select goods out from inventory records
just before the year end, and trace to GDNs and sales invoices agreeing all recorded
(as described previously) before the year end.
 Select entries in the trade receivables account just before the year end and trace
“backwards” through the detailed sales listing to a sales invoice, GDN and inventory
records; checking that all entries were made before the year end.
 From cash received records, trace receipts before the year end to the trade
receivables account and bank statement ensuring entries were made before the
year end.
24.4.2 Valuation of Accounts Receivable

4.2 Valuation of Accounts Receivable
There is a risk that trade receivables may be overstated if irrecoverable debts have not
been written off or the allowance for trade receivables is insufficient. The auditor should:
 Understand terms of payment and management's policy on ageing debts. Compare with
previous years and plan analytical review (e.g. receivables days) to identify anomalies and
potential risks.
 Obtain an aged receivables analysis as at the year end and re-perform ageing by agreeing
the make-up of balances (e.g. for same sample as for confirmation) back to dated sales
invoices, GDNs and inventory records.
 For material balances (e.g. same balances as for confirmation), agree after-date cash
receipts to the bank statements.
 Obtain a current aged analysis during the final audit and compare it against the yearend
analysis to identify amounts still outstanding. A balance that is “current” (i.e. less than 30
days old) at the year end is not necessarily recoverable. (By the time of the audit, it could
have become significantly overdue.)
 Review irrecoverable debts and cash collection patterns during the year to identify any
changes.
 Review other evidence to support non-collectability (e.g. correspondence from a receiver).
 Agree accounting treatment of irrecoverable debts is appropriate.
 Form an opinion on the collectability of debts and discuss with management any divergence
from that opinion.
Activity 5 Use of CAATs
Describe how CAATs may be used in the audit of receivables.

 Extracting list of receivables, casting, identifying all credit balances.
 Reconstructing any receivable balance from primary data (e.g. sales, cash receipts,
journals).
 Selecting sample for confirmation, carrying out MUS approach, preparing confirmation
letters (mail merge).
 Preparing debt age analysis at the year end and date of audit and comparing to identify
year-end debts not yet collected.
 Analysis of after-date cash receipts and postings.
Syllabus Coverage

D. Audit Evidence
1. Receivables:
1. direct confirmation of accounts receivable,
2. other evidence in relation to receivables and prepayments,
3. other evidence in relation to current assets, and
4. the completeness and occurrence of revenue.
Technical Articles
to this chapter.

Visual Overview
Objective: To consider areas of audit risk in share capital, reserves and directors'
emoluments and to describe the audit procedures relating to these items.
25.1.1 General
1.1 General
Risks that should generally be considered in the audit of share capital, reserves and
directors' emoluments (i.e. remuneration) include the following:
 Share transactions (e.g. issue, buy-back) may not comply with statutory
requirements.
 Distributions may not be approved or comply with statutory requirements.
 Statutory documentation and returns not maintained, not made or incorrect.
 Equity reserves are inappropriately used.
 Complicated/sophisticated valuation models used (e.g. share-based payments,
share options and warrants) with significant estimation uncertainty.
 Directors' remuneration and other transactions with directors may be suppressed,
undervalued or not disclosed.
25.1.2 Assertions
1.2 Assertions
Audit considerations for the assertions that are specific to share capital, reserves and
directors' emoluments include the following:
1.2.1 Completeness
 All equity transactions must be accounted for and disclosed.
 All directors' remuneration and other transactions with directors should be recorded and
disclosed.

 Equity transactions must be correctly recognised, movements valued and allocated to the
appropriate accounts.
 Directors' remuneration and other transactions must be recognised/disclosed at correct
amounts.
 The requirements of applicable IFRS Standards must be met (e.g. share-based payments,
share options, revaluations, foreign currency translations, financial instruments).
1.2.3 Occurrence and Cut-off

 Equity transactions, as recorded or disclosed, occurred and related to the entity.
 All equity transactions have been recognised in the appropriate period.
Activity 1 "Ideas List"
Complete an "ideas list" for the sources of evidence for capital, reserves and directors'
emoluments.
Statutory records maintained by the company
 Accounting secretary.
systems
Statutory returns (share issues, changes in

directors, annual returns).
Memorandum and articles of association.

Agreements and contracts (e.g. share
options, pension schemes, directors' service
 Documentation contracts).
Usually dealt with in other areas (e.g.

revaluation of non-current assets).
 Tangible assets
Board minutes (authorising share issues, share

buy-backs, distributions, reserve transfers, issue
of share options).
 Management and Remuneration committee (directors'

employees remuneration report).
 Customers and Shareholders, debenture holders.

suppliers
Solicitors, external company secretary.

 Analytical "Proof in total": dividends paid and payable.

procedures
25.2.0 Introduction
2.0 Introduction
In audit planning, the auditor assessed the risk of material misstatement due to error
and fraud. For the audit of equity, if this risk is assessed as high, the auditor must
consider the use of confirmations with shareholders to confirm, for example:
 their shareholdings;
 share issues, equity transactions or equity agreements; and
 dividends paid.
The auditor should also scrutinise all equity transactions and determine whether the
terms and substance of the arrangements indicate that the proceeds should be
recorded as debt, rather than equity. This will usually mean confirmation with the
second party of the terms and conditions of the transaction.
Exam advice
The audit procedures for share capital and reserves discussed here are
based on the IFRS Standards examined in Financial Accounting. The more
advanced elements (e.g. buy-backs, share options, warrants, share-based
payments) are not examinable and are used only for illustrative purposes.
25.2.1 General
2.1 General
Equity (share capital and reserves) is the residual interest in the entity's assets after
deducting all liabilities (as defined by the IASB’s Conceptual Framework).
The most common classification of equity is ordinary shares (non-redeemable, no
change in nominal or issue value, equitable voting rights, no guaranteed dividends, last
in line on liquidation) are. Other classes of share capital may be treated as debt (e.g.
redeemable preference shares) or equity (e.g. irredeemable preference shares) or a
compound instrument with debt and equity components.
25.2.2 Ordinary Shares

2.2 Ordinary Shares
Audit procedures for ordinary shares include the following:

 Review permanent file to understand the equity structure, memorandum and articles
of association, and the relevant laws and regulations. For example, whether the
company can buy back its own shares or reduce capital.
 Conduct company search and confirm current information held by authorities to the
company's books and records.
 Review minutes of all board and committee meetings to identify any matters relating
to share capital and reserves (e.g. making a rights issue).
 Discuss with management any changes to the capital structure (e.g. new share
issues, share buy-back) during the year.
 Obtain a schedule of equity categories and movements from management.
o Agree opening balances to prior-year closing balances.
o Agree movements as detailed below.
o Agree closing balances to statutory records, accounting records, trial
balance, and financial statements including disclosures. Effectively, the schedule
of movements on equity will be included in the statement of changes in equity.
 Review statutory records to identify changes made and obtain confirmation from the
company secretary.
For changes in statutory records, the auditor should agree that appropriate actions were
taken, for example:
 Authorised (e.g. by the board) and recorded (e.g. board minutes).
 Where required, approved by shareholders (e.g. share issues).
 Allowed by legislation, memorandum and articles of association.
 Recorded in statutory records (e.g. share register) and legally required returns made
to the appropriate authorities.
 Recalculate share capital where new issues (including rights issues) have been
made. If issued at a premium, agree that the excess over the nominal value is
credited to a share premium reserve.
 Agree proceeds of issues (other than bonus issues) to the bank ledger account and
bank statement.
Key point
A bonus issue is a capitalisation of reserves; it does not raise cash.
2.3 Preference Shares
Preference shares may be redeemable or irredeemable:

 Redeemable shares may or may not have a specific redemption date;
 Irredeemable shares cannot be repurchased.
If new preference shares were issued during the year, the auditor should, as for
ordinary shares:
 Agree authorisation;
 Confirm proceeds received;
 Update the permanent audit file.
If any shares were redeemed during the year, confirm that the terms of redemption have
been complied with and any statutory requirements met. (Statutory requirements tend to
be very strict concerning any reduction in capital.) For example:
 Only fully paid-for shares can be redeemed;
 Any premium on redemption reduced the share premium account (if any) or is out of
retained earnings.
The auditor should also:
 Agree payments to redeem shares to the bank ledger account and bank statement.
 Agree the calculation of dividends (usually a fixed percentage of the nominal value
of the shares in issue) and dividend payments to the bank ledger account and bank
statement.
If the company has insufficient profit and/or cash to pay preference dividends but the
shares are "cumulative", unpaid dividends will accrue to the preference shareholders. A
liability will be recognised if the company has a legal obligation to pay them (e.g. if the
dividend was "declared" in a general meeting) or otherwise disclosed in the notes.
25.2.4 Presentation and Disclosures
2.4 Presentation and Disclosures
 Preference shares to be redeemed in the next 12 months are reclassified as current

liabilities.
 Disclosure requirements will be a mix of legal requirements and GAAP (e.g. IFRS
Standards).
25.3.1 Types
3.1 Types
As well as retained earnings from profit or loss, reserves also include:

 non-current asset revaluation surplus; and
 other statutory reserves (e.g. capital redemption reserve, share premium reserve).

For each reserve the auditor should:

 Agree that it is allowed under the entity's constitution, legal or GAAP requirements
(e.g. reserves for “repairs and maintenance” are not permitted under IFRS
Standards).
 Agree that it has been correctly used under the constitution, legal or GAAP
requirements. For example, a share premium account has limited uses, such as for
the issue of bonus shares and cannot be distributed as dividends.
 Obtain, or prepare, a reconciliation of the movement agreeing:
o opening balances to the prior-year closing balance;
o closing balance to the accounting records and financial statements;
o movement is suitably broken down into required components as required
by GAAP;
o required components supported by audited evidence.
3.3 Statement of Changes in Equity (SOCIE)
The overall results for the accounting period are recognised in the statement of
comprehensive income and summarised in the statement of changes in equity. For
example:
 profit for the period (after interest and tax) is an increase in retained earnings (a loss will be
a decrease);
 a revaluation gain (in other comprehensive income) is an increase in the revaluation surplus.
Activity 2 Accounting Entries
Explain the accounting entries for a revaluation of a depreciable asset that arises:
i.at the end of the reporting period;
ii. in the following year; and
iii. in the year of disposal.
i.On Revaluation
This activity draws directly on assumed knowledge of accounting for revaluations
from Financial Accounting.
 Accumulated depreciation is either:
o restated proportionately with the change in gross carrying amount so that
carrying amount after revaluation equals its revalued amount (e.g. using an index to
depreciate replacement cost); or
o eliminated against the gross carrying amount and the net amount restated to the
revalued amount (e.g. buildings revalued to market value).
 In either case the gain (i.e. the difference between the revalued amount and the carrying
amount) is not a realised profit and is therefore credited to other comprehensive income. It is
included in the movement on the revaluation surplus in the statement of changes in equity
and presented in the statement of financial position in the share capital and reserves
section.
ii. Subsequent Year
 Depreciation expensed for the year will be charged to profit or loss based on the revalued
amount. This will be greater than the depreciation expense on the same asset in the
previous year.
 Under IFRS, it is permissible to transfer within reserves (i.e. Dr Revaluation a/c, Cr Retained
earnings) that portion of the depreciation expense that relates directly to the revaluation.
This will be shown as a movement in the statement of changes in equity; there is no
adjustment for this in the statement of comprehensive income.
iii. On Disposal
 Any profit on disposal (i.e. the excess of proceeds over the asset's carrying amount at the
date of disposal and any procedures) should be credited to profit or loss. Any loss on
disposal will be debited.
 When a revalued asset is sold, the balance on the revaluation surplus relating to that asset
may be transferred directly to retained earnings (i.e. as a reserve movement in the
statement in changes in equity). It cannot be included in the statement of comprehensive
income.
25.3.4 Dividends
3.4 Dividends
Key Point
Dividends are not an expense but an appropriation of profit.

 Agree that dividends have been made from profits available for distribution as defined by
relevant company legislation and the entity's articles of association.
 Confirm that only distributable reserves have been used for distributions.
 Confirm that dividends declared or paid have been correctly authorised, documented and
accounted for. A dividend declared after year end is not a liability at the reporting date under
IFRS (IAS 10).
 Recalculate dividends based on the declared rate and participating shares.
 Agree a sample of dividends paid to the shareholders' register and the bank ledger account.
 Recalculate the tax effects of distributions and confirm that tax liabilities were correctly
accounted for and subsequently paid (e.g. withholding taxation).
 Agree that the provisions of any double taxation treaties for relevant countries have been
met.
3.4.2 Accounting Entries

 At the end of the reporting period, profit for the period (after interest and tax) is transferred to
retained earnings:
Dr Profit or loss a/c $x
Cr Retained earnings a/c $x
 When a dividend is declared:

Dr Retained earnings a/c $x
Cr Dividends payable a/c $x
 When a dividend is paid:

Dr Dividends payable a/c $x
Cr Cash a/c $x
25.3.5 Disclosures
3.5 Disclosures
3.5.1 For Each Reserve
The following disclosures are required for each reserve:
 A reconciliation between opening and closing balances, separately disclosing changes from:
o profit or loss;
o each item of other comprehensive income; and
o transactions with owners in their capacity as shareholders.
 A description of the reserve's nature and purpose.
3.5.2 For Dividends

The following disclosures are required for dividends:
 The amount of dividends recognised as distributions to equity holders and the related
amount per share.
 The amount of dividends proposed or declared before the financial statements were
approved for issue but not recognised as a dividend during the period and the related
amount per share.
 The amount of any accumulative preference dividends not recognised.
25.4.1 General
4.1 General
Directors’ emoluments include:

 Fees paid for services rendered as directors;
 Basic salary;
 Bonuses and performance-related payments;
 Expense allowances;
 The estimated monetary value of material benefits received (e.g. company car);
 Pension contributions paid; and
 Gains made on the exercise of share options.
25.4.2 Regulation
4.2 Regulation
The auditor must understand the legal, regulatory and other requirements concerning
directors' emoluments, for example:
 Companies' legislation that may distinguish between disclosure requirements for large,
medium and small companies.
 Listing rules that require a higher level of disclosure for listed companies.
 Corporate governance requirements (e.g. remuneration committee reports).
 Regulatory requirements (e.g. the Companies (Directors’ Remuneration Policy and
Directors’ Remuneration Report) Regulations 2019 in the UK).
25.4.3 Audit Approach

Audit procedures for the audit of directors' emoluments:

 Understand the nature of the business and the potential for undisclosed directors'
transactions.
 Discuss with directors and TCWG (e.g. remuneration committee) the controls to identify,
measure and record directors' emoluments and transactions.
 Review directors' employment and service contracts to establish remuneration components
and levels of compensation.
 Obtain a schedule of directors’ remuneration including bonuses and benefits and cast the
schedule to ensure its accuracy. Agree the amount to that disclosed in the financial
statements.
 Review the schedule of current liabilities and confirm that any accruals (e.g. for bonuses,
holiday pay) are included as a year-end liability.
 Recalculate bonus payments and agree the criteria to supporting documentation and the
percentage rates to be paid to the directors’ service contracts.
 Agree individual bonus payments to the post year-end payroll records.
 Confirm the amount of each bonus paid by agreeing to the post year-end bank ledger
account and bank statements.
 Review the disclosures made regarding the bonus paid to directors and assess whether
these are in compliance with local legislation.
 Agree compensation “in kind” (i.e. non-cash) to appropriate records (e.g. issue of shares,
share options) and recalculate their values (e.g. based on market value).
 Review the disclosures made regarding directors’ remuneration and assess whether these
are in compliance with local legislation.
 Obtain a written representation from management confirming the completeness of directors’
remuneration including bonuses and benefits.
Key Point
For any company, directors' remuneration is material by nature where there is a

requirement to disclose this information in the notes to the financial statements.
25.5.1 Contents
5.1 Contents
"Statutory books and records" are those books and records which a company is
required, by law, to keep. For example, companies are typically required to keep:
 a register of past and present directors (also company secretaries);
 a register of directors' interests (in the company's shares and debentures);
 a register of members (i.e. shareholders) and their shareholdings;
 a register of debenture holders (if any);
 a register of charges;
 minutes of board meetings;
 minutes of general meetings with shareholders.
There is usually a further requirement to keep other legally important documents such
as:
 the certificate of incorporation;
 articles of association;
 accounting records;
 directors' service contracts; and
 any other important contracts (e.g. partnership agreements).
Generally such books and records must be kept at the company's registered office and
available for inspection by the general public.
25.5.2 Audit Evidence

5.2 Audit Evidence
Information that is required to be recorded in the statutory books and records and the
documents which support the registers (e.g. returns filed with the register of companies)
provide a source of evidence. For example:
 the register of members should reflect any increase in issued share capital (new members
and increased holdings of existing members);
 the register of charges must include all claims which have been registered over the
company's assets (e.g. mortgages and floating charges) which will show the extent to which
liabilities are secured;
 directors' service contracts will contain details of their entitlement to compensation on
termination (which could be a liability at the reporting date where a director has vacated his
office during the year);
 minutes of general meetings document matters such as the shareholders' approval for an
issue of new shares, the amount of dividend to be declared and transactions in which
directors have interests (e.g. if a property was to be sold to another company in which a
director holds shares).

 Agree that statutory records have been maintained in accordance with relevant laws and
regulations (e.g. stock exchange requirements).
 Agree that all necessary statutory forms (e.g. annual return, changes in directors) and
returns have been made and contain correct and accurate information.
 Agree that all stock exchange notifications (e.g. significant holding of share capital by an
individual entity, for example higher than 3%) have been made.
 Agree that all company meetings had been correctly convened, conducted and minuted.
 Reconcile directors' shareholdings at the beginning and end of the financial period and that
these have been disclosed.
 Agree that proper books and records have been kept (conclusion drawn from the audit).
 Agree that the accounting records are adequate for taxation purposes (e.g. sales tax).
 Agree that records are kept, and stored with ease of access, for the appropriate legislative
time limits (e.g. seven years).
Syllabus Coverage
D. Audit Evidence
1. Share capital, reserves and directors' emoluments:
1. evidence in relation to share capital, reserves and directors' emoluments.
2. 25 Technical Articles
3. Technical Articles
4.
5. ACCA provide technical articles and other resources to guide and help students.
6. There are no technical articles available at the time of writing (November 2022)
related to this chapter.
7. For more recent articles and other resources please visit the ACCA global
website.
Visual Overview
Objective: To determine areas of audit risk in bank and cash and to obtain appropriate
audit evidence including bank reports.
26.1.1 Audit Risks

1.1 Audit Risks
Risks that may be considered in the audit of bank and cash include the following:
 A bank loan may become repayable on demand (e.g. due to a breach of covenants). Such
loans would be required to be reclassified as current liabilities.
 Secured and unsecured loans may not be separately disclosed.
 Interest payable on loans and overdrafts may not be accrued. Interest expense will also be
understated.
 Interest receivable on bank deposits may not be accrued. Interest income will also be
understated.
 Cash is the most "liquid" of all of a company's assets and the most susceptible to theft
(misappropriation).
 Cheques raised and accounted for at the year end (Dr Payables, Cr Cash) may be
subsequently cancelled after year end or their despatch to suppliers unacceptably delayed
(i.e. a form of "window dressing").
 Cash receipts may be stolen and difficult to trace (e.g. if there is "teeming and lading"
(see Chapter 24) on accounts receivable balances).
 Cheque payments may be misappropriated through forgery.
26.1.2 Account Balances

1.2 Account Balances
Audit considerations for the assertions that are specific to account balances (i.e. in the
statement of financial position) include the following:
1.2.1 Completeness
 A bank letter (s.3) will be required to confirm all balances held (including loans and
overdrafts).
1.2.2 Rights and Obligations

 Bank letters and other direct confirmation letters should confirm ownership of cash (rights)
and obligations for loans and overdraft facilities.
1.2.3 Existence
 Direct confirmation (bank letter) of balances and other relevant information from the holding
institution (e.g. bank) confirms existence.
 Physical cash in a cash register/till (in retail trade) can be inspected and counted (and,
similarly, petty cash).
1.2.4 Presentation
 Generally, loans and overdrafts should not be offset against bank deposits in the statement
of financial position.
 Offset is appropriate only when the company has a legal right of offset(e.g. as stated in the
bank loan contract).
1.2.5 Classification
 Cash, bank and loans should be appropriately classified in the statement of financial
position as current or non-current.
26.1.3 Transactions
1.3 Transactions
Considerations of the assertions that are specific to classes of transactions (e.g. interest
receipts/payments) include the following:
1.3.1 Completeness and Occurrence

 A reasonableness test (analytical procedure) may provide sufficient evidence to confirm
interest receivable/payable (i.e. average deposit/overdraft balance by month × monthly
interest rate).
 Balances on significant interest-bearing accounts will need to be compared with the prior
year and differences investigated (e.g. if balances are excluded from the current year).
1.3.2 Classification
 Most interest payments will be expensed to profit or loss in the period to which they relate.
 However, some interest expense may be allocated to asset accounts under IFRS Standards
(e.g. interest on a loan obtained to finance the construction of a building is asset
expenditure).
1.3.3 Cut-off
 Interest expenses and bank charges that are reconciling items on the bank reconciliation
statement must be included in accrued expenses.
 An accurate cut-off must be established for cash receipts and payments shortly before and
after the year end. The dates of recording transactions in the cashbook will be compared
with the bank statement and timing differences shown in the bank reconciliation (s.2.2).
1.3.4 Accuracy
 Interest received (or payable) should be agreed from the bank statement to the bank ledger
account.
 Interest rates (and related expenses such as bank charges) should be specified in
loan/overdraft agreements.
Activity 1 Sources “Ideas List”
Complete an "ideas list" for the sources of evidence relevant to the audit of bank and
cash balances.
Cash system, cashbook(s), "imprest" for
→ petty cash
 Accounting systems
→ Cheque requisitions
 Documentation
→ Physical cash (count it)

 Tangible assets
Board minutes (authorising cheque

 Management and → signatories), cashier
employees
Possibly DD or SO mandates for

 Customers and → expenses (e.g. insurance premiums)
suppliers
Bank statements, report for audit

→ purposes (= "confirmation letter")
→ "Proof in total" − inter

26.2.1 Bank Loans

2.1 Bank Loans
 Obtain schedules of all loans, reconciling opening balances, movements in the year and
closing balances (agreeing to general ledger and financial statements).
 Examine loan agreements noting:
o term of the loan;
o rate of interest (fixed or variable);
o security given; and
o repayment terms.
 Confirm repayments during the year by reference to:
o authority (e.g. board minutes);
o paid cheques and entries in the bank ledger account;
o accrued interest paid; and
o deletion in the register of charges (for secured loans).
 Verify new loans issued during the year by reference to:
o authority;
o receipt of monies in the bank ledger account; and
o entries in statutory records (e.g. register of charges).
 Obtain direct confirmation from lenders (see s.3).
 Scrutinise statutory books (if any) and confirm that they are correct regarding charges over
assets.
 Recalculate interest expense and interest accrual.
 Agree disclosure of non-current liabilities complies with the applicable financial reporting
framework. For example:
o secured loans excluding portion repayable within one year;
o unsecured loans excluding portion repayable within one year;
o summary of interest rates, repayment terms, covenants; and
o security given.
26.2.2 Bank Reconciliation

2.2 Bank Reconciliation
Exam advice
The concept and construction of a bank reconciliation are assumed

knowledge of Financial Accounting.
2.2.1 Pro Forma Reconciliation

Key point
The statement of financial position will report the agreed balance (i.e.
corrected bank ledger account balance) as at the reporting date.

 Review any interim audit work carried out on the cash system to identify potential problems
for the year-end work.
 Confirm balance per the bank statement (e.g. to the bank report for audit purposes – see
s.3) and agree bank ledger account balance to the general ledger.
 Verify that the reconciliation casts (i.e. adds up) by reperforming the additions.
 Confirm adjustments to the bank ledger account (e.g. interest and bank charges).
 Agree uncleared ("outstanding") deposits to entries on the bank statement dated shortly
after the end of the reporting period.
Cheques normally take only a few working days, at most to “clear” the bank. If a
customer’s cheque does not clear (i.e. “bounces”), the auditor should inquire of
management whether the cash balance should be adjusted (Dr Trade receivable/Cr
Cash). (If the customer’s balance has not been subsequently settled, the adequacy
of the allowance for irrecoverable debts would require further consideration.)
 Agree unpresented cheques to entries on the bank statement dated shortly after the end of
Unpresented cheques will take a little longer to clear because the suppliers who
receive them will have to present them to their bank (though they would not delay in
this unduly). Any significant delays should be investigated in case the cheques were
not actually “in the post” (i.e. despatched to the suppliers). If cheques were raised
but withheld, the auditor should inquire of management whether the cash balance
should be adjusted (Dr Cash/Cr Trade payables).
Writing out cheques (Dr Trade payables/Cr Cash) at the year end but withholding
them is a form of “window dressing” (i.e. an action to improve the appearance of
the statement of financial position).
 Reconcile the year-end closing balance from the prior year's audited reconciliation through
each monthly bank reconciliation.
 Review each reconciliation during the year for unusual "balancing" items.
26.2.3 Petty Cash

2.3 Petty Cash
Exam advice
The operation of a petty cash system using imprest and non-imprest systems is
assumed knowledge of Financial Accounting.
 Understand the system of control over petty cash.

 Count petty cash (in the presence of a client employee) and agree to the balance in the
petty cash book, general ledger and financial statements.
 If using an imprest system, add up the petty cash vouchers and agree the total of cash and
vouchers to the imprest balance.
 At the end of the count return cash to the cashier and obtain a signed certificate of monies
returned.
 Agree petty cash vouchers for appropriate authorisation and supporting
receipts/documentation.
 Review the petty cash book for unusual items (i.e. items that are not petty cash (e.g.
"weekend" loans to staff) or items that should be paid through the cashbook system (e.g.
repairs to office equipment).
 If counting cash in more than one location (e.g. tills in a department store), ensure that cash
cannot be transferred between locations during the cash count (e.g. involve more than one
auditor).
Key Point
In an imprest system, at any point in time:

Physical cash + petty cash vouchers = Imprest balance
26.3.1 External Confirmation

3.1 External Confirmation
External confirmation was described in detail in Chapter 24.

Obtaining a bank report for audit purposes (“bank confirmation letter”) is a standard
external confirmation procedure for all audits unless the auditor determines that the
banking transactions and relationships are clear and sufficient appropriate audit
evidence is available from other sources.
26.3.2 Format
3.2 Format
Many national banking associations and auditing bodies have agreed on the form and
process for auditors to send and banks to complete bank confirmation reports.
Instead of the report containing an exhaustive list of all the possible information that
could be required, a standard approach and form of reports are generally adopted. Its
primary purpose is to confirm available information, but it may also provide information
the auditor was unaware of.
Banks will require specific written authority from their customers to be able to release
information to auditors. Rather than new authorities being issued each year, an ongoing
standing authority will be sufficient. Such authorities will need to be updated for changes
(e.g. new locations). The auditor should confirm each year, by inspection, that the
authority is in place and still appropriate.
3.2.1 Content
 Issued on auditor's letterhead.
 Should be sent at least two weeks before the client's year end.
 Bank's name and address.
 Auditor's name and address.
 Company's name, account sort codes and primary account(s) numbers.
 The financial reporting date.
 Details of confirmation that authority already was issued by the client.
 Request for acknowledgement.
 Additional information required:
o Trade finance (one of the facility account numbers given).
o Derivative and commodity trading (facility account number).
3.2.2 Reply Content

 Disclaimer by the bank – "Our response is given solely for the purposes of the audit and
creates no responsibility to the auditors."
 Balances on all accounts (including loans, joint accounts and accounts in trade names).
 Details of all accounts closed in the last 12 months.
 Facilities – loans/overdrafts/guarantees, etc (including term, repayment, review date, limit,
etc).
 Securities (including set-off arrangements).
 Additional banking relationships – not covered by above.
 Custodian arrangements – the nature and quantity of any assets held but not charged (e.g.
title deeds held for safe-keeping rather than securing a mortgage).
 Trade finance – letters of credit, acceptances, bills discounted, bonds, guarantees,
indemnities and other contingent liabilities.
 Derivatives – foreign exchange contracts, forward rate agreements, financial futures,
interest rate swaps, bullion contracts, etc.
3.3 Planning Considerations
At the planning stage of the audit, the auditor should:

 Determine the date by which the confirmation is required.
 Arrange to gather the required information concerning main account numbers and
bank sort codes.
 Agree that the bank authority is still in place and up to date.
 Determine where to send the request – usually a central banking location and not
the client's local branch.
Syllabus Coverage
D. Audit Evidence
1. Bank and cash:
1. bank confirmation reports used in obtaining evidence in relation to bank and cash
2. other evidence in relation to bank
3. other evidence in relation to cash.
Technical Articles
to this chapter.

Visual Overview
Objective: To explain audit risks and audit evidence for current liabilities (trade
payables and accrued expenses), non-current liabilities, provisions and contingencies.
27.1.1 Terminology
1.1 Terminology
Accounting for provisions and contingencies is prescribed in IAS 37 Provisions,

Contingent Liabilities and Contingent Assets.
Definitions
Liability – a present obligation arising from past events, the settlement of

which is expected to result in an outflow of resources.
Provision – a liability of uncertain timing or amount.
Obligating event – an event that creates a legal or constructive obligation
that the entity is bound to settle.
Contingent liability –
 a possible obligation that arises from past events and whose existence will be
confirmed only by the occurrence or non-occurrence of one or more uncertain
future events not wholly within management's control; or
 a present obligation that arises from past events which cannot be recognised
because:
1. an outflow of resources is not probable; or
2. the amount cannot be measured with sufficient reliability.
Contingent asset – a possible asset that arises from past events and
whose existence will be confirmed only by the occurrence or non-
occurrence of one or more uncertain future events not wholly within
management's control.
Key Point
The first step in determining if an item is a liability, provision, contingent

liability or asset is to confirm that it meets the definition.
27.1.2 Accounting for Liabilities

1.2 Accounting for Liabilities
Liabilities are classified as "current" or "non-current" (i.e. short or long term).

The chapter focuses on the audit of current liabilities and provisions. The audit of non-
current liabilities, specifically loans, has already been covered in Chapter 26.
1.2.1 Non-current Liabilities

 Entities are frequently financed by credit obtained from sources other than the owners (e.g.
interest-bearing loans).
 For example, a five-year loan received in 20X4, which is due to be repaid in 20X9, will be a
non-current liability in the 20X4-20X7 statements of financial position. It will be reclassified
as current in the 20X8 statement of financial position.
1.2.2 Current Liabilities

 Current liabilities are amounts owed by the business falling due for payment within one
year of the end of the reporting period.
 For example, trades payable are amounts due to suppliers for goods purchased on credit.
1.2.3 Accrued Expenses
 Accrued expenses are amounts that have not been invoiced to the business at the end of
the reporting period, but are known to be owing.
 For example, loan interest accrued (payable) for the last month of the year which is not paid
until after the year end.
1.2.4 Payroll Accrual

 Payroll is a specific expense; the compensation must be paid to employees for a set period
or on a given date (e.g. weekly wage, monthly salary, annual bonus).
 Accrued payroll includes all forms of compensation (e.g. wages/salaries, commissions and
bonuses) that have been earned by employees but have not yet been paid to them. It
represents a short-term liability for the employer.
Example 1 Accrued Payrolls
Troy Co employs salaried staff, who are paid on the last Friday of every
month and a factory workforce that works Monday to Friday and is paid for
each week on the following Monday. The company’s year end is
Wednesday 30 June 20X1.
 All salaried employees were last paid on Friday 25 June. As their June
salaries have been paid, there is no accrual.
 The workforce was last paid on Monday 28 June for the hours/days worked in
the preceding week. Therefore, an accrual for three days is needed as at 30
June 20X1.
Because an accrual is an accounting estimate, it is not required to be
exact. If for example, the workforce is 50 factory employees working 8
hours a day with an average hourly wage of $20, the year-end adjustment
for payroll expense will be $8,000.
1.2.5 Holiday Accrual

An employee’s entitlement to holiday commences when they start a job. Their
entitlement will be prorated if they start during the company’s “holiday/leave year”
(which may not coincide with its accounting/financial year). At the end of the financial
year, the company must accrue for any entitlement that has been earnt, but not taken.
Example 2 Holiday Accrual
Bart Co's holiday year and financial year is a calendar year. Staff are
encouraged to take their leave regularly. The company’s holiday leave
policy does not permit the carrying forward of untaken leave to the next
year (i.e. a “use-it-of-lose it” policy).
Example 2 Holiday Accrual
On 1 November 20X1, Bart Co employed a new credit controller on a

salary of $24,000. The managing director has approved the carry-forward
of this employee’s holiday entitlement.
The holiday accrual is therefore .
27.1.3 Non-current Liabilities

1.3 Non-current Liabilities
The audit of bank loans and overdrafts has already been covered in Chapter 26. Other
sources of finance include:
 Issues of debt, loan notes (“bonds”) and debentures;
 Issues of redeemable preference shares (which are accounted for as debt under IAS
1 Presentation of Financial Statements);
 Lease finance (which is not examinable in AA).
27.1.4 Disclosures
1.4 Provisions and Contingencies
1.4.1 Summary of Accounting Treatments

Exam advice
How to account for provisions and contingent liabilities and contingent assets is
assumed knowledge of Financial Accounting.
Flow of Resources Obligation Asset
Remote No disclosure No disclosure
Probably
not/Possible Contingent liability disclosure No disclosure
Provision (if reliable estimate) – Disclosure

Probable otherwise a contingent liability required
Flow of Resources Obligation Asset
Expected/virtually Asset (not

certain Provision contingent)
Activity 1 Dismissal
A senior employee has been dismissed for breach of contract. She is claiming unfair
dismissal. Briefly describe the audit work that should be conducted to determine
whether a provision or contingent liability is required.
 Review minutes or notes of management's decision to dismiss the employee to establish the
reason for the dismissal.
 Review any press or social network commentary (e.g. Twitter, Facebook).
 Review correspondence from the employee and her solicitor.
 Review the contract of employment to confirm that the contract covers the reason for the
dismissal and what, if any, entitlement the employee is due.
 Review dismissal procedures to ensure that they are within the law – if not, the dismissal
may have been illegal.
 Obtain the view of the company's solicitor as to the likelihood of the action being successful.
 Discuss with management its expected action (e.g. fight or settle out of court).
 If probable that the employee could win even on a legal technicality (e.g. if the company did
not follow the correct dismissal procedure), calculate the potential compensation allowed by
her contract and possible damages awarded by the court.
 If it is unlikely she would win, possible costs will still need to be estimated for disclosure.
 If remote, no disclosure will be necessary.
 In all situations, any legal costs of the company should be provided.
1.4.2 Disclosures
The following should be disclosed for each class of provision:

 carrying amount at the beginning and end of the period;
 additions and increases;
 amounts used (i.e. incurred and charged);
 unused amounts reversed;
 description of the nature of obligation and expected timing of outflows; and
 description of the uncertainties about amount or timing (and major assumptions made).
In extremely rare cases, when information may be seriously prejudicial, it need not be
disclosed. In this case, the general nature of the dispute and the reason for not
disclosing information should be given.
For each contingent liability/asset, the notes to the financial statements should disclose:
 its nature;
 an estimate of its financial effect (where practicable); and
 the uncertain factors that affect its amount or timing.
27.2.1 Trade Payables and Accrued Expenses
2.1 Trade Payables and Accrued Expenses
Risks that should generally be considered in the audit of trade payables and accrued
expenses include the following:
 Liabilities incurred may be unrecorded (e.g. purchase invoices not processed). The
corresponding expense is also understated (and hence profit will be overstated).
 Secured liabilities may not be identified and security may not be disclosed.
 Accrued expenses (e.g. for goods/services received but not invoiced) relating to current year
expenditure may be omitted.
 Liabilities may be recorded/payments to suppliers made for goods not received (because of
error or fraud).
 Accrued holiday entitlements may be omitted from the payroll expense.
 Payroll deductions (e.g. personal tax and social/national insurance) may not be paid to the
tax authorities.
27.2.2 Provisions
2.2 Provisions
Risks that should generally be considered in the audit of provisions include the
following:
 A liability may be misstated due to estimation uncertainty (see Chapter 17).
 A provision may be overstated to “smooth” profits (i.e. making provisions when profits are
“good”, then reversing them in a “bad” year).
 Classification as current or non-current may be incorrect due to uncertain timing.
 A provision will be overstated if it is not reversed when it is no longer required for the
purpose for which it was made.
27.2.3 Assertions
2.3 Assertions
Audit evidence and procedures for the assertions that are specific to trade payables and
accrued expenses include the following:
2.3.1 Completeness and Accuracy

 Payable confirmation and/or supplier statement reconciliations to confirm the amount owing
(see s.3.2).
 Review of after-date invoices; these should be accrued if they relate to goods/services
provided before the year end.
 Review after-date cash payments and confirm that they agree to amounts of recorded
liabilities (e.g. payroll deductions to tax authorities agreed to the year-end payroll).
 Outstanding holiday entitlements agreed to the calculation of holiday accrual.
 Review of correspondence with suppliers (e.g. about disputed invoices).
 Comparison of amounts of trade payables, accrued expenses and provisions with the prior
year.
2.3.2 Rights and Obligations

 Settlement of an obligation shortly after the year end provides evidence that the obligation
existed at the year end.
 Legal obligations are more easily confirmed (e.g. to a contract) than a constructive
obligation.
2.3.3 Existence
 Payable confirmation and supplier statement reconciliations.

Activity 2 Sources “Ideas List”
Complete an "ideas list" for the sources of evidence relevant to the audit of trade
payables and accrued expenses.
 Accounting → e.g. batch processing of invoices
systems
Purchase requisitions/orders/invoices/GRNs,
→ cheque payments.
 Documentation
→ Inventories (raw materials, goods for resale).

 Tangible assets
Buyer, purchase department

 Management and → supervisor/clerks, chief cashier.
employees
 Customers and → Suppliers (provide monthly statements?).

suppliers
 Other third → Intermediaries (e.g. warehousing agents).

parties
Payable days outstanding, current ratio,
accrued expenses to trade payables
 Analytical → percentage or ratio.
procedures
27.3.1 External Confirmation

3.1 External Confirmation
External confirmation of amounts due to suppliers may be a standard procedure unless

the risk of material misstatement is minimal and the reconciliation of supplier statements
received by the client (i.e. written, external but indirect) can provide sufficient reliable
evidence.
Where the auditor requires a supplier statement that is not available from the client (e.g.
because the supplier does not send monthly statements to its customers), the auditor
should request a confirmation.
3.1.1 Procedures
Procedures for sending confirmation letters to suppliers are similar to those for the
receivables confirmation (detailed in Chapter 24). The main differences are as follows:
 The principal assertion is completeness and the key audit risk is understatement. To test for
understatement, the source of the payable must be identified (i.e. a purchase on credit
results in a payable). The permanent audit file should have details of the major suppliers. A
purchase turnover analysis will identify the major suppliers expected to have large payable
balances. Compare the year-end payable balances with the prior year and select the
materially lower balances (e.g. due to unrecorded transactions).
 Sample must be selected from a reciprocal population (e.g. purchases or goods received
notes) and not from the list of payable balances.
 Even if the client receives statements from suppliers each month, a confirmation request
may still be sent to a sample of major suppliers.
 The request should be positive and open (i.e. requesting that the supplier state the balance)
and request that the supplier sends a copy statement as at the client’s reporting date.
Where a reply to a confirmation request is not received, and a supplier statement as at
the year end is not available, alternative procedures should be applied. For example:
 Contact supplier direct by phone and enquire about the balance.
 Confirm make-up of year-end balance from GRN, inventory and purchase invoices.
 Confirm post-year-end payment.
3.1.2 Suppliers' Statement Reconciliations
Key Point
Suppliers' statement reconciliations are the main audit procedure for

verifying the completeness of trade payables and accrued expenses. It is
essential that reconciling items are correctly accounted for.
Balances on returned confirmations should be agreed to the balance on the
corresponding year-end supplier's statement.
Where a statement and/or confirmation balance does not agree to payables balance,
identify and audit the reconciling items. For example:
 Purchase invoices on the supplier's statement are not included in balance per the list of
individual suppliers.
 Cash payments in the trade payables account are not on the supplier's statement.
Any disputes or errors should be supported by appropriate correspondence. If a dispute
concerns the quality of goods, consider the follow-through effect (if any) on the net
realisable value of inventory or recovery of a trade receivable (if goods sold on to
customers).
Where purchase invoices on the supplier's statement are not included in the balance
per the list of individual suppliers:
 Agree goods received to GRN, purchase invoice received after year end and correct
posting.
 If goods were received before the year end (and ownership accepted), agree inclusion in
year-end inventory and as a year-end accrual (see s.3.4.1). Services rendered before the
year end should similarly be accrued.
 Confirm any other reason for non-inclusion (e.g. if the client was wrongly invoiced, there
should be a supplier's credit note on a statement after the year end, which cancels the
invoice).
Where cash payments are not on the supplier's statement:
 Agree cash in transit to bank ledger account as paid before year end.
 Agree with audit work on cash and bank: the payment should be included in the
unpresented items on the year-end bank reconciliation that subsequently cleared.
 Confirm payment on next month's supplier's statement.
27.3.2 Unrecorded Liabilities

3.2 Unrecorded Liabilities
Completeness and cut-off are also tested through a search for unrecorded liabilities,
which focuses on the following:
3.2.1 Trade Payables Account
 Agree GRNs before the year end to purchase invoices posted to the trade payables account
(via the detailed purchase listing) before the year end.
 Agree cash payments posted to the trade payables account before the year end to the bank
ledger account and bank statement before the year end (and check to bank reconciliation as
necessary).
 Trace entries for purchases before the year end back to the detailed purchase listing,
purchase invoice, GRN and confirm inclusion in year-end inventory.
3.2.2 Invoices Received after Year End

 Review after-date purchase invoices for evidence of goods/services received before the
year end. If so, agree liability and inventory recognised at the year end.
3.2.3 Cash Payments after Year End

 Review after-date cash payments to identify payments relating to goods/services received
before the year end. Check to ensure that they are included as a year-end liability and
inventory.
3.2.4 Payroll Starters

 Review HR information relating to starters (“new hires”), agreeing their start date (from
which wage/salary and holiday entitlement will accrue) to supporting documentation.
Confirm their inclusion on the year-end payroll (and calculation of holiday accrual).
27.3.3 Accruals
3.3 Accruals
3.3.1 Goods/Services Received but Not Recorded

The liability for goods and services received just before the year end may not be
recorded until the invoice is received and processed.
The client usually will record such items and provide the auditor with a list of accrued
charges.
As this needs to be tested for understatement (completeness), the auditor must identify
such items and then check whether they have been included on the list.
Other audit procedures include:
 Casting the list and agreeing the total posted to the general ledger and financial statements.
 In combination with searching for unrecorded liabilities, reviewing after-date invoices and
payments. Where these relate to pre-year end expenses, agree to their inclusion in the year-
end balance for payables (or goods/services received but not yet invoiced accrual). If not
included, discuss the reason with management.
3.3.2 Other Accruals
 Determine expected accruals from understanding the nature of the business.
 Obtain, cast and agree a list of accruals from the client.
 Compare with the prior year for reasonableness (e.g. electricity accrual in line with inflation
and known increase in activity) and any apparent omissions (e.g. interest and/or bank
charges identified by the bank reconciliation).
 Review of post-year-end purchase invoices and cash payments (as described previously)
will identify potential accruals. Where material, calculate accrual and agree to the year-end
schedule.
 Agree current tax liability for corporation/profits tax to tax computations prepared by the
client.
 Agree accruals for payroll taxes to payroll records as part of wages audit (see Chapter 12).
27.3.4 Provisions and Contingencies

3.4 Provisions and Contingencies
Many of the audit procedures relevant to the audit of liabilities are relevant to provisions
and contingent liabilities. However, specific procedures might include the following:
 Discuss, with management, systems for identifying provisions and contingent liabilities.
 Review the prior year's financial statement provisions and contingent liabilities.
o Establish provision outcome; whether estimate was reasonable or need for
provision is ongoing (e.g. warranty provisions).
o Establish the outcome of contingent liabilities (e.g. no longer exist, are ongoing or
need to become provisions).
 Review year-end and after-date correspondence and board minutes for evidence of new
legal claims against the entity.
 Review subsequent events to ensure that all relevant matters are considered (see Chapter
29).
 Examine legal expense accounts for indications of higher-than-normal costs. Discuss with
management the reasons why.
 Reassess the need for continuing provisions (e.g. estimated warranty provision).
 Review supporting documentation to assess new provisions/contingent liabilities and
management’s estimate of potential outflows.
 Discuss management's assessment of the outcome, the estimate of financial implications
and costs involved. If the event gives rise to a contingent liability such as a lawsuit, an
accrual or provision should be made for associated legal expenses.
 Seek confirmation from company lawyers (might be an internal or external expert).
 Obtain written representations from management regarding legal claims against the
company (see Chapter 20 for other examples).
The auditor must consider a scope limitation on the audit opinion if:
 permission is not given to communicate with lawyers (or the lawyers refuse to discuss
matters with the auditor); or
 management refuses to provide written representations on a particular matter.
Syllabus Coverage

D. Audit Evidence
1. Payables and accruals
1. supplier statement reconciliations and direct confirmation of accounts payable,
2. obtain evidence in relation to payables and accruals,
3. other evidence in relation to current liabilities, and
4. purchases and other expenses, including payroll.
1. Non-current liabilities, provisions and contingencies:
1. evidence in relation to non-current liabilities
2. provisions and contingencies
Technical Articles
to this chapter.

Visual Overview
Objective: To identify the particular considerations in the audit of small businesses and
not-for-profit organisations.
28.1.1 Smaller Entities
1.1 Smaller Entities
Key Point
Although the size of an entity may be an indicator of its complexity, some

smaller entities may be complex and some larger entities may be less
complex.
The typical qualitative characteristics of a smaller entity are:

 Ownership and management concentrated in a small number of individuals (e.g. one
“owner-manager”);
 One or more of the following:
o Straightforward or uncomplicated transactions;
o Simple record-keeping;
o Few products or business lines;
o Simpler systems of internal control;
o Few levels of management with responsibility for a broad range of controls;
o Few personnel, many having a wide range of duties; or
o A small number of employees involved in financial reporting roles (e.g. only one
person).
Definition
Owner-manager – a proprietor involved in the day-to-day running of a

smaller entity.
Some financial reporting frameworks allow smaller entities to provide fewer and less
detailed disclosures in financial statements. However, if those financial statements are
required to be audited, the auditor must still understand the entity and its environment
and the applicable financial reporting framework as it applies to the entity.
1.2 Limited Segregation of Duties
Many small entities may lack sufficient resources to achieve ideal segregation of duties
(and the cost of hiring additional staff solely for this purpose is likely to be prohibitive).
Therefore, it may not be possible to rely on the system of internal control to detect fraud
or errors, for example:
 where personnel who are responsible for accounting records also have access to
assets that are easily concealed, moved or sold; and
 when it may not be possible to set up a system of independent checking. This
increases the risk that management will fail to detect errors.
However, management may be able to institute alternative controls that the auditor can
test and rely on.
Example 1 Alternative to Segregation of Duties
A salesperson is not prevented (by segregation of duties) from being able

to modify product price files or commission rates.
A detective control activity can be implemented to have personnel
unrelated to the sales function periodically review whether and under what
circumstances the salesperson changed prices.
The risks arising from the use of IT in information processing may also be higher due to
limited segregation of duties. For example, in simple computerised accounting systems,
it is common for users to be able to perform two or more of:
 initiating and authorising source documents;
 entering data into the system;
 operating the computer;
 changing programs and data files as well as modifying the operating systems; and
 using or distributing output.
28.1.3 Domination by Senior Management or Owner

1.3 Domination by Senior Management or Owner
Key Point
If the role of governance is undertaken directly by the owner-manager, the

independence of TCWG is not relevant.
Active participation in management may dominate the entity's operations (particularly

the system of internal control and preparation of financial statements). When the owner
is not involved, there is greater risk of employee fraud or error that will not be detected.
1.3.1 Advantages
 Domination can compensate for otherwise weak internal controls (e.g. where the owner
personally signs all cheques and bank mandates).
1.3.2 Disadvantages
 Ability to override internal controls (e.g. exclude transactions).
 Greater risk of management fraud (e.g. the owner can make disbursements without
supporting documentation).
 Confusion of business and personal interests/property may be reflected in financial
statements. This may give rise to problems with tax authorities and could result in financial
penalties.
2.1 Considerations
If it is not possible to obtain sufficient evidence to form an opinion on the financial

statements because of deficiencies which may arise (e.g. inadequate record keeping),
the auditor may decide:
 not to accept the engagement; or
 after acceptance:
o to withdraw from the engagement; or
o to disclaim an opinion.
2.2 Engagement Letter
The engagement letter must be issued before work commences to help avoid
misunderstanding the nature and scope of services provided.
 Additional accountancy services:
o initial recording of transactions;
o posting to the general ledger;
o extracting trial balance and preparing draft accounts;
o preparing statutory financial statements; and
o providing regular management accounts.
 Additional tax services:
o agreeing tax liabilities with taxation authorities; and
o preparation and submission of returns.
Key Point
When the auditor also assists in preparing the financial statements, the
engagement letter must clearly state that this remains management's
responsibility.
28.3.1 Risk Assessment

3.1 Risk Assessment
The risk of material misstatements may increase (↑) or decrease (↓) due to the following
factors:
 owner may exercise effective control (↓);
 owner's close involvement may prevent/detect errors (↓);
 profits may be manipulated (↑).
Audit risks may include, in particular:
 possible misstatement of income (e.g. by non-recording (understatement) or recording
fictitious transactions (overstatement));
 inclusion of personal expenses of an owner-manager.
In assessing risk, the auditor will consider previous knowledge of the
proprietor/business.
28.3.2 Limited Formal Internal Controls

3.2 Limited Formal Internal Controls
Although the extent of reliance on internal controls may be restricted, the auditor may
be able to test and rely on controls that are:
 operated by the proprietor;
 established by observation (if not documented).
Deficiencies revealed during the audit should be communicated and recommendations
for improvements made.
28.3.3 Accountancy Work

3.3 Accountancy Work
3.3.1 Examples
Typical accountancy work for smaller entities includes:
 Writing up books;
 Drawing up a trial balance; and
 Ascertaining the end of the reporting period adjustments.
3.3.2 Audit Evidence Obtained

Audit evidence is often obtained from accountancy work. For example, from:
 examining original documents;
 calculating balances; and
 posting entries.
Key Point
Evidence obtained from accountancy work alone does not provide

sufficient audit evidence (e.g. on recoverability of accounts receivable).
28.3.4 Auditing for Completeness

3.4 Auditing for Completeness
3.4.1 Assertion
Understatement of income (completeness) can be a particular risk for small businesses
and not-for-profit organisations:
 under-declaration of income (and overstatement of expenses) will reduce tax liabilities;
 owner-managers may treat some business dealings as personal transactions (and not
record them);
 a high proportion of transactions may be cash (which may be misappropriated before it is
recorded);
 there may be no exchange in a transaction (e.g. for donations received) to evidence its
occurrence.
3.4.2 Audit Considerations

 Numerically based system (e.g. to control despatch of goods).
 Independently recorded population.
 Reconciliations of total goods bought/sold.
 Predictive analytical procedures.
 Review of transactions after the end of the reporting period.
 Representations by proprietor (are not sufficient on their own).
28.3.5 Choosing Procedures

3.5 Choosing Procedures
Generally, the auditor will be unable to use tests of controls to reduce tests of details if
effective internal controls are lacking.
The evidence obtained through accountancy work (s.3.3) gives some assurances and
does not need to be duplicated.
However, writing up books and accounts preparation is no substitute for:
 physical inspection (existence);
 third-party confirmation (existence and ownership);
 work on the recoverability of accounts receivable (valuation);
 searches for unrecorded liabilities (completeness);
 confirmation of terms of material loans; and
 tests to ensure completeness of income.
Writing up books may, however, lead to efficiencies. For example, if analytical
procedures on margins are satisfactory, audit procedures may be restricted to:
 bank confirmations;
 direct confirmations (if efficient) and review of old balances;
 attendance at physical inventory and review of inventory valuation;
 review of subsequent events;
 review of accrued expenses and prepayments;
 review of minutes; and
 obtaining other confirmation letters (e.g. from solicitors).
Key Point
Most audit evidence will be obtained from substantive tests of details.
28.3.6 Management Representations

3.6 Management Representations
Management representations are essential:
 because the auditor's role and responsibility in relation to the financial statements may be
misunderstood; and
 to remind management of its responsibility to ensure the completeness and accuracy of
accounting records and safeguard the entity's assets.
However, the auditor cannot rely solely on management representations to obtain
assurance on the completeness of the accounting records.
28.4.0 Introduction
4.0 Introduction
Definition
Not-for-profit organisation (NFP) – an organisation that does not

distribute its surplus funds to owners or shareholders but instead uses
them to help pursue its goals.
Some NFP organisations may make a profit (e.g. many charities have retail operations);
however, they do not consider profit to be their primary objective. Instead, they aim to
satisfy the particular needs of their members or society in general and usually consider
financial objectives as constraints under which they have to operate.
28.4.1 Types of NFP Organisation

4.1 Types of NFP Organisation
There are many types of very different NFP organisations, for example:
 government departments, local authorities and agencies – exist to implement policy;
 educational establishments – note that private education has a profit motive;
 hospitals – note that private hospitals would be classified as profit oriented;
 charities – collect money and effectively distribute it according to a charity's aims;
 pressure groups – raise money to promote a given agenda (e.g. Greenpeace); and
 clubs and mutual societies – organisations that raise money directly from members to
provide services to them (e.g. tennis clubs, trade unions).
An NFP organisation may be:
 incorporated (i.e. companies);
 otherwise required to be audited (e.g. under sector-specific legislation);
 subject to specific accounting requirements;
 regulated (e.g. by a Charities Commission);
 small, local, single-activity operations run by trustees (e.g. clubs, private schools); or
 large trading concerns with sophisticated accounting systems (e.g. international charities
and aid agencies).
Exam advice
Candidates will not be required to have a detailed knowledge of any type of

NFP organisation to answer an exam question. A scenario is likely to be
about a small cash-based entity (e.g. a sports club or local charity). The
audit approach is similar to that applied to small businesses, but note the
differences highlighted in Activity 1 and s.4.2.
Activity 1 Differences Between Charities and Commercial Entities
Suggest FOUR features of a charity which are most likely to differ from a commercial entity.
 Sources of income – largely voluntary income (donations), grants, etc. Highly likely to be in
the form of pure cash (e.g. street collections).
 Possible inability to assert completeness of income/revenue arising from donations (e.g.
street collections).
 Branch structure – although this may be used in commercial entities, the "branch" operating
structure with a single, centrally administered head office is frequently used by charitable
organisations.
 Tax status – there may be some reliefs available specifically to charities.
 Restricted funds (capital or revenue) – may be used only for specified expenditure (e.g.
donation or grant for a specific activity or capital item).
 Greater public accountability – is expected because their purpose is to serve some public
good.
 Presence of unpaid workers (volunteers) who may:
o lack sufficient business skills;
o possess great dedication, which may compensate for failings in internal control.
 Executives may be part-time, retired professionals or complete amateurs. Risk assessment
needs to consider the executives' business and control awareness. The risk of material
misstatement may increase or decrease depending on their experience, skill and
commitment.
28.4.2 Audit Techniques

4.2 Audit Techniques
In general, the audit of a not-for-profit organisation follows the same principles and
technique of any other audit, but usually with some specific emphasis, for example, on
sources of funding (e.g. donations).
The following considerations are likely to be relevant when auditing not-for-profit
organisations.
4.2.1 Understanding the Entity

As for any audit client, the auditor must understand the entity and its environment, the
applicable financial reporting framework and the system of internal controls.
Management structure and reporting requirements are potentially less formal than
commercial organisations. The experience of key personnel is unlikely to be
commercial, as most will be part-time volunteers. This may increase the risk of fraud
being perpetrated and hidden by those with financial experience.
Regulatory and reporting requirements may be:
 specific (e.g. Charities Act); or
 general (e.g. licensing, liquor and entertainment laws for clubs).
The auditor should consider potential breaches in the entity’s constitution and rules of
entity in accordance with ISA 250 Consideration of Laws and Regulations in an Audit of
Financial Statements (see Chapter 11).
4.2.2 Applicable Financial Reporting Framework

IFRS uses terminology suitable for profit-oriented entities, including public
sector business entities. International Public Sector Accounting Standards (IPSAS)
have therefore been developed for governmental bodies, acknowledging that the nature
of these entities and the information needs of users (including citizens) are different
from for-profit businesses.
However, there are currently no equivalent standards for other non-profit organisations
(NPOs). Many NPOs have unique transactions and “economic events” that are quite
unlike those seen in the private or public sectors, for example:
 non-exchange transactions (e.g. receiving and giving grants and donations);
 non-money transactions (e.g. gifts and services in kind).
Many NPOs rely heavily on cash transfers (grants and donations) for day-to-day
operational costs and projects or programmes. Gifts-in-kind, services-in-kind,
fundraising and assets held for future service delivery are just a few of the transactions
that are not adequately addressed in existing international standards and therefore give
rise to inherent risk.
4.2.3 System of Internal Control
Sources of income and forms of expenditure are of particular importance where there
are many sources, primarily of cash in nature. For example, a club will have
subscriptions, bar income, gaming machine income, special event income (e.g. discos,
lotto, raffles) etc.
The control environment is unique for not-for-profits. The auditor should consider:
 the roles and qualifications of management and the governing board;
 the frequency of governing board meetings; and
 governing board involvement in operations.
The internal controls of not-for-profit entities should include controls related to:
 Safeguarding assets;
 Ensuring all transactions are accurately recorded and accounting records maintained;
 Completeness of income (especially cash) and the authorisation of expenditures;
 The identification, evaluation and acceptance of donations;
 Valuing and recording promises to give;
 The valuation of donated assets;
 Compliance with donor restrictions on the use of donations;
 Meeting the reporting requirements of donors and regulators.
4.2.4 Risk
Inherent risk may be high because of:
 the nature of management and key workers (see Activity 1);
 susceptibility to fraud (because of an easily manipulated asset such as cash);
 the potential impact of a sluggish economy on income from donations; and
 obligations to comply with regulations when funded by government grants.
The entity also may be considered a public-interest entity (e.g. a national charity, local
golf/tennis club whose membership usually contains local business people and
dignitaries) and, therefore, high risk because of the risk of bad publicity if inappropriate
work is carried out or an inappropriate report is given.
Control risk is unlikely to be assessed (i.e. the auditor does not plan to test the
operating effectiveness of controls). For example, formal controls may be too expensive
for the entity to operate (e.g. employing sufficient people to have effective segregation
of duties) or controls implemented by inexperienced "volunteers". There also may be
overdependence on the honesty of individuals. Therefore, the assessment of the risk of
material misstatement is the same as the assessment of inherent risk.
To reduce detection risk to an acceptably low level will required a high level of audit
work in appropriate areas (e.g. extensive analytical procedures and/or tests of details on
large samples of transactions, possibly 100%).
4.2.5 Materiality
As not-for-profit entities usually attempt to match their expenditure to their income (e.g.
charities collect money to distribute to worthy causes), materiality based on surplus
(excess of income over expenditure) generally is not a useful materiality indicator.
Income is likely to be the principal measure of materiality.
In addition, materiality ranges may be set lower than for commercial organisations
because of the nature of the entity (e.g. the general public would expect that all
donations to a charity are accounted for and used appropriately – any fraud would be
considered material regardless of its size).
4.2.6 Analytical Procedures

Generally, more audit evidence can be derived from analytical procedures because of
the nature of the income and expenditure of not-for-profit entities.
Care must be taken to ensure that appropriate procedures are used, considering the
nature of the entity. For example:
 Proof in total for subscription income (e.g. number of club members at the appropriate rate).
 Controlled usage of equipment and facilities (e.g. meters, counters, booking schedules at
the appropriate rate).
 Set percentage mark-up (e.g. bar sales taking into account regular physical counts and
allowances for spillage, set payout on games machines, say, 80% of takings).
 Pre-numbered ticketing for events (e.g. number/range of tickets printed per order/invoice
from printers minus tickets remaining at their face value with any complimentary issues
formally recorded and authorised).
 Reconciliations (e.g. investment income to the capital value of the investment, covenants
from donors for regular payments to the entity, costs as a set percentage of income).
 Comparisons of key income and expenses with prior periods (e.g. monthly expenses,
monthly bar sales/gross profit, monthly income/profit from regular events).
4.2.7 Reliance on Experts

Experts may be used in the entity's procedures (e.g. counting bar inventory in a club or
valuing donated assets). ISA 500 Audit Evidence or ISA 620 Using the Work of an
Auditor's Expert will be relevant (depending on whether the expert is the management’s
or the auditor’s).
4.2.6 Cash
In many not-for-profit organisations, the majority of transactions are for cash and a high-
risk area.
The controls over the receipt, banking, payment and authorisation of cash must be
strong.
A typical cash audit programme will be used but must be tailored to suit the
circumstances of the entity, for example:
 Attend fundraising events, observe procedures in collecting, banking and recording cash
and the segregation of duties between the collection, counting and recording.
 Perform cash counts at regular, unannounced intervals.
 Ensure the regular rotation of staff who handle cash (e.g. different individuals at each
event).
 Ensure access to cash is controlled (e.g. two keys are required to open gaming machines,
keys are secure (in a safe), opening procedures are rotated between staff/ members).
Syllabus Coverage
D. Audit Evidence
2. Audit procedures
1. Describe why smaller entities may have different control environments and describe the
types of evidence likely to be available in smaller entities.
7. Not-for-profit organisations
1. Apply audit techniques to not-for-profit organisatio
Visual Overview
Objective: To describe overall review procedures and the auditor's responsibilities for
disclosure, including subsequent events and going concern.
29.1.0 Introduction
1.0 Introduction
Key Point
 The audit completion review helps to ensure that:

o all work was carried out in accordance with the audit plan;
Key Point
o all material and contentious issues have been appropriately dealt

with;
o the auditor's report is consistent with the work performed;
o audit work supports the audit opinion; and
o ethical matters have been considered for audit reacceptance.
 It provides an opportunity for auditors and firms to stand back and assess how
particular audits, or audits in general, are conducted.
29.1.1 Overall Review of Financial Statements

1.1 Overall Review of Financial Statements
The purpose of an overall review of financial statements is to assess whether:

 the evidence obtained provides a reasonable basis for the audit opinion;
 the information presented in the financial statements meets statutory requirements;
 appropriate accounting policies are properly disclosed and consistently applied; and
 the financial statements as a whole and the assertions contained therein are consistent with
the auditor's knowledge of the business and the results of audit procedures.
The principal review techniques include:
 discussion between the reviewers and the other people involved in the audit;
 review of documentation;
 checklists; and
 analytical procedures.
Collectively, these can provide reasonable assurance that audits have been conducted
in accordance with auditing standards, other regulatory requirements and the firm's
standards.
29.1.2 Types of Review

1.2 Types of Review
Reviews conducted before the auditor's report is signed include:

 day-to-day review and discussion of the work done as the audit progresses, performed by
senior audit team members (on the work of their assistants) and audit managers (on the
work of the seniors);
 the audit engagement partner's review before the signing of the auditor's report; and
 independent second partner review for high-risk clients (e.g. where the audit opinion may be
modified).
29.1.3 Documentation
1.3 Documentation
All crucial matters, particularly those requiring exercise of judgement, must be
documented, particularly regarding:
 uncorrected misstatements;
 going concern;
 provisions and contingencies;
 subsequent events;
 compliance with reporting framework;
 written representations; and
 communications to TCWG.
Key decisions in these areas are subject to negotiation and discussion with
management, all of which should be documented with the conclusions reached.
29.1.4 Completion Checklists

1.4 Completion Checklists
All off-the-shelf and most bespoke audit systems include completion checklists to be
used by the audit engagement partner to ensure that all relevant audit procedures have
been completed before the audit opinion is signed. Although useful as an aide-memoire,
they do not avoid time pressure problems. Therefore, it is important that enough time be
allocated for checklists to be used constructively and make a thorough and honest
assessment of the adequacy of the audit work performed and the evidence gathered.
Activity 1 Partner Completion Checklist
Suggest the typical contents for a partner completion checklist.

 Conclusion:
o Audit has been appropriately controlled, conducted and completed.
o There is sufficient appropriate evidence to support the audit opinion.
o An unmodified opinion can be given, or
o A qualified opinion will be given as detailed on Schedule XX.
o Second partner opinion.
 Confirmation of signing/completion:
o Directors' report and financial statements
o Subsequent events to date of signing
o Auditor's report signed and dated.
 Planning updated and conducted as intended.
 Sufficient appropriate audit evidence to support opinion obtained:
o Audit sections
o Risk and materiality
o Analytical procedures
o Subsequent events
o Going concern
o Written representations
o Accounting policies and estimates made.
 Compliance
o GAAP checklists
o Law and regulations checklist.
 Partner summary:
o Critical issues
o Errors and deviations
o Analytical procedures
o Draft financial statements
o Report to management
 Second/technical partner review
 Manager:
o Manager review checklist
o Manager review points cleared
o Manager appraisal
o Team appraisals.
 Administration:
o Budget
o Fee note
o Recovery
o Permanent file update
o Points carried forward.
29.1.5 Analytical Procedures

1.5 Analytical Procedures
Key Point
Analytical procedures are required in the review stage of the audit (ISA
520).
Analytical procedures in the review stage are designed to assist in forming an overall
conclusion as to whether the financial statements are consistent with the auditor's
understanding of the entity.
 At this stage, ratio trend analysis is used to assess the reasonableness of the figures and
other data presented.
 Any expectations will be more refined than at the planning stage as more up-to-date
information will be available.
 If analytical procedures at this stage indicate a previously unrecognised risk of material
misstatement, the evidence obtained from audit procedures performed should be assessed.
Significant variations are likely to require further work on relevant classes of transactions,
account balances and disclosures.
29.1.6 Other Tools

1.6 Other Tools
1.6.1 Points for Partner
A “points for partner” or completion summary records significant points and issues
which have arisen during the audit and how they have been dealt with.
It draws together in one place all matters of which the audit partner needs to be aware
and enables a final decision about:
 the adequacy of action taken; or
 what still needs to be done.
1.6.2 Disclosure Checklists

Disclosure checklists are widely used to review the final accounts for completeness of
disclosure and presentation before they are authorised for issue. As for all checklists,
complacency must be avoided and due professional care exercised.
Activity 2 Review of Financial Statements
Suggest procedures an auditor should perform in conducting an overall review of

All of the following points are in addition to the completion of IFRS disclosure checklists,
going concern, subsequent events, other information, etc.
For preprint draft (should be cross-referenced and annotated):
 Agree all current-year balances to trial balance (which should be agreed to relevant lead
schedule).
 Agree all comparatives (including those within notes and disclosures) to prior-year financial
statements.
 Agree all disclosure notes on accounting policies as consistent with the prior year (unless
the policy has changed in which appropriate disclosure should be made).
 Agree all figures within the notes and disclosures to the audit working papers.
 Cast all balances.
 Agree all note references within the financial statements to their descriptive notes within the
notes and disclosures.
For the final set of financial statements before the formal approval by directors and the
signing of the auditor's report and the print proof (as produced by the printers):
 Calling over (proofreading) from/to the final draft as sent to the printers.
2.1 Misstatements
Definition
Misstatement (ISA 450) – a difference between the amount, classification,

presentation or disclosure of a reported financial statement item and what
Definition
is required for that item in accordance with the applicable financial

reporting framework. Misstatements can arise from error or fraud.
Uncorrected misstatements – misstatements that the auditor has
accumulated during the audit and that have not been corrected.
Key Point
The auditor should accumulate all misstatements identified during the

audit, other than those that are clearly trivial.
The auditor must evaluate the effect of adjusted misstatements on the audit and the
effect of uncorrected misstatements on the financial statements. Management's
subsequent adjustment of material errors discovered by the auditor does not bring the
matter to a close. The auditor must consider their effect on audit planning and the
scope, nature, timing and extent of further testing and perform additional procedures to
determine whether misstatements remain.
There are three main categories of misstatement:
1. Factual misstatements about which there are no doubts.
2. Judgemental misstatements – differences arising from the judgements of
management concerning accounting estimates that the auditor considers
unreasonable or the selection or application of accounting policies that the auditor
considers inappropriate.
3. Projected misstatements – the auditor's best estimate of misstatements in
populations based on audit samples (see Chapter 19).
2.2 Essential Procedures
The auditor should determine whether uncorrected misstatements are material,

individually or in aggregate. This assessment should consider the cumulative effect of
misstatements. For example, if useful lives are judged unreasonable, the effect on
current year profit may be immaterial, but accumulated depreciation may be materially
misstated in future.
Key Points
 The aggregate of uncorrected misstatements must be assessed (as

material or not material) in evaluating the fair presentation of the
financial statements as a whole and each component of the financial
statements.
 Appropriate adjustments should be made to ensure that the remaining
aggregate misstatements will not be material.
If the aggregate of misstatements is considered to be material, the auditor must
consider:
 the possibility of further adjustments that management is prepared to make
(management is more likely to adjust for a specific misstatement than a projected
error);
 the effect (if any) on critical points (e.g. profit to loss);
 whether projected errors can be reduced (to bring the aggregate below an
acceptable threshold) by extending audit procedures.
The auditor should discuss with management all misstatements accumulated during the
audit and request appropriate corrections.
Where the misstatements being discussed have been extrapolated, the client may
argue that only the actual errors found should be corrected (which may not be material).
If, after extended audit procedures, the auditor concludes that the extrapolated
aggregate is still material, the effect on the auditor's report must be considered
(see Chapter 30).
29.2.3 Evaluating Misstatements

2.3 Evaluating Misstatements
Having determined the various materiality levels (see Chapter 10), many auditors apply
the same levels when evaluating misstatements (e.g. if an error is greater than 1% of
total assets, it is material).
Another accepted practice is to consider the percentage error of the specific account
balance or transaction (e.g. inventory, depreciation expense). A general rule for this
"evaluation" materiality is:
 less than 5%, unlikely to be material;
 greater than 10%, consider as material; and
 between 5% and 10%, apply judgement and consider the context and nature of the error
before reaching a decision.
Activity 3 Evaluation of Aggregate Misstatement
During an audit, the following errors are discovered:

1. Trade receivables are overstated by $40,000.
2. Inventories are overstated by $58,000.
3. Trade payables are understated by $80,000.
$100,000 is considered to be material.
Required:
Determine the minimum adjustment (if any) that must be made for the
presentation of the financial statement to be evaluated as fair if:
i.all three errors affect profit;
ii. only error (2) affects profit.
1. All three items affect profit
In aggregate, net profit and net current assets are overstated by $178,000 – which is
material. A minimum adjustment of $78,000 is therefore needed. For example, if the
understatement of trade payables is due to liabilities for purchases having been
omitted, and if management are prepared to adjust the trade payables to correct the
$80,000 understatement, the remaining unadjusted aggregate, $98,000, is less than
the materiality limit.
2. Only (2) affects profit
The misstatements on receivables and payables must be reflected elsewhere in the
statement of financial position. For example, cash at bank may be overstated (or
bank overdraft understated) if the errors are due to incorrect cut-off on cash receipts
and payments. Therefore, the effect on net assets and profit is therefore only
$58,000 (i.e. not material).
However, if the incorrect cut-off (say) was in error, management should be prepared
to adjust for it. (If not, this might raise doubts about whether the "error" was by
accident or design.)
Remember that the reasons for the non-adjustment of the uncorrected
misstatements will need to be explained to the audit committee (where such a
committee exists).
If an individual misstatement is deemed material, it is unlikely that other misstatements
can offset it. For example, if revenue is materially overstated, the financial statements
are materially misstated, even if there is an equivalent overstatement of expenses.
Some misstatements may be evaluated as material even if they are lower than
materiality for the financial statements as a whole, such as when a misstatement:
 is possibly the result of fraud;
 affects compliance with regulatory requirements, debt covenants, or contractual
requirements;
 relates to the incorrect selection or application of an accounting policy that is likely to have a
material effect on future period financial statements;
 masks a change in earnings or other trends;
 affects ratios used to evaluate the financial position, results of operations or cash flows;
 increases management compensation.
Key Point
Qualitative aspects of misstatements must also be assessed. For example,

for a classification misstatement, its effect on debt or other contractual
covenants, on individual line items or sub-totals or key ratios.
Material misstatement may also arise in qualitative disclosure (e.g. the omission or
incorrect description of an accounting policy relative to significant items in the financial
statements).
29.3.0 Introduction
3.0 Introduction
The relevant standard is ISA 720 The Auditor’s Responsibilities Relating to Other
Information.
Definitions
Other information – financial or non-financial information (other than the

financial statements and auditor's report) included in an entity's annual
report.
Annual report – a document or combination of documents prepared
annually by management or TCWG to provide owners and stakeholders
with information on the entity's operations, financial results and financial
position.
Key Point
The auditor should respond appropriately when the credibility of the

financial statements and the auditor's report could be undermined by other
information included in an annual report.
Examples of other information include:

 report by management or board of directors on operations;
 financial summaries or highlights;
 CSR, environmental and similar reports;
 employment data;
 planned capital expenditures;
 financial ratios;
 names of officers and directors; and
 selected quarterly data.
The auditor does not report on the fair presentation of other information.
29.3.1 Procedures
3.1 Procedures
 Obtain other information to be issued with the financial statements.

 Read the other information and consider whether:
o there is a material inconsistency between the other information and:
 the financial statements; or
 the auditor's knowledge obtained during the audit; or
o there are material misstatements in other information unrelated to the financial
statements or the auditor's knowledge obtained in the audit.
 Discuss any material inconsistencies (or misstatements) with management to determine
whether:
o a material misstatement exists in:
 other information; or
 the financial statements; or
o the auditor's understanding of the entity and its environment needs to be updated
(i.e. a material misstatement does not exist).
 If a material misstatement exists, ask management (and, if necessary, TCWG) to correct it.
 If not corrected before the auditor's report is to be signed (i.e. the other information is
obtained before the date of the auditor's report):
o consider and communicate with TCWG the implications for the auditor's report; or
o withdraw from the engagement, if possible.
 If the other information was obtained after the date of the auditor's report:
o obtain legal advice; and
o seek to bring the matter to the attention of the users of the auditor's report.
29.3.2 Reporting
3.2 Reporting
The auditor's report should include a separate section with an appropriate heading (e.g.
"Other Information"), which:
 States that management is responsible for the other information;
 Identifies the other information;
 Describes the auditor's responsibilities for reading and considering the other information;
and
 State that the audit opinion does not cover the other information and that the auditor does
not express an opinion on it.
For the contents of an auditor's report, see Chapter 30.
29.4.1 Purpose of a Review

4.1 Purpose of a Review
Audit evidence includes transactions and events that occur after the reporting date to
address the risks of material misstatement. For example:
 the sale of all inventory of a discontinued product shortly after the reporting date provides
evidence relating to its net realisable value; and
 the receipt of cash from customers after the reporting dates provides evidence of the
recoverability of trade receivables.
However, not all relevant events after the reporting will be identified in the verification of
transactions and balances recognised in the financial statements. Specific “subsequent
events procedures” are therefore required to ensure completeness of the recognition
and disclosure of subsequent events.
4.2 Events after the Reporting Period

Definitions
Events after the reporting period – those events, both favourable and
unfavourable, that occur between the end of the reporting period and
the date on which the financial statements are authorised for issue.
– IAS 10 Events after the Reporting Period
Subsequent events – events occurring between the date of the financial
statements and the date of the auditor's report and facts that become
known after the date of the auditor's report.
– ISA 560 Subsequent Events
4.2.1 Adjusting Events

Examples of adjusting events include:
 A trade receivable existing at the end of the reporting period that is deemed irrecoverable
after the reporting period.
 Litigation entered into before the end of the reporting period that is settled after the end of
4.2.2 Non-adjusting Events

Examples of non-adjusting events include the following events occurring after the end of
the reporting period:
 Issue of share capital
 Business combinations (e.g. acquisition of a subsidiary)
 Legal claims
 Changes in the fair value of assets or liabilities (e.g. a fall in the fair value of a revalued
building due to a change in economic conditions).
Activity 4 Adjusting and Non-adjusting Events
You are the trainee accountant of Gabriella Enterprises Co and are preparing the
financial statements for the year ended 30 September 20X1. The financial statements
are expected to be approved in the Annual General Meeting, which is to be held on
Monday, 29 November 20X1. Today’s date is 22 November 20X1. You have been made
aware of the following matters:
1. On 14 October 20X1, a material fraud was discovered by the bookkeeper. The payables
ledger assistant had been diverting funds into a fictitious supplier bank account set up by the
employee, which had been occurring for the past six months. The employee was
immediately dismissed, legal proceedings against the employee were initiated and the
employee’s final wages were withheld as part-reimbursement back to the company.
2. On 20 September 20X1, a customer initiated legal proceedings against the company for a
breach of contract. On 29 September 20X1, the company’s legal advisers informed the
directors that it was unlikely the company would be found liable; therefore, no provision has
been made in the financial statements, but disclosure as a contingent liability has been
made. On 29 October 20X1, the court found the company liable on a technicality and is now
required to pay damages amounting to a material sum.
3. On 19 November 20X1, a customer ceased trading due to financial difficulties owing $2,500.
As the financial statements are needed for the board meeting on 22 November 20X1, you
have decided that no adjustment is required because the amount is immaterial. The auditors
have also confirmed that this amount is immaterial to the draft financial statements.
Required:
For each of the three events above, discuss whether the financial statements
require amendment.
1. Fraud
The fraud committed by the payables ledger clerk has been ongoing during and beyond
the financial year. Fraud and error that occur before the year-end date – but are only
discovered after the year end – are adjusting events. Therefore, the financial statements
would require an amendment to take account of the fraudulent activity up to the year
end.
2. Legal proceedings
At the year end, the company had disclosed a contingent liability. However, after the
year end (29 October 20X1), the court found the company liable for breach of contract.
The legal proceedings were issued on 20 September 20X1 (some 10 days before the
year end). This is, therefore, evidence of a condition that existed at the year end. IAS 10
requires the result of a court case after the reporting date to be considered in
determining whether a provision should be recognised in accordance with IAS
37, Provisions, Contingent Liabilities and Contingent Assets at the year end. In this
case, the financial statements will require adjustment because:
 the conditions existed at the year end;
 the recognition criteria for a provision have been met.
3. Loss of customer
A customer ceasing to trade so soon after the reporting period indicates nonrecoverability of a
receivable at the reporting date and is therefore an adjusting event (IAS 10 Events After the
Reporting Period). Assets should not be carried in the statement of financial position at any
more than their recoverable amount and, therefore, an allowance for receivables should be
made.
29.4.3 Audit Procedures and Impact on Report

4.3 Audit Procedures and Impact on Report
The relevant standard is ISA 560 Subsequent Events.

Key Point
The auditor should:

 obtain sufficient, appropriate audit evidence that all events
occurring between the date of the financial statements and the date of the
auditor's report have been appropriately adjusted or disclosed; and
 respond appropriately to facts that become known only after the date of the
auditor's report.
4.3.1 Before Date of Auditor's Report
The auditor has an active responsibility to investigate subsequent events between the
date of the financial statements and the date of the auditor's report.
Review procedures:
 Review and understand management's procedures for identifying subsequent events.
 Inquire of management (and TCWG) if they are aware of any subsequent events that would
affect the financial statements.
 Read minutes of meetings of shareholders/board of directors/audit committees, etc., held
after the reporting period end.
 Inquire about matters discussed at meetings for which minutes are not yet available.
 Read the latest available interim financial statements, budgets, cash flow forecasts,
management reports, etc.
 Review after-date bank ledger accounts and other records for material or unusual items.
 Inquire of lawyers concerning litigation and claims.
The time between the completion of the final audit stage and the signing of the auditor's
report should be kept to a minimum. If the signing is delayed, further subsequent review
procedures will need to be carried out.
If material events are not reflected in the financial statements and management refuses
to change the statements, the auditor should discuss with TCWG (if not management)
and consider the effect on the audit opinion (e.g. qualified, disagreement).
Activity 5 Subsequent Events
Following on from Activity 4.
Required:
Describe the audit procedures that should be performed to obtain sufficient

appropriate evidence that the subsequent events have been appropriately treated
in the financial statements.
Exam advice
When faced with such an accounting scenario, think about the

information that would prompt an accountant or finance director to
return to the year end and retrospectively amend the financial
statements. You could interpret the question as asking, “what
information would I need to justify a provision or disclosure in the
financial statements before making such provision or disclosure?”
Your assumed knowledge of IAS 10 should help you think about the
audit evidence you would need to satisfy yourself that the
requirements in IAS 10 have been met and suggest how you would
obtain this evidence for the audit file.
1. Fraud
Fraud risk factors are covered in ISA 240, The Auditor’s Responsibilities Relating to
Fraud in an Audit of Financial Statements. The fact that fraud has occurred at Gabriella
Enterprises Co will increase the risk of material misstatement due to fraud.
The audit procedures to be performed to ensure the fraud has been correctly accounted
for in the financial statements may include:
 Recalculation of the amounts involved.
 Discussions with management about how such fraud occurred and why it took six months to
discover it (controls should prevent, detect and correct material misstatements on a timely
basis).
 Establishing how the bookkeeper discovered the fraud and what controls (if any) contain
deficiencies to allow the employee to commit the fraud. Note that employee fraud usually
involves the manipulation of controls, whereas management fraud often involves the
overriding of controls.
 Performing substantive procedures on journal entries (particularly those close to, or at, the
year-end).
 Confirming directly with suppliers the activity on their accounts for the period under audit.
 Reviewing the purchase invoices and being alert to amended or copy invoices, and making
enquiries about their authenticity.
 A review of human resources files for evidence of disciplinary proceedings taken against the
employee. (This will also confirm compliance with laws and regulations, particularly in
relation to employment legislation and the withholding of wages.)
 Testing other controls to identify deficiencies that may indicate employee or management
fraud.
 Obtaining written representations from management concerning the fraud.
 Reviewing after-date cash receipts for any reimbursements by the employee.
 Discussions with the entity’s legal advisers about the possibility of reimbursement of the
balance of the misappropriated funds.
2. Legal proceedings
 Obtaining a copy of the court order or other correspondence confirming the company has
been found liable to pay compensation to its customer.
 Reviewing after-date cash payments to confirm payment to the customer.
 Confirming that a provision has been recognised (as opposed to disclosure as a contingent
liability) in accordance with IAS 37, Provisions, Contingent Liabilities and Contingent Assets.
 Agreeing that the amount of the provision is reasonable in relation to the outcome of the
court case.
 Obtaining written representation from management to confirm the treatment of the provision.
3. Loss of customer
 Discuss with management the reason for not adjusting the irrecoverable receivable.
 As the auditor has already agreed that this amount is immaterial to the financial statements,
it should be included on an “audit error schedule”. If this amount remains immaterial at the
completion stage, both individually and when aggregated with other misstatements, the
auditor can still express an unmodified opinion (see Chapter 30).
4.3.2 After Date of Auditor's Report But Before Financial
Statements Issued
The auditor has no active responsibility to make inquiries or perform further auditing
procedures to discover subsequent events after the original date of the auditor's report.
The auditor's role is passive, only reacting where the auditor becomes aware of relevant
matters.
As agreed in the letter of engagement, management should inform the auditors of any
matters that will affect the financial statements between the date of the auditor's report
and when the financial statements are issued.
Where matters come to the attention of the auditors, the auditors should:
 determine whether the financial statements need amendment;
 discuss with management and TCWG how the matter should be addressed; and
 take action appropriate in the circumstances.
If financial statements are subsequently released without a new auditor’s report, the
auditor should seek legal advice on the action to be taken to prevent reliance on the old
report. The auditor's work before the issue of the auditor's report is often referred to as
proactive or active work (must be done). Work (if any) which is carried out after the
issue of the report is described as reactive (i.e. only carried out if circumstances
dictate).
4.3.3 After Financial Statements Issued
The auditor has no obligation to make any inquiry. However, if he becomes aware of a
fact that existed at the date of the auditor's report and which, if known at that date, may
have caused the opinion to be modified, the auditor should:
 consider whether the financial statements need revision (revised financial statements
are not examinable);
 discuss the matter with management and TCWG; and
 take appropriate action after seeking legal advice.
Some jurisdictions do not allow the financial statements to be withdrawn after issue.
Others may have specific processes that the auditor must follow.
Syllabus Coverage

1. Subsequent events
1. Explain the purpose of a subsequent events review.
2. Explain the responsibilities of auditors regarding subsequent events.
3. Discuss the procedures to be undertaken in performing a subsequent events review
4. Audit finalisation and the final review
1. Discuss the importance of the overall review in ensuring that sufficient, appropriate evidence
has been obtained.
2. Describe the procedures an auditor should perform in conducting their overall review of
3. Explain the significance of uncorrected misstatements.
4. Evaluate the effect of dealing with uncorrected misstatements.
Technical Articles
 Subsequent events (s.4)

Visual Overview
Objective: To explain the contents of an independent auditor's report and the

expression of an opinion on financial statements.
30.1.1 Forming and Expressing an Opinion
1.1 Forming and Expressing an Opinion
Key Point

 To form an opinion on the financial statements based on an evaluation of the
conclusions drawn from the audit evidence obtained; and
 To express clearly that opinion through a written report which also describes
the basis for that opinion.
In forming an opinion, the auditor's considerations of the financial statements include:
 sufficient appropriate evidence obtained;
 uncorrected misstatements are not collectively or individually material;
 prepared in accordance with the financial reporting framework (e.g. IFRS Standards);
 adequate disclosure of significant accounting policies selected and applied;
 accounting policies are consistent with the financial reporting framework and statutory
requirements;
 accounting estimates are reasonable;
 information presented is relevant, reliable, comparable and understandable;
 adequate disclosures of all material matters have been made;
 terminology used is appropriate;
 overall presentation, structure and content achieve a fair presentation; and
 underlying transactions and events are presented in a manner which achieves a fair
presentation.
30.1.2 Content Elements (ISA 700)

1.2 Content Elements (ISA 700)
The content elements in ISA 700 Forming an Opinion and Reporting on Financial
Statements are summarised as follows
Note that the auditor’s responsibilities section, which can be extensive, may be
included:
 in the report or a referenced appendix; or
 by a specific reference to a website of an appropriate authority, if permitted
Title
 For example, "Independent auditor's report …"
Addressee
 For example, "...to the shareholders of..."
Audit Opinion
 Identify the entity
 State that the financial statements have been
audited
 Identify each statement comprising the financial
statements
 Refer to the notes, including significant
accounting policies
 Specify the date of or period covered by each
financial statement
 Identify the financial reporting framework (e.g.
IFRS)
 Refer to "present fairly, in all material respects"
(or "true and fair view") in accordance with ...
[financial reporting framework]
 State audit was conducted in accordance with

ISAs/ applicable laws
 Refer to the section describing auditor's
responsibilities under ISAs
 State that the auditor is independent and meets
the requirements of the IESBA Code
 State whether sufficient and appropriate audit
Basis for Opinion evidence has been obtained to provide a basis
for the audit opinion
Going Concern  Where applicable, report in accordance with

ISA 570 Going Concern (see Chapter 31)
Key Audit Matters  Describe each key audit matter in accordance

with ISA 701 (see s.2)
 Identify the other information, describe

management's and the auditor's
responsibilities, and state that the auditor does
Other Information not express an opinion on the other
information.
Responsibilities of  Describe management's responsibility for:

Management and Those o preparing the financial statements
Charged with Governance o internal controls
for the Financial o matters relating to going concern
Statements  Identify those responsible for the oversight of
the financial reporting process
 State the objectives of the auditor:

o to obtain reasonable assurance
whether the financial statements as a whole
Auditor's Responsibilities are free from material misstatement
for the Audit of the o to issue a report that includes the
Financial Statements audit opinion
 State meaning of "reasonable assurance"
 State how misstatements can arise (fraud or
error) and, if material, influence the economic
decisions of users
 Provide a definition or description of materiality
in accordance with the applicable financial
reporting framework
 State that the auditor exercises professional
judgement and maintains professional
scepticism
 Describe the audit:
 identifying and assessing risks of material
misstatement
o designing and performing audit
procedures
o obtaining audit evidence
o evaluating internal controls
o concluding on the use of the going
concern basis
o evaluating "fair presentation"
 State that the auditor communicates with those
charged with governance regarding, among
other matters, the planned scope and timing of
the audit and significant audit findings,
including any significant deficiencies in internal
control
 State the matters communicated to those
charged with governance
 Include for the audits of general purpose

financial statements of listed entities (unless
there is a significant personal security threat)
Name of Engagement  Firm's name and/or the personal name
Partner Auditor's Address  Signature of the auditor
and Signature  Location in the jurisdiction where the auditor
practices
Date of the Auditor's

Report  Not earlier than the date of audit completion or
signing of the financial statements
30.1.3 Modified Opinion

1.3 Modified Opinion
Key Point
 The audit opinion will be either unmodified ("clean") or modified.

 The forms of modified opinion are:
Key Point
o Qualified "except for";

o Adverse opinion; and
o Disclaimer of opinion.
 The inclusion of an additional Emphasis of Matter or Other Matter paragraph
(s.4) or the inclusion of a Material Uncertainty Relating to Going Concern
section (see Chapter 31) in the auditor's report does not modify the opinion.
30.2.1 ISA 701

2.1 ISA 701
The relevant standard is ISA 701 Communicating Key Audit Matters in the Independent
Auditor's Report.
Definition
Key audit matters (KAM) – those matters that, in the auditor's

professional judgement, were of most significance in the audit of the
financial statements of the current period. They are selected from matters
communicated with TCWG.
Key Point
Inclusion of KAM in the auditor's report is a requirement

for listed companies.
30.2.2 Purpose
2.2 Purpose
Communication of key audit matters (KAM) enhances the auditor's report by providing
greater transparency about the audit performed.
The KAM section is not a separate opinion on individual matters and is not a substitute
for:
 disclosures that are required to achieve fair presentation;
 expressing a modified opinion (ISA 705 applies);
 reporting on going concern (ISA 570 applies); or
 issuing a separate opinion on individual matters.
When the auditor disclaims an opinion, KAM should not be included in the auditor's
report unless required by law or regulation.
30.2.3 Determining and Communicating
2.3 Determining and Communicating
2.3.1 Determining
KAM are generally those that required significant auditor attention in performing the
audit, for example:
 Areas of higher assessed risk of material misstatement or significant risks;
 Significant auditor judgements relating to significant management judgement (e.g.
accounting estimates having high estimation uncertainty); and
 The effect on the audit of significant events or transactions during the period.
2.3.2 Communication to Users

To communicate KAM to users:
 The introduction to the "Key Audit Matters" section should state the matters:
o are those that, in the auditor's professional judgement, were of most significance
in the audit; and
o were addressed in the context of the audit of the financial statements and the
auditor does not provide a separate opinion on these matters.
 Each KAM is described in a separate section using an appropriate subheading.
 Each KAM should be referenced to any related disclosures and address:
o why it was considered to be significant; and
o how it was addressed in the audit.
 Details may include:
o aspects of the auditor's response to the assessed risk;
o a brief overview of procedures performed;
o an indication of the outcome of audit procedures; and
o key observations concerning the matter.
Exam advice
If asked to describe the content of a KAM section, your answer should

consider:
 what the issue is;
 why it is considered a KAM; and
 how it was addressed during the audit.
Exhibit 1 Inventory Allowances
The following is based on the independent auditor’s report on the financial

statements of Marks and Spencer Group plc2022:
Key Audit Matter Description
As at 2 April 2022, the Group held UK Clothing & Home inventories of

£458.6 million (2021:£430.6 million) ….
In 2020 the Group recognised an inventory write-down of £157.0 million (of
which £145.3 million related to UK Clothing & Home inventory) …
In the prior period the Group recorded a net reversal of the inventory
impairment of £90.8 million (£101.6 million relating to UK Clothing & Home
inventory).
In this period the Group has reversed or utilised the remaining Covid-19
allowance of £18.6 million …
As described in the Accounting Policies in note 1 to the financial
statements, inventories are carried at the lower of cost and net realisable
value. As a result, judgement is applied in determining the appropriate
allowances required for obsolete inventory and inventory expected to be
sold below cost based upon a detailed analysis of old season inventory and
forecast net realisable value based upon plans for inventory to go into sale.
We consider the assessment of inventory allowances within UK Clothing &
Home to require the most judgement due to historical trading performance
and the quantum of gross inventory
How the Scope of Our Audit Responded to the Key Audit Matter
In responding to the identified key audit matter, we completed the following
audit procedures:
→ Obtained an understanding of relevant controls relating to inventory
management and the review and approval of the inventory allowance;
→ Assessed the validity, accuracy and completeness of the information
used by management in computing the allowance;
→ Assessed the mechanical accuracy and logic of the models
underpinning the respective allowances;
→ Understood the changes in the methodology and challenged the
appropriateness thereof;
→ Challenged and validated the key assumptions applied by management
in estimating the allowance by performing enquiries of buyers and
merchandisers, considering the current purchasing strategy and ranging
plans, assessed the historical accuracy of forecasting inventory to be
subject to a future discount;
→ Tested the accuracy of the process used by management to identify
potentially impaired inventory across a representative sample of individual
product lines; and
→ Assessed the completeness and accuracy of disclosures within the

financial statements in accordance with IFRS.
2.3.3 Communication with Those Charged with Governance

ISA 260 (see Chapter 13) requires the auditor to communicate with TCWG on a timely
basis.
 Preliminary views on potential KAM based on the auditor's experience may be discussed
with the planned scope and timing of the audit.
 As the audit progresses, the auditor determines KAM from those matters already discussed
with TCWG and finalises their inclusion in the auditor's report.
30.3.1 Circumstance
3.1 Circumstance
An unmodified opinion is the expression of the auditor's conclusion that the financial
statements have been prepared, in all material respects, with the applicable financial
reporting framework.
30.3.2 Sample Auditor's Report

3.2 Sample Auditor’s Report
INDEPENDENT AUDITOR’S REPORT

To the Shareholders of ABC Company [or Other Appropriate Addressee]
Report on the Audit of the Financial Statements
Opinion
We have audited the financial statements of ABC Company (the Company), which
comprise the statement of financial position as at December 31, 20X1, and the
statement of comprehensive income, statement of changes in equity and statement of
cash flows for the year then ended, and notes to the financial statements, including a
summary of significant accounting policies.
In our opinion, the accompanying financial statements present fairly, in all material
respects, (or give a true and fair view of) the financial position of the Company as at
December 31, 20X1, and (of) its financial performance and its cash flows for the year
then ended in accordance with International Financial Reporting Standards (IFRSs).
Basis for Opinion
We conducted our audit in accordance with International Standards on Auditing (ISAs).
Our responsibilities under those standards are further described in the Auditor’s
Responsibilities for the Audit of the Financial Statements section of our report. We are
independent of the Company in accordance with the International Ethics Standards
Board for Accountants’ Code of Ethics for Professional Accountants (IESBA
Code) together with the ethical requirements that are relevant to our audit of the
financial statements in [jurisdiction], and we have fulfilled our other ethical
responsibilities in accordance with these requirements and the IESBA Code. We believe
that the audit evidence we have obtained is sufficient and appropriate to provide a basis
for our opinion.
Key Audit Matters
Key audit matters are those matters that, in our professional judgement, were of most
significance in our audit of the financial statements of the current period. These matters
were addressed in the context of our audit of the financial statements as a whole, and in
forming our opinion thereon, and we do not provide a separate opinion on these matters
[Description of each key audit matter in accordance with ISA 701]
Other Information [Add detail in accordance with ISA 720]
Management is responsible for the preparation and fair presentation of the financial
statements in accordance with IFRSs, and for such internal control as management
determines is necessary to enable the preparation of financial statements that are free
from material misstatement, whether due to fraud or error.
In preparing the financial statements, management is responsible for assessing the
Company’s ability to continue as a going concern, disclosing, as applicable, matters
related to going concern and using the going concern basis of accounting unless
management either intends to liquidate the Company or to cease operations, or has no
realistic alternative but to do so.
Those charged with governance are responsible for overseeing the Company’s financial
reporting process.
Auditor’s Responsibilities for the Audit of the Financial Statements
Our objectives are to obtain reasonable assurance about whether the financial
statements as a whole are free from material misstatement, whether due to fraud or
error, and to issue an auditor’s report that includes our opinion. Reasonable assurance
is a high level of assurance, but is not a guarantee that an audit conducted in
accordance with ISAs will always detect a material misstatement when it exists.
Misstatements can arise from fraud or error and are considered material if, individually
or in the aggregate, they could reasonably be expected to influence the economic
decisions of users taken on the basis of these financial statements.
As part of an audit in accordance with ISAs, we exercise professional judgement and
maintain professional scepticism throughout the audit. We also:
 Identify and assess the risks of material misstatement of the financial statements, whether
due to fraud or error, design and perform audit procedures responsive to those risks, and
obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion.
The risk of not detecting a material misstatement resulting from fraud is higher than for one
resulting from error, as fraud may involve collusion, forgery, intentional omissions,
misrepresentations, or the override of internal control.
 Obtain an understanding of internal control relevant to the audit in order to design audit
procedures that are appropriate in the circumstances, but not for the purpose of expressing
an opinion on the effectiveness of the Company’s internal control.
 Evaluate the appropriateness of accounting policies used and the reasonableness of
accounting estimates and related disclosures made by management.
 Conclude on the appropriateness of management’s use of the going concern basis of
accounting and, based on the audit evidence obtained, whether a material uncertainty exists
related to events or conditions that may cast significant doubt on the Company’s ability to
continue as a going concern. If we conclude that a material uncertainty exists, we are
required to draw attention in our auditor’s report to the related disclosures in the financial
statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions
are based on the audit evidence obtained up to the date of our auditor’s report. However,
future events or conditions may cause the Company to cease to continue as a going
concern.
 Evaluate the overall presentation, structure and content of the financial statements,
including the disclosures, and whether the financial statements represent the underlying
transactions and events in a manner that achieves fair presentation.
We communicate with those charged with governance regarding, among other matters,
the planned scope and timing of the audit and significant audit findings, including any
significant deficiencies in internal control that we identify during our audit.
We also provide those charged with governance with a statement that we have
complied with relevant ethical requirements regarding independence, and to
communicate with them all relationships and other matters that may reasonably be
thought to bear on our independence, and where applicable, related safeguards.
From the matters communicated with those charged with governance, we determine
those matters that were of most significance in the audit of the financial statements of
the current period and are therefore the key audit matters. We describe these matters in
our auditor’s report unless law or regulation precludes public disclosure about the
matter or when, in extremely rare circumstances, we determine that a matter should not
be communicated in our report because the adverse consequences of doing so would
reasonably be expected to outweigh the public interest benefits of such communication.
The engagement partner on the audit resulting in this independent auditor’s report is
[name].
[Signature in the name of the audit firm, the personal name of the auditor, or both, as
appropriate for the particular jurisdiction]
[Auditor Address]
[Date]
The description of the auditor’s responsibilities (as shaded in the example above) may
be included in a referenced appendix to the auditor’s report or by a specific reference to
a website of an appropriate authority, where the auditor is permitted to do so.
30.4.1 Distinction
4.1 Distinction
The relevant standard is ISA 706 Emphasis of Matter Paragraphs and Other Matter
Paragraphs in the Independent Auditor's Report.
The difference between the two paragraphs is that the Emphasis of Matter must refer to
a matter presented in the financial statements but the Other Matter paragraph concerns
matters not presented or disclosed in the financial
statements. Neither paragraph affects the audit opinion.
Key Point
The users' attention is drawn to:

 a matter, although appropriately presented or disclosed in the financial
statements, that is of such importance that it is fundamental to their
understanding of the financial statements; or
 as appropriate, any other matter relevant to their understanding of the audit,
the auditor's responsibilities or the auditor's report.
Emphasis of Matter and Other Matter paragraphs do not include matters
disclosed as Key Audit Matters.
4.1.1 Emphasis of Matter Paragraph

An Emphasis of Matter paragraph is an additional section in an auditor’s report that:
 Is headed "Emphasis of Matter," or other appropriate heading (e.g. "Emphasis of Matter
Concerning … ").
 Must include a clear reference to the matter being emphasised and where relevant
disclosures that describe the matter in sufficient detail can be found in the financial
statements.
 States that the audit opinion is not modified in respect of the matter emphasised.
Key Points
Reference to a note is essential. If the auditor had to "make good" a lack

of disclosure in the auditor's report, the omission would be grounds for
qualification.
When the opinion is modified, an Emphasis of Matter can be included
regarding an unrelated matter.
4.1.2 Other Matter Paragraph

An Other Matter paragraph is an additional section in an auditor’s report that:
 Is headed "Other Matter," or other appropriate heading (e.g. "Other Matter On … ")
 Must clarify that the other matter is not required to be presented and disclosed in the
 Should not include:
o matters that the auditor is prohibited from including by law;
o information that is required to be given by management.
30.4.2 Placement
4.2 Placement
The placement of an Emphasis of Matter or Other Matter paragraph depends on the

nature of the information to be communicated and the auditor's judgement as to its
relative significance. For example:
 Immediately following the Basis of Opinion paragraph, if the emphasis relates to the
applicable financial reporting framework;
 Before or after Key Audit Matters depending on the relative significance of the information in
the Emphasis of Matter paragraph.
30.4.3 Circumstances When Used

4.3 Circumstances When Used
4.3.1 Emphasis of Matter Paragraph

ISAs containing requirements for an Emphasis of Matter paragraph under certain
circumstances are ISA 210 Agreeing the Terms of Engagement and ISA
560 Subsequent Events.
Examples of use include:
 Significant uncertainty (other than going concern), the resolution of which on future events
that are not under the direct control of entity and may affect the financial statements (e.g.
litigation or regulatory action).
 Early application (where allowed) of a new accounting standard that has a pervasive effect.
 A major catastrophe that has had, or continues to have, a significant effect on the entity's
financial position.
Key Point
Material uncertainties related to going concern are reported in a separate

section of the auditor's report (see Chapter 31).
4.3.2 Other Matter Paragraph

Some ISAs include requirements for an Other Matter paragraph in very limited
circumstances.
Examples of use include:
 Material matters that do not affect the financial statements, but to which the auditor needs to
draw the users’ attention to them.
 Where the auditor wishes to withdraw from an engagement (e.g. because of the limitations
placed on them by management) but cannot do so because of law.
 To describe additional statutory reporting responsibilities.
Example 1 Emphasis of Matter and Other Matter Paragraphs
Opinion
We have audited the financial statements ... (standard wording)
Basis for Opinion
We conducted our audit ... (standard wording)
Emphasis of Matter
We draw attention to Note X of the financial statements, which describes
the effects of a fire in the Company's production facilities. Our opinion is
not modified in respect of this matter.
Key Audit Matters
Key audit matters are those matters ... (standard wording)
Other Matter
The financial statements of ABC Company for the year ended December
31, 20X0, were audited by another auditor who expressed an unmodified
opinion on those statements on March 31, 20X1.
Responsibilities of Management ... (standard wording)
Key Point
A new auditor is not required to refer to the auditor of the prior year's
financial statements but, if allowed by law, may do so in an Other Matter
paragraph.
30.5.0 ISA 705

5.0 ISA 705
The relevant standard is ISA 705 Modifications to the Opinion in the Independent
Auditor's Report.
30.5.1 Circumstances
5.1 Circumstances
Key Point
The auditor modifies the audit opinion when:

 he concludes that, based on the audit evidence obtained, the financial
statements as a whole are not free from material misstatement; or
Key Point
 he is unable to obtain sufficient appropriate audit evidence to conclude that

the financial statements as a whole are free from material misstatement.
30.5.2 Basis for Modified Opinion

5.2 Basis for Modified Opinion
To explain the basis for the modification, additional information must be given:
Basis for  Separate heading and section after the Opinion section
modified explains the reasons for the modification. This will include
opinion the quantitative and qualitative aspects of the material
misstatements.
 Where there is a material and pervasive lack of

Auditor's appropriate audit evidence, the auditor is unable to
responsibility conduct an audit in accordance with ISAs. This must be
made clear in the auditor's responsibility section.
30.5.3 Standard Forms

5.3 Standard Forms
Definition
Pervasive−effects on the financial statements which, in the auditor's

judgement:
i.Are not confined to specific elements, accounts or items of the financial
statements;
ii. If so confined, represent or could represent a substantial proportion of the
financial statements; or
iii. In relation to disclosures, are fundamental to users' understanding of the
 The auditor concluded (i.e. obtained sufficient appropriate

evidence) that misstatements are material but not pervasive.
 The auditor was unable to obtain sufficient appropriate
evidence and possible effects of undetected misstatements
could be material but not pervasive.
The audit opinion concludes that “except for”the possible
Qualified
effects of the specific matter(s), the financial statements are
opinion
presented fairly, in all material respects.
("except for")
 Misstatements, individually or in aggregate, are both material
Adverse and pervasive.
opinion The audit opinion conclude that the financial statements do
not give a true and fair view.
 The possible effect of lack of evidence is both material and

pervasive such that sufficient evidence has not been
obtained as a basis for expressing an opinion.
 In extremely rare circumstances involving multiple
uncertainties, the auditor concludes that it is not possible to
form an opinion on the financial statements due to their
potential interaction and possible cumulative effects (despite
having sufficient appropriate audit evidence regarding each
uncertainty).
Disclaimer of The auditor does not express an opinion on the financial
opinion statements in the auditor’s report.
30.5.4 Summary
5.4 Summary
Activity 1 Modified Opinions
Smith & Co encountered the following situations in four audits.

Required:
For each situation:
a. Indicate the grounds for modification of the audit opinion (i.e. whether there is a
misstatement of the financial statements or a lack of evidence); and
b. State the type of opinion to be expressed.
1. GoDo's accounting policy is to value tangible assets using the revaluation model. Smith &
Co's audit work revealed that only certain items of equipment were revalued during the year,
while other items were not revalued and reported at cost less accumulated depreciation.
Smith & Co determined that the revaluation of the other items would result in a material
revaluation loss. GoDo refused to recognise the additional revaluation loss in the financial
statements.
2. Make Stuff Co's inventory is held by third parties. During the audit, Make Stuff refused to
provide Smith & Co with the names and locations of these third parties. Smith & Co could
not apply alternative procedures to verify the existence of inventory. Make Stuff's inventory
balance is material to the financial statements.
3. Smith & Co was hired to be the auditor of Saltfire well after the entity's reporting date. As a
result, confirmation of Saltfire's accounts receivable was not feasible in the audit timeframe.
Smith & Co attempted to perform alternative procedures, but these were not effective.
Saltfire's accounts receivable are material.
4. Although Up Co appointed Smith & Co to audit its IFRS financial statements, Up's
management has refused to prepare a statement of cash flows. Management has also
refused to include the required disclosures for revenue, intangible assets and contingent
liabilities in the notes to the financial statements.
1. GoDo
a. Misstatement
GoDo has inappropriately applied the revaluation method. IAS 16 Property, Plant
and Equipment requires the revaluation model to be applied to all assets in the same
class.
b. Qualified "Except for" Opinion
The misstatement due to the misapplication of the revaluation method is material,
but it is not pervasive.
2. Make Stuff
a. Lack of evidence
Smith & Co's inability to count the third-party inventory is a lack of evidence imposed
by the client.
Inventory is a material balance, but it is not pervasive (unless the auditor believes
that the client-imposed scope limitation has implications for the auditor's ability to
gather evidence in other audit areas). Withdrawal from the engagement may be
appropriate for a client-imposed scope limitation.
3. Saltfire
a. Lack of evidence
Smith & Co's inability to confirm accounts receivable results in a lack of audit
evidence. This lack of evidence was imposed by the circumstances (i.e. the late
engagement of Smith & Co).
Accounts receivable is a material balance, but it is not pervasive.
4. Up Co
a. Misstatement
Management's refusal to prepare a statement of cash flows in accordance with IAS 7
and various disclosures required by IFRS gives rise to misstatement due to
inadequate disclosure.
b. Adverse
Refusal to provide a statement of cash flows and multiple disclosures is material and
pervasive.
30.5.5 Sample Standard Opinions

5.5 Sample Standard Opinions
5.5.1 Materially Misstated but Not Pervasive – Qualified Opinion

Qualified Opinion
We have audited ... (standard wording).
In our opinion, except for the effects of the matter described in the Basis for Qualified
Opinion section of our report, the financial statements ... (standard wording).
Basis for Qualified Opinion
The company's inventories are carried in the statement of financial position at $x.
Management has not stated the inventories at the lower of cost and net realisable value
but has stated them solely at cost, which constitutes a departure from IFRSs. The
company's records indicate that had management stated the inventories at the lower of
cost and net realisable value, an amount of $x would have been required to write the
inventories down to their net realisable value. Accordingly, cost of sales would have
been increased by $x, and income tax, net income and shareholders' equity would have
been reduced by $x, $x and $x, respectively.
5.5.2 Materially Misstated and Pervasive – Adverse Opinion
Adverse Opinion
In our opinion, because of the significance of the matter discussed in the Basis for
Adverse Opinion section of our report, the accompanying consolidated financial
statements do not present fairly ... (standard wording).
Basis for Adverse Opinion
As explained in Note X, the company has not consolidated the financial statements of
subsidiary XYZ Company that it acquired during 20X1 because it has not yet been able
to ascertain the fair values of certain of the subsidiary's material assets and liabilities at
the acquisition date. The investment is accounted for on a cost basis by the company.
Under IFRSs, the subsidiary should have been consolidated because it is controlled by
the company. Had XYZ Company been consolidated, many elements of the
accompanying consolidated financial statements would have been materially affected.
The effects on the consolidated financial statements of the failure to consolidate have
not been determined.
5.5.3 Lack of Sufficient Appropriate Evidence – Qualified Opinion

Qualified Opinion
In our opinion, except for the possible effects of the matter described in the Basis for
Qualified Opinion section of our report, the financial statements ... (standard wording).
ABC Company's investment in XYZ Company, a non-listed associate acquired during
the year and accounted for by the equity method, is carried at x on the statement of
financial position as at 31 December 20X1, and ABC's share of XYZ's net income of x is
included in ABC's income for the year then ended.
amount of ABC's investment in XYZ as at 31 December 20X1, and ABC's share of
XYZ's net income for the year because we were denied access to the financial
information, management and the auditors of XYZ. Consequently, we were unable to
determine whether any adjustments to these amounts were necessary.
Another example of lack of evidence arises when the auditor is unable to observe a
physical inventory count at the reporting date and the company's records do not permit
adequate alternative tests of inventory quantities (e.g. using "roll-back" of sales and
purchases after the year end and analytical procedures).
5.5.4 Pervasive Lack of Sufficient Appropriate Evidence –

Disclaimer of Opinion
Disclaimer of Opinion
We were engaged to audit ... (note the change of wording from "We have audited" to
"We were engaged to audit". Remainder of the paragraph is standard wording.)
We do not express an opinion on the accompanying financial statements of ABC
Company.
Because of the significance of the matters described in the Basis for Disclaimer of
Opinion section of our report, we have not been able to obtain sufficient appropriate
audit evidence to provide a basis for an audit opinion on these financial statements.
Basis for Disclaimer of Opinion
We were not appointed as auditors of the company until after 31 December 20X1, and
thus did not observe the counting of physical inventories at the beginning and the end of
the year. We were unable to satisfy ourselves by alternative means concerning the
inventory quantities held at 31 December 20X0 and 20X1, which are stated in the
statement of financial position at x and x, respectively. In addition, the introduction of a
new computerised accounts receivable system in September 20X1 resulted in
numerous errors in accounts receivable. As of the date of our auditor's report,
management was still in the process of rectifying the system deficiencies and correcting
the errors. We were unable to confirm or verify by alternative means accounts
receivable included in the statement of financial position at a total amount of x as at 31
December 20X1. As a result of these matters, we were unable to determine whether
any adjustments might have been found necessary in respect of recorded or
unrecorded inventories and accounts receivable, and the elements making up the
statement of comprehensive income, statement of changes in equity and cash flow
statement.
(standard wording)
Auditor's Responsibilities for the Audit of the Financial Statements
Our responsibility is to conduct an audit of the Company's financial statements in
accordance with International Standards on Auditing and to issue an auditor's report.
However, because of the matter described in the Basis for Disclaimer of Opinion section
of our report, we were not able to obtain sufficient appropriate audit evidence to provide
a basis for an audit opinion on these financial statements.
Key Point
No KAM sections will be included as an audit has not been carried out.
Syllabus Coverage

5. The Independent Auditor's Report
1. Identify and describe the basic elements contained in the independent auditor's report.
2. Explain unmodified audit opinions in the auditor's report.
3. Explain the circumstances in which a modified audit opinion may be issued in the auditor's
report.
4. Explain the impact on the auditor’s report when a modified opinion is issued.
5. Describe the format and content of key audit matters, emphasis of matter and other matter
paragraphs.
Technical Articles
 The auditor's report (s.2 and s.4)

Visual Overview
Objective: To explain the auditor's responsibilities for the going concern assumption
used to prepare financial statements.
31.1.1 Going Concern Assumption
1.1 Going Concern Assumption
1.1.1 Significance
Definitions
Going concern – an entity that will continue to operate for the foreseeable
future and has neither the intention nor the need to liquidate or significantly
reduce the scale of its operations.
Foreseeable future – a period of at least, but not limited to, 12 months
from the end of the reporting period.
Financial statements should be prepared based on the assumption that an entity will
continue to operate as a going concern, unless that basis is inappropriate.
1.1.2 Disclosure Requirements

Going concern is the only assumption that underlies the basis of preparation of all
published financial statements according to the Conceptual Framework for Financial
Reporting.
Material uncertainties that cast significant doubt on going concern should therefore be
disclosed in accordance with IAS 1 Presentation of Financial Statements.
Definition
Material uncertainty – an uncertainty related to events or conditions which

may cast significant doubt on the entity's ability to continue as a going
concern.
Key Point
If an entity is not a going concern, the financial statements should be prepared

using a different basis and the entity should disclose:
 that the going concern basis was not used;
 the basis of preparation (e.g. a "break-up" basis); and
 why the entity is not considered a going concern.
Because of the financial reporting implications:
 management must assess the entity's ability to continue as a going concern; and
 the auditor must perform specific audit procedures related to management's assessment
and the entity's ability to continue as a going concern.
Key Points
 Management’s assessment must take into account all available information

about the future, which is at least 12 months from the end of the reporting
period.
 Where management is aware that material uncertainties exist, the financial
statements must disclose those uncertainties.
31.1.2 Management's Responsibility

1.2 Management's Responsibility
IAS 1 requires management to assess the entity's ability to continue as a going concern.
Where a financial reporting framework does not explicitly state that responsibility, it is
implied because going concern is a fundamental principle.
When making the going concern assessment, management should consider all
available information about the future, even though there is inherent uncertainty related
to future events or conditions.
When an entity has a history of profitable operations and access to sufficient financial
resources, management may conclude that the going concern basis is appropriate
without detailed analysis.
In some cases, management may need to perform a detailed analysis to make its going
concern assessment. In such cases, management should consider various factors to
determine whether the going concern basis is appropriate. For example:
 current and expected profitability;
 debt repayment requirements; and
 sources of finance.
31.1.3 Auditor's Responsibilities (ISA 570)
1.3 Auditor's Responsibilities
The relevant standard is ISA 570 Going Concern.

Key Point

 To obtain sufficient appropriate audit evidence that the going concern basis is
appropriate;
 To conclude, based on the audit evidence obtained, whether a "material
uncertainty" exists; and
 To determine the implications for the auditor's report.
Definition
Material uncertainty – an uncertainty related to events or conditions which

may cast significant doubt on the entity's ability to continue as a going
concern.
The auditor should consider whether:
 the period used by management to make its assessment is adequate (i.e. at least 12
months from the date of the financial statements);
 management included in its assessment all relevant information found by the auditor during
the audit.
The auditor's evaluation of management's assessment may include:
 an evaluation of management's assessment process;
 the assumptions used in the assessment;
 management's plan for future action; and
 whether management's plans are feasible in the circumstances.
Key Point
It is not the auditor's responsibility to rectify a lack of analysis by management. If

the auditor concludes that management’s use of the going concern basis is
inappropriate, the auditor must express an adverse opinion.
31.2.1 Risk Assessment

2.1 Risk Assessment
Key Point
When performing risk assessment procedures, the auditor must consider whether
events or conditions exist which could cast significant doubt on the entity's ability
to continue as a going concern.
Management may already have made a preliminary assessment of going concern

issues and plans to address them. For example:
 raise capital;
 increase borrowings;
 restructure debt;
 defer capital expenditure or put research and development projects on hold; or
 liquidate assets.
If so, the auditor should understand and assess the process used by management,
including discussions with TCWG.
If not, the auditor should discuss with management the basis for the intended use of the
going concern assumption and make enquiries to determine it is appropriate.
31.2.2 Indicators of Significant Doubt

2.2 Indicators of Significant Doubt
The following are examples of events or conditions (“indicators”) that, individually or

collectively, may cast significant doubt on an entity’s ability to continue as a going
concern.
2.2.1 Financial Indicators

 Net liability/net current liability position.
 Fixed-term borrowings approaching maturity without realistic prospects of renewal or
repayment.
 Withdrawal of financial support (e.g. bank “calls in” a loan or suppliers withdraw credit terms
and demand cash-on-delivery).
 Negative operating cash flows (current or prospective).
 Excessive reliance on short-term borrowings to finance long-term assets.
 Adverse key financial ratios (e.g. liquidity ratio).
 Substantial operating losses.
 Significant deterioration in the value of assets used to generate cash flows.
 Arrears or discontinuance of dividends.
 Inability to pay creditors on due dates.
 Difficulty in complying with the terms of loan agreements.
 Inability to obtain financing for essential new product development or other essential
investments (e.g. to meet new regulations).
2.2.2 Operational Indicators

 Management intends to cease operations.
 Loss of key management without replacement.
 Loss of a major market, franchise, licence or principal supplier.
 Labour difficulties.
 Shortages of essential supplies.
 Emergence of a highly successful competitor.
2.2.3 Other Indicators

 Non-compliance with capital or other statutory requirements.
 Pending legal proceedings against the entity, which may, if successful, result in judgments
that could not be met.
 Changes in legislation or government policy.
 Uninsured (underinsured) catastrophes.
The smaller the entity, the more critical some of the indicators may be (e.g. a small
company may not be able to recover from or find alternatives to the loss of bank
support, a key supplier, key employee or a major customer). In addition, its existence
may be entirely dependent on one or a group of directors.
31.2.3 Mitigating Factors

2.3 Mitigating Factors
Going concern indicators may be mitigated by other factors. For example:

 Management's plans to maintain adequate cash flows by alternative means; for instance:
o disposal of assets;
o rescheduling of loan repayments; or
o obtaining additional capital.
 Availability of a suitable alternative source of supply to cover the loss of a principal supplier.
 Management’s intention to continue to support the business financially (usually for small
companies and would require written representation).
The auditor must assess the feasibility of all plans and alternatives and the likelihood of
improving the situation (e.g. selling assets to improve cash flows may reduce production
capacity, adding to going concern difficulties).
Definition
"Close-call" scenario – identified events or conditions that may cast

significant doubt on an entity's ability to continue as a going concern exist,
but on balance, after much analysis, it is concluded that management’s
mitigating plans are just about sufficient.
31.3.0 Introduction
3.0 Introduction
Key Point
The auditor should keep alert during the audit for events and conditions which
would affect going concern and, if identified:
 perform additional procedures; and
 reassess components of audit risk, as necessary, (e.g. inherent risk assessed
at 100% cannot be increased).
31.3.1 Sources of Information

3.1 Sources of Information
Sources of information relevant to the going concern basis include:

 Client's system for timely identification of warnings of risks/ uncertainties.
 Budgets, forecast information, etc.
 Obligations, undertakings, guarantees with lenders, suppliers, etc.
 Bank borrowing facilities and suppliers' credit.
 Management's plans for future action.
31.3.2 Specific Procedures

3.2 Review Procedures
In addition to evaluating management's assessment of going concern, specific audit

evidence procedures, where doubt exists about the going concern assumption, include:
 Analysing and discussing cash flow, profit and other relevant forecasts with management
(s.3.3), including sensitivity analysis on the cash flows to assess the adequacy of margin of
safety (e.g. proximity to overdraft facility).
 Examining the terms of loan agreements and determining whether any have been breached.
 Reading minutes of the meetings of shareholders, TCWG and relevant committees for
reference to financing difficulties.
 Inquiring of the entity's legal counsel regarding the existence of litigation and claims and the
reasonableness of management's assessments of their outcome and the estimate of their
financial implications.
 Obtaining external confirmation of the existence, terms and adequacy of borrowing facilities
or other financial support with third parties and assessing the financial ability of such parties
to provide additional funds.
 Reviewing order books and evaluating plans to deal with unfilled customer orders.
 Reviewing subsequent events (see Chapter 29) to identify those that either mitigate or
otherwise affect the entity's ability to continue as a going concern.
 Determining the adequacy of support for any planned disposals of assets.
 Obtaining specific written representations (see Chapter 20) regarding plans that might
significantly affect solvency in the foreseeable future.
 Review the post year-end board minutes to identify other issues that might indicate financial
difficulties.
 Reviewing post-year end accounts to assess the accuracy of cash forecasts.
31.3.3 Cash Flows

3.3 Cash Flows
When analysing and discussing cash flow and profit forecasts with management, the
auditor should consider:
 reliability of the entity's system for generating such information (control systems);
 appropriateness of underlying assumptions;
 whether additional facts or information have become available since the forecast was
prepared; and
 comparison of prospective financial information (budgets, forecasts, cash flows):
o for recent prior periods with historical results;
o for the current period with results achieved to date.
31.3.4 Subsequent Events

3.4 Subsequent Events
The subsequent events review should cover events which may affect the going concern
presumption based on management's assessment.
31.3.5 Beyond the Assessment Period

3.5 Beyond the Assessment Period
The auditor should ask management if it knows of indicators of significant doubt beyond
the assessment period (i.e. at least 12 months from the end of the reporting period).
This is the only audit procedure required in respect of this period. It provides a good
example of a "certain instance" in which it is appropriate to obtain written management
representation.
31.4.1 Basic Principle

4.1 Basic Principle
Key Point
The auditor should judge whether a material uncertainty exists. A material

uncertainty exists when the magnitude of its potential effect is such that its
disclosure is necessary for the fair presentation of the financial statements.
The auditor's report contains statements regarding management's responsibility and the
auditor's responsibility related to going concern.
4.1.1 Statement of Management's Responsibility

The auditor's report describes management's responsibility for assessing the entity's
ability to continue as a going concern and whether using the going concern basis of
accounting is appropriate.
4.1.2 Statement of Auditor's Responsibility

The auditor's report includes a statement that the auditor's responsibilities are to
conclude on:
 the appropriateness of management's use of the going concern basis; and
 whether a material uncertainty exists that may cast significant doubt on the entity's ability to
continue as a going concern.
The auditor's conclusions are based on evidence obtained up to the date of the auditor's
report.
31.4.2 Requirements
4.2 Requirements
4.2.1 Going Concern Basis is Appropriate and No Uncertainty

When the going concern basis is appropriate and no uncertainty exists, the accounting
policy note to the financial statements will state that they have been prepared on a
going concern basis.
In "close-call" situations, the auditor may determine that the events or conditions that
cast doubt on the entity's ability to continue as a going concern are key audit matters
that should be described in the KAM section of the auditor's report.
4.2.2 Going Concern Basis is Appropriate, but a Material
Uncertainty Exists
Where the going concern basis is appropriate, but a material uncertainty exists, notes to
the financial statements must include:
 An adequate description and disclosure of:
o events or conditions giving rise to significant doubt; and
o management's plans to alleviate the uncertainty.
 A statement that there is material uncertainty; therefore, the entity may be unable to realise
assets and discharge liabilities in the normal course of business.
If there is adequate disclosure, the auditor’s report will:
 Express an unmodified opinion (in respect of this matter);
 Include a section, "Material Uncertainty Related to Going Concern";
 Refer to the note in the financial statements that describes the material uncertainty;
 Include a statement that a material uncertainty exists and that the audit opinion is not
modified in respect of the matter.
If inadequate disclosure is made, the auditor’s report will:
 Express a qualified or adverse opinion (as appropriate).
 In the Basis for Qualified (Adverse) Opinion section, state that a material uncertainty exists
and that the financial statements do not adequately disclose the matter.
4.2.3 Going Concern Basis Is Inappropriate

If the financial statements are prepared on a going concern basis when that basis is
inappropriate, the auditor must express an adverse audit opinion and describe the
circumstance in the Basis for Adverse Opinion section. This is irrespective of any
disclosure made.
4.2.4 Management is Unwilling or Unable to Make or Extend Its

Assessment
If management is unwilling or unable to make or extend the required assessment, the
audit opinion may be qualified or disclaimed (e.g. because sufficient appropriate audit
evidence cannot be obtained).
Key Point
Inappropriate accounting treatments can NEVER be rectified by the disclosure of

accounting policies used or explanatory notes.
Example 1 Material Uncertainty
Material Uncertainty Related to Going Concern

We draw attention to Note X in the financial statements, which indicates
that the Company incurred a net loss of ZZZ during the year ended
December 31, 20X1, and, as of that date, the Company's current liabilities
exceeded its total assets by YYY. As stated in Note X, these events or
conditions, along with other matters as set forth in Note X, indicate that a
material uncertainty exists that may cast significant doubt on the
Company's ability to continue as a going concern. Our opinion is not
modified in respect of this matter.
Example 2 Inadequate Disclosure Qualified Opinion
Qualified Opinion
We have audited ... (no changes from standard wording)
In our opinion, except for the incomplete disclosure of the information
referred to in the Basis for Qualified Opinion section of our report, the
Example 2 Inadequate Disclosure Qualified Opinion
accompanying financial statements present fairly, in all material respects

(or give a true and fair view), the financial position of the Company as at
December 31, 20X1, and its financial performance and its cash flows for
the year then ended in accordance with International Financial Reporting
Standards (IFRSs).
As discussed in Note Y, the Company's financing arrangements expire and
amounts outstanding are payable on March 19, 20X2. The Company has
been unable to conclude re-negotiations or obtain replacement financing.
This situation indicates that a material uncertainty exists that may cast
significant doubt on the Company's ability to continue as a going concern.
The financial statements do not adequately disclose the matter.
We conducted our audit in accordance with International Standards on
Auditing (ISAs) … We believe that the audit evidence we have obtained is
sufficient and appropriate to provide a basis for our qualified opinion.
Example 3 Inadequate Disclosure Adverse Opinion
Adverse Opinion
We have audited ... (no changes from standard wording)
In our opinion, because of the omission of the information mentioned in
the Basis for Adverse Opinion section of our report, the accompanying
financial statements do not present fairly (or do not give a true and fair view
of), the financial position of the Company as at December 31, 20X1, and its
financial performance and its cash flows for the year then ended in
accordance with International Financial Reporting Standards (IFRSs).
Basis for Adverse Opinion
The Company's financing arrangements expired and amount outstanding
was payable on December 31, 20X1. The Company has been unable to
conclude re-negotiations or obtain replacement financing and is
considering filing for bankruptcy. This situation indicates that a material
uncertainty exists that may cast significant doubt on the Company's ability
to continue as a going concern. The financial statements do not adequately
disclose this fact.
We conducted our audit in accordance with International Standards on
Auditing (ISAs) … We believe that the audit evidence we have obtained is
sufficient and appropriate to provide a basis for our adverse opinion.
Activity 1 Audit Opinion Modifications

For each of the following six scenarios concerning the use of the going concern basis of
accounting:
a. suggest an appropriate audit opinion modification (if any); and
b. state the grounds for such a modification.
Scenarios
1. Based on the audit evidence obtained, no material uncertainty exists related to events or
conditions that may cast significant doubt on the company’s ability to continue as a going
concern.
2. The going concern assumption is appropriate but a material uncertainty exists that is
adequately disclosed.
3. As for (2) but disclosures are inadequate.
4. The going concern assumption is inappropriate but the financial statements have been
prepared on a going concern basis.
5. The going concern assumption is inappropriate and the financial statements have been
prepared on an alternative basis, which is adequately disclosed.
6. Management does not make a going concern assessment for a period covering at least 12
months from the end of the reporting period when asked to do so by the auditors.
Audit opinion
modification Grounds for modification
1. Unmodified. No modification.
2. Unmodified with
material uncertainty
related to going No grounds for modification. Significant doubt is
concern. conveyed in the material uncertainty section.
3. Qualified "except
for" or Adverse (if the
matter is pervasive). Material misstatement (inadequate disclosure).
Material misstatement (inappropriate basis of

4. Adverse preparation of the financial statements).
No grounds for modification. But it may be

appropriate or necessary to include an Emphasis
5. Unmodified or of Matter paragraph to draw the user’s attention
Unmodified with to the alternative basis of accounting and the
Emphasis of matter. reasons for its use.
Audit opinion
modification Grounds for modification
6. Qualified "except
for" or Disclaimer (if Inability to collect evidence (unless other
the matter is evidence dispels significant doubts). Limitation
pervasive). imposed by management.
4.3 Communication with Those Charged With Governance
When TCWG are not involved in managing entity, the auditor has a responsibility to
report to them any events or conditions that may cast doubt on the entity's ability to
continue as a going concern.
The communication should include:
 whether the events or conditions constitute a material uncertainty;
 whether the use of the going concern assumption is appropriate;
 the adequacy of the related disclosures in the financial statements; and
 where applicable, the implications for the auditor's report.
Syllabus Coverage

2. Going concern
1. Define and discuss the significance of the concept of going concern.
2. Explain the importance of and the need for going concern reviews.
3. Explain the respective responsibilities of auditors and management regarding going
concern.
4. Identify and explain potential indicators that an entity is not a going concern.
5. Discuss the procedures to be applied in performing going concern reviews.
6. Discuss the disclosure requirements in relation to going concern issues.
7. Discuss the reporting implications of the findings of going concern reviews.
Technical Articles
 Going concern
 The auditor's report (s.4.2)
Glossary
Glossary
A
Acceptable level – a level at which a reasonable and informed third party would
likely conclude that the professional accountant complies with the fundamental
principles.
Accounting records include
 the records of initial accounting entries and supporting records (e.g. records of electronic
fund transfers, invoices, contracts);
 the general and subsidiary ledgers, journal entries and other adjustments to the financial
statements that are not reflected in formal journal entries; and
 records such as work sheets and spreadsheets supporting cost allocations, computations,
reconciliations and disclosures.
Accounting estimate – an approximation of a monetary amount in the absence of a
precise means of measurement.
Analytical procedures – evaluations of financial information through analysis of
plausible relationships between both financial and non-financial data. Analytical
procedures also encompass such investigation as is necessary of identified fluctuations
or relationships that are inconsistent with other relevant information or that differ from
expected values by a significant amount.
Annual report – a document or combination of documents prepared annually by
management or TCWG to provide owners and stakeholders with information on the
entity's operations, financial results and financial position.
Anomaly – a misstatement or deviation that is demonstrably not representative of
misstatements or deviations in a population (e.g. because it arises from an isolated
event that has not reoccurred other than on specifically identifiable occasions).
Applicable financial reporting framework – the financial reporting framework adopted
by management in the preparation of the financial statements that is acceptable in view
of the nature of the entity and the objective of the financial statements or that is required
by law or regulation.
Assertions – representations, explicit or otherwise, with respect to the recognition,
measurement, presentation and disclosure of information in the financial statements
which are inherent in management representing that the financial statements are
prepared in accordance with the applicable financial reporting framework.
Asset – a present economic resource controlled by the entity due to past events.
Assurance engagement – an engagement in which a practitioner expresses a
conclusion designed to enhance the degree of confidence of the intended users, other
than the responsible party, about the outcome of the evaluation or measurement of a
subject matter against criteria.
Assurance services – independent professional services that improve the quality of
information or its context for decision-makers.
Audit documentation – the record of audit procedures performed, relevant audit
evidence obtained, and the auditor’s conclusions.
Auditor's expert – An individual or organisation with expertise in a field other than
accounting or auditing, whose work is used by the auditor in obtaining sufficient
appropriate audit evidence. (ISA 620)
Audit risk – the risk that the auditor expresses an inappropriate audit opinion when the
financial statements are materially misstated. It is a function of the risks of material
misstatement and detection risk. (ISA200)
Audit sampling – applying audit procedures to less than 100% of items in a population,
such that all sampling units have a chance of selection, in order to draw a conclusion
about the population.
Audit software – software ("computer audit programmes") specially designed for audit
purposes. It is used to process and analyse the client's data independently of the
client's program, to verify the system’s accuracy.
B
Best value – a duty to deliver services to clear standards – covering both cost and
quality – by the most effective, economic and efficient means available.
C
Capability – the ability to exercise competence.
"Close-call" scenario – identified events or conditions that may cast significant doubt
on an entity's ability to continue as a going concern exist, but on balance, after much
analysis, it is concluded that management’s mitigating plans are just about sufficient.
Competence – possession of a level of expertise.
Computer-assisted audit techniques (CAATs) – computer applications of audit
procedures.
Confidence level – the mathematical complement of risk (e.g. 5% risk = 95%
confidence).
Contingent asset – a possible asset that arises from past events and whose existence
will be confirmed only by the occurrence or non-occurrence of one or more uncertain
future events not wholly within management's control.
Contingent fees – fees calculated on a predetermined basis relating to the outcome of
a transaction or the result of the services performed.
Contingent liability –
 a possible obligation that arises from past events and whose existence will be confirmed
only by the occurrence or non-occurrence of one or more uncertain future events not wholly
within management's control; or
 a present obligation that arises from past events which cannot be recognised because:
1. an outflow of resources is not probable; or
2. the amount cannot be measured with sufficient reliability.
Control activities – the policies and procedures that help ensure that management
directives are carried out.
Control environment – the combination of an organisation's governance and
management functions and the attitudes, awareness and actions of TCWG concerning
internal control.
Control risk – the risk that a misstatement that could occur in an assertion and that
could be material (either individually or in aggregate with other misstatements) will not
be:
 prevented; or
 detected and corrected, on a timely basis, by the entity’s controls.
Corporate governance – the system by which business corporations are directed and
controlled. The corporate governance structure specifies the distribution of rights and
responsibilities among different participants in the corporation … and spells out the
rules and procedures for making decisions on corporate affairs. By doing this, it also
provides the structure through which the company objectives are set, and the means of
attaining those objectives and monitoring performance.
– OECD
Cost – includes:
 Purchase price, non-recoverable taxes (e.g. import duties), transport, handling and other
costs directly attributable to the acquisition of finished goods, materials and services.
 Direct production costs (including production overheads) for work-in-progress.
 Other costs only to the extent incurred in bringing the inventories to their present location
and condition (e.g. maturing costs for brandy, cheese, seasoned wood).
Customer service – the sum total of what an organisation does to meet customer
expectations and produce customer satisfaction.
D
Data analytics – the science of examining raw data to draw insights from it.
Deficiency – in internal control – exists when:
 A control is designed, implemented or operated in such a way that it is unable to prevent, or
detect and correct, misstatements in the financial statements on a timely basis; or
 A control necessary to prevent or detect and correct misstatements in the financial
statements on a timely basis is missing.
Detection risk – the risk that audit procedures performed to reduce audit risk to an
acceptably low level will not detect a misstatement that exists and that could be material
(either individually or in aggregate).
Direct assistance – the use of internal auditors to perform audit procedures under the
direction, supervision and review of the external auditor.
Direct control – controls that are precise enough to address risks of material
misstatement at the assertion level.
E
Engagement quality review – an objective evaluation of the significant judgments
made by the engagement team and the conclusions reached thereon, performed by the
engagement quality reviewer and completed on or before the date of the engagement
report.
Engagement quality reviewer – a partner, other individual in the firm, or an external
individual, appointed by the firm to perform the engagement quality review.
Error – unintentional mistakes in financial statements, including the omission of an
amount or disclosure.
Estimation uncertainty – the susceptibility of an accounting estimate and related
disclosures to an inherent lack of precision in its measurement.
Events after the reporting period – those events, both favourable and unfavourable,
that occur between the end of the reporting period and the date on which the financial
statements are authorised for issue.
– IAS 10 Events after the Reporting Period
External confirmation – audit evidence obtained as a direct written response to the
auditor from a third party in paper form, or by electronic or other medium.
F
Foreseeable future – a period of at least, but not limited to, 12 months from the end of
Fraud – an intentional act by one or more individuals that uses deception to obtain an
unjust or illegal advantage.
Fraud risk factors – events or conditions that indicate an incentive or pressure to
commit fraud or provide an opportunity to commit fraud.
G
General IT controls – controls over the IT processes that support the continued proper
operation of the IT environment, including the continued effective functioning of
information processing controls and the integrity of information (i.e. the completeness,
accuracy and validity of information) in the information system.
Going concern – an entity that will continue to operate for the foreseeable future and
has neither the intention nor the need to liquidate or significantly reduce the scale of its
operations.
I
Indirect control – controls that support direct controls.
Information processing controls – controls relating to the processing of information
in IT applications or manual information processes that directly address risks to the
integrity of information (i.e. the completeness, accuracy and validity of transactions
and other information).
Inherent risk factors – characteristics of events or conditions that affect susceptibility
to misstatement, whether due to fraud or error, of an assertion about a class of
transactions, account balance or disclosure, before consideration of controls. Such
factors may be qualitative or quantitative.
Inherent risk – the susceptibility of an assertion about a class of transaction, account
balance or disclosure to a misstatement that could be material (either individually or
when aggregated with other misstatements) before considering any related controls.
Intangible asset – an identifiable non-monetary asset without physical substance.
Internal audit – an independent, objective assurance and consulting activity designed
to add value and improve an organisation's operations. It helps an organisation
accomplish its objectives by bringing a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control and governance processes.
– Institute of Internal Auditors IIA
Internal auditing – an independent, objective assurance and consulting activity
designed to add value and improve an organisation’s operations. It helps an
organisation accomplish its objectives by bringing a systematic, disciplined approach to
evaluating and improving the effectiveness of risk management, control, and
governance processes.
– The Institute of Internal Auditors (IIA)
IT environment – the IT applications and supporting IT infrastructure, and the IT
processes and personnel involved in those processes, that are used to support
business operations and achieve business strategies.
K
Key audit matters (KAM) – those matters that, in the auditor's professional judgement,
were of most significance in the audit of the financial statements of the current period.
They are selected from matters communicated with TCWG.
L
Liability – a present obligation arising from past events, the settlement of which is
expected to result in an outflow of resources.
M
Management – individuals with executive responsibility for the conduct of the entity's
operations.
– ISA 260
Management's expert – An individual or organisation possessing expertise in a field
other than accounting or auditing, whose work in that field is used by the entity to assist
the entity in preparing the financial statements. (ISA 500)
Materiality – information is material if its omission or misstatement could influence the
decisions of primary users taken on the basis of the financial statements. Materiality
depends on the nature and/or size of the items to which the information relates. It is
entity specific.
Material – Information is material if its omission or misstatement could influence
decisions that the primary users of general purpose financial reports make on the basis
of those reports.
Material uncertainty – an uncertainty related to events or conditions which may cast
significant doubt on the entity's ability to continue as a going concern.
Misstatement (ISA 450) – a difference between the amount, classification, presentation
or disclosure of a reported financial statement item and what is required for that item in
accordance with the applicable financial reporting framework. Misstatements can arise
from error or fraud.
N
Net realisable value – the estimated selling price in the ordinary course of business,
less the estimated costs of completion and the estimated costs necessary to make the
sale.
Non-compliance – acts of omission or commission, intentional or unintentional,
committed by the entity, TCWG, management or other individuals working under the
direction of the entity, which are contrary to the prevailing laws or regulations. Non-
compliance includes personal misconduct related to business activities (e.g. accepting a
bribe from a supplier) but does not include personal misconduct unrelated to business
activities.
Non-sampling risk – arises from factors that cause the auditor to reach an erroneous
conclusion for any reason not related to the size of the sample. For example, the auditor
might use inappropriate procedures or misinterpret evidence and fail to recognise a
deviation or misstatement. (Judgmental selection is subject to non-sampling risk.)
Not-for-profit organisation (NFP) – an organisation that does not distribute its surplus
funds to owners or shareholders but instead uses them to help pursue its goals.
O
Objectivity – the possible effects that bias, conflict of interest or the influence of others
may have on the expert's judgment.
Obligating event – an event that creates a legal or constructive obligation that the
entity is bound to settle.
Other information – financial or non-financial information (other than the financial
statements and auditor's report) included in an entity's annual report.
Outsourcing – the process of contracting out one or more elements of operations to a
service provider outside of the organisation's management structure.
Owner-manager – a proprietor involved in the day-to-day running of a smaller entity.
P
Performance materiality – the amounts set by the auditor at less than materiality for
the financial statements as a whole to reduce to an appropriately low level the
probability that the aggregate of uncorrected and undetected misstatements exceeds
materiality for the financial statements as a whole.
Pervasive – effects on the financial statements which, in the auditor's judgement:
i.Are not confined to specific elements, accounts or items of the financial statements;
ii. If so confined, represent or could represent a substantial proportion of the financial
statements; or
iii. In relation to disclosures, are fundamental to users' understanding of the financial
statements.
Population – the entire set of data from which the auditor wishes to sample (e.g. all
items in an account balance or a class of transactions).
Preconditions for an audit – management and, where appropriate, TCWG use an
acceptable financial reporting framework to prepare the financial statements and agree
to the premise on which an audit is conducted.
Professional judgement – the application of relevant training, knowledge and
experience, within the context provided by auditing, accounting and ethical standards, in
making informed decisions about the courses of action that are appropriate in the
circumstances of the audit engagement.
Professional scepticism – an attitude that includes a questioning mind, being alert to
conditions that may indicate possible misstatement, and a critical assessment of
evidence.
Provision – a liability of uncertain timing or amount.
Public interest entity (PIE) – a listed entity, or an entity required by a regulator to be
audited as if it were listed, or an entity of significant public interest due to size or nature
of business.
Public interest – the collective well-being of the community of people and institutions
the professional accountant serves.
R
Reasonable assurance – a high, but not absolute, level of assurance.
Regulatory compliance – adhering to the rules and regulations applicable to an activity
prescribed by an external agency or authority.
Relevant assertion – an assertion about a class of transactions, account balance or
disclosure that has an identified risk of material misstatement.
Risk assessment procedures – audit procedures designed and performed to identify
and assess the risks of material misstatement, whether due to fraud or error, at the
financial statement and assertion levels
S
Safeguards – actions, individually or in combination, taken by the professional
accountant that effectively eliminate threats to compliance with the fundamental
principles or reduce them to an acceptable level.
Sampling risk – the risk that arises from the possibility that the auditor's conclusion,
based on a sample, may be different from the conclusion that would be reached if the
entire population were subjected to the same audit procedure.
Sampling unit – the individual items that constitute a population, for example, credit
entries on bank statements, sales invoices, trade receivable balances or a monetary
unit ($1).
Service organisation – a third-party organisation that provides services to user entities
that are likely to be relevant to user entities' internal control related to financial reporting.
Significant deficiency – a deficiency (or combination of deficiencies) that is of
sufficient importance to merit the attention of TCWG.
Significant risk – an identified risk of material misstatement:
 For which the assessment of inherent risk is close to the upper end of the spectrum of
inherent risk; or
 That is to be treated as a significant risk in accordance with the requirements of other ISAs.
Statistical sampling – any approach to sampling that has the following characteristics:
a. random selection of a sample; and
b. use of probability theory to evaluate sample results, including measurement of sampling
risk.
Stratification – the process of dividing a population into subpopulations, each of which
is a group of sampling units with similar characteristics (often monetary value).
Subsequent events – events occurring between the date of the financial statements
and the date of the auditor's report and facts that become known after the date of
the auditor's report.
– ISA560 Subsequent Events
System of internal control – the system designed, implemented and maintained by
TCWG, management and other personnel to provide reasonable assurance about:
 the reliability of financial reporting;
 the effectiveness and efficiency of operations; and
 compliance with applicable laws and regulations.
T
Test data – data (valid and invalid) generated by the auditor and processed through the
client's system to enable the auditor to assess the effectiveness of programmed
controls.
Test of controls – an audit procedure designed to evaluate the operating effectiveness
of controls in preventing, or detecting and correcting, material misstatements at
the assertion level.
Those charged with governance (TCWG) – individuals with responsibility for
overseeing the strategic direction of the entity and obligations related to the
accountability of the entity, including overseeing the financial reporting process.
Tolerable misstatement (in tests of details) – the highest misstatement that could
occur before the population would be considered materially misstated.
Tolerable rate of deviation (in tests of controls) – the highest deviation rate (i.e. the
proportion of items with deviations from controls) the auditor could accept and still
conclude that the design and operation of an internal control over the population is
effective.
U
Uncorrected misstatements – misstatements that the auditor has accumulated during
the audit and that have not been corrected.
V
Value for money auditing – the evaluation of management's achievements in terms of
the economy, efficiency and effectiveness (the "3 Es") of operations.
W
Walk-through test – the tracing of transactions through a financial system.
Written representations – a written statement by management provided to the auditor
to confirm certain matters or to support other audit evidence.
Written representations in this context do not include financial statements, the
assertions therein, or supporting books and records.

Aa Acca Study Hub Resources

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Aa Acca Study Hub Resources

Uploaded by

Copyright:

Available Formats

CHAPTER 1: Visual Overview

Objective: To introduce the concepts of audit and assurance engagements.

1.1.1 External Audit

Company law requires statutory (external) audits in the jurisdiction in which a

1.1.2 Internal Audit

Internal auditing – an independent, objective assurance and consulting

It helps an organisation accomplish its objectives by bringing a systematic,

Assurance services – independent professional services that improve the

Only audits and reviews of historical financial information are

1.2.1 As an Assurance Service

As an assurance service, an external audit must include the five elements of an

Applicable financial reporting framework – the financial reporting

These concepts were introduced in earlier examinations (Business and

Suggest FIVE responsibilities of company directors.

Describe the possible agency relationships between shareholders, directors and

Explain the accountability of auditors and directors to shareholders.

The role of the annual general meeting (AGM) in managing

1.2.3 Auditor's Report

The objective of an audit of financial statements is:

2.3.1 Management and Auditor’s Responsibility

2.3.2 International Standards on Auditing (ISA)

2.3.3 Ethical Requirements

2.3.4 Reasonable Assurance

Reasonable assurance – a high, but not absolute, level of assurance.

Material – Information is material if its omission or misstatement could

2.3.6 Professional Judgment

Professional judgement – the application of relevant training, knowledge

Professional judgment is essential to the proper conduct of an audit.

Professional judgment is necessary in particular:

2.3.7 Professional Scepticism

Professional scepticism – an attitude that includes a questioning mind,

Professional scepticism includes being alert to, for example:

2.3.8 "True and Fair View"

1.2.4 The Audit Process

2.4.1 Audit Cycle

The auditor must send all clients an engagement

Planning audit work is essential to performing it to the

To determine audit strategy and the nature, timing and

Internal controls Regardless of the audit approach, the auditor must

Control If the auditor decides to rely on the system of internal

All material assertions relating to balances transactions

Audit working papers must be reviewed to ensure that

The auditor asks management to formally acknowledge its

2.4.2 Relational Diagram

Assurance engagement – an engagement in which a practitioner expresses a

1.3.2 Five Elements of an Assurance Engagement

1.3.3 Types of Assurance Engagement

There are two types of assurance engagements:

3.3.1 Reasonable Assurance Engagement

3.3.2 Limited Assurance Engagement

Reasonable assurance cannot be given in these circumstances.

This would be a limited assurance engagement. Although there is a Code of Business

1.3.4 Evidence Gathering Procedures and Reports

3.4.1 Reasonable Assurance Engagement

3.4.2 Limited Assurance Engagement

Confirmations, recalculations and tests of controls, for example, will not be

1.3.5 Review Engagements

A review of historical financial information is a limited assurance engagement. The

This is a negative form of a report that provides limited assurance.

In a review engagement, the practitioner obtains sufficient appropriate evidence

Exhibit 1 Standard Review Report

This chapter covers the following Learning Outcomes.

CHAPTER 2: Visual Overview

Objective: To describe the regulatory framework in which external (statutory) audits