ICAEW Assurance

ICAEW
ASSURANCE
BISC TRAINING CENTER
Ha Long Giang, ACA, FCCA, CPA
www.bisc.edu.vn
0912 66 1988
training@bisc.edu.vn
Assurance
INTRODUCTION
1
1. PAPER INTRODUCTION
Paper Background
The aim of ICAEW Assurance is to ensure that students understand the

assurance process and fundamental principles of ethics, and are able to
contribute to the assessment of internal controls and gathering of
evidence on an assurance engagement.
Specification grid
This grid shows the relative weightings of subjects within this module and
should guide the relative study time spent on each. Over time the marks
available in the assessment will equate to the weightings below, while
slight variations may occur in individual assessments to enable suitably
rigorous questions to be set.
Weighting (%)
The concept, process and need for assurance 20
Internal controls 25
Gathering evidence on an assurance engagement 30
Professional ethics 35
100
2
Method of assessment
The Assurance modules will be examined using computer based e-assessments.

Each computer based assessment will be 1.5 hours in length.
An example of the e-assessment can be found on the ICAEW website under the
student section; www.icaew.co.uk.
Each assessment will contain 50 questions worth 2 marks each, the total
assessment being 100 marks. Each question will therefore have a time allocation
of approximately 1.8 minutes. You will probably find some questions will take in
excess of 1.8 minutes to complete whilst others will take less, however you are
advised to monitor the overall time taken on questions throughout your
assessment
The examiner will specify how many options to select if more than one option is
required.
2. ASSURANCE - CONTENT
Chapter 1. Concept of and need for assurance
Chapter 2. Process of assurance: Obtaining an engagement
Chapter 3. Process of assurance: planning an assignment
Chapter 4. Evidence and Reporting
Chapter 5. Introduction to internal control
Chapter 6. Revenue system
Chapter 7. Purchases system
Chapter 8. Employee costs
Chapter 9. Internal Audit
Chapter 10. Documentation
Chapter 11. Evidence and sampling
Chapter 12. Written representations
Chapter 13. Substantive procedures
Chapter 14. Codes of Professional ethics
Chapter 15. Integrity, objective and independence
Chapter 16. Confidentially
3
See you next lesson!
7
ICAEW
ASSURANCE
www.bisc.edu.vn
0912 66 1988
4
Chapter 1
CONCEPT OF AND NEED

FOR ASSURANCE
OUTCOME
By the end of this session you should be able to:
explain the concept of assurance
recognise the elements and subject matter of an assurance engagement
explain the different levels of assurance
appreciate the benefits of assurance reports and why users require them
compare the different responsibilities of the parties involved in an
assurance engagement
identify examples of the 'expectations gap'
and answer questions relating to these areas
10
5
OVERVIEW
WHAT IS ASSURANCE?
Elements of Elements of Elements of Elements of

assurance assurance assurance assurance
Limited Audit
Reasonable Reasonable
11
1. ELEMENTS OF ASSURANCE
An assurance engagement is one in which a practitioner

expresses a conclusion designed to enhance the degree of
confidence the intended users other than the responsible
party have about the outcome of the evaluation or
measurement of a subject matter against criteria
12
6
Key elements
Practitioner Auditor, Assurance firm

3 Party Involvement Intended user Depends on the assignment
Responsible party Usually the directors
E.g. financial statements,

Subject Matter
other financial data, systems
E.g. accounting standards

Suitable Criteria
UK Corporate Governance Code
Evidence Sufficient and appropriate
Written Report Conclusion or opinion
13
Test your understanding
For a statutory audit assignment, list the following:

The 3 parties involved.
The subject matter.
The criteria
For a statutory audit assignment, list the following:

The 3 parties = auditor, directors, shareholders.
The subject matter = the financial statements.
The criteria = law and accounting standards
14
7
Levels of assurance
There are two key levels of assurance you need to be aware of.
It is important to determine the level of assurance required as this will
determine the amount of evidence required to support the conclusion in
the report. ……………………………………………………………………………………………….
15
Limited assurance Reasonable assurance
High but not absolute level

Moderate/low level of assurance
of assurance
Conclusion expressed negatively Conclusion expressed positively
E.g. an engagement to review E.g. the audit of financial

interim accounts statements
‘Based on our review, nothing has

come to our attention that causes us ‘In our opinion, the financial
to believe that the accompanying statements show a true and fair view.
interim financial information does
not give a true and fair view.
16
8
2. TYPES OF ASSURANCE ENGAGEMENT
Different types of engagement
The following are some examples of assurance engagements:

Statutory audit
Fraud investigations
Due diligence
Internal controls assessment
Business plan/projection reviews
Environmental
17
Statutory audit
A common type of assurance engagement is the audit of a company’s financial statements.
In the UK, audits are governed by:
Companies Act 2006
International Standards on Auditing (ISAs).
ISA 200 states that the overall objectives of the auditor are:
to obtain reasonable assurance about whether the financial statements as a whole are
free from material misstatement, whether due to fraud or error
to express an opinion on whether the financial statements are prepared, in all material
respects, in accordance with an applicable financial reporting framework.
In order to comply with these requirements, the auditor must:
Comply with relevant ethical requirements.
Plan and perform the audit with professional scepticism.
Exercise professional judgement.
Obtain audit evidence that is sufficient and appropriate on which to base their opinion.
18
9
Professional scepticism is an attitude that includes a questioning mind, being alert

to conditions which may indicate possible misstatement due to error or fraud, and
a critical assessment of audit evidence.
Professional judgement is the application of relevant training, knowledge and
experience in making informed decisions about the courses of actions that are
appropriate in the circumstances of the audit.
Legal requirements
Companies Act 2006 exempts small private limited companies from a mandatory
audit if they satisfy two out of the following three criteria:
Periods beginning on or after 1 January 2016

Employees No more than 50
Turnover Does not exceed £10.2m
Total assets Does not exceed £5.1m
19
An auditor must
Be a member of Recognised
Not be ineligible
Supervisory Body (RSB)
Required to have rules to ensure Companies Act 2006 prohibits a

those eligible for appointment as person being the auditor of a
a company auditor are either: company if s/he is:
Individuals holding an An officer or employee of the
appropriate qualification or company
Part of a firm controlled by A partner or employee of the
qualified persons. above.
20
10
3. BENEFITS AND LIMITATION
OF ASSURANCE
Why is assurance important?
The following are the benefits of carrying out assurance:

Independent scrutiny of the business by experts
Added credibility
By-products/subsidiary benefits (e.g. fraud deterrent)
Draws attention to issues (including ethical issues)
Reduces risk of management bias.
21
3. BENEFITS AND LIMITATION

OF ASSURANCE
Limitations of assurance
We saw earlier that reasonable assurance is a high, but not absolute,
level of assurance. We cannot give 100% assurance for reasons including:
Sampling – we do not review 100% of transactions
Inherent limitations of systems that produce the financial information
Evidence is generally persuasive not conclusive
Collusion to defraud
Financial information includes subjective and judgemental matters
Use of management representations as evidence may be unavoidable.
22
11
4. THE EXPECTATIONS GAP
Many shareholders and members of the public do not understand the
nature of a statutory audit.
As they may rely on the auditor’s report on the financial statements of the
companies they own shares in, are employed by, or trade with, these
misunderstandings can cause problems for the auditing profession.
Examples of these misunderstandings include the perception that:
The auditor detects all fraud and error
The auditor tests 100% of transactions
The auditor verifies the accuracy of the financial statements
The company is guaranteed to continue to trade for the foreseeable
future if a true and fair opinion is issued
The Statement of Financial Position shows the true value of the company
23

24
24
12
ICAEW
ASSURANCE
www.bisc.edu.vn
0912 66 1988
25
Chapter 2
PROCESS OF ASSURANCE:
OBTAINING AN ENGAGEMENT
26
13
OUTCOME
explain how assurance firms obtain work
identify the key issues to be considered before accepting engagements
describe the contents and purpose of a letter of engagement
and answer questions relating to these areas.
27
OVERVIEW
Methods
OBTAINING AN
ENGAGEMENT
Procedures after
Considerations accepting the
prior to acceptance engagement
Appointment Money
Sources of
decision laundering
information
process check
28
14
1. METHODS OF OBTAINING AN
ENGAGEMENT
There are two key methods of obtaining an engagement:
Tender
Advertising (subject to ethical guidance which is not in the
Assurance syllabus).
In your exam, questions about obtaining an engagement will be in
the context of an accountant being invited by a potential client to
accept an engagement.
29
2. CONSIDERATION PRIOR
TO ACCEPTANCE
Key elements
Before we are able to accept appointment we will have to satisfy

ourselves that we have considered the following:
Are we professionally qualified to act (are there legal or ethical issues
that would prevent us from accepting appointment)?
Have we communicated with the existing or previous auditors?
Do we have adequate resources available?
Have we fulfilled the requirements to comply with the Money
Laundering Regulations 2007 (client due diligence)?
Have we assessed the level of management integrity?
Have we assessed the level of risk?
30
15
TO ACCEPTANCE
You work for Star LLP, a small firm of accountants with fou partners and two offices in
York and Newcastle.
The firm has been approached by two potential clients.
Thomas Ltd
Thomas Ltd has just sacked its auditors due to a disagreement over the valuation
of its properties, and has put the audit out to tender. The company has invited a
large number of firms to tender, in the hope that competition will keep the audit
fee low. The Managing Director is the sole shareholder with a reputation for
being a very persuasive character. You are aware that:
The Finance Director has recently left and is claiming constructive
dismissal after having problems working with the MD.
Several members of staff have left the company after a short period of time
and it now uses a number of temporary staff in its admin and finance
departments.
Thomas Ltd has outlets in 30 locations across England and Wales, with its head
office in York.
31
TO ACCEPTANCE
James Ltd
This three year old company is expanding quickly, and has good results, a
sound financial position and is owned and managed by an experienced Board
of Directors following a management buyout from a large international group.
James Ltd is looking for a firm of accountants that can help them expand from
Yorkshire into the north-east of England.
The previous auditor is a retiring sole practitioner, and being a long-standing

friend of Star LLP’s managing partner, he has recommended the firm to
James Ltd.
From the information provided, what factors would you consider in

deciding whether to proceed further with the opportunities to work with
Thomas Ltd or James Ltd?
32
16
TO ACCEPTANCE
The following factors should be considered in relation to the potential clients:
Thomas Ltd
Disagreement with the previous auditor may suggest a client that is difficult to
work with, although valuation is a subjective area so we need more information as
our firm may come to a different conclusion to the previous auditors.
From a commercial point of view, competition in the tender process may mean
the ‘winning’ audit fee is so low that the audit is not worth taking on. This may
also indicate management’s view that the audit is not worthwhile, which may
make it more difficult to obtain the necessary information and explanations.
The dominant director/shareholder may be difficult to work with.
The lack of a Finance Director, coupled with high staff turnover and temporary
staff in the accounts department, increases the risk of errors and misstatements in
the financial statements, and may make it harder to obtain the information and
explanations required for the audit.
The geographical spread of Thomas Ltd may be a challenge for a small audit firm,
so the availability of staff for e.g. inventory counts should be considered.
33
TO ACCEPTANCE
James Ltd
The information suggests the company has stable management and
is a good fit with Star LLP. The only concern at this stage is that the
firm may require more than just an audit (“...looking for a firm of
accountants that can help them expand...”) so we will need to be
clear about the work involved in an audit.……………………………………….
34
17
TO ACCEPTANCE
Sources of information relating to new clients
Some of the consideration of appointment will require information on

the client to be obtained
Client External Auditor
Financial statements Credit ratings Previous auditor
Internal audit reports Bankers, solicitors
Management accounts Laws and regulations
Internet search
35
TO ACCEPTANCE
Appointment decision chart
Prospective auditors will contact the previous auditors to

ascertain whether there is anything which would prevent them
from accepting nomination. The following illustration charts the
decision process:
36
18
TO ACCEPTANCE
Appointment decision chart
Approach by potential new

audit client
Yes Prospective auditors can
Is this the first audit?
make own decisions
Does client give permission to
contact old auditor? No
Yes
Prospective auditor should
Request all relevant information normally decline the
appointment
Does client give old auditor No
permission to reply?
Yes
Chase response. If no reply
Does old auditor reply with No
decide on appointment using
relevant information?
available information
Yes
Accept/reject appointment
37
TO ACCEPTANCE
Which one of the following would most likely lead you to decline the
appointment as auditor of a prospective new client?
The previous year's accounts were regarded as not showing a true
and fair view by the outgoing auditors.
The client asked that you have no contact with the outgoing
auditor, as the two parties are currently in dispute.
The assignment would involve a higher degree of risk than most of
your existing clients.
The answer is: The client asked that you have no contact with the
outgoing auditor, as the two parties are currently in dispute.
38
19
TO ACCEPTANCE
Money laundering check
To comply with the Money Laundering Regulations 2007, correct

identification needs to be obtained before appointment. This is known
as client due diligence.
Individuals Companies
Photographic identification and Identification from Companies House
other documents confirming name
and address
Client identification documents must be kept for a minimum of 5 years

and until 5 years have elapsed since the relationship with the client has
ceased
39
3. PROCEDURES AFTER
ACCEPTING THE ENGAGEMENT
Overview
Ensure outgoing auditors' removal/resignation has been

properly conducted.
Ensure new auditors' appointment is valid.
Prepare and submit a letter of engagement to the directors of
the company.
Audit engagement letters
Audit engagement letters are issued after the auditors have

accepted nomination
40
20
3. PROCEDURES AFTER
Purpose and practicalities
Define the extent of firm’s and management’s responsibilities

Minimise potential for misunderstanding between client and firm
Provide written confirmation of:
- the firm’s acceptance of appointment
- the scope of the engagement
- the form of reports to be issued
Send to all clients
Send as soon as possible after appointment.
Note that engagement letters are used for all kinds of assurance
engagements, not just statutory
41
3. PROCEDURES AFTER
Contents
The contents of an engagement letter are covered in ISA 210

Must include May include other items e.g.
Objectives of work/ Inherent limitations of the engagement
auditor’s responsibilities Expectation re: written management
Management’s responsibilities representations
Scope of work Confidentiality/restricted circulation/use
Form of any reports of report
Level of access to books Arrangements re: reliance on internal audit
and records Restrictions on auditor’s liability (if possible)
Reporting framework. Basis of fee calculations.
42
21
3. PROCEDURES AFTER
Engagement letters should be sent to: (PICK ONE)

Only audit clients
Only listed clients
All new clients going forward
All new clients and existing clients where one has not been
previously sent
The answer is: All new clients and existing clients where one has not
been previously sent.
43

44
44
22
ICAEW
ASSURANCE
www.bisc.edu.vn
0912 66 1988
45
Chapter 3
PLANNING THE ASSIGNMENT
46
23
OUTCOME
define the overall audit strategy and audit plan
explain the need to obtain an understanding of the entity and its
environment
identify suitable sources of information to obtain this understanding
define and apply the concept of materiality
define and apply the audit risk model and its components
use basic analytical procedures
distinguish between fraud and error
explain the difficulties involved in auditing related party transactions
and answer questions relating relating to these areas.
47
OVERVIEW
Planning
process
PLANNING THE
ASSIGNMENT
Understand Analytical
Materiality Risk
the entity procedures
Fraud & Related

error parties
48
24
1. THE PLANNING PROCESS
Overview
Audit strategy: Determines scope, timing and

direction of audit and determines the
Increasing development of the audit plan
level
of
detail
Audit plan: Shows how the overall strategy will
be implemented
49
Audit strategy
The key components of the audit strategy are:

Understanding the entity and its environment
Materiality
Risk assessment
Nature, extent and timing of audit procedures
Direction, supervision and review of work
Other matters .
50
25
Audit plan
An audit plan shows how the overall audit strategy will be implemented.
The auditor is responsible for carrying out audit procedures in order to
obtain sufficient appropriate audit evidence to support his opinion.
These procedures may be discussed with the client in order to plan
effectively.
Audit planning ensures:
Attention is paid to the most important areas
Potential problems are identified
The audit is properly organised and managed
Work is assigned to the appropriate member of the audit team
Appropriate direction and supervision of audit team members
Reviews by more senior auditors are facilitated
51
2. UNDERSTANDING THE ENTITY

ISA 315 requires the auditor to gain an understanding of the entity.
Why?
To assess risk
To help design and perform audit procedures
To develop the audit strategy and plan.
52
26
What?
ISA 315 details the following aspects as important in gaining an

understanding of the business:
Industry, regulatory, and other external factors, including the
applicable financial reporting framework
Nature of the entity, including the entity’s selection and application
of accounting policies
Objectives and strategies and the related business risks that may
result in a material misstatement of the financial statements
Measurement and review of the entity’s financial performance
Internal controls
53

How?
ISA 315 requires the auditor to use the following:

Enquiries of management and other client staff
Analytical procedures
Observation of processes
Inspection of documents or assets
Prior knowledge of the client
Discussions among the audit team.
54
27
3. MATERIALITY
Importance of materiality in the audit
The standard audit report sets out the scope of an audit stating that the
engagement involves “...reasonable assurance that the financial
statements are free from material misstatement...”
The concept of materiality plays a key role in an audit engagement.
55
3. MATERIALITY
Definition
Materiality is defined as an expression of the relative significance of a

particular matter in the context of the financial statements as a whole.
A matter is material if its omission or misstatement could influence the
economic
Performance materiality
The amount set by the auditor at less than materiality for the financial
statements as a whole to reduce to an appropriately low level the
probability that the aggregate of uncorrected and undetected
misstatements exceeds materiality for the financial statements as a
whole.
56
28
3. MATERIALITY
Using materiality
At the planning stage, materiality drives the level of work to be carried

out e.g. whether to test a balance at all, sample sizes.
During the audit, materiality influences the evaluation of audit evidence
e.g. if the auditor discovers a material misstatement then an adjustment
to the financial statements should be requested.
57
3. MATERIALITY
Identifying materiality
Deciding on whether a matter is material or not depends on the auditor’s
judgement.
An item, error or misstatement may be:
Material because of its size (see thresholds below)
Material because of its nature e.g. transactions between the company and its
directors must be disclosed in the accounts, and because of the nature of
these transactions they are considered material regardless of their size.
At the planning stage, a level of planning materiality will be calculated. Different
firms have different methods of calculating materiality but the following
thresholds can be used for the exam:
Item in the financial statements %
Profit before tax 5–10
Revenue ½–1
Total assets 1–2
58
29
4. RISK ASSESSMENT
Importance of risk assessment
Auditors usually adopt a risk-based approach to auditing.

Risk is assessed at planning stage but re-assessed continually
throughout the audit.
Effective risk assessment should:
- Make the audit more efficient with work directed to likely problem
areas
- Lead to fewer inappropriate opinions
- Result in fewer negligence claims against the auditor
59
4. RISK ASSESSMENT
The audit risk model
AUDIT RISK = Inherent risk x Control risk x Detection risk
Audit risk is the risk that the auditor arrives at an inappropriate

opinion on the financial statements e.g. states that the financial
statements show a true and fair view when actually there is a
material misstatement.
60
30
4. RISK ASSESSMENT
The audit risk model
Audit risk has two elements
Risk that the financial statements contain Risk that the auditor fails to detect any
a material misstatement Material misstatements
How can this occur? How can this occur?
Misstatement Client controls do Insufficient work

occurs in the not prevent or Inappropriate work
first place detect misstatement Poor judgement
Inherent risk Control risk Detection

(IR) (CR) risk (DR)
61
4. RISK ASSESSMENT
Inherent risk
The susceptibility of a transaction, account balance or disclosure to

material misstatement, irrespective of the internal controls in place.
Industry level Entity level Balance level

 Affects the whole  Affects the whole entity  Isolated to a particular
industry  e.g. company may not be account balance
 e.g. highly regulated a going concern,  e.g. items which are
industries such as management get profit complex or subjective
banking related bonuses
62
31
4. RISK ASSESSMENT
Control risk
The risk that a material misstatement would not be prevented,

detected or corrected by the accounting and internal control systems.
Details of controls are covered in Chapters 5 – 8.
Detection risk
The risk that the auditor’s procedures will not detect a misstatement
that exists in an account balance or class of transactions that could
be material, either individually or when aggregated with
misstatements in other balances or classes.
63
4. RISK ASSESSMENT
Illustration: managing audit risk
Audit risk = Inherent risk × Control risk × Detection risk
HIGH HIGH
In order to maintain an acceptable level of audit risk, DR must be low.

This can be achieved by e.g.
More audit work
Increased sample size
More reviews.
64
32
4. RISK ASSESSMENT
Significant risks
Significant risks require special consideration. ISA 315 identifies the

following indicators of significant risk:
Fraud (see later on in chapter)
Significant accounting, economic or other developments
Complexity
Related party transactions (see later on in chapter)
Subjectivity
Unusual transactions
65
5. FRAUD AND ERROR
Definition
Error: an unintentional misstatement in financial statements,

including the omission of amounts or disclosures.
Fraud: an intentional act involving the use of deception to obtain an
unjust or illegal advantage.
Characteristics of fraud
ISA 240 identifies two categories of fraud that are of concern to auditors:
Misappropriation of assets means theft e.g. the creation of ghost
employees to divert company funds into a personal bank account or
theft of inventory.
Fraudulent financial reporting involves intentionally manipulating
the financial statements to deceive financial statement users.
66
33
5. FRAUD AND ERROR
Responsibilities for fraud and error
Management responsibilities
The primary responsibility for the prevention and detection of fraud rests with
those charged with governance of an entity and with management.
This should be achieved by the design and implementation of an effective system
of internal control.
Auditor responsibilities
Auditors are required to provide reasonable assurance that the financial
statements are free from material misstatement, whether caused by fraud or
error. In order to meet this responsibility, auditors must plan, perform and
review audits in light of the risk of misstatement due to fraud.
There is an unavoidable risk that some material misstatements may not be
detected. This risk is greater in relation to misstatement due to fraud, rather
than error, because of the potentially sophisticated nature of organised criminal
schemes.
67
6. RELATED PARTY
A related party is an individual or organisation who is influenced by,
or has influence over the entity. Transactions with related parties
might take place for reasons other than the entity’s normal business.
There is nothing wrong with an entity dealing with a related party.
However, dealing with related parties increases the potential for the
financial results to be manipulated as transactions may be carried out
on a basis other than 'arm’s length'. In these circumstances it is
appropriate for such transactions to be brought to the attention of
shareholders.
Related parties are often difficult to identify in practice. It can be hard to establish
exactly who, or what, are the related parties of an entity. Other problems which may
arise include the following:
Directors may be reluctant to disclose transactions, particularly in the case of
family members.
Transactions may not be easy to identify from the accounting systems because
they are not separately identified from ‘normal’ transactions.
Transactions may be concealed in whole, or in part, from auditors for
fraudulent purposes.
68
34
7. ANALYTICAL PROCEDURES
Definition
Analytical procedures involve the evaluation of financial information through
analysis of plausible relationships among both financial and non-financial data.
Analytical procedures also encompass such investigation as is necessary of
identified fluctuations or relationships that are inconsistent with other relevant
information or that differ from expected values by a significant amount.
Preliminary analytical procedures
ISAs 315 and 520 cover the use of analytical procedures during the audit:
Must be used at planning to identify risk ISA 315.
Can be used as a form of substantive procedure to gather audit evidence
ISA 520.
Must be used to assist in forming an overall conclusion on the financial
statements ISA 520
69
Analytical procedures are useful at the planning stage in giving an
overall perspective on the financial statements using both financial and
non-financial data, but there are limitations:
They require a sound knowledge/experience of the entity which may
be limited in a first-year audit.
Experienced staff may be required to carry them out.
The quality of analytical procedure depends upon the reliability of
source data.
70
35
HOW TO PERFORM ANALYTICAL PROCEDURES?
Compare Unexpected
Understand Develop an
actual to variations
the business expectation
expectation = risk
Sources of information
Analytical procedures require sound knowledge; therefore information about the
client is important.
Possible sources include:
interim accounts board minutes
Budgets non-financial information e.g. personnel records
management accounts discussion or correspondence with client
VAT returns industry knowledge
71
Calculations
The process of performing analytical procedures involves calculations of
amounts that can then be compared with prior year, budget, industry averages
or other plausible benchmarks.
Calculations range from simple trends (e.g. % increase in revenue over the last
year) to more complex ratio analysis.
You may need to use the following accounting ratios as part of your analytical
procedures:
72
36
Heading/ratio Formula Purpose

Performance Profit before interest and tax × 100
Effective use of resources.
Return on capital employed Equity + net debt
Return on Net profit for the period × 100
Effective use of resources.
shareholders’ funds Share capital + reserves
Assess profitability before
Gross profit × 100
Gross profit margin taking overheads
Revenue into account.
Cost of sales × 100 Assess relationship of

Cost of sales percentage
Revenue costs to revenue.
Operating costs/ overheads × 100 Assess relationship of

Operating cost percentage
Revenue costs to revenue.
Assess profitability after

Net margin/ Profit before interest and tax × 100
taking overheads into
operating margin Revenue account.
73
Assess ability to pay

Short-term liquidity Current assets
current liabilities from
Current ratio Current liabilities reasonably liquid assets.
Assess ability to pay current

Quick ratio Receivables + Current investments + Cash
liabilities from most liquid assets.
Current liabilities
Net debt
Long-term solvency Equity Assess reliance on
Gearing ratio Profit before interest payable external finance.
Interest payable
Revenue
Capital employed
Trade receivables × 365 Assess ability to pay
Interest cover
Credit revenue interest charges.
Trade payables × 365

Credit purchases
Efficiency Inventory × 365 Assess revenue generated

Net asset turnover Cost of sales from asset base.
74
37
You are planning the audit of Cheviot Ltd for 2018 and have received extracts from
the accounts.
Cheviot Ltd: Year ended 31 December 2018 draft (£000) 2017 audited (£000)
Extracts from the statement of profit or loss
Revenue 2,200 2,000
Cost of sales (1,450) (1,400)
Gross profit 750 600
Admin costs (150) (140)
Distribution overheads (150) (120)
Marketing & advertising (60) (90)
Profit before interest 390 250
Interest expense (200) (10)
Extracts from the statement of financial position
Non-current assets 2,900 1,500
Trade receivables 271 170
Cash – 100
Bank loan and overdraft 2,000 100
Trade payables 111 120
75
Cheviot Ltd manufactures and sells garden furniture. During 2018, a bank
loan of £1.75m was taken out to expand the company's manufacturing
operations in Scotland.
The Finance Director has explained the key business developments in 2018:
the launch of a new range of wooden furniture; and
the sale of tables and benches to a chain of 82 pubs, a major new client
who secured a significant discount on Cheviot's standard prices.
Carry out suitable preliminary analytical procedures in order to identify
possible risk areas for your audit.
76
38
Revenue growth is 10%

Growth is consistent with the launch of the new product range, and the
win of the pub chain client.
Gross profit margin in 2018 is 34.1% (2017: 30%)
Gross profit has risen more quickly than revenue (i.e. by 25%).
This is inconsistent with the Finance Director’s explanation that the
major new customer negotiated a significant discount, which would be
expected to lead to a lower gross profit margin assuming costs remained
the same.
This could be due to higher margins on the new product lines, or bulk
discounts being secured on purchases as the business has grown, but
could also be due to an accounting error.
77

Interest cover in 2018 is 1.95 times (2017: 25 times)
Given the new loan of £1.75m, it is not surprising that the interest charges
are now using up much more of Cheviot’s profit.
Banks often require a certain level of interest cover to be met in order to
secure their continued support – the exact level will vary but 3x is not
unusual, so we need to check whether Cheviot Ltd is in breach of the
bank’s requirements.
There is no cash (2017: £100k) and the bank loan and overdraft is up from
£100k to £2m
The increase in loan/overdraft is £1.9m, and as we know the new loan is
£1.75m this must reflect a £150k increase in the overdraft.
The company may be approaching its overdraft limit, and could be in
danger of running out of cash in the near future.
78
39

Trade receivables days are 45 (2017: 31 days)
The company is taking longer to recover cash from its customers.
This could be due to longer credit terms being negotiated with the pub
chain customer.
However it might be due to poor credit control, and possibly
irrecoverable debts.
Trade payables days are 28 (2017: 31 days) calculated using cost of sales
rather than credit purchases.
There is a slight reduction in payables days, which could be due to
changing terms offered by suppliers, but could also be due to an
accounting error.
79

Summary – possible audit risks requiring attention when carrying out audit procedures
The higher gross profit margin could suggest overstated revenue or understated cost
of sales.
The increase in borrowings and interest cover may cast doubts over the company’s
ability to continue in business (we call this going concern risk).
The increase in trade receivables days may indicate irrecoverable debts, i.e.
overstated receivables.
The reduction in payables days could indicate an understatement in payables.
Note:
The detailed audit procedures that will be carried out will allow us to determine whether
the causes of the movements seen in the accounts are valid business reasons, or material
misstatements.
The questions in the Assurance exam will focus on small parts of the process of using
analytical procedures.
80
40
81
81
ICAEW
ASSURANCE
www.bisc.edu.vn
0912 66 1988
82
41
Chapter 4
EVIDENCE AND REPORTING
83
OUTCOME
describe the process of assurance and reporting
apply the rules relating to the collection of evidence
distinguish between substantive testing and tests of controls
identify the differences between auditors’ reports and other
assurance reports
84
42
OVERVIEW
PROCESS OF ASSURANCE
AND REPORTING
EVALUATE
OBTAINING CONCLUDING
RESULTS OF
EVIDENCE AND REPORTING
AUDIT WORK
Basic rules Audit Other
APPROACH
Test of Substantive
controls procedures
85
1. OBTAIN EVIDENCE
Basic rules
Evidence must be
Sufficient (quantity) Appropriate (quality)
Depends on factors such as

Risk Reliable Relevant
Materiality
Level of assurance to be given Format Proves one or more
Original/written of the financial
Source Copy statement
Auditor generated Oral assertions
Third party
Client
86
43
1. OBTAIN EVIDENCE
Transactions that have been recorded

Occurrence
have occurred and pertain to the entity.
All transactions that should have been

Completeness
recorded have been recorded.
Assertions about
classes of Amounts have been recorded
transactions and Accuracy
appropriately.
events, and
Transactions have been recorded in the
related Cut-off
correct accounting period.
disclosures, for
the period under Transactions have been recorded in the
Classification
audit proper accounts.
Transactions and events are appropriately
aggregated and clearly described, and
Presentation
related disclosures are relevant and
understandable.
87
1. OBTAIN EVIDENCE
Existence Assets, liabilities and equity interest exist.
Rights and The entity owns the assets, and liabilities are
obligations the obligations of the entity.
All assets, liabilities and equity interests that

Assertions about Completeness
should have been recorded have been recorded.
account balances,
and related Accuracy, Assets, liabilities and equity interests are
disclosures, at the valuation included in the
period end and allocation financial statements at appropriate amounts.
Assets, liabilities and equity interests have been
Classification
recorded in the proper accounts.
Assets, liabilities and equity interests are
appropriately aggregated and clearly described,
Presentation
and related disclosures are relevant and
understandable.
88
44
1. OBTAIN EVIDENCE
Illustration
Financial statement assertions

2018 2017
Year ended 30 June
£000 £000
Non-current assets 2,650 2,280
In this extract from the financial statements the directors assert that:
these assets EXIST at 30/6/18
the assets are OWNED by the company
£2.65m is an appropriate VALUE for the assets
all of the company's non-current assets are included i.e. figure is COMPLETE.
89
1. OBTAIN EVIDENCE
Decide whether the comparisons of different types of audit evidence are

true or false.
True False
A sales invoice is not as reliable as a purchase invoice
A bank statement from the client’s file is more reliable

than a bank letter sent directly to the auditor
An explanation from the client is more reliable when

received in an email than a phone call
90
45
1. OBTAIN EVIDENCE
Test your understanding (a)
True False
A sales invoice is not as reliable as a purchase invoice X
A bank statement from the client’s file is more reliable

X
than a bank letter sent directly to the auditor
An explanation from the client is more reliable when

X
received in an email than a phone call
91
1. OBTAIN EVIDENCE
Audit approach
Tests of control Substantive testing

Test the system that gets the numbers Test the numbers in the financial
into the financial statements statements
Procedures including enquiry, Procedures include analytical
observation and reperformance, and procedures and tests of detail (see
data analytics may assist the auditor chapter 11)
in this work (see Chapter 11) Must always carry out substantive
Appropriate if control risk is low and procedures on material items.
using tests of control is a more
efficient means of gathering evidence
The auditor cannot just carry out
tests of control due to inherent
limitations of controls (see Chapter
5).
92
46
1. OBTAIN EVIDENCE
Acorns Ltd is a garden nursery business, selling plants and garden

equipment to the public.
During the year the company purchased two new vans, started
construction of a new greenhouse and sold part of the land around
the nursery to a developer.
State which type of testing would be most appropriate for the
following balances:
Revenue
Non-current assets.
93
1. OBTAIN EVIDENCE
Revenue
Balance likely to be comprised of large number of transactions.
Tests of controls most cost effective method.
Sampling to be used.
Must have some substantive procedures.
Analytical procedures to be used in combination.
Non-current assets
Few transactions in year.
100% testing of additions and disposals in year.
Substantive testing.
Agree to supporting docs.
94
47
1. OBTAIN EVIDENCE
Preliminary
assessment
of internal
Expect controls to Do not expect
controls
be effective controls to be
including
walkthrough effective
tests
Tests of control
Substantive
testing
Controls Controls
found to be found to be Analytical
effective ineffective procedures
Tests of detail
Limited Perform some substantive

substantive testing due to inherent
testing limitations of controls
95
2. EVALUATE RESULTS
The auditor should consider whether the evidence gathered on the audit so
far meets the basic rules.
Relevant Reliable Sufficient

There should be audit The auditor should If evidence gathered is
evidence to support all of consider whether any not sufficient, the auditor
the financial statement matters have come to light should:
assertions for a given that cast doubt on the Attempt to find
account balance. reliability of evidence e.g. further evidence
Doubts over Consider the implication
management integrity for the audit opinion.
Discrepancies
between different
sources of evidence.
96
48
3. CONCLUDING AND REPORTING
Audit opinions
An auditors’ report provides reasonable assurance, expressed positively.

The auditors’ report contains a number of different opinions.
Implied opinions – only required if a
Express opinions – always stated
material problem arises*
Opinion on the financial statements Report by exception under Companies Act 2006
True and fair if any of the following matters arise:
Properly prepared in accordance with Returns adequate for our audit have not been
CA2006/accounting standards received from branches not visited by us
Accounts are not in agreement with the
Opinion on other matter prescribed by underlying accounting records
Companies Act 2006 Proper (adequate) accounting records have
The information contained in the not been kept
Directors’ Report and Strategic Report is Information and explanations required for the
consistent with the financial statements audit were not received
Directors’ remuneration disclosures required
by law were not made
<RAPID>
97
Audit opinions
ISA 700 states the following are included in the auditors’ report:
Title
Addressee
Auditor’s opinion on the financial statements
Basis for opinion
Going concern section
Key audit matters (listed companies)
Other information
Management responsibilities
98
49
Audit opinions
Auditor responsibilities
Explanation of the extent to which the audit was considered capable
of detecting irregularities, including fraud
Opinion on other matters e.g. whether the information contained in
the. Directors’ Report and the Strategic Report is consistent with the
financial statements.
Matters on which the auditor is required to report on by exception
under Companies Act 2006.
Name and signature of the engagement partner
Auditor’s address
Date of the report
99
If the auditor concludes that the financial statements show a true and
fair view the auditors’ report will be unmodified. This means the
standard wording of the ISA 700 auditors’ report can be used and does
not need to be changed.
If the auditor concludes that there are material misstatements in the
financial statements, or that they have not obtained sufficient
appropriate evidence, the auditors’ report will need to be modified. The
report will need to contain information for the user to explain the issues
in the financial statements. You will learn about modified auditors’
reports in the Professional Level Audit and Assurance paper.
100
50
Entities applying the UK Corporate Governance Code
Even before the new ISA 700 was issued in June 2016, requiring a section on Key
Audit Matters to be included, auditors’ reports for companies applying the UK
Corporate Governance Code contained additional explanations of the audit
process.
These additional explanations are required within the auditors’ report under the
three headings:
Assessment of risks of material misstatement
Application of materiality
Overview of scope of the audit.
You can see examples of the long-form auditors’ reports used for listed
companies by searching online for a company that you are interested in.
Closing the expectations gap
The features of the auditors’ report, particularly the newer long-form auditors’
reports used for listed companies that have to comply with the UK Corporate
Governance Code, are an attempt to narrow the expectations gap. (We saw in
Chapter 1 that the expectations gap reflects the common misunderstandings
about the role of the auditor.)
101
Other reports
Non-audit assurance engagements are covered by International Standards on

Assurance Engagements (ISAEs) and International Standards on Review
Engagements (ISREs). Reports will be addressed to the users of the assurance
material and are similar in outline to ISA 700 auditors’ reports.
Format
Title
Addressee
Identification and description of subject matter
Identification of criteria
Any inherent limitations which exist
Any restrictions upon purpose/user
102
51
Other reports
Statement identifying responsible party

Work performed in accordance with [relevant Standards]
Summary of work performed
Conclusion
Date
Name of firm/practitioner.
Example: Extract from a report on prospective financial information
(ICAEW Workbook).
103

104
104
52
ICAEW
ASSURANCE
www.bisc.edu.vn
0912 66 1988
105
Chapter 5
INTRODUCTION TO
INTERNAL CONTROL
106
53
OUTCOME
explain the purpose of internal controls
identify and label the different types of internal controls
explain the significance of internal controls to the auditor
describe the limitations of internal controls
107
OVERVIEW
INTRODUCTION
Purpose TO INTERNAL Limitation
CONTROL
INTERNAL CONTROL
SYSTEMS
SIGNIFICANCE OF INTERNAL
COMPONENTS OF AN
CONTROLS TO THE
INTERNAL CONTROL SYSTEM
EXTERNAL AUDITOR
Control Information
Monitoring
environment system
Risk assessment Control

process activities
108
54
1. INTRODUCTION TO
INTERNAL CONTROL
Definition of Internal Control System
Internal control is:
The process designed, implemented and maintained by those charged
with governance, management, and other personnel to provide
reasonable assurance about the achievement of an entity's objectives
with regard to reliability of financial reporting, effectiveness and
efficiency of operations, and compliance with applicable laws and
regulations.
109
109
1. INTRODUCTION TO
INTERNAL CONTROL
Auditors need to
understand the  Assess their reliability for the
client’s internal preparation of financial statements.
control system  Design suitable audit procedures.
If the auditor is able to rely on the
system it will be because it contains
some of the components of internal
control as set out in ISA 315.
110
55
1. INTRODUCTION TO
INTERNAL CONTROL
Components of an internal control system
ISA 315 - Identifying and Assessing the Risks of Material Misstatement
Through Understanding the Entity and its Environment, states that
auditors need to understand an entity's internal controls. To assist this
process it identifies five components of an internal control system:
5 Components of an Internal
control system
Control Risk assessment

Information system
environment process
Control activities Monitoring

111
111
WHAT IS INTERNAL CONTROL AND

HOW DOES IT WORK?
2 - The control environment
The control environment includes the governance and management

function of an organisation.
It focuses largely on the attitude, awareness and actions of those

responsible for designing, implementing and monitoring internal
controls.
[ISA 315, A77]
112
112
56
HOW DOES IT WORK?
Elements of the control environment that are relevant when the auditor
obtains an understanding include the following:
 communication and enforcement of ethical values;
 commitment to competence;
 participation by those charged with governance;
 management’s philosophy and operating style;
 organisational structure;
 assignment of responsibility;
 human resource policies and practices – staff training, recruitment
procedures etc.
 This sounds quite high level, but it is really only saying that: If a client
complies with the principles of good corporate governance, the risk of
misstatement will be lower. 113
113

HOW DOES IT WORK?
Audit Committee
An Audit Committee is a subsection of the board of directors which has a

particular interest in the accounting and finance activities of the company.
Key features of an Audit Committee include:
Comprised of non-executive directors
Requirement for UK listed companies under The UK Corporate
Governance Code
Required to have written terms of reference
Oversees the financial statements, internal audit and external audit.
The Audit Committee reports to the company’s shareholders in the Annual
Report.
114
57
HOW DOES IT WORK?
Illustration
In the 2016 Annual Report of Barclays PLC, there is a 10 page report from the
Board Audit Committee providing a description of the role they have performed
in the year. The Committee’s activities are summarised in the following
diagram:
115

HOW DOES IT WORK?
3 – Control Activities
Control activities are those policies and procedures that help ensure
that management directives are carried out.
ISA 315 refers to five types of control activity:

 Authorization;
 Performance reviews;
 Information processing;
 Physical controls;
 Segregation of duties.
116
116
58
HOW DOES IT WORK?
4 - The entity’s risk assessment process
ISA 315 ((Revised): para. 15), says the auditor shall obtain an
understanding of whether the entity has a process for:
 Identifying business risks relevant to financial reporting objectives
 Estimating the significance of the risks
 Assessing the likelihood of their occurrence
 Deciding on actions to address those risks
 If the client has robust procedures for assessing the business risks it
faces, the risk of misstatement will be lower.
117
117

HOW DOES IT WORK?
5 - The information system relevant to financial reporting
Includes the financial reporting system, and

consists of the procedures and records
established to initiate, record, process and
report entity transactions (as well as events
and conditions) and to maintain accountability
for the related assets, liabilities and equity
118
118
59
HOW DOES IT WORK?
6 – Monitoring of controls
Monitoring of controls is 'a process to assess the effectiveness of
internal control performance over time.
It involves assessing the effectiveness of controls on a timely basis and
taking necessary remedial actions'
119
119

HOW DOES IT WORK?
7 - Controls in a computerized system?
Computer based controls are normally

divided into two categories:
 Application controls.
 General controls.
120
120
60
HOW DOES IT WORK?
General IT controls are:

Policies and procedures that relate to many applications and support
the effective functioning of application controls by helping to ensure the
continued proper operation of information systems.
General IT controls commonly include:
 Controls over data centre and network operations;
 System software acquisition
 Change and maintenance;
 Access security;
 Application system acquisition, development and maintenance.
121
121

HOW DOES IT WORK?
Application controls are:

 Manual or automated procedures that typically operate at a business
process level. Application controls can be preventative or detective in
nature and are designed to ensure the integrity of the accounting
records.
 Accordingly, application controls relate to procedures used to
initiate, record, process and report transactions or other financial
data.
122
122
61
HOW DOES IT WORK?
Examples of Application control
Application controls Examples

 Manual or programmed agreement of control totals
 Document counts
Controls over input:
 One-for-one checking of processed output to source documents
completeness
 Programmed matching of input to an expected input control file
 Procedures over resubmission of rejected controls
Programmes to check data fields (for example value, reference
number, date) on input transactions for plausibility:
 Digit verification (eg reference numbers are as expected)
 Reasonableness test (eg sales tax to total value)
Controls over input:  Existence checks (eg customer name)
accuracy  Character checks (no unexpected characters used in reference)
 Necessary information (no transaction passed with gaps)
 Permitted range (no transaction processed over a certain value)
Manual scrutiny of output and reconciliation to source
Agreement of control totals (manual/programmed)
123
123

HOW DOES IT WORK?
Examples of Application control
Application controls Examples

Manual checks to ensure information input was:
Controls over input:
 Authorised
authorisation
 Input by authorised personnel
 Similar controls to input must be in place when input is
Controls over completed; for example, batch reconciliations
processing  Screen warnings can prevent people logging out before
processing is complete
 One-for-one checking
 Cyclical reviews of all master files and standing data
Controls over master  Record counts (number of documents processed) and hash
files and standing totals (for example, the total of all the payroll numbers) used
data when master files are used to ensure no deletions
 Controls over the deletion of accounts that have no current
balance
124
124
62
HOW DOES IT WORK?
Cyber security risk

Increasing use of technology and constantly evolving risk makes this an
important area for most organisations. Key risks to an entity’s IT
systems include:
Hacking
Fraudulent theft of funds
Deliberate sabotage e.g. commercial espionage or malicious damage
Viruses, malware and other corruption
Denial of service attacks.
125
125

HOW DOES IT WORK?
Cyber security risk
The ICAEW publication Audit insights: cyber security (2014) makes

suggestions to combat cyber risks, including:
Improve communication about cyber risks and how to manage
them
Define who is responsible and accountable for cyber security in
the organization
Assign board level accountability
Non-executive directors/audit committees should monitor the
actions of the executive related to cyber security.
126
126
63
HOW DOES IT WORK?
8.Limitation of internal control
 Any internal control system can only provide the directors with
reasonable assurance that their objectives are reached, because of
inherent limitations. These include:
 The costs of control not outweighing their benefits
 The potential for human error
 Collusion between employees
 The possibility of controls being bypassed or overridden by
management
 Controls being designed to cope with routine and not non-routine
transactions
127
127
9. SIGNIFICANCE OF INTERNAL CONTROLS

TO THE EXTERNAL AUDITOR
Consideration of internal controls when planning the audit
Auditors need to gain an understanding of the systems and controls.

This enables the auditor to:
Assess the level of control risk
Determine the audit approach to take.
Consideration of internal controls when planning the audit
The auditor must document their understanding of the client’s internal

control system.
Various methods are available and the auditor should choose the
method that is most suited to the client.
128
64
10. RECORDING ACCOUNTING AND
CONTROL SYSTEMS
Documenting the system
Possible ways of documenting the system and controls are:
 Narrative notes (if system is large or complex)
 Flowcharts (which can make a complex system easier to follow)
 Checklist
 Questionnaire
 Internal Control Questionnaire (ICQ): are used to ask whether controls exist which
meet specific control objectives.
 Internal Control Evaluation Questionnaire (ICEQ): are used to determine whether
there are controls which prevent or detect specified errors or omissions.
ICQ wording ICEQ wording

Does a supervisor authorize all weekly How does the company ensure that only
timesheets? hours worked are recorded on timesheets?
Does the company perform a regular How does the company try to minimize the
credit check on all customers? risk of irrecoverable debts? 129
129

CONTROL SYSTEMS
Documentation
Advantages Disadvantages
Method
• Simple to record • May be time consuming and
• Facilitate understanding cumbersome if the system is
Narrative notes by all audit staff complex
• May be more difficult to identify
missing controls
• Easy to view the whole • May be difficult to amend as the
system in one diagram whole diagram may need to be re-
• Easy to spot missing drawn
Flow charts controls due to the use of • There is still a need for narrative
standard symbols notes to accompany the flow chart
increasing the time involved to
document the system fully
• Quick to prepare • Controls may be overstated as
Internal control • Can ensure all controls the client knows the answer the
questionnaires are present auditor is looking for is 'yes‘
(ICQs) • May contain a number of
irrelevant controls
130
130
65
CONTROL SYSTEMS
Documentation
Advantages Disadvantages
Method
• Unusual controls are unlikely
to be included on a standard
questionnaire and may not be
identified
Internal control • The client has to respond • The client may still overstate
evaluations with the control they have controls as they may say a
(ICEs) in place rather than a control is in place for the
yes/no answer which should control objective even if it is not
mean controls are less likely • The checklist may contain
to be overstated control objectives not relevant
• Quick to prepare as a list to the client
of control objectives can be • Unusual risks and therefore
compiled and the objectives may not be identified
client is asked what controls
they have in place to
address them
131
131
11. THE EVALUATION OF INTERNAL

CONTROL COMPONENTS
If the auditors believe the system of controls is strong,
they may choose to test controls to assess whether
Purpose? they can rely on the controls having operated
effectively.
Confirming
understanding
HOW
Test of control
132
132
66
133
133
ICAEW
ASSURANCE
www.bisc.edu.vn
0912 66 1988
134
67
Chapter 6
REVENUE SYSTEM
135
OUTCOME
identify the risks, and corresponding control objectives, relating to
sales systems
choose relevant controls to mitigate risks identified
identify appropriate tests of controls
recognise weaknesses in a sales system and answer questions relating
to these areas.
136
68
OVERVIEW
RISKS, CONTROL OBJECTIVES AUDITOR TESTING OF

AND CONTROL PROCEDURES CONTROL PROCEDURES
STAGES OF THE
REVENUE CYCLE
Order Goods Invoice Sale Cash

taken despatched raised recorded collected
137
1. RISK, CONTROL OBJECTIVE

AND PROCEDURES
Order taken
Key risks Key control objectives Key controls activities

Orders taken from customers Only supply customers who Obtain credit checks for new
who cannot pay on a timely are likely to pay on a timely customers.
basis. basis. Authorise credit limits.
Review credit limits regularly.
Orders not recorded properly Record orders correctly. Check credit remaining before
or not fulfilled resulting in loss confirming orders.
of custom. Fulfil all orders. Use sequentially numbered
order forms.
Check inventory levels before
confirming orders.
Match customer orders with

despatch notes and follow up
unmatched orders.
138
69
AND PROCEDURES
Goods despatched

Incorrect goods may be Orders are despatched Examine goods outwards for
despatched. promptly and to the correct quantity, quality and condition
customer. and agree to sales order.
Goods may be despatched but
not recorded resulting in loss All orders are despatched. Record goods outwards on
to the business. sequentially numbered goods
All despatches are recorded. despatch notes (GDN).
Customers may dispute
whether goods received. Match GDNs to invoices and
follow up unmatched GDNs.
Obtain customer signature on a

copy of the GDN.
139

AND PROCEDURES
Invoice raised

Invoices may not be raised or All goods despatched are Use authorised selling prices to
may be inaccurate resulting in invoiced. prepare invoices.
loss of income or customer
goodwill. Invoices are raised accurately. Check calculations of quantity x
price for accuracy.
Invoices may be wrongly Credit notes are only raised
cancelled by credit notes accurately and for valid Check condition of goods
resulting in loss to the reasons. returned and record on goods
business. return notes.
Authorisation of credit notes.
140
70
AND PROCEDURES
Sale recorded

Invoices and credit notes may Only valid sales are recorded, at Sequence checks for invoices
not be properly recorded the correct amount and in the being recorded.
leading to misstatements in the correct period.
financial statements. Match cash receipts to invoices.
Sales are recorded in the correct
Debts may be recorded when customer accounts. Send regular statements to
they are not recoverable. customers.
Identify potential bad debts on a
timely basis. Review and follow-up overdue
accounts.
Authorisation of bad debt

write-offs/allowance.
Reconciliation of receivables
ledger with nominal ledger
141

AND PROCEDURES
Cash collected

Receipts may be allocated to All receipts are recorded Segregation of duties between
the wrong customer leading correctly. recording and banking.
to disputes.
All receipts are banked Safe custody of receipt books
Delays in banking could result promptly. and cash/cheques.
in cash being lost.
Daily banking.
Reconciliation of bank paying in

slips and cash book.
Regular bank reconciliations.
142
71
2. TEST OF CONTROL
If the auditor believes internal controls are likely to be effective, the
auditor may choose to perform tests of controls to obtain evidence
that the controls were operating effectively throughout the period.
To test whether internal controls are operating effectively, the auditor
must first identify the controls that address a given risk.
Procedures should then be performed to check the control is working,
such as making enquiries, observation of processes or inspection of
assets or documents.
143
2. TEST OF CONTROL
Cope is a large national charity, and among their fundraising

activities they have collecting boxes that are located in retail outlets,
cafes and restaurants.
During the audit planning, you have identified that there is a risk of
cash or boxes being stolen before the donation income is recorded,
so Cope’s revenue could be understated.
(1) What control activities would help to ensure completeness of
donation income for Cope?
(2) What audit procedures would you carry out to test the
effectiveness of these internal controls?
144
72
2. TEST OF CONTROL
1) Internal controls that would mitigate the risk of revenue being

understated because cash donations had been lost or stolen before
being recorded
Physical controls – chain boxes to the counter
Responsible person at the outlet listed in a central register
Sealed boxes – so it is easy to see if they have been opened
Regular collection
Two people count cash together
Regular banking
(2) Appropriate tests of control
Inspect the register of responsible persons and contact a sample
of individuals to check the register is up to date
145
2. TEST OF CONTROL
(2) Appropriate tests of control

Inspect the register of responsible persons and contact a sample
of individuals to check the register is up to date
Observe collection of boxes at a sample of sites to determine
whether they are physically secure
Observe two members of staff counting cash
Inspect banking records to identify regularity/speed after
collection
146
73
2. TEST OF CONTROL
For each of the following, state whether it is a risk relating to

ordering, despatch, invoicing or recording:
Risk Ordering Despatch Invoicing Recording
Wrong
customer
account is
debited
Goods are of
inferior quality
Wrong trade
discount is
applied
Goods are not

available
147
2. TEST OF CONTROL
For each of the following, state whether it is a risk relating to

ordering, despatch, invoicing or recording:
Risk Ordering Despatch Invoicing Recording
Wrong
customer
account is
X
debited
Goods are of
inferior quality
X
Wrong trade
discount is X
applied
Goods are not

available
X
148
74
149
149
ICAEW
ASSURANCE
www.bisc.edu.vn
0912 66 1988
150
75
Chapter 7
PURCHASES SYSTEM
151
OUTCOME
purchases systems
recognise weaknesses in a purchases system
152
76
OVERVIEW

STAGES OF THE
PURCHASE CYCLE
Order Goods Invoice Purchase Cash

taken received received recorded paid
153

AND PROCEDURES
Order placed

Goods and services may not Purchases should only be from New suppliers must be
be of good enough quality or approved suppliers at authorised by management.
value for money. competitive prices.
Evidence required of need for
Unauthorised purchases may Purchases are only made for purchase before authorisation,
be made for personal use. valid business reasons. e.g. inventory level checked.
Sequentially numbered order

forms.
Authorisation of order forms by

an appropriate manager.
Central purchasing department

or
maintenance of approved
supplier list
154
77
AND PROCEDURES
Goods received

Goods may be accepted when Only goods ordered by the Examine goods inwards for
they were not ordered by the company are accepted. quantity, quality and condition
company. and agree to
All receipts should be purchase order.
Receipts may not be recorded. recorded.
Record goods inwards on
Goods may be Goods received should be sequentially numbered goods
misappropriated. stored securely. receipt notes (GRN).
Match GRNs to invoices and

follow up unmatched GRNs.
Physical controls over stores.
Raise a sequentially numbered

returns note for all
rejected/returned goods.
155

AND PROCEDURES
Invoice received

Invoices may not be Ensure invoice details are Match invoice details to
received resulting in slow correct. GRNs.
payment and loss of
supplier goodwill. All credit notes to which Arithmetic checks on supplier
the company is entitled invoices.
Invoices may not be are claimed.
correct. Claim credit notes for all
goods rejected/returned and
follow up unmatched return
notes.
156
78
AND PROCEDURES
Purchase recorded

Purchases may not be All valid purchases are Match cash payments to
recorded resulting in recorded, at the correct invoices.
misstatements in the amount and in the correct
financial statements. period. Compare monthly supplier
statements to payables
Purchases may be Purchases are recorded in ledger
recorded where there was the correct supplier balances.
no receipt. accounts.
Reconciliation of purchase
ledger with nominal ledger.
157

AND PROCEDURES
Cash paid

False invoices are paid. Payment is only made for Segregation of duties between custody of
goods received. cash/ cheque books/BACS transfer
Payments are not authority and recording payments.
recorded at the correct Only valid expenditure
amount or in the correct is paid. Payment only approved after checking
supplier accounts leading supporting documentation (e.g. invoices
to disputes. Payments are only made matched to GRNs).
once.
Invoices labelled as paid to avoid
Payments are recorded duplication.
correctly.
Appropriate limits set on amounts that
can be authorised, e.g. payments over set
level require two signatures.
Compare monthly supplier statements to

payables ledger balances.
158
79
2. TEST OF CONTROL
auditor may choose to perform tests of controls to obtain evidence that
the controls were operating effectively throughout the period.
assets or documents
159

160
160
80
ICAEW
ASSURANCE
www.bisc.edu.vn
0912 66 1988
161
Chapter 8
EMPOYMENT COSTS
162
81
OUTCOME
purchases systems
recognise weaknesses in the payroll system
163
OVERVIEW

STAGES OF THE EMPLOYEE

COSTS SYSTEM
Calculate wages Record wages Pay wages

and salaries and salaries and salaries
164
82
1. INTRODUCTION TO THE EMPLOYEE
COSTS SYSTEM
Calculating wages and salaries is a function of standing data and
variable data.
Standing data is the information in the employee costs system
that doesn’t vary regularly e.g. hourly rates, salary, overtime rate
Variable data includes hours worked or overtime, as recorded on
e.g. timesheets or clock cards.
So for trainees in an accounting firm, the calculation of wages and
salaries might be:
Monthly salary + (overtime hours worked × hourly rate)
In addition to calculating the amounts to be paid to staff, a key
component of the employee costs system is the calculation of payroll
taxes to be paid to HMRC.
165

AND PROCEDURES
Calculate wages and salaries

Employees may be paid Employees are only paid for Regular checking of wages and
incorrectly resulting in loss of work done. salaries to personnel records.
staff goodwill.
Gross and net pay have been One to one checks and
Employees may continue to correctly calculated. authorisation of changes to
be paid after they have left standing data.
resulting in loss to the
business. Record hours worked where
appropriate by use of timesheets
or clocking in/out with controls
over authorisation of hours/
overtime and range checks on
hours worked.
Compare payroll to budget.
166
83
AND PROCEDURES
Record wages and salaries

Gross and net pay may be Record gross and net pay and Payroll is reviewed and authorised
incorrectly recorded resulting all deductions accurately. by appropriate manager.
in misstatements in the
financial statements. Pay the correct amounts to Reconcile total pay and deductions
HMRC on a timely basis. to previous month totals.
Deductions may be incorrect
resulting in HMRC penalties or Compare payroll totals recorded to
liabilities in respect of pension budget.
deductions.
Agree gross earnings and total tax
deducted to tax returns.
167

AND PROCEDURES
Pay wages and salaries

Payments may be made to Pay the correct amount to actual Segregation of duties between
bogus employees. employees. maintenance of personnel records,
preparation of payroll and
Payments to employees may be payment of staff.
incorrect.
For cash payments, physical
controls over the safe custody of
cash and payslips.
For bank transfers, comparison of

payments to payroll and
authorisation by appropriate
manager.
Maintenance and reconciliation of

wages and salaries nominal ledger
account
168
84
3. TEST OF CONTROL
auditor may choose to perform tests of controls to obtain evidence that
the controls were operating effectively throughout the period.
assets or documents.
169

170
170
85
ICAEW
ASSURANCE
www.bisc.edu.vn
0912 66 1988
171
Chapter 9
INTERNAL AUDIT
172
86
OUTCOME
describe the function and importance of internal audit
explain the differences between the role of the internal auditor and
external auditor
173
OVERVIEW
Organisational Auditor
Introduction
structure independence
What is internal audit?
INTERNAL AUDIT
Comparison of external
Function of internal audit
and internal audit
174
87
1. WHAT IS INTERNAL AUDIT
Internal Audit Function
A function of an entity that performs assurance and consulting

activities designed to evaluate and improve the effectiveness of the
entity's governance, risk management and internal control processes
DEFINITION
175
2. Role/ Function of internal audit
Role of Internal Audit
Examination and evaluation of financial and operating information

within the organization. In certain organization this can form type of
continuous auditing and may involve sophisticated information systems
that capture monitoring of risks and evidencing of controls.
Review of the economy, efficiency and effectiveness of operations (3Es)
Review of compliance with external laws and regulations and internal

policy and procedures.
Review and advice on the development of key organizational systems

and on the implementation of major change.
176
88
3. Scope of internal audit
Scope of Internal Audit
Evaluating and commenting on the effectiveness of risk

management, control and corporate governance processes.
Management is ultimately responsible for ensuring appropriate
procedures are in place.
An approved „internal audit charter‟ should be in place setting out

scope, authority and function of internal audit.
Internal audit should have unlimited access.

Internal audit should, as far as possible be independent within the
organization.
177
4.Limitation of Internal Audit
Limitations of Internal Audit
 Independence may be limited

 Relationship between internal and external audit may be ineffective
 Operational standards may vary
 Relative newness of the internal audit profession
 Expectations gap
 Misunderstanding of function within the organization.
178
89
5. Differences between Internal audit &
External audit
Internal audit External audit
Determined by management, Financial focus as determined

Scope
both operational and financial by legislation
Increasingly risk based; assess Increasingly risk based. Testing

Approach to risk. Evaluate and test systems underlying records and
work and recommend improvements to transactions that form the
management basis of financial statements
To advise management on To report to shareholders on

Responsibility internal control and corporate the truth and fairness of
governance financial statements
179
6. Organizational structure & Internal

audit Impendence
Organisational structure
In large organisations the internal audit function will be a separate department.
In a small company it might be the responsibility of individuals to perform
specific tasks even though there will not be a full-time position.
Some companies outsource their internal audit function, often to an
accountancy firm.
Auditor independence
An internal audit department cannot be completely independent of

management. Internal auditors can retain objectivity by:
Having no involvement in the operational activities of the company
Reporting to an appropriate level of management e.g. Audit
Committee or Board of Directors
180
90
181
181
ICAEW
ASSURANCE
www.bisc.edu.vn
0912 66 1988
182
91
Chapter 10
DOCUMENTATION
183
OUTCOME
explain why assurance providers document their work
describe the form and content of working papers
explain why the safe custody and retention of documentation is
important, and how it is achieved
explain the issues of ownership and rights of access to documentation
184
92
OVERVIEW
Purpose
ASSURANCE
DOCUMENTATION
Form and content Safe custody Ownership and

of working papers and retention rights of access
185
1. PURPOSE OF DOCUMENTATION
Introduction
Documentation, in the form of working papers, should be maintained

for all assurance engagements.
Working papers are prepared and retained by assurance providers in
connection with the performance of the assurance engagement.
186
93
1. PURPOSE OF DOCUMENTATION
Features of working papers
Working papers should be Working papers provide a

sufficiently complete and detailed to: record of:
Support the conclusions drawn by the The planning and performance of the
assurance provider engagement
Provide an overall understanding of The supervision and review of the
the work undertaken work performed
Provide evidence of compliance with The evidence obtained which the
relevant laws, regulations and assurance provider considers
professional standards. necessary, and on which they have
relied to arrive at their conclusion
The quality control procedures
carried out.
Working papers may be held as paper, film, electronic or other media.
187
2. FORM AND CONTENT OF

WORKING PAPER
Professional judgement
Assurance providers should use their professional judgement when

deciding what to document.
Automated working paper packages have been developed which can
make the task of documenting assurance work much easier.
188
94
WORKING PAPER
Audit working papers
ISA 230 provides that:
Audit work performed
To To Evidence obtained
Audit An experienced auditor Understand
allow
documentation with no previous
must be sufficient connection with audit
Significant matters arising
Conclusions reached
189

WORKING PAPER
Contents
Illustration: audit working paper

Client: Dirac Ltd Prepared by: JC Maxwell Date: 15/8/16 D 3.1
Period: y/e 30/6/16 Reviewed by: N Bohr Date: 28/8/16
Subject:
Receivables
Objective: To ensure receivables ledger balances fairly stated.
Procedures: Selected a sample of trade receivables as at 30 June 2016 from the receivables
ledger and vouched receipts of cash from customers to the bank statements using
remittance slips to support which invoices were being settled.
Results: See D 3.2

One customer, Faraday Ltd, is disputing an invoice of
£14,560 which is immaterial, but this has been discussed with the client who has
agreed to adjust the receivables balance.
Conclusion: After making the adjustment noted above, receivables ledger balances are fairly
stated as at 30 June 2016.
190
95
WORKING PAPER
Contents
Working papers should show:

Name of client Objective
Reporting date Source of information
File reference Sample size
Name of preparer/date Work performed
Name of reviewer/date Results and conclusions drawn
Subject of working paper Analysis of errors
191

WORKING PAPER
Types of audit file
Permanent audit file
Matters of a permanent or semi-permanent nature

Suitably indexed
Prepared at the commencement of the initial audit for the client
Reviewed and updated at the commencement of subsequent audits for the
same client.
Current audit file
Relate primarily to the set of accounts or statements being audited

Suitably indexed
Prepared for the client on each occasion an audit is performed.
192
96
WORKING PAPER
Bearing in mind the description given above of the two types of audit file, decide where
each of the following might be found.
Permanent audit file Current audit file

Copies of draft FS
Working papers for each audit area
Organisation charts
Description of accounting systems
Accounting policies used
Bankers’/solicitors’ contact details
Location and product details of client
Copies of previous financial statements
Copies of previous reports to management
The memorandum and articles of association
Index
Planning memo/programmes/budgets/time records
Statutory disclosures checklists
Summary of unadjusted differences
Letter of engagement
193

WORKING PAPER
Permanent audit file Current audit file

Copies of draft FS 
Working papers for each audit area 
Organisation charts 
Description of accounting systems 
Accounting policies used 
Bankers’/solicitors’ contact details 
Location and product details of client 
Copies of previous financial statements 
Copies of previous reports to management 
The memorandum and articles of association 
Index  
Planning memo/programmes/budgets/time records 
Statutory disclosures checklists 
Summary of unadjusted differences 
Letter of engagement 
194
97
3. SAFE CUSTODY AND RETENTION
Safe custody of working papers is important:

Assurance work must be kept confidential
Paper documents should be kept in a secure location
Electronic documents should be protected using suitable security
measures. The duration of holding working papers is a matter of
judgement, although:
 The ICAEW requires all firms to have a document retention policy.
 Registered Auditors should keep all audit working papers required
by auditing standards for at least six years from the end of the
accounting period to which they relate.
195
4. ISSUES OF OWNERSHIP AND

RIGHTS OF ACCESS
Working papers created by the assurance provider:
Belong to them as they were created in an independent capacity
for their own use
Must be kept confidential
May be shown to the client at their discretion
Should not be shown to a third party without their client’s
permission. Any reports created as output to an assignment:
Belong to the client once they have been issued.
196
98
197
197
ICAEW
ASSURANCE
www.bisc.edu.vn
0912 66 1988
198
99
Chapter 11
EVIDENCE AND
SAMPLING
199
OUTCOME
understand the procedures for obtaining evidence
recognise the strengths and weaknesses of particular forms of
evidence
understand how much evidence to obtain
recognise when sufficient appropriate evidence has been obtained
such that a conclusion can be drawn
identify when tests of controls and substantive procedures will be used
answer questions relating to these areas.
200
100
OVERVIEW
Substantive Analytical Directional Accounting

CAATs
procedures procedures testing estimates
General procedures for

obtaining evidence
EVIDENCE AND
SAMPLING
Evaluation of
Sampling
misstatements
201
1. GENERNAL PROCEDURES FOR

OBTAINING EVIDENCE
Audit approach
We saw in Chapter 4 that the auditor needs to decide upon an audit

approach, choosing the appropriate balance of tests of controls and
substantive testing. The following three chapters cover audit evidence in
more detail:
Chapter 11: general approaches to obtaining audit evidence
Chapter 12: the use of management representations as a form of
audit evidence
Chapter 13: the application of the general approaches to obtaining
audit evidence to specific account balances.
202
101
OBTAINING EVIDENCE
Substantive procedures
ISA 500 sets out the following types of substantive procedures:

Inspection of assets or documents
Observation
Inquiry
Confirmation
Recalculation
Reperformance
Analytical procedures.
Evidence is generally persuasive rather than conclusive so it may be
necessary to perform more than one procedure to address a given risk.
203

OBTAINING EVIDENCE
Computer assisted audit techniques (CAATS)
Modern accounting systems are generally computerised so the auditor may be
able to use technology to carry out audit procedures. There are two traditional
categories of CAATs:
Test data Audit software

Description Auditor data is put into the client’s system Client data is put into the auditor’s system
Data: real or dummy System: live or a copy
Use Test the controls in the system Basic data analysis

Substantive testing
Examples The auditor enters data e.g. Reperformance of addition or ageing of

A timesheet with hours outside the normal transactions
range to check that the system rejects it Preparation of reports Calculations of
A valid purchase invoice to check that it is ratios Sample selection
allocated to the correct account
204
102
OBTAINING EVIDENCE
Audit data analytics
Auditors may use data analytics to respond to the challenge of managing ‘big
data’ at their clients. Data analytics involves examining data to identify
patterns, trends or correlations.
Data analytics can be embedded in the audit plan to assist with:
Transaction analysis e.g. matching purchase orders, goods received notes
and invoices
Judgemental areas e.g. using sensitivity analysis to test assumptions on
the net realisable value of inventory
Analytical procedures e.g. analysing revenue trends by product
or region.
The results of data analytics may be presented in formats such as bar or pie
charts which allow the auditor to visualise the data more easily.
205

OBTAINING EVIDENCE
Analytical procedures
In Chapter 3 we saw that analytical procedures should be used to

identify risk at the planning stage.
The process of performing analytical procedures was:
Understand the Develop an Compare actual Unexpected

business expectation to expectation variations = risk
206
103
OBTAINING EVIDENCE
ISA 520 states that the auditor can use analytical procedures as a form of
substantive procedure. This can be an efficient way to obtain audit evidence
although it is dependent on a number of factors such as:
The strength/comparability of relationships
The reliability of the data being used in the analysis
The level of disaggregation of the data available
The depth of the auditor’s knowledge of the client.
At the planning stage it is enough to identify risk areas and use this to
determine the audit approach.
At the evidence stage, the auditor must determine whether unexpected
variations are acceptable (influenced by materiality) and if not, seek further
evidence:
Make enquiries of management
Corroborate management explanations with other evidence.
207

OBTAINING EVIDENCE
Give two examples of analytical procedures you might carry out to

get evidence as to the accuracy of the current year payroll expense
in the profit and loss account.
208
104
OBTAINING EVIDENCE
Directional testing
The auditor’s aim is to identify whether the financial statements are free
from material misstatement.
A misstated balance could be overstated or understated.
Testing for overstatement requires a different approach to testing
for understatement.
209

OBTAINING EVIDENCE
Illustration
You are testing non-current assets at a client. You identify the key components of the
system as:
Non-current
Financial statements Physical assets
asset register
To test for overstatement:

Start with the financial statements
Agree the balance to the non-current asset register
Select a sample of assets in the non-current asset register
Perform procedures such as inspection of the asset (to confirm existence) and the
purchase invoice (to confirm valuation/rights and obligations) and confirm that the balance
is not overstated.
To test for understatement:
Start with the assets that you can see being used in the client’s business
Trace to the non-current asset register (to confirm completeness of accounting records)
and confirm that the balance is not understated.
210
105
OBTAINING EVIDENCE
The direction of testing is different for understatement and overstatement.
For overstatement the direction of testing is:
Intermediate Supporting
Figure in accounts
documentation evidence
For understatement the direction of testing is:
Reciprocal Supporting Compare actual Figure in the

population evidence to expectation accounts
211

OBTAINING EVIDENCE
Audit of accounting estimates
ISA 540 sets out the audit approach for estimates, for example:
Depreciation
Allowance for receivables
Provisions.
Estimates are high risk due to their subjective nature and the risk of
management bias.
The most common audit procedures for an accounting estimate are:
Review and test the process used by management to develop the estimate.
Use an independent expert to make an estimate for comparison with the
company's figure.
Review subsequent events for confirmation of the accuracy of the estimate.
Test the operating effectiveness of the controls over how management made
the estimate.
212
106
2. SAMPLING
Introduction to sampling
Assurance providers generally seek evidence from less than 100% of items in the balance
or transaction being tested.
ISA 530 states that the objective of the auditor when using sampling is to provide a
reasonable basis for the auditor to draw conclusions about the population from which the
sample is selected.
Some testing procedures do not involve sampling, for example:
Testing all items in a population (may be appropriate where the population is made up
of a small number of high-value items, or for unusual items)
Testing all items with a certain characteristic such as high-value items (selection is not
representative).
The sampling process can be summarised as follows:
Identify Identify Select Identify Draw

population sampling unit sample errors conclusions
213
2. SAMPLING
Identify the population and sampling unit
The population is the entire set of data from which a sample is selected
e.g. revenue, receivables.
The sampling units are the individual items constituting a population

e.g. sales invoices or individual receivables balances.
ISA 530 requires that the auditor selects items in such a way that each
sampling unit in the population has a chance of selection.
214
107
2. SAMPLING
Selecting a sample
Sampling methods can be statistical or non-statistical. Statistical

sampling uses random selection of the sample items and the use of
probability theory to evaluate results.
Statistical sampling methods
Method Description
Random selection All items in the population have an equal chance of selection by using
random number tables/computerised generator.
Systematic Items are selected using a random start, then a constant interval
selection between selections.
Money Unit Every £1 in the population has an equal chance of being selected.
Sampling (MUS)
215
2. SAMPLING
Illustration – MUS
Materiality has been set at £50,000 and the sample requires that balances
containing each 50,000th £1 are selected from the receivables ledger as follows:
Customer Balance Cumulative total Selected

A 30,000 30,000 No
B 35,000 65,000 Yes
C 45,000 110,000 Yes
D 52,000 162,000 Yes
E 13,000 175,000 No
F 22,000 197,000 No
G 15,000 212,000 Yes
216
108
2. SAMPLING
Non-statistical sampling methods

Sampling methods can be statistical or non-statistical. Statistical sampling uses
random selection of the sample items and the use of probability theory to
evaluate results.
Statistical sampling methods
Method Description
Haphazard The auditor selects a sample they think will be representative,

selection without the use of probability theory.
Sequence or block Select a block of items e.g. 50 consecutive cheques, March invoices.
selection Tends to be used for tests of control.
After deciding on the sample method, the auditor needs to consider the size of
the sample.
217
2. SAMPLING
Identifying errors and drawing conclusions
Once the auditor has tested the sample of items from the population, they must draw
conclusions taking the following into account:
The nature of errors identified
 Whether errors are true misstatements
 e.g. misposting between receivables accounts does not actually reflect an error in the
receivables balance.
The cause of errors identified
 Where common features are discovered
 e.g. all errors arise in the same location, further testing may be required.
The impact on other parts of the audit
 The identification of errors may influence the auditor’s assessment of the accounting and
internal control systems.
The probable misstatement in the population
 Results should be extrapolated
 If the projected misstatement exceeds or is close to the tolerable misstatement (linked to
materiality) then additional testing may be required.
218
109
2. SAMPLING
Audit firms will have their own methodology but it should apply the
requirements of ISA 530 which gives examples of factors which influence
sample sizes:
Method Description
Increase in the auditor’s assessment of the risk of material Increase
misstatement
Increase in the desired level of assurance (may need less assurance if Increase
other, corroborating procedures are being carried out)
Increase in the tolerable misstatement (linked to materiality) Decrease
Increase in the expected error (linked to risk) Increase
Stratification* of the population Decrease
Increase in the number of sampling units in the population Negligible effect
*Stratification is the process of dividing units of the population into

homogeneous subgroups before sampling.
219
2. SAMPLING
Illustration
Adrian has carried out testing on supplier statement reconciliations as part of his
audit of payables. Tolerable misstatement was set at £10,000.
During his testing, Adrian found two errors:
A misposting between two supplier accounts
A purchase invoice of £250 which had not been recorded at all. Adrian has
concluded that:
The misposting is not a misstatement as although two individual supplier
accounts are incorrect, the total of payables is unaffected
The unrecorded liability of £250 is a misstatement and requires extrapolation
When Adrian extrapolates the possible error he finds the projected
misstatement in the entire population is £2,679
As this is well below the tolerable misstatement, no further testing is
required and Adrian concludes that payables are fairly stated.
220
110
3. EVALUATION OF MISSTATEMENT
ISA 450 states that the auditor must evaluate the effect of any
uncorrected misstatements on the financial statements.
The auditor must communicate all misstatements on a timely
basis to management and request they correct them.
Written representations must be obtained from management
stating that they believe the misstatements to be immaterial.
221
If management refuses to correct the misstatements, the auditor should:

Obtain an understanding of the reasons for refusal
Determine whether the misstatements are material
Communicate the uncorrected misstatements to those charged with
governance and request they are corrected, explaining that the audit
report will be modified if material misstatements are not corrected.
Matters which are not material in size but which may be considered material
by nature are misstatements which:
Affect compliance with laws and regulations
Affect compliance with debt covenants
Affect ratios used to evaluate financial position, results or cash flows
Increase management compensation.
222
111
Compare this year’s and last year’s figure taking account of starters and
leavers and pay rises in the year.
Comparing payroll with other related figures in the financial statements,
e.g. number of employees, turnover, and profit.
223

224
224
112
ICAEW
ASSURANCE
www.bisc.edu.vn
0912 66 1988
225
Chapter 12
WRITTEN
REPRESENTATION
226
113
OUTCOME
explain the purpose and nature of written representations from
management
identify when oral representations should be confirmed in writing
explain how reliable written representations are as a source of
assurance evidence
227
OVERVIEW
Nature and purpose
MANAGEMENT
REPRESENTATIONS
Contents of
management Reliability
representation letter
228
114
1. NATURE AND PURPOSE OF
MANAGERMENT REPRESENTATION
Management representations
Management representations are explanations or answers given to the

assurance provider during the course of an engagement. They are a form
of evidence and can be oral or written.
Purpose of written representations
Written confirmation of oral representations avoids confusion and

disagreement, i.e. they are more reliable.
Management representations may be used in all types of
assurance engagement.
ISA 580 requires the auditor to obtain written representations from
management.
229
1. NATURE AND PURPOSE OF

MANAGERMENT REPRESENTATION
Format of written representations
The auditor will usually:

Prepare a draft management representation letter
Ask the directors to sign it
Require its return as evidence before the audit report is signed.
The letter should be dated as near as possible before the date of the
audit report.
230
115
2. CONTENTS OF MANAGEMENT
REPRESENTATION LETTER
General matters
ISA 580 requires the auditor to seek written representations on the

following matters:
Confirmation that management has fulfilled its responsibility for the
preparation of the financial statements in accordance with the
relevant financial reporting framework
Confirmation that all relevant information has been provided to
the auditor
Confirmation that all transactions have been recorded and reflected
in the financial statements.
231
Other matters
In addition to representations on these general matters, the auditor will

obtain specific written representations where:
Other ISAs require representations to be obtained (e.g. ISA 450
requires that the written representation letter must include a list of
all uncorrected misstatements and that the auditor obtains
representations that the sum of unadjusted misstatements is
immaterial to the financial statements as a whole).
The auditor decides that written representations are required to
support other audit evidence.
Written representations cannot be used instead of other evidence which
the auditor expects to exist.
232
116
Other matters
Other matters which may be the subject of written representations

include:
Whether accounting policies are appropriate
Whether the applicable reporting framework has been complied with
in respect of items such as intentions that may affect the carrying
value of assets
Whether all deficiencies in internal control of which management is
aware have been communicated to auditors
Specific written representations required by other ISAs
Support for management’s judgement of intent in relation to a
specific assertion.
Example of management representation letter (ICAEW Workbook)
233

234
234
117
ICAEW
ASSURANCE
www.bisc.edu.vn
0912 66 1988
235
Chapter 13
SUBSTAINTIVE PROCEDURES:
KEY FINANCIAL STATEMENT FIGURES
236
118
OUTCOME
describe the nature of tests on balances carried out by assurance
providers and explain the objectives of those tests
identify suitable tests in a given business scenario
explain when a matter should be referred to a senior member of staff
237
OVERVIEW
BUSINESS FINANCE
Finance
Banks and Sources of business

financial markets finance
238
119
1. FINANCIAL STATEMENT ASSERTIONS
When designing substantive procedures the auditor should consider which
financial statement assertions the test needs to address. You learnt about these
assertions in Chapter 4.
The table below contains a reminder of the assertions relating to transactions
and account balances (excluding Classification and Presentation
Assertions about Occurrence Transactions that have been recorded have occurred
classes of and pertain to the entity.
transactions and Completeness All transactions that should have been recorded have
events for the been recorded.
period under audit Accuracy Amounts have been recorded appropriately.
Cut-off Transactions have been recorded in the correct
accounting period.
Assertions about Existence Assets, liabilities and equity interest exist.
account balances at
Rights and The entity owns the assets, and liabilities are the
the period end
obligations obligations of the entity.
Completeness All assets, liabilities and equity interests that should
have been recorded have been recorded.
Accuracy, Assets, liabilities and equity interests are included in
valuation and the financial statements at appropriate amounts.
allocation
239
2. NON-CURRENT ASSETS
The auditor should design audit procedures appropriate for tangible and
intangible non-current assets as well as investments, depending on the
assets held by the client.
Audit procedures
Assertion Audit procedures
Existence Physical verification of assets selected from the non- current asset register
Rights and Inspection of, for example:

obligations
Title deeds for property
Vehicle registration documents
Share certificates
Purchase invoices
Completeness Trace a sample of assets seen in use to the non-current assets register
240
120
2. NON-CURRENT ASSETS

Valuation Inspect purchase invoices for cost
Inspect surveyor’s report for revaluations for self-constructed assets:
Agree labour costs to payroll records
Agree subcontractor costs to invoices
Consider the reasonableness of assumptions underlying
overhead calculations, and reperform the calculations
Consider appropriateness of depreciation policy by investigating
significant profits or loss on disposal
Recalculate the depreciation charge
Worked Example: Non-current asset assurance engagement (ICAEW Workbook)
241
3. INVENTORY
Importance of inventory in the audit
In certain types of business, for example retail or manufacture, inventory

will be a key audit area.
Possible reasons for the significance of inventory:
In some businesses inventory is highly material
Its valuation is subjective (lower of cost and NRV)
It affects both the Statement of Profit or Loss and the Statement of
Financial Position.
When designing audit procedures it is helpful to remember what makes
up the final inventory figures in the financial statements:
Inventory = Quantity x Value
242
121
3. INVENTORY
Attendance at the inventory count
Attendance at the inventory count is required by ISA 501.

Attendance at the inventory count provides evidence about QUANTITY as
the auditor performs test counts to check the client’s counting.
The auditor also gathers evidence over VALUATION by identifying items that
are damaged, old or dusty as these may need to be scrapped or sold at a
discount.
Before the inventory count:

Review locations and count instructions
Consider whether expert help is required
Review systems of control and internal auditor arrangements
Arrange to verify any inventory held at third party premises.
243
3. INVENTORY
During the inventory count:

Observe counts for compliance with instructions
Check cut-off arrangements
Identify procedures for keeping any third party inventory separate from
the client’s inventory
Perform two way test counts (see Existence and Completeness below)
Identify any slow-moving or old inventory that may require impairment.
After the inventory count:

Follow up the sample selected for test counting to check the correct
quantity has been included in the final inventory listing
244
122
3. INVENTORY
Audit procedures
The key financial statement assertions to address with suitable audit

procedures are shown in the table:

Existence Take a sample of items already counted by the client
from the count sheets, and agree to the number of items
in the warehouse.
Rights and Seek confirmation from third parties about inventory
obligations held on their behalf at the client, or held at their
premises for the client.
Completeness Take a sample of items in the warehouse and count

them, then agree to the client’s count sheets.
245
3. INVENTORY

Valuation To obtain evidence over cost:
Agree costs to purchase invoice
For inventory manufactured by the company:
Agree materials costs to invoice
Agree labour costs to payroll
Evaluate the reasonableness of assumptions underlying overhead
calculations, and reperform the calculations.
To obtain evidence over net realisable value:
Inspect post year-end sales invoices for evidence of actual selling prices
For items not sold by the time of the audit, inspect order books/price lists
At the inventory count, look for old or damaged items which may
indicate obsolescence
Review the aged inventory listing to identify old or slow- moving items,
and discuss the need for impairment with client management.
246
123
4. RECEIVABLES
The audit of receivables usually focuses on whether the customer agrees
with the recorded balance, and whether the debt is likely to be paid.
Audit procedures

Existence Obtain direct confirmation of receivables balances from customers (see
Rights and next page).
obligations
Valuation For a sample of receivables selected from the receivables ledger, inspect
the post year-end bank statements to identify cash received from
customers.
Discuss the allowance for doubtful debts with client management.
Evaluate the reasonableness of their assumptions and reperform any
calculations.
247
4. RECEIVABLES
Customer confirmations
ISA 505 provides guidance to auditors where they wish to use external
confirmations as a form of audit evidence.
How customer confirmations work :
Banks and
financial markets
Banks and Banks and

financial markets financial markets
248
124
4. RECEIVABLES
Different types of customer confirmation
Positive confirmation Negative confirmation
Dear Customer, Dear Customer,
Our auditors request that you confirm Our auditors request that you
to them directly your indebtedness to confirm to them directly your
us at 30 June 2017, which according indebtedness to us at 30 June 2017,
to our records amounted to £4,766. which according to our records
amounted to £4,766.
Please confirm your agreement, or
notify our auditors of the amount If you disagree with this amount,
shown by your records, setting out please notify our auditors of the
the details of the difference. amount shown by your records.
249
4. RECEIVABLES
Positive confirmations encourage definite replies from those contacted.
Negative confirmations only request a reply if the balance is disputed, but
a lack of response might just mean the customer did not receive the
request or chose to ignore it.
Negative confirmations should only be used where:
The risk of misstatement is low
Controls are operating effectively
A large number of small balances are involved
There is no reason to believe that customers will disregard the request.
250
125
5. BANK AND CASH
Accounting knowledge
You can apply your understanding of accounting for cash to the audit.
Illustration
Bank reconciliation £ £
Balance per bank statement 10,500
Less: unpresented cheques
14501 500
14502 1,500
14503 2,600
(4,600)
Add: uncleared lodgements 5,500
5,500
Balance per financial statements 11,400
All items in this reconciliation can be agreed to supporting information from

the bank.
251
5. BANK AND CASH
Audit procedures
The key financial statement assertions to address with suitable audit procedures
are shown in the table:

Valuation Agree the reconciling items in the bank reconciliation to the post year-
end bank statements to confirm they are reasonable.
Rights and Confirm bank balances directly with the bank.

obligations
Existence Count material cash balances held at the client.

Confirm bank balances directly with the bank.
252
126
5. BANK AND CASH
Bank confirmations
Obtaining direct confirmation from the client’s bank provides a reliable
form of audit evidence over bank balances. The process is similar to
obtaining a customer confirmation.
Auditor prepares
confirmation request
Bank sends
Client signs* and
confirmation direct
sends to bank
to the auditor
253
5. BANK AND CASH

Bank confirmations
The form and content of the bank confirmation letter may vary: in
addition to obtaining confirmation of the year-end bank balances, the
auditor may also seek confirmation of:
Loans and overdraft facilities and terms
Contingent liabilities e.g. guarantees given
Securities belonging to the client that are held in safe custody by
the bank.
254
127
6. PAYABLES
The key risk is that payables are understated i.e. completeness. This means it is
important to consider the concept of directional testing:
Selecting a sample of payables balances in the payables ledger will not allow
you to identify missing balances
Instead it is important to select from a reciprocal population.
Audit procedures

Completeness Obtain a sample of supplier statement reconciliations
performed by the client and test the reconciling items.
Inspect the post year-end bank statements and identify
payments to suppliers. Trace these to GRNs and, if they relate to
pre year-end receipts of good/services, check they are included
in the payables balance.
255
7. LONG-TERM LIABILITIES
Long-term liabilities include debentures, loan stock and other
loans repayable at a date more than one year after the year-end.
It is important that the financial statements disclose the correct
split between current and long-term liabilities.
256
128
7. LONG-TERM LIABILITIES
Audit procedures

Completeness Obtain direct confirmation from lenders of balances,
accrued interest and any security held against the loan.
Inspect board minutes for evidence of any new loans.
Confirm repayments are in accordance with loan
agreements.
Presentation Recalculate the split of the loan between current and
and long-term.
disclosure Inspect the financial statements disclosure note for
adequacy.
Accuracy and Verify interest charged for the period and the adequacy of
cut-off accrued interest.
257
8. STATEMENT OF PROFIT OR
LOSS ITEMS
The key financial statement assertion is completeness.
When auditing items in the Statement of Profit or Loss, the auditor is
faced with a large volume of transactions like sales or purchases, so the
most efficient audit approach generally includes a combination of:
Tests of control
Analytical procedures e.g.
 Comparison of figures to prior year and budget
 Review on a month by month or branch by branch basis
 Using the relationship between SPL items and balances e.g. revenue
and receivables, purchases and payables
 Proof-in-total for items such as payroll, depreciation or interest
expense
Some tests of detail.
258
129
9. MATTERS WHICH SHOULD BE REFERRED
TO A SENIOR MEMBER OF STAFF
Matters which should be referred to a senior member of staff include:

Conclusions
Exceptional items
Unusual accounting entries
Indications of possible money laundering
Issues requiring further discussions with the client
259

260
260
130
ICAEW
ASSURANCE
www.bisc.edu.vn
0912 66 1988
261
Chapter 14
CODE OF PROFESSIONAL ETHICS
262
131
OUTCOME
identify the key ethical codes to which ICAEW members are subject
and the sources that influence them
describe the differences between principles and rules based systems
explain why ethics are important to accountants
describe the key features of IFAC and ICAEW codes
explain the fundamental principles of IFAC and ICAEW codes
and answer questions relating to these areas
263
OVERVIEW
Introduction to ethics
for accountants
CODES OF
PROFESSIONAL ETHICS
FRC
IFAC Code ICAEW Code
Ethical Standard
264
132
1. INTRODUCTION TO ETHICS
FOR ACCOUNTANTS
Importance of ethics to accountants
Accountants hold positions of trust with investors, managers,

employees, banks and other stakeholders relying on their work.
Ethical codes aim to:
Ensure that qualified and trainee accountants observe proper
standards of professional conduct
Help the accountancy profession act in the public interest by
providing appropriate regulation of members.
Failure to observe the applicable ethical standards may result in
disciplinary action being taken against the accountant.
265
FOR ACCOUNTANTS
Sources of ethical guidance
Codes of Professional Ethics are issued by most professional bodies. The

principles apply to all members, whether or not they are in practice. The
following codes are applicable to ICAEW accountants:
International Federation of Accountants (IFAC) Code of Ethics for
Professional Accountants: applies to all professional accountants
ICAEW Code of Ethics: applies to ICAEW members and trainees
Financial Reporting Council (FRC) Ethical Standard: applies to UK
auditors.
266
133
FOR ACCOUNTANTS
Principles based or rules based guidance
There are two main approaches to ethical guidance:
Principles based Rules based

Encourages the accountant to May be easier to follow because it
use judgement is objective
Requires compliance with the spirit of Needs frequent updating to ensure the
the guidance guidance applies to new situations
Flexible, so can be applied to new, May encourage accounts to interpret
unusual or rapidly changing situations requirements narrowly in order to get
Can still incorporate rules where round the spirit of the requirements
necessary
A principles-based approach is taken by most professional bodies, including IFAC,

the ICAEW and the FRC.
267
2. IFAC CODE
Issuing body
The IFAC Code is issued by the International Ethics Standards

Board for Accountants (IESBA). IESBA is IFAC’s ethics board.
The IFAC Code applies to all professional accountants.
268
134
2. IFAC CODE
Fundamental ethical principles
The IFAC Code contains five fundamental ethical principles:
Principle Description
Integrity Members should be straightforward and honest in all
professional/business relationships.
Objectivity Members do not allow bias or conflict of interest in
business judgements.
Professional There is a duty to maintain professional knowledge and
competence and skill at an appropriate level and to follow professional
due care standards.
Confidentiality Information on clients must not be disclosed without
appropriate authority, or used for personal advantage.
Professional behaviour Members must comply with relevant laws and avoid
actions that would discredit the profession.
269
2. IFAC CODE
Independence
Assurance providers should be, and be seen to be independent.
The highest degree of independence is required for audit engagements.
Independence is a state of mind that permits the expression of a conclusion
without being affected by influences that compromise professional judgement.
The IFAC Code sets out the approach that accountants should take to
independence issues:
Evaluate
Identify and apply
Identify threats significance of
safeguards
threats
Safeguards are steps that the accountant can take to eliminate the threat, or
reduce it to an acceptable level.
If no safeguards are available, the accountant should:
Eliminate the interest or activities causing the threat
If this is not possible, decline or discontinue the engagement.
270
135
2. IFAC CODE
Threats to independence
The IFAC Code identifies five general sources of threat

to independence.
These are repeated in the FRC Ethical Standard along with a sixth
threat, the management threat (see below).
The definitions given below are taken from the FRC Ethical
Standard so refer to auditors, but the principles apply to
accountants in general.
271
2. IFAC CODE
Threat Definition Example

Self-interest The auditor is reluctant to take Owning shares in a client
actions that are adverse to the
interests of the audit firm
Self-review The auditor is predisposed to Auditing financial statements that
accept/reluctant to question the have been prepared by the audit firm
work done by others in the audit firm
Familiarity The auditor is predisposed to An audit team member has a close
accept/reluctant to question the family member working in the client
work done by the audit client accounts department
Advocacy The auditor takes management’s Promoting the client’s shares in a
side, adopting a position closely share issue
aligned with management
Intimidation The auditor’s conduct is influenced The client threatens the auditor who
by fear is suggesting that a modified opinion
on the financial statements will
be given
272
136
2. IFAC CODE
Safeguards
The IFAC Code identifies two categories of general safeguards that may
be used to eliminate or reduce the threats to independence.
Safeguards created by the profession, legislation or regulation:
Education and training

Continuing Professional Development requirements
Corporate governance regulations
Professional standards
Monitoring of professional work including disciplinary proceedings
External reviews.
273
2. IFAC CODE
Safeguards within the work environment:
Review procedures
Consultations with independent third parties
Rotation of senior staff
Discussions with those charged with governance
Disclosing fees and services to those charged with governance.
274
137
3. ICAEW CODE
The ICAEW Code of Ethics implements the IFAC Code of Ethics.
It applies to ICAEW members and trainees in all professional and
business activities.
The ICAEW Code of Ethics also applies to personal activities such as
volunteer roles.
Illustration
The ICAEW website contains guidance for ICAEW members who wish to
volunteer in roles such as:
Trustee of a charity
Honorary treasurer.
This guidance states that members must still comply with the ICAEW Code of
Ethics and the five fundamental principles outlined above.
275
4. FRC ETHICAL STANDARD
UK auditors must comply with the FRC Ethical Standard* for

auditors when conducting audit engagements.
(* NOTE: The government has announced the abolition of the
FRC. It will be replaced with a new regulator, the Audit, Reporting
and Governance Authority (ARGA). At the time this integrated
workbook went to print, the exact details of this change were not
known. For your exams, it should be assumed that the FRC
remains in place as the regulator of the accountancy profession.)
276
138
4. FRC ETHICAL STANDARD
The Ethical Standard identifies six threats to independence: the five
threats from the IFAC Code (see above) plus one additional threat:
Threat Definition Example

Management The auditor becomes closely The audit firm takes on an
aligned with the views and engagement to design and
interests of management implement the accounting IT
systems for an audit client
In Chapter 15 you will learn about some of the detailed requirements of

the FRC Ethical Standard.
The Assurance assessment will include some questions that provide brief
descriptions of practical scenarios and ask you to apply the relevant
provisions of the Ethical Standard.
277

278
278
139
ICAEW
ASSURANCE
www.bisc.edu.vn
0912 66 1988
279
Chapter 15
INTERGRITY, OBJECTIVITY,
AND INDEPENDENCE
280
140
OUTCOME
explain the concepts of integrity, objectivity and independence and
understand their importance
identify threats to integrity, objectivity and independence
identify safeguards for integrity, objectivity and independence
suggest sensible measures to resolve ethical conflicts
suggest how conflicts of interest between employee duty and
professional duty may be resolved
281
OVERVIEW
Concepts of integrity,
objectivity and
independence
INTEGRITY,
OBJECTIVITY AND
INDEPENDENCE
Threats and Resolving ethical Conflicts of interest

safeguards conflicts and the accountant
282
141
1. CONCEPTS OF INTERGRITY,
OBJECTIVITY AND INDEPENDENCE
Key concepts
Confidence in financial reporting requires the statutory auditor to provide an
opinion on the financial statements that can be trusted.
In order to achieve this, the auditor must:
Be objective in reaching the opinion on the financial statements
Demonstrate independence from the audit client.
Integrity Objectivity Independence
Freedom from
A state of mind situations and
which excludes relationships that
Implies not merely
bias and has may lead a
honesty, but fair
regard to all reasonable and
dealing and
considerations informed third
truthfulness
relevant to the party to conclude
task in hand that objectivity is
impaired
283
Ethics exercise
In the exam you may be asked to identify the threats to independence, or
appropriate safeguards, for a given ethical problem.
Although you will need a good understanding of the contents of the FRC Ethical
Standard, you should also be able to apply common sense to the scenarios which
may be useful if you forget some of the details.
We will start by discussing some common ethical problems.
284
142
Illustration
The following four situations have arisen in relation to audit clients of your firm, Whites &
Harper LLP. Discuss the ethical issues that arise and consider how your firm might respond to
these problems.
Britejet plc
You are about to start work on the audit of this airline company. The client has offered all of
the audit team free flights to a choice of destinations worth up to £500.
Heath Office Solutions Ltd
Bill Self is a partner in your firm. He is leaving Whites & Harper to join Heath Office Solutions as
Finance Director. The client is keen to get Bill on board as he has been the audit engagement
partner for the last few years and knows the business inside out.
Newdell Ltd
The computerised accounting system at your client Newdell has been struggling to cope with
the increased volume of transactions seen as a result of rapid expansion over the last two
years. Your firm has been asked to help them select and implement a new IT system.
Hornets plc
This client has been growing rapidly via acquisitions. In the coming year, total fees from the
company are expected to reach 20% of your practice income.
285
2. THREATS AND SAFEGUARDS
Introduction
The FRC Ethical Standard covers many different threats to independence

and objectivity, suggesting safeguards where possible. In some
situations there may not be any suitable safeguards, in which case the
engagement should be declined or discontinued.
The following sections summarise the key contents of the Ethical
Standard for each of the threats to independence and objectivity.
286
143
Self-interest threat
Scenario giving rise to the Ethical guidance

self-interest threat
Financial interest The audit firm, any partner in the firm or member of the audit team (or
immediate family member of such a person) must not hold a financial
interest in a client.
Business relationships The audit firm must not participate in a business relationship with a
client.
Employment with audit firm and Dual employment is prohibited.
client
Audit partner leaves to take up The firm should resign as auditor.
employment with a client Cannot take on the audit again for two years.
Employee of audit firm Employee to inform audit firm.
negotiating employment with a Firm to remove the employee from the engagement and perform a review
client of their recent work on the client.
Close personal and family Staff with close personal or family relationships with a member of client
relationships staff should not work on the engagement.
Gifts and hospitality Do not accept gifts or hospitality from a client unless the value is trivial.
Loans Loans from the auditor to client are prohibited.
Loans from client to auditor are prohibited unless made by a bank in
the normal course of business.
Overdue fees (akin to a loan) Consider resignation if fees remain unpaid.
Contingent fees Contingent fees are prohibited.
287
Fee dependence (non- When regular fee income exceeds 10% of the firm’s fee income:
listed client) Disclose to Ethics Partner
Disclose to those charged with governance at the client
Implement independent quality control review of the audit.
When regular fee income exceeds 15% of the firm’s
fee income:
Cannot act as auditor.
Fee dependence (listed client) When regular fee income exceeds 5% of the firm’s fee income:
Disclose to Ethics Partner
Disclose to those charged with governance at the client
Implement independent quality control review of
the audit
Seek to reduce fees.
When regular fee income exceeds 10% of the firm’s
fee income:
Cannot act as auditor.
Lowballing Firm may charge any audit fee but the engagement partner
should document that adequate resources have been allocated in
order to comply with Auditing and Ethical Standards.
Fee cap for listed clients Total fees from non-audit services must be no more than 70% of
the average audit fee of the last 3 years.
288
144
Self-review threat

self-review threat
Client staff joins the audit firm No involvement in the audit for two years.
Audit staff complete loan It is prohibited for audit staff to be temporarily ‘loaned’ to a
assignment to client client.
Accounting services offered Non-listed clients: allowed with safeguards
to an audit client Separate teams
Mechanical/technical work only
Quality control review of audit. Listed clients: not allowed.
Valuation services offered to Non-listed clients: not allowed if material and
an audit client subjective.
If immaterial item, allowed with safeguards.
Separate teams
Second partner review
Management acknowledge responsibility for valuation.
Listed clients: not allowed.
Contingent fees Contingent fees are prohibited.
289
Preparing tax calculations Non-listed clients: allowed with safeguards

for accounting entries in Separate teams
an audit client Review of tax work by independent
tax partner
Quality control review of audit.
Listed clients: do not prepare tax calculations for
the purpose of making material accounting
entries.
Internal audit services Providing internal audit services to an audit
offered to an audit client client is prohibited, for both listed and unlisted
entities.
IT services offered to an IT services are prohibited for both unlisted and
audit client listed entities where they relate to the
accounting or financial management system,
or where they involved taking the role of
management.
290
145
Familiarity threat
familiarity threat
Recruitment services provided to an Prohibited for both listed and non-listed clients. This includes advising on
audit client the appointment of a director or employee, or advising on a remuneration
package.
Close family or personal Audit firm employees who have close relationships with client staff
relationships should not work on the audit.
Long association scenarios
Non-listed: engagement partner Situation should be monitored over time to ensure the risk is not too
significant for the audit firm.
The audit firm may decide to ‘rest’ the engagement partner from the
engagement for a period of time to ensure that independence is not
affected.
Listed: engagement partner Rotate off after five years (can extend to seven with Audit Committee
approval).
No return for five years.
Listed: quality control review Rotate off after seven years.
partner No return for five years.
Non-listed client becomes listed: Take previous service into account.
engagement partner If already served more than four years can only continue for two
more.
No return for five years.
Listed: other senior staff Review independence after seven years.
291

Advocacy threat

advocacy threat
Corporate finance services The firm is not allowed to promote, deal in or
offered to audit client underwrite a client’s shares.
If corporate finance services are offered, risks must be appraised
and safeguards implemented where possible, e.g. separate
teams, second partner review, making disclosures to the audit
committee.
Legal services offered to an An audit firm must not act as a solicitor representing the client
audit client in a legal case.
If legal services are offered, risks must be appraised and
safeguards implemented where possible, e.g. separate teams,
second partner review, making disclosures to the audit
committee.
Representing an audit client This is prohibited if the issue is material to the financial
in a tax tribunal or court to statements.
resolve a tax dispute Otherwise it may be carried out with safeguards:
Separate teams
Obtain advice from an external tax professional.
292
146
Intimidation threat
Scenario giving rise to Ethical guidance

the intimidation threat
Close family or personal Audit firm employees who have close relationships
relationships with client staff should not work on the audit.
Business relationships The audit firm must not participate in a business

relationship with a client.
Audit partner leaves to The firm should resign as auditor.
take up employment Cannot take on the audit again for two years.
with a client
Actual or threatened Disclose to those charged with governance at
litigation the client.
Consider resignation.
293
Management threat
Scenario giving rise to Ethical guidance

the management threat
Any additional non-audit Do not take on management roles.
service provided to an Use the engagement letter to clarify the
audit client where the responsibility of management for decision making
auditor may take on a and to limit the involvement of the audit firm to
management role work of a more mechanical or technical nature.
Establish informed management (where the auditors
believe that the member of management designated
by the audit client to receive the results of a non-
audit service provided by the auditor has the
capability to make independent management
judgements and decisions on the basis of the
information provided).
294
147
3. RESOLVING ETHICAL CONFLICTS
You have now seen how the FRC Ethical Standard deals with
common ethical issues.
Remember that the ethical guidance for accountants is principles
based, so when an ethical problem is identified the accountant
should consider the principles as well as the detailed guidance.
The ICAEW Code of Ethics sets out a framework for members to
follow when faced with an ethical conflict.
295
3. RESOLVING ETHICAL CONFLICTS
The professional accountant should consider the following:

Relevant facts
Relevant parties
Ethical issues involved
Fundamental principles related to the matter
Established internal procedures
Alternative courses of action.
The individual accountant should then consider the most
appropriate course of action. If this is not clear, the accountant
may need to refer the matter:
1. In-house e.g. to the Ethics Partner
2. Externally e.g. ICAEW ethics helpline.
296
148
4. CONFLICTS OF INTEREST AND THE
ACCOUNTANT
Professional accountants working in industry may face more pressure to
behave unethically than those in practice, whose employers are also
bound by the codes of ethics applying to the accountancy profession.
Employers outside of accountancy firms may not understand the nature
and importance of an accountant’s professional duty.
For example, an accountant may come under pressure from the board of
directors to prepare budgets which are overly optimistic in order to
increase the company’s chance of securing a bank loan.
The ICAEW Code of Ethics gives advice to accountants in such
conflicting situations.
1. Try to resolve the matter internally
2. Obtain advice from the ICAEW
3. Seek legal advice
4. Consider resignation as a last resort.
297

298
298
149
ICAEW
ASSURANCE
www.bisc.edu.vn
0912 66 1988
299
Chapter 16
CONFIDENTIALITY
300
150
OUTCOME
recognise the importance of confidentiality, including compliance
with GDPR
identify the sources and risks of accidental disclosure of information
identify steps to comply with GDPR and prevent accidental disclosure
of information
state when information may/must be disclosed
identify conflicts of interest and describe how to respond to them
301
OVERVIEW
Safeguards
Risks Disclosure
Money
Importance
CONFIDENTIALITY laundering
Conflicts of interest
302
151
1. CONFIDENTIALITY
The importance of confidentiality
Confidentiality is a fundamental principle in the IFAC and ICAEW

Codes of Ethics. In addition to this, accountants and auditors are
bound by the Data Protection Act 2018 and the General Data
Protection Regulation (GDPR).
A key factor in the auditor/client relationship is trust.
If the client does not trust the auditor they may not provide all of the
information that the auditor requires in order to form their opinion
on the financial statements.
The auditor has a duty of confidentiality which must not be breached
except in certain circumstances (see below).
303
Data protection
The GDPR is a regulation in EU law on data protection and privacy that aims to
give individuals control over their personal information. The Data Protection Act
2018 extends domestic data protection laws to areas which are not covered by
the GDPR.
Under both the GDPR and the Data Protection Act:
anyone who processes personal information must ensure that it is protected
individuals have the right to access both their personal data and information
about how it is being processed; and
personal data can only be held if there is a specific lawful reason to do so, or if
the individual has explicitly opted-in to allow storage of data.
Auditors need to be aware of their potential obligations in this area in relation to
any individual whose data they hold.
304
152
Risks to confidentiality
A professional accountant should be aware of the risks to confidentiality

at all times.
Accidental disclosure is a key risk.
It is important to keep client information confidential:
In social environments
Within the firm
After the end of a business relationship
When changing employment or acquiring a new client.
Accountants should also avoid making improper use of client information
(e.g. insider dealing).
305
Safeguards
Physical and electronic security measures should be put in place to avoid

disclosure. Firms should ensure that all who work on their behalf are
trained in, and understand:
The importance of confidentiality
The importance of identifying any confidentiality and conflict of
interest issues
The procedures in place for identifying confidentiality and conflict of
interest issues.
306
153
Disclosure
Disclosure of confidential client information may be permitted, or

required, in certain situations.
Right to disclose Duty to disclose

Client permission obtained If ordered to disclose by a court
Where disclosure is in the public If required by a regulator e.g. Financial
interest To defend the firm in a Conduct Authority, Charity Commission
negligence claim Suspicions of money laundering should
be reported to the National
Crime Agency
Suspicions of terrorist activities should
be reported to the police
307
Money laundering
The Money Laundering Regulations 2007 makes it a criminal offence not

to report a suspicion of money laundering to the appropriate authority.
Reporting money laundering is not seen as a breach of confidence.
The firm must not advise the client they have made the report as this
will constitute an offence of tipping off.
Each firm must have a Money Laundering Compliance Principal who will
be responsible for making the disclosure.
Examples of money laundering include:
Keeping customer overpayments
Non-compliance with a regulation to save costs
Criminal offences under the Companies Act e.g. an illegal loan to
a director.
308
154
2. Conflicts of interest
There is nothing improper in an accountant having two clients
whose interests are in conflict.
Indeed, many accountancy firms use their expertise in a particular
industry sector as a selling point, which increases the chances of
them having clients who are in competition with each other. It is
important that the firm can demonstrate that their work on one
client will not adversely affect another client.
The ICAEW Code of Ethics gives advice to accountants in situations
where there is a conflict of interest between their clients:
Notify the relevant clients of the situation
Seek their consent to continue to act for both parties.
309
2. Conflicts of interest
If the firm continues to act for two clients whose interests are in conflict
then safeguards should be implemented to preserve confidentiality:
Separate teams
Information barriers
 Ensure no overlap between different teams
 Physical separation of teams
 Procedures for maintaining security of paper and electronic records
Confidentiality agreements signed by employees and partners
Review of the application of safeguards by an independent partner.
If adequate safeguards cannot be implemented, the firm may have to
cease to act for one or both of the clients.
310
155
311
311
156

ICAEW Assurance

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ICAEW Assurance

Uploaded by

Copyright:

Available Formats

ICAEW

Ha Long Giang, ACA, FCCA, CPA

The aim of ICAEW Assurance is to ensure that students understand the

The Assurance modules will be examined using computer based e-assessments.

Ha Long Giang, ACA, FCCA, CPA

CONCEPT OF AND NEED

Elements of Elements of Elements of Elements of

An assurance engagement is one in which a practitioner

Practitioner Auditor, Assurance firm

E.g. financial statements,

E.g. accounting standards

Evidence Sufficient and appropriate

Written Report Conclusion or opinion

Test your understanding

For a statutory audit assignment, list the following:

For a statutory audit assignment, list the following:

Limited assurance Reasonable assurance

High but not absolute level

Conclusion expressed negatively Conclusion expressed positively

E.g. an engagement to review E.g. the audit of financial

‘Based on our review, nothing has

Different types of engagement

The following are some examples of assurance engagements:

2. TYPES OF ASSURANCE ENGAGEMENT

Professional scepticism is an attitude that includes a questioning mind, being alert

Periods beginning on or after 1 January 2016

2. TYPES OF ASSURANCE ENGAGEMENT

Required to have rules to ensure Companies Act 2006 prohibits a

The following are the benefits of carrying out assurance:

3. BENEFITS AND LIMITATION

See you next lesson!

Ha Long Giang, ACA, FCCA, CPA

Before we are able to accept appointment we will have to satisfy

The previous auditor is a retiring sole practitioner, and being a long-standing

From the information provided, what factors would you consider in

Some of the consideration of appointment will require information on

Prospective auditors will contact the previous auditors to

Approach by potential new

To comply with the Money Laundering Regulations 2007, correct

Client identification documents must be kept for a minimum of 5 years

Ensure outgoing auditors' removal/resignation has been

Audit engagement letters

Audit engagement letters are issued after the auditors have

Define the extent of firm’s and management’s responsibilities

The contents of an engagement letter are covered in ISA 210

Engagement letters should be sent to: (PICK ONE)

See you next lesson!

Ha Long Giang, ACA, FCCA, CPA

Fraud & Related

Audit strategy: Determines scope, timing and

1. THE PLANNING PROCESS

The key components of the audit strategy are:

2. UNDERSTANDING THE ENTITY

ISA 315 details the following aspects as important in gaining an

2. UNDERSTANDING THE ENTITY

ISA 315 requires the auditor to use the following:

Importance of materiality in the audit

Materiality is defined as an expression of the relative significance of a

At the planning stage, materiality drives the level of work to be carried

Importance of risk assessment

Auditors usually adopt a risk-based approach to auditing.

The audit risk model

AUDIT RISK = Inherent risk x Control risk x Detection risk