F8 Study Guide
standards, monitor compliance by its members with the rules
A. AUDIT FRAMEWORK AND REGULATION
1. The concept of audit and other assurance engagements
a) Identify and describe the objective and general principle of
external audit engagements
+ O: Give a true and fair view(present fairly),
the accounting records are accurate and complete,
FS are prepared in accordance with an applicable financial
reporting framework in all material respects
+ P : Compliance with applicable ethical principles(such as ACCA’s Rule)
Compliance with ISA(Int’l Standards on Audition)
Keep an attitude of professional skepticism
b) Explain the nature and development of audit and other
assurance engagements
+ The accounting and auditing professions have been under the
public spotlight, and as a result of certain events, many changes
have occurred in relation to audit and assurance engagements.
c) Discuss the concepts of accountability, stewardship and
agency
+ accountability (people in a position of power can be held to
account for their actions
+ Stewardship (the responsibility to take good care of resource)
+ agency(occurs when on party, the principal, employs another party,
the agent, to perform a task on their behalf)
+ The directors are the stewards of the company
+ The shareholder is the principal, employing the directors
+ The directors are accountable to the shareholders
d) Define & provide the objectives of an assurance engagement
+ An engagement in which a practitioner expresses a conclusion
designed to enhance the degree of confidence of the intended users
other than the responsible party about the outcome of the evaluation
or measurement of a subject matter against criteria
+ Offering an opinion about specific info so the users of that info are
able to make confident decision knowing that the risk of the info
being ‘incorrect’ is reduced.
e) Explain the five elements of an assurance engagement
+ The three parties involved (prepares, users, practitioner)
+ an appropriate subject matter (the FS prepared by management)
+ suitable criteria, against which the subject matter is evaluated
+ sufficient appropriate evidence
+ a written assurance report in an appropriate form
f) Describe the types of assurance engagement
+ Reasonable(External audit, positive, high level of assurance,
confidence)
+ Limited(Review, negative, lower level of assurance, moderate)
g) Explain the level of assurance provided by an external audit
and other review engagements and concept of true and fair
presentation
* + Draft standard produces and commented on by interested parities
2. External audits
a) Describe the regulatory environment within which external
audits take place
+ Provision of audit services is regulated by ISAs as well as Codes of
Ethics and Company law.
b) Discuss the reasons and mechanisms for the regulation of
auditors
+ IFAC is basically just a group of accountancy bodies and it has no
legal standing. Therefore, countries need to have regulations in place
for regulating auditors
+ (regulatory body) offer professional qualifications, provide evidence
of technical competence, competence is maintained, fit and proper
who act with professional integrity, members use appropriate technical
+ (government) The government may establish rules and procedures
to do all the work the regulatory bodies do now
, + Leaving the profession to investigate and regulate itself could be
seen as a conflict of interest, but equally it could be seen as being the
most practical solution.
c) Explain the statutory regulations governing the appointment,
rights, removal and resignation of auditors
+ (requirement) a member of a recognized Supervisory body,
allowed by that body to act as an auditor or be directly authorized by
the state
+ (can’t be an auditor) the directors, secretory, employee, business
partners or employee of the above
+ (appointment) shareholders appoint the auditor, the appointment
will be made at an AGM and run until next AGM
+ (responsibility) obtain clearance from the client to write to existing
auditor
+ (rights) unfettered access to the company’s books and records, all
explanations and info to be provided, Notice of all general meetings,
Right to be heard at all such meetings on matters of concern to the
auditor
+ (removal) By majority at a general meeting(specified notice), may
resign(but must submit a statement outlining the circumstances of
their resignation)
d) Explain the regulations governing the rights and duties of
auditors
+ (duties) Do the FS provide present fairly, prepared in accordance
with applicable accounting standards, prepare and issue a report
+ Proper accounting records are kept, The FS reflect the underlying
accounting records, if the auditor has not visited a branch, that branch
has made proper returns, all necessary info and explanations have
been received, info issued with FS is consistent with FS, if any info
required by law is no in the FS, it is in the auditors’ report
+ (rights) access to all accounting books and records at all times, all
info & explanations necessary for the proper conduct of the audit, to
receive notice of all meetings of the shareholders and to attend those
meeting, the right to speak at shareholders’ meeting on matters
affecting the audit or the auditor, if the company uses written
resolution, the auditors should have a right to receive a copy of all
such resoulutions
e) Describe the limitations of external audits
+ The limitations of an audit mean that it is not possible to provide a
100% guarantee.
+ Many businesses with a recent clean audit report have
subsequently gone out of business, Not all transactions are checked, The
opinion is based on evidence, often provided by management, Many
controls can be overridden by management
f) Explain the development and status of IASs
+ IAASB reviews auditiong developments and takes suggestions from
interested parties
+ Project task force appointed to work on the detail
+ Consultation by meeting or consultation paper
for a period of 120 days(exposure period)
+ Project task force considers comments and amendments made if
appropriate
+ Standard finalized and approved by meeting of IAASB at which
there must be a minimum of 12 members
g) Explain the relationship between ISAs and national standards
+ IFAC is not able to enforce its standards to nation
+ It’s up to individual countries to implement the standards if they
deem it appropriate.
+ Nat’l Regulatory bodies will be charged with enforcing
implementation of auditing standards, enforce quality control of audit
and inspect audit files.
+ Countries may do this by allowing the accountancy profession to
implement the above, or set up an independent authority to do it.
+ Countries also have the choice to set their own standards of
implement or modify ISA’s to suit their needs
3. Corporate governance
a) Discuss the objectives, relevance and importance of corporate
governance.
+ Corporate governance is the system by which companies are
directed and controlled. It is concerned with matters such as directors
responsibilities, the board of directors, the audit committee and
relationship with external auditors. The aim of corporate governance
initiatives is to ensure that companies are run well in the interests of
their shareholders and wider community.
+ (Poor Corporate Governance) Many corporate failures have been
blamed on poor corporate governance. Poor controls allowed
management to abuse their position either in the form of excessive
executive pay or manipulation of results to the ultimate detriment of
shareholders.
+ The directors are responsible for implementing a system of governance.
Auditors will have an interest also because poor governance makes it
more likely that material errors exist in the firms’ FS
+ (Responsibility for auditors) An error in the FS, An error in the
corporate governance statement
b) Discuss the provisions of international codes of corporate
governance (such as OECD) that are most relevant to auditors.
+ The OECD issued principles of Corporate Governance in 1999. The
purpose are ‘improve the legal, institutional are regulatory framework
for corporate governance’, ‘to provide guidance and suggestions for
stock exchanges, investors, corporations and other parties that have
a role in the process of developing good corporate governance
+ (6 principles) Clear basis for an effective corporate governance
framework. Shareholders Rights(management of company should
recognize that they’re agents of the shareholders and act in their
interests at all times, Shareholders should be treated equitably (all
shareholders whether institutional or minority should be treated in a
fair and just manner), Rights of stakeholders should be
recognized(co-operation between the organization and stakeholders
should be encouraged), Timely, accurate disclosures(all material
matters of the company should be disclosed), Duties of the
board(The board should effectively monitor management and be
accountable to the company and stakeholders)
+ (Auditor and OECD principles) an annual audit should be carried
out by an independent, competent, qualified auditor to provide
assurance to the board and to shareholders. The auditors are also
under a duty of care to provide a competent service and are
accountable to the shareholders.
+ (the Board and OCED principles) Review and guide corporate
strategy, evaluate and monitor, appointment and monitoring of key
executives, board remuneration, monitor and manage the agency
problem, setting and manage appropriate system of control,
c) Describe good corporate governance requirements relating to
directors’ responsibilities(e.g. for risk management & internal
control) and the reporting responsibilities of auditors
+ (Directors Responsibilities) The directors are responsible for
implementing a sound of governance. (Auditors will have an interest
in the standards of corporate governance at a firm because a poor
system of governance will make it more likely that material errors
exist in the firms’ FS)
+ (good CG the board side) Chairman and CEO should be unfettered
people to prevent unfettered power, Half of the board to be NED,
there should be a rigorous and transparent nomination process,
Directors should submit for re-election regularly
+ (good CG remuneration side) Excessive remuneration should be
avoided, Linked to the performance of the corporation, the directors
should not be responsible for setting their own pay, there should be
a clear procedure for setting directors remuneration
+ (good CG Internal Control side) A sound system of internal
controls should be maintained, an audit committee should be
established, if no internal audit function, the need for one should be
considered on an annual basis
+ (responsibilities for auditors for reporting on CG) A statement
regarding CG must be included in the annual report/ this statement
is reviewed by the auditor and any inconsistencies with the info in
the annual report highlighted/ if the inconsistency highlights an error
in the FS, the auditor will issue a qualified report if the directors
refuse to amend the error/ if the error is in the CG statement, the
auditor will add an emphasis of matter paragraph to their report
d) Evaluate corporate governance deficiencies and provide
recommendations to allow compliance with international
codes of corporate governance
e) Analyze the structure and roles of audit committees and
discuss their benefits and limitations.
+ (Structure of the committee) At least one member of the
committee should have recent and relevant financial experience.
There should be at least 3 non-executive director’s(smaller 2)
+ (role) to improve the quality of financial reporting, to increase the
confidence of the public in the FS, assist directors in meeting their
responsibilities in respect of financial reporting, provide a channel to
external auditors to report concerns or issues, review the company’s
system of internal controls, Strengthen the position of internal audit
by providing greater independence form management, appointment
of external auditor
+ (advantage) Independent Reporting(provide internal audit with an
independent reporting mechanism. Without this management may
be tempted to hide unfavorable reports), Frees up Executive
time(leaves top executives free to manage by providing expertise on
financial reporting), Corporate Governance monitored(Ensures that
corporate governance requirements are brought to attention of the
board), Appropriate internal controls(Should ensure that an
appropriate system of internal control is maintained), Better
Communication(between directors, external audit and management),
Strengthens external audit independence
+ (disadvantage) Executive directors may perceive it as a treat to
their authority, Finding non-executive directors with appropriate
expertise may be difficult, additional costs will be involved, too much
detail may be thrust upon non-executive directors
+ (why does the external auditor speak first to the Audit Committee)
To ensure independence between the board and the audit firm. The
audit committee has more time to review the audit report and other
communications than board, the audit committee can ensure that
any recommendations from the auditor are implemented, The audit
committee also has more time to review the effeteness and efficiency
of the work of the external auditor than the board.
+
f) Explain the importance of internal control and risk
management
+ Internal controls can’t eliminate risk, but they can minimize it.
+ (I/C help) Safeguard the assets of the company, Prevent and detect
fraud, Safeguard the investment of the shareholders
+ (how?) Carrying out regular reconciliations on key ledgers, keeping
assets under lock and key, PW and computer system security.
+(R/M) Risks can arise from many sources and be of various natures.
So companies need mechanisms in place to identify and then assess
those risks. In so doing companies can rank risks in terms of their
relative importance by scoring them with regard to their likelihood
and potential impact. Once identified and assessed, the company
must decide on appropriate ways to manage those risks
+ (R/M can) Transferring the risk to another party, avoiding the risk
by ceasing the risky activity, reducing the risk by implementing
effective controls, accepting the risk and bearing the cost and
consequence if the risk happens.
g) Discuss the need for auditors to communicate with those
charged with governance.
+ Those charged with governance are basically those responsible for
running the company – those responsible for good corporate
governance too therefore.
+ (Why?) Help build a working relationship between each other, Help
the auditor get info abt specific transactions, Help TCWG oversee the
FR process, which is their responsibility.
+ (objectives of the auditor) to communicate clearly with TCWG the
 responsibilities of the auditor in relation to the FS audit and an
overview of the planned scope and timing of the audit, to obtain
from TCWF info relevant to the audit, To provide TCWG with timely
observations arising from the audit that are significant and relevant
to their responsibility to oversee the financial reporting process, to
promote effective two-way communication between the auditor &
TCWG
+ (what should be communicated) auditor’s responsibility, auditors
plan & approach, Key risks identified at planning, any significant
difficulties or adjustments, aby written presentations needed, any
suspected fraud, any modification to the opinion, compliance with
ethical standards,
4. Professional ethics and ACCA’s Code of Ethics and conduct
a) Define and apply the 5 fundamental principles of professional
ethics of integrity, objectivity, professional competence and
due care, confidentiality and professional behavior.
+ (Integrity) Members should be straightforward and honest in all
business and professional relationships
+ (objectivity) Members should not allow bias, conflicts of interest or
undue influence of others to override professional or business
judgements
+ (professional competence & due care) When performing
professional services, a professional accountant should show
competence and duty of care by keeping up to date with
developments in practice, legislation and techniques.
+ (Confidentiality) Members should respect the confidentiality of
information acquired as a result of professional and business
relationships and should not disclose any such information to third
parties without proper or specific authority of unless there is a legal
or professional right or duty to disclose/
+ (professional behavior) members should comply with relevant laws
and regulations and should avoid any action that discredits the
procession.
b) Define and apply the conceptual framework, including the 5
threats to the fundamental principles of self-interest, self-
review, advocacy, familiarity, and intimidation.
+ (purpose) fundamental principles of ethical behavior, potential
threats to compliance with these fundamental principles, possible
safeguards which can be implemented to eliminate the threats
identified or reduce them to an acceptable level.
+ (good things) If we set framework and principles would be of little
use if they could not be enforced. Disciplinary of that will be fines,
suspension and withdrawal of membership.
+ (Self-interest) where the auditor has a financial or other interest in
the client. A financial or other interest that will inappropriately
influence the judgement or behavior of the assurance provider.
(dependence on client) if a client makes up too high percentage of
an auditors income, they may be afraid of losing the income ->
S.G If a listed company makes up more than 10% of a firms
income, they should not audit that client.(15% for non-listed
companies)
(Lowballing) is setting a very low fee either to attract new clients or
ensure further work -> S.G auditors should not set fees in this way,
the fee must be based on a predetermined level of work required.
(Loans, Guarantees and overdue fees) if an auditor fears he may not
get such items paid back his objectivity may be threatened. In this
case significant overdue fees constitute a loan-> S.G do not offer
loans, guarantees or allow fees to go unpaid for a significant time.
(Hospitality and benefits) any such items given to the auditor by a
client could be seen to be a bribe. -> S.G do not accept
(Contingent Fees) where auditors fees are contingent on another
event happening. -> S.G Fees are not to be determined in this way.
(Financial or Business interest) where a close family member or
personal friends is in a senior position within the client firm, or the
auditor seeks employment with the client. -> S.G avoid such
situations
(financial interest such as shares) if an auditor own shares in a
business they may be tempted to avoid revealing information
which will have a effect on the value of their investment -> S.G an
assurance firm, any partner in the firm or an immediate family
member of these may not have a direst or indirect interest in the
client. Any member of the team who has such an interest must
dispose of it or be removed from the team
+ (self-review) Where non-audit work is provided to an audit client
and is then subject to audit, the auditor will be unlikely to admit to
errors in their own work, or may not identify the errors in their
own work. If an auditor provides other services to a client such as
Tax advice, then the auditor will be reviewing their own work
during the course of the audit
(Accounting services) if an auditor prepares the accounts it is 100%
sure that they will be reviewing their own work. They may be
tempted to hide errors to save face. -> S.G Auditor must not
undertake accounting services for a client is they are a Listed
company. No management decisions should be made in other
companies and a different team should provide each service.
(IT) if the auditor advises on or installs accounting software for a
client this will have to be reviewed during the audit. -> if they IT
system is important to a significant part of the accounting system,
the auditor should not design, provide or implement it.
(Valuation Services) A valuation made by the auditor could have a
material effect on the FS -> S.G if valuation requires a degree of
judgement and have a material effect on the FS, then the auditor
should not undertake to provide it.
(Tax Services) As mentioned above, the tax work carried out will be
reviewed during the course of the audit and may encourage the
auditor to hide mistakes. -. S.G If likely to have a material effect on
the financial statements should not be taken on.
(Corporate Financial Services) This could be construed as making
management decisions. S.G as long as not making decision it is
acceptable to assist client in raising finance or developing
corporate strategies.
(Internal Audit Services) External audit may use the work of internal
audit as evidence as evidence some of their conclusions. -> S.G If
significant reliance is to be placed on the work of internal audit,
this should not be undertaken
(Former Employee of Client joining Audit Firm) If this occurs there is
a chance the person could be auditing work or systems they were
previously responsible for -> S.G The employee can’t be involved
in the audit until two years have elapsed
+ (Advocacy) Here the auditor is expected to defend or justify the
position of the client, and act as an advocate. This is a threat to
objectivity and independence.
(Legal Services) if an auditor provides legal services, they may be
perceived to take the same view as the client and therefore lose
independence. -> S.G No legal services to be offered to client or
defense in dispute material to the FS.
(Corporate Financial Services) May be seen to be less than
independent if advising on such matters. -> S.G Don’t negotiate
on clients behalf with the bank or advise on debt restricting.
+ (Intimidation) actual or perceived pressures from the client, or
attempts to exercise undue influence over the assurance provider. -
> e.g. Fee dependency, personal relationships, audit partner joining
the client, litigation with between the audit firm and client.
+ (Familiarity) auditor and client have a too close relationship.
(Participation in Client affairs) the auditor may be too familiar with
the client and be unwilling to upset them. -> S.G Auditor can’t be
a director, employee or business partner of client. Can’t be part of
team if have been one of these in the last 2 years.
(Family/personal relationship) An auditor may be unwilling to
criticize or upset a family member if they work for the client. ->
S.G No member of the audit team may have a family member or
close personal relation in the client firm.
(Audit Partners joining client) If a partner joins the client firm this
may affect the judgement of the auditors involved. -> S.G All links
to audit firm severed. Removed from audit team as soon as
appointment made. If made director or key management and has
worked for auditor in previous 2 years the audit firm must resign.
(Acting as Auditor for prolonged period) If a partner has acted as
auditor for a client for too long a period, they may become
complacent or over familiar with them. -> S.G If client is listed
company engagement partners should act for maximum of 5 yrs
with 5 yr break in between rotaions. A Key audit partner must have
a break of 2 yrs after a period of 7 yrs and senior staff on listed
audits should also not act for more than 7 yrs. For non-listed
clients it is advised that partners act for no longer than 10 years.

c) Discuss the safeguards to offset the threats to the
fundamental principles.
+ Safeguards independence is the responsibility of the audit firm &
the profession.
+ (Audit Firm level) a culture of independence should be created, this
means a rotation of the engagement partner and senior staff.
(Training) to an appropriate level for the role, (quality control
procedures) ensures that independence is considered in all work
performed by the audit firm. (Consultation) so issues can be
discussed internally and procedures are laid out to facilitate this.
(Ethical codes) of conduct, (internal controls)
+ (the profession) should take disciplinary action as appropriate. The
profession regularly suggests new practices and procedures designed
to improve auditor independent. So (regular rotation of auditors
made compulsory), (using audit committees), (ACCA exams and CPD),
(Corporate Governance and auditing standards)
+ (the individual) auditor can limit ethical threats by (Complying with
CPD regulations), (Keeping in contact with fellow professionals),
(Independent Mentor used to discuss individual threats)
d) Describe the auditor’s responsibility with regard to auditor
independence, conflicts of interest and confidentiality.
+ (Dealing with Threats) Identify any potential threats, Evaluate what
level of risk they pose, Check that necessary safeguards are in place,
correct any problems if necessary. The audit firm should have a
checklist to ensure that they meet with the standards required on
Independence.
+ (Confidentiality) Information should only be disclosed by auditors;
if the client have given their consent, under a legal obligation, if
required by regulatory body, under a court order, if in the public
interest(e.g. environmental pollution), IF one of these categories is
not applicable, then the auditor is under no obligation to disclose
information and in fact may be in breach of the ACCA code of
conduct for doing so.
5. Internal audit and governance, and the difference between
external audit and internal audit
a) Discuss the factors to be taken into account when assessing
the need for internal audit.
+ Internal Audit is a department within the company which oversees
internal control systems and ensures that procedures are in place to
ensure good corporate governance.
+ (Internal Audit provides assurance to the board by) Reporting on
and monitoring the effectiveness of internal controls, Assisting with
implementation of required accounting standards, Ensuring that laid
down procedures are being followed, Liaising with external auditor to
reduce time and expense of external audit, Ensure compliance with
OECD principles.
+ (The need depends on) Scale, diversity and complexity of the
business/ # of employees/ Desire for risk control
+ (Reasons to have an IA Dept.) (Value for money audits (I/A may be
able to offer VFM services or review potential upgrades systems,
(accounting system) while not complex, accounting systems in detail
ensuring that fee calculations are correct, (Computer systems)
Maintenance of computer systems is critical. I/A could review the
effectiveness of back up and disaster recovery arrangements.
(Internal Control Systems) I/A could check whether basic control
systems are needed, recommending implementation of controls
where appropriate, (Effect on audit fee) Provision of internal audit
may decrease the audit fee where external auditors can place
reliance on the work of internal audit. This is unlikely to happen
during the first year of internal audit due to lack of experience.
(Corporate governance) I/A could still recommend polices for good
corporate governance, (Compliance with regulations) An I/A dept.
could help ensure compliance with regulations, (Assistance to
financial accountant) I/A could provide assistance in compliance with
financial reporting standards,
+ (Against establishing of internal audit dept) (No statutory
requirement) As there is no statutory requirement, the directors may
see internal audit as a waste of time and money and therefore not
consider establishing the dept. (Accounting systems) Many
accounting systems are not necessarily complex so the directors may
see the need for another department to review their operations,
check integrity. (Family business) There is no need to provide
assurance to other shareholders on the effectiveness of controls,
accuracy of financial accounting systems (Potential Cost) There would
be a cost of establishing and maintaining the internal audit
department. (Review threat) Some directors may fee challenged by
an internal audit department reviewing their work
b) Discuss the elements of best practice in the structure and
operations of internal audit with reference to appropriate
international codes of corporate governance.
+ (remember) I/A should report to the Audit Committee, Scope of I/A
work should be determines by audit committee or chief internal
auditor, Controls should be established to avoid self review by internal
auditors, Staff should be rotated into different areas of work, The
head of I/A should be sufficiently experienced and professionally
qualified.
+ (Independent side) The I/A function will need to be professionally
competent, sufficiently resourced and well organized in order to carry
out its’ function effectively. Although the I/A dept. is paid for and part
of the company, care must be taken to keep it objective and
independent.
+ (Independence maintain) Have them report to an independent
committee(i.e the Audit Committee), Ensure that I/A function is well
regarded by other departments, Have a ‘whistle blowing’ function for
internal audit to report serious misconduct when found.
c) Compare and contrast the role of external and internal audit.
External audit Internal audit
Objective Express an opinion on the Improve the company’s operations
truth and fairness of the FS in by reviewing the efficiency and
a written report effectiveness of internal controls
Reporting To shareholders To management or TCWG
Availability of report Publicly available Not publicly available
Scope of work verifying the truth and fairness Wide in scope and dependent on
of the FS management’s requirements
Appointment and By the shareholders of the By the audit committee or board
removal company of directors
Relationship with Must be independent of the May be employees or an
company company outsourced function
6. The scope of the internal audit function, outsourcing and
internal audit assignments.
a) Discuss the scope of internal audit and the limitations of the
internal audit function
+ (Scope) Effectiveness of systems and internal controls, whether
manuals are followed, whether internally produced info is reliable,
Compliance with OECD
+ (limitation) (reporting system) reporting to the finance director –
who is responsible for some of the info being reported on -> Report
to Audit Committee instead, (Scope of work) could be decided by
executive directors and thus influenced away from their particular
areas -> Scope decided by chief internal auditor or audit committee,
(audit work) auditing their own work -> Chief internal auditor doesn’t
establish any controls herself, (Lengths of service) too long in I/A and
there may will be a familiarity threat -> rotation of work into
different areas, (appointment of chief I/A) Appointed by the whole of
the board or audit committee.
b) Explain outsourcing and the associated advantages and
disadvantages of outsourcing the internal audit function.
+ (Outsourcing) is when an external specialist organization is used to
carry out functions which would normally be performed within the
entity.
+ (Service organizations usually operate) the service organization
fully maintains the outsourced function OR the service organization
executes transactions only at the request of the entity, or acts as a
custodian of assets.
+ (Advantage) the provider will have specialist staff, cost of
employing and training full staff is avoided, outsourcing provides an
immediate internal audit dept, the time scale is flexible with the
contract lasting just for the appropriate time, independence may be
improved, audit methodology and technologies will be up to date.
 + (Disadvantages) If internal and external audit are provided by the
same firm then there may be a conflict of interest, independence
may not be ensured by outsourcing due to threat of management
not renewing the contract, the cost of outsourcing may be so high as
to encourage the firm not to have an internal audit function at all,
lack of understanding of firms culture, objectives and attitudes, The
standard of service provided cannot be controlled, Blurring of the
distinction between internal and external audition function.
+ (minimizing, managing risks of outsourcing) setting and reviewing
performance measures, quality reviews and working paper review,
clear agreement on scope, responsibilities and reporting procedures,
ensure external audit and internal audit are two separate functions.
c) Discuss the nature and purpose of internal audit assignments
including value for money, IT, financial, regulatory compliance,
fraud, investigations and customer experience
+(
d) Discuss the nature and purpose of operational internal audit
assignments.
e) Describe the format and content of audit review reports and
make appropriate recommendations to management and
those charged with governance.
+ The report should be to the person who commissioned the
assignment. Usually this will be the Audit Committee or Head of I/A.
+ The internal audit report doesn’t have a formal reporting structure.
(A typical report will include) Terms of reference – the requirements
of the assignment, Executive summary – the key risks and
recommendations, Body of the report – a detailed description of the
work performed and the results of that work, appendix – containing
any additional info that doesn’t belong in the body of the report.
+ (recommendations) Describing the deficiencies identified,
consequences of those deficiencies and recommendations for
improvement, be set out clearly and concisely, recommendations and
findings easy to pick out, be fair & consistent
B. Planning and risk assessment
1. Obtaining, accepting and continuing audit engagements
a) Discuss the requirements of professional ethics and ISAs in
relation to the acceptance/continuance of audit engagements.
+ Auditors may advertise their services. But adverts should not bring
the ACCA into disrepute, discredit the services of others, be
misleading, or fall short of regulatory or legislative requirements.
+ An auditor is required under ISA 315 to gain an understanding of
their client. Auditors should screen clients to ensure they are not
high risk.
+ (Is the client involved in any fraudulent/illegal activities?) what is the
nature of the industry in which they are involved? Has the client had
a history of changing auditor regularly or had qualified audit reports
in the past? Do client directors understand their role and are they
able to carry it out?
+ (Are management trustworthy?) The risk to the auditor is ‘reputation
risk’. i.e. that they will be associated with a poorly regarded client.
b) Explain the preconditions for an audit
+ Auditors should only accept a new audit engagement when it has
been confirmed that the preconditions for an audit are present.
+ (Is the FR framework acceptable?) Consider the entity & the purpose
of the FS. Perhaps, also, laws say which FR framework should be
used.
+ (Do management accept their responsibilities?) for preparing FS, For
internal controls, for giving the auditor all relevant info they request.
+ (If the preconditions for an audit are not present) the auditor shall
not accept the proposed audit engagement.
c) Explain the process by which an auditor obtains an audit
engagement
+ Auditors should screen clients to ensure they are not high risk. The
risk to the auditor is ‘reputation risk’. An auditor is required under
ISA 315 to gain an understanding of their client.
+ (Questions to ask will be) (1) Is the client involved in any
fraudulent/illegal activities? (2) what is the nature of the industry in
which they are involved? (3) has the client had a history of changing
auditor regularly or had qualified audit reports in the past? (4) do
client directors understand their role and are they able to carry it
out? (5) are management trustworthy?)
+ Other areas to help gain an understanding are) the market and its
competition, legislation and regulation, regulatory framework,
ownership of the entity, nature of products/services and markets,
location of production facilities and factories, key customers and
suppliers, capital investment activities, accounting policies and
industry specific guidance, financing structure, significant changes in
the entity on prior year
+ (new engagement process) the following procedures should be
undertaken if an auditor is offered an audit role : (1) the client
should be asked for permission to contract the outgoing auditor. (2)
contact the outgoing auditor to ask is there si any professional
reason not to take the role. (3) ensure process of appointment and
resignation of previous auditor was carried out correctly. (4) Ensure
there are no independence issues. (5) Ensure that the audit firm is
properly qualified to act for the client. (6) Undertake risk assessment
of the firm. (7) Ensure that the audit firm has adequate resources to
conduct the audit. (8) Consider size of client, business area etc and
how this will affect the audit. (9) What level of fees will be provided –
is it worth it? Does it make up more fees % than allowed?
+ (Tendering for audit work) (1) Fee : a fee will be quoted for a piece
of audit work before it is carried out under a tendering process. The
auditor must not lowball as we have seen above, nor may they make
unrealistic claims or promises to win the contract. (2) Get information
: the potential client will inform the auditor of what is expected, the
timetable, future plans of the company and any problems with
current auditor. (3) Proposal : The auditor may then draw up a
proposal containing ; proposed audit fee, nature, purpose and legal
requirements of an audit, assessment of the requirements of the
client, how audit firm proposes to satisfy requirements, any
assumptions made, propose audit methodology, outline of audit firm
and personnel, ability of firm to perform the audit
+ (Pre-conditions) is the Financial framework used acceptable?
( consider the type of business & relevant laws and the uses of the
FS)
+ (Client Decision) The client will decide on the basis of clarity,
relevance, professionalism, reputation, timeliness of delivery and
originality which firm will conduct the audit.
d) Discuss the importance of engagement letters and their
contents.
+ An engagement letter is a letter from the auditor to the client
indicating various matters concerning the engagement. The
engagement letter is sent before the audit to the client confirming
their acceptance of the audit.
+ (contents) ISA 210 Terms of Engagement gives guidance as to their
content, but as a role most will include ; the objective of the audit,
managements’ responsibility for the FS, the scope of the audit
including reference to legislation and professional standards, the
form of report to be used, use of the work of internal audit,
reference to inherent limitations of an audit, access to information to
be allowed, deadlines and confidentiality, expectations of
management representations, fees, complaints procedures.
e) Explain the quality control procedures that should be in place
over engagement performance, monitoring quality and
compliance with ethical requirements.
+ (Definitions for QC) (1) Engagement partner: the partner responsible
for the audit engagement, performance and report also she has the
appropriate authority from a professional, legal or regulatory body.
(2) Engagement QC review; provides an objective evaluation, before
signing the report, of any significant judgements & conclusions. It is
for listed entity audits and anywhere the firm thinks such a review is
required. (3) Engagement QC reviewer; someone not part of the
engagement team, with experience and authority to objectively
evaluate the significant judgments & conclusions. (4) Engagement
team; all partners and staff performing the engagement, plus anyone
engaged by to do audit work. This excludes external experts. (5)
Firm: A sole practitioner, partnership or corporation of professional
accountants. (6) Inspection: these provide evidence of compliance
with the firm’s quality control polices. (7) Listed entity: An entity
 whose shares are quoted on a stock exchange. (8) Monitoring; an
ongoing evaluation of the firm’s quality control. It includes periodic
inspections of a selection of completed engagements.
+ (Principles & purpose, firms need to be sure the audits they perform
meet quality standards) (to decrease the risks) (1) Litigation against
us for professional litigation, (2) Incorrect audit opinion and hence an
increased investor confidence in the FS. (There are 2 standards on
QC) (1) At the firm level international standard on Quality control
1(ISQC 1) – QC for firms that perform audits and review.—ISQC 1
identifies 6 building blocks of a firm’s system of qc; Ethics, client
relationship, leadership, HR, Engagement performance, monitoring (2)
at the individual audit level – QC for audits of historical financial
information.
+ (Elements of QC system) Firm level QC: the objective of the firm is
to establish and maintain a system of quality control to provide it
with reasonable assurance that (a) the firm and its personnel comply
with professional standards and applicable legal and regulatory
requirements, and (b) Reports issued by the firm or engagement
partners are appropriate in the circumstances.
(Leadership) An internal culture focused on quality is key, this means
training, appraisal & mission statements, commercial considerations
never override quality, pay & benefits must reflect commitment to
quality, and resources must be available to support quality
(HR) All staff to have a capabilities & competence to ensure quality,
appraisals and development regularly.
(Engagement issues – planning) Discuss known risks with the client
and document, staff suitably qualified and experience, have
knowledge of the client, contentious areas must be consulted on in a
cost effective way, A timetable for suitable reviews, ensure
independence and any issues addressed, time pressure. ‘All audits
should be planned to ensure that adequate time can be spent to
obtain sufficient appropriate audit evidence to support the audit
opinion.
(Engagement issues – Super vison) Staff supervised and assessed to
control the work flow. Any problems tackled immediately and
consultation on any deviations from the original plan.
(Engagement Issues – Review) Review has the purpose of identifying
previously unrecognized problems and examining them along with
the rest of the work carried out. Is the amount of evidence gathered
sufficient or is further work required?, QC can be achieved during
the review stage by: 1) learn lessons from mistakes made, appraisal
staff immediately after assignments to praise & or constructively
criticize
(Monitoring) Ensure new developments in standards and regulations
are implemented, ensure CPD is kept up to date, any breaches to
monitoring system dealt with.
(Ethical Requirements) Have procedures to comply with ethical
requirements, Emphasize through leadership, education/training,
monitoring and dealing with non-compliance), Have procedures to
identity independence threats, ensure that firm is notified of
breaches of ethical requirement promptly.
+ (type of review - hot reviews) a ‘hot’ review is carried out before
the audit report is signed. Performed by a suitably independent
reviewer such as a senior manager. Listed company engagements
must have a hot review as well as those of public interest or with
significant risks. (it reviews the quality of the judgements made such
as; ts the firm independent? Are risk assessment judgements
justified? Use of work outside the audit team. Have misstatements
been correctly dealt with? Do working patpers support the
conclusions reached? Is the final engagement report justified in the
circumstanced?)
+ (type of review – cold reviews) A ‘clod’ review is a review carried
out after the audit report is signed. It will be designed to identify
problems in procedures and poor practice. The cold review should
make recommendations for improvements
+ (Engagement Performance) [directing the engagement team means
telling them about;] (1) their ethical responsibilities, their need to plan
and perform an audit with professional skepticism. (2) the objectives
of the work to be performed. (3) the nature of the entity’s business.
(4) Risk-related issues. (5) Problems that may arise. (6) The detailed
approach to the performance of the engagement.
[Supervision includes;] seeing if the team has enough time and
competence to do their job. Also whether they understand their
instructions. Addressing significant matters arising during the audit
and modifying the plan appropriately. Identifying matters for
consultation with experienced engagement team members.
[Reviews include;] Ensuring that work of less experienced team
members is reviewed by more experienced ones. Ensuring that
significant matters have been raised for further consideration.
Appropriate consultations have happened. The work performed
supports the conclusions reached and is appropriately documented.
[The engagement Partner’s Review of work performed] This involices
timely reviews of the following (1) Critical areas of judgment, (2)
Significant risks
[Engagement QC review] Note the following; if helps to see if
sufficient appropriate evidence has been obtained. It is done
throughout the audit so significant matters are promptly resolved
before the date of the auditor’s report. Documentation of the review
may be completed after the auditor’s report. The extent of the review
depends on the complexity of the audit, if the entity is listed and the
risk of an inappropriate auditor’s report.
+ (Assigning the Audit Team) you need to consider the team’s
competence and capabilities; (1) Understanding of, and experience
with, similar audits, (2) Understanding of professional standards and
regulations, (3) IT expertise and any specialist accounting/auditing, (4)
Knowledge of the client’s industry, (5) Ability to apply professional
judgement, (6) Understanding of the firm’s quality control policies.
+ (Individual Level of QC) ISA220 Quality control for audits of
specifies the following quality control procedures that should be
applied by the engagement team in individual audit assignments.
(Client acceptance procedures) There should be full documentation,
and conclusion on, ethical and client acceptance issues in each audit
assignment. The engagement partner should consider whether
members of the audit team have complied with ethical requirements,
whether all members of the team are independent of the client.
Additionally, the engagement partner should conclude whether all
acceptance procedures have been followed, that the audit firm has
considered the integrity of the principle owners and key management
of the client. Other procedures on client acceptance should include;
Obtaining professional clearance from previous auditors,
consideration of any conflict of interest, Money laundering procedures
(Establish the identity of the entity and its business activity, if the
client is an individual, obtain official documentation including a name
and address, Consider whether the commercial activity makes
business sense. Obtain evidence of the company’s registered address.
Establish the current list of principal shareholders and directors.)
(Engagement team) Procedures should be followed to ensure that the
engagement team collectively has the skills, competence and time to
perform the audit engagement. The engagement partner should
assess that the audit team, (1) has the appropriate level of technical
knowledge, (2) has experience of audit engagements of a similar
nature and complexity. (3) has the ability to apply professional
judgement. (4) understand professional standards, and regulatory and
legal requirements.
(Direction) The engagement team should be directed by the
engagement partner. The planning meeting should be led by the
partner and should include all people involved with the audit. There
should be a discussion of the key issues identified at the planning
stage. Procedures such as an engagement planning meeting should
be undertaken to ensure that the team understands; (1) Their
responsibilities, (2) the objectives of the work they are to perform, (4)
the nature of the client’s business, (4) risk related issued, (5) how to
deal with any problems that may arise
(Supervision) Supervision should be continuous during the
engagement. Any problems that arise during the audit should be
rectified asap. Attention should be focused on ensuring that members
of the audit team are carrying out their work in accordance with the
planned approach to the engagement. Significant matters should be
brought to the attention of senior members of the audit team.
(Review) The review process is one of the key quality control
procedures. All work performed must be reviewed by a more senior
member of the audit team. Reviewers should consider; (1) work has
been performed in accordance with professional standards, (2) the
objectives of the procedures performed have been achieved, (3) work
supports conclusions drawn and is appropriately documented.
(Consultation) Finally the engagement partner should arrange
consultation on difficult or contentious matters. This is procedure
whereby the matter is discussed with a professional outside the
 engagement team, and sometimes outside the audit firm.
Consultations must be documented to show; (1) the issue on which
the consultation was sought, (2) the result of the consultation
2. Objective and general principles
a) Identify the overall objectives of the auditor and the need to
conduct an audit in accordance with ISAs.
+ (Overall objectives) (1) to obtain reasonable assurance whether FS
as a whole are free from material misstatement, whether due to
fraud or error. (2) to express an opinion on whether the FS are
prepared, in all material respects, in accordance with a relevant
financial reporting framework. (3) to report on the FS, and
communicate as required, in accordance with the auditor’s findings.
+ ISA 200 says “To obtain reasonable assurance, the auditor shall
obtain sufficient appropriate evidence to reduce risk to an
acceptably low level. ISA 315 extends this “to identify and assess
the risk of material misstatement,,, designing and implementing
responses to the assessed risks of misstatement”
+ (Conducting the audit in accordance with ISAs) (1) ensure that the
auditor is fulfilling all of their responsibilities, (2) allows a user to
have as much confidence in one auditor’s opinion as another’s and
therefore to rely on one audited set of financial statements to the
same extent that they rely on another. (3) ensures that the quality
of audits internationally, is maintained to a high standard(thereby
upholding the reputation of the profession), (4) Provides a measure
to assess the standards of an auditor’s work
b) Explain the need to plan and perform audits with an attitude
of professional skepticism, and to exercise professional
judgement.
+ (When planning and performing an audit, the auditor should adopt
and attitude of professional skepticism) It is “An attitude that
includes a questioning mind, being alert to conditions which may
indicate possible misstatement due to error of fraud, and a critical
assessment of audit evidence”. In other words, they must not
simply believe everything management tells them
+ (The exercise of professional judgement in planning and performing
an audit) the auditor will need to exercise professional judgement
on both the quality and the quality of evidence. (So he has to
judge) (1) when is there sufficient evidence, (2) what is the quality
of this evidence, (3) is it consistent with what is known from
elsewhere?, (4) are assumptions reasonable?
(The auditor needs to not only see a record of what the
assumptions are, but also challenge them and understand how
they affect the conclusions the client has come to), Factors to help
with the judgement are; the seriousness of the risk, the materiality
of the item, the strength of internal controls, the sampling method
used.
3. Assessing audit risks.
a) Explain the components of audit risk
+ Audit risk is the risk that the auditor expresses an inappropriate
audit opinion when the FS are materially misstated. Stated another
way, this is the risk that there is a material misstatement in the FS,
but the auditor misses it and says that they present fairly.
+ audit risk = Inherent Risk x Control risk x Detection Risk
(Inherent Risk) will be considered at the planning meeting as it
depends on the auditors’ knowledge of the business. (1) A cash
based business: this is often a problem as there must be very
strong controls in place if a business is cash based one. The
auditor may fee that there are insufficient controls in place to
mitigate this risk which may lead to limitation of scope. (2) Fast
moving industry: In fast moving industries such as IT or fashion
there may be a risk that the inventory held by the business
becomes obsolete. The auditor may take expert advice on the
valuation of inventory, or they may review post year-end sales to
ensure the good are sold for more than they are valued at in the
FS.
(Control Risk) This is the risk of material misstatement due to
inadequate internal controls within the business. The auditor will
make a judgement as to the suitability and strength of internal
controls – we will examine how this is done at a later stage. (1) No
segregation of duties: Segregation of duties is where different tasks
in a process are performed by different people. (e.g an invoice is
raised by one person and the cheque is written by another and
authorize by someone else. If this control is weak or not in place,
the auditor may have to increase the sample size to ensure the FS
present a true and fair view. (2) No controls over access to assets: If
employee have unfettered access to the assets of the business with
no restriction, this will increase the risk of theft or damage to those
assets. If the auditor finds this to be the case, more physical checks
of the existence and condition of assets will have to be carried out.
(3) No controls over access to IT: If a business does not use
passwords and other protection to protect its’ computer systems
this can lead to data loss or manipulation without authorization. If
these controls are not in place the auditor will have to understand
the system to assess the ease of which it can be manipulated and
check for anomalous trends using analytical review.
(Detection Risk) This is the risk that the work carried out by the
auditor does not uncover a material misstatement that exists. (1)
non-sampling risks: The auditor did not sufficiently investigate a
significant balance. The procedures used may have been
inappropriate or misinterpreted. (2) Sampling risk: arises from the
possibility that the auditor’s conclusion, based on a sample may be
different from the conclusion reached if the entire population were
subjected to the same audit procedure. This is another way of
saying that the sample selected by the auditor was not
representative of the data. Detection risk may be increased by
things such as inexperienced audit staff or tight deadlines to
complete the audit.
b) Explain the audit risks in the financial statements and explain
auditor’s response to each risk
+ The auditor is trying to detect material misstatements in the FS to
avoid issuing the wrong opinion. The auditor is not looking to
identify risks which affect the profitability of the client, they are
business consultants.
+ Audit Risk, Business Risk 구별 필요(e.g below)
Factor Audit Risk Business Risk
Customers are Receivables may be overstated Bad debt may arise
struggling to if bad debts are not written off reducing the profits of
pay debts the company
The client Inventory may be overstated if Inventory may have to
operates in a the inventory is obsolete and be written off reducing
fast paced NRV is lower than cost the profits of the
industry company
Revenue is If other factors are present, Falling revenue will
falling due to this could mean the company result in reduced
recession is unable to continue to trade profits and possible
for the foreseeable future and going concern issues.
going concern disclosures may
be required. There is a risk
that adequate disclosure is not
made
+ (문풀방향) Once the risks are identified, you must suggest a
relevant audit response to the risk identified. (e.g blow)
* [Audit Risk] Overstatement of receivables due to bad debts not
written off. -> [Relevant response] Inspect after date cash receipts
from customers to see if paid post year end providing the debt is
appropriately valued -> [Irrelevant response] Obtain the
receivables listing and cast it. Obtain external confirmation from
customers to confirm existence. -> [Explanation] The risk
identified is overvaluation. Obtaining the listing does not provide
evidence that the debts are appropriately stated. External
confirmation is providing evidence for the existence but not the
valuation.
* [Audit Risk] Overstatement of inventory due to obsolete items not
written off. -> [Relevant response] Obtain the aged inventory
listing and review for old items. Discuss with management the
need for these to be written down in the FS. -> [Irrelevant
response] attend the inventory count to confirm existence of the
inventory. -> [Explanation] As written, the response of attending
the inventory count is confirming existence, not valuation. This
should be re-worded to say attend the inventory count and look
out for old or obsolete items that should be written down in the
FS.
* [Audit Risk] Going concern disclosures may not be adequate if
the company has trading difficulties. -> [Relevant response]
 Assess the client’s ability to continue as a going concern by
examining the forecasts prepared by management and assess the
reasonableness of the assumptions used in the forecast. ->
[Irreverent response] Perform an analysis of past performance
and assess the profitability of the company. Calculate liquidity
ration. -> [Explanation] Analyzing past performance does not
help indicate how the company will perform in the future.
Profitability is not the best indicator of going concern. Profits can
be distorted by accounting policies. A company can be profitable
but not have sufficient cash available to pay its suppliers and
employees. Circulation of ratios can help identify indicators of
going concern problems but further procedures would need to
be performed to obtain evidence of the company’s ability to
continue to trade
c) Define and explain the concepts of materiality and
performance materiality.
+ ISA 320 defines; Misstatements, including omissions, are considered
to be material if they, individually or in the aggregate, could
reasonably be expected to influence the economic decisions of
users taken on the basis of the financial statements.
+ (Significance of materiality) if FS contain material misstatement they
cannot be deemed to show a present fairly. As a result, the focus
of an audit is identifying the significant risks of material
misstatement in the FS and then designing procedures aimed at
identifying and quantifying material misstatement.
+ (How is materiality determined?) the determination of materiality is
a matter of professional judgement and that the auditor must
consider; (1) whether the misstatement would affect the economic
decision of the users, (2) both the size and nature of
misstatements, (3) the information needs of the users as a group.
“Traditional benchmarks for materiality” 0.5~1% of revenue, 5~10%
of profit before tax, (3) 1~2% of total assets.
+ (material by nature) Materiality is not just purely financial concern.
Some items may be material by nature. Ex) Misstatements that,
when adjusted, would turn a reported profit into a loss for the
year/ Misstatements that, when adjusted, would turn a reported
net-asset position into a net-liability position(or net-current asset to
net-current liability)/ Transactions with directors like salary and
benefits, personal use of assets/ Disclosures in the FS relating to
possible future legal claims or going concern issues.
+ (Performance materiality) it’s unlikely, in practice, that auditors will
be able to design test that identify individually material
misstatements. It is much more common that misstatements in
aggregate are material. This is also referred to as ‘creeping
materiality’. Auditors also only test on a sample basis, so they have
to evaluate their findings and determine how likely is that errors
identified in the sample are representative of material errors in the
whole population under scrutiny. Materiality, as determined for the
FS as a whole may not be the best guide in determining the nature
and extent of audit tests. For this reason, ISAs introduce a further
concept: “Performance materiality”
* Definition: The amount set by the auditor at less than materiality for
the FS as a whole to reduce to an appropriately low level the
probability that the aggregate of uncorrected and undetected
misstatements exceeds materiality for the financial statements as a
whole.
* The auditor sets performance materiality at a value lower than
overall materiality, and uses this lower threshold when designing
and performing audit procedures. * In using this lower threshold,
the auditor is more likely to identify misstatements. This reduces
the risk that the auditor will fail to identify misstatements that are
material when added together.
d) Explain and calculate materiality levels from financial
information.
+ (1) The auditor will decide materiality levels and design their audit
procedures to ensure that the risk of material misstatements is
reduced to an acceptable level. Generally, materiality will be set with
reference to the FS such as: 0.5~1% of turnover, 5~10 of profits
before tax, 1~2% of gross assets. Judgement will be used by the
auditor in charge and will depend on the type of business and the
risks it faces.
+ (2) Considerations. (Quantity) The relative size of the item. (Quality)
this might be something that’s low in value but could still affect
users’ decisions
4. Understanding the entity and its environment
a) Explain how auditors obtain an initial understanding of the
entity and its environment.
+ Firstly the auditor needs to understand the entity’s environment,
this require the auditor to assess: Industry conditions, principle
business strategies, competitors, laws and regulations, technology,
stakeholders, financing, acquisitions and disposals, related parties,
competence of management, accounting policies.
+ From a number of sources; (1) Internal to the audit firm such as
last years’ file. (2) External sources such as credit reference agencies,
(3) Information provided by the client, (4) The auditor’s personal
experience and knowledge.
+ ISA 315 requires a planning meeting where ‘the members of the
engagement team should discuss the susceptibility of the entity’s
financial statements to material misstatement’. The minutes of this
meeting should be documented as evidence of its occurrence.
Analytical procedures should be undertaken at this stage to establish
an understanding of the financial statements and draw attention to
anomalies.
+ (Risk Assessment Procedures) assess the risk that material
misstatement exists. This involves recognizing the nature of the
company and management, interviewing employees, performing
analytical procedures, observing employees at work, and inspecting
company records. After you run through all applicable risk-
assessment procedures, you use the results to figure out how high
the chance is that your client has material financial-statement
mistakes.
b) Describe and explain the nature, and purpose of, analytical
procedures in planning.
+ (Def.) Analytical procedures consist of ‘evaluation of financial
information through analysis of plausible relationships among both
financial and non-financial data’. Analytical procedures are
compulsory at 2 stages namely the planning stage and the review
stage.
+ (purpose) the auditor is requires to perform analytical procedures
as risk assessment procedures in order to: (1) obtain an
understanding of the entity and its environment. (2) assist in
assessing the risks of material misstatement in order to provide a
basis for designing and implementing responses to the assessed
risks. (3) Help identify the existence of unusual transactions or event,
and amounts, ratios and trends that might indicate matters that have
audit implications. (4) Assist the auditor in identifying risks of
material misstatement due to fraud
+ (analytical procedures include comparisons of the entity’s financial
information with) Comparable info for prior periods, anticipated
results of the entity, such as budgets or forecasts, or expectations of
the auditor, such as estimation of depreciation. Similar industry
information, such as a comparison of the entity’s ratio of sales to
accounts receivable with industry averages or with other entities of
comparable size in the same industry.
+ (analytical procedures include consideration of relationships)
among elements of financial information that would be expected to
conform to a predictable pattern based on the entity’s experience,
such as gross margin percentages. Between financial information and
relevant non-financial information, such as payroll costs to number of
employees.
+ (type of analytical procedures) Trend analysis, Ratio analysis,
reasonableness testing: comparing expectations based on financial
data, non-financial data, or both to actual results.
c) Compute and interpret key ratios used in analytical
procedures.
+ (Profitability ratios)
* Gross margin : gross profit/sales revenue
* Net margin : profit before tax/sales revenue
* Overstated revenue because of inappropriate revenue recognition
or cut off issues.
 * Understated cost of sales because of incomplete recording of
purchases.
* Understated cost of sales because of overvaluation of closing
inventory.
+ (Efficiency Ratio)
* Receivables days : receivables/revenue x 365days
* Payables days : payables/purchases x 365days
* Inventory days : inventory/cost of sales x 365days
* worsening credit control and increased need for receivables
allowance.
* ageing and possible obsolete inventory that could be overvalued.
* poor cash flow leading to going concern problems which would
require disclosure.
+ (Liquidity ratios)
* Current ratio : current assets / current liabilities
* Quick ratio : (Current assets-inventory)/current liabilities
* these ratios indicate how able a company is to meet its short
term debts. As a result these are key indicators when assessing
going concern
+ (Investor Raitos)
* Gearing : borrowings/(share capital + reserves)
* ROCE : profit before interest and tax / (Share capital + reserves + borrowings)
* Gearing is a measure of external debt finance to internal equity
finance. ROCE indicates the returns those investment generate.
5. Fraud, laws and regulations
a) Discuss the effect of fraud and misstatements on the audit
strategy and extent of audit work.
+ In order to detect fraud, the auditor must maintain an attitude of
professional skepticism – meaning to always aware of possibility of
fraud, regardless of past experience of the client. Once an error or
fraud has been found by the auditor then the auditor needs to re-
assess his original risk assessment of the audit. It will make the
audit higher risk and hence increase the testing that needs to be
done. Also it may well make the auditor question further the
integrity of the management and the effectiveness of control.
+ All of this will result in; More testing on the areas in which fraud is
suspected/ perhaps not relying on the representations of
management if they are suspected of involvement in fraud./
Materiality may be reduced./ Evidence provided by the client may
not be relied upon./ The auditor may have to generate more 3 rd
party evidence.
+ (Reporting fraud and error) Fraud and error must be reported to
management or the audit committee ASAP.
+ (What about reporting to shareholders?_ By including a paragraph
in the audit report
+ (What if it’s in the public interest?) Report to a 3 rd party, especially
if management involved.
b) Discuss the responsibilities of internal and external auditors
for the prevention and detection of fraud and error.
+ (Management Responsibilities) Safeguard should be in place to
avoid fraud and error through the systems and controls the
company operates, Internal audit function will be responsible for
monitoring and implementation of these.
+ (Auditor Responsibilities) If fraud or error leads to a material
misstatement, the auditor is responsible for detecting it./ If
immaterial, these should be reported to those charged with
governance, but there is no responsibility to detect them./ The
inherent limitations of audit mean that the auditor cannot
guarantee that the financial statements are free from fraud and
error./ The auditor must consider the risk of material misstatement
due to fraud and error when planning and performing their audit./
If discovered, fraud should be reported to the audit committee, or
the highest level of management, or the shareholders if the fraud
is by those in senior management.
c) Explain the auditor’s responsibility to consider laws and
regulations.
+ Management is responsible for ensuring that the company
complies with laws and regulations
+ (auditors are responsible for) concluding FS free from
misstatements caused by non-compliance with laws and
regulations./ Having a general understanding of the legal and
regulatory framework within which the company operates./
applying professional skepticism./ Obtaining a general
understanding of applicable laws and regulations./ Understanding
how the entity complies with those laws and regulations./
Identifying instances of non-compliance./ being aware of the
impact of breaches of regulations on the assertions.
+ (Responsibilities of management and TCWG) (1) Prevention and
detection of fraud and error. (2) Strong risk management and
internal control. (3) A culture of honestly and ethical behavior. (4)
Compliance with applicable laws and regulations. (5) Monitoring
legal requirements. (6) Developing, publicizing and following a
code of conduct. (7) Training.
6. Audit planning and documentation
a) Identify and explain the need for and importance of planning
an audit.
+ Plan the audit so that the engagement will be performed in an
effective manner. Time spent planning the audit to ensure it is
carried out efficiently will reduce the time taken and thus the cost.
The planning process will also access and thus reduce risk. The
auditor will want to ensure that the correct team is in place to
conduct the audit, they are working efficiently and that work is
focused on material areas of risk and potential problem areas.
+ (Planning activities) Risk Assessment: the identification of risk will
determine the entire audit process. Audit Strategy: The audit
strategy sets out the scope, timing and direction of the audit.
+ (The scope) The scope of the audit will be determined by the
reporting framework applied as well as any industry specific
requirements. If there are any geographical or other factors which
may affect the audit, they will be considered here.
+ (Timing) The timing of the audit will be set out any deadlines
applicable and the dates of the interim and final audit visits. The
interim audit is conducted before the final audit to evaluate
controls and document the systems in place. In addition there may
be some substantive tests carried out. The attendance at the stock
count will be carried out at this time and perhaps the receivables
circularization. The final audit will involve the bulk of the audit
work and it may be possible to concentrate on the statement of
financial position figures if sufficient work has been carried out
during the interim audit
+ (Direction) The direction of the audit will be determined by the
identification of high risk areas and materiality. The strategy
decided upon will be tailored to the client and the nature of their
business and their structure. The auditor must ensure that the
strategy selected is appropriate.
b) Identify and describe the contents of the overall audit
strategy and audit plan.
+ (audit strategy) Identify the characteristics of the engagement.
Ascertain the reporting objectives to plan the timing of the audit
and the nature of communications. Consider the significant factors
and results of preliminary engagement activities that will direct the
team’s efforts. Ascertain the nature, timing and extent of resources
necessary to perform the engagement.
+ (audit plan) Once the audit strategy has been established, the next
stage is to develop a specific, detailed plan to address how the
various matters identified in the overall strategy will be applied.
The audit plan is much more detailed than the overall strategy
 because it includes details of the nature, timing and extent of the
specific audit procedures to be performed. Planning these
procedures depends, largely, on the outcomes of the risk
assessment process, which was discussed earlier.
+ (The audit plan should include specific description of) * The nature,
timing and extent of risk assessment procedures. * The nature,
timing and extent of further audit procedures, including; - what
audit procedures are to be carried out, - who should do them, -
how much work should be done, -when the work should be done,
* any other procedures necessary to conform to ISA’s.
c) Explain and describe the relationship between the overall
audit strategy and the audit plan.
+ Whilst the strategy sets the overall approach to the audit, the plan
fills in the operational details of how the strategy is to be achieved.
It is vital that both the strategy and the plan are fully documented
as part of audit working papers.
+ (The audit strategy document should identify the main
characteristics of the engagement which define its scope) If the
accounts have been prepared in accordance with IFRS. How much
audit evidence obtained in previous audits will be used. Whether
computer-assisted audit techniques will be used. The availability of
key personnel.
+ (The document should understand the reporting objective) in
order to plan the timing of the audit. The audit timetable for
reporting and whether there will be an interim as well as final
audit. Organization of meeting with management to discuss any
audit issues arising. Location of inventory counts. The timings of
the audit team meetings and review of work performed.
+ (The document should show the factors directing the audit team’s
effort such as) Materiality levels, using professional skepticism in
gathering and evaluating audit evidence.
+ (It should consider the knowledge from prelim planning & other
areas such as) Results of previous audits and any tests of internal
controls. Evidence of management’s commitment to the design,
implementation and maintenance of sound internal control. Volume
of transactions, which may determine whether it is more efficient
for the audit team to reply on internal control.
d) Explain the difference between and interim and final audit.
+ The auditor must consider the timing of audit procedures: whether
to carry out an interim audit and a final audit, or just a final audit.
+ (Interim audits) can be completed part way through a client’s
accounting year. This allows the auditor to spread out their
procedures and enables more effective planning for the final stage
of the audit. This is particularly useful when there is a tight
reporting deadline which increases detection risk. Normally
documenting the system, evaluating controls, testing specific
transactions, interim receivables circular.
+ (Final audit) takes place after the year-end and focuses on the
remaining tests and areas that pose significant risk of material
misstatement. Include: statement of financial position balanced
which will only be known at the year-end. Transaction testing for
transactions that have occurred since the interim audit took place.
Year-end journals which may include adjustments to the
transactions tested at the interim audit. Obtaining evidence that
the controls tested at the interim audit have continued to operate
during the period since the interim audit took place.
e) Describe the purpose of an interim audit, and the procedures
likely to be adopted at this stage in the audit.
+ The interim audit can be used to; test specific and complete
material transactions. Test transactions such as sales, purchases and
payroll for the year to date. Assess risks that will impact work
conducted at the final audit. Attend perpetual inventory counts.
+ For an interim audit to be justified the client normally needs to be
of sufficient size because this may increase costs. In argument to
this, an interim audit should improve risk assessment and make
final procedures more efficient. If there is to be an interim as well
as a final audit the timing has to be
* Early enough – not to interfere with year-end procedures at the
client and to give adequate warning of specific problems that need
to be addressed in planning the final audit.
* Late enough – to enable sufficient work to be done to ease the
pressure on the final audit.
f) Describe the impact of the work performed during the interim
audit on the final audit.
+ If an interim audit is carried out this will have the following
impacts; if the controls tested at the interim stage provided evidence
that control risk is low, fewer substantive procedures can be
performed. / If substantive procedures were performed at the interim
stage, fewer procedures will be required at the final audit in
general. / as fewer procedures are being performed, the final audit
will require less time to perform. / the audit report can be signed
closer to the year-end resulting in more timely reporting to
shareholders. / if the interim audit identified areas of increased risk,
increased substantive procedures will be required at the final audit
g) Explain the need for, and the importance of, audit
documentation.
+ ISA 230 Audit Documentation requires auditors to prepare and
retain written documentation that: Provides a sufficient appropriate
record of the auditor’s basis for the audit report. / Provides
evidence that the audit was planned and performed in accordance
with ISAs and applicable legal and regulatory requirements. /
Assists the engagement team to plan and perform the audit. /
Assists members of the engagement team responsible for
supervision to direct, supervise and review the audit work. /
Enables the engagement team to be accountable for its work. /
Retains a record of matters of continuing significance to future
audits.
+ Documentation should be sufficient to enable an experience
auditor, with no previous connection to the audit, to understand:
the nature, timing and extent of audit procedures performed. / the
results of the procedures performed and the evidence obtained. /
the significant matters arising during the course of the audit and
the conclusions reached thereon, and significant professional
judgements made in reaching those conclusions.
h) Describe the form and contents of working papers and
supporting documentation.
+ All documentation should be retained in an audit file. The audit file
will follow the structure below: planning, audit work carried out on
each section of the financial statements. Completion and review.
+ Auditor must document: What items were tested, Who did the
testing, When was the testing, Who reviewed the work and when.
Discussion of all significant matters with management must also be
documented.
+ (Type of Audit Documentation) includes 1. Planning
documentation, 2. Audit programs, 3. Summary of significant
matters, 4. Letters of confirmation/representation, 5.
Correspondence
+ (The permanent file will include) Names of management, those
charged with governance, shareholders, Systems information,
Business and industry background, Title deeds, contracts
i) Explain the procedures to ensure safe custody and retention
of working papers.
+ The auditor owns the working papers. The auditor retains
ownership of the working papers and the client does not have the
right to view or copy any of the work the auditor carries out. This
is important because; auditor controls them and not the client. This
helps keep the auditor independent. The auditor must be careful if
they include copies of client generated items.
+ Working papers must be kept secure. Why is security so
important? If lost, all would need to be recreated. It includes
sensitive and confidential information. Prevention of any
unauthorized alterations to them.
 + (What about IT based audit system?) Laptops are very susceptible
to theft, not just for the contents, but for the machine itself.
Unauthorized alternations are harder to spot. So, ensure laptops
should always be locked away securely or taken home by the audit
team. IT based systems should be subject to passwords, encryption
and back up procedures.
+ (Retention of working papers) Audit files should be updated and
finished no later than 60 days after the report. They should then
normally be kept for at least 5 years. So arrangements need to be
made for 1. Secure storage, 2. Archiving of the old files, 3. IT back-
up
C. Internal Control
relating to: Authorization, Performance review, Information
processing, Physical controls, Segregation of duties.
(5) Monitoring of controls
* This is the client’s process of assessing the effectiveness of
controls over time and taking necessary remedial action. Clearly if a
control is not implemented properly or is simply considered
ineffective then misstatements may pass undetected into the FS.
* Mentoring can be either ongoing or performed on a separate
evaluation basis (or a combination of both). Either way, it needs to
be effective for the system to work. Monitoring of internal controls
is often the key role of internal auditors.

1. Internal control systems

a) Explain why an auditor needs to obtain an understanding if 2. The use and evaluation of internal control systems by
internal control relevant to the audit auditors.
+ By understanding the controls in place, the auditor will be able a) Explain how auditors record internal control systems
to determine what audit procedures will be required. including the use of, narrative notes, flowcharts, internal control
Understanding it means you can trust that the system give questionnaires and internal control evaluation questionnaires.
reliable information. + The first step the auditor will take is to document the system.
+ (1) It records substance not form: Internal controls ensure that This may be done in several ways including: Organizational
when a business undertakes a transaction such as a sale, the final Charts(diagram showing reporting lines, roles and responsibilities),
recording of the transaction on the accounts system reflects the Notes made by the auditor(a written description of a system),
true substance of the transaction. (2) Heling prevent fraud & ICQ(a list of controls given to the client to say whether or not
errors : all this means is that internal controls help prevent fraud those controls are in place), ICEQ(the client is asked what controls
and errors which would make the accounting information they have in place for a given control objective), Flowcharts
incorrect. In this way internal controls will have a direct on Audit (diagrammatical representation of the system)
Risk.
Documentation Advantages Disadvantages
b) Describe and explain the five components of internal method
control Narrative notes . simple to record . May be time consuming
. facilitate understanding and cumbersome if the
(1) The control environment
by all audit staff system is complex.
* Elements of the control environment that are relevant when the . May be more difficult to
auditor obtains an understanding include the following. identify missing controls.
Communication and enforcement of integrity and ethical values. / Flow charts . easy to view the whole . May be difficult to
Commitment to competence. / Participation by those charged system in one diagram amend as the whole
with governance. / Management’s philosophy and operating . east to spot missing diagram may need to re-
style. / Organizational structure. / Assignment of authority and controls due to the use of drawn.
standard symbols . There is still a need for
responsibility. / HR policies and practices.
narrative notes to
* The control environment includes the governance and
accompany the flow chart
management function of an organization. It focuses largely on increasing the time
the attitude, awareness and actions of those responsible for involved to document the
designing, implementing and monitoring internal controls. system fully
ICQ . Quick to prepare . Controls may be
(2) The entity’s risk assessment process, . Can ensure all controls overstated as the client
* The risk assessment process forms the basis for how are present knows the answer the
auditor is liking for is ‘yes’
management determines the business risks to be managed. These
. Unusual controls are
processes will vary hugely depending upon the nature, size and unlikely to be included on
complexity of the organization. a standard questionnaire
* Threats to business objectives can lead to misstatement in the and may not be identified.
financial statements. Which require disclosure or provision in the . May contain a number of
financial statement. If the client has robust procedures for irrelevant controls.
assessing the business risks it faces, the risk of misstatement ICEQ . The client has to respond . Client may still overstate
with the control they have controls as they may say a
overall, will be lower.
in place rather than an control is in place for the
yes/no answer which control objectives even if it
(3) The information system, including the related business should mean controls are is not.
processes, relevant to financial reporting and communication less likely to be overstated . The checklist may contain
* The information system is all of the business processes relevant . Quick to prepare as a list control objectives not
to financial reporting and communication. It includes the of control objectives can relevant to the client.
procedures within both information technology and manual be complied and the client . Unusual risks and
is asked what controls they therefore objectives may
systems.
have in place to address not be identified.
* The information system includes all of the procedures and them
records which are designed to: Initiate, record, process and report
transactions. / Maintain accountability for assets, liabilities and
equity. / Resolve incorrect processing of transactions. / Process and b) Evaluate internal control components, including
account for system overrides. / Transfer information to the general, deficiencies and significant deficiencies in internal control.
nominal ledger. / Capture information relevant to financial + The auditor needs to assess if the system is implemented
reporting for other events and conditions. / Ensure information correctly and is effective. So now the system is documented it is
required to be disclosed is appropriately reported. time to see if: The controls are implemented?, The controls are
effective?
(4) Control activities relevant to the audit + To do this we use test of controls. Tests of controls will be
* The control activities include all policies and procedures designed performed to the effectiveness.
to ensure that management directives are carried out throughout + The tests concern; How controls were applied, The consistency of
the organization. E.g of specific control activities include those the application, Who applied them
 + Typical tests include: Walkthrough tests(follow a transaction .Purchases are only made for a valid business use.
through the system), Observation, Computer aided audit .Orders are placed taking consideration of delivery lead
techniques times to avoid disruption to the business.
Goods received .Only good ordered by the company are accepted.
.Goods received are recorded promptly.
c) Discuss the limitations of internal control components
Invoice received .Invoices received related to goods actually received.
+ The auditor can never eliminate the need for substantive .Invoices received relate to the company.
procedures entirely because there are inherent limitations to the .Invoices received are correct in terms of quantities,
reliance that can be placed on internal control due to: * Human prices, discounts.
error in the use of judgement. * Simple processing errors and Recording .All purchases and related payables are recorded.
mistakes. * Collusion of staff in circumventing controls. * Systems .Purchases are recorded accurately and related
designed for routine transactions, processing one-off or unusual payables are recorded at an appropriate value.
.Purchases and payables are recorded in the correct
transactions. * The abuse of power by those with ultimate
accounts.
controlling responsibility. Cash payments .Payments are only made for goods received.
+ As a result, the auditor must always perform substantive testing .Payments are only made once.
in material balances in the financial statements. .All payments are made on time.

3. Test of control (3) The payroll system

Stage Objective
a) Describe computer systems controls including general IT Clock cards (or .Employees are only paid for work actually done.
controls and application controls. timesheets)
+ IT affects the way in which control activities are implemented. It’s submitted
Payroll calculation .Only genuine employees are paid
important that auditors assess how controls over IT maintain the
.Employees are paid at the correct rates of pay.
integrity and security of information held
.Gross pay is calculated and recorded accurately.
+ (Application controls) are either manual or automated and .Net pay is calculated and recorded accurately.
typically operate at the business process level. Application controls Standing data .Standing data is kept up to date.
relates to data integrity and ensure that only valid data is being amendments .Access to standing data is restricted to prevent
processed and is being processed completely and accurately. fraud or error occurring.
* (ex) Batch total checks, Sequence checks, Matching master files to Recording .All payroll amounts are recorded.
transaction records, Arithmetic checks, Range checks, Existence .Payroll amounts are recorded accurately.
.Payroll costs are recorded in the period to which
checks, Authorization of transaction entries, Exception reporting
they relate
+ (General controls) are policies and procedures that relate to
Payments to .Correct amounts are paid to the employees and
many applications. They support the effective functioning of employees and tax taxation authorities.
application controls by helping to ensure the continued proper authorities .Payments are made on time.
operation of information systems. General controls tend to relate to .Payments are only made to valid employees.
access, control over program changes, infrastructure, environment
and business continuity/disaster recovery. (4) The inventory system
* (ex) Data Centre and network operations, system software + The objectives of controls in the inventory system are to ensure
acquisition, Program change and maintenance, Access security, that: Inventory levels meet the needs of production and customer
Business continuity/Disaster recovery demand. / Inventory levels are not excessive, preventing
obsolescence and unnecessary storage costs. / Inventory
b) Describe control objectives, control procedures, activities safeguarded from theft, loss or damage. / Inventory received and
and tests of control in relation to: dispatched is recorded on timely basis. / All inventories is
+ A test of control involves the auditor obtaining evidence that recorded. / Inventory should be recorded at the appropriate
the client has implemented the controls they say they have and value(lover of cost and NRV). / Only inventory owned by the
that they have worked effectively during the period. company is recorded.
+ A control objective looks at the risks within the system. Control Control Test of control
activities will then designed to address the objective. Inventory should be maintained at Use test data to place an order to
an appropriate level through the reduce inventory of an item to
use of automatic ordering systems below the re-order level and trace
(1) The sales system
when inventory reaches a certain through the system to see if an
level or by checking inventory order is automatically generated.
Stage Objective
levels before orders are placed. Observe the ordering clerk
Ordering .Goods are only supplied to customers who pay checking inventory levels before
promptly and in full placing an order.
.All orders are processed
Inventory should be kept in a Visit the warehouse and attempt
Dispatch .Orders are dispatched promptly and in full to the warehouse with access restricted to enter. Ensure that doors are
correct customer. to warehouse staff by the use of kept closed requiring the swipe
.All orders are dispatched swipe card or keypad access. card or code to gain access.
Invoicing .All goods dispatched are invoiced
.Invoices are raised accurately. CCTV should be in place to Inspect the warehouse area to see
Recording .Only valid sales are recorded monitor people around the the CCTV in place and visit the
.All sales and related receivables are recorded and in entrance to the warehouse to location of the camera feed to
the correct accounts. ensure ppl don’t follow other ppl ensure the cameras are monitored.
.Revenue is recorded in the period to which it relates. into the warehouse to avoid the
.Sales are recorded accurately and related receivables need for a code/swipe cards.
are recorded at an appropriate value. Inventory should be kept in Visit the warehouse and inspect
Cash received .Cash received is allocated against the correct customer appropriate conditions the conditions of storage. Inspect
and invoices to minimize disputes. evidence of monitoring the
.Overdue debts are followed up on a timely basis. conditions on a regular basis such
.Irrecoverable debts identified and written off as temperature logs.
appropriately. Fire/Smoke/heat detectors and Inspect the warehouse to see the
sprinkler systems are in place to detectors and sprinkler systems
(2) The purchases system reduce the risk of damage caused are in place.
Stage Objective by fire.
Ordering .All purchases are made with suppliers who have been Inspect certificates confirming they
checked for quality, reliability and pricing. have been checked and tested on
a regular basis.
 Inventory is insured in case of
theft or damage
Inventory movements should be
recorded in the system promptly
from the CRN’s and GDN’s and
stamped to confirm they have
been input to ensure the
inventory system is up to date.
Inventory counts should take place
so that physical inventory
quantities can be reconciled with
the accounting system on a
regular basis to ensure the records
are up to date
Inventory should be reviewed
during the count for damage or
obsolescence and valued
separately form the other
inventory by making an allowance
to write inventory down to NRV.
(5) The cash system
+ The objectives of controls in the cash cycle are to ensure that :
Petty cash levels are kept to a minimum, preventing theft. /
Payments can only be made for legitimate business expenditure. /
Cash can only be withdrawn for business purposes. / Cash is
safeguarded to prevent theft. / Receipts are banked on a timely
basis to prevent theft. / Cash movements are recorded on a timely
basis.
Control
An imprest system of petty cash
is used and can only be used for
items of expenditure less that $x.
All other reimbursements must be
made through an expense claim
and processed as a bank
payment.
Pretty cash reimbursements must
be supported by an invoice to
confirm the expenditure to
confirm the expenditure is
business related before being
authorized and paid
Cash withdrawals must be
authorized by a manager.
Cast withdrawals must be
authorized by a manager.
Cash and cheque books
/stationery stored in a locked
safe, with restricted access.
Controls over bank transfers and
online banking secure passwords
and PINs
Frequent banking of cash and
cheques received.
Inspect insurance policies to
ensure they cover inventory, that
adequate cover is in place by
comparing against inventory value
and the policy has not lapsed.
Inspect the GRN’s and GDN’s to
see they have been stamped as
entered into the system. Compare
the date on the stamp to the date
on the GRN/GDN to ensure it has
been entered promptly.
Obtain inventory counting
instructions and review to ensure
the count will be appropriately
organized and controlled.
Attend the inventory count to
ensure the count is carried out in
accordance with the instructions
and perform test counts to ensure
counts are carried out accurately.
During the count, review the
inventory to ensure damaged or
obsolete items are separately
identified.
Test of control
In the presence of the client, count
the petty cash to ascertain that the
level is at the limit set. Inspect the
petty cash vouchers to ensure
amounts reimbursed are below the
limit stated.
Inspect the petty cash
reimbursements for the supporting
invoice and the signature of the
person authorizing the
reimbursement.
Inspect the petty cash
reimbursements for the supporting
invoice and the signature of the
person authoring the
reimbursement.
Inspect the withdrawal request for
evidence of the manager’s
signature authorizing the money
can be taken out of the bank.
In the presence of the client,
inspect where the cash and cheque
books are stored to ensure they
are secure within a safe.
Enquire of management who has
access to the safe to ensure this is
restricted to people with suitable
seniority.
Enquire of management who has
access to the online banking
system.
Inspect transactions in the banking
system for the username of the
person initiating and authoring
transactions to ensure this is
corroborates what has been said.
Assess whether the person
authoring the transactions is of
suitable seniority.
Inspect the paying in books or
bank statements to identify how
frequently deposits are paid in to
ensure this is adqueate.
(6) Non-current assets
+ Expenditure on non-current assets should be controlled in a
similar way to other purchases. However, because of the significant
amounts involved, additional controls will be in place.
+ Control objectives: Assets are only purchased if there is a
business need. / Assets are purchased at an appropriate price. /
The company can afford the capital expenditure proposed. /
Capital expenditure is appropriately treated in the accounting
records. / Assets are covered by adequate insurance to prevent loss
to the company. / Documents relating to assets are safeguarded
from theft or damage.
Control Test of Control
Capex order should be requisitioned Inspect the requisition for the
by an appropriate person. signature of the person
requisitioning of the person
requesting the asses. Ensure this is a
person of suitable authority by
agreeing the name to a list of ppl
authorized to make such requisitions
Authorization for purchases at a Inspect the purchase order for
more senior level. signature of appropriate senior
person(s)
Several quotations obtained before Inspect the purchase requisition for
purchase in order to obtain the best the quotations to ensure they have
price. been obtained.
Annual capital expenditure budget Inspect the annual budget to ensure
for each department. it is prepared and read board
minutes for evidence that the
budget has been approved by the
board.
Regular review of revenue Inspect management accounts
expenditure to ensure items of a /revenue expenditure list for
capital nature has not been written evidence of review. Enquire of
off in error. management how discrepancies are
dealt with.
Annual reconciliation of the asset Inspect the reconciliation of the
register to the physical assets held. asset register and evidence of
approval by a senior person to
ensure the reconciliation has been
performed correctly.
Maintaining an asset register, which Inspect the asset register to ensure
would include cost, depreciation, details expected to be recorded
location, responsible employee, have been recorded to ensure good
insurance details, etc. control is maintained over assets.
Adequate insurance cover. Inspect insurance policies to ensure
they are in place. Review the policies
to ascertain the level of cover in
place and compare this with the
value of assets to ensure it is
sufficient.
Secure, fire-proof storage of Inspect the storage facilities for
insurance documentation, ownership important documentation to ensure
/purchase documentation it is appropriately secure and
adequate backups have been
maintained in case of a fire and
flood.
4. Communication on internal control.
a) Discuss the requirements and methods of how reporting
significant deficiencies in internal control are provided to
management and those charged with governance.
+ ISA 265 Communicating Deficiencies in Internal Control to Those
charged with Governance mad management requires the auditor ro
communicate deficiencies in internal control to management.
Significant deficiencies should be communicated in writing to those
charged with governance.
+ The management letter will express the fact that the weaknesses
found are not necessarily all weaknesses but just those found by
the auditor. The report will also express that it is for the sole use of
management and no disclosure will be made to third parties.
b) Explain, in a format suitable for inclusion in a report to
management significant deficiencies within an internal
control system and provide recommendations for
overcoming these deficiencies to management.
+ (Deficiency) Clear description of what is wrong.
+ (Consequence) What could happen if the deficiency is not
corrected. Focus on what matters to the client – the risk of lost
 profits, stolen assets, extra costs, errors in the accounts.
+ (Recommendation) This must deal with the specific deficiency
you have observed. It must also provide greater benefits than the
cost of implementation. / Try to specify exactly how the
recommended control would operate including suggesting who
should carry out the control procedures, and how frequently it
should be performed.
D. Audit Evidence
1. Financial statement assertions and audit evidence.
a) Explain the assertions contained in the financial statements
about:
(1) Classes of transactions and events and related
disclosures.
(2) Account balances and relates disclosures at the period
end
+ Assertions are used for transactions, balances and disclosures to
see if sufficient evidence on them has been collected.
+ the 3 types of figure in the FS
* Transactions and events: In general this refers to income
statement figures, but will include such as the purchase of a non-
current assets
* Account Balances at the Year End: These will be the items on the
statement of financial position.
* Presentation and Disclosure: This is how the financial statements
are presented and how items have been disclosed.
+ (Transactions and events – Assertions)
* Occurrence: transactions and events that have been recorded
have occurred and pertain to the entity.
* Completeness: all transactions and events that should have been
recorded have been recorded.
* Accuracy: amounts and other data relating to recorded
transactions and events have been recorded appropriately.
* Cut-off: transactions and events have been recorded in the
correct accounting period.
+ (Period End Balances – Assertions)
* Existence: assets, liabilities and equity interests exist.
* Rights and obligations: the entity holds or controls the rights to
assets, and liabilities are the obligations of the entity.
* Valuation and Allocation: assets, liabilities and equity interests are
included in the financial statements at appropriate amounts and
any resulting valuation or allocation adjustments are appropriately
recorded.
+ (Presentation and Disclosure – Assertions)
* Occurrence and rights and obligations: disclosed events,
transactions and other matters have occurred and pertain to the
entity.
* Completeness: all disclosures that should have been disclosed in
the financial statements have been included.
* Classification and understandability: financial information is
appropriately presented and described, and disclosures are clearly
expressed.
* Accuracy and Valuation: Financial and other information are
disclosed fairly and at appropriate amounts.
b) Describe audit procedures to obtain audit evidence,
including inspection, observation, external confirmation,
recalculation, re-performance, analytical procedures and
enquiry.
+ The assertions need testing to see if they’re true.
+ (Inspection) this means a physical examination. Things to inspect
include: documentation, contracts, records and minutes. It also
includes physical examination of the assets. This enables the
auditor to verify the existence of them.
+ (observation) This means watching others perform a procedure.
Examples include observation of payment of wages, inventory
counts, and opening mail. It gives assurance that official procedures
are followed.
+ (Inquiry) This means getting information from people inside or
outside the entity. It can be a formal written or an oral inquiry.
+ (Confirmation) This means corroborating evidence from third
parties with the internal evidence.
+ (Re-Performance) This can be recalculating figures or re-counting
stock.
+ (Analytical Procedures) This is the analysis of ratios and trends. It
includes investigating fluctuations between current and previous
performance and check whether other information is consistent
with such relationship.
c) Discuss the quality and quantity of audit evidence
+ Auditors need sufficient appropriate audit evidence.
+ (Sufficient) refers to the quantity of the audit evidence needed
+ (Appropriate) refers to quality, relevance and reliability of the
audit evidence.
+ So how much is sufficient? Well it depends on how risky the
amount being audited is 1. You need enough to have reasonable
assurance that the specific audit area is free from material
misstatement. 2. A high quantity of poor quality evidence does not
mean its sufficient (or appropriate). 3. The auditor must consider
both the relevance and the reliability of the evidence. 4. Be careful
thought of over auditing. Loss of high quality evidence on
immaterial areas is a waste of resources.
+ So 75% of all records testing is better than testing 25%. Generally
yes BUT be careful… think of the fact you may be over auditing and
therefore wasting resources, particularly if the area is low risk and
immaterial. Also be careful that the sample is representative of the
population
+ What is sufficient and appropriate? 1. It reflects appropriately the
level of risk in that specific area. 2. Evidence that is generated from
external sources is more reliable than evidence gathered from
internal records. 3. Written evidence is more reliable that oral
evidence. 4. Auditor-generated evidence is much more reliable than
evidence obtained indirectly. 5. Where the audit firm concludes that
tests of control can be relied upon, evidence from the client’s
records is a reliable source of evidence.
+ What is Not sufficient and appropriate?
* Invisible Evidence: Ticks on audit programs that say a procedure
has been done, but where there is no evidence of it. Audit
programs should contain a cross-reference to the tangible evidence
of file.
* Management Representations Only: The use of management
representations alone is not sufficient and appropriate audit
evidence. It could constitute a limitation on the scope of an audit
that might result in the wrong opinion being expressed.
Management representations are complementary evidence to other
audit evidence in a relevant audit area.
* Lead schedules: E.g The investment property lead schedule that
reconciles the opening fair value to the closing fair value. Lead
schedules should be cross-referenced to the audit evidence that
supports the relevant figures/disclosures.
* Redundant accounts: Accounts and trial balances which have been
superseded. Particularly where the audit firm is involved in the
accounts preparation, these are not sufficient or appropriate audit
evidence.
d) Discuss the relevance and reliability of audit evidence.
+ (Relevant) evidence will be evidence that relates directly to the
assertion being tested – if it doesn’t then why is it being used?
+ (Reliable) evidence is evidence which the auditor can have faith is
trustworthy.
+ (More Reliable) better when from independent, external sources /
better when generated internally but the related controls are
effective / better when obtained directly by the auditor / better
when in paper or electronic form rather than just spoken / better
with original documents than photocopies
+ (Less Reliable) Evidence generated internally to the entity /
internal evidence not subject to strong controls / indirect or
inferred evidence / oral / photocopies, faces…
2. Audit procedures
a) Discuss substantive procedures for obtaining audit evidence.
+ (A.E.I.O.U) Analytical Procedures, Enquiry, Inspection, Observation,
Re-calcUlation / Re-performance.
Procedure Meaning Control Test Substantive test
Analytical Exploring Comparing
Procedure relationships yearly gross
between data margins
 Enquiry Getting Replies from a + Remember that the auditor is concerned with the risk of material
confirmation debtors circular misstatement in the financial statements. Therefore the auditor will
form a 3rd party assess each of the areas mentioned before (Control environment,
Inspection Examining Signature as Getting title
control procedures) in order to identify the risky area. The auditor
records evidence deeds to a
property
will then undertake tests of control to establish whether the auditor
Observation Looking at a Watching staff can place reliance on them
process complete their + (Test of Control) These test the systems in place by determining
attendance whether the controls over it are sufficient or not. If the control in
sheet place is strong, then the auditor is able to place reliance on the
Re-calculation Checking Adding information generated by that particular system.
mathematical individual sales + (Substantive procedures) These, on the other hand, are
accuracy in the sdb to
procedures to gain direct assurance over a figure in the financial
check the totals
statements.
b) Discuss and provide examples of how analytical procedures
3. Audit sampling and other means of testing
are used as substantive procedures.
a) Define audit sampling and explain the need for sampling
+ Substantive procedures help detect material misstatement or
+ As the auditor can’t test everything, only samples are used for
fraud at the assertion level. There are two categories of substantive
substantive testing. The tests of controls which we have looked at
procedures – analytical procedures (Analytical procedures generally
will establish for the auditor how much reliance he can place that
provide less reliable evidence than the tests of detail) and tests of
the information generated by the system is free from error. The
detail. AP’s are used at different times in the audit whereas tests of
results of tests of control will therefore determine how much
detail are only applied in the substantive testing stage.
substantive testing is requites(tests performed on individual figures
+ (Analytical procedures are compulsory at two stages of the audit
in the financial statements). The amount of substantive testing
under ISA 520) 1. The planning stage & 2. The review stage.
undertaken can therefore be varied by using different sample sizes.
Analytical procedures use calculations such as financial ratios to
This is one of the reasons the auditor cannot give absolute
generate an expectation of what a figure is likely to be and then
assurance over figures in the financial statements – the auditor has
comparing this to the actual figure in the accounts. They can be
been carried out on a sample basis.
used to highlight unusual figures in order to focus the audit on
+ (ISA 530 states) 1. All sampling units should have a chance of
them or to establish that a trend has continued.
selection. 2. Testing the sample gives evidence which helps form a
+ (The financial ratios used by the auditor will fall into 3 general
conclusion for the whole population. 3. Either a statistical or a non-
categories) * Profitability/Return : 1. Gross Margin, 2. Net Margin, 3.
statistical approach can be used. This is telling the auditor that
ROCE. * Liquidity/Efficiency: 1. Receivables/Payables/Inventory Days,
they can use a sample to draw conclusions about some aspect of
2. Current Ratio, 3. Quick Ratio. * Gearing: 1. Financial gearing, 2.
the transactions rather than looking at every transaction. Material
Operational Gearing.
items in the population must be tested. This means that 100% of
+ (Whether or not the auditor relies on analytical procedures as
transactions may be tested if they are all material.
substantive procedures depends on four factors) * Suitability: AP
will not be suitable for every assertion. * Reliability: The auditor
b) Identify and discuss the difference between statistical and
may only reply on data generated from a system with strong
non-statistical sampling.
controls. * Degree of Precision: Some figures will not have a
+ Statistical sampling uses random selection to select samples and
recognizable trend over time or be comparable. * Acceptable
then assesses the results using probability theory.
Variation: Variations having an immaterial impact on the financial
+ (Statistical sampling) A Random selection using generation of a
statements will not hold as much interest to the auditor as those
random number and an interval size to select the items.
that do.
Extrapolate the error rates(if half of the sample’s wrong then half of
the population is too). Sample has to be sufficiently large to be
representative of the population. Auditor can increase the sample
size if errors are discovered.
c) Discuss the problems associated with the audit and review of
+ (Non-statistical sampling) any method which does not fit into
accounting estimates.
the above is non-statistical sampling. Sometimes known as
+ The auditor must be sure that the judgements and estimates
judgmental sampling.
made by management are sound. Management will have to use an
element of judgment in preparing the financial statements in areas
c) Discuss and provide relevant examples of, the application of
such as depreciation rates, deferred tax and provisions. The
the basic principles of statistical sampling and other selective
problem with auditing estimates is a lack of physical evidence and
testing procedures.
subjectivity.
+ Methods of sampling in accordance with ISA 530
+ (The auditor will carry out several procedures on an area of
. (Random selection) Ensures each item in a population has an
accounting estimate) 1. Look at the process employed to calculate
equal chance of selection
the estimate and decide whether it is appropriate. 2. Use the work
. (Systematic selection) A number of sampling units in the
of an expert to ascertain whether an estimate is accurate. 3. Check
population is divided by the sample size to give a sampling
that any items accrued for do occur after the balance sheet date. 4.
interval.
Discuss any points of concern with management to see why they
. (Haphazard selection) The auditor selects the sample without
included the item at the amount they did.
following a structured technique – the auditor would avoid any
conscious bias or predictability.
d) Describe why smaller entities may have different control
. (Sequence or block selection) Involves selecting a block(s) of
environments and describe the types of evidence likely to be
continuous items from within a population
available in smaller entities.
. (Monetary Unit Sampling selection) This selection method
+ Smaller entities have fewer internal controls.
ensures that each individual $1 in the population has equal chance
+ (Problems will include) Segregation of duties often lacking due
of being selected.
to enough staff. Owners often dominate all major aspects of the
. (Judgmental selection) Selecting items based on the skill and
business. When expanding – management focus on this and not
judgement of the auditor.
on controls. Record keeping and documentation of systems and
+ If the auditor would have reached a different conclusion if he
controls may be informal or inadequate.
had tested the entire population, rather than a sample, this is
sampling risk.
e) Discuss the difference between tests of control and
+ Non Sampling Risk is the risk the auditor comes to an incorrect
substantive procedures.
conclusion for reasons other than the size of the sample used.

d) Discuss the results of statistical sampling, including
consideration of whether additional testing is required.
+ Tolerable misstatement looks at individually immaterial
misstatements added together. The smaller the tolerable
misstatement or rate of deviation, the greater the required sample
size.
+ Expected misstatement or rate of deviation. The higher the
expected misstatement or rate of deviation, the greater the
required sample size.
+ (Performing audit procedures on the sample) If the auditor
cannot use the procedure – then this is a misstatement/deviation.
Investigate the nature and cause of any misstatement/deviations.
Evaluate their effect.
4. The audit of specific items. /////// OPENTUITION NOTES!!!
a) For each of the account balances stated in this sub-capability:
Explain the audit objectives and the audit procedures to
obtain sufficient, appropriate evidence in relation to:
1. Receivables
(a) Direct confirmation of accounts receivables.
+ Trade Receivables – Confirmation test. Here the main risks of
misstatement are… Bad debts (valuation assertion), Doubtful
debts (rights & Existence assertions), Cut-off problems.
+ Direct Confirmation. This is often referred to as the “Debtors
circularization”. This means asking customers for written
confirmation of their account balance.
+ Problems with the Debtors Circular. 1. Not all customers reply.
2. Customers may reply without checking properly.
+ The Assertions and Receivables. * Existence (ensure they really
do exist and so not overstated), * Rights and obligations (ensure
client has the legal right to the amounts receivable), * Valuation
(ensure the receivables are stated at their appropriate amount), *
Cut-off (ensure transactions have been recorded in the correct
accounting period)
+ Key things to be aware of.. 1. The auditor decides which
customer gets asked (not the client), 2. Auditor states that the
reply comes to her directly. 3. Auditor sends out the request
personally.
+ The results of the Circular. Things to watch out for 1. Any
doubts over the reliability – perform alternative tests. 2. If the
response is not reliable for sure – then consider the effect on risk
assessment and perform more alternative procedures. 3. If no
response – perform alternative procedures. 4. Client confirms
different amount – decide if this is just a timing difference or a
problem with controls or fraud. 5. Finally consider the results as a
whole to see if relevant and reliable.
+ The process of the circular. 1. Planning, 2. Deciding Positive or
Negative Confirmation, 3. Selecting a sample, 4. What to do
when you get the replies, 5. Summarizing & Concluding.
* planning – when to do it(timing), who to include (the sample)
* Positive confirmation – (1) a positive confirmation request asks
the customer to reply to the auditor whether or not he agrees
with the balance. (2) Method 1 Give him the figure and ask to
confirm. (3) Method 2 Ask him to provide his balance himself. (4)
Risk with Method 1 – customer confirms without checking. Risk
with Method 2 – Lower response rate from customers.
* Negative confirmation – this asks the customer to reply only
where he disagrees with the balance. (1) if no reply is received –
this means he agrees, however it might also mean he never
received or checked. (2) The evidence from negative confirmation
circulars is therefore less reliable.
* Sample selection. (Procedures for selecting the sample is as
follows: ) 1. Get the aged receivable listing. 2. Check the listing is
accurate by checking a sample of debtor’s individual balances to
it and check total balance to control account in main ledger. 3.
Ensure the sample is representative of the population / (Certain
balances may always be included) 1. Overdue balances, 2.
Negative balances, 3. Accounts on which round sum payments
are received, 4. Nil balances, 5. All “material” balances.
* Procedures when getting replies. 1. Check the following: signed
by a responsible official, replies are filed in the receivables
section of the current audit file. 2. If the balance agrees? : No
further work required. 3. If the balance doesn’t agree? : Ask the
client to reconcile their balance to the customers then check this
reconciliation. 4. No reply received? These cannot be ignored.
They are part of a sample chosen, so a conclusion needs to be
reached, so alternative procedures must be carried out : Check
cash received from customer after, check for signed purchase
order, check for signed delivery conformation, check a sales
invoice exists.
* Preparing the summary & Concluding : The summary shows
which balances have not been verified. They may indicate the
existence of bad debts. Then conclude on the likely level of
misstatement in the total population based on the sample
results, and whether this is material.
(b) Other evidence in relation to receivables and
prepayments and
+ (Bad debts) Ensure that all bad and doubtful debts are reliable:
These are the substantive procedures to be used: 1. Review the
company’s procedures for identifying them. 2. Review aged
listings of receivables balances (Listen to audio). 3. Review
correspondence about unpaid debts (with customer / lawyer). 4.
Review the calculation of doubtful debts. 5. Examine credit notes
issued after the year-end, this may show some balanced were
overstated at the year-end. 6. Review the replies from customers
for the confirmation of balances exercise.
+ (Cut-off) this ensures that revenue are properly recorded in the
correct accounting period. Sales around the year-end need to be
shown in the correct year. Procedures for cut off are as follows:
analytical procedures looking at inventory amounts, gross
margins are in line with expectations. Ensure sales invoices and
credit notes around the year end are shown in the correct year.
Ask for explanations about unusual control account entries
around the year end.
+ (Presentation & Disclosure) The following procedures help with
this assertion: 1. Receivables ledger balances agrees to the
financial statements. 2. Receivables are correctly disclosed and
classified.
+ (Receivables – Prepayments) Prepayments are often estimates
and so difficult to audit. Also prepayments are often not material.
Here’s some substantive tests for prepayments though: 1. Get the
list of prepayments and how they are calculated. 2. Check the
calculations. 3. Use analytical procedures. 4. Review for any
obvious omissions or errors.
(c) Completeness and occurrence of revenue.
2. Inventory
(a) Inventory counting procedures in relation to year-end
and continuous inventory systems
(b) Cut-off testing
(c) Auditor’s attendance at inventory counting
(d) Direct confirmation of inventory held by third parties,
(e) Valuation
(f) Other evidence in relation to inventory.
3. Payables and accruals
(a) Supplier statement reconciliations and direct
confirmation of accounts payable,
(b) Obtain evidence in relation to payables and accruals
(c) Purchases and other expenses
4. Bank and cash
(a) Bank conformation reports used in obtaining evidence
in relation to bank and cash
(b) Other evidence in relation to bank
(c) Other evidence in relation to cash
5. Tangible and intangible non-current assets
(a) Evidence in relation to non-current assets
(b) Depreciation
(c) Profit/loss on disposal
6. Non-current liabilities, provisions and contingencies
(a) Evidence in relation to non-current liabilities
 (b) Provisions and contingencies everything. 2. Often it’s effective and efficient to do so. 3. They need
to where they lack the skills.
7. Share capital, reserves and director’ emolument + How much to rely on experts? Auditor needs to make judgements
on: (Their independence, objectives and competence) competence –
8. Evidence in relation to share capital, reserves and director’ Is a member of a recognized professional body? How long has the
emoluments. expert been a member of the recognized body? How much
experience does the expert have? / Objectivity – Does the expert
5. Computer-assisted audit techniques. have any financial interest in the company? Does the expert have any
a) Explain the use of computer-assisted audit techniques in the personal relationship with any director in the company? Is the fee
context of an audit. paid for the service reasonable and a fair, market based price? / (This
b) Discuss and provide relevant examples of the use of test is based on their qualifications and their experience) / (If an expert in
data and audit software the inventory of the entity being audited is consulted on valuation of
+ CAATs use a computer to assist the auditor in testing during the inventory, but works for a subsidiary of the entity then the auditor
audit procedures. 2 categories are Audit Software and Test Data. may consider them to be not sufficiently independent.
+ (Audit Software) The auditor may use audit software to run the + (Before any work is performed by the expert the auditor should
client data to check for errors. It can be an off-the-shelf software or agree in writing) 1. Nature, scope and objectives. 2. Roles and
bespoke for the client. They can scrutinize large volumes of data, responsibilities. 3. Nature of communication. 4. Confidentiality of
whose results can be investigated further. The software does not expert.
replace the need for the auditors’ own procedures. It can do the * + (After the work – Auditor ensures it is appropriate) This means
Select a sample using different sampling techniques, * Check considering: Consistency with other evidence, Any significant
calculations automate the confirmation letter process, * Produce assumptions made, The accuracy of source data.
reports, * Follow transactions.
+ (Test data) this is really putting a dummy transaction through the b) Discuss the extent to which external auditors are able to rely
system to ensure that controls are working and that calculations are on the work of experts, including the work of internal audit.
performed correctly. Live tests could interfere with the operation of + The external auditor must determine whether it is likely to be
the system or corrupt master files/standing data. Dead testing avoids adequate for the purposes of the audit: So we look at: *Whether the
this issue but only gives assurance that the system works when not internal audit staff are sufficiently independent to retain objectivity.
operating live. This may not reflective of the strains the system is put *The qualifications and technical competence of the internal audit
under in normal conditions. staff. *The professionalism of the staff and the standing of internal
+ (Auditing around the computer) Meaning the auditor does not audit within the organization. * Are internal audit constrained in any
audit how the computer works, but rather checks that the inputs way by management?
generate the expected outputs from the system. The increases audit + (If these considerations are fulfilled the auditor may assess the
risk as the auditor cannot tell with certainty whether the internal reliability of the work carried out by internal audit by ensuring)
processes of the system are working correctly. It is very difficult to *Internal audit working papers are well documented and have been
determine why errors occurred. Also fixing them may need an reviewed. *Evidence gained by internal audit is sufficient and
external expert. appropriate. *Any conclusions drawn are reasonable and valid.
+ Ad & Disa of CAATs *Management have acted on recommendations made by internal
. Advantages: 1. independently access computer data. 2. Test the audit. If all of the above is satisfied the auditor may choose to place
reliability of client software. 3. Increase the accuracy of audit tests. 4. reliance on some of the work of internal audit. Remember that
Perform audit tests more efficiently. although they may use some of the work of internal audit as
. Disadvantages: 1. CAATs can be expensive and time consuming to evidence, the responsibility for the final opinion will always lie with
set up. 2. Client permission and cooperation may be difficult to the external auditor.
obtain. 3. Potential incompatibility with the client’s computer system.
4. The audit team may not have sufficient IT skills. 5. Data may be c) Explain the audit considerations relating to entities using
corrupted or lost during the application of CAATs service organizations
Audit Software Test data + Clients won’t always perform all of their operations ‘in house’.
Advantages .Calculations and casting of .Enables the auditor to test Operations such as payroll or cleaning services may be outsourced to
reports will be quicker. programmed controls which other providers.
.More transactions can be wouldn’t otherwise be able
+ (Is this a good thing for the audit?) It may provide additional
tested with manual testing. to be tested.
.The computer files are .Once designed, costs
independence to the information generated. It makes it more reliable
tested rather than printouts. incurred will be minimal due to the specialist nature of the outsourcing. May therefore cut
.Once set up, can be a cost unless the programmed down on work required to audit it.
effective means of testing. controls are changed + (Why is it maybe a bad thing also?) The outsourcing firms’
requiring the test data to be reliability. More difficult to get evidence from them.
redesigned.
Disadvantage .Bespoke software can be .Risk of corrupting the
d) Explain the extent to which reference to the work of others
s expensive to set up client’s systems.
can be made in audit reports.
.Training of audit staff will be .Requires time to be spent
required incurring additional on the client’s system if used + No reference in the Audit Report. The auditor should make no
cost in a live environment which reference to the use of the work of others in the audit report. It is
.The audit software may slow may not be convenient for the auditor’s opinion in the report and the work of others is simply
down or corrupt the client’s the client. one type of evidence that may be used, if sufficient and reliable, to
systems. come to that opinion.
.If errors are made in the
design of the software,
issues may go undetected by
the auditor. 7. Not-for-profit organizations.
a) Apply audit techniques to not-for-profit organizations.
6. The work of others + NFPs have no external shareholders, dividends or profit
a) Discuss why auditors rely on the work of others. maximization objective either.
+ ISA 620 deals with the use of the work of an expert by the auditor. + (This has potential audit problems) 1. Lack of segregation of duties.
The auditor may not have the expertise to make judgements on all 2. Unqualified volunteers. 3. Less formalized systems. 4. Donations
aspects of a clients’ business and may seek help in the form of an without audit trail. 5. Difficulty in assessing going concern.
expert. Examples of this are specialist inventory, property valuation + (Audit Implications) * Value for money audits, * Concentrate on
and complex work in progess. substantive procedures, * analytical reviews and management
+ Why rely on experts? 1. Auditors do not have to be experts in representations where little audit trail, * Test larger % of population
 due to smaller volumes.
+ (Reporting) If required by law = Norma audit report, If voluntary =
Reflect objective of audit, In either case -> 1. Addressee, 2. Scope, 3.
Responsibilities of auditors & managers, 4. Work down, 5. Opinion, 6.
Date, name and address of auditor.
E. Review and Reporting
1. Subsequent events
a) Explain the purpose of a subsequent events review.
+ Def. Subsequent events are event occurring between the date of
the FS and the date of the auditor’s report, and facts that become
known to the auditor after the date of the auditor’s report.
b) Explain the responsibilities of auditors regarding subsequent
events.
c) Discuss the procedures to be undertaken in performing a
subsequent events review.
+ The auditor requires under ISA 560 to perform a subsequent
events review. They types of procedure this entails are: *Review of
post year end management accounts, budgets and cash flow
forecasts. *Review of post year end board minutes. *Review of
management procedures for assessing subsequent events and
enquiry as whether any have been found. *Obtaining a management
representation letter confirming this. *Check post year-end cash
received to ensure receivables are received and NRV of inventory.
+ Subsequent events discovered can be adjusting or non-adjusting.
Adjusting events which require the FS to be adjusted to provide a
present fairly. Non-adjusting events which do not require the FS to
be adjusted to provide a present fairly.
+ (Adjusting Events) 1. These provide additional evidence relating to
conditions existing at the balance sheet date. 2. An example is:
Inventory sold after the year end below cost – this provides evidence
that the valuation of inventory at the Y/E was incorrect. 3. The
financial statements should be adjusted.
+ (Non-adjusting events) 1. These are events which are not adjusting.
2. An example of a non-adjusting event is : A fire which destroys
inventory after the balance sheet date – This does not provide
evidence of conditions existing at the Y/E, but will still need
disclosing if material. 3. These events should be disclosed in the FS.
2. Going Concern
a) Define and discuss the significance of the concept of going
concern
+ FS are prepared on a going concern basis unless inappropriate to
do so. Going concern is defined under ISA1 as the assumption that
the company will continue in operational existence for the
foreseeable future.
+ (1. Foreseeable Future) is generally accepted to be at least one
year into the further and further if specific business reasons make it
appropriate. (2. Use if judgement) GC involves the use of judgement
on the basis of the information available at the time. (3. Break up
basis) this is when GC basis is not appropriate. This values assets at
their sale value and inventory at NRV.
b) Explain the importance of and the need for going concern
reviews.
+ The auditor must be satisfied that the going concern assumption is
reasonable because it will affect their opinion as to whether the
financial statements present a ‘true and fair view’.
+ If the auditor gave the opinion that the financial statements
represented a true and fair view without considering the going
concern assumption and the business went bust shortly after, the
auditor may be held to account.
c) Explain the respective responsibilities of auditors and
management regarding going concern.
+ (Director) * It is the directors’ responsibility to assess the
company’s ability to continue as a going concern when they are
preparing the FS. * In order to do this the directors should prepare
forecasts to help assess whether they are likely to be able to
continue trading for the next 12 months as a minimum. * If they are
aware of any material uncertainties which may affect this assessment,
then IAS 1 requires them to disclose such uncertainties in the FS. *
When the directors are performing their assessment they should take
into account a number of relevant factors such as: Current and
expected profitability, debt repayment, sources (and potential
sources) of financing.
+ (Auditor) * ISA 570 Going Concern states that the auditor needs to
ensure the FS are prepared on the appropriate basis. * If the going
concern basis has been used they should obtain sufficient
appropriate evidence that this is appropriate. * Where there are
material uncertainties, the auditor must ensure that the directors
have made sufficient disclosure of such matters in the notes to the
FS. * The auditor must consider the implications for their audit
report.
d) Identify and explain potential indicators that an entity is not a
going concern.
. Technology changes in the industry
. Suppliers unwilling to provide credit terms
. Banks withdrawing loan facilities
. Management plans for risky dicersification
. Cash-flow problems post year end or large cash outflows
. Deterioration in key ratios
. Loss of key staff
. Legal action against the company
. Late payment of staff salaries
. Sales of major assets without prior warning
. Loss of key customer or supplier
e) Discuss the procedures to be applied in performing going
concern reviews.
+ The auditor will undertake a number of procedures in the going
concern
. Look at the economic conditions of the industry at that time
. Contact provides of finance to check they’re happy to continue
. Assess management intentions for the future
. Review post Y/E cash flow statements, management accounts and
budgets
. Review management assumptions – are they reasonable
. Conduct analytical review of the FS to check for worsening
performance
. Review correspondence with solicitors to ensure no likely actions or
cases
. Review correspondence with banks to provide evidence of
continued good relations
+ (시험 예시, Profit 보다는 cash flow 가 많이 나옴)
. Agree the O/B of the cash forecast is in agreement with the closing
balance of the cash book, to ensure the opening balance of the
forecast is accurate
. Consider how reasonable company forecasts have been in the past
by comparing past forecasts with actual outcomes. If forecasts have
been reasonable in the past, this would make it more likely that the
current forecast is reliable.
. Determine the assumptions that have been made in the preparation
of the cash flow forecast. For example, if the company is operating in
a poor economic climate, auditor would not expect cash flows from
sales and realization of receivables to increase, but either to decrease
or remain stable. If costs are rising you would expect payments to
increases in the cash forecasts.
. Agree the timing of receipts from realization for receivables and
payments to suppliers with credit periods and previous trade
receivables and payables payment periods.
. Examine the company’s detailed budgets for the forecast period
and discuss any specific plans with the directors.
. Examine the assessment of the non-current assets required to meet
production needs. Agree cash out flows for non-current assets to
supplier quotations.
. For acquisitions of building, agree the timing and amount of cash
out flows to completion date and consideration in sale and purchase
agreement.
. Consider the adequacy of the increased working capital and the
working capital cash flows included in the forecast
. If relevant, inspect post year management accounts to compare the
actual performance against the forecast figures.
. Recalculate and cast the cash flow forecast balances to verify
arithmetical accuracy.
f) Discuss the disclosure requirements in relation to going
concern issues.
+ Where there is any significant doubt over the future of a company,
the directors should include disclosures in the FS explaining: the
nature of and circumstances surrounding the doubts and the
possible effect on the company.
+ Where the directors have been unable to assess going concern in
the usual way, this fact should be disclosed.
+ Where the financial statements are prepared on a basis other than
the going concern basis, the basis used should be disclosed.
g) Discuss the reporting implications of the findings of going
concern reviews.
+ Based on the audit evidence obtained, the auditor should
determine if, in their judgement: (a) a material uncertainty exists that
may cast significant doubt on the entity’s ability to continue as a
going concern, (b) the basis of preparing the FS is or is not
appropriate in the circumstances.
E2f, E2g 종합. (Going Concern Disclosures and reporting) If the going
concern basis is appropriate for the FS then auditors do not need to
mention it in their report. If the auditor decides that the going
concern basis is inappropriate then they will qualify the auditor
report unless management agrees to alter the FS as they do not give
a true and fair view. If the auditor decides that the going concern
disclosures are insufficient then they will qualify the audit report
unless management agrees to alter the disclosures as they don’t give
a true and fair view. If the FS are prepared on any other basis other
than going concern, even if that basis is appropriate, the auditor will
refer to it in their report in an ‘emphasis of matter’ paragraph.
3. Written representations
a) Explain the purpose of and procedures for obtaining written
representations.
+ A written representation is: a written statement by management
provided to the auditor to confirm certain matters or to support
audit evidence.
+ (purpose) to obtain evidence that management, and TCWG, have
fulfilled their responsibility for the preparation of the FS, and to
support other audit evidence relevant to the FS if determined
necessary by the auditor or required by ISA’s
+ The auditor may ask management to confirm in writing matters
which have arisen during the audit. The ISAs require the auditor to
obtain management representations on certain specific issues.
+ (The form of the representations will be one of) 1. Signed letter on
client headed paper. 2. Letter from auditors signed and returned. 3.
Minutes of meeting where issues agreed signed by both parties
+ (What goes into the letter) 1. No material management or
employee irregularities. 2. All books & documents have been made
available to the auditors. 3. Related parties’ disclosures are complete.
4. FS are free from material misstatements including omissions. 5. No
non-compliance with regulations. 6. No plans to abandon any
product lines causing obsolete inventory. 7. No further post
reporting period events needing disclosure.
+ The whole idea of getting a management letter is to ensure
evidence is sufficient. In some ways – the idea is that if management
are going to lie to us – then better they lie to us in writing. This
saves a little auditor negligence cases. But always remember
management representations only are never sufficient – always back
up with other evidence.
+ (How to obtain the letter) 1. Auditor lists the areas we need
representations on -> 2. Auditor prepares the representation & sends
it to management. -> 3. Management review & sign -> 4. Auditor
files it in the working papers.
b) Discuss the quality and reliability of written representations as
audit evidence.
+ Management representations are not independent evidence and
therefore will not be 100% reliable. The auditor must make a
judgement as to whether the management are competent and of
sufficient integrity so as to place reliance on their representations.
The auditor may also consider whether conditions are such that
management may feel under pressure and thus more susceptible to
concealing the truth.
+ (Reliability of the representation, Potential Problems) 1.
Management Integrity Issues: One extreme is to resign but at least
modify the audit opinion to explain the reliability issues of their
representation. 2. Representations inconsistent with other evidence:
Modify the report and explain the inconsistency. 3. Representations
not reliable: Possibly a disclaimer of opinion here. 4. Representation
not provided: Discuss with management and reassess integrity of
other evidence and consider modifying report.
c) Discuss the circumstances where written representations are
necessary and the matters on which representations are
commonly obtained.
+ Written representations should be obtained for: 1) management
fulfilment of responsibilities (used an applicable FR framework, given
the auditor all relevant info and transaction recorded). 2) Supporting
other evidence if deemed needed by the auditor.
+ So when would a written representation commonly be needed
support other evidence? This is basically when other forms of
evidence just aren’t available: * plans and intentions which may affect
the FS. * Values with high judgement, * Any directors judgements, *
Compliance with laws and regulations
4. Audit finalization and the final review
a) Discuss the importance of the overall review in ensuring that
sufficient, appropriate evidence has been obtained
+ Final Review ensures the audit was effective and to a quality
standard. ISA 220 sets out that the quality review should consider
the planning, supervision and review of the audit in determining
whether quality standards have been met. During the audit it is likely
that the auditor will come across errors in the FS. The auditor should
keep a list of these throughout the audit and report them to
management.
+ (The 1 Reviews) 1. Engagement Partner Review: Main focus here is
Quality Control. It is a review of the audit work – not the evidence –
so just ensuring proper standards and procedures followed. Proper
Direction & Supervision was given. / Reviews were carried out
throughout / Consultation where needed occurred with internal and
external people / Quality control review. (2. Quality control Review)
carried out by a senior Not involved in the audit. Ensure opinion is
based on evidence obtained / Ensure independence of them / Ensure
documentation reflects the work performed. (3. Documentation
Review) Evidence that independence issues have been considered.
Quality Control Review. (4. Audit Evidence Review) Ensure there is
sufficient and appropriate evidence. Has the audit strategy and plan
been followed? / Has the work been carried out to standards? / Has
consultation taken place where needed? / Has a memo been
produced with points to be considered on next year’s audit? / Is
there evidence of review at all levels?
b) Describe procedures an auditor should perform in concluding
their overall review of financial statements.
+ Overall review of FS. Procedures an auditor should perform
include: 1. Reviewing compliance with IFRS and local legislation
disclosure. 2. Reviewing accounting policy disclosure – checking they
agree with the accounting treatment adopted and are sufficiently
disclosed. 3. Reviewing consistency of FS with the auditor’s
knowledge of the business and the results of their audit work. 4.
Perform analytical procedures. 5. Reviewing the aggregate of
uncorrected misstatements to assess whether in aggregate a material
misstatement arises. 6. Assess whether the audit evidence gathered
by the team is sufficient and appropriate to support the audit
opinion.
c) Explain the significance of uncorrected misstatements.
d) Evaluate the effect of dealing with uncorrected misstatements.
+ C&D 합쳐서
+ Material misstatements normally lead to qualifying the audit
report. Misstatements aren’t just monetary figures, they could also be
incorrect classification or disclosures
+ (Evaluating Misstatements) 1. Get a list of misstatements found. 2.
Discuss these with management at the end of the audit. 3.
Management will normally correct these. 4. Any remaining material
misstatements will cause the auditor to qualify the report.
+ (Aggregation of Immaterial Errors) Immaterial errors could
aggregate to become material. / These will be brought to the
attention of management. / If management amend material errors,
then the auditor will issue an unqualified audit report / If
management refuse to adjust the errors then the auditor must
persuade them to do so or issue a qualified audit report.
+ All misstatements found must be communicated to those charged
with governance. This is to ensure that no management bias exists in
the decision taken on what constitutes an ‘immaterial misstatement’.
Management must also provide written representations that all
uncorrected errors are immaterial
5. Audit reports
a) Identify and describe the basic elements contained in the
independent auditor’s report
b) Explain unmodified audit opinions in the auditor’s report.
+ a & b 통합
+ Structure of an unmodified Audit Report. ISA 700 sets out the
elements of an audit report:
1. Title
Identifies the report as an ‘independent Auditors Report’
2. Addressee
The shareholders
3. Statement of responsibilities of Management
Management have prepared financial statements in accordance
with GAAP and representing a true and fair view
Application of accounting policies and estimates as well as
responsibilities for systems and controls.
4. Statement of responsibilities of Auditor
The audit was planned and assessed the risk of material
misstatement considering internal controls and obtaining sufficient
appropriate evidence.
That the auditor will express an opinion.
5. Scope Paragraph
Standards under which the audit was conducted, the processes and
the test basis as well as the appropriateness of policies and
disclosures
6. Opinion
Do the statements present a true and fair view? Are they prepared
according to applicable GAAP and legislation?
7. Auditors signature
Auditor or firm is registered and authorized to conduct the audit.
8. Date of the report
Signed after approved by directors – on the same day
9. Auditors address
+ Liability disclaimer paragraph. It is not a requirement of auditing
standards but it has become increasingly common for audit firms to
include a disclaimer paragraph within the audit report. It states the
fact that the auditor’s report is intended solely for the use of the
company’s member, and that no responsibility is accepted or
assumed to third parties.
+ (Advantages) Potential to limit liability exposure, Clarifies extent of
auditor’s responsibility, Reduces expectation gap, Manages audit
firm’s risk exposure.
+ (Disadvantages) Each legal case assessed individually – no
evidence that a disclaimer would offer protection in all cases. May
lead to reduction in audit quality.
c) Explain modified audit opinions in the audit report.
+ (Modified Audit Reports) If the auditor disagree with some aspect
of the financial statements or is unable to state that they provide a
true and fair view, then a modified audit report will be issued.
+ (There are two types of modified audit report: 1. An unqualified
audit report with an ‘emphasis of matter paragraph’. 2. A qualified
audit report.
+ (Emphasis of matter) If the auditor wishes to draw attention to a
particular matter, but agrees with the financial statements an
‘emphasis of matter’ paragraph will be included in the audit report.
The matter referred to will be fully disclosed in the accounts and the
auditor is simply drawing the users’ attention to it. The paragraph
will make it clear that the opinion is not qualified and will be given a
separate heading after the opinion paragraph.
+ (Qualified Reports) there are two reasons that an auditor may
qualify an audit report: Disagreement and Insufficient Evidence
+ (Disagreement) A qualified report for the reason of disagreement
will be issued if the auditor disagrees with the application of
accounting policies, the policies used, treatment of a particular item
or the adequacy of disclosures.
* The disagreement can be either : material or material & pervasive
* A material disagreement – Except for paragraph : This will mean
that the auditor agrees with the rest of the financial statements, but
disagrees with that particular element of them. In this situation the
auditor will qualify the audit with an ‘except for’ paragraph.
* Material & Pervasive – Adverse Opinion: A disagreement which is
material and pervasive is of such significance that the financial
statements do not give a true and fair view. Adverse opinion – In
such a situation an adverse opinion is issued. i.e. the financial
statement do not give a true and fair view.
+ (Insufficient Evidence) If the auditor is unable to form an opinion,
then the report will be qualified for Insufficient Evidence. Insufficient
Evidence will be due to being unable to obtain sufficient evidence
which should have been available
* Material – Except for: A material insufficient evidence will mean that
the auditor agrees with the rest of the financial statements but is
unable to agree with that particular element of them.
* Material & Pervasive – Disclaimer of opinion: Insufficient evidence
which is material and pervasive is of such significance that auditor is
unable to state whether the financial statements give a true and fair
view. ‘Disclaimer of Opinion’ In such a situation a disclaimer of
opinion is issued. i.e. the auditor do not express an opinion on the
financial statements.
d) Describe the format and content of emphasis of matter and
other matter paragraphs.
+ There are 2 types of modified but not qualified reports…
+ (Emphasis of matter) : This refers specifically to matter in the FS.
+ (Other Matters) This refers to anything else the auditor may wish
to the users attention.

Substantive Procedures
Revenue
+ Compare the overall level of revenue against prior years and
budgets and investigate any significant fluctuations.
+ Obtain a schedule of sales for the year broken down into the main
product categories and compare this to the prior year breakdown and
for any unusual movements discuss with management.
+ Calculate the gross profit margin and compare this to the prior year
and investigate any significant fluctuations.
+ select a sample of sales invoices for customers and agree the sales
prices back to the price list or customer master data information to
ensure the accuracy of invoices.
+ Select a sample of dispatch notes both pre and post year end and
follow these through to sales invoices in the correct accounting period to
ensure that cut-off has been correctly applied.
Purchases
+ Calculate the operating profit and gross profit margins and
compare them to last year and budget and investigate any significant
differences.
+ Review monthly purchases and other expenses to identify any
significant fluctuations and discuss with management.
+ Discuss with management whether there have been any changes in
the key suppliers used and compare this to the purchase ledger to
assess completeness and accuracy of purchases.
+ Recalculate the accuracy of a sample of purchase invoices to the
related taxes and ensure expense has been included in the correct
nominal code.
+ Recalculate the prepayments and accruals charged at the year-end
to ensure the accuracy of the expense charge included in the statement
of profit or loss.
+ Select a sample of payments from the cash book and trace to
expense account to ensure the expense has been included and calcified
correctly.
+ Select a sample of post year-end expense invoices and ensure that
any expenses relating to the current year have been included.
Payroll Cost
+ Compare the total payroll expense to the previous year and
investigate any significant variances.
+ Review monthly payroll charges and compare this to the prior year
monthly charges and to budgets. Discuss significant variances with
management.
+ Reconcile the total wages and salaries expense per the payroll to
the cost in the financial statements and investigate any differences.
+ Agree amounts owed to the taw authorities to the payroll records
and with the amount subsequently paid and clearing the bank statement
post year-end to ensure completeness.
+ Cast a sample of payroll records to confirm completeness and
accuracy of the payroll expense.
+ Recalculate the gross and net pay for a sample of employees and
agree to the payroll to confirm accuracy.
+ Re-calculate statutory deductions to confirm whether the correct
deductions are included within the payroll expense.
+ Agree individual wages and salaries per the payroll to the
personnel records and records of hours worked per the swipe card
system.
PPE
+(valuation) Review depreciation rates applied in relation to asset
lives, past experience of profits and losses on disposals, and consistency
with prior years and disclosed accounting policies.
+ Compare NCA in the general ledger with the NCA register and
obtain explanations for differences.
+ For a sample of assets which physically exist agree that they are
recorded in the NCA register
+ Verify title to land and building by inspection of title deeds, land
registry certificates, leases.
+ Reconcile the schedule of nca with the general ledger
+ Review new lease agreements to ensure properly classified as
finance lease or an operating lease in accordance with IFRSs
Payables
+ Obtain a trade payables purchase ledger listing and agree the total
to the general ledger and the figure for trade payables included in the
financial statements.
+ Compare the list of trade payables with the previous year’s to
identify and potentially significant omissions.
+ Compare the payables turnover and payables days to the previous
year and industry data.
+ Reconcile a sample of payables balances with supplier statements
and investigate differences which could indicate a significant
misstatement.
+ Review the cash book entries or the bank statements after the end
of the year for payments which could indicate the existence of
unrecorded trade payables.
Receivables
+ Circularize trade receivable for a representative sample of the year-
end balances. If authorized by management, send an e-mail or reminder
letter to follow up non-response.
+ Calculate average receivables day and compare this to prior year
and expectations, investigating any significant differences.
+ Review the aged receivables report to identify any old balances and
discuss the probability of recovery with the credit controller to assess the
need for an allowance.
+ Review the reconciliation of the receivables ledger control account
to the list of receivables balances and investigate unusual reconciling
items.
+ Select a sample of goods dispatched notes just before and just
after the year end ensure the related invoices are recorded in the correct
accounting period.
+ Review board minutes to assess whether there are any material
disputed receivables.