ACCA AA - Course Notes (2021-22)

Course Notes
ACCA
Audit and Assurance (AA)
Exams from September 2021
Tutor details
ii Introduction ACCA AA
No part of this publication may be reproduced, stored in a retrieval system

or transmitted, in any form or by any means, electronic, mechanical,
photocopying, recording or otherwise, without the prior written permission
of First Intuition Ltd.
Any unauthorised reproduction or distribution in any form is strictly

prohibited as breach of copyright and may be punishable by law.
© First Intuition Ltd, 2021
MAY 2021 RELEASE

ACCA AA Introduction iii
Contents
Page
1 Your exam v
2 The syllabus v
3 Technical Articles v
1: Audit framework and regulation 1
1 The concept of audit and other assurance engagements 1

2 External audits 3
3 Corporate governance 6
4 Professional ethics and ACCA’s Code of Ethics and Conduct 10
5 Knowledge diagnostic 14
2: Planning and risk assessment 15
1 Overview diagram 15
2 Obtaining and accepting audit engagements 16
3 Objective and general principles of audit planning 18
4 Planning an audit 18
5 Understanding the entity and its environment 20
6 Assessing the risks of material misstatements 21
7 Materiality, fraud, laws and regulations 22
8 Analytical procedures (including data analytics) 25
9 Interim and final audits 26
10 Audit documentation 26
3: Internal control 29
1 Introduction 29
2 The use of internal control systems by auditors 30
3 Transaction cycles 32
4 IT controls 37
5 Tests of control versus substantive procedures 37
6 Internal audit and governance and the differences between external audit and internal audit 39
7 The scope of the internal audit function, outsourcing and internal audit assignments 41
4: Audit evidence 45
1 The use of assertions by auditors 45

2 Audit procedures 48
3 The audit of specific items 50
4 Audit sampling and other means of testing 61
5 Computer-Assisted Audit Techniques 62
6 The work of others 63
7 Not-for-profit organisations 65
5: Review and reporting 67
1 Subsequent events 67
2 Going concern 69
iv Introduction ACCA AA
3 Written representations 71
4 Audit finalisation and the final review 72
5 The independent auditor’s report 72
6 Application to scenarios 76
7 Reports to Management 78
Solutions to Class lecture examples 79
Chapter 5 79
Comparison of course notes content with Study Text 81

ACCA AA Introduction v
1 Your exam
Your examination is a 3-hour computer based examination.
You will have three hours for the exam PLUS you may have up to 10 minutes to familiarise
yourself with the CBE system before starting the exam.
The exam is divided into two sections:
Section A Three 10-mark case-based questions (each case has five objective questions worth 2 marks each)
Section B One 30-mark question and two 20-mark questions
2 The syllabus
Full details of the syllabus can be found on the ACCA website at:
https://www.accaglobal.com/ca/en/student/exam-support-resources/fundamentals-exams-study-
resources/f8/syllabus-study-guide.html
The following syllabus addition was made this year
First Intuition has confirmed with the ACCA that this syllabus area relates to your ability to use the
ACCA software to complete the exams. There is no additional learning and therefore no additional
material on this in these notes. However, we do recommend that you complete two of the exams on
the ACCA practice platform as part of this course in order that you are prepared to demonstrate the
above skills when you sit your exam.
3 Technical Articles
The ACCA publish a number of technical articles relating to Audit and Assurance on their website at
https://www.accaglobal.com/gb/en/student/exam-support-resources/fundamentals-exams-study-
resources/f8/technical-articles.html
These provide useful additional reading, and are worth reading once you are comfortable with
material in these notes. We suggest looking at them between the tuition and revision stage of your
course.
vi Introduction ACCA AA
1
Audit framework and

regulation
1 The concept of audit and other assurance engagements

An audit is an evaluation of an organisation, system or process. Audits are performed to ascertain the
validity and reliability of information, and also provide an assessment of a system's internal control.
In the context of a company and its accounting records, the external audit is an “independent
examination and expression of opinion on the financial statements of an entity”. Many organisations
(particularly companies) are legally required to have an external audit.
The purpose of the external audit is for the auditor to obtain sufficient appropriate audit evidence on
which to base the audit opinion. This opinion states that the financial statements give a ‘true and fair
view’ of the position, performance (and cash flows) of the entity. This opinion is prepared for the
benefit of shareholders and can be seen as helping to prevent these investors from being defrauded.
There is no strict legal definition of “true and fair” but essentially it means that the financial
statements contain no significant/material errors.
“True” can be considered as stating that the information in the financial statements is factual and
complies with accounting standards.
“Fair” refers to information being clear, impartial and unbiased, reflecting the substance of
transactions, rather than the legal form.
An audit is considered necessary for all but the smallest companies because there is often a distinction
between those people that own the company – the shareholders – and those people that run the day-
to-day operations of the company – the directors.
In this sense, the directors are considered to be the “stewards” of the company – they are accountable
to the owners for the performance of the company.
2 1: Audit framework and regulation ACCA AA
Company
Owned by Run by
Financial
Shareholders Directors
statements
Independent examination
Opinion Auditor
1.1 Assurance engagements

Assurance engagements (of which an external audit is an example) are simply assignments where a
practitioner expresses a conclusion designed to give confidence about the outcome of a particular
subject matter.
The five elements of an assurance engagement are:
(a) A three-party relationship:
(i) A practitioner (i.e. an accountant) who is the professional who will review the subject
matter and provide the assurance
(ii) A responsible party, which is the organisation responsible for preparing the subject
matter to be reviewed
(iii) Intended user, who is the person who requires the assurance report.
(b) An appropriate underlying subject matter. The subject matter is the data or phenomenon that
the responsible party is responsible for and which requires verification (e.g. financial statements
in an audit).
(c) Suitable criteria. The subject matter is compared to the criteria in order for it to be assessed and
an opinion provided (e.g. accounting standards).
(d) Sufficient appropriate evidence has to be obtained by the practitioner in order to give the
required level of assurance.
(e) A written assurance report given by the practitioner to the intended user and the responsible party.
An audit is the most significant example of an assurance engagement in your syllabus. Another
significant assurance engagement is a review engagement.
Review engagements may involve a practitioner reviewing financial data, for example, six-monthly
figures, interim financial statements, annual financial statements (where an audit is not required) and
even forecast figures. This involves the practitioner undertaking procedures to state whether anything
has come to their attention which causes the practitioner to believe that the financial data is not in
accordance with the financial reporting framework.
A review engagement differs to an external audit in that the procedures undertaken are not nearly as
comprehensive as those in an audit, with procedures such as analytical review and enquiry used
extensively. In addition, the practitioner does not need to comply with ISAs as these only relate to
external audits.
Other examples of review engagements may not involve financial data. For instance, it might be a
review of whether internal controls are effective against suitable criteria.
ACCA AA 1: Audit framework and regulation 3
1.2 Explain the level of assurance provided by audit and other review
assignments
There are two levels of assurance that an assurance engagement can provide, depending on the
amount of work performed.
1.2.1 Limited level of assurance

This is assurance presented in a negative way, whereby the auditors state that “nothing has come to
their attention” that causes them to believe that the subject matter is not free from material
misstatement. This level of assurance is commonly used for review engagements, especially of
forecasts (e.g. a cash flow forecast), where the auditor cannot “vouch” the accuracy of the data
because the data cannot be tested against actual known figures.
1.2.2 Reasonable level of assurance

This is a positive opinion, stating that the subject matter conforms in all material respects with the
identified criteria. A good example of this is the statutory audit, stating that the financial statements
“give a true and fair view” of the company’s affairs.
1.2.3 Absolute assurance

Absolute assurance would be the certification that something is absolutely correct. This level of
assurance cannot be given on an assurance engagement, due to the inherent limitations of the
engagement (see paragraph 2.3).
2 External audits
2.1 Describe the regulatory environment within which external audits take
place
External audits are audits carried out by auditors who are independent of the entity being audited.
Most companies (except small or dormant companies) are required to have an external audit by law,
in which case, they are usually referred to as “statutory audits”. Some companies may choose to have
an external audit, even if one is not legally required.
Statutory audits have to be carried out in accordance with the legal requirements of the country in
which they are taking place.
2.2 Appointment, rights, removal and resignation of auditors

2.2.1 Appointment
Auditors are appointed by the shareholders of the company in general meeting. In practice, the
shareholders will confirm the recommendation of the directors of the company.
Before an auditor can accept a new audit appointment, he should:
 Check to ensure that the audit firm is independent of the client (see the “threats” to auditor
independence later in this chapter)
 Check to make sure the firm has the necessary resources (e.g. staff numbers, time and
expertise) to be considered competent
 Assess the risk attached to the new client – by looking at the nature of its industry, assessing
the integrity of the key staff and conducting a credit search
 Ensure there are no conflicts of interest – e.g. if the audit firm already has clients in the same
industry sector
Once satisfied with the above, the auditor should then:

 Ask client for permission to contact the outgoing auditor
 If the client denies this permission, the audit must be rejected
 Contact the outgoing auditor, asking if there are any “relevant matters” e.g. has the client paid
promptly, acted with integrity (if not, the auditor should consider whether these cause an
ethical barrier to accepting the appointment)
 The outgoing auditor should contact the client to request permission to reply to the incoming
auditor’s requests
 If this permission is denied, the new auditor should be informed of this denial
Once all of the formalities above have been completed, the incoming auditor should send a letter of
engagement to the client, setting out the key terms of the contract to perform the audit.
2.2.2 Rights
Once appointed, the auditor has the following rights:
 Access to the company’s books, accounts and vouchers.
 To receive all information or explanations that they think necessary for the performance of their
duties as auditors.
 To receive all communications relating to written resolutions.
 To receive all notices of, and other communications relating to, any general meeting which a
member of the company is entitled to receive.
 To attend any general meeting of the company and to be heard at any general meeting which
an auditor attends on any part of the business of the meeting which concerns them as auditor.
 Other rights relating to removal and resignation (see paragraphs 2.2.3 and 2.2.4)
2.2.3 Removal
The auditor can only be removed by shareholders at a General Meeting with a majority vote. Again,
the shareholders will be led by the directors in their decision making
When the Directors write to the shareholders to communicate the holding of the meeting, they must
also inform the auditor. The auditor has the right to attend the meeting and speak.
The auditor must produce a “statement of circumstances” (see below). If there are no circumstances
that need to be brought to the attention of the shareholders, then a statement of no circumstances is
required. If they have been removed before the end of their term of office, they must notify ACCA.
2.2.4 Resignation
An auditor can resign, at any time, in writing. If they wish, they can also request that the company calls
an Extraordinary General Meeting (EGM). As with removal, the auditor can attend and speak at this
meeting.
In all cases where an auditor ceases to audit a particular company, it must submit a “statement of
circumstances” to the company, explaining any issues involved in the auditor ceasing to audit the
company.
This statement must be submitted, even if it says there are no circumstances that need to be reported.
Again, if the auditors have resigned before the end of their term of office, they must notify ACCA.
2.3 Describe the limitations of external audits

Auditors rely heavily on the integrity of client management to provide the necessary information,
allow access to records etc. If management are unscrupulous and wish to hide facts from the auditor,
it may be fairly easy to do so.
The nature of financial reporting is such that it involves management judgement and subjective
decisions, which it is not possible to conclude absolutely are correct and which may be affected by
management bias.
Auditors only spend a limited amount of time at the client’s premises, testing only a sample of items
due to the fact that there is a cost/benefit element to auditing. It is not possible to address all
information that may exist or to pursue every matter exhaustively on the assumption that information
is in error or fraudulent until proved otherwise
Auditors plan their work to detect material errors and frauds only – so minor errors and frauds may
not be detected.
2.4 Explain the development and status of International Standards on

Auditing
The International Federation of Accountants (IFAC) is the worldwide organisation for the accountancy
profession. For the purposes of this exam, the most important part of IFAC is the IAASB – International
Audit and Assurance Standards Board.
The IAASB issues a variety of pronouncements, the most important of which are International
Standards on Auditing (ISAs) which aim to promote best practice in auditing. ISAs are designed to be
applied in the audit of financial statements (and may be applied to the audit of other historical
financial information).
The ISAs contain basic principles and essential procedures together with related guidance in the form
of explanatory material and appendices.
An auditor should follow the ISAs wherever possible. However, in some situations an auditor may
consider it necessary to depart from the ISA so that the objectives of the audit can be achieved more
efficiently. In this situation, the auditor may depart from the ISA, but they must be prepared to justify
the departure.
2.5 Explain the relationship between International Standards on Auditing

and national standards
While ISAs are designed to be implemented worldwide, they do not have legal status and so conflict
may arise between the ISA and local audit requirements.
For example, one country may have a local audit requirement for an engagement letter to be sent to
clients every five years whereas ISA 210 Terms of audit engagements recommends that the auditor
considers annually whether a letter is needed on a recurring audit.
ISAs are not designed to overrule the specific requirements of an individual country. So if there is a
conflict, the specific country regulation should be followed. However, the IAASB normally recommends
that changes are made in that country so the ISA can be followed.
Many countries have ‘adopted’ these ISAs as their national standards rather than amending their
original standards to bring them in line with ISAs. If ISAs are adopted as national standards, as has
been the case in the UK, statutory audits must be based on these ISAs. If not, they still represent best
practice in auditing, and auditors would generally follow them unless they conflict with national
standards.
3 Corporate governance
3.1 Corporate governance
KEY TERM
Corporate governance: refers to the way in which companies are organised and controlled.
A strong system of corporate governance gives credibility to a company’s financial statements,

demonstrating the company’s commitment to its internal control systems.
It is worth distinguishing between “executive” and “non-executive” directors at this point:
 Executive directors – are involved in the day-to-day running of the company. They are usually
full-time employees and paid a salary.
 Non-executive directors (NEDs) are independent, part-time directors who scrutinise the
company’s affairs. They generally only attend Board meetings and the meeting of any
committees to which they belong. As this is more of a part-time role, NEDs are usually paid a
fee, depending on their experience and time commitment to the company.
NEDs should, as far as possible be ‘independent’ of the company (i.e. not former employees) so that
they can be more objective.
Many countries have issued their own codes of corporate governance. In the UK, the “UK Corporate
Governance Code” is the model used by listed companies.
The UK Corporate Governance Code is comply or explain, with listed companies having to disclose if
they have not followed the Code.
3.2 The UK Corporate Governance Code key recommendations

Please note this Code was revised in 2018 so may have changed since your studies at AB.
3.2.1 Board leadership and company purpose

A successful company is led by an effective and entrepreneurial board, whose role is to promote the
long-term sustainable success of the company, generating value for shareholders and contributing to
wider society.
The board should establish the company’s purpose, values and strategy, and satisfy itself that these
and its culture are aligned. All directors must act with integrity, lead by example and promote the
desired culture.
The board should ensure that the necessary resources are in place for the company to meet its
objectives and measure performance against them. The board should also establish a framework of
prudent and effective controls, which enable risk to be assessed and managed.
In order for the company to meet its responsibilities to shareholders and stakeholders, the board
should ensure effective engagement with, and encourage participation from, these parties.
The board should ensure that workforce policies and practices are consistent with the company’s
values and support its long-term sustainable success. The workforce should be able to raise any
matters of concern.
3.2.2 Division of responsibilities

The chair leads the board and is responsible for its overall effectiveness in directing the company. They
should demonstrate objective judgement throughout their tenure and promote a culture of openness
and debate. In addition, the chair facilitates constructive board relations and the effective contribution
of all non-executive directors, and ensures that directors receive accurate, timely and clear
information. (Chair should be independent on appointment.)
The board should include an appropriate combination of executive and non-executive (and, in
particular, independent non-executive) directors, such that no one individual or small group of
individuals dominates the board’s decision-making. There should be a clear division of responsibilities
between the leadership of the board and the executive leadership of the company’s business. (Code
recommends at least half the board should be independent non-executive directors)
Non-executive directors should have sufficient time to meet their board responsibilities. They should
provide constructive challenge, strategic guidance, offer specialist advice and hold management to
account.
The board, supported by the company secretary, should ensure that it has the policies, processes,
information, time and resources it needs in order to function effectively and efficiently.
3.2.3 Composition, succession and evaluation

Appointments to the board should be subject to a formal, rigorous and transparent procedure, and an
effective succession plan should be maintained for board and senior management. Both appointments
and succession plans should be based on merit and objective criteria and, within this context, should
promote diversity of gender, social and ethnic backgrounds, cognitive and personal strengths. (A
nomination committee should exist to do this.)
The board and its committees should have a combination of skills, experience and knowledge.
Consideration should be given to the length of service of the board as a whole and membership
regularly refreshed.
Annual evaluation of the board should consider its composition, diversity and how effectively
members work together to achieve objectives. Individual evaluation should demonstrate whether
each director continues to contribute effectively.
3.2.4 Audit, risk and internal control

The board should establish formal and transparent policies and procedures to ensure the independence
and effectiveness of internal and external audit functions and satisfy itself on the integrity of financial
and narrative statements. (Done through an audit committee of independent non-executive directors.)
The board should present a fair, balanced and understandable assessment of the company’s position and
prospects.
The board should establish procedures to manage risk, oversee the internal control framework, and
determine the nature and extent of the principal risks the company is willing to take in order to achieve
its long-term strategic objectives.
3.2.5 Remuneration
Remuneration policies and practices should be designed to support strategy and promote long-term
sustainable success. Executive remuneration should be aligned to company purpose and values, and
be clearly linked to the successful delivery of the company’s long-term strategy.
A formal and transparent procedure for developing policy on executive remuneration and determining
director and senior management remuneration should be established. No director should be involved
in deciding their own remuneration outcome. (This should be done through a remuneration
committee.)
Directors should exercise independent judgement and discretion when authorising remuneration
outcomes, taking account of company and individual performance, and wider circumstances.
3.2.6 Independence criteria per the Code Factors Affecting

independence of
Circumstances which are likely to impair, or could appear to impair, a non-executive director’s
Directors
independence include, but are not limited to, whether a director:
 Is or has been an employee of the company or group within the last five years;
 Has, or has had within the last three years, a material business relationship with the company,
either directly or as a partner, shareholder, director or senior employee of a body that has such
a relationship with the company;
 Has received or receives additional remuneration from the company apart from a director’s fee,
participates in the company’s share option or a performance-related pay scheme, or is a
member of the company’s pension scheme;
 Has close family ties with any of the company’s advisers, directors or senior employees
 Holds cross-directorships or has significant links with other directors through involvement in
other companies or bodies
 Represents a significant shareholder; or
 Has served on the board for more than nine years from the date of their first appointment.
3.3 Audit committees and their drawbacks and limitations

An audit committee should be made up of at least three independent NEDs (two in smaller
companies), at least one of whom has recent and relevant financial experience. Ideally, the Chairman
of the board would not be one of these. The responsibilities of the audit committee will include:
 Monitor the integrity of the financial statements (and other formal announcements relating to
financial performance) of the company and reviewing significant financial reporting judgements
in them
 Providing advice (when required) on whether the annual report and accounts as a whole is fair,
balanced and understandable, and provides the necessary information for shareholders to
assess the company’s performance and position.
 Review the company’s internal financial controls and risk management and internal control
systems
 Monitor and review the effectiveness of the internal audit function (or consider annually
whether one is needed, if none exists)
 Conduct the tender process and make recommendations to the Board re
appointment/remuneration of external auditor (to be submitted to the shareholders for
approval)
 Review and monitor the independence/objectivity of the external auditor and the effectiveness
of the audit process
 Develop and implement policy on the use of the external auditor to provide non-audit services
 Report to the board on how the audit committee (itself) has discharged its responsibilities
3.4 Advantages of an audit committee

 As it is made up of non-execs performing a part-time role, they have more time than the
executive directors to review key documents such as the auditor’s report.
 Increased public confidence in the credibility and objectivity of published financial information.
 Shareholders may view the committee as a form of “internal control”, leading to a stronger
control environment.
 Financial reporting – the audit committee can assist the board by checking the financial
statements to ensure that they comply with appropriate accounting standards. As noted above,
one of the members should have “financial expertise”.
 The audit committee could have a variety of business backgrounds, bringing valuable skills,
knowledge and expertise to the company.
 May be easier and cheaper to raise finance if there is a perception of good corporate
governance created by the presence of an audit committee.
 Acts as a bridge between the external auditor and the board and can help the external auditor
to maintain independence in the audit process (by being a buffer between the external auditor
and the executive directors)
 Internal audit can report to the audit committee ensuring an element of independence in their
role too, giving a similar buffer to executive directors, especially the finance director.
3.5 The limitations of an audit committee

 Finding suitable candidates – it is not easy to find independent non-executives with relevant
knowledge of corporate governance and the company itself.
 Diminished importance of the board ─ the board may see the NEDs as having too much power
and effectively “running our company”.
 Slower decision-making by the company ─ by adding another layer to the decision-making process.
 Cost – The audit committee will increase the expenditure of the company as the NEDs will
obviously require remuneration for their time and expertise.
3.6 Internal control and risk management

The directors are responsible for the internal control system of a company. Part of an entity’s system
of internal control should include the assessment of its key business risks. These risks can be split into
the headings:
 Financial risks – those risks that would affect the entity’s cash flow such as movement in
interest rates or exchange rates.
 Compliance risks – those risks relating to laws and regulations e.g. health and safety rules.
 Operational risks – those risks relating to the day-to-day operations of the business e.g. loss of
key staff, inventory management.
It is important for the entity to demonstrate its policies and procedures with respect to the
acknowledgement and management of these risks.
3.7 Discuss the need for auditors to communicate with those charged with
governance
The auditor should communicate audit matters of governance interest arising from the audit of
financial statements with those charged with governance of an entity.
“Those charged with governance” means “the person(s) with responsibility for overseeing the:
 Strategic direction of the entity
 Obligations relating to the accountability of the entity, including overseeing the financial
reporting process.
This implies that the communication should be with the highest level of management, including the
executive and non-executive directors, and the audit committee, where relevant.
Matters to be communicated:
Auditors must communicate the fact that they are responsible for forming and expressing an opinion
on the financial statements. The following must also be communicated:
 Planned scope and timing of the audit
 Significant findings from the audit, including:
– Changes in accounting policies
– The potential effect on the financial statements of any material risks and exposures, such
as pending litigation, that are required to be disclosed in the financial statements.
– Audit adjustments, whether or not recorded by the entity that have, or could have, a
material effect on the entity’s financial statements.
– Material uncertainties that may cast significant doubt on the entity’s ability to continue
as a going concern.
– Disagreements with management about matters that, individually or in aggregate, could
be significant to the entity’s financial statements or the auditor’s report.
– Expected modifications to the auditor’s report (see Chapter 5).
– Material weaknesses in internal control and recommendations for improvement. (See
Chapter 3.)
4 Professional ethics and ACCA’s Code of Ethics and Conduct

4.1 The fundamental principles
The ACCA’s Code of Ethics and Conduct outlines five fundamental principles of ethical behaviour for
professional accountants:
Integrity
To be honest and straightforward in performing professional services.
Objectivity
Not to compromise professional or business judgments because of bias, conflict of interest or undue
influence of others.
Professional competence and due care

To:
 Attain and maintain professional knowledge and skill at the level required to ensure that a client
or employing organisation receives competent professional service, based on current technical
and professional standards and relevant legislation; and
 Act diligently and in accordance with applicable technical and professional standards.
Confidentiality
To respect the confidentiality of information acquired as a result of professional and business
relationships.
Generally speaking, this means not to disclose client information without permission from the client.
However, there are certain circumstances where the auditor has a responsibility to disclose client
information without needing the client’s permission:
 Obligatory responsibility – where the auditor suspects that his client has committed money-
laundering, drug-trafficking or terrorist offences, he is obliged to disclose this information to a
relevant authority. Also, the auditor must make disclosure if compelled by a court order or
summons.
 Voluntary disclosure – an auditor may decide to disclose information if he feels it is in the public
interest e.g. if the management are involved in fraud. They may also disclose information to
defend themselves against a claim of negligence or if suing for unpaid fees.
Professional behaviour
To comply with relevant laws and regulations and avoid any conduct that the professional accountant
knows or should know might discredit the profession.
4.2 Define and apply the conceptual framework

The ACCA give guidance as to how the above principles can be applied in a “conceptual framework”.
A conceptual framework requires members to identify, evaluate and address threats to
independence, and consequently it is not sufficient for members to merely comply with the examples
of circumstances set out in the Code of Ethics and Conduct. Rather, members must ensure that, in the
particular circumstances under consideration, the Fundamental Principles have been observed.
Auditors are required to assess their independence in relation to clients prior to accepting
engagement (which we look at in more detail in Chapter 2, although the ethical considerations
discussed here will be relevant) and on an ongoing basis, that is, throughout the course of the audit
relationship.
The five categories of threat to an auditor’s independence are as follows.
Self-interest threat
This occurs when the audit firm or a member of the audit team has some financial or other interest in
a client resulting in the firm losing objectivity towards the client and aligning its interests with the
client.
Examples include:
 Undue dependence on the fees generated by the client. Where an audit client is a public
interest entity and the total fees from the client represent more than 15% of the total fees
received by the firm for two consecutive years, the firm must:
– Disclose this to those charged with governance
– Obtain an external quality control review either before or after issuing the audit opinion
on the second year’s financial statements.
– Seek other clients to reduce the dependence on this client
– Consider resigning from the audit if the threat to independence is too great to be
mitigated by other safeguards.
Other examples of self-interest threat include:
 Owning shares in a client (audit partners are specifically prohibited from holding shares in their
clients).
 A loan to or from a client or any of its directors or officers.
 Overdue fees from previous years’ work (akin to a loan) – the auditor should not start this
year’s audit until all previous fees have been paid.
 Contingent fees – where some or all of the audit fee is dependent on, say, the client’s profit for
the year. This is not permitted for audit work.
 Business relationships between the firm and the client e.g. joint ventures
Self-review threat
This occurs when the auditor has to re-evaluate work the firm has previously performed meaning
that individuals might not assess it objectively or even be tempted to ignore mistakes in it so that the
reputation of the firm is not diminished.
Examples:
 A member of the audit team was recently employed by the client and is therefore reviewing his
own work.
 The preparation of financial statements of an audit client. This is not allowed for listed audit
clients but may be allowed for unlisted audit clients.
 The calculation of the tax figure for inclusion in the financial statements of an audit client.
 The provision of internal audit services to an external audit client.
Advocacy threat
This occurs when an auditor represents their client, promoting a position or opinion to the point that
they may no longer be objective about the client as they have become accustomed to supporting
them.
Examples:
 Acting as an advocate on behalf of a client in litigation or a dispute
 Promoting a stock exchange listing
 Attending a bank meeting to give explanations about audited financial statements
Familiarity threat
This occurs when members become too sympathetic to the interests of their client resulting in them
losing objectivity (being biased) and failing to scrutinise decisions or opinions of staff at the client (a
loss of professional scepticism).
Examples include:
 Having a family/personal relationship with a director of the client.
 Acceptance of gifts/hospitality from the client unless “modest” in value (also self-interest)
 Long association with a client. For listed companies, a key safeguard is that engagement
partners should be rotated at least every seven years to maintain their independence. If the
company is being listed, the partner should only continue for seven years less the time already
served as partner. If the partner has already served six or more years, the permitted service is a
maximum of another two years.
 Staff from the audit firm joining the client (also self-interest and intimidation)
Intimidation threat
This may occur when members are deterred from acting objectively because they are threatened.
These may be actual or perceived threats, e.g. threat of dismissal or threat of litigation or by having
unreasonable time restraints placed on the audit. This is strongly associated with self-interest, as such
a threat might only be significant to a firm if they have a significant self interest in the client. Whether
a threat causes intimidation is therefore a matter of professional judgement. A threat of the loss of a
client representing 12% of total firm income would be considered more significant than the threat of
the loss of a client representing 0.5% of total firm income, for example.
4.2.1 Safeguards
Clearly, if these threats exist, the auditor may be less likely to audit appropriately. For example, to
reduce the risk that a client is upset by the auditors, possibly leading to loss of the client, auditors
could:
 Fail to challenge inappropriate accounting policies or disclosures proposed by the client
 Wrongly agree that items which the client does not want to adjust are immaterial so that the
audit opinion is not qualified in respect of them
In relation to self-review, the firm might
 Not audit accounts prepared on behalf of the client by the audit firm properly ‘as they are
bound to be right’.
In many cases, simple actions adopted by the auditor reduce such threats to a level which is
considered appropriate. It is very rare that such actions (known as safeguards) cannot be implemented
so that the relationship can be maintained. If they cannot, the appropriate safeguard is to resign from
the client. However, it must be stressed that this is rare both in practice and in exam questions. Always
try and consider if there are alternative actions the firm could take which would reduce the threat that
exists.
Possible safeguards:
 Use different staff to avoid familiarity or self-review threats (eg one team to prepare accounts
and another team to audit those accounts).
 Similarly, rotate engagement partners and senior staff away from particular clients if there is a
familiarity threat. (For listed clients, partners should be rotated every 7 years to ensure
independence.)
 Use a second partner to review a completed audit file before it is signed off (a “hot” review).
This can be relevant to various threats relating to individuals (for example, if a partner has been
the engagement partner for a long time causing familiarity, but there were appropriate reasons
not to rotate them yet, or if a member of the audit team had been subjected to threatening
behaviour and was individually possibly at risk of loss of independence).
 Decline offers to carry out additional services if you are already the auditor and this would
cause self-review threats (auditing the other work) or self-interest threats (undue dependence
on the combined fee).
4.3 Conflicts of interest

When faced with a conflict of interest, an accountant will face similar issues to those outlined in the
“threats to independence” section above.
There are two possible sources of conflict:
 The accountant performs a service in competition with a client. For example, First Intuition’s
auditors start offering bookkeeping courses. The only safeguard here is to notify the client of
the conflict of interest.
 The accountant might have a client in a particular industry. They might then be approached by
that client’s biggest competitor to do their audit. This would give the auditors access to
commercially sensitive information for both clients.
In this second instance, the auditor can safeguard his position by:
 Notifying both clients of the approach by the competitor and obtain the consent of both (MUST
do this)
 Advising both clients to seek additional independent advice
 Using different engagement teams for the different clients
 Applying physical controls, such as passwords to client information so that only appropriate
staff can access particular client information
 Using confidentiality agreements signed by employees and partners of the firm
5 Knowledge diagnostic
Before you move on to the next chapter, complete the following knowledge diagnostic and confirm
you possess the following essential learning from this chapter. If not, you are advised to revisit the
relevant learning from this chapter.
Confirm your learning Yes/No
Can you explain the levels of assurance provided by an audit or other review
assignments?
Do you know the legal requirements associated with the appointment, removal
and resignation of auditors?
Can you describe the limitations of an external audit?
Do you know the provisions of corporate governance most relevant to auditors?
Do you understand why provisions of corporate governance are relevant to

auditors?
Can you define the fundamental principles of ethics and the conceptual
framework?
Can you discuss safeguards to offset threats to the fundamental principles?

15
Planning and risk assessment
1 Overview diagram
At this stage of the course, it is useful to put the chapters in the notes in the context of the whole
external audit process.
Chapter 2: Obtaining and accepting audit engagements
Chapter 2: Planning and Risk Assessment
Chapter 3: Internal Controls. The external auditor tests

the client’s controls to determine how effective they
are. This will impact the level of substantive testing
performed after the year end
Year end
Chapter 4: Audit Evidence. The substantive testing of

the financial statements
Chapter 5: Review. Subsequent events, going concern

and written representations
Chapter 5 (cont): Reporting. Auditor’s reports and

reports to management
16 2: Planning and risk assessment ACCA AA
2 Obtaining and accepting audit engagements

2.1 Discuss the requirements of professional ethics in relation to the
acceptance/continuance of audit engagements
Auditors must take certain steps in accepting a new audit or continuing an existing audit engagement.
These include agreeing whether the “preconditions” are present, agreement of audit terms in an
engagement letter, recurring audits and changes in engagement terms.
2.2 Preconditions of an audit

The auditors are required to establish whether the preconditions for an audit are present by:
(a) Determining whether the financial reporting framework to be applied in the preparation of the
financial statements is acceptable.
 Ask management what the framework is
 Review past financial statements to corroborate this is the case
 Consider any relevant law and regulation applying to the company in question
(b) Obtaining the agreement of management that it acknowledges and understands its
responsibility for the preparation of the financial statements, for internal controls sufficient to
ensure the financial statements are free from material misstatement, and to provide the auditor
with access to all information and personnel required for the audit.
 This should be confirmed by the company in writing (a written representation). The
auditors will usually prepare a letter for the company to acknowledge and sign.
If the preconditions for an audit are not present, the auditor shall discuss the matter with
management. If he considers that the matter is significant, he could choose to reject the proposed
audit engagement.
2.3 Justify the importance of engagement letters and their contents

An engagement letter provides a written agreement between the auditor and the client.
The letter should be sent before the audit starts and must be updated regularly for changes in laws,
regulations and standards or changes in the client or if there is evidence the client does not
understand the nature of the audit relationship. Some audit firms send a new letter every year while
others simply “roll forward” the letter from one year to the next.
The letter therefore minimises the possibility of misunderstandings between the two parties.
The engagement letter typically contains clauses on:
 The objective and scope of the audit of financial statements
 Management’s responsibility for the financial statements and for maintaining effective internal
control
 Auditor’s responsibilities
 Provision of access to whatever records, documentation and other information requested in
connection with the audit.
 Arrangements for planning the audit
 Agreement of management to provide a letter of representation
 Description of any other letters or reports the auditor expects to issue to the client
 Basis on which fees are computed and any billing arrangements
ACCA AA 2: Planning and risk assessment 17
2.4 Explain the overall objectives and importance of quality control

procedures in conducting an audit
Ultimately, the audit firm is responsible for the quality of the audit opinion that it provides. Audit firms
therefore have to maintain systems of quality control to ensure that:
 Firm personnel comply with required standards (ethical, legal, professional)
 The firm issues an appropriate auditor’s report
Quality control procedures ultimately aim to ensure the second bullet. We shall look at detailed
procedures in the next section, but consider that what the procedures are trying to do is ensure
quality is achieved. An audit firm is not entitled to use defences for poor work such as ‘sorry, that bit
of the file was done by a trainee’ – as the firm is responsible for directing, supervising and reviewing
work such that the ultimate opinion is appropriate.
2.5 Explain the quality control procedures that should be in place over
engagement performance, monitoring quality and compliance with ethical
requirements
Quality control procedures should be exercised within an audit firm. Audit engagement partners
should ensure that audit work is planned, directed, supervised and reviewed in a manner that
provides reasonable assurance that the work has been performed in a competent manner.
Direction
The engagement team should be directed by the engagement partner. Procedures such as an
engagement planning meeting should be undertaken to ensure that the team understands:
 Their responsibilities;
 The objectives of the work they are to perform;
 The nature of the client’s business and any significant issues for the year;
 How to deal with any problems that may arise; and
 The detailed approach to the performance of the audit.
The planning meeting should be led by the partner and should include all people involved with the
audit. The partner should ensure that appropriate staff, with the right qualifications and experience,
are selected.
Supervision
Supervision should be continuous during the engagement. Any problems that arise during the audit
should be rectified as soon as possible.
Attention should be focused on ensuring that members of the audit team are carrying out their work
in accordance with the planned approach to the engagement. Significant matters should be brought to
the attention of senior members of the audit team. Documentation should be made of key decisions
made during the audit engagement.
Review
All audit work should be reviewed by a more senior audit staff member. The reviewer should consider
whether:
 The work has been carried out in accordance with the firm’s procedures and auditing standards.
 The work is sufficiently documented to allow the conclusions drawn.
 Significant audit matters have been raised for further consideration.
 The objectives of the audit procedures have been achieved.
 The conclusions are consistent with all the work performed.
The engagement partner should carry out an overall review of the working papers. He should
examine all key areas of judgement and all audit evidence relating to high risk areas.
Overall, the engagement partner’s review should be sufficient for him to be satisfied that the working
papers contain sufficient appropriate evidence to support the conclusions reached and for the
auditors’ report to be issued.
The review must be finished before the auditor’s report is signed (a “hot review”), since it is part of the
decision-making process to confirm that the firm has done sufficient work to sign the report.
The firm should require an engagement quality control review for all audits of financial statements of
listed entities (again, prior to the auditor’s report being signed). The audit engagement partner shall
then discuss significant matters arising during the audit engagement with the engagement quality
control reviewer.
The audit firm should have an ongoing consideration and evaluation of the firm’s system of quality
control, including a periodic inspection of a selection of completed engagements (“cold review”). This
helps the firm to identify areas it needs to improve practice on, or possible training needs. The firm
should entrust this responsibility to a senior partner.
Consultation
The engagement partner should arrange consultation on difficult or contentious matters. This is a
procedure whereby the matter is discussed with a professional outside the engagement team, and
sometimes outside the audit firm.
These consultations must be documented to show the issue on which the consultation was sought and
the results of the consultation.
3 Objective and general principles of audit planning

The auditor should plan the audit work so that the audit will be performed in an effective manner.
Planning an audit involves establishing the overall audit strategy for the engagement and developing
an audit plan, in order to reduce audit risk to an acceptably low level.
In modern-day auditing, auditors tend to follow a risk-based approach, tailoring their work around the
particular circumstances surrounding the client. This approach should help auditors to:
 Identify the main risk areas early on in the planning stage
 Base the audit plan around those risks
 Carry out an efficient audit that minimises audit risk and detection risk
 Reduce the chance of a negligence claim against the auditor
4 Planning an audit
The nature and extent of planning activities will vary according to the size and complexity of the entity,
the engagement team’s previous experience with the entity, and changes in circumstances that occur
during the audit engagement.
Benefits of planning the audit of financial statements include:
 Helping the auditor to devote appropriate attention to important areas of the audit.
 Helping the auditor identify and resolve potential problems on a timely basis.
 Assisting in the selection of engagement team members with appropriate levels of skills and
competence to respond to anticipated risks, and the proper assignment of work to them.
 Directing and supervising engagement team members and reviewing their work.
 Assisting, where applicable, in the coordination of work done by other auditors and experts.
 To develop an audit strategy i.e. a general approach for the nature, timing and extent of the
audit work. This strategy will be dictated by a number of factors, including:
– The size of the client
– The auditor’s familiarity/history with the client
– The complexity of the audit
– Any specific reporting requirements such as tight deadlines
At the end of the planning process, the auditor will prepare an audit strategy document and an audit
plan (or “audit planning memorandum” or “audit strategy document”).
The audit strategy must cover the following:
 The characteristics of the engagement that define its scope
In many cases an engagement will be a pure statutory audit in line with company law and
accounting standards. However, an entity might have characteristics that extend the scope of
the engagement, for example, a charity that is a company may need a company audit and an
assurance service relating to achievement of charity objectives. Some entities might be affected
by particular legislation which would impact the audit process (for example, consideration of
laws and regulations might be a significant part of an audit in a highly regulated industry).
 The reporting objectives of the engagement to plan the timing of the audit and the nature of
communications.
For example, a listed company audit needs to be completed by the filing deadlines required of
listed companies (6 months after year end) and would have more communications required (for
example, auditor needs to be report key audit matters in the auditor’s report).
 The factors that are significant in directing the audit team’s effort in the professional judgement
of the auditor.
This will be the professional judgements such as materiality and professional scepticism.
 Results of preliminary engagement activities and relevant past knowledge of the client
This will be related to the risk assessment arising from the risk assessment procedures carried
out, and any knowledge brought forward from previous audits (unless a new client) or
information passed on by predecessor auditors (in a new client). It would also relate to the
results of any preliminary tests of controls (for example, if they show that reduced substantive
procedures can be carried out).
 The nature, timing and extent of resources necessary to perform the engagement
This will include practical factors such as who is on the audit team (ie balance of skills) and how
long the audit is expected to last, specific issues such as inventory count visits, particular
branches to be visited etc.
EXAM FOCUS POINT

Some of these issues will become clearer when you have learnt more about how an audit is
conducted in chapters 3 and 4 (as this document covers all the significant elements of an
audit). If you don’t feel you fully understand this now, revisit it when you have studied
chapters 3 and 4.
One of the key objectives of the audit planning process is to make sure an audit can be carried out
efficiently. This will include determining whether the most appropriate way to conduct the audit is via
tests of control (Chapter 3) or substantive testing (Chapter 4). The detailed schedule of work to be
undertaken (initial risk assessment procedures and then resulting combination of tests of controls and
substantive procedures) will be documented in a detailed audit plan.
5 Understanding the entity and its environment

The auditor is required to identify and assess the risks of material misstatement through
understanding the entity and its environment, the applicable financial reporting framework and the
entity’s system of internal control. This enables the auditor to design and implement responses to the
assessed risks of material misstatement.
Assuming the client has not previously used the audit firm before, a new set of auditors can gain an
initial understanding of a client by:
 Obtaining the latest set of financial statements and performing an analytical review of those
statements
 Requesting a meeting with the management and internal audit team of the client to discuss key
factors relevant to the audit
 Searching the internet for articles and reports on the client
 Requesting permission to meet with the current auditors and/or to review their audit files
Matters to consider when performing risk assessment procedures to obtain an understanding of an
entity include:
 Organizational structure, ownership and governance, business model, including the extent to
which the business model integrates the use of IT
 Industry, regulatory and other external factors
 Measures used, internally and externally, to assess the entity’s financial performance
 Applicable financial reporting framework, the entity’s accounting policies and the reasons for
any changes in these
 How inherent risk factors affect susceptibility of assertions to misstatement and the degree to
which they do so, in the preparation of the financial statements in accordance with the
applicable financial reporting framework, based on the understanding obtained above.
The auditor shall evaluate whether the entity’s accounting policies are appropriate and consistent with
the applicable financial reporting framework.
A thorough risk assessment is needed to help the auditor fully understand the client, which is vital for
an effective audit.
Any unusual items or risks would be identified early so that they could be addressed in a timely
manner and incorporated within audit programmes. This will allow higher risk areas to be audited by
more experienced staff.
Ultimately, the auditor needs to perform a risk analysis to reduce the risk of an inappropriate audit
opinion being given.
It will also help the auditor assess whether the client is a going concern or not.
6 Assessing the risks of material misstatements

6.1 Audit risk
KEY TERM
Audit risk is the risk of the auditor giving an incorrect opinion on the financial statements
being audited; for example, failing to modify the audit opinion when the financial
statements contain a material misstatement.
Audit risk has two individual components: Risk of material misstatement existing in the financial
statements x Risk that the auditor does not discover those errors.
These two components fall into three categories: inherent risk, control risk and detection risk.
Audit Risk = Inherent Risk × Control Risk × Detection Risk
These two components are the This is the risk that the auditors
risk that a material misstatement do not discover existing errors (ie
exists in the financial statements. they fail to detect them). This risk
These risks lie outside the control is controllable by the auditor, by
of the auditor. adjusting the amount and type of
work carried out.
6.2 Inherent risk
KEY TERM
Inherent risk. This is the risk that an assertion about a class of transactions, account balance
or disclosure is susceptible to a material misstatement, either individually or when
aggregated with other misstatements, before the consideration of related controls. It arises
due to the nature of the business or the external pressures placed on the business.
Inherent risk will be considered quantitively and qualitatively. Qualitative factors include:
 Complexity (ie complex accounting treatments)
 Subjectivity (for example if significant judgements being made)
 Change
 Uncertainty
 Susceptibility to management bias
6.3 Control risk
KEY TERM
Control risk. This is the risk that a material misstatement that could occur in an assertion
about a class of transaction, account balance or disclosure will not be prevented, or detected
and corrected on a timely basis by the entity’s internal control system.
Control risk would be higher if a company had recently installed a new computer system or if it had
high staff turnover as these factors could contribute to controls not operating effectively, if more
mistakes are made as a result. Control risk could be high at a company where the directors don’t think
controls are important so it is common practice not to implement controls.
The auditor’s preliminary assessment of controls will help judge what level of control risk exists.
6.4 Detection risk
KEY TERM
Detection risk. This is the risk that the auditor’s procedures will fail to detect a material
misstatement.
Detection risk is the only risk that can be directly controlled by the auditor.
Detection risk comprises “sampling risk” and “non-sampling risk”. Sampling risk is the risk that the
samples chosen are unrepresentative of the populations from which they are drawn. i.e. if 5% of the
population of items contains a certain error, then 5% of a representative sample should too. This risk
can be reduced simply by selecting larger sample sizes.
Non-sampling risk arises from any factor that causes an auditor to reach an incorrect conclusion that is
not related to the size of the sample (e.g. using inappropriate audit tests or misinterpretation of
evidence). This element of risk can be reduced by using a more experienced audit team.
At the planning stage the auditor must assess Inherent Risk and Control Risk and use this to determine
the level of detection risk and THEREFORE, the level of audit work to be carried out.
7 Materiality, fraud, laws and regulations

KEY TERM
Materiality. An item is considered material if “its omission or misstatement could influence
the economic decisions of users”.
With the statutory audit, it is not practical for the auditor to confirm that the financial statements are
“precisely correct”. This is because auditors cannot usually examine every transaction and also
because some elements of accounting are based on estimates and judgements.
The concept of materiality allows the auditor to use certain parameters in order to focus on significant
areas of the financial statements.
In assessing the level of materiality there are a number of areas that should be considered.
First, the auditor must consider both the amount (quantity) and the nature (quality) of any
misstatements, or a combination of both. The quantity of the misstatement refers to its relative size.
The following industry guidelines can be used to estimate materiality levels:

 Above 1% of revenue 0.5% - 1% of Revenue
 Above 1% of total assets 1% - 2% of Total Assets
 Above 5% of profit before tax. 5% - 10% of Profit Before Tax
The quality refers to an amount that might be low in value but due to its prominence could influence
the users’ decisions, for example, directors’ transactions.
For example, the lack of disclosure of a director’s bonus of $5,000 may be considered “insignificant”
for a multi-million dollar company but would still be considered “material” in the UK due to local laws
on the disclosure on directors’ salaries.
The auditor also needs to consider the possibility of misstatements of relatively small amounts that,
cumulatively, could have a material effect on the financial statements. For example, an error in a
month end procedure could be an indication of a potential material misstatement if that error is
repeated each month.
The level of materiality set has a critical impact on the audit in two ways. It determines:
 The nature, timing and extent of audit procedures; and
 Evaluation of the effect of misstatements i.e. will the misstatement lead to an adjustment or
modification of the auditor's report (see Chapter 5).
7.1 Performance materiality

During the audit, the auditor will inevitably detect misstatements which, in themselves are not
considered material. However, when taken together with other misstatements, they may accumulate
into a material misstatement.
Therefore, the auditor will often set a lower materiality level, known as “performance materiality”,
which should be used to record all errors which could accumulate into a material misstatement.
These misstatements are often recorded on a Schedule of Unadjusted Misstatements (sometimes
referred to as an “overs and unders schedule”). At the end of the audit, misstatements that have a
similar effect are added up, to assess whether overall a material misstatement exists.
7.2 Identifying and assessing material misstatements

A misstatement is the difference between the amount, classification, presentation or disclosure of an
item in the financial statements and what is required to be recorded according to the applicable
financial reporting framework.
Misstatements can arise from error or fraud.
There are three categories of misstatement:
 Factual misstatement – about which there is no doubt.
 Judgemental misstatements – usually regarding estimates where a different judgement would
result in a different figure in financial statements. For example, if the directors judge the useful
life of an asset to be 10 years, but the auditors think it is realistically 5 years, the depreciation
charges in the financial statements will be too low, and profit will be overstated. However, this
might be a matter of judgement rather than fact.
 Projected misstatements – which are the auditors best estimate of misstatements in a
population, involving projections of misstatements spotted in a sample.
The auditor should determine whether uncorrected misstatements are material in total or individually.
All misstatements should be communicated with those charged with governance on a timely basis and
request that they make the necessary adjustments.
7.3 The prevention and detection of fraud and error

Fraud is the intentional misstatement or misappropriation of assets by an individual or group of individuals.
The primary responsibility for prevention and detection of fraud lies with the management of a
company and those charged with governance.
External auditors should plan and perform their audit in consideration of the risks of material
misstatement, whether caused by fraud or error. Their main focus, however, is to ensure that the
financial statements show a true and fair view, NOT the detection of fraud.
However, the external auditor should maintain an attitude of professional scepticism throughout the
audit.
Professional scepticism is an attitude that includes a questioning mind, being alert to conditions which
may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence.
A discussion must be held amongst the engagement team to consider areas in which the financial
statements might be susceptible to material misstatement due to fraud, including how frauds might
occur.
If the external auditor does detect a fraud, he would extend his testing on that area and then
determine the need to modify the auditor’s report.
The auditor also has the option of contacting several parties:
(a) Audit committee – who of course are responsible for maintaining a high standard of
governance. The committee should be able to discuss the situation with the directors and
recommend that they take appropriate action.
(b) Shareholders – if the financial statements do not show a true and fair view then the auditor
needs to report this fact to the members of the company via the auditor’s report. The auditor’s
report will be modified with a qualified or adverse opinion (depending on materiality) and
information concerning the reason for the misstatement given.
(c) Authorities outside the organisation – if the matter is “in the public interest”, then the auditor
could consider breaching his duty of client confidentiality and reporting the matter to the
relevant authority.
7.4 The auditor’s responsibilities to consider laws and regulations

It is the responsibility of management to ensure that the entity’s operations are conducted in
accordance with laws and regulations. This includes responsibility for the prevention and detection of
non-compliance with laws and regulations.
Auditors are not responsible for preventing non-compliance with laws and regulations and cannot be
expected to detect non-compliance with all laws and regulations. Their responsibility is to obtain
reasonable assurance that the financial statements are free from material misstatement as a result of
non-compliance (for example, if non-compliance resulting in an automatic fine has occurred, the
company should account for the liability for the fine).
The auditor’s responsibility differs in relation to the two different categories of laws and regulations
identified below.
 Laws and regulations which have a direct effect on the determination of material amounts and
disclosures in financial statements e.g. tax laws. Here, the auditor is responsible for obtaining
sufficient appropriate audit evidence regarding compliance.
 Laws and regulations which do not have a direct effect on the determination of material amounts
and disclosures in financial statements, but may impact the entity’s ability to continue to trade e.g.
health and safety laws. Here the auditor’s responsibility is limited to specified audit procedures to
help identify non-compliance with those laws and regulations that may have a material effect on the
financial statements. This includes inquiring with management whether the entity is in compliance
with such laws and regulations and inspecting relevant correspondence.
In a similar way to the fraud section earlier, any non-compliance should be reported to the
management or regulatory authorities if the matter is of public interest.
8 Analytical procedures (including data analytics)

KEY TERM
Analytical procedures. The evaluation of financial information in order to spot fluctuations
and relationships that are inconsistent with other relevant information.
This can be done simply by reviewing the client’s draft financial statements to see if they appear in line
with the auditor’s expectations.
Typically, auditors will compare this year’s data against last year’s, against budget or against industry
averages. They would then seek explanation from the client for any unusual trends or fluctuations.
The auditor will generally apply analytical procedures at three distinct stages of the audit:
 Analytical procedures MUST be performed at the planning stage to assess risk and to obtain an
understanding of the entity (a “preliminary analytical review”). For example, an increase in net
profit margins year-on-year highlights the risk that the client may be understating its expenses.
 During the final audit, as a substantive test. Here, the auditor will need to consider a number of
factors such as the reliability of the data, whether internal or external, from which the
expectation of recorded amounts or ratios is developed and the amount of any difference of
recorded amounts from expected values that is acceptable.
 In the overall review at the end of the audit – The auditor should form an overall conclusion as
to whether the financial statements as a whole are consistent with the auditor’s understanding
of the entity.
8.1 Key ratios used in analytical procedures

Some of the more useful ratios to help an auditor analyse financial data include the following.
(a) Profitability
Profit before interest and tax
(i) Return on Capital Employed (ROCE) =
TALCL
Where TALCL = Total Assets Less Current Liabilities

Gross profit
(ii) Gross profit margin = × 100%
Revenue
Profit before interest and tax

(iii) Operating profit margin = × 100%
Revenue
(b) Liquidity
Current assets
(i) Current ratio =
Current liabilities
Current assets – Inventory

(ii) Quick ratio (acid test) =
Current liabilities
Inventories
(iii) Inventory days = × 365 days
Cost of sales
Trade receivables
(iv) Receivables collection period = × 365 days
Credit sales
Trade payables
(v) Payables payment period = × 365 days
Credit purchases
(c) Gearing
Interest bearing debt
(i) Debt/equity =
Capital and reserves
8.1.1 Data analytics

Increasingly businesses are making use of the wide range of data available through use of IT and a
wide range of data sources (eg social media).
Auditors can also make use of such data to provide evidence about assertions in the financial
statements and as part of their analytical procedures.
9 Interim and final audits

Much of the auditor’s work can be done before the client’s year end e.g. the testing of the client’s
controls and substantive testing on significant pre year end transactions. Therefore, to save time
during the main audit after the year end, the auditor will normally conduct an interim audit, prior to
the client’s year end.
The interim audit often focuses on:
 Inherent risk assessment and gaining an understanding of the entity
 Analytical review of the statement of profit or loss e.g. key expense categories
 Tests of control on the company’s internal control system.
One of the main benefits to the auditor of this interim visit is that it can be done in “quiet” periods
when there is little other work on, thus spreading client’s workloads evenly throughout the year.
The final audit will then take place at a convenient time after the client’s year end and tends to focus
on the year end balances.
Typical work carried out at the final audit includes:
 Follow up of items noted at the inventory count.
 Detailed substantive testing, verifying the year end balances.
 Obtaining confirmations from third parties, such as bankers and lawyers.
 Reviews of subsequent events after the reporting period.
 Consideration of the going concern status.
10 Audit documentation
The auditor should prepare, on a timely basis, audit documentation that provides a sufficient and
appropriate record of the basis for the auditor’s report.
10.1 Benefits of documenting audit work

 Provides evidence that the audit was planned and performed in accordance with ISAs. In a
worst case scenario, the auditor will therefore be able to defend themselves against claims of
negligence in court.
 Assists future audit teams to plan and perform future audits.
 Assists in the direction, supervision and review of audit work.
 Useful in training staff (especially if new to the firm).
10.2 Contents of the auditor’s working papers

The following items should be recorded on every working paper prepared by the audit team:
 Name of client and year-end date
 Title identifying the area of the financial statements being audited and the topic area e.g.
receivables circularisation. The working paper should also be given a reference e.g. PPE4 being
the fourth working paper in the audit of property, plant and equipment
 Who performed the audit work and the date such work was completed
 Who reviewed the audit work performed and the date and extent of such review
 A description of the work performed, including the objective of the testing (e.g. to support a
financial statement assertion), samples selected, testing performed, results and conclusion.
It is important that documentation is sufficiently complete and detailed such that an experienced
auditor with no previous connection with the audit could understand the work carried out, and the
conclusions reached by the audit team.
The firm retains this documentation for a period of time sufficient to permit those performing
monitoring procedures to evaluate the firm’s compliance with its system of quality control, or for a
longer period if required by law.
Can you explain the considerations an auditor must have before accepting a new
engagement or continuing an existing one?
Do you know the main elements of quality control on an audit engagement?
Can you describe why auditors must understand the entity and its environment,
the applicable financial reporting framework and the entity’s system of internal
control?
Can you explain each element of the audit risk model and could you identify
specific risks of material misstatement from information about a particular
company?
Can you define materiality and explain how to assess it?
Do you know the different roles external auditors and directors play in relation to
fraud at a company?
Can you explain how auditors might use ratios they have calculated relating to a
client’s financial statements?
Do you know what happens at an interim and a final audit?
Do you know what auditors will document about the audit process, and why?
29
Internal control
1 Introduction
Internal control is the process designed, implemented and maintained by those charged with
governance, management and other personnel to provide reasonable assurance that an entity’s
objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations,
and compliance with applicable laws and regulations will be achieved.
The auditor is interested in internal controls relevant to the preparation of financial statements
primarily, although the entity’s system of internal control will extend more widely than this.
1.1 Internal control components

An Internal control system consists of five elements:
 The control environment –the attitudes, awareness, and actions of those charged with
governance and management concerning the entity’s internal control and its importance in the
entity. The control environment sets the tone of an organisation, influencing the control
consciousness of its people.
 The entity’s risk assessment process relevant to the preparation of financial statements– the
auditor needs to determine whether the entity has a process for identifying and controlling the
risks in the business.
 The entity’s process to monitor the system of internal control– management’s monitoring of
controls includes considering whether they are operating as intended and modified as
appropriate for changes. It also includes consideration of how they adjust for discovered
deficiencies. Internal audit may assist management with this process.
 The information system and communication – understanding how information flows through
the information system, including the financial reporting system and the supporting IT system
and how the entity communicates significant matters relating to its preparation of financial
statements. In addition, evaluating whether the information system and communication
appropriately support the preparation of the financial statements.
30 3: Internal control ACCA AA
 Control activities – policies and procedures that help ensure management objectives are carried out:
– Authorisation and approval - approval of transactions by a suitably responsible official
– Physical (logistical) controls - restricting access to physical assets such as cash or
inventory and accounting records
– Segregation of duties - assignment of roles and responsibilities within a process to
different people, thereby reducing the risk of fraud and error occurring
– Verification controls, for instance, in information processing - arithmetic and accounting
controls such as checking the arithmetical accuracy of accounting records
– Reconciliations - performing account reconciliations or comparing budgets with actuals.
1.1.1 Direct and indirect control activities

Some control activities relate directly to the risks of material misstatement that the auditor is
concerned with. For example, controls over an inventory count directly relate whether that inventory
is complete and accurate in the financial statements. Testing such direct controls will give good
evidence about material misstatements in the financial statements.
Indirect (other) control activities may be less directly connected to the financial statements, for
example, if they simply contribute to operational efficiency or underpin other controls. These will be
less effective in preventing, or detecting and correcting, material misstatements. For example, a sales
manager may regularly review sales reports from a variety of branches for various reasons. This is
related to whether sales are complete in the financial statements, but it does not directly contribute to
ensuring they are, so this is unlikely to be a control an external auditor would test.
1.2 Limitations of internal control

Internal control systems can only give the directors of a company reasonable assurance as to the
achievement of the entity’s financial reporting objectives. This is because, in any system, there will be
inherent limitations:
 The cost of the controls may outweigh the benefits so controls are not implemented
 Many controls only cover routine transactions so non-routine transactions may not be subject
to controls
 Human error is always possible, meaning controls are not implemented properly
 Staff could collude to get round the system, meaning controls could be bypassed in secret
 Management override of controls may be possible, meaning controls could be bypassed
2 The use of internal control systems by auditors

An understanding of internal control will help the auditor identify types of potential misstatements,
consider factors that affect the risks of material misstatement, and design the nature, timing, and
extent of further audit procedures.
Auditors are interested in internal controls, as a strong internal control system will provide them with
greater assurance as to the truth and fairness of the financial statements.
ACCA AA 3: Internal control 31
Auditor documents and assesses

likely effectiveness of client’s
internal controls
Controls appear to be effective Controls do not appear to be effective
Auditor performs tests of control to

confirm that controls are operating
effectively
Controls are Controls are Report to

operating not operating management
effectively effectively
Auditor can reduce level of Full substantive

substantive testing on year end testing on year end
balances (Ch 4) balances (Ch 4)
Note that this might be considered at an assertion level as well as at the financial statement level – so
for example, the auditors might assess the controls associated with the valuation of debts (credit
controls) and reduce substantive testing in that area.
2.1 Explain how auditors record internal control systems

There are three methods commonly used to record a client's internal control system.
2.1.1 Narrative notes

Written, or word-processed, description of the system.
Advantages Disadvantages
Simple and quick to record Can be cumbersome, especially if the system is
complex
Easy to understand for all of the audit team Can make it more difficult to identify missing
(including juniors) internal controls as the notes record the detail but
do not identify control exceptions clearly
2.1.2 Flowcharts
Diagrammatic representations of the system, usually broken down into separate activities.
Easier to identify missing internal controls Can be time-consuming to prepare
This visual aid can make it easier to record complex Needs a little training to prepare and understand
systems
2.1.3 Questionnaires
Internal control questionnaires are used to assess whether controls exist which meet specific
objectives to prevent or detect errors.
The audit firm will have a standard list of control questions.
Quick to prepare, which means they are a cost Company could easily overstate the level of controls
effective way of recording the system present
All controls in the system are considered and Needs to be tailored for each client otherwise
recorded; hence missing controls are clearly unusual controls may be missed
highlighted
Simple to complete – any member of the team can
complete them
2.2 Walkthrough tests

Once the auditor has documented the client’s internal control system, he will perform a walkthrough
test. The auditor performs this test by following one transaction through each stage of the accounting
process to ensure that the systems and controls operate as documented.
Note this is NOT a test of control (ie that controls are operating properly), it is a test to confirm that
system matches what the auditor has been told (ie that controls which have been described appear to
exist).
3 Transaction cycles
The ACCA has specifically identified the following transaction cycles and account balances as being
relevant to this section:
 Sales
 Purchases
 Inventory
 Non-current assets
 Payroll
 Bank and cash
Essentially, what this means is that you are likely to be given a scenario in a question based upon a
company and how it controls that particular part of the business. Your task will often be to identify the
deficiencies in that process and to make recommendations on improvements.
Sales
A company’s sales system is designed to record all of a company’s sales and ensure that all sales lead
to an eventual receipt of cash. Typical stages in such a system are as follows.
Risk Objective of control Control procedure
Stage 1: Receipt of customer order
There is a risk To ensure that sales are 1. All orders taken should be recorded on a pre-
that customer properly accounted for. numbered multi-part document generated by the
orders are not computer. One part could form the invoice and one
received or could go to the despatch department.
properly 2. Regular checks should be performed on the
recorded. completeness of the sequence of pre-numbered
Therefore, sales documents. Any documents unaccounted for should
are understated. be traced and investigated.
There is a risk To ensure that goods are sold Credit limits should be checked. Any orders that
that customers on credit only to customers exceed customer credit limits should be rejected and
are unable to pay. who can pay. the customer advised. Any increase or override of
credit limits should be authorised by the credit
controller.
There is a risk To ensure that inventory is The availability of inventory should be checked so that
that orders are available for despatch. orders cannot be taken for goods with nil/low
accepted from inventory.
customers and no
inventory is
available for
despatch.
Stage 2: Despatch of customer order
There is a risk To ensure that the goods 1. All goods despatched should be accompanied by a
that goods despatched are those that are Goods Despatch Note (GDN).
despatched are ordered. 2. The GDN should be matched to the original
not the “correct” customer order.
goods ordered by
the customer.
There is a risk To ensure that the goods 1. A quality control check should be performed on a
that the goods despatched are of a random sample of despatches, checking for correct
despatched are of satisfactory quality. quality and quantities.
a poor quality. 2. The customer should sign and return the GDN as
acceptance of the goods.
Stage 3: Invoicing of customer order
There is a risk To ensure that invoices are The sales invoice should be raised from/matched to
that customers raised correctly. the GDN.
are not invoiced
or invoiced
incorrectly.

There is a risk To ensure that all invoices are 1. All sales invoices should be prenumbered.
that sales invoices properly included. 2. All invoices should be posted to the sales day book,
are not recorded the accounts receivable ledger and the accounts
in the ledgers at receivable control account.
all. 3. Regular checks should be performed on the
completeness of the sequence of pre-numbered
invoices. Any documents unaccounted for should be
traced and investigated.
There is a risk To ensure that all items are The receivables ledger and the receivables control
that some items correctly and accurately account should be reconciled each month. This
are not posted, or recorded. reconciliation should be reviewed and any differences
are posted should be investigated and resolved.
incorrectly to the
ledgers.
Stage 4: Collection of cash
There is a risk To ensure that customers pay A credit control department should ensure that all
that customers on a timely basis. debts are paid promptly by sending out regular
do not pay or pay statements and chasing overdue debts.
late.
There is a risk To ensure that funds received When bank transfers are received from customers,
that funds from customers are correctly they should be matched with individual transactions.
received from allocated.
customers are
incorrectly
allocated.
There is a risk To ensure that cheques and 1. There should be segregation of duties in the post
that cash do not go missing. room so that cheques received cannot be stolen.
cash/cheques 2. All cheques should be recorded and banked
sent through the promptly.
post go missing. 3. A bank reconciliation should be performed on a
monthly basis in order to ensure that the company’s
cash records are complete, accurate and up to date.
Purchases
Stage 1: Purchase order raised
There is a risk To ensure that goods ordered 1 Purchase orders (PO’s) should be sequentially
that goods are are properly authorised. numbered and the sequence checked regularly.
ordered without 2 All PO’s must be authorised by a responsible official.
proper
authorisation.
There is a risk To ensure that goods are 1 Only authorised suppliers are used from a preferred
that goods are ordered from authorised supplier list.
ordered from an suppliers. 2 If there is no authorised supplier, a tender should be
unauthorised invited and the best value supplier selected.
source.
Stage 2 : Receipt of goods

There is a risk To ensure that the goods 1 All goods received should be checked for quality and
that the supplier received are as ordered in quantity.
sends goods that terms of quantity and quality. 2 A prenumbered Goods Received Note (GRN) should
are incorrect or be raised and matched to PO.
substandard.
There is a risk To ensure that goods received 1. The inventory system should be updated if the
that goods are added to inventory. goods are for resale. If the items are for business use,
received are not the correct entry should be made to non-current
added to assets etc.
inventory. 2. GRN should be initialled to show inventory
updated.
Stage 3 : Receipt of purchase invoice
There is a risk To ensure that the correct 1. All invoices received should be checked back to PO
that suppliers product, quantities and prices and GRN.
invoice for the are invoiced.
incorrect product,
quantity or price.
There is a risk To ensure that invoices are 1. Invoices should be added to the purchase day book.
that invoices are included in the accounts. 2. Purchase day book should be posted to the nominal
not included in ledger/ purchase ledger.
the accounts. 3. Supplier statements should be reconciled back to
the purchase ledger.
Stage 4 : Payment of purchase invoice
There is a risk To ensure that payments are 1. All payments, whether cheque or bank transfer,
that payments made to the correct suppliers should be authorised by a responsible official and
are made to the and for the correct amounts. counter signed over a certain amount.
incorrect supplier, 2. All paid invoices should be stamped “Paid”.
for the incorrect 3. The purchase ledger should be updated
amount. promptly/automatically.
4. Purchase ledger should be reconciled to the
nominal ledger monthly.
Inventory
Of course, there is a direct link between the controls surrounding inventory and purchases, given the
accounting entries for a purchase.
As well as those controls outlined in the purchases section above, the following controls are also
relevant.
There is a risk To ensure that inventory is 1. There should be appropriate physical security.
that inventory stored securely. E.g.locks/cameras.
could be stolen. 2. There should be regular manual physical checks to
make sure that actual numbers agree to stock
records.
There is a risk To ensure that inventory is 1. There should be a regular review of stock listing to
that inventory current and saleable. monitor slow moving items.
could be obsolete 2. There should be regular reviews of the physical
or slow moving. stock to check for damage.

There is a risk To ensure that inventory does There should be a regular review of re-order levels.
that inventory not run out.
may run out.
In addition, controls over the inventory count discussed in Chapter 4 of these notes should be
followed.
Payroll
There is a risk To ensure that only bona fide All new employees entered onto or leavers removed
that non bona employees are paid. from the payroll system should be authorised by a
fide employees responsible official. There should be segregation of
are paid. duties between the human resources and payroll
functions.
There is a risk To ensure that employees are 1. Time sheets should be reviewed for all employees.
that employees paid the correct amount. 2. Over time / bonuses should be properly authorised
are paid incorrect by an appropriate manager.
amounts. 3. Changes in pay rates should be properly
documented.
4. The monthly payroll should be reviewed for
reasonableness by an appropriate manager.
5. Exception reports should be generated and
reviewed for pay over a certain threshold.
There is a risk To ensure that tax and NI are 1. Tax and NI should be calculated by a trained
that tax and NI correctly calculated. official.
are incorrectly 2. Software used should be updated regularly to
calculated. account for changes in legislation.
There is a risk To ensure that wages paid in 1. There should be adequate security available.
that wages paid cash are properly secure. 2. Staff must sign to confirm receipt of cash wages.
in cash may be 3. Only pay staff directly into their bank accounts
stolen.
Bank and cash

Many of the controls surrounding receipt and payment of cash have already been listed above. Additional
risks and controls include the following.

There is a risk that To ensure that petty cash is 1. There should be appropriate security for petty cash.
cash kept on the kept securely. E.g. locked drawer/safe.
premises could go 2. There should be an imprest system that is regularly
missing. checked.
There is a risk that To ensure there is proper Expenditure should be appropriately authorised.
petty cash is spent control of petty cash.
inappropriately.
There is a risk that To ensure that payments are There should be at least two persons that sign
cheques are paid to only made to authorised cheques. Cheques should be kept in a secure location.
unauthorised persons.
persons.

There is a risk that To ensure that all receipts A bank reconciliation should be performed at least
receipts go missing are banked and all payments once per month. This reconciliation should be
or payments are are made to bona fide reviewed and authorised.
made to persons.
unauthorised
persons.
4 IT controls
4.1 Information processing controls
These are manual or automated procedures that operate “within” a computer system. They can be
preventative or detective in nature and aim to ensure that the transactions that are input, processed
or output recorded are complete, accurate and valid.
Examples include:
 Mandatory input fields for websites e.g. postcode required
 Checking the arithmetical accuracy of records
 Range/limit checks e.g. a check on whether a customer has exceeded their credit limit
 Edit checks of input data e.g. checking whether a customer code is input in the correct format
 Numerical sequence checks
4.2 General IT controls

These include controls such as virus protection, regular backups and operating logs. They also include
the acquisition and maintenance of new hardware and software, as well as password controls.
5 Tests of control versus substantive procedures

5.1 Tests of control
Tests of control evaluate the operating effectiveness of controls in preventing, or detecting and
correcting material misstatements.
For example, the auditor may be told that all purchase orders are authorised by a responsible official.
The auditor would then test this control by selecting a sample of purchase orders and inspecting them
for evidence of appropriate authorisation.
If the internal controls are strong, the auditor can perform reduced substantive testing and more tests
of control (because control risk is lower, so there is a reduced chance that errors exist in the financial
statements).
By testing the client’s controls, the auditor can also “add value” to the client, by making
recommendations of ways to improve their controls.
5.2 Substantive tests

The aim of a substantive procedure is to ensure that there are no material misstatements at the
assertion level in the client’s financial statements (see Chapter 4 for more detail).
5.3 Deficiencies in internal control systems

(a) A deficiency exists when:
(i) A control is designed, implemented or operated in such a way that it is unable to prevent,
or detect and correct, misstatements in the financial statements on a timely basis; or
(ii) A control necessary to prevent, or detect and correct, misstatements in the financial
statements on a timely basis is missing.
(b) A significant deficiency is one that, in the auditor’s opinion, is of sufficient importance to merit
the attention of those charged with governance. This is a good way of “adding value” to the
client.
In order to determine whether a deficiency is “significant” or not, the auditor should consider:
 The likelihood of the deficiency leading to a material misstatement in the financial statements
 The susceptibility of the related asset to loss or fraud
 The cause and frequency of the exceptions detected as a result of the deficiencies in the
controls
 The volume of activity that has occurred or could occur in the account balance exposed to the
deficiency
The auditor shall communicate in writing significant deficiencies in internal control identified during
the audit to those charged with governance on a timely basis.
5.4 Reports to management

The communication of significant deficiencies in internal control is performed by the auditor writing a
“report to management” to the client. This document highlights any deficiencies identified in the
client’s internal control system, explains their potential effect and makes recommendations on what
the client should do to overcome those deficiencies.
EXAM FOCUS POINT

This is a VERY popular exam question and one that you must practise. It is particularly
important when describing a deficiency to EXPLAIN what the implication for the business is.
For example, not using authorised suppliers could result in the business paying more, getting
poor quality supply, having to pay its debts quicker, missing out on discounts available from
other suppliers, supply taking longer, fraud being carried out…these are the issues the
control of having authorised suppliers is designed to prevent. When you identify a
deficiency, ask yourself, ‘what bad impact will this have?’ Make sure you communicate this
to the examiner.
The recommendations are normally communicated to ‘those charged with governance’ – i.e. the board
of directors or Audit Committee (if one exists) at the end of the audit and a response sought.
In the covering letter, the auditor would typically include a statement that the report is not a
comprehensive list of deficiencies, but only those “significant” items that have come to light during
normal audit procedures.
In addition, a request should be made that no disclosure of the items mentioned in the report should
be made to a third party without the written agreement of the auditor
ILLUSTRATION
Deficiency Consequence (“could”) Recommendation (“should”)

Purchases
No authorisation of purchase Purchases for personal use could Purchasing procedures should be
orders is made for goods of less be made. updated such that all purchase orders
than $1,000. Also, even if the goods were for are authorised by a responsible official.
business use, the company may These purchase orders should be
not be using authorised sequentially numbered and reviewed
suppliers, who have been chosen periodically to ensure that any missing
because of their quality and price orders can be investigated.
guarantees.
Sales
Customers can input orders Goods could be sent out to The online ordering system should be
online without a check being customers who do not have the updated so that an automated credit
performed on their credit limit. ability to pay for them. limit check is performed before the
order is accepted. Orders exceeding
customer credit limits should be
rejected by the system.
Post
A junior clerk opens the post This could result in payments to A second member of the accounts
unsupervised. the company being team should assist with the mail: one
misappropriated. should open the post and the second
should record cash received in a log.
EXAM SMART
Be very careful with the way you word you answer to these questions. You need to make
sure you are not too brief and that you give enough detail in your recommendation to show
the examiner you understand the implications and what exactly you are telling a client to do
to put it right. For example, the following points would NOT earn credit.
Deficiency Consequence (“could”) Recommendation (“should”)
Post
Opened unsupervised Money will be stolen Segregation of duties
6 Internal audit and governance and the differences between external

audit and internal audit
The role of internal audit is wide-ranging, but often focuses on the accounting and internal control
systems of a company, in a bid to improve the management of that company and to help the company
achieve its corporate objectives. Internal audit can be seen as part of the company’s internal control
system as a result.
For example, the work of the internal auditors may lead to a reduction in inefficiencies and errors and
a reduction in costs.
The internal audit function is normally performed by employees of the entity. Therefore, to
demonstrate their “independence”, they usually present their reports directly to the audit committee.
This function could alternatively be outsourced to an external company (see later).
Ideally, the internal audit function should be staffed with qualified, experienced staff, whose
appointment and remuneration is controlled by an audit committee, staffed by non-executive
directors (as discussed in Chapter 1).
6.1 Discuss the factors to be taken into account when assessing the need
for internal audit
Although not required by law, the internal audit function demonstrates management’s commitment to
good internal controls and is part of the control environment.
The decision as to whether to employ an internal audit function will be influenced by:
 The size and complexity of the company
 The scale and diversity of activities
 Cost / benefit considerations
 The desire of management to have assurance and advice on risks and controls
6.2 Discuss the elements of best practice in the structure and operations of
internal audit
The UK Corporate Governance Code does not require companies to have an internal audit
department. However, where the company does not have an internal audit department, the Code
requires the audit committee to consider annually whether one is needed make a recommendation to
the board. It also requires the company to disclose its reasons for not having an internal audit
department in its annual report.
If a company has an internal audit department, as noted above, the audit committee is responsible for
monitoring and reviewing internal audit activities.
Internal auditors are not subject to the same qualification requirements as external auditors. However,
they may be ACCA qualified, or members of other relevant professional bodies, such as the Institute of
Internal Auditors (IIA).
6.3 Compare and contrast the role of external and internal audit
External auditor Internal auditor
Objectives
To form an opinion on whether a set of accounts To improve a company’s operations, in terms of
are “true and fair” efficiency and effectiveness of their internal controls
Standards
Must follow International Standards on Auditing (ISAs) Can choose to use the guidelines of the Institute of
Internal Auditors (IIA).
Report to
Shareholders via the auditor’s report Board of Directors or audit committee
Status
Independent “Independent” (in terms of being objective) but this
can be restricted as often an employee of company
(although function can be outsourced)
Qualification
Qualified Accountant and a member of a No formal qualifications required (but many are
Recognised Supervisory Body qualified accountants or members of the IIA).
7 The scope of the internal audit function, outsourcing and internal

audit assignments
Internal audit staff can be asked to carry out a variety of tasks, including:
 Reviewing the internal controls of the business
 Reviewing the accounting systems of the business
 Reviewing the key risk areas of the business, including fraud
 Preparing schedules for the external auditors
7.1 Limitations of an internal audit function

One of the biggest problems faced by internal auditors is that one of their key duties is to form an
objective, “independent” opinion on company matters, despite the fact that they are employees.
Another possible problem occurs when there are insufficient resources to form an effective IA
function.
If internal auditors identify errors or fraud, they may be unwilling to disclose it to the Board of
Directors for fear of possible repercussions (e.g. a fellow employee losing their job).
To mitigate some of these problems, IA normally report their findings to the audit committee, who
themselves take a more objective view of the company than the executive directors may.
7.2 Outsourcing
Outsourcing is the contracting-out of a business process to a third party. Outsourcing internal audit
can overcome some of the limitations caused by insufficient resources outlined above.
7.3 Explain the advantages and disadvantages of outsourcing the internal

audit department
More “independent” since they will not be Lack of client-specific knowledge
employees
External accountants are likely to have a pool of Loss of internal audit as a training ground for new
qualified accountants available, many with industry managers of the business
experience
Using experienced auditors should increase the Possible loss of control over how and when the work
reliability of their findings is performed
Should be cheaper than having a full-time presence Possible self-review threat if the external auditors
– no need to recruit staff for the IA department, no are being used
“down time” for underutilised staff and less training
costs
Quicker set up time Potential confidentiality issues
The first disadvantage listed above could be reduced by using the same firm of accountants who
perform the external audit work to do the internal audit work as well, as long as separate audit teams
were maintained.
7.4 Discuss the nature and purpose of internal audit assignments

7.4.1 Value For Money (VFM)
A value for money audit is concerned with obtaining the best possible combination of services for the
least resources. It is therefore the pursuit of ‘Economy’, ‘Efficiency’ and ‘Effectiveness’ – sometimes
referred to as the three ‘Es’:
 Economy relates to least cost. The systems in an organisation should operate at a minimum
cost associated with an acceptable level of risk.
 Efficiency relates to the best use of resources. The goals and objectives of an organisation
should be accomplished accurately and on a timely basis with the least use of resources.
 Effectiveness provides assurance that organisational objectives will be achieved.
7.4.2 IT
An IT audit would ensure that the organisation is controlling the key risks surrounding its hardware,
software, internet, and the overall IT environment.
7.4.3 Financial
This is the most traditional part of internal audit work, involving the review of the management
accounts and the systems that produce those accounts to ensure the business is meeting its financial
targets.
It is this area of work that external auditors are most likely to want to rely on in order to reduce their
own work. Some of this work would be similar to that of the external auditor e.g. analytical review and
detailed substantive testing.
7.4.4 Regulatory compliance

A regulatory compliance audit would ensure that the organisation is meeting the key legal
requirements that it needs to, or specific legal requirements relating to the industry (for example, food
hygiene laws in the food industry).
7.4.5 Fraud investigations

Internal audit are employed to review the internal controls of a company so they could be asked to
review the company’s systems to ensure a fraud is not taking place. Internal audit testing is likely to
use lower materiality levels than external audit so would be more likely to detect smaller frauds.
The internal audit team might also be asked to investigate suspected fraud at an entity.
7.4.6 Customer experience

A customer experience audit helps the company to see itself from its customers’ point of view and
hence ensure that it is meeting customer needs and promoting itself as a company that third parties
want to trade with. It might include obtaining customer feedback and analysing it.
7.5 Discuss the nature and purpose of operational internal audit

assignments
An “operational” IA assignment simply reviews the operations of a business, and so gives management
assurance on the effectiveness of operations. An example is a procurement audit, see below.
7.5.1 Procurement audit

Procurement (or “purchasing”) involves obtaining goods and services from outside suppliers at the
right price.
The key risks for the business include making fraudulent payments made to non-existent suppliers,
making inaccurate or late payments and not getting the best price from suppliers. As there are risks of
the company losing money associated with procurement, it is likely to be an area that companies
would want internal audit to focus on.
7.6 Describe the format and content of audit review reports and make
appropriate recommendations to management and those charged with
governance
The internal audit department can produce a similar report to the report to management of external
auditors discussed above.
The format will depend on the task being performed but the main elements common to most reports
are:
 Addressee – normally the audit committee or Board of Directors
 Terms of reference – summarising who requested the report and what the purpose of the
report is
 Executive Summary – a summary of the key findings
Detailed report – including the weaknesses found and recommendations made, together with a
schedule of follow-up procedures.
Can you explain what an internal control system is and the individual elements of
such a system?
Do you know why auditors are interested in the internal control system of an
entity?
Can you describe three ways an external auditor might record a client system?
Can you distinguish between a walkthrough test and a test of controls?
Can you give examples of the main controls you would expect to see in the key
transaction cycles of a business and explain what risks they are mitigating?
Do you understand the two types of controls associated with IT systems?


Can you explain why auditors make an assessment relating to an entity’s internal
controls and what impact that assessment could have on the auditor’s approach
to audit testing?
Do you understand what causes a deficiency in internal controls to be a significant

deficiency, and the implications for the auditor of that?
Can you identify and explain the implications of deficiencies in internal control,
and make recommendations to improve specific controls at an entity?
Do you understand the difference between internal and external auditors,

including the different types of engagement each carry out?
45
Audit evidence
1 The use of assertions by auditors

Auditors obtain audit evidence by performing audit procedures. There are three types of procedure:
 Risk assessment procedures – Procedures to obtain an understanding of the entity and its
environment, including its internal control, to assess risks of material misstatement at the
financial statement and assertion levels (covered in Chapter 2)
 Tests of controls – Procedures to test the operating effectiveness of controls in preventing, or
detecting and correcting, material misstatements at the assertion level (covered in Chapter 3)
 Substantive procedures – Procedures to detect material misstatements in account balances and
disclosures (covered in this chapter)
When performing substantive procedures, the auditor needs to gather evidence that proves various
assertions relating to the account balance being tested. In auditing, an assertion is the same as it is in
common English usage – a statement being made by someone which they claim or believe is true. In
the financial statements, the directors are asserting that, for example, the company actually owns
assets which are included in the financial statements.
EXAM FOCUS POINT

When you are asked to suggest substantive procedures (a common question in the exam)
you need to think of yourself as a detective. You need to show the examiner that you
understand what you are trying to prove (which will be one of the assertions we are about to
learn) and what you will do (ie look at, match up, calculate, ask etc) to prove it.
46 4: Assertions and audit evidence ACCA AA
1.1 Financial statement assertions

Account balances and disclosures Implication Example procedure to prove
Existence: assets, liabilities and …the accounts staff can take an ….auditor can go and look at a
equity interests exist. auditor and show them the asset machine listed in the asset
register (and confirm it is the
right machine by looking at its
serial number)
Rights and obligations: the entity …the accounts staff can show the …the auditor can look at the
holds or controls the rights to assets auditor legal documentation document and confirm the
and liabilities are the obligations of showing the asset belongs to the legal title (eg property has
the entity. company title deeds, debt has loan
contract)
Completeness: all assets, liabilities …the auditor should not be able to …the auditor can look at
and equity interests that should have pick out any invoice and find it not payments made within the
been recorded have been recorded, reflected in the books of the credit period of the company’s
and disclosures that should have company suppliers after the yearend
been included have been included. and trace these payments
back to an invoice booked
prior to the year-end.
Note: completeness is a risk
area for auditors using
company records, as the
company could conceal
information hence auditors
will be looking for
corroboration from
alternative sources if possible.
However, the example above
is useful, as a company might
hide a purchase invoice to
understate payables, but will
still have to pay the supplier
to ensure continued supply…
Valuation: assets, liabilities and …accounts staff have recognised …the auditor should be able to
equity interests have been included value in accordance with confirm the cost of an item to
at an appropriate value. accounting standards and business its purchase invoice. For
events revalued assets, the auditor
should be able to look at a
formal valuation document, or
compare to third party
information such as market
prices, eg for property. For
impaired items, auditors
should be able to verify
documents or events which
confirm the impairment, for
example, sales invoices for
inventory after the year end
proving inventory is being sold
lower than cost.
ACCA AA 4: Assertions and audit evidence 47
Account balances and disclosures Implication Example procedure to prove

Classification: assets, liabilities, and …accounts staff have correctly …auditors can use their own
equity interests have been recorded classified long term assets as non- knowledge about assets (for
in the proper accounts. current and short term assets as example, is it being used in
current assets the business or going to be
sold in course of business) or
look at legal documentation
related to the particular asset.
Presentation: assets, liabilities, and …the person who has prepared the …the auditor can review the
equity interests are appropriately financial statements has complied financial statements and
aggregated or disaggregated. with the presentation confirm that presentation and
Disclosures are understandable and requirements of IASBs and law. disclosures look appropriate in
in line with IFRS requirements. the context of their
professional understanding
and their knowledge of this
business.
If you are designing substantive procedures about statement of financial position items (balances)
you should:
1. Identify whether the question STATES which assertion you are trying to prove and if so, state
and explain tests which prove THAT assertion
2. If not, ensure that you suggest procedures which address each of these assertions,
remembering that some procedures address several assertions at once, and explain what you
are proving with your actions.
EXAM FOCUS POINT

You could try and remember ‘balances = VERP2C’ (valuation, existence, rights/obligations,
presentation, completeness and classification) to help you to design focused procedures.
Class of transactions and events and Implication Example procedure to prove

related disclosure
Occurrence: Transactions that have …accounts staff should be able to …auditors can look at the
been recorded/disclosed happened point auditors to relevant relevant document (eg sales
and relate to the entity. documents to prove transactions invoice and related customer
were made by the company etc order) to confirm the
transaction occurred. Further
weight is given to this
evidence when the customer
pays the related invoice, as
this is persuasive third party
evidence that the transaction
occurred (customers don’t pay
for nothing!)
Completeness: all transactions, …auditors should not find …auditors will be alert to such
events and disclosures that should references in company records (eg indicators when reviewing
have been recorded have been board minutes) or external records company information and
recorded (eg press) suggesting the existence third party information to any
of items which should be in the suggestion of exclusions.
financial statements
Class of transactions and events and Implication Example procedure to prove

related disclosure
Accuracy: amounts and other data …accounts staff should be able to …auditors should be able to
relating to recorded transactions and justify amounts/disclosures with examine available evidence
amounts have been recorded reference to evidence. (eg invoices, letters from
appropriately and accurately banks or solicitors) which
described. corroborates the accuracy of
such information.
Cut-off: transactions and events have …invoices are only posted when …auditors can match goods
been recorded in the correct goods have left the premises. despatch notes with invoices
accounting period. to ensure that sales are
posted in the correct period.
Classification: transactions and …this could be matters such as …auditors can scrutinise
events have been classified in the distinguishing between records to ensure that
proper accounts. administrative payroll expenses classifications appear correct.
and direct sales related payroll.
Presentation: transactions are …for example, if a company acts as …auditors can scrutinise
appropriately aggregated or a middle man, it still shows the records/financial statements
disaggregated. Disclosures are sales and purchases in its financial to ensure that presentation
understandable and in line with IFRS statement, rather than only appears correct.
requirements. accounting for a commission
amount (say – depending on the
exact nature of the transactions).
If asked to suggest procedures relating to transactions (eg sales), follow the same process as above:
1. Note whether the question identifies the assertion you are trying to prove, and if so, design
appropriate procedures
2. If it does not, ensure you cover all the relevant assertions with your procedures.
EXAM FOCUS POINT

You could try and remember ‘transactions = COCCAP’ (completeness, occurrence,
classification, cut-off, accuracy and presentation) to help you to design focused procedures.
2 Audit procedures
2.1 Discuss the quality and quantity of audit evidence
The auditor must design and perform procedures to obtain evidence that is sufficient and appropriate
in order to obtain a reasonable level of assurance and form an opinion on the financial statements.
Sufficiency relates to the quantity of evidence obtained. The following factors have an impact on the
amount of the evidence that needs to be gathered:
 The auditor’s previous experience of the client
 Risky areas will require more evidence than less risky areas
 Similarly, material areas will require more evidence
 Areas requiring judgement will require more evidence
 The quality of the evidence obtained
Appropriateness relates to the quality of evidence that needs to be collected during an audit. Audit
evidence must be relevant and reliable in order to support the auditor’s opinion.
There are several different techniques that the auditor can use to gather evidence:
 Analytical procedures – evaluation of financial information by studying possible relationships
among financial and non-financial data
 Enquiry – ask a relevant person for information
 Inspection – of a record or document such as an invoice
 Observation – of a process or procedure performed by the client such as an inventory count
 Recalculation – check the mathematical accuracy of a document
 Confirmation – obtaining a representation from a third party
 Reperformance – of a key procedure by the auditor to satisfy himself that the client has done it
properly.
2.2 Relevance and reliability of audit evidence

Audit evidence is relevant if it supports the purpose of the audit procedure.
When performing substantive procedures, audit evidence is relevant if it supports the financial
statement assertion that is being tested. For example, the physical inspection of the condition of a
tangible non-current asset would provide relevant evidence to support the assertions of existence and
valuation, because the auditor can see that it exists and can see if it is damaged in such a way that
would affect its value. However, it would not provide relevant evidence to support the assertion of
rights and obligations as the asset may not belong to the company. The auditor would have to inspect
legal documentation to prove ownership, such as a purchase invoice or legal document of title.
When testing controls, audit evidence is relevant if it confirms that a control exists and is operating
effectively.
There are three basic sources of audit evidence:
 Auditor-generated e.g. reperformance of a calculation
 Third party e.g. purchase invoice, bank statement
 Client generated e.g. non-current asset register, payroll report
The reliability of the evidence may be a matter of judgement for the auditor. There are some basic
rules:
 Original documents are more reliable than photocopies
 Third party evidence is more reliable than client-generated
 Written evidence is more reliable than oral
 Audit evidence obtained directly by the auditor (for example, observation of the application of a
control) is more reliable than audit evidence obtained indirectly or by inference (for example,
inquiry about the application of a control).
2.3 The use of analytical procedures as substantive procedures

As mentioned in Chapter 2, “analytical procedures” are used to spot fluctuations and relationships that
are inconsistent with other relevant information. This can be done simply by reviewing the client’s
draft financial statements to see if they appear in line with the auditor’s expectations.
By looking at the reasonableness of a balance, the auditor can save time and effort by not having to
test the detail underlying the account balance. For example, a client has a holiday pay accrual this year
of $2,000 relating to its 10 staff. Last year, the accrual was $1,000 relating to its five staff (the company
has grown during the year). Analytical review of this accrual suggests it is “reasonable” and may not
need further testing if we were satisfied with the process used to produce the accrual last year.
Typically, auditors will compare this year’s data against last year’s, against budget or against industry
averages.
2.4 Accounting estimates

The auditor should obtain sufficient appropriate audit evidence regarding accounting estimates. An
“accounting estimate” is an approximation of the amount of an item in the absence of a precise means
of measurement. Examples include:
 Inventory allowances
 Doubtful debt allowances
 Useful economic lives of non-current assets
 Provision for a loss from a lawsuit
 Provision to meet warranty claims
The original estimates mentioned above will have been made by the directors of the entity and so an
element of bias is possible or even likely.
Common audit procedures used to test estimates include:
 Review the process used by management to develop the estimate for reasonableness (for
example, have they referred to demonstrable evidence, for example, the expected life of a
license granted for five years is five years, or have they simply guessed?)
 Perform analytical procedures on the estimate year on year and budget against actual and
discuss any variations with management (note this is only relevant if the estimate is a recurring
estimate, so will not be valid for one-off lawsuits for example!)
 Use an independent expert to make an estimate for comparison. (Third party evidence so very
strong, but the independent expert should be considering the same facts as the management.)
 Review the accuracy of prior years’ estimates compared to the final actual results. (If
management have a history of making accurate budgets this will suggest they are likely to
again.)
 Review subsequent events for events that help to confirm the accuracy of the estimate (for
example, if management predict they will have to pay $100,000 to settle a law case but the
solicitors write to them in the audit period saying it is likely to be $250,000, this is in doubt).
 Obtain sufficient appropriate audit evidence about whether the disclosures in the financial
statements related to accounting estimates are reasonable. (By reviewing the financial
statements in the light of the auditor’s understanding of disclosure requirements.)
3 The audit of specific items

EXAM SMART
You are very likely to be asked to “describe audit procedures” for a particular item in the
financial statements in the exam. This is a VITAL skill.
Describe means:
 State what you will actually do (eg look at, match, ask…)
 Explain why (ie outline the assertion being proved)
The idea is that once the auditor has concluded the assertions relating to the item are valid,
then he is satisfied that that balance is “true and fair”.
It is worth remembering that existence is important when auditing assets (as companies
might OVERSTATE assets by claiming assets exist which don’t) and completeness is
important when auditing liabilities (as companies might UNDERSTATE liabilities by not
including all purchase invoices in the accounts) to make the overall SOFP look better.
However, you should still attempt to address all relevant assertions to show the examiner
you understand what you are trying to prove about the balances.
For each of the following account balances, you may be required to explain the substantive procedures
used in auditing each balance and the purpose of those procedures in relation to financial statement
assertions:
 Receivables
 Inventory
 Payables, accruals, provisions and contingencies
 Bank and cash
 Tangible and intangible non-current assets
 Share capital, reserves and directors’ emoluments
You may also get questions on procedures relating to transactions (eg revenue/purchases) or events
(eg disclosure of non-adjusting subsequent events).
3.1 Trade receivables

Testing on receivables tends to focus on:
 Existence and valuation – This covers the recoverability of the debt. If the customer disputes
the debt is valid (ie it doesn’t exist) or is unable to pay some or all of the debt (ie it is
overvalued), it needs to be provided for or even written off.
 Cut-off – Given that the other side of the accounting for a receivable is to revenue, companies
may be tempted to “squeeze in” a few more sales into this year’s financial statements, even if
the sale actually took place next year. Cut-off testing will ensure that only sales relevant to this
year’s financial statements are included, by scrutinising goods despatched notes prior to the
year end and matching this with invoices (as revenue is only valid if the performance obligation,
ie transferring the good, has taken place).
Receivables circularisation
The most common procedure used to confirm assertions relating to receivables is the direct
confirmation (or “circularisation”). This involves writing to a sample of customers on the year end
trade receivables listing and asking them to confirm whether they agree that the debt is correctly
stated.
This “positive” circularisation (which includes the expected balance) is a useful substantive audit
procedure because it helps to confirm four key assertions:
 Existence – confirmed by the receivable acknowledging the debt is valid.
 Rights and obligations – the receivable confirms that the amount is owed to the company by
replying to the confirmation.
 Valuation – the receivable will dispute any amounts that do not relate to that account or that
they have requested credit for.
 Cut-off – the circularisation will help identify reconciling items such as sales invoices/cash in
transit. These should be verified to initial documents (such as goods despatched notes) to
ensure items are recorded in the appropriate period (debt is not reduced on the company books
until the company RECEIVES cash payments, for instance).
Procedure
The steps to follow here are:
 Obtain the listing of the year end trade receivables from the client:
Company X – Receivables Ledger
31/12/20X1
Customer Total 30 days 60 days 90 days > 90 days
$ $ $ $ $
A 500 400 100
B 1,870 1,870
C 5,250 5,250
D 11,125 8,400 2,650 75
E 3,060 2,400 540 120
Total 21,805 16,450 3,290 120 1,945
 Cast the listing and reconcile the total of this listing to the nominal ledger.
 Review the listing for any unusual items, for example, a negative amount might suggest
payables and receivables have been wrongly netted off - classification.
 Select a sample of customers to circularise, paying particular attention to material or overdue
amounts.
 The circularisation letter should be on the client’s paper, with a copy of the current statement
attached. It should request that the reply be sent direct to the auditor.
 If no reply has been received after a reasonable period, the auditor should telephone the
customer.
 If the customer still doesn’t reply, alternative procedures will be needed e.g. check to see if any
of the invoices on the listing have been paid after the year end (this gives persuasive evidence
that the customer believed the debt existed and was valued correctly) or check invoices back to
the customer order (this is less persuasive, as it relies on client-generated evidence) and the
delivery note signed by the customer (this adds to the persuasiveness, as the client has
acknowledge receipt of the goods, suggesting a debt exists for those goods).
Summary of procedures on receivables

Audit procedure Reason for procedure
Obtain the list of receivables balances and check To ensure that the list is accurate and that the total
that it casts. fairly represents the individual balances.
Agree the total of the receivables list to the nominal To ensure that the company’s receivables are
ledger and financial statements. recorded accurately.
Perform analytical procedures on the trade Provides an initial indication as to the accuracy and
receivables listing by comparison with prior periods. completeness of the list.
Calculate trade receivables days and compare to last Increased trade receivables days could indicate debt
year. is overstated (by the existence of bad debts)
Any significant variations should be investigated and
substantiated, with particular attention being paid
to old outstanding amounts.

Review the aged receivables listing for any old To ensure that the receivables figure is not
unpaid amounts. Reasons for non-payment should overstated – a valuation test.
be discussed with the client and a suitable provision
included if necessary.
For a sample of trade receivables, write to the This very useful test helps to prove existence,
customer asking them to confirm the outstanding valuation, cut-off and rights and obligations.
amounts – a “circularisation”.
For customers that don’t reply to the circularisation, To ensure that the receivables figure is not
or where recoverability is considered a particular overstated – a valuation test.
risk, vouch any receipts after the year end back to
the cashbook or bank statements.
3.2 Prepayments
The schedule of prepayments should be obtained and reconciled to the financial statements.
Depending on the materiality of the prepayments balance, simple analytical procedures, such as
confirming the components of the prepayments balance compared to last year may be sufficient.
If further testing is required, then the auditor should obtain the client’s backup schedule for the
calculation of the prepayment. The schedule should then be vouched to the cash book and invoice
documentation.
The mathematical accuracy of the prepayment can then be checked.
3.3 Inventory
Inventory is an important element of a set of financial statements as it is often a material balance
affecting both the statement of profit or loss and the statement of financial position.
When auditing inventory, it is important to remember that there are two distinct aspects of the final
year-end balance: valuation and quantity (existence).
Valuation
Inventories should be valued at the lower of cost and net realisable value.
Cost should comprise all costs of purchase, costs of conversion and other costs incurred in bringing the
inventories to their present location and condition.
To audit valuation, for a sample of inventory items on the final inventory sheets, the cost of those
items should be traced back to the original purchase invoice.
For a manufacturing company, the components of cost will be materials, labour and production
overheads:
 Material costs can be checked back to purchase invoices. The quantities of materials recorded
in finished goods, work-in-progress and raw material inventory can be verified by inspection.
 Labour costs can be vouched by agreeing labour rates to payroll records and hours worked by
observation and by reference to timesheets.
 Overheads can be tested by ensuring that only production overheads are included, based on a
normal level of activity.
Net realisable value is the estimated selling price, less the estimated costs of completion and the
estimated costs necessary to make the sale.
This can be tested by checking a sample of post year-end sales invoices back to the final inventory
sheets ensuring that the sales value exceeds the cost. Where sales value is less than cost, ensure that
the inventory is stated at the realisable value on the inventory sheet.
Where an item has been in inventory for a long period of time, discuss the item with the client to
determine whether the item can be sold for more than cost.
Note that for most businesses, the NRV will be more than cost. The auditor may want to check that the
inventories are being sold for more than cost by selecting a sample of items and ensuring that the
selling price per the invoice is greater than the cost per the purchase invoice.
Also, a sample of inventories can be physically verified to see if it looks old or out of date which will
affect value (for example, in a food business, auditors could check ‘best before’ dates of inventory).
Quantity
Most companies keep track of the quantities of stock by performing regular inventory counts
(“stocktakes”) or via a “perpetual inventory” system.
A perpetual inventory system is an alternative to the year-end inventory count. With a perpetual
inventory count, the client counts a sample of goods every day or week on a rotational basis. This is
quicker and less disruptive than closing the whole warehouse down for a full year end count.
The client should ensure that all items are counted at least once a year.
Such a system is particularly beneficial for companies whose business relies on accurate, up-to-date
inventory information.
If an annual inventory count is performed, there are various tests that the auditor should undertake.
Before the inventory count

 Review prior year working papers to obtain an understanding about what to expect at the
count.
 Arrange attendance with the client and request a copy of the count instructions are sent before
the attendance.
 These instructions should be reviewed for reasonableness (ie are they capable of ensuring the
inventory is counted properly). If the count instructions suggest an accurate count will not be
conducted, the auditor should discuss this with management before the count takes place.
 For example, the staff should count in pairs, with one person checking the inventory and
another recording the details.
 The factory/shop should be closed during the count to minimise the risk of double-
counting and to ensure that there is no confusion regarding which items are sold.
 Once counted, inventory should be marked up to avoid double-counting.
 If there are any inventories held off-site, enquire as to how the client will count these.
 Enquire of management about the likely level of write-down of inventories (e.g. if they are old,
of inadequate quality or spoiled). This can be compared with prior years to form an opinion as
to its appropriateness. The calculation of any provision should be checked for reasonableness
and consistency with the prior year.
 Book audit staff for attendance at inventory counts.
 Prepare audit programme for the count.
During the inventory count

 Perform an overall review with client staff. Check that client’s count instructions are being
followed as this will help to ensure that the count is complete and accurate.
 Obtain the completed count sheets. Photocopy them and place them on the audit file. The
count sheets should be pre-numbered to ensure that no count sheets are lost.
 Perform some test counts: from count sheet to inventory (to test existence, ie items on the
master list of inventory actually exist) and from inventory to count sheet (to test completeness,
ie goods which the auditor can see on the shop floor are included in the master list).
 Review the physical condition of the inventory. Any items which look damaged or old should be
noted for net realisable testing at the final audit (see above).
Work in progress should be reviewed to vouch the stage of completion as this will be important
in terms of valuation.
 Record the number of the last pre year end Good Received Note (GRN) and Goods Despatch
Note (GDN) for cut-off testing at the year-end audit. This is to confirm later that invoices have
not been raised for items which left the factory after the count, and that liabilities have been
recognised for all goods that had arrived before the count.
 Ensure all count sheets are returned after the count and that the sequence is complete. A copy
of the final count sheets should be taken.
After the inventory count (i.e. during the final audit)

 Obtain the final inventory listing, showing the quantity and cost for each item of stock held.
 Reconcile this listing to the figure in the financial statements.
 Trace the test counts performed to this listing.
Perform cut-off testing from details of the last GRN and GDN received during the inventory count, by
tracing a sample of GRNs and GDNs just before and just after the year-end to the sales and purchases
systems in order to ensure that costs had been correctly allocated to the correct accounting period.
 This test should also be performed in reverse, from the sales and purchases systems through to
goods received and despatch notes.
3.4 Payables
When testing any liability, the key risk for auditors is the understatement of the liability. Therefore,
audit testing tends to focus on the completeness assertion.
Obtain the list of payables balances and check that it To ensure that the list is accurate and that the total
casts. fairly represents the individual balances.
Agree the total of the payables list to the nominal To ensure that the company’s payables are recorded
ledger and financial statements. accurately.
Perform an analytical review on the trade payables Provides an initial indication as to the accuracy and
listing by comparison with prior periods. completeness of the list.
Calculate trade payables days and compare to last
year.
Any significant variations should be investigated and
substantiated, with particular attention being paid
to old outstanding amounts.

Obtain supplier statements and reconcile these to Supplier statements are a reliable form of evidence
the purchase ledger balances. as they are third party, written documents – proving
completeness (the statement would highlight
liabilities not included), existence (the supplier
confirms the liability exists), valuation (the supplier
confirms the value expected), cut-off (the supplier
confirms when the liability arose).
For invoices on statements but not on the payables Ensure that all relevant liabilities are included in the
listing, check the date of receipt to GRN. If the goods correct period – completeness and cut-off.
were received pre year, they should be included on
the payables listing.
If understatement is suspected, then the auditor This will prove existence and accuracy.
may select a sample of trade payables and perform a
trade payables circularisation, following up any non-
replies. However, this is very rare as a supplier
statement reconciliation as described above
achieves the same result and costs less to carry out.
Select a sample of Goods Received Notes before the To ensure the correct cut-off.
year end and follow through to inclusion in the year
end payables balance.
A review of correspondence with credit suppliers This will help test the valuation and completeness of
should be performed and the client’s legal the payables listing.
department should be requested to provide details
of disputed balances.
From the cash book or bank statements, trace a This will help prove the completeness and accuracy
sample of post year end payments back to the of the payables listing (as the company is likely to
payables (or accruals) listing. pay liabilities completely and accurately even if they
recorded them inaccurately, or they risk the supplier
not supplying what they need).
Ensure that the payables have been correctly To ensure that the company’s payables are
disclosed in the financial statements under “current appropriately disclosed.
liabilities”.
3.5 Accruals
 A schedule of purchase accruals should be obtained and checked for arithmetical accuracy and
completeness by comparison with prior periods and invoices received after the period-end.
 Both trade payables and purchase accruals should be tested for the accuracy of cut-off by
checking samples of invoices for goods received just before and just after the year-end to goods
received notes, purchase invoices and records of inventory counts.
3.6 Provisions
A provision must be recognised when all of the following criteria are met at the year end:
 When an entity has a present obligation (legal or constructive) as a result of a past event (the
“obligating event”);
 It is probable (“more likely than not”) that an outflow of economic resources will be required to
settle the obligation, and
 The amount can be estimated reliably.
A contingent liability is a possible obligation or an obligation with a possible outflow of benefits.

Contingent liabilities do not appear in the statement of financial position. They are disclosed in the
notes to the accounts.
As a liability, most of the testing on provisions will focus on completeness. Typical tests include:
 Obtain a breakdown of this year’s provision and perform analytical procedures, comparing the
components of the balance with last year
 Discuss with management the reasons for any omissions or unusual figures in this year’s balance
 Cast the breakdown to check its mathematical accuracy
 For a sample of items on the provisions list, discuss with management to understand how the
liability arises and any key timing issues which mean it must be provided for.
 If any of the provisions relate to legal costs, discuss the matter with the client’s solicitors to
determine the likelihood of the payment occurring and its likely value.
3.7 Bank and cash

The most common audit procedure is to seek confirmation of bank balances, loan agreements and
other matters direct from the client’s bank. A bank report for audit purposes (“bank confirmation
letter”) is sent by the auditor to each of the client’s banks shortly after the client’s year end.
The report gives evidence that bank accounts exist and confirm the year end valuations (subject to
any reconciling items). It should also ensure that all receipts and payments are recorded in the correct
period – cut off.
All companies should perform regular bank reconciliations, reconciling the balance on the bank
statements to the balance in the nominal ledger.
Company X – Bank Reconciliation
31/12/20X1
$ $
Balance per the bank statement 23,325
Add: outstanding lodgements
30/12/20X1 150
31/12/20X1 400
550
Less: unpresented cheques
2450 625
2489 1,300
2490 70
1,995
Balance per the cash book 21,880
The auditor should check the reconciliation by:

 Casting it.
 Agreeing the bank balance to the trial balance.
 Agreeing the bank statement balance to the year-end bank statement.
 Agreeing any uncleared deposits/lodgements to the bank statement after the year end (they
should clear within five working days or there is suggesting that the client is trying to
manipulate the accounts by showing deposits that actually came in later).
 Agreeing any unpresented cheques or similar expenses to the cash book before the end of the
year and the bank statements after the end of the year. (Similarly these should clear quite
quickly or there is a suggestion they were not sent to suppliers until after the year end.)
In addition to the tests above, the cash book should be reviewed for unusual items.
3.8 Tangible non-current assets

One of the key accounting documents used in the audit of non-current assets is the non-current asset
register (“fixed asset register”). This register lists all of the client’s non-current assets and details their
date of purchase, cost and depreciation to date. In theory, the total of this register should tie into the
net book value balance figure in the financial statements.
Company X – Non Current Asset Register
31/12/20Y1
Purchased Depreciation Cost Acc Dep NBV
Asset Years Method $ $ $
Building 01/01/20X6 50 SL 1,000,000 120,000 880,000
Computer 1 01/01/20Y0 3 SL 1,000 667 333
Computer 2 01/01/20Y0 3 SL 2,000 1,333 667
Computer 3 01/01/20Y1 3 SL 3,000 1,000 2,000
Desks 01/01/20X8 5 SL 8,000 6,400 1,600
Chairs 01/01/20X9 5 SL 2,000 1,200 800
Total 1,016,000 130,600 885,400
Remember, Net Book Value = Cost – accumulated depreciation to date. Therefore, to vouch the
valuation of the non-current asset figure, both the cost and accumulated depreciation figure need to
be confirmed.
Accuracy / Valuation
Cost / Valuation
1. Obtain non-current asset register from client. Cast the cost, depreciation and net book value
columns of the register and agree to the financial statements.
2. For a sample of new additions and other material items in the non-current asset register, vouch
the cost and title back to the purchase invoice.
3. For a sample of assets revalued in the year, confirm the valuation to third party verification such
as a valuation report.
Depreciation
4. Check the appropriateness of the depreciation charge used by considering the physical
condition of the assets and by comparing to industry standards to ensure the useful life (which
determines the depreciation charge) is reasonable.
5. Perform a proof in total calculation of depreciation, considering the timing of additions and
disposals and compare this expectation to the actual charge, and investigate any significant
differences.
6. Test the calculation of depreciation in the non-current asset register, ensuring that the rates
used are those disclosed in the financial statements.
7. Review the profit (or loss) on disposal calculation and check for accuracy. The sale proceeds can
be traced back to the bank statement and the depreciation charge vouched as reasonable.
Existence
8. Physically verify the existence of the asset. At the same time, check the physical condition of the
asset to vouch its remaining useful economic life (depreciation value) and overall valuation
(impairment).
Cut-Off
9. Check that the asset has been recorded in the non-current-asset register in the correct period.
Completeness
10. Select a sample of assets physically present at the entity’s premises and inspect the asset
register to ensure that these are included in the register, and by implication in the financial
statements.
11. Review the repairs and maintenance expense account in the statement of comprehensive
income for items of a capital nature which should have been capitalised instead of being
expensed.
Rights and ownership

12. Verify ownership of property via inspection of title deeds and land registration documents.
13. For a sample of additions / major assets, agree to purchase invoices to verify invoice relates to
the entity.
14. Review any new lease agreements to ensure assets are correctly treated as assets and liabilities
or merely expenses.
15. Inspect vehicle registration documents to confirm ownership of motor vehicles.
Disclosure
16. Ensure that the accounting policy for depreciation is clearly stated in the financial statements
and is the same as last year.
3.9 Intangible non-current assets

Testing intangible non-current assets will focus on accounting treatment (i.e., does an intangible asset
exist?) Valuation can be agreed to purchase invoices or internal cost records and similar considerations
apply concerning useful life and therefore amortisation charges as was considered above for
depreciation.
3.10 Share capital, reserves and directors’ emoluments

Share capital audit tests
 Agree the share capital figure to the statutory documents of the company
 Agree any issue of shares during the year to Board Minutes
 Agree the cash received for the shares to the cash book and bank statement
 Reconcile the list of shareholders to the nominal ledger
Reserves
 Discuss the company’s reserves with the directors to establish which reserves they have (e.g.
retained earnings, revaluation surplus, share premium)
 Agree the movement in any of the reserves to supporting documentation:
– Share premium to board minutes
– Revaluation surplus to third party valuation report
– Retained earnings to the statement of profit and loss and dividend payments
 Review the financial statements to ensure that the movements in reserves is accurately
recorded in the statement of changes in equity.
Directors’ emoluments
 Perform analytical procedures of directors’ total emoluments year on year to determine
reasonableness. Discuss any large discrepancies with the directors.
 For each director, obtain a breakdown of total emoluments for the year, split between salary,
bonuses, other benefits and pension contributions.
 Check the addition of each schedule and reconcile the total to the nominal ledger.
 Check the directors’ emoluments back to the signed directors’ letters of employment/contracts.
 Obtain and review returns made to the tax authorities to ensure consistency with the amounts
recorded in the financial statements.
 Review the financial statements to ensure the adequate disclosure of director’s emoluments.
EXAM SMART: SUBSTANTIVE TESTING

It is worth acknowledging that there are some “standard” tests that the auditor can perform
for many key areas on the statement of financial position:
 Obtain the “X” ledger (where “X” is inventory or receivables or non-current assets etc).
Cast the ledger and agree the total to the financial statements.
 Agree opening balances to prior year financial statements
 Perform analytical procedures, eg by reviewing a ledger for unusual items and asking
management to explain any such items
 For a sample of items on the ledger, vouch their valuation by reference to purchase
invoices
 Review the draft financial statements and ensure that “X” is correctly disclosed in
accordance with accounting standards.
However, it is vital that you demonstrate to the examiner that you understand what you
would actually do (eg, describe the analytical procedure, don’t just list the words ‘analytical
procedures’) and why (ie link it to the assertion you are testing). Identifying documents or
relevant personnel you have been introduced to in the scenario and that would apply to the
entity described help the examiner to see that you understand what you are doing and are
not simply regurgitating a rote list.
4 Audit sampling and other means of testing

KEY TERM
Audit sampling involves the application of audit procedures to less than 100% of items
within a population such that all sampling units have a chance of selection.
It is not possible in anything but the very smallest of entities to take any other approach, as testing
100% of a population:
 May not be practical
 May not be cost effective
 May take too long
It should also be remembered that sampling risk exists when an auditor does not pick the entire
population of a series of data to test. Sampling risk is the risk that the auditor’s conclusions based on a
sample may be different from the conclusion if the entire population were picked.
4.1 Differences between statistical and non-statistical sampling
KEY TERMS
Statistical sampling means any approach to sampling that involves the random selection of a
sample; and the use of probability theory to evaluate sample results, including measurement
of sampling risk.
Non-statistical sampling is simply any approach which doesn’t use statistical methods e.g.
where the auditor picks his sample using his judgement.
4.2 Basic principles of statistical sampling and other selective testing

procedures
All sample selection methods, whether statistical or non-statistical, should attempt to select samples
that are representative of the entire population. A representative sample is one whose characteristics
are the same as, or similar to, the characteristics of the population as a whole.
For example, a sample of invoices that have not been properly authorised in 2% of cases will be
representative of all invoices if the population as a whole also has around 2% of invoices not
authorised.
There are various different methods of sample selection including the following.
4.2.1 Statistical sampling

 Random selection – ensures each item in a population has an equal chance of selection, for
example by using random number tables or random number generators.
 Systematic selection – involves taking every nth item in a population, starting at a random point.
 Monetary unit sampling (MUS) – a value-weighted selection whereby every $1 in a population is
regarded as a separate sampling unit. This technique should ensure that every $1 in a
population has an equal chance of being selected. Material balances are more likely to be
selected.
ILLUSTRATION: MONETARY UNIT SAMPLING
Total value of receivables population is $500,000 and sample size is 5.

$500,000 / 5 = $100,000 so select every $100,000
Customer Balance Cumulative Total Selected Y/N
$ $
A 20,000 20,000 N
B 60,000 80,000 N
C 10,000 90,000 N
D 90,000 180,000 Y
E 50,000 230,000 Y
F 30,000 260,000 N
G 70,000 330,000 Y
H 80,000 410,000 Y
I 40,000 450,000 N
J 50,000 500,000 Y
Total 500,000
4.2.2 Non-statistical sampling

 Haphazard selection – where a sample is chosen by hand. This is often deemed to be an
inappropriate method of selection as bias would often creep in e.g. an auditor may attempt to
avoid choosing any potentially problematic items.
 Block / sequence selection – involves selecting a block(s) of continuous item from a population
e.g. examining all sales invoices for the month of January.
4.3 Discuss the results of statistical sampling, including consideration of

whether additional testing is required
Errors found in a sample are extrapolated across the population as a whole, in order to enable the
auditor to form a conclusion on whether the population is materially misstated.
It is important to remember that there is not necessarily a direct, linear relationship between errors in
samples and errors in the populations from which they are drawn. Therefore, any errors found should
be discussed with the client. The auditor should then determine whether the error can be tolerated or
whether further testing is needed.
5 Computer-Assisted Audit Techniques

Computer-assisted audit techniques (CAATs) are used to assist the auditor in the collection of audit
evidence from computerised systems. They enable the auditor to test a greater number of items
quickly and accurately, thus reducing detection risk.
CAATs also allow the auditor to test the actual accounting system and records rather than printouts
which are only a copy of those records and could be incorrect.
5.1 The use of audit software and test data by auditors

There are two forms of CAAT:
Audit software – this is where the auditor uses his own computer programmes to carry out
substantive procedures a balance or transaction. The most commonly used form of audit software is
the spreadsheet, which can check the correct casting (addition) of a set of numbers.
Audit software can also be used to select samples, analyse monthly trends and calculate ratios.
Test data – this is where the auditor tests the controls in the client’s system by posting data onto the
client’s computer system to see if the transactions are posted as they should be.
Common examples of test data are:
 Testing password controls – to see if unauthorised users (eg the auditor) can access key areas of
the system.
 Testing individual transactions – data can be input (“live” or “dead”) to see in the system rejects
invalid data. E.g. the input of a negative quantity when ordering inventory or the input of an
invalid credit card number.
 Test transactions using an embedded system – this is similar to above but aims to test a piece of
data or collate information over a longer period, perhaps even the entire year. E.g. the auditor
could request that all capital expenditure over $10,000 in value is collated in a separate file.
5.2 Advantages of using CAATs

 Enable the auditor to test program controls – if CAATs were not used then those controls would
not be directly tested.
 Enable the auditor to test a greater number of items quickly and accurately. This will also
increase the overall confidence for the audit opinion.
 Allow the auditor to test the actual accounting system and records rather than printouts which
are only a copy of those records and could be incorrect.
 CAATs are cost effective after the initial setup (as long as the company does not change its
systems) as the auditor can run the same audit software each year.
 Allow the results from using CAATs to be compared with ‘traditional’ testing – if the two sources
of evidence agree then this will increase overall audit confidence.
6 The work of others

By relying on the work of others, auditors may be able to make better judgements on areas where
they do not have expertise. They may also save time and effort by not reproducing work that has
already been completed by a competent party.
6.1 Discuss the extent to which auditors are able to rely on the work of
internal audit
While the external auditor has sole responsibility for the audit opinion expressed and for determining
the nature, timing and extent of external audit procedures, certain parts of internal auditing work may
be useful to the external auditor.
Areas of the audit where the external auditor may be able to use the work of the internal auditor
might include systems documentation, controls testing and inventory count procedures. The external
auditor should consider the following when assessing whether to place reliance on the work of
internal audit:
(a) Organisational status: In the ideal situation, internal audit will report to the highest level of
management. Also, the internal auditors will need to be free to communicate fully with the
external auditor.
(b) Technical competence: Whether internal auditing is performed by persons having adequate
technical training and proficiency as internal auditors. The external auditor may, for example,
review the policies for hiring and training the internal auditing staff and their experience and
professional qualifications.
(c) Systematic and disciplined approach including quality control: Whether internal auditing is
planned, supervised, reviewed and documented in such a way as to be able to draw reasonable
conclusions from the work. The existence of adequate audit manuals, work programmes and
working papers would be considered.
Once they have decided whether it is appropriate to rely on the work of internal audit, the external
auditors would then read the reports relating to that internal audit work and perform sufficient
procedures on that work to determine it is adequate for purpose.
It is also possible to use internal auditors for direct assistance on the external audit (i.e. to carry out
external audit procedures). Again, audit judgement must be exercised in determining exactly what
work internal audit can carry out.
6.2 Discuss the extent to which auditors are able to rely on the work of
experts
For the majority of audit work, the auditor will rely upon their own skill and judgement in forming an
opinion. However, there may be some areas where a level of expertise beyond that of the auditor is
needed e.g. the valuation of assets such as works of art and precious stones.
When planning to use the work of an expert, the auditor should evaluate the professional competence
of the expert.
This will involve considering the expert’s:
 Qualifications – for example, via membership in an appropriate professional body.
 Experience and reputation in the field in which the auditor is seeking audit evidence.
 References – from previous work performed.
 Access to information – the expert should be allowed access to whatever information he feels
necessary at the client.
 Independence/objectivity of the expert (e.g. if the expert has a family/financial connection with
the client).
If the auditor is concerned regarding the competence or objectivity of the expert, the auditor needs to
discuss any reservations with management and consider whether sufficient appropriate audit evidence
can be obtained concerning the work of an expert.
The auditor may need to undertake additional audit procedures or seek audit evidence from another
expert.
6.3 Service organisations

Entities often outsource non-core areas of the business such as payroll and credit control to service
organisations. This presents a potential problem to auditors, as they are probably not the auditors of
those service organisations and therefore won’t necessarily be allowed access to their premises and
documentation.
The auditor should therefore consider the significance of the service organisation’s activities to the
entity and the relevance to the audit.
To do this, they should consider:

 The nature and materiality of the services provided by the service organisation.
 The extent to which the entity’s internal controls interact with the systems at the service
organisation.
 The service organisation’s capability and financial strength, including the possible effect of the
failure of the service organisation on the entity.
 The existence of third-party reports from the service organisation’s auditors or internal auditors
as a means of obtaining information about the effectiveness of the internal controls of the
service organisation.
The auditor could request to see any relevant documentation from the service organisation but the
service organisation is under no duty to allow this.
Similarly, the auditor could request from the service organisation’s auditor written confirmation of the
strength of the service organisation’s controls. Again, this will require the permission of the client, the
service organisation and their auditors.
6.4 Explain the extent to which reference to the work of others can be
made in auditor’s reports
In the UK, no reference can be made to any work of others in the final auditor’s report.
7 Not-for-profit organisations
Not-for-profit organisations such as charities and societies are different to most organisations in that
their primary goal is not the maximisation of profit. As many of these organisations are not
incorporated, they will probably not need a statutory audit but may need an assurance engagement
due to the requirements of their governing body.
The audit of a not-for-profit organisation will involve similar planning and testing techniques as for a
“conventional” audit, with the auditor planning their work based on the key risks inherent in the client.
In addition, the following risks are often applicable to such organisations:
 The audit of “irregular” income such as cash donations and fund-raising events
 The training / qualifications of volunteer or unpaid staff
 Lack of traditional accounting controls due to small number of staff (e.g. lack of segregation of
duties and management override of controls)
 Misuse of designated funds
 Excessive administrative costs
The letter of engagement will dictate the reporting requirements of the organisation, but an element
of the audit may revolve around the recommendation of improvements to the current system of
control.
Because of the lack of controls mentioned above, the audits of not-for-profit organisations are
normally substantive in nature. The substantive procedures you have learnt above will be relevant to
the audit of a not-for-profit organisation, but when proposing audit procedures for these
organisations, you should be mindful of any particular issues highlighted in the question which might
need recognising in your audit procedures.
7.1.1 Small entities

Similar considerations might apply if you are auditing a small for-profit entity, which might have a
weak control system, or a control system that it is at risk of dominance by a key individual who might
have the power to override controls. A substantive approach to the audit might be also be a good
approach to a smaller entity audit.
Can you explain what a financial statement assertion is, and give examples relating
to balances and classes of transactions?
Can you suggest procedures which give audit evidence about specific assertions
(and specific balances and transactions in financial statements)?
Can you explain what contributes to audit evidence being appropriate and
sufficient?
When designing procedures, can you take account of factors relating to

appropriateness and sufficiency to ensure that you recommend appropriate and
sufficient procedures?
Can you explain the audit risks associated with accounting estimates and
recommend relevant audit procedures to address these risks?
Do you understand why and how auditors use samples?
Can you explain what CAATs are?
Can you identify and explain when auditors might rely on the work on others, and
the implications of this for audit work?
Do you understand the differences between audit objectives in a not-for-profit

organisation and other organisations, and the way factors relating to not-for-profit
organisations might impact an audit?
67
Review and reporting
1 Subsequent events
Subsequent events are those which occur after the year end date. Many will have an effect on the
financial statements.
KEY TERMS
Adjusting events – those that provide additional evidence of conditions that exist at the year
end e.g. the write-off of a trade receivable. An adjustment must be in the financial
statements to reflect this event.
Non-adjusting events – those events which did not exist at the year end e.g the loss of
inventory in a post year end fire. These events must be disclosed in the financial statements
if material.
Auditors must therefore take steps to ensure that any such events are properly reflected in the
financial statements.
Time
Reporting Adjusting Non-adjusting Auditor’s FS issued

date event event report
31 Mar/31 Dec issued
1 2 3
68 5: Review and reporting ACCA AA
1.1 Events occurring up to the date of the auditor’s report

The auditor has an active duty to search for any material adjusting and non-adjusting events up to the
date of the auditor’s report that may require adjustment of, or disclosure in, the financial statements.
Procedures to be undertaken in performing a subsequent events review

 Review management procedures to try and ensure that subsequent events are identified. This is
testing whether management has controls capable of ensuring that the financial statements
contain this information if necessary.
 Read minutes of the post year-end company meetings and Board meetings and enquiring into
unusual items.
 Obtain the company’s latest accounts as well as any budgets and cash flow forecasts to see if
they reflect matters which should be reflected in the financial statements.
 Ask management as to whether any subsequent events have occurred such as new borrowing
commitments or significant sales of assets.
 Check whether any events have occurred that could call into question the validity of the going
concern assumption.
 Enquire of the company’s solicitors as to any new developments re: litigation.
 Include the matter on the management representation letter.
1.2 Facts discovered after the date of the auditor’s report but before the
date the financial statements are issued
The auditor does not have any responsibility to perform audit procedures or make any enquiry
regarding the financial statements after the date of the auditor’s report. They only have a duty to act if
they are made aware of something.
ILLUSTRATION
A few days after signing the auditor’s report on 24 April 20X9, but before the client’s financial
statements have been issued, the auditors receive a phone call from a director indicating a material
error in the financial statements.
In such circumstances, the client could either:
 Produce a revised set of financial statements
Where this happens, the auditor will audit the amendment and then redraft and re-date the
auditor’s report, or
 Refuse to change the financial statements
Here, the financial statements are materially misstated, but the initial auditor’s report says they
are true and fair.
The auditor should consider other methods of contacting the members. For example, the auditor can
speak at the upcoming AGM to inform the members.
The auditor may also obtain legal advice and consider resignation.
ACCA AA 5: Review and reporting 69
1.3 Facts discovered after the financial statements have been issued
After the financial statements have been issued, the auditor has no obligation to make any inquiry
regarding such financial statements.
However, if the auditor becomes aware of a fact which existed at the date of the auditor’s report and
which, if known at that date, may have caused the auditor’s report to be modified, the auditor should:
 Consider whether the financial statements need revision;
 Discuss the matter with management; and
 If needed, issue a new report on the revised financial statements. This report should include an
emphasis of matter paragraph referring to the reason for the revision.
If management do not revise the financial statements, the auditor should take legal advice with the
objective of trying to prevent further reliance on the report.
2 Going concern
Under the going concern assumption, an entity is ordinarily viewed as continuing in business for the
“foreseeable future” with neither the intention nor the necessity of liquidation, ceasing trading or
seeking protection from creditors. This “foreseeable future” should be at least 12 months after the
period end.
2.1 Explain the respective responsibilities of auditors and management

regarding going concern
Management are required to perform an assessment of whether the company is a going concern or
not.
Auditors must consider the appropriateness of management’s use of the going concern assumption
in the preparation of the financial statements.
The auditor’s responsibility therefore falls into three areas:
 To carry out appropriate audit procedures that will identify whether or not management have
been realistic in their use of the going concern assumption when preparing the financial
statements.
 To conclude whether a material uncertainty exists relating to events and conditions that may
cast significant doubt on the entity’s ability to continue as a going concern.
 To report to the members where they consider that the going concern assumption has been
used inappropriately, for example, when the financial statements indicate that the organisation
is a going concern, but audit procedures indicate this may not be the case.
In obtaining an understanding of the entity, auditors should consider whether there are events or
conditions which may cast significant doubt on going concern status of their client. They should also
review the disclosures regarding going concern before forming their audit opinion.
Examples of events or conditions which may cast significant doubt about the going concern
assumption are set out below.
Financial
 Net liability or net current liability position (or other adverse financial ratios)
 Fixed-term borrowings approaching maturity without realistic prospects of renewal or repayment.
 Negative operating cash
 Substantial operating losses or significant deterioration in the value of assets used to generate
cash flows.
 Inability to pay creditors on due dates.
Operating
 Loss of key management without replacement.
 Labour difficulties or shortages of important supplies.
2.2 Discuss the procedures to be applied in performing going concern

reviews
In order to establish whether a company is a going concern or not, the key evidence the auditor will
review is management’s assessment of going concern. They should evaluate whether it is reasonable
(which may involve testing of any cash forecasts included and any assumptions made, for example, in
relation to sales trends in the coming year) and whether it takes into account all the issues that the
auditor is aware of relating to going concern. Where the client has prepared forecasts suggesting that
there is no problem with going concern, the auditor should compare previous years’ forecasts with
actual results to determine the historical accuracy of the client’s forecasts.
If the auditor has identified events or conditions that raise doubt concerning going concern, the
auditor should perform additional audit procedures, which may include the following:
 Obtain a copy of the cash flow forecast and discuss the results of this with the directors.
 Make enquiries of the directors and examine appropriate documentation supporting the
company’s going concern status such as budgets and cash flow forecasts.
 Consider the appropriateness of assumptions which directors have made, the sensitivity of
assumptions to external and internal changes, the existence and adequacy of borrowing
facilities and the directors’ plans to deal with any going concern problems.
 Document the extent of any concerns, taking account of matters that have come to their
attention during the course of the audit and in particular, financial, operational, or other
indicators of going concern problems that are present.
 Obtain the entity’s latest available interim financial statements to ascertain whether there is
sufficient audit evidence to confirm or dispel whether or not a material uncertainty regarding
going concern exists.
 Make enquiries of the entity’s lawyer regarding the existence of litigation and claims and the
reasonableness of management’s assessments of their outcome and the estimate of their
financial implications.
 Seek written representations from management regarding its plans for future action.
 Review correspondence from company bankers regarding continuance of loan facilities.
 Review receivables ageing analysis to determine whether there is an increase in days – which
may also indicate cash flow problems.
2.3 Going concern and the auditor’s report

Auditors are required to assess the adequacy of the use of the going concern assumption and the
disclosures made in the accounts with respect to going concern.
Is the company a
going concern?
Yes No
Yes, but a material
uncertainty exists
Unmodified Is this fact adequately Is this fact adequately reflected in

auditor’s report disclosed? the accounting basis and disclosed?
No Yes Yes No
Qualified audit Unmodified audit Unmodified audit Adverse audit

opinion – material opinion with material opinion with opinion – pervasive
misstatement uncertainty relating to emphasis of matter misstatement
going concern paragraph
paragraph
3 Written representations
Written representations (or “written management representations”) are a form of audit evidence.
They are contained in a letter, written by the company’s directors and sent to the auditor, prior to the
completion of audit work and before the auditor’s report is signed.
Representations are required for two reasons:
 So the directors can acknowledge their collective responsibility for the preparation of the
financial statements and to confirm that they have approved those statements.
 To confirm any matters, which are material to the financial statements where representations
are crucial to obtaining sufficient and appropriate audit evidence.
In the latter situation, other forms of audit evidence are normally restricted to items generated by the
client because knowledge of the facts is confined to management and the matter is one of
judgement or opinion. For example, a warranty provision is essentially an estimate as to how many
goods will need to be repaired under warranty in the future. While the client’s calculation and
supporting documents are available for the auditor to review, by its very nature, this figure will be an
estimate for which independent third party evidence is unlikely to be available.
Obtaining representations does not mean that other evidence does not have to be obtained. Audit
evidence will still be collected and the representation will support that evidence. Any contradiction
between sources of evidence should, as always, be investigated. For example, a representation by
management as to the cost of an asset is not a substitute for the audit evidence of such cost that an
auditor would ordinarily expect to obtain.
The letter also usually confirms that:
 All matters occurring since the year end date that should be brought to the attention of auditors
have been brought to their attention
 All of the accounting records have been made available to the auditors
 All related party relationships and transactions have been appropriately disclosed
If management refuses to provide a representation that the auditor considers necessary, the auditor is
unable to obtain sufficient appropriate evidence on which to base his opinion. Therefore, the auditor
should express a qualified opinion or a disclaimer of opinion.
3.1 Procedure for obtaining written representations

 The auditor agrees the need for a management representation letter with the client before the
audit commences
 The auditor drafts the letter for the client, discussing any key points
 The client types up the letter on its own notehead
 The letter should be signed by at least one senior executive on behalf of the board
 The letter should be dated as close as possible to the date the auditor’s report is signed.
4 Audit finalisation and the final review

After the completion of the audit work and before the auditor’s report is signed, the auditor should
perform an overall review of the financial statements and the information published with them. This
review should determine:
 That the financial statements are prepared using appropriate accounting policies (e.g. comparable
with other firms in the same industry) and whether they have been consistently applied.
 Whether the information in the financial statements is consistent with the auditor’s knowledge
of the business and compatible with their audit findings.
 Whether the information contained in other information published with the financial
statements is consistent with it and does not mislead users of the financial statements
 Whether the information in the financial statements is properly presented and disclosed in
accordance with accounting standards, legislation and other regulatory requirements.
 That sufficient, appropriate audit evidence has been obtained to support the audit opinion.
The auditor would also consider uncorrected misstatements at this stage of the audit to ensure that
the overall effect of uncorrected misstatements was not material to the financial statements.
5 The independent auditor’s report

5.1 Unmodified auditor’s reports
5.1.1 Standard audit opinion and report
The purpose of an external audit is for the auditor to form and express an independent opinion on a
set of financial statements. This opinion is provided in the auditor’s report.
An unmodified opinion is expressed by the auditor when the auditor concludes that the financial
statements are prepared, in all material respects, in accordance with the applicable financial reporting
framework i.e. they give a true and fair view.
The standard unmodified auditor’s report should contain the following:
 Title – stating that it is the report of an independent auditor
 Addressee – addressing the report (usually to the shareholders)
 Opinion paragraph – identifying the company, what exactly has been audited (normally the
financial statements) and whether a “true and fair” view is given
 Basis for opinion paragraph – refers to ISAs, ethical requirements and sufficient, appropriate
evidence
 Key audit matters – draw users’ attention to significant matters (listed companies only)
 Other information – clarifies that the auditor is responsible only for reading this and assessing
whether consistent with the financial statements
 Management’s responsibility - for preparing the financial statements – in accordance with the
applicable financial reporting framework
 Auditor’s responsibility– for expressing an opinion on them and the audit was conducted in
accordance with International Standards on Auditing
 Other reporting responsibilities – will vary according to the jurisdiction in which the audit is
taking place e.g. UK auditors have additional reporting responsibilities under the Companies
Act.
 Name, signature and address of auditor
 Date of the auditor’s report
5.2 Key Audit Matters

Auditors of listed entities are required to determine key audit matters (KAM) and to communicate
those matters in the auditor’s report.
Auditors of non-listed entities may do so voluntarily or at the request of those charged with
governance. KAM are those that in the auditor’s opinion were of most significance during the audit
and are selected from matters reported to those charged with governance. They might include:
 Areas of high risk of material misstatement
 Significant auditor judgements
 The audit of significant transactions or events such as goodwill, fair values, financial instruments
or provisions
If there are no key audit matters to report, the auditor’s report shall contain a statement to that
effect.
5.3 Modified auditor’s reports

Exam questions are much more likely to focus on modified auditor’s reports. A modified auditor’s
report is one that differs in any way from the report on the previous page.
It is important to note that it is possible to have:
 A modified auditor’s report with an unmodified opinion, or
 A modified auditor’s report with a modified opinion.
5.4 Modified Auditor’s Report with an Unmodified Opinion

5.4.1 Material uncertainty relating to going concern
The auditor may conclude that a material uncertainty related to going concern exists, but that this has
been adequately disclosed in the financial statements, so they give a true and fair view. In this case,
the auditor will give an unmodified opinion.
However, as the uncertainty is material, the auditor will emphasise the material uncertainty by
highlighting it in a paragraph after the basis of opinion paragraph under the heading “Material
uncertainty relating to going concern”. This will draw attention to the disclosures made by the
directors in the FS concerning the uncertainty, and will confirm that the audit opinion is not modified
in relation to this matter.
5.4.2 Emphasis of Matter (ISA 706)

The auditor’s report may be modified by adding an emphasis of matter paragraph to re-highlight a
significant matter other than going concern such as significant uncertainty which is fundamental to the
users’ understanding of the financial statements. This matter will be already appropriately disclosed
within the financial statements.
The additional paragraph should be added after the basis of opinion paragraph under the heading
“Emphasis of Matter”. This paragraph will explicitly start with the words “without qualifying our
opinion…” to highlight the fact that the audit opinion is unmodified in respect of this matter.
An example of when an emphasis of matter paragraph may be appropriate includes an uncertainty
relating to the future outcome of exceptional litigation
Occasionally, the auditor’s report might be modified by the inclusion of an ‘Other Matter’ paragraph,
which is very similar to an emphasis of matter paragraph.
5.5 Modified auditor’s report with a modified opinion

There are three different types of modified opinion:
 Qualified opinion
 Adverse opinion
 Disclaimer of opinion
The type of modified opinion given by the auditor will depend on the reason for modification and the
degree of severity.
Reason for modified opinion Degree of Severity
Material but not Pervasive Material and Pervasive
Financial statements are materially Qualified opinion Adverse opinion
misstated
Auditor is unable to obtain sufficient Qualified opinion Disclaimer of opinion
appropriate audit evidence
Pervasive is a term used to describe the extent of the effect on the financial statements of
misstatements/possible misstatements that have not been detected due to an inability to provide
sufficient appropriate audit evidence.
Pervasive effects are those that:
 Are not confined to specific elements, accounts or items in the financial statements
 If so confined, represent or could represent a substantial portion of the financial statements
 In relation to disclosures are fundamental to users understanding of the financial statements
5.5.1 Qualified opinion – material misstatement

Material misstatements could arise due to inappropriate selection or application of accounting policies
(for example, the auditors disagree with the valuation of inventory) or due to inadequate disclosures
(for example, the auditors do not believe the directors have disclosed a material uncertainty relating
to going concern adequately).
Assuming the auditors cannot persuade the directors to change the relevant item, and it is considered
to be material but not pervasive, the auditor would issue a qualified opinion.
An additional, explanatory paragraph is added to the auditor’s report after the opinion paragraph,
called a “Basis for Qualified Opinion” paragraph. This provides details of the misstatement concerned
and the effect on the financial statements.
The opinion paragraph is entitled “Qualified Opinion” and will include wording such as “except for any
adjustments that are needed to the financial statements...”
5.6 Adverse opinion

If the misstatement is material and pervasive, then the auditor’s report states that the auditor is of the
opinion that the financial statements do not give a true and fair view – an adverse opinion. This form
of auditor’s report is very rare. For example, it might arise if the auditor concludes that the absence of
a disclosure concerning a material uncertainty over going concern is pervasive as it is so fundamental
to understanding the position of the company at the year-end date or if the wrong application of an
accounting standard affected multiple aspects of the financial statements. This will always be a matter
of auditor judgement.
called a “Basis for Adverse Opinion” paragraph. This provides details of the misstatement concerned
and the effect on the financial statements.
The opinion paragraph is entitled “Adverse Opinion” and will include wording such as “the financial
statements do not give a true and fair view”.
5.7 Qualified opinion – auditor is unable to obtain sufficient appropriate

audit evidence
This type of modification arises when an auditor does not receive all of the information and
explanations needed to form an opinion.
This may arise from:
 Circumstances beyond the control of the entity e.g. destruction of accounting records
 Circumstances related to the nature or timing of the auditor’s work e.g. auditor was appointed
too late to attend a year-end inventory count or the entity’s records are too inadequate to
derive an opinion from
 Limitations imposed by management e.g. management prevents the auditor from requesting
third party confirmation of specific account balances. Such a limitation imposed by
management should cause auditors to question the integrity of the management and could lead
to the auditors resigning if their motive cannot be justified in commercial terms.
Assuming the matter is considered to be material but not pervasive, the auditor will issue a qualified
opinion.
called a “Basis for Qualified Opinion” paragraph. This explains the reason for the inability to obtain
sufficient appropriate evidence and gives an indication of the possible adjustments to the financial
statements that might have been deemed necessary had the evidence been available.
The opinion paragraph is entitled “Qualified Opinion” and will include wording such as “except for any
adjustments that might be needed to the financial statements...”
5.8 Disclaimer of Opinion

The auditor issues a disclaimer of opinion when they are unable to obtain sufficient appropriate audit
evidence on which to base the opinion, and the auditor concludes that the possible effects on the
financial statements of undetected misstatements, if any, could be both material and pervasive.
Under these circumstances, the auditor states that he “does not express an opinion” on the financial
statements. This will occur in the unusual event that there is a large volume of information that the
auditor has requested but not received.
called a “Basis for Disclaimer of Opinion” paragraph. This explains the reason for the inability to
obtain sufficient appropriate evidence and the possible effect on the financial statements had the
evidence been available.
The opinion paragraph will include wording such as “we do not express an opinion on the financial
statements”.
6 Application to scenarios
The following diagram helps to apply the theory to scenarios given in exam questions.
Has the auditor

received all of the
information and
explanations required
to form an opinion?
Yes No
Does the auditor Modified audit opinion

agree all numbers due to an inability to
and disclosures are obtain sufficient
materially correct? appropriate evidence.
Does it affect more than
one area of the FS?
Yes No
No Yes
UNMODIFIED AUDIT Modified audit opinion Pervasive

Material
OPINION due to a material
misstatement.
Does it affect more than
one area of the FS?
QUALIFIED DISCLAIMER
Is there a “EXCEPT FOR...” OF OPINION
fundamental No Yes
uncertainty properly
disclosed in the FS?
Material Pervasive
Emphasis of matter QUALIFIED ADVERSE

/ Material “EXCEPT FOR...” OPINION
uncertainty relating
to GC paragraph
LECTURE EXAMPLE 5.1
During the audit of Bodie Co, the auditors notice that the company’s main office building has not been
depreciated. After challenging the directors about this, the directors feel that a charge is not necessary
as the office is painted every three years and therefore won’t suffer a fall in value.
Will this matter affect the auditor’s report?
Solutions to the Lecture examples can be found in the back of these Notes.
LECTURE EXAMPLE 5.2
During the audit of Doyle Co, the auditors notice that the company hasn’t kept any purchase orders or
invoices and estimates the year end trade payables figure based on statements received from key suppliers.
LECTURE EXAMPLE 5.3
During the audit of Jackson Co, the auditors notice that the company is being sued for $4m by a
customer who slipped and injured themselves on Jackson’s premises. The court case is scheduled for a
date after the date of the auditor’s report. The directors have correctly disclosed the matter as a
contingent liability.
7 Reports to Management
Auditors must communicate audit matters of governance interest arising from the audit of financial
statements with those charged with governance.
Those charged with governance means those entrusted with the supervision, control and direction of
an entity and would therefore include management, the audit committee and non-executive directors.
Such communications normally take the form of a letter, written promptly after the completion of the
audit, addressed to the audit committee or Board of Directors if there is no audit committee. One of
the main features of these letters is a list of the control weaknesses identified during the audit and the
recommendations made regarding those weaknesses. See Chapter 3 for further details.
The letter should be discussed with the client before it is sent to ensure that all of the statements
made in the letter are factually correct. A reply should be sought from the client’s management at
their earliest convenience.
Before you move on in your course, complete the following knowledge diagnostic and confirm you
possess the following essential learning from this chapter. If not, you are advised to revisit the relevant
learning from this chapter.
Can you explain the impact of subsequent events on financial statements?
Can you suggest procedures to be undertaken in performing a subsequent events

review?
Can you explain the responsibilities of management and auditors in relation to the
going concern assumption?
Can you suggest procedures an auditor should undertake if events or conditions

raise doubt over going concern?
Can you explain five different auditor’s report outcomes relating to going concern
and explain when each might arise?
Do you understand the two reasons that written representations are obtained?
Can you explain the main components of a standard audit opinion and report?
Can you explain when it is necessary to report key audit matters in an auditor’s
report, and give two general examples of what these might be?
Do you understand the difference between a modified auditor’s report with an

unmodified opinion and a modified auditor’s report with a modified opinion?
Can you explain what pervasive means, and what impacts determining an issue to
be pervasive or potentially pervasive will have on the audit opinion?
79
Solutions to
Class lecture examples
Chapter 5
Lecture example 5.1
All tangible non-current assets apart from land must be depreciated. The auditors would therefore
consider this to be a material misstatement. If they could not persuade the directors to amend the
financial statements, they would have to issue a qualified auditor’s report, using the “except for”
wording.
Lecture example 5.2

Assuming the trade payables figure is a significant one, this would represent a material (but not
pervasive) inability to obtain sufficient appropriate evidence. The auditor’s report would contain an
“except for…might” wording with respect to the trade payables.
Lecture example 5.3

Assuming the $4m is a material amount, this matter could materially influence Jackson and should be
brought to the attention of the shareholders.
An emphasis of matter paragraph should be included after the opinion paragraph explaining the
lawsuit and referring to note in the financial statements where the contingent liability is disclosed.
80 Solutions to Class lecture examples ACCA AA
81
Comparison of course notes

content with Study Text
The table below shows where topics covered in these course notes are included within the Study Text.
The Study Text provides useful background reading and can be found on your online course. However,
please note that we do not think that you need to read the Study Text to pass this exam. These course
notes should provide all you need to obtain a pass.
First Intuition course notes Covered in Study Text
1: Audit framework and regulation Chapter 1: Introduction to assurance
1 The concept of audit and other assurance
engagements Chapter 2: Rules and Regulation
2 External audits
3 Corporate governance Chapter 3: Corporate governance
4 Professional ethics and ACCA’s Code of Ethics and
Conduct Chapter 4: Ethics and acceptance
2: Planning and risk assessment Chapter 5: Risk
1 Overview diagram
2 Obtaining and accepting audit engagements Chapter 6: Planning
3 Objective and general principles of audit planning
4 Planning an audit Chapter 7: Evidence
5 Understanding the entity and its environment
6 Assessing the risks of material misstatements
7 Materiality, fraud, laws and regulations
8 Analytical procedures (including data analytics)
9 Interim and final audits
10 Audit documentation
82 Comparison of course notes content with Study Text ACCA AA
First Intuition course notes Covered in Study Text

3: Internal control Chapter 8: Systems and controls
1 Introduction
2 The use of internal control systems by auditors Chapter 9: Internal audit
3 Transaction cycles
4 IT controls Chapter 10: Procedures
5 Tests of control versus substantive procedures
6 Internal audit and governance and the differences
between external audit and internal audit
7 The scope of the internal audit function,
outsourcing and internal audit assignments
4: Audit evidence Chapter 7: Evidence
1 The use of assertions by auditors
2 Audit procedures
Chapter 10: Procedures
3 The audit of specific items
4 Audit sampling and other means of testing
5 Computer-Assisted Audit Techniques Chapter 4: Ethics and Acceptance
6 The work of others
7 Not-for-profit organisations
5: Review and reporting Chapter 11: Completion and review
1 Subsequent events Chapter 12: Reporting
2 Going concern Chapter 13: Summary of key ISAs
3 Written representations Chapter 14: Financial reporting revision
4 Audit finalisation and the final review
5 The independent auditor’s report
6 Application to scenarios
7 Reports to Management
Employability and technology skills Chapter 17
First Intuition has confirmed with the ACCA that this
syllabus area relates to your ability to use the ACCA
software to complete the exams. There is no
additional learning and therefore no additional
material on this in these notes. However, we do
recommend that you complete two of the exams on
the ACCA practice platform as part of this course in
order that you are prepared to demonstrate the
above skills when you sit your exam.
© With thanks to Kaplan Publishing Limited for permission to reproduce excerpts from their text in these notes.
For references and acknowledgements of materials used in these notes, please see the back of the Study Text

ACCA AA - Course Notes (2021-22)

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ACCA AA - Course Notes (2021-22)

Uploaded by

Copyright:

Available Formats

Course Notes

No part of this publication may be reproduced, stored in a retrieval system

Any unauthorised reproduction or distribution in any form is strictly

© First Intuition Ltd, 2021

MAY 2021 RELEASE

1: Audit framework and regulation 1

1 The concept of audit and other assurance engagements 1

2: Planning and risk assessment 15

1 The use of assertions by auditors 45

5: Review and reporting 67

Solutions to Class lecture examples 79

Comparison of course notes content with Study Text 81

The following syllabus addition was made this year

Audit framework and

1 The concept of audit and other assurance engagements

1.1 Assurance engagements

1.2.1 Limited level of assurance

1.2.2 Reasonable level of assurance

1.2.3 Absolute assurance

2.2 Appointment, rights, removal and resignation of auditors

Once satisfied with the above, the auditor should then:

2.3 Describe the limitations of external audits

2.4 Explain the development and status of International Standards on

2.5 Explain the relationship between International Standards on Auditing

A strong system of corporate governance gives credibility to a company’s financial statements,

3.2 The UK Corporate Governance Code key recommendations

3.2.1 Board leadership and company purpose

3.2.2 Division of responsibilities

3.2.3 Composition, succession and evaluation

3.2.4 Audit, risk and internal control

3.2.6 Independence criteria per the Code Factors Affecting

3.3 Audit committees and their drawbacks and limitations

3.4 Advantages of an audit committee

3.5 The limitations of an audit committee

3.6 Internal control and risk management

4 Professional ethics and ACCA’s Code of Ethics and Conduct

Professional competence and due care

4.2 Define and apply the conceptual framework

4.3 Conflicts of interest

Confirm your learning Yes/No

Can you describe the limitations of an external audit?

Do you know the provisions of corporate governance most relevant to auditors?

Do you understand why provisions of corporate governance are relevant to

Can you discuss safeguards to offset threats to the fundamental principles?

Planning and risk assessment

Chapter 2: Planning and Risk Assessment

Chapter 3: Internal Controls. The external auditor tests

Chapter 4: Audit Evidence. The substantive testing of

Chapter 5: Review. Subsequent events, going concern

Chapter 5 (cont): Reporting. Auditor’s reports and

2 Obtaining and accepting audit engagements

2.2 Preconditions of an audit

2.3 Justify the importance of engagement letters and their contents

2.4 Explain the overall objectives and importance of quality control

3 Objective and general principles of audit planning

EXAM FOCUS POINT

5 Understanding the entity and its environment

6 Assessing the risks of material misstatements

6.2 Inherent risk

6.3 Control risk

6.4 Detection risk

7 Materiality, fraud, laws and regulations

The following industry guidelines can be used to estimate materiality levels:

7.1 Performance materiality