Assurance 1

Assurance
2
Contents
Chapter 1: Concept of and need for assurance

Chapter 2: Process of assurance: obtaining an engagement
Chapter 3: Process of assurance: planning the assignment
Chapter 4: Process of assurance: evidence and reporting
Chapter 5: Introduction to internal control
Chapter 6: Revenue system
Chapter 7: Purchases system
Chapter 8: Employee costs
Contents
Chapter 9: Internal audit

Chapter 10: Documentation
Chapter 11: Evidence and sampling
Chapter 12: Written representations
Chapter 13: Substantive procedures: key financial statement figures
Chapter 14: Codes of professional ethics
Chapter 15: Integrity, objectivity and independence
Chapter 16: Confidentiality
CHAPTER 1
Concept of and need for

assurance
Outcome
By the end of this session you should be able to:
• explain the concept of assurance
• recognise the elements and subject matter of an assurance engagement
• explain the different levels of assurance
• appreciate the benefits of assurance reports and why users require them
• compare the different responsibilities of the parties involved in an assurance

engagement
• identify examples of the 'expectations gap'
and answer questions relating to these areas
• Chapter 1 Outcome
Overview
WHAT IS
ASSURANCE?
Elements of Levels of Types of Benefits &

assurance assurance assurance limitations
Limited Audit
Reasonable Other
• Chapter 1 Overview
1. Elements of assurance
An assurance engagement is one in which a practitioner expresses a

conclusion designed to enhance the degree of confidence the intended
users other than the responsible party have about the outcome of the
evaluation or measurement of a subject matter against criteria.
Chapter 1 Elements of assurance

Key elements
Practitioner
3 Party
Intended user
Involvement
Responsible party
E.g. financial statements,

Subject Matter
other financial data, systems
E.g. accounting standards

Suitable Criteria UK Corporate Governance
Code
Evidence Sufficient and appropriate
Written Report Conclusion or opinion

The 3 party relationship
Practitioner Intended User Responsible
Auditor Depends on
Usually the
Assurance the
directors
firm assignment

Levels of assurance
There are two key levels of assurance you need to be aware of.
It is important to determine the level of assurance required as this will
determine the amount of evidence required to support the conclusion in
the report.

Limited assurance Reasonable assurance
Moderate/low level of High but not absolute level of

assurance assurance
Conclusion expressed Conclusion expressed

negatively positively
E.g. an engagement to review E.g. the audit of financial

interim accounts statements
‘Based on our review, nothing has come to our

‘In our opinion, the financial
attention that causes us to believe that the
statements show a true and fair
accompanying interim financial information does
view.
not give a true and fair view.

2. Types of assurance engagement
Different types of engagement

The following are some examples of assurance engagements:
o Statutory audit
o Fraud investigations
o Due diligence
o Internal controls assessment
o Business plan/projection reviews
o Environmental audits.
Chapter 1 Types of assurance engagement

Statutory audit
A common type of assurance engagement is the audit of a company’s financial statements.
In the UK, audits are governed by:
o Companies Act 2006
o International Standards on Auditing (ISAs).
ISA 200 states that the overall objectives of the auditor are:
o to obtain reasonable assurance about whether the financial statements as a whole are free from
material misstatement, whether due to fraud or error
o to express an opinion on whether the financial statements are prepared, in all material respects, in
accordance with an applicable financial reporting framework.

In order to comply with these requirements, the auditor must:

o Comply with relevant ethical requirements.
o Plan and perform the audit with professional scepticism.
o Exercise professional judgement.
o Obtain audit evidence that is sufficient and appropriate on which to base
their opinion.

Professional scepticism is an attitude that includes a questioning

mind, being alert to conditions which may indicate possible misstatement
due to error or fraud, and a critical assessment of audit evidence.
Professional judgement is the application of relevant training,
knowledge and experience in making informed decisions about the courses
of actions that are appropriate in the circumstances of the audit.

Legal requirements
Companies Act 2006 exempts small private limited companies from a
mandatory audit if they satisfy two out of the following three criteria:
Periods beginning on or after 1 January 2016

Employees No more than 50
Turnover Does not exceed £10.2m
Total assets Does not exceed £5.1m

An auditor must
Be a member of Recognised
Not be ineligible
Supervisory Body (RSB)
Required to have rules to ensure Companies Act 2006 prohibits a

those eligible for appointment as person being the auditor of a
a company auditor are either: company if s/he is:
o Individuals holding an o An officer or employee of the
appropriate qualification or company
o Part of a firm controlled by o A partner or employee of the
qualified persons. above.

3. Benefits and limitations of assurance
Why is assurance important?

The following are the benefits of carrying out assurance:
o Independent scrutiny of the business by experts
o Added credibility
o By-products/subsidiary benefits (e.g. fraud deterrent)
o Draws attention to issues (including ethical issues)
o Reduces risk of management bias.
Chapter 1 Benefits and limitations of assurance

3. Benefits and limitations of assurance
Limitations of assurance
We saw earlier that reasonable assurance is a high, but not absolute, level of assurance.
We cannot give 100% assurance for reasons including:
o Sampling – we do not review 100% of transactions
o Inherent limitations of systems that produce the financial information
o Evidence is generally persuasive not conclusive
o Collusion to defraud
o Financial information includes subjective and judgemental matters
o Use of management representations as evidence may be unavoidable.
Chapter 1 Benefits and limitations of assurance

4. The Expectations Gap
Many shareholders and members of the public do not understand the nature of a statutory audit.
As they may rely on the auditor’s report on the financial statements of the companies they own
shares in, are employed by, or trade with, these misunderstandings can cause problems for the
auditing profession.
Examples of these misunderstandings include the perception that:
o The auditor detects all fraud and error
o The auditor tests 100% of transactions
o The auditor verifies the accuracy of the financial statements
o The company is guaranteed to continue to trade for the foreseeable future if a true and fair opinion is
issued
o The Statement of Financial Position shows the true value of the company.
Chapter 1 The Expectations Gap

CHAPTER 2
Process of assurance:
obtaining an engagement
Outcome
• explain how assurance firms obtain work
• identify the key issues to be considered before accepting engagements
• describe the contents and purpose of a letter of engagement
and answer questions relating to these areas.
Overview
Methods
OBTAINING AN
ENGAGEMENT
Procedures after
Considerations
accepting the
prior to acceptance
engagement
Appointment Money
Sources of decision laundering
information process check
1. Methods of obtaining an engagement
There are two key methods of obtaining an engagement:

o Tender
o Advertising (subject to ethical guidance which is not in the Assurance
syllabus).
In your exam, questions about obtaining an engagement will be in
the context of an accountant being invited by a potential client to
accept an engagement.
Chapter 2 Methods of obtaining an engagement

2. Considerations prior to acceptance
Factors to consider
Before we are able to accept appointment we will have to satisfy ourselves that we have
considered the following:
o Are we professionally qualified to act (are there legal or ethical issues that would
prevent us from accepting appointment)?
o Have we communicated with the existing or previous auditors?
o Do we have adequate resources available?
o Have we fulfilled the requirements to comply with the Money Laundering
Regulations 2007 (client due diligence)?
o Have we assessed the level of management integrity?
o Have we assessed the level of risk?
Chapter 2 Considerations prior to acceptance

Sources of information relating to new clients

Some of the consideration of appointment will require information on the
client to be obtained.
Client External Auditor

oCredit ratings
oFinancial statements
oBankers, solicitors
oInternal audit reports oPrevious auditor
oLaws and regulations
oManagement accounts
oInternet search

Appointment decision chart

Prospective auditors will contact the previous auditors to ascertain whether
there is anything which would prevent them from accepting nomination.
The following illustration charts the decision process:

Approach by potential new audit
client
Yes Prospective auditors
Is this the first audit? can make own
decisions
Does client give permission to
contact old auditor?
No
Yes
Prospective auditor should
Request all relevant information normally decline the
appointment
Does client give old auditor No
permission to reply?
Yes
Does old auditor reply with No Chase response. If no reply
relevant information? decide on appointment using
Yes available information
Accept/reject appointment

Money laundering check
To comply with the Money Laundering Regulations 2007, correct
identification needs to be obtained before appointment. This is known
as client due diligence.
Individuals Companies
Photographic identification and other
Identification from Companies House
documents confirming name and address
Client identification documents must be kept for a minimum of 5 years and until 5
years have elapsed since the relationship with the client has ceased.

3. Procedures after accepting the engagement
Overview
o Ensure outgoing auditors' removal/resignation has been properly conducted.
o Ensure new auditors' appointment is valid.
o Prepare and submit a letter of engagement to the directors of the company.
Audit engagement letters
Audit engagement letters are issued after the auditors have accepted nomination.
Chapter 2 Procedures after accepting the engagement

Purpose and practicalities
o Define the extent of firm’s and management’s responsibilities
o Minimise potential for misunderstanding between client and firm
o Provide written confirmation of:
– the firm’s acceptance of appointment
– the scope of the engagement
– the form of reports to be issued
o Send to all clients
o Send as soon as possible after appointment.
Note that engagement letters are used for all kinds of assurance engagements, not just
statutory audit.

Contents
The contents of an engagement letter are covered in ISA 210
Must include May include other items e.g.
o Objectives of work/auditor’s o Inherent limitations of the engagement
responsibilities o Expectation re: written management
o Management’s responsibilities representations
o Scope of work o Confidentiality/restricted circulation/use of
o Form of any reports report
o Level of access to books and o Arrangements re: reliance on internal audit
records o Restrictions on auditor’s liability (if possible)
o Reporting framework. o Basis of fee calculations.

CHAPTER 3
planning the assignment
Outcome
• define the overall audit strategy and audit plan
• explain the need to obtain an understanding of the entity and its environment
• identify suitable sources of information to obtain this understanding
• define and apply the concept of materiality
• define and apply the audit risk model and its components
• use basic analytical procedures
• distinguish between fraud and error
• explain the difficulties involved in auditing related party transactions
Overview Planning
process
PLANNING THE
ASSIGNMENT
Understand Analytical
Materiality Risk
the entity procedures
Fraud & Related

error parties
1. The planning process
Overview
Determines scope, timing and

Audit strategy direction of audit and determines
the development of the audit plan
Increasing
level of detail
Shows how the overall strategy

Audit plan
will be implemented
Chapter 3 The planning process

Audit strategy
The key components of the audit strategy are:
o Understanding the entity and its environment
o Materiality
o Direction, supervision and review of work
o Risk assessment
o Nature, extent and timing of audit procedures
o Other matters

Audit plan
An audit plan shows how the overall audit strategy will be implemented.
The auditor is responsible for carrying out audit procedures in order to obtain sufficient appropriate audit
evidence to support his opinion. These procedures may be discussed with the client in order to plan effectively.
Audit planning ensures:
o Attention is paid to the most important areas
o Potential problems are identified
o The audit is properly organised and managed
o Work is assigned to the appropriate member of the audit team
o Appropriate direction and supervision of audit team members
o Reviews by more senior auditors are facilitated

2. Understanding the entity
ISA 315 requires the auditor to gain an understanding of the entity.

Why?
o To assess risk
o To help design and perform audit procedures
o To develop the audit strategy and plan.
Chapter 3 Understanding the entity

What?
ISA 315 details the following aspects as important in gaining an understanding of
the business:
o Industry, regulatory, and other external factors, including the applicable
financial reporting framework
o Nature of the entity, including the entity’s selection and application of
accounting policies
o Objectives and strategies and the related business risks that may result in a
material misstatement of the financial statements
o Measurement and review of the entity’s financial performance
o Internal controls

How?
ISA 315 requires the auditor to use the following:
o Enquiries of management and other client staff
o Analytical procedures
o Observation of processes
o Inspection of documents or assets
o Prior knowledge of the client
o Discussions among the audit team.

3. Materiality
Importance of materiality in the audit
The standard audit report sets out the scope of an audit stating that the engagement
involves “...reasonable assurance that the financial statements are free from material
misstatement...”
The concept of materiality plays a key role in an audit engagement.
Definition
Materiality is defined as an expression of the relative significance of
a particular matter in the context of the financial statements as a whole.
A matter is material if its omission or misstatement could influence the economic decision
of users taken on the basis of the financial statements.
Chapter 3 Materiality
3. Materiality
Performance materiality
The amount set by the auditor at less than materiality for the financial statements as a whole to
reduce to an appropriately low level the probability that the aggregate of uncorrected and
undetected misstatements exceeds materiality for the financial statements as a whole.
Using materiality
At the planning stage, materiality drives the level of work to be carried out
e.g. whether to test a balance at all, sample sizes.
During the audit, materiality influences the evaluation of audit evidence e.g. if the
auditor discovers a material misstatement then an adjustment to the financial
statements should be requested.
3. Materiality
Identifying materiality
Deciding on whether a matter is material or not depends on the auditor’s
judgement.
An item, error or misstatement may be:
o Material because of its size (see thresholds below)
o Material because of its nature e.g. transactions between the company
and its directors must be disclosed in the accounts, and because of the
nature of these transactions they are considered material regardless of
their size.
3. Materiality
At the planning stage, a level of planning materiality will be calculated.

Different firms have different methods of calculating materiality but the
following thresholds can be used for the exam:
Item in the financial statements %

Profit before tax 5–10
Revenue ½–1
Total assets 1–2
4. Risk assessment
Importance of risk assessment

o Auditors usually adopt a risk-based approach to auditing.
o Risk is assessed at planning stage but re-assessed continually throughout
the audit.
o Effective risk assessment should:
– Make the audit more efficient with work directed to likely problem
areas
– Lead to fewer inappropriate opinions
– Result in fewer negligence claims against the auditor
Chapter 3 Risk assessment

4. Risk assessment
The audit risk model
INHERENT Control Detection

AUDIT RISK
RISK risk risk
Audit risk is the risk that the auditor arrives at an inappropriate

opinion on the financial statements e.g. states that the financial
statements show a true and fair view when actually there is a
material misstatement.

4. Risk assessment
Audit risk has two elements
Risk that the financial Risk that the auditor fails to

statements contain a material detect any material
misstatement misstatements
How can this occur? How can this occur?
Misstatement Client controls do Insufficient work

occurs in the not prevent or detect Inappropriate work
first place misstatement Poor judgement
Inherent risk Control risk Detection

(IR) (CR) risk (DR)

4. Risk assessment
Inherent risk
The susceptibility of a transaction, account balance or disclosure to
material misstatement, irrespective of the internal controls in place.
Inherent risk can be considered at three different levels
Industry level Entity level Balance level

o Affects the whole industry o Affects the whole entity o Isolated to a particular
o e.g. highly regulated o e.g. company may not be a account balance
industries such as going concern, management o e.g. items which are complex
banking get profit related bonuses or subjective

4. Risk assessment
Control risk
The risk that a material misstatement would not be prevented,

detected or corrected by the accounting and internal control systems.
Details of controls are covered in Chapters 5 – 8.
Detection risk
The risk that the auditor’s procedures will not detect a misstatement
that exists in an account balance or class of transactions that could
be material, either individually or when aggregated with
misstatements in other balances or classes.

4. Risk assessment
Significant risks
o Significant risks require special consideration. ISA 315 identifies the
following indicators of significant risk:
o Fraud (see later on in chapter)
o Significant accounting, economic or other developments
o Complexity
o Related party transactions (see later on in chapter)
o Subjectivity
o Unusual transactions

5. Fraud and error
Definition
Error: an unintentional misstatement in financial statements,
including the omission of amounts or disclosures.
Fraud: an intentional act involving the use of deception to obtain an
unjust or illegal advantage.
Characteristics of fraud
ISA 240 identifies two categories of fraud that are of concern to auditors:
o Misappropriation of assets means theft e.g. the creation of ghost employees
to divert company funds into a personal bank account or theft of inventory.
o Fraudulent financial reporting involves intentionally manipulating the financial
statements to deceive financial statement users.
Chapter 3 Fraud and error

5. Fraud and error
Responsibilities for fraud and error
Management responsibilities
The primary responsibility for the prevention and detection of fraud rests with those charged
with governance of an entity and with management.
This should be achieved by the design and implementation of an effective system of internal
control.
Auditor responsibilities
Auditors are required to provide reasonable assurance that the financial statements are free from
material misstatement, whether caused by fraud or error. In order to meet this responsibility,
auditors must plan, perform and review audits in light of the risk of misstatement due to fraud.
There is an unavoidable risk that some material misstatements may not be detected. This risk is
greater in relation to misstatement due to fraud, rather than error, because of the potentially
sophisticated nature of organised criminal schemes.
Chapter 3 Fraud and error

6. Related parties
A related party is an individual or organisation who is influenced by,

or has influence over the entity. Transactions with related parties
might take place for reasons other than the entity’s normal business.
There is nothing wrong with an entity dealing with a related party.
However, dealing with related parties increases the potential for the
financial results to be manipulated as transactions may be carried out
on a basis other than 'arm’s length'. In these circumstances it is
appropriate for such transactions to be brought to the attention of
shareholders.
Chapter 3 Related parties

6. Related parties
Related parties are often difficult to identify in practice. It can be hard to

establish exactly who, or what, are the related parties of an entity. Other
problems which may arise include the following:
o Directors may be reluctant to disclose transactions, particularly in the
case of family members.
o Transactions may not be easy to identify from the accounting systems
because they are not separately identified from ‘normal’ transactions.
o Transactions may be concealed in whole, or in part, from auditors for
fraudulent purposes.
Chapter 3 Related parties

7. Analytical procedures
Definition
Analytical procedures involve the evaluation of financial information through analysis of plausible
relationships among both financial and non-financial data.
Analytical procedures also encompass such investigation as is necessary of identified fluctuations or

relationships that are inconsistent with other relevant information or that differ from expected values by a
significant amount.
Preliminary analytical procedures
ISAs 315 and 520 cover the use of analytical procedures during the audit:
o Must be used at planning to identify risk ISA 315.
o Can be used as a form of substantive procedure to gather audit evidence ISA 520.
o Must be used to assist in forming an overall conclusion on the financial statements ISA 520
Chapter 3 Analytical procedures

Analytical procedures are useful at the planning stage in giving an overall

perspective on the financial statements using both financial and non-
financial data, but there are limitations:
o They require a sound knowledge/experience of the entity which may be
limited in a first-year audit.
o Experienced staff may be required to carry them out.
o The quality of analytical procedure depends upon the reliability of
source data.

HOW TO PERFORM ANALYTICAL PROCEDURES
Compare Unexpected
Understand Develop an
actual to variations =
the business expectation
expectation risk
Sources of information
Analytical procedures require sound knowledge; therefore information about the client is
important.

Possible sources include:
o interim accounts
o Budgets
o management accounts
o VAT returns
o board minutes
o non-financial information e.g. personnel records
o discussion or correspondence with client
o industry knowledge
Calculations
The process of performing analytical procedures involves calculations of
amounts that can then be compared with prior year, budget, industry
averages or other plausible benchmarks.
Calculations range from simple trends (e.g. % increase in revenue over the
last year) to more complex ratio analysis.
You may need to use the following accounting ratios as part of your
analytical procedures:

Heading/ratio Formula Purpose
Performance Profit before interest and tax × 100 Effective use of
Return on capital employed Equity + net debt resources.
Return on shareholders’ Net profit for the period × 100 Effective use of
funds Share capital + reserves resources.
Assess profitability
Gross profit × 100
Gross profit margin before taking overheads
Revenue into account.
Cost of sales × 100 Assess relationship of

Cost of sales percentage
Revenue costs to revenue.
Operating costs/ overheads × 100 Assess relationship of

Operating cost percentage
Revenue costs to revenue.
Assess profitability after

Net margin/operating Profit before interest and tax × 100
taking overheads into
margin Revenue account.

Assess ability to pay
Short-term liquidity Current assets
current liabilities from
Current ratio Current liabilities reasonably liquid assets.
Assess ability to pay
Quick ratio Receivables + Current investments + Cash current liabilities from most
Current liabilities liquid assets.
Net debt
Long-term solvency Equity Assess reliance on
Gearing ratio Profit before interest payable external finance.
Interest payable
Revenue
Capital employed
Trade receivables × 365 Assess ability to pay
Interest cover
Credit revenue interest charges.
Trade payables × 365
Credit purchases
Efficiency Inventory × 365 Assess revenue generated

Net asset turnover Cost of sales from asset base.

CHAPTER 4
evidence and reporting
Outcome
• describe the process of assurance and reporting
• apply the rules relating to the collection of evidence
• distinguish between substantive testing and tests of controls
• identify the differences between auditors’ reports and other assurance reports
Overview PROCESS OF
ASSURANCE AND
REPORTING
EVALUATE CONCLUDING
OBTAINING
RESULTS OF AND
EVIDENCE
AUDIT WORK REPORTING
Basic rules Audit Other
APPROACH
Test of Substantive
controls procedures
1. Obtaining evidence
Basic rules
Evidence must be
Sufficient (quantity) Appropriate (quality)
Depends on factors such as

Risk
Materiality
Reliable Relevant
Level of assurance to be given
Source Format
Proves one or more of
Auditor generated Original/written
the financial
Third party Copy
statement assertions
Client Oral
Chapter 4 Obtaining evidence

Transactions that have been recorded have occurred and
Occurrence
pertain to the entity.
All transactions that should have been recorded have been

Completeness
recorded.
Assertions about
classes of Accuracy Amounts have been recorded appropriately.
transactions and
events, and related Transactions have been recorded in the correct accounting
Cut-off
disclosures, for the period.
period under audit
Classification Transactions have been recorded in the proper accounts.
Transactions and events are appropriately aggregated and

Presentation clearly described, and related disclosures are relevant and
understandable.

Existence Assets, liabilities and equity interest exist.
Rights and The entity owns the assets, and liabilities are the obligations
obligations of the entity.
Assertions about All assets, liabilities and equity interests that should have
account balances, Completeness been
and related recorded have been recorded.
disclosures, at the Accuracy, valuation Assets, liabilities and equity interests are included in the
period end and allocation financial statements at appropriate amounts.
Assets, liabilities and equity interests have been recorded in
Classification
the proper accounts.
Assets, liabilities and equity interests are appropriately

aggregated and clearly described, and related disclosures are
Presentation
relevant and
understandable.

Audit approach
Tests of control Substantive testing

o Test the system that gets the numbers into o Test the numbers in the financial statements
the financial statements o Procedures include substantive analytical
o Procedures including enquiry, observation procedures (SAP) and tests of detail (see
and reperformance, and data analytics may chapter 11)
assist the auditor in this work (see Chapter o Must always carry out substantive procedures
11) on material items.
o Appropriate if control risk is low and using
tests of control is a more efficient means of
gathering evidence
o The auditor cannot just carry out tests of
control due to inherent limitations of
controls (see Chapter 5).

Preliminary
assessment
of internal Do not
Expect controls expect
controls to including controls to
be walkthrough be
effective tests effective
Tests of Substantive
control testing
Controls Controls Analytical

found to be found to be procedures
effective ineffective Tests of detail
Limited Perform some substantive

substantive testing due to inherent
testing limitations of controls
2. Evaluate results
The auditor should consider whether the evidence gathered on the audit so far
meets the basic rules.
Relevant Reliable Sufficient

The auditor should
consider whether any If evidence gathered is
matters have come to light that not sufficient, the auditor
There should be audit cast doubt on the reliability of should:
evidence to support all of the evidence e.g. o Attempt to find
financial statement assertions o Doubts over further evidence
for a given account balance. management integrity o Consider the
o Discrepancies implication for the
between different audit opinion.
sources of evidence.
Chapter 4 Evaluate results

3. Concluding and reporting
Audit opinions
An auditors’ report provides reasonable assurance, expressed positively.
The auditors’ report contains a number of different opinions.
Implied opinions – only required if a
Express opinions – always stated
material problem arises*
Report by exception under Companies Act 2006 if any of
the following matters arise:
Opinion on the financial statements
o Returns adequate for our audit have not been received
o True and fair
from branches not visited by us
o Properly prepared in accordance with
o Accounts are not in agreement with the underlying
CA2006/accounting standards
accounting records
o Proper (adequate) accounting records have not been
Opinion on other matter prescribed by Companies Act
kept
2006
o Information and explanations required for the audit
o The information contained in the Directors’ Report and
were not received
Strategic Report is consistent with the financial
o Directors’ remuneration disclosures required by law
statements
were not made
<RAPID>
Chapter 4 Concluding and reporting

The format of an auditors’ report
ISA 700 states the following are included in the auditors’ report:
o Title
o Addressee
o Auditor’s opinion on the financial statements
o Basis for opinion
o Going concern section
o Key audit matters (listed companies)
o Other information
o Management responsibilities

o Auditor responsibilities
o Explanation of the extent to which the audit was considered capable of
detecting irregularities, including fraud
o Opinion on other matters e.g. whether the information contained in the
Directors’ Report and the Strategic Report is consistent with the financial
statements
o Matters on which the auditor is required to report on by exception under
Companies Act 2006
o Name and signature of the engagement partner
o Auditor’s address
o Date of the report

If the auditor concludes that the financial statements show a true and fair
view the auditors’ report will be unmodified. This means the standard
wording of the ISA 700 auditors’ report can be used and does not need to
be changed.
If the auditor concludes that there are material misstatements in the
financial statements, or that they have not obtained sufficient appropriate
evidence, the auditors’ report will need to be modified. The report will
need to contain information for the user to explain the issues in the
financial statements. You will learn about modified auditors’ reports in the
Professional Level Audit and Assurance paper.

Entities applying the UK Corporate Governance Code
Even before the new ISA 700 was issued in June 2016, requiring a section on Key Audit Matters to be included, auditors’
reports for companies applying the UK Corporate Governance Code contained additional explanations of the audit
process.
These additional explanations are required within the auditors’ report under the three headings:
o Assessment of risks of material misstatement
o Application of materiality
o Overview of scope of the audit.
You can see examples of the long-form auditors’ reports used for listed companies by searching online for a company that
you are interested in.
Closing the expectations gap
The features of the auditors’ report, particularly the newer long-form auditors’ reports used for listed companies that
have to comply with the UK Corporate Governance Code, are an attempt to narrow the expectations gap. (We saw in
Chapter 1 that the
expectations gap reflects the common misunderstandings about the role of the auditor.)

Other reports
Non-audit assurance engagements are covered by International Standards on Assurance
Engagements (ISAEs) and International Standards on Review Engagements (ISREs). Reports
will be addressed to the users of the assurance material and are similar in outline to ISA 700
auditors’ reports.
Format
o Title
o Addressee
o Identification and description of subject matter
o Identification of criteria
o Any inherent limitations which exist
o Any restrictions upon purpose/user
o Statement identifying responsible party

o Work performed in accordance with [relevant Standards]
o Summary of work performed
o Conclusion
o Date
o Name of firm/practitioner.
Example: Extract from a report on prospective financial information (ICAEW
Workbook).

CHAPTER 5
Introduction to internal
control
Outcome
• explain the purpose of internal controls
• identify and label the different types of internal controls
• explain the significance of internal controls to the auditor
• describe the limitations of internal controls
Overview INTRODUCTION
TO INTERNAL
Purpose CONTROL Limitation
INTERNAL CONTROL
SYSTEMS
COMPONENTS OF AN SIGNIFICANCE OF INTERNAL

INTERNAL CONTROL CONTROLS TO THE EXTERNAL
SYSTEM AUDITOR
Control Information
Monitoring
environment system
Risk assessment Control

process activities
1. Introduction to internal controls
What is internal control?
Internal control is the process designed and effected by those charged with governance
(audit committee), management, and other personnel to provide reasonable assurance
about the achievement of the entity’s objectives with regard to reliability of financial
reporting, effectiveness and efficiency of operations and compliance with applicable laws
and regulations.
It follows that internal control is designed and implemented to address identified
business risks that threaten the achievement of any of these objectives.
Purpose of internal control

Internal controls help an organisation to achieve its objectives and mitigate the business
risks it faces.
Chapter 5 Introduction to internal controls

Limitations of internal controls
No system of internal controls will ever mitigate risks entirely due to the inherent limitation of controls.
o Human error
o Unusual transactions tend to be outside the scope of control systems
o Collusion
o Special considerations in small companies

– Informal nature/lack of documentation
– Limited numbers of staff make segregation of duties difficult.
Internal controls in the Annual Report

The directors of companies applying the UK Corporate Governance Code are required to report on risk
management and internal controls systems in the company’s Annual Report

Overview of an Internal Control System

ISA 315 sets out the following components of internal control. (COSO
Framework) COMPONENTS OF AN
INTERNAL CONTROL
SYSTEM
Control Information
Monitoring
environment system
Risk assessment Control

process activities

2. Control environment
What is the control environment?
The control environment includes the governance and management functions and the attitudes, awareness and actions
of those charged with governance and management concerning the entity’s internal control and its importance in the
entity.
The following may indicate a strong control environment:
o The existence of an Audit Committee (see below)
o An Internal Audit Function (see Chapter 9)
o Effective documentation of control systems
o The importance of controls communicated to all staff members
o No management override of controls
o Recruitment of employees with integrity.
If there is a strong overall control environment the auditors are more likely to rely on controls as a source of audit
evidence.
Chapter 5 Control environment

2. Control environment
Audit Committee
An Audit Committee is a subsection of the board of directors which has a particular
interest in the accounting and finance activities of the company.
Key features of an Audit Committee include:
o Comprised of non-executive directors
o Requirement for UK listed companies under The UK Corporate Governance Code
o Required to have written terms of reference
o Oversees the financial statements, internal audit and external audit.
The Audit Committee reports to the company’s shareholders in the Annual Report.
Chapter 5 Control environment

3. Risk assessment process
The process by which management in a business identifies business risks

relevant to financial reporting objectives and decides what actions to take
to address those risks.
o Internal controls should be designed to address identified risks.
Decide on
Identify Estimate the Assess the
actions to
relevant significance likelihood of
address the
business risks of the risks occurrence
risks
Chapter 5 Risk assessment process

4. Information systems
Information systems relevant to financial reporting objectives include the procedures and
records designed to initiate, record, process and report entity transactions and maintain
accountability for the related assets, liabilities and equity.
Auditors are interested in:
o Identifying significant classes of transactions
o Systems for preparing financial statements
o The accounting software used
o Related accounting records and supporting information
o Roles and responsibilities allocated to personnel
o Danger of internal controls being overridden at the financial statement
preparation stage.
Chapter 5 Information systems

5. Control activities
Control activities are manual or computerised procedures that help
an organisation to achieve its objectives and mitigate the business
risks it faces.
ISA 315 sets out five different types of control activities as shown below. You also need an
awareness of how controls may operate in an accounting IT system.
In the exam you may be required to classify controls into these
categories
Authorisation
Authorisation controls are important in ensuring that only valid transactions are
recorded.
For example when you fill in your timesheets at work, you are required to have
overtime authorised to ensure that any time off in lieu or overtime payments are valid
Chapter 5 Control activities

Performance reviews
Performance reviews are useful in identifying unexpected items that might indicate errors
in accounting information.
For example if your business operated a chain of hotels, you could compare
occupancy rates by hotel, and revenue and costs to budget.
Information processing
Information processing controls are designed to check the completeness and accuracy of
information.
They include controls such as sequence checks on sales invoices to ensure
none are missing, bank reconciliations and controls over computerised systems.

Physical controls
Physical controls involve the restriction of access to assets or data.
They also include counting assets and comparing with the recorded amount (e.g. inventory
or petty cash).
Segregation of duties
This means different members of staff are responsible for authorizing transactions,
recording transactions and maintaining custody of assets.
This reduces the risk of fraud or undetected errors
Computer controls
Computer controls fall into two categories: general controls and application controls.

General controls
These are policies and procedures that relate to many applications and support the
effective function of application controls by helping to ensure the continued proper
operation of information systems.
Examples of general controls include:
o Controls over system design, programming and documentation
o Testing system performance
o Staff training
o Password protection

o Restricting physical access to central computers by locks/keypads
o Virus checks
o Back-up copies with extra copy stored off-site
o Disaster recovery procedures.
Application controls
These are manual or automated procedures that apply to individual areas within the
system to ensure the completeness, accuracy and validity of the recording and processing
of transactions.
Examples of application controls include

o Sequence checks and document counts

Controls over input o One to one checking of processed output to source
completeness documents
o Hash totals and batch totals
o Hash total and batch totals
o Reasonableness tests e.g. VAT to total value
Controls over input o Character checks e.g. no unexpected characters in a
accuracy reference number
o Range checks e.g. no timesheet processed over a certain
level of hours per week
Controls over input
o Manual checks to ensure information was authorised
authorisation
o One to one checking of amendments to source
Controls over
documents
standing data
o Periodic review of all standing data

Cyber security risk
Increasing use of technology and constantly evolving risk makes this an important
area for most organisations. Key risks to an entity’s IT systems include:
o Hacking
o Fraudulent theft of funds
o Deliberate sabotage e.g. commercial espionage or malicious damage
o Viruses, malware and other corruption
o Denial of service attacks.

The ICAEW publication Audit insights: cyber security (2014) makes

suggestions to combat cyber risks, including:
o Improve communication about cyber risks and how to manage them
o Define who is responsible and accountable for cyber security in the
organization
o Assign board level accountability
o Non-executive directors/audit committees should monitor the actions of
the executive related to cyber security.

6. Monitoring controls
Internal controls should be continually monitored to ensure effectiveness.
o Directors should decide whether they are still adequate given changes in the
environment and business risks.
o They should be monitored at all levels.
o Internal audit may recommend new systems as a result of weaknesses (see
Chapter 9).
o External audit may highlight weaknesses as part of their audit work.
It is important for external auditors to discuss controls with the internal auditors at
the planning phase.
Chapter 5 Monitoring controls

7. Significance of internal controls to the external auditor
Consideration of internal controls when planning the audit

Auditors need to gain an understanding of the systems and controls.
This enables the auditor to:
o Assess the level of control risk
o Determine the audit approach to take.
Documentation of internal controls
The auditor must document their understanding of the client’s internal control
system.
Various methods are available and the auditor should choose the method that is
most suited to the client.
Chapter 5 Significance of internal controls to the external auditor

7. Significance of internal controls to the external auditor
Narrative notes Questionnaires or checklists Diagrams or flowcharts
o Best for complex

o Good for simple systems,
o Easy to complete, covers all system, overview
junior staff can complete
areas o Complex and time
o Insufficient for complex
o May overstate controls, not consuming to prepare,
systems, hard to get an
tailored to client reader needs to understand
overview
symbols used
After documenting the system of internal controls, the auditor performs walkthrough tests
to confirm their understanding of the system
Chapter 5 Significance of internal controls to the external auditor

CHAPTER 6
Revenue system
Outcome
• identify the risks, and corresponding control objectives, relating to sales

systems
• choose relevant controls to mitigate risks identified
• identify appropriate tests of controls
• recognise weaknesses in a sales system
Overview
RISKS, CONTROL
AUDITOR TESTING OF
OBJECTIVES AND
CONTROL PROCEDURES
CONTROL PROCEDURES
STAGES OF THE
REVENUE
CYCLE
Order Goods Invoice Sale Cash

taken despatched raised recorded collected
1. Risks, control objectives and procedures
Order taken
Key risks Key control objectives Key controls activities
Obtain credit checks for new

customers.
Authorise credit limits.
Review credit limits regularly.
Orders taken from customers Only supply customers who are Check credit remaining before
who cannot pay on a timely basis. likely to pay on a timely basis. confirming orders.
Use sequentially numbered order
Orders not recorded properly or Record orders correctly. forms.
not fulfilled resulting in loss of Check inventory levels before
custom. Fulfil all orders. confirming orders.
Match customer orders with

despatch notes and follow up
unmatched orders.
Chapter 6 Risks, control objectives and procedures

Goods despatched
Examine goods outwards for

quantity, quality and condition and
Incorrect goods may be agree to sales order.
despatched.
Orders are despatched promptly
Record goods outwards on
and to the correct customer.
Goods may be despatched but sequentially numbered goods
not recorded resulting in loss despatch notes (GDN).
All orders are despatched.
to the business.
Match GDNs to invoices and follow
All despatches are recorded.
Customers may dispute whether up unmatched GDNs.
goods received.
Obtain customer signature on a copy
of the GDN.

Invoice raised
Use authorised selling prices to

Invoices may not be raised or may
prepare invoices.
be inaccurate resulting in
All goods despatched are invoiced.
loss of income or customer
Check calculations of quantity x price
goodwill.
Invoices are raised accurately. for accuracy.
Invoices may be wrongly
Credit notes are only raised Check condition of goods returned
cancelled by credit notes
accurately and for valid reasons. and record on goods return notes.
resulting in loss to the
business.
Authorisation of credit notes.

Sale recorded
Sequence checks for invoices being

recorded.
Only valid sales are recorded, at the Match cash receipts to invoices.
Invoices and credit notes may not correct amount and in the correct
be properly recorded leading to period. Send regular statements to customers.
misstatements in the
financial statements. Sales are recorded in the correct Review and follow-up overdue
customer accounts. accounts.
Debts may be recorded when they
are not recoverable. Identify potential bad debts on a Authorisation of bad debt
timely basis. write-offs/allowance.
Reconciliation of receivables ledger

with nominal ledger

Cash collected
Segregation of duties between

recording and banking.
Receipts may be allocated to the Safe custody of receipt books and

wrong customer leading to cash/cheques.
All receipts are recorded correctly.
disputes.
Daily banking.
All receipts are banked promptly.
Delays in banking could result in
cash being lost. Reconciliation of bank paying in slips
and cash book.
Regular bank reconciliations.

2. Tests of controls
If the auditor believes internal controls are likely to be effective, the auditor
may choose to perform tests of controls to obtain evidence that the
controls were operating effectively throughout the period.
To test whether internal controls are operating effectively, the auditor must
first identify the controls that address a given risk.
Procedures should then be performed to check the control is working, such
as making enquiries, observation of processes or inspection of assets or
documents.
Chapter 6 Tests of controls

CHAPTER 7
Purchases system
Outcome
• identify the risks, and corresponding control objectives, relating to purchases

systems
• recognise weaknesses in a purchases system
Overview
RISKS, CONTROL
AUDITOR TESTING OF
OBJECTIVES AND
CONTROL PROCEDURES
CONTROL PROCEDURES
STAGES OF THE
PURCHASE
CYCLE
Order Goods Invoice Purchase Cash

taken received received recorded paid
Order placed
New suppliers must be authorised by

management.
Evidence required of need for purchase

Goods and services may not be of Purchases should only be from before authorisation,
good enough quality or value for approved suppliers at e.g. inventory level checked.
money. competitive prices.
Sequentially numbered order forms.
Unauthorised purchases may be Purchases are only made for
made for personal use. valid business reasons. Authorisation of order forms by an
appropriate manager.
Central purchasing department or

maintenance of approved supplier list

Goods received
Examine goods inwards for quantity,

quality and condition and agree to
purchase order.
Only goods ordered by the
Goods may be accepted when
company are accepted. Record goods inwards on sequentially
they were not ordered by the
numbered goods receipt notes (GRN).
company.
All receipts should be
recorded. Match GRNs to invoices and follow up
Receipts may not be recorded.
unmatched GRNs.
Goods received should be
Goods may be misappropriated.
stored securely. Physical controls over stores.
Raise a sequentially numbered returns

note for all rejected/returned goods.

Invoice received
Match invoice details to GRNs.

Ensure invoice details are
Invoices may not be received
correct. Arithmetic checks on supplier
resulting in slow payment and
invoices.
loss of supplier goodwill.
All credit notes to which
the company is entitled Claim credit notes for all goods
Invoices may not be correct.
are claimed. rejected/returned and follow up
unmatched return notes.

Purchase recorded
All valid purchases are Match cash payments to invoices.

Purchases may not be
recorded, at the correct
recorded resulting in
amount and in the correct Compare monthly supplier
misstatements in the financial
period. statements to payables ledger
statements.
balances.
Purchases are recorded in
Purchases may be recorded
the correct supplier Reconciliation of purchase ledger
where there was no receipt.
accounts. with nominal ledger.

Cash paid
Segregation of duties between custody of cash/

cheque books/BACS transfer authority and
Payment is only made for recording payments.
goods received.
Payment only approved after checking supporting
False invoices are paid.
Only valid expenditure is documentation (e.g. invoices matched to GRNs).
paid.
Payments are not recorded at
Invoices labelled as paid to avoid duplication.
the correct amount or in the
Payments are only made
correct supplier accounts
once. Appropriate limits set on amounts that can be
leading to disputes.
authorised, e.g. payments over set level require two
Payments are recorded signatures.
correctly.
Compare monthly supplier statements to payables
ledger balances.

documents

CHAPTER 8
Employee costs
Outcome
• identify the risks, and corresponding control objectives, relating to purchases

systems
• recognise weaknesses in the payroll system
Overview
RISKS, CONTROL
AUDITOR TESTING OF
OBJECTIVES AND
CONTROL PROCEDURES
CONTROL PROCEDURES
STAGES OF THE
EMPLOYEE
COSTS SYSTEM
Calculate Record Pay wages

wages wages and
and salaries and salaries salaries
1. Introduction to the employee costs system
Calculating wages and salaries is a function of standing data and variable data.
o Standing data is the information in the employee costs system that doesn’t vary
regularly e.g. hourly rates, salary, overtime rate
o Variable data includes hours worked or overtime, as recorded on
e.g. timesheets or clock cards.
So for trainees in an accounting firm, the calculation of wages and salaries might
be:
Monthly salary + (overtime hours worked × hourly rate)
In addition to calculating the amounts to be paid to staff, a key component of the
employee costs system is the calculation of payroll taxes to be paid to HMRC.
Chapter 8 Introduction to the employee costs system

Calculate wages and salaries
Regular checking of wages and

salaries to personnel records.
Employees may be paid One to one checks and authorisation

incorrectly resulting in loss of Employees are only paid for of changes to standing data.
staff goodwill. work done.
Record hours worked where
Employees may continue to be Gross and net pay have been appropriate by useof timesheets or
paid after they have left resulting correctly calculated. clocking in/out with controls over
in loss to the business. authorisation of hours/ overtime and
range checks on hours worked.
Compare payroll to budget.

Record wages and salaries
Payroll is reviewed and authorised by

Gross and net pay may be appropriate manager.
incorrectly recorded resulting in
misstatements in the financial Record gross and net pay and all Reconcile total pay and deductions to
statements. deductions accurately. previous month totals.
Deductions may be incorrect Pay the correct amounts to Compare payroll totals recorded to
resulting in HMRC penalties or HMRC on a timely basis. budget.
liabilities in respect of pension
deductions. Agree gross earnings and total tax
deducted to tax returns.

Pay wages and salaries
Segregation of duties between

maintenance of personnel records,
preparation of payroll and payment of staff.
For cash payments, physical controls over

Payments may be made to bogus
the safe custody of cash
employees.
Pay the correct amount to actual and payslips.
employees.
Payments to employees may be
For bank transfers, comparison of
incorrect.
payments to payroll and authorisation by
appropriate manager.
Maintenance and reconciliation of wages

and salaries nominal ledger account

documents.

CHAPTER 9
Internal audit
Outcome
• describe the function and importance of internal audit
• explain the differences between the role of the internal auditor and external auditor
Chapter 9 Outcome
Overview
Organisational Auditor
Introduction independence
structure
What is
internal audit?
INTERNAL AUDIT
Function of Comparison of
internal audit external and
internal audit
Chapter 9 Overview
1. What is internal audit?
Introduction to internal audit
Internal Audit is an independent appraisal activity established within an organisation. It is generally a feature of
large companies.
The UK Corporate Governance code applies to listed companies and stresses the need for good internal control.
Listed companies without an internal audit department should reconsider the need for one on an annual basis.
Organisational structure
In large organisations the internal audit function will be a separate department.
In a small company it might be the responsibility of individuals to perform specific tasks even though there will
not be a full-time position.
Some companies outsource their internal audit function, often to an accountancy firm.
Chapter 9 What is internal audit?

1. What is internal audit?
Auditor independence
An internal audit department cannot be completely independent of management. Internal auditors can retain
objectivity by:
➢ Having no involvement in the operational activities of the company
➢ Reporting to an appropriate level of management e.g. Audit Committee or Board of Directors.
Chapter 9 What is internal audit?

2. Function of internal audit
The internal audit function plays a key role in organisational risk management.
The activities of internal audit generally involve the following roles:
Monitoring internal
control systems
Monitoring the overall

Examining financial and
risk management policy
operating information
for effectiveness
Reviewing the economy,

efficiency and Special investigations
effectiveness of e.g. into suspected
Reviewing compliance
operations fraud
with laws and other
external regulations
Chapter 9 Function of internal audit

3. Comparison of external and internal audit
The external audit focuses on the accounts, providing the shareholders with an independent opinion on whether the financial
statements are true and fair and properly prepared.Internal audit is much broader in scope, covering any aspect of the company’s
operations. Internal audit may use similar techniques to external audit, but the objectives are different.
External audit Internal audit
Required by Company law TCWG (Board of Directors/Audit Committee)
Appointed by Shareholders or Board of Directors TCWG (Board of Directors/Audit Committee)
Reports to Shareholders TCWG (Board of Directors/Audit Committee)
Reports on Whether the financial statements are Adequacy of internal controls, etc.
➢ True and fair

➢ Properly prepared.
Whether the directors’ report and strategic
report is consistent with the financial statements
Scope of assignment Unlimited, to fulfil statutory obligations Prescribed by TCWG (BOD/Audit

Committee)
Chapter 9 Comparison of external and internal audit
CHAPTER 10
Documentation
Outcome
• explain why assurance providers document their work
• describe the form and content of working papers
• explain why the safe custody and retention of documentation is important, and how
it is achieved
• explain the issues of ownership and rights of access to documentation
Chapter 10 Outcome
Overview
Purpose
ASSURANCE
DOCUMENTATION
Form and
Safe custody Ownership
content of
and and rights of
working
retention access
papers
Chapter 10 Overview
1. Purpose of documentation
Introduction
Documentation, in the form of working papers, should be maintained for all assurance
engagements.
Working papers are prepared and retained by assurance providers in connection with the
performance of the assurance engagement.
Chapter 10 Purpose of documentation

1. Purpose of documentation
Features of working papers

Working papers should be sufficiently Working papers provide a record of:
complete and detailed to:
➢ Support the conclusions drawn by the ➢ The planning and performance of the engagement
assurance provider
➢ The supervision and review of the work performed
➢ Provide an overall understanding of the ➢ The evidence obtained which the assurance provider
considers necessary, and on which they have relied to
work undertaken arrive at their conclusion
➢ Provide evidence of compliance with ➢ The quality control procedures carried out.
relevant laws, regulations and professional
standards.
Working papers may be held as paper, film, electronic or other media.
Chapter 10 Purpose of documentation

2. Form and content of working papers
Professional judgement
Assurance providers should use their professional judgement when deciding what to
document.
Automated working paper packages have been developed which can make the task of
documenting assurance work much easier.
Chapter 10 Form and content of working papers

Audit working papers
ISA 230 provides that:
Audit work performed
An experienced To
Audit To Evidence obtained
allow auditor with no understand
documentation previous connection
must be sufficient with audit
Significant matters arising
Conclusions reached

Contents
Illustration: audit working paper
Client: Dirac Ltd Prepared by: JC Maxwell Date: 15/8/16 D 3.1
Period: y/e 30/6/16 Reviewed by: N Bohr Date: 28/8/16
Subject: Receivables
Objective: To ensure receivables ledger balances fairly stated.

Procedures: Selected a sample of trade receivables as at 30 June 2016 from the receivables ledger and vouched
receipts of cash from customers to the bank statements using remittance slips to support which
invoices were being settled.
Results: See D 3.2
One customer, Faraday Ltd, is disputing an invoice of

£14,560 which is immaterial, but this has been discussed with the client who has agreed to adjust
the receivables balance.
Conclusion: After making the adjustment noted above, receivables ledger balances are fairly stated as at 30
June 2016.

Working papers should show:
➢ Name of client ➢ Objective

➢ Reporting date ➢ Source of information
➢ File reference ➢ Sample size
➢ Name of preparer/date ➢ Work performed
➢ Name of reviewer/date ➢ Results and conclusions drawn
➢ Subject of working paper ➢ Analysis of errors

Types of audit file
Permanent audit file (PAF)
➢ Matters of a permanent or semi-permanent nature
➢ Suitably indexed
➢ Prepared at the commencement of the initial audit for the client
➢ Reviewed and updated at the commencement of subsequent audits for the same client.
Current audit file (CAF)
➢ Relate primarily to the set of accounts or statements being audited
➢ Suitably indexed
➢ Prepared for the client on each occasion an audit is performed.

3. Safe custody and retention
Safe custody of working papers is important:
➢ Assurance work must be kept confidential
➢ Paper documents should be kept in a secure location
➢ Electronic documents should be protected using suitable security measures.
➢ The duration of holding working papers is a matter of judgement, although:
➢ The ICAEW, ACCA, CIMA… requires all firms to have a document retention policy.
➢ Registered Auditors should keep all audit working papers required by auditing standards for
at least six years from the end of the accounting period to which they relate.
Chapter 10 Safe custody and retention

4. Issues of ownership and rights of access
Working papers created by the assurance provider:
➢ Belong to them as they were created in an independent capacity for their own use
➢ Must be kept confidential
➢ May be shown to the client at their discretion
➢ Should not be shown to a third party without their client’s permission. Any reports created as
output to an assignment:
➢ Auditor’s report belongs to the client once they have been issued.
Chapter 10 Issues of ownership and rights of access

CHAPTER 11
Evidence and
sampling
Outcome
• understand the procedures for obtaining evidence
• recognise the strengths and weaknesses of particular forms of evidence
• understand how much evidence to obtain
• recognise when sufficient appropriate evidence has been obtained such that a
conclusion can be drawn
• identify when tests of controls and substantive procedures will be used and
answer questions relating to these areas.
Chapter 11 Outcome
Overview
Substantive Analytical Directional Accounting
procedures CAATs estimates
procedures testing
General
procedures
for obtaining
evidence
EVIDENCE AND
SAMPLING
Evaluation of
Sampling
misstatements
Chapter 11 Overview
1. General procedures for obtaining evidence
Audit approach
We saw in Chapter 4 that the auditor needs to decide upon an audit approach, choosing the
appropriate balance of tests of controls and substantive testing. The following three chapters cover
audit evidence in more detail:
➢ Chapter 11: general approaches to obtaining audit evidence
➢ Chapter 12: the use of management representations as a form of audit evidence
➢ Chapter 13: the application of the general approaches to obtaining audit evidence to specific
account balances.
Chapter 11 General procedures for obtaining evidence

Substantive procedures (5W + 1H)
ISA 500 sets out the following types of substantive procedures:
➢ Inspection of assets or documents
➢ Observation
➢ Inquiry
➢ Confirmation
➢ Recalculation
➢ Reperformance
➢ Analytical procedures.
Evidence is generally persuasive rather than conclusive so it may be necessary to perform more than
one procedure to address a given risk.

Computer assisted audit techniques (CAATS)
Modern accounting systems are generally computerised so the auditor may be able to use technology to carry out audit
procedures. There are two traditional categories of CAATs:
Test data Audit software

Description Auditor data is put into the client’s system Client data is put into the auditor’s system
Data: real or dummy System: live or a Generally use for substantive procedures
copy
Use Test the controls in the system Basic data analysis

Substantive testing
Examples The auditor enters data e.g. Reperformance of addition or ageing of
transactions
➢ A timesheet with hours outside the Preparation of reports Calculations of
normal range to check that the system
rejects it ratios Sample selection
➢ A valid purchase invoice to check that
it is allocated to the correct account

Audit data analytics

Auditors may use data analytics to respond to the challenge of managing ‘big data’ at their clients. Data analytics
involves examining data to identify patterns, trends or correlations.
Data analytics can be embedded in the audit plan to assist with:
➢ Transaction analysis e.g. matching purchase orders, goods received notes and invoices
➢ Judgemental areas e.g. using sensitivity analysis to test assumptions on the net realisable value of inventory
➢ Analytical procedures e.g. analysing revenue trends by product or region.
The results of data analytics may be presented in formats such as bar or pie charts which allow the auditor to
visualise the data more easily.

Analytical procedures
In Chapter 3 we saw that analytical procedures should be used to identify risk at the planning stage.
The process of performing analytical procedures was:
Understand the Develop an Compare actual to Unexpected

business expectation expectation variations = risk

ISA 520 states that the auditor can use analytical procedures as a form of substantive procedure (SAP). This can be
an efficient way to obtain audit evidence although it is dependent on a number of factors such as:
➢ The strength/comparability of relationships
➢ The reliability of the data being used in the analysis
➢ The level of disaggregation of the data available
➢ The depth of the auditor’s knowledge of the client.
At the planning stage it is enough to identify risk areas and use this to determine the audit approach.
At the evidence stage, the auditor must determine whether unexpected variations are acceptable (influenced by
materiality) and if not, seek further evidence:
➢ Make enquiries of management
➢ Corroborate management explanations with other evidence.

1.General procedures for obtaining evidence
Directional testing
The auditor’s aim is to identify whether the financial statements are free from material
misstatement.
A misstated balance could be overstated or understated.
Testing for overstatement requires a different approach to testing for understatement.

Illustration
You are testing non-current assets at a client. You identify the key components of the system as:
Financial Non-current asset

statements register
Physical assets
To test for overstatement:
➢ Start with the financial statements
➢ Agree the balance to the non-current asset register
➢ Select a sample of assets in the non-current asset register
➢ Perform procedures such as inspection of the asset (to confirm existence) and the purchase invoice (to confirm valuation/rights and
obligations) and confirm that the balance is not overstated.
To test for understatement:
➢ Start with the assets that you can see being used in the client’s business
➢ Trace to the non-current asset register (to confirm completeness of accounting records) and confirm that the balance is not understated.

The direction of testing is different for understatement and overstatement.
For overstatement the direction of testing is:
Book-to-floor direction
Figure in accounts Intermediate Supporting evidence

documentation
For understatement the direction of testing is:

Floor-to-book direction
Reciprocal Supporting Intermediate Figure in the

population evidence documentation accounts

Audit of accounting estimates
ISA 540 sets out the audit approach for estimates, for example:
➢ Depreciation
➢ Allowance for receivables
➢ Provisions.
Estimates are high risk due to their subjective nature and the risk of management bias.
The most common audit procedures for an accounting estimate are:
➢ Review and test the process used by management to develop the estimate.
➢ Use an independent expert to make an estimate for comparison with the company's figure.
➢ Review subsequent events for confirmation of the accuracy of the estimate.
➢ Test the operating effectiveness of the controls over how management made the estimate.

2. Sampling
Introduction to sampling
Assurance providers generally seek evidence from less than 100% of items in the balance or transaction being
tested.
ISA 530 states that the objective of the auditor when using sampling is to provide a reasonable basis for the
auditor to draw conclusions about the population from which the sample is selected.
Some testing procedures do not involve sampling, for example:
➢ Testing all items in a population (may be appropriate where the population is made up of a small number
of high-value items, or for unusual items)
➢ Testing all items with a certain characteristic such as high-value items (selection is not representative).
The sampling process can be summarised as follows:
Identify Identify Select Identify Draw

population sampling unit sample errors conclusions
Chapter 11 Sampling
2.Sampling
Identify the population and sampling unit

The population is the entire set of data from which a sample is selected
e.g. revenue, receivables.
The sampling units are the individual items constituting a population e.g. sales invoices or
individual receivables balances.
ISA 530 requires that the auditor selects items in such a way that each sampling unit in the
population has a chance of selection.
Chapter 11 Sampling
2.Sampling
Selecting a sample
Sampling methods can be statistical or non-statistical. Statistical sampling uses random selection of the sample
items and the use of probability theory to evaluate results.
Statistical sampling methods
Method Description
Random selection All items in the population have an equal chance of selection by using random
number tables/computerised generator.
Systematic selection Items are selected using a random start, then a constant interval between
selections.
Money Unit Sampling Every £1 in the population has an equal chance of being selected.
(MUS)
Chapter 11 Sampling
2.Sampling
Illustration – MUS
Materiality has been set at £50,000 and the sample requires that balances containing each 50,000th £1
are selected from the receivables ledger as follows:
Customer Balance Cumulative total Selected

A 30,000 30,000 No
B 35,000 65,000 Yes
C 45,000 110,000 Yes
D 52,000 162,000 Yes
E 13,000 175,000 No
F 22,000 197,000 No
G 15,000 212,000 Yes
Chapter 11 Sampling
2.Sampling
Non-statistical sampling methods
Method Description
Haphazard selection The auditor selects a sample they think will be representative, without the
use of probability theory.
Sequence or block Select a block of items e.g. 50 consecutive cheques, March invoices.
selection
Tends to be used for tests of control.
After deciding on the sample method, the auditor needs to consider the size of the sample.
Chapter 11 Sampling
2.Sampling
Audit firms will have their own methodology but it should apply the requirements of ISA 530 which gives examples of
factors which influence sample sizes:
Factor Effect on sample

size
Increase in the auditor’s assessment of the risk of material misstatement (IR x CR) Increase
Increase in the desired level of assurance (may need less assurance if other, Increase
corroborating procedures are being carried out)
Increase in the tolerable misstatement (linked to materiality) Decrease

Increase in the expected error (linked to risk) Increase
Stratification* of the population Decrease
Increase in the number of sampling units in the population Negligible effect
*Stratification is the process of dividing units of the population into homogeneous subgroups before sampling.
Chapter 11 Sampling
2.Sampling
Identifying errors and drawing conclusions
Once the auditor has tested the sample of items from the population, they must draw conclusions taking the following into account:
➢ The nature of errors identified
– Whether errors are true misstatements
– e.g. misposting between receivables accounts does not actually reflect an error in the receivables balance.
➢ The cause of errors identified
– Where common features are discovered
– e.g. all errors arise in the same location, further testing may be required.
➢ The impact on other parts of the audit
– The identification of errors may influence the auditor’s assessment of the accounting and internal control systems.
➢ The probable misstatement in the population
– Results should be extrapolated
– If the projected misstatement exceeds or is close to the tolerable misstatement (linked to materiality) then additional
testing may be required.
Chapter 11 Sampling
3.Evaluation of misstatements
ISA 450 states that the auditor must evaluate the effect of any uncorrected misstatements
on the financial statements.
The auditor must communicate all misstatements on a timely basis to management and
request they correct them.
Written representations must be obtained from management stating that they believe the
misstatements to be immaterial.
Chapter 11 Evaluation of misstatements

3.Evaluation of misstatements
If management refuses to correct the misstatements, the auditor should:
➢ Obtain an understanding of the reasons for refusal
➢ Determine whether the misstatements are material
➢ Communicate the uncorrected misstatements to those charged with governance and request they are
corrected, explaining that the audit report will be modified if material misstatements are not corrected.
Matters which are not material in size but which may be considered material by nature are misstatements
which:
➢ Affect compliance with laws and regulations
➢ Affect compliance with debt covenants
➢ Affect ratios used to evaluate financial position, results or cash flows
➢ Increase management compensation.
Chapter 11 Evaluation of misstatements

CHAPTER 12
Written
representations
Outcome
. of this session you should be able to:
By the end
• explain the purpose and nature of written representations from management
• identify when oral representations should be confirmed in writing

• explain how reliable written representations are as a source of assurance evidence
Chapter 12 Outcome
Overview
Nature and
purpose
MANAGEMENT
REPRESENTATIONS
Reliability
Contents of
management
representation
letter
Chapter 12 Overview
1. Nature and purpose of management representations
Management representations
Management representations are explanations or answers given
to the assurance provider during the course of an engagement.
They are a form of evidence and can be oral or written.
Chapter 12 Nature and purpose of management representations

Purpose of written representations
Written confirmation of oral representations avoids confusion and

disagreement, i.e. they are more reliable.
Management representations may be used in all types of assurance

engagement.
ISA 580 requires the auditor to obtain written representations from

management.

Format of written representations
The auditor will usually:
➢ Prepare a draft management representation letter
➢ Ask the directors to sign it
➢ Require its return as evidence before the audit report is signed.
The letter should be dated as near as possible before the date of the audit report.

2. Contents of management representation letter
General matters
ISA 580 requires the auditor to seek written representations on the following matters:
➢ Confirmation that management has fulfilled its responsibility for the preparation of the
financial statements in accordance with the relevant financial reporting framework
➢ Confirmation that all relevant information has been provided to the auditor
➢ Confirmation that all transactions have been recorded and reflected in the financial
statements.
Chapter 12 Contents of management representation letter

Other matters
In addition to representations on these general matters, the auditor will obtain specific written
representations where:
➢ Other ISAs require representations to be obtained (e.g. ISA 450 requires that the written
representation letter must include a list of all uncorrected misstatements and that the auditor
obtains representations that the sum of unadjusted misstatements is immaterial to the financial
statements as a whole).
➢ The auditor decides that written representations are required to support other audit evidence.
Written representations cannot be used instead of other evidence which the auditor expects to
exist.

Other matters which may be the subject of written representations include:
➢ Whether accounting policies are appropriate
➢ Whether the applicable reporting framework has been complied with in respect of items
such as intentions that may affect the carrying value of assets
➢ Whether all deficiencies in internal control of which management is aware have been
communicated to auditors
➢ Specific written representations required by other ISAs
➢ Support for management’s judgement of intent in relation to a specific assertion.
Example of management representation letter (ICAEW Workbook)

3. Reliability
Written representations are more reliable than oral representations.
There may be doubts over the reliability of management representations, for example
where:
➢ The auditor has concerns about the competence, integrity or diligence of

management
➢ Where written representations are inconsistent with other audit evidence.
Corroborative evidence should be sought, but may not always be available.
If a particular representation is contradicted by other evidence, the auditor should
investigate the matter and consider the impact on the assessment of the reliability of
management representations in general.
Chapter 12 Reliability
CHAPTER 13
Substantive procedures: key

financial statement figures
Outcome
By the end
• describe the nature of tests on balances carried out by assurance providers and explain the
objectives of those tests
• identify suitable tests in a given business scenario
• explain when a matter should be referred to a senior member of staff and answer
questions relating to these areas.
Chapter 13 Outcome
Overview
BUSINESS FINANCE
Banks and Sources of

financial Finance business
markets finance
Chapter 13 Overview
1. Financial statement assertions
When designing substantive procedures the auditor should consider which financial statement assertions the test
needs to address. You learnt about these assertions in Chapter 4.
The table below contains a reminder of the assertions relating to transactions and account balances (excluding
Classification and Presentation)
Assertions about classes of Occurrence Transactions that have been recorded have occurred and pertain to the
transactions and events for the entity.
period under audit Completeness All transactions that should have been recorded have been recorded.
Accuracy Amounts have been recorded appropriately.
Cut-off Transactions have been recorded in the correct accounting period.
Assertions about account Existence Assets, liabilities and equity interest exist.
balances at the period end
Rights and obligations The entity owns the assets, and liabilities are the obligations of
the entity.
Completeness All assets, liabilities and equity interests that should have been recorded
have been recorded.
Accuracy, valuation and Assets, liabilities and equity interests are included in the financial
allocation statements at appropriate amounts.
Chapter 13 Financial statement assertions

2. Non-current assets
The auditor should design audit procedures appropriate for tangible and intangible non-current assets as well as
investments, depending on the assets held by the client.
Audit procedures
The key financial statement assertions to address with suitable audit procedures are shown in the table:
Assertion Audit procedures

Existence Physical verification of assets selected from the non- current asset register
Rights and obligations Inspection of, for example:

➢ Title deeds for property
➢ Vehicle registration documents
➢ Share certificates
➢ Purchase invoices
Completeness Trace a sample of assets seen in use to the non-current assets register
Chapter 13 Non-current assets

2. Non-current assets
Valuation Inspect purchase invoices for cost

Inspect surveyor’s report for revaluations For self-constructed assets:
➢ Agree labour costs to payroll records

➢ Agree subcontractor costs to invoices
➢ Consider the reasonableness of assumptions underlying overhead
calculations, and reperform the calculations
Consider appropriateness of depreciation policy by investigating significant

profits or loss on disposal
Recalculate the depreciation charge
Worked Example: Non-current asset assurance engagement (ICAEW Workbook)
Chapter 13 Non-current assets

3. Inventory
Importance of inventory in the audit
In certain types of business, for example retail or manufacture, inventory will be a key audit area.
Possible reasons for the significance of inventory:
➢ In some businesses inventory is highly material
➢ Its valuation is subjective (lower of cost and NRV)
➢ It affects both the Statement of Profit or Loss and the Statement of Financial Position.
When designing audit procedures it is helpful to remember what makes up the final inventory figures in the
financial statements:
Inventory = Quantity × Value
Chapter 13 Inventory
3. Inventory
Attendance at the inventory count
Attendance at the inventory count is required by ISA 501.
Attendance at the inventory count provides evidence about QUANTITY as the auditor performs test counts to
check the client’s counting.
The auditor also gathers evidence over VALUATION by identifying items that are damaged, old or dusty as
these may need to be scrapped or sold at a discount.
Before the inventory count:
➢ Review locations and count instructions
➢ Consider whether expert help is required
➢ Review systems of control and internal auditor arrangements
➢ Arrange to verify any inventory held at third party premises.
3. Inventory
During the inventory count:
➢ Observe counts for compliance with instructions
➢ Check cut-off arrangements
➢ Identify procedures for keeping any third party inventory separate from the client’s inventory
➢ Perform two way test counts (see Existence and Completeness below)
➢ Identify any slow-moving or old inventory that may require impairment.
After the inventory count:
➢ Follow up the sample selected for test counting to check the correct quantity has been included in the
final inventory listing
3. Inventory
Audit procedures
Existence Take a sample of items already counted by the client from the count
sheets, and agree to the number of items in the warehouse.
Rights and obligations Seek confirmation from third parties about inventory held on their
behalf at the client, or held at their premises for the client.
Completeness Take a sample of items in the warehouse and count them, then agree to
the client’s count sheets.
3. Inventory
Valuation To obtain evidence over cost:
Agree costs to purchase invoice
For inventory manufactured by the company:

➢ Agree materials costs to invoice
➢ Agree labour costs to payroll
➢ Evaluate the reasonableness of assumptions underlying overhead calculations, and reperform the
calculations.
To obtain evidence over net realisable value:
Inspect post year-end sales invoices for evidence of actual selling prices
For items not sold by the time of the audit, inspect order books/price lists
At the inventory count, look for old or damaged items which may indicate obsolescence
Review the aged inventory listing to identify old or slow- moving items, and discuss the need for
impairment with client management.
4. Receivables
The audit of receivables usually focuses on whether the customer agrees with the recorded balance, and whether the debt is
likely to be paid.
Audit procedures
Existence Obtain direct confirmation of receivables balances from customers (see next page).
Rights and obligations
Valuation For a sample of receivables selected from the receivables ledger, inspect the post
year-end bank statements to identify cash received from customers.
Discuss the allowance for doubtful debts with client management.
Evaluate the reasonableness of their assumptions and reperform any calculations.
Chapter 13 Receivables
4. Receivables
Customer confirmations
ISA 505 provides guidance to auditors where they wish to use external confirmations as a form of audit evidence.
How customer confirmations work :
Auditor prepares
confirmation
requests
Customers send replies

Client sends requests to
direct to the auditor
customers
4. Receivables
Different types of customer confirmation
Positive confirmation Negative confirmation
Dear Customer, Dear Customer,
Our auditors request that you confirm to them Our auditors request that you confirm to them
directly your indebtedness to us at 30 June directly your indebtedness to us at 30 June
2017, which according to our records amounted 2017, which according to our records amounted
to £4,766. to £4,766.
Please confirm your agreement, or notify our If you disagree with this amount, please notify
auditors of the amount shown by your records, our auditors of the amount shown by your
setting out the details of the difference. records.
4. Receivables
Positive confirmations encourage definite replies from those contacted.
Negative confirmations only request a reply if the balance is disputed, but a lack of response might
just mean the customer did not receive the request or chose to ignore it.
Negative confirmations should only be used where:
➢ The risk of misstatement is low
➢ Controls are operating effectively
➢ A large number of small balances are involved
➢ There is no reason to believe that customers will disregard the request.
5. Bank and cash
Accounting knowledge
You can apply your understanding of accounting for cash to the audit.
Illustration
Bank reconciliation £ £
Balance per bank statement 10,500
Less: unpresented cheques
14501 500
14502 1,500
14503 2,600
(4,600)
Add: uncleared lodgements 5,500
5,500
Balance per financial statements 11,400
All items in this reconciliation can be agreed to supporting information from the bank.
Chapter 13 Bank and cash

5. Bank and cash
Audit procedures
Valuation Agree the reconciling items in the bank reconciliation to the post year-end
bank statements to confirm they are reasonable.
Rights and obligations Confirm bank balances directly with the bank.
Existence Count material cash balances held at the client.

Confirm bank balances directly with the bank.

5. Bank and cash
Bank confirmations
Obtaining direct confirmation from the client’s bank provides a reliable form of audit evidence over bank
balances. The process is similar to obtaining a customer confirmation.
Auditor prepares confirmation request
Bank sends confirmation Client signs* and sends to

direct to the auditor bank
*The bank will require written authority to disclose from the client.

5. Bank and cash
The form and content of the bank confirmation letter may vary: in addition to obtaining
confirmation of the year-end bank balances, the auditor may also seek confirmation of:
➢ Loans and overdraft facilities and terms
➢ Contingent liabilities e.g. guarantees given
➢ Securities belonging to the client that are held in safe custody by the bank.

6. Payables
The key risk is that payables are understated i.e. completeness. This means it is important to
consider the concept of directional testing:
➢ Selecting a sample of payables balances in the payables ledger will not allow you to identify
missing balances
➢ Instead it is important to select from a reciprocal population.
Chapter 13 Payables
6. Payables
Audit procedures
Completeness Obtain a sample of supplier statement reconciliations performed by the

client and test the reconciling items.
Inspect the post year-end bank statements and identify payments to

suppliers. Trace these to GRNs and, if they relate to pre year-end receipts
of good/services, check they are included in the payables balance.
Chapter 13 Payables
7. Long-term liabilities
Long-term liabilities include debentures, loan stock and other loans repayable at a date
more than one year after the year-end.
It is important that the financial statements disclose the correct split between current and
long-term liabilities.
Chapter 13 Long-term liabilities

7. Long-term liabilities
Audit procedures

Completeness Obtain direct confirmation from lenders of balances, accrued interest and any
security held against the loan.
Inspect board minutes for evidence of any new loans.
Confirm repayments are in accordance with loan agreements.
Presentation and disclosure Recalculate the split of the loan between current and long-term.
Inspect the financial statements disclosure note for adequacy.
Accuracy and cut-off Verify interest charged for the period and the adequacy of accrued interest.
Chapter 13 Long-term liabilities

8. Statement of Profit or Loss items
The key financial statement assertion is completeness.
When auditing items in the Statement of Profit or Loss, the auditor is faced with a large volume of transactions
like sales or purchases, so the most efficient audit approach generally includes a combination of:
➢ Tests of control
➢ Analytical procedures e.g.
– Comparison of figures to prior year and budget
– Review on a month by month or branch by branch basis
– Using the relationship between SPL items and balances e.g. revenue and receivables, purchases and
payables
– Proof-in-total for items such as payroll, depreciation or interest expense
➢ Some tests of detail.
Chapter 13 Statement of Profit or Loss items

9. Matters which should be referred to a senior member
of staff
Matters which should be referred to a senior member of staff include:
➢ Conclusions ➢ Indications of possible money laundering
➢ Exceptional items ➢ Issues requiring further discussions with the

client
➢ Unusual accounting entries
CHAPTER 14
Codes of professional
ethics
Outcome
By the end
• describe the differences between principles and rules based systems
• explain why ethics are important to accountants
• describe the key features of IFAC codes

• explain the fundamental principles of IFAC codes and answer questions
relating to these areas
Chapter 14 Outcome
Overview
Introduction to
ethics for
accountants
CODES OF
PROFESSIONAL
ETHICS
FRC
IFAC Code ICAEW Code Ethical
Standard
Chapter 14 Overview
1. Introduction to ethics for accountants
Importance of ethics to accountants
Accountants hold positions of trust with investors, managers, employees, banks and other
stakeholders relying on their work.
Ethical codes aim to:
➢ Ensure that qualified and trainee accountants observe proper standards of professional
conduct
➢ Help the accountancy profession act in the public interest by providing appropriate
regulation of members.
Failure to observe the applicable ethical standards may result in disciplinary action being taken
against the accountant.
Chapter 14 Introduction to ethics for accountants

Sources of ethical guidance
Codes of Professional Ethics are issued by most professional bodies. The
principles apply to all members, whether or not they are in practice. The
following codes are applicable to accountants:
➢ International Federation of Accountants (IFAC) Code of Ethics for Professional

Accountants: applies to all professional accountants
➢ Code of Ethics of professional bodies: applies to their members and trainees
➢ Financial Reporting Council (FRC) Ethical Standard: applies to UK auditors.

Principles based or rules based guidance
There are two main approaches to ethical guidance:
Principles based Rules based

Encourages the accountant to use judgement May be easier to follow because it is objective
Requires compliance with the spirit of the guidance Needs frequent updating to ensure the guidance
applies to new situations
Flexible, so can be applied to new, unusual or
rapidly changing situations May encourage accounts to interpret requirements
narrowly in order to get round the spirit of the
Can still incorporate rules where necessary requirements
A principles-based approach is taken by most professional bodies, including IFAC, and the FRC.

2. IFAC Code
Issuing body
The IFAC Code is issued by the International Ethics Standards Board for
Accountants (IESBA). IESBA is IFAC’s ethics board.
The IFAC Code applies to all professional accountants.
Chapter 14 IFAC Code

2. IFAC Code
Fundamental ethical principles
The IFAC Code contains five fundamental ethical principles:
Principle Description
Integrity Members should be straightforward and honest in all
professional/business relationships.
Objectivity Members do not allow bias or conflict of interest in business
judgements.
Professional competence There is a duty to maintain professional knowledge and skill at an
and due care appropriate level and to follow professional standards.
Confidentiality Information on clients must not be disclosed without appropriate
authority, or used for personal advantage.
Professional behaviour Members must comply with relevant laws and avoid actions
that would discredit the profession.

2. IFAC Code
Independence
Assurance providers should be, and be seen to be independent.
The highest degree of independence is required for audit engagements. Independence is a state of
mind that permits the expression of a conclusion without being affected by influences that
compromise professional judgement.
The IFAC Code sets out the approach that accountants should take to independence issues:
Identify threats Evaluate significance of

Identify and apply safeguards
threats
Safeguards are steps that the accountant can take to eliminate the threat, or reduce it to an
acceptable level.
If no safeguards are available, the accountant should:
➢ Eliminate the interest or activities causing the threat
➢ If this is not possible, decline or discontinue the engagement.
2. IFAC Code
Threats to independence
The IFAC Code identifies five general sources of threat to independence.
These are repeated in the FRC Ethical Standard along with a sixth threat, the
management threat (see below).
The definitions given below are taken from the FRC Ethical Standard so refer to auditors,
but the principles apply to accountants in general.

2. IFAC Code
Threat Definition Example
Self-interest The auditor is reluctant to take actions Owning shares in a client
that are adverse to the interests of the
audit firm
Self-review The auditor is predisposed to Auditing financial statements that have
accept/reluctant to question the work been prepared by the audit firm
done by others in the audit firm
Familiarity The auditor is predisposed to An audit team member has a close family
accept/reluctant to question the work member working in the client accounts
done by the audit client department
Advocacy The auditor takes management’s side, Promoting the client’s shares in a share
adopting a position closely aligned with issue
management
Intimidation The auditor’s conduct is influenced The client threatens the auditor who is
by fear suggesting that a modified opinion on the
financial statements will be given

2. IFAC Code
Safeguards
The IFAC Code identifies two categories of general safeguards that may be used to eliminate or
reduce the threats to independence.
Safeguards created by the profession, legislation or regulation:
➢ Education and training
➢ Continuing Professional Development requirements
➢ Corporate governance regulations
➢ Professional standards
➢ Monitoring of professional work including disciplinary proceedings
➢ External reviews.

2. IFAC Code
Safeguards within the work environment:
➢ Review procedures
➢ Consultations with independent third parties
➢ Rotation of senior staff
➢ Discussions with those charged with governance
➢ Disclosing fees and services to those charged with governance.

4. FRC Ethical Standard
UK auditors must comply with the FRC Ethical Standard* for auditors when
conducting audit engagements.
(* NOTE: The government has announced the abolition of the FRC. It will be replaced with
a new regulator, the Audit, Reporting and Governance Authority (ARGA). At the time this
integrated workbook went to print, the exact details of this change were not known. For
your exams, it should be assumed that the FRC remains in place as the regulator of the
accountancy profession.)
Chapter 14 FRC Ethical Standard

4. FRC Ethical Standard
The Ethical Standard identifies six threats to independence: the five threats from the IFAC Code (see
above) plus one additional threat:
Threat Definition Example

Management The auditor becomes closely The audit firm takes on an
aligned with the views and engagement to design and
interests of management implement the accounting IT
systems for an audit client
In Chapter 15 you will learn about some of the detailed requirements of the FRC Ethical
Standard.
The Assurance assessment will include some questions that provide brief descriptions of practical
scenarios and ask you to apply the relevant provisions of the Ethical Standard.
Chapter 14 FRC Ethical Standard

CHAPTER 15
Integrity, objectivity and

independence
Outcome
By the end
• explain the concepts of integrity, objectivity and independence and understand their
importance
• identify threats to integrity, objectivity and independence
• identify safeguards for integrity, objectivity and independence
• suggest sensible measures to resolve ethical conflicts
• suggest how conflicts of interest between employee duty and professional duty may be
resolved
Chapter 15 Outcome
Overview
Concepts of integrity,
objectivity and independence
INTEGRITY,
OBJECTIVITY AND
INDEPENDENCE
Conflicts of
Threats and Resolving
interest and
safeguards ethical
the
conflicts
accountant
Chapter 15 Overview
1. Concepts of integrity, objectivity and independence
Key concepts
Confidence in financial reporting requires the statutory auditor to provide an opinion on the
financial statements that can be trusted.
In order to achieve this, the auditor must:
➢ Be objective in reaching the opinion on the financial statements
➢ Demonstrate independence from the audit client.
Chapter 15 Concepts of integrity, objectivity and independence

Key concepts
Integrity Objectivity Independence
Freedom from
A state of mind
Implies not situations and
which excludes
merely honesty, relationships that
bias and has
but fair dealing may lead a
regard to all
and truthfulness reasonable and
considerations
informed third party
relevant to the
to conclude that
task in hand
objectivity is
impaired

Ethics exercise
In the exam you may be asked to identify the threats to independence, or appropriate safeguards,
for a given ethical problem.
Although you will need a good understanding of the contents of the FRC Ethical Standard, you
should also be able to apply common sense to the scenarios which may be useful if you forget some
of the details.
We will start by discussing some common ethical problems.

Illustration
The following four situations have arisen in relation to audit clients of your firm, Whites & Harper LLP.
Discuss the ethical issues that arise and consider how your firm might respond to these problems.
Britejet plc
You are about to start work on the audit of this airline company. The client has offered all of the audit team
free flights to a choice of destinations worth up to
£500.
Heath Office Solutions Ltd
Bill Self is a partner in your firm. He is leaving Whites & Harper to join Heath Office Solutions as Finance
Director. The client is keen to get Bill on board as he has been the audit engagement partner for the last few
years and knows the business inside out.
Newdell Ltd
The computerised accounting system at your client Newdell has been struggling to cope with the increased
volume of transactions seen as a result of rapid expansion over the last two years. Your firm has been asked
to help them select and implement a new IT system.
Hornets plc
This client has been growing rapidly via acquisitions. In the coming year, total fees from the company are
expected to reach 20% of your practice income.

2. Threats and safeguards
Introduction
The FRC Ethical Standard covers many different threats to independence and objectivity,
suggesting safeguards where possible. In some situations there may not be any suitable
safeguards, in which case the engagement should be declined or discontinued.
The following sections summarise the key contents of the Ethical Standard for each of the
threats to independence and objectivity.
Chapter 15 Threats and safeguards

Self-interest threat
Scenario giving rise to the self-interest Ethical guidance
threat
Financial interest The audit firm, any partner in the firm or member of the audit team (or immediate family
member of such a person) must not hold a financial interest in a client.
Business relationships The audit firm must not participate in a business relationship with a client.
Employment with audit firm and client Dual employment is prohibited.
Audit partner leaves to take up employment The firm should resign as auditor.
with a client Cannot take on the audit again for two years.
Employee (exclude partner in charge) of audit Employee to inform audit firm.

firm negotiating employment with a client Firm to remove the employee from the engagement and perform a review of their recent work on
the client.
Close personal and family relationships Staff with close personal or family relationships with a member of client staff should not work on
the engagement.
Gifts and hospitality Do not accept gifts or hospitality from a client unless the value is trivial.
Loans Loans from the auditor to client are prohibited.
Loans from client to auditor are prohibited unless made by a bank in the normal course of
business.
Overdue fees (akin to a loan) Consider resignation if fees remain unpaid.
Contingent fees Contingent fees are prohibited.

Fee dependence (non-listed When regular fee income exceeds 10% of the firm’s fee income:
client)
➢ Disclose to Ethics Partner
➢ Disclose to those charged with governance at the client
➢ Implement independent quality control review of the audit.
When regular fee income exceeds 15% of the firm’s fee income:
➢ Cannot act as auditor.
Fee dependence (listed client) When regular fee income exceeds 5% of the firm’s fee income:
➢ Disclose to Ethics Partner
➢ Disclose to those charged with governance at the client
➢ Implement independent quality control review of the audit
➢ Seek to reduce fees.
When regular fee income exceeds 10% of the firm’s fee income:
➢ Cannot act as auditor.
Lowballing Firm may charge any audit fee but the engagement partner should
document that adequate resources have been allocated in order to comply
with Auditing and Ethical Standards.
Fee cap for listed clients Total fees from non-audit services must be no more than 70% of the average
audit fee of the last 3 years.

Self-review threat
Scenario giving rise to the self- Ethical guidance
review threat
Client staff joins the audit firm No involvement in the audit for two years.
Audit staff complete loan assignment to It is prohibited for audit staff to be temporarily ‘loaned’ to a client.
client
Accounting services offered to an audit Non-listed clients: allowed with safeguards
client
➢ Separate teams
➢ Mechanical/technical work only
➢ Quality control review of audit.
Listed clients: not allowed.
Valuation services offered to an audit Non-listed clients: not allowed if material and subjective.
client
If immaterial item, allowed with safeguards.
➢ Separate teams/ Chinese Wall
➢ Second partner review
➢ Management acknowledge responsibility for valuation.
Listed clients: not allowed.

Preparing tax calculations for Non-listed clients: allowed with safeguards

accounting entries in an audit client ➢ Separate teams
➢ Review of tax work by independent tax partner
➢ Quality control review of audit.
Listed clients: do not prepare tax calculations for the purpose of making
material accounting entries.
Internal audit services offered to Providing internal audit services to an audit client is prohibited, for both
an audit client listed and unlisted entities.
IT services offered to an audit IT services are prohibited for both unlisted and listed entities where they
client relate to the accounting or financial management system, or where they
involved taking the role of management.

Familiarity threat
Scenario giving rise to the familiarity threat Ethical guidance
Recruitment services provided to an audit Prohibited for both listed and non-listed clients. This includes advising on the appointment of a
client director or employee, or advising on a remuneration package.
Close family or personal relationships Audit firm employees who have close relationships with client staff should not work on the
audit.
Long association scenarios
Non-listed: engagement partner Situation should be monitored over time to ensure the risk is not too significant for the audit
firm.
The audit firm may decide to ‘rest’ the engagement partner from the engagement for a period
of time to ensure that independence is not affected.
Listed: engagement partner Rotate off after five years (can extend to seven with Audit Committee approval).
No return for five years.
Listed: quality control review partner Rotate off after seven years.
Non-listed client becomes listed: engagement Take previous service into account.
partner
If already served more than four years can only continue for two more.
Listed: other senior staff Review independence after seven years.

Advocacy threat
Scenario giving rise to the advocacy Ethical guidance
threat
Corporate finance services offered The firm is not allowed to promote, deal in or underwrite a client’s
to audit client shares.
If corporate finance services are offered, risks must be appraised and
safeguards implemented where possible, e.g. separate teams, second partner
review, making disclosures to the audit committee.
Legal services offered to an audit An audit firm must not act as a solicitor representing the client in a legal
client case.
If legal services are offered, risks must be appraised and safeguards
implemented where possible, e.g. separate teams, second partner review,
making disclosures to the audit committee.
Representing an audit client in a tax This is prohibited if the issue is material to the financial statements.
tribunal or court to resolve a tax Otherwise it may be carried out with safeguards:
dispute
➢ Separate teams
➢ Obtain advice from an external tax professional.

Intimidation threat
Scenario giving rise to the Ethical guidance

intimidation threat
Close family or personal Audit firm employees who have close relationships with client
relationships staff should not work on the audit.
Business relationships The audit firm must not participate in a business relationship
with a client.
Audit partner leaves to take up The firm should resign as auditor.
employment with a client
Cannot take on the audit again for two years.
Actual or threatened Disclose to those charged with governance at the client.
litigation
Consider resignation.

Management threat
Scenario giving rise to the Ethical guidance

management threat
Any additional non-audit service Do not take on management roles.
provided to an audit client where
the auditor may take on a Use the engagement letter to clarify the responsibility of management
management role for decision making and to limit the involvement of the audit firm to
work of a more mechanical or technical nature.
Establish informed management (where the auditors believe that the

member of management designated by the audit client to receive the
results of a non-audit service provided by the auditor has the capability
to make independent management judgements and decisions on the
basis of the information provided).

3. Resolving ethical conflicts
You have now seen how the FRC Ethical Standard deals with common ethical issues.
Remember that the ethical guidance for accountants is principles based, so when an
ethical problem is identified the accountant should consider the principles as well as the
detailed guidance.
Chapter 15 Resolving ethical conflicts

3. Resolving ethical conflicts
The professional accountant should consider the following:
➢ Relevant facts
➢ Relevant parties
➢ Ethical issues involved
➢ Fundamental principles related to the matter
➢ Established internal procedures
➢ Alternative courses of action.
The individual accountant should then consider the most appropriate course of action. If this is
not clear, the accountant may need to refer the matter:
1. In-house e.g. to the Ethics Partner
2. Externally e.g. professional bodies’ ethics helpline.
Chapter 15 Resolving ethical conflicts

4. Conflicts of interest and the accountant
Professional accountants working in industry may face more pressure to behave unethically than
those in practice, whose employers are also bound by the codes of ethics applying to the
accountancy profession.
Employers outside of accountancy firms may not understand the nature and importance of
an accountant’s professional duty.
For example, an accountant may come under pressure from the board of directors to prepare
budgets which are overly optimistic in order to increase the company’s chance of securing a bank
loan.
The advices to accountants in such conflicting situations.
1. Try to resolve the matter internally
2. Obtain advice from the professional bodies
3. Seek legal advice
4. Consider resignation as a last resort.
Chapter 15 Conflicts of interest and the accountant
CHAPTER 16
Confidentiality
Outcome
By the end
• recognise the importance of confidentiality, including compliance with GDPR
• identify the sources and risks of accidental disclosure of information
• identify steps to comply with GDPR and prevent accidental disclosure of information
• state when information may/must be disclosed

• identify conflicts of interest and describe how to respond to them and answer
questions relating to these areas.
Chapter 16 Outcome
Overview
Risks Safeguards Disclosure
Money
Importance
laundering
CONFIDENTIALITY
Conflicts of interest
Chapter 16 Overview
1. Confidentiality
The importance of confidentiality
Confidentiality is a fundamental principle in the IFAC. In addition to this, accountants and auditors
are bound by the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
A key factor in the auditor/client relationship is trust.

If the client does not trust the auditor they may not provide all of the information that the
auditor requires in order to form their opinion on the financial statements.
The auditor has a duty of confidentiality which must not be breached except in certain
circumstances (see below).
Chapter 16 Confidentiality
1. Confidentiality
Data protection
The GDPR is a regulation in EU law on data protection and privacy that aims to give individuals control over
their personal information. The Data Protection Act 2018 extends domestic data protection laws to areas
which are not covered by the GDPR.
Under both the GDPR and the Data Protection Act:

➢ anyone who processes personal information must ensure that it is protected
➢ individuals have the right to access both their personal data and information about how it is being
processed; and
➢ personal data can only be held if there is a specific lawful reason to do so, or if the individual has
explicitly opted-in to allow storage of data.
Auditors need to be aware of their potential obligations in this area in relation to any individual whose data
they hold.
1. Confidentiality
Risks to confidentiality
A professional accountant should be aware of the risks to confidentiality at all times.
Accidental disclosure is a key risk.
It is important to keep client information confidential:
➢ In social environments
➢ Within the firm
➢ After the end of a business relationship
➢ When changing employment or acquiring a new client.
Accountants should also avoid making improper use of client information (e.g. insider dealing).
1. Confidentiality
Safeguards
Physical and electronic security measures should be put in place to avoid disclosure.
Firms should ensure that all who work on their behalf are trained in, and understand:
➢ The importance of confidentiality
➢ The importance of identifying any confidentiality and conflict of interest issues

➢ The procedures in place for identifying confidentiality and conflict of interest
issues.
1. Confidentiality
Disclosure
Disclosure of confidential client information may be permitted, or required, in certain situations.
Right to disclose Duty to disclose

Client permission obtained If ordered to disclose by a court
Where disclosure is in the public interest To
defend the firm in a negligence claim If required by a regulator e.g. Financial Conduct
Authority, Charity Commission
Suspicions of money laundering should be

reported to the National Crime Agency
Suspicions of terrorist activities should be

reported to the police
1. Confidentiality
Money laundering
The Money Laundering Regulations 2007 makes it a criminal offence not to report a suspicion of money
laundering to the appropriate authority.
Reporting money laundering is not seen as a breach of confidence.
The firm must not advise the client they have made the report as this will constitute an offence of tipping off.
Each firm must have a Money Laundering Compliance Principal who will be responsible for making the
disclosure.
Examples of money laundering include:
➢ Keeping customer overpayments
➢ Non-compliance with a regulation to save costs
➢ Criminal offences under the Companies Act e.g. an illegal loan to a director.
2. Conflicts of interest
There is nothing improper in an accountant having two clients whose interests are in
conflict.
Indeed, many accountancy firms use their expertise in a particular industry sector as a
selling point, which increases the chances of them having clients who are in competition
with each other. It is important that the firm can demonstrate that their work on one
client will not adversely affect another client.
Where there is a conflict of interest between their clients, the auditors should:
➢ Notify the relevant clients of the situation
➢ Seek their consent to continue to act for both parties.
Chapter 16 Conflicts of interest

2. Conflicts of interest
If the firm continues to act for two clients whose interests are in conflict then safeguards
should be implemented to preserve confidentiality:
➢ Separate teams
➢ Information barriers
– Ensure no overlap between different teams
– Physical separation of teams
– Procedures for maintaining security of paper and electronic records
➢ Confidentiality agreements signed by employees and partners
➢ Review of the application of safeguards by an independent partner.
If adequate safeguards cannot be implemented, the firm may have to cease to act for one or
both of the clients.
Chapter 16 Conflicts of interest

Assurance 1

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Assurance 1

Uploaded by

Copyright:

Available Formats

Assurance

Chapter 1: Concept of and need for assurance

Chapter 9: Internal audit

Concept of and need for

• explain the concept of assurance

• recognise the elements and subject matter of an assurance engagement

• explain the different levels of assurance

• compare the different responsibilities of the parties involved in an assurance

• identify examples of the 'expectations gap'

and answer questions relating to these areas

Elements of Levels of Types of Benefits &

An assurance engagement is one in which a practitioner expresses a

Chapter 1 Elements of assurance

E.g. financial statements,

E.g. accounting standards

Evidence Sufficient and appropriate

Written Report Conclusion or opinion

Chapter 1 Elements of assurance

Practitioner Intended User Responsible

Chapter 1 Elements of assurance

Chapter 1 Elements of assurance

Limited assurance Reasonable assurance

Moderate/low level of High but not absolute level of

Conclusion expressed Conclusion expressed

E.g. an engagement to review E.g. the audit of financial

‘Based on our review, nothing has come to our

Chapter 1 Elements of assurance

Different types of engagement

o Internal controls assessment

o Business plan/projection reviews

Chapter 1 Types of assurance engagement

In the UK, audits are governed by:

o Companies Act 2006

o International Standards on Auditing (ISAs).

Chapter 1 Types of assurance engagement

In order to comply with these requirements, the auditor must:

Chapter 1 Types of assurance engagement

Professional scepticism is an attitude that includes a questioning

Chapter 1 Types of assurance engagement

Periods beginning on or after 1 January 2016

Chapter 1 Types of assurance engagement

Required to have rules to ensure Companies Act 2006 prohibits a

Chapter 1 Types of assurance engagement

Why is assurance important?

Chapter 1 Benefits and limitations of assurance

Chapter 1 Benefits and limitations of assurance

o The auditor tests 100% of transactions

o The auditor verifies the accuracy of the financial statements

Chapter 1 The Expectations Gap

• explain how assurance firms obtain work

• identify the key issues to be considered before accepting engagements

• describe the contents and purpose of a letter of engagement

and answer questions relating to these areas.

There are two key methods of obtaining an engagement:

Chapter 2 Methods of obtaining an engagement

Chapter 2 Considerations prior to acceptance

Sources of information relating to new clients

Client External Auditor

Chapter 2 Considerations prior to acceptance

Appointment decision chart

Chapter 2 Considerations prior to acceptance

Chapter 2 Considerations prior to acceptance

Chapter 2 Considerations prior to acceptance

Chapter 2 Procedures after accepting the engagement